Omniscia Hot Cross Audit

RewardVault Static Analysis Findings

RVT-01S: Unchecked Return Variables

Type	Severity	Location
Standard Conformity	Minor	RewardVault.sol:L37

Description:

The linked ERC-20 transfer invocation does not conform to the specification which states that callers of these functions should not assume that they revert on failure.

Example:

contracts/RewardVault.sol

28function safeRewardTransfer(
29  address to,
30  uint256 amount
31) public onlyOwner {
32  uint256 rewardTokenBalance = rewardToken.balanceOf(address(this));
33  uint256 transferableAmount = amount > rewardTokenBalance 
34    ? rewardTokenBalance 
35    : amount;
36
37  rewardToken.transfer(to, transferableAmount);
38}

Recommendation:

We advise a wrapper implementation of ERC-20 to be utilized, such as SafeERC20 by OpenZeppelin, to safely invoke the method via the safeTransfer function.

Alleviation:

The SafeERC20 wrapper from Open Zeppelin was properly imported and utilized in the relevant code segments alleviating this exhibit.

Omniscia Hot Cross Audit

RewardVault Static Analysis Findings

RewardVault Static Analysis Findings

RVT-01S: Unchecked Return Variables

Description:

Example:

Recommendation:

Alleviation:

CrossPool.sol (CPL-S)

CrossPool.sol (CPL-M)

On this page