Omniscia Hot Cross Audit
System Overview
System Overview
The Cross Pool implementation is a standard staking pool implementation and introduces managerial functions that permit the adjustment of the reward rates as well as the overall implementation to be upgraded. In turn, this significantly increases the control the owners of the project have over the funds held by it and thus the operational security of the project should be evaluated to be of a very high standard to ensure that the keys used in the deployment cannot be compromised.
The implementation is meant to be deployed via the proxy pattern, enabling the owner of the proxy to upgrade the underlying logic contract and thus execute arbitrary code on behalf of its address. As an example, a malicious attacker can compromise the key of the deployer's address to replace the implementation and siphon the staking token funds within the contract. As we believe the upgrade-ability portion of the contract to be unnecessary, we strongly recommend the Hot Cross team to remove such functionality and render the contract's code immutable once deployed.