Omniscia Hot Cross Audit
CrossVesting Manual Review Findings
CrossVesting Manual Review Findings
CVG-01M: Potentially Misbehaving Transfer
| Type | Severity | Location |
|---|---|---|
| Logical Fault | Minor | CrossVesting.sol:L116-L117 |
Description:
The safeTransfer invocations of the revoke function can misbehave.
Example:
contracts/vesting/CrossVesting.sol
116token.safeTransfer(owner(), amountNotVested);117token.safeTransfer(beneficiary, amountToVest);Recommendation:
Some tokens throw on zero transfers and as such, the revoke function may not execute if invoked when amountToVest is still 0 i.e. during the cliff period. We advise an if conditional to surround the statement to ensure a non-zero value transfer is performed.
Alleviation:
An if conditional was properly introduced in the safeTransfer towards the beneficiary thereby alleviating this exhibit.