Omniscia KlimaDAO Audit

ExercisepKLIMA Manual Review Findings

EKL-01M: Improper Wallet Deletion Path

Type	Severity	Location
Logical Fault	Minor	ExercisepKLIMA.sol:L678-L682

Description:

The pushWalletChange does not prevent a user from setting themselves as the new wallet, permitting them to erase their terms data entry as the pullWalletChange function first assigns and then deletes the terms entry.

Example:

contracts/pKLIMA/regular/ExercisepKLIMA.sol

678function pushWalletChange( address _newWallet ) external returns ( bool ) {
679    require( terms[ msg.sender ].percent != 0 );
680    walletChange[ msg.sender ] = _newWallet;
681    return true;
682}
683
684// Allows wallet to pull rights from an old address
685function pullWalletChange( address _oldWallet ) external returns ( bool ) {
686    require( walletChange[ _oldWallet ] == msg.sender, "wallet did not push" );
687
688    walletChange[ _oldWallet ] = address(0);
689    terms[ msg.sender ] = terms[ _oldWallet ];
690    delete terms[ _oldWallet ];
691
692    return true;
693}

Recommendation:

We advise a require check to be introduced ensuring that the msg.sender is not equal to the _newWallet.

Alleviation:

A require check was properly introduced preventing assigning self as the wallet change.

Omniscia KlimaDAO Audit

ExercisepKLIMA Manual Review Findings

ExercisepKLIMA Manual Review Findings

EKL-01M: Improper Wallet Deletion Path

Description:

Example:

Recommendation:

Alleviation:

AltExercisepKLIMA.sol (AEK-M)

KlimaBondingCalculator_v2.sol (KBC-M)

On this page