Omniscia KlimaDAO Audit
KlimaTreasury Static Analysis Findings
KlimaTreasury Static Analysis Findings
KTY-01S: Improper Usage of EIP-20 Transfer
| Type | Severity | Location |
|---|---|---|
| Standard Conformity | Minor | KlimaTreasury.sol:L558 |
Description:
The EIP-20 standard denotes that callers MUST NOT assume that false is never returned in transfer invocations and should be able to gracefully handle the returned bool of the function invocation.
Example:
558IERC20( _token ).transfer( msg.sender, _amount );Recommendation:
As certain tokens are not compliant with the standard, we advise the usage of a wrapper library such as SafeERC20 of OpenZeppelin that opportunistically evaluates the yielded bool if it exists.
Alleviation:
The KlimaDAO team considered this exhibit but opted to retain the codebase in its current state.
KTY-02S: Redundant bool Variable Comparison
| Type | Severity | Location |
|---|---|---|
| Gas Optimization | Informational | KlimaTreasury.sol:L524 |
Description:
The linked statements perform a direct comparison between a bool variable and a bool literal.
Example:
524require( isReserveSpender[ msg.sender ] == true, "Not approved as a Reserve Spender" );Recommendation:
We advise the bool variable to be utilized directly instead either in its normal or negated (!) form.
Alleviation:
The KlimaDAO team considered this exhibit but opted to retain the codebase in its current state.