Omniscia Olive Audit
Pool Manual Review Findings
Pool Manual Review Findings
POO-01M: Potentially Improper Balance Relay
Type | Severity | Location |
---|---|---|
Logical Fault | Pool.sol:L173-L174, L188-L189 |
Description:
The linked statements relay the balance adjustments independently, emitting misleading events in case of a transfer to self.
Example:
contracts/pools/Pool.sol
162/// @dev Adjust withheldLiquidity and requestedWithdrawal if sender does not have sufficient unlocked balance for the transfer163function transfer(address recipient, uint256 amount)164 public165 override166 whenNotPaused167 nonReentrant168 returns (bool)169{170 preTransferAdjustWithheldLiquidity(msg.sender, amount);171 (bool success) = super.transfer(recipient, amount);172
173 sendBalanceUpdate(msg.sender, amount, false);174 sendBalanceUpdate(recipient, amount, true);175
176 return success;177}178
179/// @dev Adjust withheldLiquidity and requestedWithdrawal if sender does not have sufficient unlocked balance for the transfer180function transferFrom(181 address sender,182 address recipient,183 uint256 amount184) public override whenNotPaused nonReentrant returns (bool) {185 preTransferAdjustWithheldLiquidity(sender, amount);186 (bool success) = super.transferFrom(sender, recipient, amount);187
188 sendBalanceUpdate(sender, amount, false);189 sendBalanceUpdate(recipient, amount, true);190
191 return success;192}
Recommendation:
We advise transfers where the sender and recipient match to be prohibited via a require
check to avoid such misbehaviours.
Alleviation:
Transfers to self are now properly prohibited by a corresponding require
check in both functions.