Omniscia Olive Audit

Pool Manual Review Findings

POO-01M: Potentially Improper Balance Relay

Type	Severity	Location
Logical Fault		Pool.sol:L173-L174, L188-L189

Description:

The linked statements relay the balance adjustments independently, emitting misleading events in case of a transfer to self.

Example:

contracts/pools/Pool.sol

162/// @dev Adjust withheldLiquidity and requestedWithdrawal if sender does not have sufficient unlocked balance for the transfer
163function transfer(address recipient, uint256 amount)
164    public
165    override
166    whenNotPaused
167    nonReentrant
168    returns (bool)
169{
170    preTransferAdjustWithheldLiquidity(msg.sender, amount);
171    (bool success) = super.transfer(recipient, amount);
172
173    sendBalanceUpdate(msg.sender, amount, false);
174    sendBalanceUpdate(recipient, amount, true);
175
176    return success;
177}
178
179/// @dev Adjust withheldLiquidity and requestedWithdrawal if sender does not have sufficient unlocked balance for the transfer
180function transferFrom(
181    address sender,
182    address recipient,
183    uint256 amount
184) public override whenNotPaused nonReentrant returns (bool) {
185    preTransferAdjustWithheldLiquidity(sender, amount);
186    (bool success) = super.transferFrom(sender, recipient, amount);
187
188    sendBalanceUpdate(sender, amount, false);
189    sendBalanceUpdate(recipient, amount, true);
190
191    return success;
192}

Recommendation:

We advise transfers where the sender and recipient match to be prohibited via a require check to avoid such misbehaviours.

Alleviation:

Transfers to self are now properly prohibited by a corresponding require check in both functions.

Omniscia Olive Audit

Pool Manual Review Findings

Pool Manual Review Findings

POO-01M: Potentially Improper Balance Relay

Description:

Example:

Recommendation:

Alleviation:

Manager.sol (MAN-M)

RewardsHash.sol (RHH-M)

On this page