Omniscia Olympus DAO Audit
Treasury Static Analysis Findings
Treasury Static Analysis Findings
TRE-01S: Improper Usage of EIP-20 Transfer
| Type | Severity | Location |
|---|---|---|
| Standard Conformity | Minor | Treasury.sol:L160 |
Description:
The EIP-20 standard denotes that callers MUST NOT assume that false is never returned in transfer invocations and should be able to gracefully handle the returned bool of the function invocation.
Example:
160IERC20(_token).transfer(msg.sender, _amount);Recommendation:
As certain tokens are not compliant with the standard, we advise the usage of a wrapper library such as SafeERC20 of OpenZeppelin that opportunistically evaluates the yielded bool if it exists.
Alleviation:
The linked EIP-20 transfer call is now properly wrapped in its safe-prefixed equivalent by OpenZeppelin's SafeERC20 library.
TRE-02S: Literal Equality of bool Variables
| Type | Severity | Location |
|---|---|---|
| Code Style | Informational | Treasury.sol:L128 |
Description:
The linked statement performs a direct comparison between a bool variable and a bool literal.
Example:
128require(permissions[STATUS.RESERVESPENDER][msg.sender] == true, "Not approved");Recommendation:
We advise the bool variable to be utilized directly either in its normal or negated (!) form, depending on the bool literal it was being compared to.
Alleviation:
The bool variable is now utilized directly in the require check.