Omniscia Parabola Finance Audit

LPToken Manual Review Findings

LPT-01M: Deviation of Original Codebase

Type	Severity	Location
Logical Fault	Minor	LPToken.sol:L52-L63

Description:

The contract implementation is meant to be a fork of the Saddle Finance LPTokenV1 implementation, however, a deviation exists in the absence of a security check present in Saddle Finance.

Example:

contracts/LPToken.sol

52/**
53 * @dev Overrides ERC20._beforeTokenTransfer() which get called on every transfers including
54 * minting and burning. This ensures that swap.updateUserWithdrawFees are called everytime.
55 */
56function _beforeTokenTransfer(
57    address from,
58    address to,
59    uint256 amount
60) internal override(ERC20) {
61    super._beforeTokenTransfer(from, to, amount);
62    swap.updateUserWithdrawFee(to, amount);
63}

Recommendation:

We advise the transfer-to-contract security check to be re-introduced to the codebase to avoid potential security assumptions from being nullified in ParaSwap's implementation. For more information, consult the relevant code in Saddle Finance.

Alleviation:

The Parabola team opted not to apply a remediation for this finding in the current iteration of the codebase.

Omniscia Parabola Finance Audit

LPToken Manual Review Findings

LPToken Manual Review Findings

LPT-01M: Deviation of Original Codebase

Description:

Example:

Recommendation:

Alleviation:

Dashboard.sol (DAS-M)

MultiStakingRewards.sol (MSR-M)

On this page