Omniscia Platypus Finance Audit

Asset Manual Review Findings

Asset Manual Review Findings

ASS-01M: Inexistent Sanitization of Maximum Supply

TypeSeverityLocation
Input SanitizationMinorAsset.sol:L102

Description:

The setMaxSupply function performs no sanitization on the input maxSupply_ argument.

Example:

contracts/asset/Asset.sol
98/**
99 * @notice Changes asset max supply. Can only be set by the contract owner.
100 * @param maxSupply_ the new asset's max supply
101 */
102function setMaxSupply(uint256 maxSupply_) external onlyOwner {
103 uint256 oldMaxSupply = _maxSupply;
104 _maxSupply = maxSupply_;
105 emit MaxSupplyUpdated(oldMaxSupply, maxSupply_);
106}

Recommendation:

We advise it to be ensured to be greater-than-or-equal-to (>=) the current total supply to ensure state transitions are executed as expected.

Alleviation:

After discussion with the Platypus team, we concluded that the maximum supply should be arbitrarily settable as it is an intended design feature. As such, we consider this exhibit null.