Omniscia Platypus Finance Audit
Asset Manual Review Findings
Asset Manual Review Findings
ASS-01M: Inexistent Sanitization of Maximum Supply
Type | Severity | Location |
---|---|---|
Input Sanitization | Minor | Asset.sol:L102 |
Description:
The setMaxSupply
function performs no sanitization on the input maxSupply_
argument.
Example:
contracts/asset/Asset.sol
98/**99 * @notice Changes asset max supply. Can only be set by the contract owner.100 * @param maxSupply_ the new asset's max supply101 */102function setMaxSupply(uint256 maxSupply_) external onlyOwner {103 uint256 oldMaxSupply = _maxSupply;104 _maxSupply = maxSupply_;105 emit MaxSupplyUpdated(oldMaxSupply, maxSupply_);106}
Recommendation:
We advise it to be ensured to be greater-than-or-equal-to (>=
) the current total supply to ensure state transitions are executed as expected.
Alleviation:
After discussion with the Platypus team, we concluded that the maximum supply should be arbitrarily settable as it is an intended design feature. As such, we consider this exhibit null.