Omniscia Platypus Finance Audit
Timelock Manual Review Findings
Timelock Manual Review Findings
TIM-01M: Potentially Unsafe Import File
Type | Severity | Location |
---|---|---|
Language Specific | Minor | Timelock.sol:L4 |
Description:
The TimelockController
contract had a recent security advisory released at version 4.3.1
whereas the package.json
file of the project specifies an open-ended ^4.2.0
version specifier.
Example:
contracts/governance/Timelock.sol
4import '@openzeppelin/contracts/governance/TimelockController.sol';5
6contract Timelock is TimelockController {
Recommendation:
We advise the package.json
version to be locked to the security patches' and above to ensure that the code retains the security principles it is meant to maintain based on the OpenZeppelin implementation. For more details, please consult the relevant security advisory.
Alleviation:
The package.json
dependencies of the project were upgraded to no longer be susceptible to the security vulnerability identified in the report.