Omniscia Platypus Finance Audit

Timelock Manual Review Findings

Timelock Manual Review Findings

TIM-01M: Potentially Unsafe Import File

TypeSeverityLocation
Language SpecificMinorTimelock.sol:L4

Description:

The TimelockController contract had a recent security advisory released at version 4.3.1 whereas the package.json file of the project specifies an open-ended ^4.2.0 version specifier.

Example:

contracts/governance/Timelock.sol
4import '@openzeppelin/contracts/governance/TimelockController.sol';
5
6contract Timelock is TimelockController {

Recommendation:

We advise the package.json version to be locked to the security patches' and above to ensure that the code retains the security principles it is meant to maintain based on the OpenZeppelin implementation. For more details, please consult the relevant security advisory.

Alleviation:

The package.json dependencies of the project were upgraded to no longer be susceptible to the security vulnerability identified in the report.