Omniscia Platypus Finance Audit

VePtp Code Style Findings

VePtp Code Style Findings

VPP-01C: Duplicate Inheritence

TypeSeverityLocation
Language SpecificInformationalVePtp.sol:L27

Description:

The Initializable contract is inherited twice, once in the VeERC20Upgradeable inheritence path and once in the direct path of VePtp.

Example:

contracts/VePtp.sol
27contract VePtp is Initializable, OwnableUpgradeable, ReentrancyGuardUpgradeable, VeERC20Upgradeable, IERC721Receiver {

Recommendation:

We advise it to be omitted from the VePtp path as it is redundant.

Alleviation:

The Platypus team considered this exhibit but opted not to apply a remediation for it.

VPP-02C: Non-Standard Assertion Pattern

TypeSeverityLocation
Code StyleInformationalVePtp.sol:L172-L177

Description:

The linked code can be optimized in legibility by optimizing its statements.

Example:

contracts/VePtp.sol
167/// @notice asserts addres in param is not a smart contract.
168/// @notice if it is a smart contract, check that it is whitelisted
169/// @param _addr the address to check
170function _assertNotContract(address _addr) private view {
171    if (_addr != tx.origin) {
172        if (address(whitelist) != address(0)) {
173            if (whitelist.check(_addr)) {
174                return;
175            }
176        }
177        revert('Smart contract depositors not allowed');
178    }
179}

Recommendation:

We advise the inner if statements and revert statement to be combined to a single require statement evaluating that address(whitelist) != address(0) && whitelist.check(_addr), the former of which can be omitted as the latter function call will fail if it is false.

Alleviation:

The if-revert pattern was updated to a single require statement as per our recommendation.

VPP-03C: Redundant Evaluation

TypeSeverityLocation
Gas OptimizationInformationalVePtp.sol:L226

Description:

The require check linked is redundant as it is guaranteed by its preceding and subceding checks.

Example:

contracts/VePtp.sol
225require(_amount > 0, 'amount to withdraw cannot be zero');
226require(isUser(msg.sender), 'user has no stake');
227require(users[msg.sender].amount >= _amount, 'not enough balance');

Recommendation:

We advise it to be safely omitted from the codebase.

Alleviation:

The redundant evaluation was safely omitted from the codebase.

VPP-04C: Variable Mutability Specifier

TypeSeverityLocation
Gas OptimizationInformationalVePtp.sol:L95

Description:

The linked variable is only set once during the contract's initialize hook.

Example:

contracts/VePtp.sol
72function initialize(
73    IERC20 _ptp,
74    MasterPlatypus _masterPlatypus,
75    IERC721 _nft
76) public initializer {
77    require(address(_masterPlatypus) != address(0), 'zero address');
78    require(address(_ptp) != address(0), 'zero address');
79

80    // Initialize vePTP
81    __ERC20_init('Platypus Venom', 'vePTP');
82    __Ownable_init();
83    __ReentrancyGuard_init_unchained();
84

85    // set generationRate (vePtp per sec per ptp staked)
86    generationRate = 3888888888888;
87

88    // set maxCap
89    maxCap = 30;
90

91    // set master platypus
92    masterPlatypus = _masterPlatypus;
93

94    // set ptp
95    ptp = _ptp;
96

97    // set nft, can be zero address at first
98    nft = _nft;
99}

Recommendation:

We advise it to be set as immutable and be assigned during the contract's constructor instead. This is compatible with all upgrade-ability patterns as immutable variables are replaced in the bytecode directly.

Alleviation:

The Platypus team considered this exhibit but opted not to apply a remediation for it.

Prev

VeERC20Upgradeable.sol (VER-C)

Next

Whitelist.sol (WHI-C)

On this page