Omniscia Platypus Finance Audit

Whitelist Manual Review Findings

Whitelist Manual Review Findings

WHI-01M: Inexistent State Continuity

Description:

The approveWallet and revokeWallet functions do not validate the previous state of each wallet's whitelist status.

Example:

contracts/Whitelist.sol
17/// @notice approves wallet
18/// @param _wallet the wallet to approve
19function approveWallet(address _wallet) external onlyOwner {
20 wallets[_wallet] = true;
21
22 emit ApproveWallet(_wallet);
23}
24
25/// @notice revokes wallet
26/// @param _wallet the wallet to revoke
27function revokeWallet(address _wallet) external onlyOwner {
28 wallets[_wallet] = false;
29
30 emit RevokeWallet(_wallet);
31}

Recommendation:

We advise it to be validated as being the opposite of what it is being set to as otherwise state transitions may occur unexpectedly due to block re-ordering or simply transaction execution order as a transaction's submission does not guarantee timely execution.

Alleviation:

The state of a wallet is now properly altered only when it is not already set to the desired state.