Omniscia Platypus Finance Audit
Whitelist Manual Review Findings
Whitelist Manual Review Findings
WHI-01M: Inexistent State Continuity
Type | Severity | Location |
---|---|---|
Logical Fault | Minor | Whitelist.sol:L17-L23, L25-L31 |
Description:
The approveWallet
and revokeWallet
functions do not validate the previous state of each wallet's whitelist status.
Example:
contracts/Whitelist.sol
17/// @notice approves wallet18/// @param _wallet the wallet to approve19function approveWallet(address _wallet) external onlyOwner {20 wallets[_wallet] = true;21
22 emit ApproveWallet(_wallet);23}24
25/// @notice revokes wallet26/// @param _wallet the wallet to revoke27function revokeWallet(address _wallet) external onlyOwner {28 wallets[_wallet] = false;29
30 emit RevokeWallet(_wallet);31}
Recommendation:
We advise it to be validated as being the opposite of what it is being set to as otherwise state transitions may occur unexpectedly due to block re-ordering or simply transaction execution order as a transaction's submission does not guarantee timely execution.
Alleviation:
The state of a wallet is now properly altered only when it is not already set to the desired state.