Omniscia QuickSwap Audit

TokenSwap Code Style Findings

TokenSwap Code Style Findings

TSP-01C: Deprecated Function Signature Representation

TypeSeverityLocation
Code StyleTokenSwap.sol:L12

Description:

The linked representation of the permit function signature is using a bytes4 literal that has been deprecated.

Example:

contracts/TokenSwap.sol
11// bytes4(keccak256(bytes("permit(address,address,uint256,uint256,uint8,bytes32,bytes32)")));
12bytes4 constant _PERMIT_SIGNATURE = 0xd505accf;

Recommendation:

We advise the selector member of the permit function to be utilized instead by importing the draft-IERC20Permit dependency from OpenZeppelin and referencing the selector as IERC20Permit.permit.selector to the assignment.

Alleviation:

The variable is no longer part of the codebase rendering this exhibit nullified.

TSP-02C: Inexistent Visibility Specifier

TypeSeverityLocation
Code StyleTokenSwap.sol:L12

Description:

The linked variable has no visibility specifier explicitly set.

Example:

contracts/TokenSwap.sol
12bytes4 constant _PERMIT_SIGNATURE = 0xd505accf;

Recommendation:

We advise one to be set so to avoid potential compilation discrepancies in the future as the current behaviour is for the compiler to assign one automatically which may deviate between pragma versions.

Alleviation:

The variable is no longer part of the codebase rendering this exhibit nullified.

TSP-03C: Inexplicable Multiplication & Division of Conversion

Description:

The conversion mechanism within the TokenSwap contract offsets the input _swapRatio by 1000 and then removes the offset in a division performed within the quickToQuickX redundantly.

Example:

contracts/TokenSwap.sol
44/**
45 * @dev This contract will receive xQUICK tokens, the users will be able to swap their QUICK tokens for xQUICK tokens
46 * as long as this contract holds enough amount. The swapped QUICK tokens will be burned(sent to DEAD address).
47 * Once the withdrawTimeout is reached, the owner will be able to withdraw the remaining xQUICK tokens.
48 * @param _quick QUICK token address
49 * @param _quickX xQUICK token address
50 * @param duration Time in number of blocks after which the owner will be able to withdraw the xQUICK tokens
51 * @param _swapRatio swap ratio for QUICK to xQUICK
52 */
53constructor (
54 IERC20 _quick,
55 IERC20 _quickX,
56 uint256 duration,
57 uint256 _swapRatio
58){
59 require(_swapRatio == 100 || _swapRatio == 1000, "Invalid swap ratio");
60
61 quick = _quick;
62 quickX = _quickX;
63 withdrawTimeout = block.number + duration;
64 swapRatio = _swapRatio * 1000;
65
66}
67
68/**
69 * @notice Method that allows swap QUICK for xQUICK tokens at the ratio of 1 QUICK --> 1000 xQUICK
70 * Users can either use the permit functionality, or approve previously the tokens and send an empty _permitData
71 * @param quickAmount Amount of QUICK to swap
72 */
73function quickToQuickX(uint256 quickAmount) public {
74 // receive and burn QUICK tokens
75 quick.safeTransferFrom(msg.sender, DEAD, quickAmount);
76
77 // transfer xQUICK tokens
78 uint256 quickXAmount = (quickAmount * swapRatio) / 1000;
79 quickX.safeTransfer(msg.sender, quickXAmount);
80
81 emit QuickToQuickX(quickAmount, quickXAmount, msg.sender);
82}

Recommendation:

Given that no accuracy benefit is acquired from the order of operations, we advise both instances of the 1000 offset to be normalized.

Alleviation:

The code was adjusted to refactor the swapRatio value to a SWAP_RATIO constant that is consequently assigned to the value literal 1000 thereby alleviating this exhibit in full.

TSP-04C: Misleading Documentation

TypeSeverityLocation
Code StyleTokenSwap.sol:L70

Description:

The linked documentation of the function is invalid.

Example:

contracts/TokenSwap.sol
68/**
69 * @notice Method that allows swap QUICK for xQUICK tokens at the ratio of 1 QUICK --> 1000 xQUICK
70 * Users can either use the permit functionality, or approve previously the tokens and send an empty _permitData
71 * @param quickAmount Amount of QUICK to swap
72 */
73function quickToQuickX(uint256 quickAmount) public {
74 // receive and burn QUICK tokens
75 quick.safeTransferFrom(msg.sender, DEAD, quickAmount);
76
77 // transfer xQUICK tokens
78 uint256 quickXAmount = (quickAmount * swapRatio) / 1000;
79 quickX.safeTransfer(msg.sender, quickXAmount);
80
81 emit QuickToQuickX(quickAmount, quickXAmount, msg.sender);
82}

Recommendation:

We advise it to be corrected.

Alleviation:

The misleading documentation was removed from the codebase.