Omniscia QuickSwap Audit

TokenSwap Manual Review Findings

TSP-01M: Inexistent Sanitization of Minimum Duration

Type	Severity	Location
Input Sanitization		TokenSwap.sol:L56

Description:

The withdrawTimeout value is calculated as the current block.timestamp offset by the input duration, however, its value remains unsanitized.

Example:

contracts/TokenSwap.sol

44/**
45 * @dev This contract will receive xQUICK tokens, the users will be able to swap their QUICK tokens for xQUICK tokens
46 *      as long as this contract holds enough amount. The swapped QUICK tokens will be burned(sent to DEAD address).
47 *      Once the withdrawTimeout is reached, the owner will be able to withdraw the remaining xQUICK tokens.
48 * @param _quick QUICK token address
49 * @param _quickX xQUICK token address
50 * @param duration Time in number of blocks after which the owner will be able to withdraw the xQUICK tokens
51 * @param _swapRatio swap ratio for QUICK to xQUICK
52 */
53constructor (
54    IERC20 _quick,
55    IERC20 _quickX,
56    uint256 duration,
57    uint256 _swapRatio
58){
59    require(_swapRatio == 100 || _swapRatio == 1000, "Invalid swap ratio");
60
61    quick = _quick;
62    quickX = _quickX;
63    withdrawTimeout = block.number + duration;
64    swapRatio = _swapRatio * 1000;
65
66}

Recommendation:

We advise some form of sanitization to be imposed by ensuring a minimum duration value.

Alleviation:

The QuickSwap team considered this exhibit but opted not to apply a remediation for it in the current iteration of the codebase.

Omniscia QuickSwap Audit

TokenSwap Manual Review Findings

TokenSwap Manual Review Findings

TSP-01M: Inexistent Sanitization of Minimum Duration

Description:

Example:

Recommendation:

Alleviation:

TokenSwap.sol (TSP-S)

TokenSwap.sol (TSP-C)

On this page