Omniscia QuickSwap Audit
TokenSwap Static Analysis Findings
TokenSwap Static Analysis Findings
TSP-01S: Inexistent Sanitization of Input Addresses
| Type | Severity | Location |
|---|---|---|
| Input Sanitization |  | TokenSwap.sol:L53-L66 |
Description:
The constructor of the contract accepts to address-like arguments yet does not sanitize them.
Example:
contracts/TokenSwap.sol
44/**45 * @dev This contract will receive xQUICK tokens, the users will be able to swap their QUICK tokens for xQUICK tokens46 * as long as this contract holds enough amount. The swapped QUICK tokens will be burned(sent to DEAD address).47 * Once the withdrawTimeout is reached, the owner will be able to withdraw the remaining xQUICK tokens.48 * @param _quick QUICK token address49 * @param _quickX xQUICK token address50 * @param duration Time in number of blocks after which the owner will be able to withdraw the xQUICK tokens51 * @param _swapRatio swap ratio for QUICK to xQUICK52 */53constructor (54 IERC20 _quick,55 IERC20 _quickX,56 uint256 duration,57 uint256 _swapRatio58){59 require(_swapRatio == 100 || _swapRatio == 1000, "Invalid swap ratio");60
61 quick = _quick;62 quickX = _quickX;63 withdrawTimeout = block.number + duration;64 swapRatio = _swapRatio * 1000;65
66}Recommendation:
We advise both IERC20 inputs to be properly sanitized as non-zero to avoid misconfiguration of the contract.
Alleviation:
Both input addresses are now properly sanitized against the zero-address.
TSP-02S: Unutilized Contract Variable
| Type | Severity | Location |
|---|---|---|
| Code Style |  | TokenSwap.sol:L12 |
Description:
The linked contract variable remains unutilized in the contract.
Example:
contracts/TokenSwap.sol
12bytes4 constant _PERMIT_SIGNATURE = 0xd505accf;Recommendation:
We advise it to either be utilized or omitted from the codebase.
Alleviation:
The variable was removed from the codebase as advised.