Omniscia Rari Capital Audit

CTokenInterfaces Manual Review Findings

CTokenInterfaces Manual Review Findings

CTI-01M: Inexistent Hardcoded Contract Address

Description:

The address of the fuseAdmin contract is hard-coded, however, no contracts or activity was detected across chains.

Example:

contracts/CTokenInterfaces.sol
7contract CTokenAdminStorage {
8    /**
9     * @notice Administrator for Fuse
10     */
11    IFuseFeeDistributor internal constant fuseAdmin = IFuseFeeDistributor(0x2279B7A0a67DB372996a5FaB50D91eAA73d2eBe6);
12
13    /**
14     * @notice Administrator for this contract
15     */
16    address payable public admin;
17
18    /**
19     * @notice Whether or not the Fuse admin has admin rights
20     */
21    bool public fuseAdminHasRights = true;
22
23    /**
24     * @notice Whether or not the admin has admin rights
25     */
26    bool public adminHasRights = true;
27
28    /**
29     * @notice Returns a boolean indicating if the sender has admin rights
30     */
31    function hasAdminRights() internal view returns (bool) {
32        return (msg.sender == admin && adminHasRights) || (msg.sender == address(fuseAdmin) && fuseAdminHasRights);
33    }
34}

Recommendation:

We advise that this is instead set as immutable and passed during construction time as the address is not pre-existing and thus may require a change prior to deployment that may be overlooked.

Alleviation:

The hard-coding of the address is intended by the Rari team and they have stated that it will be updated prior to launch properly.

Prev

CToken.sol (CTN-M)

Next

Comptroller.sol (COM-M)

On this page