Omniscia AllianceBlock Audit

MerkleDistributorWithDeadline Manual Review Findings

MDW-01M: Ambiguous Contract State

Type	Severity	Location
Logical Fault		MerkleDistributorWithDeadline.sol:L23, L28

Description:

The endTime variable of the MerkleDistributorWithDeadline contract is ambiguously utilized in the claim and withdraw functions as a state of block.timestamp == endTime disallows both operations from being executed.

Impact:

While of no security concern to the codebase, an indeterminate state can cause ambiguities in the code's behaviour that may be unexpected by its callers.

Example:

contracts/MerkleDistributorWithDeadline.sol

22function claim(uint256 index, address account, uint256 amount, bytes32[] calldata merkleProof) public override {
23    if (block.timestamp > endTime) revert ClaimWindowFinished();
24    super.claim(index, account, amount, merkleProof);
25}
26
27function withdraw() external onlyOwner {
28    if (block.timestamp < endTime) revert NoWithdrawDuringClaim();
29    IERC20(token).safeTransfer(msg.sender, IERC20(token).balanceOf(address(this)));
30}

Recommendation:

We advise either of the two functions to perform the block.timestamp comparison inclusively, ensuring that the contract has no indeterminate states.

Alleviation:

The ambiguous contract state was alleviated by rendering the claim function's endTime conditional inclusive, signalling that claims are possible up-to but not at the value of endTime.

Omniscia AllianceBlock Audit

MerkleDistributorWithDeadline Manual Review Findings

MerkleDistributorWithDeadline Manual Review Findings

MDW-01M: Ambiguous Contract State

Description:

Impact:

Example:

Recommendation:

Alleviation:

MerkleDistributor.sol (MDR-S)

MerkleDistributor.sol (MDR-C)

On this page