Omniscia Altura Audit

ALTU Manual Review Findings

ALT-01M: Inexistent Validation of Message Sender

Type	Severity	Location
Logical Fault		ALTU.sol:L64

Description:

The ALTU::_update function will evaluate whether a token transfer is allowed by checking the token's time-based lock condition and whether the from and to addresses are part of an allowlist without considering the msg.sender.

Impact:

The allowlist capability can be accessed by any user that has been authorized by an allowlisted from address; a trait we consider incorrect.

Example:

contracts/ALTU.sol

64if (locked && !isAllowlisted[from] && !isAllowlisted[to]) {

Recommendation:

We advise the msg.sender to be incorporated into the allowlist by ensuring that the msg.sender and the from address (if it is different from the msg.sender) are both part of the allowlist.

Omniscia Altura Audit

ALTU Manual Review Findings

ALTU Manual Review Findings

ALT-01M: Inexistent Validation of Message Sender

Description:

Impact:

Example:

Recommendation:

ALTUVesting.sol (ALU-S)

ALTU.sol (ALT-C)

On this page