Omniscia Altura Trade Audit
NavVault Manual Review Findings
NavVault Manual Review Findings
NVT-01M: Inexistent Protection of Token Rescue
| Type | Severity | Location |
|---|---|---|
| Logical Fault |  | NavVault.sol:L624-L628 |
Description:
The NavVault::rescueToken function can bypass all restrictions in relation to the accruedExitFeesAssets even if the contract is not in a paused state.
Impact:
The current token rescue mechanism lacks any safeguards and can be invoked at will by the DEFAULT_ADMIN_ROLE.
Example:
contracts/NavVault.sol
624function rescueToken(address token, address to, uint256 amount) external onlyRole(DEFAULT_ADMIN_ROLE) nonReentrant {625 if (token == address(asset())) revert();626 if (to == address(0)) revert BadAddress();627 IERC20(token).safeTransfer(to, amount);628}Recommendation:
We advise the function to be protected by the Pausable::whenPaused modifier to ensure that it can only be invoked in a paused state.
Alternatively, we advise a time-delay to be imposed on token rescues that permits users to adequately react in case an incorrect rescue is imminent.
Alleviation:
The Altura Trade team evaluated this exhibit but opted to acknowledge it in the current iteration of the codebase.