Omniscia AmpleSense Audit
EEFIToken Manual Review Findings
EEFIToken Manual Review Findings
EEF-01M: Improper Burn Implementation
| Type | Severity | Location |
|---|---|---|
| Logical Fault | Minor | EEFIToken.sol:L19-L21 |
Description:
The burn function implemented by the EEFIToken allows the owner to burn tokens from an arbitrary account without any prior consent.
Example:
contracts/EEFIToken.sol
19function burn(address account, uint256 amount) public onlyOwner {20 _burn(account, amount);21}Recommendation:
We strongly recommend the burn implementation to be dropped entirely as it is solely utilized in a single spot within the AmplesenseVault contract which could instead utilize the burn function directly given the first argument is always address(this).
Alleviation:
The non-standard burn function has been properly omitted from the codebase.