Omniscia BlazeSwap Audit
BlazeSwapERC20Snapshot Manual Review Findings
BlazeSwapERC20Snapshot Manual Review Findings
BSC-01M: Improper Snapshot ID Validation
| Type | Severity | Location |
|---|---|---|
| Logical Fault |  | BlazeSwapERC20Snapshot.sol:L60 |
Description:
The snapshotId validation check performed at _valueAt allows the snapshotId to contain a value of block.number thus permitting flash-loans and similar attack vectors to yield an inflated value at the current block.
Impact:
It currently is possible to achieve inflated _valueAt evaluations that can compromise all systems using the snapshotted value such as governance modules.
Example:
59function _valueAt(uint256 snapshotId, Snapshot[] storage snapshots) private view returns (bool, uint256) {60 require(snapshotId > 0 && snapshotId <= block.number, 'BlazeSwap: INVALID_SNAPSHOT_ID');Recommendation:
We advise the current block.number to be prohibited from querying similarly to the Compound and OpenZeppelin Comp-like token implementations.
Alleviation:
The BlazeSwap team stated that the token should mimic the functionality of Flare Network's WNAT token and that it is up to integrators to properly validate that the block.number represents a number that is before the latest block. As a result, we consider this exhibit nullified given that the current implementation represents intended behaviour.