Omniscia BlazeSwap Audit

BlazeSwapFactory Manual Review Findings

BlazeSwapFactory Manual Review Findings

BSF-01M: Inexistent Conformance of Checks-Effects-Interactions Pattern

Description:

The updateFAssetPair function does not conform to the CEI pattern as it adds the fAssetRewardPlugin to the specified pair without resetting the isFAssetPairWithoutPlugin flag.

Example:

contracts/core/BlazeSwapFactory.sol
48function upgradeFAssetPair(address pair) external {
49 IBlazeSwapManager m = IBlazeSwapManager(manager);
50 address plugin = m.fAssetRewardPlugin();
51 require(plugin != address(0) && isFAssetPairWithoutPlugin[pair], 'BlazeSwap: UPGRADE_NOT_NEEDED');
52 BlazeSwapPair(payable(pair)).addPlugin(plugin);
53 isFAssetPairWithoutPlugin[pair] = false;

Recommendation:

We advise the flag to be properly reset as otherwise the code may become re-entrant and cause duplicate initializations.

Alleviation:

The addPlugin statement has been properly relocated after the isFAssetPairWithoutPlugin flag has been set, alleviating this exhibit in full.