Omniscia BlazeSwap Audit
BlazeSwapFactory Manual Review Findings
BlazeSwapFactory Manual Review Findings
BSF-01M: Inexistent Conformance of Checks-Effects-Interactions Pattern
Type | Severity | Location |
---|---|---|
Logical Fault | BlazeSwapFactory.sol:L51-L53 |
Description:
The updateFAssetPair
function does not conform to the CEI pattern as it adds the fAssetRewardPlugin
to the specified pair
without resetting the isFAssetPairWithoutPlugin
flag.
Example:
contracts/core/BlazeSwapFactory.sol
48function upgradeFAssetPair(address pair) external {49 IBlazeSwapManager m = IBlazeSwapManager(manager);50 address plugin = m.fAssetRewardPlugin();51 require(plugin != address(0) && isFAssetPairWithoutPlugin[pair], 'BlazeSwap: UPGRADE_NOT_NEEDED');52 BlazeSwapPair(payable(pair)).addPlugin(plugin);53 isFAssetPairWithoutPlugin[pair] = false;
Recommendation:
We advise the flag to be properly reset as otherwise the code may become re-entrant and cause duplicate initializations.
Alleviation:
The addPlugin
statement has been properly relocated after the isFAssetPairWithoutPlugin
flag has been set, alleviating this exhibit in full.