Omniscia BlazeSwap Audit
BlazeSwapFactory Manual Review Findings
BlazeSwapFactory Manual Review Findings
BSF-01M: Inexistent Conformance of Checks-Effects-Interactions Pattern
| Type | Severity | Location |
|---|---|---|
| Logical Fault |  | BlazeSwapFactory.sol:L51-L53 |
Description:
The updateFAssetPair function does not conform to the CEI pattern as it adds the fAssetRewardPlugin to the specified pair without resetting the isFAssetPairWithoutPlugin flag.
Example:
contracts/core/BlazeSwapFactory.sol
48function upgradeFAssetPair(address pair) external {49 IBlazeSwapManager m = IBlazeSwapManager(manager);50 address plugin = m.fAssetRewardPlugin();51 require(plugin != address(0) && isFAssetPairWithoutPlugin[pair], 'BlazeSwap: UPGRADE_NOT_NEEDED');52 BlazeSwapPair(payable(pair)).addPlugin(plugin);53 isFAssetPairWithoutPlugin[pair] = false;Recommendation:
We advise the flag to be properly reset as otherwise the code may become re-entrant and cause duplicate initializations.
Alleviation:
The addPlugin statement has been properly relocated after the isFAssetPairWithoutPlugin flag has been set, alleviating this exhibit in full.