Omniscia BlazeSwap Audit
BlazeSwapLibrary Manual Review Findings
BlazeSwapLibrary Manual Review Findings
BSL-01M: Usage of Init Code Hash
Type | Severity | Location |
---|---|---|
Language Specific | BlazeSwapLibrary.sol:L29 |
Description:
The code should contain a test case that validates the code hash specified for calculating pair addresses is correct as a mis-deployment can cause the library to malfunction.
Impact:
As the init code hash relies on the compilation environment as well, it is possible for the hardcoded value to mis-match the real hash and thus cause the library to ultimately yield incorrect addresses for the pairs.
Example:
contracts/periphery/libraries/BlazeSwapLibrary.sol
29hex'06f4c56bc41fc4a9d3f9775287a399192bd2832a47dff6980fa175148b7992d7' // init code hash
Recommendation:
We advise this trait to be taken into consideration carefully as the init code hash can vary greatly even between compilation environments.
Alleviation:
The BlazeSwap team stated that the hash is validated indirectly as part of the router tests given that they fail to execute properly should the hash change. As a result, we consider this exhibit alleviated.