Omniscia BlazeSwap Audit

BlazeSwapLibrary Manual Review Findings

BlazeSwapLibrary Manual Review Findings

BSL-01M: Usage of Init Code Hash

Description:

The code should contain a test case that validates the code hash specified for calculating pair addresses is correct as a mis-deployment can cause the library to malfunction.

Impact:

As the init code hash relies on the compilation environment as well, it is possible for the hardcoded value to mis-match the real hash and thus cause the library to ultimately yield incorrect addresses for the pairs.

Example:

contracts/periphery/libraries/BlazeSwapLibrary.sol
29hex'06f4c56bc41fc4a9d3f9775287a399192bd2832a47dff6980fa175148b7992d7' // init code hash

Recommendation:

We advise this trait to be taken into consideration carefully as the init code hash can vary greatly even between compilation environments.

Alleviation:

The BlazeSwap team stated that the hash is validated indirectly as part of the router tests given that they fail to execute properly should the hash change. As a result, we consider this exhibit alleviated.