Omniscia BlazeSwap Audit
BlazeSwapManager Manual Review Findings
BlazeSwapManager Manual Review Findings
CON-01M: Inexistent Validation of Sane State Transition
| Type | Severity | Location |
|---|---|---|
| Input Sanitization |  | BlazeSwapManager.sol:L102-L104 |
Description:
Should the allowFAssetPairsWithoutPlugin value be set to false the fAssetRewardPlugin must have been previously defined, however, this is not upheld by the code.
Impact:
Currently, it is possible to mandate the F-Asset plugin without it having been defined leading to an inexecutable scenario.
Example:
102function setAllowFAssetPairsWithoutPlugin(bool _allowFAssetPairsWithoutPlugin) external onlyConfigSetter {103 allowFAssetPairsWithoutPlugin = _allowFAssetPairsWithoutPlugin;104}Recommendation:
We advise such a validation check to be introduced ensuring that the code transitions to F-Asset pairs smoothly.
Alleviation:
The BlazeSwap team stated that the restriction advised does not need to be imposed. In the current iteration of the codebase, if the allowFAssetPairsWithoutPlugin value has been set to false and the F-Asset plugin has not been properly defined, new pairs will not be bale to be created. The BlazeSwap team has acknowledged this behaviour and we will mark the exhibit as such.