Omniscia BlazeSwap Audit

BlazeSwapManager Manual Review Findings

BlazeSwapManager Manual Review Findings

CON-01M: Inexistent Validation of Sane State Transition

Description:

Should the allowFAssetPairsWithoutPlugin value be set to false the fAssetRewardPlugin must have been previously defined, however, this is not upheld by the code.

Impact:

Currently, it is possible to mandate the F-Asset plugin without it having been defined leading to an inexecutable scenario.

Example:

contracts/core/BlazeSwapManager.sol
102function setAllowFAssetPairsWithoutPlugin(bool _allowFAssetPairsWithoutPlugin) external onlyConfigSetter {
103 allowFAssetPairsWithoutPlugin = _allowFAssetPairsWithoutPlugin;
104}

Recommendation:

We advise such a validation check to be introduced ensuring that the code transitions to F-Asset pairs smoothly.

Alleviation:

The BlazeSwap team stated that the restriction advised does not need to be imposed. In the current iteration of the codebase, if the allowFAssetPairsWithoutPlugin value has been set to false and the F-Asset plugin has not been properly defined, new pairs will not be bale to be created. The BlazeSwap team has acknowledged this behaviour and we will mark the exhibit as such.