Omniscia BlazeSwap Audit
BlazeSwapManager Manual Review Findings
BlazeSwapManager Manual Review Findings
CON-01M: Inexistent Validation of Sane State Transition
Type | Severity | Location |
---|---|---|
Input Sanitization | BlazeSwapManager.sol:L102-L104 |
Description:
Should the allowFAssetPairsWithoutPlugin
value be set to false
the fAssetRewardPlugin
must have been previously defined, however, this is not upheld by the code.
Impact:
Currently, it is possible to mandate the F-Asset plugin without it having been defined leading to an inexecutable scenario.
Example:
102function setAllowFAssetPairsWithoutPlugin(bool _allowFAssetPairsWithoutPlugin) external onlyConfigSetter {103 allowFAssetPairsWithoutPlugin = _allowFAssetPairsWithoutPlugin;104}
Recommendation:
We advise such a validation check to be introduced ensuring that the code transitions to F-Asset pairs smoothly.
Alleviation:
The BlazeSwap team stated that the restriction advised does not need to be imposed. In the current iteration of the codebase, if the allowFAssetPairsWithoutPlugin
value has been set to false
and the F-Asset plugin has not been properly defined, new pairs will not be bale to be created. The BlazeSwap team has acknowledged this behaviour and we will mark the exhibit as such.