BlazeSwapPair Manual Review Findings

BSP-01M: Improper Plugin Layout Assumption

Type	Severity	Location
Logical Fault		BlazeSwapPair.sol:L112, L115

Description:

The _beforeTokenTransfer hook assumes that the first plugin ever defined will be the BlazeSwapDelegation plugin, however, this may not be the case.

Impact:

An improper plugin layout can cause all token transfers to be inoperable.

Example:

Copy
103function _beforeTokenTransfer(
104    address from,
105    address to,
106    uint256 amount
107) internal override(BlazeSwapERC20, BlazeSwapERC20Snapshot) {
108    super._beforeTokenTransfer(from, to, amount);
109    // move votes
110    BlazeSwapPairStorage.Layout storage l = BlazeSwapPairStorage.layout();
111    if (l.pluginImpls.length > 0) {
112        address plugin = l.pluginImpls[0];
113        DelegateCallHelper.delegateAndCheckResult(
114            plugin,
115            abi.encodeWithSelector(IIBlazeSwapDelegation.transferDelegatorVotes.selector, from, to, amount)
116        );
117    }
118}

Recommendation:

We advise the system to instead use the pluginSelector mapping to acquire the plugin address to query as the msg.sig commonly used for the fallback function in this case would be IIBlazeSwapDelegation.transferDelegatorVotes.selector.

Alleviation:

The BlazeSwap team evaluated this exhibit and stated that the layout is in fact enforced by the initializePair function present in a separate contract. While the layout may still not be proper if the contract is utilized in a different context, we consider this exhibit as addressed given that it currently fits the purposes of the BlazeSwap system.