Omniscia Bluejay Finance Audit

BluejayToken Manual Review Findings

BTN-01M: Fluid Token Minting System

Type	Severity	Location
Centralization Concern		BluejayToken.sol:L32-L34

Description:

The BluyjayToken contains an access control system that permits the owner to arbitrarily set minters and mint at will.

Example:

packages/contracts/contracts/BluejayToken.sol

22function initialize() public initializer {
23  __ERC20_init("Bluejay", "BLU");
24  __ERC20Burnable_init();
25  __AccessControl_init();
26  __ERC20Permit_init("Bluejay");
27  __UUPSUpgradeable_init();
28
29  _setupRole(DEFAULT_ADMIN_ROLE, msg.sender);
30}
31
32function mint(address to, uint256 amount) public onlyRole(MINTER_ROLE) {
33  _mint(to, amount);
34}

Recommendation:

Given that the token is meant to be minted by system components, we advise a function to be coded that assigns the corresponding minting and upgrader roles to pre-determinate parties without the ability to arbitrarily set them and thus significantly reducing the centralization of the project.

Alleviation:

The Bluejay Finance team stated that they wish to retain a degree of flexibility with regards to the token's minting capabilities as they may branch out to multi-chain deployments in the future. As a result, we consider this exhibit sufficiently addressed based on the principle that the Bluejay Finance team will act responsibly with the contract's role management system.

Omniscia Bluejay Finance Audit

BluejayToken Manual Review Findings

BluejayToken Manual Review Findings

BTN-01M: Fluid Token Minting System

Description:

Example:

Recommendation:

Alleviation:

BaseBondDepository.sol (BBD-M)

BondGovernor.sol (BGR-M)

On this page