Omniscia Bluejay Finance Audit

Treasury Manual Review Findings

TRE-01M: Inherent Race Condition of Limit Decrease

Type	Severity	Location
Language Specific		Treasury.sol:L76-L87, L98-L109

Description:

The decreaseMintLimit & decreaseWithdrawalLimit functions will fail if the mint limit is reduced by more than the existing mintedAmount / withdrawnAmount. Based on this, a malicious minter / spender can cause all decrease operations to fail by minting / withdrawing a sufficient amount while it is pending.

Example:

packages/contracts/contracts/Treasury.sol

76function decreaseMintLimit(address minter, uint256 amount)
77  public
78  override
79  onlyRole(MANAGER_ROLE)
80{
81  mintLimit[minter] -= amount;
82  require(
83    mintLimit[minter] >= mintedAmount[minter],
84    "Limit lower than minted"
85  );
86  emit MintLimitUpdate(minter, mintLimit[minter]);
87}

Recommendation:

We advise the code to instead evaluate whether the subtraction will cause the require condition to fail and if so, the mintLimit[minter] / withdrawalLimit[asset][spender] to be set to exactly the mintedAmount[minter] / withdrawnAmount[asset][spender].

Alleviation:

Both limit adjustments have been adjusted to gracefully handle "underflows" by assigning the total mintedAmount / withdrawnAmount in case the reduction of the limit falls below each respective value. As a result, we consider this exhibit fully dealt with.

Omniscia Bluejay Finance Audit

Treasury Manual Review Findings

Treasury Manual Review Findings

TRE-01M: Inherent Race Condition of Limit Decrease

Description:

Example:

Recommendation:

Alleviation:

StakedToken.sol (STN-M)

TreasuryBondDepository.sol (TBD-M)

On this page