Omniscia Bluejay Finance Audit

WhitelistSalePublic Manual Review Findings

WSP-01M: Inexistent Price Validation of Purchases

Type	Severity	Location
Logical Fault		WhitelistSalePublic.sol:L63, L97

Description:

The purchase function does not perform a validation of the total tokens bought and instead utilizes the price variable directly which can change at any moment.

Example:

packages/contracts/contracts/periphery/WhitelistSalePublic.sol

61function purchase(uint256 amount, address recipient) public override {
62  require(!paused, "Purchase paused");
63  uint256 tokensBought = (amount * WAD) / price;
64  require(quota[msg.sender] >= tokensBought, "Insufficient quota");
65
66  quota[msg.sender] -= tokensBought;
67  totalPurchased += tokensBought;
68  require(totalPurchased <= maxPurchasable, "Max purchasable reached");
69
70  reserve.safeTransferFrom(msg.sender, address(treasury), amount);
71  treasury.mint(recipient, tokensBought);
72
73  emit Purchase(msg.sender, recipient, amount, tokensBought);
74}

Recommendation:

We advise the price to either only be change-able when the contract is paused or an additional argument to be introduced to the purchase call that mandates a minimum amount of tokens bought.

Alleviation:

The setPrice function is now only invoke-able when the contract is paused thereby alleviating this exhibit.

Omniscia Bluejay Finance Audit

WhitelistSalePublic Manual Review Findings

WhitelistSalePublic Manual Review Findings

WSP-01M: Inexistent Price Validation of Purchases

Description:

Example:

Recommendation:

Alleviation:

WhitelistSalePrivate.sol (PAC-M)

BaseBondDepository.sol (BBD-C)

On this page