Omniscia DAFI Protocol Audit

DAFITokenBSC Manual Review Findings

DAFITokenBSC Manual Review Findings

DAI-01M: Inexistent Adjustment of Allowance

TypeSeverityLocation
Logical FaultMajorDAFITokenBSC.sol:L30

Description:

The burnFrom operation does not properly reduce the allowance that the _beneficiary has approved to the bridge, causing it to misbehave.

Example:

contracts/DAFITokenBSC.sol
27function burnFrom(uint256 _value, address _beneficiary) external onlyBridge {
28 require(_beneficiary != address(0),"Beneficiary cannot be ZERO ADDRESS");
29 require(balanceOf(_beneficiary) >= _value, "User does not have sufficient tokens to burn");
30 require(_value <= allowed[_beneficiary][msg.sender], "user did not approve the bridge to burn the said amount.");
31
32 _totalSupply = _totalSupply - _value;
33 balances[_beneficiary] = balances[_beneficiary] - _value;
34
35 emit Transfer(_beneficiary, address(0), _value);
36}

Recommendation:

We advise the allowed data entry to be updated accordingly as otherwise smart contracts interacting with the bridge can misbehave greatly.

Alleviation:

The allowance is now properly updated by subtracting the _value utilized from the allowed entry.