Omniscia Gravita Protocol Audit
DefaultPool Code Style Findings
DefaultPool Code Style Findings
DPL-01C: Inefficient Renunciation of Ownership
| Type | Severity | Location |
|---|---|---|
| Gas Optimization |  | DefaultPool.sol:L48 |
Description:
The DefaultPool::setAddresses function will invoke the OwnableUpgradeable::renounceOwnership function which in turn will apply the onlyOwner modifier redundantly.
Example:
36function setAddresses(address _vesselManagerAddress, address _activePoolAddress)37 external38 initializer39{40 require(!isInitialized, "Already initialized");41 isInitialized = true;42
43 __Ownable_init();44
45 vesselManagerAddress = _vesselManagerAddress;46 activePoolAddress = _activePoolAddress;47
48 renounceOwnership();49}Recommendation:
We advise the OwnableUpgradeable::_transferOwnership function to be utilized directly, transferring ownership to the zero address.
Alleviation:
Ownership of the contract is no longer renounced in the latest iteration of the codebase rendering this exhibit inapplicable.
DPL-02C: Inefficient mapping Lookups
| Type | Severity | Location |
|---|---|---|
| Gas Optimization | | DefaultPool.sol:L73, L79, L88, L89, L97, L98 |
Description:
The linked statements perform key-based lookup operations on mapping declarations from storage multiple times for the same key redundantly.
Example:
73assetsBalances[_asset] = assetsBalances[_asset].sub(_amount);74
75 IERC20Upgradeable(_asset).safeTransfer(activePool, safetyTransferAmount);76 IDeposit(activePool).receivedERC20(_asset, _amount);77
78
79emit DefaultPoolAssetBalanceUpdated(_asset, assetsBalances[_asset]);Recommendation:
As the lookups internally perform an expensive keccak256 operation, we advise the lookups to be cached wherever possible to a single local declaration that either holds the value of the mapping in case of primitive types or holds a storage pointer to the struct contained.
Alleviation:
All inefficient mapping lookups have been significantly optimized per our recommendation, rendering this exhibit fully alleviated.
DPL-03C: Inexplicable Ownable Pattern
| Type | Severity | Location |
|---|---|---|
| Gas Optimization | | DefaultPool.sol:L43, L48 |
Description:
The DefaultPool inherits the OwnableUpgradeable implementation redundantly as it initializes it within the DefaultPool::setAddresses function and consequently renounces ownership in the same call.
Example:
36function setAddresses(address _vesselManagerAddress, address _activePoolAddress)37 external38 initializer39{40 require(!isInitialized, "Already initialized");41 isInitialized = true;42
43 __Ownable_init();44
45 vesselManagerAddress = _vesselManagerAddress;46 activePoolAddress = _activePoolAddress;47
48 renounceOwnership();49}Recommendation:
We advise it to be removed, inheriting the Initializable implementation of OpenZeppelin instead which is properly put in use within the contract.
Alleviation:
While the renunciation has been removed, the OwnableUpgradeable contract is still inherited by the DefaultPool. To properly alleviate this exhibit, we advise the OwnableUpgradeable contract to be omitted from the DefaultPool entirely.
DPL-04C: Redundant Initialization Paradigm
| Type | Severity | Location |
|---|---|---|
| Gas Optimization | | DefaultPool.sol:L29, L38, L40-L41 |
Description:
The DefaultPool contract inherits the OpenZeppelin OwnableUpgradeable implementation which contains the Initializable implementation, put in use within the DefaultPool::setAddresses function. As such, the manual isInitialized flag is redundant.
Example:
29bool public isInitialized;30
31mapping(address => uint256) internal assetsBalances;32mapping(address => uint256) internal debtTokenBalances;33
34// --- Dependency setters ---35
36function setAddresses(address _vesselManagerAddress, address _activePoolAddress)37 external38 initializer39{40 require(!isInitialized, "Already initialized");41 isInitialized = true;Recommendation:
We advise it and its validations to be omitted from the codebase as it is ineffectual and duplicates the purpose of the Initializable::initializer modifier.
Alleviation:
The manual initialization methodology has been removed from the contract as advised.