Omniscia KlimaDAO Audit
AlphaKlimaRedeemUpgradeable Manual Review Findings
AlphaKlimaRedeemUpgradeable Manual Review Findings
AKR-01M: Inexistent Validation of Truncation
Type | Severity | Location |
---|---|---|
Mathematical Operations | Minor | AlphaKlimaRedeemUpgradeable.sol:L48 |
Description:
The migrate
function reduces the precision of its input amount
argument and as such can cause units of aKLIMA
to be permanently lost.
Example:
contracts/migration/upgradeable/AlphaKlimaRedeemUpgradeable.sol
41function migrate(uint256 amount) public {42 require(43 aKLIMA.balanceOf(_msgSender()) >= amount,44 "Error: Cannot Redeem More than User Balance"45 );46
47 aKLIMA.transferFrom(_msgSender(), address(this), amount);48 KLIMA.transfer(_msgSender(), amount.div(1e9));49
50 emit klimaRedeemed(_msgSender(), amount);51
52}
Recommendation:
We advise a new require
check to be introduced that ensures amount
is wholly divisible by 1e9
to prevent any dust from being lost.
Alleviation:
The KlimaDAO team responded by stating that truncation is unavoidable and as such it is considered a non-issue.