Omniscia Kwenta Audit

RewardEscrowV2 Manual Review Findings

RewardEscrowV2 Manual Review Findings

REV-01M: Truncation of Transferred Amounts

Description:

The referenced statements are meant to distribute the totalFee in halves, however, they do so by dividing it with 2 leaving a potential remainder in the contract.

Example:

contracts/RewardEscrowV2.sol
409uint256 proportionalFee = totalFee / 2;
410                kwenta.transfer(treasuryDAO, proportionalFee);
411                kwenta.transfer(earlyVestFeeDistributor, proportionalFee);
412                emit EarlyVestFeeSentToDAO(proportionalFee);
413                emit EarlyVestFeeSentToDistributor(proportionalFee);
414            }
415        }
416

417        if (total != 0) {
418            // Transfer kwenta
419            /// @dev this will revert if the kwenta token transfer fails
420            kwenta.transfer(msg.sender, total);
421        }
422

423        // trigger event
424        emit Vested(msg.sender, total);
425    }
426}
427

428/// @inheritdoc IRewardEscrowV2
429function importEscrowEntry(address _account, VestingEntry memory _entry)
430    external
431    onlyEscrowMigrator
432{
433    _mint(
434        _account, _entry.endTime, _entry.escrowAmount, _entry.duration, _entry.earlyVestingFee
435    );
436}
437

438/// @inheritdoc IRewardEscrowV2
439function createEscrowEntry(
440    address _beneficiary,
441    uint256 _deposit,

Recommendation:

We advise one of the two ERC20::transfer statements to utilize totalFee - proportionalFee as an input, incurring a 3 gas cost increase whilst preventing any dust from accumulating within the contract.

Alleviation:

The calculations referenced have been refactored to properly calculate the amountToTreasury and utilize the remainder for the secondary party, ensuring no truncation can occur and thus no funds can remain in the contract after the referenced transfer operations occur.

Prev

EscrowMigrator.sol (EMR-M)

Next

EarlyVestFeeDistributor.sol (EVF-C)

On this page