Omniscia Kyber Network Audit

BaseKEMHook Manual Review Findings

BKE-01M: Inexistent Restriction of Status

Type	Severity	Location
Input Sanitization		BaseKEMHook.sol: • I-1: L59-L65 • I-2: L67-L73

Description:

The BaseKEMHook::_updateClaimable and BaseKEMHook::_updateWhitelisted functions may emit the same UpdateClaimable / UpdateWhitelisted event multiple times for the same address and status combination as the newStatus is not actually validated as being a new state.

Impact:

As this exhibit solely impacts event emissions, its severity is capped to informational.

Example:

src/base/BaseKEMHook.sol

59function _updateClaimable(address[] memory accounts, bool newStatus) internal {
60  for (uint256 i = 0; i < accounts.length; i++) {
61    claimable[accounts[i]] = newStatus;
62
63    emit UpdateClaimable(accounts[i], newStatus);
64  }
65}
66
67function _updateWhitelisted(address[] memory accounts, bool newStatus) internal {
68  for (uint256 i = 0; i < accounts.length; i++) {
69    whitelisted[accounts[i]] = newStatus;
70
71    emit UpdateWhitelisted(accounts[i], newStatus);
72  }
73}

Recommendation:

We advise the code to ensure that the claimable / whitelisted state of an address actually changes by each respective function, preventing misleading event emissions.

Alleviation:

The Kyber Network team evaluated this exhibit but opted to acknowledge it in the current iteration of the codebase.

Omniscia Kyber Network Audit

BaseKEMHook Manual Review Findings

BaseKEMHook Manual Review Findings

BKE-01M: Inexistent Restriction of Status

Description:

Impact:

Example:

Recommendation:

Alleviation:

UniswapV4KEMHook.sol (UVK-S)

PancakeSwapInfinityKEMHook.sol (PVK-M)

On this page