Omniscia Kyo Finance Audit
TokenStreamSplitter Code Style Findings
TokenStreamSplitter Code Style Findings
TSS-01C: External Requirements of Sensitive Functions
| Type | Severity | Location |
|---|---|---|
| Standard Conformity |  | TokenStreamSplitter.sol: • I-1: L40-L44 • I-2: L46-L49 • I-3: L63-L66 • I-4: L68-L71 |
Description:
The referenced functions of the TokenStreamSplitter will require an invocation of the TokenStreamSplitter::_distribute function before each invocation to function properly as otherwise they will misbehave by not accounting for any yet-to-be-distributed funds.
Example:
68function _enable(address account) internal {69 _poke(account);70 ledger.enable(account);71}72
73function _distribute() internal {74 if (!_shouldDistribute()) return;75 address[] memory inputTokens = _inputTokens();76 bool modified;77 for (uint256 i = 0; i < inputTokens.length; i++) {78 address token = inputTokens[i];79 uint128 pendingAmount = _pendingInputAmountWithUpdate(token);80 uint128 lastSeen = lastSeenPendingInputAmounts[token];81 if (pendingAmount > lastSeen) {82 modified = true;83 ledger.distribute(token, pendingAmount - lastSeen);84 lastSeenPendingInputAmounts[token] = pendingAmount;85 }86 }87 if (modified) distributeCount += 1;88}Recommendation:
While invocations throughout the Kyo Finance team's codebase are presently secure, we advise the functions to be bundled in the TokenStreamSplitter implementations to ensure usage consistency across the codebase and ease-of-integration.
Alleviation (17c8d4e59f398021156f6f9657ff278aae0462ae):
A TokenStreamSplitter::_distribute function call was introduced in all four instances of the exhibit thereby no longer requiring the distribution to be invoked externally and thus addressing this exhibit.
TSS-02C: Inexplicable Variable Type
| Type | Severity | Location |
|---|---|---|
| Standard Conformity | | TokenStreamSplitter.sol:L26, L87, L119 |
Description:
The referenced uint256 data type is toggled between the states of 0 and 1, indicating that it is misrepresented.
Example:
73function _distribute() internal {74 if (!_shouldDistribute()) return;75 address[] memory inputTokens = _inputTokens();76 bool modified;77 for (uint256 i = 0; i < inputTokens.length; i++) {78 address token = inputTokens[i];79 uint128 pendingAmount = _pendingInputAmountWithUpdate(token);80 uint128 lastSeen = lastSeenPendingInputAmounts[token];81 if (pendingAmount > lastSeen) {82 modified = true;83 ledger.distribute(token, pendingAmount - lastSeen);84 lastSeenPendingInputAmounts[token] = pendingAmount;85 }86 }87 if (modified) distributeCount += 1;88}Recommendation:
We advise the variable to be set as a bool and to have its variable name adjusted to indicate that it is a flag rather than an actual count of distributions.
Alleviation (17c8d4e59f398021156f6f9657ff278aae0462ae):
The Kyo Finance team evaluated this exhibit but opted to acknowledge it in the current iteration of the codebase.
TSS-03C: Redundant Usage of Immutable Variable
| Type | Severity | Location |
|---|---|---|
| Gas Optimization | | TokenStreamSplitter.sol:L27, L30 |
Description:
The referenced immutable variable is inefficient as its assignment comprises a value that is known at compile time.
Example:
27bytes32 private immutable distributeCountAtLastPoke;28
29constructor() {30 distributeCountAtLastPoke = SlotDerivation.erc7201Slot("TokenStreamEmitter.DCALP");31}Recommendation:
We advise the variable to be set as constant and its calculation to be relocated to its declaration, optimizing the code's gas cost.
Alleviation (17c8d4e59f398021156f6f9657ff278aae0462ae):
The Kyo Finance team evaluated this exhibit but opted to acknowledge it in the current iteration of the codebase.