Omniscia Kyo Finance Audit
Emission Manual Review Findings
Emission Manual Review Findings
ENO-01M: Inexistent Specification of EIP-20 Token Metadata
| Type | Severity | Location |
|---|---|---|
| Standard Conformity |  | Emission.sol:L31 |
Description:
The Emission contract does not define its name and symbol EIP-20 metadata.
Example:
31constructor(IERC20 rewardToken_, IERC20 ballot_, IEmissionSchedule schedule) Ownable(msg.sender) ERC20("", "") ERC4626TokenStreamSplitter(ballot_) {Recommendation:
We advise these arguments to be properly configured, ensuring that the Emission contract results in a properly-parseable EIP-20 token.
Alleviation (17c8d4e59f398021156f6f9657ff278aae0462ae):
The Kyo Finance team evaluated this exhibit but opted to acknowledge it in the current iteration of the codebase.
ENO-02M: Inexistent Validation of Input Token
| Type | Severity | Location |
|---|---|---|
| Logical Fault |  | Emission.sol:L55-L57 |
Description:
The Emission::_tokenInputPerSecondX128 function will not validate that the input token_ matches the contract's rewardToken in contradiction with the Emission::_pendingInputAmountUncached function.
Impact:
The Emission contract will yield a non-zero token input per second incorrectly for any token besides the rewardToken.
Example:
55function _tokenInputPerSecondX128(address token_) internal view virtual override returns (uint256) {56 return emissionSchedule.emissionRateAt(block.timestamp);57}Recommendation:
We advise such validation to be introduced, yielding a value of 0 for any token that does not match the rewardToken configured.
Alleviation (17c8d4e59f398021156f6f9657ff278aae0462ae):
The input token of the Emission::_tokenInputPerSecondX128 function is properly sanitized in the latest implementation, addressing this exhibit.