Omniscia Mean Finance Audit
TransformerRegistry Static Analysis Findings
TransformerRegistry Static Analysis Findings
TRY-01S: Potential Lock of Native Assets
| Type | Severity | Location |
|---|---|---|
| Language Specific |  | TransformerRegistry.sol:L173 |
Description:
The linked receive / fallback function performs no sanitization as to its caller and no function within the contract makes use of native balance at rest.
Impact:
Any native funds accidentally sent to the contract may be forever locked.
Example:
173receive() external payable {}Recommendation:
We advise the code to properly prohibit accidental native assets from being permanently locked in the contract by introducing a require check restricting the msg.sender to the contract(s) expected to transfer assets to the system (i.e. in case of a wrapped native version of an asset, only the WXXX contract address should be allowed). Alternatively, if the contract is not expected to receive native assets the function should be removed in its entirety.
Alleviation (6ed56b5449ca241fc6be369d44f392f1f5313f93):
The Mean Finance team evaluated this exhibit but opted not to apply a remediation for it in the current version of the codebase as they deem it a non-issue. As a result, we consider the exhibit acknowledged.