Omniscia Mitosis Audit
BasicVault Static Analysis Findings
BasicVault Static Analysis Findings
BVT-01S: Inexistent Event Emissions
| Type | Severity | Location |
|---|---|---|
| Language Specific |  | BasicVault.sol:L192-L194, L196-L198, L212-L214, L216-L218 |
Description:
The linked functions adjust sensitive contract variables yet do not emit an event for it.
Example:
192function allow(address account, Action action) external onlyOwner {193 _getStorageV1()._isAllowed[account][action] = true;194}Recommendation:
We advise an event to be declared and correspondingly emitted for each function to ensure off-chain processes can properly react to this system adjustment.
Alleviation (58e8cc66dfa900c03c47df78f5170d9960005629):
The ActionAllowed, ActionDisallowed, CapSet, and RedeemPeriodSet events were introduced to the codebase and are correspondingly emitted in the BasicVault::allow, BasicVault::disallow, BasicVault::setCap, and BasicVault::setRedeemPeriod functions respectively, addressing this exhibit in full.
BVT-02S: Multiple Top-Level Declarations
| Type | Severity | Location |
|---|---|---|
| Code Style | | BasicVault.sol:L16, L36, L71 |
Description:
The referenced file contains multiple top-level declarations that decrease the legibility of the codebase.
Example:
16contract BasicVaultStorageV1 {17 /// @custom:storage-location erc7201:mitosis.storage.BasicVault.v118 struct StorageV1 {19 IERC20 _asset;20 uint8 _underlyingDecimals;21 mapping(Action => bool) _isHalted;22 mapping(address => mapping(Action => bool)) _isAllowed;23 }24
25 // keccak256(abi.encode(uint256(keccak256("mitosis.storage.BasicVault.v1")) - 1)) & ~bytes32(uint256(0xff))26 bytes32 public constant StorageV1Location = 0xdfd1d7385a5871446aad353015e13a89d148fc3945543ae58683c6905a730600;27
28 function _getStorageV1() internal pure returns (StorageV1 storage $) {29 // slither-disable-next-line assembly30 assembly {31 $.slot := StorageV1Location32 }33 }34}35
36contract BasicVaultUtilStorageV1 {37 struct DepositLog {38 uint256 cumulative;39 uint256 amount;40 uint256 at;41 }42
43 struct DepositInfo {44 uint256 resolved;45 uint256 lastLogIdx;46 DepositLog[] logs;47 }48
49 /// @custom:storage-location erc7201:mitosis.storage.BasicVaultUtil.v150 struct UtilStorageV1 {51 ICap _cap;52 uint256 _redeemPeriod;53 mapping(address => DepositInfo) _deposits;54 }55
56 // keccak256(abi.encode(uint256(keccak256("mitosis.storage.BasicVaultUtil.v1")) - 1)) & ~bytes32(uint256(0xff))57 bytes32 public constant UtilStorageV1Location = 0xb74bb28fc0dafa03e97d9d2c2a11bb377bfd56ee8bbb7eda9a3949d9c8d49c00;58
59 function _getUtilStorageV1() internal pure returns (UtilStorageV1 storage $) {60 // slither-disable-next-line assembly61 assembly {62 $.slot := UtilStorageV1Location63 }64 }65}66
67/// @title BasicVault68/// @author Eddy <hong@manythings.xyz>69/// @notice A basic vault that holds a single asset as collateral and mint its IOU tokens to the user by 1:1 ratio.70/// @dev There's no reentrancy guard in this contract because it has support for ERC777 tokens.71contract BasicVault isRecommendation:
We advise all highlighted top-level declarations to be split into their respective code files, avoiding unnecessary imports as well as increasing the legibility of the codebase.
Alleviation (58e8cc66dfa900c03c47df78f5170d9960005629):
The referenced top-level declaration(s) beyond the one that has the same name as the code file have been relocated to their dedicated file(s) (BasicVaultStorageV1.sol, BasicVaultUtilStorageV1.sol) and are instead imported as advised, increasing the code's clarity.