Omniscia Mitosis Audit
BasicVault Static Analysis Findings
BasicVault Static Analysis Findings
BVT-01S: Inexistent Event Emissions
Type | Severity | Location |
---|---|---|
Language Specific | BasicVault.sol:L192-L194, L196-L198, L212-L214, L216-L218 |
Description:
The linked functions adjust sensitive contract variables yet do not emit an event for it.
Example:
192function allow(address account, Action action) external onlyOwner {193 _getStorageV1()._isAllowed[account][action] = true;194}
Recommendation:
We advise an event
to be declared and correspondingly emitted for each function to ensure off-chain processes can properly react to this system adjustment.
Alleviation (58e8cc66dfa900c03c47df78f5170d9960005629):
The ActionAllowed
, ActionDisallowed
, CapSet
, and RedeemPeriodSet
events were introduced to the codebase and are correspondingly emitted in the BasicVault::allow
, BasicVault::disallow
, BasicVault::setCap
, and BasicVault::setRedeemPeriod
functions respectively, addressing this exhibit in full.
BVT-02S: Multiple Top-Level Declarations
Type | Severity | Location |
---|---|---|
Code Style | BasicVault.sol:L16, L36, L71 |
Description:
The referenced file contains multiple top-level declarations that decrease the legibility of the codebase.
Example:
16contract BasicVaultStorageV1 {17 /// @custom:storage-location erc7201:mitosis.storage.BasicVault.v118 struct StorageV1 {19 IERC20 _asset;20 uint8 _underlyingDecimals;21 mapping(Action => bool) _isHalted;22 mapping(address => mapping(Action => bool)) _isAllowed;23 }24
25 // keccak256(abi.encode(uint256(keccak256("mitosis.storage.BasicVault.v1")) - 1)) & ~bytes32(uint256(0xff))26 bytes32 public constant StorageV1Location = 0xdfd1d7385a5871446aad353015e13a89d148fc3945543ae58683c6905a730600;27
28 function _getStorageV1() internal pure returns (StorageV1 storage $) {29 // slither-disable-next-line assembly30 assembly {31 $.slot := StorageV1Location32 }33 }34}35
36contract BasicVaultUtilStorageV1 {37 struct DepositLog {38 uint256 cumulative;39 uint256 amount;40 uint256 at;41 }42
43 struct DepositInfo {44 uint256 resolved;45 uint256 lastLogIdx;46 DepositLog[] logs;47 }48
49 /// @custom:storage-location erc7201:mitosis.storage.BasicVaultUtil.v150 struct UtilStorageV1 {51 ICap _cap;52 uint256 _redeemPeriod;53 mapping(address => DepositInfo) _deposits;54 }55
56 // keccak256(abi.encode(uint256(keccak256("mitosis.storage.BasicVaultUtil.v1")) - 1)) & ~bytes32(uint256(0xff))57 bytes32 public constant UtilStorageV1Location = 0xb74bb28fc0dafa03e97d9d2c2a11bb377bfd56ee8bbb7eda9a3949d9c8d49c00;58
59 function _getUtilStorageV1() internal pure returns (UtilStorageV1 storage $) {60 // slither-disable-next-line assembly61 assembly {62 $.slot := UtilStorageV1Location63 }64 }65}66
67/// @title BasicVault68/// @author Eddy <hong@manythings.xyz>69/// @notice A basic vault that holds a single asset as collateral and mint its IOU tokens to the user by 1:1 ratio.70/// @dev There's no reentrancy guard in this contract because it has support for ERC777 tokens.71contract BasicVault is
Recommendation:
We advise all highlighted top-level declarations to be split into their respective code files, avoiding unnecessary imports as well as increasing the legibility of the codebase.
Alleviation (58e8cc66dfa900c03c47df78f5170d9960005629):
The referenced top-level declaration(s) beyond the one that has the same name as the code file have been relocated to their dedicated file(s) (BasicVaultStorageV1.sol
, BasicVaultUtilStorageV1.sol
) and are instead imported as advised, increasing the code's clarity.