Omniscia Moby Audit

BaseToken Manual Review Findings

BTN-01M: Inexplicable Capability of Re-Configuration

Type	Severity	Location
Logical Fault		BaseToken.sol:L44-L47

Description:

The BaseToken::setInfo function permits the name and symbol of the token to be updated an arbitrary number of times.

Impact:

A compromise of the administrator account in control of the BaseToken can permit its name and symbol to be arbitrarily changed and thus be utilized in impersonation attacks.

Example:

contracts/tokens/BaseToken.sol

44function setInfo(string memory _name, string memory _symbol) external onlyAdmin {
45    name = _name;
46    symbol = _symbol;
47}

Recommendation:

Given that these variables are sensitive in the perception of the token, we advise them to be configurable only once.

Alleviation (b02fae335f62cc1f5f4236fb4d982ad16a32bd26):

The Moby team evaluated this exhibit and specified that they wish the name and symbol of the token to be update-able in the unlikely event that they need to update it.

As such, we consider this exhibit acknowledged.

Omniscia Moby Audit

BaseToken Manual Review Findings

BaseToken Manual Review Findings

BTN-01M: Inexplicable Capability of Re-Configuration

Description:

Impact:

Example:

Recommendation:

Alleviation (b02fae335f62cc1f5f4236fb4d982ad16a32bd26):

BasePositionManager.sol (BPM-M)

Controller.sol (CRE-M)

On this page