Omniscia Moby Audit

YieldToken Manual Review Findings

YTN-01M: Inexplicable Capability of Re-Configuration

Type	Severity	Location
Logical Fault		YieldToken.sol:L45-L48

Description:

The YieldToken::setInfo function permits the name and symbol of the token to be updated an arbitrary number of times.

Impact:

A compromise of the administrator account in control of the YieldToken can permit its name and symbol to be arbitrarily changed and thus be utilized in impersonation attacks.

Example:

contracts/tokens/YieldToken.sol

45function setInfo(string memory _name, string memory _symbol) external onlyAdmin {
46    name = _name;
47    symbol = _symbol;
48}

Recommendation:

Given that these variables are sensitive in the perception of the token, we advise them to be configurable only once.

Alleviation (b02fae335f62cc1f5f4236fb4d982ad16a32bd26):

The Moby team evaluated this exhibit and specified that they wish the name and symbol of the token to be update-able in the unlikely event that they need to update it.

As such, we consider this exhibit acknowledged.

Omniscia Moby Audit

YieldToken Manual Review Findings

YieldToken Manual Review Findings

YTN-01M: Inexplicable Capability of Re-Configuration

Description:

Impact:

Example:

Recommendation:

Alleviation (b02fae335f62cc1f5f4236fb4d982ad16a32bd26):

VaultUtils.sol (VUS-M)

BasePositionManager.sol (BPM-C)

On this page