gOHM Manual Review Findings

OHM-01M: Improper State Control of Migration

Description:

The migrate function, as its documentation states, should only be invoke-able once during the contract migration, however, the logical checks it enforces allow it to be invoked and thus set very sensitive contract variables an arbitrary number of times.

Example:

Copy
120/**
121 * @notice transfer mint rights from migrator to staking
122 * @notice can only be done once, at the time of contract migration
123 * @param _staking address
124 * @param _sOHM address
125 */
126function migrate(address _staking, address _sOHM) external override onlyApproved {
127    require(_staking != approved);
128
129    require(_staking != address(0));
130    approved = _staking;
131
132    require(_sOHM != address(0));
133    sOHM = IsOHM(_sOHM);
134}

Recommendation:

We strongly recommend the function to ensure that sOHM has not been previously set as otherwise, there is no protection preventing re-setting those variables.

Alleviation:

A dedicated migrated flag has been introduced to the codebase and is being used as a flag to indicate whether migrate has been invoked before thereby preventing its re-execution and alleviating this exhibit.