Omniscia Optimex Audit

OptimexCollateralToken Manual Review Findings

OptimexCollateralToken Manual Review Findings

OCT-01M: Potentially Inadvertent Authorization

Description:

The current OptimexCollateralToken::_update mechanism permits the token to be burned (i.e. transferred to the zero-address) at all times despite what its documentation implies due to the fact that the default value of the permittedRecipient is zero.

Impact:

The documentation of the OptimexCollateralToken::_update function is presently misleading and thus the code might be misbehaving.

Example:

contracts/tokens/OptimexCollateralToken.sol
91/**
92    @notice Burns the current balance of the contract
93    @dev This function will burn the current balance of the contract
94*/
95function _burnSelf() internal virtual {
96    uint256 selfBalance = balanceOf(address(this));
97    if (selfBalance > 0) {
98        _burn(address(this), selfBalance);
99        emit Burned(msg.sender, selfBalance);
100    }
101}
102

103/**
104    @notice Override of the `_update()` function from the ERC-20 implementation
105    @dev Adds special constraints to ensure that tokens can only be transferred
106      to the allowed recipient or the contract itself:
107        - recipient != address(this): in circulation
108        - recipient == address(this): out of circulation
109*/
110function _update(
111    address from,
112    address to,
113    uint256 amount
114) internal virtual override {
115    if (!(to == address(this) || to == permittedRecipient)) {
116        revert ErrorLib.RecipientNotPermitted(to);
117    }
118    super._update(from, to, amount);
119

120    if (to == address(this))
121        emit TokenDeallocated(msg.sender, from, amount);
122

123    /// Resets `permittedRecipient` to address(0) as a security measure to prevent
124    /// potential reuse of the previously permitted address in subsequent transactions,
125    /// in accordance with EIP-1153 transient storage best practices:
126    /// https://eips.ethereum.org/EIPS/eip-1153#security-considerations
127    permittedRecipient = address(0);
128}

Recommendation:

We advise the code's documentation to be updated to reflect this trait, or the system to be updated to enforce more rigorous checks in case a self-burn is performed to prevent non-self-burns from executing.

Alleviation (c11bae0aacaeb7f4e4b53c864f96917ca574182f):

The documentation of the code was updated to reflect the permittedRecipient == address(0) case, addressing this exhibit.

Prev

OptimexBTC.sol (OBT-M)

Next

AccountPositionManager.sol (APM-C)

On this page