dex Manual Review Findings

DEX-01M: Pull-Over-Push Pattern

Description:

The TransferOwnership function overwrites the previously set Owner with the NewAddress without ensuring that the NewAddress is able to transact on the blockchain.

Example:

Copy
27function TransferOwnerShip(address payable NewAddress) public OnlyOwner {
28    require(NewAddress!=address(0),"TransferOwnerShip Denied");
29    Owner = NewAddress;
30}

Recommendation:

We advise the pull-over-push pattern to be applied whereby a new owner is first proposed and consequently needs to accept ownership by invoking a dedicated function.

Alleviation:

The development team has acknowledged this exhibit but decided to not apply its remediation in the current version of the codebase citing time constraints.