Omniscia QuickSwap Audit
TokenSwap Code Style Findings
TokenSwap Code Style Findings
TSP-01C: Deprecated Function Signature Representation
| Type | Severity | Location |
|---|---|---|
| Code Style |  | TokenSwap.sol:L12 |
Description:
The linked representation of the permit function signature is using a bytes4 literal that has been deprecated.
Example:
11// bytes4(keccak256(bytes("permit(address,address,uint256,uint256,uint8,bytes32,bytes32)")));12bytes4 constant _PERMIT_SIGNATURE = 0xd505accf;Recommendation:
We advise the selector member of the permit function to be utilized instead by importing the draft-IERC20Permit dependency from OpenZeppelin and referencing the selector as IERC20Permit.permit.selector to the assignment.
Alleviation:
The variable is no longer part of the codebase rendering this exhibit nullified.
TSP-02C: Inexistent Visibility Specifier
| Type | Severity | Location |
|---|---|---|
| Code Style | | TokenSwap.sol:L12 |
Description:
The linked variable has no visibility specifier explicitly set.
Example:
12bytes4 constant _PERMIT_SIGNATURE = 0xd505accf;Recommendation:
We advise one to be set so to avoid potential compilation discrepancies in the future as the current behaviour is for the compiler to assign one automatically which may deviate between pragma versions.
Alleviation:
The variable is no longer part of the codebase rendering this exhibit nullified.
TSP-03C: Inexplicable Multiplication & Division of Conversion
| Type | Severity | Location |
|---|---|---|
| Mathematical Operations | | TokenSwap.sol:L59, L64, L78 |
Description:
The conversion mechanism within the TokenSwap contract offsets the input _swapRatio by 1000 and then removes the offset in a division performed within the quickToQuickX redundantly.
Example:
44/**45 * @dev This contract will receive xQUICK tokens, the users will be able to swap their QUICK tokens for xQUICK tokens46 * as long as this contract holds enough amount. The swapped QUICK tokens will be burned(sent to DEAD address).47 * Once the withdrawTimeout is reached, the owner will be able to withdraw the remaining xQUICK tokens.48 * @param _quick QUICK token address49 * @param _quickX xQUICK token address50 * @param duration Time in number of blocks after which the owner will be able to withdraw the xQUICK tokens51 * @param _swapRatio swap ratio for QUICK to xQUICK52 */53constructor (54 IERC20 _quick,55 IERC20 _quickX,56 uint256 duration,57 uint256 _swapRatio58){59 require(_swapRatio == 100 || _swapRatio == 1000, "Invalid swap ratio");60
61 quick = _quick;62 quickX = _quickX;63 withdrawTimeout = block.number + duration;64 swapRatio = _swapRatio * 1000;65
66}67
68/**69 * @notice Method that allows swap QUICK for xQUICK tokens at the ratio of 1 QUICK --> 1000 xQUICK70 * Users can either use the permit functionality, or approve previously the tokens and send an empty _permitData71 * @param quickAmount Amount of QUICK to swap72 */73function quickToQuickX(uint256 quickAmount) public {74 // receive and burn QUICK tokens75 quick.safeTransferFrom(msg.sender, DEAD, quickAmount);76
77 // transfer xQUICK tokens78 uint256 quickXAmount = (quickAmount * swapRatio) / 1000;79 quickX.safeTransfer(msg.sender, quickXAmount);80
81 emit QuickToQuickX(quickAmount, quickXAmount, msg.sender);82}Recommendation:
Given that no accuracy benefit is acquired from the order of operations, we advise both instances of the 1000 offset to be normalized.
Alleviation:
The code was adjusted to refactor the swapRatio value to a SWAP_RATIO constant that is consequently assigned to the value literal 1000 thereby alleviating this exhibit in full.
TSP-04C: Misleading Documentation
| Type | Severity | Location |
|---|---|---|
| Code Style | | TokenSwap.sol:L70 |
Description:
The linked documentation of the function is invalid.
Example:
68/**69 * @notice Method that allows swap QUICK for xQUICK tokens at the ratio of 1 QUICK --> 1000 xQUICK70 * Users can either use the permit functionality, or approve previously the tokens and send an empty _permitData71 * @param quickAmount Amount of QUICK to swap72 */73function quickToQuickX(uint256 quickAmount) public {74 // receive and burn QUICK tokens75 quick.safeTransferFrom(msg.sender, DEAD, quickAmount);76
77 // transfer xQUICK tokens78 uint256 quickXAmount = (quickAmount * swapRatio) / 1000;79 quickX.safeTransfer(msg.sender, quickXAmount);80
81 emit QuickToQuickX(quickAmount, quickXAmount, msg.sender);82}Recommendation:
We advise it to be corrected.
Alleviation:
The misleading documentation was removed from the codebase.