Omniscia QuickSwap Audit

TokenSwap Static Analysis Findings

TokenSwap Static Analysis Findings

TSP-01S: Inexistent Sanitization of Input Addresses

Description:

The constructor of the contract accepts to address-like arguments yet does not sanitize them.

Example:

contracts/TokenSwap.sol
44/**
45 * @dev This contract will receive xQUICK tokens, the users will be able to swap their QUICK tokens for xQUICK tokens
46 * as long as this contract holds enough amount. The swapped QUICK tokens will be burned(sent to DEAD address).
47 * Once the withdrawTimeout is reached, the owner will be able to withdraw the remaining xQUICK tokens.
48 * @param _quick QUICK token address
49 * @param _quickX xQUICK token address
50 * @param duration Time in number of blocks after which the owner will be able to withdraw the xQUICK tokens
51 * @param _swapRatio swap ratio for QUICK to xQUICK
52 */
53constructor (
54 IERC20 _quick,
55 IERC20 _quickX,
56 uint256 duration,
57 uint256 _swapRatio
58){
59 require(_swapRatio == 100 || _swapRatio == 1000, "Invalid swap ratio");
60
61 quick = _quick;
62 quickX = _quickX;
63 withdrawTimeout = block.number + duration;
64 swapRatio = _swapRatio * 1000;
65
66}

Recommendation:

We advise both IERC20 inputs to be properly sanitized as non-zero to avoid misconfiguration of the contract.

Alleviation:

Both input addresses are now properly sanitized against the zero-address.

TSP-02S: Unutilized Contract Variable

TypeSeverityLocation
Code StyleTokenSwap.sol:L12

Description:

The linked contract variable remains unutilized in the contract.

Example:

contracts/TokenSwap.sol
12bytes4 constant _PERMIT_SIGNATURE = 0xd505accf;

Recommendation:

We advise it to either be utilized or omitted from the codebase.

Alleviation:

The variable was removed from the codebase as advised.