Omniscia Rari Capital Audit

CErc20 Manual Review Findings

CE0-01M: Impossible Autonomous Deployment

Type	Severity	Location
Indeterminate Code	Minor	CErc20.sol:L21-L36

Description:

The code within the constructor of the contract was adjusted and thus cannot be deployed independently as the admin variable is no longer temporarily adjusted to bypass the check within initialize.

Example:

contracts/CErc20.sol

21function initialize(address underlying_,
22                    ComptrollerInterface comptroller_,
23                    InterestRateModel interestRateModel_,
24                    uint initialExchangeRateMantissa_,
25                    string memory name_,
26                    string memory symbol_,
27                    uint8 decimals_,
28                    uint256 reserveFactorMantissa_,
29                    uint256 adminFeeMantissa_) public {
30    // CToken initialize does the bulk of the work
31    super.initialize(comptroller_, interestRateModel_, initialExchangeRateMantissa_, name_, symbol_, decimals_, reserveFactorMantissa_, adminFeeMantissa_);
32
33    // Set underlying and sanity check it
34    underlying = underlying_;
35    EIP20Interface(underlying).totalSupply();
36}

Recommendation:

We advise that the ramifications of this are evaluated and if desired to be kept as is explicitly mentioned so within the constructor's description.

Alleviation:

In response to this finding Rari specified that the CErc20 token is not meant to be deployable independently as is the case with the main Compound implementation and thus this exhibit can be considered null.

Omniscia Rari Capital Audit

CErc20 Manual Review Findings

CErc20 Manual Review Findings

CE0-01M: Impossible Autonomous Deployment

Description:

Example:

Recommendation:

Alleviation:

CDaiDelegate.sol (CDD-M)

CErc20Delegate.sol (CED-M)

On this page