Omniscia Sovryn Audit
ThresholdProxyAdmin Static Analysis Findings
ThresholdProxyAdmin Static Analysis Findings
TPA-01S: Inapplicacy of Checks-Effects-Interactions
| Type | Severity | Location |
|---|---|---|
| Logical Fault | Minor | ThresholdProxyAdmin.sol:L63-L74 |
Description:
The _acceptProposal function conducts the action of the proposal first prior to removing it from storage.
Example:
contracts/upgradability/ThresholdProxyAdmin.sol
63function _acceptProposal(Proposal memory newProp) internal {64 if(newProp.action == Action.Upgrade) {65 if(newProp.data.length == 0) {66 BaseAdminUpgradeabilityProxy(proxy).upgradeTo(newProp.target);67 } else {68 BaseAdminUpgradeabilityProxy(proxy).upgradeToAndCall(newProp.target, newProp.data);69 }70 } else if(newProp.action == Action.ChangeAdmin) {71 BaseAdminUpgradeabilityProxy(proxy).changeAdmin(newProp.target);72 }73 _removeProposal(newProp);74}Recommendation:
We advise the order of actions to be reversed whereby the proposal is first removed and then actuated to conform to the Checks-Effects-Interactions security pattern given that a re-entrancy condition can materialize.
Alleviation:
The contract no longer exists in the codebase and this exhibit can be considered null.