Omniscia Tangible Audit

LayerZeroRebaseTokenUpgradeable Code Style Findings

LZR-01C: Cross-Chain Amount Truncation

Type	Severity	Location
Code Style		LayerZeroRebaseTokenUpgradeable.sol:L154, L159

Description:

The SendToChain event's amount emitted during the LayerZeroRebaseTokenUpgradeable::_send function may not be equal to the actual amount transferred by the function due to potential truncation in the LayerZeroRebaseTokenUpgradeable::_debitFrom function.

Impact:

In contrast to the EIP-20 related exhibit, this one relates to a custom event and thus is of minimal impact.

Example:

src/LayerZeroRebaseTokenUpgradeable.sol

153Message memory message = Message({
154    shares: _debitFrom(from, dstChainId, toAddress, amount),
155    rebaseIndex: rebaseIndex(),
156    nonce: _rebaseNonce()
157});
158
159emit SendToChain(dstChainId, from, toAddress, amount);

Recommendation:

We advise the amount value emitted in the SendToChain event within LayerZeroRebaseTokenUpgradeable::_send to be set to the message.shares.toTokens(message.rebaseIndex) value, ensuring that the amount emitted matches the actual one transferred by the cross-chain transfer.

Alleviation (47fbf62bbbf2409ff0baf9a18a2945466cb2a576):

The amount emitted within the SendToChain event has been corrected as advised, ensuring that it always corresponds to the actual amount debited from the from address.

Omniscia Tangible Audit

LayerZeroRebaseTokenUpgradeable Code Style Findings

LayerZeroRebaseTokenUpgradeable Code Style Findings

LZR-01C: Cross-Chain Amount Truncation

Description:

Impact:

Example:

Recommendation:

Alleviation (47fbf62bbbf2409ff0baf9a18a2945466cb2a576):

CrossChainRebaseTokenUpgradeable.sol (CCR-C)

LzAppUpgradeable.sol (LAU-C)

On this page