Omniscia Tokemak Network Audit

Redeem Manual Review Findings

Redeem Manual Review Findings

RED-01M: Inexplicable Functionality

TypeSeverityLocation
Logical FaultMediumRedeem.sol:L44-L49

Description:

The convert function currently only burns the fromToken balance of the caller.

Example:

contracts/redeem/Redeem.sol
44function convert() external {
45 uint256 fromBal = IERC20(fromToken).balanceOf(msg.sender);
46 require(fromBal > 0, "INSUFFICIENT_BALANCE");
47 ERC20Burnable(fromToken).burnFrom(msg.sender, fromBal);
48 // IStaking(stakingContract).stakeFor(msg.sender, fromBal);
49}

Recommendation:

We advise the commented out code to be uncommented as its functionality is currently incorrect.

Alleviation:

The commented statement was replaced by a depositFor invocation on the staking contract now properly performing a "conversion".