Omniscia Tokemak Network Audit

DefiRound Static Analysis Findings

DefiRound Static Analysis Findings

DRD-01S: Inexistent Zero-Address Check

Description:

The constructor of the contract accepts two address arguments that remain unsanitized.

Example:

contracts/defi-round/DefiRound.sol
48constructor(
49    // solhint-disable-next-line
50    address _WETH,
51    address _treasury,
52    uint256 _maxTotalValue
53) public {
54    WETH = _WETH;
55    treasury = _treasury;
56    currentStage = STAGES.STAGE_1;
57    
58    maxTotalValue = _maxTotalValue;
59}

Recommendation:

We advise proper sanitization to be applied by ensuring the said address variables are not equal to the zero address, thereby preventing any misconfiguration of the system from arising.

Alleviation:

Both arguments are now properly validated, preventing a misconfiguration of the system.

DRD-02S: Unused Return Value

TypeSeverityLocation
Logical FaultMinorDefiRound.sol:L249

Description:

The transfer invocation within finalizeAssets does not properly evaluate the return value, if any, of the ERC20 transfer invocation.

Example:

contracts/defi-round/DefiRound.sol
243if (depositToGenesis) {                
244    ILiquidityPool(tokenSettings[token].genesis)
245        .depositFor(msg.sender, ineffective);
246    return;
247} else {
248    // transfer ineffectiveTokenBalance back to user
249    IERC20(token).transfer(msg.sender, ineffective);
250}

Recommendation:

We advise the value to be properly handled by invoking the safeTransfer function as other segments of the contract do so.

Alleviation:

The safeTransfer function is now properly utilized in the linked statement.

Prev

Code Style

Next

EthPool.sol (EPL-S)

On this page