Omniscia Tokemak Network Audit

Pool Static Analysis Findings

Pool Static Analysis Findings

POO-01S: Inexistent Event

TypeSeverityLocation
Code StyleInformationalPool.sol:L60-L91

Description:

The withdraw function performs a sensitive contract operation but does not inform external parties of such an action.

Example:

contracts/pools/Pool.sol
60function withdraw(uint256 requestedAmount) external override {
61 require(
62 requestedAmount <= requestedWithdrawals[msg.sender].amount,
63 "WITHDRAW_INSUFFICIENT_BALANCE"
64 );
65
66 uint256 amount =
67 Math.min(
68 requestedWithdrawals[msg.sender].amount,
69 Math.min(underlyer.balanceOf(address(this)), requestedAmount)
70 );
71
72 require(amount > 0, "NO_WITHDRAWAL");
73 require(
74 requestedWithdrawals[msg.sender].minCycle <= manager.getCurrentCycleIndex(),
75 "INVALID_CYCLE"
76 );
77
78 requestedWithdrawals[msg.sender].amount = requestedWithdrawals[msg.sender].amount.sub(
79 amount
80 );
81
82 if (requestedWithdrawals[msg.sender].amount == 0) {
83 delete requestedWithdrawals[msg.sender];
84 }
85
86 withheldLiquidity = withheldLiquidity.sub(amount);
87
88 underlyer.safeTransfer(msg.sender, amount);
89
90 _burn(msg.sender, amount);
91}

Recommendation:

We advise a corresponding event to be coded and emitted within the function block to ensure ease-of-integration by external parties.

Alleviation:

The Tokemak team stated that the events emitted by the inner code paths should be sufficient to track behaviour.