Omniscia Transient Audit
TerminateContractTemplate Manual Review Findings
TerminateContractTemplate Manual Review Findings
TCT-01M: Inexistent Reset Protection
Type | Severity | Location |
---|---|---|
Logical Fault | Medium | TerminateContractTemplate.sol:L11-L13 |
Description:
The setExpiration
function allows the owner to arbitrarily set the expiration
of the contract multiple times thus allowing them to trick users into thinking the contract will expire in the future whilst it can expire at any time.
Example:
11function setExpiration(uint256 _expiration) public virtual onlyOwner {12 expiration = _expiration;13}
Recommendation:
We advise the setExpiration
function to ensure that the expiration
of the contract is equal to 0
thus preventing the function from being invoked repeatedly.
Alleviation:
The development team has acknowledged this exhibit but decided to not apply its remediation in the current version of the codebase.
TCT-02M: Improper State Validation
Type | Severity | Location |
---|---|---|
Logical Fault | Minor | TerminateContractTemplate.sol:L20, L25 |
Description:
The state of block.timestamp == expiration
is not accounted for, leading to the contract being neither "Live" or "Over".
Example:
19modifier isLive() {20 require(expiration == 0 || block.timestamp < expiration, "Terminated: Time over");21 _;22}23
24modifier isOver() {25 require(expiration != 0 && block.timestamp > expiration, "Terminated: Contract is live");26 _;27}
Recommendation:
We advise either of the two checks to become inclusive ensuring that no ambiguous state exists in the contract.
Alleviation:
The isLive
modifier was adjusted to be inclusive of the expiration
value thus preventing an undefined state from ever being possible.