Omniscia Transient Audit
TSC Static Analysis Findings
TSC Static Analysis Findings
TSC-01S: Inexistent Access Control of Self Destruction
Type | Severity | Location |
---|---|---|
Logical Fault | Minor | TSC.sol:L354 |
Description:
The close
function does not impose any access control on who invokes it, potentially invoking the function before the execute_contract
is ready to consume the call.
Example:
354function close() public isOver {
Recommendation:
We advise access control to be evaluated for this function and if deemed necessary to be imposed similarly to the rest of the functions in the contract.
Alleviation:
The now named terminate
function has proper access control imposed on it as only the owner can invoke it via the onlyOwner
modifier.
TSC-02S: Potential Re-Entrancy Vulnerability
Type | Severity | Location |
---|---|---|
Language Specific | Minor | TSC.sol:L444 |
Description:
The transferEth
function performs an arbitrary native asset transfer that can lead to a re-entrancy occuring.
Example:
439function transferEth(uint256 _index) public payable onlyPartner isLive onlyStartTimming {440 require(listTransferETH.size > _index, "TSC: Invalid required functions");441 require(listTransferETH.list[_index].transfered == false, "TSC: Function is passed");442 require(msg.value >= listTransferETH.list[_index].value);443 listTransferETH.list[_index].transfered = true;444 listTransferETH.list[_index].receiver.transfer(listTransferETH.list[_index].value);445 passCount++;446 emit TransferEthCompleted(_index, listTransferETH.list[_index].receiver, listTransferETH.list[_index].value, block.timestamp);447}
Recommendation:
We advise the passCount
state change to be performed before the external native asset transfer to ensure the re-entrancy is not able to affect the contract's correct operation.
Alleviation:
The statements have been re-ordered and the passCount
variable is incremented prior to the external transfer ensuring re-entrancies cannot maliciously manifest.
TSC-03S: Unvalidated Boolean Return
Type | Severity | Location |
---|---|---|
External Call Validation | Minor | TSC.sol:L376, L378 |
Description:
The IExecute
interface denotes that the execute
and revert
functions are meant to yield a bool
value but no such value is validated in the codebase.
Example:
375if (completed) {376 IExecute(execute_contract).execute();377} else {378 IExecute(execute_contract).revert();379}
Recommendation:
We advise this to be evaluated as to whether it is true and if so proper validation of the returned bool
to be imposed.
Alleviation:
The development team has acknowledged this exhibit but decided to not apply its remediation in the current version of the codebase.
TSC-04S: Literal Boolean Comparison
Type | Severity | Location |
---|---|---|
Gas Optimization | Informational | TSC.sol:L441, L462 |
Description:
The linked statements perform a comparison between a bool
variable and a bool
value literal.
Example:
441require(listTransferETH.list[_index].transfered == false, "TSC: Function is passed");
Recommendation:
We advise the bool
variable to be utilized directly either in its negated (!
) or normal form as the equality check is redundant.
Alleviation:
The bool
variables are now directly utilized.