Omniscia Tren Finance Audit

DebtToken Manual Review Findings

DTN-01M: Inexplicable Capability of Reconfiguration

Type	Severity	Location
Logical Fault		DebtToken.sol:L81-L109

Description:

The DebtToken::setAddresses function permits sensitive contract members to be reconfigured inexplicably.

Impact:

As the contract is not upgradeable, ensuring that the DebtToken::setAddresses function cannot be re-invoked will ensure that a compromise of the contract's owner has minimal impact.

Example:

contracts/DebtToken.sol

87function setAddresses(
88    address _borrowerOperationsAddress,
89    address _stabilityPoolAddress,
90    address _trenBoxManagerAddress
91)
92    external
93    onlyOwner
94{
95    if (
96        _borrowerOperationsAddress == address(0) || _stabilityPoolAddress == address(0)
97            || _trenBoxManagerAddress == address(0)
98    ) {
99        revert DebtToken__InvalidAddressToConnect();
100    }
101
102    borrowerOperationsAddress = _borrowerOperationsAddress;
103    stabilityPoolAddress = _stabilityPoolAddress;
104    trenBoxManagerAddress = _trenBoxManagerAddress;
105
106    emit ProtocolContractsAddressesSet(
107        _borrowerOperationsAddress, _stabilityPoolAddress, _trenBoxManagerAddress
108    );
109}

Recommendation:

We advise the function to prevent re-invocation by ensuring that all entries written to are equal to the zero address.

Alleviation (f6f1ad0b8f24a96ade345db1dd05a1878eb0f761):

An if-revert check was introduced that prevents the function's execution if the addresses configured have already been set, addressing this exhibit.

Omniscia Tren Finance Audit

DebtToken Manual Review Findings

DebtToken Manual Review Findings

DTN-01M: Inexplicable Capability of Reconfiguration

Description:

Impact:

Example:

Recommendation:

Alleviation (f6f1ad0b8f24a96ade345db1dd05a1878eb0f761):

BorrowerOperations.sol (BOS-M)

FixedPriceAggregator.sol (FPA-M)

On this page