Omniscia Tren Finance Audit

LockedTREN Manual Review Findings

LTR-01M: Inexistent Validation of Reduction

Type	Severity	Location
Logical Fault		LockedTREN.sol:L72, L85

Description:

The LockedTREN::lowerEntityVesting function does not validate that the newTotalSupply is less than the vesting rule's existing supply, permitting it to be increased instead which can lead to a faster vesting time or permanently disabled vesting entry.

Impact:

An accidental or purposeful increase of a vesting entry's supply can result in the vesting entry being vested faster, acquiring tokens meant for other vesting entries, or becoming inexecutable altogether.

Example:

contracts/TREN/LockedTREN.sol

70function lowerEntityVesting(
71    address _entity,
72    uint256 newTotalSupply
73)
74    public
75    onlyOwner
76    entityRuleExists(_entity)
77{
78    sendTRENTokenToEntity(_entity);
79    Rule storage vestingRule = entitiesVesting[_entity];
80
81    if (newTotalSupply <= vestingRule.claimed) {
82        revert LockedTREN__TotalSupplyLessThanClaimed();
83    }
84
85    vestingRule.totalSupply = newTotalSupply;
86}

Recommendation:

We advise the newTotalSupply variable to be validated as less than the vestingRule.totalSupply, ensuring a reduction has properly taken place.

Alleviation (f6f1ad0b8f24a96ade345db1dd05a1878eb0f761):

The code was updated to ensure that the newTotalSupply is less than the vestingRule.totalSupply value, addressing this exhibit.

LTR-02M: Inexistent Maintenance of Assigned Tokens

Type	Severity	Location
Logical Fault		LockedTREN.sol:L85, L92

Description:

The LockedTREN::lowerEntityVesting function, in contrast to its LockedTREN::removeEntityVesting function, will not maintain the assignedTRENTokens data entry causing tokens that were reduced to be lost in the contract.

Impact:

Any tokens that were lowered from an entity's vesting entry will be lost in the contract permanently.

Example:

contracts/TREN/LockedTREN.sol

70function lowerEntityVesting(
71    address _entity,
72    uint256 newTotalSupply
73)
74    public
75    onlyOwner
76    entityRuleExists(_entity)
77{
78    sendTRENTokenToEntity(_entity);
79    Rule storage vestingRule = entitiesVesting[_entity];
80
81    if (newTotalSupply <= vestingRule.claimed) {
82        revert LockedTREN__TotalSupplyLessThanClaimed();
83    }
84
85    vestingRule.totalSupply = newTotalSupply;
86}
87
88function removeEntityVesting(address _entity) public onlyOwner entityRuleExists(_entity) {
89    sendTRENTokenToEntity(_entity);
90    Rule memory vestingRule = entitiesVesting[_entity];
91
92    assignedTRENTokens = assignedTRENTokens - (vestingRule.totalSupply - vestingRule.claimed);
93
94    delete entitiesVesting[_entity];
95}

Recommendation:

We advise the assignedTRENTokens data entry to be properly maintained by calculating the "total supply" reduction and subtracting it from the assignedTRENTokens data entry.

Alleviation (f6f1ad0b8f24a96ade345db1dd05a1878eb0f761):

The code has been updated to properly maintain the assignedTRENTokens data entry, alleviating this exhibit.

Omniscia Tren Finance Audit

LockedTREN Manual Review Findings

LockedTREN Manual Review Findings

LTR-01M: Inexistent Validation of Reduction

Description:

Impact:

Example:

Recommendation:

Alleviation (f6f1ad0b8f24a96ade345db1dd05a1878eb0f761):

LTR-02M: Inexistent Maintenance of Assigned Tokens

Description:

Impact:

Example:

Recommendation:

Alleviation (f6f1ad0b8f24a96ade345db1dd05a1878eb0f761):

FlashLoan.sol (FLN-M)

PriceFeed.sol (PFD-M)

On this page