Omniscia Tren Finance Audit

TRENStaking Manual Review Findings

TRENStaking Manual Review Findings

TRN-01M: Incorrect Asset Gain Evaluation

Description:

The TRENStaking::checkAssetGain function will mistakenly query the pending debt token gain instead of the actual asset gain.

Impact:

The rewards distributed per asset are going to be invalid as they will utilize the amount of debt token owed instead of the per-asset gain.

Example:

contracts/TREN/TRENStaking.sol
262function checkAssetGain(address _asset) private {
263 uint256 assetGain = _getPendingDebtTokenGain(msg.sender);
264 if (assetGain != 0) {
265 _sendAssetGainToUser(_asset, assetGain);
266 emit StakingAssetGainWithdrawn(msg.sender, _asset, assetGain);
267 }
268}
269
270function calculateFeePerTRENStaked(uint256 _feeAmount) private view returns (uint256) {
271 return (_feeAmount * DECIMAL_PRECISION) / totalTRENStaked;
272}
273
274function _getPendingAssetGain(address _asset, address _user) private view returns (uint256) {
275 uint256 assetFeeSnapshot = snapshots[_user].assetsFeeSnapshot[_asset];
276 return (stakes[_user] * (assetsFee[_asset] - assetFeeSnapshot)) / DECIMAL_PRECISION;
277}
278
279function _getPendingDebtTokenGain(address _user) private view returns (uint256) {
280 uint256 debtTokenFeeSnapshot = snapshots[_user].debtTokenFeeSnapshot;
281 return (stakes[_user] * (totalDebtTokenFee - debtTokenFeeSnapshot)) / DECIMAL_PRECISION;
282}

Recommendation:

We advise the TRENStaking::_getPendingAssetGain function to be invoked instead, ensuring that the gains are properly queried and distributed.

Alleviation (f6f1ad0b8f24a96ade345db1dd05a1878eb0f761):

The code was corrected ensuring that asset gains are properly calculated and paid out, alleviating this exhibit in full.

TRN-02M: Incorrect Execution of Paused State Statements

Description:

The TRENStaking::isPaused modifier indicates that the system should transfer token fees to the treasury in a paused state without causing a transaction failure, however, the code will issue a revert statement right after crediting the funds to the treasury which will cause all state changes to be reverted.

Impact:

A pause of the TRENStaking system will cause all TRENStaking::increaseFeeAsset and TRENStaking::increaseFeeDebtToken invocations to fatally fail instead of being gracefully handled by redirecting funds to the treasury.

Example:

contracts/TREN/TRENStaking.sol
55modifier isPaused(address _token, uint256 _amount) {
56 if (paused()) {
57 sendToTreasury(_token, _amount);
58 revert TRENStaking__StakingOnPause();
59 }
60 _;
61}

Recommendation:

We advise the code to be revised, potentially relocating the special _; statement in an else branch of the if block and omitting the revert statement entirely.

Alleviation (f6f1ad0b8f):

The code was updated in an incorrect way, sending the funds to the treasury when a revert is not issued which would cause fund acquisition in functions such as TRENStaking::increaseFeeAsset to fail.

We advise the TRENStaking::sendToTreasury invocation to be relocated back to its original place and the revert statement to instead be omitted, ensuring that the contract sends funds to the treasury when it is paused.

Alleviation (73b9546eb9):

The code was updated per our original recommendation, ensuring that funds are redirected to the treasury solely when the system is in a paused state.