Omniscia Tren Finance Audit
TRENStaking Manual Review Findings
TRENStaking Manual Review Findings
TRN-01M: Incorrect Asset Gain Evaluation
Type | Severity | Location |
---|---|---|
Logical Fault | TRENStaking.sol:L263, L274 |
Description:
The TRENStaking::checkAssetGain
function will mistakenly query the pending debt token gain instead of the actual asset gain.
Impact:
The rewards distributed per asset are going to be invalid as they will utilize the amount of debt token owed instead of the per-asset gain.
Example:
262function checkAssetGain(address _asset) private {263 uint256 assetGain = _getPendingDebtTokenGain(msg.sender);264 if (assetGain != 0) {265 _sendAssetGainToUser(_asset, assetGain);266 emit StakingAssetGainWithdrawn(msg.sender, _asset, assetGain);267 }268}269
270function calculateFeePerTRENStaked(uint256 _feeAmount) private view returns (uint256) {271 return (_feeAmount * DECIMAL_PRECISION) / totalTRENStaked;272}273
274function _getPendingAssetGain(address _asset, address _user) private view returns (uint256) {275 uint256 assetFeeSnapshot = snapshots[_user].assetsFeeSnapshot[_asset];276 return (stakes[_user] * (assetsFee[_asset] - assetFeeSnapshot)) / DECIMAL_PRECISION;277}278
279function _getPendingDebtTokenGain(address _user) private view returns (uint256) {280 uint256 debtTokenFeeSnapshot = snapshots[_user].debtTokenFeeSnapshot;281 return (stakes[_user] * (totalDebtTokenFee - debtTokenFeeSnapshot)) / DECIMAL_PRECISION;282}
Recommendation:
We advise the TRENStaking::_getPendingAssetGain
function to be invoked instead, ensuring that the gains are properly queried and distributed.
Alleviation (f6f1ad0b8f24a96ade345db1dd05a1878eb0f761):
The code was corrected ensuring that asset gains are properly calculated and paid out, alleviating this exhibit in full.
TRN-02M: Incorrect Execution of Paused State Statements
Type | Severity | Location |
---|---|---|
Logical Fault | TRENStaking.sol:L57, L58 |
Description:
The TRENStaking::isPaused
modifier indicates that the system should transfer token fees to the treasury in a paused state without causing a transaction failure, however, the code will issue a revert
statement right after crediting the funds to the treasury which will cause all state changes to be reverted.
Impact:
A pause of the TRENStaking
system will cause all TRENStaking::increaseFeeAsset
and TRENStaking::increaseFeeDebtToken
invocations to fatally fail instead of being gracefully handled by redirecting funds to the treasury.
Example:
55modifier isPaused(address _token, uint256 _amount) {56 if (paused()) {57 sendToTreasury(_token, _amount);58 revert TRENStaking__StakingOnPause();59 }60 _;61}
Recommendation:
We advise the code to be revised, potentially relocating the special _;
statement in an else
branch of the if
block and omitting the revert
statement entirely.
Alleviation (f6f1ad0b8f):
The code was updated in an incorrect way, sending the funds to the treasury when a revert
is not issued which would cause fund acquisition in functions such as TRENStaking::increaseFeeAsset
to fail.
We advise the TRENStaking::sendToTreasury
invocation to be relocated back to its original place and the revert
statement to instead be omitted, ensuring that the contract sends funds to the treasury when it is paused.
Alleviation (73b9546eb9):
The code was updated per our original recommendation, ensuring that funds are redirected to the treasury solely when the system is in a paused state.