Omniscia Xcaliswap Audit

Multiswap Code Style Findings

Multiswap Code Style Findings

MPA-01C: Inexistent Error Messages

TypeSeverityLocation
Code StyleMultiswap.sol:L98, L101

Description:

The linked require checks have no error messages explicitly defined.

Example:

contracts/periphery/Multiswap.sol
98require(token.code.length > 0);

Recommendation:

We advise each to be set so to increase the legibility of the codebase and aid in validating the require checks' conditions.

Alleviation:

The Xcaliswap team has removed the _safeTransfer function.

MPA-02C: Redundant Consecutive Checks

TypeSeverityLocation
Gas OptimizationMultiswap.sol:L42, L54

Description:

The linked require checks evaluate that a particular value is greater-than zero and then evaluate that it is greater-than a positive number.

Example:

contracts/periphery/Multiswap.sol
40if (eth = (_token == address(0))) {
41    // Caller wants to multiswap some ETH
42    require(msg.value > 0 && msg.value > 10000, "no ETH sent");
43    preBalance = address(this).balance;
44    for (uint i = 0; i < length; ++i) { 
45        uint amount_ = msg.value * _weights[i] / 10000;
46        (bool success, bytes memory data) = router.call{value: amount_}(_swapData[i]);
47        if (!success) revert ErrorSwapping(i);
48        uint[] memory out = abi.decode(data, (uint[]));
49        amountsOut[i] = out[out.length - 1];
50    }
51    postBalance = address(this).balance;
52} else {
53    // Caller wants to multiswap a token
54    require(_amount > 0 && _amount > 10000, "no tokens sent");
55    preBalance = IERC20(_token).balanceOf(address(this));
56    IERC20(_token).transferFrom(msg.sender, address(this), _amount);
57    IERC20(_token).approve(router, _amount);
58    for (uint i = 0; i < length; ++i) {
59        (bool success, bytes memory data) = router.call(_swapData[i]);
60        if (!success) revert ErrorSwapping(i);
61        uint[] memory out = abi.decode(data, (uint[]));
62        amountsOut[i] = out[out.length - 1];
63    }
64    postBalance = IERC20(_token).balanceOf(address(this));
65}

Recommendation:

We advise only the greater-than comparison with a positive number to be retained as it indirectly guarantees that the greater-than zero evaluation will yield true.

Alleviation:

The Xcaliswap team is now only evaluating the greater-than zero check.

MPA-03C: Repetitive Value Literal

TypeSeverityLocation
Code StyleMultiswap.sol:L42, L45, L54, L86

Description:

The linked value literal is repeated across the codebase multiple times.

Example:

contracts/periphery/Multiswap.sol
42require(msg.value > 0 && msg.value > 10000, "no ETH sent");

Recommendation:

We advise it to be set to a constant variable instead optimizing the legibility of the codebase.

Alleviation:

The Xcaliswap team evaluated this exhibit but opted not to apply any changes for it in the current iteration of the protocol.

Prev

Minter.sol (MRE-C)

Next

Router.sol (RRE-C)

On this page