Omniscia Xcaliswap Audit
Minter Manual Review Findings
Minter Manual Review Findings
MRE-01M: Improper Active Period Calculation
| Type | Severity | Location |
|---|---|---|
| Logical Fault |  | Minter.sol:L71 |
Description:
The linked active_period calculation offsets itself to the previous week whilst it should only "activate" the upcoming week.
Impact:
As the active_period is offset to the previous week, the contract immediately realizes emissions from the moment of the initialize call as it assumes a week has passed since its activation which is false.
Example:
59function initialize(60 // address[] memory claimants,61 // uint[] memory amounts,62 // uint max // sum amounts / max = % ownership of top protocols, so if initial 20m is distributed, and target is 25% protocol ownership, then max - 4 x 20m = 80m63) external {64 require(initializer == msg.sender);65 // _token.mint(address(this), max);66 // _token.approve(address(_ve), type(uint).max);67 // for (uint i = 0; i < claimants.length; i++) {68 // _ve.create_lock_for(amounts[i], lock, claimants[i]);69 // }70 initializer = address(0);71 active_period = (block.timestamp - week) / week * week; // 72}Recommendation:
We advise the subtraction of week from the current block.timestamp to be avoided as it impacts the way the minter operates.
Alleviation:
The Xcaliswap team has omitted the subtraction of week from the current block.timestamp.
MRE-02M: Incorrect Limit Reset
| Type | Severity | Location |
|---|---|---|
| Logical Fault | | Minter.sol:L80 |
Description:
The last_epoch variable acts as a limit to the frequency of emission and boost changes, however, it is applied incorrectly so as the last_epoch is reset to the next 26 weeks which may have already passed in periods of long inactivity.
Impact:
It currently can be possible for setEmissions to be invoked two consecutive times in the same transaction as the last_epoch is not properly reset to a time in the future.
Example:
74/// @param _emissions: new value of emissions75/// @param _boost: new value of boost76function setEmissions(uint _emissions, uint _boost) public onlyAdmin {77 require(block.timestamp >= last_epoch + 26 weeks, "must wait next period");78 emissions = _emissions;79 boost = _boost;80 last_epoch = last_epoch + 26 weeks;81}Recommendation:
We advise the last_epoch assignment to instead utilize the current block.timestamp increased by 26 weeks to ensure that it is properly reset to a time in the future.
Alleviation:
The Xcaliswap team is now using block.timestamp increased by 26 weeks.