Omniscia Xcaliswap Audit

Voter Manual Review Findings

VRE-01M: Bypass of `listing_fee`

Type	Severity	Location
Logical Fault		Voter.sol:L192-L195

Description:

The whitelist function permits a caller to whitelist arbitrary _token implementations with the same _tokenId as it is not acquired by the protocol and the listing_fee is never siphoned off the NFT.

Impact:

As a user is able to whitelist any token they wish with the same NFT, they can proceed to create gauges for arbitrary tokens and potentially controlled by themselves.

Example:

contracts/periphery/Voter.sol

188// TODO: decide on gauge whitelisting model
189// @param _token the ERC20 token to whitelist
190// @param _tokenId the ID of veNFT whitelisting
191function whitelist(address _token, uint _tokenId) public {
192    if (_tokenId > 0) {
193        require(msg.sender == IVotingEscrow(_ve).ownerOf(_tokenId));
194        require(IVotingEscrow(_ve).balanceOfNFT(_tokenId) > listing_fee());
195    } else {
196        _safeTransferFrom(base, msg.sender, minter, listing_fee());
197    }
198
199    _whitelist(_token);
200}

Recommendation:

We advise the NFT validation workflow to be revised as currently it is possible to whitelist an arbitrary amount of tokens with the same NFT.

Alleviation:

The Xcaliswap team has fixed this issue by adding the onlyAdmin modifier to the whitelist function.

Omniscia Xcaliswap Audit

Voter Manual Review Findings

Voter Manual Review Findings

VRE-01M: Bypass of `listing_fee`

Description:

Impact:

Example:

Recommendation:

Alleviation:

Token.sol (TNE-M)

VotingEscrow.sol (VEW-M)

On this page

Voter Manual Review Findings

Voter Manual Review Findings

VRE-01M: Bypass of listing_fee

Description:

Impact:

Example:

Recommendation:

Alleviation:

Token.sol (TNE-M)

VotingEscrow.sol (VEW-M)

On this page

VRE-01M: Bypass of `listing_fee`