Omniscia Sheesha Finance Audit

BaseVesting Static Analysis Findings

BVG-01S: Improper Handling of ERC20 Transfers

Type	Severity	Location
Standard Conformity	Minor	BaseVesting.sol:L68, L176

Description:

The linked statements invoke the transfer method of the EIP-20 standard without validating the expected returned bool variable.

Example:

contracts/BaseContracts/BaseVesting.sol

163function _withdrawReward(
164    address beneficiary,
165    uint256 percenageLP,
166    uint256 percentageNative
167) private {
168    uint256 reward = _getRewardBalance(percenageLP, percentageNative);
169    Investor storage investor = investorInfo[beneficiary];
170    uint256 balance = token.balanceOf(address(this));
171    require(reward > investor.paidAmount, "No rewards available");
172    uint256 amountToPay = reward.sub(investor.paidAmount);
173    require(amountToPay <= balance, "The rewards are over");
174    investor.paidAmount = reward;
175    investor.timeRewardPaid = block.timestamp;
176    token.transfer(beneficiary, amountToPay);
177    emit RewardPaid(beneficiary, amountToPay);
178}

Recommendation:

As certain tokens are not fully compliant with the EIP-20 standard, we advise the usage of a wrapper library such as SafeERC20.sol by OpenZeppelin to opportunistically evaluate the returned bool of EIP-20 transfer invocations.

Alleviation:

Both transfer invocations were replaced by their safe prefixed counterparts alleviating this exhibit.

Omniscia Sheesha Finance Audit

BaseVesting Static Analysis Findings

BaseVesting Static Analysis Findings

BVG-01S: Improper Handling of ERC20 Transfers

Description:

Example:

Recommendation:

Alleviation:

Code Style

AdvanceVesting.sol (AVG-M)

On this page