Omniscia Sovryn Audit

ThresholdProxyAdmin Manual Review Findings

TPA-01M: Weak Threshold Validation

Type	Severity	Location
Input Sanitization	Minor	ThresholdProxyAdmin.sol:L89

Description:

The _threshold value is validated during the constructor of the contract weakly so.

Example:

contracts/upgradability/ThresholdProxyAdmin.sol

86constructor(address payable _proxy, address[] memory _admins, uint8 _threshold) public  {
87    require(_proxy != address(0), "invalid proxy address");
88    require(_admins.length >= 3, "at least 3 admins");
89    require(_threshold >= 2 && _threshold <= _admins.length, "invalid threshold");
90
91    proxy = _proxy;
92    adminsArray = _admins;
93    threshold = _threshold;
94
95    for(uint i=0; i<adminsArray.length; i++) {
96        require(adminsArray[i] != address(0), "invalid admin address");
97        require(!admins[adminsArray[i]], "unique admin addresses required");
98        admins[adminsArray[i]] = true;
99    }
100}

Recommendation:

We advise the conditional evaluating it to be greater-than-or-equal-to 2 to instead be adjusted to the same comparator but with the value of _admins.length / 2, ensuring that the threshold is at minimum a 50% vote.

Alleviation:

The contract no longer exists in the codebase and this exhibit can be considered null.

Omniscia Sovryn Audit

ThresholdProxyAdmin Manual Review Findings

ThresholdProxyAdmin Manual Review Findings

TPA-01M: Weak Threshold Validation

Description:

Example:

Recommendation:

Alleviation:

Ownable.sol (OWN-M)

BasketManager.sol (BMR-C)

On this page