Omniscia Sovryn Audit
AllowTokens Manual Review Findings
AllowTokens Manual Review Findings
ATS-01M: Potential Desynchronization of State
Type | Severity | Location |
---|---|---|
Logical Fault | Minor | AllowTokens.sol:L159 |
Description:
The minAllowedToken
is only evaluated to be within bounds during the setFeeAndMinPerToken
invocation and will not be evaluated when the maxTokensAllowed
variable is updated.
Example:
158function setFeeAndMinPerToken(address token, uint256 _feeConst, uint256 _minAmount) external onlyOwner {159 require(_minAmount <= maxTokensAllowed, "AllowTokens: Min Tokens should be equal or smaller than Max Tokens");160 require(_minAmount >= _feeConst, "AllowTokens: Min Tokens should be equal bigger than fee");161 require(_feeConst > 0, "AllowTokens: Fee Should be> 0");162 feeConstToken[token] = _feeConst;163 minAllowedToken[token] = _minAmount;164 emit FeeAndMinPerTokenChanged(token, _feeConst, _minAmount);165}
Recommendation:
We advise the necessity of this check to be evaluated as it can be invalidated by setting the _minAmount
equal to maxTokensAllowed
and then reducing maxTokensAllowed
for example, producing an invalid state.
Alleviation:
The development team has acknowledged this exhibit but decided to not apply its remediation in the current version of the codebase.
ATS-02M: Redundant Comments
Type | Severity | Location |
---|---|---|
Code Style | Informational | AllowTokens.sol:L145-L156 |
Description:
The commented out code is inconsistent with the rest of the codebase.
Example:
145/function setMinPerToken(address token, uint256 minAmount) external onlyOwner {146/ require(minAmount <= maxTokensAllowed, "AllowTokens: Min Tokens should be equal or smaller than Max Tokens");147/ require(minAmount >= feeConstToken[token], "AllowTokens: Min Tokens should be equal bigger than fee");148/ minAllowedToken[token] = minAmount;149/ emit MinPerTokenChanged(token, minAmount);150/ }151
152//function setFeePerToken(address token, uint256 feeConst) external onlyOwner {153// require(feeConst >= minAllowedToken[token], "AllowTokens: Fee per Token should be equal or bigger than Min allowed");154// feeConstToken[token] = feeConst;155// emit FeePerTokenChanged(token, feeConst);156//}
Recommendation:
We advise its omission to avoid codebase clutter.
Alleviation:
The development team has acknowledged this exhibit but decided to not apply its remediation in the current version of the codebase.