Omniscia Sovryn Audit

AllowTokens Manual Review Findings

AllowTokens Manual Review Findings

ATS-01M: Potential Desynchronization of State

TypeSeverityLocation
Logical FaultMinorAllowTokens.sol:L159

Description:

The minAllowedToken is only evaluated to be within bounds during the setFeeAndMinPerToken invocation and will not be evaluated when the maxTokensAllowed variable is updated.

Example:

sovryn-token-bridge/bridge/contracts/AllowTokens.sol
158function setFeeAndMinPerToken(address token, uint256 _feeConst, uint256 _minAmount) external onlyOwner {
159    require(_minAmount <= maxTokensAllowed, "AllowTokens: Min Tokens should be equal or smaller than Max Tokens");
160    require(_minAmount >= _feeConst, "AllowTokens: Min Tokens should be equal bigger than fee");
161    require(_feeConst > 0, "AllowTokens: Fee Should be> 0");
162    feeConstToken[token] = _feeConst;
163    minAllowedToken[token] = _minAmount;
164    emit FeeAndMinPerTokenChanged(token, _feeConst, _minAmount);
165}

Recommendation:

We advise the necessity of this check to be evaluated as it can be invalidated by setting the _minAmount equal to maxTokensAllowed and then reducing maxTokensAllowed for example, producing an invalid state.

Alleviation:

The development team has acknowledged this exhibit but decided to not apply its remediation in the current version of the codebase.

ATS-02M: Redundant Comments

TypeSeverityLocation
Code StyleInformationalAllowTokens.sol:L145-L156

Description:

The commented out code is inconsistent with the rest of the codebase.

Example:

sovryn-token-bridge/bridge/contracts/AllowTokens.sol
145/function setMinPerToken(address token, uint256 minAmount) external onlyOwner {
146/     require(minAmount <= maxTokensAllowed, "AllowTokens: Min Tokens should be equal or smaller than Max Tokens");
147/     require(minAmount >= feeConstToken[token], "AllowTokens: Min Tokens should be equal bigger than fee");
148/     minAllowedToken[token] = minAmount;
149/    emit MinPerTokenChanged(token, minAmount);
150/ }
151

152//function setFeePerToken(address token, uint256 feeConst) external onlyOwner {
153//    require(feeConst >= minAllowedToken[token], "AllowTokens: Fee per Token should be equal or bigger than Min allowed");
154//    feeConstToken[token] = feeConst;
155//    emit FeePerTokenChanged(token, feeConst);
156//}

Recommendation:

We advise its omission to avoid codebase clutter.

Alleviation:

The development team has acknowledged this exhibit but decided to not apply its remediation in the current version of the codebase.

Prev

Utils.sol (UTI-S)

Next

Bridge.sol (BRI-M)

On this page