Omniscia Sovryn Audit
SideToken Manual Review Findings
SideToken Manual Review Findings
STN-01M: Improper Granularity Sanitization
Type | Severity | Location |
---|---|---|
Input Sanitization | Minor | SideToken.sol:L19 |
Description:
The _newGranularity
variable is meant to be a multiple of 10
.
Example:
16constructor(string memory _tokenName, string memory _tokenSymbol, address _minterAddr, uint256 _newGranularity)17ERC777(_tokenName, _tokenSymbol, new address[](0)) public {18 require(_minterAddr != address(0), "SideToken: Minter address is null");19 require(_newGranularity >= 1, "SideToken: Granularity must be equal or bigger than 1");20 minter = _minterAddr;21 _granularity = _newGranularity;22}
Recommendation:
We advise such sanitization to be introduced by ensuring _newGranularity
is either equal to 1
or that its modulo (%
) operation with 10
yields 0
.
Alleviation:
The development team has acknowledged this exhibit but decided to not apply its remediation in the current version of the codebase.
STN-02M: Incorrect ERC-677 Compliance
Type | Severity | Location |
---|---|---|
Standard Conformity | Minor | SideToken.sol:L53, L54 |
Description:
The ERC-677 indicates that the onTokenTransfer
function is meant to yield a bool
variable indicating its successful execution.
Example:
46function transferAndCall(address recipient, uint amount, bytes calldata data)47 external returns (bool success)48{49 address from = _msgSender();50
51 _send(from, from, recipient, amount, data, "", false);52 emit Transfer(from, recipient, amount, data);53 IERC677Receiver(recipient).onTokenTransfer(from, amount, data);54 return true;55}
Recommendation:
We advise this trait to be asismilated in the IERC677Receiver.sol
contract and the value to be returned by the transferAndCall
function, thus integrating ERC-677 in full.
Alleviation:
The development team has acknowledged this exhibit but decided to not apply its remediation in the current version of the codebase.
STN-03M: Superfluous Event
Type | Severity | Location |
---|---|---|
Code Style | Informational | SideToken.sol:L14, L52 |
Description:
The Transfer
event declared in SideToken
contains the same name as the Transfer
event of ERC777
which is emitted in the same function transferAndCall
due to _send
.
Example:
46function transferAndCall(address recipient, uint amount, bytes calldata data)47 external returns (bool success)48{49 address from = _msgSender();50
51 _send(from, from, recipient, amount, data, "", false);52 emit Transfer(from, recipient, amount, data);53 IERC677Receiver(recipient).onTokenTransfer(from, amount, data);54 return true;55}
Recommendation:
We advise the Transfer
event declared and emitted in SideToken
to be omitted or at least renamed and emitting only the data
payload to avoid confusion from off-chain observers. While the event is potentially declared for compliance with ERC-677, it is not necessary and is meant to be solely emited replacing the traditional Transfer
event which is not the case in the current instance.
Alleviation:
The development team has acknowledged this exhibit but decided to not apply its remediation in the current version of the codebase.