Omniscia Sovryn Audit

SideToken Manual Review Findings

SideToken Manual Review Findings

STN-01M: Improper Granularity Sanitization

TypeSeverityLocation
Input SanitizationMinorSideToken.sol:L19

Description:

The _newGranularity variable is meant to be a multiple of 10.

Example:

sovryn-token-bridge/bridge/contracts/SideToken.sol
16constructor(string memory _tokenName, string memory _tokenSymbol, address _minterAddr, uint256 _newGranularity)
17ERC777(_tokenName, _tokenSymbol, new address[](0)) public {
18    require(_minterAddr != address(0), "SideToken: Minter address is null");
19    require(_newGranularity >= 1, "SideToken: Granularity must be equal or bigger than 1");
20    minter = _minterAddr;
21    _granularity = _newGranularity;
22}

Recommendation:

We advise such sanitization to be introduced by ensuring _newGranularity is either equal to 1 or that its modulo (%) operation with 10 yields 0.

Alleviation:

The development team has acknowledged this exhibit but decided to not apply its remediation in the current version of the codebase.

STN-02M: Incorrect ERC-677 Compliance

TypeSeverityLocation
Standard ConformityMinorSideToken.sol:L53, L54

Description:

The ERC-677 indicates that the onTokenTransfer function is meant to yield a bool variable indicating its successful execution.

Example:

sovryn-token-bridge/bridge/contracts/SideToken.sol
46function transferAndCall(address recipient, uint amount, bytes calldata data)
47    external returns (bool success)
48{
49    address from = _msgSender();
50

51    _send(from, from, recipient, amount, data, "", false);
52    emit Transfer(from, recipient, amount, data);
53    IERC677Receiver(recipient).onTokenTransfer(from, amount, data);
54    return true;
55}

Recommendation:

We advise this trait to be asismilated in the IERC677Receiver.sol contract and the value to be returned by the transferAndCall function, thus integrating ERC-677 in full.

Alleviation:

The development team has acknowledged this exhibit but decided to not apply its remediation in the current version of the codebase.

STN-03M: Superfluous Event

TypeSeverityLocation
Code StyleInformationalSideToken.sol:L14, L52

Description:

The Transfer event declared in SideToken contains the same name as the Transfer event of ERC777 which is emitted in the same function transferAndCall due to _send.

Example:

sovryn-token-bridge/bridge/contracts/SideToken.sol
46function transferAndCall(address recipient, uint amount, bytes calldata data)
47    external returns (bool success)
48{
49    address from = _msgSender();
50

51    _send(from, from, recipient, amount, data, "", false);
52    emit Transfer(from, recipient, amount, data);
53    IERC677Receiver(recipient).onTokenTransfer(from, amount, data);
54    return true;
55}

Recommendation:

We advise the Transfer event declared and emitted in SideToken to be omitted or at least renamed and emitting only the data payload to avoid confusion from off-chain observers. While the event is potentially declared for compliance with ERC-677, it is not necessary and is meant to be solely emited replacing the traditional Transfer event which is not the case in the current instance.

Alleviation:

The development team has acknowledged this exhibit but decided to not apply its remediation in the current version of the codebase.

Prev

MultiSigWallet.sol (MSW-M)

Next

Utils.sol (UTI-M)

On this page