Omniscia Sovryn Audit

Bridge Static Analysis Findings

Bridge Static Analysis Findings

BRI-01S: Deprecated transfer Usage

TypeSeverityLocation
Language SpecificMinorBridge.sol:L202, L460

Description:

The transfer function natively available in Solidity utilizes a hard-coded gas stipend which may cease to function in future versions of the EVM.

Example:

sovryn-token-bridge/bridge/contracts/Bridge.sol
201address payable payableReceiver = address(uint160(receiver));
202payableReceiver.transfer(amount);

Recommendation:

We strongly recommend the usage of a wrapper library, like OpenZeppelin's sendValue function within Address, or a native call to be performed instead ensuring that the transfer will complete successfully even in future versions of the EVM.

Alleviation:

The development team has acknowledged this exhibit but decided to not apply its remediation in the current version of the codebase.

BRI-02S: Unused Function

TypeSeverityLocation
Gas OptimizationInformationalBridge.sol:L98-L110

Description:

The Federation implementation that the _acceptTransfer call is guarded against only invokes acceptTransferAt rendering the acceptTransfer implementation redundant.

Example:

sovryn-token-bridge/bridge/contracts/Bridge.sol
98function acceptTransfer(
99    address tokenAddress,
100    address receiver,
101    uint256 amount,
102    string calldata symbol,
103    bytes32 blockHash,
104    bytes32 transactionHash,
105    uint32 logIndex,
106    uint8 decimals,
107    uint256 granularity
108) external returns(bool) {
109    return _acceptTransfer(tokenAddress, receiver, amount, symbol, blockHash, transactionHash, logIndex, decimals, granularity, "");
110}

Recommendation:

We advise it to be safely omitted from the codebase.

Alleviation:

The development team has acknowledged this exhibit but decided to not apply its remediation in the current version of the codebase.

BRI-03S: Unused Variable

TypeSeverityLocation
Code StyleInformationalBridge.sol:L183

Description:

The errorData variable yielded by the call instruction remains unutilized.

Example:

sovryn-token-bridge/bridge/contracts/Bridge.sol
183l success, bytes memory errorData) = receiver.call(
184    abi.encodeWithSignature("onTokensMinted(uint256,address,bytes)", formattedAmount, sideToken, userData)
185);

Recommendation:

We advise its declaration to be safely omitted from the codebase.

Alleviation:

The development team has acknowledged this exhibit but decided to not apply its remediation in the current version of the codebase.

Prev

Code Style

Next

SideToken.sol (STN-S)

On this page