Omniscia Sovryn Audit
Bridge Static Analysis Findings
Bridge Static Analysis Findings
BRI-01S: Deprecated transfer
Usage
Type | Severity | Location |
---|---|---|
Language Specific | Minor | Bridge.sol:L202, L460 |
Description:
The transfer
function natively available in Solidity utilizes a hard-coded gas stipend which may cease to function in future versions of the EVM.
Example:
201address payable payableReceiver = address(uint160(receiver));202payableReceiver.transfer(amount);
Recommendation:
We strongly recommend the usage of a wrapper library, like OpenZeppelin's sendValue
function within Address
, or a native call
to be performed instead ensuring that the transfer will complete successfully even in future versions of the EVM.
Alleviation:
The development team has acknowledged this exhibit but decided to not apply its remediation in the current version of the codebase.
BRI-02S: Unused Function
Type | Severity | Location |
---|---|---|
Gas Optimization | Informational | Bridge.sol:L98-L110 |
Description:
The Federation
implementation that the _acceptTransfer
call is guarded against only invokes acceptTransferAt
rendering the acceptTransfer
implementation redundant.
Example:
98function acceptTransfer(99 address tokenAddress,100 address receiver,101 uint256 amount,102 string calldata symbol,103 bytes32 blockHash,104 bytes32 transactionHash,105 uint32 logIndex,106 uint8 decimals,107 uint256 granularity108) external returns(bool) {109 return _acceptTransfer(tokenAddress, receiver, amount, symbol, blockHash, transactionHash, logIndex, decimals, granularity, "");110}
Recommendation:
We advise it to be safely omitted from the codebase.
Alleviation:
The development team has acknowledged this exhibit but decided to not apply its remediation in the current version of the codebase.
BRI-03S: Unused Variable
Type | Severity | Location |
---|---|---|
Code Style | Informational | Bridge.sol:L183 |
Description:
The errorData
variable yielded by the call
instruction remains unutilized.
Example:
183l success, bytes memory errorData) = receiver.call(184 abi.encodeWithSignature("onTokensMinted(uint256,address,bytes)", formattedAmount, sideToken, userData)185);
Recommendation:
We advise its declaration to be safely omitted from the codebase.
Alleviation:
The development team has acknowledged this exhibit but decided to not apply its remediation in the current version of the codebase.