Omniscia Sovryn Audit

Utils Static Analysis Findings

Utils Static Analysis Findings

UTI-01S: Redundant Low Level Calls

TypeSeverityLocation
Code StyleInformationalUtils.sol:L20-L31, L33-L43, L57-L68

Description:

The low level calls involved in getSymbol and getDecimals are redundant given that they will halt execution if they fail.

Example:

sovryn-token-bridge/bridge/contracts/Utils.sol
20function getSymbol(address tokenToUse) public view returns (string memory symbol) {
21    //support 32 bytes or string symbol
22    (bool success, bytes memory data) = tokenToUse.staticcall(abi.encodeWithSignature("symbol()"));
23    require(success, "Utils: Token hasn't symbol()");
24    if (data.length == 32) {
25        symbol = bytes32ToString(abi.decode(data, (bytes32)));
26    } else {
27        symbol = abi.decode(data, (string));
28    }
29    require(bytes(symbol).length > 0, "Utils: Token empty symbol");
30    return symbol;
31}
32

33function getDecimals(address tokenToUse) public view returns (uint8) {
34    //support decimals as uint256 or uint8
35    (bool success, bytes memory data) = tokenToUse.staticcall(abi.encodeWithSignature("decimals()"));
36    require(success, "Utils: No decimals");
37    require(data.length == 32, "Utils: Decimals not uint<M>");
38    // uint<M>: enc(X) is the big-endian encoding of X,
39    //padded on the higher-order (left) side with zero-bytes such that the length is 32 bytes.
40    uint256 decimalsDecoded = abi.decode(data, (uint256));
41    require(decimalsDecoded <= 18, "Utils: Decimals not in 0 to 18");
42    return uint8(decimalsDecoded);
43}

Recommendation:

We advise direct invocations to be performed by casting tokenToUse to an interface with the corresponding function signatures, greatly reducing the complexity of the code.

Alleviation:

The development team has acknowledged this exhibit but decided to not apply its remediation in the current version of the codebase.

Prev

SideToken.sol (STN-S)

Next

AllowTokens.sol (ATS-M)

On this page