Omniscia Sovryn Audit
Utils Static Analysis Findings
Utils Static Analysis Findings
UTI-01S: Redundant Low Level Calls
Type | Severity | Location |
---|---|---|
Code Style | Informational | Utils.sol:L20-L31, L33-L43, L57-L68 |
Description:
The low level calls involved in getSymbol
and getDecimals
are redundant given that they will halt execution if they fail.
Example:
sovryn-token-bridge/bridge/contracts/Utils.sol
20function getSymbol(address tokenToUse) public view returns (string memory symbol) {21 //support 32 bytes or string symbol22 (bool success, bytes memory data) = tokenToUse.staticcall(abi.encodeWithSignature("symbol()"));23 require(success, "Utils: Token hasn't symbol()");24 if (data.length == 32) {25 symbol = bytes32ToString(abi.decode(data, (bytes32)));26 } else {27 symbol = abi.decode(data, (string));28 }29 require(bytes(symbol).length > 0, "Utils: Token empty symbol");30 return symbol;31}32
33function getDecimals(address tokenToUse) public view returns (uint8) {34 //support decimals as uint256 or uint835 (bool success, bytes memory data) = tokenToUse.staticcall(abi.encodeWithSignature("decimals()"));36 require(success, "Utils: No decimals");37 require(data.length == 32, "Utils: Decimals not uint<M>");38 // uint<M>: enc(X) is the big-endian encoding of X,39 //padded on the higher-order (left) side with zero-bytes such that the length is 32 bytes.40 uint256 decimalsDecoded = abi.decode(data, (uint256));41 require(decimalsDecoded <= 18, "Utils: Decimals not in 0 to 18");42 return uint8(decimalsDecoded);43}
Recommendation:
We advise direct invocations to be performed by casting tokenToUse
to an interface with the corresponding function signatures, greatly reducing the complexity of the code.
Alleviation:
The development team has acknowledged this exhibit but decided to not apply its remediation in the current version of the codebase.