Omniscia Symbiosis Finance Audit

SyntERC20 Manual Review Findings

SER-01M: Arbitrary Burn Operations

Type	Severity	Location
Logical Fault		SyntERC20.sol:L16-L18

Description:

The burn function of the SyntERC20 token allows the owner to burn units from an arbitrary account.

Example:

contracts/synth-contracts/SyntERC20.sol

16function burn(address account, uint256 amount) external onlyOwner {
17    _burn(account, amount);
18}

Recommendation:

We advise a burnFrom paradigm to be utilized instead whereby the user has provided sufficient allowance to the owner to burn those units to prevent misuse.

Alleviation:

The Symbiosis Finance team stated that the owner will always be the SyntFabric contract and as such no arbitrary burn operation can be executed.

Omniscia Symbiosis Finance Audit

SyntERC20 Manual Review Findings

SyntERC20 Manual Review Findings

SER-01M: Arbitrary Burn Operations

Description:

Example:

Recommendation:

Alleviation:

Portal.sol (POR-M)

Synthesis.sol (SYN-M)

On this page