Omniscia Tokemak Network Audit

EthPool Static Analysis Findings

EthPool Static Analysis Findings

EPL-01S: Inexistent Event

TypeSeverityLocation
Code StyleInformationalEthPool.sol:L71-L107

Description:

The withdraw function performs a sensitive contract operation but does not inform external parties of such an action.

Example:

contracts/pools/EthPool.sol
71function withdraw(uint256 requestedAmount, bool asEth) external override {
72    require(
73        requestedAmount <= requestedWithdrawals[msg.sender].amount,
74        "WITHDRAW_INSUFFICIENT_BALANCE"
75    );
76

77    uint256 amount =
78        Math.min(
79            requestedWithdrawals[msg.sender].amount,
80            Math.min(weth.balanceOf(address(this)), requestedAmount)
81        );
82

83    require(amount > 0, "NO_WITHDRAWAL");
84    require(
85        requestedWithdrawals[msg.sender].minCycle <= manager.getCurrentCycleIndex(),
86        "INVALID_CYCLE"
87    );
88

89    requestedWithdrawals[msg.sender].amount = requestedWithdrawals[msg.sender].amount.sub(
90        amount
91    );
92

93    if (requestedWithdrawals[msg.sender].amount == 0) {
94        delete requestedWithdrawals[msg.sender];
95    }
96

97    withheldLiquidity = withheldLiquidity.sub(amount);
98

99    if (asEth) {
100        weth.withdraw(amount);
101        msg.sender.sendValue(amount);
102    } else {
103        IERC20(weth).safeTransfer(msg.sender, amount);
104    }
105

106    _burn(msg.sender, amount);
107}

Recommendation:

We advise a corresponding event to be coded and emitted within the function block to ensure ease-of-integration by external parties.

Alleviation:

The Tokemak team stated that the events emitted by the inner code paths should be sufficient to track behaviour.

Prev

DefiRound.sol (DRD-S)

Next

Manager.sol (MAN-S)

On this page