Omniscia Tokemak Network Audit

Pool Static Analysis Findings

POO-01S: Inexistent Event

Type	Severity	Location
Code Style	Informational	Pool.sol:L60-L91

Description:

The withdraw function performs a sensitive contract operation but does not inform external parties of such an action.

Example:

contracts/pools/Pool.sol

60function withdraw(uint256 requestedAmount) external override {
61    require(
62        requestedAmount <= requestedWithdrawals[msg.sender].amount,
63        "WITHDRAW_INSUFFICIENT_BALANCE"
64    );
65
66    uint256 amount =
67        Math.min(
68            requestedWithdrawals[msg.sender].amount,
69            Math.min(underlyer.balanceOf(address(this)), requestedAmount)
70        );
71
72    require(amount > 0, "NO_WITHDRAWAL");
73    require(
74        requestedWithdrawals[msg.sender].minCycle <= manager.getCurrentCycleIndex(),
75        "INVALID_CYCLE"
76    );
77
78    requestedWithdrawals[msg.sender].amount = requestedWithdrawals[msg.sender].amount.sub(
79        amount
80    );
81
82    if (requestedWithdrawals[msg.sender].amount == 0) {
83        delete requestedWithdrawals[msg.sender];
84    }
85
86    withheldLiquidity = withheldLiquidity.sub(amount);
87
88    underlyer.safeTransfer(msg.sender, amount);
89
90    _burn(msg.sender, amount);
91}

Recommendation:

We advise a corresponding event to be coded and emitted within the function block to ensure ease-of-integration by external parties.

Alleviation:

The Tokemak team stated that the events emitted by the inner code paths should be sufficient to track behaviour.

Omniscia Tokemak Network Audit

Pool Static Analysis Findings

Pool Static Analysis Findings

POO-01S: Inexistent Event

Description:

Example:

Recommendation:

Alleviation:

Manager.sol (MAN-S)

Redeem.sol (RED-S)

On this page