Omniscia Tokemak Network Audit

OnChainVoteL1 Manual Review Findings

OCV-01M: Unsanitized State Transition

Type	Severity	Location
Logical Fault	Minor	OnChainVoteL1.sol:L56-L60

Description:

The setEventSend function should only set the _eventSend value to true when the values of the destinations struct have been set.

Example:

contracts/vote/OnChainVoteL1.sol

56function setEventSend(bool _eventSendSet) external override onlyOwner {
57    _eventSend = _eventSendSet;
58
59    emit EventSendSet(_eventSendSet);
60}
61
62function encodeAndSendData(bytes32 _eventSig, UserVotePayload memory userVotePayload)
63    private
64    onEventSend
65{
66    require(address(destinations.fxStateSender) != address(0), "ADDRESS_NOT_SET");
67    require(destinations.destinationOnL2 != address(0), "ADDRESS_NOT_SET");
68
69    bytes memory data = abi.encode(_eventSig, abi.encode(userVotePayload));
70
71    destinations.fxStateSender.sendMessageToChild(destinations.destinationOnL2, data);
72}

Recommendation:

We advise such sanitization to be imposed via corresponding require checks as otherwise almost all functions will become inexecutable.

Alleviation:

The function can now only be executed when the destinations.destinationOnL2 value has been set.

Omniscia Tokemak Network Audit

OnChainVoteL1 Manual Review Findings

OnChainVoteL1 Manual Review Findings

OCV-01M: Unsanitized State Transition

Description:

Example:

Recommendation:

Alleviation:

Manager.sol (MAN-M)

Pool.sol (POO-M)

On this page