Omniscia Tokemak Network Audit

Pool Manual Review Findings

Pool Manual Review Findings

POO-01M: Unsanitized State Transition

TypeSeverityLocation
Logical FaultMinorPool.sol:L223-L227

Description:

The setEventSend function should only set the _eventSend value to true when the values of the destinations struct have been set.

Example:

contracts/pools/Pool.sol
223function setEventSend(bool _eventSendSet) external override onlyOwner {
224 _eventSend = _eventSendSet;
225
226 emit EventSendSet(_eventSendSet);
227}

Recommendation:

We advise such sanitization to be imposed via corresponding require checks as otherwise almost all functions will become inexecutable.

Alleviation:

The function can now only be executed when the destinations.destinationOnL2 value has been set.