Omniscia Transient Audit
TerminateContractTemplate Manual Review Findings
TerminateContractTemplate Manual Review Findings
TCT-01M: Inexistent Reset Protection
| Type | Severity | Location |
|---|---|---|
| Logical Fault | Medium | TerminateContractTemplate.sol:L11-L13 |
Description:
The setExpiration function allows the owner to arbitrarily set the expiration of the contract multiple times thus allowing them to trick users into thinking the contract will expire in the future whilst it can expire at any time.
Example:
11function setExpiration(uint256 _expiration) public virtual onlyOwner {12 expiration = _expiration;13}Recommendation:
We advise the setExpiration function to ensure that the expiration of the contract is equal to 0 thus preventing the function from being invoked repeatedly.
Alleviation:
The development team has acknowledged this exhibit but decided to not apply its remediation in the current version of the codebase.
TCT-02M: Improper State Validation
| Type | Severity | Location |
|---|---|---|
| Logical Fault | Minor | TerminateContractTemplate.sol:L20, L25 |
Description:
The state of block.timestamp == expiration is not accounted for, leading to the contract being neither "Live" or "Over".
Example:
19modifier isLive() {20 require(expiration == 0 || block.timestamp < expiration, "Terminated: Time over");21 _;22}23
24modifier isOver() {25 require(expiration != 0 && block.timestamp > expiration, "Terminated: Contract is live");26 _;27}Recommendation:
We advise either of the two checks to become inclusive ensuring that no ambiguous state exists in the contract.
Alleviation:
The isLive modifier was adjusted to be inclusive of the expiration value thus preventing an undefined state from ever being possible.