Omniscia Transient Audit
TSC Static Analysis Findings
TSC Static Analysis Findings
TSC-01S: Inexistent Access Control of Self Destruction
| Type | Severity | Location |
|---|---|---|
| Logical Fault | Minor | TSC.sol:L354 |
Description:
The close function does not impose any access control on who invokes it, potentially invoking the function before the execute_contract is ready to consume the call.
Example:
354function close() public isOver {Recommendation:
We advise access control to be evaluated for this function and if deemed necessary to be imposed similarly to the rest of the functions in the contract.
Alleviation:
The now named terminate function has proper access control imposed on it as only the owner can invoke it via the onlyOwner modifier.
TSC-02S: Potential Re-Entrancy Vulnerability
| Type | Severity | Location |
|---|---|---|
| Language Specific | Minor | TSC.sol:L444 |
Description:
The transferEth function performs an arbitrary native asset transfer that can lead to a re-entrancy occuring.
Example:
439function transferEth(uint256 _index) public payable onlyPartner isLive onlyStartTimming {440 require(listTransferETH.size > _index, "TSC: Invalid required functions");441 require(listTransferETH.list[_index].transfered == false, "TSC: Function is passed");442 require(msg.value >= listTransferETH.list[_index].value);443 listTransferETH.list[_index].transfered = true;444 listTransferETH.list[_index].receiver.transfer(listTransferETH.list[_index].value);445 passCount++;446 emit TransferEthCompleted(_index, listTransferETH.list[_index].receiver, listTransferETH.list[_index].value, block.timestamp);447}Recommendation:
We advise the passCount state change to be performed before the external native asset transfer to ensure the re-entrancy is not able to affect the contract's correct operation.
Alleviation:
The statements have been re-ordered and the passCount variable is incremented prior to the external transfer ensuring re-entrancies cannot maliciously manifest.
TSC-03S: Unvalidated Boolean Return
| Type | Severity | Location |
|---|---|---|
| External Call Validation | Minor | TSC.sol:L376, L378 |
Description:
The IExecute interface denotes that the execute and revert functions are meant to yield a bool value but no such value is validated in the codebase.
Example:
375if (completed) {376 IExecute(execute_contract).execute();377} else {378 IExecute(execute_contract).revert();379}Recommendation:
We advise this to be evaluated as to whether it is true and if so proper validation of the returned bool to be imposed.
Alleviation:
The development team has acknowledged this exhibit but decided to not apply its remediation in the current version of the codebase.
TSC-04S: Literal Boolean Comparison
| Type | Severity | Location |
|---|---|---|
| Gas Optimization | Informational | TSC.sol:L441, L462 |
Description:
The linked statements perform a comparison between a bool variable and a bool value literal.
Example:
441require(listTransferETH.list[_index].transfered == false, "TSC: Function is passed");Recommendation:
We advise the bool variable to be utilized directly either in its negated (!) or normal form as the equality check is redundant.
Alleviation:
The bool variables are now directly utilized.