Omniscia Vector Finance Audit

ERC20 Manual Review Findings

ERC-01M: Overly Centralized Functionality

Type	Severity	Location
Logical Fault	Medium	ERC20.sol:L303-L305, L307-L309

Description:

The ERC20 implementation of the Vector Finance project permits the owner of the token to mint and burn token units arbitrarily and from any account.

Example:

contracts/utils/ERC20.sol

303function mint(address account, uint256 amount) external virtual onlyOwner {
304    _mint(account, amount);
305}
306
307function burn(address account, uint256 amount) external virtual onlyOwner {
308    _burn(account, amount);
309}

Recommendation:

We advise this functionality to be limited to a certain degree (i.e. burn operations should have an approval to the owner to be executed for a particular account) and we recommend the ownership structure to be depicted by in-line comments to better illustrate the centralization level of the token.

Alleviation:

Comments were introduced in the codebase that indicate the token will solely be owned by other contracts of the protocol such as MasterChief and MainStaking, thereby disallowing misuse of the functions.

Omniscia Vector Finance Audit

ERC20 Manual Review Findings

ERC20 Manual Review Findings

ERC-01M: Overly Centralized Functionality

Description:

Example:

Recommendation:

Alleviation:

ComputeAPR.sol (CAP-M)

Locker.sol (LOC-M)

On this page