Omniscia Vector Finance Audit
MasterChefVTX Manual Review Findings
MasterChefVTX Manual Review Findings
MCV-01M: Ill-Advised Toggle Pattern
| Type | Severity | Location |
|---|---|---|
| Logical Fault | Minor | MasterChefVTX.sol:L170-L172 |
Description:
The linked function represents a toggle paradigm of a sensitive contract variable.
Example:
contracts/MasterChefVTX.sol
170function togglePoolManager(address _address) public onlyOwner {171 PoolManagers[_address] = !PoolManagers[_address];172}Recommendation:
We advise a setter to be utilized instead as accidental re-invocations can occur thereby causing a different final state.
Alleviation:
The function was properly converted to a setter function.
MCV-02M: Improper Maintenance of Pool Info Array
| Type | Severity | Location |
|---|---|---|
| Logical Fault | Medium | MasterChefVTX.sol:L241-L270 |
Description:
The poolInfo array is not updated when the set function is invoked thereby corrupting the storage state.
Example:
contracts/MasterChefVTX.sol
241// Update the given pool's VTX allocation point. Can only be called by the owner.242function set(243 address _lp,244 uint256 _allocPoint,245 address _rewarder,246 bool overwrite247) public onlyPoolManager {248 require(249 Address.isContract(address(_rewarder)) ||250 address(_rewarder) == address(0),251 "set: rewarder must be contract or zero"252 );253 massUpdatePools();254 totalAllocPoint =255 totalAllocPoint -256 addressToPoolInfo[_lp].allocPoint +257 _allocPoint;258 addressToPoolInfo[_lp].allocPoint = _allocPoint;259 if (overwrite) {260 addressToPoolInfo[_lp].rewarder = _rewarder;261 }262 emit Set(263 _lp,264 _allocPoint,265 overwrite266 ? IBaseRewardPool(_rewarder)267 : IBaseRewardPool(addressToPoolInfo[_lp].rewarder),268 overwrite269 );270}Recommendation:
We advise it to be properly updated to ensure a consistent state or a different data structure for the poolInfo array to be utilized as it appears to contain redundant members within the implementation.
Alleviation:
The poolInfo data entries were entirely omitted from the codebase rendering this exhibit null.