Omniscia WagmiDAO Audit
WagmiAutoStake Manual Review Findings
WagmiAutoStake Manual Review Findings
WAS-01M: Inexistent Validation of Previous Status
Type | Severity | Location |
---|---|---|
Logical Fault | Minor | WagmiAutoStake.sol:L676-L686 |
Description:
The whitelistProxy
and dewhitelistProxy
functions do not validate the previous status of the proxy in question, rendering the state transitions prone to corruption in case of a block-reorganization or incorrect transaction ordering.
Example:
676function whitelistProxy(address _proxy) external onlyOwner {677 require(_proxy != address(0), 'zero address');678 whitelistedProxies[_proxy] = true;679 emit WhitelistedProxy(_proxy);680}681
682function dewhitelistProxy(address _proxy) external onlyOwner {683 require(_proxy != address(0), 'zero address');684 whitelistedProxies[_proxy] = false;685 emit DewhitelistedProxy(_proxy);686}
Recommendation:
We advise a require
check to be introduced validating the previously set status of a proxy to ensure sane state transitions
Alleviation:
A require
check was introduced ensuring that the state transition of a whitelist status is properly validated to only change rather than be re-assigned to the same value.
WAS-02M: Usage of Deprecated Function
Type | Severity | Location |
---|---|---|
Standard Conformity | Minor | WagmiAutoStake.sol:L673 |
Description:
The safeApprove
implementation has been deprecated and can cause complication in case of complex deployment systems, such as create2
ones that can deploy under the same address.
Example:
662constructor(663 IERC20 _wagmi,664 IWagmiEarn _wagmiEarn,665 uint256 _stakingPid,666 address _treasury667) {668 wagmi = _wagmi;669 wagmiEarn = _wagmiEarn;670 stakingPid = _stakingPid;671 treasury = _treasury;672
673 IERC20(_wagmi).safeApprove(address(_wagmiEarn), type(uint256).max);674}
Recommendation:
We advise the usage of approve
directly as the maximum value of uint256
is set as the approval of the contract.
Alleviation:
The usage of safeApprove
was properly substituted with the standard approve
function.