Omniscia WagmiDAO Audit
WagmiEarn Static Analysis Findings
WagmiEarn Static Analysis Findings
WEN-01S: Improper Enforcement of CEI Pattern
Type | Severity | Location |
---|---|---|
Standard Conformity | Minor | WagmiEarn.sol:L651, L656, L677, L679, L686, L689, L690, L691 |
Description:
The linked statement instances do not properly conform to the Checks-Effects-Interactions (CEI) pattern as they perform sensitive storage changes, namely the debt of a user, after an asset transfer has been performed whose implementation cannot be validated.
Example:
WagmiEarn.sol
683function emergencyWithdraw(uint256 _pid) external nonReentrant {684 PoolInfo storage pool = poolInfo[_pid];685 UserInfo storage user = userInfo[_pid][msg.sender];686 pool.lpToken.safeTransfer(msg.sender, user.amount);687 pool.lpSupply = pool.lpSupply - user.amount;688 emit EmergencyWithdraw(msg.sender, _pid, user.amount);689 user.amount = 0;690 user.rewardDebt = 0;691 user.pendingRewards = 0;692}
Recommendation:
Even though the contract is secure against re-entrancy attacks due to the nonReentrant
modifier introduced across the codebase, CEI pattern inefficiences should be solved by adjusting the code to ensure more predictable contract operation and to avoid the issue resurfacing in a future iteration of the codebase.
Alleviation:
The WagmiDAO team opted to retain the current behaviour in place as it conforms with their design specifications.