WagmiEarn Static Analysis Findings

WEN-01S: Improper Enforcement of CEI Pattern

Description:

The linked statement instances do not properly conform to the Checks-Effects-Interactions (CEI) pattern as they perform sensitive storage changes, namely the debt of a user, after an asset transfer has been performed whose implementation cannot be validated.

Example:

Copy
683function emergencyWithdraw(uint256 _pid) external nonReentrant {
684    PoolInfo storage pool = poolInfo[_pid];
685    UserInfo storage user = userInfo[_pid][msg.sender];
686    pool.lpToken.safeTransfer(msg.sender, user.amount);
687    pool.lpSupply = pool.lpSupply - user.amount;
688    emit EmergencyWithdraw(msg.sender, _pid, user.amount);
689    user.amount = 0;
690    user.rewardDebt = 0;
691    user.pendingRewards = 0;
692}

Recommendation:

Even though the contract is secure against re-entrancy attacks due to the nonReentrant modifier introduced across the codebase, CEI pattern inefficiences should be solved by adjusting the code to ensure more predictable contract operation and to avoid the issue resurfacing in a future iteration of the codebase.

Alleviation:

The WagmiDAO team opted to retain the current behaviour in place as it conforms with their design specifications.