Omniscia WallFair Audit
TokenLock Static Analysis Findings
TokenLock Static Analysis Findings
TLK-01S: Inexistent Event Emittance
Type | Severity | Location |
---|---|---|
Language Specific | Informational | TokenLock.sol:L73-L75 |
Description:
The linked for
loop adjusts sensitive contract variables without emitting a corresponding event
for them.
Example:
contracts/TokenLock.sol
73for (uint256 ii = 0; ii < wallets_.length; ii += 1) {74 _stakes[wallets_[ii]].totalTokens = amounts_[ii];75}
Recommendation:
We advise an event
to be declared and emitted when the vests are set.
Alleviation:
A LogLock
event was introduced to the codebase and is now properly emitted by the contract.
TLK-02S: Inexplicable Value Literal
Type | Severity | Location |
---|---|---|
Code Style | Informational | TokenLock.sol:L59, L113 |
Description:
The value literal 10**18
is utilized to represent a 100% but is not documented as such.
Example:
contracts/TokenLock.sol
106function tokensVested(address sender, uint256 timestamp) public view returns (uint256 vestedTokens) {107 // returns 0 before (start time + cliff period)108 // initial release is obtained after cliff109 if (timestamp >= _startTime + _cliffPeriod) {110 uint256 timeVestedSoFar = Math.min(timestamp - _startTime, _vestingPeriod);111 uint256 stake = _stakes[sender].totalTokens;112 // compute initial release as fraction where 10**18 is total113 uint256 initialRelease = (stake * _initialReleaseFraction) / 10**18;114 // return initial release + the remainder proportionally to time from vesting start115 // mul first for best precision, v.8 compiler reverts on overflows116 vestedTokens = ((stake - initialRelease) * timeVestedSoFar) / _vestingPeriod + initialRelease;117 }118}
Recommendation:
We advise the literal to be instead declared in a contract-level constant
that is consequently utilized, greatly enhancing the readability of the codebase.
Alleviation:
The value literal is now replaced by a FRACTION_WHOLE
variable constant
that properly denotes what it is meant to represent.