Assessment reportsPublic findings
Back to Zellic site
Assessment reports>SAX>Discussion>Checks-effects-interactions pattern
GeneralOverview
Findings
High (1)
Medium (1)
Informational (1)
DiscussionUnused and redundant fields of structures Checks-effects-interactions patternRedundant if conditions in `getSellPrice` functionCentralization riskInitial mint sellableToken creator can set viralityIncomplete test coverageToken share rounding errors
Threat ModelWhat are threat models?BondingViralityController.solMerkleTokenShare.sol
Audit ResultsSummary

Checks-effects-interactions pattern

We recommend following the checks-effects-interactions pattern in the buyTokens() and sellTokens() functions by changing the state of the contract before calling the external contract. Although we did not identify any reentrancy attacks, it is a best practice to prioritize security and prevent potential future attacks.

function buyTokens(address token, uint256 amount) public whenNotPaused onlyRegistered(token) {
        ...
        IERC20(paymentToken).safeTransferFrom(msg.sender, address(this), totalPrice);

        TrendingERC20(token).mint(msg.sender, amount);

        registeredTokens[token].supply += amount;
        feesEarned[owner()] += protocolFee;
        registeredTokens[token].liquidity += price;
        ...
    }

    function sellTokens(address token, uint256 amount) public whenNotPaused onlyRegistered(token) {
        ...
        TrendingERC20(token).burn(msg.sender, amount);
        IERC20(paymentToken).safeTransfer(msg.sender, totalPrice);

        registeredTokens[token].supply -= amount;
        feesEarned[owner()] += protocolFee;
        registeredTokens[token].liquidity -= price;
        ...
    }

The recommended changes were implemented in commit .

Zellic © 2024Back to top ↑