SamusElderg
commented
3 years ago This is by design; the intention is to not allow the listing of pools (and therefore synths) that do not have the name function
Open code423n4 opened 3 years ago
SamusElderg
commented
3 years ago This is by design; the intention is to not allow the listing of pools (and therefore synths) that do not have the name function
ghoul-sol
commented
3 years ago Per sponsor comment, invalid
Handle
shw
Vulnerability details
Impact
According to the BEP20 specification, the
namemethod is optional:However, when creating a synth or pool, the
namemethod of the given token is assumed to be implemented. Thus, BEP20 tokens not implementing thenamemethod cannot be used to create a synth or a pool since the creation of the contracts always reverts.Proof of Concept
Referenced code: Synth.sol#L41 Pool.sol#L48
Recommended Mitigation Steps
Handle cases where the
namemethod of the given token is not implemented. For example, check if the call tonamereverts. If so, uses an empty string as the name instead.