Open code423n4 opened 2 years ago
burn
The new whitelist check is missed in burn (while present in mint) https://github.com/code-423n4/2022-02-jpyc/blob/cfc018384dd1d71febaa57f0576cb51f5d9c7e07/contracts/v2/FiatTokenV2.sol#L371
mint
Should check for address(0) and current whitelist status https://github.com/code-423n4/2022-02-jpyc/blob/cfc018384dd1d71febaa57f0576cb51f5d9c7e07/contracts/v2/FiatTokenV2.sol#L645 https://github.com/code-423n4/2022-02-jpyc/blob/cfc018384dd1d71febaa57f0576cb51f5d9c7e07/contracts/v2/FiatTokenV2.sol#L654
If the decision is to rename blacklist -> blocklist we should also make whitelist -> allowlist
https://github.com/code-423n4/2022-02-jpyc/blob/cfc018384dd1d71febaa57f0576cb51f5d9c7e07/contracts/v1/Rescuable.sol#L60
Instead of inline the function into FiatTokenV2, consider use a seperate contract like Blocklistable.sol that FiatTokenV2 and inherit from.
Blocklistable.sol
Missing whitelist check in
burn
The new whitelist check is missed in
burn
(while present inmint
) https://github.com/code-423n4/2022-02-jpyc/blob/cfc018384dd1d71febaa57f0576cb51f5d9c7e07/contracts/v2/FiatTokenV2.sol#L371Lack input validation of whitelist and unWhitelist
Should check for address(0) and current whitelist status https://github.com/code-423n4/2022-02-jpyc/blob/cfc018384dd1d71febaa57f0576cb51f5d9c7e07/contracts/v2/FiatTokenV2.sol#L645 https://github.com/code-423n4/2022-02-jpyc/blob/cfc018384dd1d71febaa57f0576cb51f5d9c7e07/contracts/v2/FiatTokenV2.sol#L654
Whitelist -> Allowlist
If the decision is to rename blacklist -> blocklist we should also make whitelist -> allowlist
Lack rescueERC20 event
https://github.com/code-423n4/2022-02-jpyc/blob/cfc018384dd1d71febaa57f0576cb51f5d9c7e07/contracts/v1/Rescuable.sol#L60
Make whitelist a parent contract
Instead of inline the function into FiatTokenV2, consider use a seperate contract like
Blocklistable.sol
that FiatTokenV2 and inherit from.