Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement audit findings #3095

Closed
Zodomo opened this issue Feb 18, 2025 · 0 comments
Closed

Implement audit findings #3095

Zodomo opened this issue Feb 18, 2025 · 0 comments
Assignees
@Zodomo
Milestone
t1 - RLUSD on L2s

Comments

@Zodomo
Copy link
Contributor

Zodomo commented Feb 18, 2025

Problem to Solve

The audit report was finished and it includes a variety of relevant findings:

  • Centralisation Risk For Bridge Address Configuration (OMRL-04)
  • Use A Caller-Determined Refund Recipient (OMRL-05)
  • No Mechanism For Deleting Routes (OMRL-06)
  • Missing Check For Routes (OMRL-07)
  • Unnecessary Approval For Lockbox (OMRL-09)
  • Pausing and Unpausing Have The Same Role (OMRL-11)
  • Optimising Redundant Condition Checks For lockbox_ (OMRL-12)

Findings that are not relevant and do not need to be addressed are:

  • Risks Of Source And Destination Chain Configuration Mismatch (OMRL-03)
  • No Support For Rebasing Or Fee Tokens (OMRL-08)
  • New EVM Version May Be Unsupported (OMRL-10)

Findings that have already been addressed in PRs #2985 and #3074 are:

  • Paused Token Leads to Loss of Funds (OMRL-01)
  • Insufficient Gas For receiveToken() (OMRL-02)

Proposed Solution

Implement fixes for all relevant findings.
@Zodomo Zodomo added this to the t1 - RLUSD on L2s milestone Feb 18, 2025
@Zodomo Zodomo self-assigned this Feb 18, 2025
@Zodomo Zodomo mentioned this issue Feb 18, 2025
Merged
Zodomo added a commit that referenced this issue Feb 19, 2025
@Zodomo
feat(contracts/xapps): addressed rlusd audit findings (#3096)
205bbad 
The rlusd audit report was delivered and there were a variety of
relevant findings that needed to be addressed:

- Centralisation Risk For Bridge Address Configuration (OMRL-04)
- Use A Caller-Determined Refund Recipient (OMRL-05)
- No Mechanism For Deleting Routes (OMRL-06)
- Missing Check For Routes (OMRL-07)
- Unnecessary Approval For Lockbox (OMRL-09)
- Pausing and Unpausing Have The Same Role (OMRL-11)
- Optimising Redundant Condition Checks For lockbox_ (OMRL-12)

We already addressed these primary findings in PRs #2985 and #3074:

- Paused Token Leads to Loss of Funds (OMRL-01)
- Insufficient Gas For receiveToken() (OMRL-02)

Findings that are not relevant and do not need to be addressed are:

- Risks Of Source And Destination Chain Configuration Mismatch (OMRL-03)
- No Support For Rebasing Or Fee Tokens (OMRL-08)
- New EVM Version May Be Unsupported (OMRL-10)

issue: #3095
@Zodomo Zodomo closed this as completed Feb 19, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Zodomo Zodomo

Labels
None yet
Projects
None yet
Milestone
t1 - RLUSD on L2s
Development

No branches or pull requests
1 participant
@Zodomo