PoSciDonDAO
Off-Chain (Private)
Audited on 2025/02/12
No active critical issues
Summary
This contract is a token management contract (SciManag er) for handling governance functionalities. It implements a system where users can lock SCI tokens to gain voting rights, with built-in timelock mechanisms for both voting and proposal actions.
Issues (5)
Low | Medium | High | Critical | Total | |
|---|---|---|---|---|---|
Not fixed | - | - | - | - | 0 |
Fixed | 4 | 1 | - | - | 5 |
| Total | 4 | 1 | 0 | 0 | 5 |
Ownership Renouncement Risk in AccessControl Implementation
fixed/medium
The contract inherits from OpenZeppelin's AccessControl and uses DEFAULT_ADMIN_ROLE. If theadmin renounces their role using the inherited renounceRole() function, it would set the owner address to zero, potentially leaving the contract without administrative control.
Admin Role Changes Should Be Two Step
fixed/low
The setAdmin() function transfers administrative privileges in a single step. If the admin address isincorrectly set, it could result in a loss of administrative control over the contract.
Incorrect Comment for voteLockEnd Parameter
fixed/low
In the voted() and proposed() function, the comments for the voteLockEnd and proposeLockEnd parameter incorrectly states it's a block number when it's actually a timestamp.
Missing Same-Address Check in setGovOps()
fixed/low
The setGovOps() function lacks a check for setting the same address that is currently set, whilesetGovRes() includes this check. This inconsistency could lead to unnecessary state updates
Missing Total Supply Validation in Lock Function
fixed/low
The lock() function does not validate that the newly locked amount plus already locked tokens (_totLocked) doesn't exceed the TOTAL_SUPPLY_SCI. This could allow locking more tokens than should exist
Contracts (2)
| # | File Name |
|---|---|
| 1 | SciManager.sol |
| 2 | ts/blob/main/contracts/sciManager/SciManager.sol |