Trust audit findings mitigation
Closed this issue · 3 comments
Overview
Trust Security has finalized their audit and their findings must be promptly mitigated. Fixes should be pushed as individual commits specifying the finding mitigated for cleanliness. For instance, the fix to the following bus, TRST-M-7 EBTCToken is not compliant with the EIP-2612 standard, can be commited with the message: fix: TRST-M-7 EBTCToken is not compliant with the EIP-2612 standard.
Their final report and reviewed supplementary report can be found here:
looks to me there are several new findings compared to intermediate report:
TRST-M-6TRST-L-4TRST-L-5
L4 -> Can be acked imo
L5 -> I don't believe it's realistic for this to happen, but it may be worth at least figuring out a way to avoid this from happening
M-6
-> Should be investigated but also the 15 year requirement makes it slightly odd
EDIT: Seems like we can just do a check for A > B and cap the value to avoid overflow