QA Report #109
Labels
bug
Something isn't working
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
Comments
code423n4
added
bug
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
[NC-01] - Enforce call to initialize in factory
At proxy deployment, the code simply transfers a received data to the new proxy: https://github.com/code-423n4/2022-04-mimo/blob/b18670f44d595483df2c0f76d1c57a7bfbfbc083/supervaults/contracts/SuperVaultFactory.sol#L23. As the fonction to call is known in advance, it would be less error prone to enforce the call to initialize. Here, one could deploy the proxy with a call to a view function for example, which would lead to an incorrect deployment.
[NC-02] - Incorrect Flashloan interface imported
Although this is correct like this as the interface did not changed, it is specified multiple times in
SuperVaultthat it uses Aave V2, but the interface for flashloans is taken from Aave V3: https://github.com/code-423n4/2022-04-mimo/blob/b18670f44d595483df2c0f76d1c57a7bfbfbc083/supervaults/contracts/SuperVault.sol#L9.Out of correctness, it would be better to use the V2 interface that can be found here: https://github.com/aave/protocol-v2/blob/master/contracts/interfaces/ILendingPool.sol
[Question] - Why not respecting the convention
_namefor internal functions ?Developpers choose to not respect the usual naming convention for internal functions. Is there any reason for doing so ? If not readibility could be improved.
Examples:
https://github.com/code-423n4/2022-04-mimo/blob/b18670f44d595483df2c0f76d1c57a7bfbfbc083/supervaults/contracts/SuperVault.sol#L321
https://github.com/code-423n4/2022-04-mimo/blob/b18670f44d595483df2c0f76d1c57a7bfbfbc083/supervaults/contracts/SuperVault.sol#L337
The text was updated successfully, but these errors were encountered: