QA Report #59

code423n4 · 2022-05-01T19:17:27Z

Low

Rounding-error can be redeemed for free

If the _redeemAmount is > 0 but less than the value of 1 share, 0 share will be burned while the user can withdraw non-zero amount.
https://github.com/pooltogether/aave-v3-yield-source/blob/e63d1b0e396a5bce89f093630c282ca1c6627e44/contracts/AaveV3YieldSource.sol#L255

    uint256 _shares = _tokenToShares(_redeemAmount);

IERC20 is re-used

        - IERC20 (node_modules/@aave/core-v3/contracts/dependencies/openzeppelin/contracts/IERC20.sol#7-80)
        - IERC20 (node_modules/@openzeppelin/contracts/token/ERC20/IERC20.sol#9-82)

Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#name-reused

Non-Critical

Upgrade Solidity Version

Consider to pin Solidity version to latest 0.8.12

Use custom errors

Solidity ^0.8.4 allow the use of custom errors to optimize gas usage.
https://blog.soliditylang.org/2021/04/21/custom-errors/

Duplicated code

L337 can reuse _requireNotAToken in L348
https://github.com/pooltogether/aave-v3-yield-source/blob/e63d1b0e396a5bce89f093630c282ca1c6627e44/contracts/AaveV3YieldSource.sol#L337
https://github.com/pooltogether/aave-v3-yield-source/blob/e63d1b0e396a5bce89f093630c282ca1c6627e44/contracts/AaveV3YieldSource.sol#L348

Remove safeMath library

Solidity > 0.8.0 have safe math by default
https://github.com/pooltogether/aave-v3-yield-source/blob/e63d1b0e396a5bce89f093630c282ca1c6627e44/contracts/AaveV3YieldSource.sol#L26

  using SafeMath for uint256;

The text was updated successfully, but these errors were encountered:

PierrickGT · 2022-05-03T22:45:32Z

Rounding-error can be redeemed for free

Duplicate of #44

IERC20 is re-used

We prefer to use the one coming from the OpenZeppelin package.

Upgrade Solidity Version

Not possible since Aave V3 uses 0.8.10

Use custom errors

Duplicate of #13

Duplicated code

Duplicate of #4

Remove safeMath library

Duplicate of #11

code423n4 added bug Something isn't working QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax labels May 1, 2022

code423n4 added a commit that referenced this issue May 1, 2022

gzeon issue #59

6f52d50

PierrickGT self-assigned this May 3, 2022

PierrickGT closed this as completed May 3, 2022

PierrickGT added the duplicate This issue or pull request already exists label May 3, 2022

JeeberC4 removed the duplicate This issue or pull request already exists label May 6, 2022

JeeberC4 reopened this May 6, 2022

gititGoro added 3 (High Risk) Assets can be stolen/lost/compromised directly duplicate This issue or pull request already exists and removed QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax labels May 17, 2022

gititGoro marked this as a duplicate of #44 May 17, 2022

gititGoro mentioned this issue May 21, 2022

Rounding-error can be redeemed for free #100

Closed

gititGoro marked this as not a duplicate of #44 May 22, 2022

gititGoro added QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax and removed duplicate This issue or pull request already exists 3 (High Risk) Assets can be stolen/lost/compromised directly labels May 22, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

QA Report #59

QA Report #59

code423n4 commented May 1, 2022

PierrickGT commented May 3, 2022

QA Report #59

QA Report #59

Comments

code423n4 commented May 1, 2022

Low

Rounding-error can be redeemed for free

IERC20 is re-used

Non-Critical

Upgrade Solidity Version

Use custom errors

Duplicated code

Remove safeMath library

PierrickGT commented May 3, 2022