QA Report #282
Labels
bug
Something isn't working
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
Comments
code423n4
added
bug
This was referenced Jul 8, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Informational issues :
[I01]
Incorrect comment : “ e.g. (new) amount = 1e19 * 950 / 500 = 19e17”,
It’s equal to 19e18.
https://github.com/code-423n4/2022-05-aura/blob/4989a2077546a5394e3650bf3c224669a0f7e690/contracts/Aura.sol#L114
[I02]
The aura codebase is a fork from convex finance and most comments weren’t changed for the new context. Many comments reference curve and convex instead of balancer and aura.
Comments reference the crv and cvx tokens instead of bal and aura.
This happens countless times in all contracts (almost all coments are unedited from convex).
Some examples :
https://github.com/code-423n4/2022-05-aura/blob/4989a2077546a5394e3650bf3c224669a0f7e690/contracts/AuraLocker.sol#L19
https://github.com/code-423n4/2022-05-aura/blob/4989a2077546a5394e3650bf3c224669a0f7e690/contracts/AuraStakingProxy.sol#L24
https://github.com/code-423n4/2022-05-aura/blob/main/contracts/CrvDepositorWrapper.sol
(the name of the contract uses Crv instead of bal)
[I03]
Lack of events in functions that make critical change to privileged roles should emit events
https://github.com/code-423n4/2022-05-aura/blob/4989a2077546a5394e3650bf3c224669a0f7e690/convex-platform/contracts/contracts/PoolManagerV3.sol#L40
https://github.com/code-423n4/2022-05-aura/blob/4989a2077546a5394e3650bf3c224669a0f7e690/convex-platform/contracts/contracts/PoolManagerV3.sol#L48
[I04]
Incorrect comment , “Wraps the AuraToken minterMint function and protects from inflation until 4 years have passed” , the variable inflation protection time is the setted to 156 weeks (3 years) so in less than 4 years, AuraMinter will be able to mint AURA.
https://github.com/code-423n4/2022-05-aura/blob/4989a2077546a5394e3650bf3c224669a0f7e690/contracts/AuraMinter.sol#L9
https://github.com/code-423n4/2022-05-aura/blob/4989a2077546a5394e3650bf3c224669a0f7e690/contracts/AuraMinter.sol#L23
[I05]
Incomplete natspec documentation
Functions don’t have full natspec documentation explaining the logic and parameters. This is true for almost all functions.
[I06]
Safemath and the equivalent library auraMath are used in contract that use solidity 0.8. Safemath is not necesary in these contracts and worsens code redeability for math.
Instances :
AuraBalRewardPool.sol
Aura.sol
AuraLocker.sol
AuraClaimZap.sol
[I07] mapping “rewardActiveList” never used in RewardFactory.sol .
https://github.com/code-423n4/2022-05-aura/blob/4989a2077546a5394e3650bf3c224669a0f7e690/convex-platform/contracts/contracts/RewardFactory.sol#L28
[I07] use OnlyOwner modifier to improve code readability.
here some examples :
https://github.com/code-423n4/2022-05-aura/blob/4989a2077546a5394e3650bf3c224669a0f7e690/contracts/AuraStakingProxy.sol#L100
https://github.com/code-423n4/2022-05-aura/blob/4989a2077546a5394e3650bf3c224669a0f7e690/contracts/AuraStakingProxy.sol#L116
https://github.com/code-423n4/2022-05-aura/blob/4989a2077546a5394e3650bf3c224669a0f7e690/contracts/AuraStakingProxy.sol#L137
The text was updated successfully, but these errors were encountered: