Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

QA Report #323

Open
code423n4 opened this issue May 25, 2022 · 0 comments
Open

QA Report #323

code423n4 opened this issue May 25, 2022 · 0 comments
Labels
bug Something isn't working QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax

Comments

@code423n4
Copy link
Contributor

L - Missed check for zero address that could lead to loss of control

contracts/AuraMerkleDrop.sol:77 function setDao(address _newDao) external {
convex-platform/contracts/contracts/VoterProxy.sol:73   function setOwner(address _owner) external {
convex-platform/contracts/contracts/PoolManagerV3.sol:40    function setOperator(address _operator) external {
convex-platform/contracts/contracts/PoolManagerSecondaryProxy.sol:58    function setOwner(address _owner) external onlyOwner{
convex-platform/contracts/contracts/PoolManagerProxy.sol:43    function setOwner(address _owner) external onlyOwner{
convex-platform/contracts/contracts/CrvDepositor.sol:62    function setFeeManager(address _feeManager) external {
convex-platform/contracts/contracts/CrvDepositor.sol:67    function setDaoOperator(address _daoOperator) external {
convex-platform/contracts/contracts/cCrv.sol:38    function setOperator(address _operator) external {
convex-platform/contracts/contracts/Booster.sol:138    function setFeeManager(address _feeM) external {
convex-platform/contracts/contracts/Booster.sol:148    function setPoolManager(address _poolM) external {
contracts/AuraVestedEscrow.sol:77   function setAdmin(address _admin) external { // @audit-ok Zero

N - Typos

contracts/Aura.sol:18    *          distirbuted along a supply curve (cliffs etc). Fork of ConvexToken. // typo distributed
contracts/AuraBalRewardPool.sol:55    * @dev Simple constructoor // typo constructor
contracts/AuraLocker.sol:22    * @dev     Invdividual and delegatee vote power lookups both use independent accounting mechanisms. // typo individual
contracts/AuraLocker.sol:672    //stop now as no futher checks matter // typo further
contracts/AuraVestedEscrow.sol:94  * @param _amount     Arrary of amount of rewardTokens to vest // typo array
contracts/ExtraRewardsDistributor.sol:33   * @dev Simple constructoor // typo constructor
contracts/ExtraRewardsDistributor.sol:45   * @param _amount   Amount of reward tokenπ // typo token
convex-platform/contracts/contracts/BaseRewardPool.sol:57  *          distribute a child reward token (i.e. a secondary one from Curve, or a seperate one). // typo separate
convex-platform/contracts/contracts/BaseRewardPool4626.sol:193    * the effects of their redeemption at the current block, // typo redemption
convex-platform/contracts/contracts/Booster.sol:411    //some gauges claim rewards when depositing, stash them in a seperate contract until next claim // typo separate
convex-platform/contracts/contracts/Booster.sol:468    //some gauges claim rewards when withdrawing, stash them in a seperate contract until next claim // typo separate
convex-platform/contracts/contracts/ConvexMasterChef.sol:177    // Update reward vairables for all pools. Be careful of gas spending! // typo variables
convex-platform/contracts/contracts/CrvDepositor.sol:117    //increase ammount // typo amount
convex-platform/contracts/contracts/ExtraRewardStashV3.sol:23  *          - v3.2: Move constuctor to init function for proxy creation // typo constructor
convex-platform/contracts/contracts/PoolManagerSecondaryProxy.sol:32   * @param _owner Executoor // typo executor
convex-platform/contracts/contracts/VirtualBalanceRewardPool.sol:163   *          actually hold any staked tokens it just diributes reward tokens // typo distributes
convex-platform/contracts/contracts/Booster.sol:569    *         Repsonsible for collecting the crv from gauge, and then redistributing to the correct place. // typo responsible
convex-platform/contracts/contracts/Booster.sol:631    *         Repsonsible for collecting the crv from gauge, and then redistributing to the correct place. // typo responsible
@code423n4 code423n4 added bug Something isn't working QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax labels May 25, 2022
code423n4 added a commit that referenced this issue May 25, 2022
@code423n4
sashik_eth issue #323
4fda340
@0xMaharishi 0xMaharishi added the duplicate This issue or pull request already exists label May 28, 2022
@dmvt dmvt removed the duplicate This issue or pull request already exists label Jul 8, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@dmvt @code423n4 @0xMaharishi