QA Report #104
Labels
bug
Something isn't working
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
Seaport QA report (Low/Non-critical)
Summary:
The code base is well structured and well documented. Although assembly is heavily utilized to optimize the gas spending, it also contains the reference files to compare and test on.
One concern going forward is to modify and update the code. One should have a deep understanding to be able to safely change things. After apply any change, it should be thoroughly reviewed and tested.
Low
lack of owner address check in the
createConduit
createConduit
Upon create conduit,
createConduit
function does not ensure whether the owner address is valid and accessible, such as zero address check. Presumably setting an address one does not have an access is not intended use, since transferring ownership is a two-step process of nominating and accepting. Upon nominating ownership withtransferOwnership
, zero address is checked for the potential owner (in ConduitController.sol:197)When the user creates a conduit with either zero address or a random address as the owner of the conduit by accident, the conduit is basically useless. The conduit cannot be updated to add channels, nor the ownership can be transferred.
Non-critical
misleading comment in
GettersAndDerivers.sol
_deriveOrderHash
This is iterating over the consideration, but the comment says
Iterate over the offer items
misleading comment in
FulfillmentApplier.sol
_aggregateValidFulfillmentOfferItems
The comment in the line 188
Internal pure function
does not match with the function's actual modifierinternal view
(line 202).The function
_aggregateValidFulfillmentOfferItems
is not pure as it usescaller()
in the line 297.misleading comment in
ReferenceFulfillmentApplier.sol
_aggregateValidFulfillmentOfferItems
The comment in the line 252
Internal pure function
does not match the function's actual modifierinternal view
in the line 269.The function
_aggregateValidFulfillmentOfferItems
is not pure as it usesmsg.sender
in the line 296.missing Natspec in function
_callIsValideOrder
_callIsValidOrder
is missing Natspectypo in
Assertions.sol
github link
to
is duplicated.function to to ensure
->function to ensure
The text was updated successfully, but these errors were encountered: