QA Report #18
Labels
bug
Something isn't working
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
Comments
code423n4
added
bug
|
Low issues: safeApprove(), _assetsCount out of sync, unsafe approve |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Lack of empty address checks
The following methods have a lack checks if the received argument is an address, it's good practice in order to reduce human error to check that the address specified in the constructor or initialize is different than
address(0).Source code:
Change important values without emitting an event
When features are modified that affect the project's economics or ecology, it's critical to send out an event so that users and dapps can react appropriately.
Source code:
Wrong type used decimals uint8
The ERC20 standard establishes that the decimals method is of type
uint8, however a variable of typeuint256is used to handle it.Source code:
As stated in the OpenZeppelin source comments, the OpenZeppeling ERC20
safeApprove()function has been deprecated.Using this deprecated function could result in accidental reverts and possibly fund locking. The deprecation of this function is discussed in greater depth in the OZ issue #2219.
As suggested by the OpenZeppelin comment, replace
safeApprove()withsafeIncreaseAllowance()orsafeDecreaseAllowance()instead.Source code:
The variable
_assetsCountin theYieldManagercontract could be out of sync with the total assets.The number could be different if the owner sent the same
_assettwice because the assets were not checked to see if they were already in_assetsList.Source code:
unsafe approve
It was found some
approvewithout checking the boolean result, ERC20 standard specify that the token can return false if this call was not made, so it's mandatory to check the result of these methods.Source code:
The text was updated successfully, but these errors were encountered: