QA Report #167
Labels
bug
Something isn't working
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
Comments
code423n4
added
bug
|
1 invalid: Unused variable is being used in event emit below? 3+4+9 should be 1 issue |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
#1 Unused variable
Impact
efficiency code and reduce gas cost
Proof of Concept
https://github.com/code-423n4/2022-06-connext/blob/b4532655071566b33c41eac46e75be29b4a381ed/contracts/contracts/core/connext/facets/BridgeFacet.sol#L859
Tool Used
Remix
Recommended Mitigation Steps
remove unnecessary code. i suggest to change
to
#2 Missing param define _transferId
impact
repayAavePortal function have natspec comment which is missing the newOwner function parameter. Issues with comments are low risk based on Code4rena risk categories.
Proof of Concept
https://github.com/code-423n4/2022-06-connext/blob/b4532655071566b33c41eac46e75be29b4a381ed/contracts/contracts/core/connext/facets/PortalFacet.sol#L74-L79
Tool
Manual Review
Recommended Mitigation Steps
Add natspec comments include transferId parameter in repayAavePortal function.
#3 Router must be indexed
Impact
event is missing indexed fields.
Proof of Concept
https://github.com/code-423n4/2022-06-connext/blob/b4532655071566b33c41eac46e75be29b4a381ed/contracts/contracts/core/connext/facets/RoutersFacet.sol#L117
https://github.com/code-423n4/2022-06-connext/blob/b4532655071566b33c41eac46e75be29b4a381ed/contracts/contracts/core/connext/facets/RoutersFacet.sol#L124
Tool
Manual review
Recommendation Mitigation Steps
Add indexed at router.
#4 canonicalId must be indexed
Impact
event is missing indexed fields.
Proof of Concept
https://github.com/code-423n4/2022-06-connext/blob/b4532655071566b33c41eac46e75be29b4a381ed/contracts/contracts/core/connext/facets/RoutersFacet.sol#L136
Tool
Manual review
Recommendation Mitigation Steps
Add indexed at canonicalId.
#5 Missing amount check
Impact
Being instantiated with wrong configuration the contract will be inoperable.
amount can't be 0.
Proof of Concept
https://github.com/code-423n4/2022-06-connext/blob/b4532655071566b33c41eac46e75be29b4a381ed/contracts/contracts/core/connext/facets/RoutersFacet.sol#L490
Tool
Manual review
Recommendation Mitigation Steps
add
to the function
#6 Typo
Impact
Misleading the user
Proof of Concept
https://github.com/code-423n4/2022-06-connext/blob/b4532655071566b33c41eac46e75be29b4a381ed/contracts/contracts/core/connext/facets/RoutersFacet.sol#L575
Tool
Manual Review
Recommended Mitigation Steps
Fix it from specicfied to specified.
#7 inclusive condition
Impact
this functions will fail when the end-user expects it to pass through
Proof of Concept
https://github.com/code-423n4/2022-06-connext/blob/b4532655071566b33c41eac46e75be29b4a381ed/contracts/contracts/core/connext/facets/RoutersFacet.sol#L592
Tool
Manual Review
RecommendationMitigation Steps
Conditions routerBalance should be inclusive >= or <= :
#8 Param wrapped must be immutable
Impact
the state wrapped can't be initialize by constructor.
https://github.com/code-423n4/2022-06-connext/blob/b4532655071566b33c41eac46e75be29b4a381ed/contracts/contracts/core/connext/helpers/ConnextPriceOracle.sol#L49
Tool Used
Manual Review
Recommended Mitigation Steps
the state must add immutable because in the constructor parameter mention wrapped to initialize. so i suggest to add immutable on it.
#9 transferId must be indexed
Impact
event is missing indexed fields.
Proof of Concept
https://github.com/code-423n4/2022-06-connext/blob/b4532655071566b33c41eac46e75be29b4a381ed/contracts/contracts/core/promise/PromiseRouter.sol#L102
https://github.com/code-423n4/2022-06-connext/blob/b4532655071566b33c41eac46e75be29b4a381ed/contracts/contracts/core/relayer-fee/RelayerFeeRouter.sol#L50
Tool
Manual review
Recommendation Mitigation Steps
Add indexed at transferId.
The text was updated successfully, but these errors were encountered: