Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

QA Report #201

Open
code423n4 opened this issue Jun 19, 2022 · 0 comments
Open

QA Report #201

code423n4 opened this issue Jun 19, 2022 · 0 comments
Labels
bug Something isn't working QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax

Comments

@code423n4
Copy link
Contributor

  1. Title : Innacurate comment with actual code

return was used as comment but in actual code no return was used for _remote The address of the remote xApp Router on _domain. It can be added or it can be deleted since it was there.

Tool Used

Manual Review

Recommended Mitigation

Add return inside function

  1. Title : Missmatch comment with actual code

In this line was used to be :

   * @return Returns (`_origin` << 32) & `_nonce`

but in actual code was using and OR :

       return (uint64(_origin) << 32) | _nonce;

So it can be changed as it should be

POC

https://www.geeksforgeeks.org/solidity-operators/

Another Occurance

RelayerFeeRouter.sol Line.166

  1. Title : Update your code since solidity ver 0.8.0

Optional: If you use SafeMath or a similar library, change x.add(y) to x + y, x.mul(y) to x * y etc.

POC

https://docs.soliditylang.org/en/v0.8.15/080-breaking-changes.html

1.) File : AmplificationUtils.sol Line.61

2.) File : AmplificationUtils.sol Line.61

3.) File : AmplificationUtils.sol Line.64

4.) File : AmplificationUtils.sol Line.89

5.) File : AmplificationUtils.sol Line.92

6.) File : AmplificationUtils.sol Line.92

  1. Title : Avoid floating pragmas: the version should be locked

The pragma declared at DiamondInit.sol was used ^0.8.0. As the compiler can be use as 0.8.14 and consider locking at this version the same as another. It can be consider using locking the pragma version whenever possible and avoid using a floating pragma in the final deployment. Since it can be problematic, if there are publicly disclosed bugs and issues that affect the current compiler version used.

Tool Used

Manual Review

  1. Change var name code for good readibility

In Executor.sol, since amnt for this was used for amount, it better to keep as it should be for good readibility and code instead. No exploit was happen but to keep it good as it should be. Since another amount was not be abbreviated. so it should be better that to keep it amount and not amnt.

Tool used

Manual Review

Occurances

1)Executor.sol #L31
2)Executor.sol #L102
3)Executor.sol #L153
4)Executor.sol #L172

  1. Title : NatSpec is incomplete

1.) File : BaseConnextFacet.sol Lines 109-116

  /**
   * @notice Return true if the given domain / router is the address of a remote xApp Router
   * @param _domain The domain of the potential remote xApp Router
   * @param _router The address of the potential remote xApp Router
   */
  function _isRemoteRouter(uint32 _domain, bytes32 _router) internal view returns (bool) {
    return s.remotes[_domain] == _router;
  }

adding @return

2.) File : BridgeFacet.sol Lines.477-524

adding @params & @return

3.) File : BridgeFacet.sol Lines.622-630

adding @return

4.) File : BridgeFacet.sol Lines.632-700

adding @return

5.) File : BridgeFacet.sol Lines.702-713

moving // return into @return

6.) File : BridgeFacet.sol Lines.715-722

adding @return

7.) File : BridgeFacet.sol Lines.724-737

adding @return

8.) File : BridgeFacet.sol Lines.739-751

adding @return

9.) File : BridgeFacet.sol Lines.739-751

adding @return

  1. File : BridgeFacet.sol Lines.815-880

adding @return

  1. File : BridgeFacet.sol Lines.739-751

adding @return

12.) File : LPToken.sol Lines.14-26

adding @return

  1. Title : Unnecessary Declared Comment

1.) File : contracts/core/connext/facets/StableSwapFacet.sol
Line. 49

  // ============ Properties ============

This comment was unnecessary so it can be deleted instead since this was unused and pass it into modifier directly.

2.) File : contracts/core/connext/helpers/SponsorVault.sol Line.27

// ============ Private storage ============

This comment was unnecessary so it can be deleted instead since this was unused and pass it into public storage directly.

3.) Since this comment was used to be an dev commented for the code but it can be deleted instead for better code readibility since it was unnecesary.

4.) This a la from function originsender() was unused and misslead so it can be changed or it can be deleted instead

another occurances : Executor.sol Line 85 & Line 98

Tool Used

Manual Review

  1. Title : Typo Comment

1.) File : BaseConnextFacet.sol Line 137

_potentialReplcia into _potentialReplica

2.) File : BaseConnextFacet.sol Line 764

routers' into routers

3.) File : BaseConnextFacet.sol Line 982

amongst into amongs

4.) File : PortalFacet.sol Line 111

back loan into backloan

5.) File : PortalFacet.sol Line 188

back loan into backloan

6.) File : PortalFacet.sol Line.163

sournce into source

7.) File : StableSwapFacet.sol Line 377

users' into users
@code423n4 code423n4 added bug Something isn't working QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax labels Jun 19, 2022
code423n4 added a commit that referenced this issue Jun 19, 2022
@code423n4
Funen issue #201
a87a676
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@code423n4