Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

QA Report #82

Open
code423n4 opened this issue Jun 15, 2022 · 1 comment
Open

QA Report #82

code423n4 opened this issue Jun 15, 2022 · 1 comment
Labels
bug Something isn't working QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax

Comments

@code423n4
Copy link
Contributor

Require with empty error messages

Issue

Multicall.solL18 has a require statement with an empty message - providing no reason as to why it might revert;

function aggregate(Call[] memory calls) public returns (uint256 blockNumber, bytes[] memory returnData) {
    blockNumber = block.number;
    returnData = new bytes[](calls.length);
    for (uint256 i = 0; i < calls.length; i++) {
      (bool success, bytes memory ret) = calls[i].target.call(calls[i].callData);
      require(success);
      returnData[i] = ret;
    }
  }

Remediation

Ensure that each require statement has a clear message for why it failed.

Incomplete natspec documentation or missing params

Issue

The following natspec comments have missing params or incomplete documentation;

Remediation

Complete natspec documentation for functions and events identified above. I tried not to be pedantic here and focused only on functions that had some form of natspec param documentation assuming they were important and more accurate documentation would help.

Unused local variables

Issue

Remediation

  1. The nonce or _nonce value is is passed to numerous handle() functions throughout the code base sufficing the IMessageRecipient{} interface. However there seems to be no requirement for it in BridgeFacet.sol and it should be documented as unused similar to the Nomad GovernanceRouter.sol handle() function i.e. uint32, // nonce (unused).
  2. _reconcileProcessPortal() is called within the _reconcile() function in BridgeFacet.sol. The first router in the path is passed to the function _reconcileProcessPortal(amount, token, routers[0], transferId);. If reconciling portal payments is not related to the router that took on the credit risk then remove routers[0] from the _reconcile() function and from the _reconcileProcessPortal() function definition.
  3. The comment suggests this is more of an issue than just an unused local variable (I'll raise this as a medium bug). However for this Q&A report suffice to say that either the variable should be ommitted with (bool success, uint256 amountIn, _) = AssetLogic.swapFromLocalAssetIfNeededForExactOut(.. or the medium bug is true and adopted should be used instead of _local for the rest of the function.
  4. _router should either be used in the function body or removed.
@code423n4 code423n4 added bug Something isn't working QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax labels Jun 15, 2022
code423n4 added a commit that referenced this issue Jun 15, 2022
@code423n4
cloudjunky issue #82
416900f
@jakekidd
Copy link
Collaborator

jakekidd commented Jul 1, 2022

1 is invalid, multicall not in scope

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jakekidd @code423n4