QA Report

[code423n4]

Missing Zero-address Validation

Severity: Low
Context: Withdrawer.sol#L16-L18, YearnCurveVaultOperator.sol#L31-L51

Description:
Lack of zero-address validation on address parameters may lead to transaction reverts, waste gas, require resubmission of transactions and may even force contract redeployments in certain cases within the protocol.

Recommendation:
Add explicit zero-address validation on input parameters of address type.

Missing Time locks

Severity: Low
Context: NestedFactory.sol#L121-L179, BeefyVaultStorage.sol#L34-L38

Description:
When critical parameters of systems need to be changed, it is required to broadcast the change via event emission and recommended to enforce the changes after a time-delay. This is to allow system users to be aware of such critical changes and give them an opportunity to exit or adjust their engagement with the system accordingly. None of the onlyOwner functions that change critical protocol addresses/parameters have a timelock for a time-delayed change to alert: (1) users and give them a chance to engage/exit protocol if they are not agreeable to the changes (2) team in case of compromised owner(s) and give them a chance to perform incident response.

Recommendation:
Users may be surprised when critical parameters are changed or incentivizer programs completed early without notice. Furthermore, it can erode users' trust since they can’t be sure the protocol rules won’t be changed later on. Compromised owner keys may be used to change protocol addresses/parameters to benefit attackers. Without a time-delay, authorised owners have no time for any planned incident response.

Missing Equivalence Checks in Setters

Severity: Low
Context: NestedFactory.sol#L152-L172

Description:
Setter functions are missing checks to validate if the new value being set is the same as the current value already set in the contract. Such checks will showcase mismatches between on-chain and off-chain states.

Recommendation:
This may hinder detecting discrepancies between on-chain and off-chain states leading to flawed assumptions of on-chain state and protocol behavior.

receive() Function Should Emit An Event

Severity: Low
Context: NestedFactory.sol#L88-L92, Withdrawer.sol#L16-L18

Description:
Consider emitting an event inside this function with msg.sender and msg.value as the parameters. This would make it easier to track incoming ether transfers.

Recommendation:
Add events to the receive() functions.

Lack of Event Emission For Critical Functions

Severity: Low
Context: BeefyVaultOperator.sol#L36-L67, BeefyVaultOperator.sol#L79-L108, BeefyZapBiswapLPVaultOperator.sol#L46-L77, BeefyZapBiswapLPVaultOperator.sol#L91-L121, BeefyZapUniswapLPVaultOperator.sol#L46-L77, BeefyZapUniswapLPVaultOperator.sol#L91-L121, ParaswapOperator.sol#L22-L48

Description:
Several functions update critical parameters that are missing event emission. These should be performed to ensure tracking of changes of such critical parameters.

Recommendation:
Add events to functions that change critical parameters.

Unindexed Event Parameters

Severity Informational
Context: MixinOperatorResolver.sol#L14, TimelockControllerEmergency.sol#L60

Description:
Parameters of certain events are expected to be indexed so that they’re included in the block’s bloom filter for faster access. Failure to do so might confuse off-chain tooling looking for such indexed events.

Recommendation:
Add the indexed keyword to event parameters that should include it.

Lack of solhint To Ignore Warnings

Severity: Informational
Context: OwnerProxy.sol#L21-L36, OperatorScripts.sol#L58-L60

Description:
solhint is useful to help ignore warnings that aren't really issues. For example the code base has some assembly blocks which promts the warning Linter: Avoid to use inline assembly. It is acceptable only in rare cases. Adding in /* solhint-disable no-inline-assembly */ above it will ignore this warning.

Recommendation:
Use solhint to ignore warnings that aren't really issues.

Spelling Errors

Severity: Informational
Context: NestedFactory.sol#L51 (withdrawed => withdrawn), NestedFactory.sol#L477 (dont => do not), NestedFactory.sol#L534 (transfered => transferred), NestedFactory.sol#L639 (withdrawed => withdrawal), MixinOperatorResolver.sol#L81 (datas => data(it is already plural)), OwnableProxyDelegation.sol#L17 (setted => set), TimeLockControllerEmergency.sol#L183 (datas => data), TimeLockControllerEmergency.sol#L187 (datas => data), TimeLockControllerEmergency.sol#L224 (datas => data), TimeLockControllerEmergency.sol#L230 (datas => data), TimeLockControllerEmergency.sol#L232 (datas => data), BeefyVaultOperator.sol#L95 (WITHDRAWED => WITHDRAWAL), BeefyZapBiswapLPVaultOperator.sol#L108 (WITHDRAWED => WITHDRAWAL), BeefyZapUniswapLPVaultOperator.sol#L108 (WITHDRAWED => WITHDRAWAL), StakingLPVaultHelpers.sol#L21 (liquitiy => liquidity), StakingLPVaultHelpers.sol#L52 (liquitiy => liquidity), StakingLPVaultHelpers.sol#L85 (liquitiy => liquidity), StakingLPVaultHelpers.sol#L115 (liquitiy => liquidity)

Description:
Spelling errors in comments can cause confusion to both users and developers.

Recommendation:
Check all misspellings to ensure they are corrected.

Missing or Incomplete NatSpec

Severity: Informational
Context: All Contracts

Description:
Some functions are missing @notice/@dev NatSpec comments for the function, @param for all/some of their parameters and @return for return values. Given that NatSpec is an important part of code documentation, this affects code comprehension, auditability and usability.

Recommendation:
Add in full NatSpec comments for all functions to have complete code documentation for future use.

Too Recent of a Pragma

Severity Informational
Context: All Contracts

Description:
Using too recent of a pragma is risky since they are not battle tested. A rise of a bug that wasn't known on release would cause either a hack or a need to secure funds and redeploy.

Recommendation:
Use a Pragma version that has been used for sometime. I would suggest 0.8.4 for the decrease of risk and still has the gas optimizations implemented.

[Yashiru]

Lack of Event Emission For Critical Functions (Confirmed)

Quality assurance confirmed

[obatirou]

Lack of solhint To Ignore Warnings (disputed)

Is not an issue for us

[Yashiru]

Too Recent of a Pragma (Acknowledged)

It is a choice between the risks of last update stability and the risk of exposure to known vulnerabilities.
We prefer to use the latest pragma.

[obatirou]

receive() Function Should Emit An Event (disputed)

An event is already emitted with WETH (Transfer, Deposit,…)

[obatirou]

Missing Equivalence Checks in Setters (disputed)

Not necessary

[obatirou]

Missing Time locks (disputed)

There is a timelock, see ownership documentation in readme

[obatirou]

Unindexed Event Parameters (Acknowledge)

Acknowledge as it costs gas

[Yashiru]

Spelling Errors (Duplicated)

Duplicated of #45 at Typos

[Yashiru]

Missing Zero-address Validation (Duplicated)

Duplicated of #61 at 2. Missing address(0) checks

[obatirou]

Missing or Incomplete NatSpec (duplicate)

#84 (comment)

[jack-the-pug]

L-1: Missing Zero-address Validation

Non-critical.

L-2: Missing Time locks

Invalid.

L-3: Missing Equivalence Checks in Setters

Invalid or Non-critical. No need to make changes.

L-4: receive() Function Should Emit An Event

Seems unnecessary to me.

L-4: Lack of Event Emission For Critical Functions

Non-critical. Make changes when you see fit.

N-1: Unindexed Event Parameters

Non-critical. Make changes when you see fit.

N-2: Lack of solhint To Ignore Warnings

Non-critical.

N-3: Spelling Errors

Valid.

N-4: Missing or Incomplete NatSpec

Non-critical.

N-5: Too Recent of a Pragma

Non-critical.