Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

QA Report #30

Closed
code423n4 opened this issue Jun 17, 2022 · 3 comments
Closed

QA Report #30

code423n4 opened this issue Jun 17, 2022 · 3 comments
Assignees
@Yashiru
Labels
bug Something isn't working duplicate This issue or pull request already exists invalid This doesn't seem right QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax

Comments

@code423n4
Copy link
Contributor

  1. Contract locking ether
    The following contracts have a payable function but has no mechanism to withdraw the eth in the contract.
    OwnerProxy.sol
    FlatOperator.sol

Tool Used:
Slither

  1. missing zero address check
    The following are missing checks for existence of zero address which may lead to redeployment of contract or function reverting.

**Occurrences in:

  1. Unnecessary import
    IFlatOperator does not need to import ERC20 since the transfer() function is custom defined and does not conform to ERC20's transfer.

  2. Costly External calls inside a loop
    **Occurrences in:

*https://github.com/code-423n4/2022-06-nested/blob/main/contracts/operators/Beefy/BeefyVaultOperator.sol#L19
*https://github.com/code-423n4/2022-06-nested/blob/main/contracts/operators/Beefy/lp/BeefyZapBiswapLPVaultOperator.sol#L28
*https://github.com/code-423n4/2022-06-nested/blob/main/contracts/operators/Beefy/lp/BeefyZapUniswapLPVaultOperator.sol#L28
@code423n4 code423n4 added bug Something isn't working QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax labels Jun 17, 2022
code423n4 added a commit that referenced this issue Jun 17, 2022
@code423n4
cryptphi issue #30
b222a5a
@Yashiru Yashiru self-assigned this Jun 17, 2022
@obatirou
Copy link
Collaborator

4. Costly External calls inside a loop (disputed)

We want to loop through the array to whitelist some vault/strategy at the deployment
As long as this process is in the constructor, those vaults / strategy will be reachable after the deployment

@obatirou
Copy link
Collaborator

1. Contract locking ether (disputed)

FlatOperator is not supposed to be called outside of a delegateCall context

For OwnerProxy we can set the value to zero to not send ether.
And if we made a mistake, we can create a script to send the ether back.

@Yashiru
Copy link
Collaborator

Yashiru commented Jun 24, 2022

2. missing zero address check (Duplicated)

Duplicated of #61 at 2. Missing address(0) checks

@Yashiru Yashiru mentioned this issue Jun 24, 2022
Open
@Yashiru Yashiru added the duplicate This issue or pull request already exists label Jun 27, 2022
@jack-the-pug jack-the-pug added the invalid This doesn't seem right label Jul 13, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Yashiru Yashiru

Labels
bug Something isn't working duplicate This issue or pull request already exists invalid This doesn't seem right QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@Yashiru @code423n4 @jack-the-pug @obatirou