Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

QA Report #43

Open
code423n4 opened this issue Jun 18, 2022 · 2 comments
Open

QA Report #43

code423n4 opened this issue Jun 18, 2022 · 2 comments
Assignees
@obatirou
Labels
bug Something isn't working QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax valid

Comments

@code423n4
Copy link
Contributor

QA01 Uncapped Fees

There is nothing stopping a malicious owner changing both entryFees & exitFees to 100%. Recommend having an upper limit and using that instead of 10,000 in the 2 following require checks.

NestedFactory.sol#L161
NestedFactory.sol#L169

QA02 Incomplete Natspec

MixinOperatorResolver.sol#L50 - missing @return in natspec
OwnableProxyDelegation.sol#L34 - missing @return address
OwnableProxyDelegation.sol#L55 - missing @param newOwner
BeefyZapBiswapLPVaultOperator.sol#L231 - missing @return mintedLpAmount
BeefyZapBiswapLPVaultOperator.sol#L263 - missing @param reserveA, @param reserveB, @param router, @return swapAmount
BeefyZapUniswapLPVaultOperator.sol#L231 - mising @return mintedLpAmount
BeefyZapUniswapLPVaultOperator.sol#L262 - missing @param reserveA, @param reserveB, @param router, @return swapAmount
@code423n4 code423n4 added bug Something isn't working QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax labels Jun 18, 2022
code423n4 added a commit that referenced this issue Jun 18, 2022
@code423n4
_Adam issue #43
02e8f47
@obatirou obatirou self-assigned this Jun 20, 2022
@obatirou
Copy link
Collaborator

QA01 Uncapped Fees (disputed)

It's about wardens appreciation of our ownership architecture versus ours.
We can imagine many other malicious scenarios, assuming that the Multisig/Timelock/OwnerProxy combination is not enough to prevent the protocol from being compromised.

@obatirou obatirou mentioned this issue Jun 24, 2022
Open
@obatirou
Copy link
Collaborator

QA02 Incomplete Natspec (duplicate)

#84 (comment)

@Yashiru Yashiru added the duplicate This issue or pull request already exists label Jun 27, 2022
@JeeberC4 JeeberC4 removed the duplicate This issue or pull request already exists label Jul 20, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@obatirou obatirou

Labels
bug Something isn't working QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax valid
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@Yashiru @code423n4 @jack-the-pug @obatirou @JeeberC4