Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

QA Report #60

Closed
code423n4 opened this issue Jun 18, 2022 · 5 comments
Closed

QA Report #60

code423n4 opened this issue Jun 18, 2022 · 5 comments
Assignees
@obatirou
Labels
bug Something isn't working duplicate This issue or pull request already exists invalid This doesn't seem right QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax

Comments

@code423n4
Copy link
Contributor

#1 Unused parameter

Impact
efficiency code and reduce gas cost

Proof of Concept
https://github.com/code-423n4/2022-06-nested/blob/b4a153c943d54755711a2f7b80cbbf3a5bb49d76/contracts/NestedFactory.sol#L466

Tool Used
Remix

Recommended Mitigation Steps
remove unnecessary code. i suggest to change

     (bool success, uint256[] memory amounts) = callOperator(_order, _inputToken, _outputToken);

to

    (bool success, ) = callOperator(_order, _inputToken, _outputToken);

#2 Missing param comment

impact
transferOwnership function have natspec comment which is missing the newOwner function parameter. Issues with comments are low risk based on Code4rena risk categories.

Proof of Concept
https://github.com/code-423n4/2022-06-nested/blob/b4a153c943d54755711a2f7b80cbbf3a5bb49d76/contracts/abstracts/OwnableProxyDelegation.sol#L54-L59

Tool
Manual Review

Recommended Mitigation Steps
Add natspec comments include newOwner parameter.

#3 Missing param operatorStorage in constructor

Impact
the operatorStorage can't be initialize by constructor. and made the logic doesn't work properly.

Proof of Concept
https://github.com/code-423n4/2022-06-nested/blob/b4a153c943d54755711a2f7b80cbbf3a5bb49d76/contracts/operators/Yearn/YearnCurveVaultOperator.sol#L31-L36

Tool
Manual review

Recommended Mitigation Steps
because in the constructor parameter mention operatorStorage to initialize. so i suggest to add param operatorStorage on constructor.

#4 Missing state operatorResolver

Impact
the constructor initialize operatorResolver but the state operatorResolver was missing, and caused of it made opeartion doesn't work properly.

Proof of Concept
https://github.com/code-423n4/2022-06-nested/blob/b4a153c943d54755711a2f7b80cbbf3a5bb49d76/contracts/NestedFactory.sol#L57-L75

Tool
Manual review

Recommended Mitigation Steps
i suggest to add state about operatorResolver, so that the constructor can work to initialize param operatorResolver.

#5 feeSplitter must be immutable

Impact
the feeSplitter can't be initialize by constructor.

Proof of Concept
https://github.com/code-423n4/2022-06-nested/blob/b4a153c943d54755711a2f7b80cbbf3a5bb49d76/contracts/NestedFactory.sol#L29

Tool
Manual review

Recommended Mitigation Steps
the state must add immutable because in the constructor parameter mention feeSplitter to initialize. so i suggest to add immutable on it.
@code423n4 code423n4 added bug Something isn't working QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax labels Jun 18, 2022
code423n4 added a commit that referenced this issue Jun 18, 2022
@code423n4
Waze issue #60
2afb70a
@obatirou obatirou self-assigned this Jun 21, 2022
@obatirou
Copy link
Collaborator

obatirou commented Jun 22, 2022
edited
Loading

1.Unused parameter (disputed)

the parameter amounts is used 2 lines after
We cannot remove it

@obatirou
Copy link
Collaborator

3 Missing param operatorStorage in constructor (disputed)

The statement is not clear and the logic works
Why can’t it be initialized by constructor ?

@obatirou
Copy link
Collaborator

4 Missing state operatorResolver (disputed)

The resolver is part of the MixinOperatorResolver

@obatirou
Copy link
Collaborator

5 feeSplitter must be immutable (disputed)

We can modify the address of the fee splitter
Hence cannot be immutable

@obatirou
Copy link
Collaborator

Missing param comment (duplicate)

#84 (comment)

@Yashiru Yashiru added the duplicate This issue or pull request already exists label Jun 27, 2022
@jack-the-pug jack-the-pug added the invalid This doesn't seem right label Jul 13, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@obatirou obatirou

Labels
bug Something isn't working duplicate This issue or pull request already exists invalid This doesn't seem right QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@Yashiru @code423n4 @jack-the-pug @obatirou