QA Report #94
Labels
bug
Something isn't working
duplicate
This issue or pull request already exists
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
QA Report
Table of Contents:
import { Ownable } from "@openzeppelin/contracts/access/Ownable.sol"
1e30
1e12
1e6
amms
"CH: Above Maintenance Margin"
6
import { Ownable } from "@openzeppelin/contracts/access/Ownable.sol"
Foreword
@audit
tagsSummary
initialize()
orìnit()
functions are front-runnable in the whole solution. I suggest adding some access control to them:Ownable
is never used, it's imported twice.@param
comments concerningtimestamp
are missing on the events inMarginAccount.sol
File: AMM.sol
Imports
Useless
import { Ownable } from "@openzeppelin/contracts/access/Ownable.sol"
Ownable
capabilities are not used in this contract.function addLiquidity()
A Magical number should be explained:
1e30
Please, either add a comment or store the value in a constant for maintainability and readability. Here,
1e30
isn't easily guessable:function lastPrice()
A Magical number should be explained:
1e12
Please, either add a comment or store the value in a constant for maintainability and readability. Here,
1e12
isn't easily guessable:function _updateFundingRate()
A Magical number should be explained:
1e6
Here, we can guess that it's the number of decimals. However, hardcoding this value in the code is bad practice. Consider storing it in a constant.
File: ClearingHouse.sol
General
Unbounded iteration over all
amms
There are many for-loops iterating over the dynamic array
IAMM[] amms
:I suggest being very careful as the execution may exceed the block gas limit, consume all the gas provided, and fail.
A removal function is missing here.
You can consider introducing max limits on items in the arrays or make sure that elements can be removed from dynamic arrays in case it becomes too large.
function _liquidateTaker()
Use same revert string on L189 as L166 for consistency:
"CH: Above Maintenance Margin"
I suggest using the same string on L189 as L166 for consistency:
File: MarginAccount.sol
function weightedAndSpotCollateral()
A Magical number should be explained:
6
Here, we can guess that it's the number of decimals. However, hardcoding this value in the code is bad practice. Consider storing it in a constant.
File: Oracle.sol
Imports
Useless
import { Ownable } from "@openzeppelin/contracts/access/Ownable.sol"
Ownable
capabilities are not used in this contract.File: Registry.sol
constructor
Missing address(0) checks
Immutable addresses should be checked for address(0) to avoid needed to redeploy the contract.
It's done here:
Therefore, I suggest doing the same for the addresses in Registry.sol:
The text was updated successfully, but these errors were encountered: