QA Report #80

code423n4 · 2022-04-27T21:59:21Z

Typos

https://github.com/code-423n4/2022-04-backd/blob/c856714a50437cb33240a5964b63687c9876275b/backd/contracts/actions/topup/TopUpAction.sol#L737

     * @dev Setting the addres to 0 means that the protocol will no longer be supported.

Change 'addres' to 'address'

https://github.com/code-423n4/2022-04-backd/blob/c856714a50437cb33240a5964b63687c9876275b/backd/contracts/strategies/ConvexStrategyBase.sol#L61

    event Deposit(); // Emitted after a successfull deposit

Change 'successfull' to 'successful'

https://github.com/code-423n4/2022-04-backd/blob/c856714a50437cb33240a5964b63687c9876275b/backd/contracts/strategies/ConvexStrategyBase.sol#L63

    event WithdrawAll(uint256 amount); // Emitted after successfully withdrwaing all

Change 'withdrwaing' to 'withdrawing'

https://github.com/code-423n4/2022-04-backd/blob/c856714a50437cb33240a5964b63687c9876275b/backd/contracts/vault/Vault.sol#L159

     * @dev Withdraws from reserve will cause a spike in pool exchange rate.

Change 'Withdraws' to 'Withdrawals'

https://github.com/code-423n4/2022-04-backd/blob/c856714a50437cb33240a5964b63687c9876275b/backd/contracts/strategies/ConvexStrategyBase.sol#L175

     * @notice Set the address of the communit reserve.

Change 'communit' to 'community'

https://github.com/code-423n4/2022-04-backd/blob/c856714a50437cb33240a5964b63687c9876275b/backd/contracts/utils/Preparable.sol#L106

     * @dev Checks the deadline of the key and reset it

Change 'reset' to 'resets'

https://github.com/code-423n4/2022-04-backd/blob/c856714a50437cb33240a5964b63687c9876275b/backd/contracts/AddressProvider.sol#L336

     * @notice Check whether an address is an pool.

Change 'an' to 'a'

https://github.com/code-423n4/2022-04-backd/blob/c856714a50437cb33240a5964b63687c9876275b/backd/contracts/CvxCrvRewardsLocker.sol#L131

     * @notice Processes exipred locks.

Change 'exipred' to 'expired'

https://github.com/code-423n4/2022-04-backd/blob/c856714a50437cb33240a5964b63687c9876275b/backd/contracts/GasBank.sol#L60

     * @notice Withdraws `amount` on behalf of `account` and send to `to`

Change 'send' to 'sends'

https://github.com/code-423n4/2022-04-backd/blob/c856714a50437cb33240a5964b63687c9876275b/backd/contracts/LpToken.sol#L79

     * @dev We notify that LP tokens have been transfered

Change 'transfered' to 'transferred'

https://github.com/code-423n4/2022-04-backd/blob/c856714a50437cb33240a5964b63687c9876275b/backd/contracts/StakerVault.sol#L89

     * @dev This should be used is a strategy deposits into a stakerVault and should not get gov. tokens.

Change 'is a' to 'as'

Change 'tup-up' to 'top-up' in both lines below:
https://github.com/code-423n4/2022-04-backd/blob/c856714a50437cb33240a5964b63687c9876275b/backd/contracts/actions/topup/handlers/AaveHandler.sol#L32

     * @param underlying Underlying for tup-up.

https://github.com/code-423n4/2022-04-backd/blob/c856714a50437cb33240a5964b63687c9876275b/backd/contracts/actions/topup/handlers/CompoundHandler.sol#L46

     * @param underlying Underlying for tup-up.

Change 'it's' to 'its' in both lines below:
https://github.com/code-423n4/2022-04-backd/blob/c856714a50437cb33240a5964b63687c9876275b/backd/contracts/actions/topup/TopUpAction.sol#L530

     * @notice Successfully tops up a position if it's conditions are met.

https://github.com/code-423n4/2022-04-backd/blob/c856714a50437cb33240a5964b63687c9876275b/backd/contracts/strategies/BkdEthCvx.sol#L8

 * The strategy holds ETH as it's underlying and allocates liquidity to Convex via given Curve Pool with 2 underlying tokens.

Change 'widthdrawn' to 'withdrawn' in both lines below:
https://github.com/code-423n4/2022-04-backd/blob/c856714a50437cb33240a5964b63687c9876275b/backd/contracts/strategies/BkdTriHopCvx.sol#L248

     * @param _hopLpAmount Amount of Hop LP that is being widthdrawn from Curve Pool.

https://github.com/code-423n4/2022-04-backd/blob/c856714a50437cb33240a5964b63687c9876275b/backd/contracts/strategies/BkdTriHopCvx.sol#L282

     * @param _underlyingAmount Amount of underlying that is being widthdrawn from Curve Hop Pool.

Change 'commited' to 'committed' in both lines below:
https://github.com/code-423n4/2022-04-backd/blob/c856714a50437cb33240a5964b63687c9876275b/backd/contracts/utils/Preparable.sol#L34

     * @notice Prepares an uint256 that should be commited to the contract

https://github.com/code-423n4/2022-04-backd/blob/c856714a50437cb33240a5964b63687c9876275b/backd/contracts/utils/Preparable.sol#L58

     * @notice Prepares an address that should be commited to the contract

Change 'deos' to 'does' in both lines below:
https://github.com/code-423n4/2022-04-backd/blob/c856714a50437cb33240a5964b63687c9876275b/backd/contracts/AddressProvider.sol#L297

     * @dev Does not revert if the pool deos not exist

https://github.com/code-423n4/2022-04-backd/blob/c856714a50437cb33240a5964b63687c9876275b/backd/contracts/AddressProvider.sol#L308

     * @dev Reverts if the pool deos not exist

Change 'indicies' to 'indices' in the three lines referenced below:
https://github.com/code-423n4/2022-04-backd/blob/c856714a50437cb33240a5964b63687c9876275b/backd/contracts/strategies/StrategySwapper.sol#L292-L294

     * @dev Returns the Curve Pool coin indicies for a given Token.
     * @param curvePool_ The Curve Pool to return the indicies for.
     * @param token_ The Token to get the indicies for.

Change 'tolarance' to 'tolerance' in the lines below:
https://github.com/code-423n4/2022-04-backd/blob/c856714a50437cb33240a5964b63687c9876275b/backd/contracts/strategies/BkdTriHopCvx.sol#L79

     * @param _hopImbalanceToleranceIn New hop imbalance tolarance in.

https://github.com/code-423n4/2022-04-backd/blob/c856714a50437cb33240a5964b63687c9876275b/backd/contracts/strategies/BkdTriHopCvx.sol#L95

     * @param _hopImbalanceToleranceOut New hop imbalance tolarance out.

https://github.com/code-423n4/2022-04-backd/blob/c856714a50437cb33240a5964b63687c9876275b/backd/contracts/strategies/ConvexStrategyBase.sol#L224

     * @param imbalanceToleranceIn_ New imbalance tolarance in.

https://github.com/code-423n4/2022-04-backd/blob/c856714a50437cb33240a5964b63687c9876275b/backd/contracts/strategies/ConvexStrategyBase.sol#L240

     * @param imbalanceToleranceOut_ New imbalance tolarance out.

Change 'to how' to 'as to how' in the lines below, which all incorporate the following:

     *  But is also less accurate to how much could be withdrawn.

https://github.com/code-423n4/2022-04-backd/blob/c856714a50437cb33240a5964b63687c9876275b/backd/contracts/strategies/BkdEthCvx.sol#L155

https://github.com/code-423n4/2022-04-backd/blob/c856714a50437cb33240a5964b63687c9876275b/backd/contracts/strategies/BkdEthCvx.sol#L166

https://github.com/code-423n4/2022-04-backd/blob/c856714a50437cb33240a5964b63687c9876275b/backd/contracts/strategies/BkdTriHopCvx.sol#L305

https://github.com/code-423n4/2022-04-backd/blob/c856714a50437cb33240a5964b63687c9876275b/backd/contracts/strategies/BkdTriHopCvx.sol#L316

https://github.com/code-423n4/2022-04-backd/blob/c856714a50437cb33240a5964b63687c9876275b/backd/contracts/strategies/BkdTriHopCvx.sol#L327

https://github.com/code-423n4/2022-04-backd/blob/c856714a50437cb33240a5964b63687c9876275b/backd/contracts/strategies/BkdTriHopCvx.sol#L341

Change 'suceptible' to 'susceptible' in the lines below, which all incorporate the following:

     * @dev Uses get_virtual_price which is less suceptible to manipulation.

https://github.com/code-423n4/2022-04-backd/blob/c856714a50437cb33240a5964b63687c9876275b/backd/contracts/strategies/BkdEthCvx.sol#L154

https://github.com/code-423n4/2022-04-backd/blob/c856714a50437cb33240a5964b63687c9876275b/backd/contracts/strategies/BkdTriHopCvx.sol#L304

https://github.com/code-423n4/2022-04-backd/blob/c856714a50437cb33240a5964b63687c9876275b/backd/contracts/strategies/BkdTriHopCvx.sol#L315

https://github.com/code-423n4/2022-04-backd/blob/c856714a50437cb33240a5964b63687c9876275b/backd/contracts/strategies/BkdTriHopCvx.sol#L326

https://github.com/code-423n4/2022-04-backd/blob/c856714a50437cb33240a5964b63687c9876275b/backd/contracts/strategies/BkdTriHopCvx.sol#L340

https://github.com/code-423n4/2022-04-backd/blob/c856714a50437cb33240a5964b63687c9876275b/backd/contracts/strategies/BkdEthCvx.sol#L165

https://github.com/code-423n4/2022-04-backd/blob/c856714a50437cb33240a5964b63687c9876275b/backd/contracts/strategies/BkdTriHopCvx.sol#L304

Change 'succuessful' to 'successful' in the lines below (there are a total of 11 instances) :
https://github.com/code-423n4/2022-04-backd/blob/c856714a50437cb33240a5964b63687c9876275b/backd/contracts/strategies/BkdTriHopCvx.sol#L27-L28

    event SetHopImbalanceToleranceIn(uint256 value); // Emitted after a succuessful setting of hop imbalance tolerance in
    event SetHopImbalanceToleranceOut(uint256 value); // Emitted after a succuessful setting of hop imbalance tolerance out

https://github.com/code-423n4/2022-04-backd/blob/c856714a50437cb33240a5964b63687c9876275b/backd/contracts/strategies/ConvexStrategyBase.sol#L65-L70

    event SetCommunityReserve(address reserve); // Emitted after a succuessful setting of reserve
    event SetCrvCommunityReserveShare(uint256 value); // Emitted after a succuessful setting of CRV Community Reserve Share
    event SetCvxCommunityReserveShare(uint256 value); // Emitted after a succuessful setting of CVX Community Reserve Share
    event SetImbalanceToleranceIn(uint256 value); // Emitted after a succuessful setting of imbalance tolerance in
    event SetImbalanceToleranceOut(uint256 value); // Emitted after a succuessful setting of imbalance tolerance out
    event SetStrategist(address strategist); // Emitted after a succuessful setting of strategist

https://github.com/code-423n4/2022-04-backd/blob/c856714a50437cb33240a5964b63687c9876275b/backd/contracts/strategies/StrategySwapper.sol#L34-L36

    event SetSlippageTolerance(uint256 value); // Emitted after a succuessful setting of slippage tolerance
    event SetCurvePool(address token, address curvePool); // Emitted after a succuessful setting of a Curve Pool
    event SetSwapViaUniswap(address token, bool swapViaUniswap); // Emitted after a succuessful setting of swap via Uniswap

Change 'prepraed' to 'prepared' in the lines below, which all incorporate the following:

     * @dev Needs to be called after the update was prepraed. Fails if called before time delay is met.

https://github.com/code-423n4/2022-04-backd/blob/c856714a50437cb33240a5964b63687c9876275b/backd/contracts/actions/topup/TopUpActionFeeHandler.sol#L157

https://github.com/code-423n4/2022-04-backd/blob/c856714a50437cb33240a5964b63687c9876275b/backd/contracts/actions/topup/TopUpActionFeeHandler.sol#L202

https://github.com/code-423n4/2022-04-backd/blob/c856714a50437cb33240a5964b63687c9876275b/backd/contracts/pool/LiquidityPool.sol#L185

https://github.com/code-423n4/2022-04-backd/blob/c856714a50437cb33240a5964b63687c9876275b/backd/contracts/pool/LiquidityPool.sol#L214

https://github.com/code-423n4/2022-04-backd/blob/c856714a50437cb33240a5964b63687c9876275b/backd/contracts/pool/LiquidityPool.sol#L243

https://github.com/code-423n4/2022-04-backd/blob/c856714a50437cb33240a5964b63687c9876275b/backd/contracts/pool/LiquidityPool.sol#L272

https://github.com/code-423n4/2022-04-backd/blob/c856714a50437cb33240a5964b63687c9876275b/backd/contracts/pool/LiquidityPool.sol#L304

https://github.com/code-423n4/2022-04-backd/blob/c856714a50437cb33240a5964b63687c9876275b/backd/contracts/pool/LiquidityPool.sol#L352

https://github.com/code-423n4/2022-04-backd/blob/c856714a50437cb33240a5964b63687c9876275b/backd/contracts/vault/Vault.sol#L218

https://github.com/code-423n4/2022-04-backd/blob/c856714a50437cb33240a5964b63687c9876275b/backd/contracts/vault/Vault.sol#L270

https://github.com/code-423n4/2022-04-backd/blob/c856714a50437cb33240a5964b63687c9876275b/backd/contracts/vault/Vault.sol#L293

https://github.com/code-423n4/2022-04-backd/blob/c856714a50437cb33240a5964b63687c9876275b/backd/contracts/vault/Vault.sol#L317

https://github.com/code-423n4/2022-04-backd/blob/c856714a50437cb33240a5964b63687c9876275b/backd/contracts/vault/Vault.sol#L348

https://github.com/code-423n4/2022-04-backd/blob/c856714a50437cb33240a5964b63687c9876275b/backd/contracts/vault/Vault.sol#L373

https://github.com/code-423n4/2022-04-backd/blob/c856714a50437cb33240a5964b63687c9876275b/backd/contracts/vault/Vault.sol#L398

Joeysantoro · 2022-05-13T01:08:08Z

This issue is for a different repo.

liveactionllama · 2022-05-16T18:37:48Z

Agree with sponsor. This submission refers to the Backd contest which has already gone through judging. Closing this issue.

code423n4 added bug Something isn't working QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax labels Apr 27, 2022

code423n4 added a commit that referenced this issue Apr 27, 2022

delfin454000 issue #80

e339474

Joeysantoro added sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity") sponsor todo labels May 13, 2022

Joeysantoro added invalid This doesn't seem right and removed sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity") sponsor todo labels May 13, 2022

Joeysantoro mentioned this issue May 13, 2022

QA Report #82

Closed

liveactionllama closed this as completed May 16, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

QA Report #80

QA Report #80

code423n4 commented Apr 27, 2022

Joeysantoro commented May 13, 2022 •

edited

Loading

liveactionllama commented May 16, 2022

QA Report #80

QA Report #80

Comments

code423n4 commented Apr 27, 2022

Joeysantoro commented May 13, 2022 • edited Loading

liveactionllama commented May 16, 2022

Joeysantoro commented May 13, 2022 •

edited

Loading