QA Report #122
Labels
bug
Something isn't working
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
Comments
code423n4
added
bug
[QA-1] Wrong argument for error SenderNotCNote()Valid NC [QA-2] _accountant address is allowed to do reentrancyValid Low. Agree that no caller should be allow to reEnter Neat unique report, 1L 1NC |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
QA
[QA-1] Wrong argument for error
SenderNotCNote()https://github.com/Plex-Engineer/lending-market-v2/blob/ea5840de72eab58bec837bb51986ac73712fcfde/contracts/Accountant/AccountantDelegate.sol#L51
https://github.com/Plex-Engineer/lending-market-v2/blob/ea5840de72eab58bec837bb51986ac73712fcfde/contracts/Accountant/AccountantDelegate.sol#L65
Sender address was expected to be inputed as the argument. But in the current implementation, the note address is inputed as the argument
RECOMMENDED MITIGATION STEP
Change address(note) to msg.sender
[QA-2]
_accountantaddress is allowed to do reentrancyhttps://github.com/Plex-Engineer/lending-market-v2/blob/ea5840de72eab58bec837bb51986ac73712fcfde/contracts/CNote.sol#L156-L157
Removing the check that msg.sender !=
_accountantcan save gas (by reducing action in code), beside it also can prevent any security issue by including_accountantto the validation stepThe text was updated successfully, but these errors were encountered: