QA Report #303
Labels
bug
Something isn't working
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
Use self-explanatory variable name instead of abbreviations to increase readability
With variable names like
p
,u
,m
,a
, and so on it become really difficult to read the code for developers, auditors and users (those natspec comments will also be used by external tools/services like Etherscan).Recommendation: rename variable names to be self-explanatory
Mixed use of
require
andcustom error
The code seems to use a mix of
require
andcustom errors
to revert the transaction.Consider using only a pattern to be more consistent across the project.
Custom error are usually gas cheaper compared to require.
Missing event emission
Event emission are important to monitor contract activity with external tool/services.
Consider adding event emission to the following function:
Redeemer.sol
setAdmin
setMarketPlace
setLender
setLender
setSwivel
MarketPlace.sol
setPrincipal
setAdmin
setPool
sellPrincipalToken
buyPrincipalToken
sellUnderlying
buyUnderlying
mint
mintWithUnderlying
burn
burnForUnderlying
Lender.sol
approve
(both of them)setAdmin
setFee
setMarketPlace
setSwivel
withdrawFee
pause
Consider implementing the event emission for these functions
Lender
setFee
allow the admin to drain all the user's lent fundsfeenominator
is initialized in the contract'sconstructor
asfeenominator = 1000;
but the admin of the contract can update that value viasetFee
.The
setFee
function has no check on the max value that thefeenominator
state variable could be updated to.Consider adding a max value to the function.
Lender
setSwivel
natspec is wrongThe current natspec for the function say
/// @notice sets the feenominator to the given value
but the function is updating theswivelAddr
state variable and not thefeenominator
.Consider updating the natspec comment to correctly describe what the function does.
Lender
withdraw
should also reset thefees
variableWhen the
withdraw(token)
method is called, the function is transferring all the amount oftoken
from the Lender contract toadmin
.Before the
transfer
is called, thefees[token]
state variable should also be resetted iffees[token] > 0
The text was updated successfully, but these errors were encountered: