QA Report #187
Labels
bug
Something isn't working
duplicate
This issue or pull request already exists
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
2022-06-nibbl
1 missing validations for the length of arrays.
The following parameters are array and the length of them must be checked before executing a function if the length is the same or not.
https://github.com/code-423n4/2022-06-nibbl/blob/main/contracts/Basket.sol#L41
https://github.com/code-423n4/2022-06-nibbl/blob/main/contracts/Basket.sol#L68
https://github.com/code-423n4/2022-06-nibbl/blob/main/contracts/NibblVault.sol#L504
https://github.com/code-423n4/2022-06-nibbl/blob/main/contracts/NibblVault.sol#L545
require(a.length == b.length, “error message”);
2 use safeTransfer instead of transfer or check the return value of the transfer
transfer is used to send ERC20 tokens. The return value must be checked if the transfer is successful or not. Otherwise, safeTrasfer must be used as an alternative.
https://github.com/code-423n4/2022-06-nibbl/blob/main/contracts/NibblVault.sol#L517
https://github.com/code-423n4/2022-06-nibbl/blob/main/contracts/NibblVault.sol#L526
https://github.com/code-423n4/2022-06-nibbl/blob/main/contracts/Basket.sol#L87
https://github.com/code-423n4/2022-06-nibbl/blob/main/contracts/Basket.sol#L94
Consider using safeTransfer or check the return value of the transfer.
3 use receivingAddress.call{value: amount}(""); instead of transfer
https://github.com/code-423n4/2022-06-nibbl/blob/main/contracts/Basket.sol#L80
(bool success, )= receivingAddress.call{value:amount}("");
require(success, “Error message”);
4 missing event for updateCurator.
Curator is a state variable. Event could be emitted in updateCurator with the arguments previousCurator and newCurator.
https://github.com/code-423n4/2022-06-nibbl/blob/main/contracts/NibblVault.sol#L485-L488
Event CuratorUpdated(address oldCurator, address newCurator);
address oldCurator = curator;
curator = _newCurator;
emit CuratorUpdated(oldCurator, _newCurator);
The text was updated successfully, but these errors were encountered: