QA Report #231
Labels
bug
Warden finding
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
sponsor acknowledged
Technically the issue is correct, but we're not going to resolve it for XYZ reasons
User can have their
eth
andfraction
locked for some time insideMigration
contractTarget codebase
Migration.sol#L105-L136
Impact
If a user by mistake
join
using a_proposalId
that isn't created yet, and thevault
start newauction
while the auction still active. The user funds will be locked inside theMigration
contract until auction finishRecommended Mitigation Steps
To fix this issue is recommended to add a check if proposal is already running:
startTime = 0
block.timestamp > proposal.startTime + PROPOSAL_PERIOD
The user may lose all tokens by calling
redeem
in a vault without started auctionTarget codebase
Buyout.sol#L278-L303
Impact
After register a vault in
VaultRegistry
contract some user withtotal token supply
could callredeem
function inBuyout
contract without start an auction, losing all tokens.Proof of Concept
After a user create a vault in
VaultRegistry
is possible to call the functionredeem
inBuyout
contract without starting the auction:Recommended Mitigation Steps
To fix this issue is recommended to add another variable to
Auction
structure, to check if an auction was executed, like this code:Should check constructor variables before assign
Target codebase
Minter.sol#L18
Supply.sol#L17
BaseVault.sol#L25
Impact
Is possible to create the contracts without setting the corrects immutable variables.
Recommended Mitigation Steps
Should check for variables in constructor, example:
constructor( address _addr ) { + if(_addr == address(0)) revert INVALID_PARAM(); addr = _addr; }
The text was updated successfully, but these errors were encountered: