QA Report #112
Labels
bug
Something isn't working
duplicate
This issue or pull request already exists
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
wontfix
out of scope, a non-issue, or something already addressed
Low
Admin can accidentally be set to an invalid address, resulting in loss of control of the Swivel contract.
The current admin of the swivel contract can accidentally transfer ownership to an invalid adddress.
Recommended mitigation:
There is 1 instance of this issue:
https://github.com/code-423n4/2022-07-swivel/blob/main/Swivel/Swivel.sol#L427-L432
approveUnderlying
reverts prematurely after encountering the first unapproved underlying tokenThe function
approveUnderlying
reverts prematurely when thefor
-loop encounters the first unapproved underlying token when bulk-approving compound token. This makes theapproveUnderlying
function useless if there are any unapproved underlying tokens.Low severity as this function is for convenience, and the same operations can be performed using other contract functions.
Recommended mitigation:
if
statement to run lines 560-565 when the underlying token is approved, otherwise do nothing.There is 1 instance of this issue:
https://github.com/code-423n4/2022-07-swivel/blob/main/Swivel/Swivel.sol#L552-L566
Non-critical
Incorrect comments
There are 2 instances of this issue:
https://github.com/code-423n4/2022-07-swivel/blob/main/Swivel/Swivel.sol#L482-L483
https://github.com/code-423n4/2022-07-swivel/blob/main/Swivel/Swivel.sol#L531-L533
The text was updated successfully, but these errors were encountered: