QA Report #144
Labels
bug
Something isn't working
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
Comments
code423n4
added
bug
|
One useful |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Zero address checks
Contract:
https://github.com/code-423n4/2022-07-yield/blob/main/contracts/Witch.sol#L176
Issue:
Check that auctioneer address is not 0. This mean the funds would be lost while paying the auctioneer cut once someone pay the debt
Recommendation:
Add below check in auction function
Add pause feature if under attack
Contract:
https://github.com/code-423n4/2022-07-yield/blob/main/contracts/Witch.sol
Issue:
If contract is under attack and Auctioned Vault interaction for buying collateral need to be stopped, then currently there is no way.
Recommendation:
Add a pause modifier which allows Admin to stop interaction with Auctioned Vault function like payBase in case of emergency
Ignore pair on ongoing auction has no impact
Contract:
https://github.com/code-423n4/2022-07-yield/blob/main/contracts/Witch.sol#L150
Issue:
If setIgnoredPair function is called to ignore a pair on which a auction is already live then it has no impact on live auction
Recommendation:
Display an error to Admin mentioning that pair is already running live auction in a vault. If still required then have a boolean param which can forcefully ignore this pair
The text was updated successfully, but these errors were encountered: