QA Report #242
Labels
bug
Something isn't working
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
#1 Manager and ve must be immutable
https://github.com/code-423n4/2022-08-fiatdao/blob/fece3bdb79ccacb501099c24b60312cd0b2e4bb2/contracts/features/Blocklist.sol#L11-L12
the state manager and ve can't be initialize by constructor. the constructor parameter mention state manager and ve to initialize. so i suggest to add immutable on manager and ve.
#2 Token, owner and penaltyRecipient must be immutable
https://github.com/code-423n4/2022-08-fiatdao/blob/fece3bdb79ccacb501099c24b60312cd0b2e4bb2/contracts/VotingEscrow.sol#L49-L50
https://github.com/code-423n4/2022-08-fiatdao/blob/fece3bdb79ccacb501099c24b60312cd0b2e4bb2/contracts/VotingEscrow.sol#L45
the state Token, owner and penaltyRecipient can't be initialize by constructor. the constructor parameter mention state Token, owner and penaltyRecipient to initialize. so i suggest to add immutable on Token, owner and penaltyRecipient.
#3 Missing natspec comment
https://github.com/code-423n4/2022-08-fiatdao/blob/fece3bdb79ccacb501099c24b60312cd0b2e4bb2/contracts/features/Blocklist.sol#L37
isContract() was missing natspec comment. add natspec comment to isContract() to give knowledge to the user about the function and params
#4 Missing indexed field
https://github.com/code-423n4/2022-08-fiatdao/blob/fece3bdb79ccacb501099c24b60312cd0b2e4bb2/contracts/VotingEscrow.sol#L39-L41
Each event should use indexed fields to reach clarity. add indexed in owner, blocklist, and recipient.
#5 Missing check for address
https://github.com/code-423n4/2022-08-fiatdao/blob/fece3bdb79ccacb501099c24b60312cd0b2e4bb2/contracts/VotingEscrow.sol#L100
constructor have three params address, so to avoid vulnerability we suggest to add simple check for the params
Add simple check e.g
The text was updated successfully, but these errors were encountered: