QA Report #238
Labels
bug
Something isn't working
edited-by-warden
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
valid
Comments
code423n4
added
bug
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
HomeFi the setAddr function Admin will not be able to reset the variables to new addresses should something happen and the address needs to be updated.
Recommendation:
Allow admin to set the addresses under certain circumstances. Perhaps through a DAO vote.
HomeFi setTrustedForwarder function doesn’t prevent the address from being set to address(0).
Recommendation:
Use the nonZero modifier when setting addresses
Project initialize function doesn’t prevent addresses from being set to address(0).
Recommendation:
Check addresses to make sure they aren’t the zero address.
checkSignatureValidity:
Anyone can use other callers approvedHashes.
For example, the Community contracts’ escrow function. An operator waits until the builder and lender both call approveHash. If they do not use it immediately an operator could use it for them in a grief attack.
Recommendation:
Remove the approvedHashes mapping and rely solely on the _recoveredSignature.
The text was updated successfully, but these errors were encountered: