QA Report #311
Labels
bug
Something isn't working
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
[L-01] CALLING
mintReservedGobblers
FUNCTION WITHnumGobblersEach
INPUT BEING 0 FOR MANY TIMES CAN CAUSE EVENT LOG POISONINGAn attacker can call the following
mintReservedGobblers
function with thenumGobblersEach
input being 0 for many times to emit uselessReservedGobblersMinted
events. This causes event log poisoning in which the potential monitor systems that consume theReservedGobblersMinted
event can be confused and spammed. To prevent this issue, please consider requiring thatnumGobblersEach > 0
in this function before executing the current function body code.https://github.com/code-423n4/2022-09-artgobblers/blob/main/src/ArtGobblers.sol#L839-L858
[L-02] CALLING
mintCommunityPages
FUNCTION WITHnumPages
INPUT BEING 0 FOR MANY TIMES CAN CAUSE EVENT LOG POISONINGThe following
mintCommunityPages
function can be called with thenumPages
input being 0 for many times to emit uselessCommunityPagesMinted
events. By poisoning the event logs, the malicious user confuses and spams the potential monitor systems that consume theCommunityPagesMinted
event. To mitigate this risk, please consider requiring thatnumPages > 0
in this function before executing the code in the current function body.https://github.com/code-423n4/2022-09-artgobblers/blob/main/src/Pages.sol#L239-L257
[L-03] INCORRECT COMMENT FOR
unsafeDivUp
FUNCTIONThe comment for the following
unsafeDivUp
function states:Add 1 to x * y if x % y > 0
. Yet, the code is adding 1 to x / y if x % y > 0. Hence, this comment is incorrect. To avoid confusion, please update this comment toAdd 1 to x / y if x % y > 0
.https://github.com/transmissions11/solmate/blob/main/src/utils/FixedPointMathLib.sol#L246-L252
[L-04] MISSING ZERO-ADDRESS CHECKS FOR CRITICAL ADDRESSES
To prevent unintended behaviors, critical address inputs should be checked against
address(0)
.Please consider checking
_teamColdWallet
,_vrfCoordinator
, and_linkToken
in the followingconstructor
.https://github.com/code-423n4/2022-09-artgobblers/blob/main/script/deploy/DeployBase.s.sol#L37-L59
Please consider checking
_team
and_community
in the followingconstructor
.https://github.com/code-423n4/2022-09-artgobblers/blob/main/src/ArtGobblers.sol#L287-L328
Please consider checking
_artGobblers
and_pages
in the followingconstructor
.https://github.com/code-423n4/2022-09-artgobblers/blob/main/src/Goo.sol#L82-L85
Please consider checking
_community
in the followingconstructor
.https://github.com/code-423n4/2022-09-artgobblers/blob/main/src/Pages.sol#L156-L184
Please consider checking
_owner
in the followingconstructor
.https://github.com/code-423n4/2022-09-artgobblers/blob/main/src/utils/GobblerReserve.sol#L23-L25
Please consider checking
_vrfCoordinator
and_linkToken
in the followingconstructor
.https://github.com/code-423n4/2022-09-artgobblers/blob/main/src/utils/rand/ChainlinkV1RandProvider.sol#L48-L59
[N-01] CONSTANTS CAN BE USED INSTEAD OF MAGIC NUMBERS
To improve readability and maintainability, constants can be used instead of magic numbers. Please consider replacing the magic numbers used in the following code with constants.
[N-02] UNDERSCORES IN NUMBER LITERALS OR SCIENTIFIC NOTATIONS WITH EXPONENTS CAN BE USED
Underscores in number literals or scientific notations with exponents can be used for improving readability and maintainability. Please consider using underscores or scientific notations with exponents for
1000000000000000000
in the following code.[N-03] MISSING NATSPEC COMMENTS
NatSpec comments provide rich code documentation. NatSpec comments are missing for the following functions. Please consider adding them.
[N-04] INCOMPLETE NATSPEC COMMENTS
NatSpec comments provide rich code documentation. @param or @return comments are missing for the following functions. Please consider completing NatSpec comments for them.
[N-05] FLOATING PRAGMAS
It is a best practice to lock pragmas instead of using floating pragmas to ensure that contracts are tested and deployed with the intended compiler version. Accidentally deploying contracts with different compiler versions can lead to unexpected risks and undiscovered bugs. Please consider locking pragma for the following files.
The text was updated successfully, but these errors were encountered: