Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

QA Report #99

Open
code423n4 opened this issue Oct 29, 2022 · 1 comment
Open

QA Report #99

code423n4 opened this issue Oct 29, 2022 · 1 comment
Labels
bug Something isn't working grade-a high quality report This report is of especially high quality Q-24 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax

Comments

@code423n4
Copy link
Contributor

code423n4 commented Oct 29, 2022
edited
Loading

Low risk:

[L-01] Missing endTimestamp > block.timestamp check leads to reverted transaction
[L-02] More inclusive check on newEndTimestamp < oldEndTimestamp
[L-03] Missing remainingDuration > 0 check

Non-critical:

[N-01] Natspec @notice and @dev duplicate a lot
[N-02] Natspec Typo

Low risk:

[L-01] Missing endTimestamp > block.timestamp check leads to reverted transaction

L237: uint256 boostDuration = endTimestamp - block.timestamp;   // @audit: revert if endTimestamp <= block.timestamp
L256: uint256 slope = amount / boostDuration;

Recommend adding check endTimestamp > block.timestamp

L234:
if(endTimestamp <= block.timestamp || endTimestamp > pledgeParams.endTimestamp || endTimestamp != _getRoundedTimestamp(endTimestamp)) revert Errors.InvalidEndTimestamp();

[L-02] More inclusive check on newEndTimestamp < oldEndTimestamp

newEndTimestamp = oldEndTimestamp is not valid

https://github.com/code-423n4/2022-10-paladin/blob/main/contracts/WardenPledge.sol#L383

Recommend more inclusive check:

newEndTimestamp <= oldEndTimestamp

[L-03] Missing remainingDuration > 0 check

Missing this check leads to totalRewardAmount = 0 and get reverted later

https://github.com/code-423n4/2022-10-paladin/blob/main/contracts/WardenPledge.sol#L430

L430: uint256 remainingDuration = pledgeParams.endTimestamp - block.timestamp;
L432: uint256 totalRewardAmount = (rewardPerVoteDiff * pledgeParams.votesDifference * remainingDuration) / UNIT;

Recommend adding the following check:

if(remainingDuration == 0) revert ... ;

Non-critical:

[N-01] Natspec @notice and @dev duplicate a lot

It's quite annoying reading a same line twice many times

Recommend deleting all duplicates

[N-02] Typo

Recommend correcting Natpec balacne -> balance, feeamount -> feeAmount, ot -> to, reards -> rewards
@code423n4 code423n4 added bug Something isn't working QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax labels Oct 29, 2022
code423n4 added a commit that referenced this issue Oct 29, 2022
@code423n4
cylzxje issue #99
7bacde0
code423n4 added a commit that referenced this issue Oct 29, 2022
@code423n4
cylzxje data for issue #99
7708d3f
@Kogaroshi Kogaroshi added the high quality report This report is of especially high quality label Oct 31, 2022
@c4-judge
Copy link
Contributor

kirk-baird marked the issue as grade-a

@C4-Staff C4-Staff added the Q-24 label Dec 6, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working grade-a high quality report This report is of especially high quality Q-24 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@Kogaroshi @code423n4 @c4-judge @C4-Staff