Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

QA Report #508

Open
code423n4 opened this issue Jan 3, 2023 · 3 comments
Open

QA Report #508

code423n4 opened this issue Jan 3, 2023 · 3 comments
Labels
bug Something isn't working grade-b Q-08 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax

Comments

@code423n4
Copy link
Contributor

See the markdown file with the details of this report here.
@code423n4 code423n4 added bug Something isn't working QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax labels Jan 3, 2023
code423n4 added a commit that referenced this issue Jan 3, 2023
@code423n4
ast3ros issue #508
dbb80ae
code423n4 added a commit that referenced this issue Jan 3, 2023
@code423n4
ast3ros data for issue #508
c2fa6c4
C4-Staff added a commit that referenced this issue Jan 6, 2023
@C4-Staff
original risk added for issue #508
a006b9f
@GalloDaSballo
Copy link

GalloDaSballo commented Jan 24, 2023
edited

[L-01] Initalize function can be called by anybody

Invalid

[L-02] Check upper of the delegationFee

L

[L-03] delegationFee is initialized but unused

R

[L-04] Input Address is not checked

L

[L-05] Duration does not have upper bound

Dup 493

[L-06] Inaccurate modifier name

L

[L-07] WhenNotPaused modifier does not apply to all external functions that can be called by any account.

L

[L-08] Cannot add additional Multisig when 10 Multisig addresses are registered

Dup 521

[L-09] Cannot set price of GGP in AVAX to 0

Invalid

[L-10] New address and existing address inputs can be the same in upgradeExistingContract

Dup 742

[L-11] In non-upgradeable contract, initialization should be in constructor instead of initialize function

Invalid, The sponsor may want the flexibility to start distribution after X time (for example for public scrutiny or bug bounty)

[NC-01] Constants should be defined rather than using magic numbers, comments should be added to explain.

R

[NC-02] Use address instead of contract type in parameters.

Invalid / off

[NC-03] Missing natspecs in many functions, or natspecs without parameter explaination

NC

[NC-04] Remove deadcode and dead comments

NC

[NC-05] Function order does not follow Solidity style guides

NC

[NC-06] Missing Events on State Changing Functions and critical functions:

NC

[NC-07] String is frequently used in code to identity storage slot.

R

[NC-08] Restrict the function call to only appropriate caller

Invalid

[NC-09] Typo in natspecs/comments

NC

[NC-10] Checks Effects Interactions pattern is not follow

L

[NC-11] Add getter functions for all added allowed tokens

R

[NC-12] Indentation in comments are not consistent and follow style guide

NC

[NC-13] Too similiar variables

Invalid

[NC-14] Correct naming for avoiding mistakes

NC

Am going to penalize due to too many incorrect reports, I recommend you focus on high quality high accuracy reports

This was referenced Feb 3, 2023
Closed
Closed
Closed
@GalloDaSballo
Copy link

5L 4R 7NC

@c4-judge
Copy link
Contributor

c4-judge commented Feb 3, 2023

GalloDaSballo marked the issue as grade-b

@C4-Staff C4-Staff added the Q-08 label Feb 9, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working grade-b Q-08 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@GalloDaSballo @code423n4 @c4-judge @C4-Staff