Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

QA Report #268

Open
code423n4 opened this issue Dec 15, 2022 · 4 comments
Open

QA Report #268

code423n4 opened this issue Dec 15, 2022 · 4 comments
Labels
bug Something isn't working grade-a Q-03 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")

Comments

@code423n4
Copy link
Contributor

See the markdown file with the details of this report here.
@code423n4 code423n4 added bug Something isn't working QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax labels Dec 15, 2022
code423n4 added a commit that referenced this issue Dec 15, 2022
@code423n4
0xSmartContract issue #268
a178de9
code423n4 added a commit that referenced this issue Dec 15, 2022
@code423n4
0xSmartContract data for issue #268
1ec5b0c
@GalloDaSballo
Copy link

GalloDaSballo commented Dec 27, 2022
edited

[L-01] claim and deposit allows re-entrancy from hookable tokens 2
L

[L-02] Front running attacks by the owner 1
DUP 377

[L-03] No check if OnERC721Received is implemented 1
L

[L-04] Draft Openzeppelin Dependencies 1
NC

[L-05] There is a risk that the setFees variable is accidentally initialized to 0 and platform loses money 1
L

[L-06] Use safeTransferOwnership instead of transferOwnership function 6
NC

[L-07] Owner can renounce Ownership 6
Disputed, I believe this is a good thing

[L-08] Missing Event for critical parameters init and change 4
NC

[L-09] A single point of failure 6
377

[L-10] Loss of precision due to rounding
L

[N-01] Insufficient coverage 1
R

[N-02] Critical Address Changes Should Use Two-step Procedure 13
NC

[N-03] Initial value check is missing in Set Functions 16
L

[N-04] Use a single file for all system-wide constants 8
R
[N-05] NatSpec comments should be increased in contracts All Conracts
NC

[N-06] Function writing that does not comply with the Solidity Style Guide All Contracts
NC

[N-07] Add a timelock to critical functions 2
Disputed, we do not accept statements that are not falsifiable

[N-08] Use a more recent version of Solidity All Contracts
NC

[N-09] Solidity compiler optimizations can be problematic
Disputed, must show proof and we'll raise to a higher severity

[N-10] For modern and more readable code; update import usages 57
NC

[N-11] Include return parameters in NatSpec comments All Contracts
NC

[N-12] Long lines are not suitable for the ‘Solidity Style Guide’ 14
NC

[N-13] Avoid shadowing inherited state variables 1
Disputed for Owner, it's a function not a variable

[N-14] Constant values such as a call to DAY should used to immutable rather than constant 37
R

[N-15] Need Fuzzing test 35
R

[N-16] Remove : import 'hardhat/console.sol'; 1
NC

[N-17] Compliance with Solidity Style rules in Constant expressions 2
R

[N-18] Use uint256 instead uint 309
Nc

[N-19] Lock pragmas to specific compiler version 16
NC

[N-20] Use underscores for number literals 9
R

[N-21] Use of bytes.concat() instead of abi.encodePacked() 1
NC

[N-22] Revert messages are too short or not
NC

@c4-sponsor c4-sponsor added the sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity") label Jan 5, 2023
@c4-sponsor
Copy link

GainsGoblin marked the issue as sponsor confirmed

@c4-judge c4-judge mentioned this issue Jan 22, 2023
Closed
c4-judge added a commit that referenced this issue Jan 22, 2023
@c4-judge
Upgraded Q -> M from #268 [1674418407759]
5f7b22d
@GalloDaSballo
Copy link

5L 6R 15NC

@c4-judge
Copy link
Contributor

GalloDaSballo marked the issue as grade-a

@C4-Staff C4-Staff added the Q-03 label Jan 26, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working grade-a Q-03 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@GalloDaSballo @code423n4 @c4-judge @c4-sponsor @C4-Staff