Mitigation Confirmed for QA #23
Labels
Comments
|
GalloDaSballo marked the issue as satisfactory |
c4-judge
added
the
satisfactory
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Q&A Mitigation Review: Fully Alleviated
Issue #15: Re-Entrant Bond Purchase Flow
The code was adjusted per the issue's recommendation, ensuring it conforms to the Checks-Effects-Interactions (CEI) pattern and no longer permits the described attack to occur. The
_updateMinCouponandburncalls can be relocated outside theif-elseclause to optimize the codebase as an additional step.Issue #23: KUMAFeeCollector may emit wrong FeeReleased event
The
_releaseof tokens now occurs solely when there is a non-zero amount of_payeesin the contract, alleviating this exhibit. A test case was also included to validate the behaviour of a release with no payees.Q&A #7: Partially Alleviated
L-01: Remediated
This exhibit was remediated as part of the effort for M-02.
L-02: Not Remediated
This finding remains unaddressed as the
KUMASwap::setFeesfunction has not been updated as advised.L-03: Not Remediated
This finding remains unaddressed as the
KUMABondToken::issueBondfunction has not been updated as advised.L-04: Not Remediated
This finding remains unaddressed as the
KUMASwap::setDeprecationStableCoinfunction has not been updated as advised.L-05: Alleviated
A direct check of
previousEpochTimestampbackshifting was introduced at the sponsor's discretion as the original recommended course of action would cause accrual loss. As such, we consider this exhibit alleviated.Q&A #19: Partially Alleviated
KBC-01L: Not Remediated
This finding remains unaddressed as the
KBCToken::constructorhas not been updated as advised.KIB-01L: Not Remediated
This finding remains unaddressed as the
KIBToken::constructorhas not been updated as advised.KIB-02L: Alleviated
The
KIBToken::initializefunction was properly updated to sanitize its initialepochLengthas advised.KIB-03L: Not Remediated
The epoch inclusivity inconsistencies remain in the codebase.
KIB-04L: Alleviated
The
MAX_YIELDvariable was instead removed from the codebase, rendering this exhibit alleviated.KAP-01L: Not Remediated
This finding remains unaddressed as the
KUMAAddressProvider::constructorhas not been updated as advised.KFC-01L: Not Remediated
This finding remains unaddressed as the
KUMAFeeCollector::constructorhas not been updated as advised.KFC-02L: Alleviated
The
_releaseof tokens now occurs solely when there is a non-zero amount of_payeesin the contract, alleviating this exhibit. A test case was also included to validate the behaviour of a release with no payees.KFC-03L: Alleviated
This exhibit has been alleviated as part of the efforts for M-02.
KSP-01L: Not Remediated
This finding remains unaddressed as the
KUMASwap::setFeesfunction has not been updated as advised.KSP-02L: Not Remediated
This finding remains unaddressed as the
KUMASwap::_calculateFeesfunction has not been updated as advised.KSP-03L: Not Remediated
This finding remains unaddressed as the
KUMASwap::constructorhas not been updated as advised.KSP-04L: Not Remediated
This finding remains unaddressed as the
KUMASwap::constructorhas not been updated as advised.BTL-01L: Alleviated
This exhibit has been alleviated as part of the efforts for M-01.
MAR-01L: Not Remediated
This finding remains unaddressed as the
MCAGAggregator::setMaxAnswerfunction has not been updated as advised.WRM-01L: Not Remediated
The
WadRayMathcontract has not been updated per the exhibit's recommendation.The text was updated successfully, but these errors were encountered: