Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

QA Report #70

Open
c4-bot-10 opened this issue Apr 16, 2024 · 4 comments
Open

QA Report #70

c4-bot-10 opened this issue Apr 16, 2024 · 4 comments
Labels
bug Something isn't working grade-a Q-03 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax selected for report This submission will be included/highlighted in the audit report

Comments

@c4-bot-10
Copy link
Contributor

See the markdown file with the details of this report here.
@c4-bot-10 c4-bot-10 added bug Something isn't working QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax labels Apr 16, 2024
c4-bot-9 added a commit that referenced this issue Apr 16, 2024
@c4-bot-9
minhquanym issue #70
1778da4
c4-bot-7 added a commit that referenced this issue Apr 16, 2024
@c4-bot-7
minhquanym data for issue #70
ca0f272
@c4-judge c4-judge added the selected for report This submission will be included/highlighted in the audit report label Apr 18, 2024
@c4-judge
Copy link
Contributor

0xA5DF marked the issue as selected for report

@0xA5DF
Copy link

0xA5DF commented Apr 18, 2024

(Current grade is only for sponsor review, I'd do a more thorough grading later)

@0xA5DF 0xA5DF mentioned this issue Apr 21, 2024
Closed
@0xA5DF
Copy link

0xA5DF commented Apr 21, 2024
edited
Loading

+L from #68
+L from #62
+L from #61
+L from #57
+L from #56
+L from #55

7+6=13L
5R
1NC

Risk Title Verdict
L-1 No need to approve __aavePool to spend __aToken R
L-2 Open TODOs R
L-3 Function burnAndWithdraw() does not withdraw old ERC721s L
L-4 Function in BytesLib could revert with no error message R
L-5 setProtocolFee() can be called multiple times to spam event emission R
L-6 Repayment and liquidation could be blocked if token has a callhook to receiver L
L-7 Wrong event emission in finalUpdateMultiSourceLoanAddress() L
L-8 addCallers() does not check _callers.length == pendingCallers.length L
L-9 Race condition when block.timestamp == expirationTime H
L-10 Partial refinance offer could be used in refinanceFull() L
L-11 Owner can set _multiSourceLoan to address(0) directly without updateMultiSourceLoanAddressFirst() L
L-12 Slippage of stETH swap could make validateOffer() revert L
N-1 Modifier onlyReadyForWithdrawal is repeatedly execute when users withdraw multiple tokens R
N-2 Should use defined variable in function _checkValidators() NC

This was referenced Apr 21, 2024
Closed
Closed
Closed
Closed
@c4-judge c4-judge mentioned this issue Apr 21, 2024
Closed
@c4-judge
Copy link
Contributor

0xA5DF marked the issue as grade-a

@C4-Staff C4-Staff added the Q-03 label Apr 25, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working grade-a Q-03 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax selected for report This submission will be included/highlighted in the audit report
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@0xA5DF @c4-judge @C4-Staff @c4-bot-10