Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Areas that require further investigation #62

Open
montyly opened this issue May 24, 2021 · 0 comments
Open

Areas that require further investigation #62

montyly opened this issue May 24, 2021 · 0 comments
Labels
👓 security-audit Security audit notes and findings

Comments

@montyly
Copy link

montyly commented May 24, 2021

  • Limit the access to non-standard ERC20. Use the token integration checklist to evaluate collateral that should be allowed. For example, the system will not work as expected with tokens that take a fee on transfer
  • Use Echidna to evaluate the impact of rounding. Several operations have a loss of precision due to the arithmetic rounding. As a result a user might receive less than expected, and this area should be investigated further
  • Consider adding limits on how much assets can be withdrawn by AssetPool.claim. If the owner of the AssetPool is compromised, he can drain everything. A time-based limit of withdrawal might reduce the risks (note that the coverage pool was out of scope of my review)
@montyly montyly added the 👓 security-audit Security audit notes and findings label May 24, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
👓 security-audit Security audit notes and findings
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@montyly