Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

QA Report #237

Open
c4-bot-1 opened this issue Mar 11, 2024 · 15 comments
Open

QA Report #237

c4-bot-1 opened this issue Mar 11, 2024 · 15 comments
Labels
bug Something isn't working grade-a high quality report This report is of especially high quality Q-04 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")

Comments

@c4-bot-1
Copy link
Contributor

See the markdown file with the details of this report here.
@c4-bot-1 c4-bot-1 added bug Something isn't working QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax labels Mar 11, 2024
c4-bot-1 added a commit that referenced this issue Mar 11, 2024
@c4-bot-1
slvDev data for issue #237
b6eb0ee
c4-bot-1 added a commit that referenced this issue Mar 11, 2024
@c4-bot-1
slvDev issue #237
6e5bbeb
@raymondfam
Copy link

Generic findings well elaborated: 26 L and 58 NC

@c4-pre-sort
Copy link

raymondfam marked the issue as high quality report

@c4-pre-sort c4-pre-sort added the high quality report This report is of especially high quality label Mar 13, 2024
@c4-sponsor
Copy link

trmid (sponsor) confirmed

@c4-sponsor c4-sponsor added the sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity") label Mar 14, 2024
@trmid
Copy link

trmid commented Mar 15, 2024

[L-12] mitigation: GenerationSoftware/pt-v5-vault#86

@trmid
Copy link

trmid commented Mar 15, 2024

[L-11] mitigation: GenerationSoftware/pt-v5-vault#87

@c4-judge
Copy link
Contributor

hansfriese marked the issue as grade-a

@c4-judge c4-judge added grade-a selected for report This submission will be included/highlighted in the audit report labels Mar 18, 2024
@c4-judge
Copy link
Contributor

hansfriese marked the issue as selected for report

@c4-judge
Copy link
Contributor

hansfriese marked the issue as not selected for report

@c4-judge c4-judge removed the selected for report This submission will be included/highlighted in the audit report label Mar 18, 2024
@hansfriese
Copy link

Invalid
[L-05] Code does not follow the best practice of check-effects-interaction

Known findings
[L-01] Centralization risk for privileged functions
The owner is a single point of failure and a centralization risk

[L-02] Subtraction in unchecked block is unsafe
unchecked blocks with subtractions may underflow

[L-04] Some tokens may revert on large transfers
ERC-20: Large transfers may revert

[L-06] Use abi.encodeCall() instead of abi.encodeWithSignature()/abi.encodeWithSelector()
Use abi.encodeCall() instead of abi.encodeWithSignature()/abi.encodeWithSelector()

[L-07] Upgradable contracts not taken into account
Consider making contracts Upgradeable

[L-10] Unchecked Return Values of the approve() Function
Return values of approve() not checked

[L-12] Unsafe use of transfer()/transferFrom() with IERC20
[L-13] Unchecked Return Values of transfer()/transferFrom()
ERC20: unsafe use of transfer()/transferFrom()

[L-15] Missing checks for address(0x0) when updating address state variables
Missing checks for address(0x0) when updating address state variables

[L-16] Lack of Parameter Validation in Constructor/Initializer]
Missing checks for address(0x0) in the constructor/initializer

...

Most findings are dupes of the known ones. I recommend filtering them when you submit with your bot results.

@c4-judge
Copy link
Contributor

hansfriese marked the issue as grade-b

@c4-judge
Copy link
Contributor

hansfriese marked the issue as grade-a

@trmid
Copy link

trmid commented Mar 18, 2024

[N-37] mitigation: GenerationSoftware/pt-v5-vault#89

@trmid
Copy link

trmid commented Mar 18, 2024

[N-22] mitigation: GenerationSoftware/pt-v5-vault#90

@trmid
Copy link

trmid commented Mar 18, 2024

[N-20] mitigation: GenerationSoftware/pt-v5-vault#91

@trmid
Copy link

trmid commented Mar 18, 2024

[N-15] mitigation: GenerationSoftware/pt-v5-vault#92

@C4-Staff C4-Staff added the Q-04 label Mar 21, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working grade-a high quality report This report is of especially high quality Q-04 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
8 participants
@trmid @hansfriese @raymondfam @c4-judge @c4-sponsor @c4-pre-sort @C4-Staff @c4-bot-1