Closed lekhovitsky closed 1 month ago
@lekhovitsky some of the reccomendations have been fixed by the PR but there are still some missing points. Would you mind providing, for each missing point an official acknowledgement statement?
1) TumblerV3.sol#L52: the pool_
address could be validated to be an authorized pool by using the _ensureRegisteredPool
function in ContractsRegisterTrait
2) GaugeV3.sol#L62: the pool_
address could be validated to be an authorized pool by using the _ensureRegisteredPool
function in ContractsRegisterTrait
3) PoolQuotaKeeperV3.sol#L83: the _pool
address could be validated to be an authorized pool by using the _ensureRegisteredPool
function in ContractsRegisterTrait.
4) PoolV3.sol#L132: consider reverting if underlyingToken
is not a deployed contract (underlyingToken.code.lenght == 0
) to prevent unexpected behavior when interacting with such token
5) PoolV3.sol#L124: A check whether the pool
is registered in contractsRegister_
could be added. The question is if first we deploy the pool
then register it or register first then deploy.
Fixes https://github.com/spearbit-audits/review-gearbox/issues/24 (partially)