Closed code423n4 closed 3 years ago
pauliax
Open TODOs in Codebase
There are TODOs left in the code. While this does not cause any direct issue, it indicates a bad smell and uncertainty, especially seeing such todo messages:
// TODO: Uncomment prior to launch // TBD
In previous reports, similar submissions were assigned a score of 'low' so I think it's a fair game to submit this as an issue here also. Reference: https://github.com/code-423n4/2021-09-swivel-findings/issues/67 and https://github.com/code-423n4/2021-10-tempus-findings/issues/39
TODOs: https://github.com/code-423n4/2021-11-vader/blob/main/contracts/tokens/USDV.sol#L38 https://github.com/code-423n4/2021-11-vader/blob/main/contracts/dex-v2/pool/VaderPoolV2.sol#L157 https://github.com/code-423n4/2021-11-vader/blob/main/contracts/dex-v2/pool/VaderPoolV2.sol#L209 https://github.com/code-423n4/2021-11-vader/blob/main/contracts/dex-v2/pool/VaderPoolV2.sol#L265 https://github.com/code-423n4/2021-11-vader/blob/main/contracts/dex-v2/pool/VaderPoolV2.sol#L400 https://github.com/code-423n4/2021-11-vader/blob/main/contracts/dex/pool/BasePool.sol#L163 https://github.com/code-423n4/2021-11-vader/blob/main/contracts/dex/pool/VaderPool.sol#L85 https://github.com/code-423n4/2021-11-vader/blob/main/contracts/dex/pool/VaderPool.sol#L93 https://github.com/code-423n4/2021-11-vader/blob/main/contracts/dex/router/VaderRouter.sol#L303 https://github.com/code-423n4/2021-11-vader/blob/main/contracts/dex/utils/GasThrottle.sol#L11 https://github.com/code-423n4/2021-11-vader/blob/main/contracts/dex/math/VaderMath.sol#L80 https://github.com/code-423n4/2021-11-vader/blob/main/contracts/twap/TwapOracle.sol#L125 https://github.com/code-423n4/2021-11-vader/blob/main/repo/vader-bond/contracts/VaderBond.sol#L299 https://github.com/code-423n4/2021-11-vader/blob/main/repo/vader-bond/contracts/VaderBond.sol#L336
Consider fixing TODOs or removing them to ease the work of reviewers.
Duplicate of #102
SamSteinGG
commented
3 years ago
Handle
pauliax
Vulnerability details
Impact
Open TODOs in Codebase
There are TODOs left in the code. While this does not cause any direct issue, it indicates a bad smell and uncertainty, especially seeing such todo messages:
In previous reports, similar submissions were assigned a score of 'low' so I think it's a fair game to submit this as an issue here also. Reference: https://github.com/code-423n4/2021-09-swivel-findings/issues/67 and https://github.com/code-423n4/2021-10-tempus-findings/issues/39
TODOs: https://github.com/code-423n4/2021-11-vader/blob/main/contracts/tokens/USDV.sol#L38 https://github.com/code-423n4/2021-11-vader/blob/main/contracts/dex-v2/pool/VaderPoolV2.sol#L157 https://github.com/code-423n4/2021-11-vader/blob/main/contracts/dex-v2/pool/VaderPoolV2.sol#L209 https://github.com/code-423n4/2021-11-vader/blob/main/contracts/dex-v2/pool/VaderPoolV2.sol#L265 https://github.com/code-423n4/2021-11-vader/blob/main/contracts/dex-v2/pool/VaderPoolV2.sol#L400 https://github.com/code-423n4/2021-11-vader/blob/main/contracts/dex/pool/BasePool.sol#L163 https://github.com/code-423n4/2021-11-vader/blob/main/contracts/dex/pool/VaderPool.sol#L85 https://github.com/code-423n4/2021-11-vader/blob/main/contracts/dex/pool/VaderPool.sol#L93 https://github.com/code-423n4/2021-11-vader/blob/main/contracts/dex/router/VaderRouter.sol#L303 https://github.com/code-423n4/2021-11-vader/blob/main/contracts/dex/utils/GasThrottle.sol#L11 https://github.com/code-423n4/2021-11-vader/blob/main/contracts/dex/math/VaderMath.sol#L80 https://github.com/code-423n4/2021-11-vader/blob/main/contracts/twap/TwapOracle.sol#L125 https://github.com/code-423n4/2021-11-vader/blob/main/repo/vader-bond/contracts/VaderBond.sol#L299 https://github.com/code-423n4/2021-11-vader/blob/main/repo/vader-bond/contracts/VaderBond.sol#L336
Recommended Mitigation Steps
Consider fixing TODOs or removing them to ease the work of reviewers.