GalloDaSballo
commented
2 years ago I think the finding is valid, but it's not a vulnerability, for that reason am going to mark it as non-critical
Open code423n4 opened 2 years ago
GalloDaSballo
commented
2 years ago I think the finding is valid, but it's not a vulnerability, for that reason am going to mark it as non-critical
Handle
sirhashalot
Vulnerability details
Impact
The Cvx3CrvOracle.sol contract has functions that take the baseAmount input parameter but fail to mention or describe this parameter in the function's natspec comments. Issues with comments are low risk based on Code4rena risk categories.
Proof of Concept
The functions missing the baseAmount input parameter in comments include:
Recommended Mitigation Steps
Make sure natspec comments include all function input parameters.