search

code-423n4 / 2022-02-skale-findings

0 stars 0 forks source link

QA Report #51

Open code423n4 opened 2 years ago

code423n4 commented 2 years ago
  1. https://github.com/skalenetwork/ima-c4-audit/blob/main/contracts/MessageProxy.sol

getContractRegisteredRange function: Add a check to see if destination chain is initialized

 require(connectedChains[targetChainHash].inited, "Destination chain is not initialized");
  1. https://github.com/skalenetwork/ima-c4-audit/blob/main/contracts/extensions/interfaces/MessageProxyClient.sol

constructor: zero address check for newMessageProxyAddress at MessageProxyClient.sol#L34 add require(newMessageProxyAddress!=address(0),"Invalid address");

  1. https://github.com/skalenetwork/ima-c4-audit/blob/main/contracts/extensions/ERC721ReferenceMintAndMetadataMainnet.sol

postMessage function : use safetransferFrom instead of transferFrom at ERC721ReferenceMintAndMetadataMainnet.sol#L84

  1. https://github.com/skalenetwork/ima-c4-audit/blob/main/contracts/MessageProxy.sol registerExtraContractForAll function : Add 0 address check which is missing on extraContract
DimaStebaev commented 2 years ago

Agreed.

GalloDaSballo commented 2 years ago

getContractRegisteredRange function: Add a check to see if destination chain is initialized

Valid finding

constructor: zero address check for newMessageProxyAddress at MessageProxyClient.sol#L34 add require(newMessageProxyAddress!=address(0),"Invalid address");

Valid as well

postMessage function : use safetransferFrom instead of transferFrom at ERC721ReferenceMintAndMetadataMainnet.sol#L84

Agree with using checked functions even if it's a demo contract

registerExtraContractForAll function : Add 0 address check which is missing on extraContract

Valid as well