Joeysantoro
commented
2 years ago Ack #1, Dispute #2 because its a configuration consideration that can be manually verified post deploy
Open code423n4 opened 2 years ago
Joeysantoro
commented
2 years ago Ack #1, Dispute #2 because its a configuration consideration that can be manually verified post deploy
GalloDaSballo
commented
2 years ago I believe the sponsor has a track record of disagreeing with superfluous checks
That said they acknowledged finding one which would cause a revert when trying to change the setting to the same value. Personally am ambivalent but because the sponsor acknowledges am happy to agree there.
As for point 2 I have to side with the sponsor unless the code was for a timelock, there are no ways of proving the code will be timelocked hence the finding is not useful.
See discussion: https://github.com/code-423n4/rulebook/issues/7
GalloDaSballo
commented
2 years ago 2/10
The logic applied to emit an event of the change of a variable, does not check that the change is to the same value as the current one, it should be omitted to launch a change event if the defined value is the same, otherwise, the dApps could have wrong logics
The
Authcontract not forced to use aTimeLockso if the admin loss the private keys or these keys are exposed, tokens could be lost. Or it's possible to deny the service becauseTurboBoostercan befrozenand change the owner.