Open code423n4 opened 2 years ago
Ack #1, Dispute #2 because its a configuration consideration that can be manually verified post deploy
I believe the sponsor has a track record of disagreeing with superfluous checks
That said they acknowledged finding one which would cause a revert when trying to change the setting to the same value. Personally am ambivalent but because the sponsor acknowledges am happy to agree there.
As for point 2 I have to side with the sponsor unless the code was for a timelock, there are no ways of proving the code will be timelocked hence the finding is not useful.
See discussion: https://github.com/code-423n4/rulebook/issues/7
2/10
The logic applied to emit an event of the change of a variable, does not check that the change is to the same value as the current one, it should be omitted to launch a change event if the defined value is the same, otherwise, the dApps could have wrong logics
The
Auth
contract not forced to use aTimeLock
so if the admin loss the private keys or these keys are exposed, tokens could be lost. Or it's possible to deny the service becauseTurboBooster
can befrozen
and change the owner.