code-423n4 / 2022-02-tribe-turbo-findings

1 stars 0 forks source link

QA Report #65

Open code423n4 opened 2 years ago

code423n4 commented 2 years ago

QA Report

Table of Contents:

Foreword

The code is annotated at multiple places with //@audit comments to pinpoint the issues. Please, pay attention to them for more details.

Summary

File: TurboMaster.sol

event TokenSweeped()

Missing @param token

308:     /// @notice Emitted a token is sweeped from the Master.
309:     /// @param user The user who sweeped the token from the Master.
310:     /// @param to The recipient of the sweeped tokens. //@audit missing @param token 
311:     /// @param amount The amount of the token that was sweeped.
312:     event TokenSweeped(address indexed user, address indexed to, ERC20 indexed token, uint256 amount);

File: TurboSafe.sol

event TokenSweeped()

Missing @param token

296:     /// @notice Emitted a token is sweeped from the Safe.
297:     /// @param user The user who sweeped the token from the Safe.
298:     /// @param to The recipient of the sweeped tokens. //@audit missing @param token
299:     /// @param amount The amount of the token that was sweeped.
300:     event TokenSweeped(address indexed user, address indexed to, ERC20 indexed token, uint256 amount);

File: TurboBooster.sol

event BoostCapUpdatedForVault()

Missing @param user

51:     /// @notice Emitted when a Vault's boost cap is updated.
52:     /// @param vault The Vault who's boost cap was updated.
53:     /// @param newBoostCap The new boost cap for the Vault.  //@audit missing @param user
54:     event BoostCapUpdatedForVault(address indexed user, ERC4626 indexed vault, uint256 newBoostCap);

There don't seem to be a sensible reason to not mention @param user. It was previously mentioned, and a similar event does in fact mention it too:

File: TurboSavior.sol
89:     /// @notice Emitted a save is executed.
90:     /// @param user The user who executed the save. //@audit-ok user
91:     /// @param safe The Safe that was saved.
92:     /// @param vault The Vault that was lessed.
93:     /// @param feiAmount The amount of Fei that was lessed.
94:     event SafeSaved(address indexed user, TurboSafe indexed safe, ERC4626 indexed vault, uint256 feiAmount);

The missing comment should therefore be added

event BoostCapUpdatedForCollateral()

Missing @param user

73:     /// @notice Emitted when a collateral type's boost cap is updated.
74:     /// @param collateral The collateral type who's boost cap was updated.//@audit missing @param user
75:     /// @param newBoostCap The new boost cap for the collateral type.
76:     event BoostCapUpdatedForCollateral(address indexed user, ERC20 indexed collateral, uint256 newBoostCap);

File: TurboClerk.sol

event DefaultFeePercentageUpdated()

Missing @param user

30:     /// @notice Emitted when the default fee percentage is updated.
31:     /// @param newDefaultFeePercentage The new default fee percentage. //@audit missing @param user
32:     event DefaultFeePercentageUpdated(address indexed user, uint256 newDefaultFeePercentage);

event CustomFeePercentageUpdatedForCollateral()

Missing @param user

58:     /// @notice Emitted when a collateral's custom fee percentage is updated.
59:     /// @param collateral The collateral who's custom fee percentage was updated. //@audit missing @param user
60:     /// @param newFeePercentage The new custom fee percentage.
61:     event CustomFeePercentageUpdatedForCollateral(
62:         address indexed user,
63:         ERC20 indexed collateral,
64:         uint256 newFeePercentage
65:     );

event CustomFeePercentageUpdatedForSafe()

Missing @param user

80:     /// @notice Emitted when a Safe's custom fee percentage is updated.
81:     /// @param safe The Safe who's custom fee percentage was updated.//@audit missing @param user
82:     /// @param newFeePercentage The new custom fee percentage.
83:     event CustomFeePercentageUpdatedForSafe(address indexed user, TurboSafe indexed safe, uint256 newFeePercentage);

File: TurboSavior.sol

event MinDebtPercentageForSavingUpdated()

Missing @param user

File: TurboSavior.sol
69:     /// @notice Emitted when the minimum debt percentage for saving is updated.
70:     /// @param newDefaultFeePercentage The new minimum debt percentage for saving. //@audit missing @param user
71:     event MinDebtPercentageForSavingUpdated(address indexed user, uint256 newDefaultFeePercentage);
GalloDaSballo commented 2 years ago

The report shows some informational level findings about documentation.

GalloDaSballo commented 2 years ago

2/10 (extra point for formatting)

GalloDaSballo commented 2 years ago

Bumping to 3/10 formatting is excellent