Open code423n4 opened 2 years ago
Formatting is non existant, however links were provided making the report actionable.
1) Disagree as it's part of interface
2) Same
3)Same
4) Arguable, dependent on sponsor reply, in this case they acknowledge so let's make this one valid
5) Informational level finding
2/ 10
2022-02-tribe-turbo
1 Delete unused variable.
It seems that pool is used only in constructor and this variable will not be called from other contracts.
Delete the following line if it is really used only in constructor
https://github.com/code-423n4/2022-02-tribe-turbo/blob/main/src/TurboSafe.sol#L35
add
Comptroller pool = master.pool(); into constructor.
2 Delete unused param in function.
The second uint256 is defined, but not used.
https://github.com/code-423n4/2022-02-tribe-turbo/blob/main/src/TurboSafe.sol#L138 https://github.com/code-423n4/2022-02-tribe-turbo/blob/main/src/TurboSafe.sol#L146
3 Delete unused variable.
It seems that fei is used only in constructor.
If so, you can delete the following line
https://github.com/code-423n4/2022-02-tribe-turbo/blob/main/src/modules/TurboSavior.sol#L31
and change next line
https://github.com/code-423n4/2022-02-tribe-turbo/blob/main/src/modules/TurboSavior.sol#L54
to Fei fei = Fei(address(master.fei()));
4 Use safeIncreaseAllowance instead of safeApprove.
Openzeppelin recommends that
https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/token/ERC20/utils/SafeERC20.sol#L50-L52
I think you can use in this case safeIncreaseAllowance.
https://github.com/code-423n4/2022-02-tribe-turbo/blob/main/src/TurboSafe.sol#L194
5 No description about the cause of revert.
https://github.com/code-423n4/2022-02-tribe-turbo/blob/main/src/modules/TurboSavior.sol#L106 https://github.com/code-423n4/2022-02-tribe-turbo/blob/main/src/modules/TurboGibber.sol#L81 https://github.com/code-423n4/2022-02-tribe-turbo/blob/main/src/modules/TurboGibber.sol#L100