Open code423n4 opened 2 years ago
Re Solidity version pragma: We internally decided to tackle the solc pragma issue after the audit resolves.
Fixed in lifinance/lifi-contracts@221fe883f705635feebb2af64a028f30d05afbf8
Fixed in lifinance/lifi-contracts@77afb9a8839efbee2a9b8367fa81fecfec7ce647
Fixed in lifinance/lifi-contracts@87a27cee2fbde337c4ab873971f37573d2240994
Duplicate of #71
Duplicate of #143
Lows and Non-criticals
The
ITransactionManager
intraface's solidity version ispragma solidity 0.8.7;
, and the rest of the contracts arepragma solidity ^0.8.7;
- this should be consistent.Missing space in error message in the
initializeDiamondCut
function ofLibDiamond
library:Pragmas should be locked to a specific compiler version (instead of
^0.8.7
for example), to avoid contracts getting deployed using a different version, which may have a greater risk of undiscovered bugs.Unsafe transferOwnership - it will be more safe to use a pattern for transferring the ownership, for example making the new pending owner to accept the ownership. That will make sure that the new owner is an actual existing address and not a self-distructed address or a non-existing address.
Check that the array's lengths given to the
initHop
function as parameters are equal (can cause errors)The fallback function of the LiFiDiamond is re-enterable, so it will be a good thing to add a reentrency guard to it (one reentrency guard will lock all the functions of the facets).
In the
CBridgeFacet
contract you make sure thatmsg.value >= _cBridgeData.amount, "ERR_INVALID_AMOUNT"
, but in the other facets you make sure that they are equal. This difference might not be wanted, and you should pay attention to it.In the comment before the
_bridge
function it says that the function is public, but it is clearly declared as internal.