Open code423n4 opened 2 years ago
Duplicate of #14
Duplicate of #174
Per discussion with judge ( @gzeoneth ), Low#3 -> Non Critical
Downgraded issues from this warden that were also considered with their QA Report:
Low#6: Function swapTokensGeneric incorrect as to spec. related to #67 submitted by the same warden and duplicate of #75
LOW
Low#1:
initNXTP
can be initialized multiple times.L33-37
The function
initNXTP
has init in its name, suggesting that it should only be called once to intiliaze thenxtpTxManager
. However, it can be called multiple times to overwrite the address.Recommend setting the address in a
constructor
or reverting if address is already set. Third option would be changing the name frominitNXTP
to something likesetNXTP
to better align function names with their functionality.Note: Same issue is present in
initHop
andinitCbridge
.Low#2: No zero value checks for both
_nxtpData.amount
andmsg.value
instartBridgeTokensViaNXTP
.L46-60
Lack of zero value check on both
_nxtpData.amount
andmsg.value
allow bridge to be wastefully started.Recommend implementing a
require
function such as(line 50):Low#3: No events when approving/blocking a DEX contract.
DexManagerFacet.sol
Implementing events here would increase transparency and trust.
Low#4: No zero address check for adding DEX contract in
addDex
,batchAddDex
,removeDex
andbatchRemoveDex
.addDex
Zero address check would prevent adding harmful DEX contracts by mistake. If zero address DEXs are whitelisted, users could burn their tokens on accident.
Low#5: Unchecked
transfer
inWithdrawFacet.sol
WithdrawFacet.sol
Boolean return value for
transfer
is not checked.I recommend implementing
call
instead:Low#6: Function
swapTokensGeneric
incorrect as to spec.swapTokensGeneric
The above statement in the code snippet is incorrect because
_lifiData
is used to calculate the amount to be transfered back to user after swap.I recommend either exchanging the use of
_lifiData
for_swapData
or changing the comments.NON-CRITICAL
Non-crit#1:
initNXTP
andinitHop
emit no event.NXTPFacet.sol: L33-37 HopFacet.sol: L40-52 Emitting an event with the initialization of
nxtpTxManager
andinitHop
can increase the protocols transparency and trust.CbridgeFacet.initCbridge
emits an event, so keeping it consistent is also good practice.Non-crit#2: Minor typo in comment in line 31. Conatains - Contains.
L31
Fix typo.
Non-crit#3: Implementation of
startBridgeTokensViaCBridge
has same functionality but deviates from conventions set instartBridgeTokensViaHop
andstartBridgeTokensViaNXT
L57-84 L61-72
By comparing
startBridgeTokensViaCBridge
tostartBridgeTokensViaHop
andstartBridgeTokensViaNXT
we can see that the first deviates from the other two, despite containing the same functionality. This hurts readbility. Please implementstartBridgeTokensViaCBridge
in the same manner the otherstartBridge
functions have been implemented. Differences can be seen below.startBridgeTokensViaCBridge
:startBridgeTokensViaHop
:Non-crit#4: Commented code in
DiamondLoupeFacet.sol
.DiamondLoupeFacet.sol
Please delete code snippet below as it serves no purpose.
Non-crit#5: Incosistent return type within
DiamondLoupeFacet.sol
contract.supportsInterface
The function
supportsInterface
uses an unamed return, while the rest of the contract uses named returns. Please keep it consistent within contracts and accross the project if possible to improve readibility.