search

code-423n4 / 2022-03-rolla-findings

1 stars 1 forks source link

QA Report #22

Open code423n4 opened 2 years ago

code423n4 commented 2 years ago

addAssetOracle lack oracle validation

Recommended to add a check to make sure the oracle return 8 decimals https://github.com/code-423n4/2022-03-rolla/blob/a06418c9cc847395f3699bdf684a9ac066651ed7/quant-protocol/contracts/pricing/oracle/ProviderOracleManager.sol#L25

Extra lines

https://github.com/code-423n4/2022-03-rolla/blob/a06418c9cc847395f3699bdf684a9ac066651ed7/quant-protocol/contracts/timelock/ConfigTimelockController.sol#L26

Lack event on critical parameters change

isSettled must already be true

isSettled must already be true https://github.com/code-423n4/2022-03-rolla/blob/a06418c9cc847395f3699bdf684a9ac066651ed7/quant-protocol/contracts/QuantCalculator.sol#L249

Should revert if newDelay < minDelay

Should revert if newDelay < minDelay instead of silently set to minDelay https://github.com/code-423n4/2022-03-rolla/blob/a06418c9cc847395f3699bdf684a9ac066651ed7/quant-protocol/contracts/timelock/ConfigTimelockController.sol#L39

Variables can be mark immutable

https://github.com/code-423n4/2022-03-rolla/blob/a06418c9cc847395f3699bdf684a9ac066651ed7/quant-protocol/contracts/options/QToken.sol#L21

    /// @inheritdoc IQToken
    IQuantConfig public override quantConfig;

    /// @inheritdoc IQToken
    address public override underlyingAsset;

    /// @inheritdoc IQToken
    address public override strikeAsset;

    /// @inheritdoc IQToken
    address public override oracle;

    /// @inheritdoc IQToken
    uint256 public override strikePrice;

    /// @inheritdoc IQToken
    uint256 public override expiryTime;

    /// @inheritdoc IQToken
    bool public override isCall;
alcueca commented 2 years ago

Score: 47