Unlocked pragma enabling different solc versions i.e 0.8.0 in some and 0.8.4 in others across contracts each with their own bugs and quirks. A more recent compiler version typically results in more gas-efficient compilation and greater safety checks. Solc versions lower than 0.8.9 are typically susceptible to compiler bugs like Keccak Caching, ABI decoder bug for multi-dimensional memory arrays, signed immutables, and user-defined value types bug.
Recommended Mitigation Steps
Lock the pragma and upgrade the compiler version to at least 0.8.10
Empty/Undefined logic
Description
In lines 47 and 61 of PCVDeposit.sol and CompoundPCVDepositBase.sol respectively, there are functions defined that lack any logic within (missing) curly braces.
In line 14 of Core.sol and line 191 of CoreRef.solthe comments mention that thevoltand_volt` state variables are addresses of the Fei contract as a remnant of the Fei protocol it was forked from. This could cause confusion to anyone reading through the comments.
Recommended Mitigation Steps
Rename the relevant sections in the comments appropriately.
Unlocked pragma and outdated solc version
Description
Unlocked pragma enabling different solc versions i.e 0.8.0 in some and 0.8.4 in others across contracts each with their own bugs and quirks. A more recent compiler version typically results in more gas-efficient compilation and greater safety checks. Solc versions lower than 0.8.9 are typically susceptible to compiler bugs like Keccak Caching, ABI decoder bug for multi-dimensional memory arrays, signed immutables, and user-defined value types bug.
Recommended Mitigation Steps
Lock the pragma and upgrade the compiler version to at least 0.8.10
Empty/Undefined logic
Description
In lines 47 and 61 of
PCVDeposit.solandCompoundPCVDepositBase.solrespectively, there are functions defined that lack any logic within (missing) curly braces.Troublesome code
https://github.com/code-423n4/2022-03-volt/blob/f1210bf3151095e4d371c9e9d7682d9031860bbd/contracts/pcv/PCVDeposit.sol#L47 https://github.com/code-423n4/2022-03-volt/blob/f1210bf3151095e4d371c9e9d7682d9031860bbd/contracts/pcv/compound/CompoundPCVDepositBase.sol#L61
Recommended Mitigation Steps
Implement the missing logic
Misleading NatSpec comment
Description
In line 14 of
Core.soland line 191 of CoreRef.solthe comments mention that thevoltand_volt` state variables are addresses of the Fei contract as a remnant of the Fei protocol it was forked from. This could cause confusion to anyone reading through the comments.Recommended Mitigation Steps
Rename the relevant sections in the comments appropriately.