Open code423n4 opened 2 years ago
no check for 0 address https://github.com/code-423n4/2022-04-backd/blob/main/backd/contracts/vault/Vault.sol prepareTargetAllocation executeReserveFee executeBound withdrawFromStrategyWaitingForRemoval _rebalance changeConvexPool func https://github.com/code-423n4/2022-04-backd/blob/main/backd/contracts/strategies/BkdTriHopCvx.sol https://github.com/code-423n4/2022-04-backd/blob/main/backd/contracts/pool/LiquidityPool.sol handleLpTokenTransfer https://github.com/code-423n4/2022-04-backd/blob/main/backd/contracts/actions/topup/TopUpAction.sol lockfunds func calcExchangeAmount func,register,resetPosition getEthRequiredForGas getPosition _payFees https://github.com/code-423n4/2022-04-backd/blob/main/backd/contracts/actions/topup/TopUpAction.sol lockFunds changeConvexPool :return not explained in notspec addUsableToken getTopUpHandler _approve https://github.com/code-423n4/2022-04-backd/blob/main/backd/contracts/pool/LiquidityPool.sol handleLpTokenTransfer —------------------- withdrawAll https://github.com/code-423n4/2022-04-backd/blob/main/backd/contracts/pool/LiquidityPool.sol https://github.com/code-423n4/2022-04-backd/blob/main/backd/contracts/StakerVault.sol addStrategy Transfer increaseActionLockedBalance transferFrom unstakeFor
https://github.com/code-423n4/2022-04-backd/blob/main/backd/contracts/AddressProvider.sol Initialize addFeeHandler removeFeeHandler addAction addPool https://github.com/code-423n4/2022-04-backd/blob/main/backd/contracts/actions/topup/handlers/CompoundHandler.sol topUp
https://github.com/code-423n4/2022-04-backd/blob/main/backd/contracts/GasBank.sol depositFor
checks and effects pattern protect against reentry attack amountleft-='depostiamount should be done before just in case. excutelocalvars struct totalTopUpAmount waste of space make a bigger to uint256 muplite mappings to get value https://github.com/code-423n4/2022-04-backd/blob/main/backd/contracts/actions/topup/TopUpAction.sol —------------- _rebalance https://github.com/code-423n4/2022-04-backd/blob/main/backd/contracts/vault/Vault.sol bad comment should be put in better place address vault = addressProvider.getStakerVault(position.depositToken); // will revert if vault does not exist no onlygovernace modifer not implumented functions : you can change the fee update and change update fee or slippage which a basic user shouldnt be able to https://github.com/code-423n4/2022-04-backd/blob/main/backd/contracts/vault/Vault.sol executeDebtLimit prepareTargetAllocation withdrawFromStrategyWaitingForRemoval https://github.com/code-423n4/2022-04-backd/blob/main/backd/contracts/actions/topup/TopUpAction.sol executeActionFee
executeSwapperSlippage executeEstimatedGasUsage https://github.com/code-423n4/2022-04-backd/blob/main/backd/contracts/pool/LiquidityPool.sol prepareNewWithdrawalFeeDecreasePeriod executeNewWithdrawalFeeDecreasePeriod executeNewVault —------------ Code not needed https://github.com/code-423n4/2022-04-backd/blob/main/backd/contracts/vault/Vault.sol _computeNewAllocated
Not needed return 0 and pure why No comments and natspec on https://github.com/code-423n4/2022-04-backd/blob/main/backd/contracts/actions/topup/TopUpActionFeeHandler.sol function Line:160 to 170 —--------- Comments issue https://github.com/code-423n4/2022-04-backd/blob/main/backd/contracts/actions/topup/handlers/CompoundHandler.sol _getAccountBorrowsAndSupply function Not explaining well and no natspec comments.
no check for 0 address https://github.com/code-423n4/2022-04-backd/blob/main/backd/contracts/vault/Vault.sol prepareTargetAllocation executeReserveFee executeBound withdrawFromStrategyWaitingForRemoval _rebalance changeConvexPool func https://github.com/code-423n4/2022-04-backd/blob/main/backd/contracts/strategies/BkdTriHopCvx.sol https://github.com/code-423n4/2022-04-backd/blob/main/backd/contracts/pool/LiquidityPool.sol handleLpTokenTransfer https://github.com/code-423n4/2022-04-backd/blob/main/backd/contracts/actions/topup/TopUpAction.sol lockfunds func calcExchangeAmount func,register,resetPosition getEthRequiredForGas getPosition _payFees https://github.com/code-423n4/2022-04-backd/blob/main/backd/contracts/actions/topup/TopUpAction.sol lockFunds changeConvexPool :return not explained in notspec addUsableToken getTopUpHandler _approve https://github.com/code-423n4/2022-04-backd/blob/main/backd/contracts/pool/LiquidityPool.sol handleLpTokenTransfer —------------------- withdrawAll https://github.com/code-423n4/2022-04-backd/blob/main/backd/contracts/pool/LiquidityPool.sol https://github.com/code-423n4/2022-04-backd/blob/main/backd/contracts/StakerVault.sol addStrategy Transfer increaseActionLockedBalance transferFrom unstakeFor
https://github.com/code-423n4/2022-04-backd/blob/main/backd/contracts/AddressProvider.sol Initialize addFeeHandler removeFeeHandler addAction addPool https://github.com/code-423n4/2022-04-backd/blob/main/backd/contracts/actions/topup/handlers/CompoundHandler.sol topUp
https://github.com/code-423n4/2022-04-backd/blob/main/backd/contracts/GasBank.sol depositFor
checks and effects pattern protect against reentry attack amountleft-='depostiamount should be done before just in case. excutelocalvars struct totalTopUpAmount waste of space make a bigger to uint256 muplite mappings to get value https://github.com/code-423n4/2022-04-backd/blob/main/backd/contracts/actions/topup/TopUpAction.sol —------------- _rebalance https://github.com/code-423n4/2022-04-backd/blob/main/backd/contracts/vault/Vault.sol bad comment should be put in better place address vault = addressProvider.getStakerVault(position.depositToken); // will revert if vault does not exist no onlygovernace modifer not implumented functions : you can change the fee update and change update fee or slippage which a basic user shouldnt be able to https://github.com/code-423n4/2022-04-backd/blob/main/backd/contracts/vault/Vault.sol executeDebtLimit prepareTargetAllocation withdrawFromStrategyWaitingForRemoval https://github.com/code-423n4/2022-04-backd/blob/main/backd/contracts/actions/topup/TopUpAction.sol executeActionFee
executeSwapperSlippage executeEstimatedGasUsage https://github.com/code-423n4/2022-04-backd/blob/main/backd/contracts/pool/LiquidityPool.sol prepareNewWithdrawalFeeDecreasePeriod executeNewWithdrawalFeeDecreasePeriod executeNewVault —------------ Code not needed https://github.com/code-423n4/2022-04-backd/blob/main/backd/contracts/vault/Vault.sol _computeNewAllocated
Not needed return 0 and pure why No comments and natspec on https://github.com/code-423n4/2022-04-backd/blob/main/backd/contracts/actions/topup/TopUpActionFeeHandler.sol function Line:160 to 170 —--------- Comments issue https://github.com/code-423n4/2022-04-backd/blob/main/backd/contracts/actions/topup/handlers/CompoundHandler.sol _getAccountBorrowsAndSupply function Not explaining well and no natspec comments.