QA Report

[code423n4]

QA report for BACKD by PeritoFlores

[L-01] Price 0 allowed in Chainlink answer

This is perhaps very unlikely but you should consider a price of 0 and error in a Chainlink answer.

In the function getpriceUSD#ChainlinkOracleProvider.sol, after you read the data from Chainlink aggregator you allow the answer to be zero.

 require(answer >= 0, Error.NEGATIVE_PRICE);     L51

It is not a good idea because a price of 0 should be an error in Chainlink in addition some part of your code you can get a division by zero error.

OracleProviderExtensions.sol#L15

return priceOracle.getPriceUSD(fromToken).scaledDiv(priceOracle.getPriceUSD(toToken));

Recommended

[-] require(answer >= 0, Error.NEGATIVE_PRICE);     L51

[+] require(answer > 0, Error.NEGATIVE_OR_ZERO_PRICE);     L51

[L-02 ] Admin can be set to address(0) in VestedEscrow

Both functions setAdmin and setFundAdmin at VestedEscrow can be set accidentally to address(0).

In my opinion this issue for setAdmin could be consider medium because all the contract would be left without admin.

Recomended

require (_admin != address(0), "..");    

[NC-01 ]Lack of event emission after setting some parameters

The following functions are missing event emission after setting some parameter

setStalePriceDelay#ChainlinkOraclePrivider.sol

setMinter#InflationManager.sol

Recommended

Create and emit proper events

[chase-manning]

I consider this report to be of particularly high quality