1 follow the πππππ ππ π ππππ πππππππππππ ππππππ«π§ in deposit and claimAll.
The function deposit and claimAll donβt follow the check effects interaction pattern.
Update user.amount before transferFrom and userRewards[msg.sender] in claimAll.
2 use safeTransfer and safeTransferFrom in JPEGStaking.sol. SafeERC20Upgradeable is imported for IERC20Upgradeable. However, it is not used. You must use it in stake and unstake.
3 use call to transfer ETH. the following line uses transfer to send ETH. However, call is recommended to send ETH. You need also check the return value of call if the transfer is successful is or not.
4 import safeERC20 and use safeTransferFrom instead of transferFrom in repurchase.
In the following line, transferFrom is used. You can replace it with safeTransferFrom to transfer ERC20 token.
using safeERC20 for IStableCoin;
stablecoin.safeTransferFrom(msg.sender, position.liquidator, debtAmount + penalty);
5 Lock pragmas to specific compiler version. Contracts should be deployed with the same compiler version and flags that they have been tested with thoroughly. Locking the pragma helps to ensure that contracts do not accidentally get deployed using, for example, an outdated compiler version that might introduce bugs that affect the contract system negatively.
2022-04-jpegd
1 follow the πππππ ππ π ππππ πππππππππππ ππππππ«π§ in deposit and claimAll. The function deposit and claimAll donβt follow the check effects interaction pattern.
https://github.com/code-423n4/2022-04-jpegd/blob/main/contracts/farming/LPFarming.sol#L214 https://github.com/code-423n4/2022-04-jpegd/blob/main/contracts/farming/LPFarming.sol#L356-L357
Update user.amount before transferFrom and userRewards[msg.sender] in claimAll.
2 use safeTransfer and safeTransferFrom in JPEGStaking.sol. SafeERC20Upgradeable is imported for IERC20Upgradeable. However, it is not used. You must use it in stake and unstake.
https://github.com/code-423n4/2022-04-jpegd/blob/main/contracts/staking/JPEGStaking.sol#L34 https://github.com/code-423n4/2022-04-jpegd/blob/main/contracts/staking/JPEGStaking.sol#L52
jpeg.safeTransferFrom(msg.sender, address(this), _amount); jpeg.safeTransfer(msg.sender, _amount);
3 use call to transfer ETH. the following line uses transfer to send ETH. However, call is recommended to send ETH. You need also check the return value of call if the transfer is successful is or not.
https://github.com/code-423n4/2022-04-jpegd/blob/main/contracts/vaults/FungibleAssetVaultForDAO.sol#L201
if (collateralAsset == ETH) { (bool success, ) = msg.sender.call{value: amount}(""); require(success, βTransfer failedβ); }
4 import safeERC20 and use safeTransferFrom instead of transferFrom in repurchase. In the following line, transferFrom is used. You can replace it with safeTransferFrom to transfer ERC20 token.
https://github.com/code-423n4/2022-04-jpegd/blob/main/contracts/vaults/NFTVault.sol#L899
using safeERC20 for IStableCoin; stablecoin.safeTransferFrom(msg.sender, position.liquidator, debtAmount + penalty);
5 Lock pragmas to specific compiler version. Contracts should be deployed with the same compiler version and flags that they have been tested with thoroughly. Locking the pragma helps to ensure that contracts do not accidentally get deployed using, for example, an outdated compiler version that might introduce bugs that affect the contract system negatively.
For example,
pragma solidity 0.8.0;