search

code-423n4 / 2022-05-aura-findings

0 stars 1 forks source link

QA Report #332

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

1. New reward tokens might not be added in ExtraRewardStashV3.sol.

Line References

ExtraRewardStashV3.sol#L128

Impact

In ExtraRewardStashV3.sol, if a reward token has a 0 address, the checkForNewRewardTokens function would break out of the loop and reward tokens after the 0 address token would not be added.

Recommended Mitigation Steps

To allow other reward tokens to be added, consider removing the 0 address check on line 127 in the checkForNewRewardTokens function since there is a 0 address check in the setToken function, or change the break to a continue on line 128.

2. No gauge existence check in StashFactoryV2.sol

Line References

StashFactoryV2.sol#L87-L103

StashFactoryV2.sol#L55-L85

Impact

In the IsV1, IsV2 and IsV3 functions call would return true if the _gauge does not exist anymore (check references).

When creating a new stash in CreateStash, if a _stashVersion of 1 or 3 is used, a new stash could be created with a gauge that does not exist.

References

Solidity documentation.

Recommended Mitigation Steps

Consider checking for the existence of the _gauge contract in the CreateStash function.

dmvt commented 2 years ago

Invalid. These reports are of no value.