Open code423n4 opened 2 years ago
Disagree as it's literally the name of the function
Disagree as you have no way of proving usage / non-usage of timelock, hence the finding is not actionable
I think QA-01 is NC because the effect is firing a second event without a change, edited above to reflect that
1NC
Low & QA report
Relevant parts of the code are marked with
@audit
tags.QA
QA-01: Add check that
newPotentialOwner != currentOwner
toConduitController.sol:transferOwnership()
While there are no negative effects and the currentOwner can complete the entire ownership transfer flow to themselves, the events emitted would be confusing and misleading, impacting metrics / users looking at them.
QA-02: Emit event or return data if accumulator is not "armed" in
Executor.sol:_triggerIfArmed()
If the accumulator is not "armed" the internal function simply returns without emitting an event or returning data, both of which can be useful in diagnosing the issue. This does not follow the pattern seen in the rest of the codebase where events are emitted + return data for errors. Would be a good to have.