HickupHH3
commented
2 years ago low: nc: solidity version, todo, commented code invalid: erc20 detailed, static variable, lacking return statement, "why not use call instead of safetranfer then erc20 transfer..", "put this into a require statement otherwise it can fail and not know if it failed or not a correct input", "add require statement or bool to make sure it function happend"
Pragma 6.12 old version of solidity use a newer version ,because otherwise you can run into weird bugs and security issues. https://github.com/code-423n4/2022-05-sturdy/blob/6cc44472f6321d0be6844d6fe7fbd7b78d7602a9/smart-contracts/CollateralAdapter.sol#L2 https://github.com/code-423n4/2022-05-sturdy/blob/6cc44472f6321d0be6844d6fe7fbd7b78d7602a9/smart-contracts/ConvexCurveLPVault.sol#L3 https://github.com/code-423n4/2022-05-sturdy/blob/6cc44472f6321d0be6844d6fe7fbd7b78d7602a9/smart-contracts/GeneralVault.sol#L2 https://github.com/code-423n4/2022-05-sturdy/blob/6cc44472f6321d0be6844d6fe7fbd7b78d7602a9/smart-contracts/LidoVault.sol#L2
audit why erc20Detailed uses more gas bec of the extra functions pick and choose your erc20 contract or just pick erc20-detailed because it has also the optional functions —--------------------------------------------------------------------------------------------------- using static varibles that you cant change now what happens if convex contract needs a update and they change addresses may a onlyadmin to change the contracts address https://github.com/code-423n4/2022-05-sturdy/blob/6cc44472f6321d0be6844d6fe7fbd7b78d7602a9/smart-contracts/ConvexCurveLPVault.sol#L54 —-------------------------------------------------------------------------------------------- Dint specify return statement and the contract https://github.com/code-423n4/2022-05-sturdy/blob/6cc44472f6321d0be6844d6fe7fbd7b78d7602a9/smart-contracts/ConvexCurveLPVault.sol#L79
why not use call instead of safetranfer then erc20 transfer and uses the bools and require statement just do it yourself just incase not enough gas is supplied https://github.com/code-423n4/2022-05-sturdy/blob/6cc44472f6321d0be6844d6fe7fbd7b78d7602a9/smart-contracts/ConvexCurveLPVault.sol#L108 put this into a require statement otherwise it can fail and not know if it failed or not a correct input https://github.com/code-423n4/2022-05-sturdy/blob/6cc44472f6321d0be6844d6fe7fbd7b78d7602a9/smart-contracts/ConvexCurveLPVault.sol#L132 https://github.com/code-423n4/2022-05-sturdy/blob/6cc44472f6321d0be6844d6fe7fbd7b78d7602a9/smart-contracts/ConvexCurveLPVault.sol#L142 https://github.com/code-423n4/2022-05-sturdy/blob/6cc44472f6321d0be6844d6fe7fbd7b78d7602a9/smart-contracts/ConvexCurveLPVault.sol#L177 https://github.com/code-423n4/2022-05-sturdy/blob/6cc44472f6321d0be6844d6fe7fbd7b78d7602a9/smart-contracts/ConvexCurveLPVault.sol#L178 https://github.com/code-423n4/2022-05-sturdy/blob/6cc44472f6321d0be6844d6fe7fbd7b78d7602a9/smart-contracts/ConvexCurveLPVault.sol#L182 https://github.com/code-423n4/2022-05-sturdy/blob/6cc44472f6321d0be6844d6fe7fbd7b78d7602a9/smart-contracts/ConvexCurveLPVault.sol#L181 —-------------------------------------------------------------------- add require statement or bool to make sure it function happend https://github.com/code-423n4/2022-05-sturdy/blob/6cc44472f6321d0be6844d6fe7fbd7b78d7602a9/smart-contracts/YieldManager.sol#L237 https://github.com/code-423n4/2022-05-sturdy/blob/6cc44472f6321d0be6844d6fe7fbd7b78d7602a9/smart-contracts/YieldManager.sol#L239
Require statement not needed https://github.com/code-423n4/2022-05-sturdy/blob/6cc44472f6321d0be6844d6fe7fbd7b78d7602a9/smart-contracts/ConvexCurveLPVault.sol#L222 should remove todo in the comment after you implement the _depositToYieldPool https://github.com/code-423n4/2022-05-sturdy/blob/6cc44472f6321d0be6844d6fe7fbd7b78d7602a9/smart-contracts/GeneralVault.sol#L84 best practice to remove commented out code https://github.com/code-423n4/2022-05-sturdy/blob/6cc44472f6321d0be6844d6fe7fbd7b78d7602a9/smart-contracts/GeneralVault.sol#L165