there are no checks that the admin provided _externalAsset nor _internalAsset is not 0x0. If this is accidentally whitelisted then subsequent require checks against the 0 address will revert and functions like liquidationCall() will fail.
QA#1 No events emitted for newly added collateral tokens in CollateralAdapter
It would increase transparency if events were emitted when new collateral pairs are added
QA#2 Add events for configuring vaults with curve LP tokens and pool addresses
In ConvexCurveLPVault's setConfiguration() it is possible for admins to reassign addresses for curve and the pool, emitting an event would be helpful in letting users know.
HickupHH3
commented
2 years ago
Low & QA report
Low#1 No 0x address check for newly added collateral tokens in
CollateralAdapterIn the function
addCollateralAsset():there are no checks that the admin provided
_externalAssetnor_internalAssetis not0x0. If this is accidentally whitelisted then subsequent require checks against the 0 address will revert and functions likeliquidationCall()will fail.QA#1 No events emitted for newly added collateral tokens in
CollateralAdapterIt would increase transparency if events were emitted when new collateral pairs are added
QA#2 Add events for configuring vaults with curve LP tokens and pool addresses
In
ConvexCurveLPVault'ssetConfiguration()it is possible for admins to reassign addresses for curve and the pool, emitting an event would be helpful in letting users know.