search

code-423n4 / 2022-05-sturdy-findings

7 stars 3 forks source link

QA Report #39

Open code423n4 opened 2 years ago

code423n4 commented 2 years ago

Low Risk Findings

[QA-1] Use timelock modifier for setter functions

Timelock modifier is commonly used for storage variable setters that effects the contract logic. Consider adding timelocks on such setters.

    ConvexCurveLPVault.solL#37
    GeneralVault.solL#165
    YieldManager.solL#64
    YieldManager.solL#92

[QA-2] you have open TODOs in the codebase

Open TODOs can hint at programming or architectural errors that still need to be fixed.

    GeneralVault.solL#76

[QA-3] Use safe math for solidity version <8

You should use safe math for solidity version <8 since there is no default over/under flow check it those versions.

    CollateralAdapter.sol
    ConvexCurveLPVault.sol
    LidoVault.sol
HickupHH3 commented 2 years ago

Low issues: QA-1 NC issues: QA-2 Invalid: QA-3 safemath: no justification of why safemath should be used in these contracts if there isn't any math operations requiring its usage.