search

code-423n4 / 2022-05-sturdy-findings

7 stars 3 forks source link

QA Report #92

Open code423n4 opened 2 years ago

code423n4 commented 2 years ago

Summary

We list 2 low-critical findings and 1 non-critical findings:

(Low) GeneralVault\initialize() should check the address of _provider != address(0)

Impact

In GeneralVault.sol, initialize() should check the address of _provider != address(0)

Proof of Concept

https://github.com/code-423n4/2022-05-sturdy/blob/main/smart-contracts/GeneralVault.sol#L61-L63

Tools Used

vim

Recommended Mitigation Steps

Check address(_provider) != address(0).

(Low) setConfiguration should check the address of _lpToken != address(0)

Impact

In ConvexCurveLPVault.sol, setConfiguration should check the address of _lpToken != address(0)

Proof of Concept

https://github.com/code-423n4/2022-05-sturdy/blob/main/smart-contracts/ConvexCurveLPVault.sol#L37-L49

Tools Used

vim

Recommended Mitigation Steps

Check address(_lpToken) != address(0).

(Non) It’s better to emit an events In YieldManager.sol setter functions

Impact

It’s better to have events in setter functions.

Proof of Concept

https://github.com/code-423n4/2022-05-sturdy/blob/main/smart-contracts/YieldManager.sol#L92

https://github.com/code-423n4/2022-05-sturdy/blob/main/smart-contracts/YieldManager.sol#L64

Tools Used

vim

Recommended Mitigation Steps

Add events for setter functions.

HickupHH3 commented 2 years ago

Both are NC.