QA Report

[code423n4]

1. Add allowed_from >= value check in transferFrom() of Velo.sol

There is no checks performed inside transferFrom() function of Velo.sol for the condition allowed_from >= _value. Although, the transaction will revert in such cases because of underflow, it is a good practice to return proper revert error message.

Recommended solution

Add this check in the beginning of transferFrom() function

require(allowed_from >= _value, "transfer amount exceed allowed amount");

• https://github.com/code-423n4/2022-05-velodrome/blob/7fda97c570b758bbfa7dd6724a336c43d4041740/contracts/contracts/Velo.sol#L60-L66

2. Add error string to require statement

There are some instances where revert strings are not added in require statements. Add revert strings on those require statements.

• https://github.com/code-423n4/2022-05-velodrome/blob/7fda97c570b758bbfa7dd6724a336c43d4041740/contracts/contracts/Bribe.sol#L42

3. No address(0) checks

There is no address(0) checks in setMinter(). This may lead to the minter address being accidentaly set to zero address.

• https://github.com/code-423n4/2022-05-velodrome/blob/7fda97c570b758bbfa7dd6724a336c43d4041740/contracts/contracts/Velo.sol#L26

[GalloDaSballo]

1. Add allowed_from >= value check in transferFrom() of Velo.sol

NC

2. Add error string to require statement

NC

3. No address(0) checks

Low

Short and sweet, 1 L, 2 NC

[JeeberC4]

Warden submitted multiple QA Reports. Will not be judged.