Open code423n4 opened 2 years ago
Valid Low
Because the token is known, the finding is not valid
Valid NC
Disagree because it would allow the governance to rug
Would have liked more detail
Short and sweet, ideally would like more findings / more details
1 L, 1 NC
There are some unsafe casts, meaning if the value is greater, it will be truncated, e.g.:
Better utilize SafeCast library where possible.
The current best practice is to use safe ERC20 library for token interactions (safeApprove and safeTransfer). There are some instances in code where regular transfers are used, e.g.:
setGovernor and setEmergencyCouncil could be a 2-step (propose-accept) process to reduce the possibility of an error.
When an old reward token is replaced by swapOutRewardToken, the old token balance will be left in the contract. Consider extracting this balance before updating the tokens. Or even better, add token sweep functions for unprotected tokens.
Consider keeping the rewards list in Gauge and Bribe in sync.