Open code423n4 opened 2 years ago
Formatting was abysmal please preview your submission
NC
I don't understand this, please try to write in more detail next time
Invalid, this is not a mistake, they are using modulo math
NC
I genuinely cannot understand the rest, please try to write simpler sentences
2 NC
Headline
Not having emits on critical functions https://github.com/code-423n4/2022-05-vetoken/blob/2d7cd1f6780a9bcc8387dea8fecfbd758462c152/contracts/VeAssetDepositor.sol#L90
emit LockUpdated(veAssetBalanceStaker, unlockTime mayabe emit also the unlockat so you can query the data can be helpful
if this doesn't fail its dead code because veaset staker can only be zero either on deployment or on first call to this function uint256 veAssetBalanceStaker = IERC20(veAsset).balanceOf(staker); if (veAssetBalanceStaker == 0) { return; } This code is very rare to happen because to get into the system balance of staker is more then zero
Precision error multiplication first because you can have presion errors uint256 unlockInWeeks = (unlockAt / WEEK) * WEEK;
if (veVeAsset == 0) { uint256 unlockAt = block.timestamp + maxTime; uint256 unlockInWeeks = (unlockAt / WEEK) * WEEK;
You can easily skip this logic because it only executes veveAsset ==0 is very rare. just like the case above ^
comment on how this function works with comments, there are not comments or natspec how this function works Lockasset function
IStaker(staker).increaseTime(unlockAt); add to make sure that if succeeds and the function that is not updating anything in this function make it in require statement
unlocktime = unlock weeks have a require statement here and make sure it happens here you are doing unnecessary state variable make into memory variable issue make this more readable because user might not know what is going on you're not saying why it's reverting require(_amount > 0, "!>0");
no check for address zero https://github.com/code-423n4/2022-05-vetoken/blob/2d7cd1f6780a9bcc8387dea8fecfbd758462c152/contracts/VeAssetDepositor.sol#L130
and no return, not good for other contracts implementing this function https://github.com/code-423n4/2022-05-vetoken/blob/2d7cd1f6780a9bcc8387dea8fecfbd758462c152/contracts/VeAssetDepositor.sol#L130
if (_lock) { https://github.com/code-423n4/2022-05-vetoken/blob/2d7cd1f6780a9bcc8387dea8fecfbd758462c152/contracts/VeAssetDepositor.sol#L134