QA Report - Githubissues

1. Inconsistent usage of `whenNotPaused` modifier

In MyStrategy contract, there are 2 functions (manualProcessExpiredLocks and performUpkeep) basically do the same thing which is call processExpiredLocks() on LOCKER. Function manualProcessExpiredLocks() has whenNotPaused modifier but performUpkeep doesn’t.

Proof of concept

https://github.com/Badger-Finance/vested-aura/blob/b6abb069431518962e1e0b3e516daa46ae3bdd9b/contracts/MyStrategy.sol#L372

https://github.com/Badger-Finance/vested-aura/blob/b6abb069431518962e1e0b3e516daa46ae3bdd9b/contracts/MyStrategy.sol#L391

Recommended Migitation Steps

Add or remove whenNotPaused for both functions to keep consistency

2. Should use `balanceOfWant()` consistently

In MyStrategy contract, function balanceOfWant() simply return balance of want token in this strategy.

But instead of using it, this code do call balanceOf manually

uint256 toDeposit = IERC20Upgradeable(want).balanceOf(address(this));

Proof of concept

https://github.com/Badger-Finance/vested-aura/blob/b6abb069431518962e1e0b3e516daa46ae3bdd9b/contracts/MyStrategy.sol#L362

Recommended Mitigation Steps

Should change to use balanceOfWant() function.

code-423n4 / 2022-06-badger-findings

QA Report #103

1. Inconsistent usage of `whenNotPaused` modifier

Proof of concept

Recommended Migitation Steps

2. Should use `balanceOfWant()` consistently

Proof of concept

Recommended Mitigation Steps

code-423n4 / 2022-06-badger-findings

QA Report #103

1. Inconsistent usage of whenNotPaused modifier

Proof of concept

Recommended Migitation Steps

2. Should use balanceOfWant() consistently

Proof of concept

Recommended Mitigation Steps

1. Inconsistent usage of `whenNotPaused` modifier

2. Should use `balanceOfWant()` consistently