search

code-423n4 / 2022-06-badger-findings

0 stars 0 forks source link

QA Report #60

Open code423n4 opened 2 years ago

code423n4 commented 2 years ago

Impact

Magic number, consider using named constant instead.

Affected code:

  1. https://github.com/Badger-Finance/vested-aura/blob/d504684e4f9b56660a9e6c6dfb839dcebac3c174/contracts/MyStrategy.sol#L32
  2. https://github.com/Badger-Finance/vested-aura/blob/d504684e4f9b56660a9e6c6dfb839dcebac3c174/contracts/MyStrategy.sol#L37
  3. https://github.com/Badger-Finance/vested-aura/blob/d504684e4f9b56660a9e6c6dfb839dcebac3c174/contracts/MyStrategy.sol#L39
  4. https://github.com/Badger-Finance/vested-aura/blob/d504684e4f9b56660a9e6c6dfb839dcebac3c174/contracts/MyStrategy.sol#L40
  5. https://github.com/Badger-Finance/vested-aura/blob/d504684e4f9b56660a9e6c6dfb839dcebac3c174/contracts/MyStrategy.sol#L41
  6. https://github.com/Badger-Finance/vested-aura/blob/d504684e4f9b56660a9e6c6dfb839dcebac3c174/contracts/MyStrategy.sol#L42
  7. https://github.com/Badger-Finance/vested-aura/blob/d504684e4f9b56660a9e6c6dfb839dcebac3c174/contracts/MyStrategy.sol#L43

Proof of Concept

Tools Used

Recommended Mitigation Steps

Impact

Consider using IERC20 type instead of address. Or IERC20[] type instead of address[].

Affected code:

  1. https://github.com/Badger-Finance/vested-aura/blob/d504684e4f9b56660a9e6c6dfb839dcebac3c174/contracts/MyStrategy.sol#L107
  2. https://github.com/Badger-Finance/vested-aura/blob/d504684e4f9b56660a9e6c6dfb839dcebac3c174/contracts/MyStrategy.sol#L116
  3. https://github.com/Badger-Finance/vested-aura/blob/d504684e4f9b56660a9e6c6dfb839dcebac3c174/contracts/MyStrategy.sol#L162
  4. https://github.com/Badger-Finance/vested-aura/blob/d504684e4f9b56660a9e6c6dfb839dcebac3c174/contracts/MyStrategy.sol#L405
  5. https://github.com/Badger-Finance/vested-aura/blob/d504684e4f9b56660a9e6c6dfb839dcebac3c174/contracts/MyStrategy.sol#L421

Proof of Concept

Tools Used

Recommended Mitigation Steps

Impact

It is recommended to explicitly specify uint256 type instead of uint type for better readability.

Affected code:

  1. https://github.com/Badger-Finance/vested-aura/blob/d504684e4f9b56660a9e6c6dfb839dcebac3c174/contracts/MyStrategy.sol#L118

Proof of Concept

Tools Used

Recommended Mitigation Steps

GalloDaSballo commented 2 years ago

Magic number, consider using named constant instead.

Magic number -> Links addresses, check the bot ser

Consider using IERC20 type instead of address.

Casting has no cost

It is recommended to explicitly specify uint256 type instead of uint type for better readability.

Agree