search

code-423n4 / 2022-06-canto-findings

0 stars 0 forks source link

QA Report #252

Open code423n4 opened 2 years ago

code423n4 commented 2 years ago

[Q-01] Use interface IERC20 instead of interface erc20

The usual convention is IERC20 instead of erc20 File: BaseV1-core.sol#L4

Recommendation, use the convention and change erc20 to IERC20

[Q-02] Missing error message on revert

There is no revert message on BaseV1-core.sol#L468 Recommendation: add revert message;

require(success && (data.length == 0 || abi.decode(data, (bool))), 'StableSwap: TRANSFER_FAIL');

[Q-03] Misspell on comment;

MasterChef.sol#L74 // Total allocation poitns. Must be the sum of all allocation points in all pools. Should be; // Total allocation points. Must be the sum of all allocation points in all pools.

[L-01] Unlocked pragma

Unlocked pragma: Contracts should be deployed using the same compiler version/flags with which they have been tested. Locking the pragma (for e.g. by not using ^ in pragma solidity 0.5.10) ensures that contracts do not accidentally get deployed using an older compiler version with unfixed bugs. Source SWC-103

Files;

lending-market/contracts/Accountant/AccountantDelegate.sol:pragma solidity ^0.8.10;
lending-market/contracts/Accountant/AccountantDelegator.sol:pragma solidity ^0.8.10;
lending-market/contracts/Accountant/AccountantInterfaces.sol:pragma solidity ^0.8.10;
lending-market/contracts/BaseJumpRateModelV2.sol:pragma solidity ^0.8.10;
lending-market/contracts/CDaiDelegate.sol:pragma solidity ^0.8.10;
lending-market/contracts/CErc20Delegate.sol:pragma solidity ^0.8.10;
lending-market/contracts/CErc20Delegator.sol:pragma solidity ^0.8.10;
lending-market/contracts/CErc20Immutable.sol:pragma solidity ^0.8.10;
lending-market/contracts/CErc20.sol:pragma solidity ^0.8.10;
lending-market/contracts/CEther.sol:pragma solidity ^0.8.10;
lending-market/contracts/CNote.sol:pragma solidity ^0.8.10;
lending-market/contracts/ComptrollerG7.sol:pragma solidity ^0.8.10;
lending-market/contracts/ComptrollerInterface.sol:pragma solidity ^0.8.10;
lending-market/contracts/Comptroller.sol:pragma solidity ^0.8.10;
lending-market/contracts/ComptrollerStorage.sol:pragma solidity ^0.8.10;
lending-market/contracts/CTokenInterfaces.sol:pragma solidity ^0.8.10;
lending-market/contracts/CToken.sol:pragma solidity ^0.8.10;
lending-market/contracts/DAIInterestRateModelV3.sol:pragma solidity ^0.8.10;
lending-market/contracts/EIP20Interface.sol:pragma solidity ^0.8.10;
lending-market/contracts/EIP20NonStandardInterface.sol:pragma solidity ^0.8.10;
lending-market/contracts/ERC20.sol:pragma solidity ^0.8.10;
lending-market/contracts/ErrorReporter.sol:pragma solidity ^0.8.10;
lending-market/contracts/ExponentialNoError.sol:pragma solidity ^0.8.10;
lending-market/contracts/Governance/Comp.sol:pragma solidity ^0.8.10;
lending-market/contracts/Governance/GovernorAlpha.sol:pragma solidity ^0.8.10;
lending-market/contracts/Governance/GovernorBravoDelegate.sol:pragma solidity ^0.8.10;
lending-market/contracts/Governance/GovernorBravoDelegator.sol:pragma solidity ^0.8.10;
lending-market/contracts/Governance/GovernorBravoInterfaces.sol:pragma solidity ^0.8.10;
lending-market/contracts/InterestRateModel.sol:pragma solidity ^0.8.10;
lending-market/contracts/JumpRateModel.sol:pragma solidity ^0.8.10;
lending-market/contracts/JumpRateModelV2.sol:pragma solidity ^0.8.10;
lending-market/contracts/Lens/CompoundLens.sol:pragma solidity ^0.8.10;
lending-market/contracts/Maximillion.sol:pragma solidity ^0.8.10;
lending-market/contracts/NoteInterest.sol:pragma solidity ^0.8.10;
lending-market/contracts/Note.sol:pragma solidity ^0.8.10;
lending-market/contracts/PriceOracle.sol:pragma solidity ^0.8.10;
lending-market/contracts/Reservoir.sol:pragma solidity ^0.8.10;
lending-market/contracts/SafeMath.sol:pragma solidity ^0.8.10;
lending-market/contracts/SimplePriceOracle.sol:pragma solidity ^0.8.10;
lending-market/contracts/Timelock.sol:pragma solidity ^0.8.10;
lending-market/contracts/Treasury/TreasuryDelegate.sol:pragma solidity ^0.8.10;
lending-market/contracts/Treasury/TreasuryDelegator.sol:pragma solidity ^0.8.10;
lending-market/contracts/Treasury/TreasuryInterfaces.sol:pragma solidity ^0.8.10;
lending-market/contracts/Unitroller.sol:pragma solidity ^0.8.10;
lending-market/contracts/WETH.sol:pragma solidity ^0.8.10;
lending-market/contracts/WhitePaperInterestRateModel.sol:pragma solidity ^0.8.10;
GalloDaSballo commented 2 years ago

Use interface IERC20 instead of interface erc20

Valid R

Missing error message on revert

Valid NC

[Q-03] Misspell on comment;

NC

[L-01] Unlocked pragma

Valid NC

Neat report 1 R 3 NC