QA Report

[code423n4]

Non-critical

[N-01] Lint error

manifest-v2/contracts/Proposal-Store.sol:

• L9: 8 spaces to 4 spaces
• L37, L38, L39: 4 spaces to 8 spaces
• L35, L42: The constructor and the AddProposal function have many parameters, align these on lines to improve clarity

  constructor(
  uint propId, 
  string memory title, 
  string memory desc, 
  address[] memory targets,
  uint[] memory values, 
  string[] memory signatures, 
  bytes[] memory calldatas
  ) { 

[N-02] Wrong comment

manifest-v2/contracts/Proposal-Store.sol, L6, L7: This comment it's wrong maybe was a mistake from ERC20DirectBalanceManipulation contract copy-paste, remove it and add one

[N-03] Missing event emitting

Each function that changes the state of the contract should have an associated event to facilitate off-chain monitoring

manifest-v2/contracts/Proposal-Store.sol: The constructor and the AddProposal function should emit an event when add a proposal to the proposals array

[N-04] The names of the functions should be start in lower case

manifest-v2/contracts/Proposal-Store.sol, L42, L31, L49 the names of the functions should be start in lower case: addProposal and queryProp; also the name of the vars UniGovModAcct

[N-05] Non-library/interface files should use fixed compiler versions, not floating ones

Proposal-Store.sol#L3

lending-market-v2/contracts/Accountant/AccountantDelegator.sol:1:pragma solidity ^0.8.10;
lending-market-v2/contracts/Accountant/AccountantInterfaces.sol:1:pragma solidity ^0.8.10;
lending-market-v2/contracts/Accountant/AccountantDelegate.sol:1:pragma solidity ^0.8.10;
lending-market-v2/contracts/BaseJumpRateModelV2.sol:2:pragma solidity ^0.8.10;
lending-market-v2/contracts/CDaiDelegate.sol:2:pragma solidity ^0.8.10;
lending-market-v2/contracts/CErc20.sol:2:pragma solidity ^0.8.10;
lending-market-v2/contracts/CErc20Delegate.sol:2:pragma solidity ^0.8.10;
lending-market-v2/contracts/CErc20Delegator.sol:2:pragma solidity ^0.8.10;
lending-market-v2/contracts/CErc20Immutable.sol:2:pragma solidity ^0.8.10;
lending-market-v2/contracts/CEther.sol:2:pragma solidity ^0.8.10;
lending-market-v2/contracts/CNote.sol:1:pragma solidity ^0.8.10;
lending-market-v2/contracts/CToken.sol:2:pragma solidity ^0.8.10;
lending-market-v2/contracts/CTokenInterfaces.sol:2:pragma solidity ^0.8.10;
lending-market-v2/contracts/Comptroller.sol:2:pragma solidity ^0.8.10;
lending-market-v2/contracts/ComptrollerG7.sol:2:pragma solidity ^0.8.10;
lending-market-v2/contracts/ComptrollerStorage.sol:2:pragma solidity ^0.8.10;
lending-market-v2/contracts/DAIInterestRateModelV3.sol:2:pragma solidity ^0.8.10;
lending-market-v2/contracts/ErrorReporter.sol:2:pragma solidity ^0.8.10;
lending-market-v2/contracts/ExponentialNoError.sol:2:pragma solidity ^0.8.10;
lending-market-v2/contracts/Governance/GovernorAlpha.sol:2:pragma solidity ^0.8.10;
lending-market-v2/contracts/Governance/GovernorBravoInterfaces.sol:2:pragma solidity ^0.8.10;
lending-market-v2/contracts/Governance/GovernorBravoDelegate.sol:2:pragma solidity ^0.8.10;
lending-market-v2/contracts/Governance/Comp.sol:2:pragma solidity ^0.8.10;
lending-market-v2/contracts/Governance/GovernorBravoDelegator.sol:2:pragma solidity ^0.8.10;
lending-market-v2/contracts/InterestRateModel.sol:2:pragma solidity ^0.8.10;
lending-market-v2/contracts/JumpRateModel.sol:2:pragma solidity ^0.8.10;
lending-market-v2/contracts/JumpRateModelV2.sol:2:pragma solidity ^0.8.10;
lending-market-v2/contracts/Lens/CompoundLens.sol:2:pragma solidity ^0.8.10;
lending-market-v2/contracts/Maximillion.sol:2:pragma solidity ^0.8.10;
lending-market-v2/contracts/Note.sol:1:pragma solidity ^0.8.10;
lending-market-v2/contracts/NoteInterest.sol:1:pragma solidity ^0.8.10;
lending-market-v2/contracts/PriceOracle.sol:2:pragma solidity ^0.8.10;
lending-market-v2/contracts/Reservoir.sol:2:pragma solidity ^0.8.10;
lending-market-v2/contracts/SimplePriceOracle.sol:2:pragma solidity ^0.8.10;
lending-market-v2/contracts/Stableswap/test/calculations.sol:3:pragma solidity ^0.8.6;
lending-market-v2/contracts/Timelock.sol:2:pragma solidity ^0.8.10;
lending-market-v2/contracts/Treasury/TreasuryDelegator.sol:1:pragma solidity ^0.8.10;
lending-market-v2/contracts/Treasury/TreasuryDelegate.sol:1:pragma solidity ^0.8.10;
lending-market-v2/contracts/Unitroller.sol:2:pragma solidity ^0.8.10;
lending-market-v2/contracts/WhitePaperInterestRateModel.sol:2:pragma solidity ^0.8.10;

[N-06] Remove hardhat/console.sol

Remove the hardhat/console.sol on BaseV1-core.sol#L4 and the console.log function calls

Remove the hardhat/console.sol on CErc20.sol#L5 and the console.log function calls

Remove the hardhat/console.sol on AccountantDelegate.sol#L7 and the console.log function calls

[eugenioclrc]

[N-06] is a high; https://github.com/code-423n4/2022-06-NewBlockchain-v2-findings/issues/91

[GalloDaSballo]

Disagree with N-06 being High Severity. Console.log will just emit an event

[GalloDaSballo]

[N-01] Lint error

NC

[N-02] Wrong comment

NC

 [N-03] Missing event emitting

NC

[N-04] The names of the functions should be start in lower case

R

[N-05] Non-library/interface files should use fixed compiler versions, not floating ones

R

[N-06] Remove hardhat/console.sol

R

3R 3NC