search

code-423n4 / 2022-06-canto-v2-findings

0 stars 0 forks source link

QA Report #161

Open code423n4 opened 2 years ago

code423n4 commented 2 years ago
  1. Undeclared totalCash can be removed from comment since not used in actual code

https://github.com/Plex-Engineer/lending-market-v2/blob/443a8c0fed3c5018e95f3881a31b81a555c42b2d/contracts/CNote.sol#L55-L57

             *  exchangeRate = (totalCash + totalBorrows - totalReserves) / totalSupply
             */
            uint cashPlusBorrowsMinusReserves = totalBorrows - totalReserves;// totalCash in cNote Lending Market is zero, thus it is not factored 
            into the exchangeRate

Since exchangeRate = totalBorrows - totalReserves / totalSupply; was used so it can be removed from comment.

  1. require()/revert() statements should have reason strings

1.) TreasuryDelegator.sol Line.13

        require(admin_ != address(0));

2.) File : CNote.sol Line.74

        require(address(_accountant) != address(0));

3.) File : CNote.sol Line.121

        require(address(_accountant) != address(0)); //check that the accountant has been set

4.) File : AccountantDelegator.sol Line.22

        require(admin_ != address(0));

5.) File : Proposal-Store.sol Line.44

        require(msg.sender == UniGovModAcct);
  1. Make sure using modifier require for better used

https://github.com/Plex-Engineer/lending-market-v2/blob/443a8c0fed3c5018e95f3881a31b81a555c42b2d/contracts/Stableswap/BaseV1-periphery.sol#L87

        //require(deadline >= block.timestamp, "BaseV1Router: EXPIRED");

the ensure modifier requires that the swap transaction is executed before the given deadline, so rather than be an comment it can be used for better use.

  1. Use SPDX license identifier

For some contracts that was not used SPDX license identifier in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: " to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code

Occurances contract : CNote.sol, NoteInterest.sol, TreasuryInterfaces.sol), TreasuryDelegate.sol, TreasuryDelegator.sol

  1. Avoid Floatin Pragma's

Since it was used ^0.8.10. As the compiler can be use as 0.8.10 and consider locking at this version the same as another. It can be consider using locking the pragma version whenever possible and avoid using a floating pragma in the final deployment. Since it can be problematic, if there are publicly disclosed bugs and issues that affect the current compiler version used.

  1. Typo Reason String

https://github.com/Plex-Engineer/lending-market-v2/blob/443a8c0fed3c5018e95f3881a31b81a555c42b2d/contracts/WETH.sol#L69

        require(_balanceOf[src] >= wad, "WETH::transfeFrom");

changed to transferFrom

  1. Typo Comment

1.) https://github.com/Plex-Engineer/lending-market-v2/blob/443a8c0fed3c5018e95f3881a31b81a555c42b2d/contracts/Stableswap/BaseV1-core.sol#L45

CREATE2 // change to create
GalloDaSballo commented 2 years ago

Undeclared totalCash can be removed from comment since not used in actual code

NC

require()/revert() statements should have reason strings

NC

Make sure using modifier require for better used

TODO -> Dup of #90

Use SPDX license identifier

NC

Avoid Floatin Pragma's

NC

Typo Reason String && Comments

NC

5 NC