jakekidd
commented
2 years ago This seems to be a report for something else
Closed code423n4 closed 2 years ago
jakekidd
commented
2 years ago This seems to be a report for something else
Non-critical: No event emitted for some important state changes
A number of functions make important updates to the state of the protocol but don't emit events to log the change.
For users and indexers of the protocol it would be beneficial to emit events in the following functions:
InfinityExchange
InfinityStaker
Non-critical: Native ETH represented by the zero address
The zero address is also the default value assigned to an address that is uninitialized. So there is some risk that buggy client code that does not properly setup the MakerOrder struct could default to native eth when it wasn't intended.
A safer option would be to designate some other non-zero address for native ETH to ensure it was explicitly intended.
An example of this can be found in the Kyber Network where
0xEeeeeEeeeEeEeeEeEeEeeEEEeeeeEeeeeeeeEEeEis used to represent native ETH. See the docs here https://docs.kyberswap.com/api/#tag/swap.Documenting this on
addCurrencyand_currencieswould be helpful too. This will make it immediately clear to the reader that native ETH is represented with a special address.Non-critical: Mutable state variable names in CAPS
It's confusing for readers of the code and auditors to see mutable variables names in all caps.
The following variable names should change to mixed / camel case so it's clear they are mutable:
InfinityExchange
InfinityStaker
Non-critical: INFINITY_TOKEN should be marked immutable
It appears
INFINITY_TOKENwon't change and if that is the case marking itimmutablewill guarantee it can't be changed.Non-critical: Typos in natspec comments
"Storate" (Storage) on
InfinityExchange._currencies"mesage" (message) onSignatureChecker.recover