Open code423n4 opened 2 years ago
N-1 CRITICAL CHANGES SHOULD USE TWO-STEP PROCEDURE Critical procedure should have two step processes. ConnextPriceOracle.sol L#168 N-2 Functions Mutating Storage Should Emit Events Functions that mutate storage should emit an events to easily monitor that function. StableSwap.sol L#448 StableSwap.sol L#456 PortalFacet.sol L#57 PortalFacet.sol L#65 NomadFacet.sol L#25
L-1 Unspecific Compiler Version Pragma Avoid floating pragmas for non-library contracts. DiamondInit.sol L#2
L-2 Missing zero-address check in constructors and the setter functions Missing checks for zero-addresses may lead to infunctional protocol, if the variable addresses are updated incorrectly. [SponsorVault.sol L#128]https://github.com/code-423n4/2022-06-connext/blob/main/contracts/contracts/core/connext/helpers/SponsorVault.sol#:~:text=)%20Ownable()%20%7B-,_setConnext(_connext)%3B,-%7D [Executor.sol L#48]https://github.com/code-423n4/2022-06-connext/blob/main/contracts/contracts/core/connext/helpers/Executor.sol#:~:text=address%20_connext)%20%7B-,connext%20%3D%20_connext%3B,-%7D Consider adding zero address checks like: require(connext != address(0));
L-2 is invalid, rest are good
jakekidd
commented
2 years ago jakekidd
commented
2 years ago
N-1 CRITICAL CHANGES SHOULD USE TWO-STEP PROCEDURE Critical procedure should have two step processes. ConnextPriceOracle.sol L#168 N-2 Functions Mutating Storage Should Emit Events Functions that mutate storage should emit an events to easily monitor that function. StableSwap.sol L#448 StableSwap.sol L#456 PortalFacet.sol L#57 PortalFacet.sol L#65 NomadFacet.sol L#25
L-1 Unspecific Compiler Version Pragma Avoid floating pragmas for non-library contracts. DiamondInit.sol L#2
L-2 Missing zero-address check in constructors and the setter functions Missing checks for zero-addresses may lead to infunctional protocol, if the variable addresses are updated incorrectly. [SponsorVault.sol L#128]https://github.com/code-423n4/2022-06-connext/blob/main/contracts/contracts/core/connext/helpers/SponsorVault.sol#:~:text=)%20Ownable()%20%7B-,_setConnext(_connext)%3B,-%7D [Executor.sol L#48]https://github.com/code-423n4/2022-06-connext/blob/main/contracts/contracts/core/connext/helpers/Executor.sol#:~:text=address%20_connext)%20%7B-,connext%20%3D%20_connext%3B,-%7D Consider adding zero address checks like: require(connext != address(0));