Issue:
In constructor, deployer can set _minDelay to 0 which means any proposed transaction can instantly be executed without any delay which beats the basic motive of timelock
Recommendation:
Add a check to ensure correct value of _minDelay
Issue:
The addOperator function is not checking that selector of added operator is not bytes4(0)
Same fix is required for requireAndGetOperator function at OperatorResolver.sol#L20
_minDelay can be 0, beating timelock motive
Contract: https://github.com/code-423n4/2022-06-nested/blob/main/contracts/governance/TimelockControllerEmergency.sol#L93
Issue: In constructor, deployer can set _minDelay to 0 which means any proposed transaction can instantly be executed without any delay which beats the basic motive of timelock
Recommendation: Add a check to ensure correct value of _minDelay
Missing selector check on operator
Contract: https://github.com/code-423n4/2022-06-nested/blob/main/contracts/governance/scripts/OperatorScripts.sol#L28 https://github.com/code-423n4/2022-06-nested/blob/main/contracts/OperatorResolver.sol#L20
Issue: The addOperator function is not checking that selector of added operator is not bytes4(0) Same fix is required for requireAndGetOperator function at OperatorResolver.sol#L20
Recommendation: Add below check
Unused imports
Contract: https://github.com/code-423n4/2022-06-nested/blob/main/contracts/operators/Yearn/YearnCurveVaultOperator.sol#L12
Issue: Contract is importing CurveHelpers but not using it
Recommendation: Do not import CurveHelpers.sol in YearnCurveVaultOperator