search

code-423n4 / 2022-06-nibbl-findings

1 stars 0 forks source link

QA Report #234

Open code423n4 opened 2 years ago

code423n4 commented 2 years ago
  1. https://github.com/NibblNFT/nibbl-smartcontracts/blob/49bf364d9e81a554cfdf47ae5cfc3daf52a54ad6/contracts/Twav/Twav.sol#L35-L42 Incorrect assignment for _twavObservationCurrent and _twavObservationPrev cause of incorrect index . This could lead to the calculation for _twav got underflowed as current cumulative valuation is greater than previous cumulative valuation and reverted
    1. Prevent funds locked forever by checking for recipient address is not address(0) in all functions that transfer funds, such as: buy, sell, redeem, redeemCuratorFee ,all the withdraw* functions and _newCurator in updateCurator
    2. There are some configurations mismatched with the documentation at url https://github.com/NibblNFT/nibbl-smartcontracts/blob/master/README.md : BUYOUT_DURATION = 5 days but the docs mentioned 3 days,
    3. Should use unchecked at https://github.com/NibblNFT/nibbl-smartcontracts/blob/49bf364d9e81a554cfdf47ae5cfc3daf52a54ad6/contracts/NibblVault.sol#L319 , https://github.com/NibblNFT/nibbl-smartcontracts/blob/49bf364d9e81a554cfdf47ae5cfc3daf52a54ad6/contracts/NibblVault.sol#L378-L383, https://github.com/NibblNFT/nibbl-smartcontracts/blob/49bf364d9e81a554cfdf47ae5cfc3daf52a54ad6/contracts/NibblVault.sol#L415
HardlyDifficult commented 2 years ago
  1. Invalid, these are cumulative so the values always increase. 2 is a good suggestion. 4 could use a better explanation.