Open code423n4 opened 2 years ago
address(0)
1. File: NibblVault.sol#L183
function updateCurator(address _newCurator) external override { require(msg.sender == curator,"NibblVault: Only Curator"); curator = _newCurator; }
__gap[50]
1. File: NibblVault.sol#20
contract NibblVault is INibblVault, BancorFormula, ERC20Upgradeable, Twav, EIP712Base {
uint _primaryReserveBalance = (primaryReserveRatio * _initialTokenSupply * _initialTokenPrice) / (SCALE * 1e18);
2. File: NibblVault.sol#L195
3. File: NibblVault.sol#L303
uint32 _blockTimestamp = uint32(block.timestamp % 2**32);
4. File: NibblVault.sol#L303
primaryReserveRatio
PRIMARY_RESERVE_RATIO
1. File: NibblVault.sol#L195
uint32 private constant primaryReserveRatio = 200_000; //20%
1. File: NibblVault.sol#L405-406
// buyoutValuationDeposit = _currentValuation - ((primaryReserveBalance - fictitiousPrimaryReserveBalance) + secondaryReserveBalance); buyoutValuationDeposit = msg.value - (_buyoutBid - _currentValuation);
Good feedback, concise report
LOW
Missing
address(0)
check when setting new curatorThis could lead to funds being locked in contract forever.
1. File: NibblVault.sol#L183
Upgradeable contract is missing a
__gap[50]
storage variable to allow for new storage variables in later versionsRefrenced here
1. File: NibblVault.sol#20
QA
Magic numbers should be declarded as contstants.
1. File: NibblVault.sol#L183
2. File: NibblVault.sol#L195
3. File: NibblVault.sol#L303
4. File: NibblVault.sol#L303
primaryReserveRatio
should be written in all capitalsThis varable does not conform with the other constants and should be written as
PRIMARY_RESERVE_RATIO
1. File: NibblVault.sol#L195
Comment seems to contradict actual code
This could just be my lack of understanding, but this comment appears to be wrong or at least not properly explained.
1. File: NibblVault.sol#L405-406