search

code-423n4 / 2022-06-notional-coop-findings

1 stars 1 forks source link

QA Report #228

Open code423n4 opened 2 years ago

code423n4 commented 2 years ago

1. NotionalTradeModule's _mintFCashPosition description is from another function, _redeemFCashPosition (low)

Proof of Concept

https://github.com/code-423n4/2022-06-notional-coop/blob/6f8c325f604e2576e2fe257b6b57892ca181509a/index-coop-notional-trade-module/contracts/protocol/modules/v1/NotionalTradeModule.sol#L414-L418

    /**
     * @dev Redeem a given fCash position from the specified send token (either underlying or asset token)
     * @dev Alo adjust the components / position of the set token accordingly
     */
    function _mintFCashPosition(

Recommended Mitigation Steps

Update the comment to reflect _mintFCashPosition logic

2. Typos in comments (non-critical)

https://github.com/code-423n4/2022-06-notional-coop/blob/6f8c325f604e2576e2fe257b6b57892ca181509a/index-coop-notional-trade-module/contracts/protocol/modules/v1/NotionalTradeModule.sol#L215

     * @dev MANGER ONLY: Initialize given SetToken with initial list of registered fCash positions

https://github.com/code-423n4/2022-06-notional-coop/blob/6f8c325f604e2576e2fe257b6b57892ca181509a/index-coop-notional-trade-module/contracts/protocol/modules/v1/NotionalTradeModule.sol#L416

     * @dev Alo adjust the components / position of the set token accordingly

https://github.com/code-423n4/2022-06-notional-coop/blob/6f8c325f604e2576e2fe257b6b57892ca181509a/index-coop-notional-trade-module/contracts/protocol/modules/v1/NotionalTradeModule.sol#L455

     * @dev Alo adjust the components / position of the set token accordingly

Recommended Mitigation Steps

MANAGER

Also

Also

3. Floating pragma is used in the parts of the system (non-critical)

As different compiler versions have critical behavior specifics if the contracts get accidentally deployed using another compiler version compared to the one they were tested with, various types of undesired behavior can be introduced.

Proof of Concept

https://github.com/code-423n4/2022-06-notional-coop/blob/6f8c325f604e2576e2fe257b6b57892ca181509a/notional-wrapped-fcash/contracts/wfCashERC4626.sol#L2

pragma solidity ^0.8.0;

https://github.com/code-423n4/2022-06-notional-coop/blob/6f8c325f604e2576e2fe257b6b57892ca181509a/notional-wrapped-fcash/contracts/wfCashLogic.sol#L2

pragma solidity 0.8.11;

Recommended Mitigation Steps

Consider fixing the version to 0.8.11 across the codebase.