search

code-423n4 / 2022-06-putty-findings

5 stars 0 forks source link

QA Report #399

Open code423n4 opened 2 years ago

code423n4 commented 2 years ago

Title: Event is missing indexed fields

Impact

Each event should use three indexed fields if there are three or more fields

Proof of Concept

https://github.com/code-423n4/2022-06-putty/blob/3b6b844bc39e897bd0bbb69897f2deff12dc3893/contracts/src/PuttyV2.sol#L171-L207

Tools Used

Manual

Recommended Mitigation Steps

Add Index to at least 3 parameters or existing ones in fewer cases.

Title: Insufficient Input Validation

Impact

The functions should first check if the passed arguments are valid first.

Proof of Concept

External functions that do not check the input values:

https://github.com/code-423n4/2022-06-putty/blob/3b6b844bc39e897bd0bbb69897f2deff12dc3893/contracts/src/PuttyV2.sol#L669 https://github.com/code-423n4/2022-06-putty/blob/3b6b844bc39e897bd0bbb69897f2deff12dc3893/contracts/src/PuttyV2.sol#L683

Tools Used

Manual

Recommended Mitigation Steps

Check input values