search

code-423n4 / 2022-07-axelar-findings

0 stars 0 forks source link

QA Report #213

Open code423n4 opened 2 years ago

code423n4 commented 2 years ago

QA

Missing checks for address(0x0) when assigning values to address state variables

File: DepositBase.sol line 24

        gateway = gateway_;

File: XC20Wrapper.sol line 27

        gatewayAddress = gatewayAddress_;

public functions not called by the contract should be declared external instead

File: DepositBase.sol line 41

    function wrappedToken() public view returns (address) {
        return IAxelarGateway(gateway).tokenAddresses(wrappedSymbol());
    }

File: XC20Wrapper.sol line 40-42

    function contractId() public pure returns (bytes32) {
        return keccak256('xc20-wrapper');
    }

constants should be defined rather than using magic numbers

There are several occurrences of literal values with unexplained meaning .Literal values in the codebase without an explained meaning make the code harder to read, understand and maintain, thus hindering the experience of developers, auditors and external contributors alike.

Developers should define a constant variable for every magic value used , giving it a clear and self-explanatory name.

File: DepositBase.sol line 50 0xff

        uint256 length = 0xff & uint256(symbolData);

File: DepositBase.sol line 37 0xff

        symbolNumber |= 0xff & symbolBytes.length;

Typos

File: ReceiverImplementation.sol line 37

        // Sending the token trough the gateway

trough instead of through

GalloDaSballo commented 2 years ago

Missing checks for address(0x0) when assigning values to address state variables

Valid for XC20Wrapper L

public functions not called by the contract should be declared external instead

Valid NC

constants should be defined rather than using magic numbers

Valid R

Typos

NC

1L 1R 2NC