search

code-423n4 / 2022-07-swivel-findings

0 stars 1 forks source link

QA Report #45

Open code423n4 opened 2 years ago

code423n4 commented 2 years ago

[N-01] Adding a return statement when the function defines a named return variable, is redundant:-

1. File: 2022-07-swivel/Marketplace/MarketPlace.sol (line 207):

    `return interest;`         

2. File: 2022-07-swivel/Marketplace/MarketPlace.sol (line 166):

    `return (amount);`

3. File: 2022-07-swivel/Swivel/Hash.sol (line 74):

    `return hash;`

[N-02] constants should be defined rather than using magic numbers:-

1. File: 2022-07-swivel/Creator/VaultTracker.sol (line 224-227):

    `yield = ((maturityRate * 1e26) / sVault.exchangeRate) - 1e26;
} else {
    yield = ((exchangeRate * 1e26) / sVault.exchangeRate) - 1e26;
}`         

2. File: 2022-07-swivel/Marketplace/FixedPointMathLib.sol (line 61):

    `int256 k = ((x << 96) / 54916777467707473351141471128 + 2**95) >> 96;`

3. File: 2022-07-swivel/Marketplace/FixedPointMathLib.sol (line 56):

    `x = (x << 78) / 5**18;`

[N-03] Use a solidity version of at least 0.8.12 to get string.concat() to be used instead of abi.encodePacked(<str>,<str>):-

1. File: 2022-07-swivel/Creator/Erc20.sol (line 4):

    `pragma solidity ^0.8.0;`         

2. File: 2022-07-swivel/Marketplace/Erc20.sol (line 4):

    `pragma solidity ^0.8.0;`

3. File: 2022-07-swivel/Tokens/FixedPointMathLib.sol (line 2):

    `pragma solidity ^0.8.0;`

[N-04] Use a solidity version of at least 0.8.12 to get string.concat() to be used instead of abi.encodePacked(<str>,<str>):-

1. File: 2022-07-swivel/Creator/Erc20.sol (line 15-17):

    `  event Transfer(address indexed from, address indexed to, uint256 amount);

event Approval(address indexed owner, address indexed spender, uint256 amount);` 

2. File: 2022-07-swivel/Creator/IERC5095.sol (line 6):

    `event Redeem(address indexed from, address indexed to, uint256 amount);`

3. File: 2022-07-swivel/Creator/Interfaces.sol (line 20-21):

    `event Transfer(address indexed from, address indexed to, uint256 value);

event Approval(address indexed owner, address indexed spender, uint256 value);`

4. File: 2022-07-swivel/Marketplace/Erc20.sol (line 15-17):

    ` event Transfer(address indexed from, address indexed to, uint256 amount);

event Approval(address indexed owner, address indexed spender, uint256 amount);` 

5. File: 2022-07-swivel/Creator/IERC5095.sol (line 6-7):

    `event Transfer(address indexed from, address indexed to, uint256 value);

event Approval(address indexed owner, address indexed spender, uint256 value);`

6. File: 2022-07-swivel/Tokens/IERC5095.sol (line 6):

    `event Redeem(address indexed from, address indexed to, uint256 amount);` 

7. File: 2022-07-swivel/Tokens/Interfaces.sol (line 20-21):

    `  event Transfer(address indexed from, address indexed to, uint256 value);

event Approval(address indexed owner, address indexed spender, uint256 value);` 

8. File: 2022-07-swivel/VaultTracker/Interfaces.sol (line 20-21):

    `event Transfer(address indexed from, address indexed to, uint256 value);

event Approval(address indexed owner, address indexed spender, uint256 value);`

[N-05] Missing checks for address(0x0) when assigning values to address state variables:-

1. File: 2022-07-swivel/Creator/VaultTracker.sol (line 35-36):

    `cTokenAddr = c;

swivel = s;`

robrobbins commented 2 years ago

issues either addressed in other tickets or wontfixes