robrobbins
commented
2 years ago some corrections made elsewhere. some are wontfix (zctoken out of scope)
Open code423n4 opened 2 years ago
robrobbins
commented
2 years ago some corrections made elsewhere. some are wontfix (zctoken out of scope)
Marketplace/Marketplace.sol
Marketplace/Erc20.sol
L78 - If the contract or the address receiving the approve is an attacking address, it could front run to spend the approve when the owner tries to reduce or change the approve for the attacking address.
This code is repeated in Creator/Erc20.sol and tokens/Erc20.sol
Marketplace/FixedPointMathLib.sol
Creator/Creator.sol
Creator/LibFuse.sol
Creator/Compounding.sol
Creator/LibCompound.sol
Creator/Erc20.sol
Creator/ZcToken.sol
L31 - Several storage variables are set in the constructor that are immutable but are not validated if they are different from zero and if they comply with the interface. This would leave many functions with a DoS, forcing a redeploy of the contract.
L43/52/70/79/88 - In the view functions, a variable could be created in memory and validate that IRedeemer(redeemer).markets(protocol, underlying, maturity).maturityRate) != 0, in order to display the corresponding message, in these functions.
This code is repeated in tokens/ZcToken.sol
VaultTracker/VaultTracker.sol
Swivel/Swivel.sol
L33/72 - aaveAddr could be immutable, since it is only set in the constructor.
L111/388 - If in the validation of line 118 (amount > o.premium) the two values are zero, it would not revert. This code would revert on line 127 when doing a division by zero, without a correct message as to why it would revert.
L495 - Instead of validating that len == d.length and otherwise reverting, it would validate that len == 4 && d.length == 4, since otherwise a revert would be generated without explaining why within the for loop (if len = = d.length, but they are > 4).
All functions use letters to refer to the function inputs, this is something that could be more descriptive if the names represented the value they actually have.