QA Report

[code423n4]

QA report

Non-critical

[N-01] Constants should be defined and documented rather than using magic numbers

• The 0.01e18 in lines 63, 105, 108 who reference to 1%
• The 1e18 in lines 102, 103, 162, 163, 587, 591 who reference to 100%
• The 10 in lines 233, 438 who reference the base

[N-02] Remove param parameter of point function

As the param must be "ladle" always, remove this one

/// @dev Point to a different ladle
/// @param value Address of new ladle
function point(address value) external auth {
    ladle = ILadle(value);
    emit Point(param, value);
}

Low Risk

[L-01] Missing checks for address(0) when assigning values to address state variables

Consider add a require(value != address(0), "The value should no be the zero address");

• L83, L141: assigning values to address state variables If assing a wrong address in point function could be broke the payBaseand _payInk functions
• L176: Receiver of the auctioneer reward
• L286, L346: Receiver of the collateral bought

[L-02] The setLine and setLimit functions don't check the parameters

The parameters ilkId, baseId and setIgnoredPair is not checked, the ids maybe don't exist

[alcueca]

None useful. Could be excused for not knowing point follows one of our standards. Certain magic numbers are very recognizable.