Description:
Setter functions are missing checks to validate if the new value being set is the same as the current value already set in the contract. Such checks will showcase mismatches between on-chain and off-chain states.
Recommendation:
This may hinder detecting discrepancies between on-chain and off-chain states leading to flawed assumptions of on-chain state and protocol behavior.
Description:
When critical parameters of systems need to be changed, it is required to broadcast the change via event emission and recommended to enforce the changes after a time-delay. This is to allow system users to be aware of such critical changes and give them an opportunity to exit or adjust their engagement with the system accordingly. None of the onlyOwner functions that change critical protocol addresses/parameters have a timelock for a time-delayed change to alert: (1) users and give them a chance to engage/exit protocol if they are not agreeable to the changes (2) team in case of compromised owner(s) and give them a chance to perform incident response.
Recommendation:
Users may be surprised when critical parameters are changed. Furthermore, it can erode users' trust since they can’t be sure the protocol rules won’t be changed later on. Compromised owner keys may be used to change protocol addresses/parameters to benefit attackers. Without a time-delay, authorised owners have no time for any planned incident response.
[NAZ-L3] Lack of Event Emission For Critical Functions
Description:
Several functions update critical parameters that are missing event emission. These should be performed to ensure tracking of changes of such critical parameters.
Recommendation:
Consider adding events to functions that change critical parameters.
[NAZ-L4] Lack of Two-Step Process for Critical Operations
Description:
This function transfers the ownership of the contract in a single step. There is no way to reverse a one-step transfer of ownership to an address without an owner. This would not be the case if ownership were transferred through a two-step process in which an owner proposed a transfer and the prospective recipient accepted it.
Recommendation:
Consider using a two-step process for ownership transfers.
Description:
Lack of zero-address validation on address parameters may lead to transaction reverts, waste gas, require resubmission of transactions and may even force contract redeployments in certain cases within the protocol.
Recommendation:
Consider adding explicit zero-address validation on input parameters of address type.
Description:
The linked variables do not conform to the standard naming convention of Solidity whereby functions and variable names(local and state) utilize the mixedCase format unless variables are declared as constant in which case they utilize the UPPER_CASE_WITH_UNDERSCORES format.
Recommendation:
Consider naming conventions utilized by the linked statements are adjusted to reflect the correct type of declaration according to the Solidity style guide.
Description:
Parameters of certain events are expected to be indexed so that they’re included in the block’s bloom filter for faster access. Failure to do so might confuse off-chain tooling looking for such indexed events.
Recommendation:
Consider adding the indexed keyword to event parameters that should include it.
Description:
Some functions are missing @notice/@dev NatSpec comments for the function, @param for all/some of their parameters and @return for return values. Given that NatSpec is an important part of code documentation, this affects code comprehension, auditability and usability.
Recommendation:
Consider adding in full NatSpec comments for all functions to have complete code documentation for future use.
Description:
Contracts should be deployed with the same compiler version and flags that they have been tested with thoroughly. Locking the pragma helps to ensure that contracts do not accidentally get deployed using, for example, an outdated compiler version that might introduce bugs that affect the contract system negatively.
Recommendation:
Consider locking the pragma version.
Description:
Using very old versions of Solidity prevents benefits of bug fixes and newer security checks. Using the latest versions might make contracts susceptible to undiscovered compiler bugs.
Recommendation:
Consider using the most recent version.
[NAZ-L1] Missing Equivalence Checks in Setters
Severity: Low Context:
VotingEscrow.sol#L139-L157Description: Setter functions are missing checks to validate if the new value being set is the same as the current value already set in the contract. Such checks will showcase mismatches between on-chain and off-chain states.
Recommendation: This may hinder detecting discrepancies between on-chain and off-chain states leading to flawed assumptions of on-chain state and protocol behavior.
[NAZ-L2] Missing Time locks
Severity: Low Context:
VotingEscrow.sol#L161Description: When critical parameters of systems need to be changed, it is required to broadcast the change via event emission and recommended to enforce the changes after a time-delay. This is to allow system users to be aware of such critical changes and give them an opportunity to exit or adjust their engagement with the system accordingly. None of the onlyOwner functions that change critical protocol addresses/parameters have a timelock for a time-delayed change to alert: (1) users and give them a chance to engage/exit protocol if they are not agreeable to the changes (2) team in case of compromised owner(s) and give them a chance to perform incident response.
Recommendation: Users may be surprised when critical parameters are changed. Furthermore, it can erode users' trust since they can’t be sure the protocol rules won’t be changed later on. Compromised owner keys may be used to change protocol addresses/parameters to benefit attackers. Without a time-delay, authorised owners have no time for any planned incident response.
[NAZ-L3] Lack of Event Emission For Critical Functions
Severity: Low Context:
VotingEscrow.sol#L456Description: Several functions update critical parameters that are missing event emission. These should be performed to ensure tracking of changes of such critical parameters.
Recommendation: Consider adding events to functions that change critical parameters.
[NAZ-L4] Lack of Two-Step Process for Critical Operations
Severity Low Context:
VotingEscrow.sol#L139Description: This function transfers the ownership of the contract in a single step. There is no way to reverse a one-step transfer of ownership to an address without an owner. This would not be the case if ownership were transferred through a two-step process in which an owner proposed a transfer and the prospective recipient accepted it.
Recommendation: Consider using a two-step process for ownership transfers.
[NAZ-L5] Missing Zero-address Validation
Severity: Low Context:
VotingEscrow.sol#L101-L103,VotingEscrow.sol#L139,VotingEscrow.sol#L146,VotingEscrow.sol#L153Description: Lack of zero-address validation on address parameters may lead to transaction reverts, waste gas, require resubmission of transactions and may even force contract redeployments in certain cases within the protocol.
Recommendation: Consider adding explicit zero-address validation on input parameters of address type.
[NAZ-N1] Spelling Errors
Severity: Informational Context:
VotingEscrow.sol#L253 (err => error)Description: Spelling errors in comments can cause confusion to both users and developers.
Recommendation: Consider checking all misspellings to ensure they are corrected.
[NAZ-N2] Function && Variable Naming Convention
Severity Informational Context:
VotingEscrow.sol#L409 (unlock_time => unlockTime),VotingEscrow.sol#L500 (unlock_time => unlockTime)Description: The linked variables do not conform to the standard naming convention of Solidity whereby functions and variable names(local and state) utilize the
mixedCaseformat unless variables are declared asconstantin which case they utilize theUPPER_CASE_WITH_UNDERSCORESformat.Recommendation: Consider naming conventions utilized by the linked statements are adjusted to reflect the correct type of declaration according to the Solidity style guide.
[NAZ-N3] Unindexed Event Parameters
Severity Informational Context:
VotingEscrow.sol#L41Description: Parameters of certain events are expected to be indexed so that they’re included in the block’s bloom filter for faster access. Failure to do so might confuse off-chain tooling looking for such indexed events.
Recommendation: Consider adding the indexed keyword to event parameters that should include it.
[NAZ-N4] Missing or Incomplete NatSpec
Severity: Informational Context:
All ContractsDescription: Some functions are missing @notice/@dev NatSpec comments for the function, @param for all/some of their parameters and @return for return values. Given that NatSpec is an important part of code documentation, this affects code comprehension, auditability and usability.
Recommendation: Consider adding in full NatSpec comments for all functions to have complete code documentation for future use.
[NAZ-N5] Floating Pragma
Severity: Informational Context:
All ContractsDescription: Contracts should be deployed with the same compiler version and flags that they have been tested with thoroughly. Locking the pragma helps to ensure that contracts do not accidentally get deployed using, for example, an outdated compiler version that might introduce bugs that affect the contract system negatively.
Recommendation: Consider locking the pragma version.
[NAZ-N6] Older Version Pragma
Severity: Informational Context:
All ContractsDescription: Using very old versions of Solidity prevents benefits of bug fixes and newer security checks. Using the latest versions might make contracts susceptible to undiscovered compiler bugs.
Recommendation: Consider using the most recent version.