0xLienid
commented
2 years ago Not worth checking for 0x0 address in permissioned system, and setters are as intended.
Open code423n4 opened 2 years ago
0xLienid
commented
2 years ago Not worth checking for 0x0 address in permissioned system, and setters are as intended.
No check for 0 address in
executeAction()Kernel.sol L251 Kernel.sol L253
No check for 0 address on change executor and change admin instruction. A mistake would lock the contract, unable to take actions. This seems to be used during deployment where such a mistake is super small, and during a governance proposal execution where such a mistake is a bit more likely. The latter however is protected by
ensureContract(instruction.target)on storing the instructions instore()INSTR.sol L52. Consider addingensureContract(target_)inexecuteAction()for executor and admin if those are meant to be contracts.Moving average parameters in
OlympusPricecontract are set independentlyPRICE.sol L240 PRICE.sol L266
It feels like
movingAverageDuration()andobservationFrequency()should be modified together because of the divisible check. Consider scenario: Current state is duration = 9 and frequency = 3 Instruction to change that to duration = 8 and frequency = 2 This would require 3 instructions:This seems like a waste of gas, and somewhat confusing instructions in such cases.
Consider combining this into a single function
changeMovingAverageParams()to set both parameters.