Open code423n4 opened 2 years ago
Issue Information: L001
2022-08-olympus/src/policies/Governance.sol::259 => VOTES.transferFrom(msg.sender, address(this), userVotes); 2022-08-olympus/src/policies/Governance.sol::312 => VOTES.transferFrom(address(this), msg.sender, userVotes);
While floating pragmas make sense for libraries to allow them to be included with multiple different versions of applications, it may be a security risk for application implementations.
There are 4 instances of this issue:
File: ./src/policies/interfaces/IHeart.sol 2: pragma solidity >=0.8.0;
https://github.com/code-423n4/2022-08-olympus/blob/b5e139d732eb4c07102f149fb9426d356af617aa/src/policies/interfaces/IHeart.sol#L2
File: ./src/policies/interfaces/IOperator.sol 2: pragma solidity >=0.8.0;
https://github.com/code-423n4/2022-08-olympus/blob/b5e139d732eb4c07102f149fb9426d356af617aa/src/policies/interfaces/IOperator.sol#L2
The usage of deprecated library functions should be discouraged.
This issue is mostly related to OpenZeppelin libraries.
There are 2 instances of this issue:
File: ./src/policies/BondCallback.sol 57: ohm.safeApprove(address(MINTR), type(uint256).max);
https://github.com/code-423n4/2022-08-olympus/blob/b5e139d732eb4c07102f149fb9426d356af617aa/src/policies/BondCallback.sol#L57
File: ./src/policies/Operator.sol 167: ohm.safeApprove(address(MINTR), type(uint256).max);
https://github.com/code-423n4/2022-08-olympus/blob/b5e139d732eb4c07102f149fb9426d356af617aa/src/policies/Operator.sol#L167
Unsafe ERC20 Operation(s)
Impact
Issue Information: L001
Findings:
Unspecific Compiler Version Pragma
While floating pragmas make sense for libraries to allow them to be included with multiple different versions of applications, it may be a security risk for application implementations.
There are 4 instances of this issue:
Findings:
https://github.com/code-423n4/2022-08-olympus/blob/b5e139d732eb4c07102f149fb9426d356af617aa/src/policies/interfaces/IHeart.sol#L2
https://github.com/code-423n4/2022-08-olympus/blob/b5e139d732eb4c07102f149fb9426d356af617aa/src/policies/interfaces/IOperator.sol#L2
Do not use Deprecated Library Functions
Impact
The usage of deprecated library functions should be discouraged.
This issue is mostly related to OpenZeppelin libraries.
There are 2 instances of this issue:
https://github.com/code-423n4/2022-08-olympus/blob/b5e139d732eb4c07102f149fb9426d356af617aa/src/policies/BondCallback.sol#L57
https://github.com/code-423n4/2022-08-olympus/blob/b5e139d732eb4c07102f149fb9426d356af617aa/src/policies/Operator.sol#L167