search

code-423n4 / 2022-08-olympus-findings

5 stars 4 forks source link

QA Report #504

Open code423n4 opened 2 years ago

code423n4 commented 2 years ago

Unsafe ERC20 Operation(s)

Impact

Issue Information: L001

Findings:

2022-08-olympus/src/policies/Governance.sol::259 => VOTES.transferFrom(msg.sender, address(this), userVotes);
2022-08-olympus/src/policies/Governance.sol::312 => VOTES.transferFrom(address(this), msg.sender, userVotes);

Unspecific Compiler Version Pragma

While floating pragmas make sense for libraries to allow them to be included with multiple different versions of applications, it may be a security risk for application implementations.

There are 4 instances of this issue:

Findings:

File: ./src/policies/interfaces/IHeart.sol

2:      pragma solidity >=0.8.0;

https://github.com/code-423n4/2022-08-olympus/blob/b5e139d732eb4c07102f149fb9426d356af617aa/src/policies/interfaces/IHeart.sol#L2

File: ./src/policies/interfaces/IOperator.sol

2:      pragma solidity >=0.8.0;

https://github.com/code-423n4/2022-08-olympus/blob/b5e139d732eb4c07102f149fb9426d356af617aa/src/policies/interfaces/IOperator.sol#L2

Do not use Deprecated Library Functions

Impact

The usage of deprecated library functions should be discouraged.

This issue is mostly related to OpenZeppelin libraries.

There are 2 instances of this issue:

File: ./src/policies/BondCallback.sol

57:     ohm.safeApprove(address(MINTR), type(uint256).max);

https://github.com/code-423n4/2022-08-olympus/blob/b5e139d732eb4c07102f149fb9426d356af617aa/src/policies/BondCallback.sol#L57

File: ./src/policies/Operator.sol

167:    ohm.safeApprove(address(MINTR), type(uint256).max);

https://github.com/code-423n4/2022-08-olympus/blob/b5e139d732eb4c07102f149fb9426d356af617aa/src/policies/Operator.sol#L167