L-1. Large number of elements may cause out-of-gas error
Description
Loops that do not have a fixed number of iterations, for example, loops that depend on storage values, have to be used carefully: Due to the block gas limit, transactions can only consume a certain amount of gas. Either explicitly or just due to normal operation, the number of iterations in a loop can grow beyond the block gas limit, which can cause the complete contract to be stalled at a certain point.
Add require statement or custom error - times <= validators.length.
Non-Critical Risk Findings (4)
NC-1. Order of Layout
Description
According to Order of Layout, inside each contract, library or interface, use the following order:
1) Type declarations
2) State variables
3) Events
4) Modifiers
5) Functions
Contracts should be deployed with the same compiler version. It helps to ensure that contracts do not accidentally get deployed using, for example, an outdated compiler version that might introduce bugs that affect the contract system negatively.
QA Report for Frax Ether Liquid Staking contest
Overview
During the audit, 3 low and 4 non-critical issues were found.
Low Risk Findings (3)
L-1. Large number of elements may cause out-of-gas error
Description
Loops that do not have a fixed number of iterations, for example, loops that depend on storage values, have to be used carefully: Due to the block gas limit, transactions can only consume a certain amount of gas. Either explicitly or just due to normal operation, the number of iterations in a loop can grow beyond the block gas limit, which can cause the complete contract to be stalled at a certain point.
Instances
Recommendation
Restrict the maximum number of elements.
#
L-2. Check zero denominator
Description
If the input parameter is equal to zero, this will cause the call failure on division.
Instances
Recommendation
Add the check to prevent function call failure.
#
L-3. Missing check
Description
No check that
times<= validators.length. Without check, the function will try to pop more elements than there are in the array.Instances
Recommendation
Add require statement or custom error -
times <= validators.length.Non-Critical Risk Findings (4)
NC-1. Order of Layout
Description
According to Order of Layout, inside each contract, library or interface, use the following order: 1) Type declarations 2) State variables 3) Events 4) Modifiers 5) Functions
Instances
Events should not be at the end of the contract:
Recommendation
Place events before modifiers.
#
NC-2. Floating pragma
Description
Contracts should be deployed with the same compiler version. It helps to ensure that contracts do not accidentally get deployed using, for example, an outdated compiler version that might introduce bugs that affect the contract system negatively.
Instances
Recommendation
According to SWC-103, pragma version should be locked.
#
NC-3. Missing NatSpec
Description
NatSpec is missing for 7 functions in 2 contracts.
Instances
Recommendation
Add NatSpec for all functions.
#
NC-4. Public functions can be external
Description
If functions are not called by the contract where they are defined, they can be declared external.
Instances
Recommendation
Make public functions external, where possible.