Report

Low Risk

[L-01]: Missing checks for address(0x0)

Context:

Recommendation:

Add non-zero address checks when set address state variables.

Non-Critical Issues

[N-01]: Wrong order of functions

Context:

https://github.com/code-423n4/2022-10-inverse/blob/main/src/DBR.sol#L266 (internal functions must be after all external and public functions)
https://github.com/code-423n4/2022-10-inverse/blob/main/src/Market.sol#L101 (internal functions must be after all external and public functions)
https://github.com/code-423n4/2022-10-inverse/blob/main/src/Market.sol#L226 (internal functions must be after all external and public functions)
https://github.com/code-423n4/2022-10-inverse/blob/main/src/Market.sol#L245 (internal functions must be after all external and public functions)
https://github.com/code-423n4/2022-10-inverse/blob/main/src/Market.sol#L323 (internal functions must be after all external and public functions)
https://github.com/code-423n4/2022-10-inverse/blob/main/src/Market.sol#L344 (internal functions must be after all external and public functions)
https://github.com/code-423n4/2022-10-inverse/blob/main/src/Market.sol#L353 (internal functions must be after all external and public functions)
https://github.com/code-423n4/2022-10-inverse/blob/main/src/Market.sol#L389 (internal functions must be after all external and public functions)
https://github.com/code-423n4/2022-10-inverse/blob/main/src/Market.sol#L460 (internal functions must be after all external and public functions)

Description:

According official solidity documentation functions should be grouped according to their visibility and ordered:

constructor
receive function (if exists)
fallback function (if exists)
external
public
internal
private

Recommendation:

Put the functions in the correct order according to the documentation.

[N-02]: Public functions can be external

Context:

Description:

Public functions can be declared external if they are not called by the contract.

Recommendation:

Declare these functions as external instead of public.

[N-03]: Require() statements should have descriptive reason string

[N-04]: NatSpec is missing

[N-05]: Typos

Context:

@param deniedContract The addres of the denied contract L36 (change addres to address)
Operator role must be claimed by the new oprator. L50 (change oprator to operator)
@param newReplenishmentPriceBps_ The new replen L60 (change replen to replenishmentPriceBps)
@param newReplenishmentPriceBps_ The new replen L60 (change replen to replenishmentPriceBps)
@param newReplenishmentPriceBps_ The new replen L60 (change replen to replenishmentPriceBps)
@param newReplenishmentPriceBps_ The new replen L60 (change replen to replenishmentPriceBps)
@param newReplenishmentPriceBps_ The new replen L60 (change replen to replenishmentPriceBps)
@param newReplenishmentPriceBps_ The new replen L60 (change replen to replenishmentPriceBps)
@param newReplenishmentPriceBps_ The new replen L60 (change replen to replenishmentPriceBps)
@param newReplenishmentPriceBps_ The new replen L60 (change replen to replenishmentPriceBps)
Will return 0 if th user has zero DBR or more. L128 (change th to the)
At 5000, 50% of of a borrower's underwater debt can be liquidated. L157 (change of of to of)
@param _liquidationIncentiveBps The new liqudation incentive set in basis points. 1 = 0.01% L181 (change liqudation to liquidation)
@param amount The amount od DOLA to recall to the the lender. L201 (change od to of)
@param amount The amount od DOLA to recall to the the lender. L201 (change the the to the)

code-423n4 / 2022-10-inverse-findings

QA Report #567

Report

Low Risk

[L-01]: Missing checks for address(0x0)

Non-Critical Issues

[N-01]: Wrong order of functions

[N-02]: Public functions can be external

[N-03]: Require() statements should have descriptive reason string

[N-04]: NatSpec is missing

[N-05]: Typos