QA Report - Githubissues

code-423n4 / 2022-10-thegraph-findings

0 stars 0 forks source link

QA Report #315

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

[L-01] Unsafe `transferFrom` methods

Some token like USDT not return boolean value so recommend to use instead safeTransferFrom methods

File: c4udit/2022-10-thegraph/contracts/gateway/L1GraphTokenGateway.sol 235, 276

token.transferFrom(from, escrow, _amount);

https://github.com/code-423n4/2022-10-thegraph/blob/fce4d7761db12f6f3edae9051cb54bf4ef11529fc4udit/2022-10-thegraph/contracts/gateway/L1GraphTokenGateway.sol/#L235

token.transferFrom(escrow, _to, _amount);

https://github.com/code-423n4/2022-10-thegraph/blob/fce4d7761db12f6f3edae9051cb54bf4ef11529fc4udit/2022-10-thegraph/contracts/gateway/L1GraphTokenGateway.sol/#L276

[L-02] Use specific compiler version

if contract is not library recomment use specific compiler version

File: c4udit/2022-10-thegraph/contracts/token/IGraphToken.sol

pragma solidity ^0.7.6;

https://github.com/code-423n4/2022-10-thegraph/blob/fce4d7761db12f6f3edae9051cb54bf4ef11529fc4udit/2022-10-thegraph/contracts/token/IGraphToken.sol/#L3

File: c4udit/2022-10-thegraph/contracts/upgrades/GraphProxy.sol

pragma solidity ^0.7.6;

https://github.com/code-423n4/2022-10-thegraph/blob/fce4d7761db12f6f3edae9051cb54bf4ef11529fc4udit/2022-10-thegraph/contracts/upgrades/GraphProxy.sol/#L3

File: c4udit/2022-10-thegraph/contracts/upgrades/GraphProxyAdmin.sol

pragma solidity ^0.7.6;

https://github.com/code-423n4/2022-10-thegraph/blob/fce4d7761db12f6f3edae9051cb54bf4ef11529fc4udit/2022-10-thegraph/contracts/upgrades/GraphProxyAdmin.sol/#L 3

File: c4udit/2022-10-thegraph/contracts/upgrades/GraphProxyStorage.sol 3

pragma solidity ^0.7.6;

https://github.com/code-423n4/2022-10-thegraph/blob/fce4d7761db12f6f3edae9051cb54bf4ef11529fc4udit/2022-10-thegraph/contracts/upgrades/GraphProxyStorage.sol/#L 3

File: c4udit/2022-10-thegraph/contracts/upgrades/GraphUpgradeable.sol 3

pragma solidity ^0.7.6;

https://github.com/code-423n4/2022-10-thegraph/blob/fce4d7761db12f6f3edae9051cb54bf4ef11529fc4udit/2022-10-thegraph/contracts/upgrades/GraphUpgradeable.sol/#L 3

File: c4udit/2022-10-thegraph/contracts/upgrades/IGraphProxy.sol 3

pragma solidity ^0.7.6;

https://github.com/code-423n4/2022-10-thegraph/blob/fce4d7761db12f6f3edae9051cb54bf4ef11529fc4udit/2022-10-thegraph/contracts/upgrades/IGraphProxy.sol/#L 3

[L-03] Use more recent compiler version

pcarranzav commented 1 year ago

L-01 is not applicable to the scope. L-02: using a 0.7.x higher than 0.7.6 would be okay, which is what the ^ implies? L-03: would require huge (and therefore risky) changes across the codebase, we might want to do it eventually (and have a draft PR), but given the rest of the existing codebase is already 0.7.6 I'd argue keeping that version is reasonable.