GalloDaSballo
commented
1 year ago L-01, ProtocolDAO.sol lines 209 - 216: Dup 742
L-02, MinipoolManager, lines 670 - 684: Dup 493
L-03, CliamNodeOp.sol lines 56-75 L
L-04, RewardsPool.sol, line 188-230 Dup 143
L-05, MinipoolManager, lines 196 - 201 L
L-06 MinipoolManager, lines 196 - 20 Already awarded
N-01 - Storage.sol line 28: change the naming of the modifier to show that guardian is allowed as well, also consistency with BaseAbstract.sol R
N-02 - vault.sol line 139, 168, 201: tokenAddress is taken as an input but the type is ERC20, it is not consistent with depositToken and the contract is behaved with like an address. This does not lead to bugs but might confuse some. NC
N-03 - ProtocolDAO.sol, line 107: Better to set all the three values together, in the edge case that the rewards are being calculated and lead to a problem! R
N-04 - staking.sol, line 46, 56: isEligible() should be checked in calculateAndDistributeRewards unless the eligibility needs to be fully controlled off-chain. In case Rialto wants to only filter some of the eligible stakers, it should be still checked on-chain. L
c4-judge
See the markdown file with the details of this report here.