QA Report - Githubissues

code423n4 commented 1 year ago

See the markdown file with the details of this report here.

GalloDaSballo commented 1 year ago

[01] MALICIOUS USER, WHO OWNS SPLITTABLE FUNDS, CAN CALL `DripsHub.setSplits` FUNCTION TO FRONTRUN OTHER USER'S `DripsHub.split` FUNCTION CALL, WHICH CAN BREAK AGREEMENT BETWEEN THESE USERS

Dup M-04

[02] MISSING TWO-STEP PROCEDURES FOR CHANGING ADMIN AND DRIVER ADDRESS

NC

[03] EXTRA ETH AMOUNT SENT WHEN CALLING `Caller.callBatched` FUNCTION IS LOCKED IN `Caller` CONTRACT, WHICH IS RISKY TO USERS WHO DO NOT READ THIS FUNCTION'S CODE

L

[04] CALLING `DripsHub.registerDriver` FUNCTION WITH MEANINGLESS `driverAddr` INPUT FOR MANY TIMES CAN CAUSE EVENT LOG POISONING AND USE UP `dripsHubStorage.nextDriverId`

R, not realistic to dos

[05] SPLITS RECEIVERS MAY NEED TO BE UPDATED BEFORE SPLITTING FUNDS FOR DIFFERENT ERC20 TOKENS, WHICH IS INCONVENIENT

L due to lack of attack / risk

[06] MISSING `address(0)` CHECKS FOR CRITICAL ADDRESS INPUTS

L

[07] CONSTANTS CAN BE USED INSTEAD OF MAGIC NUMBERS

R

[08] `MAX_TOTAL_BALANCE` IS NOT CODED AS MINIMUM OF `_MAX_TOTAL_DRIPS_BALANCE` AND `_MAX_TOTAL_SPLITS_BALANCE`, WHICH DOES NOT MATCH CODE COMMENT

L

[09] REDUNDANT NAMED RETURNS

R

[10] FLOATING PRAGMAS

NC

[11] CONFUSING NATSPEC `@param` USAGE

NC

[12] INCOMPLETE NATSPEC COMMENTS

NC

[13] MISSING NATSPEC COMMENTS

NC

4L 3R 5NC

c4-judge commented 1 year ago

GalloDaSballo marked the issue as grade-a

code-423n4 / 2023-01-drips-findings

QA Report #298

[01] MALICIOUS USER, WHO OWNS SPLITTABLE FUNDS, CAN CALL `DripsHub.setSplits` FUNCTION TO FRONTRUN OTHER USER'S `DripsHub.split` FUNCTION CALL, WHICH CAN BREAK AGREEMENT BETWEEN THESE USERS

[02] MISSING TWO-STEP PROCEDURES FOR CHANGING ADMIN AND DRIVER ADDRESS

[03] EXTRA ETH AMOUNT SENT WHEN CALLING `Caller.callBatched` FUNCTION IS LOCKED IN `Caller` CONTRACT, WHICH IS RISKY TO USERS WHO DO NOT READ THIS FUNCTION'S CODE

[04] CALLING `DripsHub.registerDriver` FUNCTION WITH MEANINGLESS `driverAddr` INPUT FOR MANY TIMES CAN CAUSE EVENT LOG POISONING AND USE UP `dripsHubStorage.nextDriverId`

[05] SPLITS RECEIVERS MAY NEED TO BE UPDATED BEFORE SPLITTING FUNDS FOR DIFFERENT ERC20 TOKENS, WHICH IS INCONVENIENT

[06] MISSING `address(0)` CHECKS FOR CRITICAL ADDRESS INPUTS

[07] CONSTANTS CAN BE USED INSTEAD OF MAGIC NUMBERS

[08] `MAX_TOTAL_BALANCE` IS NOT CODED AS MINIMUM OF `_MAX_TOTAL_DRIPS_BALANCE` AND `_MAX_TOTAL_SPLITS_BALANCE`, WHICH DOES NOT MATCH CODE COMMENT

[09] REDUNDANT NAMED RETURNS

[10] FLOATING PRAGMAS

[11] CONFUSING NATSPEC `@param` USAGE

[12] INCOMPLETE NATSPEC COMMENTS

[13] MISSING NATSPEC COMMENTS

code-423n4 / 2023-01-drips-findings

QA Report #298

[01] MALICIOUS USER, WHO OWNS SPLITTABLE FUNDS, CAN CALL DripsHub.setSplits FUNCTION TO FRONTRUN OTHER USER'S DripsHub.split FUNCTION CALL, WHICH CAN BREAK AGREEMENT BETWEEN THESE USERS

[02] MISSING TWO-STEP PROCEDURES FOR CHANGING ADMIN AND DRIVER ADDRESS

[03] EXTRA ETH AMOUNT SENT WHEN CALLING Caller.callBatched FUNCTION IS LOCKED IN Caller CONTRACT, WHICH IS RISKY TO USERS WHO DO NOT READ THIS FUNCTION'S CODE

[04] CALLING DripsHub.registerDriver FUNCTION WITH MEANINGLESS driverAddr INPUT FOR MANY TIMES CAN CAUSE EVENT LOG POISONING AND USE UP dripsHubStorage.nextDriverId

[05] SPLITS RECEIVERS MAY NEED TO BE UPDATED BEFORE SPLITTING FUNDS FOR DIFFERENT ERC20 TOKENS, WHICH IS INCONVENIENT

[06] MISSING address(0) CHECKS FOR CRITICAL ADDRESS INPUTS

[07] CONSTANTS CAN BE USED INSTEAD OF MAGIC NUMBERS

[08] MAX_TOTAL_BALANCE IS NOT CODED AS MINIMUM OF _MAX_TOTAL_DRIPS_BALANCE AND _MAX_TOTAL_SPLITS_BALANCE, WHICH DOES NOT MATCH CODE COMMENT

[09] REDUNDANT NAMED RETURNS

[10] FLOATING PRAGMAS

[11] CONFUSING NATSPEC @param USAGE

[12] INCOMPLETE NATSPEC COMMENTS

[13] MISSING NATSPEC COMMENTS

[01] MALICIOUS USER, WHO OWNS SPLITTABLE FUNDS, CAN CALL `DripsHub.setSplits` FUNCTION TO FRONTRUN OTHER USER'S `DripsHub.split` FUNCTION CALL, WHICH CAN BREAK AGREEMENT BETWEEN THESE USERS

[03] EXTRA ETH AMOUNT SENT WHEN CALLING `Caller.callBatched` FUNCTION IS LOCKED IN `Caller` CONTRACT, WHICH IS RISKY TO USERS WHO DO NOT READ THIS FUNCTION'S CODE

[04] CALLING `DripsHub.registerDriver` FUNCTION WITH MEANINGLESS `driverAddr` INPUT FOR MANY TIMES CAN CAUSE EVENT LOG POISONING AND USE UP `dripsHubStorage.nextDriverId`

[06] MISSING `address(0)` CHECKS FOR CRITICAL ADDRESS INPUTS

[08] `MAX_TOTAL_BALANCE` IS NOT CODED AS MINIMUM OF `_MAX_TOTAL_DRIPS_BALANCE` AND `_MAX_TOTAL_SPLITS_BALANCE`, WHICH DOES NOT MATCH CODE COMMENT

[11] CONFUSING NATSPEC `@param` USAGE