QA Report - Githubissues

code423n4 commented 1 year ago

See the markdown file with the details of this report here.

alex-ppg commented 1 year ago

I just want to add that the following issues are present in the Q&A report and were considered (and still are) of low / non-critical severity:

GalloDaSballo commented 1 year ago

KBC-01L: Improper Disable of Initializer (Affected Lines: L30)

I would partially disagree on this, will award a NC

KIB-01L: Improper Disable of Initializer (Affected Lines: L49)

See KBC-01L

KIB-02L: Insufficient Initial Epoch Sanitization (Affected Lines: L68)

L because inconsistent

KIB-03L: Discrepant Epoch Inclusivity Definitions (Affected Lines: L79-L81, L342-L345)

L because inconsistent

KIB-04L: Inexistent Enforcement of Minimums / Maximums in Yield (Affected Lines: L331)

L

KAP-01L: Improper Disable of Initializer (Affected Lines: L39)

See KBC-01L

KFC-01L: Improper Disable of Initializer (Affected Lines: L32)

See KBC-01L

KFC-02L: Improper Release Event (Affected Lines: L88, L160)

R

KFC-03L: Inexistent Duplicate Entry Prevention (Affected Lines: L175-L180)

Dup 13

KSP-01L: Inexistent Limitation of Variable Fee (Affected Lines: L360)

L

KSP-02L: Inexistent Limitation of Bond Fee (Affected Lines: L636-L643)

See KSP-01L

KSP-03L: Improper Disable of Initializer (Affected Lines: L78)

See KBC-01L

KSP-04L: Unsafe Casting of Term Months (Affected Lines: L100)

L

BLT-01L: Inexistent Sanitization of State Transitions (Affected Lines: L38, L47)

R

KYC-01L: Weak Definition of Owner (Affected Lines: L49)

Low because trusted owner, but worth flagging L

KBT-01L: Potential Approval Blacklist Bypass (Affected Lines: L148)

Dup 22

MAR-01L: Inexistent Sanitization of Maximum Answer (Affected Lines: L69-L72)

L

WRM-01L: Incorrect Code Merge (Affected Lines: L127-L137)

L, good flag IMO even in lack of exploit

GalloDaSballo commented 1 year ago

Best report by far, great work!

c4-judge commented 1 year ago

GalloDaSballo marked the issue as grade-a

c4-judge commented 1 year ago

GalloDaSballo marked the issue as selected for report

code-423n4 / 2023-02-kuma-findings

QA Report #19

KBC-01L: Improper Disable of Initializer (Affected Lines: L30)

KIB-01L: Improper Disable of Initializer (Affected Lines: L49)

KIB-02L: Insufficient Initial Epoch Sanitization (Affected Lines: L68)

KIB-03L: Discrepant Epoch Inclusivity Definitions (Affected Lines: L79-L81, L342-L345)

KIB-04L: Inexistent Enforcement of Minimums / Maximums in Yield (Affected Lines: L331)

KAP-01L: Improper Disable of Initializer (Affected Lines: L39)

KFC-01L: Improper Disable of Initializer (Affected Lines: L32)

KFC-02L: Improper Release Event (Affected Lines: L88, L160)

KFC-03L: Inexistent Duplicate Entry Prevention (Affected Lines: L175-L180)

KSP-01L: Inexistent Limitation of Variable Fee (Affected Lines: L360)

KSP-02L: Inexistent Limitation of Bond Fee (Affected Lines: L636-L643)

KSP-03L: Improper Disable of Initializer (Affected Lines: L78)

KSP-04L: Unsafe Casting of Term Months (Affected Lines: L100)

BLT-01L: Inexistent Sanitization of State Transitions (Affected Lines: L38, L47)

KYC-01L: Weak Definition of Owner (Affected Lines: L49)

KBT-01L: Potential Approval Blacklist Bypass (Affected Lines: L148)

MAR-01L: Inexistent Sanitization of Maximum Answer (Affected Lines: L69-L72)

WRM-01L: Incorrect Code Merge (Affected Lines: L127-L137)