search

code-423n4 / 2023-10-brahma-findings

8 stars 7 forks source link

QA Report #439

Open c4-submissions opened 1 year ago

c4-submissions commented 1 year ago

See the markdown file with the details of this report here.

c4-pre-sort commented 1 year ago

raymondfam marked the issue as high quality report

0xad1onchain commented 1 year ago
ID | Title | Instances | Severity |   -- | -- | -- | -- | -- https://github.com/code-423n4/2023-10-brahma-findings/issues/439#L-01 | Bypassing of check in _ensureAddressProvider() function | - | Low | NO, its a part of deployment. Incorrect deployments are not in scope https://github.com/code-423n4/2023-10-brahma-findings/issues/439#L-02 | Console Account Creation Without Policies Leads to Enforcement Challenges | - | Low | NO, no policy == no enforcement of policy https://github.com/code-423n4/2023-10-brahma-findings/issues/439#NC-01 | Add isWallet check for provided wallet address in WalletRegistry#registerSubAccount() function | - | Non Critical | NO, check already performed in SafeDeployer https://github.com/code-423n4/2023-10-brahma-findings/issues/439#NC-02 | Outdated Documentation | - | Non Critical | YES, fix method name in diagram https://github.com/code-423n4/2023-10-brahma-findings/issues/439#NC-03 | Consider to Implement Maximum SubAccount Limit | - | Non Critical | NO https://github.com/code-423n4/2023-10-brahma-findings/issues/439#NC-04 | Inconsistency in using Enumerable.AddressSet and address[] | - | Non Critical | NO, both are suited for their own ops https://github.com/code-423n4/2023-10-brahma-findings/issues/439#NC-05 | Inconsistency in Checking Ownership in ExecutorRegistry.sol | - | Non Critical | YES, add isSubAccount() https://github.com/code-423n4/2023-10-brahma-findings/issues/439#NC-06 | Immutability of Registry Addresses in AddressProvider | - | Non Critical | NO, desired design https://github.com/code-423n4/2023-10-brahma-findings/issues/439#NC-07 | Inability for Console Account to Remove policyCommit for his SubAccounts | - | Non Critical | NO, desired design https://github.com/code-423n4/2023-10-brahma-findings/issues/439#NC-08 | Adding of Additional Checks in After Execution Functions in the Protocol | - | Non Critical | NO, only guard states are checked, so that the guard via backend validation can ensure all other state is in place
c4-sponsor commented 1 year ago

0xad1onchain (sponsor) acknowledged

alex-ppg commented 1 year ago

The report is exceptional in layout and formatting, however, analysis of the report indicates that there are some incorrect findings as well as misconceptions in relation to the code of the Sponsor. As such, a grade of B will be assigned.

c4-judge commented 1 year ago

alex-ppg marked the issue as grade-b

alex-ppg commented 1 year ago

Based on the downgrade but acceptance of multiple QA findings, I will upgrade the grade of this QA report to A.

c4-judge commented 1 year ago

alex-ppg marked the issue as grade-a