QA Report

[c4-bot-9]

See the markdown file with the details of this report here.

[hvasconcelos]

[L-01] Not returning excess ETH when updating price of Pyth Oracles - Confirmed [L-02] Not enough Sanity checks to validate the data pulled from the Pyth Oracle - Acknowledged [L-03] Privileged functions on the StrategyLeverageSettings contract are callable only by the Governor instead of the Owner - Acknowledged [L-04] Price updates made on the last not-stale block would be threated as if the price would already be stale, causign calls to revert because of priceOutdated. Confirmed [L-05] Unnecessary approval of steth to uniRouter in the StrategyAAVEv3WSTETH contract. Confirmed [L-06] Contracts are incompatible with ERC20 on-fee transfer tokens Acknowledged [L-07] Incorrect operator causes tx to revert when validating the value of loanToValue in calculateLeverageRatio() function - Confirmed [L-08] Not allowed to prevent liquidations by rebalancing the vault while vault is paused - Disputed - We have the pause function to prevent any agent to interact with the protocol

[c4-judge]

0xleastwood marked the issue as grade-a

[ickas]

[L-01] fixed → https://github.com/baker-fi/bakerfi-contracts/pull/53

[ickas]

[L-02] fixed → https://github.com/baker-fi/bakerfi-contracts/pull/55

[ickas]

[L-04] fixed → https://github.com/baker-fi/bakerfi-contracts/pull/56

[ickas]

[L-05] fixed → https://github.com/baker-fi/bakerfi-contracts/pull/57

[ickas]

[L-07] fixed → https://github.com/baker-fi/bakerfi-contracts/pull/58

[thebrittfactor]

For awarding purposes, C4 staff have marked as 2nd place.