search

code-423n4 / 2024-05-olas-findings

13 stars 4 forks source link

QA Report #114

Open howlbot-integration[bot] opened 4 months ago

howlbot-integration[bot] commented 4 months ago

See the markdown file with the details of this report here.

c4-judge commented 4 months ago

0xA5DF marked the issue as grade-a

c4-sponsor commented 4 months ago

kupermind (sponsor) acknowledged

Rhaydden commented 4 months ago

Hi @0xA5DF, Thank you for the swift judging of this contest.

Respectfully, we'd like to point you to some potential upgrades.

QA-26 --> #38

QA-17 --> #26

QA-15 --> #64

QA-11 --> #36

Also we'd like to earnestly request you take a look at QA-14, QA-23 and QA-24 and see if they're deemed fit for upgrades too. Thank you

0xA5DF commented 4 months ago

QA-26 --> https://github.com/code-423n4/2024-05-olas-findings/issues/38

I don't see how they're dupes

QA-17 --> https://github.com/code-423n4/2024-05-olas-findings/issues/26

Upgraded

QA-15 --> https://github.com/code-423n4/2024-05-olas-findings/issues/64

Not the same issue

QA-11 --> https://github.com/code-423n4/2024-05-olas-findings/issues/36

Have you read both issues? I don't see how those are related at all. The #36 talks about a broken accounting of the total sum.

⚠️Note: When asking to upgrade, I expect you to:

This is part of the good citizen policy

In order to be eligible for awards, competitors must contribute more value than they take.

Also we'd like to earnestly request you take a look at QA-14, QA-23 and QA-24

If they're not dupes of existing HMs then no, if you think that something is more than low then please submit it as such in the first place

0xEVom commented 4 months ago

@0xA5DF I don't think QA-17 is a dupe of #26 either.

It does not point out that the withheld amount may be unnormalized, but instead claims the normalization in a different function (syncWithheldAmountMaintenance()) may lead to precision loss. This is incorrect as this is an admin controlled function, and the normalization in this function is actually correct - the actual issue is that it is missing in the syncWithheldAmount() function.

0xA5DF commented 4 months ago

You're right, I've missed that. Thanks for pointing this out! nullified #123