code-423n4 / 2024-08-basin-findings

0 stars 0 forks source link

QA Report #6

Open c4-bot-6 opened 3 weeks ago

c4-bot-6 commented 3 weeks ago

See the markdown file with the details of this report here.

Brean0 commented 3 weeks ago

QA-01: While the variable is indeed redundant, modifying __self on the UUPSUpgradeable contract would require us to have a custom implementation of the UUPSUpgradeable contract. The Basin Development Community decided this was preferable at the marginal cost of gas.

QA-02: If a Well is properly bored by an Aquifer (and initNoWellToken is called), the minimal proxy cannot call init as the owner is not set. Thus we believe this to be invalid, unless a test POC is provided.

QA-03: Accepted, the docs will be updated to reflect that the Well Function cannot be used for extremely high or low reserves.

QA-04: This is a design choice and is intentional. Developers can choose an A parameter that suites the need of the protocol by deploying a lookup table with the desired A parameter.

QA-05: Accepted, the parameter will be updated so that it's clearer for developers that the implementation should be the minimal proxy deployed by an Aquifer.

c4-judge commented 2 weeks ago

alex-ppg marked the issue as grade-a

alex-ppg commented 2 weeks ago

I would like to note that submission QA-02 is invalid and should not be included in the final QA report.

thebrittfactor commented 2 weeks ago

For awarding purposes, C4 staff have marked as selected for report and 1st place.

thebrittfactor commented 2 weeks ago

Just a note that C4 is excluding the invalid entries from the official report.