search

code-423n4 / 2024-08-superposition-findings

2 stars 1 forks source link

QA Report #167

Open howlbot-integration[bot] opened 2 months ago

howlbot-integration[bot] commented 2 months ago

See the markdown file with the details of this report here.

af-afk commented 2 months ago

https://github.com/code-423n4/2024-08-superposition-findings/blob/main/data/prapandey031-Q.md#low-1-use-of-unsafe-math-in-the-swap-function Is this a dupe?

https://github.com/code-423n4/2024-08-superposition-findings/blob/main/data/prapandey031-Q.md#low-2-no-check-for-zero-amount-in-swap-function Is this a dupe?

https://github.com/code-423n4/2024-08-superposition-findings/blob/main/data/prapandey031-Q.md#low-3-no-function-to-set-the-fee_protocol-of-a-pool This is a dupe.

https://github.com/code-423n4/2024-08-superposition-findings/blob/main/data/prapandey031-Q.md#low-4-no-use-of-seconds-and-tick_cumulative-values-of-a-tick We'll remove this!

https://github.com/code-423n4/2024-08-superposition-findings/blob/main/data/prapandey031-Q.md#low-5-removal-of-liquidity-also-requires-the-pool-to-be-enabled Dupe, we'll change the behaviour.

c4-judge commented 2 months ago

alex-ppg marked the issue as grade-b

Ys-Prakash commented 2 months ago

Hi @alex-ppg

Thank you for judging this contest.

The issue LOW-3 has been upgraded to a duplicate Medium.

However:

  1. LOW-5 is a duplicate of #31 and has not been upgraded to its duplicate as a Medium. The sponsor has also acknowledged above that LOW-5 is a duplicate.

  2. LOW-1 is a duplicate of #50 and has not been upgraded to its duplicate as a Medium. The sponsor confirmed #50 so this means they want to fix this.

Thank you

alex-ppg commented 1 month ago

Hey @Ys-Prakash, thank you for your PJQA contribution! While LOW-5 is indeed a proper duplicate, LOW-1 lacks sufficient rationale to be considered a duplicate of #50 and will remain unrewarded similar to other Uniswap inconsistencies that were pointed out but lacked sufficient justification.

Ys-Prakash commented 1 month ago

Hi @alex-ppg

Thank you for upgrading LOW-5. I could not comprehend your decision of declaring it as partial-50. As you said above that LOW-5 is a "proper" duplicate. I have mentioned the exact root cause as well as the exact mitigation as of the original issue #31. I understand that LOW-5 is less descriptive. But the exact root cause and the exact mitigation is mentioned clearly.

Thank you.