search

sherlock-audit / 2024-01-telcoin-judging

6 stars 5 forks source link

6160.web3 - Not imported a specific member from the module #5

Closed sherlock-admin2 closed 5 months ago

sherlock-admin2 commented 5 months ago

6160.web3

medium

Not imported a specific member from the module

Summary

Specific members of the modules should be imported

Vulnerability Detail

It is a better practice and more secure to import the specific member from a contract.

Impact

Code Snippet

https://github.com/sherlock-audit/2024-01-telcoin/blob/main/telcoin-audit/contracts/protocol/core/TelcoinDistributor.sol#L5-L8 https://github.com/sherlock-audit/2024-01-telcoin/blob/main/telcoin-audit/contracts/sablier/core/CouncilMember.sol#L4-L9 https://github.com/sherlock-audit/2024-01-telcoin/blob/main/telcoin-audit/contracts/sablier/test/TestStream.sol#L4-L5 https://github.com/sherlock-audit/2024-01-telcoin/blob/main/telcoin-audit/contracts/telx/abstract/RewardsDistributionRecipient.sol#L4 https://github.com/sherlock-audit/2024-01-telcoin/blob/main/telcoin-audit/contracts/telx/core/StakingRewards.sol#L4-L8 https://github.com/sherlock-audit/2024-01-telcoin/blob/main/telcoin-audit/contracts/telx/core/StakingRewardsFactory.sol#L4-L7 https://github.com/sherlock-audit/2024-01-telcoin/blob/main/telcoin-audit/contracts/telx/core/StakingRewardsManager.sol#L4-L7 https://github.com/sherlock-audit/2024-01-telcoin/blob/main/telcoin-audit/contracts/test/core/TestNFT.sol#L4 https://github.com/sherlock-audit/2024-01-telcoin/blob/main/telcoin-audit/contracts/test/core/TestTelcoin.sol#L4 https://github.com/sherlock-audit/2024-01-telcoin/blob/main/telcoin-audit/contracts/test/core/TestToken.sol#L4 https://github.com/sherlock-audit/2024-01-telcoin/blob/main/telcoin-audit/contracts/zodiac/core/BaseGuard.sol#L4-L6 https://github.com/sherlock-audit/2024-01-telcoin/blob/main/telcoin-audit/contracts/zodiac/core/SafeGuard.sol#L4-L5 https://github.com/sherlock-audit/2024-01-telcoin/blob/main/telcoin-audit/contracts/zodiac/interfaces/IGuard.sol#L4 https://github.com/sherlock-audit/2024-01-telcoin/blob/main/telcoin-audit/contracts/zodiac/interfaces/IReality.sol#L4 https://github.com/sherlock-audit/2024-01-telcoin/blob/main/telcoin-audit/contracts/zodiac/interfaces/IRealityETH.sol#L4 https://github.com/sherlock-audit/2024-01-telcoin/blob/main/telcoin-audit/contracts/zodiac/test/MockSafeGuard.sol#L4-L5 https://github.com/sherlock-audit/2024-01-telcoin/blob/main/telcoin-audit/contracts/zodiac/test/TestReality.sol#L4-L5 https://github.com/sherlock-audit/2024-01-telcoin/blob/main/telcoin-audit/contracts/zodiac/test/TestSafeWallet.sol#L4

Tool used

Manual Review

Recommendation

Replace every import ".../XXXX.sol"; with import {XXXX} from ".../XXXX.sol"; defining the specific member from the module.

For example, here is how the new 'import' lines should look line in the "TelcoinDistributor.sol" file:

// imports
import {SafeERC20} from "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol";
import {IERC721} from "@openzeppelin/contracts/token/ERC721/IERC721.sol";
import {Ownable2Step} from "@openzeppelin/contracts/access/Ownable2Step.sol";
import {Pausable} from "@openzeppelin/contracts/utils/Pausable.sol";
sherlock-admin2 commented 5 months ago

1 comment(s) were left on this issue during the judging contest.

takarez commented:

invalid because { This is invalid; had anything not being imported correctly the contract wouldn't have bheave the way its supposed to to; so ivalid}

nevillehuang commented 5 months ago

Invalid, informational finding with no security risk to current contract logic