search

wise-foundation / lending-audit

5 stars 4 forks source link

[DFM-01M] Inexplicable Address Literals #124

Open vm06007 opened 1 year ago

vm06007 commented 1 year ago

DFM-01M: Inexplicable Address Literals

Type Severity Location
Standard Conformity DeclarationsFeeManager.sol:L69-L70

Description:

The referenced address literals do not appear to represent any actively deployed contract and the first of the two is an active test-net wallet in multiple networks.

Impact:

It is presently unknown what these addresses are meant to represent and may be using outdated test-net values.

Example:

incentiveOwnerA = 0xf69A0e276664997357BF987df83f32a1a3F80944;
incentiveOwnerB = 0x8f741ea9C9ba34B5B8Afc08891bDf53faf4B3FE7;

Recommendation:

We advise the code to accept these values as input arguments to avoid usage of potentially incorrect addresses.

vm06007 commented 1 year ago

These are team members addresses and owners of these addresses would prefer them to be hardcoded rather passed as a parameter. These can be changed anyway using changeIncentive() functions