Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

QA Report #91

Open
code423n4 opened this issue Feb 23, 2022 · 0 comments
Open

QA Report #91

code423n4 opened this issue Feb 23, 2022 · 0 comments
Labels
bug Something isn't working QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax sponsor disputed Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue

Comments

@code423n4
Copy link
Contributor

Summary of Findings

Issue#1 : Null address check missing in setGovernance()
Issue#2 : Input validation for _maintenanceMargin missing in setParams

Details Issue#1

Title : Null address check missing in setGovernance()

Impact

Null address check is not done while setting new value of governance address, which is one of the most important parameter for controlling the protocol.

Proof of Concept

Contract : Governable.sol

function _setGovernace(address _governance) internal {
    governance = _governance;
}

Recommended Mitigation Steps

Add require statement to check for null address

require(_governance != address(0), "Zero Address")

Details Issue#2

Title : Input validation for _maintenanceMargin missing in setParams

Impact

Missing input validation for important protocol parameter maintenanceMargin
During initialization, the value for this parameter is checked, however during any subsequent update, its not checked.

Proof of Concept

Contract : ClearningHouse.sol
Function : setParams()
Line : 344

Recommended Mitigation Steps

Add input validation as used in the initialize() function in the setParams function also

require(_maintenanceMargin > 0, "_maintenanceMargin < 0");
@code423n4 code423n4 added QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax bug Something isn't working labels Feb 23, 2022
code423n4 added a commit that referenced this issue Feb 23, 2022
@atvanguard atvanguard added the sponsor disputed Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue label Feb 26, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax sponsor disputed Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue
Projects
None yet
Development

No branches or pull requests

2 participants