QA Report #40
Labels
bug
Something isn't working
disagree with severity
Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments)
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
Lows and Non-Critical
check that the deposit cap is greater than the deposit amount in
setGlobalDepositCap
in theCollateralDepositRecord
contractThis might be a thing you want to check, to avoid from a situation where the system is in an invalid state.
inconsistent usage of safe and unsafe transfer functions
Use
safeTransfer
andsafeTransferFrom
instead of usingtransfer
andtransferFrom
in thePrePOMarket
contract.wrong comment in the
deposit
function of theCollateral
contractcost per share is
total value / total supply
, and nottotal supply / total value
(the implementation is correct, just the comment is wrong).front-runnable initializer (can be solved using access controls)
An attacker can front run and call the
initialize
function with unwanted values and taking over the ownership of the contract, making the contract to be redeployed. This can be avoided by giving access controls in the constructor, which means that only the address that created the contract will be able to call the initialize function.LongShortToken
contract doesn't implement the correspondingILongShortToken
interface (it does implement its functions, just not declaring that it is implementing it)The text was updated successfully, but these errors were encountered: