QA Report #126

code423n4 · 2022-06-03T17:11:30Z

Typos

https://github.com/code-423n4/2022-05-backd/blob/2a5664d35cde5b036074edef3c1369b984d10010/protocol/contracts/AddressProvider.sol#L237

     * @param key Key to feeze

Change feeze to freeze

https://github.com/code-423n4/2022-05-backd/blob/2a5664d35cde5b036074edef3c1369b984d10010/protocol/contracts/BkdLocker.sol#L173

     * @dev This does not invlude the gov. tokens queued for withdrawal.

Change invlude to include

https://github.com/code-423n4/2022-05-backd/blob/2a5664d35cde5b036074edef3c1369b984d10010/protocol/contracts/tokenomics/FeeBurner.sol#L29

    event Burned(address targetLpToken, uint256 amountBurned); // Emmited after a successfull burn to target lp token

Change Emmited to Emitted

https://github.com/code-423n4/2022-05-backd/blob/2a5664d35cde5b036074edef3c1369b984d10010/protocol/contracts/tokenomics/FeeBurner.sol#L35

    receive() external payable {} // Recieve function for withdrawing from Backd ETH Pool

Change Recieve to Receive

https://github.com/code-423n4/2022-05-backd/blob/2a5664d35cde5b036074edef3c1369b984d10010/protocol/contracts/tokenomics/FeeBurner.sol#L84

        // Transfering LP tokens back to sender

Change Transfering to Transferring

https://github.com/code-423n4/2022-05-backd/blob/2a5664d35cde5b036074edef3c1369b984d10010/protocol/contracts/tokenomics/InflationManager.sol#L532

    //TOOD: See if this is still needed somewhere

Change TOOD to TODO

Issue: Require error message typo

Explanation: Messages should provide clear information for users to understand reason for failure

https://github.com/code-423n4/2022-05-backd/blob/2a5664d35cde5b036074edef3c1369b984d10010/protocol/contracts/utils/Preparable.sol#L29

        require(_annualInflationDecayAmm < ScaledMath.ONE, Error.INVALID_PARAMETER_VALUE);

Change the referenced error message from delay be at least 3 days to delay must be at least 3 days

Issue: Sensitive terms in both the comments and the code should be updated

Explanation: Terms incorporating "white," "black," "master" or "slave" are potentially problematic. Substituting more neutral terminology is becoming common practice

https://github.com/code-423n4/2022-05-backd/blob/2a5664d35cde5b036074edef3c1369b984d10010/protocol/contracts/tokenomics/InflationManager.sol#L336

     * @param strategyPool The pool of the strategy to register (avoids blacklisting other addresses).

Suggestion: Change blacklisting to denylisting

https://github.com/code-423n4/2022-05-backd/blob/2a5664d35cde5b036074edef3c1369b984d10010/protocol/contracts/AddressProvider.sol#L64

        require(!_whiteListedFeeHandlers.contains(feeHandler), Error.ADDRESS_WHITELISTED);

Suggestion: Change 'whitelisted' to 'allowlisted' in each case

Similarly for the following instances of 'whitelist' and its variations:

https://github.com/code-423n4/2022-05-backd/blob/2a5664d35cde5b036074edef3c1369b984d10010/protocol/contracts/AddressProvider.sol#L36

https://github.com/code-423n4/2022-05-backd/blob/2a5664d35cde5b036074edef3c1369b984d10010/protocol/contracts/AddressProvider.sol#L65

https://github.com/code-423n4/2022-05-backd/blob/2a5664d35cde5b036074edef3c1369b984d10010/protocol/contracts/AddressProvider.sol#L71-L72

https://github.com/code-423n4/2022-05-backd/blob/2a5664d35cde5b036074edef3c1369b984d10010/protocol/contracts/AddressProvider.sol#L302

https://github.com/code-423n4/2022-05-backd/blob/2a5664d35cde5b036074edef3c1369b984d10010/protocol/contracts/Controller.sol#L51

https://github.com/code-423n4/2022-05-backd/blob/2a5664d35cde5b036074edef3c1369b984d10010/protocol/contracts/tokenomics/InflationManager.sol#L181

https://github.com/code-423n4/2022-05-backd/blob/2a5664d35cde5b036074edef3c1369b984d10010/protocol/contracts/tokenomics/InflationManager.sol#L452

https://github.com/code-423n4/2022-05-backd/blob/2a5664d35cde5b036074edef3c1369b984d10010/protocol/contracts/tokenomics/KeeperGauge.sol#L79-L80

Issue: TODOs that have not been addressed
Explanation: Open TODOs should be worked through and removed

https://github.com/code-423n4/2022-05-backd/blob/2a5664d35cde5b036074edef3c1369b984d10010/protocol/contracts/tokenomics/InflationManager.sol#L532

    //TOOD: See if this is still needed somewhere

The text was updated successfully, but these errors were encountered:

GalloDaSballo · 2022-06-20T15:55:59Z

Thorough review of typos much appreciated

code423n4 added bug Something isn't working QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax labels Jun 3, 2022

code423n4 added a commit that referenced this issue Jun 3, 2022

delfin454000 issue #126

9c2d65c

chase-manning added sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity") resolved Finding has been patched by sponsor (sponsor pls link to PR containing fix) labels Jun 6, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

QA Report #126

QA Report #126

code423n4 commented Jun 3, 2022

GalloDaSballo commented Jun 20, 2022

QA Report #126

QA Report #126

Comments

code423n4 commented Jun 3, 2022

GalloDaSballo commented Jun 20, 2022