QA Report #89
Labels
bug
Something isn't working
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
resolved
Finding has been patched by sponsor (sponsor pls link to PR containing fix)
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
Summary
It was easy to understand the logic for me because the codes have detailed explanations.
I recommended adding some more require() for better performance.
Low Risk Issues
i) contracts\BkdLocker.sol#L49
require(_govToken != address(0), Error.ZERO_ADDRESS_NOT_ALLOWED);
require(_rewardToken != address(0), Error.ZERO_ADDRESS_NOT_ALLOWED);
ii) contracts\BkdLocker.sol#L60
"maxBoost" must be greater than "startBoost", otherwise L276-L278 will be revoked.
require(maxBoost >= startBoost, Error.INVALID_AMOUNT);
iii) contracts\BkdLocker.sol#L60
"increasePeriod" must be positive, otherwise L276-L278 will be revoked.
require(increasePeriod != 0, Error.INVALID_AMOUNT);
iv) contracts\BkdLocker.sol#L123
"amount" must be positive, otherwise the user can prepare unlock endlessly.
require(amount != 0, Error.INVALID_AMOUNT);
v) contracts\BkdLocker.sol#L215
require(claimable != 0, Error.INVALID_AMOUNT);
vi) contracts\tokenomics\VestedEscrow.sol#L60
In this setFundAdmin() function at L75, it checks the first require() already.
require(fundadmin_ != address(0), Error.ZERO_ADDRESS_NOT_ALLOWED);
require(rewardToken_ != address(0), , Error.ZERO_ADDRESS_NOT_ALLOWED);
contracts\BkdLocker.sol#L87
There are no "deposit" or "depositFor" functions in this contract.
You need to write "lock" or "lockFor" instead.
There are 2 other functions. executeLpPoolWeight(), executeAmmTokenWeight().
contracts\tokenomics\InflationManager.sol#L151
contracts\tokenomics\InflationManager.sol#L241
contracts\tokenomics\InflationManager.sol#L326
With the above functions, the batch functions have the modifier "onlyRoles2(Roles.GOVERNANCE, Roles.INFLATION_MANAGER)".
I think the above functions should have the same modifier also.
contracts\tokenomics\VestedEscrow.sol#L113-L115
Otherwise, you can change the function like this(same as VestedEscrowRevocable.sol).
function claim() external virtual override {
claim(msg.sener);
}
The text was updated successfully, but these errors were encountered: