Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

QA Report #172

Open
code423n4 opened this issue May 14, 2022 · 1 comment
Open

QA Report #172

code423n4 opened this issue May 14, 2022 · 1 comment
Labels
bug Something isn't working QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax

Comments

@code423n4
Copy link
Contributor

1. Check address(token) != address(0) while creating vault in createVault()

  • sanitize the user inputs beforehand to stop unnecessary reverts

2. renderSvg() uses user supplied string to return svg details potentially leading to XSS in frontend

  • SVG is susceptible to cross-site-scripting. If the front-end web interface has a mechanism to render the SVG with user supplied params, this can lead to potential XSS.
@code423n4 code423n4 added bug Something isn't working QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax labels May 14, 2022
code423n4 added a commit that referenced this issue May 14, 2022
@code423n4
0xf15ers issue #172
8c157b0
@HardlyDifficult HardlyDifficult mentioned this issue May 22, 2022
Closed
@HardlyDifficult
Copy link
Collaborator

Merging with #171

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@HardlyDifficult @code423n4