Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

QA Report #182

Open
code423n4 opened this issue May 14, 2022 · 3 comments
Open

QA Report #182

code423n4 opened this issue May 14, 2022 · 3 comments
Labels
bug Something isn't working QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax

Comments

@code423n4
Copy link
Contributor

QA

  1. QA
    1. L-Missing SetMaxFee
    2. L-Can send ETH more than buyOption premium required
    3. N-Consider use ERC721 SafeTransferFrom instead of transferFrom
    4. L-Can create vault with EOA address as ERC20 token address

L-Missing SetMaxFee

If setFee set higher than 1e18. exercise will underflow.

During live production, it is possible to accidentally set fee higher than it suppose to be.

Cap max fee 5%,10%,20%(20e17) would prevent any accident or malicious owner handling.

L-Can send ETH more than buyOption premium required

Link.
require(msg.value >= premium) should be require(msg.value == premium) to prevent user send too much eth. Only beneficiary benefit from this. Contract should protect user from these nuance mistakes.

N-Consider use ERC721 SafeTransferFrom instead of transferFrom

withdraw and exercise already implement check and effect parttern. There is no risk of reentrancy with ERC721 safeTransferFrom. This provides service for user who use special NFT wallet. Or simply prevent user from withdraw NFT to unsupported contract.

L-Can create vault with EOA address as ERC20 token address

CreateVault does not check if token have extCodeSize > 0 or not. User can create vault with EOA address as ERC20 token address (tokenType = ERC721 throw error). Interact vault with buyOption and exercise work as normal. This happens due to external raw call to EOA always return success. Interface ERC721 wrap address call does not.

Contract should prevent create accident vault with non-contract address.
@code423n4 code423n4 added bug Something isn't working QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax labels May 14, 2022
code423n4 added a commit that referenced this issue May 14, 2022
@code423n4
VAD37 issue #182
6aba618
@outdoteth
Copy link
Collaborator

these can be bumped to medium severity:
L-Missing SetMaxFee; #48
L-Can send ETH more than buyOption premium required: #84
N-Consider use ERC721 SafeTransferFrom instead of transferFrom; #38

this can be bumped to high risk:
L-Can create vault with EOA address as ERC20 token address: #225

@HardlyDifficult
Copy link
Collaborator

Although this report touches on some important changes, it's lacking detail about the potential risk / abuse that can result. Per the C4 guidance "part of auditing is demonstrating proper theory of how an issue could be exploited". Going to score this as a high quality QA report instead.

@HickupHH3
Copy link

HickupHH3 commented Jun 8, 2022
edited
Loading

For L-Can send ETH more than buyOption premium required: "to prevent user send too much eth. Only beneficiary benefit from this. " seems sufficient to me for explaining the issue. How is the description different from #245 for instance? It is also inconsistent with the decision given for #56: "the more important point is they identified an issue"

@HickupHH3 HickupHH3 mentioned this issue Jun 8, 2022
Open
@code423n4 code423n4 mentioned this issue Jun 14, 2022
Closed
@HardlyDifficult HardlyDifficult mentioned this issue Jun 14, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@HardlyDifficult @outdoteth @code423n4 @HickupHH3