QA Report #207
Labels
bug
Something isn't working
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
Low Risk Vulnerabilities
1. Missing checks in
adminWriteBathToken
Rewriting
tokenToBathToken
mapping without checks could potentially cause some disruption:tokenToBathToken
now points to other contract.newBathToken
which has a different underlying token asoverwriteERC20
, strategist operations might cause irregularity.Recommended Mitigation
BathHouse
to cancel all outstanding orders of a bathToken.overwriteERC20
.https://github.com/code-423n4/2022-05-rubicon/blob/8c312a63a91193c6a192a9aab44ff980fbfd7741/contracts/rubiconPools/BathHouse.sol#L216-L229
2. Use strict equality in
RubiconRouter
Payable functions in RubiconRouter use a loose check
msg.value >= amount
, which opens up the possibility to send more ETH than necessary, potentially causing users to lose fund when interacting with faulty front-end.Recommended Mitigation
Consider using strict equality check:
Affected Lines
https://github.com/code-423n4/2022-05-rubicon/blob/8c312a63a91193c6a192a9aab44ff980fbfd7741/contracts/RubiconRouter.sol#L336-L339
https://github.com/code-423n4/2022-05-rubicon/blob/8c312a63a91193c6a192a9aab44ff980fbfd7741/contracts/RubiconRouter.sol#L390-L393
https://github.com/code-423n4/2022-05-rubicon/blob/8c312a63a91193c6a192a9aab44ff980fbfd7741/contracts/RubiconRouter.sol#L462
https://github.com/code-423n4/2022-05-rubicon/blob/8c312a63a91193c6a192a9aab44ff980fbfd7741/contracts/RubiconRouter.sol#L504-L507
3. Unused param in
BathToken.initialize
_feeTo
parameter is not used inBathToken.initialize
.Recommended Mitigation
Consider removing the parameter if it's not meant to be used during initialisation. If used, update L217 to use the value.
4. Use
call
for ETH transfersUsing
transfer()
to send ETH is discouraged as it uses a hardcoded value of2300
gas, which could cause problems when sending ETH to contracts that use more than 2300 gas in theirfallback
function. In addition, existing contracts that use less than 2300 gas now could potentially break if future hardforks modify the gas costs of their code.A more detailed implications can be read here.
Affected Lines
https://github.com/code-423n4/2022-05-rubicon/blob/8c312a63a91193c6a192a9aab44ff980fbfd7741/contracts/RubiconRouter.sol#L356
https://github.com/code-423n4/2022-05-rubicon/blob/8c312a63a91193c6a192a9aab44ff980fbfd7741/contracts/RubiconRouter.sol#L374
https://github.com/code-423n4/2022-05-rubicon/blob/8c312a63a91193c6a192a9aab44ff980fbfd7741/contracts/RubiconRouter.sol#L434
https://github.com/code-423n4/2022-05-rubicon/blob/8c312a63a91193c6a192a9aab44ff980fbfd7741/contracts/RubiconRouter.sol#L451
https://github.com/code-423n4/2022-05-rubicon/blob/8c312a63a91193c6a192a9aab44ff980fbfd7741/contracts/RubiconRouter.sol#L491
https://github.com/code-423n4/2022-05-rubicon/blob/8c312a63a91193c6a192a9aab44ff980fbfd7741/contracts/RubiconRouter.sol#L548
Recommended Mitigation
Uses
.call()
instead when sending ETH.5.
rewardsVestingWallet
cannot be initialisedCurrently there is no way to initialise
rewardsVestingWallet
inBathToken.sol
. benjamin has clarified that it will be added in the future.6. Unbounded iteration over
bonusTokens
arrayIf the
bonusTokens
array grows big enough, the gas cost to executedistributeBonusTokenRewards
could be higher than the block limit and thewithdraw
function is forever disabled.Recommended Mitigation
Keep
bonusTokens
small by adding a hard limit or add a function to removebonusTokens
.Non-critical Vulnerabilities
1. Use camel case for clarity and consistency
Struct naming typically use camel case, to avoid confusing from function and variable names. Change
struct order
tostruct Order
.https://github.com/code-423n4/2022-05-rubicon/blob/8c312a63a91193c6a192a9aab44ff980fbfd7741/contracts/rubiconPools/BathPair.sol#L61-L66
2. Remove unuseful comment
https://github.com/code-423n4/2022-05-rubicon/blob/8c312a63a91193c6a192a9aab44ff980fbfd7741/contracts/RubiconRouter.sol#L547
The text was updated successfully, but these errors were encountered: