Skip to content

Commit

Permalink
Report for issue #238 updated by ahayashi
Browse files Browse the repository at this point in the history
  • Loading branch information
code423n4 committed Dec 18, 2022
1 parent 3ec1180 commit 5cc091a
Showing 1 changed file with 67 additions and 2 deletions.
69 changes: 67 additions & 2 deletions data/ahayashi-Q.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,4 @@
## Title
[NC-AH-01] Use `byte32(0)` instead of `byte23(0)`
# [NC-AH-01] Use `byte32(0)` instead of `byte23(0)`

## Summary
`merkleRoot` is defined as `bytes32` type but it is compared to `bytes23(0)`.
Expand All @@ -14,3 +13,69 @@ File: src/Pair.sol
465: if (merkleRoot == bytes23(0)) return;
```

# [NC-AH-02] Use a clearer constant name

## Summary
The use of `ONE` as a constant name for the amount of fractional tokens per NFT is confusing, so it should be named clearer like `FRACTIONAL_TOKEN_AMOUNT_PER_NFT`.

## Lines
```solidity
File: src/Pair.sol
20: uint256 public constant ONE = 1e18;
```

# [NC-AH-03] Add indexed fields to event

## Summary
A parameter is stored as topic by adding `indexed` to it and off-chain tools can quickly analyze it.


## Lines
```solidity
File: src/Pair.sol
30: event Add(uint256 baseTokenAmount, uint256 fractionalTokenAmount, uint256 lpTokenAmount);
31: event Remove(uint256 baseTokenAmount, uint256 fractionalTokenAmount, uint256 lpTokenAmount);
32: event Buy(uint256 inputAmount, uint256 outputAmount);
33: event Sell(uint256 inputAmount, uint256 outputAmount);
34: event Wrap(uint256[] tokenIds);
35: event Unwrap(uint256[] tokenIds);
36: event Close(uint256 closeTimestamp);
37: event Withdraw(uint256 tokenId);
```

```solidity
File: src/Caviar.sol
30: event Add(uint256 baseTokenAmount, uint256 fractionalTokenAmount, uint256 lpTokenAmount);
31: event Remove(uint256 baseTokenAmount, uint256 fractionalTokenAmount, uint256 lpTokenAmount);
32: event Buy(uint256 inputAmount, uint256 outputAmount);
33: event Sell(uint256 inputAmount, uint256 outputAmount);
34: event Wrap(uint256[] tokenIds);
35: event Unwrap(uint256[] tokenIds);
36: event Close(uint256 closeTimestamp);
37: event Withdraw(uint256 tokenId);
```


# [NC-AH-04] `wrap`, `unwrap`, `nftBuy` and `nftSell` can be called with a empty `tokenIds`

## Summary
They can also be called from the demo app.

# [NC-AH-05] zero amount of base token can be transferred

## Summary
`buy` method can be called with `buy(0, 0)` and zero amount transfer is executed at L172.

Same goes with `sell` method.

## Lines
```solidity
File: src/Pair.sol
172: ERC20(baseToken).safeTransferFrom(msg.sender, address(this), inputAmount);
```

0 comments on commit 5cc091a

Please sign in to comment.