Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

QA Report #1839

Open
code423n4 opened this issue Sep 5, 2023 · 7 comments
Open

QA Report #1839

code423n4 opened this issue Sep 5, 2023 · 7 comments
Labels
bug Something isn't working grade-b Q-16 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax sufficient quality report This report is of sufficient quality

Comments

@code423n4
Copy link
Contributor

See the markdown file with the details of this report here.
@code423n4 code423n4 added bug Something isn't working QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax labels Sep 5, 2023
code423n4 added a commit that referenced this issue Sep 5, 2023
@code423n4
catellatech issue #1839
08eb456
code423n4 added a commit that referenced this issue Sep 5, 2023
@code423n4
catellatech data for issue #1839
8a321d1
@c4-pre-sort
Copy link

bytes032 marked the issue as sufficient quality report

@c4-pre-sort c4-pre-sort added the sufficient quality report This report is of sufficient quality label Sep 10, 2023
@GalloDaSballo
Copy link

GalloDaSballo commented Oct 10, 2023
edited
Loading

In the contract RdpxDecayingBonds.mint the require is redundant
L
The RdpxV2Core.approveContractToSpend() function doesn't perform as described in its NatSpec and function name
I
In the RdpxDecayingBonds:emergencyWithdraw function exist a wrong assumption
I
Remove/resolve the comments like the following
I
Potential accidental inclusion of ERC20Burnable in xETHDpxEthToken contract
R
Multiple uint mappings can be combined into a single mapping of a uint to a struct, where appropriate
-3, not applicable (indexes have diff meaning)
In the PerpetualAtlanticVaultLP.constructor missing check of input validation
-3, oos
Inconsistent Use of NatSpec
I
Inconsistent coding style
I
Empty blocks should be removed or emit something
I
Old version of OpenZeppelin Contracts used
R
In some important functions trough the scope should have better manage of events
-3, oos
In the UniV2LiquidityAmo.approveContractToSpend() function should emit some event
I
Crucial information is missing on important functions in all contracts
I
In some contracts, we find inconsistencies regarding uint256
R
We suggest to use named parameters for mapping type
I
We suggest using the OpenZeppelin SafeCast library
I
Use a single file for all system-wide constants
I
Use of deprecated function
L

2L 3R -9

@c4-judge c4-judge added grade-c unsatisfactory does not satisfy C4 submission criteria; not eligible for awards labels Oct 20, 2023
@c4-judge
Copy link
Contributor

GalloDaSballo marked the issue as grade-c

@catellaTech
Copy link

Hello, @GalloDaSballo! I hope you're doing well. I see that you gave me a grade C, but you didn't count me about the mediums you lowered to low:

#1873
#1886

Please, take into consideration that I not only performed the quality assurance but also conducted an analysis and submitted several findings of medium severity. I will be much more attentive next time; it is not my intention to undermine the effort I put into adding value.

@catellaTech
Copy link

this report #1493 mark as grade a have four -3 bc the bot 4R and 3L. please review my report again and add to the report the lows that a i mentioned above. 🤞

@GalloDaSballo
Copy link

4L 3R -9 with dups

@c4-judge
Copy link
Contributor

GalloDaSballo marked the issue as grade-b

@c4-judge c4-judge reopened this Oct 23, 2023
@c4-judge c4-judge added grade-b and removed grade-c unsatisfactory does not satisfy C4 submission criteria; not eligible for awards labels Oct 23, 2023
@C4-Staff C4-Staff added the Q-16 label Oct 31, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working grade-b Q-16 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax sufficient quality report This report is of sufficient quality
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@GalloDaSballo @code423n4 @c4-judge @c4-pre-sort @C4-Staff @catellaTech