QA Report #236
Labels
bug
Something isn't working
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
QA (LOW RISK & NON-CRITICAL)
Furthermore, some tokens (like USDT) don't correctly implement the ERC20 standard and don't return a boolean.Return values of the transfers are not checked in below LOC's.
IERC20(tree.tokenAddress).transfer(destination, currentWithdrawal);
MerkleVesting.sol#L173success = success && IERC20(pool.rewardTokens[i]).transferFrom(msg.sender, address(this), amount);
PermissionlessBasicPoolFactory.sol#L144success = success && IERC20(pool.rewardTokens[i]).transfer(receipt.owner, transferAmount);
PermissionlessBasicPoolFactory.sol#L230success = success && IERC20(pool.depositToken).transfer(receipt.owner, receipt.amountDepositedWei);
PermissionlessBasicPoolFactory.sol#L233success = success && IERC20(pool.rewardTokens[i]).transfer(pool.excessBeneficiary, rewards);
PermissionlessBasicPoolFactory.sol#L252success = success && IERC20(pool.rewardTokens[i]).transfer(globalBeneficiary, tax);
PermissionlessBasicPoolFactory.sol#L269.transfer
is used for transferring ether. It is no longer recommended as recipients with custom fallback functions (smart contracts) will not be able to handle that. ReferenceFixedPricePassThruGate.sol doesn't have function to receive ether/funds.
FixedPricePassThruGate.sol,
addGate()
function doesn't check address(0) for_beneficiary
parameter which can lead the funds to burn.At FixedPricePassThruGate.sol,
passThruGate()
function did not explicitly state the input variables and NatSpec is not sufficient for this function;At FixedPricePassThruGate.sol, anyone can add arbitrary amount of gates including attacker's address as beneficiary by addGate() function. Thus, this leads to creating other attack surfaces like phishing. The contract should have strict control of creating gates like no duplicate gates should be allowed with same beneficiary address.
At FixedPricePassThruGate.sol,
data
variable is not used and the best practice is to remove unused variablesReference
At MerkleEligibility.sol, there is no address(0) check at the constructor function for
_gateMaster
At MerkleEligibility.sol, named return and returned variable is not matching;
isEligible()
function, to reach the boundry, the logic should be;instead of;
At MerkleIdentity.sol, constructor function, there is no address(0) check for
_mgmt
parameter and for setManagement() function, no address(0) check fornewMgmt
. It's recommended that the setManagement function is not handled in one step. The team might consider to use Ownable.sol of Open Zeppelin.At MerkleIdentity.sol, for setTreeAdder() function, no address(0) check for
newAdder
. It's recommended that the setTreeAdder function is not handled in one step. The team might consider to use Ownable.sol of Open Zeppelin.At MerkleIdentity.sol, setIpfsHash() function, there is no 0 value check for both the parameters.
At MerkleIdentity.sol, addMerkleTree() function, there is no 0 value and address(0) check for the parameters.
At PermissionlessBasicPoolFactory.sol, costly operations used inside a loop which might lead to an out-of-gas.
At addPool();
At withdraw();
Reference
The text was updated successfully, but these errors were encountered: