Audit fixes QS2 #60
Merged
Audit fixes QS2 #60
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
amarinkovic
changed the title
|
Task linked: CU-861mnyqw6 Smart Contracts audit by Quantstamp #2 |
…when transferring entity tokens [NAY-2]
amarinkovic
force-pushed
the
audit-fixes
branch
from
383927f to
aa29d59
Compare
amarinkovic
changed the title
amarinkovic
force-pushed
the
audit-fixes
branch
from
6bf8754 to
af48d55
Compare
kevin-fruitful
force-pushed
the
audit-fixes
branch
5 times, most recently
from
f0d02b7 to
0d0bdd4
Compare
kevin-fruitful
force-pushed
the
audit-fixes
branch
5 times, most recently
from
adfc107 to
5d71f5c
Compare
amarinkovic
force-pushed
the
audit-fixes
branch
from
5d71f5c to
c0aa30a
Compare
… to check if an upgrade is valid [NAY-1]
* fix: Insufficient Contract Pausability [NAY-12] * fix: Adding Wrapped Participation Tokens as Supported External [NAY-14] * fix(6): trading commission total BP * fix(3): stakeholders arrays are sized properly * fix(8): validate upgrade expiration period updates * fix(9): validate upgrade cancellation * fix(10): validate token name is not empty * fix: formatting * fix(5): minimum policy coverage time --------- Co-authored-by: Kevin Park <[email protected]>
…istic matching in the match making algorithm. updated Nayms diamond and deployment scripts. [NAY-11]
amarinkovic
force-pushed
the
audit-fixes
branch
from
c0aa30a to
7a4db83
Compare
* fix: unused imports, typos and redundant code * fix: commission arrays length limit * fix: index address in events * fix: reuse variables * fix: remove redundant struct * chore: remove LibMeta.sol * refactor: LibDiamond.initializeDiamondCut() throws error InitializationFunctionReverted instead of require msg * docs: remove todo comments in code * docs: improve explanation of UserFacet * doc: fix some missing natspec comments * doc: fix some typos * fix: rename role updated event * doc: clarify premium commission basis points * fix: comment typos * fix: policy event test --------- Co-authored-by: Kevin Park <[email protected]>
…in lock and _unlockAllFundTransferFunctions() amendment [NAY-12]
…Unlocked amendment [NAY-22]
…ts, add docs to _stringToBytes32() [NAY-bonus1]
# Conflicts: # script/utils/DeploymentHelpers.sol
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is a cumulative change set for all the fixes, done to address findings of the second Quantstamp audit.
QS-1Arbitrary Actions Can Be Executed when Upgrading the Diamond Pattern[high]QS-2Entity Token Holders May Not Receive Future Dividends[high]QS-3Double-Counting of Dividend Payout Results in Capital Providers Not Being Able to Withdraw Dividends[high]QS-4More than the Premium Amount Can Be Spent when a Premium Is Paid[medium]QS-5Deterministically Generated Objectid Can Be Front-Run by Preselected Ids[medium]QS-6Incorrect Accounting of sysAdmins when Reassigning an Existing Admin Role[medium]QS-7Invalid Entity Update[medium]QS-8Id Aliasing Between Addresses and Associated Objectid[medium]QS-9Missing Input Validation[low]QS-10Lack of Alignment Between Commission Receivers & Stakeholders upon Policy Creation[low]QS-11Contract Owner Can Become System Admin[low]QS-12Insufficient Contract Pausability[low]QS-13Lack of Support for Inflationary Tokens[low]QS-14Adding Wrapped Participation Tokens as Supported External Tokens May Lead to Incorrect Accounting[low]QS-15Parent of an Object Can Be Overridden[low]QS-16Allowance Double-Spend Exploit[low]QS-17Mismatch Between Code and Role and Privilege Matrix[low]QS-18Gas Usage / Loop Concerns[low]QS-19Outdated Solidity Version[informational]QS-20Privileged Roles & Ownership[informational]QS-21Circular Chain of Assigners[informational]QS-22Application Monitoring Can Be Improved by Emitting More Events[informational]QS-23Entities Write Policies at a Collateralized Ratio[informational]