QA Report #95
Labels
bug
Something isn't working
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
resolved
Finding has been patched by sponsor (sponsor pls link to PR containing fix)
sponsor acknowledged
Technically the issue is correct, but we're not going to resolve it for XYZ reasons
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
Comments
code423n4
added
bug
wilsoncusack
added
sponsor acknowledged
|
can update comment |
wilsoncusack
added
the
resolved
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Summary:
The codebase and security practices are well implemented, with no comments on that apart from some low and non-critical findings.
Low findings :
[N01] Inconsistent use of safeTransferFrom and transferFrom for ERC721:
NFTLoanFacilitator.sol uses both, for example in line 88 it uses transferFrom and in line 242 it uses safeTransferFrom. It is a bit confusing for the reader the intentions of using the 2 of them in the same contract. Try to choose one of them for better consistency in the code.
[N02] Leap-years considerations
The function _interestOwed in line 372 of NFTLoanFacilitator.sol calculates interest always considering a year like 365 days. Try 36525 instead for more precision and multiply the numerator by 100.
Non-critical findings:
[N03] Confusing comment
In line 164 of NFTLoanFacilitator.sol there is a confusing or maybe incomplete comment. Since solidity 0.8 underflows and overflows reverts, so consider adding to the comment that the operation will throw an error. The comment just says "will underflow if amount < previousAmount".
The text was updated successfully, but these errors were encountered: