QA Report #95
Labels
bug
Something isn't working
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
resolved
Finding has been patched by sponsor (sponsor pls link to PR containing fix)
sponsor acknowledged
Technically the issue is correct, but we're not going to resolve it for XYZ reasons
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
Summary:
The codebase and security practices are well implemented, with no comments on that apart from some low and non-critical findings.
Low findings :
[N01] Inconsistent use of safeTransferFrom and transferFrom for ERC721:
NFTLoanFacilitator.sol uses both, for example in line 88 it uses transferFrom and in line 242 it uses safeTransferFrom. It is a bit confusing for the reader the intentions of using the 2 of them in the same contract. Try to choose one of them for better consistency in the code.
[N02] Leap-years considerations
The function _interestOwed in line 372 of NFTLoanFacilitator.sol calculates interest always considering a year like 365 days. Try 36525 instead for more precision and multiply the numerator by 100.
Non-critical findings:
[N03] Confusing comment
In line 164 of NFTLoanFacilitator.sol there is a confusing or maybe incomplete comment. Since solidity 0.8 underflows and overflows reverts, so consider adding to the comment that the operation will throw an error. The comment just says "will underflow if amount < previousAmount".
The text was updated successfully, but these errors were encountered: