-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
QA Report #3
Comments
QA-01: The Basin Development community accepts this risk and considers the responsibility of verifying the tokens being used in the Well to be the developer themselves. QA-02: We disagree with this analysis, as the Lookup table is a binary tree, meaning a price can be found in O(log2). In the recommended Mitigation steps, it can be seen that that specific example would take 6 checks rather than 4 checks in the code. In practice, an if ladder with an ascending order described would have significantly more checks. The most efficient binary tree would require analysis of a stable Well, and map the most frequent price ranges near the top of the binary tree. This is not possible currently given that a 1) a Stable Well does not exist yet, and 2) this would depend on a per well basis, depending on how well the coins retain like-value. QA-03: Given there is no damage that can occur, we accept this can occur, but will not update the code to prevent this behaviour. QA-04: If the if block is not hit (i.e, address(this) == ___self) in the modifier, then the function that is called with this modifier must have been called by the contract, and thus is not delegated. This is the same logic seen in OpenZeppelin's QA-05, QA-06: Accepted, inline docs will be updated to reflect this change. |
alex-ppg marked the issue as grade-b |
See the markdown file with the details of this report here.
The text was updated successfully, but these errors were encountered: