Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

QA Report #3

Open
c4-bot-10 opened this issue Aug 27, 2024 · 2 comments
Open

QA Report #3

c4-bot-10 opened this issue Aug 27, 2024 · 2 comments
Labels
bug Something isn't working edited-by-warden grade-b Q-02 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax

Comments

@c4-bot-10
Copy link
Contributor

See the markdown file with the details of this report here.

@c4-bot-10 c4-bot-10 added bug Something isn't working QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax labels Aug 27, 2024
c4-bot-8 added a commit that referenced this issue Aug 27, 2024
c4-bot-9 added a commit that referenced this issue Aug 27, 2024
c4-bot-5 added a commit that referenced this issue Aug 27, 2024
@Brean0
Copy link

Brean0 commented Aug 29, 2024

QA-01: The Basin Development community accepts this risk and considers the responsibility of verifying the tokens being used in the Well to be the developer themselves.

QA-02: We disagree with this analysis, as the Lookup table is a binary tree, meaning a price can be found in O(log2). In the recommended Mitigation steps, it can be seen that that specific example would take 6 checks rather than 4 checks in the code. In practice, an if ladder with an ascending order described would have significantly more checks. The most efficient binary tree would require analysis of a stable Well, and map the most frequent price ranges near the top of the binary tree. This is not possible currently given that a 1) a Stable Well does not exist yet, and 2) this would depend on a per well basis, depending on how well the coins retain like-value.

QA-03: Given there is no damage that can occur, we accept this can occur, but will not update the code to prevent this behaviour.

QA-04: If the if block is not hit (i.e, address(this) == ___self) in the modifier, then the function that is called with this modifier must have been called by the contract, and thus is not delegated. This is the same logic seen in OpenZeppelin's notDelegated modifier.

QA-05, QA-06: Accepted, inline docs will be updated to reflect this change.

@c4-judge
Copy link

c4-judge commented Sep 2, 2024

alex-ppg marked the issue as grade-b

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working edited-by-warden grade-b Q-02 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
Projects
None yet
Development

No branches or pull requests

5 participants