QA Report #276
Labels
bug
Something isn't working
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
Comments
code423n4
added
bug
|
this can be bumped to medium severity: |
# for free
to join this conversation on GitHub.
Already have an account?
# to comment
1st issue : Wrong revert comment
In L169, the revert comment should be "Reserve strike too large"
2nd issue : Error in calculation of fee
While calculating fee, in the block L282-L286, the calculation doesn't take into account for smaller
feeRateandvault.currentStrike.Because , when the
vault.currentStrike < 1e17andfeeRate == 1, in that case calculated fee becomes 0. So no fee is required for while exercising options bought at that price, and feerate.3rd issue : No max limit on fee
There is no max limit set on the fee rate, as seen in the
setFeefunction L119-L121Due to this a malicious owner can set a high feerate and cause griefing to it's users.
4th issue : Use of block.timestamp
block.timestamp can be manipulated by miners.
https://github.com/code-423n4/2022-05-cally/blob/main/contracts/src/Cally.sol#L228
The text was updated successfully, but these errors were encountered: