QA Report #46
Labels
bug
Something isn't working
QA - High quality report
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
Summary
Low Risk Issues
tokenURI()
shows invalid premium dataCally
does not follow ERC721 standardBase64.encode()
broken on L2 ArbitrumTotal: 4 instances over 4 issues
Non-critical Issues
_safeMint()
safeTransferFrom()
for NFTsconstant
s should be defined rather than using magic numbersindexed
fieldsTotal: 31 instances over 12 issues
Low Risk Issues
1.
tokenURI()
shows invalid premium datagetPremium()
takes in avaultId
not a premium indexThere is 1 instance of this issue:
https://github.com/code-423n4/2022-05-cally/blob/1849f9ee12434038aa80753266ce6a2f2b082c59/contracts/src/Cally.sol#L464
2. Final vault mintable locks asset forever
vaultId
is auint256
andtype(uint256).max
is odd and therefore a validvaultId
.optionId
s are always one more than thevaultId
, and for that case, the addition will cause an overflow. The overflow happens for both buying and withdrawing, so once added, assets are stuck forever in that specific vaultThere is 1 instance of this issue:
https://github.com/code-423n4/2022-05-cally/blob/1849f9ee12434038aa80753266ce6a2f2b082c59/contracts/src/Cally.sol#L333-L335
3.
Cally
does not follow ERC721 standardbalanceOf()
returns the wrong value for all users. It's not reasonable to disregard the standard to just save gas. The purpose of a standard is to ensure interoperability, and this current code breaks that. We file lots of medium-risk issues on various projects because Tether (USDT) does things in a non-standard way which leads to bugs in other people's code because they don't know about the idiosyncrasies. This project is introducing yet another potential attack vector.There is 1 instance of this issue:
https://github.com/code-423n4/2022-05-cally/blob/1849f9ee12434038aa80753266ce6a2f2b082c59/contracts/src/CallyNft.sol#L35-L37
4.
Base64.encode()
broken on L2 ArbitrumSee this issue filed against the source project. Feel free to downgrade to non-critical if Cally is only meant for Ethereum L1. Use OpenZeppelin's
Base64.encode()
insteadThere is 1 instance of this issue:
https://github.com/code-423n4/2022-05-cally/blob/1849f9ee12434038aa80753266ce6a2f2b082c59/contracts/lib/base64/base64.sol#L48-L56
Non-critical Issues
1. Not following best practice of using
_safeMint()
The code should allow recipients to reject NFTs, by calling
_safeMint()
, which triggers transfer hooks in the recipientThere is 1 instance of this issue:
https://github.com/code-423n4/2022-05-cally/blob/1849f9ee12434038aa80753266ce6a2f2b082c59/contracts/src/Cally.sol#L193
2. Not following best practice of using
safeTransferFrom()
for NFTsThe code should allow recipients to reject NFTs, by calling
safeTransferFrom()
, which triggers transfer hooks in the recipientThere are 2 instances of this issue:
https://github.com/code-423n4/2022-05-cally/blob/1849f9ee12434038aa80753266ce6a2f2b082c59/contracts/src/Cally.sol#L295
https://github.com/code-423n4/2022-05-cally/blob/1849f9ee12434038aa80753266ce6a2f2b082c59/contracts/src/Cally.sol#L344
3. Sellers should be allowed to list at the reserve strike
The condition below should use
<=
rather than<
There is 1 instance of this issue:
https://github.com/code-423n4/2022-05-cally/blob/1849f9ee12434038aa80753266ce6a2f2b082c59/contracts/src/Cally.sol#L169
4.
constant
s should be defined rather than using magic numbersThere are 14 instances of this issue:
https://github.com/code-423n4/2022-05-cally/blob/1849f9ee12434038aa80753266ce6a2f2b082c59/contracts/src/Cally.sol
https://github.com/code-423n4/2022-05-cally/blob/1849f9ee12434038aa80753266ce6a2f2b082c59/contracts/src/CallyNft.sol
https://github.com/code-423n4/2022-05-cally/blob/1849f9ee12434038aa80753266ce6a2f2b082c59/contracts/lib/base64/base64.sol
5. Missing event for critical parameter change
There is 1 instance of this issue:
https://github.com/code-423n4/2022-05-cally/blob/1849f9ee12434038aa80753266ce6a2f2b082c59/contracts/src/Cally.sol#L119-L121
6. Typos
There are 3 instances of this issue:
https://github.com/code-423n4/2022-05-cally/blob/1849f9ee12434038aa80753266ce6a2f2b082c59/contracts/src/Cally.sol#L135
https://github.com/code-423n4/2022-05-cally/blob/1849f9ee12434038aa80753266ce6a2f2b082c59/contracts/src/Cally.sol#L145
https://github.com/code-423n4/2022-05-cally/blob/1849f9ee12434038aa80753266ce6a2f2b082c59/contracts/src/Cally.sol#L426
7. File is missing NatSpec
There are 2 instances of this issue:
https://github.com/code-423n4/2022-05-cally/blob/1849f9ee12434038aa80753266ce6a2f2b082c59/contracts/src/CallyNft.sol
https://github.com/code-423n4/2022-05-cally/blob/1849f9ee12434038aa80753266ce6a2f2b082c59/contracts/lib/hot-chain-svg/contracts/SVG.sol
8. NatSpec is incomplete
There are 3 instances of this issue:
https://github.com/code-423n4/2022-05-cally/blob/1849f9ee12434038aa80753266ce6a2f2b082c59/contracts/src/Cally.sol#L156-L166
https://github.com/code-423n4/2022-05-cally/blob/1849f9ee12434038aa80753266ce6a2f2b082c59/contracts/src/Cally.sol#L205-L207
https://github.com/code-423n4/2022-05-cally/blob/1849f9ee12434038aa80753266ce6a2f2b082c59/contracts/src/Cally.sol#L385-L387
9. Event is missing
indexed
fieldsEach
event
should use threeindexed
fields if there are three or more fieldsThere is 1 instance of this issue:
https://github.com/code-423n4/2022-05-cally/blob/1849f9ee12434038aa80753266ce6a2f2b082c59/contracts/src/Cally.sol#L56
10. Consider adding the ability to auto-exercise at expiration
Most equity brokers automatically exercise options if they're in the money at expiration. It would be good to allow hooking up WETH and attempting to transfer and unwrap if still set at expiration
There is 1 instance of this issue:
https://github.com/code-423n4/2022-05-cally/blob/1849f9ee12434038aa80753266ce6a2f2b082c59/contracts/src/Cally.sol#L243-L246
11. Consider using a two-step ownership transfer model
Having a two-step ownership transfer is safer because it ensures the new owner is actually valid
There is 1 instance of this issue:
https://github.com/code-423n4/2022-05-cally/blob/1849f9ee12434038aa80753266ce6a2f2b082c59/contracts/src/Cally.sol#L32
12. Consider making vault creation pausable
This can help mitigate issues where a vulnerability is found after deployment
There is 1 instance of this issue:
https://github.com/code-423n4/2022-05-cally/blob/1849f9ee12434038aa80753266ce6a2f2b082c59/contracts/src/Cally.sol#L158
The text was updated successfully, but these errors were encountered: