Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

QA Report #168

Open
howlbot-integration bot opened this issue Sep 18, 2024 · 5 comments
Open

QA Report #168

howlbot-integration bot opened this issue Sep 18, 2024 · 5 comments
Labels
3rd place bug Something isn't working grade-a Q-02 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity") sponsor disputed Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue sufficient quality report This report is of sufficient quality

Comments

@howlbot-integration
Copy link

howlbot-integration bot commented Sep 18, 2024
edited
Loading

See the markdown file with the details of this report here.
@howlbot-integration howlbot-integration bot added bug Something isn't working QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax sufficient quality report This report is of sufficient quality labels Sep 18, 2024
howlbot-integration bot added a commit that referenced this issue Sep 18, 2024
@howlbot-integration
DadeKuma data for issue #168
6650a4f
howlbot-integration bot added a commit that referenced this issue Sep 18, 2024
@howlbot-integration
DadeKuma issue #168
ba3fe08
@af-afk
Copy link

af-afk commented Sep 18, 2024
edited
Loading

https://github.com/code-423n4/2024-08-superposition-findings/blob/main/data/DadeKuma-Q.md#l-01-a-user-can-burn-their-position-before-the-nft-manager-transfers-it We'll fix this. We're going to remove the burn position function.

https://github.com/code-423n4/2024-08-superposition-findings/blob/main/data/DadeKuma-Q.md#l-02-a-pool-can-be-re-initialized-by-setting-the-price-to-zero We will add a initialised field for hygiene!

https://github.com/code-423n4/2024-08-superposition-findings/blob/main/data/DadeKuma-Q.md#l-03-mod-operation-doesnt-revert-on-overflow-in-release-mode We're interested if this translates into an issue that can be identified anywhere. We'll make the recommended adjustment.

https://github.com/code-423n4/2024-08-superposition-findings/blob/main/data/DadeKuma-Q.md#l-04-file-allows-a-version-of-solidity-that-is-susceptible-to-selector-related-optimizer-bug We won't fix this, unless it can be identified that this causes an issue.

https://github.com/code-423n4/2024-08-superposition-findings/blob/main/data/DadeKuma-Q.md#l-05-vulnerability-to-storage-write-removal Does this actually affect us? It doesn't seem like we're in the affected group.

https://github.com/code-423n4/2024-08-superposition-findings/blob/main/data/DadeKuma-Q.md#l-06-payable-function-does-not-transfer-eth This is a dupe. We'll make the change.

https://github.com/code-423n4/2024-08-superposition-findings/blob/main/data/DadeKuma-Q.md#l-07-nft-ownership-doesnt-support-hard-forks We don't believe in practice this is something to be concerned about. So we're not going to make this adjustment.

https://github.com/code-423n4/2024-08-superposition-findings/blob/main/data/DadeKuma-Q.md#l-08-use-of-abiencodewithsignatureabiencodewithselector-instead-of-abiencodecall We won't make the change.

https://github.com/code-423n4/2024-08-superposition-findings/blob/main/data/DadeKuma-Q.md#l-09-lack-of-two-step-update-for-updating-protocol-addresses The power for this will be vested in the DAO, so we won't include this behaviour, as it'll likely be protected at that level.

@af-afk af-afk added sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity") sponsor disputed Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue labels Sep 18, 2024
@af-afk
Copy link

af-afk commented Sep 23, 2024

Updated the above

@af-afk
Copy link

af-afk commented Sep 23, 2024

fluidity-money/long.so@7c76316

@c4-judge
Copy link
Contributor

alex-ppg marked the issue as grade-a

@rodiontr rodiontr mentioned this issue Sep 24, 2024
Closed
@C4-Staff C4-Staff added the Q-02 label Oct 7, 2024
@thebrittfactor
Copy link

For awarding purposes, C4 staff have marked as 3rd place.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
3rd place bug Something isn't working grade-a Q-02 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity") sponsor disputed Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue sufficient quality report This report is of sufficient quality
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@af-afk @c4-judge @C4-Staff @thebrittfactor