Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

QA Report #163

Open
howlbot-integration bot opened this issue Jul 8, 2024 · 7 comments
Open

QA Report #163

howlbot-integration bot opened this issue Jul 8, 2024 · 7 comments
Labels
2nd place bug Something isn't working edited-by-warden grade-a Q-07 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax sufficient quality report This report is of sufficient quality

Comments

@howlbot-integration
Copy link

howlbot-integration bot commented Jul 8, 2024
edited
Loading

See the markdown file with the details of this report here.
@howlbot-integration howlbot-integration bot added bug Something isn't working edited-by-warden QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax sufficient quality report This report is of sufficient quality labels Jul 8, 2024
howlbot-integration bot added a commit that referenced this issue Jul 8, 2024
@howlbot-integration
0xhacksmithh data for issue #163
b519565
howlbot-integration bot added a commit that referenced this issue Jul 8, 2024
@howlbot-integration
0xhacksmithh issue #163
3da3c21
@aviggiano
Copy link

  1. Acknowledged. It is unlikely that Aave would turn their referral program back on. If they do, we can redeploy the contracts
  2. Disputed. This is by design
  3. Disputed. maxAPR does not consider fees
  4. Disputed. See When the borrowAToken cap is reached, users may not always be able to repay their debt in some cases due to precision errors #19
  5. Acknowledged. The choice of rounding here is arbitrary, since the protocol also wants to help out the borrower by improving their CR after a liquidation.
  6. Acknowledged. This was already flagged by Spearbit and addressed there
  7. Confirmed. Resolved in c4-016 Documentation fixes SizeCredit/size-solidity#135
  8. Disputed. This is by design
  9. Disputed. Invalid, see Chainlink's latestRoundData might return stale or incorrect results in PriceFeed.sol #212
  10. Disputed. Reverting can cause other problems, such as a failure to liquidate
  11. Acknowledged.
  12. Confirmed. Resolved in c4-016 Documentation fixes SizeCredit/size-solidity#135
  13. Disputed. See Protocol pausing during market volatility can prevent lenders from self-liquidating debt, potentially leading to significant financial losses. #199

@aviggiano aviggiano mentioned this issue Jul 9, 2024
Open
@c4-judge
Copy link
Contributor

hansfriese marked the issue as grade-b

@c4-judge
Copy link
Contributor

hansfriese marked the issue as grade-a

@c4-judge c4-judge added grade-a and removed grade-b labels Jul 14, 2024
@0xhacksmithh
Copy link

@hansfriese Please check Low-08
I think it should be a Problem when User have multiple creditPositions

For example:
To sell CreditPosit-1 where creditPosition.forSale = True User have to user.allCreditPositionsForSaleDisabled = False to get pass through that check,

when user made allCreditPositionsForSaleDisabled = False it may open up different problem,

  • as i mention when CreditPosition created it by defult set to creditPosition.forSale = True
  • in this senario may be User have multiple CreditPositions (some of them may be on good deals)
  • So other Party can buy those Position without User's selling intention
  • User may be not aware of this default selling is set to TRUE, only aware of allCreditPositionsForSaleDisabled
  • If User know about this he has to manually set all of his Positions to forSale = False
  • and reverse them on other case

thats why i submit this under QA

@0xhacksmithh
Copy link

0xhacksmithh commented Jul 16, 2024
edited
Loading

Sponcer Description on Low-03 is not clear

@hansfriese
Copy link

For Low-8, I agree with the sponsor's assessment, as it does not demonstrate any specific impacts.
The ranking of this report will be determined after a vote by the validators and myself.

@C4-Staff C4-Staff added the Q-07 label Jul 22, 2024
@thebrittfactor
Copy link
Contributor

For awarding purposes, C4 staff have marked as 2nd place.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
2nd place bug Something isn't working edited-by-warden grade-a Q-07 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax sufficient quality report This report is of sufficient quality
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@aviggiano @hansfriese @c4-judge @C4-Staff @0xhacksmithh @thebrittfactor