Skip to content

v1.0.0

Pre-release
Pre-release
Compare
Choose a tag to compare
@wei3erHase wei3erHase released this 21 Nov 11:13
· 59 commits to main since this release
v1.0.0
1162b34
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Addressed findings in security review:

  • [A, W, S1] LiqEngine protectSAFE can be arbitrarily disconnected ✅ 82f65b7
  • [A, W] LiqEngine SafeSaviour is prone to revert ✅ ae6051d
  • [A, S5] TokenDistributor sweep and withdraw overlap ✅ c149a0b
  • [A] Join doesn't require approve Removing burn(to,amount)3a2c08e
  • [A] SystemCoin doesn't support Permit ✅ 70110a4
  • [A] HaiProxyRegistry can be merged into Factory ✅ 70110a4
  • [A] BasicActions should safely cast int25670110a4
  • [A] Use bool instead of uint256 when convenient (unpacked) ✅ f66220e
  • [A] AuctionHouses: delete auctions[id] before token transfers ✅ 70110a4
  • [A] Validate delegatee in CollateralDelegatedJoin ✅ f0dd721
  • [A, W] Consider using CREATE2 for HaiProxy ✅ 70110a4
  • [A, S8] TokenDistributor uses 0 nonce ✅ e53a6ba
  • [A, W] Redundant arguments when bidding on Auction Houses ✅ 3c098fb
  • [A] Consider rm CAH.settleAuction (deprecated) ✅ 70110a4
  • [W] Consider validating address codelength (instead of address(0)) ✅ 70110a4
  • [W] initializeCollateralType should have the same method signature ✅ 01bea93
  • [W] Action contracts don't use safeTransfer70110a4
  • [W] DebtBidActions decreaseSoldAmount should round up ✅ 162b558
  • [W] SAHActions rebidding results in unnecessary collateral transfers ✅ c306d68
  • [W, S9] transferSAFEOwnership uses the wrong dstId82f65b7
  • [W, S21] GS Actions _safe is re-fetched for no reason ✅ 82f65b7
  • [W] SAH could check for initialBid == 0 to avoid 0 transfer ✅ 70110a4
  • [W] TaxCollector could simplify operator (L138-142) ✅ 82f65b7
  • [W] TaxCollector has unreachable timestamp condition ✅ 82f65b7
  • [W] PIDController can load _timeSinceLastUpdate to memory ✅ 82f65b7
  • [A] TokenDistributor can reuse _canClaim for _validateClaimfb0b11a
  • [S6] ChainlinkRelayer read handles negative values wrong ✅ a2ad8ab
  • [A] Rm priceSource validation from OracleRelayer ✅ 81faf76
  • [S15] _discountedPrice may lose precision bc of the order of operations ✅ 35d7726
  • [S14] Job contracts should validate parameters correctness when appliable ✅ 59f5f1b
  • [S25] Possible reentrancy if ERC777 ✅ 78bf414
  • [S22] Incorrect parameters emitted on events ✅ 2ea5a66
  • [F,S2] AccEngine auctionDebt should check for debtSize after settling it ✅ a76ee4e
  • [S20] Typos in docs ✅ 61e979b
  • [S19] Some methods are claimed to be authorized on docs but are not ✅ 61e979b
  • [A] Deprecate ETHJoin (unused) ✅ 46e3a91
  • [A] Document lockedAmount and mention it can be tricked ✅ 700d0a3
  • [A, W, S17] Ownable can inherit OZ Ownable contracts (also make 2-step) 8bb16c4
  • [S4] DenominatedOracle may revert on getResultWithValidity 74bebf1
  • [A] HaiProxy doesn't validate target contract (can be empty) ffa7234
  • [A] DelayedOracle Feed is always valid, even when price source returns invalid 240d09b
  • [A, S7] SAH and PSSAH reverts on _initialBid != 0 223d4dd
  • [S10] ChainlinkRelayer should check for sequencer uptime 5333f02
  • [S16] The minimum liquidation quantity can avoid a safe from being liquidated 496b787
  • [S13] HaiSafeManager doesn't clean up Saviour on SAFE transfer 52a34ea
  • [A] Uniswap pool creation at deployment
Assets 2
Loading