doc: internal audit of fix after C4A

valory-xyz · Jul 5, 2024 · 6681f8f · 6681f8f
1 parent 59aa1c8
commit 6681f8f
Show file tree

Hide file tree

Showing 2 changed files with 47 additions and 1 deletion.
diff --git a/audits/README.md b/audits/README.md
@@ -25,7 +25,9 @@ An internal audit with a focus on `OptimismMesseger and WormholeMessenger` is lo
 
 An internal audit with a focus on `Guard for Community Multisig (CM) (modular version)` is located in this folder: [internal audit 10](https://github.com/valory-xyz/autonolas-governance/blob/main/audits/internal10).
 
-An internal audit with a focus on `VoteWeighting` is located in this folder: [internal audit 10](https://github.com/valory-xyz/autonolas-governance/blob/main/audits/internal12).
+An internal audit with a focus on `VoteWeighting` is located in this folder: [internal audit 12](https://github.com/valory-xyz/autonolas-governance/blob/main/audits/internal12).
+
+An internal audit with a focus on `VoteWeighting` (after C4A external audit) is located in this folder: [internal audit 13](https://github.com/valory-xyz/autonolas-governance/blob/main/audits/internal13).
 
 ### External audit
 Following the initial contracts [audit report](https://github.com/valory-xyz/autonolas-governance/blob/main/audits/Valory%20Review%20Final.pdf),

diff --git a/audits/internal13/README.md b/audits/internal13/README.md
@@ -0,0 +1,44 @@
+# autonolas-governance-audit
+The review has been performed based on the contract code in the following repository:<br>
+`https://github.com/valory-xyz/autonolas-governance` <br>
+commit: `59aa1c8732397c826bb67fc567b81b8d0cd82b00` or `tag: v1.2.2-pre-internal-audi` <br> 
+
+Update: 05-07-2024  <br>
+
+## Objectives
+The audit focused on fixing VoteWeighting after C4A external audit. <BR>
+
+### Coverage
+Hardhat coverage has been performed before the audit and can be found here:
+```sh
+--------------------------------------|----------|----------|----------|----------|----------------|
+File                                  |  % Stmts | % Branch |  % Funcs |  % Lines |Uncovered Lines |
+--------------------------------------|----------|----------|----------|----------|----------------|
+  VoteWeighting.sol                   |      100 |    98.94 |      100 |    99.56 |            484 |
+
+        int128 userSlope = IVEOLAS(ve).getLastUserPoint(msg.sender).slope;
+        if (userSlope < 0) {
+            revert NegativeSlope(msg.sender, userSlope);
+        }
+The fact that this case is not covered is not a problem, since it is very difficult to create such conditions in a real test.
+```
+#### Checking the corrections made after C4A
+64. Less active nominees can be left without rewards after an year of inactivity #64
+https://github.com/code-423n4/2024-05-olas-findings/issues/64 <br>
+[x] fixed
+
+36. pointsSum.slope Not Updated After Nominee Removal and Votes Revocation #36
+https://github.com/code-423n4/2024-05-olas-findings/issues/36 <br>
+[x] fixed
+
+16. Incorrect Handling of Last Nominee Removal in removeNominee Function #16
+https://github.com/code-423n4/2024-05-olas-findings/issues/16 <br>
+[x] fixed
+
+#### Low issue
+QA Report #109
+https://github.com/code-423n4/2024-05-olas-findings/issues/109
+```
+Lack of event emission for important state changes in revokeRemovedNomineeVotingPower()
+```
+