Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore and doc: updating ABI and vulnerabilities doc #147

Merged
merged 4 commits into from
Jul 12, 2024
Merged
Changes from 2 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 3 additions & 1 deletion audits/README.md
Original file line number Diff line number Diff line change
@@ -25,7 +25,9 @@ An internal audit with a focus on `OptimismMesseger and WormholeMessenger` is lo

An internal audit with a focus on `Guard for Community Multisig (CM) (modular version)` is located in this folder: [internal audit 10](https://github.com/valory-xyz/autonolas-governance/blob/main/audits/internal10).

An internal audit with a focus on `VoteWeighting` is located in this folder: [internal audit 10](https://github.com/valory-xyz/autonolas-governance/blob/main/audits/internal12).
An internal audit with a focus on `VoteWeighting` is located in this folder: [internal audit 12](https://github.com/valory-xyz/autonolas-governance/blob/main/audits/internal12).

An internal audit with a focus on `VoteWeighting` (after C4A external audit) is located in this folder: [internal audit 13](https://github.com/valory-xyz/autonolas-governance/blob/main/audits/internal13).

### External audit
Following the initial contracts [audit report](https://github.com/valory-xyz/autonolas-governance/blob/main/audits/Valory%20Review%20Final.pdf),
44 changes: 44 additions & 0 deletions audits/internal13/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
# autonolas-governance-audit
The review has been performed based on the contract code in the following repository:<br>
`https://github.com/valory-xyz/autonolas-governance` <br>
commit: `59aa1c8732397c826bb67fc567b81b8d0cd82b00` or `tag: v1.2.2-pre-internal-audi` <br>

Update: 05-07-2024 <br>

## Objectives
The audit focused on fixing VoteWeighting after C4A external audit. <BR>

### Coverage
Hardhat coverage has been performed before the audit and can be found here:
```sh
--------------------------------------|----------|----------|----------|----------|----------------|
File | % Stmts | % Branch | % Funcs | % Lines |Uncovered Lines |
--------------------------------------|----------|----------|----------|----------|----------------|
VoteWeighting.sol | 100 | 98.94 | 100 | 99.56 | 484 |

int128 userSlope = IVEOLAS(ve).getLastUserPoint(msg.sender).slope;
if (userSlope < 0) {
revert NegativeSlope(msg.sender, userSlope);
}
The fact that this case is not covered is not a problem, since it is very difficult to create such conditions in a real test.
```
#### Checking the corrections made after C4A
64. Less active nominees can be left without rewards after an year of inactivity #64
https://github.com/code-423n4/2024-05-olas-findings/issues/64 <br>
[x] fixed

36. pointsSum.slope Not Updated After Nominee Removal and Votes Revocation #36
https://github.com/code-423n4/2024-05-olas-findings/issues/36 <br>
[x] fixed

16. Incorrect Handling of Last Nominee Removal in removeNominee Function #16
https://github.com/code-423n4/2024-05-olas-findings/issues/16 <br>
[x] fixed

#### Low issue
QA Report #109
https://github.com/code-423n4/2024-05-olas-findings/issues/109
```
Lack of event emission for important state changes in revokeRemovedNomineeVotingPower()
```