Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

QA Report #22

Open
c4-bot-7 opened this issue Jul 30, 2024 · 10 comments
Open

QA Report #22

c4-bot-7 opened this issue Jul 30, 2024 · 10 comments
Labels
1st place bug Something isn't working grade-a Q-12 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax selected for report This submission will be included/highlighted in the audit report

Comments

@c4-bot-7
Copy link
Contributor

See the markdown file with the details of this report here.
@c4-bot-7 c4-bot-7 added bug Something isn't working QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax labels Jul 30, 2024
c4-bot-1 added a commit that referenced this issue Jul 30, 2024
@c4-bot-1
rbserver issue #22
3644bdc
c4-bot-7 added a commit that referenced this issue Jul 30, 2024
@c4-bot-7
rbserver data for issue #22
41f2a4a
@c4-judge
Copy link
Contributor

MiloTruck marked the issue as grade-a

@c4-judge c4-judge mentioned this issue Aug 12, 2024
Closed
@rbserver
Copy link

Hi @MiloTruck, thanks for your work!

Please take a look at the following 3 items related to this QA report.

  1. It looks like that some wardens are asking if the reports for tokens reverting on transfer to the zero address mentioned by #142 comment, such as #108, can be considered as a valid medium issue. If so, would [02] Protocol can fail to support tokens that revert on transfer to zero address of this QA report also be considered as a valid medium issue since it describes the same issue?

  2. It appears that another warden is asking if #261 would be considered as a valid medium issue. If so, would [13] Vault deployed for token that does not yet exist but will be deployed can cause stakers to lose their deposits of this QA report also be considered as a valid medium issue since it describes the same root cause of the issue?

  3. Three reports of mine (#18, #19, and #21) are downgraded to QA and would be considered as a part of this QA report. Because this QA report has grade-a, would these three reports be regraded to grade-a instead of grade-b?

@MiloTruck
Copy link

MiloTruck commented Aug 18, 2024
edited
Loading

  1. It's OOS, see M-4 from Renascence Labs.
  2. Was ruled as invalid.
  3. The grades don't actually matter, QA is rewarded based on a top 3 ranking now. grade-a simply means the report is a candidate for top 3 (at least that's what I do).

@hattiepwvi
Copy link

Hi, @MiloTruck,

Could you please check the Issue#105 ExtSloads Function Returns Empty Array, Preventing Querier Contract from Fetching Vaults Queued for Withdrawal #105

Thank you very much

@rbserver
Copy link

Hi @MiloTruck, thanks for your reply, and thanks for your work again!

@rbserver
Copy link

Hi @hattiepwvi, I am not sure why you left your comment regarding your issue under my QA report. It may be clearer to leave your comment in the discussion so judges won't miss your comment.

@thebrittfactor thebrittfactor added the selected for report This submission will be included/highlighted in the audit report label Aug 21, 2024
@C4-Staff C4-Staff added the Q-12 label Aug 21, 2024
@MiloTruck
Copy link

01 - Valid, but OOS.
02 - Valid, but OOS.
03 - Informational.
04 - Low.
05 - Low.
06 - Low, but I don't agree with the recommendation.
07, 08, 09 - Low, EIP-compliance issues.
10 - Informational.
11 - Informational.
12 - Informational.
13 - Informational, assumes the admin will intentionally whitelist a token that hasn't yet been deployed.
14 - Low.
15 - Informational, kind of speculative.

@thebrittfactor
Copy link

For awarding purposes, C4 staff have marked as selected for report and 1st place.

@hattiepwvi
Copy link

Hi, @rbserver
Thank you

@liveactionllama
Copy link
Contributor

Just noting that C4 will exclude the OOS entries from the audit report.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
1st place bug Something isn't working grade-a Q-12 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax selected for report This submission will be included/highlighted in the audit report
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
8 participants
@MiloTruck @rbserver @liveactionllama @hattiepwvi @c4-judge @C4-Staff @thebrittfactor @c4-bot-7