Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update deploy scripts to accomodate audit changes #1064

Merged
merged 8 commits into from
Jun 19, 2024
Merged

Update deploy scripts to accomodate audit changes #1064

merged 8 commits into from
Jun 19, 2024

Conversation

mcclurejt
Copy link
Contributor

Resolved Issues

Description

Review Checklists

Please check each item before approving the pull request. While going
through the checklist, it is recommended to leave comments on items that are
referenced in the checklist to make sure that they are reviewed. If there are
multiple reviewers, copy the checklists into sections titled ## [Reviewer Name].
If the PR doesn't touch Solidity, the corresponding checklist can
be removed.

[[Reviewer Name]]

  • Tokens
    • Do all approve calls use forceApprove?
    • Do all transfer calls use safeTransfer?
    • Do all transferFrom calls use msg.sender as the from address?
      • If not, is the function access restricted to prevent unauthorized
        token spend?
  • Low-level calls (call, delegatecall, staticcall, transfer, send)
    • Is the returned success boolean checked to handle failed calls?
    • If using delegatecall, are there strict access controls on the
      addresses that can be called? It shouldn't be possible to delegatecall
      arbitrary addresses, so the list of possible targets should either be
      immutable or tightly controlled by an admin.
  • Reentrancy
    • Are functions that make external calls or transfer ether marked as nonReentrant?
      • If not, is there documentation that explains why reentrancy is
        not a concern or how it's mitigated?
  • Gas Optimizations
    • Is the logic as simple as possible?
    • Are the storage values that are used repeatedly cached in stack or
      memory variables?
    • If loops are used, are there guards in place to avoid out-of-gas
      issues?
  • Visibility
    • Are all payable functions restricted to avoid stuck ether?
  • Math
    • Is all of the arithmetic checked or guarded by if-statements that will
      catch underflows?
    • If Safe functions are altered, are potential underflows and
      overflows caught so that a failure flag can be thrown?
    • Are all of the rounding directions clearly documented?
  • Testing
    • Are there new or updated unit or integration tests?
    • Do the tests cover the happy paths?
    • Do the tests cover the unhappy paths?
    • Are there an adequate number of fuzz tests to ensure that we are
      covering the full input space?

@mcclurejt mcclurejt marked this pull request as ready for review June 19, 2024 01:56
@mcclurejt mcclurejt requested a review from jrhea as a code owner June 19, 2024 01:56
@jalextowle jalextowle added this pull request to the merge queue Jun 19, 2024
Merged via the queue into main with commit 87d9aeb Jun 19, 2024
28 checks passed
@jalextowle jalextowle deleted the mcclurejt/deploy/1.0.12 branch June 19, 2024 02:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jalextowle jalextowle jalextowle approved these changes

@jrhea jrhea Awaiting requested review from jrhea jrhea is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mcclurejt @jalextowle