QA Report #140
Labels
bug
Warden finding
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
sponsor disputed
Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue
Comments
code423n4
added
bug
stevennevins
added
the
sponsor disputed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Proper upper limit on ERC1155 royalty
https://github.com/code-423n4/2022-07-fractional/blob/8f2697ae727c60c93ea47276f8fa128369abfe51/src/FERC1155.sol#L223
setRoyalties in FERC1155.sol has no upper limit. It could be set more than 100%.
Use reentrancy guard and set variable before transfer.
In buyFractions() in Buyout.sol has user callback.
https://github.com/code-423n4/2022-07-fractional/blob/8f2697ae727c60c93ea47276f8fa128369abfe51/src/modules/Buyout.sol#L168-L174
update ethBalance before transfer.
https://github.com/code-423n4/2022-07-fractional/blob/8f2697ae727c60c93ea47276f8fa128369abfe51/src/modules/Buyout.sol#L176
And use reentrancy guard for security.
The text was updated successfully, but these errors were encountered: