Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Post audit/treasury modifications #5

Merged
merged 6 commits into from
Nov 25, 2021
Merged

Post audit/treasury modifications #5

merged 6 commits into from
Nov 25, 2021

Conversation

0xAplki
Copy link
Contributor

@0xAplki 0xAplki commented Nov 12, 2021
edited
Loading

Description of Changes

Changes re: audit issues:
For Issue #1 - Treasury.buybackRnbw() is vulnerable to price manipulation attacks - Synced this with the PotOfGold.sol implementation. The buyback function now has minRNBWAmount parameter and I added a require statement to check for the minRNBWAmount. Added tests to this as well.

For Issue #2 - Unnecessary future deadline value passed to swap functions - I just added an extra deadline parameter just like the PotOfGold.sol implementation to be more flexible. We can easily control this on the front end as well.

For Issue #6 - WETH9 state variable can be made constant to save gas costs : This is removed and replaced by a hardcoded RNBWUSDC Pool instead.

Added and fixed the test cases for our purpose as well. Did some cleanup on unused and unnecessary code blocks/comments as well though some comments were preserved from gg's branch on other files since this might help us on some changes in the future as he answers the additional questions I have from him.

Link to Jira Ticket

How To Test

npm/yarn testhalo

Notes

  • Some assertations may fail but off a few seconds maybe because of the block times
  • Merged this to my consolidated branch since i need to reenable the skipped tests of the protocol from gg. focus here is the new changes

Developer Checklist:

  • I have followed the guidelines in our Contributing document
  • This PR has a corresponding JIRA ticket
  • My branch conforms with our naming convention i.e. feature/HDF-XXX-description
  • I have written new tests for your core changes, as applicable
  • I have successfully ran tests locally
  • I have formatted my code using format document in VSCode

Reviewers Checklist:

  • Code is readable and understandable; any unclear parts have explanations
  • UI/UX changes match the corresponding figma/other design resources, if applicable
  • I have successfully ran tests locally

bitcoinbrisbane
bitcoinbrisbane reviewed Nov 15, 2021
View reviewed changes
Copy link
Contributor

@bitcoinbrisbane bitcoinbrisbane left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Few small things. Mocks seem to be full implementations though?

@0xAplki
Copy link
Contributor Author

0xAplki commented Nov 16, 2021

@bitcoinbrisbane thanks for catching, cleaned the uniswapv2 to make it as mocks instead. pushing in a bit!

@0xAplki
Copy link
Contributor Author

0xAplki commented Nov 16, 2021

Updated!

@0xAplki 0xAplki merged commit 013d01b into post-audit/merge-to-develop Nov 25, 2021
@0xAplki 0xAplki deleted the post-audit/treasury-modifications branch November 25, 2021 02:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bitcoinbrisbane bitcoinbrisbane bitcoinbrisbane approved these changes

@tracyarciaga tracyarciaga tracyarciaga approved these changes

@chris247474 chris247474 Awaiting requested review from chris247474

@mystbrent mystbrent Awaiting requested review from mystbrent

@schystz schystz Awaiting requested review from schystz

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@0xAplki @tracyarciaga @bitcoinbrisbane