DittoETH
Ditto
DeFiFoundryOracle
55,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Confusing code comments deviates from function logic.

ke1caM

Vulnerability details

Comments are meant to be helpful and describe the intent of the code block. However, in multiple parts of the codebase, comments are not consistent with the code that is written or do not add any value to the reader. These are some examples:

The function createLimitShort in ShortOrdersFacet.sol contract says that initalCR is converted to uint8 but throughout the execution of the function it is not converted.

The docs state that The system allows the shorter to specify the CR so that it fits between initialMargin < CR < MAX CR.. However in createLimitShort in ShortOrdersFacet.sol this block of code allows to create short at initialMargin.

if (Asset.initialMargin > initialCR || cr >= Constants.CRATIO_MAX) {
revert Errors.InvalidInitialCR();
}

In deposit, depositEth, withdraw in BridgeReth.sol and BridgeSteth.sol comments say that in this functions there are made operations on zETH, such as credit zETH to user or fulfill zETH obligation to user. However this function does not do the described tasks.

Tools used

VScode, Manual Review

Recommendations

Consider correcting the comments to not mislead users or developers and write comments that add value to the reader. This will improve code clarity and consistency between docstrings and contract implementations.

Updates

Lead Judging Commences

0xnevi Lead Judge
about 2 years ago
0xnevi Lead Judge about 2 years ago
Submission Judgement Published
Validated
Assigned finding tags:

finding-326

T1MOH Auditor
about 2 years ago
0xnevi Lead Judge
about 2 years ago
0xnevi Lead Judge about 2 years ago
Submission Judgement Published
Invalidated
Reason: Other
Assigned finding tags:

finding-326

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.