Dria
Swan
NFTHardhat
21,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Misleading Comment on Oracle Request Processing

bbash

Summary

In the protocol code, a misleading comment describes the oracleStateRequests and isOracleRequestProcessed mappings inaccurately. The comment references isOracleTaskProcessed instead of the correct variable name, isOracleRequestProcessed. This inconsistency between the comment and code can create confusion, making it harder to follow the logic of Oracle request processing, especially for new developers and auditors reviewing the code.

Vulnerability Details

The issue can be found here: https://github.com/Cyfrin/2024-10-swan-dria/blob/main/contracts/swan/BuyerAgent.sol#L93

/// @notice Oracle requests for each round about buyer state updates.
/// @dev A taskId of 0 means no request has been made.
/// @dev A non-zero taskId means a request has been made, but not necessarily processed.
/// @dev To see if a task is completed, check `isOracleTaskProcessed`. //@audit
mapping(uint256 round => uint256 taskId) public oracleStateRequests;
/// @notice Indicates whether a given task has been processed.
/// @dev This is used to prevent double processing of the same task.
mapping(uint256 taskId => bool isProcessed) public isOracleRequestProcessed;

Impact

Incorrect comments can:

  • Lead to misunderstandings about how the protocol processes Oracle requests.

  • Increase the likelihood of errors, especially for new developers or during audits.

  • Slow down maintenance and troubleshooting, as the comments contradict the actual variable names.

Tools Used

Manual Review

Recommendations

Update the comment to reflect the correct variable name, isOracleRequestProcessed, to prevent confusion.

Updates

Lead Judging Commences

inallhonesty Lead Judge 8 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.