Summary

This report outlines several issues found within the StrategyOp.sol contract, primarily related to missing event emissions, lack of checks for zero amounts in critical functions, potential slippage risks, and unchecked arithmetic. These vulnerabilities may lead to failed transactions, unintended behaviors, or missed opportunities for tracking state changes and interactions. The following issues have been identified, and recommendations for improvement are provided.

Findings

[Low-01] Lack of Event Emissions

Description:
Several functions in the contract do not emit events when crucial state changes or operations occur. Emitting events is a best practice to ensure transparency and enable tracking of contract interactions on-chain. Missing events can make it difficult for users and auditors to monitor contract activities effectively.

Affected Function(s):

• setRouter(address _router)#L48-L51

• _deployFunds(uint256 ``amount)#L66-L70

• claimAndSwap(uint256 _amountClaim, uint256 _minOut, IVeloRouter.route[] calldata _path)#L79-L91

Recommendation(s):
It is recommended to emit events for relevant state changes in each of the affected functions. This will increase transparency and help with future audits.

Suggested Fix:

[Low-02] Missing Require Check for Zero Amount

Description:
Several critical functions in the contract do not check whether the amount passed is greater than zero before proceeding with operations. This can lead to failed transactions or unintended contract behavior if an amount of zero is provided.

Severity: Low

Affected Function(s):

• _deployFunds(uint256 _amount)#L66-L70

• _freeFunds(uint256 _amount)#L129-L137

Recommendation(s):
It is recommended to add a require statement in each of these functions to ensure that the _amount is greater than zero before proceeding with the transaction.

Suggested Fix:

[Low-03] Potential Slippage Risk in claimAndSwap

Description:
The claimAndSwap function checks for slippage using the condition require((balAfter - balBefore) >= _minOut). However, it does not validate that both _amountClaim and _minOut are greater than zero. This oversight could lead to unintended behavior or inaccurate slippage checks, potentially causing the contract to behave incorrectly under certain conditions.

Affected Function(s):

• claimAndSwap(uint256 _amountClaim, uint256 _minOut, IVeloRouter.route[] calldata _path)#L79-L91

Recommendation(s):
It is recommended to add additional require checks to validate that both _amountClaim and _minOut are greater than zero before proceeding with the transaction.

Suggested Fix:

[Low-04] Unchecked Arithmetic in _swapUnderlyingToAsset

Description:
The _swapUnderlyingToAsset function checks that minOut > _amount, but it fails to properly validate that both _amount and minOut are greater than zero. This could lead to unintended contract behavior or errors during execution if invalid values are passed.

Affected Function(s):

• _swapUnderlyingToAsset(uint256 _amount, uint256 minOut, IVeloRouter.route[] calldata _path)#L97-L107

Recommendation(s):
It is recommended to ensure both _amount and minOut are greater than zero before proceeding with the function’s operations.

Suggested Fix: