Сomet with extended asset list #904
Conversation
…are/collateral-extension
…tware/comet into woof-software/collateral-extension
…xtension-audit-fix Audit fixes to collateral extension
|
Comet Asset Extension Migration Audit.pdf There were performed 2 security audit. The first one audited the updated contracts whereas the second one audited migrations. The last audited commit from the contract side is f4860cf where the following commit 94131ad optimizes tests and b6ff78e merge the audit updates into the current branch. NO CODE CHANGES HAPPEN AFTER THE MERGE. For the second audit, the last commit is 5fe26a2 After this commit, we fixed all found issues in the report and updated the protocol to the new version to support 24 collaterals. Currently, all the markets support 24 collaterals and all new markets will be deployed with 24 collaterals version. |
|
The last commit updates all enact to true as the protocol is updated. Important! After merging this PR that protocol should not accept any Contracts changes. It doesn't concern to update of the Governor interface, as the Governor interface has changed and will be updated in the following PRs. All the following PRs include deployment of new markets, collaterals, and scenarios updates, but not contract changes. |
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| constructor(CometConfiguration.AssetConfig[] memory assetConfigs) { | ||
| uint8 _numAssets = uint8(assetConfigs.length); | ||
| numAssets = _numAssets; | ||
|
|
||
| (asset00_a, asset00_b) = getPackedAssetInternal(assetConfigs, 0); | ||
| (asset01_a, asset01_b) = getPackedAssetInternal(assetConfigs, 1); | ||
| (asset02_a, asset02_b) = getPackedAssetInternal(assetConfigs, 2); | ||
| (asset03_a, asset03_b) = getPackedAssetInternal(assetConfigs, 3); | ||
| (asset04_a, asset04_b) = getPackedAssetInternal(assetConfigs, 4); | ||
| (asset05_a, asset05_b) = getPackedAssetInternal(assetConfigs, 5); | ||
| (asset06_a, asset06_b) = getPackedAssetInternal(assetConfigs, 6); | ||
| (asset07_a, asset07_b) = getPackedAssetInternal(assetConfigs, 7); | ||
| (asset08_a, asset08_b) = getPackedAssetInternal(assetConfigs, 8); | ||
| (asset09_a, asset09_b) = getPackedAssetInternal(assetConfigs, 9); | ||
| (asset10_a, asset10_b) = getPackedAssetInternal(assetConfigs, 10); | ||
| (asset11_a, asset11_b) = getPackedAssetInternal(assetConfigs, 11); | ||
| (asset12_a, asset12_b) = getPackedAssetInternal(assetConfigs, 12); | ||
| (asset13_a, asset13_b) = getPackedAssetInternal(assetConfigs, 13); | ||
| (asset14_a, asset14_b) = getPackedAssetInternal(assetConfigs, 14); | ||
| (asset15_a, asset15_b) = getPackedAssetInternal(assetConfigs, 15); | ||
| (asset16_a, asset16_b) = getPackedAssetInternal(assetConfigs, 16); | ||
| (asset17_a, asset17_b) = getPackedAssetInternal(assetConfigs, 17); | ||
| (asset18_a, asset18_b) = getPackedAssetInternal(assetConfigs, 18); | ||
| (asset19_a, asset19_b) = getPackedAssetInternal(assetConfigs, 19); | ||
| (asset20_a, asset20_b) = getPackedAssetInternal(assetConfigs, 20); | ||
| (asset21_a, asset21_b) = getPackedAssetInternal(assetConfigs, 21); | ||
| (asset22_a, asset22_b) = getPackedAssetInternal(assetConfigs, 22); | ||
| (asset23_a, asset23_b) = getPackedAssetInternal(assetConfigs, 23); | ||
| } |
Check warning
Code scanning / Semgrep OSS
Semgrep Finding: compound.solidity.missing-constructor-sanity-checks Warning
| constructor(CometConfiguration.AssetConfig[] memory assetConfigs) { | ||
| uint8 _numAssets = uint8(assetConfigs.length); | ||
| numAssets = _numAssets; | ||
|
|
||
| (asset00_a, asset00_b) = getPackedAssetInternal(assetConfigs, 0); | ||
| (asset01_a, asset01_b) = getPackedAssetInternal(assetConfigs, 1); | ||
| (asset02_a, asset02_b) = getPackedAssetInternal(assetConfigs, 2); | ||
| (asset03_a, asset03_b) = getPackedAssetInternal(assetConfigs, 3); | ||
| (asset04_a, asset04_b) = getPackedAssetInternal(assetConfigs, 4); | ||
| (asset05_a, asset05_b) = getPackedAssetInternal(assetConfigs, 5); | ||
| (asset06_a, asset06_b) = getPackedAssetInternal(assetConfigs, 6); | ||
| (asset07_a, asset07_b) = getPackedAssetInternal(assetConfigs, 7); | ||
| (asset08_a, asset08_b) = getPackedAssetInternal(assetConfigs, 8); | ||
| (asset09_a, asset09_b) = getPackedAssetInternal(assetConfigs, 9); | ||
| (asset10_a, asset10_b) = getPackedAssetInternal(assetConfigs, 10); | ||
| (asset11_a, asset11_b) = getPackedAssetInternal(assetConfigs, 11); | ||
| (asset12_a, asset12_b) = getPackedAssetInternal(assetConfigs, 12); | ||
| (asset13_a, asset13_b) = getPackedAssetInternal(assetConfigs, 13); | ||
| (asset14_a, asset14_b) = getPackedAssetInternal(assetConfigs, 14); | ||
| (asset15_a, asset15_b) = getPackedAssetInternal(assetConfigs, 15); | ||
| (asset16_a, asset16_b) = getPackedAssetInternal(assetConfigs, 16); | ||
| (asset17_a, asset17_b) = getPackedAssetInternal(assetConfigs, 17); | ||
| (asset18_a, asset18_b) = getPackedAssetInternal(assetConfigs, 18); | ||
| (asset19_a, asset19_b) = getPackedAssetInternal(assetConfigs, 19); | ||
| (asset20_a, asset20_b) = getPackedAssetInternal(assetConfigs, 20); | ||
| (asset21_a, asset21_b) = getPackedAssetInternal(assetConfigs, 21); | ||
| (asset22_a, asset22_b) = getPackedAssetInternal(assetConfigs, 22); | ||
| (asset23_a, asset23_b) = getPackedAssetInternal(assetConfigs, 23); | ||
| } |
Check notice
Code scanning / Semgrep OSS
Semgrep Finding: rules.solidity.performance.non-payable-constructor Note
| constructor(ExtConfiguration memory config, address assetListFactoryAddress) CometExt(config) { | ||
| assetListFactory = assetListFactoryAddress; | ||
| } |
Check warning
Code scanning / Semgrep OSS
Semgrep Finding: compound.solidity.missing-constructor-sanity-checks Warning
| constructor(ExtConfiguration memory config, address assetListFactoryAddress) CometExt(config) { | ||
| assetListFactory = assetListFactoryAddress; | ||
| } |
Check warning
Code scanning / Semgrep OSS
Semgrep Finding: compound.solidity.missing-constructor-sanity-checks Warning
| constructor(ExtConfiguration memory config, address assetListFactoryAddress) CometExt(config) { | ||
| assetListFactory = assetListFactoryAddress; | ||
| } |
Check notice
Code scanning / Semgrep OSS
Semgrep Finding: rules.solidity.performance.non-payable-constructor Note
| accrueInternal(); | ||
| for (uint i = 0; i < accounts.length; ) { | ||
| absorbInternal(absorber, accounts[i]); | ||
| unchecked { i++; } |
Check notice
Code scanning / Semgrep OSS
Semgrep Finding: rules.solidity.performance.use-prefix-increment-not-postfix Note
| // Using gas price instead of base fee would more accurately reflect spend, | ||
| // but is also subject to abuse if refunds were to be given automatically. | ||
| LiquidatorPoints memory points = liquidatorPoints[absorber]; | ||
| points.numAbsorbs++; |
Check notice
Code scanning / Semgrep OSS
Semgrep Finding: rules.solidity.performance.use-prefix-increment-not-postfix Note
| uint8 _reserved = accountUser._reserved; | ||
|
|
||
| uint256 basePrice = getPrice(baseTokenPriceFeed); | ||
| uint256 deltaValue = 0; |
Check notice
Code scanning / Semgrep OSS
Semgrep Finding: rules.solidity.performance.init-variables-with-default-value Note
|
|
||
| emit AbsorbCollateral(absorber, account, asset, seizeAmount, value); | ||
| } | ||
| unchecked { i++; } |
Check notice
Code scanning / Semgrep OSS
Semgrep Finding: rules.solidity.performance.use-prefix-increment-not-postfix Note
| if (isBuyPaused()) revert Paused(); | ||
|
|
||
| int reserves = getReserves(); | ||
| if (reserves >= 0 && uint(reserves) >= targetReserves) revert NotForSale(); |
Check notice
Code scanning / Semgrep OSS
Semgrep Finding: rules.solidity.performance.use-nested-if Note
No description provided.