Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🔎 Remove trusted multicall forwarder #23

Closed
wants to merge 44 commits into from
Closed

🔎 Remove trusted multicall forwarder #23

wants to merge 44 commits into from

Conversation

JaredBorders
Copy link
Contributor

Response to External Guhu Audit

Audit: https://gist.github.com/guhu95/d1214b942ef0dfd5672f3a3167a231d1

On-going Response: https://gist.github.com/JaredBorders/5611450065734074ee6a7add8332df7b

Issues Remedied

  1. [C-01] Incorrect Handling of allowFailure in aggregate3Value Traps ETH
  2. [H-03] Testing Coverage Gaps
  3. [M-01] Arbitrary Destination Calls Allow Exploiting or Griefing the Relayer
  4. [M-04] Trusted Forwarder Cannot Be Revoked
  5. M-06] aggregate3Value Lack of Refund Traps ETH
  6. [M-07] aggregate3Value Allows Draining Contract ETH Balance
  7. [M-08] Aggregated Forwarding Allows Dangerous Arbitrary Calls
  8. [L-02] Unnecessary payable Attribute in aggregate3 Traps ETH
  9. [L-10] executeBatch Allows Gas Griefing the Relayer

@JaredBorders JaredBorders self-assigned this Dec 4, 2023
@JaredBorders JaredBorders marked this pull request as ready for review December 4, 2023 20:54
tommyrharper
tommyrharper approved these changes Dec 5, 2023
View reviewed changes
Copy link
Contributor

@tommyrharper tommyrharper left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍

@JaredBorders JaredBorders changed the title 🗑️ Remove trusted multicall forwarder 🔎 Remove trusted multicall forwarder Dec 6, 2023
@codecov Codecov
Copy link

codecov bot commented Dec 10, 2023

Codecov Report

Attention: 31 lines in your changes are missing coverage. Please review.

Comparison is base (7855bca) 81.14% compared to head (ee7b210) 63.25%.

Files Patch % Lines
src/libraries/SignatureCheckerLib.sol 0.00% 28 Missing ⚠️
src/Engine.sol 78.57% 0 Missing and 3 partials ⚠️
Additional details and impacted files 
@@             Coverage Diff             @@
##             main      #23       +/-   ##
===========================================
- Coverage   81.14%   63.25%   -17.89%     
===========================================
  Files           6        6               
  Lines         228      166       -62     
  Branches       39       35        -4     
===========================================
- Hits          185      105       -80     
- Misses         32       55       +23     
+ Partials       11        6        -5

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@JaredBorders JaredBorders deleted the Remove-Trusted-Multicall-Forwarder branch January 5, 2024 19:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tommyrharper tommyrharper tommyrharper approved these changes

@jcmonte jcmonte Awaiting requested review from jcmonte

Assignees

@JaredBorders JaredBorders

Labels
audit smart-contracts
Projects
Kwenta Smart Contracts
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@JaredBorders @tommyrharper