Notional x Index Coop - zzzitron's results

Notional x Index Coop QA report

• summary:
  • Notional FCash: Natspec and comments are missing for many functions.
  • NotionalTradeModule: The code uses solidity version 0.6.10, which is lacking recent version's security features, such as underflow, overflow check on arithmetic operations.

Low

• symbol() is optional for ERC20 wfCashBase.sol:53

        string memory _symbol = address(underlyingToken) == Constants.ETH_ADDRESS
            ? "ETH"
            : IERC20Metadata(address(underlyingToken)).symbol();

According to ERC20 standard symbol() is optional.

symbol Returns the symbol of the token. E.g. “HIX”. OPTIONAL - This method can be used to improve usability, but interfaces and other contracts MUST NOT expect these values to be present.

For example, MKR stores symbol as bytes32 which will revert if used in the above context.

Non-critical

misleading comment in NotionalTradeModule.sol

• NotionalTradeModule.sol:216

    /**
     * @dev MANGER ONLY: Initialize given SetToken with initial list of registered fCash positions
     * Redeem all fCash positions that have reached maturity for their asset token (cToken)
     * @param _setToken                     Instance of the SetToken
     */
    function initialize(
        ISetToken _setToken
    )

The comment, "Redeem all fCash positions...", on the line 216 above the function initialize, does not match initialize function.

• NotionalTradeModule.sol:415

    /**
     * @dev Redeem a given fCash position from the specified send token (either underlying or asset token)
     * @dev Alo adjust the components / position of the set token accordingly
     */
    function _mintFCashPosition(

The comment, "Redeem a given fCash position...", on the line 415 above the function _mintFCashPosition, does not match the _mintFCashPosition function. Also the following line 416, as well as the line 455, contains a typo Alo.