From f9e1fe516277522ae28f104513722b85e265f385 Mon Sep 17 00:00:00 2001
From: 0xTaylor <>
Date: Sun, 21 Nov 2021 13:59:02 -0800
Subject: [PATCH] slot 8 toc

---
 8. Audit Findings 201.md | 100 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 100 insertions(+)
 create mode 100644 8. Audit Findings 201.md

diff --git a/8. Audit Findings 201.md b/8. Audit Findings 201.md
new file mode 100644
index 00000000..5366e61b
--- /dev/null
+++ b/8. Audit Findings 201.md	
@@ -0,0 +1,100 @@
+102. [Document potential edge cases for hook receiver contracts](./content/8.%20Audit%20Findings%20201/Document%20potential%20edge%20cases%20for%20hook%20receiver%20contracts.md)
+103. [Document token behavior restrictions](./content/8.%20Audit%20Findings%20201/Document%20token%20behavior%20restrictions.md)
+104. [Full test suite is recommended](./content/8.%20Audit%20Findings%20201/Full%20test%20suite%20is%20recommended.md)
+105. [Kyber getRates code is unclear](./content/8.%20Audit%20Findings%20201/Kyber%20getRates%20code%20is%20unclear.md)
+106. [Return value is not used for `TokenUtils.withdrawTokens`](./content/8.%20Audit%20Findings%20201/Return%20value%20is%20not%20used%20for%20`TokenUtils.withdrawTokens`.md)
+107. [Missing access control for `DefiSaverLogger.Log`](./content/8.%20Audit%20Findings%20201/Missing%20access%20control%20for%20`DefiSaverLogger.Log`.md)
+108. [Remove stale comments](./content/8.%20Audit%20Findings%20201/Remove%20stale%20comments.md)
+109. [Discrepancy between code and comments](./content/8.%20Audit%20Findings%20201/Discrepancy%20between%20code%20and%20comments.md)
+110. [Remove unnecessary call to `DAOfiV1Factory.formula`()](./content/8.%20Audit%20Findings%20201/Remove%20unnecessary%20call%20to%20`DAOfiV1Factory.formula`().md)
+111. [Deeper validation of curve math](./content/8.%20Audit%20Findings%20201/Deeper%20validation%20of%20curve%20math.md)
+112. [`GovernorAlpha` proposals may be canceled by the proposer, even after they have been accepted and queued](./content/8.%20Audit%20Findings%20201/`GovernorAlpha`%20proposals%20may%20be%20canceled%20by%20the%20proposer,%20even%20after%20they%20have%20been%20accepted%20and%20queued.md)
+113. [Require a delay period before granting `KYC`ADMIN`ROLE` Acknowledged](./content/8.%20Audit%20Findings%20201/Require%20a%20delay%20period%20before%20granting%20`KYC`ADMIN`ROLE`%20Acknowledged.md)
+114. [Improve inline documentation and test coverage](./content/8.%20Audit%20Findings%20201/Improve%20inline%20documentation%20and%20test%20coverage.md)
+115. [Unspecific compiler version pragma](./content/8.%20Audit%20Findings%20201/Unspecific%20compiler%20version%20pragma.md)
+116. [Use of hardcoded gas limits can be problematic](./content/8.%20Audit%20Findings%20201/Use%20of%20hardcoded%20gas%20limits%20can%20be%20problematic.md)
+117. [Anyone can steal all the funds that belong to `ReferralFeeReceiver`](./content/8.%20Audit%20Findings%20201/Anyone%20can%20steal%20all%20the%20funds%20that%20belong%20to%20`ReferralFeeReceiver`.md)
+118. [Unpredictable behavior for users due to admin front running or general bad timing](./content/8.%20Audit%20Findings%20201/Unpredictable%20behavior%20for%20users%20due%20to%20admin%20front%20running%20or%20general%20bad%20timing.md)
+119. [Improve system documentation and create a complete technical specification](./content/8.%20Audit%20Findings%20201/Improve%20system%20documentation%20and%20create%20a%20complete%20technical%20specification.md)
+120. [Ensure system states, roles, and permissions are sufficiently restrictive](./content/8.%20Audit%20Findings%20201/Ensure%20system%20states,%20roles,%20and%20permissions%20are%20sufficiently%20restrictive.md)
+121. [Evaluate all tokens prior to inclusion in the system](./content/8.%20Audit%20Findings%20201/Evaluate%20all%20tokens%20prior%20to%20inclusion%20in%20the%20system.md)
+122. [Use descriptive names for contracts and libraries](./content/8.%20Audit%20Findings%20201/Use%20descriptive%20names%20for%20contracts%20and%20libraries.md)
+123. [Prevent contracts from being used before they are entirely initialized](./content/8.%20Audit%20Findings%20201/Prevent%20contracts%20from%20being%20used%20before%20they%20are%20entirely%20initialized.md)
+124. [Potential resource exhaustion by external calls performed within an unbounded loop](./content/8.%20Audit%20Findings%20201/Potential%20resource%20exhaustion%20by%20external%20calls%20performed%20within%20an%20unbounded%20loop.md)
+125. [Owners can never be removed](./content/8.%20Audit%20Findings%20201/Owners%20can%20never%20be%20removed.md)
+126. [Potential manipulation of stable interest rates using flash loans](./content/8.%20Audit%20Findings%20201/Potential%20manipulation%20of%20stable%20interest%20rates%20using%20flash%20loans.md)
+127. [Only whitelist validated assets](./content/8.%20Audit%20Findings%20201/Only%20whitelist%20validated%20assets.md)
+128. [Underflow if `TOKEN`DECIMALS` are greater than 18](./content/8.%20Audit%20Findings%20201/Underflow%20if%20`TOKEN`DECIMALS`%20are%20greater%20than%2018.md)
+129. [Chainlink's performance at times of price volatility](./content/8.%20Audit%20Findings%20201/Chainlink's%20performance%20at%20times%20of%20price%20volatility.md)
+130. [Consider an iterative approach to launching. Be aware of and prepare for worst-case scenarios](./content/8.%20Audit%20Findings%20201/Consider%20an%20iterative%20approach%20to%20launching.%20Be%20aware%20of%20and%20prepare%20for%20worst-case%20scenarios.md)
+131. [Use of modifiers for repeated checks](./content/8.%20Audit%20Findings%20201/Use%20of%20modifiers%20for%20repeated%20checks.md)
+132. [Switch modifier order](./content/8.%20Audit%20Findings%20201/Switch%20modifier%20order.md)
+133. [Address codebase fragility](./content/8.%20Audit%20Findings%20201/Address%20codebase%20fragility.md)
+134. [Reentrancy could lead to incorrect order of emitted events](./content/8.%20Audit%20Findings%20201/Reentrancy%20could%20lead%20to%20incorrect%20order%20of%20emitted%20events.md)
+135. [Variable shadowing from OUSD to ERC20](./content/8.%20Audit%20Findings%20201/Variable%20shadowing%20from%20OUSD%20to%20ERC20.md)
+136. [VaultCore.rebase functions have no return statements](./content/8.%20Audit%20Findings%20201/VaultCore.rebase%20functions%20have%20no%20return%20statements.md)
+137. [Multiple contracts are missing inheritances](./content/8.%20Audit%20Findings%20201/Multiple%20contracts%20are%20missing%20inheritances.md)
+138. [Solidity compiler optimizations can be dangerous](./content/8.%20Audit%20Findings%20201/Solidity%20compiler%20optimizations%20can%20be%20dangerous.md)
+139. [Permission-granting is too simplistic and not flexible enough](./content/8.%20Audit%20Findings%20201/Permission-granting%20is%20too%20simplistic%20and%20not%20flexible%20enough.md)
+140. [Lack of validation when setting the maturity value](./content/8.%20Audit%20Findings%20201/Lack%20of%20validation%20when%20setting%20the%20maturity%20value.md)
+141. [Delegates can be added or removed repeatedly to bloat logs](./content/8.%20Audit%20Findings%20201/Delegates%20can%20be%20added%20or%20removed%20repeatedly%20to%20bloat%20logs.md)
+142. [Lack of events for critical operations](./content/8.%20Audit%20Findings%20201/Lack%20of%20events%20for%20critical%20operations.md)
+143. [`_assertStakingPoolExists` never returns true](./content/8.%20Audit%20Findings%20201/`_assertStakingPoolExists`%20never%20returns%20true.md)
+144. [`min* and `max* have unorthodox semantics](./content/8.%20Audit%20Findings%20201/`min*%20and%20`max*%20have%20unorthodox%20semantics.md)
+145. [`CurveFactory.newCurve` returns existing curves without provided arguments](./content/8.%20Audit%20Findings%20201/`CurveFactory.newCurve`%20returns%20existing%20curves%20without%20provided%20arguments.md)
+146. [Missing zero-address checks in `Curve.transferOwnership` and `Router.constructor`](./content/8.%20Audit%20Findings%20201/Missing%20zero-address%20checks%20in%20`Curve.transferOwnership`%20and%20`Router.constructor`.md)
+147. [`safeApprove` does not check return values for approve call](./content/8.%20Audit%20Findings%20201/`safeApprove`%20does%20not%20check%20return%20values%20for%20approve%20call.md)
+148. [ERC20 token Curve does not implement symbol, name, or decimals](./content/8.%20Audit%20Findings%20201/ERC20%20token%20Curve%20does%20not%20implement%20symbol,%20name,%20or%20decimals.md)
+149. [Insufficient use of `SafeMath`](./content/8.%20Audit%20Findings%20201/Insufficient%20use%20of%20`SafeMath`.md)
+150. [`setFrozen` can be front-run to deny deposits-swaps](./content/8.%20Audit%20Findings%20201/`setFrozen`%20can%20be%20front-run%20to%20deny%20deposits-swaps.md)
+151. [Account creation spam](./content/8.%20Audit%20Findings%20201/Account%20creation%20spam.md)
+152. [Using empty functions instead of interfaces leaves contract error-prone](./content/8.%20Audit%20Findings%20201/Using%20empty%20functions%20instead%20of%20interfaces%20leaves%20contract%20error-prone.md)
+153. [`cancelTransaction` can be called on non-queued transaction](./content/8.%20Audit%20Findings%20201/`cancelTransaction`%20can%20be%20called%20on%20non-queued%20transaction.md)
+154. [Contracts used as dependencies do not track upstream changes](./content/8.%20Audit%20Findings%20201/Contracts%20used%20as%20dependencies%20do%20not%20track%20upstream%20changes.md)
+155. [Expected behavior regarding authorization for adding tokens is unclear](./content/8.%20Audit%20Findings%20201/Expected%20behavior%20regarding%20authorization%20for%20adding%20tokens%20is%20unclear.md)
+156. [Contract name duplication leaves codebase error-prone](./content/8.%20Audit%20Findings%20201/Contract%20name%20duplication%20leaves%20codebase%20error-prone.md)
+157. [Use of hard-coded addresses may cause errors](./content/8.%20Audit%20Findings%20201/Use%20of%20hard-coded%20addresses%20may%20cause%20errors.md)
+158. [Borrow rate depends on approximation of blocks per year](./content/8.%20Audit%20Findings%20201/Borrow%20rate%20depends%20on%20approximation%20of%20blocks%20per%20year.md)
+159. [Flash loan rate lacks bounds and can be set arbitrarily](./content/8.%20Audit%20Findings%20201/Flash%20loan%20rate%20lacks%20bounds%20and%20can%20be%20set%20arbitrarily.md)
+160. [Logic duplicated across code](./content/8.%20Audit%20Findings%20201/Logic%20duplicated%20across%20code.md)
+161. [Insufficient testing](./content/8.%20Audit%20Findings%20201/Insufficient%20testing.md)
+162. [Project dependencies contain vulnerabilities](./content/8.%20Audit%20Findings%20201/Project%20dependencies%20contain%20vulnerabilities.md)
+163. [Lack of contract documentation makes codebase difficult to understand](./content/8.%20Audit%20Findings%20201/Lack%20of%20contract%20documentation%20makes%20codebase%20difficult%20to%20understand.md)
+164. [ABIEncoderV2 is not production-ready](./content/8.%20Audit%20Findings%20201/ABIEncoderV2%20is%20not%20production-ready.md)
+165. [Contract owner has too many privileges](./content/8.%20Audit%20Findings%20201/Contract%20owner%20has%20too%20many%20privileges.md)
+166. [Poor error-handling practices in test suite](./content/8.%20Audit%20Findings%20201/Poor%20error-handling%20practices%20in%20test%20suite.md)
+167. [Redundant and Unused Code](./content/8.%20Audit%20Findings%20201/Redundant%20and%20Unused%20Code.md)
+168. [Single Account Can Capture All Supply](./content/8.%20Audit%20Findings%20201/Single%20Account%20Can%20Capture%20All%20Supply.md)
+169. [Insufficient Input Validation](./content/8.%20Audit%20Findings%20201/Insufficient%20Input%20Validation.md)
+170. [Unused Event Logs](./content/8.%20Audit%20Findings%20201/Unused%20Event%20Logs.md)
+171. [Possible Unintended Token Burning in `transferFrom`() Function](./content/8.%20Audit%20Findings%20201/Possible%20Unintended%20Token%20Burning%20in%20`transferFrom`()%20Function.md)
+172. [Denial of Service Vector from Unbound List](./content/8.%20Audit%20Findings%20201/Denial%20of%20Service%20Vector%20from%20Unbound%20List.md)
+173. [ERC20 Implementation Vulnerable to Front-Running](./content/8.%20Audit%20Findings%20201/ERC20%20Implementation%20Vulnerable%20to%20Front-Running.md)
+174. [Unnecessary `require` Statement](./content/8.%20Audit%20Findings%20201/Unnecessary%20`require`%20Statement.md)
+175. [Rounding to Zero if Duration is Greater Than Reward](./content/8.%20Audit%20Findings%20201/Rounding%20to%20Zero%20if%20Duration%20is%20Greater%20Than%20Reward.md)
+176. [Withdrawn Event Log Poisoning](./content/8.%20Audit%20Findings%20201/Withdrawn%20Event%20Log%20Poisoning.md)
+177. [Insufficient incentives to liquidator](./content/8.%20Audit%20Findings%20201/Insufficient%20incentives%20to%20liquidator.md)
+178. [Markets can become insolvent](./content/8.%20Audit%20Findings%20201/Markets%20can%20become%20insolvent.md)
+179. [Not using OpenZeppelin contracts](./content/8.%20Audit%20Findings%20201/Not%20using%20OpenZeppelin%20contracts.md)
+180. [Lack of indexed parameters in events](./content/8.%20Audit%20Findings%20201/Lack%20of%20indexed%20parameters%20in%20events.md)
+181. [Named return variables](./content/8.%20Audit%20Findings%20201/Named%20return%20variables.md)
+182. [block.timestamp Unreliable](./content/8.%20Audit%20Findings%20201/block.timestamp%20Unreliable.md)
+183. [Assignment in `require` statement](./content/8.%20Audit%20Findings%20201/Assignment%20in%20`require`%20statement.md)
+184. [Commented code](./content/8.%20Audit%20Findings%20201/Commented%20code.md)
+185. [Misleading `revert` messages](./content/8.%20Audit%20Findings%20201/Misleading%20`revert`%20messages.md)
+186. [Multiple outdated Solidity versions in use](./content/8.%20Audit%20Findings%20201/Multiple%20outdated%20Solidity%20versions%20in%20use.md)
+187. [Test and production constants in the same codebase](./content/8.%20Audit%20Findings%20201/Test%20and%20production%20constants%20in%20the%20same%20codebase.md)
+188. [Unnecessarily small integer sizes](./content/8.%20Audit%20Findings%20201/Unnecessarily%20small%20integer%20sizes.md)
+189. [Use of `uint` instead of `uint256`](./content/8.%20Audit%20Findings%20201/Use%20of%20`uint`%20instead%20of%20`uint256`.md)
+190. [Functions with unexpected side-effects](./content/8.%20Audit%20Findings%20201/Functions%20with%20unexpected%20side-effects.md)
+191. [Unsafe casting](./content/8.%20Audit%20Findings%20201/Unsafe%20casting.md)
+192. [Unsafe division in `rdivide` and `wdivide` functions](./content/8.%20Audit%20Findings%20201/Unsafe%20division%20in%20`rdivide`%20and%20`wdivide`%20functions.md)
+193. [Uncommented assembly block](./content/8.%20Audit%20Findings%20201/Uncommented%20assembly%20block.md)
+194. [Unnecessary `require` statements](./content/8.%20Audit%20Findings%20201/Unnecessary%20`require`%20statements.md)
+195. [Unnecessary event emission](./content/8.%20Audit%20Findings%20201/Unnecessary%20event%20emission.md)
+196. [`oToken` can be created with a non-whitelisted collateral asset](./content/8.%20Audit%20Findings%20201/`oToken`%20can%20be%20created%20with%20a%20non-whitelisted%20collateral%20asset.md)
+197. [Mismatches between contracts and interfaces](./content/8.%20Audit%20Findings%20201/Mismatches%20between%20contracts%20and%20interfaces.md)
+198. [Actions not executed atomically might lead to inconsistent state](./content/8.%20Audit%20Findings%20201/Actions%20not%20executed%20atomically%20might%20lead%20to%20inconsistent%20state.md)
+199. [Chainlink pricer is using a deprecated API](./content/8.%20Audit%20Findings%20201/Chainlink%20pricer%20is%20using%20a%20deprecated%20API.md)
+200. [Funds can be lost](./content/8.%20Audit%20Findings%20201/Funds%20can%20be%20lost.md)
+201. [Use `delete` to clear variables](./content/8.%20Audit%20Findings%20201/Use%20`delete`%20to%20clear%20variables.md)