QA Report

[c4-bot-6]

See the markdown file with the details of this report here.

[af-afk]

We'll fix https://github.com/code-423n4/2024-08-superposition-findings/blob/main/data/oakcobalt-Q.md#low-01-inconsistent-overflow-handling-of-sqrt-price-may-cause-unexpected-swap-behaviors.

We don't agree with https://github.com/code-423n4/2024-08-superposition-findings/blob/main/data/oakcobalt-Q.md#low-02-fusdc-rewards-will-likely-be-locked-in-amms-proxy, what happens in practice is that the Fluidity worker has a special event decoding feature that knows where to send rewards. In practice, we have a "amm rewards server" that does this work.

https://github.com/code-423n4/2024-08-superposition-findings/blob/main/data/oakcobalt-Q.md#low-03-risk-of-mint_position_b_c5_b086_d-spamming-with-0-liquidity-for-profits We don't agree this is likely (or feasible).

https://github.com/code-423n4/2024-08-superposition-findings/blob/main/data/oakcobalt-Q.md#low-04-seawateramm-proxy-has-immutable-facet-function-signatures-which-might-cause-conflict-in-future-upgrades We don't agree with this, selector conflict is not likely with the immutable functions to be an issue (especially since we can mine new ones).

https://github.com/code-423n4/2024-08-superposition-findings/blob/main/data/oakcobalt-Q.md#low-05-facet-contracts-cannot-be-upgraded-independently-from-other-facet-contracts We acknowledge this can be wasteful and error-prone, but in practice we believe it's better to have a holistic view of the upgrades, because the code includes embedded paths that may need to be reproduced in each of the facets.

https://github.com/code-423n4/2024-08-superposition-findings/blob/main/data/oakcobalt-Q.md#low-06-swap_2-allows-0-amount-swap-to-pass We'll fix this!

https://github.com/code-423n4/2024-08-superposition-findings/blob/main/data/oakcobalt-Q.md#low-07-change-lower-into-upper We'll fix this.

https://github.com/code-423n4/2024-08-superposition-findings/blob/main/data/oakcobalt-Q.md#low-08-position-can-be-updated-in-the-wrong-pool-due-to-insufficient-checks We'll fix this!

https://github.com/code-423n4/2024-08-superposition-findings/blob/main/data/oakcobalt-Q.md#low-09-pools-that-have-not-been-created-can-be-enabled-users-can-interact-with-a-pool-in-an-uninitialized-state We'll fix this!

https://github.com/code-423n4/2024-08-superposition-findings/blob/main/data/oakcobalt-Q.md#low-10--unnecessary-implementation--send_amounts_from_sender We won't fix this. The migrations facet is not intended for end users, and it's more "hacky" than the other code. It's useful in a migration of amounts to a new contract (in a testnet environment for example). Though we acknowledge the issue.

https://github.com/code-423n4/2024-08-superposition-findings/blob/main/data/oakcobalt-Q.md#low-12-ownershipnftssol-is-missing-erc165supportinterface-no-incompliance-with-eip-721 Compliance with the spec isn't a goal, but we'll fix this.

https://github.com/code-423n4/2024-08-superposition-findings/blob/main/data/oakcobalt-Q.md#low-13-swap_internal-has-invalid-check-on-amount_0-and-amount_1 We'll fix this.

https://github.com/code-423n4/2024-08-superposition-findings/blob/main/data/oakcobalt-Q.md#low-14-nft-position-minted-without-checking-without-checking-user-implements-onerc721received We'll fix this.

[liveactionllama]

Adding the sufficient quality label on behalf of the validator.

[c4-judge]

alex-ppg marked the issue as grade-a

[thebrittfactor]

For awarding purposes, C4 staff have marked as 2nd place.