| SCSVS-ORACLE-1 |
S7.1.G1 |
No Test ID |
Verify security of lending and borrowing the same token. |
- Are there constraints to prevent lending and borrowing the same token within a single transaction? |
|
|
|
|
- How does the protocol handle rapid price changes or flash loans involving the same token? |
|
|
|
|
- What measures are in place to prevent manipulation by exploiting lend-borrow actions? |
| SCSVS-ORACLE-1 |
S7.1.G2 |
No Test ID |
Verify minimization of precision loss in calculations. |
- Does the protocol avoid precision loss in deposit, withdrawal, and reward calculations? |
|
|
|
|
- Are there any instances of division before multiplication or rounding errors that could affect calculations? |
|
|
|
|
- How does the protocol handle precision and rounding to prevent inaccuracies in financial operations? |
| SCSVS-ORACLE-1 |
S7.1.G3 |
No Test ID |
Verify decimal precision consistency. |
- Can variations in decimal precision from different price feeds lead to inaccuracies? |
|
|
|
|
- If decimal precision varies, does the contract handle these variations correctly? |
|
|
|
|
- Are there measures to standardize decimal precision across different price feeds? |
| SCSVS-ORACLE-1 |
S7.1.G4 |
No Test ID |
Verify avoidance of off-by-one errors. |
- Can off-by-one errors occur in the contract, such as using <= instead of <? |
|
|
|
|
- If variables are set to the length of a list or the length minus one, is this done correctly? |
|
|
|
|
- Are there any potential off-by-one errors in iterations or boundary conditions? |
| SCSVS-ORACLE-1 |
S7.1.G5 |
No Test ID |
Verify prevention of rounding errors. |
- Are there rounding errors that can be magnified or cause significant issues? |
|
|
|
|
- If rounding errors occur, can they be amplified through repeated function invocations or specific conditions? |
|
|
|
|
- Are there safeguards to prevent rounding errors from adversely affecting the system or its users? |
| SCSVS-ORACLE-1 |
S7.1.G6 |
No Test ID |
Verify secure reward claims implementation. |
- Does the protocol properly implement AAVE/COMP reward claims? |
|
|
|
|
- Are there any discrepancies in the implementation of reward claims for AAVE/COMP? |
|
|
|
|
- How is the accuracy of reward claims ensured and tested? |
| SCSVS-ORACLE-1 |
S7.1.G7 |
No Test ID |
Verify correct handling of request confirmation numbers. |
- Is the request confirmation number chosen high enough to account for potential chain re-orgs? |
|
|
|
|
- What considerations are made to evaluate the chain's vulnerability to re-orgs? |
|
|
|
|
- Are there adjustments made to the request confirmation number based on re-org risk assessments? |
| SCSVS-ORACLE-1 |
S7.1.G8 |
No Test ID |
Verify front-running protections for VRF calls. |
- Are there measures implemented to prevent frontrunning of VRF calls? |
|
|
|
|
- How does the protocol ensure user interactions are closed before initiating a VRF call? |
|
|
|
|
- What safeguards are in place to prevent exploitation of VRF call timing? |
| SCSVS-ORACLE-1 |
S7.1.G9 |
No Test ID |
Verify correct nonce increments in exec transactions. |
- Does the execTransactionFromModule() function increment the nonce appropriately? |
|
|
|
|
- What mechanisms are in place to ensure the nonce is incremented? |
|
|
|
|
- Can issues arise if the nonce is not incremented in this function? |
| SCSVS-ORACLE-1 |
S7.1.G10 |
No Test ID |
Verify enforcement of Ethereum Beacon Chain penalties. |
- Does the application account for potential penalties or slashes from validator misbehavior? |
|
|
|
|
- How are these potential penalties or slashes reflected in the value of rETH? |
|
|
|
|
- Are there mechanisms to manage or mitigate the impact of such penalties on rETH? |
| SCSVS-ORACLE-1 |
S7.1.G11 |
No Test ID |
Verify secure management of staking rewards. |
- How does the system manage rewards accrued from staking? |
|
|
|
|
- Are these rewards properly accounted for in the management of rETH? |
|
|
|
|
- What mechanisms are in place to ensure accurate distribution of staking rewards? |
| SCSVS-ORACLE-1 |
S7.1.G12 |
No Test ID |
Verify correct handling of Rocket Pool deposit burns. |
- Does the system handle potential reverts in the burn() function when there is insufficient ether in the RocketDepositPool? |
|
|
|
|
- Is there a mechanism to prevent or manage failures in the burn() function? |
|
|
|
|
- Can the application gracefully handle a revert due to insufficient ether? |
| SCSVS-ORACLE-1 |
S7.1.G13 |
No Test ID |
Verify validation of precompiled code return sizes. |
- Is there a check on the return data size when calling precompiled code? |
|
|
|
|
- How does the system handle calls to precompiled code that return a size of 0? |
|
|
|
|
- What checks are in place for detecting failures in precompiled code calls? |
| SCSVS-ORACLE-1 |
S7.1.G14 |
No Test ID |
Verify Variable Bounds Handling |
- Have you ensured that variables do not exceed their bounds and cause reverts, even in versions greater than 0.8.0? |
|
|
|
|
- Are there explicit checks to prevent variable underflows and overflows in all critical operations? |
|
|
|
|
- Is there any logic to handle boundary conditions for variables to avoid unintended reverts? |
| SCSVS-ORACLE-1 |
S7.1.G15 |
No Test ID |
Ensure Correct Handling of Unsigned Integer Values |
- Are you aware of and have you ensured that unsigned integers are never assigned negative values? |
|
|
|
|
- Is there validation in place to prevent negative values from being assigned to unsigned integers? |
|
|
|
|
- Have you reviewed all assignments to ensure that only non-negative values are used for unsigned integers? |
| SCSVS-ORACLE-1 |
S7.1.G16 |
No Test ID |
Verify Unchecked Blocks Usage |
- Have you reviewed all usages of the unchecked{} block to ensure they are applied correctly? |
|
|
|
|
- Is there a clear guarantee that no overflow or underflow occurs within unchecked{} blocks? |
|
|
|
|
- Are there sufficient tests to confirm that operations inside unchecked{} blocks do not cause unintended behavior? |
| SCSVS-ORACLE-1 |
S7.1.G17 |
No Test ID |
Prevent Time Units Overflow |
- Does the contract use time units (like days) and handle them as uint8? |
|
|
|
|
- Have you verified that all calculations involving time units are checked for potential overflow, considering their range? |
|
|
|
|
- Are there safeguards in place to prevent overflow in time-related calculations using uint8? |
| SCSVS-ORACLE-2 |
S7.2.G1 |
No Test ID |
Verify Low Decimal Token Handling |
- Does the contract handle tokens with low decimal precision appropriately? Verify if rounding issues are addressed. |
|
|
|
|
- Are there checks to ensure that transactions involving low decimal tokens do not result in unintended failures or errors? |
|
|
|
|
- How does the contract handle rounding or precision issues to maintain accurate token transactions? |
| SCSVS-ORACLE-2 |
S7.2.G2 |
No Test ID |
Verify Precision in Summation |
- Is the summing of variables done accurately compared to separate calculations? Verify the approach used for summation. |
|
|
|
|
- How does the contract handle precision issues in financial calculations or other critical computations? |
|
|
|
|
- Are there tests in place to verify the accuracy of summation logic and address any discrepancies? |
| SCSVS-ORACLE-2 |
S7.2.G3 |
No Test ID |
Verify Mathematical Calculation Accuracy |
- Have all mathematical calculations been reviewed to ensure accuracy and adherence to established rules? |
|
|
|
|
- Is there a clear and documented approach to handle mathematical operations in the contract? |
|
|
|
|
- Are there any potential sources of error or miscalculation that need to be addressed? |
| SCSVS-ORACLE-2 |
S7.2.G4 |
No Test ID |
Verify Handling of Precision Loss |
- Is there potential for loss of precision in any calculations, especially those involving frequent or large numbers? |
|
|
|
|
- Are appropriate data types used to minimize precision loss and ensure accurate results? |
|
|
|
|
- Have rounding methods and precision handling been correctly applied and verified? |
| SCSVS-ORACLE-2 |
S7.2.G6 |
No Test ID |
Verify Safe Data Type Conversion |
- Have you verified that expressions like 1 day are explicitly cast to avoid unintended conversions (e.g., to uint24)? |
|
|
|
|
- Are there any expressions in the contract where implicit type conversions could lead to unexpected behavior or overflow? |
|
|
|
|
- Is type conversion handled explicitly to prevent data loss or overflow issues? |
| SCSVS-ORACLE-2 |
S7.2.G7 |
No Test ID |
Verify Multiplication Before Division |
- Does the contract ensure that multiplication occurs before division in calculations to preserve precision? |
|
|
|
|
- Are there any instances where division is performed before multiplication, potentially causing precision loss? |
|
|
|
|
- Have you reviewed all calculations to confirm that multiplication precedes division where necessary? |
| SCSVS-ORACLE-2 |
S7.2.G8 |
No Test ID |
Verify Correct Rounding Direction |
- Is the rounding direction considered and correctly applied in accounting operations? |
|
|
|
|
- Does the rounding direction align with the protocol’s requirements and user share calculations? |
|
|
|
|
- Have you verified that rounding is handled consistently across all relevant operations? |
| SCSVS-ORACLE-2 |
S7.2.G9 |
No Test ID |
Verify Division by Zero Protection |
- Is there a check in place to prevent division by zero in any calculations? |
|
|
|
|
- Have you reviewed all divisions to ensure that denominators are never zero? |
|
|
|
|
- Are there safety checks implemented to handle potential division by zero scenarios? |
| SCSVS-ORACLE-2 |
S7.2.G10 |
No Test ID |
Check for Correct Inequality Usage |
- In comparisons involving < or >, have you ensured that the correct operators (≤ or ≥) are used where appropriate? |
|
|
|
|
- Are all edge cases covered to avoid unexpected behavior due to incorrect inequality operators? |
|
|
|
|
- Have you reviewed the logic to confirm that the appropriate comparison operators are applied? |
| SCSVS-ORACLE-2 |
S7.2.G11 |
No Test ID |
Validate Inline Assembly Operations |
- Have you thoroughly tested and verified all mathematical operations performed in inline assembly? |
|
|
|
|
- Is there an awareness of how inline assembly handles division by zero, overflow, or underflow differently from high-level constructs? |
|
|
|
|
- Are there checks in place to handle potential issues with inline assembly operations? |
| SCSVS-ORACLE-2 |
S7.2.G12 |
No Test ID |
Ensure Edge Case Coverage in Calculations |
- Have you tested calculations with minimum and maximum values for all terms to ensure accurate outcomes? |
|
|
|
|
- Are edge cases handled correctly to prevent unexpected results in complex calculations? |
|
|
|
|
- Is there a thorough review of calculations involving numerous terms to validate behavior with extreme values? |
| SCSVS-ORACLE-2 |
S7.2.G13 |
No Test ID |
Validate Type Casting Operations |
- Is there any forced type casting in the contract? |
|
|
|
|
- Have you ensured that all forced type casting operations are validated to avoid overflow or underflow issues? |
|
|
|
|
- Is there a review of all type casting to confirm that values fall within the acceptable range for the target type? |
| SCSVS-ORACLE-2 |
S7.2.G14 |
No Test ID |
Check for Rounding Errors in Calculations |
- Are rounding issues addressed in the AMM's product constant formulas? |
|
|
|
|
- Have you verified that rounding does not introduce inaccuracies in token swaps? |
|
|
|
|
- Is there a review of mathematical operations to ensure proper handling of rounding? |