Auditor Suggestion
Files Affected
cadence/contracts/FlowALPv1.cdc
Description
- Brittle handling of interestCurve types in updateInterestRates(), else branch is missing type check.
- Duplicate balance sheet construction in various functions.
- Use view.trueBalance() helper in healthFactor().
- The Pool.isLiquidatable() panics for invalid pid values.
- Pool.createPosition() is missing type checks for connectors.
- Missing input validation in Pool.setDexOracleDeviationBps().
- Missing events for some setters, e.g. setMinimumTokenBalancePerPosition().
- Consider setting custom target and max health during position creation to improve the one-step borrowing process.
- liquidate_via_dex.cdc and liquidate_via_mock_dex.cdc transactions use deprecated functions.
- LiquidationExecutedViaDex event is not used.
- Consider validating that estimationMargin >= 1.0. feeWithMargin is meant to be a safety buffer over the estimated scheduler fee, so if estimationMargin < 1.0 it reduces the fee and can cause scheduling attempts with insufficient fees (even when minimumAvailable is healthy).
Recommendation
Address the listed improvements across validation, events, and robustness.
Parent Issue: #209
Auditor Suggestion
Files Affected
cadence/contracts/FlowALPv1.cdcDescription
Recommendation
Address the listed improvements across validation, events, and robustness.
Parent Issue: #209