Medium Findings

Compile Failed

Severity: Medium

Ecosystem: Sui

Protocol: Mini Miners

Auditor: MoveBit

Report: Report: https://github.com/movebit/Sampled-Audit-Reports/blob/main/reports/Mini-Miners-Contract-Audit.pdf

Report Date: Apr 2023

Description:

The project fails to compile because the Sui client version is outdated. The Move.toml and related dependencies require Sui client 0.29. To fix this, upgrade the Sui client to version 0.29 and adjust any paths or configurations accordingly.

Unbound Function

Severity: Medium

Ecosystem: Sui

Protocol: Mini Miners

Auditor: MoveBit

Report: Report: https://github.com/movebit/Sampled-Audit-Reports/blob/main/reports/Mini-Miners-Contract-Audit.pdf

Report Date: Apr 2023

Description:

The project fails to compile because the Sui client version is outdated. The Move.toml and related dependencies require Sui client 0.29. To fix this, upgrade the Sui client to version 0.29 and adjust any paths or configurations accordingly.

Unit test cannot pass

Severity: Medium

Ecosystem: Sui

Protocol: Mini Miners

Auditor: MoveBit

Report: Report: https://github.com/movebit/Sampled-Audit-Reports/blob/main/reports/Mini-Miners-Contract-Audit.pdf

Report Date: Apr 2023

Description:

A required module import is missing — test_import_nft() fails due to the absence of import std::hash

Compile error

Severity: Medium

Ecosystem: Aptos

Protocol: PatronusFi

Auditor: MoveBit

Report: https://github.com/movebit/Sampled-Audit-Reports/blob/main/reports/PatronusFi-Contract-Audit-Report.pdf

Report Date: Mar 2023

Description:

In vault.move, the withdraw_reserved_coins function has a return value that will always cause the project to fail to compile.

Unit Test Fails

Severity: Medium

Ecosystem: Aptos

Protocol: PatronusFi

Auditor: MoveBit

Report: https://github.com/movebit/Sampled-Audit-Reports/blob/main/reports/PatronusFi-Contract-Audit-Report.pdf

Report Date: Mar 2023

Description:

The unit test fails and cannot be executed, the package cannot be found due to an error.

Key generic type Map lacks ability constraints to copy + drop

Severity: Medium

Ecosystem: Aptos

Protocol: Aries Market

Auditor: MoveBit

Report: https://github.com/movebit/Sampled-Audit-Reports/blob/main/reports/Aries-Market-Contracts-Audit-Report.pdf

Report Date: Feb 2023

Description:

map.move will cause compilation errors.

Package upgrade policy risk

Severity: Medium

Ecosystem: Aptos

Protocol: Aries Market

Auditor: MoveBit

Report: https://github.com/movebit/Sampled-Audit-Reports/blob/main/reports/Aries-Market-Contracts-Audit-Report.pdf

Report Date: Feb 2023

Description:

In Move.toml, upgrade policy to immutable to ensure packages are more safe for users.

Dependency Management

Severity: Medium

Ecosystem: Aptos

Protocol: Mole

Auditor: MoveBit

Report: https://github.com/movebit/Sampled-Audit-Reports/blob/main/reports/Mole-Aptos-Audit-Report.pdf

Report Date: Feb 2023

Description:

In Move.toml, modify to corresponding git commit version number.

Change the rev dependency to the git version number

Severity: Medium

Ecosystem: Aptos

Protocol: AptoPad

Auditor: MoveBit

Report: https://github.com/movebit/Sampled-Audit-Reports/blob/main/reports/AptoPad-Aptos-Contracts-Audit-Report.pdf

Report Date: Feb 2023

Description:

In the Move.toml file, ensure latest version.

Dependency git rev should be a commit hash or a tag

Severity: Medium

Ecosystem: Aptos

Protocol: Cetus Concentrated Liquidity Protocol

Auditor: MoveBit

Report: https://github.com/movebit/Sampled-Audit-Reports/blob/main/reports/Cetus-Concentrated-Liquidity-Protocol-Aptos-Audit-Report.pdf

Report Date: Jan 2023

Description:

Dependency git rev should be a commit hash or a tag instead of a branch for reproducability. the branch may be updated in the future which may cause build to fail.