Quantstamp Audit review resolutions

# Quantstamp Audit review resolutions ## Pull Request Reference - https://github.com/HausDAO/Baal/pull/76 - audit changes with notes - https://github.com/HausDAO/Baal/pull/78 - fix for Tribute minion bug ** ideally we would like to upgrade **Gas Station Network to v3**, as there are [several v3 improvements on their network](https://github.com/opengsn/gsn/releases) but these features are currently only in **beta**. ## QSPs Issue | Fixed | Notes/Commit ---------|----------|--------- QSP-1 Checkpoints May Not Be Written Correctly High Unresolved | | [commit b65f90](https://github.com/HausDAO/Baal/pull/76/commits/1914e14bef421e7b828ded8b581aac9914b65f90) QSP-2 Baal Inherits From Non-Upgradeable Contracts Medium Unresolved (added baal version receipt should be assigned in setUp) | | [commit a3cbc1](https://github.com/HausDAO/Baal/pull/76/commits/33de17a793fe810d6588d2594c69563ff4a3cbc1) QSP-3 Integer Overflow / Underflow Low Unresolved | | [commit 45d12c](https://github.com/HausDAO/Baal/pull/76/commits/53c908ace4b2f7bd688dc3d2594847d5bc45d12c) QSP-4 Missing Input Validation Low Unresolved | | [commit 2289de](https://github.com/HausDAO/Baal/pull/76/commits/276418a9269edcf1651a4c31fc68445e492289de) QSP-5 Ownership Can Be Renounced Low Unresolved | | [docs ownership](https://moloch.daohaus.fun/features/tokenUpgradability#ownership) QSP-6 Shamans Can Be an EOA Address Low Unresolved | | [docs accounts](https://moloch.daohaus.fun/features/shamanBestPractice#shaman-accounts) QSP-7 Signed Votes Do Not Expire Low Unresolved | | [commit 9c54ed](https://github.com/HausDAO/Baal/pull/76/commits/c8df92d860c5717ce2c9f36ce88b96cef69c54ed) QSP-8 Application Monitoring Can Be Improved by Emitting More Events Informational Unresolved | | [commit 6eb95f](https://github.com/HausDAO/Baal/pull/76/commits/f220b1825d1405ea2d1e504cb7edd6cfbe6eb95f) QSP-9 setAdminConfig Always Emits Two Events Even if State Is Not Changed. Informational Unresolved | | [commit b4b38e](https://github.com/HausDAO/Baal/pull/76/commits/740ca4aafd874e84b21ecf03b6d13a7426b4b38e) QSP-10 Risk of Killing Upgrades Informational Unresolved | | [docs pattern](https://moloch.daohaus.fun/features/tokenUpgradability#notes-on-uups-pattern) QSP-11 Clone-and-Own Informational Unresolved | | [docs erc20TokenContracts](https://moloch.daohaus.fun/features/erc20TokenContracts) QSP-12 A DAO's Safety Is Dependent on the Safety of Its Shamans Informational Unresolved | | [docs shamanBestPractice](https://moloch.daohaus.fun/features/shamanBestPractice) QSP-13 Upgradability Informational Unresolved | | [docs tokenUpgradability](https://moloch.daohaus.fun/features/tokenUpgradability) QSP-14 msg.sender Can Be Overridden. Informational Unresolved | | [docs metaTransactions](https://moloch.daohaus.fun/features/metaTransactions) QSP-15 External Calls to Malicious Contracts Undetermined Unresolved | | [docs ragequit](https://moloch.daohaus.fun/features/ragequit#special-notee) QSP-16 Proposals Can Pass without a Valid Sponsor | | [docs proposalFlow](https://moloch.daohaus.fun/features/proposalFlow) update recipient on gsn 2.25 - non impactful | | [commit fd6cd2](https://github.com/HausDAO/Baal/pull/76/commits/017189aaf07e35861a854cff3d8e42b1b4fd6cd2) adding nonce to submitVote | | [commit 836ba8](https://github.com/HausDAO/Baal/pull/76/commits/364930198211197dd70790cfe868f8eb5d836ba8) docs for running coverage report | | [commit 18d70e](https://github.com/HausDAO/Baal/pull/76/commits/c12b07e0b277019d2d2296dc3ab5daf2a318d70e) tributeMinion.sol and baal.sol with offerring** | | [pr 78](https://github.com/HausDAO/Baal/pull/78) ## Coverage Result We added docs to the Baal [README.md](https://github.com/HausDAO/Baal/pull/76/files#diff-b335630551682c19a781afebcf4d07bf978fb1f8ac04c6bf87428ed5106870f5R97-R125) to show how to activate coverage results. ** there is one spec that fails on coverage run, which does not fail on non-coverage testing. Not sure why this is. ![](https://i.imgur.com/F8JEOHV.png) ![](https://i.imgur.com/74QF1vp.png) ![](https://i.imgur.com/l9pul8l.png) ## ** Contract interface issue between tributeMinion.sol and baal.sol The proposal cannot be submitted when a DAO has setup a proposalOffering. The TributeMinion.submitTributeProposal method is not payable so: 1) is not possible for a member with member.shares < dao.sponsorThreshold to submit the proposal, and 2) it also fails when member.shares >= dao.sponsorThreshold because TributeMInion is the entity calling baal.submitProposal and doesn't have any shares so it reverts with Baal requires an offering https://github.com/HausDAO/Baal/pull/78