#43971 [SC-Insight] Incorrect NatSpec Tag in removeRateOracle() Misrepresents Function Reference
Submitted on Apr 15th 2025 at 06:24:49 UTC by @Glitch_Hunter for Audit Comp | Spectra Finance
Report ID: #43971
Report Type: Smart Contract
Report severity: Insight
Target: https://github.com/immunefi-team/Spectra-Audit-Competition/blob/main/src/RateOracleRegistry.sol
Impacts:
Description
Brief/Intro
The removeRateOracle() function in RateOracleRegistry.sol includes a NatSpec comment that incorrectly references IRateOracleRegistry-addRateOracle. This can mislead readers or automated tools, such as doc generators and IDEs, when tracing inheritance or interface implementation, resulting in misdocumentation or confusion.
Vulnerability Details
The function in question contains this NatSpec tag:
/** @dev See {IRateOracleRegistry-addRateOracle}. */
function removeRateOracle(address _pt, address _rateOracle) external override restricted {
However, this tag incorrectly refers to the addRateOracle function. It should point to the corresponding function in the interface:
/** @dev See {IRateOracleRegistry-removeRateOracle}. */
This is particularly important for automated documentation tooling, interface verification, and clarity when reviewing inherited functionality or permissions in AccessManagedUpgradeable contracts.
Impact Details
While this issue does not directly affect contract execution or security, it falls under documentation improvements that impact:
Developer experience
Audit trail clarity
IDE integration and NatSpec tracing
Public documentation consistency
Mistakenly referencing the wrong function misrepresents what behavior is inherited or overridden and may confuse future maintainers or auditors
References
None
Proof of Concept
Proof of Concept
RateOracleRegistry.sol
--- /** @dev See {IRateOracleRegistry-addRateOracle}. */ // ❌ Incorrect reference
+++ /** @dev See {IRateOracleRegistry-removeRateOracle}. */ // ✅ Correct reference
function removeRateOracle(address _pt, address _rateOracle) external override restricted {
Was this helpful?