search

Cyfrin / 2023-07-beedle

21 stars 20 forks source link

[L-04] Draft Openzeppelin Dependencies #1457

Open codehawks-bot opened 1 year ago

codehawks-bot commented 1 year ago

[L-04] Draft Openzeppelin Dependencies

Severity

Low Risk

Relevant GitHub Links

https://github.com/Cyfrin/2023-07-beedle/blob/main/src/Beedle.sol#L6

Summary

The Beedle contract is imported from a previous deprecated preview provided by OpenZeppelin.

Using deprecated contracts that are in a draft state and not properly audited can be dangerous and increase the attack surface.

Internally you are importing import "./ERC20Permit.sol; you could do this implementation directly.

Impact

Low

Tools Used

Manual code review

Recommendations

You can change for that:

- import {ERC20Permit} from "openzeppelin-contracts/contracts/token/ERC20/extensions/draft-ERC20Permit.sol";
+ import {ERC20Permit} from "openzeppelin-contracts/contracts/token/ERC20/extensions/ERC20Permit.sol";
PatrickAlphaC commented 1 year ago

Need proof of an issue, moving to info.