The contract sets a fixed deposit amount (depositRequired) at deployment, with no mechanism to change it afterwards. While this prevents unauthorized changes, it also means the contract cannot adapt to significant changes in ETH value or market conditions.
Impact
Over time, if the value of ETH changes significantly, the fixed deposit amount could become either too high (discouraging usage) or too low (potentially not covering gas costs for withdrawals). This could impact the protocol's long-term viability and usability.
Remediation
Implement a function to update depositRequired with appropriate access controls:
address public owner;
Description:
The contract sets a fixed deposit amount (depositRequired) at deployment, with no mechanism to change it afterwards. While this prevents unauthorized changes, it also means the contract cannot adapt to significant changes in ETH value or market conditions.
Impact
Over time, if the value of ETH changes significantly, the fixed deposit amount could become either too high (discouraging usage) or too low (potentially not covering gas costs for withdrawals). This could impact the protocol's long-term viability and usability.
Remediation
Implement a function to update depositRequired with appropriate access controls: address public owner;
constructor(uint256 _depositAmount) ERC721("CtfNFT", "CNFT") { require(_depositAmount >= MIN_DEPOSIT, "Min deposit"); depositRequired = _depositAmount; owner = msg.sender; }
function updateDepositRequired(uint256 newDepositAmount) external { require(msg.sender == owner, "Only owner can update"); require(newDepositAmount >= MIN_DEPOSIT, "Min deposit"); depositRequired = newDepositAmount; }