The Mochi smart contract suite is considerably lacking code coverage in its tests. As a result, regardless of how successful previous audits were, there is no certainty that the contracts are free from bugs. Therefore, sufficient testing is a crucial tool to ensuring code operates as intended.
Handle
leastwood
Vulnerability details
Impact
The Mochi smart contract suite is considerably lacking code coverage in its tests. As a result, regardless of how successful previous audits were, there is no certainty that the contracts are free from bugs. Therefore, sufficient testing is a crucial tool to ensuring code operates as intended.
Proof of Concept
https://github.com/code-423n4/2021-10-mochi/tree/main/projects
Tools Used
Manual code review
Recommended Mitigation Steps
Consider adding extensive testing to the Mochi smart contract suite.