Open code423n4 opened 2 years ago
All of 3 are valid.
No. 1 Forked files should have changelog
Thank you for pointing out.
No. 2 Not all contracts have added a __gap variable
We would add gap
in abstract contract.
No. 3 Update other sensitive terms
Thank you for pointing out. We actually already have plans to change these things.
AbstractFiatTokenV1.sol is missing a __gap storage variable.
Fixed and thanks.
Final change can be viewed here.
Update other sensitive terms
Forked files should have changelog
Fixed and thanks.
Forked files should have changelog
Your version of
Pausable.sol
does a good job of saying the exact source of the fork as well as most of the changeshttps://github.com/code-423n4/2022-02-jpyc/blob/cfc018384dd1d71febaa57f0576cb51f5d9c7e07/contracts/v1/Pausable.sol#L30-L42
There are a lot of other files that do not have such changelogs
For example,
Ownable
has one of its functions removed, and all of the files have__gap
storage variables added. Having a changelog will make upgrading again easier, and will make security reviews more thorough.Not all contracts have added a
__gap
variableAbstractFiatTokenV1.sol
is missing a__gap
storage variable. Consider adding one so that storage can be used in this contract in future versions https://github.com/code-423n4/2022-02-jpyc/blob/main/contracts/v1/AbstractFiatTokenV1.solUpdate other sensitive terms
I see that there has been an attempt to get rid of sensitive terms such as 'blacklist' by using 'blocklist'. The contracts still use some of the others, and I would suggest changing 'whitelist' to 'allowlist', and 'masterMinter' to 'primaryMinter' or 'minterAdmin' https://github.com/code-423n4/2022-02-jpyc/blob/main/contracts/v2/FiatTokenV2.sol