Open code423n4 opened 2 years ago
Agree because of actual evidence, would recommend the sponsor to update to 0.8.9+ (0.8.11 seems to be fairly used)
I think the finding has validity but I wouldn't stress too much on that, would recommend diffind the codebases for any patches
Don't think it's a vulnerability
Finding is valid
Agree but non-critical / informational
Appreciate the finding, but believe this is a testing contract
Used an outdated solidity compiler with known bugs.
pragma solidity 0.8.6;
is used and affected by bugs fixed in 0.8.9It seems that was used an outdated version of openzeppelin, the last version is
4.5.0
DepositBox whitelist is enabled by default, so it's more a black list than a whitelist.
There are a lack of input checks around the contracts:
The logic applied to emit an event of the change of a variable, does not check that the change is to the same value as the current one, it should be omitted to launch a change event if the defined value is the same, otherwise, the dApps could have wrong logics
Is not possible to change the owner, this is a very bad practice, the private key could be leaked, or the admin could be revoked.