DimaStebaev
commented
2 years ago - Initialization is performed automatically by a script
- It's just an example and should not be used in production
Open code423n4 opened 2 years ago
DimaStebaev
commented
2 years ago 
GalloDaSballo
commented
2 years ago Agree because of actual evidence, would recommend the sponsor to update to 0.8.9+ (0.8.11 seems to be fairly used)
I think the finding has validity but I wouldn't stress too much on that, would recommend diffind the codebases for any patches
Don't think it's a vulnerability
Finding is valid
Agree but non-critical / informational
Appreciate the finding, but believe this is a testing contract
Used an outdated solidity compiler with known bugs.
pragma solidity 0.8.6;is used and affected by bugs fixed in 0.8.9It seems that was used an outdated version of openzeppelin, the last version is
4.5.0DepositBox whitelist is enabled by default, so it's more a black list than a whitelist.
There are a lack of input checks around the contracts:
The logic applied to emit an event of the change of a variable, does not check that the change is to the same value as the current one, it should be omitted to launch a change event if the defined value is the same, otherwise, the dApps could have wrong logics
Is not possible to change the owner, this is a very bad practice, the private key could be leaked, or the admin could be revoked.