QA Report

[code423n4]

LOW

Low#1: Missing zero address check for delegate._delegate and rewardsVault.

delegate

Missing zero address check could cause delegator to accidentaly delegate his voting power to a zero address. Please implement zero address check for delegatee.

rewardsVault Missing zero address check for rewardsVault might lead to relaunching the contract as there is no other way to change it in the contract.

NON-CRITICAL

Non-crit#1: HolyPaladinToken.sol and PaladinRewardReserve.sol use floating pragma with different solidity versions.

PaladinRewardReserve.sol: pragma solidity ^0.8.4; HolyPaladinToken.sol: pragma solidity ^0.8.1;

Using a unlocked pragma might result in contract being deployed with a version it was not tested with, resulting in bugs. Locking the pragma (by not using ^) ensures that contracts do not accidentally get deployed using an older compiler version. I also recommend using the same version of solidity for both contracts to keep it consistent.

Non-crit#2: Minor Typos

Please change trancking to tracking.

Please change was to what.

Non-crit#3: Syntax clarity and consistency

increaseLockDuration

If increaseLockDuration increases Lock duration I believe the function to increase lock amount should be named increaseLockAmount instead of increaseLock for better readability.

Non-crit#4: Use require instead of if.

updateUserRewards

Using require to replace the if statements shown below would bring more clarity to the code and its users.

if(user == address(0)) return;

if(rewardsLastUpdate[user] == block.timestamp) return; // Already updated for this block

Non-crit#5: Missing event for PaladinRewardReserve.transferToken

transferToken

Emitting an event for transferToken could increase transparency.

[Kogaroshi]

QA & gas optimizations changes are done in the PR: https://github.com/PaladinFinance/Paladin-Tokenomics/pull/6 (some changes/tips were implemented, others are noted but won't be applied)