QA Report

[code423n4]

Don't use deprecated library functions

Information : L005 - Do not use Deprecated Library Functions SafeERC20.sol - safeApprove

Instances include :

contracts/RewardHandler.sol:52:        IERC20(targetLpToken).safeApprove(address(bkdLocker), burnedAmount);
contracts/RewardHandler.sol:64:        IERC20(token).safeApprove(spender, type(uint256).max);
contracts/tokenomics/FeeBurner.sol:118:        IERC20(token_).safeApprove(spender_, type(uint256).max);
contracts/zaps/PoolMigrationZap.sol:27:            IERC20(underlying_).safeApprove(address(newPool_), type(uint256).max);

Recommendation

Usage of deprecated library functions, for instance safeApprove from OpenZeppelin's SafeERC20 library is discouraged, it is recommended to use safeIncreaseAllowance and safeDecreaseAllowance instead.

---

Too many digits

Information : Too many digits

Instances include :

contracts/utils/CvxMintAmount.sol:10:    uint256 private constant _CLIFF_SIZE = 100000 * 1e18; //new cliff every 100,000 tokens
contracts/utils/CvxMintAmount.sol:12:    uint256 private constant _MAX_SUPPLY = 100000000 * 1e18; //100 mil max supply

Recommendation

Use the scientific notation

---

Block timestamp

Information : Block timestamp

Instances include :

contracts/utils/Preparable.sol:110:        require(block.timestamp >= deadline, Error.DEADLINE_NOT_REACHED);
contracts/tokenomics/Minter.sol:190:        if (block.timestamp >= lastInflationDecay + _INFLATION_DECAY_PERIOD) {
contracts/BkdLocker.sol:141:            if (stashedWithdraws[i].releaseTime <= block.timestamp) {

Recommendation

Avoid relying on block.timestamp.

---

Typos

Instances include:

invlude, successfull

contracts/BkdLocker.sol:     * @dev This does not invlude the gov. tokens queued for withdrawal.
contracts/tokenomics/FeeBurner.sol:    event Burned(address targetLpToken, uint256 amountBurned); // Emmited after a successfull burn to target lp token

[GalloDaSballo]

Appreciate the typos, rest not so much