Open code423n4 opened 2 years ago
need pragma for reference contracts, indexed events are more expensive and these values are not going to be used repeatedly
Floating compiler versions
Their config pins the version used, so this is a minor style preference. I often using floating personally so that when I upgrade versions the diff is just the config and therefore easy to review.
event is missing indexed fields
There is a cost to using indexed, so it should only be added where it will add value. It's not indicated which fields would be appropriate to index here.
Since none of these are clear wins, closing as invalid.
Agree with Judge and Sponsor, but would consider indexing the Conduit on creation as that could be arguably used to then list to future events on it.
Because of that I think 1 NC is valid from this report
2 NC per updated judging on #67
Floating pragma and different compiler versions among contracts
Some of the contracts are using the floating pragma of >=0.8.7 and others use 0.8.13 Contracts should be deployed with the same compiler version and flags that they have been tested with thoroughly. Locking the pragma helps to ensure that contracts do not accidentally get deployed using, for example, an outdated compiler version that might introduce bugs that affect the contract system negatively. It is also recommended to use the same solidity version for all the contracts.
References: https://swcregistry.io/docs/SWC-103 https://github.com/crytic/slither/wiki/Detector-Documentation#different-pragma-directives-are-used
Events missing indexed fields
Each event can have up to 3 indexed fields.