QA Report

[code423n4]

1. Usage of safeApprove is not recommended. OpenZeppelin have deprecated this function here

SafeERC20.safeApprove(IERC20(_assetIn), address(pool), _amountIn);

2. abi.encodepacked() should not be used with dynamic types when passing the result to a hash function such as keccak256(). Use abi.encode() instead which will pad items to 32 bytes, which will prevent hash. “Unless there is a compelling reason, abi.encode should be preferred”.

return keccak256(abi.encodePacked(bytes(_name).length, _name, bytes(_symbol).length, _symbol, _decimals));

[jakekidd]

1 approval needs to be reset to 0 and then increased, so we are stuck using safeApprove method in order to do s

2 ack but no dynamic types here, message encoding is very controlled