Open code423n4 opened 2 years ago
Unstake is mispelled as ‘Untake’
* @notice Untake tokens @audit Unstake
proposed change:
* @notice Unstake tokens @audit Unstake
https://github.com/code-423n4/2022-06-infinity/blob/765376fa238bbccd8b1e2e12897c91098c7e5ac6/contracts/staking/InfinityStaker.sol#L112
There is an extra space after ‘one’ and before ‘order’
@notice matches one order to many orders. example: a buy order with 5 specific nfts with 5 sell orders with those specific nfts.
https://github.com/code-423n4/2022-06-infinity/blob/765376fa238bbccd8b1e2e12897c91098c7e5ac6/contracts/core/InfinityExchange.sol#L172
address is mispelled as ‘adress’
/// @dev this is the adress that is used to send auto sniped orders for execution on chain @audit address
/// @dev this is the address that is used to send auto sniped orders for execution on chain
https://github.com/code-423n4/2022-06-infinity/blob/765376fa238bbccd8b1e2e12897c91098c7e5ac6/contracts/core/InfinityExchange.sol#L58
The constructor for contract InfinityToken lacks natspec documentation
constructor( address admin, uint256 epochInflation, uint256 epochDuration, uint256 epochCliff, uint256 maxEpochs, uint256 timelock, uint256 supply )
https://github.com/code-423n4/2022-06-infinity/blob/765376fa238bbccd8b1e2e12897c91098c7e5ac6/contracts/token/InfinityToken.sol#L37-L45
Due to the importance of advanceEpoch in minting it is reccomended that access control limits are present as to reduce potential attack vectors, either through an owner or minter role.
function advanceEpoch() external {
function advanceEpoch() external onlyOwner {
https://github.com/code-423n4/2022-06-infinity/blob/765376fa238bbccd8b1e2e12897c91098c7e5ac6/contracts/token/InfinityToken.sol#L60
Non-Critical
Typo
Unstake is mispelled as ‘Untake’
proposed change:
https://github.com/code-423n4/2022-06-infinity/blob/765376fa238bbccd8b1e2e12897c91098c7e5ac6/contracts/staking/InfinityStaker.sol#L112
There is an extra space after ‘one’ and before ‘order’
proposed change:
https://github.com/code-423n4/2022-06-infinity/blob/765376fa238bbccd8b1e2e12897c91098c7e5ac6/contracts/core/InfinityExchange.sol#L172
address is mispelled as ‘adress’
proposed change:
https://github.com/code-423n4/2022-06-infinity/blob/765376fa238bbccd8b1e2e12897c91098c7e5ac6/contracts/core/InfinityExchange.sol#L58
Natspec
The constructor for contract InfinityToken lacks natspec documentation
https://github.com/code-423n4/2022-06-infinity/blob/765376fa238bbccd8b1e2e12897c91098c7e5ac6/contracts/token/InfinityToken.sol#L37-L45
Low-Risk
Access Controls on important function
Due to the importance of advanceEpoch in minting it is reccomended that access control limits are present as to reduce potential attack vectors, either through an owner or minter role.
proposed change:
https://github.com/code-423n4/2022-06-infinity/blob/765376fa238bbccd8b1e2e12897c91098c7e5ac6/contracts/token/InfinityToken.sol#L60