search

code-423n4 / 2022-08-foundation-findings

0 stars 0 forks source link

QA Report #196

Open code423n4 opened 2 years ago

code423n4 commented 2 years ago
  1. Misleading comments. versionNFTCollection and versionNFTDropCollection are uint32, not uint256 https://github.com/code-423n4/2022-08-foundation/blob/main/contracts/NFTCollectionFactory.sol#L206 https://github.com/code-423n4/2022-08-foundation/blob/main/contracts/NFTCollectionFactory.sol#L230
  2. Add modifier initializer to constructors of implementation contracts, so anyone can’t create and initialize instance of contract by himself and try to fool people to use that implementation directly. See here: https://forum.openzeppelin.com/t/uupsupgradeable-vulnerability-post-mortem/15680/5
HardlyDifficult commented 2 years ago

Misleading comments.

Agree, this was missed when we started packing. Will fix.

Use constructor to initialize templates

Agree this is a good best practice to add. Will fix.