Open code423n4 opened 2 years ago
Use fixed pragma
Disagree. We intentionally use a floating pragma in order to make integrating with contracts easier. Other contract developers are looking to interact with our contracts and they may be on a different version than we use. The pragma selected for our contracts is the minimum required in order to correctly compile and function. This way integration is easier if they lag a few versions behind, or if they use the latest but we don't bump our packages frequently enough, and when we do upgrade versions unless there was a breaking solidity change -- it should just swap in by incrementing our npm package version.
Use safeMint
Agree will fix - for context see our response here.
[N-01 ] Typo
Agree, fixed.
Low Risk
[L-01] Floating pragma
It's a good practice to avoid the use of floating pragma. Code must be compiled with the same version it as been tested the most. It also avoids the use of any nightly builds which can have unexpected and unknown behaviors
4 instances:
Consider replacing
^0.8.12
by0.8.12
Low risk because the tremendous majority of the time there is any risk.
[L-02] The use of
_mint()
is discouragedThe use of
_safeMind()
instead of_mint()
can prevent tokens from being lost and is from a documentation point of view a better practice.2 instances:
https://github.com/code-423n4/2022-08-foundation/blob/main/contracts/NFTDropCollection.sol#L182
Consider replacing
_mint()
by_safemind()
.Non Critical
[N-01 ] Typo
to sent -> to send
seems more right.2 instances: