GalloDaSballo
commented
1 year ago [01] Use .call instead of .transfer to send ether
L
[02] Unbounded loop
L
[03] Use the safe variant and ERC721.mint
L
[04] Usage of deprecated chainlink API
L
[05] Consider using OpenZeppelin's SafeERC20 for ERC20 transfers to ensure compatibility with non-standard tokens
OOS
[06] Lack of checks-effects-interactions
L
[07] Lack of zero address checks for Trading.sol constructor for the variables _position, _gov and _pairsContract
L
[08] Add an event for critical parameter changes
NC
[09] Missing unit tests
R
[10] Pragma float
NC
[11] Contract layout and order of functions
NC
[12] Use time units directly
R
[13] Avoid shadowing in GovNFT.sol
Dispute as it's a function
[14] Declare interfaces on separate files
R
[15] Constants should be upper case
R
[16] Use private constant consistently
NC
[17] Add a limit for the maximum number of characters per line
NC
[18] Declaring a return named variable and returning a manual value for the same function
R
[19] Lack of spacing in comment
NC
[20] Critical changes should use two-step procedure
NC
[21] Missing NATSPEC
NC
[22] Avoid using the optimizer if possible, due to it's potential security bugs which can affect the contracts in scope
Disputed, optimizer good
[23] Interchangeable usage of uint and uint256
NC
[24] Move require/validation statements to the top of the function when validating input parameters
R
[25] Remove console.log import in Lock.sol
NC
[26] Draft openzeppelin dependencies
R
[27] Named imports can be used
NC
[28] Imports can be grouped together
NC
[29] Constant redefined elsewhere
R
[30] Convert repeated validation statements into a function modifier to improve code reusability
R
[31] Large multiples of ten should use scientific notation.
R
c4-sponsor
c4-judge
See the markdown file with the details of this report here.