GalloDaSballo
commented
1 year ago [L-01] collect() function allows re-entrancy from hookable tokens 1 OOS
[L-02] Danger "while" loop 1 Disputing
[L-03] Missing Event for initialize 5 NC
[L-04] Lack of control to assign 0 values in the value assignments of critical state variables in the constructor 1 L
[L-05] Project Upgrade and Stop Scenario should be 1 NC
[L-06] Draft Openzeppelin Dependencies 1 R
[L-07] Loss of precision due to rounding 1 Disputed
[L-08] Some events are missing msg.sender parameters 1 NC
[L-09] Need Fuzzing test
NC
[L-10] Using both mint and safeMint method at the same time is not the right way for security
Disputing
[L-11] Cross-chain replay attacks are possible with callSigned 1 Invalid -3 (see OZ hasTypeData)
[N-01] Implement some type of version counter that will be incremented automatically for contract upgrades 1 R
[N-02] Insufficient coverage All Contracts Disputing
[N-03] Function writing that does not comply with the Solidity Style Guide All Contracts NC
[N-04] Tokens accidentally sent to the contract cannot be recovered 1 NC as it's not intended to receive funds
[N-05] Assembly Codes Specific – Should Have Comments 12 Disputing
[N-06] For functions, follow Solidity standard naming conventions (internal function style rule) 8 NC
[N-07] Floating pragma 8 NC
[N-08] Use SMTChecker
Same as fuzzing
[N-09] Add NatSpec Mapping comment 16 NC
[N-10] Remove Unused Codes 1 NC
[N-11] Highest risk must be specified in NatSpec comments and documentation 1 NC
[N-12] Not using the type name in function specified in returns causes confusion 1 R
[N-13] Use a single file for all system-wide constants R
c4-judge
See the markdown file with the details of this report here.