GalloDaSballo
commented
1 year ago [01] DefaultAccount._isValidSignature FUNCTION CAN CONSIDER VALID SIGNATURES, WHICH HAVE v BEING 0 OR 1, THAT ARE SIGNED BY USING web3.eth.sign AS INVALID NC because it's a JS issue, not smart contract
[02] L2EthToken.withdraw FUNCTION CAN CHECK IF _l1Receiver IS NOT address(0) L
[03] LACK OF ACCESS CONTROL FOR L2EthToken.withdraw FUNCTION Disputed as you'd call it by sending value to it which means that the MsgValueSimulator would add the balance to it
[04] FLOATING PRAGMAS NC
[05] UNNECESSARY CHECK IN DefaultAccount._isValidSignature'S RETURN VALUE R, although the check for 0 would be necessary anyway
[06] REDUNDANT RETURN STATEMENTS FOR FUNCTIONS WITH NAMED RETURNS CAN BE REMOVED R
[07] require CAN BE USED INSTEAD OF assert R [08] CONSTANTS CAN BE USED INSTEAD OF MAGIC NUMBERS R
[09] ForceDeployment STRUCT CAN BE MOVED TO IContractDeployer INTERFACE NC
[10] ORDER OF FUNCTIONS DOES NOT FOLLOW OFFICIAL STYLE GUIDE NC
[11] ORDER OF LAYOUT DOES NOT FOLLOW OFFICIAL STYLE GUIDE NC
[12] INCOMPLETE NATSPEC COMMENTS NC
[13] MISSING NATSPEC COMMENTS NC
c4-judge
See the markdown file with the details of this report here.