QA Report

[code423n4]

See the markdown file with the details of this report here.

[c4-judge]

Picodes marked the issue as grade-b

[PierrickGT]

L-1: Added comment about winners array length in this PR: https://github.com/GenerationSoftware/pt-v5-claimer/pull/18 I don't see any problem with the for loop itself though, the transaction would just revert if out of gas.

L-2: fixed in this PR: https://github.com/GenerationSoftware/pt-v5-twab-controller/pull/23 L-3: no line number, so really difficult to know which code is being referenced. L-4: this is an internal function that calls twabController.mint(), which has nothing to do with OZ safeMint. L-5: has been fixed: https://github.com/GenerationSoftware/pt-v5-claimer/blob/7b62fb8c7e40b08631813eec4163a866c3a313bc/src/Claimer.sol#L119 L-6: no need for a reentrancy guard. L-7: has been removed. L-8: again, not related to OZ safeMint. N-1: won't update naming convention N-2: the code is more legible when assigning 0 than using delete N-3: won't implement this suggestion N-4: won't implement a two stage procedures for setter functions N-5: has already been fixed N-6 and N-7: we already use a two steps ownership process