Open hats-bug-reporter[bot] opened 4 months ago
The inconsistency in licence notices is noted, and should be corrected. However the present exercise is a security audit of the code, and the licence notice has no effect on contract behavior.
Moving to low as there is a mistake which is correctly identified here.
Github username: -- Twitter username: -- Submission hash (on-chain): 0x9bb82cef3f97255cacce68209a9e6d8e06c7032f755fc4e165fd9fa3f3e24c98 Severity: low
Description: Description\
The github repo of
Blast-Futures-Exchange
readme specifically mentions,However, this is not correct. See below contracts using different licenses.
1) Bfx.sol -
// SPDX-License-Identifier: BUSL-1.1
2) BfxVault.sol-// SPDX-License-Identifier: BUSL-1.1
3) EIP712Verifier.sol-// SPDX-License-Identifier: MIT
4) IPoolDeposit.sol-// SPDX-License-Identifier: BUSL-1.1
5) IVault.sol-// SPDX-License-Identifier: BUSL-1.1
6)PoolDeposit.sol-// SPDX-License-Identifier: BUSL-1.1
only one contract has MIT license and it must be noted that making source code available always touches on legal problems with regards to copyright.
The Business Source License(BUSL) is not an Open Source license and MIT license gives express permission for users to reuse code for any purpose.
Per readme, It can be seen that the code wants to open source, Therefore, all contracts should be MIT licensed.
The issue is idenified as low severity with below contest rules,
Recommendation\
Keep the license type same in all contracts, if readme info is correct then all contracts should have MIT license.