/Reach Protocol
Summary
The smart contract receives funds through the `receive()` and `createMission()` functions and distributes them per round (or version) to a given set of users determined by a Merkle root. Notably the current design is very centralized and the withdrawal logic depends solely on Merkele roots calculated and provided by off-chain roles, but the audit scope is only for the smart contract itself. The audit team managed to find `6` high-medium severity issues within the smart contract. Since the contract is already live but the project is still in the beta phase, we highly recommend addressing the findings as soon as possible. **2023-11-13 Update:** During our fix-review, the dev team changed the status of most of the findings to either fixed or acknowledged. However, a new medium severity issue "`createDistribution()` Does Not Support `_paymentType`" has been found during the review.
Issues (15)
Low | Medium | High | Critical | Total | |
|---|---|---|---|---|---|
Not fixed | 5 | 5 | 1 | - | 11 |
Fixed | 3 | 1 | - | - | 4 |
| Total | 8 | 6 | 1 | 0 | 15 |