Coinvise
Summary
We have reviewed the code, documentation, and test suite and found several issues of various severities. Overall, we consider the code to be well-written but with insufficient documentation and a suboptimal testing suite. The documentation is very bare-bones with little technical detail. The Wiki gives an idea of how the app is supposed to work from the front-end aspect. The role of each contract should be further documented and readily available. Currently, the test suite is not in good shape, at least 1 test is failing and the code coverage can be dramatically improved. We have outlined suggestions to better follow best practices, and recommend addressing all the findings to tighten the contracts for future deployments or contract updates. We also provide suggestions for improvements to follow the best practices. We recommend addressing all the **21** findings to harden the contracts for future deployments or contract updates. We recommend against deploying the code as-is. <br><br> **After reaudit:** Quantstamp has performed a reaudit to check the proposed fixes. All of the previously identified issues were either resolved (15 issues) or acknowledged (6 issues). Tests are very exhaustive but *not all tests are* currently passing. During reaudit we found Hardhat Coverage module was not working. Newly added contracts were not audited, best practice is not to add new functionality on reaudits: `NFTProxy`, `TokenLinearBondedEthDeployer`, `Erc20TokenLinearBondedErc20Payable`, `Erc20TokenLinearBondedEthPayable`, `Erc20TokenSigmoidBondedErc20Payable`, `Erc20TokenSigmoidBondedEthPayable`.
Issues (21)
Low | Medium | High | Critical | Total | |
|---|---|---|---|---|---|
Not fixed | 8 | 2 | - | - | 10 |
Fixed | 5 | 5 | 1 | - | 11 |
| Total | 13 | 7 | 1 | 0 | 21 |