Zircuit - L2 Upgradeable Contract
Summary
The `L2UpgradeableERC20` contract is a Layer 2 ERC20 token implementation, managing minting, burning, and transfers, with a special `BRIDGE` actor in charge of minting and burning tokens in order to ensure consistency of accounting across chains. The contract is designed for use in an upgradeable proxy pattern, requiring careful selection of proxy admins to prevent potential vulnerabilities, particularly in handling upgrades. The contract is a fork of `OptimismMintableERC20`, and although there are some differences, including the addition of `permit()` functionality, we do not find that any of the changes have introduced vulnerabilities. Our audit found no major security issues. We have made a couple suggestions concerning efficiency and input validation. Moreover, we recommend adding documentation to clarify the precise use cases of the contract and the expected configuration in each case. **Update**: The suggestion regarding variable visibility has been acknowledged and the suggestion regarding input validation has been fixed.
Issues (2)
Low | Medium | High | Critical | Total | |
|---|---|---|---|---|---|
Not fixed | 1 | - | - | - | 1 |
Fixed | 1 | - | - | - | 1 |
| Total | 2 | 0 | 0 | 0 | 2 |