Backstop Syndicate for MakerDAO
Summary
The code is well-written and well-documented. Together with the code we also verified its [deployment](https://etherscan.io/address/backstopsyndicate.eth#code) on Ethereum mainnet. We have not found any significant issues with respect to the **deployed contracts**, however there is a rounding issue that may negatively impact usability for the last user to withdraw their tokens. Although we were unable to measure test coverage, we would **highly** recommend extending it with new test cases to cover likely and unlikely real-world scenarios with multiple syndicate bidders, multiple other bidders who are not part of the syndicate, and even multiple syndicates, various lot and bid configurations, etc. It is important to note, however, that, in general, some functions may be vulnerable to re-entrancy. We recommend that users verify any future deployments of these contracts. Due to urgency of the request, this is a security review, not a regular audit. The report can be consulted, but not absolutely relied on to make financial decisions.
Issues (4)
Low | Medium | High | Critical | Total | |
|---|---|---|---|---|---|
Not fixed | 4 | - | - | - | 4 |
Fixed | - | - | - | - | 0 |
| Total | 4 | 0 | 0 | 0 | 4 |