JPEG'd Part 3
Summary
We have reviewed the code, documentation, and test suite and found several issues of various severities. Overall, we consider the code to be well-written but with insufficient documentation in the form of expected interaction diagrams, although inline comments and docstrings are extremely good and detailed. The test suite is very extensive but can be improved given the suggested changes from this report. We have outlined suggestions to better follow best practices, and recommend addressing all the findings to tighten the contracts for future deployments or contract updates. We recommend addressing all the **10** findings to harden the contracts for future deployments or contract updates. We recommend against deploying the code as-is. <br/> **Update:** Quantstamp has audited the changes based on the commit for the `jpegd` repository ([56d7ac1](https://github.com/iceboxup/jpegd/pulls?q=is%3Apr+is%3Aclosed+QSP)). Of the original 10 issues, all 9 active issues have been either fixed, acknowledged, or mitigated. The remaining issue was found to be a false positive.
Issues (9)
Low | Medium | High | Critical | Total | |
|---|---|---|---|---|---|
Not fixed | 6 | 1 | - | - | 7 |
Fixed | 2 | - | - | - | 2 |
| Total | 8 | 1 | 0 | 0 | 9 |