Sherlock
Summary
We have reviewed the code, documentation, and test suite and found several issues of various severities. Overall, we consider the code to be well-written and with an extensive testing suite, but we suggest adding more inline comments and further tests reflecting current issues displayed. The test suite also includes a gas analysis suite, something that is not very common but highly recommended. We also provide suggestions for improvements to follow the best practices. We recommend addressing all the **26** findings and the rest of the suggestions to harden the contracts for future deployments or contract updates. We recommend against deploying the code as-is. **Update:** Quantstamp has audited the changes based on the diffs for the `sherlock-v1-core` repository ([4de2ba1...c9aeaf5](https://github.com/sherlock-protocol/sherlock-v1-core/compare/4de2ba1...c9aeaf5)). Of the original 26 issues, 25 have been either fixed, acknowledged, or mitigated; 1 low impact issue has been removed as a non-issue in further discussions.
Issues (25)
Low | Medium | High | Critical | Total | |
|---|---|---|---|---|---|
Not fixed | 15 | 4 | - | - | 19 |
Fixed | 4 | 1 | 1 | - | 6 |
| Total | 19 | 5 | 1 | 0 | 25 |