You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Some third-party code is copy-pasted into the project but it is not attributed.
Copy-pasting leads to the risk that code will become (or has been) stale. By attributing code, it is easier to check that the latest versions are being used. This includes Spawner.sol, whose primary home appears to be outside of this project.
Recommendation: Add a comment like the following at the top for all copy-pasted code:
// From https://github.com/OpenZeppelin/openzeppelin-contracts// openzeppelin-contracts/contracts/token/ERC20/IERC20.sol// at commit 49042f2b1ae76eb9befa12000b98211981a139ec
Additional notes: yes, even OZ (especially OZ) makes mistakes and I’ve seen vulnerabilities or other problems come from failing to do this.
Some third-party code is copy-pasted into the project but it is not attributed.
Copy-pasting leads to the risk that code will become (or has been) stale. By attributing code, it is easier to check that the latest versions are being used. This includes Spawner.sol, whose primary home appears to be outside of this project.
Recommendation: Add a comment like the following at the top for all copy-pasted code:
Additional notes: yes, even OZ (especially OZ) makes mistakes and I’ve seen vulnerabilities or other problems come from failing to do this.
References:
erasure-protocol/contracts/helpers/openzeppelin-solidity/math/SafeMath.sol
Lines 1 to 6 in 4a3d98c
The text was updated successfully, but these errors were encountered: