Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Third-party code is not attributed #273

Open
fulldecent opened this issue Nov 18, 2019 · 0 comments
Open

Third-party code is not attributed #273

fulldecent opened this issue Nov 18, 2019 · 0 comments
Labels
improvement

Comments

@fulldecent
Copy link
Contributor

Some third-party code is copy-pasted into the project but it is not attributed.

Copy-pasting leads to the risk that code will become (or has been) stale. By attributing code, it is easier to check that the latest versions are being used. This includes Spawner.sol, whose primary home appears to be outside of this project.

Recommendation: Add a comment like the following at the top for all copy-pasted code:

// From https://github.com/OpenZeppelin/openzeppelin-contracts
// openzeppelin-contracts/contracts/token/ERC20/IERC20.sol
// at commit 49042f2b1ae76eb9befa12000b98211981a139ec

Additional notes: yes, even OZ (especially OZ) makes mistakes and I’ve seen vulnerabilities or other problems come from failing to do this.

References:
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
improvement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@fulldecent @thegostep