1

INCORRECT ACCESS CONTROL

critical

1

Access control missing modifier on sensitive function, may lead to loss of funds/tokens.

Not Available

2

BLOCK.NUMBER INCONSISTENCIES ON VARIOUS L2S

medium

0

block.number behaves differently on Optimism (L2 block) vs Arbitrum (L1 block). Can cause timing inconsistencies across chains.

Not Available

3

PRECISION LOSS DURING DIVISION

medium

2

Solidity truncates division results to integers; risk of inaccuracies when dividing large numbers.

Not Available

4

MODIFIER SIDE EFFECTS

medium

0

Modifier making sensitive state changes instead of just validation (violates Checks-Effects-Interactions).

Not Available

5

OUTDATED COMPILER VERSION

low

2

Using outdated compiler exposes to public bugs/issues.

Not Available

6

NONREENTRANT MODIFIER PLACEMENT

low

0

nonReentrant should be placed before all other modifiers.

Not Available

7

USE OWNABLE2STEP

low

0

Ownable2Step safer than Ownable as ownership transfer requires acceptance by new owner.

Not Available

8

MISSING EVENTS

low

1

Events missing in functions, making off-chain tracking difficult.

Not Available

9

USE OF FLOATING PRAGMA

low

2

Floating pragma allows compilation with unsafe versions.

Not Available

10

MISSING ZERO ADDRESS VALIDATION

low

2

No validation for zero address inputs in critical functions. May lead to invalid/unusable states.

Not Available

11

CONSIDER USING UINT48 FOR TIME VARIABLES

informational

2

Time vars use uint256 instead of uint48, wasting gas.

Not Available

12

BLOCK VALUES AS A PROXY FOR TIME

informational

1

Using block.timestamp or block.number for time is unreliable due to reorgs and variable block times.

Not Available

13

MISSING UNDERSCORE IN NAMING VARIABLES

informational

0

Private/internal variables not following underscore prefix convention.

Not Available

14

MISSING INDEXED KEYWORDS IN EVENTS

informational

2

Event parameters not indexed, making filtering harder off-chain.

Not Available

15

NAME MAPPING PARAMETERS

informational

0

After Solidity 0.8.18, mapping parameters can be named for clarity, but are not.

Not Available

16

MISSING PAYABLE IN CALL FUNCTION

informational

0

.call() with msg.value used in non-payable function, may fail.

Not Available

17

CHEAPER CONDITIONAL OPERATORS

gas

0

Use x != 0 instead of x > 0 for unsigned ints (line 387).

Not Available

18

USE BITMAPS INSTEAD OF BOOLEANS

gas

2

Multiple bools waste storage. Bitmaps pack them efficiently. (line 19).

Not Available

19

STORAGE VARIABLE CACHING

gas

0

State vars read multiple times in functions; should cache in memory to save gas. (lines 226–232, 281–293, 300–307, 384–393, 450–454).

Not Available

20

DEFAULT INT VALUES MANUALLY RESET

gas

0

Resetting int vars to zero manually wastes gas. Use .delete. (lines 74, 157, 167, 442, 536–537, 587–588).

Not Available

21

FUNCTIONS CAN BE IN-LINED

gas

0

Internal function called only once. Inline to save gas. (lines 295–540).

Not Available

22

REVERTING FUNCTIONS CAN BE PAYABLE

gas

0

Mark onlyOwner functions payable to lower gas for legitimate callers. (lines 97–590).

Not Available

23

OPTIMIZING ADDRESS ID MAPPING

gas

0

Combine multiple mappings into struct to save storage/gas. (lines 20, 27, 40, 277–278).

Not Available

24

AVOID ZERO-TO-ONE STORAGE WRITES

gas

2

Zero → non-zero storage writes costly. Initialize non-zero where possible. (lines 75–199, 570–572).

Not Available

25

CACHE ADDRESS(THIS)

gas

0

Multiple uses of address(this) should be cached. (lines 79, 417, 509).

Not Available

26

NAMED RETURN OF LOCAL VARIABLE

gas

0

Use named returns instead of local variable for efficiency. (lines 531–540).

Not Available

27

AVOID RE-STORING VALUES

gas

0

Avoid updating storage if new value = old value. Saves gas. (lines 97–560, 569–574).

Not Available