# Tamago contract code review
Contract: https://github.com/tamago-finance/tamago-finance/blob/main/contracts/NFTLuckBoxUpgradeable.sol
## 1. Unused variable
Severity: Low
Description: Unused variable `uint256 test = 1;`(L425)
Recommendation: Remove unused variable
## 2. No check for deposit of ERC721 and ERC1155
Severity: Low
Description: Anyone can call `depositERC721` and `depositERC1155`
Recommendation: Add check for `who` can deposit to which `event` and `project`
## 3. No check for function `finalizeEvent`
Severity: High
Description: Anyone can call `finalizeEvent`
Recommendation: Should have some check for previliged functions
Status: Fixed in commit https://github.com/tamago-finance/tamago-finance/pull/120/commits/4db1f57f00f50de526cb85907fb142a8bc2764e9
## 4. Use `external` for external functions to save gas
Severity: Low
Description: Some functions are only call by external parties, better use `external` instead of `public` to save gas
Recommendation: Use `external` for external functions