# Jake's Audit Notes: GMO (Re-audit) ## Whitepaper & specification about the protocol No whitepaper on https://adam.jp/ or Jira. Background on the project at https://www.gmo.jp/en/news/article/811/ "GMO Internet Group (https://www.gmo.jp/en/ ) will realize an authentic, safe, and secure digital content payment and distribution, and support the online content distribution revolution utilizing a non-fungible token (NFT) by working on the development of Adam byGMO (https://adam.jp ), a new NFT marketplace for sellers and buyers to be launched in August 2021." Project is an NFT marketplace. ## Review of the protocol/implementation **QSP-1 Access Modifier Inconsistent and Missing** - Resolved ✓ **QSP-2 Potential Reentrancy Attack** - Resolved ✓ **QSP-3 Allowance Double-Spend Exploit** - [Discussion] `RETURNER_ROLE` is never assigned to a user, so they will never be able to call this function. **QSP-4 Missing Index Checks** - Resolved ✓ **QSP-5 Misleading Event Emission On Burn** - Resolved ✓ **QSP-6 Batch grant/revoke Functions Missing Input Validation** - Resolved ✓ **QSP-7 Missing Input Validations** - Resolved ✓. Comment: Could validate the new address is not the same as the current address. **QSP-8 Function transfer() Is No Longer Recommended** - Resolved ✓ **QSP-9 Privileged Roles and Ownership** - [Discussion] Can't see updated documentation to support CoP **QSP-10 Suggestion On Lowering Gas Usage** - Resolved ✓ **QSP-11 Unlocked Pragma** - Resolved ✓ **QSP-12 Incorrect Access Control Implementation** - [Discussion] `MINTER_ROLE` is not defined so will not be callable **QSP-13 Unclear settle() Function** - [Discussion] Still not clear to me