# Nifty Apes **Auditor:** Jake Bunce **Client:** Nifty Apes **Commit:** `799ca93a8eed0a0750a4245f8f695779077784c4` ## Review of the protocol/implementation **[1] Lack of documentation** **Severity: High** There's a lack of documentation stating intended operation of this project. Therefore it's hard to make auditing decisions as to the quality and accuracy of the implementation. **[2] Many TODOs in code** **Severity: High** Across the codebase there are many TODOs, indicating that this implementation is not complete. **Recommendations:** Finish the intended implementation. **[2] Unlocked Pragma** **Files Affected:** `LiquidityProviders.sol, LendingAuction.sol, ExponentialNoError.sol, Exponential.sol, ErrorReporter.sol, CarefulMath.sol, ILiquidityProviders.sol, ILendingAuction.sol, ICToken.sol, ` Default AL text **[3] On chain components not present in project** **Severity: High** Loan issuance, extension, and transfer happens with off chain components. They have not been included in the repo so it's impossible to assess whether the overall system will work. **Recommendations:** Either include the off chain components or move all operations on chain. **[4] On chain order books are gas intensive** **Severity: Medium** **Files Affected:** `LendingAuction.sol` The implementation of an orderbook on chain will require users to spend gas to match with an offer, or to cancel an offer. In the event of high gas prices on Ethereum this could result in users being unable to cancel previous offers. **Recommendations:** Consider the impact of this for users, and consider alternative implementations as required. **[5] Function does not need to be payable** **Severity: Low** **Files Affected:** `LendingAuction.sol` The `payable` keyword is used for a function to receive Ether. This function does not process any Ether and therefore can be removed. **[6] Use of transferFrom()** **Files Affected:** `LendingAuction.sol`, `LiquidityProviders.sol` **Severity: Low** [`_executeLoanInternal()`](https://github.com/NiftyApes/contracts/blob/799ca93a8eed0a0750a4245f8f695779077784c4/src/LendingAuction.sol#L595) uses `transfer()` when moving the NFT into the loan contract. Same on lines 1241, 1404, 1465, Applies to `LiquidityProviders.sol` on lines 175, 235, 449, 596. **Recommendations:** Consider using [`safeTransferFrom()`](https://docs.openzeppelin.com/contracts/2.x/api/token/erc721#IERC721-safeTransferFrom) instead from OpenZeppelin which is a wrapper that ensures safer transfers by checking balances.
Last changed by  
Jake Bunce
185

Read more

Chingari Token Audit Notes

Auditor: Jake Bunce Client: Chingari Commit: 1a609d9c96a3bb3c84b727836f865eacefe8391b Review of the protocol/implementation Best Practices [1] Lack of docstrings

3/11/2022
LayerZero Re-Re-audit

Pool.sol At the struct ChainPath, we place the bool ready (line 27, line 389) as the first variable to compactly pack the Chainpath. Affects gas utilisation only, but agreed. Router.sol In redeemLocal (line 184), if the redeem amount is 0, it should revert instead of sending the credit out. This is not a bug but will impact UX. This change will not introduce any functional problem to the system

 Agreed

3/11/2022
LayerZero Audit Notes

Auditor: Jake Bunce Client: LayerZero https://layerzero.network/ https://www.dropbox.com/s/dm8zqpr04sibk7a/LayerZero_Whitepaper_Release.pdf?dl=1 Commit: b387062eed56eb0b74104d9e986779e9d2253585 Review of the protocol/implementation [1] Solidity version and SafeMath

2/3/2022
KeeperDAO-6 Audit Notes

Auditor: Jake Bunce Client: KepperDAO https://www.keeperdao.com/ https://github.com/keeperdao/ Commit: 3eb359bed1d21813124b904c5ca5c54cc1c43373 Review of the protocol/implementation [1] Claimable addition event

1/21/2022
Read more from Jake Bunce
Published on HackMD