# LayerZero Audit Notes **Auditor:** Jake Bunce **Client:** LayerZero https://layerzero.network/ https://www.dropbox.com/s/dm8zqpr04sibk7a/LayerZero_Whitepaper_Release.pdf?dl=1 **Commit:** `b387062eed56eb0b74104d9e986779e9d2253585` ## Review of the protocol/implementation **[1] Solidity version and SafeMath** **Severity: Low** **Files Affected:** `*.sol` The version of Solidity in use across the project is `0.7.6`. From versions `>=0.8.0` SafeMath is included in the compiler so developers do not need to include this library or remember to use it correctly. **Recommendations:** Use a version of Solidity `>=0.8.0`. **[2] Mechanism of setting the bridge and factory could lead to a broken deployment** **Files Affected:** `Router.sol`, `Bridge.sol` **Severity: Low** The docstrings in [`setBridgeAndFactory()`](https://github.com/ryanzarick/stargate/blob/b387062eed56eb0b74104d9e986779e9d2253585/contracts/Router.sol#L68) indicate that these values should only be set once. A better pattern for this is to use the constructor which will allow for immutable variable assignment at deploy time. Same applies to the Bridge [`setRouter()`](https://github.com/ryanzarick/stargate/blob/b387062eed56eb0b74104d9e986779e9d2253585/contracts/Bridge.sol#L51) and Factory [`setRouter()`](https://github.com/ryanzarick/stargate/blob/b387062eed56eb0b74104d9e986779e9d2253585/contracts/Factory.sol#L29). **Failure Scenario:** 1) Contracts are deployed and operational. 2) Actor with the `onlyOwner` role calls `setBridgeAndFactory()` with the zero address for the bridge and factory contract addresses. 3) There is no ability to change these to the correct contract addresses. **Recommendations:** Set these one time variable assignments at deploy time in the constructor. **[3] Unlocked Pragma** **Files Affected:** `interfaces/IStargateFeeLibrary.sol` Default AL text **[4] LP Staking start and bonus block heights could be in the past** **Files Affected:** `LPStaking.sol` **Severity: Medium** [`The constructor`](https://github.com/ryanzarick/stargate/blob/b387062eed56eb0b74104d9e986779e9d2253585/contracts/LPStaking.sol#L70) accepts arguments for the start and bonus block heights. No check is performed on the values of these arguments and consequently block heights in the past may be provided and accepted. **Recommendations:** Check the arguments for these values are not in the past. **[5] Re-entrancy in updatePool()** **Files Affected:** `LPStaking.sol` **Severity: High** Default AL text **Recommendations:** Update `pool.lastRewardBlock = block.number;` before minting Stargate tokens to follow the Checks-Effects-Interactions pattern. **[6] Missing event for paused transfers** **Files Affected:** `OmnichainFungibleToken.sol` **Severity: Low** Transfers of this token can be [paused](https://github.com/ryanzarick/stargate/blob/b387062eed56eb0b74104d9e986779e9d2253585/contracts/OmnichainFungibleToken.sol#L44) with the `paused` bool. Emitting an event is useful for people to track this event in production. **Recommendations:** Emit and event when sending tokens is paused and unpaused. ## Best Practices **[1] Lint Errors** **Files Affected:** `*.sol` ``` Bridge.sol 64:2 error Line length must be no more than 120 but current length is 133 max-line-length 89:2 error Line length must be no more than 120 but current length is 124 max-line-length 91:2 error Line length must be no more than 120 but current length is 144 max-line-length 94:2 error Line length must be no more than 120 but current length is 140 max-line-length 101:2 error Line length must be no more than 120 but current length is 130 max-line-length 103:2 error Line length must be no more than 120 but current length is 126 max-line-length 125:2 error Line length must be no more than 120 but current length is 134 max-line-length 139:2 error Line length must be no more than 120 but current length is 123 max-line-length 197:2 error Line length must be no more than 120 but current length is 121 max-line-length 233:2 error Line length must be no more than 120 but current length is 134 max-line-length 300:2 error Line length must be no more than 120 but current length is 140 max-line-length Factory.sol 52:2 error Line length must be no more than 120 but current length is 122 max-line-length LPTokenERC20.sol 109:2 error Line length must be no more than 120 but current length is 132 max-line-length OmnichainFungibleToken.sol 90:2 error Line length must be no more than 120 but current length is 145 max-line-length 110:2 error Line length must be no more than 120 but current length is 131 max-line-length 119:2 error Line length must be no more than 120 but current length is 134 max-line-length Pool.sol 55:2 error Line length must be no more than 120 but current length is 132 max-line-length 67:2 error Line length must be no more than 120 but current length is 128 max-line-length 72:2 error Line length must be no more than 120 but current length is 124 max-line-length 111:2 error Line length must be no more than 120 but current length is 124 max-line-length 208:2 error Line length must be no more than 120 but current length is 128 max-line-length 269:2 error Line length must be no more than 120 but current length is 133 max-line-length Router.sol 51:2 error Line length must be no more than 120 but current length is 127 max-line-length 56:2 error Line length must be no more than 120 but current length is 136 max-line-length 57:2 error Line length must be no more than 120 but current length is 135 max-line-length 127:2 error Line length must be no more than 120 but current length is 125 max-line-length 187:2 error Line length must be no more than 120 but current length is 133 max-line-length 274:2 error Line length must be no more than 120 but current length is 140 max-line-length 317:2 error Line length must be no more than 120 but current length is 132 max-line-length 329:2 error Line length must be no more than 120 but current length is 143 max-line-length 400:2 error Line length must be no more than 120 but current length is 141 max-line-length 407:2 error Line length must be no more than 120 but current length is 123 max-line-length interfaces/ILayerZeroEndpoint.sol 8:2 error Line length must be no more than 120 but current length is 196 max-line-length 10:2 error Line length must be no more than 120 but current length is 184 max-line-length 14:2 error Line length must be no more than 120 but current length is 134 max-line-length interfaces/ILayerZeroUserApplicationConfig.sol 14:2 error Line length must be no more than 120 but current length is 137 max-line-length ✖ 36 problems (36 errors, 0 warnings) ```
Last changed by  
Jake Bunce
190

Read more

Chingari Token Audit Notes

Auditor: Jake Bunce Client: Chingari Commit: 1a609d9c96a3bb3c84b727836f865eacefe8391b Review of the protocol/implementation Best Practices [1] Lack of docstrings

3/11/2022
LayerZero Re-Re-audit

Pool.sol At the struct ChainPath, we place the bool ready (line 27, line 389) as the first variable to compactly pack the Chainpath. Affects gas utilisation only, but agreed. Router.sol In redeemLocal (line 184), if the redeem amount is 0, it should revert instead of sending the credit out. This is not a bug but will impact UX. This change will not introduce any functional problem to the system

 Agreed

3/11/2022
Nifty Apes

Auditor: Jake Bunce Client: Nifty Apes Commit: 799ca93a8eed0a0750a4245f8f695779077784c4 Review of the protocol/implementation [1] Lack of documentation Severity: High

3/8/2022
KeeperDAO-6 Audit Notes

Auditor: Jake Bunce Client: KepperDAO https://www.keeperdao.com/ https://github.com/keeperdao/ Commit: 3eb359bed1d21813124b904c5ca5c54cc1c43373 Review of the protocol/implementation [1] Claimable addition event

1/21/2022
Read more from Jake Bunce
Published on HackMD