# Questions for next client meeting 1. (CALEB) We noticed that you do not set the `BaseURI` in the constructor for `GenerativeNFT` - It is also possible for the BaseURI to be changed at any time, is this something you want? - **(Based on their response we should either make a finding or not)** 2. (CALEB) The `mintPerTx` limit can be bypassed 3. (QUAN) The total collection size cannot reach maximum (because of `<` instead of `<=`) 4. (QUAN) Emitting events using storage variables 5. (CALEB) `_safeMint(...)` allows for reentrancy - Because you guys DONT follow check-effects-interactions the supply count doesn't change - This means that when you re-enter a function you try to mint the same token which will revert - So by not following CEI you saved yourself from a reentrancy issue - However the best approach is to add a reentrancy guard to the mint function 6. (QUAN) We have looked into signature replay attacks more and have found two scenarios depending on if it's ERC721 or ERC1155 - If ERC721 then it's low probability but if token comes back into ownership of original signer within deadline then can transfer again - If ERC1155 then it's can be exploited right after owner sign the signature. For example, If a user has 1000 tokens but creates a signature to transfer 100 tokens, this message can be repeated 10 times to transfer the entire amount to the recipient.