-
Exchange could be created with address 0.
-
Consider index
_token
address atCreatedExchange
event for traceability.
- Missing dev notation.
tokenToBaseExchangeTransferInput
doesn't pull sender tokens and therefore the base token reserves will be lowered meanwhile the token reserves will keep the same. Moreover, therecipient
will receive the tokens bought with the base and the sender will keep her tokens. This will allow the emptying of the base reserves from every exchange by another token.
-
AddLiquidity
event will be emitted twice ifp_totalSupply
is0
. -
Add reentrancy guard to avoid microtrading by swapping base to token (normal) -> token to base (profit) -> token to base (normal) -> base to token (profit) -> base to token and so on for ERC777 tokens.
-
removeBaseLiquidity
andremoveTokenLiquidity
are burningamount
only for either the base nor the token. This will freeze the other by not removing them usingremoveLiquidity
. Consider adding a secure mechanism for users to accept using those methods like a commit and reveal where a front-end can not confuse them by sending a built-in transaction.
-
Missing dev notation.
-
Desfswap.io
could bedefswap.io
. -
p_
prefix can be removed and therefore the getters. -
TODO
comment in code. -
For events log order, consider moving contract related events to the end.
-
Typo:
- Line 405:
defswap: _exchange can't be Uniswao
todefswap: _exchange can't be Uniswap
.
- Line 405:
- Is uniswap whitelisted? why taken fee?
- Why not minReturn > 0 ?