Severity: Low
Description
Several third-party contracts are copy-pasted into the repository, including several OpenZeppelin contracts as well as some from DappHub. Moreover, the code documentation does not specify the exact revision that was used and if it was modified. This makes receiving updates and security fixes on these dependencies unreliable as they must be updated manually.
Recommendations
Short term, review the codebase and document the source and version used of each dependency. Include the third-party sources as submodules in your Git repository so that internal path consistency can be maintained and dependencies are updated periodically.
Long term, use an Ethereum development environment and NPM to manage packages as part of your project.
Severity: Low
Description
Several third-party contracts are copy-pasted into the repository, including several OpenZeppelin contracts as well as some from DappHub. Moreover, the code documentation does not specify the exact revision that was used and if it was modified. This makes receiving updates and security fixes on these dependencies unreliable as they must be updated manually.
Recommendations
Short term, review the codebase and document the source and version used of each dependency. Include the third-party sources as submodules in your Git repository so that internal path consistency can be maintained and dependencies are updated periodically.
Long term, use an Ethereum development environment and NPM to manage packages as part of your project.