AlchemistKlimaUpgradeable Manual Review Findings

CON-01M: Improper Re-Invocation Capability

Description:

The disableMinting function can be invoked an arbitrary amount of times while it is effectual only once.

Example:

Copy
31function disableMinting() external returns ( bool ) {
32    require(hasRole(DEFAULT_ADMIN_ROLE, _msgSender()), "Is not Admin");
33    allowMinting = false;
34    return allowMinting;
35}

Recommendation:

We advise it to only be invoke-able once.

Alleviation:

The KlimaDAO team considered this exhibit but opted to retain the codebase in its current state.