Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Ethereum and Blast Exchanges>Discussion>Lack of documentation
GeneralOverview
Findings
High (2)
Medium (1)
Low (3)
Informational (2)
DiscussionLack of documentationCentralization risksEnforce a more recent Solidity version
Threat ModelWhat are threat models?BfxDepositU.solBfxU.solBfxVaultU.solPoolDepositU.solRabbitU.solVaultU.sol
Audit ResultsAssessment Results

Lack of documentation

There are certain areas in the code where some mechanisms are not documented. For example, the role onlyTimelock or the modification of the signature verification would benefit from documentation about the rationales behind the design choices and the interactions with other parts of the system.

Code maturity is very important in high-assurance projects. Undocumented code may result in developer confusion, potentially leading to future bugs should the code be modified later on. In general, a lack of documentation impedes the auditors' and external developers' ability to read, understand, and extend the code. The problem is also carried over if the code is ever forked or reused.

We recommend adding more comments to the code — especially comments that tie operations in code to locations in the documentation and brief comments to reaffirm developers' understanding.

Zellic © 2025Back to top ↑