Lack of documentation
There are certain areas in the code where some mechanisms are not documented. For example, the role onlyTimelock
or the modification of the signature verification would benefit from documentation about the rationales behind the design choices and the interactions with other parts of the system.
Code maturity is very important in high-assurance projects. Undocumented code may result in developer confusion, potentially leading to future bugs should the code be modified later on. In general, a lack of documentation impedes the auditors' and external developers' ability to read, understand, and extend the code. The problem is also carried over if the code is ever forked or reused.
We recommend adding more comments to the code — especially comments that tie operations in code to locations in the documentation and brief comments to reaffirm developers' understanding.