Description

Codebases that contain commented-out functions, dead code, TODOs, FIXMEs, and other similar elements can be challenging to maintain and audit for security vulnerabilities. These elements can make it easier for developers to introduce bugs into the codebase unknowingly, as they may not be aware of the intended functionality of the commented-out or unfinished code. Additionally, leaving these elements in the codebase can clutter the code and make it harder to understand and maintain over time.

Impact

The codebase contains a significant number of TODOs, FIXMEs, commented-out code, dead code, and empty functions. This impacts readability and makes the codebase harder to comprehend and maintain.

• msg_server_remove_foreign_coin.go↗ - The RemoveForeignCoin handler is commented out and does nothing.

• observer_mapper.go↗ - The AddObserver handler is commented out and does nothing.

• keeper_chain_nonces.go↗ - The final else block is unreachable as both the true and false states for isFound and handled above.

There are 48 TODOs and FIXMEs in x/* and 37 in zetaclient/*, ranging from adding better error messages to correctly handling gas limits. By addressing these, the codebase will exhibit improved robustness, maintainability, and resilience against potential vulnerabilities, ultimately resulting in a more reliable and secure product for end users.

Recommendations

These issues should be fixed by completing or removing pending tasks, eliminating dead code and commented-out sections, and populating empty functions with appropriate logic or removing them altogether. This will not only enhance the code quality but also facilitate future audits and improve the system's overall security posture.

Remediation

This issue has been acknowledged by ZetaChain, and a fix was implemented in commit 80f47883↗.