The source-units hardly contain any inline documentation which makes it hard to reason about methods and how they are supposed to be used.
Additionally, test-coverage seems to be limited.
Especially for a public-facing exchange contract system test-coverage should be extensive, covering all methods and functions that can directly be accessed including potential security-relevant and edge-cases.
This would have helped in detecting some of the findings raised with this report.
Consider adding natspec-format compliant inline code documentation, describe functions, what they are used for, and who is supposed to interact with them.
Document function or source-unit specific assumptions. Increase test coverage.
- ConsenSys Audit 1inch Finding 4.1
- Documentation & Testing
- Minimal Commands
- Limited Test Coverage
- Add Comments
- Increase Test Coverage