<aside> 🧠A good auditor never makes mistrakes
</aside>
Botto is a decentralized, autonomous artist governed by $BOTTO holders.
BottoDAO approached GoldmanDAO to perform a review of its Botto Governance V2 smart contract. From February 4th to February 7th, 2022, the GoldmanDAO team conducted the review of the source code provided. Details on the scope and findings are collected in this document.
The code freeze started on January 28th, 2022 at commit https://github.com/bottoproject/smart-contracts/commit/e13e76c1d45b39fb4d589e6064099fb9dbc8b298 in Botto’s contracts repository. The branch has only a new commit from the last analysis, the one appended in the sentence before, and contains a total of two new contracts, one of them being a mock.
The main contract and the one that will be audited is:
Interaction with its libraries plus communications with other contracts and contract abstractions against BottoGovernanceV2.sol will also be included.
Our review resulted in 3 mayor findings, including 1 of high severity but easy fixing and 2 informational. Additionally we included a few code quality recommendations.
Update: On February 22, 2022, Botto’s team implemented most of the recommendations included in our review, see ‣. This report has been consequently ****updated to reflect mentioned changes.
BottoGovernanceV2.sol function calls overview
The Botto Governance V2 extends Botto’s Governance protocol to allow accounts to temporarily lock up (stake) their $BOTTO (ERC20) in exchange for a reward.