Pools’ withdraw functions always return true, but their return value is always checked. The return
value could be avoided.
• Signature control contract is cast to MultisigControl or IMultisigControl inconsistently.
I would suggest using.
• MultisigControl, whose functionality is known.
• vega_public_key in bridge’s deposit functions is only used in the event emit in without any
checks.
• ERC20 bridge’s withdraw_asset does not check whether the asset is listed.
• Some inconsistent comments in ETH_Bridge_Logic, line 16.
• The ERC20 Asset pool is not holding any assets, and it simply calls IERC20.transfer in its withdraw
function.
• The purpose of signatures.length % 65 == 0 check in verify_signatureof
MultiSigControl is unclear. Just == 0 could be use to check for emptiness.
• ETH Pool’s withdrawal requirement of address(this).balance >= amount is redundant.
• In ERC20 Bridge, vega_asset_ids_to_source and
asset_source_to_vega_asset_id are never used, only read.