consistently use `msg.sender` or `_msgSender()`(recommended)

[code423n4]

Handle

hack3r-0m

Vulnerability details

https://github.com/code-423n4/2021-08-floatcapital/blob/main/contracts/contracts/FloatToken.sol

At L32,L33 and L34 msg.sender is used to idenfity sender while at L65 _msgSender() is used, keep it consistent so entity making the transaction has clear idea if meta-transaction are supported or not.

This results in improving code clarity, possibly logical error.

[JasoonS]

Good point.

If we want to support meta-transactions directly in our contracts (not via a contract wallet) then we will need to make this change.

That hasn't been our intention.

It is probably best practice to use _msgSender everywhere anyway if we are using OZ contracts.

Risk: 0 non-critical

[0xean]

agree with sponsor on the downgrade based on clarity of code.

0 — Non-critical: Code style, clarity, syntax, versioning, off-chain monitoring (events etc), exclude gas-optimisations.