Function initalize() of AstariaRouter.sol lacks in documentation for the following arguments:
_WITHDRAW_IMPL_CLEARING_HOUSE_IMPL_BEACON_PROXY_IMPL
AstariaRouter has multiple payable public methods: mint(), deposit(), withdraw(), redeem(), and pullToken(). ETH accidentally sent to this contract via these methods cannot be recovered unless the contract is selfdestructed or upgraded.
The following variables are not used and hence can be removed.
address tokenContract = underlying.tokenContract;
uint256 tokenId = underlying.tokenId;In multiple locations in PublicVault.sol, require statements lack in descriptive error information.
require(s.allowList[receiver]); // in mint()require(s.allowList[receiver]); // in deposit()Add an error description in the second argument, or create a custom error type such as error NotInAllowList() and throw it with revert.
In multiple locations in VaultImplementation.sol, require statements lack in descriptive error messages.
require(msg.sender == owner()); //owner is "strategist"Add an error description in the second argument, or create a custom error type and throw it with revert.
The field ERC20 WETH in the RouterStorage struct is not being used anywhere in the code. This can be removed to reduce the storage space.
The following snippet
require(assets > minDepositAmount(), "VALUE_TOO_SMALL");in the deposit and mint functions implicitly assumes that minDepositAmount is non-inclusive. Clarify this in the documentation.
uint256 assets = totalAssets();is not used and hence can be removed.