Ai review #144
Ai review #144
Conversation
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 2 potential issues.
Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.
| }, | ||
| viaIR: false, | ||
| }, | ||
| }, |
There was a problem hiding this comment.
Compiler override targets non-existent file path
Low Severity
The new compiler override targets contracts/newLaunchpad/BondingV4.sol, but the actual contract lives at contracts/launchpadv2/BondingV4.sol. The contracts/newLaunchpad directory does not exist. This means the intended viaIR: false setting won't apply to BondingV4.sol, matching the pre-existing (likely broken) pattern for the BondingV2.sol override.
|
|
||
| // New: Mapping to mark AcpSkillLaunch tokens (same permissions as ProjectXLaunch) | ||
| mapping(address => bool) public isAcpSkillLaunch; | ||
| uint256 public acpSkillLaunchFee; |
There was a problem hiding this comment.
Uninitialized fee enables free launch after upgrade
Medium Severity
acpSkillLaunchFee defaults to 0 in this upgradeable contract. Since preLaunch is public and any caller can pass launchMode_ = 2 (LAUNCH_MODE_ACP_SKILL), there's a window after upgrade—before the admin calls setAcpSkillLaunchFee—where anyone can launch tokens with zero fee, bypassing the regular fee. An attacker could monitor the upgrade transaction and frontrun the fee-setting call.
Additional Locations (1)
1 participant
Note
Medium Risk
Changes an on-chain contract interface (
preLaunch) and adds new persistent storage fields/mode logic in an upgradeable contract, which can impact integrations and storage layout if deployed incorrectly.Overview
Introduces a new
ACP_SKILLlaunch mode inBondingV4alongside existing normal andX_LAUNCH, including separate tracking (isAcpSkillLaunch) and configurable fees (acpSkillLaunchFee).Refactors
BondingV4prelaunch entrypoints by removing the dedicatedpreLaunchProjectXLaunchpath and extendingpreLaunchwith alaunchMode_parameter, routing fee selection and launch-mode tagging through_getLaunchFee.Updates
AgentTaxto depend on minimal bonding interfaces and expandsupdateCreatorForProjectXLaunchAgentseligibility to include bothX_LAUNCHandACP_SKILL. Tests are updated/expanded to use the newpreLaunchsignature, validate the new mode/fee behavior, and simplify agentId lookup; Hardhat config and.openzeppelin/base-sepolia.jsonare updated to reflect newBondingV4compilation/deployment metadata.Written by Cursor Bugbot for commit bde44bd. This will update automatically on new commits. Configure here.