ANN [Annex] Token

ANN (#112-693) contract sets array length with a user-controlled value:
- epochConfigs.push(newEC) (#387)
ANN (#112-693) contract sets array length with a user-controlled value:
- epochConfigs.push(newEpochConfig) (#211)
Do not allow array lengths to be set directly set; instead, opt to add values as needed. Otherwise, thoroughly review the contract to ensure a user-controlled variable cannot reach an array length assignment.

Additional information: link

ANN._writeCheckpoint(address,uint32,uint96,uint96) (#608-619) uses a dangerous strict equality:
- nCheckpoints > 0 && checkpoints[delegatee][nCheckpoints - 1].fromBlock == blockNumber (#611)
ANN.getEpochs(uint256) (#444-466) uses a dangerous strict equality:
- blocks == 0 (#458)
ANN.getHoldingReward(address) (#473-552) uses a dangerous strict equality:
- lastEpoch == 0 (#482)
ANN.getHoldingReward(address) (#473-552) uses a dangerous strict equality:
- tp.epoch == lastEligibleEpoch (#506)
ANN.setEpochConfig(uint32,uint32) (#377-390) uses a dangerous strict equality:
- prevEC.epoch == newEC.epoch (#384)
Don't use strict equality to determine if an account has enough Ether or tokens.

Additional information: link

Ownable.authorizeOwnershipTransfer(address).authorizedAddress (#82) lacks a zero-check on :
- _authorizedNewOwner = authorizedAddress (#83)
Check that the address is not zero.

Additional information: link

ANN.delegateBySig(address,uint256,uint256,uint8,bytes32,bytes32) (#310-319) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(now <= expiry,ANN::delegateBySig: signature expired) (#317)
Avoid relying on block.timestamp.

Additional information: link

ANN.getChainId() (#687-691) uses assembly
- INLINE ASM (#689)
Do not use evm assembly.

Additional information: link

ANN.add32(uint32,uint32,string) (#660-664) is never used and should be removed
Context._msgData() (#23-26) is never used and should be removed
Remove unused functions.

Additional information: link

Constant ANN.totalSupply (#123) is not in UPPER_CASE_WITH_UNDERSCORES
Constant ANN.eligibleEpochs (#126) is not in UPPER_CASE_WITH_UNDERSCORES
Follow the Solidity naming convention.

Additional information: link

Redundant expression "this (#24)" inContext (#14-27)
Remove redundant statements if they congest code but offer no value.

Additional information: link

Variable ANN.getHoldingReward(address).nTransferPoint (#475) is too similar to ANN.transferPoints (#160)
Prevent variables from having similar names.

Additional information: link

ANN.slitherConstructorConstantVariables() (#112-693) uses literals with too many digits:
- totalSupply = 1000000000e18 (#123)
Use: Ether suffix, Time suffix, or The scientific notation

Additional information: link

authorizedNewOwner() should be declared external:
- Ownable.authorizedNewOwner() (#71-73)
renounceOwnership(address) should be declared external:
- Ownable.renounceOwnership(address) (#104-109)
delegate(address) should be declared external:
- ANN.delegate(address) (#297-299)
delegateBySig(address,uint256,uint256,uint8,bytes32,bytes32) should be declared external:
- ANN.delegateBySig(address,uint256,uint256,uint8,bytes32,bytes32) (#310-319)
getPriorVotes(address,uint256) should be declared external:
- ANN.getPriorVotes(address,uint256) (#338-370)
setEpochConfig(uint32,uint32) should be declared external:
- ANN.setEpochConfig(uint32,uint32) (#377-390)
getCurrentEpochROI() should be declared external:
- ANN.getCurrentEpochROI() (#404-406)
getCurrentEpochConfig() should be declared external:
- ANN.getCurrentEpochConfig() (#412-417)
claimReward() should be declared external:
- ANN.claimReward() (#557-564)
Use the external attribute for functions never called from the contract.

Additional information: link