External istead of public | importing openzeppelin contracts | smart contract report

// contracts/GameItem.sol
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;

import "@openzeppelin/contracts/token/ERC721/extensions/ERC721URIStorage.sol";
import "@openzeppelin/contracts/utils/Counters.sol";

contract Token is ERC721URIStorage {
    using Counters for Counters.Counter;
    Counters.Counter private _tokenIds;

    constructor() ERC721("GameItem", "ITM") {}

    function mintItem(address player, string memory tokenURI)
        returns (uint256)
        uint256 newItemId = _tokenIds.current();
        _mint(player, newItemId);
        _setTokenURI(newItemId, tokenURI);

        return newItemId;

When we send the above contract to audit, we will get report like the following methods should be changed from public to external.

  1. balanceOf
  2. name
  3. symbol
  4. approve
  5. afeTransferFrom

To make the above methods as external, we have to flatten the contracts and make it external. Is there any alternate methods to pass audit report.

There is no reason why these functions need to be external. It's very questionable why this would come up in an audit.

Agree with Frangio here, setting a function to external over public can save gas in some very specific conditions, but besides that, it makes absolutely no difference. I'm questionning the relevance of the whole audit now, since this really looks like they ran your contract through solhint and sent you the output without even really looking at it. May i ask which company produced that audit report?

1 Like