Summary

Vulnerability: State variable token in L1Vault.sol should be declared as immutable.

Vulnerability Details

The contract L1Vault contains a state variable token of type IERC20, representing an interface to an ERC20 token. As a best practice, state variables that are not intended to change after their initialization should be marked as immutable. In this context, token is set in the constructor and doesn't require modification thereafter.

Impact

The absence of the immutable keyword doesn't present an immediate vulnerability but could lead to inadvertent changes or mismanagement of the token variable, potentially affecting the intended behavior of the contract.

Tools Used

Static analysis [slither] + manual inspection for reviewing validity

Recommendations

Update the token state variable declaration by adding the immutable keyword to prevent accidental changes after the contract's deployment. This enhances code readability, reduces the risk of unintended modifications, and aligns with best practices for state variable management.