Audit by Inference AG

We have a bot running on our end that duly executes the entrypoint every Thursday at 12 AM (UTC). The core team carefully monitors the execution. The scripts for the bot can be found here: https://github.com/Plenty-DeFi/next_epoch_cron In case, the execution has not occurred at the right time due to a potential bot failure. It can be called permissionless through https://better-call.dev/mainnet/KT1Xa92Nf6evFcEbxMXencfGPmS4urNyn5wd/interact/next_epoch

Ideally, this should not be an issue since bribes would mostly be added by protocol owners or DAOs that have a sufficient understanding of the system. However, to be on the safer side, we have to give a clear warning under the `Who can bribe?` section.

The scripts in the repository https://github.com/Plenty-DeFi/next_epoch_cron also handle the calling of appropriate entrypoint for fee distribution. In the event that the bot running the scripts ends up failing, the entrypoint can be called permissionless by passing the AMM address and epoch number through https://better-call.dev/mainnet/KT1Xa92Nf6evFcEbxMXencfGPmS4urNyn5wd/interact/pull_amm_fee

The race-condition issue is duly considered, and it will be handled accordingly during deployment through a batch deployment.

This will happen for a very small duration (possibly just one block) when nearing the end of the migration period i.e 2 years from now. A warning label will be added to the website in the approaching days.

The setAdministrator will be called once to replace the initial tz1 address-based admin with a multi-sig address. We shall take proper care to ensure that the admin transition is done correctly.