Updated as of block 15283162 at 8/5/2022, 11:33:15 AM ET
- ID: 87
- Proposer: 0x5B3bFfC0bcF8D4cAEC873fDcF719F60725767c98
- Start Block: 15130276 (7/12/2022, 5:22:58 PM ET)
- End Block: 15149476 (7/15/2022, 4:39:54 PM ET)
- Targets: 0xc730008C64783a283988b0fA3b5eE6b6F997922A
- Executor: 0xEE56e2B3D491590B5b31738cC34d5232F378a8D5 (Short executor)
- Simulation: https://dashboard.tenderly.co/me/simulator/5a18f524-97a9-4023-bff3-28afac1755b4
Proposal text
The Aave DAO is to perform a token swap with Balancer DAO. The Aave DAO is to acquire 200,000 BAL tokens for 16907.28 AAVE tokens based on a 90 day moving average exchange rate of 1 AAVE for 11.8292250604 BAL tokens.
Upon completion of the transaction the BAL tokens will be received into the mainnet Reserve Factor (RF).
This AIP only performs the very first step in creating a veBAL holding for the Aave DAO. This AIP performs only the token swap with Balancer by exchanging AAVE from the Ecosystem Reserve for 200,000 BAL tokens.
This is the initial transaction that will then allow for the 200,000 BAL tokens plus the aBAL tokens in the Reserve Factor (redeemed for BAL) are to be paired with sufficient ETH and deposited into the Balancer V2 BAL:ETH (80:20) pool. The B-80BAL-20WETH Liquidity Provider position will then be locked up for 1 year.
Initially, the veBAL will be used to vote BAL rewards to pools which support aTokens that create TVL for Aave and/or AAVE liquidity pools.
Aave and Balancer have a long history of working together. The AAVE : ETH (80/20) Balancer V1 pool BPT is accepted within the Aave Safe Module and the newly created Balancer Boosted Pools drive TVL to Aave markets, 1.
When the AAVE : ETH (80/20) Balancer V1 pool is moved to Balancer V2 and integrated into Aave’s Safety Module, the veBAL tokens can be used to vote BAL rewards to the newly created AAVE : ETH (80/20) Balancer V2 pool.
In addition, the veBAL can be used to vote BAL rewards to Balancer Boosted Pools which utilise Aave markets in the background to create yield for passively held liquidity, 2. There are likely to be many more Balancer Boosted Pools that utilise aTokens in the future and the veBAL votes can be used to help bootstrap these pools by directing BAL rewards to those pools. Using veBAL to vote for BAL rewards to pools that strengthen Aave is a strategic advantage of deploying the BAL tokens into the BAL:ETH pool.
By exchanging AAVE for BAL, the tokenswap reflects the ongoing collaboration and shared vision through governance in each other’s community. The token exchange is significant enough for Aave to become just outside of the Top 50 BAL tokens holder, based on etherscan BAL holder rankings, 3. Balancer will become a Top 80 AAVE holder, 4. Each community will have influence in the other’s governance process, enabling them to best represent their interests and to collaborate.
Aave will likely be one of the first movers in the upcoming BAL wars and will gain a strategic advantage to bootstrap new Balancer Boosted Pools which lead to tokens being deposited in Aave markets to earn yield. This has the benefit of creating TVL and Revenue for Aave.
The initial sizing to acquire 200,000 BAL was something that was reached via discussions with the Balancer community and happens to be the same size as the recent Tribe DAO and Balancer token swap, 5.
- The full test of the Proposal Payload can be found here: https://github.com/llama-community/aave-balancer-swap
- The full test of the Swap contract can be found here: https://github.com/llama-community/bal-aave-token-swap
Code Implementation of the OTC swap contract and AAVE proposal payload for AAVE Governance : https://github.com/llama-community/aave-balancer-swap
The full implementation consists of 4 steps:
- Deploy the Swap contract (
OtcEscrowApprovals). The Swap contract contains aswap()function that trustlessly executes a token swap between the AAVE Ecosystem Reserve + AAVE Mainnet Reserve Factor and Balancer treasury for the pre-determined and pre-approved token amounts. - Balancer treasury approves the Swap contract to transfer the 200,000 BAL tokens on its behalf.
- Deploy the Proposal Payload contract (
ProposalPayload). - The Proposal Payload contract contains an
execute()function that:
- Approves the Swap contract contract through the AAVE Ecosystem Reserve Controller to transfer 16907.28 AAVE from the AAVE Ecosystem Reserve.
- Calls the
swap()function on the Swap contract to execute the swap.
Steps 1, 2 and 3 are intended to be pre-requisites to the actual implementation of this proposal which is Step 4.
Deployed Contracts
- OtcEscrowApprovals = 0x5AE986d7ca23fc3519daaa589E1d38d19BA42a47
- ProposalPayload = 0xc730008C64783a283988b0fA3b5eE6b6F997922A
Copyright and related rights waived via CC0.
Info:
- State changes:
# OtcEscrowApprovals at `0x5AE986d7ca23fc3519daaa589E1d38d19BA42a47`
@@ hasSwapOccured @@
- false
+ true# InitializableAdminUpgradeabilityProxy at `0x7Fc66500c84A76Ad7e9c93437bFc5Ac33E2DDaE9` with implementation AaveTokenV2 (Aave Token) at `0xC13eac3B4F9EED480045113B7af00F7B5655Ece8`
@@ `_votingSnapshots` key `0x10a19e7ee7d7f8a52822f6817de8ea18204f2e4f`."0".blockNumber @@
- 0
+ 15173602
@@ `_votingSnapshots` key `0x25f2226b597e8f9514b3f68f00f494cf4f286491`."22392".blockNumber @@
- 0
+ 15173602
@@ `_balances` key `0x10a19e7ee7d7f8a52822f6817de8ea18204f2e4f` @@
- 0
+ 16907280000000000000000
@@ `_balances` key `0x25f2226b597e8f9514b3f68f00f494cf4f286491` @@
- 1685526026608901255135733
+ 1668618746608901255135733
@@ `_votingSnapshotsCounts` key `0x10a19e7ee7d7f8a52822f6817de8ea18204f2e4f` @@
- 0
+ 1
@@ `_votingSnapshotsCounts` key `0x25f2226b597e8f9514b3f68f00f494cf4f286491` @@
- 22392
+ 22393
@@ `_propositionPowerSnapshotsCounts` key `0x10a19e7ee7d7f8a52822f6817de8ea18204f2e4f` @@
- 0
+ 1
@@ `_propositionPowerSnapshotsCounts` key `0x25f2226b597e8f9514b3f68f00f494cf4f286491` @@
- 18728
+ 18729
@@ `_propositionPowerSnapshots` key `0x10a19e7ee7d7f8a52822f6817de8ea18204f2e4f`."0".blockNumber @@
- 0
+ 15173602
@@ `_propositionPowerSnapshots` key `0x25f2226b597e8f9514b3f68f00f494cf4f286491`."18728".blockNumber @@
- 0
+ 15173602
# BalancerGovernanceToken (Balancer) at `0xba100000625a3754423978a60c9317c58a424e3D`
@@ `_allowances` key `0x10a19e7ee7d7f8a52822f6817de8ea18204f2e4f`.0x5ae986d7ca23fc3519daaa589e1d38d19ba42a47 @@
- 200000000000000000000000
+ 0
@@ `_balances` key `0x10a19e7ee7d7f8a52822f6817de8ea18204f2e4f` @@
- 5561291463499131664600714
+ 5361291463499131664600714
@@ `_balances` key `0x464c71f6c2f760dda6093dcb91c24c39e5d6e18c` @@
- 0
+ 200000000000000000000000
Info:
- Events Emitted:
- InitializableAdminUpgradeabilityProxy at
0x7Fc66500c84A76Ad7e9c93437bFc5Ac33E2DDaE9with implementation AaveTokenV2 (Aave Token) at0xC13eac3B4F9EED480045113B7af00F7B5655Ece8Approval(owner: 0x25f2226b597e8f9514b3f68f00f494cf4f286491, spender: 0x5ae986d7ca23fc3519daaa589e1d38d19ba42a47, value: 16907280000000000000000)DelegatedPowerChanged(user: 0x25f2226b597e8f9514b3f68f00f494cf4f286491, amount: 1668618746608901255135733, delegationType: 0)DelegatedPowerChanged(user: 0x10a19e7ee7d7f8a52822f6817de8ea18204f2e4f, amount: 16907280000000000000000, delegationType: 0)DelegatedPowerChanged(user: 0x25f2226b597e8f9514b3f68f00f494cf4f286491, amount: 1668618746608901255135733, delegationType: 1)DelegatedPowerChanged(user: 0x10a19e7ee7d7f8a52822f6817de8ea18204f2e4f, amount: 16907280000000000000000, delegationType: 1)Transfer(from: 0x25f2226b597e8f9514b3f68f00f494cf4f286491, to: 0x10a19e7ee7d7f8a52822f6817de8ea18204f2e4f, value: 16907280000000000000000)Approval(owner: 0x25f2226b597e8f9514b3f68f00f494cf4f286491, spender: 0x5ae986d7ca23fc3519daaa589e1d38d19ba42a47, value: 0)
- BalancerGovernanceToken (Balancer) at
0xba100000625a3754423978a60c9317c58a424e3DTransfer(from: 0x10a19e7ee7d7f8a52822f6817de8ea18204f2e4f, to: 0x464c71f6c2f760dda6093dcb91c24c39e5d6e18c, value: 200000000000000000000000)Approval(owner: 0x10a19e7ee7d7f8a52822f6817de8ea18204f2e4f, spender: 0x5ae986d7ca23fc3519daaa589e1d38d19ba42a47, value: 0)
- OtcEscrowApprovals at
0x5AE986d7ca23fc3519daaa589E1d38d19BA42a47Swap(balAmount: 200000000000000000000000, aaveAmount: 16907280000000000000000)
- InitializableAdminUpgradeabilityProxy at
Info:
- Targets:
- 0xc730008C64783a283988b0fA3b5eE6b6F997922A: Contract (verified) (ProposalPayload)
Info:
- Touched address:
- 0x5B3bFfC0bcF8D4cAEC873fDcF719F60725767c98: EOA (verification not applicable)
- 0xEC568fffba86c094cf06b22134B23074DFE2252c: Contract (verified) (AaveGovernanceV2)
- 0xEE56e2B3D491590B5b31738cC34d5232F378a8D5: Contract (verified) (Executor)
- 0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e: Contract (verified) (GovernanceStrategy)
- 0x7Fc66500c84A76Ad7e9c93437bFc5Ac33E2DDaE9: Contract (verified) (InitializableAdminUpgradeabilityProxy)
- 0xC13eac3B4F9EED480045113B7af00F7B5655Ece8: Contract (verified) (AaveTokenV2)
- 0xc730008C64783a283988b0fA3b5eE6b6F997922A: Contract (verified) (ProposalPayload)
- 0x3d569673dAa0575c936c7c67c4E6AedA69CC630C: Contract (verified) (AaveEcosystemReserveController)
- 0x25F2226B597E8F9514B3F68F00f494cF4f286491: Contract (verified) (InitializableAdminUpgradeabilityProxy)
- 0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3: Contract (verified) (AaveEcosystemReserveV2)
- 0x5AE986d7ca23fc3519daaa589E1d38d19BA42a47: Contract (verified) (OtcEscrowApprovals)
- 0xba100000625a3754423978a60c9317c58a424e3D: Contract (verified) (BalancerGovernanceToken)
Info:
View Details
No compiler warnings for AaveEcosystemReserveV2 at `0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3` - Compiler warnings for InitializableAdminUpgradeabilityProxy at `0x25F2226B597E8F9514B3F68F00f494cF4f286491` with implementation AaveEcosystemReserveV2 at `0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3`View warnings for InitializableAdminUpgradeabilityProxy at `0x25F2226B597E8F9514B3F68F00f494cF4f286491` with implementation AaveEcosystemReserveV2 at `0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3`
WARNING:CryticCompile:Warning: contracts/libs/BaseAdminUpgradeabilityProxy.sol:14:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract BaseAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/libs/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/libs/InitializableUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/libs/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/libs/InitializableAdminUpgradeabilityProxy.sol:12:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableAdminUpgradeabilityProxy is
^ (Relevant source part starts here and spans across multiple lines).
contracts/libs/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
- No compiler warnings for AaveEcosystemReserveController at
0x3d569673dAa0575c936c7c67c4E6AedA69CC630C - Compiler warnings for OtcEscrowApprovals at
0x5AE986d7ca23fc3519daaa589E1d38d19BA42a47
View warnings for OtcEscrowApprovals at `0x5AE986d7ca23fc3519daaa589E1d38d19BA42a47`
ERROR:CryticCompile:ParserError: ParserError: Source "@openzeppelin/contracts/token/ERC20/IERC20.sol" not found: File not found. Searched the following locations: "".
--> src/OtcEscrowApprovals.sol:4:1:
|
4 | import "@openzeppelin/contracts/token/ERC20/IERC20.sol";
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
ParserError: ParserError: Source "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol" not found: File not found. Searched the following locations: "".
--> src/OtcEscrowApprovals.sol:5:1:
|
5 | import "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol";
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- Compiler warnings for InitializableAdminUpgradeabilityProxy at
0x7Fc66500c84A76Ad7e9c93437bFc5Ac33E2DDaE9with implementation AaveTokenV2 (Aave Token) at0xC13eac3B4F9EED480045113B7af00F7B5655Ece8
View warnings for InitializableAdminUpgradeabilityProxy at `0x7Fc66500c84A76Ad7e9c93437bFc5Ac33E2DDaE9` with implementation AaveTokenV2 (Aave Token) at `0xC13eac3B4F9EED480045113B7af00F7B5655Ece8`
WARNING:CryticCompile:Warning: contracts/open-zeppelin/Address.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/BaseUpgradeabilityProxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/Proxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/SafeMath.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/UpgradeabilityProxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol:13:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract BaseAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/open-zeppelin/Proxy.sol:15:3: The payable fallback function is defined here.
fallback () payable external {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/open-zeppelin/Proxy.sol:15:3: The payable fallback function is defined here.
fallback () payable external {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/open-zeppelin/InitializableAdminUpgradeabilityProxy.sol:12:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableAdminUpgradeabilityProxy is BaseAdminUpgradeabilityProxy, InitializableUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/open-zeppelin/Proxy.sol:15:3: The payable fallback function is defined here.
fallback () payable external {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/utils/MockTransferHook.sol:9:25: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function onTransfer(address from, address to, uint256 amount) external override {
^----------^
Warning: contracts/utils/MockTransferHook.sol:9:39: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function onTransfer(address from, address to, uint256 amount) external override {
^--------^
Warning: contracts/utils/MockTransferHook.sol:9:51: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function onTransfer(address from, address to, uint256 amount) external override {
^------------^
- No compiler warnings for GovernanceStrategy at
0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e - No compiler warnings for BalancerGovernanceToken (Balancer) at
0xba100000625a3754423978a60c9317c58a424e3D - Compiler warnings for AaveTokenV2 (Aave Token) at
0xC13eac3B4F9EED480045113B7af00F7B5655Ece8
View warnings for AaveTokenV2 (Aave Token) at `0xC13eac3B4F9EED480045113B7af00F7B5655Ece8`
WARNING:CryticCompile:Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:453:18: Warning: This declaration shadows an existing declaration.
constructor (string memory name, string memory symbol) public {
^----------------^
crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:462:5: The shadowed declaration is here:
function name() public view returns (string memory) {
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:453:38: Warning: This declaration shadows an existing declaration.
constructor (string memory name, string memory symbol) public {
^------------------^
crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:470:5: The shadowed declaration is here:
function symbol() public view returns (string memory) {
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:35:3: Warning: Interface functions are implicitly "virtual"
function delegateByType(address delegatee, DelegationType delegationType) external virtual;
^-----------------------------------------------------------------------------------------^
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:40:3: Warning: Interface functions are implicitly "virtual"
function delegate(address delegatee) external virtual;
^----------------------------------------------------^
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:45:3: Warning: Interface functions are implicitly "virtual"
function getDelegateeByType(address delegator, DelegationType delegationType)
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:56:3: Warning: Interface functions are implicitly "virtual"
function getPowerCurrent(address user, DelegationType delegationType)
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:66:3: Warning: Interface functions are implicitly "virtual"
function getPowerAtBlock(
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:75:3: Warning: Interface functions are implicitly "virtual"
function totalSupplyAt(uint256 blockNumber) external virtual view returns (uint256);
^----------------------------------------------------------------------------------^
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:453:5: Warning: Visibility for constructor is ignored. If you want the contract to be non-deployable, making it "abstract" is sufficient.
constructor (string memory name, string memory symbol) public {
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:1161:3: Warning: Visibility for constructor is ignored. If you want the contract to be non-deployable, making it "abstract" is sufficient.
constructor() public ERC20(NAME, SYMBOL) {}
^-----------------------------------------^
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:913:26: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function totalSupplyAt(uint256 blockNumber) external override view returns (uint256) {
^-----------------^
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:1079:5: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
uint128 oldValue,
^--------------^
- Compiler warnings for ProposalPayload at
0xc730008C64783a283988b0fA3b5eE6b6F997922A
View warnings for ProposalPayload at `0xc730008C64783a283988b0fA3b5eE6b6F997922A`
ERROR:CryticCompile:ParserError: ParserError: Source "@openzeppelin/contracts/token/ERC20/IERC20.sol" not found: File not found. Searched the following locations: "".
--> src/OtcEscrowApprovals.sol:4:1:
|
4 | import "@openzeppelin/contracts/token/ERC20/IERC20.sol";
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
ParserError: ParserError: Source "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol" not found: File not found. Searched the following locations: "".
--> src/OtcEscrowApprovals.sol:5:1:
|
5 | import "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol";
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Info:
View Details
Slither report for AaveEcosystemReserveV2 at `0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3`View report for AaveEcosystemReserveV2 at `0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3`
�[93m
AaveEcosystemReserveV2.balanceOf(uint256,address).vars (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#860) is a local variable never initialized
AaveEcosystemReserveV2.createStream(address,uint256,address,uint256,uint256).vars (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#931) is a local variable never initialized
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#uninitialized-local-variables�[0m
�[92m
Reentrancy in AaveEcosystemReserveV2.cancelStream(uint256) (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#1013-1038):
External calls:
- token.safeTransfer(stream.recipient,recipientBalance) (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#1028)
Event emitted after the call(s):
- CancelStream(streamId,stream.sender,stream.recipient,senderBalance,recipientBalance) (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#1030-1036)
Reentrancy in AaveEcosystemReserveV2.withdrawFromStream(uint256,uint256) (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#983-1003):
External calls:
- IERC20(stream.tokenAddress).safeTransfer(stream.recipient,amount) (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#1000)
Event emitted after the call(s):
- WithdrawFromStream(streamId,stream.recipient,amount) (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#1001)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-3�[0m
�[92m
AaveEcosystemReserveV2.deltaOf(uint256) (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#827-838) uses timestamp for comparisons
Dangerous comparisons:
- block.timestamp <= stream.startTime (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#834)
- block.timestamp < stream.stopTime (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#835)
AaveEcosystemReserveV2.createStream(address,uint256,address,uint256,uint256) (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#914-972) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(startTime >= block.timestamp,start time before block.timestamp) (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#925-928)
AaveEcosystemReserveV2.withdrawFromStream(uint256,uint256) (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#983-1003) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(balance >= amount,amount exceeds the available balance) (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#994)
AaveEcosystemReserveV2.cancelStream(uint256) (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#1013-1038) uses timestamp for comparisons
Dangerous comparisons:
- recipientBalance > 0 (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#1027)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#block-timestamp�[0m
�[92m
Address.verifyCallResult(bool,bytes,string) (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#437-457) uses assembly
- INLINE ASM (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#449-452)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage�[0m
�[92m
Address.functionCall(address,bytes) (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#321-323) is never used and should be removed
Address.functionCallWithValue(address,bytes,uint256) (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#350-356) is never used and should be removed
Address.functionDelegateCall(address,bytes) (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#410-412) is never used and should be removed
Address.functionDelegateCall(address,bytes,string) (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#420-429) is never used and should be removed
Address.functionStaticCall(address,bytes) (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#383-385) is never used and should be removed
Address.functionStaticCall(address,bytes,string) (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#393-402) is never used and should be removed
SafeERC20.safeDecreaseAllowance(IERC20,address,uint256) (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#536-557) is never used and should be removed
SafeERC20.safeIncreaseAllowance(IERC20,address,uint256) (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#520-534) is never used and should be removed
SafeERC20.safeTransferFrom(IERC20,address,address,uint256) (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#483-493) is never used and should be removed
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dead-code�[0m
�[92m
Pragma version0.8.11 (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#2) necessitates a version too recent to be trusted. Consider deploying with 0.6.12/0.7.6/0.8.7
solc-0.8.11 is not recommended for deployment
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-versions-of-solidity�[0m
�[92m
Low level call in Address.sendValue(address,uint256) (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#296-301):
- (success) = recipient.call{value: amount}() (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#299)
Low level call in Address.functionCallWithValue(address,bytes,uint256,string) (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#364-375):
- (success,returndata) = target.call{value: value}(data) (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#373)
Low level call in Address.functionStaticCall(address,bytes,string) (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#393-402):
- (success,returndata) = target.staticcall(data) (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#400)
Low level call in Address.functionDelegateCall(address,bytes,string) (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#420-429):
- (success,returndata) = target.delegatecall(data) (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#427)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls�[0m
�[92m
Function IAdminControlledEcosystemReserve.ETH_MOCK_ADDRESS() (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#159) is not in mixedCase
Variable VersionedInitializable.______gap (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#231) is not in mixedCase
Variable AdminControlledEcosystemReserve._fundsAdmin (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#661) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions�[0m
�[92m
AaveEcosystemReserveV2.initialize(address) (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#773-776) uses literals with too many digits:
- _nextStreamId = 100000 (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#774)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#too-many-digits�[0m
�[92m
VersionedInitializable.______gap (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#231) is never used in AaveEcosystemReserveV2 (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#730-1040)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unused-state-variable�[0m
0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3 analyzed (9 contracts with 78 detectors), 29 result(s) found
- Slither report for InitializableAdminUpgradeabilityProxy at
0x25F2226B597E8F9514B3F68F00f494cF4f286491with implementation AaveEcosystemReserveV2 at0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3
View report for InitializableAdminUpgradeabilityProxy at `0x25F2226B597E8F9514B3F68F00f494cF4f286491` with implementation AaveEcosystemReserveV2 at `0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3`
Warning: contracts/libs/BaseAdminUpgradeabilityProxy.sol:14:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract BaseAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/libs/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/libs/InitializableUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/libs/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/libs/InitializableAdminUpgradeabilityProxy.sol:12:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableAdminUpgradeabilityProxy is
^ (Relevant source part starts here and spans across multiple lines).
contracts/libs/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
�[91m
InitializableUpgradeabilityProxy.initialize(address,bytes) (contracts/libs/InitializableUpgradeabilityProxy.sol#20-28) uses delegatecall to a input-controlled function id
- (success) = _logic.delegatecall(_data) (contracts/libs/InitializableUpgradeabilityProxy.sol#25)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#controlled-delegatecall�[0m
�[92m
ERC20.constructor(string,string,uint8).name (contracts/libs/ERC20.sol#25) shadows:
- ERC20.name() (contracts/libs/ERC20.sol#37-39) (function)
- IERC20Detailed.name() (contracts/interfaces/IERC20Detailed.sol#10) (function)
ERC20.constructor(string,string,uint8).symbol (contracts/libs/ERC20.sol#26) shadows:
- ERC20.symbol() (contracts/libs/ERC20.sol#44-46) (function)
- IERC20Detailed.symbol() (contracts/interfaces/IERC20Detailed.sol#12) (function)
ERC20.constructor(string,string,uint8).decimals (contracts/libs/ERC20.sol#27) shadows:
- ERC20.decimals() (contracts/libs/ERC20.sol#51-53) (function)
- IERC20Detailed.decimals() (contracts/interfaces/IERC20Detailed.sol#14) (function)
InitializableAdminUpgradeabilityProxy.initialize(address,address,bytes)._admin (contracts/libs/InitializableAdminUpgradeabilityProxy.sol#27) shadows:
- BaseAdminUpgradeabilityProxy._admin() (contracts/libs/BaseAdminUpgradeabilityProxy.sol#100-105) (function)
MintableErc20.constructor(string,string,uint8).name (contracts/mocks/MintableErc20.sol#12) shadows:
- ERC20.name() (contracts/libs/ERC20.sol#37-39) (function)
- IERC20Detailed.name() (contracts/interfaces/IERC20Detailed.sol#10) (function)
MintableErc20.constructor(string,string,uint8).symbol (contracts/mocks/MintableErc20.sol#13) shadows:
- ERC20.symbol() (contracts/libs/ERC20.sol#44-46) (function)
- IERC20Detailed.symbol() (contracts/interfaces/IERC20Detailed.sol#12) (function)
MintableErc20.constructor(string,string,uint8).decimals (contracts/mocks/MintableErc20.sol#14) shadows:
- ERC20.decimals() (contracts/libs/ERC20.sol#51-53) (function)
- IERC20Detailed.decimals() (contracts/interfaces/IERC20Detailed.sol#14) (function)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#local-variable-shadowing�[0m
�[92m
AaveGenesisExecutor.constructor(address,uint256,IProxyWithAdminActions,ILendToAaveMigratorImplWithInitialize,IProxyWithAdminActions,IAaveTokenImpl,IProxyWithAdminActions,IAaveIncentivesVaultImplWithInitialize,IProxyWithAdminActions).aaveGovernance (contracts/AaveGenesisExecutor.sol#48) lacks a zero-check on :
- AAVE_GOVERNANCE = aaveGovernance (contracts/AaveGenesisExecutor.sol#58)
AaveGenesisProposalPayload.constructor(uint256,IAssetVotingWeightProvider,IAaveGenesisExecutor,IProxyWithAdminActions,IProxyWithAdminActions,IProxyWithAdminActions,IProxyWithAdminActions,address,address).lendVoteStrategyToken (contracts/AaveGenesisProposalPayload.sol#56) lacks a zero-check on :
- LEND_VOTE_STRATEGY_TOKEN = lendVoteStrategyToken (contracts/AaveGenesisProposalPayload.sol#66)
AaveGenesisProposalPayload.constructor(uint256,IAssetVotingWeightProvider,IAaveGenesisExecutor,IProxyWithAdminActions,IProxyWithAdminActions,IProxyWithAdminActions,IProxyWithAdminActions,address,address).aaveVoteStrategyToken (contracts/AaveGenesisProposalPayload.sol#57) lacks a zero-check on :
- AAVE_VOTE_STRATEGY_TOKEN = aaveVoteStrategyToken (contracts/AaveGenesisProposalPayload.sol#67)
InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (contracts/libs/InitializableUpgradeabilityProxy.sol#20) lacks a zero-check on :
- (success) = _logic.delegatecall(_data) (contracts/libs/InitializableUpgradeabilityProxy.sol#25)
BaseAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes).newImplementation (contracts/libs/BaseAdminUpgradeabilityProxy.sol#87) lacks a zero-check on :
- (success) = newImplementation.delegatecall(data) (contracts/libs/BaseAdminUpgradeabilityProxy.sol#93)
UpgradeabilityProxy.constructor(address,bytes)._logic (contracts/libs/UpgradeabilityProxy.sol#20) lacks a zero-check on :
- (success) = _logic.delegatecall(_data) (contracts/libs/UpgradeabilityProxy.sol#24)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-zero-address-validation�[0m
�[92m
Modifier BaseAdminUpgradeabilityProxy.ifAdmin() (contracts/libs/BaseAdminUpgradeabilityProxy.sol#36-42) does not always execute _; or revertReference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-modifier�[0m
�[92m
Reentrancy in AaveGenesisProposalPayload.execute() (contracts/AaveGenesisProposalPayload.sol#73-102):
External calls:
- LEND_TO_AAVE_MIGRATOR_PROXY.changeAdmin(newAdmin) (contracts/AaveGenesisProposalPayload.sol#76)
- AAVE_TOKEN_PROXY.changeAdmin(newAdmin) (contracts/AaveGenesisProposalPayload.sol#77)
- AAVE_INCENTIVES_VAULT_PROXY.changeAdmin(newAdmin) (contracts/AaveGenesisProposalPayload.sol#78)
- STAKED_AAVE_PROXY.changeAdmin(newAdmin) (contracts/AaveGenesisProposalPayload.sol#79)
- ASSET_VOTING_WEIGHT_PROVIDER.setVotingWeight(IERC20(LEND_VOTE_STRATEGY_TOKEN),0) (contracts/AaveGenesisProposalPayload.sol#82)
- ASSET_VOTING_WEIGHT_PROVIDER.setVotingWeight(IERC20(AAVE_VOTE_STRATEGY_TOKEN),1) (contracts/AaveGenesisProposalPayload.sol#85)
- IStakedAaveConfig(address(STAKED_AAVE_PROXY)).configureAssets(config) (contracts/AaveGenesisProposalPayload.sol#98)
- AAVE_GENESIS_EXECUTOR.setActivationBlock(block.number + ACTIVATION_BLOCK_DELAY) (contracts/AaveGenesisProposalPayload.sol#100)
Event emitted after the call(s):
- ProposalExecuted() (contracts/AaveGenesisProposalPayload.sol#101)
Reentrancy in AaveGenesisExecutor.startMigration() (contracts/AaveGenesisExecutor.sol#84-125):
External calls:
- LEND_TO_AAVE_MIGRATOR_PROXY.upgradeToAndCall(address(LEND_TO_AAVE_MIGRATOR_IMPL),migratorParams) (contracts/AaveGenesisExecutor.sol#92-95)
- AAVE_TOKEN_PROXY.upgradeToAndCall(address(AAVE_TOKEN_IMPL),aaveTokenParams) (contracts/AaveGenesisExecutor.sol#106)
- AAVE_INCENTIVES_VAULT_PROXY.upgradeToAndCall(address(AAVE_INCENTIVES_VAULT_IMPL),aaveIncentivesVaultParams) (contracts/AaveGenesisExecutor.sol#117-120)
- _returnAdminsToGovernance() (contracts/AaveGenesisExecutor.sol#122)
- LEND_TO_AAVE_MIGRATOR_PROXY.changeAdmin(AAVE_GOVERNANCE) (contracts/AaveGenesisExecutor.sol#138)
- AAVE_TOKEN_PROXY.changeAdmin(AAVE_GOVERNANCE) (contracts/AaveGenesisExecutor.sol#139)
- AAVE_INCENTIVES_VAULT_PROXY.changeAdmin(AAVE_GOVERNANCE) (contracts/AaveGenesisExecutor.sol#140)
- STAKED_AAVE_PROXY.changeAdmin(AAVE_GOVERNANCE) (contracts/AaveGenesisExecutor.sol#141)
Event emitted after the call(s):
- MigrationStarted() (contracts/AaveGenesisExecutor.sol#124)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-3�[0m
�[92m
Address.isContract(address) (contracts/libs/Address.sol#25-36) uses assembly
- INLINE ASM (contracts/libs/Address.sol#32-34)
BaseAdminUpgradeabilityProxy._admin() (contracts/libs/BaseAdminUpgradeabilityProxy.sol#100-105) uses assembly
- INLINE ASM (contracts/libs/BaseAdminUpgradeabilityProxy.sol#102-104)
BaseAdminUpgradeabilityProxy._setAdmin(address) (contracts/libs/BaseAdminUpgradeabilityProxy.sol#111-117) uses assembly
- INLINE ASM (contracts/libs/BaseAdminUpgradeabilityProxy.sol#114-116)
BaseUpgradeabilityProxy._implementation() (contracts/libs/BaseUpgradeabilityProxy.sol#32-37) uses assembly
- INLINE ASM (contracts/libs/BaseUpgradeabilityProxy.sol#34-36)
BaseUpgradeabilityProxy._setImplementation(address) (contracts/libs/BaseUpgradeabilityProxy.sol#52-63) uses assembly
- INLINE ASM (contracts/libs/BaseUpgradeabilityProxy.sol#60-62)
Proxy._delegate(address) (contracts/libs/Proxy.sol#31-54) uses assembly
- INLINE ASM (contracts/libs/Proxy.sol#32-53)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage�[0m
�[92m
Address.sendValue(address,uint256) (contracts/libs/Address.sol#54-60) is never used and should be removed
Context._msgData() (contracts/libs/Context.sol#19-22) is never used and should be removed
ERC20._burn(address,uint256) (contracts/libs/ERC20.sol#185-193) is never used and should be removed
ERC20._setDecimals(uint8) (contracts/libs/ERC20.sol#215-217) is never used and should be removed
ERC20._setName(string) (contracts/libs/ERC20.sol#207-209) is never used and should be removed
ERC20._setSymbol(string) (contracts/libs/ERC20.sol#211-213) is never used and should be removed
SafeERC20.safeTransfer(IERC20,address,uint256) (contracts/libs/SafeERC20.sol#22-28) is never used and should be removed
SafeERC20.safeTransferFrom(IERC20,address,address,uint256) (contracts/libs/SafeERC20.sol#30-37) is never used and should be removed
SafeMath.div(uint256,uint256) (contracts/libs/SafeMath.sol#101-103) is never used and should be removed
SafeMath.div(uint256,uint256,string) (contracts/libs/SafeMath.sol#116-127) is never used and should be removed
SafeMath.mod(uint256,uint256) (contracts/libs/SafeMath.sol#140-142) is never used and should be removed
SafeMath.mod(uint256,uint256,string) (contracts/libs/SafeMath.sol#155-162) is never used and should be removed
SafeMath.mul(uint256,uint256) (contracts/libs/SafeMath.sol#76-88) is never used and should be removed
SafeMath.sub(uint256,uint256) (contracts/libs/SafeMath.sol#43-45) is never used and should be removed
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dead-code�[0m
�[92m
Low level call in Address.sendValue(address,uint256) (contracts/libs/Address.sol#54-60):
- (success) = recipient.call{value: amount}() (contracts/libs/Address.sol#58)
Low level call in BaseAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes) (contracts/libs/BaseAdminUpgradeabilityProxy.sol#87-95):
- (success) = newImplementation.delegatecall(data) (contracts/libs/BaseAdminUpgradeabilityProxy.sol#93)
Low level call in InitializableUpgradeabilityProxy.initialize(address,bytes) (contracts/libs/InitializableUpgradeabilityProxy.sol#20-28):
- (success) = _logic.delegatecall(_data) (contracts/libs/InitializableUpgradeabilityProxy.sol#25)
Low level call in SafeERC20.callOptionalReturn(IERC20,bytes) (contracts/libs/SafeERC20.sol#51-63):
- (success,returndata) = address(token).call(data) (contracts/libs/SafeERC20.sol#55)
Low level call in UpgradeabilityProxy.constructor(address,bytes) (contracts/libs/UpgradeabilityProxy.sol#20-27):
- (success) = _logic.delegatecall(_data) (contracts/libs/UpgradeabilityProxy.sol#24)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls�[0m
�[92m
Variable AaveGenesisExecutor.AAVE_GOVERNANCE (contracts/AaveGenesisExecutor.sol#29) is not in mixedCase
Variable AaveGenesisExecutor.LEND_TO_AAVE_MIGRATOR_PROXY (contracts/AaveGenesisExecutor.sol#30) is not in mixedCase
Variable AaveGenesisExecutor.LEND_TO_AAVE_MIGRATOR_IMPL (contracts/AaveGenesisExecutor.sol#31) is not in mixedCase
Variable AaveGenesisExecutor.AAVE_TOKEN_PROXY (contracts/AaveGenesisExecutor.sol#32) is not in mixedCase
Variable AaveGenesisExecutor.AAVE_TOKEN_IMPL (contracts/AaveGenesisExecutor.sol#33) is not in mixedCase
Variable AaveGenesisExecutor.AAVE_INCENTIVES_VAULT_PROXY (contracts/AaveGenesisExecutor.sol#34) is not in mixedCase
Variable AaveGenesisExecutor.AAVE_INCENTIVES_VAULT_IMPL (contracts/AaveGenesisExecutor.sol#35) is not in mixedCase
Variable AaveGenesisExecutor.STAKED_AAVE_PROXY (contracts/AaveGenesisExecutor.sol#36) is not in mixedCase
Variable AaveGenesisExecutor.AAVE_ALLOWANCE_FOR_STAKE (contracts/AaveGenesisExecutor.sol#42) is not in mixedCase
Variable AaveGenesisProposalPayload.ACTIVATION_BLOCK_DELAY (contracts/AaveGenesisProposalPayload.sol#27) is not in mixedCase
Variable AaveGenesisProposalPayload.AAVE_GENESIS_EXECUTOR (contracts/AaveGenesisProposalPayload.sol#30) is not in mixedCase
Variable AaveGenesisProposalPayload.ASSET_VOTING_WEIGHT_PROVIDER (contracts/AaveGenesisProposalPayload.sol#33) is not in mixedCase
Variable AaveGenesisProposalPayload.LEND_TO_AAVE_MIGRATOR_PROXY (contracts/AaveGenesisProposalPayload.sol#37) is not in mixedCase
Variable AaveGenesisProposalPayload.AAVE_TOKEN_PROXY (contracts/AaveGenesisProposalPayload.sol#38) is not in mixedCase
Variable AaveGenesisProposalPayload.AAVE_INCENTIVES_VAULT_PROXY (contracts/AaveGenesisProposalPayload.sol#39) is not in mixedCase
Variable AaveGenesisProposalPayload.STAKED_AAVE_PROXY (contracts/AaveGenesisProposalPayload.sol#40) is not in mixedCase
Variable AaveGenesisProposalPayload.LEND_VOTE_STRATEGY_TOKEN (contracts/AaveGenesisProposalPayload.sol#43) is not in mixedCase
Variable AaveGenesisProposalPayload.AAVE_VOTE_STRATEGY_TOKEN (contracts/AaveGenesisProposalPayload.sol#46) is not in mixedCase
Variable AaveVoteStrategyToken.AAVE (contracts/AaveVoteStrategyToken.sol#17) is not in mixedCase
Variable AaveVoteStrategyToken.STKAAVE (contracts/AaveVoteStrategyToken.sol#18) is not in mixedCase
Variable LendVoteStrategyToken.LEND (contracts/LendVoteStrategyToken.sol#17) is not in mixedCase
Variable LendVoteStrategyToken.ALEND (contracts/LendVoteStrategyToken.sol#18) is not in mixedCase
Parameter InitializableAdminUpgradeabilityProxy.initialize(address,address,bytes)._logic (contracts/libs/InitializableAdminUpgradeabilityProxy.sol#26) is not in mixedCase
Parameter InitializableAdminUpgradeabilityProxy.initialize(address,address,bytes)._admin (contracts/libs/InitializableAdminUpgradeabilityProxy.sol#27) is not in mixedCase
Parameter InitializableAdminUpgradeabilityProxy.initialize(address,address,bytes)._data (contracts/libs/InitializableAdminUpgradeabilityProxy.sol#28) is not in mixedCase
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (contracts/libs/InitializableUpgradeabilityProxy.sol#20) is not in mixedCase
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._data (contracts/libs/InitializableUpgradeabilityProxy.sol#20) is not in mixedCase
Variable VersionedInitializable.______gap (contracts/libs/VersionedInitializable.sol#41) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions�[0m
�[92m
Redundant expression "this (contracts/libs/Context.sol#20)" inContext (contracts/libs/Context.sol#14-23)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#redundant-statements�[0m
�[92m
VersionedInitializable.______gap (contracts/libs/VersionedInitializable.sol#41) is never used in AaveIncentivesVault (contracts/AaveIncentivesVault.sol#14-41)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unused-state-variable�[0m
�[92m
name() should be declared external:
- ERC20.name() (contracts/libs/ERC20.sol#37-39)
symbol() should be declared external:
- ERC20.symbol() (contracts/libs/ERC20.sol#44-46)
decimals() should be declared external:
- ERC20.decimals() (contracts/libs/ERC20.sol#51-53)
totalSupply() should be declared external:
- ERC20.totalSupply() (contracts/libs/ERC20.sol#58-60)
balanceOf(address) should be declared external:
- ERC20.balanceOf(address) (contracts/libs/ERC20.sol#65-67)
transfer(address,uint256) should be declared external:
- ERC20.transfer(address,uint256) (contracts/libs/ERC20.sol#75-78)
allowance(address,address) should be declared external:
- ERC20.allowance(address,address) (contracts/libs/ERC20.sol#86-94)
approve(address,uint256) should be declared external:
- ERC20.approve(address,uint256) (contracts/libs/ERC20.sol#101-104)
transferFrom(address,address,uint256) should be declared external:
- ERC20.transferFrom(address,address,uint256) (contracts/libs/ERC20.sol#113-125)
increaseAllowance(address,uint256) should be declared external:
- ERC20.increaseAllowance(address,uint256) (contracts/libs/ERC20.sol#133-136)
decreaseAllowance(address,uint256) should be declared external:
- ERC20.decreaseAllowance(address,uint256) (contracts/libs/ERC20.sol#144-158)
initialize(address,address,bytes) should be declared external:
- InitializableAdminUpgradeabilityProxy.initialize(address,address,bytes) (contracts/libs/InitializableAdminUpgradeabilityProxy.sol#25-34)
mint(uint256) should be declared external:
- MintableErc20.mint(uint256) (contracts/mocks/MintableErc20.sol#22-25)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#public-function-that-could-be-declared-external�[0m
0x25F2226B597E8F9514B3F68F00f494cF4f286491 analyzed (30 contracts with 78 detectors), 85 result(s) found
- Slither report for AaveEcosystemReserveController at
0x3d569673dAa0575c936c7c67c4E6AedA69CC630C
View report for AaveEcosystemReserveController at `0x3d569673dAa0575c936c7c67c4E6AedA69CC630C`
�[92m
Context._msgData() (crytic-export/etherscan-contracts/0x3d569673dAa0575c936c7c67c4E6AedA69CC630C-AaveEcosystemReserveController.sol#27-29) is never used and should be removed
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dead-code�[0m
�[92m
Pragma version0.8.11 (crytic-export/etherscan-contracts/0x3d569673dAa0575c936c7c67c4E6AedA69CC630C-AaveEcosystemReserveController.sol#2) necessitates a version too recent to be trusted. Consider deploying with 0.6.12/0.7.6/0.8.7
solc-0.8.11 is not recommended for deployment
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-versions-of-solidity�[0m
�[92m
Function IAdminControlledEcosystemReserve.ETH_MOCK_ADDRESS() (crytic-export/etherscan-contracts/0x3d569673dAa0575c936c7c67c4E6AedA69CC630C-AaveEcosystemReserveController.sol#263) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions�[0m
�[92m
renounceOwnership() should be declared external:
- Ownable.renounceOwnership() (crytic-export/etherscan-contracts/0x3d569673dAa0575c936c7c67c4E6AedA69CC630C-AaveEcosystemReserveController.sol#81-83)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#public-function-that-could-be-declared-external�[0m
0x3d569673dAa0575c936c7c67c4E6AedA69CC630C analyzed (7 contracts with 78 detectors), 5 result(s) found
- Slither report for OtcEscrowApprovals at
0x5AE986d7ca23fc3519daaa589E1d38d19BA42a47
View report for OtcEscrowApprovals at `0x5AE986d7ca23fc3519daaa589E1d38d19BA42a47`
Traceback (most recent call last):
File "/opt/hostedtoolcache/Python/3.10.5/x64/lib/python3.10/site-packages/slither/__main__.py", line 744, in main_impl
) = process_all(filename, args, detector_classes, printer_classes)
File "/opt/hostedtoolcache/Python/3.10.5/x64/lib/python3.10/site-packages/slither/__main__.py", line 76, in process_all
compilations = compile_all(target, **vars(args))
File "/opt/hostedtoolcache/Python/3.10.5/x64/lib/python3.10/site-packages/crytic_compile/crytic_compile.py", line 637, in compile_all
compilations.append(CryticCompile(target, **kwargs))
File "/opt/hostedtoolcache/Python/3.10.5/x64/lib/python3.10/site-packages/crytic_compile/crytic_compile.py", line 117, in __init__
self._compile(**kwargs)
File "/opt/hostedtoolcache/Python/3.10.5/x64/lib/python3.10/site-packages/crytic_compile/crytic_compile.py", line 548, in _compile
self._platform.compile(self, **kwargs)
File "/opt/hostedtoolcache/Python/3.10.5/x64/lib/python3.10/site-packages/crytic_compile/platform/etherscan.py", line 331, in compile
solc_standard_json.standalone_compile(filenames, compilation_unit, working_dir=working_dir)
File "/opt/hostedtoolcache/Python/3.10.5/x64/lib/python3.10/site-packages/crytic_compile/platform/solc_standard_json.py", line 65, in standalone_compile
targets_json = run_solc_standard_json(
File "/opt/hostedtoolcache/Python/3.10.5/x64/lib/python3.10/site-packages/crytic_compile/platform/solc_standard_json.py", line 179, in run_solc_standard_json
raise InvalidCompilation(solc_exception_str)
crytic_compile.platform.exceptions.InvalidCompilation: ParserError: ParserError: Source "@openzeppelin/contracts/token/ERC20/IERC20.sol" not found: File not found. Searched the following locations: "".
--> src/OtcEscrowApprovals.sol:4:1:
|
4 | import "@openzeppelin/contracts/token/ERC20/IERC20.sol";
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
ParserError: ParserError: Source "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol" not found: File not found. Searched the following locations: "".
--> src/OtcEscrowApprovals.sol:5:1:
|
5 | import "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol";
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
None
Error in 0x5AE986d7ca23fc3519daaa589E1d38d19BA42a47
Traceback (most recent call last):
File "/opt/hostedtoolcache/Python/3.10.5/x64/lib/python3.10/site-packages/slither/__main__.py", line 744, in main_impl
) = process_all(filename, args, detector_classes, printer_classes)
File "/opt/hostedtoolcache/Python/3.10.5/x64/lib/python3.10/site-packages/slither/__main__.py", line 76, in process_all
compilations = compile_all(target, **vars(args))
File "/opt/hostedtoolcache/Python/3.10.5/x64/lib/python3.10/site-packages/crytic_compile/crytic_compile.py", line 637, in compile_all
compilations.append(CryticCompile(target, **kwargs))
File "/opt/hostedtoolcache/Python/3.10.5/x64/lib/python3.10/site-packages/crytic_compile/crytic_compile.py", line 117, in __init__
self._compile(**kwargs)
File "/opt/hostedtoolcache/Python/3.10.5/x64/lib/python3.10/site-packages/crytic_compile/crytic_compile.py", line 548, in _compile
self._platform.compile(self, **kwargs)
File "/opt/hostedtoolcache/Python/3.10.5/x64/lib/python3.10/site-packages/crytic_compile/platform/etherscan.py", line 331, in compile
solc_standard_json.standalone_compile(filenames, compilation_unit, working_dir=working_dir)
File "/opt/hostedtoolcache/Python/3.10.5/x64/lib/python3.10/site-packages/crytic_compile/platform/solc_standard_json.py", line 65, in standalone_compile
targets_json = run_solc_standard_json(
File "/opt/hostedtoolcache/Python/3.10.5/x64/lib/python3.10/site-packages/crytic_compile/platform/solc_standard_json.py", line 179, in run_solc_standard_json
raise InvalidCompilation(solc_exception_str)
crytic_compile.platform.exceptions.InvalidCompilation: ParserError: ParserError: Source "@openzeppelin/contracts/token/ERC20/IERC20.sol" not found: File not found. Searched the following locations: "".
--> src/OtcEscrowApprovals.sol:4:1:
|
4 | import "@openzeppelin/contracts/token/ERC20/IERC20.sol";
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
ParserError: ParserError: Source "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol" not found: File not found. Searched the following locations: "".
--> src/OtcEscrowApprovals.sol:5:1:
|
5 | import "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol";
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- Slither report for InitializableAdminUpgradeabilityProxy at
0x7Fc66500c84A76Ad7e9c93437bFc5Ac33E2DDaE9with implementation AaveTokenV2 (Aave Token) at0xC13eac3B4F9EED480045113B7af00F7B5655Ece8
View report for InitializableAdminUpgradeabilityProxy at `0x7Fc66500c84A76Ad7e9c93437bFc5Ac33E2DDaE9` with implementation AaveTokenV2 (Aave Token) at `0xC13eac3B4F9EED480045113B7af00F7B5655Ece8`
Warning: contracts/open-zeppelin/Address.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/BaseUpgradeabilityProxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/Proxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/SafeMath.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/UpgradeabilityProxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol:13:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract BaseAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/open-zeppelin/Proxy.sol:15:3: The payable fallback function is defined here.
fallback () payable external {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/open-zeppelin/Proxy.sol:15:3: The payable fallback function is defined here.
fallback () payable external {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/open-zeppelin/InitializableAdminUpgradeabilityProxy.sol:12:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableAdminUpgradeabilityProxy is BaseAdminUpgradeabilityProxy, InitializableUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/open-zeppelin/Proxy.sol:15:3: The payable fallback function is defined here.
fallback () payable external {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/utils/MockTransferHook.sol:9:25: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function onTransfer(address from, address to, uint256 amount) external override {
^----------^
Warning: contracts/utils/MockTransferHook.sol:9:39: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function onTransfer(address from, address to, uint256 amount) external override {
^--------^
Warning: contracts/utils/MockTransferHook.sol:9:51: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function onTransfer(address from, address to, uint256 amount) external override {
^------------^
�[91m
InitializableUpgradeabilityProxy.initialize(address,bytes) (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#20-28) uses delegatecall to a input-controlled function id
- (success) = _logic.delegatecall(_data) (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#25)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#controlled-delegatecall�[0m
�[91m
LendToAaveMigrator.migrateFromLEND(uint256) (contracts/token/LendToAaveMigrator.sol#61-68) ignores return value by LEND.transferFrom(msg.sender,address(this),amount) (contracts/token/LendToAaveMigrator.sol#65)
LendToAaveMigrator.migrateFromLEND(uint256) (contracts/token/LendToAaveMigrator.sol#61-68) ignores return value by AAVE.transfer(msg.sender,amount.div(LEND_AAVE_RATIO)) (contracts/token/LendToAaveMigrator.sol#66)
DoubleTransferHelper.doubleSend(address,uint256,uint256) (contracts/utils/DoubleTransferHelper.sol#14-17) ignores return value by AAVE.transfer(to,amount1) (contracts/utils/DoubleTransferHelper.sol#15)
DoubleTransferHelper.doubleSend(address,uint256,uint256) (contracts/utils/DoubleTransferHelper.sol#14-17) ignores return value by AAVE.transfer(to,amount2) (contracts/utils/DoubleTransferHelper.sol#16)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unchecked-transfer�[0m
�[93m
AaveToken._writeSnapshot(address,uint128,uint128) (contracts/token/AaveToken.sol#138-153) uses a dangerous strict equality:
- ownerCountOfSnapshots != 0 && snapshotsOwner[ownerCountOfSnapshots.sub(1)].blockNumber == currentBlock (contracts/token/AaveToken.sol#145)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dangerous-strict-equalities�[0m
�[93m
Reentrancy in AaveToken.initialize(address,address,ITransferHook) (contracts/token/AaveToken.sol#59-85):
External calls:
- _mint(migrator,MIGRATION_AMOUNT) (contracts/token/AaveToken.sol#83)
- aaveGovernance.onTransfer(from,to,amount) (contracts/token/AaveToken.sol#181)
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
- aaveGovernance.onTransfer(from,to,amount) (contracts/token/AaveToken.sol#181)
State variables written after the call(s):
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
- _balances[account] = _balances[account].add(amount) (contracts/open-zeppelin/ERC20.sol#235)
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
- _countsSnapshots[owner] = ownerCountOfSnapshots.add(1) (contracts/token/AaveToken.sol#149)
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
- snapshotsOwner[ownerCountOfSnapshots.sub(1)].value = newValue (contracts/token/AaveToken.sol#146)
- snapshotsOwner[ownerCountOfSnapshots] = Snapshot(currentBlock,newValue) (contracts/token/AaveToken.sol#148)
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
- _totalSupply = _totalSupply.add(amount) (contracts/open-zeppelin/ERC20.sol#234)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-1�[0m
�[92m
ERC20.constructor(string,string).name (contracts/open-zeppelin/ERC20.sol#57) shadows:
- ERC20.name() (contracts/open-zeppelin/ERC20.sol#66-68) (function)
ERC20.constructor(string,string).symbol (contracts/open-zeppelin/ERC20.sol#57) shadows:
- ERC20.symbol() (contracts/open-zeppelin/ERC20.sol#74-76) (function)
InitializableAdminUpgradeabilityProxy.initialize(address,address,bytes)._admin (contracts/open-zeppelin/InitializableAdminUpgradeabilityProxy.sol#22) shadows:
- BaseAdminUpgradeabilityProxy._admin() (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#94-99) (function)
MintableErc20.constructor(string,string,uint8).name (contracts/utils/MintableErc20.sol#11) shadows:
- ERC20.name() (contracts/open-zeppelin/ERC20.sol#66-68) (function)
MintableErc20.constructor(string,string,uint8).symbol (contracts/utils/MintableErc20.sol#11) shadows:
- ERC20.symbol() (contracts/open-zeppelin/ERC20.sol#74-76) (function)
MintableErc20.constructor(string,string,uint8).decimals (contracts/utils/MintableErc20.sol#11) shadows:
- ERC20.decimals() (contracts/open-zeppelin/ERC20.sol#91-93) (function)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#local-variable-shadowing�[0m
�[92m
InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#20) lacks a zero-check on :
- (success) = _logic.delegatecall(_data) (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#25)
BaseAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes).newImplementation (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#85) lacks a zero-check on :
- (success) = newImplementation.delegatecall(data) (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#87)
UpgradeabilityProxy.constructor(address,bytes)._logic (contracts/open-zeppelin/UpgradeabilityProxy.sol#19) lacks a zero-check on :
- (success) = _logic.delegatecall(_data) (contracts/open-zeppelin/UpgradeabilityProxy.sol#23)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-zero-address-validation�[0m
�[92m
Modifier BaseAdminUpgradeabilityProxy.ifAdmin() (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#34-40) does not always execute _; or revertReference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-modifier�[0m
�[92m
Reentrancy in AaveToken.initialize(address,address,ITransferHook) (contracts/token/AaveToken.sol#59-85):
External calls:
- _mint(migrator,MIGRATION_AMOUNT) (contracts/token/AaveToken.sol#83)
- aaveGovernance.onTransfer(from,to,amount) (contracts/token/AaveToken.sol#181)
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
- aaveGovernance.onTransfer(from,to,amount) (contracts/token/AaveToken.sol#181)
Event emitted after the call(s):
- SnapshotDone(owner,oldValue,newValue) (contracts/token/AaveToken.sol#152)
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
- Transfer(address(0),account,amount) (contracts/open-zeppelin/ERC20.sol#236)
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
Reentrancy in LendToAaveMigrator.migrateFromLEND(uint256) (contracts/token/LendToAaveMigrator.sol#61-68):
External calls:
- LEND.transferFrom(msg.sender,address(this),amount) (contracts/token/LendToAaveMigrator.sol#65)
- AAVE.transfer(msg.sender,amount.div(LEND_AAVE_RATIO)) (contracts/token/LendToAaveMigrator.sol#66)
Event emitted after the call(s):
- LendMigrated(msg.sender,amount) (contracts/token/LendToAaveMigrator.sol#67)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-3�[0m
�[92m
AaveToken.permit(address,address,uint256,uint256,uint8,bytes32,bytes32) (contracts/token/AaveToken.sol#98-123) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(block.timestamp <= deadline,INVALID_EXPIRATION) (contracts/token/AaveToken.sol#109)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#block-timestamp�[0m
�[92m
Address.isContract(address) (contracts/open-zeppelin/Address.sol#24-33) uses assembly
- INLINE ASM (contracts/open-zeppelin/Address.sol#31)
BaseAdminUpgradeabilityProxy._admin() (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#94-99) uses assembly
- INLINE ASM (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#96-98)
BaseAdminUpgradeabilityProxy._setAdmin(address) (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#105-111) uses assembly
- INLINE ASM (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#108-110)
BaseUpgradeabilityProxy._implementation() (contracts/open-zeppelin/BaseUpgradeabilityProxy.sol#30-35) uses assembly
- INLINE ASM (contracts/open-zeppelin/BaseUpgradeabilityProxy.sol#32-34)
BaseUpgradeabilityProxy._setImplementation(address) (contracts/open-zeppelin/BaseUpgradeabilityProxy.sol#50-58) uses assembly
- INLINE ASM (contracts/open-zeppelin/BaseUpgradeabilityProxy.sol#55-57)
Proxy._delegate(address) (contracts/open-zeppelin/Proxy.sol#30-49) uses assembly
- INLINE ASM (contracts/open-zeppelin/Proxy.sol#31-48)
AaveToken.initialize(address,address,ITransferHook) (contracts/token/AaveToken.sol#59-85) uses assembly
- INLINE ASM (contracts/token/AaveToken.sol#68-70)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage�[0m
�[92m
Different versions of Solidity are used:
- Version used: ['0.6.10', '^0.6.0', '^0.6.10', '^0.6.2']
- 0.6.10 (contracts/interfaces/IERC20.sol#2)
- 0.6.10 (contracts/interfaces/IERC20Detailed.sol#2)
- 0.6.10 (contracts/interfaces/ITransferHook.sol#2)
- ^0.6.2 (contracts/open-zeppelin/Address.sol#1)
- ^0.6.0 (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#1)
- ^0.6.0 (contracts/open-zeppelin/BaseUpgradeabilityProxy.sol#1)
- ^0.6.0 (contracts/open-zeppelin/Context.sol#3)
- ^0.6.0 (contracts/open-zeppelin/ERC20.sol#3)
- ^0.6.10 (contracts/open-zeppelin/InitializableAdminUpgradeabilityProxy.sol#2)
- ^0.6.10 (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#2)
- ^0.6.0 (contracts/open-zeppelin/Proxy.sol#1)
- ^0.6.0 (contracts/open-zeppelin/SafeMath.sol#1)
- ^0.6.0 (contracts/open-zeppelin/UpgradeabilityProxy.sol#1)
- 0.6.10 (contracts/token/AaveToken.sol#2)
- 0.6.10 (contracts/token/LendToAaveMigrator.sol#2)
- 0.6.10 (contracts/utils/DoubleTransferHelper.sol#2)
- 0.6.10 (contracts/utils/MintableErc20.sol#2)
- 0.6.10 (contracts/utils/MockTransferHook.sol#2)
- 0.6.10 (contracts/utils/VersionedInitializable.sol#2)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#different-pragma-directives-are-used�[0m
�[92m
Address.sendValue(address,uint256) (contracts/open-zeppelin/Address.sol#51-57) is never used and should be removed
Context._msgData() (contracts/open-zeppelin/Context.sol#20-23) is never used and should be removed
ERC20._burn(address,uint256) (contracts/open-zeppelin/ERC20.sol#250-258) is never used and should be removed
SafeMath.mod(uint256,uint256) (contracts/open-zeppelin/SafeMath.sol#131-133) is never used and should be removed
SafeMath.mod(uint256,uint256,string) (contracts/open-zeppelin/SafeMath.sol#146-149) is never used and should be removed
SafeMath.mul(uint256,uint256) (contracts/open-zeppelin/SafeMath.sol#71-83) is never used and should be removed
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dead-code�[0m
�[92m
Pragma version0.6.10 (contracts/interfaces/IERC20.sol#2) allows old versions
Pragma version0.6.10 (contracts/interfaces/IERC20Detailed.sol#2) allows old versions
Pragma version0.6.10 (contracts/interfaces/ITransferHook.sol#2) allows old versions
Pragma version^0.6.2 (contracts/open-zeppelin/Address.sol#1) allows old versions
Pragma version^0.6.0 (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#1) allows old versions
Pragma version^0.6.0 (contracts/open-zeppelin/BaseUpgradeabilityProxy.sol#1) allows old versions
Pragma version^0.6.0 (contracts/open-zeppelin/Context.sol#3) allows old versions
Pragma version^0.6.0 (contracts/open-zeppelin/ERC20.sol#3) allows old versions
Pragma version^0.6.10 (contracts/open-zeppelin/InitializableAdminUpgradeabilityProxy.sol#2) allows old versions
Pragma version^0.6.10 (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#2) allows old versions
Pragma version^0.6.0 (contracts/open-zeppelin/Proxy.sol#1) allows old versions
Pragma version^0.6.0 (contracts/open-zeppelin/SafeMath.sol#1) allows old versions
Pragma version^0.6.0 (contracts/open-zeppelin/UpgradeabilityProxy.sol#1) allows old versions
Pragma version0.6.10 (contracts/token/AaveToken.sol#2) allows old versions
Pragma version0.6.10 (contracts/token/LendToAaveMigrator.sol#2) allows old versions
Pragma version0.6.10 (contracts/utils/DoubleTransferHelper.sol#2) allows old versions
Pragma version0.6.10 (contracts/utils/MintableErc20.sol#2) allows old versions
Pragma version0.6.10 (contracts/utils/MockTransferHook.sol#2) allows old versions
Pragma version0.6.10 (contracts/utils/VersionedInitializable.sol#2) allows old versions
solc-0.6.10 is not recommended for deployment
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-versions-of-solidity�[0m
�[92m
Low level call in Address.sendValue(address,uint256) (contracts/open-zeppelin/Address.sol#51-57):
- (success) = recipient.call{value: amount}() (contracts/open-zeppelin/Address.sol#55)
Low level call in BaseAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes) (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#85-89):
- (success) = newImplementation.delegatecall(data) (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#87)
Low level call in InitializableUpgradeabilityProxy.initialize(address,bytes) (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#20-28):
- (success) = _logic.delegatecall(_data) (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#25)
Low level call in UpgradeabilityProxy.constructor(address,bytes) (contracts/open-zeppelin/UpgradeabilityProxy.sol#19-26):
- (success) = _logic.delegatecall(_data) (contracts/open-zeppelin/UpgradeabilityProxy.sol#23)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls�[0m
�[92m
DoubleTransferHelper (contracts/utils/DoubleTransferHelper.sol#6-19) should inherit from VersionedInitializable (contracts/utils/VersionedInitializable.sol#18-44)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-inheritance�[0m
�[92m
Variable ERC20._name (contracts/open-zeppelin/ERC20.sol#44) is not in mixedCase
Variable ERC20._symbol (contracts/open-zeppelin/ERC20.sol#45) is not in mixedCase
Parameter InitializableAdminUpgradeabilityProxy.initialize(address,address,bytes)._logic (contracts/open-zeppelin/InitializableAdminUpgradeabilityProxy.sol#22) is not in mixedCase
Parameter InitializableAdminUpgradeabilityProxy.initialize(address,address,bytes)._admin (contracts/open-zeppelin/InitializableAdminUpgradeabilityProxy.sol#22) is not in mixedCase
Parameter InitializableAdminUpgradeabilityProxy.initialize(address,address,bytes)._data (contracts/open-zeppelin/InitializableAdminUpgradeabilityProxy.sol#22) is not in mixedCase
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#20) is not in mixedCase
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._data (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#20) is not in mixedCase
Variable AaveToken._nonces (contracts/token/AaveToken.sol#34) is not in mixedCase
Variable AaveToken._snapshots (contracts/token/AaveToken.sol#36) is not in mixedCase
Variable AaveToken._countsSnapshots (contracts/token/AaveToken.sol#38) is not in mixedCase
Variable AaveToken._aaveGovernance (contracts/token/AaveToken.sol#43) is not in mixedCase
Variable AaveToken.DOMAIN_SEPARATOR (contracts/token/AaveToken.sol#45) is not in mixedCase
Variable LendToAaveMigrator.AAVE (contracts/token/LendToAaveMigrator.sol#17) is not in mixedCase
Variable LendToAaveMigrator.LEND (contracts/token/LendToAaveMigrator.sol#18) is not in mixedCase
Variable LendToAaveMigrator.LEND_AAVE_RATIO (contracts/token/LendToAaveMigrator.sol#19) is not in mixedCase
Variable LendToAaveMigrator._totalLendMigrated (contracts/token/LendToAaveMigrator.sol#22) is not in mixedCase
Variable DoubleTransferHelper.AAVE (contracts/utils/DoubleTransferHelper.sol#8) is not in mixedCase
Variable VersionedInitializable.______gap (contracts/utils/VersionedInitializable.sol#43) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions�[0m
�[92m
Redundant expression "this (contracts/open-zeppelin/Context.sol#21)" inContext (contracts/open-zeppelin/Context.sol#15-25)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#redundant-statements�[0m
�[92m
AaveToken.slitherConstructorConstantVariables() (contracts/token/AaveToken.sol#13-185) uses literals with too many digits:
- MIGRATION_AMOUNT = 13000000000000000000000000 (contracts/token/AaveToken.sol#26)
AaveToken.slitherConstructorConstantVariables() (contracts/token/AaveToken.sol#13-185) uses literals with too many digits:
- DISTRIBUTION_AMOUNT = 3000000000000000000000000 (contracts/token/AaveToken.sol#29)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#too-many-digits�[0m
�[92m
VersionedInitializable.______gap (contracts/utils/VersionedInitializable.sol#43) is never used in AaveToken (contracts/token/AaveToken.sol#13-185)
VersionedInitializable.______gap (contracts/utils/VersionedInitializable.sol#43) is never used in LendToAaveMigrator (contracts/token/LendToAaveMigrator.sol#14-79)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unused-state-variable�[0m
�[92m
name() should be declared external:
- ERC20.name() (contracts/open-zeppelin/ERC20.sol#66-68)
symbol() should be declared external:
- ERC20.symbol() (contracts/open-zeppelin/ERC20.sol#74-76)
decimals() should be declared external:
- ERC20.decimals() (contracts/open-zeppelin/ERC20.sol#91-93)
totalSupply() should be declared external:
- ERC20.totalSupply() (contracts/open-zeppelin/ERC20.sol#98-100)
transfer(address,uint256) should be declared external:
- ERC20.transfer(address,uint256) (contracts/open-zeppelin/ERC20.sol#117-120)
allowance(address,address) should be declared external:
- ERC20.allowance(address,address) (contracts/open-zeppelin/ERC20.sol#125-127)
approve(address,uint256) should be declared external:
- ERC20.approve(address,uint256) (contracts/open-zeppelin/ERC20.sol#136-139)
transferFrom(address,address,uint256) should be declared external:
- ERC20.transferFrom(address,address,uint256) (contracts/open-zeppelin/ERC20.sol#153-157)
increaseAllowance(address,uint256) should be declared external:
- ERC20.increaseAllowance(address,uint256) (contracts/open-zeppelin/ERC20.sol#171-174)
decreaseAllowance(address,uint256) should be declared external:
- ERC20.decreaseAllowance(address,uint256) (contracts/open-zeppelin/ERC20.sol#190-193)
initialize(address,address,bytes) should be declared external:
- InitializableAdminUpgradeabilityProxy.initialize(address,address,bytes) (contracts/open-zeppelin/InitializableAdminUpgradeabilityProxy.sol#22-27)
initialize() should be declared external:
- LendToAaveMigrator.initialize() (contracts/token/LendToAaveMigrator.sol#45-46)
mint(uint256) should be declared external:
- MintableErc20.mint(uint256) (contracts/utils/MintableErc20.sol#19-22)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#public-function-that-could-be-declared-external�[0m
0x7Fc66500c84A76Ad7e9c93437bFc5Ac33E2DDaE9 analyzed (19 contracts with 78 detectors), 95 result(s) found
- Slither report for GovernanceStrategy at
0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e
View report for GovernanceStrategy at `0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e`
�[92m
GovernanceStrategy.constructor(address,address).aave (crytic-export/etherscan-contracts/0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e-GovernanceStrategy.sol#78) lacks a zero-check on :
- AAVE = aave (crytic-export/etherscan-contracts/0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e-GovernanceStrategy.sol#79)
GovernanceStrategy.constructor(address,address).stkAave (crytic-export/etherscan-contracts/0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e-GovernanceStrategy.sol#78) lacks a zero-check on :
- STK_AAVE = stkAave (crytic-export/etherscan-contracts/0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e-GovernanceStrategy.sol#80)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-zero-address-validation�[0m
�[92m
Variable GovernanceStrategy.AAVE (crytic-export/etherscan-contracts/0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e-GovernanceStrategy.sol#70) is not in mixedCase
Variable GovernanceStrategy.STK_AAVE (crytic-export/etherscan-contracts/0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e-GovernanceStrategy.sol#71) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions�[0m
�[92m
getTotalVotingSupplyAt(uint256) should be declared external:
- GovernanceStrategy.getTotalVotingSupplyAt(uint256) (crytic-export/etherscan-contracts/0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e-GovernanceStrategy.sol#101-103)
getPropositionPowerAt(address,uint256) should be declared external:
- GovernanceStrategy.getPropositionPowerAt(address,uint256) (crytic-export/etherscan-contracts/0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e-GovernanceStrategy.sol#111-123)
getVotingPowerAt(address,uint256) should be declared external:
- GovernanceStrategy.getVotingPowerAt(address,uint256) (crytic-export/etherscan-contracts/0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e-GovernanceStrategy.sol#131-143)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#public-function-that-could-be-declared-external�[0m
0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e analyzed (4 contracts with 78 detectors), 7 result(s) found
- Slither report for BalancerGovernanceToken (Balancer) at
0xba100000625a3754423978a60c9317c58a424e3D
View report for BalancerGovernanceToken (Balancer) at `0xba100000625a3754423978a60c9317c58a424e3D`
�[92m
ERC20.constructor(string,string).name (crytic-export/etherscan-contracts/0xba100000625a3754423978a60c9317c58a424e3D-BalancerGovernanceToken.sol#955) shadows:
- ERC20.name() (crytic-export/etherscan-contracts/0xba100000625a3754423978a60c9317c58a424e3D-BalancerGovernanceToken.sol#964-966) (function)
ERC20.constructor(string,string).symbol (crytic-export/etherscan-contracts/0xba100000625a3754423978a60c9317c58a424e3D-BalancerGovernanceToken.sol#955) shadows:
- ERC20.symbol() (crytic-export/etherscan-contracts/0xba100000625a3754423978a60c9317c58a424e3D-BalancerGovernanceToken.sol#972-974) (function)
BalancerGovernanceToken.constructor(string,string).name (crytic-export/etherscan-contracts/0xba100000625a3754423978a60c9317c58a424e3D-BalancerGovernanceToken.sol#1410) shadows:
- ERC20.name() (crytic-export/etherscan-contracts/0xba100000625a3754423978a60c9317c58a424e3D-BalancerGovernanceToken.sol#964-966) (function)
BalancerGovernanceToken.constructor(string,string).symbol (crytic-export/etherscan-contracts/0xba100000625a3754423978a60c9317c58a424e3D-BalancerGovernanceToken.sol#1410) shadows:
- ERC20.symbol() (crytic-export/etherscan-contracts/0xba100000625a3754423978a60c9317c58a424e3D-BalancerGovernanceToken.sol#972-974) (function)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#local-variable-shadowing�[0m
�[92m
BalancerGovernanceToken.permit(address,address,uint256,uint256,uint8,bytes32,bytes32) (crytic-export/etherscan-contracts/0xba100000625a3754423978a60c9317c58a424e3D-BalancerGovernanceToken.sol#1435-1446) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(block.timestamp <= deadline,ERR_EXPIRED_SIG) (crytic-export/etherscan-contracts/0xba100000625a3754423978a60c9317c58a424e3D-BalancerGovernanceToken.sol#1436)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#block-timestamp�[0m
�[92m
Address.isContract(address) (crytic-export/etherscan-contracts/0xba100000625a3754423978a60c9317c58a424e3D-BalancerGovernanceToken.sol#273-282) uses assembly
- INLINE ASM (crytic-export/etherscan-contracts/0xba100000625a3754423978a60c9317c58a424e3D-BalancerGovernanceToken.sol#280)
BalancerGovernanceToken._chainID() (crytic-export/etherscan-contracts/0xba100000625a3754423978a60c9317c58a424e3D-BalancerGovernanceToken.sol#1427-1433) uses assembly
- INLINE ASM (crytic-export/etherscan-contracts/0xba100000625a3754423978a60c9317c58a424e3D-BalancerGovernanceToken.sol#1429-1431)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage�[0m
�[92m
Different versions of Solidity are used:
- Version used: ['=0.6.8', '^0.6.0', '^0.6.2']
- ^0.6.0 (crytic-export/etherscan-contracts/0xba100000625a3754423978a60c9317c58a424e3D-BalancerGovernanceToken.sol#5)
- ^0.6.2 (crytic-export/etherscan-contracts/0xba100000625a3754423978a60c9317c58a424e3D-BalancerGovernanceToken.sol#250)
- ^0.6.0 (crytic-export/etherscan-contracts/0xba100000625a3754423978a60c9317c58a424e3D-BalancerGovernanceToken.sol#312)
- ^0.6.0 (crytic-export/etherscan-contracts/0xba100000625a3754423978a60c9317c58a424e3D-BalancerGovernanceToken.sol#342)
- ^0.6.0 (crytic-export/etherscan-contracts/0xba100000625a3754423978a60c9317c58a424e3D-BalancerGovernanceToken.sol#547)
- ^0.6.0 (crytic-export/etherscan-contracts/0xba100000625a3754423978a60c9317c58a424e3D-BalancerGovernanceToken.sol#701)
- ^0.6.0 (crytic-export/etherscan-contracts/0xba100000625a3754423978a60c9317c58a424e3D-BalancerGovernanceToken.sol#734)
- ^0.6.0 (crytic-export/etherscan-contracts/0xba100000625a3754423978a60c9317c58a424e3D-BalancerGovernanceToken.sol#782)
- ^0.6.0 (crytic-export/etherscan-contracts/0xba100000625a3754423978a60c9317c58a424e3D-BalancerGovernanceToken.sol#823)
- ^0.6.0 (crytic-export/etherscan-contracts/0xba100000625a3754423978a60c9317c58a424e3D-BalancerGovernanceToken.sol#902)
- ^0.6.0 (crytic-export/etherscan-contracts/0xba100000625a3754423978a60c9317c58a424e3D-BalancerGovernanceToken.sol#1210)
- =0.6.8 (crytic-export/etherscan-contracts/0xba100000625a3754423978a60c9317c58a424e3D-BalancerGovernanceToken.sol#1395)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#different-pragma-directives-are-used�[0m
�[92m
AccessControl._setRoleAdmin(bytes32,bytes32) (crytic-export/etherscan-contracts/0xba100000625a3754423978a60c9317c58a424e3D-BalancerGovernanceToken.sol#527-529) is never used and should be removed
Address.isContract(address) (crytic-export/etherscan-contracts/0xba100000625a3754423978a60c9317c58a424e3D-BalancerGovernanceToken.sol#273-282) is never used and should be removed
Address.sendValue(address,uint256) (crytic-export/etherscan-contracts/0xba100000625a3754423978a60c9317c58a424e3D-BalancerGovernanceToken.sol#300-306) is never used and should be removed
Context._msgData() (crytic-export/etherscan-contracts/0xba100000625a3754423978a60c9317c58a424e3D-BalancerGovernanceToken.sol#333-336) is never used and should be removed
Counters.decrement(Counters.Counter) (crytic-export/etherscan-contracts/0xba100000625a3754423978a60c9317c58a424e3D-BalancerGovernanceToken.sol#815-817) is never used and should be removed
ERC20._setupDecimals(uint8) (crytic-export/etherscan-contracts/0xba100000625a3754423978a60c9317c58a424e3D-BalancerGovernanceToken.sol#1186-1188) is never used and should be removed
EnumerableSet.add(EnumerableSet.UintSet,uint256) (crytic-export/etherscan-contracts/0xba100000625a3754423978a60c9317c58a424e3D-BalancerGovernanceToken.sol#204-206) is never used and should be removed
EnumerableSet.at(EnumerableSet.UintSet,uint256) (crytic-export/etherscan-contracts/0xba100000625a3754423978a60c9317c58a424e3D-BalancerGovernanceToken.sol#242-244) is never used and should be removed
EnumerableSet.contains(EnumerableSet.UintSet,uint256) (crytic-export/etherscan-contracts/0xba100000625a3754423978a60c9317c58a424e3D-BalancerGovernanceToken.sol#221-223) is never used and should be removed
EnumerableSet.length(EnumerableSet.UintSet) (crytic-export/etherscan-contracts/0xba100000625a3754423978a60c9317c58a424e3D-BalancerGovernanceToken.sol#228-230) is never used and should be removed
EnumerableSet.remove(EnumerableSet.UintSet,uint256) (crytic-export/etherscan-contracts/0xba100000625a3754423978a60c9317c58a424e3D-BalancerGovernanceToken.sol#214-216) is never used and should be removed
Math.max(uint256,uint256) (crytic-export/etherscan-contracts/0xba100000625a3754423978a60c9317c58a424e3D-BalancerGovernanceToken.sol#710-712) is never used and should be removed
Math.min(uint256,uint256) (crytic-export/etherscan-contracts/0xba100000625a3754423978a60c9317c58a424e3D-BalancerGovernanceToken.sol#717-719) is never used and should be removed
SafeMath.div(uint256,uint256) (crytic-export/etherscan-contracts/0xba100000625a3754423978a60c9317c58a424e3D-BalancerGovernanceToken.sol#642-644) is never used and should be removed
SafeMath.div(uint256,uint256,string) (crytic-export/etherscan-contracts/0xba100000625a3754423978a60c9317c58a424e3D-BalancerGovernanceToken.sol#657-664) is never used and should be removed
SafeMath.mod(uint256,uint256) (crytic-export/etherscan-contracts/0xba100000625a3754423978a60c9317c58a424e3D-BalancerGovernanceToken.sol#677-679) is never used and should be removed
SafeMath.mod(uint256,uint256,string) (crytic-export/etherscan-contracts/0xba100000625a3754423978a60c9317c58a424e3D-BalancerGovernanceToken.sol#692-695) is never used and should be removed
SafeMath.mul(uint256,uint256) (crytic-export/etherscan-contracts/0xba100000625a3754423978a60c9317c58a424e3D-BalancerGovernanceToken.sol#617-629) is never used and should be removed
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dead-code�[0m
�[92m
Pragma version^0.6.0 (crytic-export/etherscan-contracts/0xba100000625a3754423978a60c9317c58a424e3D-BalancerGovernanceToken.sol#5) allows old versions
Pragma version^0.6.2 (crytic-export/etherscan-contracts/0xba100000625a3754423978a60c9317c58a424e3D-BalancerGovernanceToken.sol#250) allows old versions
Pragma version^0.6.0 (crytic-export/etherscan-contracts/0xba100000625a3754423978a60c9317c58a424e3D-BalancerGovernanceToken.sol#312) allows old versions
Pragma version^0.6.0 (crytic-export/etherscan-contracts/0xba100000625a3754423978a60c9317c58a424e3D-BalancerGovernanceToken.sol#342) allows old versions
Pragma version^0.6.0 (crytic-export/etherscan-contracts/0xba100000625a3754423978a60c9317c58a424e3D-BalancerGovernanceToken.sol#547) allows old versions
Pragma version^0.6.0 (crytic-export/etherscan-contracts/0xba100000625a3754423978a60c9317c58a424e3D-BalancerGovernanceToken.sol#701) allows old versions
Pragma version^0.6.0 (crytic-export/etherscan-contracts/0xba100000625a3754423978a60c9317c58a424e3D-BalancerGovernanceToken.sol#734) allows old versions
Pragma version^0.6.0 (crytic-export/etherscan-contracts/0xba100000625a3754423978a60c9317c58a424e3D-BalancerGovernanceToken.sol#782) allows old versions
Pragma version^0.6.0 (crytic-export/etherscan-contracts/0xba100000625a3754423978a60c9317c58a424e3D-BalancerGovernanceToken.sol#823) allows old versions
Pragma version^0.6.0 (crytic-export/etherscan-contracts/0xba100000625a3754423978a60c9317c58a424e3D-BalancerGovernanceToken.sol#902) allows old versions
Pragma version^0.6.0 (crytic-export/etherscan-contracts/0xba100000625a3754423978a60c9317c58a424e3D-BalancerGovernanceToken.sol#1210) allows old versions
Pragma version=0.6.8 (crytic-export/etherscan-contracts/0xba100000625a3754423978a60c9317c58a424e3D-BalancerGovernanceToken.sol#1395) allows old versions
solc-0.6.8 is not recommended for deployment
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-versions-of-solidity�[0m
�[92m
Low level call in Address.sendValue(address,uint256) (crytic-export/etherscan-contracts/0xba100000625a3754423978a60c9317c58a424e3D-BalancerGovernanceToken.sol#300-306):
- (success) = recipient.call{value: amount}() (crytic-export/etherscan-contracts/0xba100000625a3754423978a60c9317c58a424e3D-BalancerGovernanceToken.sol#304)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls�[0m
�[92m
Constant BalancerGovernanceToken.version (crytic-export/etherscan-contracts/0xba100000625a3754423978a60c9317c58a424e3D-BalancerGovernanceToken.sol#1401) is not in UPPER_CASE_WITH_UNDERSCORES
Variable BalancerGovernanceToken.DOMAIN_SEPARATOR (crytic-export/etherscan-contracts/0xba100000625a3754423978a60c9317c58a424e3D-BalancerGovernanceToken.sol#1405) is not in mixedCase
Variable BalancerGovernanceToken.PERMIT_TYPEHASH (crytic-export/etherscan-contracts/0xba100000625a3754423978a60c9317c58a424e3D-BalancerGovernanceToken.sol#1407) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions�[0m
�[92m
Redundant expression "this (crytic-export/etherscan-contracts/0xba100000625a3754423978a60c9317c58a424e3D-BalancerGovernanceToken.sol#334)" inContext (crytic-export/etherscan-contracts/0xba100000625a3754423978a60c9317c58a424e3D-BalancerGovernanceToken.sol#324-337)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#redundant-statements�[0m
�[92m
getRoleMemberCount(bytes32) should be declared external:
- AccessControl.getRoleMemberCount(bytes32) (crytic-export/etherscan-contracts/0xba100000625a3754423978a60c9317c58a424e3D-BalancerGovernanceToken.sol#423-425)
getRoleMember(bytes32,uint256) should be declared external:
- AccessControl.getRoleMember(bytes32,uint256) (crytic-export/etherscan-contracts/0xba100000625a3754423978a60c9317c58a424e3D-BalancerGovernanceToken.sol#439-441)
getRoleAdmin(bytes32) should be declared external:
- AccessControl.getRoleAdmin(bytes32) (crytic-export/etherscan-contracts/0xba100000625a3754423978a60c9317c58a424e3D-BalancerGovernanceToken.sol#449-451)
grantRole(bytes32,address) should be declared external:
- AccessControl.grantRole(bytes32,address) (crytic-export/etherscan-contracts/0xba100000625a3754423978a60c9317c58a424e3D-BalancerGovernanceToken.sol#463-467)
revokeRole(bytes32,address) should be declared external:
- AccessControl.revokeRole(bytes32,address) (crytic-export/etherscan-contracts/0xba100000625a3754423978a60c9317c58a424e3D-BalancerGovernanceToken.sol#478-482)
renounceRole(bytes32,address) should be declared external:
- AccessControl.renounceRole(bytes32,address) (crytic-export/etherscan-contracts/0xba100000625a3754423978a60c9317c58a424e3D-BalancerGovernanceToken.sol#498-502)
name() should be declared external:
- ERC20.name() (crytic-export/etherscan-contracts/0xba100000625a3754423978a60c9317c58a424e3D-BalancerGovernanceToken.sol#964-966)
symbol() should be declared external:
- ERC20.symbol() (crytic-export/etherscan-contracts/0xba100000625a3754423978a60c9317c58a424e3D-BalancerGovernanceToken.sol#972-974)
decimals() should be declared external:
- ERC20.decimals() (crytic-export/etherscan-contracts/0xba100000625a3754423978a60c9317c58a424e3D-BalancerGovernanceToken.sol#989-991)
transfer(address,uint256) should be declared external:
- ERC20.transfer(address,uint256) (crytic-export/etherscan-contracts/0xba100000625a3754423978a60c9317c58a424e3D-BalancerGovernanceToken.sol#1015-1018)
approve(address,uint256) should be declared external:
- ERC20.approve(address,uint256) (crytic-export/etherscan-contracts/0xba100000625a3754423978a60c9317c58a424e3D-BalancerGovernanceToken.sol#1034-1037)
transferFrom(address,address,uint256) should be declared external:
- ERC20.transferFrom(address,address,uint256) (crytic-export/etherscan-contracts/0xba100000625a3754423978a60c9317c58a424e3D-BalancerGovernanceToken.sol#1051-1055)
increaseAllowance(address,uint256) should be declared external:
- ERC20.increaseAllowance(address,uint256) (crytic-export/etherscan-contracts/0xba100000625a3754423978a60c9317c58a424e3D-BalancerGovernanceToken.sol#1069-1072)
decreaseAllowance(address,uint256) should be declared external:
- ERC20.decreaseAllowance(address,uint256) (crytic-export/etherscan-contracts/0xba100000625a3754423978a60c9317c58a424e3D-BalancerGovernanceToken.sol#1088-1091)
balanceOfAt(address,uint256) should be declared external:
- ERC20Snapshot.balanceOfAt(address,uint256) (crytic-export/etherscan-contracts/0xba100000625a3754423978a60c9317c58a424e3D-BalancerGovernanceToken.sol#1298-1302)
totalSupplyAt(uint256) should be declared external:
- ERC20Snapshot.totalSupplyAt(uint256) (crytic-export/etherscan-contracts/0xba100000625a3754423978a60c9317c58a424e3D-BalancerGovernanceToken.sol#1307-1311)
mint(address,uint256) should be declared external:
- BalancerGovernanceToken.mint(address,uint256) (crytic-export/etherscan-contracts/0xba100000625a3754423978a60c9317c58a424e3D-BalancerGovernanceToken.sol#1473-1476)
burn(uint256) should be declared external:
- BalancerGovernanceToken.burn(uint256) (crytic-export/etherscan-contracts/0xba100000625a3754423978a60c9317c58a424e3D-BalancerGovernanceToken.sol#1478-1480)
burnFrom(address,uint256) should be declared external:
- BalancerGovernanceToken.burnFrom(address,uint256) (crytic-export/etherscan-contracts/0xba100000625a3754423978a60c9317c58a424e3D-BalancerGovernanceToken.sol#1482-1487)
snapshot() should be declared external:
- BalancerGovernanceToken.snapshot() (crytic-export/etherscan-contracts/0xba100000625a3754423978a60c9317c58a424e3D-BalancerGovernanceToken.sol#1489-1492)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#public-function-that-could-be-declared-external�[0m
0xba100000625a3754423978a60c9317c58a424e3D analyzed (12 contracts with 78 detectors), 64 result(s) found
- Slither report for AaveTokenV2 (Aave Token) at
0xC13eac3B4F9EED480045113B7af00F7B5655Ece8
View report for AaveTokenV2 (Aave Token) at `0xC13eac3B4F9EED480045113B7af00F7B5655Ece8`
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:453:18: Warning: This declaration shadows an existing declaration.
constructor (string memory name, string memory symbol) public {
^----------------^
crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:462:5: The shadowed declaration is here:
function name() public view returns (string memory) {
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:453:38: Warning: This declaration shadows an existing declaration.
constructor (string memory name, string memory symbol) public {
^------------------^
crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:470:5: The shadowed declaration is here:
function symbol() public view returns (string memory) {
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:35:3: Warning: Interface functions are implicitly "virtual"
function delegateByType(address delegatee, DelegationType delegationType) external virtual;
^-----------------------------------------------------------------------------------------^
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:40:3: Warning: Interface functions are implicitly "virtual"
function delegate(address delegatee) external virtual;
^----------------------------------------------------^
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:45:3: Warning: Interface functions are implicitly "virtual"
function getDelegateeByType(address delegator, DelegationType delegationType)
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:56:3: Warning: Interface functions are implicitly "virtual"
function getPowerCurrent(address user, DelegationType delegationType)
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:66:3: Warning: Interface functions are implicitly "virtual"
function getPowerAtBlock(
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:75:3: Warning: Interface functions are implicitly "virtual"
function totalSupplyAt(uint256 blockNumber) external virtual view returns (uint256);
^----------------------------------------------------------------------------------^
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:453:5: Warning: Visibility for constructor is ignored. If you want the contract to be non-deployable, making it "abstract" is sufficient.
constructor (string memory name, string memory symbol) public {
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:1161:3: Warning: Visibility for constructor is ignored. If you want the contract to be non-deployable, making it "abstract" is sufficient.
constructor() public ERC20(NAME, SYMBOL) {}
^-----------------------------------------^
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:913:26: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function totalSupplyAt(uint256 blockNumber) external override view returns (uint256) {
^-----------------^
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:1079:5: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
uint128 oldValue,
^--------------^
�[91m
AaveTokenV2._votingSnapshots (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1136) is never initialized. It is used in:
- AaveTokenV2._getDelegationDataByType(IGovernancePowerDelegationToken.DelegationType) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1253-1272)
AaveTokenV2._votingSnapshotsCounts (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1138) is never initialized. It is used in:
- AaveTokenV2._getDelegationDataByType(IGovernancePowerDelegationToken.DelegationType) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1253-1272)
AaveTokenV2._aaveGovernance (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1143) is never initialized. It is used in:
- AaveTokenV2._beforeTokenTransfer(address,address,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1221-1251)
AaveTokenV2.DOMAIN_SEPARATOR (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1145) is never initialized. It is used in:
- AaveTokenV2.permit(address,address,uint256,uint256,uint8,bytes32,bytes32) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1179-1203)
- AaveTokenV2.delegateByTypeBySig(address,IGovernancePowerDelegationToken.DelegationType,uint256,uint256,uint8,bytes32,bytes32) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1284-1302)
- AaveTokenV2.delegateBySig(address,uint256,uint256,uint8,bytes32,bytes32) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1313-1329)
AaveTokenV2._propositionPowerSnapshots (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1156) is never initialized. It is used in:
- AaveTokenV2._getDelegationDataByType(IGovernancePowerDelegationToken.DelegationType) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1253-1272)
AaveTokenV2._propositionPowerSnapshotsCounts (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1157) is never initialized. It is used in:
- AaveTokenV2._getDelegationDataByType(IGovernancePowerDelegationToken.DelegationType) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1253-1272)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#uninitialized-state-variables�[0m
�[93m
GovernancePowerDelegationERC20._searchByBlockNumber(mapping(address => mapping(uint256 => GovernancePowerDelegationERC20.Snapshot)),mapping(address => uint256),address,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1012-1050) uses a dangerous strict equality:
- snapshot.blockNumber == blockNumber (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1041)
GovernancePowerDelegationERC20._writeSnapshot(mapping(address => mapping(uint256 => GovernancePowerDelegationERC20.Snapshot)),mapping(address => uint256),address,uint128,uint128) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1075-1097) uses a dangerous strict equality:
- ownerSnapshotsCount != 0 && snapshotsOwner[ownerSnapshotsCount - 1].blockNumber == currentBlock (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1089-1090)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dangerous-strict-equalities�[0m
�[92m
ERC20.constructor(string,string).name (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#453) shadows:
- ERC20.name() (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#462-464) (function)
ERC20.constructor(string,string).symbol (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#453) shadows:
- ERC20.symbol() (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#470-472) (function)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#local-variable-shadowing�[0m
�[92m
AaveTokenV2.permit(address,address,uint256,uint256,uint8,bytes32,bytes32) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1179-1203) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(block.timestamp <= deadline,INVALID_EXPIRATION) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1190)
AaveTokenV2.delegateByTypeBySig(address,IGovernancePowerDelegationToken.DelegationType,uint256,uint256,uint8,bytes32,bytes32) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1284-1302) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(block.timestamp <= expiry,INVALID_EXPIRATION) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1300)
AaveTokenV2.delegateBySig(address,uint256,uint256,uint8,bytes32,bytes32) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1313-1329) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(block.timestamp <= expiry,INVALID_EXPIRATION) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1326)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#block-timestamp�[0m
�[92m
Address.isContract(address) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#368-379) uses assembly
- INLINE ASM (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#375-377)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage�[0m
�[92m
Address.isContract(address) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#368-379) is never used and should be removed
Address.sendValue(address,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#397-403) is never used and should be removed
Context._msgData() (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#94-97) is never used and should be removed
ERC20._beforeTokenTransfer(address,address,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#702) is never used and should be removed
ERC20._burn(address,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#646-654) is never used and should be removed
ERC20._mint(address,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#625-633) is never used and should be removed
ERC20._setupDecimals(uint8) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#684-686) is never used and should be removed
SafeERC20.callOptionalReturn(IERC20,bytes) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#757-769) is never used and should be removed
SafeERC20.safeApprove(IERC20,address,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#745-755) is never used and should be removed
SafeERC20.safeTransfer(IERC20,address,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#728-734) is never used and should be removed
SafeERC20.safeTransferFrom(IERC20,address,address,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#736-743) is never used and should be removed
SafeMath.div(uint256,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#280-282) is never used and should be removed
SafeMath.div(uint256,uint256,string) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#295-306) is never used and should be removed
SafeMath.mod(uint256,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#319-321) is never used and should be removed
SafeMath.mod(uint256,uint256,string) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#334-341) is never used and should be removed
SafeMath.mul(uint256,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#255-267) is never used and should be removed
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dead-code�[0m
�[92m
Low level call in Address.sendValue(address,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#397-403):
- (success) = recipient.call{value: amount}() (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#401)
Low level call in SafeERC20.callOptionalReturn(IERC20,bytes) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#757-769):
- (success,returndata) = address(token).call(data) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#761)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls�[0m
�[92m
Variable ERC20._name (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#440) is not in mixedCase
Variable ERC20._symbol (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#441) is not in mixedCase
Variable VersionedInitializable.______gap (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#809) is not in mixedCase
Variable AaveTokenV2._nonces (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1134) is not in mixedCase
Variable AaveTokenV2._votingSnapshots (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1136) is not in mixedCase
Variable AaveTokenV2._votingSnapshotsCounts (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1138) is not in mixedCase
Variable AaveTokenV2._aaveGovernance (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1143) is not in mixedCase
Variable AaveTokenV2.DOMAIN_SEPARATOR (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1145) is not in mixedCase
Variable AaveTokenV2._votingDelegates (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1154) is not in mixedCase
Variable AaveTokenV2._propositionPowerSnapshots (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1156) is not in mixedCase
Variable AaveTokenV2._propositionPowerSnapshotsCounts (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1157) is not in mixedCase
Variable AaveTokenV2._propositionPowerDelegates (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1159) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions�[0m
�[92m
Redundant expression "this (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#95)" inContext (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#89-98)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#redundant-statements�[0m
�[92m
VersionedInitializable.______gap (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#809) is never used in AaveTokenV2 (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1124-1331)
AaveTokenV2.DECIMALS (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1129) is never used in AaveTokenV2 (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1124-1331)
AaveTokenV2.EIP712_DOMAIN (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1147-1149) is never used in AaveTokenV2 (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1124-1331)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unused-state-variable�[0m
�[92m
AaveTokenV2.DOMAIN_SEPARATOR (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1145) should be constant
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#state-variables-that-could-be-declared-constant�[0m
�[92m
name() should be declared external:
- ERC20.name() (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#462-464)
symbol() should be declared external:
- ERC20.symbol() (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#470-472)
decimals() should be declared external:
- ERC20.decimals() (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#487-489)
transfer(address,uint256) should be declared external:
- ERC20.transfer(address,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#513-516)
allowance(address,address) should be declared external:
- ERC20.allowance(address,address) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#521-523)
approve(address,uint256) should be declared external:
- ERC20.approve(address,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#532-535)
transferFrom(address,address,uint256) should be declared external:
- ERC20.transferFrom(address,address,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#549-553)
increaseAllowance(address,uint256) should be declared external:
- ERC20.increaseAllowance(address,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#567-570)
decreaseAllowance(address,uint256) should be declared external:
- ERC20.decreaseAllowance(address,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#586-589)
delegateByTypeBySig(address,IGovernancePowerDelegationToken.DelegationType,uint256,uint256,uint8,bytes32,bytes32) should be declared external:
- AaveTokenV2.delegateByTypeBySig(address,IGovernancePowerDelegationToken.DelegationType,uint256,uint256,uint8,bytes32,bytes32) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1284-1302)
delegateBySig(address,uint256,uint256,uint8,bytes32,bytes32) should be declared external:
- AaveTokenV2.delegateBySig(address,uint256,uint256,uint8,bytes32,bytes32) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1313-1329)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#public-function-that-could-be-declared-external�[0m
0xC13eac3B4F9EED480045113B7af00F7B5655Ece8 analyzed (11 contracts with 78 detectors), 60 result(s) found
- Slither report for ProposalPayload at
0xc730008C64783a283988b0fA3b5eE6b6F997922A
View report for ProposalPayload at `0xc730008C64783a283988b0fA3b5eE6b6F997922A`
Traceback (most recent call last):
File "/opt/hostedtoolcache/Python/3.10.5/x64/lib/python3.10/site-packages/slither/__main__.py", line 744, in main_impl
) = process_all(filename, args, detector_classes, printer_classes)
File "/opt/hostedtoolcache/Python/3.10.5/x64/lib/python3.10/site-packages/slither/__main__.py", line 76, in process_all
compilations = compile_all(target, **vars(args))
File "/opt/hostedtoolcache/Python/3.10.5/x64/lib/python3.10/site-packages/crytic_compile/crytic_compile.py", line 637, in compile_all
compilations.append(CryticCompile(target, **kwargs))
File "/opt/hostedtoolcache/Python/3.10.5/x64/lib/python3.10/site-packages/crytic_compile/crytic_compile.py", line 117, in __init__
self._compile(**kwargs)
File "/opt/hostedtoolcache/Python/3.10.5/x64/lib/python3.10/site-packages/crytic_compile/crytic_compile.py", line 548, in _compile
self._platform.compile(self, **kwargs)
File "/opt/hostedtoolcache/Python/3.10.5/x64/lib/python3.10/site-packages/crytic_compile/platform/etherscan.py", line 331, in compile
solc_standard_json.standalone_compile(filenames, compilation_unit, working_dir=working_dir)
File "/opt/hostedtoolcache/Python/3.10.5/x64/lib/python3.10/site-packages/crytic_compile/platform/solc_standard_json.py", line 65, in standalone_compile
targets_json = run_solc_standard_json(
File "/opt/hostedtoolcache/Python/3.10.5/x64/lib/python3.10/site-packages/crytic_compile/platform/solc_standard_json.py", line 179, in run_solc_standard_json
raise InvalidCompilation(solc_exception_str)
crytic_compile.platform.exceptions.InvalidCompilation: ParserError: ParserError: Source "@openzeppelin/contracts/token/ERC20/IERC20.sol" not found: File not found. Searched the following locations: "".
--> src/OtcEscrowApprovals.sol:4:1:
|
4 | import "@openzeppelin/contracts/token/ERC20/IERC20.sol";
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
ParserError: ParserError: Source "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol" not found: File not found. Searched the following locations: "".
--> src/OtcEscrowApprovals.sol:5:1:
|
5 | import "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol";
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
None
Error in 0xc730008C64783a283988b0fA3b5eE6b6F997922A
Traceback (most recent call last):
File "/opt/hostedtoolcache/Python/3.10.5/x64/lib/python3.10/site-packages/slither/__main__.py", line 744, in main_impl
) = process_all(filename, args, detector_classes, printer_classes)
File "/opt/hostedtoolcache/Python/3.10.5/x64/lib/python3.10/site-packages/slither/__main__.py", line 76, in process_all
compilations = compile_all(target, **vars(args))
File "/opt/hostedtoolcache/Python/3.10.5/x64/lib/python3.10/site-packages/crytic_compile/crytic_compile.py", line 637, in compile_all
compilations.append(CryticCompile(target, **kwargs))
File "/opt/hostedtoolcache/Python/3.10.5/x64/lib/python3.10/site-packages/crytic_compile/crytic_compile.py", line 117, in __init__
self._compile(**kwargs)
File "/opt/hostedtoolcache/Python/3.10.5/x64/lib/python3.10/site-packages/crytic_compile/crytic_compile.py", line 548, in _compile
self._platform.compile(self, **kwargs)
File "/opt/hostedtoolcache/Python/3.10.5/x64/lib/python3.10/site-packages/crytic_compile/platform/etherscan.py", line 331, in compile
solc_standard_json.standalone_compile(filenames, compilation_unit, working_dir=working_dir)
File "/opt/hostedtoolcache/Python/3.10.5/x64/lib/python3.10/site-packages/crytic_compile/platform/solc_standard_json.py", line 65, in standalone_compile
targets_json = run_solc_standard_json(
File "/opt/hostedtoolcache/Python/3.10.5/x64/lib/python3.10/site-packages/crytic_compile/platform/solc_standard_json.py", line 179, in run_solc_standard_json
raise InvalidCompilation(solc_exception_str)
crytic_compile.platform.exceptions.InvalidCompilation: ParserError: ParserError: Source "@openzeppelin/contracts/token/ERC20/IERC20.sol" not found: File not found. Searched the following locations: "".
--> src/OtcEscrowApprovals.sol:4:1:
|
4 | import "@openzeppelin/contracts/token/ERC20/IERC20.sol";
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
ParserError: ParserError: Source "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol" not found: File not found. Searched the following locations: "".
--> src/OtcEscrowApprovals.sol:5:1:
|
5 | import "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol";
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^