Updated as of block 15558579 at 9/18/2022, 2:14:11 AM ET
- ID: 101
- Proposer: 0x683a4F9915D6216f73d6Df50151725036bD26C02
- Start Block: 15529036 (9/13/2022, 4:54:02 PM ET)
- End Block: 15548236 (9/16/2022, 3:24:47 PM ET)
- Targets: 0x311Bb771e4F8952E6Da169b425E7e92d6Ac45756
- Executor: 0xEE56e2B3D491590B5b31738cC34d5232F378a8D5 (Short executor)
- Simulation: https://dashboard.tenderly.co/me/simulator/66d73305-c484-465e-96f5-8563ae14fe9a
Proposal text
Re-enable ETH borrowing in the Aave V2 Ethereum market.
AIP-97 paused ETH borrowing on the Aave V2 Ethereum market to mitigate the risk of high utilization ahead of the Ethereum Merge. Now that the Ethereum Merge has passed, this proposal re-enables ETH borrowing to revert the market back to normal conditions.
Full details are provided in the original forum post.
Given the timing of the Merge, this proposal allows for a few days of monitoring post-Merge before this proposal can be executed. Should conditions turn undesirable, voters should vote No, and this proposal should be canceled.
- The proposal calls
enableBorrowingOnReservewith the parametersaddress=0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2(WETH address on mainnet) andstableBorrowRateEnabledastrue.
Copyright and related rights waived via CC0.
By approving this proposal, you agree that any services provided by Gauntlet shall be governed by the terms of service available at gauntlet.network/tos.
Info:
- State changes:
# InitializableImmutableAdminUpgradeabilityProxy at `0x7d2768dE32b0b80b7a3454c06BdAc94A69DDc7A9` with implementation LendingPool at `0xC6845a5C768BF8D7681249f8927877Efda425baf`
@@ `_reserves` key `0xc02aaa39b223fe8d0a0e5c4f27ead9083c756cc2`.configuration.data @@
- 18447397703703187431482
+ 18447685934079339143226
# decoded configuration.data for key `0xc02aaa39b223fe8d0a0e5c4f27ead9083c756cc2` (symbol: WETH)
@@ configuration.data.borrowingEnabled @@
- false
+ true
Info:
- There is no SELFDESTRUCT inside of delegated call
Info:
- Events Emitted:
- InitializableImmutableAdminUpgradeabilityProxy at
0x311Bb771e4F8952E6Da169b425E7e92d6Ac45756with implementation LendingPoolConfigurator at0x3a95Ee42f080ff7289C8B4a14EB483a8644d7521BorrowingEnabledOnReserve(asset: 0xc02aaa39b223fe8d0a0e5c4f27ead9083c756cc2, stableRateEnabled: true)
- InitializableImmutableAdminUpgradeabilityProxy at
Info:
- Targets:
- 0x311Bb771e4F8952E6Da169b425E7e92d6Ac45756: Contract (verified) (InitializableImmutableAdminUpgradeabilityProxy)
Info:
- Touched address:
- 0xDD659911EcBD4458db07Ee7cDdeC79bf8F859AbC: EOA (verification not applicable)
- 0xEC568fffba86c094cf06b22134B23074DFE2252c: Contract (verified) (AaveGovernanceV2)
- 0xEE56e2B3D491590B5b31738cC34d5232F378a8D5: Contract (verified) (Executor)
- 0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e: Contract (verified) (GovernanceStrategy)
- 0x7Fc66500c84A76Ad7e9c93437bFc5Ac33E2DDaE9: Contract (verified) (InitializableAdminUpgradeabilityProxy)
- 0xC13eac3B4F9EED480045113B7af00F7B5655Ece8: Contract (verified) (AaveTokenV2)
- 0x311Bb771e4F8952E6Da169b425E7e92d6Ac45756: Contract (verified) (InitializableImmutableAdminUpgradeabilityProxy)
- 0x3a95Ee42f080ff7289C8B4a14EB483a8644d7521: Contract (verified) (LendingPoolConfigurator)
- 0xB53C1a33016B2DC2fF3653530bfF1848a515c8c5: Contract (verified) (LendingPoolAddressesProvider)
- 0x7d2768dE32b0b80b7a3454c06BdAc94A69DDc7A9: Contract (verified) (InitializableImmutableAdminUpgradeabilityProxy)
- 0xC6845a5C768BF8D7681249f8927877Efda425baf: Contract (verified) (LendingPool)
Info:
View Details
View warnings for InitializableImmutableAdminUpgradeabilityProxy at `0x311Bb771e4F8952E6Da169b425E7e92d6Ac45756` with implementation LendingPoolConfigurator at `0x3a95Ee42f080ff7289C8B4a14EB483a8644d7521`
WARNING:CryticCompile:Warning: contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:16:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract BaseImmutableAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableImmutableAdminUpgradeabilityProxy is
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
View warnings for LendingPoolConfigurator at `0x3a95Ee42f080ff7289C8B4a14EB483a8644d7521`
WARNING:CryticCompile:Warning: contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:16:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract BaseImmutableAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableImmutableAdminUpgradeabilityProxy is
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
View warnings for InitializableImmutableAdminUpgradeabilityProxy at `0x7d2768dE32b0b80b7a3454c06BdAc94A69DDc7A9` with implementation LendingPool at `0xC6845a5C768BF8D7681249f8927877Efda425baf`
WARNING:CryticCompile:Warning: contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:16:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract BaseImmutableAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableImmutableAdminUpgradeabilityProxy is
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
View warnings for InitializableAdminUpgradeabilityProxy at `0x7Fc66500c84A76Ad7e9c93437bFc5Ac33E2DDaE9` with implementation AaveTokenV2 (Aave Token) at `0xC13eac3B4F9EED480045113B7af00F7B5655Ece8`
WARNING:CryticCompile:Warning: contracts/open-zeppelin/Address.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/BaseUpgradeabilityProxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/Proxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/SafeMath.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/UpgradeabilityProxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol:13:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract BaseAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/open-zeppelin/Proxy.sol:15:3: The payable fallback function is defined here.
fallback () payable external {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/open-zeppelin/Proxy.sol:15:3: The payable fallback function is defined here.
fallback () payable external {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/open-zeppelin/InitializableAdminUpgradeabilityProxy.sol:12:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableAdminUpgradeabilityProxy is BaseAdminUpgradeabilityProxy, InitializableUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/open-zeppelin/Proxy.sol:15:3: The payable fallback function is defined here.
fallback () payable external {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/utils/MockTransferHook.sol:9:25: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function onTransfer(address from, address to, uint256 amount) external override {
^----------^
Warning: contracts/utils/MockTransferHook.sol:9:39: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function onTransfer(address from, address to, uint256 amount) external override {
^--------^
Warning: contracts/utils/MockTransferHook.sol:9:51: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function onTransfer(address from, address to, uint256 amount) external override {
^------------^
View warnings for LendingPoolAddressesProvider at `0xB53C1a33016B2DC2fF3653530bfF1848a515c8c5`
WARNING:CryticCompile:Warning: contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:16:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract BaseImmutableAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableImmutableAdminUpgradeabilityProxy is
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
View warnings for AaveTokenV2 (Aave Token) at `0xC13eac3B4F9EED480045113B7af00F7B5655Ece8`
WARNING:CryticCompile:Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:453:18: Warning: This declaration shadows an existing declaration.
constructor (string memory name, string memory symbol) public {
^----------------^
crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:462:5: The shadowed declaration is here:
function name() public view returns (string memory) {
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:453:38: Warning: This declaration shadows an existing declaration.
constructor (string memory name, string memory symbol) public {
^------------------^
crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:470:5: The shadowed declaration is here:
function symbol() public view returns (string memory) {
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:35:3: Warning: Interface functions are implicitly "virtual"
function delegateByType(address delegatee, DelegationType delegationType) external virtual;
^-----------------------------------------------------------------------------------------^
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:40:3: Warning: Interface functions are implicitly "virtual"
function delegate(address delegatee) external virtual;
^----------------------------------------------------^
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:45:3: Warning: Interface functions are implicitly "virtual"
function getDelegateeByType(address delegator, DelegationType delegationType)
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:56:3: Warning: Interface functions are implicitly "virtual"
function getPowerCurrent(address user, DelegationType delegationType)
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:66:3: Warning: Interface functions are implicitly "virtual"
function getPowerAtBlock(
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:75:3: Warning: Interface functions are implicitly "virtual"
function totalSupplyAt(uint256 blockNumber) external virtual view returns (uint256);
^----------------------------------------------------------------------------------^
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:453:5: Warning: Visibility for constructor is ignored. If you want the contract to be non-deployable, making it "abstract" is sufficient.
constructor (string memory name, string memory symbol) public {
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:1161:3: Warning: Visibility for constructor is ignored. If you want the contract to be non-deployable, making it "abstract" is sufficient.
constructor() public ERC20(NAME, SYMBOL) {}
^-----------------------------------------^
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:913:26: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function totalSupplyAt(uint256 blockNumber) external override view returns (uint256) {
^-----------------^
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:1079:5: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
uint128 oldValue,
^--------------^
View warnings for LendingPool at `0xC6845a5C768BF8D7681249f8927877Efda425baf`
WARNING:CryticCompile:Warning: contracts/dependencies/openzeppelin/upgradeability/BaseAdminUpgradeabilityProxy.sol:14:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract BaseAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/dependencies/openzeppelin/upgradeability/AdminUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract AdminUpgradeabilityProxy is BaseAdminUpgradeabilityProxy, UpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/dependencies/openzeppelin/upgradeability/InitializableAdminUpgradeabilityProxy.sol:12:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableAdminUpgradeabilityProxy is
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:16:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract BaseImmutableAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableImmutableAdminUpgradeabilityProxy is
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Info:
View Details
Slither report for InitializableImmutableAdminUpgradeabilityProxy at `0x311Bb771e4F8952E6Da169b425E7e92d6Ac45756` with implementation LendingPoolConfigurator at `0x3a95Ee42f080ff7289C8B4a14EB483a8644d7521`
Warning: contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:16:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract BaseImmutableAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableImmutableAdminUpgradeabilityProxy is
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
InitializableUpgradeabilityProxy.initialize(address,bytes) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20-28) uses delegatecall to a input-controlled function id
- (success) = _logic.delegatecall(_data) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#controlled-delegatecall
BaseImmutableAdminUpgradeabilityProxy.constructor(address).admin (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#19) shadows:
- BaseImmutableAdminUpgradeabilityProxy.admin() (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#34-36) (function)
InitializableImmutableAdminUpgradeabilityProxy.constructor(address).admin (contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol#15) shadows:
- BaseImmutableAdminUpgradeabilityProxy.admin() (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#34-36) (function)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#local-variable-shadowing
InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) lacks a zero-check on :
- (success) = _logic.delegatecall(_data) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
BaseImmutableAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes).newImplementation (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#63) lacks a zero-check on :
- (success) = newImplementation.delegatecall(data) (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#69)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-zero-address-validation
Modifier BaseImmutableAdminUpgradeabilityProxy.ifAdmin() (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#23-29) does not always execute _; or revertReference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-modifier
Address.isContract(address) (contracts/dependencies/openzeppelin/contracts/Address.sol#25-36) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/contracts/Address.sol#32-34)
BaseUpgradeabilityProxy._implementation() (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#31-37) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#34-36)
BaseUpgradeabilityProxy._setImplementation(address) (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#52-64) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#61-63)
Proxy._delegate(address) (contracts/dependencies/openzeppelin/upgradeability/Proxy.sol#31-55) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/upgradeability/Proxy.sol#33-54)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage
Address.sendValue(address,uint256) (contracts/dependencies/openzeppelin/contracts/Address.sol#54-60) is never used and should be removed
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dead-code
Low level call in Address.sendValue(address,uint256) (contracts/dependencies/openzeppelin/contracts/Address.sol#54-60):
- (success) = recipient.call{value: amount}() (contracts/dependencies/openzeppelin/contracts/Address.sol#58)
Low level call in InitializableUpgradeabilityProxy.initialize(address,bytes) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20-28):
- (success) = _logic.delegatecall(_data) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
Low level call in BaseImmutableAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes) (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#63-71):
- (success) = newImplementation.delegatecall(data) (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#69)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) is not in mixedCase
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._data (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) is not in mixedCase
Variable BaseImmutableAdminUpgradeabilityProxy.ADMIN (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#17) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
0x311Bb771e4F8952E6Da169b425E7e92d6Ac45756 analyzed (6 contracts with 72 detectors), 17 result(s) found
Slither report for LendingPoolConfigurator at `0x3a95Ee42f080ff7289C8B4a14EB483a8644d7521`
Warning: contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:16:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract BaseImmutableAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableImmutableAdminUpgradeabilityProxy is
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
InitializableUpgradeabilityProxy.initialize(address,bytes) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20-28) uses delegatecall to a input-controlled function id
- (success) = _logic.delegatecall(_data) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#controlled-delegatecall
LendingPoolConfigurator._checkNoLiquidity(address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#552-561) uses a dangerous strict equality:
- require(bool,string)(availableLiquidity == 0 && reserveData.currentLiquidityRate == 0,Errors.LPC_RESERVE_LIQUIDITY_NOT_0) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#557-560)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dangerous-strict-equalities
BaseImmutableAdminUpgradeabilityProxy.constructor(address).admin (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#19) shadows:
- BaseImmutableAdminUpgradeabilityProxy.admin() (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#34-36) (function)
InitializableImmutableAdminUpgradeabilityProxy.constructor(address).admin (contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol#15) shadows:
- BaseImmutableAdminUpgradeabilityProxy.admin() (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#34-36) (function)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#local-variable-shadowing
InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) lacks a zero-check on :
- (success) = _logic.delegatecall(_data) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
BaseImmutableAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes).newImplementation (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#63) lacks a zero-check on :
- (success) = newImplementation.delegatecall(data) (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#69)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-zero-address-validation
Modifier BaseImmutableAdminUpgradeabilityProxy.ifAdmin() (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#23-29) does not always execute _; or revertReference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-modifier
Reentrancy in LendingPoolConfigurator.activateReserve(address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#421-429):
External calls:
- pool.setConfiguration(asset,currentConfig.data) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#426)
Event emitted after the call(s):
- ReserveActivated(asset) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#428)
Reentrancy in LendingPoolConfigurator.configureReserveAsCollateral(address,uint256,uint256,uint256) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#345-387):
External calls:
- pool.setConfiguration(asset,currentConfig.data) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#384)
Event emitted after the call(s):
- CollateralConfigurationChanged(asset,ltv,liquidationThreshold,liquidationBonus) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#386)
Reentrancy in LendingPoolConfigurator.deactivateReserve(address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#435-445):
External calls:
- pool.setConfiguration(asset,currentConfig.data) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#442)
Event emitted after the call(s):
- ReserveDeactivated(asset) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#444)
Reentrancy in LendingPoolConfigurator.disableBorrowingOnReserve(address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#327-334):
External calls:
- pool.setConfiguration(asset,currentConfig.data) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#332)
Event emitted after the call(s):
- BorrowingDisabledOnReserve(asset) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#333)
Reentrancy in LendingPoolConfigurator.disableReserveStableRate(address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#407-415):
External calls:
- pool.setConfiguration(asset,currentConfig.data) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#412)
Event emitted after the call(s):
- StableRateDisabledOnReserve(asset) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#414)
Reentrancy in LendingPoolConfigurator.enableBorrowingOnReserve(address,bool) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#309-321):
External calls:
- pool.setConfiguration(asset,currentConfig.data) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#318)
Event emitted after the call(s):
- BorrowingEnabledOnReserve(asset,stableBorrowRateEnabled) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#320)
Reentrancy in LendingPoolConfigurator.enableReserveStableRate(address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#393-401):
External calls:
- pool.setConfiguration(asset,currentConfig.data) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#398)
Event emitted after the call(s):
- StableRateEnabledOnReserve(asset) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#400)
Reentrancy in LendingPoolConfigurator.freezeReserve(address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#452-460):
External calls:
- pool.setConfiguration(asset,currentConfig.data) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#457)
Event emitted after the call(s):
- ReserveFrozen(asset) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#459)
Reentrancy in LendingPoolConfigurator.initReserve(address,address,address,uint8,address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#201-263):
External calls:
- aTokenProxyAddress = _initTokenWithProxy(aTokenImpl,underlyingAssetDecimals) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#231)
- proxy.initialize(implementation,params) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#524)
- stableDebtTokenProxyAddress = _initTokenWithProxy(stableDebtTokenImpl,underlyingAssetDecimals) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#233-234)
- proxy.initialize(implementation,params) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#524)
- variableDebtTokenProxyAddress = _initTokenWithProxy(variableDebtTokenImpl,underlyingAssetDecimals) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#236-237)
- proxy.initialize(implementation,params) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#524)
- pool.initReserve(asset,aTokenProxyAddress,stableDebtTokenProxyAddress,variableDebtTokenProxyAddress,interestRateStrategyAddress) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#239-245)
- pool.setConfiguration(asset,currentConfig.data) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#254)
Event emitted after the call(s):
- ReserveInitialized(asset,aTokenProxyAddress,stableDebtTokenProxyAddress,variableDebtTokenProxyAddress,interestRateStrategyAddress) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#256-262)
Reentrancy in LendingPoolConfigurator.setReserveFactor(address,uint256) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#481-489):
External calls:
- pool.setConfiguration(asset,currentConfig.data) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#486)
Event emitted after the call(s):
- ReserveFactorChanged(asset,reserveFactor) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#488)
Reentrancy in LendingPoolConfigurator.setReserveInterestRateStrategyAddress(address,address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#496-502):
External calls:
- pool.setReserveInterestRateStrategyAddress(asset,rateStrategyAddress) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#500)
Event emitted after the call(s):
- ReserveInterestRateStrategyChanged(asset,rateStrategyAddress) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#501)
Reentrancy in LendingPoolConfigurator.unfreezeReserve(address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#466-474):
External calls:
- pool.setConfiguration(asset,currentConfig.data) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#471)
Event emitted after the call(s):
- ReserveUnfrozen(asset) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#473)
Reentrancy in LendingPoolConfigurator.updateAToken(address,address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#270-276):
External calls:
- _upgradeTokenImplementation(asset,reserveData.aTokenAddress,implementation) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#273)
- proxy.upgradeToAndCall(implementation,params) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#549)
Event emitted after the call(s):
- ATokenUpgraded(asset,reserveData.aTokenAddress,implementation) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#275)
Reentrancy in LendingPoolConfigurator.updateStableDebtToken(address,address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#283-289):
External calls:
- _upgradeTokenImplementation(asset,reserveData.stableDebtTokenAddress,implementation) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#286)
- proxy.upgradeToAndCall(implementation,params) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#549)
Event emitted after the call(s):
- StableDebtTokenUpgraded(asset,reserveData.stableDebtTokenAddress,implementation) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#288)
Reentrancy in LendingPoolConfigurator.updateVariableDebtToken(address,address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#296-302):
External calls:
- _upgradeTokenImplementation(asset,reserveData.variableDebtTokenAddress,implementation) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#299)
- proxy.upgradeToAndCall(implementation,params) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#549)
Event emitted after the call(s):
- VariableDebtTokenUpgraded(asset,reserveData.variableDebtTokenAddress,implementation) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#301)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-3
Address.isContract(address) (contracts/dependencies/openzeppelin/contracts/Address.sol#25-36) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/contracts/Address.sol#32-34)
BaseUpgradeabilityProxy._implementation() (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#31-37) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#34-36)
BaseUpgradeabilityProxy._setImplementation(address) (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#52-64) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#61-63)
Proxy._delegate(address) (contracts/dependencies/openzeppelin/upgradeability/Proxy.sol#31-55) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/upgradeability/Proxy.sol#33-54)
VersionedInitializable.isConstructor() (contracts/protocol/libraries/aave-upgradeability/VersionedInitializable.sol#61-73) uses assembly
- INLINE ASM (contracts/protocol/libraries/aave-upgradeability/VersionedInitializable.sol#69-71)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage
Address.sendValue(address,uint256) (contracts/dependencies/openzeppelin/contracts/Address.sol#54-60) is never used and should be removed
PercentageMath.percentDiv(uint256,uint256) (contracts/protocol/libraries/math/PercentageMath.sol#43-53) is never used and should be removed
ReserveConfiguration.getActive(DataTypes.ReserveConfigurationMap) (contracts/protocol/libraries/configuration/ReserveConfiguration.sol#150-152) is never used and should be removed
ReserveConfiguration.getBorrowingEnabled(DataTypes.ReserveConfigurationMap) (contracts/protocol/libraries/configuration/ReserveConfiguration.sol#190-192) is never used and should be removed
ReserveConfiguration.getDecimals(DataTypes.ReserveConfigurationMap) (contracts/protocol/libraries/configuration/ReserveConfiguration.sol#130-132) is never used and should be removed
ReserveConfiguration.getFlags(DataTypes.ReserveConfigurationMap) (contracts/protocol/libraries/configuration/ReserveConfiguration.sol#251-269) is never used and should be removed
ReserveConfiguration.getFlagsMemory(DataTypes.ReserveConfigurationMap) (contracts/protocol/libraries/configuration/ReserveConfiguration.sol#328-344) is never used and should be removed
ReserveConfiguration.getFrozen(DataTypes.ReserveConfigurationMap) (contracts/protocol/libraries/configuration/ReserveConfiguration.sol#170-172) is never used and should be removed
ReserveConfiguration.getLiquidationBonus(DataTypes.ReserveConfigurationMap) (contracts/protocol/libraries/configuration/ReserveConfiguration.sol#106-112) is never used and should be removed
ReserveConfiguration.getLiquidationThreshold(DataTypes.ReserveConfigurationMap) (contracts/protocol/libraries/configuration/ReserveConfiguration.sol#80-86) is never used and should be removed
ReserveConfiguration.getLtv(DataTypes.ReserveConfigurationMap) (contracts/protocol/libraries/configuration/ReserveConfiguration.sol#55-57) is never used and should be removed
ReserveConfiguration.getParams(DataTypes.ReserveConfigurationMap) (contracts/protocol/libraries/configuration/ReserveConfiguration.sol#276-296) is never used and should be removed
ReserveConfiguration.getReserveFactor(DataTypes.ReserveConfigurationMap) (contracts/protocol/libraries/configuration/ReserveConfiguration.sol#242-244) is never used and should be removed
ReserveConfiguration.getStableRateBorrowingEnabled(DataTypes.ReserveConfigurationMap) (contracts/protocol/libraries/configuration/ReserveConfiguration.sol#213-219) is never used and should be removed
SafeMath.add(uint256,uint256) (contracts/dependencies/openzeppelin/contracts/SafeMath.sol#27-32) is never used and should be removed
SafeMath.div(uint256,uint256) (contracts/dependencies/openzeppelin/contracts/SafeMath.sol#101-103) is never used and should be removed
SafeMath.div(uint256,uint256,string) (contracts/dependencies/openzeppelin/contracts/SafeMath.sol#116-127) is never used and should be removed
SafeMath.mod(uint256,uint256) (contracts/dependencies/openzeppelin/contracts/SafeMath.sol#140-142) is never used and should be removed
SafeMath.mod(uint256,uint256,string) (contracts/dependencies/openzeppelin/contracts/SafeMath.sol#155-162) is never used and should be removed
SafeMath.mul(uint256,uint256) (contracts/dependencies/openzeppelin/contracts/SafeMath.sol#76-88) is never used and should be removed
SafeMath.sub(uint256,uint256) (contracts/dependencies/openzeppelin/contracts/SafeMath.sol#43-45) is never used and should be removed
SafeMath.sub(uint256,uint256,string) (contracts/dependencies/openzeppelin/contracts/SafeMath.sol#56-65) is never used and should be removed
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dead-code
Low level call in Address.sendValue(address,uint256) (contracts/dependencies/openzeppelin/contracts/Address.sol#54-60):
- (success) = recipient.call{value: amount}() (contracts/dependencies/openzeppelin/contracts/Address.sol#58)
Low level call in InitializableUpgradeabilityProxy.initialize(address,bytes) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20-28):
- (success) = _logic.delegatecall(_data) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
Low level call in BaseImmutableAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes) (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#63-71):
- (success) = newImplementation.delegatecall(data) (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#69)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) is not in mixedCase
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._data (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) is not in mixedCase
Function ITokenConfiguration.UNDERLYING_ASSET_ADDRESS() (contracts/interfaces/ITokenConfiguration.sol#11) is not in mixedCase
Function ITokenConfiguration.POOL() (contracts/interfaces/ITokenConfiguration.sol#13) is not in mixedCase
Variable BaseImmutableAdminUpgradeabilityProxy.ADMIN (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#17) is not in mixedCase
Variable VersionedInitializable.______gap (contracts/protocol/libraries/aave-upgradeability/VersionedInitializable.sol#76) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
Variable Errors.LP_INCONSISTENT_FLASHLOAN_PARAMS (contracts/protocol/libraries/helpers/Errors.sol#55) is too similar to Errors.VL_INCONSISTENT_FLASHLOAN_PARAMS (contracts/protocol/libraries/helpers/Errors.sol#100)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#variable-names-are-too-similar
VersionedInitializable.______gap (contracts/protocol/libraries/aave-upgradeability/VersionedInitializable.sol#76) is never used in LendingPoolConfigurator (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#25-562)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unused-state-variable
0x3a95Ee42f080ff7289C8B4a14EB483a8644d7521 analyzed (18 contracts with 72 detectors), 60 result(s) found
Slither report for InitializableImmutableAdminUpgradeabilityProxy at `0x7d2768dE32b0b80b7a3454c06BdAc94A69DDc7A9` with implementation LendingPool at `0xC6845a5C768BF8D7681249f8927877Efda425baf`
Warning: contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:16:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract BaseImmutableAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableImmutableAdminUpgradeabilityProxy is
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
InitializableUpgradeabilityProxy.initialize(address,bytes) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20-28) uses delegatecall to a input-controlled function id
- (success) = _logic.delegatecall(_data) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#controlled-delegatecall
BaseImmutableAdminUpgradeabilityProxy.constructor(address).admin (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#19) shadows:
- BaseImmutableAdminUpgradeabilityProxy.admin() (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#34-36) (function)
InitializableImmutableAdminUpgradeabilityProxy.constructor(address).admin (contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol#15) shadows:
- BaseImmutableAdminUpgradeabilityProxy.admin() (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#34-36) (function)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#local-variable-shadowing
InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) lacks a zero-check on :
- (success) = _logic.delegatecall(_data) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
BaseImmutableAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes).newImplementation (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#63) lacks a zero-check on :
- (success) = newImplementation.delegatecall(data) (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#69)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-zero-address-validation
Modifier BaseImmutableAdminUpgradeabilityProxy.ifAdmin() (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#23-29) does not always execute _; or revertReference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-modifier
Address.isContract(address) (contracts/dependencies/openzeppelin/contracts/Address.sol#25-36) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/contracts/Address.sol#32-34)
BaseUpgradeabilityProxy._implementation() (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#31-37) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#34-36)
BaseUpgradeabilityProxy._setImplementation(address) (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#52-64) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#61-63)
Proxy._delegate(address) (contracts/dependencies/openzeppelin/upgradeability/Proxy.sol#31-55) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/upgradeability/Proxy.sol#33-54)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage
Address.sendValue(address,uint256) (contracts/dependencies/openzeppelin/contracts/Address.sol#54-60) is never used and should be removed
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dead-code
Low level call in Address.sendValue(address,uint256) (contracts/dependencies/openzeppelin/contracts/Address.sol#54-60):
- (success) = recipient.call{value: amount}() (contracts/dependencies/openzeppelin/contracts/Address.sol#58)
Low level call in InitializableUpgradeabilityProxy.initialize(address,bytes) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20-28):
- (success) = _logic.delegatecall(_data) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
Low level call in BaseImmutableAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes) (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#63-71):
- (success) = newImplementation.delegatecall(data) (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#69)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) is not in mixedCase
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._data (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) is not in mixedCase
Variable BaseImmutableAdminUpgradeabilityProxy.ADMIN (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#17) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
0x7d2768dE32b0b80b7a3454c06BdAc94A69DDc7A9 analyzed (6 contracts with 72 detectors), 17 result(s) found
Slither report for InitializableAdminUpgradeabilityProxy at `0x7Fc66500c84A76Ad7e9c93437bFc5Ac33E2DDaE9` with implementation AaveTokenV2 (Aave Token) at `0xC13eac3B4F9EED480045113B7af00F7B5655Ece8`
Warning: contracts/open-zeppelin/Address.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/BaseUpgradeabilityProxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/Proxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/SafeMath.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/UpgradeabilityProxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol:13:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract BaseAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/open-zeppelin/Proxy.sol:15:3: The payable fallback function is defined here.
fallback () payable external {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/open-zeppelin/Proxy.sol:15:3: The payable fallback function is defined here.
fallback () payable external {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/open-zeppelin/InitializableAdminUpgradeabilityProxy.sol:12:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableAdminUpgradeabilityProxy is BaseAdminUpgradeabilityProxy, InitializableUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/open-zeppelin/Proxy.sol:15:3: The payable fallback function is defined here.
fallback () payable external {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/utils/MockTransferHook.sol:9:25: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function onTransfer(address from, address to, uint256 amount) external override {
^----------^
Warning: contracts/utils/MockTransferHook.sol:9:39: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function onTransfer(address from, address to, uint256 amount) external override {
^--------^
Warning: contracts/utils/MockTransferHook.sol:9:51: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function onTransfer(address from, address to, uint256 amount) external override {
^------------^
InitializableUpgradeabilityProxy.initialize(address,bytes) (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#20-28) uses delegatecall to a input-controlled function id
- (success) = _logic.delegatecall(_data) (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#25)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#controlled-delegatecall
LendToAaveMigrator.migrateFromLEND(uint256) (contracts/token/LendToAaveMigrator.sol#61-68) ignores return value by LEND.transferFrom(msg.sender,address(this),amount) (contracts/token/LendToAaveMigrator.sol#65)
LendToAaveMigrator.migrateFromLEND(uint256) (contracts/token/LendToAaveMigrator.sol#61-68) ignores return value by AAVE.transfer(msg.sender,amount.div(LEND_AAVE_RATIO)) (contracts/token/LendToAaveMigrator.sol#66)
DoubleTransferHelper.doubleSend(address,uint256,uint256) (contracts/utils/DoubleTransferHelper.sol#14-17) ignores return value by AAVE.transfer(to,amount1) (contracts/utils/DoubleTransferHelper.sol#15)
DoubleTransferHelper.doubleSend(address,uint256,uint256) (contracts/utils/DoubleTransferHelper.sol#14-17) ignores return value by AAVE.transfer(to,amount2) (contracts/utils/DoubleTransferHelper.sol#16)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unchecked-transfer
AaveToken._writeSnapshot(address,uint128,uint128) (contracts/token/AaveToken.sol#138-153) uses a dangerous strict equality:
- ownerCountOfSnapshots != 0 && snapshotsOwner[ownerCountOfSnapshots.sub(1)].blockNumber == currentBlock (contracts/token/AaveToken.sol#145)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dangerous-strict-equalities
Reentrancy in AaveToken.initialize(address,address,ITransferHook) (contracts/token/AaveToken.sol#59-85):
External calls:
- _mint(migrator,MIGRATION_AMOUNT) (contracts/token/AaveToken.sol#83)
- aaveGovernance.onTransfer(from,to,amount) (contracts/token/AaveToken.sol#181)
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
- aaveGovernance.onTransfer(from,to,amount) (contracts/token/AaveToken.sol#181)
State variables written after the call(s):
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
- _balances[account] = _balances[account].add(amount) (contracts/open-zeppelin/ERC20.sol#235)
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
- _countsSnapshots[owner] = ownerCountOfSnapshots.add(1) (contracts/token/AaveToken.sol#149)
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
- snapshotsOwner[ownerCountOfSnapshots.sub(1)].value = newValue (contracts/token/AaveToken.sol#146)
- snapshotsOwner[ownerCountOfSnapshots] = Snapshot(currentBlock,newValue) (contracts/token/AaveToken.sol#148)
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
- _totalSupply = _totalSupply.add(amount) (contracts/open-zeppelin/ERC20.sol#234)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-1
ERC20.constructor(string,string).name (contracts/open-zeppelin/ERC20.sol#57) shadows:
- ERC20.name() (contracts/open-zeppelin/ERC20.sol#66-68) (function)
ERC20.constructor(string,string).symbol (contracts/open-zeppelin/ERC20.sol#57) shadows:
- ERC20.symbol() (contracts/open-zeppelin/ERC20.sol#74-76) (function)
InitializableAdminUpgradeabilityProxy.initialize(address,address,bytes)._admin (contracts/open-zeppelin/InitializableAdminUpgradeabilityProxy.sol#22) shadows:
- BaseAdminUpgradeabilityProxy._admin() (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#94-99) (function)
MintableErc20.constructor(string,string,uint8).name (contracts/utils/MintableErc20.sol#11) shadows:
- ERC20.name() (contracts/open-zeppelin/ERC20.sol#66-68) (function)
MintableErc20.constructor(string,string,uint8).symbol (contracts/utils/MintableErc20.sol#11) shadows:
- ERC20.symbol() (contracts/open-zeppelin/ERC20.sol#74-76) (function)
MintableErc20.constructor(string,string,uint8).decimals (contracts/utils/MintableErc20.sol#11) shadows:
- ERC20.decimals() (contracts/open-zeppelin/ERC20.sol#91-93) (function)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#local-variable-shadowing
InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#20) lacks a zero-check on :
- (success) = _logic.delegatecall(_data) (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#25)
BaseAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes).newImplementation (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#85) lacks a zero-check on :
- (success) = newImplementation.delegatecall(data) (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#87)
UpgradeabilityProxy.constructor(address,bytes)._logic (contracts/open-zeppelin/UpgradeabilityProxy.sol#19) lacks a zero-check on :
- (success) = _logic.delegatecall(_data) (contracts/open-zeppelin/UpgradeabilityProxy.sol#23)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-zero-address-validation
Modifier BaseAdminUpgradeabilityProxy.ifAdmin() (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#34-40) does not always execute _; or revertReference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-modifier
Reentrancy in AaveToken.initialize(address,address,ITransferHook) (contracts/token/AaveToken.sol#59-85):
External calls:
- _mint(migrator,MIGRATION_AMOUNT) (contracts/token/AaveToken.sol#83)
- aaveGovernance.onTransfer(from,to,amount) (contracts/token/AaveToken.sol#181)
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
- aaveGovernance.onTransfer(from,to,amount) (contracts/token/AaveToken.sol#181)
Event emitted after the call(s):
- SnapshotDone(owner,oldValue,newValue) (contracts/token/AaveToken.sol#152)
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
- Transfer(address(0),account,amount) (contracts/open-zeppelin/ERC20.sol#236)
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
Reentrancy in LendToAaveMigrator.migrateFromLEND(uint256) (contracts/token/LendToAaveMigrator.sol#61-68):
External calls:
- LEND.transferFrom(msg.sender,address(this),amount) (contracts/token/LendToAaveMigrator.sol#65)
- AAVE.transfer(msg.sender,amount.div(LEND_AAVE_RATIO)) (contracts/token/LendToAaveMigrator.sol#66)
Event emitted after the call(s):
- LendMigrated(msg.sender,amount) (contracts/token/LendToAaveMigrator.sol#67)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-3
AaveToken.permit(address,address,uint256,uint256,uint8,bytes32,bytes32) (contracts/token/AaveToken.sol#98-123) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(block.timestamp <= deadline,INVALID_EXPIRATION) (contracts/token/AaveToken.sol#109)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#block-timestamp
Address.isContract(address) (contracts/open-zeppelin/Address.sol#24-33) uses assembly
- INLINE ASM (contracts/open-zeppelin/Address.sol#31)
BaseAdminUpgradeabilityProxy._admin() (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#94-99) uses assembly
- INLINE ASM (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#96-98)
BaseAdminUpgradeabilityProxy._setAdmin(address) (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#105-111) uses assembly
- INLINE ASM (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#108-110)
BaseUpgradeabilityProxy._implementation() (contracts/open-zeppelin/BaseUpgradeabilityProxy.sol#30-35) uses assembly
- INLINE ASM (contracts/open-zeppelin/BaseUpgradeabilityProxy.sol#32-34)
BaseUpgradeabilityProxy._setImplementation(address) (contracts/open-zeppelin/BaseUpgradeabilityProxy.sol#50-58) uses assembly
- INLINE ASM (contracts/open-zeppelin/BaseUpgradeabilityProxy.sol#55-57)
Proxy._delegate(address) (contracts/open-zeppelin/Proxy.sol#30-49) uses assembly
- INLINE ASM (contracts/open-zeppelin/Proxy.sol#31-48)
AaveToken.initialize(address,address,ITransferHook) (contracts/token/AaveToken.sol#59-85) uses assembly
- INLINE ASM (contracts/token/AaveToken.sol#68-70)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage
Address.sendValue(address,uint256) (contracts/open-zeppelin/Address.sol#51-57) is never used and should be removed
Context._msgData() (contracts/open-zeppelin/Context.sol#20-23) is never used and should be removed
ERC20._burn(address,uint256) (contracts/open-zeppelin/ERC20.sol#250-258) is never used and should be removed
SafeMath.mod(uint256,uint256) (contracts/open-zeppelin/SafeMath.sol#131-133) is never used and should be removed
SafeMath.mod(uint256,uint256,string) (contracts/open-zeppelin/SafeMath.sol#146-149) is never used and should be removed
SafeMath.mul(uint256,uint256) (contracts/open-zeppelin/SafeMath.sol#71-83) is never used and should be removed
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dead-code
Low level call in Address.sendValue(address,uint256) (contracts/open-zeppelin/Address.sol#51-57):
- (success) = recipient.call{value: amount}() (contracts/open-zeppelin/Address.sol#55)
Low level call in BaseAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes) (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#85-89):
- (success) = newImplementation.delegatecall(data) (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#87)
Low level call in InitializableUpgradeabilityProxy.initialize(address,bytes) (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#20-28):
- (success) = _logic.delegatecall(_data) (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#25)
Low level call in UpgradeabilityProxy.constructor(address,bytes) (contracts/open-zeppelin/UpgradeabilityProxy.sol#19-26):
- (success) = _logic.delegatecall(_data) (contracts/open-zeppelin/UpgradeabilityProxy.sol#23)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls
DoubleTransferHelper (contracts/utils/DoubleTransferHelper.sol#6-19) should inherit from VersionedInitializable (contracts/utils/VersionedInitializable.sol#18-44)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-inheritance
Variable ERC20._name (contracts/open-zeppelin/ERC20.sol#44) is not in mixedCase
Variable ERC20._symbol (contracts/open-zeppelin/ERC20.sol#45) is not in mixedCase
Parameter InitializableAdminUpgradeabilityProxy.initialize(address,address,bytes)._logic (contracts/open-zeppelin/InitializableAdminUpgradeabilityProxy.sol#22) is not in mixedCase
Parameter InitializableAdminUpgradeabilityProxy.initialize(address,address,bytes)._admin (contracts/open-zeppelin/InitializableAdminUpgradeabilityProxy.sol#22) is not in mixedCase
Parameter InitializableAdminUpgradeabilityProxy.initialize(address,address,bytes)._data (contracts/open-zeppelin/InitializableAdminUpgradeabilityProxy.sol#22) is not in mixedCase
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#20) is not in mixedCase
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._data (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#20) is not in mixedCase
Variable AaveToken._nonces (contracts/token/AaveToken.sol#34) is not in mixedCase
Variable AaveToken._snapshots (contracts/token/AaveToken.sol#36) is not in mixedCase
Variable AaveToken._countsSnapshots (contracts/token/AaveToken.sol#38) is not in mixedCase
Variable AaveToken._aaveGovernance (contracts/token/AaveToken.sol#43) is not in mixedCase
Variable AaveToken.DOMAIN_SEPARATOR (contracts/token/AaveToken.sol#45) is not in mixedCase
Variable LendToAaveMigrator.AAVE (contracts/token/LendToAaveMigrator.sol#17) is not in mixedCase
Variable LendToAaveMigrator.LEND (contracts/token/LendToAaveMigrator.sol#18) is not in mixedCase
Variable LendToAaveMigrator.LEND_AAVE_RATIO (contracts/token/LendToAaveMigrator.sol#19) is not in mixedCase
Variable LendToAaveMigrator._totalLendMigrated (contracts/token/LendToAaveMigrator.sol#22) is not in mixedCase
Variable DoubleTransferHelper.AAVE (contracts/utils/DoubleTransferHelper.sol#8) is not in mixedCase
Variable VersionedInitializable.______gap (contracts/utils/VersionedInitializable.sol#43) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
Redundant expression "this (contracts/open-zeppelin/Context.sol#21)" inContext (contracts/open-zeppelin/Context.sol#15-25)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#redundant-statements
VersionedInitializable.______gap (contracts/utils/VersionedInitializable.sol#43) is never used in AaveToken (contracts/token/AaveToken.sol#13-185)
VersionedInitializable.______gap (contracts/utils/VersionedInitializable.sol#43) is never used in LendToAaveMigrator (contracts/token/LendToAaveMigrator.sol#14-79)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unused-state-variable
0x7Fc66500c84A76Ad7e9c93437bFc5Ac33E2DDaE9 analyzed (19 contracts with 72 detectors), 59 result(s) found
Slither report for LendingPoolAddressesProvider at `0xB53C1a33016B2DC2fF3653530bfF1848a515c8c5`
Warning: contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:16:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract BaseImmutableAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableImmutableAdminUpgradeabilityProxy is
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
InitializableUpgradeabilityProxy.initialize(address,bytes) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20-28) uses delegatecall to a input-controlled function id
- (success) = _logic.delegatecall(_data) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#controlled-delegatecall
Reentrancy in LendingPoolAddressesProvider._updateImpl(bytes32,address) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#194-209):
External calls:
- proxy.initialize(newAddress,params) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#203)
State variables written after the call(s):
- _addresses[id] = address(proxy) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#204)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-1
BaseImmutableAdminUpgradeabilityProxy.constructor(address).admin (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#19) shadows:
- BaseImmutableAdminUpgradeabilityProxy.admin() (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#34-36) (function)
InitializableImmutableAdminUpgradeabilityProxy.constructor(address).admin (contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol#15) shadows:
- BaseImmutableAdminUpgradeabilityProxy.admin() (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#34-36) (function)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#local-variable-shadowing
InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) lacks a zero-check on :
- (success) = _logic.delegatecall(_data) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
BaseImmutableAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes).newImplementation (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#63) lacks a zero-check on :
- (success) = newImplementation.delegatecall(data) (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#69)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-zero-address-validation
Modifier BaseImmutableAdminUpgradeabilityProxy.ifAdmin() (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#23-29) does not always execute _; or revertReference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-modifier
Reentrancy in LendingPoolAddressesProvider._updateImpl(bytes32,address) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#194-209):
External calls:
- proxy.initialize(newAddress,params) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#203)
Event emitted after the call(s):
- ProxyCreated(id,address(proxy)) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#205)
Reentrancy in LendingPoolAddressesProvider.setAddressAsProxy(bytes32,address) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#60-67):
External calls:
- _updateImpl(id,implementationAddress) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#65)
- proxy.initialize(newAddress,params) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#203)
- proxy.upgradeToAndCall(newAddress,params) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#207)
Event emitted after the call(s):
- AddressSet(id,implementationAddress,true) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#66)
Reentrancy in LendingPoolAddressesProvider.setLendingPoolConfiguratorImpl(address) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#119-122):
External calls:
- _updateImpl(LENDING_POOL_CONFIGURATOR,configurator) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#120)
- proxy.initialize(newAddress,params) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#203)
- proxy.upgradeToAndCall(newAddress,params) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#207)
Event emitted after the call(s):
- LendingPoolConfiguratorUpdated(configurator) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#121)
Reentrancy in LendingPoolAddressesProvider.setLendingPoolImpl(address) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#101-104):
External calls:
- _updateImpl(LENDING_POOL,pool) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#102)
- proxy.initialize(newAddress,params) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#203)
- proxy.upgradeToAndCall(newAddress,params) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#207)
Event emitted after the call(s):
- LendingPoolUpdated(pool) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#103)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-3
Address.isContract(address) (contracts/dependencies/openzeppelin/contracts/Address.sol#25-36) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/contracts/Address.sol#32-34)
BaseUpgradeabilityProxy._implementation() (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#31-37) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#34-36)
BaseUpgradeabilityProxy._setImplementation(address) (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#52-64) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#61-63)
Proxy._delegate(address) (contracts/dependencies/openzeppelin/upgradeability/Proxy.sol#31-55) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/upgradeability/Proxy.sol#33-54)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage
Address.sendValue(address,uint256) (contracts/dependencies/openzeppelin/contracts/Address.sol#54-60) is never used and should be removed
Context._msgData() (contracts/dependencies/openzeppelin/contracts/Context.sol#19-22) is never used and should be removed
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dead-code
Low level call in Address.sendValue(address,uint256) (contracts/dependencies/openzeppelin/contracts/Address.sol#54-60):
- (success) = recipient.call{value: amount}() (contracts/dependencies/openzeppelin/contracts/Address.sol#58)
Low level call in InitializableUpgradeabilityProxy.initialize(address,bytes) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20-28):
- (success) = _logic.delegatecall(_data) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
Low level call in BaseImmutableAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes) (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#63-71):
- (success) = newImplementation.delegatecall(data) (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#69)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) is not in mixedCase
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._data (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) is not in mixedCase
Variable BaseImmutableAdminUpgradeabilityProxy.ADMIN (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#17) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
Redundant expression "this (contracts/dependencies/openzeppelin/contracts/Context.sol#20)" inContext (contracts/dependencies/openzeppelin/contracts/Context.sol#14-23)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#redundant-statements
0xB53C1a33016B2DC2fF3653530bfF1848a515c8c5 analyzed (10 contracts with 72 detectors), 24 result(s) found
Slither report for GovernanceStrategy at `0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e`
GovernanceStrategy.constructor(address,address).aave (crytic-export/etherscan-contracts/0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e-GovernanceStrategy.sol#78) lacks a zero-check on :
- AAVE = aave (crytic-export/etherscan-contracts/0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e-GovernanceStrategy.sol#79)
GovernanceStrategy.constructor(address,address).stkAave (crytic-export/etherscan-contracts/0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e-GovernanceStrategy.sol#78) lacks a zero-check on :
- STK_AAVE = stkAave (crytic-export/etherscan-contracts/0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e-GovernanceStrategy.sol#80)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-zero-address-validation
Variable GovernanceStrategy.AAVE (crytic-export/etherscan-contracts/0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e-GovernanceStrategy.sol#70) is not in mixedCase
Variable GovernanceStrategy.STK_AAVE (crytic-export/etherscan-contracts/0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e-GovernanceStrategy.sol#71) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e analyzed (4 contracts with 72 detectors), 4 result(s) found
Slither report for AaveTokenV2 (Aave Token) at `0xC13eac3B4F9EED480045113B7af00F7B5655Ece8`
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:453:18: Warning: This declaration shadows an existing declaration.
constructor (string memory name, string memory symbol) public {
^----------------^
crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:462:5: The shadowed declaration is here:
function name() public view returns (string memory) {
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:453:38: Warning: This declaration shadows an existing declaration.
constructor (string memory name, string memory symbol) public {
^------------------^
crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:470:5: The shadowed declaration is here:
function symbol() public view returns (string memory) {
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:35:3: Warning: Interface functions are implicitly "virtual"
function delegateByType(address delegatee, DelegationType delegationType) external virtual;
^-----------------------------------------------------------------------------------------^
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:40:3: Warning: Interface functions are implicitly "virtual"
function delegate(address delegatee) external virtual;
^----------------------------------------------------^
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:45:3: Warning: Interface functions are implicitly "virtual"
function getDelegateeByType(address delegator, DelegationType delegationType)
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:56:3: Warning: Interface functions are implicitly "virtual"
function getPowerCurrent(address user, DelegationType delegationType)
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:66:3: Warning: Interface functions are implicitly "virtual"
function getPowerAtBlock(
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:75:3: Warning: Interface functions are implicitly "virtual"
function totalSupplyAt(uint256 blockNumber) external virtual view returns (uint256);
^----------------------------------------------------------------------------------^
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:453:5: Warning: Visibility for constructor is ignored. If you want the contract to be non-deployable, making it "abstract" is sufficient.
constructor (string memory name, string memory symbol) public {
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:1161:3: Warning: Visibility for constructor is ignored. If you want the contract to be non-deployable, making it "abstract" is sufficient.
constructor() public ERC20(NAME, SYMBOL) {}
^-----------------------------------------^
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:913:26: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function totalSupplyAt(uint256 blockNumber) external override view returns (uint256) {
^-----------------^
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:1079:5: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
uint128 oldValue,
^--------------^
AaveTokenV2._votingSnapshots (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1136) is never initialized. It is used in:
- AaveTokenV2._getDelegationDataByType(IGovernancePowerDelegationToken.DelegationType) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1253-1272)
AaveTokenV2._votingSnapshotsCounts (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1138) is never initialized. It is used in:
- AaveTokenV2._getDelegationDataByType(IGovernancePowerDelegationToken.DelegationType) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1253-1272)
AaveTokenV2._aaveGovernance (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1143) is never initialized. It is used in:
- AaveTokenV2._beforeTokenTransfer(address,address,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1221-1251)
AaveTokenV2.DOMAIN_SEPARATOR (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1145) is never initialized. It is used in:
- AaveTokenV2.permit(address,address,uint256,uint256,uint8,bytes32,bytes32) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1179-1203)
- AaveTokenV2.delegateByTypeBySig(address,IGovernancePowerDelegationToken.DelegationType,uint256,uint256,uint8,bytes32,bytes32) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1284-1302)
- AaveTokenV2.delegateBySig(address,uint256,uint256,uint8,bytes32,bytes32) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1313-1329)
AaveTokenV2._propositionPowerSnapshots (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1156) is never initialized. It is used in:
- AaveTokenV2._getDelegationDataByType(IGovernancePowerDelegationToken.DelegationType) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1253-1272)
AaveTokenV2._propositionPowerSnapshotsCounts (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1157) is never initialized. It is used in:
- AaveTokenV2._getDelegationDataByType(IGovernancePowerDelegationToken.DelegationType) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1253-1272)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#uninitialized-state-variables
GovernancePowerDelegationERC20._searchByBlockNumber(mapping(address => mapping(uint256 => GovernancePowerDelegationERC20.Snapshot)),mapping(address => uint256),address,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1012-1050) uses a dangerous strict equality:
- snapshot.blockNumber == blockNumber (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1041)
GovernancePowerDelegationERC20._writeSnapshot(mapping(address => mapping(uint256 => GovernancePowerDelegationERC20.Snapshot)),mapping(address => uint256),address,uint128,uint128) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1075-1097) uses a dangerous strict equality:
- ownerSnapshotsCount != 0 && snapshotsOwner[ownerSnapshotsCount - 1].blockNumber == currentBlock (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1089-1090)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dangerous-strict-equalities
ERC20.constructor(string,string).name (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#453) shadows:
- ERC20.name() (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#462-464) (function)
ERC20.constructor(string,string).symbol (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#453) shadows:
- ERC20.symbol() (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#470-472) (function)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#local-variable-shadowing
AaveTokenV2.permit(address,address,uint256,uint256,uint8,bytes32,bytes32) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1179-1203) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(block.timestamp <= deadline,INVALID_EXPIRATION) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1190)
AaveTokenV2.delegateByTypeBySig(address,IGovernancePowerDelegationToken.DelegationType,uint256,uint256,uint8,bytes32,bytes32) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1284-1302) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(block.timestamp <= expiry,INVALID_EXPIRATION) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1300)
AaveTokenV2.delegateBySig(address,uint256,uint256,uint8,bytes32,bytes32) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1313-1329) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(block.timestamp <= expiry,INVALID_EXPIRATION) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1326)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#block-timestamp
Address.isContract(address) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#368-379) uses assembly
- INLINE ASM (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#375-377)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage
Address.isContract(address) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#368-379) is never used and should be removed
Address.sendValue(address,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#397-403) is never used and should be removed
Context._msgData() (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#94-97) is never used and should be removed
ERC20._beforeTokenTransfer(address,address,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#702) is never used and should be removed
ERC20._burn(address,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#646-654) is never used and should be removed
ERC20._mint(address,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#625-633) is never used and should be removed
ERC20._setupDecimals(uint8) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#684-686) is never used and should be removed
SafeERC20.callOptionalReturn(IERC20,bytes) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#757-769) is never used and should be removed
SafeERC20.safeApprove(IERC20,address,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#745-755) is never used and should be removed
SafeERC20.safeTransfer(IERC20,address,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#728-734) is never used and should be removed
SafeERC20.safeTransferFrom(IERC20,address,address,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#736-743) is never used and should be removed
SafeMath.div(uint256,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#280-282) is never used and should be removed
SafeMath.div(uint256,uint256,string) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#295-306) is never used and should be removed
SafeMath.mod(uint256,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#319-321) is never used and should be removed
SafeMath.mod(uint256,uint256,string) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#334-341) is never used and should be removed
SafeMath.mul(uint256,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#255-267) is never used and should be removed
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dead-code
Low level call in Address.sendValue(address,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#397-403):
- (success) = recipient.call{value: amount}() (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#401)
Low level call in SafeERC20.callOptionalReturn(IERC20,bytes) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#757-769):
- (success,returndata) = address(token).call(data) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#761)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls
Variable ERC20._name (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#440) is not in mixedCase
Variable ERC20._symbol (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#441) is not in mixedCase
Variable VersionedInitializable.______gap (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#809) is not in mixedCase
Variable AaveTokenV2._nonces (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1134) is not in mixedCase
Variable AaveTokenV2._votingSnapshots (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1136) is not in mixedCase
Variable AaveTokenV2._votingSnapshotsCounts (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1138) is not in mixedCase
Variable AaveTokenV2._aaveGovernance (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1143) is not in mixedCase
Variable AaveTokenV2.DOMAIN_SEPARATOR (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1145) is not in mixedCase
Variable AaveTokenV2._votingDelegates (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1154) is not in mixedCase
Variable AaveTokenV2._propositionPowerSnapshots (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1156) is not in mixedCase
Variable AaveTokenV2._propositionPowerSnapshotsCounts (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1157) is not in mixedCase
Variable AaveTokenV2._propositionPowerDelegates (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1159) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
Redundant expression "this (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#95)" inContext (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#89-98)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#redundant-statements
VersionedInitializable.______gap (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#809) is never used in AaveTokenV2 (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1124-1331)
AaveTokenV2.DECIMALS (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1129) is never used in AaveTokenV2 (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1124-1331)
AaveTokenV2.EIP712_DOMAIN (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1147-1149) is never used in AaveTokenV2 (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1124-1331)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unused-state-variable
0xC13eac3B4F9EED480045113B7af00F7B5655Ece8 analyzed (11 contracts with 72 detectors), 48 result(s) found
Slither report for LendingPool at `0xC6845a5C768BF8D7681249f8927877Efda425baf`
Warning: contracts/dependencies/openzeppelin/upgradeability/BaseAdminUpgradeabilityProxy.sol:14:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract BaseAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/dependencies/openzeppelin/upgradeability/AdminUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract AdminUpgradeabilityProxy is BaseAdminUpgradeabilityProxy, UpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/dependencies/openzeppelin/upgradeability/InitializableAdminUpgradeabilityProxy.sol:12:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableAdminUpgradeabilityProxy is
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:16:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract BaseImmutableAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableImmutableAdminUpgradeabilityProxy is
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
InitializableUpgradeabilityProxy.initialize(address,bytes) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20-28) uses delegatecall to a input-controlled function id
- (success) = _logic.delegatecall(_data) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#controlled-delegatecall
WETHGateway.withdrawETH(uint256,address) (contracts/misc/WETHGateway.sol#53-65) ignores return value by aWETH.transferFrom(msg.sender,address(this),amountToWithdraw) (contracts/misc/WETHGateway.sol#61)
WETHGateway.emergencyTokenTransfer(address,address,uint256) (contracts/misc/WETHGateway.sol#130-136) ignores return value by IERC20(token).transfer(to,amount) (contracts/misc/WETHGateway.sol#135)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unchecked-transfer
AToken.DOMAIN_SEPARATOR (contracts/protocol/tokenization/AToken.sol#37) is never initialized. It is used in:
- AToken.permit(address,address,uint256,uint256,uint8,bytes32,bytes32) (contracts/protocol/tokenization/AToken.sol#268-292)
LendingPoolStorage._addressesProvider (contracts/protocol/lendingpool/LendingPoolStorage.sol#15) is never initialized. It is used in:
- LendingPoolCollateralManager.liquidationCall(address,address,address,uint256,bool) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#81-245)
- LendingPoolCollateralManager._calculateAvailableCollateralToLiquidate(DataTypes.ReserveData,DataTypes.ReserveData,address,address,uint256,uint256) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#272-316)
LendingPoolStorage._usersConfig (contracts/protocol/lendingpool/LendingPoolStorage.sol#18) is never initialized. It is used in:
- LendingPoolCollateralManager.liquidationCall(address,address,address,uint256,bool) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#81-245)
LendingPoolStorage._reservesCount (contracts/protocol/lendingpool/LendingPoolStorage.sol#23) is never initialized. It is used in:
- LendingPoolCollateralManager.liquidationCall(address,address,address,uint256,bool) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#81-245)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#uninitialized-state-variables
LendingPool (contracts/protocol/lendingpool/LendingPool.sol#46-923) is an upgradeable contract that does not protect its initiliaze functions: LendingPool.initialize(ILendingPoolAddressesProvider) (contracts/protocol/lendingpool/LendingPool.sol#90-92). Anyone can delete the contract with: LendingPool.liquidationCall(address,address,address,uint256,bool) (contracts/protocol/lendingpool/LendingPool.sol#424-450)Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unprotected-upgradeable-contract
GenericLogic.calculateUserAccountData(address,mapping(address => DataTypes.ReserveData),DataTypes.UserConfigurationMap,mapping(uint256 => address),uint256,address) (contracts/protocol/libraries/logic/GenericLogic.sol#150-235) performs a multiplication on the result of a division:
-liquidityBalanceETH = vars.reserveUnitPrice.mul(vars.compoundedLiquidityBalance).div(vars.tokenUnit) (contracts/protocol/libraries/logic/GenericLogic.sol#191-192)
-vars.avgLtv = vars.avgLtv.add(liquidityBalanceETH.mul(vars.ltv)) (contracts/protocol/libraries/logic/GenericLogic.sol#196)
GenericLogic.calculateUserAccountData(address,mapping(address => DataTypes.ReserveData),DataTypes.UserConfigurationMap,mapping(uint256 => address),uint256,address) (contracts/protocol/libraries/logic/GenericLogic.sol#150-235) performs a multiplication on the result of a division:
-liquidityBalanceETH = vars.reserveUnitPrice.mul(vars.compoundedLiquidityBalance).div(vars.tokenUnit) (contracts/protocol/libraries/logic/GenericLogic.sol#191-192)
-vars.avgLiquidationThreshold = vars.avgLiquidationThreshold.add(liquidityBalanceETH.mul(vars.liquidationThreshold)) (contracts/protocol/libraries/logic/GenericLogic.sol#197-199)
MathUtils.calculateCompoundedInterest(uint256,uint40,uint256) (contracts/protocol/libraries/math/MathUtils.sol#45-70) performs a multiplication on the result of a division:
-ratePerSecond = rate / SECONDS_PER_YEAR (contracts/protocol/libraries/math/MathUtils.sol#61)
-WadRayMath.ray().add(ratePerSecond.mul(exp)).add(secondTerm).add(thirdTerm) (contracts/protocol/libraries/math/MathUtils.sol#69)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#divide-before-multiply
MathUtils.calculateCompoundedInterest(uint256,uint40,uint256) (contracts/protocol/libraries/math/MathUtils.sol#45-70) uses a dangerous strict equality:
- exp == 0 (contracts/protocol/libraries/math/MathUtils.sol#53)
GenericLogic.calculateHealthFactorFromBalances(uint256,uint256,uint256) (contracts/protocol/libraries/logic/GenericLogic.sol#244-252) uses a dangerous strict equality:
- totalDebtInETH == 0 (contracts/protocol/libraries/logic/GenericLogic.sol#249)
LendingPool.withdraw(address,uint256,address) (contracts/protocol/lendingpool/LendingPool.sol#143-185) uses a dangerous strict equality:
- amountToWithdraw == userBalance (contracts/protocol/lendingpool/LendingPool.sol#175)
LendingPoolCollateralManager.liquidationCall(address,address,address,uint256,bool) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#81-245) uses a dangerous strict equality:
- vars.liquidatorPreviousATokenBalance == 0 (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#197)
LendingPoolCollateralManager.liquidationCall(address,address,address,uint256,bool) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#81-245) uses a dangerous strict equality:
- vars.maxCollateralToLiquidate == vars.userCollateralBalance (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#222)
LendingPoolConfigurator._checkNoLiquidity(address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#552-561) uses a dangerous strict equality:
- require(bool,string)(availableLiquidity == 0 && reserveData.currentLiquidityRate == 0,Errors.LPC_RESERVE_LIQUIDITY_NOT_0) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#557-560)
GenericLogic.balanceDecreaseAllowed(address,address,uint256,mapping(address => DataTypes.ReserveData),DataTypes.UserConfigurationMap,mapping(uint256 => address),uint256,address) (contracts/protocol/libraries/logic/GenericLogic.sol#55-116) uses a dangerous strict equality:
- vars.liquidationThreshold == 0 (contracts/protocol/libraries/logic/GenericLogic.sol#75)
GenericLogic.balanceDecreaseAllowed(address,address,uint256,mapping(address => DataTypes.ReserveData),DataTypes.UserConfigurationMap,mapping(uint256 => address),uint256,address) (contracts/protocol/libraries/logic/GenericLogic.sol#55-116) uses a dangerous strict equality:
- vars.totalDebtInETH == 0 (contracts/protocol/libraries/logic/GenericLogic.sol#87)
GenericLogic.balanceDecreaseAllowed(address,address,uint256,mapping(address => DataTypes.ReserveData),DataTypes.UserConfigurationMap,mapping(uint256 => address),uint256,address) (contracts/protocol/libraries/logic/GenericLogic.sol#55-116) uses a dangerous strict equality:
- vars.collateralBalanceAfterDecrease == 0 (contracts/protocol/libraries/logic/GenericLogic.sol#98)
ReserveLogic.getNormalizedDebt(DataTypes.ReserveData) (contracts/protocol/libraries/logic/ReserveLogic.sol#85-104) uses a dangerous strict equality:
- timestamp == uint40(block.timestamp) (contracts/protocol/libraries/logic/ReserveLogic.sol#93)
ReserveLogic.getNormalizedIncome(DataTypes.ReserveData) (contracts/protocol/libraries/logic/ReserveLogic.sol#57-76) uses a dangerous strict equality:
- timestamp == uint40(block.timestamp) (contracts/protocol/libraries/logic/ReserveLogic.sol#65)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dangerous-strict-equalities
Reentrancy in LendingPoolAddressesProvider._updateImpl(bytes32,address) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#194-209):
External calls:
- proxy.initialize(newAddress,params) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#203)
State variables written after the call(s):
- _addresses[id] = address(proxy) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#204)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-1
GenericLogic.calculateUserAccountData(address,mapping(address => DataTypes.ReserveData),DataTypes.UserConfigurationMap,mapping(uint256 => address),uint256,address).vars (contracts/protocol/libraries/logic/GenericLogic.sol#168) is a local variable never initialized
DefaultReserveInterestRateStrategy.calculateInterestRates(address,uint256,uint256,uint256,uint256,uint256).vars (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#134) is a local variable never initialized
ReserveLogic.updateInterestRates(DataTypes.ReserveData,address,address,uint256,uint256).vars (contracts/protocol/libraries/logic/ReserveLogic.sol#205) is a local variable never initialized
StableDebtToken.mint(address,address,uint256,uint256).vars (contracts/protocol/tokenization/StableDebtToken.sol#107) is a local variable never initialized
LendingPoolCollateralManager.liquidationCall(address,address,address,uint256,bool).vars (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#92) is a local variable never initialized
LendingPoolCollateralManager._calculateAvailableCollateralToLiquidate(DataTypes.ReserveData,DataTypes.ReserveData,address,address,uint256,uint256).vars (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#284) is a local variable never initialized
GenericLogic.balanceDecreaseAllowed(address,address,uint256,mapping(address => DataTypes.ReserveData),DataTypes.UserConfigurationMap,mapping(uint256 => address),uint256,address).vars (contracts/protocol/libraries/logic/GenericLogic.sol#69) is a local variable never initialized
ValidationLogic.validateBorrow(address,DataTypes.ReserveData,address,uint256,uint256,uint256,uint256,mapping(address => DataTypes.ReserveData),DataTypes.UserConfigurationMap,mapping(uint256 => address),uint256,address).vars (contracts/protocol/libraries/logic/ValidationLogic.sol#134) is a local variable never initialized
ReserveLogic._mintToTreasury(DataTypes.ReserveData,uint256,uint256,uint256,uint256,uint40).vars (contracts/protocol/libraries/logic/ReserveLogic.sol#282) is a local variable never initialized
LendingPool.flashLoan(address,address[],uint256[],uint256[],address,bytes,uint16).vars (contracts/protocol/lendingpool/LendingPool.sol#490) is a local variable never initialized
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#uninitialized-local-variables
WETHGateway.constructor(address,address) (contracts/misc/WETHGateway.sol#29-35) ignores return value by IWETH(weth).approve(pool,uint256(- 1)) (contracts/misc/WETHGateway.sol#34)
WETHGateway.withdrawETH(uint256,address) (contracts/misc/WETHGateway.sol#53-65) ignores return value by POOL.withdraw(address(WETH),amountToWithdraw,address(this)) (contracts/misc/WETHGateway.sol#62)
WETHGateway.repayETH(uint256,uint256,address) (contracts/misc/WETHGateway.sol#73-95) ignores return value by POOL.repay(address(WETH),msg.value,rateMode,onBehalfOf) (contracts/misc/WETHGateway.sol#91)
MockFlashLoanReceiver.executeOperation(address[],uint256[],uint256[],address,bytes) (contracts/mocks/flashloan/MockFlashLoanReceiver.sol#46-84) ignores return value by token.mint(premiums[i]) (contracts/mocks/flashloan/MockFlashLoanReceiver.sol#76)
MockFlashLoanReceiver.executeOperation(address[],uint256[],uint256[],address,bytes) (contracts/mocks/flashloan/MockFlashLoanReceiver.sol#46-84) ignores return value by IERC20(assets[i]).approve(address(LENDING_POOL),amountToReturn) (contracts/mocks/flashloan/MockFlashLoanReceiver.sol#78)
LendingPool.swapBorrowRateMode(address,uint256) (contracts/protocol/lendingpool/LendingPool.sol#296-338) ignores return value by IVariableDebtToken(reserve.variableDebtTokenAddress).mint(msg.sender,msg.sender,stableDebt,reserve.variableBorrowIndex) (contracts/protocol/lendingpool/LendingPool.sol#315-320)
LendingPool.swapBorrowRateMode(address,uint256) (contracts/protocol/lendingpool/LendingPool.sol#296-338) ignores return value by IStableDebtToken(reserve.stableDebtTokenAddress).mint(msg.sender,msg.sender,variableDebt,reserve.currentStableBorrowRate) (contracts/protocol/lendingpool/LendingPool.sol#327-332)
LendingPool.rebalanceStableBorrowRate(address,address) (contracts/protocol/lendingpool/LendingPool.sol#349-379) ignores return value by IStableDebtToken(address(stableDebtToken)).mint(user,user,stableDebt,reserve.currentStableBorrowRate) (contracts/protocol/lendingpool/LendingPool.sol#369-374)
LendingPool.flashLoan(address,address[],uint256[],uint256[],address,bytes,uint16) (contracts/protocol/lendingpool/LendingPool.sol#481-562) ignores return value by IAToken(aTokenAddresses[vars.i]).transferUnderlyingTo(receiverAddress,amounts[vars.i]) (contracts/protocol/lendingpool/LendingPool.sol#504)
LendingPool._executeBorrow(LendingPool.ExecuteBorrowParams) (contracts/protocol/lendingpool/LendingPool.sol#832-907) ignores return value by IAToken(vars.aTokenAddress).transferUnderlyingTo(vars.user,vars.amount) (contracts/protocol/lendingpool/LendingPool.sol#893)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unused-return
ERC20.constructor(string,string).name (contracts/dependencies/openzeppelin/contracts/ERC20.sol#57) shadows:
- ERC20.name() (contracts/dependencies/openzeppelin/contracts/ERC20.sol#66-68) (function)
ERC20.constructor(string,string).symbol (contracts/dependencies/openzeppelin/contracts/ERC20.sol#57) shadows:
- ERC20.symbol() (contracts/dependencies/openzeppelin/contracts/ERC20.sol#74-76) (function)
AdminUpgradeabilityProxy.constructor(address,address,bytes)._admin (contracts/dependencies/openzeppelin/upgradeability/AdminUpgradeabilityProxy.sol#23) shadows:
- BaseAdminUpgradeabilityProxy._admin() (contracts/dependencies/openzeppelin/upgradeability/BaseAdminUpgradeabilityProxy.sol#98-104) (function)
InitializableAdminUpgradeabilityProxy.initialize(address,address,bytes).admin (contracts/dependencies/openzeppelin/upgradeability/InitializableAdminUpgradeabilityProxy.sol#27) shadows:
- BaseAdminUpgradeabilityProxy.admin() (contracts/dependencies/openzeppelin/upgradeability/BaseAdminUpgradeabilityProxy.sol#45-47) (function)
MockFlashLoanReceiver.setAmountToApprove(uint256).amountToApprove (contracts/mocks/flashloan/MockFlashLoanReceiver.sol#30) shadows:
- MockFlashLoanReceiver.amountToApprove() (contracts/mocks/flashloan/MockFlashLoanReceiver.sol#38-40) (function)
MintableDelegationERC20.constructor(string,string,uint8).name (contracts/mocks/tokens/MintableDelegationERC20.sol#14) shadows:
- ERC20.name() (contracts/dependencies/openzeppelin/contracts/ERC20.sol#66-68) (function)
MintableDelegationERC20.constructor(string,string,uint8).symbol (contracts/mocks/tokens/MintableDelegationERC20.sol#15) shadows:
- ERC20.symbol() (contracts/dependencies/openzeppelin/contracts/ERC20.sol#74-76) (function)
MintableDelegationERC20.constructor(string,string,uint8).decimals (contracts/mocks/tokens/MintableDelegationERC20.sol#16) shadows:
- ERC20.decimals() (contracts/dependencies/openzeppelin/contracts/ERC20.sol#91-93) (function)
MintableERC20.constructor(string,string,uint8).name (contracts/mocks/tokens/MintableERC20.sol#12) shadows:
- ERC20.name() (contracts/dependencies/openzeppelin/contracts/ERC20.sol#66-68) (function)
MintableERC20.constructor(string,string,uint8).symbol (contracts/mocks/tokens/MintableERC20.sol#13) shadows:
- ERC20.symbol() (contracts/dependencies/openzeppelin/contracts/ERC20.sol#74-76) (function)
MintableERC20.constructor(string,string,uint8).decimals (contracts/mocks/tokens/MintableERC20.sol#14) shadows:
- ERC20.decimals() (contracts/dependencies/openzeppelin/contracts/ERC20.sol#91-93) (function)
DefaultReserveInterestRateStrategy.constructor(ILendingPoolAddressesProvider,uint256,uint256,uint256,uint256,uint256,uint256).baseVariableBorrowRate (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#59) shadows:
- DefaultReserveInterestRateStrategy.baseVariableBorrowRate() (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#91-93) (function)
- IReserveInterestRateStrategy.baseVariableBorrowRate() (contracts/interfaces/IReserveInterestRateStrategy.sol#10) (function)
DefaultReserveInterestRateStrategy.constructor(ILendingPoolAddressesProvider,uint256,uint256,uint256,uint256,uint256,uint256).variableRateSlope1 (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#60) shadows:
- DefaultReserveInterestRateStrategy.variableRateSlope1() (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#75-77) (function)
DefaultReserveInterestRateStrategy.constructor(ILendingPoolAddressesProvider,uint256,uint256,uint256,uint256,uint256,uint256).variableRateSlope2 (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#61) shadows:
- DefaultReserveInterestRateStrategy.variableRateSlope2() (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#79-81) (function)
DefaultReserveInterestRateStrategy.constructor(ILendingPoolAddressesProvider,uint256,uint256,uint256,uint256,uint256,uint256).stableRateSlope1 (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#62) shadows:
- DefaultReserveInterestRateStrategy.stableRateSlope1() (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#83-85) (function)
DefaultReserveInterestRateStrategy.constructor(ILendingPoolAddressesProvider,uint256,uint256,uint256,uint256,uint256,uint256).stableRateSlope2 (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#63) shadows:
- DefaultReserveInterestRateStrategy.stableRateSlope2() (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#87-89) (function)
BaseImmutableAdminUpgradeabilityProxy.constructor(address).admin (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#19) shadows:
- BaseImmutableAdminUpgradeabilityProxy.admin() (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#34-36) (function)
InitializableImmutableAdminUpgradeabilityProxy.constructor(address).admin (contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol#15) shadows:
- BaseImmutableAdminUpgradeabilityProxy.admin() (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#34-36) (function)
IncentivizedERC20.constructor(string,string,uint8,address).name (contracts/protocol/tokenization/IncentivizedERC20.sol#29) shadows:
- IncentivizedERC20.name() (contracts/protocol/tokenization/IncentivizedERC20.sol#43-45) (function)
- IERC20Detailed.name() (contracts/dependencies/openzeppelin/contracts/IERC20Detailed.sol#7) (function)
IncentivizedERC20.constructor(string,string,uint8,address).symbol (contracts/protocol/tokenization/IncentivizedERC20.sol#30) shadows:
- IncentivizedERC20.symbol() (contracts/protocol/tokenization/IncentivizedERC20.sol#50-52) (function)
- IERC20Detailed.symbol() (contracts/dependencies/openzeppelin/contracts/IERC20Detailed.sol#9) (function)
IncentivizedERC20.constructor(string,string,uint8,address).decimals (contracts/protocol/tokenization/IncentivizedERC20.sol#31) shadows:
- IncentivizedERC20.decimals() (contracts/protocol/tokenization/IncentivizedERC20.sol#57-59) (function)
- IERC20Detailed.decimals() (contracts/dependencies/openzeppelin/contracts/IERC20Detailed.sol#11) (function)
StableDebtToken.constructor(address,address,string,string,address).name (contracts/protocol/tokenization/StableDebtToken.sol#29) shadows:
- IncentivizedERC20.name() (contracts/protocol/tokenization/IncentivizedERC20.sol#43-45) (function)
- IERC20Detailed.name() (contracts/dependencies/openzeppelin/contracts/IERC20Detailed.sol#7) (function)
StableDebtToken.constructor(address,address,string,string,address).symbol (contracts/protocol/tokenization/StableDebtToken.sol#30) shadows:
- IncentivizedERC20.symbol() (contracts/protocol/tokenization/IncentivizedERC20.sol#50-52) (function)
- IERC20Detailed.symbol() (contracts/dependencies/openzeppelin/contracts/IERC20Detailed.sol#9) (function)
VariableDebtToken.constructor(address,address,string,string,address).name (contracts/protocol/tokenization/VariableDebtToken.sol#23) shadows:
- IncentivizedERC20.name() (contracts/protocol/tokenization/IncentivizedERC20.sol#43-45) (function)
- IERC20Detailed.name() (contracts/dependencies/openzeppelin/contracts/IERC20Detailed.sol#7) (function)
VariableDebtToken.constructor(address,address,string,string,address).symbol (contracts/protocol/tokenization/VariableDebtToken.sol#24) shadows:
- IncentivizedERC20.symbol() (contracts/protocol/tokenization/IncentivizedERC20.sol#50-52) (function)
- IERC20Detailed.symbol() (contracts/dependencies/openzeppelin/contracts/IERC20Detailed.sol#9) (function)
DebtTokenBase.constructor(address,address,string,string,address).name (contracts/protocol/tokenization/base/DebtTokenBase.sol#43) shadows:
- IncentivizedERC20.name() (contracts/protocol/tokenization/IncentivizedERC20.sol#43-45) (function)
- IERC20Detailed.name() (contracts/dependencies/openzeppelin/contracts/IERC20Detailed.sol#7) (function)
DebtTokenBase.constructor(address,address,string,string,address).symbol (contracts/protocol/tokenization/base/DebtTokenBase.sol#44) shadows:
- IncentivizedERC20.symbol() (contracts/protocol/tokenization/IncentivizedERC20.sol#50-52) (function)
- IERC20Detailed.symbol() (contracts/dependencies/openzeppelin/contracts/IERC20Detailed.sol#9) (function)
DebtTokenBase.initialize(uint8,string,string).decimals (contracts/protocol/tokenization/base/DebtTokenBase.sol#58) shadows:
- IncentivizedERC20.decimals() (contracts/protocol/tokenization/IncentivizedERC20.sol#57-59) (function)
- IERC20Detailed.decimals() (contracts/dependencies/openzeppelin/contracts/IERC20Detailed.sol#11) (function)
DebtTokenBase.initialize(uint8,string,string).name (contracts/protocol/tokenization/base/DebtTokenBase.sol#59) shadows:
- IncentivizedERC20.name() (contracts/protocol/tokenization/IncentivizedERC20.sol#43-45) (function)
- IERC20Detailed.name() (contracts/dependencies/openzeppelin/contracts/IERC20Detailed.sol#7) (function)
DebtTokenBase.initialize(uint8,string,string).symbol (contracts/protocol/tokenization/base/DebtTokenBase.sol#60) shadows:
- IncentivizedERC20.symbol() (contracts/protocol/tokenization/IncentivizedERC20.sol#50-52) (function)
- IERC20Detailed.symbol() (contracts/dependencies/openzeppelin/contracts/IERC20Detailed.sol#9) (function)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#local-variable-shadowing
UpgradeabilityProxy.constructor(address,bytes)._logic (contracts/dependencies/openzeppelin/upgradeability/UpgradeabilityProxy.sol#20) lacks a zero-check on :
- (success) = _logic.delegatecall(_data) (contracts/dependencies/openzeppelin/upgradeability/UpgradeabilityProxy.sol#24)
BaseAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes).newImplementation (contracts/dependencies/openzeppelin/upgradeability/BaseAdminUpgradeabilityProxy.sol#85) lacks a zero-check on :
- (success) = newImplementation.delegatecall(data) (contracts/dependencies/openzeppelin/upgradeability/BaseAdminUpgradeabilityProxy.sol#91)
InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) lacks a zero-check on :
- (success) = _logic.delegatecall(_data) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
ATokensAndRatesHelper.constructor(address,address,address)._pool (contracts/deployments/ATokensAndRatesHelper.sol#24) lacks a zero-check on :
- pool = _pool (contracts/deployments/ATokensAndRatesHelper.sol#28)
ATokensAndRatesHelper.constructor(address,address,address)._addressesProvider (contracts/deployments/ATokensAndRatesHelper.sol#25) lacks a zero-check on :
- addressesProvider = _addressesProvider (contracts/deployments/ATokensAndRatesHelper.sol#29)
ATokensAndRatesHelper.constructor(address,address,address)._poolConfigurator (contracts/deployments/ATokensAndRatesHelper.sol#26) lacks a zero-check on :
- poolConfigurator = _poolConfigurator (contracts/deployments/ATokensAndRatesHelper.sol#30)
StableAndVariableTokensHelper.constructor(address,address)._pool (contracts/deployments/StableAndVariableTokensHelper.sol#16) lacks a zero-check on :
- pool = _pool (contracts/deployments/StableAndVariableTokensHelper.sol#17)
StableAndVariableTokensHelper.constructor(address,address)._addressesProvider (contracts/deployments/StableAndVariableTokensHelper.sol#16) lacks a zero-check on :
- addressesProvider = _addressesProvider (contracts/deployments/StableAndVariableTokensHelper.sol#18)
AaveOracle.constructor(address[],address[],address,address).weth (contracts/misc/AaveOracle.sol#38) lacks a zero-check on :
- WETH = weth (contracts/misc/AaveOracle.sol#42)
MintableDelegationERC20.delegate(address).delegateeAddress (contracts/mocks/tokens/MintableDelegationERC20.sol#31) lacks a zero-check on :
- delegatee = delegateeAddress (contracts/mocks/tokens/MintableDelegationERC20.sol#32)
AToken.constructor(ILendingPool,address,address,string,string,address).underlyingAssetAddress (contracts/protocol/tokenization/AToken.sol#46) lacks a zero-check on :
- UNDERLYING_ASSET_ADDRESS = underlyingAssetAddress (contracts/protocol/tokenization/AToken.sol#53)
AToken.constructor(ILendingPool,address,address,string,string,address).reserveTreasuryAddress (contracts/protocol/tokenization/AToken.sol#47) lacks a zero-check on :
- RESERVE_TREASURY_ADDRESS = reserveTreasuryAddress (contracts/protocol/tokenization/AToken.sol#54)
LendingPool.liquidationCall(address,address,address,uint256,bool).debtAsset (contracts/protocol/lendingpool/LendingPool.sol#426) lacks a zero-check on :
- (success,result) = collateralManager.delegatecall(abi.encodeWithSignature(liquidationCall(address,address,address,uint256,bool),collateralAsset,debtAsset,user,debtToCover,receiveAToken)) (contracts/protocol/lendingpool/LendingPool.sol#434-444)
LendingPool.liquidationCall(address,address,address,uint256,bool).user (contracts/protocol/lendingpool/LendingPool.sol#427) lacks a zero-check on :
- (success,result) = collateralManager.delegatecall(abi.encodeWithSignature(liquidationCall(address,address,address,uint256,bool),collateralAsset,debtAsset,user,debtToCover,receiveAToken)) (contracts/protocol/lendingpool/LendingPool.sol#434-444)
LendingPool.liquidationCall(address,address,address,uint256,bool).collateralAsset (contracts/protocol/lendingpool/LendingPool.sol#425) lacks a zero-check on :
- (success,result) = collateralManager.delegatecall(abi.encodeWithSignature(liquidationCall(address,address,address,uint256,bool),collateralAsset,debtAsset,user,debtToCover,receiveAToken)) (contracts/protocol/lendingpool/LendingPool.sol#434-444)
BaseImmutableAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes).newImplementation (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#63) lacks a zero-check on :
- (success) = newImplementation.delegatecall(data) (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#69)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-zero-address-validation
Modifier BaseAdminUpgradeabilityProxy.ifAdmin() (contracts/dependencies/openzeppelin/upgradeability/BaseAdminUpgradeabilityProxy.sol#34-40) does not always execute _; or revertModifier BaseImmutableAdminUpgradeabilityProxy.ifAdmin() (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#23-29) does not always execute _; or revertReference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-modifier
ATokensAndRatesHelper.initReserve(address[],address[],address[],address[],uint8[]) (contracts/deployments/ATokensAndRatesHelper.sol#69-90) has external calls inside a loop: LendingPoolConfigurator(poolConfigurator).initReserve(aTokens[i],stables[i],variables[i],reserveDecimals[i],strategies[i]) (contracts/deployments/ATokensAndRatesHelper.sol#82-88)
ATokensAndRatesHelper.configureReserves(address[],uint256[],uint256[],uint256[],uint256[],bool[]) (contracts/deployments/ATokensAndRatesHelper.sol#92-121) has external calls inside a loop: configurator.configureReserveAsCollateral(assets[i],baseLTVs[i],liquidationThresholds[i],liquidationBonuses[i]) (contracts/deployments/ATokensAndRatesHelper.sol#108-113)
ATokensAndRatesHelper.configureReserves(address[],uint256[],uint256[],uint256[],uint256[],bool[]) (contracts/deployments/ATokensAndRatesHelper.sol#92-121) has external calls inside a loop: configurator.enableBorrowingOnReserve(assets[i],stableBorrowingEnabled[i]) (contracts/deployments/ATokensAndRatesHelper.sol#115-118)
ATokensAndRatesHelper.configureReserves(address[],uint256[],uint256[],uint256[],uint256[],bool[]) (contracts/deployments/ATokensAndRatesHelper.sol#92-121) has external calls inside a loop: configurator.setReserveFactor(assets[i],reserveFactors[i]) (contracts/deployments/ATokensAndRatesHelper.sol#119)
StableAndVariableTokensHelper.setOracleBorrowRates(address[],uint256[],address) (contracts/deployments/StableAndVariableTokensHelper.sol#52-63) has external calls inside a loop: LendingRateOracle(oracle).setMarketBorrowRate(assets[i],rates[i]) (contracts/deployments/StableAndVariableTokensHelper.sol#61)
AaveOracle.getAssetPrice(address) (contracts/misc/AaveOracle.sol#83-98) has external calls inside a loop: _fallbackOracle.getAssetPrice(asset) (contracts/misc/AaveOracle.sol#89)
AaveOracle.getAssetPrice(address) (contracts/misc/AaveOracle.sol#83-98) has external calls inside a loop: price = IChainlinkAggregator(source).latestAnswer() (contracts/misc/AaveOracle.sol#91)
AaveOracle.getAssetPrice(address) (contracts/misc/AaveOracle.sol#83-98) has external calls inside a loop: _fallbackOracle.getAssetPrice(asset) (contracts/misc/AaveOracle.sol#95)
AaveProtocolDataProvider.getAllReservesTokens() (contracts/misc/AaveProtocolDataProvider.sol#32-51) has external calls inside a loop: reservesTokens[i] = TokenData(IERC20Detailed(reserves[i]).symbol(),reserves[i]) (contracts/misc/AaveProtocolDataProvider.sol#45-48)
AaveProtocolDataProvider.getAllATokens() (contracts/misc/AaveProtocolDataProvider.sol#53-65) has external calls inside a loop: reserveData = pool.getReserveData(reserves[i]) (contracts/misc/AaveProtocolDataProvider.sol#58)
AaveProtocolDataProvider.getAllATokens() (contracts/misc/AaveProtocolDataProvider.sol#53-65) has external calls inside a loop: aTokens[i] = TokenData(IERC20Detailed(reserveData.aTokenAddress).symbol(),reserveData.aTokenAddress) (contracts/misc/AaveProtocolDataProvider.sol#59-62)
UiPoolDataProvider.getReservesData(ILendingPoolAddressesProvider,address) (contracts/misc/UiPoolDataProvider.sol#46-159) has external calls inside a loop: baseData = lendingPool.getReserveData(reserveData.underlyingAsset) (contracts/misc/UiPoolDataProvider.sol#70-71)
UiPoolDataProvider.getReservesData(ILendingPoolAddressesProvider,address) (contracts/misc/UiPoolDataProvider.sol#46-159) has external calls inside a loop: reserveData.priceInEth = oracle.getAssetPrice(reserveData.underlyingAsset) (contracts/misc/UiPoolDataProvider.sol#82)
UiPoolDataProvider.getReservesData(ILendingPoolAddressesProvider,address) (contracts/misc/UiPoolDataProvider.sol#46-159) has external calls inside a loop: reserveData.availableLiquidity = IERC20Detailed(reserveData.underlyingAsset).balanceOf(reserveData.aTokenAddress) (contracts/misc/UiPoolDataProvider.sol#84-86)
UiPoolDataProvider.getReservesData(ILendingPoolAddressesProvider,address) (contracts/misc/UiPoolDataProvider.sol#46-159) has external calls inside a loop: (reserveData.totalPrincipalStableDebt,None,reserveData.averageStableRate,reserveData.stableDebtLastUpdateTimestamp) = IStableDebtToken(reserveData.stableDebtTokenAddress).getSupplyData() (contracts/misc/UiPoolDataProvider.sol#87-92)
UiPoolDataProvider.getReservesData(ILendingPoolAddressesProvider,address) (contracts/misc/UiPoolDataProvider.sol#46-159) has external calls inside a loop: reserveData.totalScaledVariableDebt = IVariableDebtToken(reserveData.variableDebtTokenAddress).scaledTotalSupply() (contracts/misc/UiPoolDataProvider.sol#93-94)
UiPoolDataProvider.getReservesData(ILendingPoolAddressesProvider,address) (contracts/misc/UiPoolDataProvider.sol#46-159) has external calls inside a loop: reserveData.symbol = IERC20Detailed(reserveData.aTokenAddress).symbol() (contracts/misc/UiPoolDataProvider.sol#99)
UiPoolDataProvider.getInterestRateStrategySlopes(DefaultReserveInterestRateStrategy) (contracts/misc/UiPoolDataProvider.sol#28-44) has external calls inside a loop: (interestRateStrategy.variableRateSlope1(),interestRateStrategy.variableRateSlope2(),interestRateStrategy.stableRateSlope1(),interestRateStrategy.stableRateSlope2()) (contracts/misc/UiPoolDataProvider.sol#38-43)
UiPoolDataProvider.getReservesData(ILendingPoolAddressesProvider,address) (contracts/misc/UiPoolDataProvider.sol#46-159) has external calls inside a loop: userReservesData[i].scaledATokenBalance = IAToken(reserveData.aTokenAddress).scaledBalanceOf(user) (contracts/misc/UiPoolDataProvider.sol#128-129)
UiPoolDataProvider.getReservesData(ILendingPoolAddressesProvider,address) (contracts/misc/UiPoolDataProvider.sol#46-159) has external calls inside a loop: userReservesData[i].scaledVariableDebt = IVariableDebtToken(reserveData.variableDebtTokenAddress).scaledBalanceOf(user) (contracts/misc/UiPoolDataProvider.sol#133-137)
UiPoolDataProvider.getReservesData(ILendingPoolAddressesProvider,address) (contracts/misc/UiPoolDataProvider.sol#46-159) has external calls inside a loop: userReservesData[i].principalStableDebt = IStableDebtToken(reserveData.stableDebtTokenAddress).principalBalanceOf(user) (contracts/misc/UiPoolDataProvider.sol#138-142)
UiPoolDataProvider.getReservesData(ILendingPoolAddressesProvider,address) (contracts/misc/UiPoolDataProvider.sol#46-159) has external calls inside a loop: userReservesData[i].stableBorrowRate = IStableDebtToken(reserveData.stableDebtTokenAddress).getUserStableRate(user) (contracts/misc/UiPoolDataProvider.sol#144-148)
UiPoolDataProvider.getReservesData(ILendingPoolAddressesProvider,address) (contracts/misc/UiPoolDataProvider.sol#46-159) has external calls inside a loop: userReservesData[i].stableBorrowLastUpdateTimestamp = IStableDebtToken(reserveData.stableDebtTokenAddress).getUserLastUpdated(user) (contracts/misc/UiPoolDataProvider.sol#149-153)
WalletBalanceProvider.balanceOf(address,address) (contracts/misc/WalletBalanceProvider.sol#44-52) has external calls inside a loop: IERC20(token).balanceOf(user) (contracts/misc/WalletBalanceProvider.sol#49)
WalletBalanceProvider.getUserWalletBalances(address,address) (contracts/misc/WalletBalanceProvider.sol#79-109) has external calls inside a loop: configuration = pool.getConfiguration(reservesWithEth[j]) (contracts/misc/WalletBalanceProvider.sol#96)
MockFlashLoanReceiver.executeOperation(address[],uint256[],uint256[],address,bytes) (contracts/mocks/flashloan/MockFlashLoanReceiver.sol#46-84) has external calls inside a loop: require(bool,string)(amounts[i] <= IERC20(assets[i]).balanceOf(address(this)),Invalid balance for the contract) (contracts/mocks/flashloan/MockFlashLoanReceiver.sol#66-69)
MockFlashLoanReceiver.executeOperation(address[],uint256[],uint256[],address,bytes) (contracts/mocks/flashloan/MockFlashLoanReceiver.sol#46-84) has external calls inside a loop: token.mint(premiums[i]) (contracts/mocks/flashloan/MockFlashLoanReceiver.sol#76)
MockFlashLoanReceiver.executeOperation(address[],uint256[],uint256[],address,bytes) (contracts/mocks/flashloan/MockFlashLoanReceiver.sol#46-84) has external calls inside a loop: IERC20(assets[i]).approve(address(LENDING_POOL),amountToReturn) (contracts/mocks/flashloan/MockFlashLoanReceiver.sol#78)
LendingPool.flashLoan(address,address[],uint256[],uint256[],address,bytes,uint16) (contracts/protocol/lendingpool/LendingPool.sol#481-562) has external calls inside a loop: IAToken(aTokenAddresses[vars.i]).transferUnderlyingTo(receiverAddress,amounts[vars.i]) (contracts/protocol/lendingpool/LendingPool.sol#504)
LendingPool.flashLoan(address,address[],uint256[],uint256[],address,bytes,uint16) (contracts/protocol/lendingpool/LendingPool.sol#481-562) has external calls inside a loop: _reserves[vars.currentAsset].cumulateToLiquidityIndex(IERC20(vars.currentATokenAddress).totalSupply(),vars.currentPremium) (contracts/protocol/lendingpool/LendingPool.sol#521-524)
LendingPool._executeBorrow(LendingPool.ExecuteBorrowParams) (contracts/protocol/lendingpool/LendingPool.sol#832-907) has external calls inside a loop: oracle = _addressesProvider.getPriceOracle() (contracts/protocol/lendingpool/LendingPool.sol#836)
LendingPool._executeBorrow(LendingPool.ExecuteBorrowParams) (contracts/protocol/lendingpool/LendingPool.sol#832-907) has external calls inside a loop: amountInETH = IPriceOracleGetter(oracle).getAssetPrice(vars.asset).mul(vars.amount).div(10 ** reserve.configuration.getDecimals()) (contracts/protocol/lendingpool/LendingPool.sol#838-841)
LendingPool._executeBorrow(LendingPool.ExecuteBorrowParams) (contracts/protocol/lendingpool/LendingPool.sol#832-907) has external calls inside a loop: isFirstBorrowing = IStableDebtToken(reserve.stableDebtTokenAddress).mint(vars.user,vars.onBehalfOf,vars.amount,currentStableRate) (contracts/protocol/lendingpool/LendingPool.sol#866-871)
LendingPool._executeBorrow(LendingPool.ExecuteBorrowParams) (contracts/protocol/lendingpool/LendingPool.sol#832-907) has external calls inside a loop: IAToken(vars.aTokenAddress).transferUnderlyingTo(vars.user,vars.amount) (contracts/protocol/lendingpool/LendingPool.sol#893)
LendingPool._executeBorrow(LendingPool.ExecuteBorrowParams) (contracts/protocol/lendingpool/LendingPool.sol#832-907) has external calls inside a loop: isFirstBorrowing = IVariableDebtToken(reserve.variableDebtTokenAddress).mint(vars.user,vars.onBehalfOf,vars.amount,reserve.variableBorrowIndex) (contracts/protocol/lendingpool/LendingPool.sol#873-878)
ReserveLogic.updateInterestRates(DataTypes.ReserveData,address,address,uint256,uint256) (contracts/protocol/libraries/logic/ReserveLogic.sol#198-249) has external calls inside a loop: (vars.totalStableDebt,vars.avgStableRate) = IStableDebtToken(vars.stableDebtTokenAddress).getTotalSupplyAndAvgRate() (contracts/protocol/libraries/logic/ReserveLogic.sol#209-210)
ReserveLogic.updateInterestRates(DataTypes.ReserveData,address,address,uint256,uint256) (contracts/protocol/libraries/logic/ReserveLogic.sol#198-249) has external calls inside a loop: vars.totalVariableDebt = IVariableDebtToken(reserve.variableDebtTokenAddress).scaledTotalSupply().rayMul(reserve.variableBorrowIndex) (contracts/protocol/libraries/logic/ReserveLogic.sol#215-217)
ReserveLogic.updateInterestRates(DataTypes.ReserveData,address,address,uint256,uint256) (contracts/protocol/libraries/logic/ReserveLogic.sol#198-249) has external calls inside a loop: vars.availableLiquidity = IERC20(reserveAddress).balanceOf(aTokenAddress) (contracts/protocol/libraries/logic/ReserveLogic.sol#219)
GenericLogic.calculateUserAccountData(address,mapping(address => DataTypes.ReserveData),DataTypes.UserConfigurationMap,mapping(uint256 => address),uint256,address) (contracts/protocol/libraries/logic/GenericLogic.sol#150-235) has external calls inside a loop: vars.reserveUnitPrice = IPriceOracleGetter(oracle).getAssetPrice(vars.currentReserveAddress) (contracts/protocol/libraries/logic/GenericLogic.sol#186)
ReserveLogic.updateInterestRates(DataTypes.ReserveData,address,address,uint256,uint256) (contracts/protocol/libraries/logic/ReserveLogic.sol#198-249) has external calls inside a loop: (vars.newLiquidityRate,vars.newStableRate,vars.newVariableRate) = IReserveInterestRateStrategy(reserve.interestRateStrategyAddress).calculateInterestRates(reserveAddress,vars.availableLiquidity.add(liquidityAdded).sub(liquidityTaken),vars.totalStableDebt,vars.totalVariableDebt,vars.avgStableRate,reserve.configuration.getReserveFactor()) (contracts/protocol/libraries/logic/ReserveLogic.sol#221-232)
GenericLogic.calculateUserAccountData(address,mapping(address => DataTypes.ReserveData),DataTypes.UserConfigurationMap,mapping(uint256 => address),uint256,address) (contracts/protocol/libraries/logic/GenericLogic.sol#150-235) has external calls inside a loop: vars.compoundedLiquidityBalance = IERC20(currentReserve.aTokenAddress).balanceOf(user) (contracts/protocol/libraries/logic/GenericLogic.sol#189)
ReserveLogic.updateState(DataTypes.ReserveData) (contracts/protocol/libraries/logic/ReserveLogic.sol#110-134) has external calls inside a loop: scaledVariableDebt = IVariableDebtToken(reserve.variableDebtTokenAddress).scaledTotalSupply() (contracts/protocol/libraries/logic/ReserveLogic.sol#111-112)
ReserveLogic._mintToTreasury(DataTypes.ReserveData,uint256,uint256,uint256,uint256,uint40) (contracts/protocol/libraries/logic/ReserveLogic.sol#274-325) has external calls inside a loop: (vars.principalStableDebt,vars.currentStableDebt,vars.avgStableRate,vars.stableSupplyUpdatedTimestamp) = IStableDebtToken(reserve.stableDebtTokenAddress).getSupplyData() (contracts/protocol/libraries/logic/ReserveLogic.sol#291-296)
ReserveLogic._mintToTreasury(DataTypes.ReserveData,uint256,uint256,uint256,uint256,uint40) (contracts/protocol/libraries/logic/ReserveLogic.sol#274-325) has external calls inside a loop: IAToken(reserve.aTokenAddress).mintToTreasury(vars.amountToMint,newLiquidityIndex) (contracts/protocol/libraries/logic/ReserveLogic.sol#323)
GenericLogic.calculateUserAccountData(address,mapping(address => DataTypes.ReserveData),DataTypes.UserConfigurationMap,mapping(uint256 => address),uint256,address) (contracts/protocol/libraries/logic/GenericLogic.sol#150-235) has external calls inside a loop: vars.compoundedBorrowBalance = IERC20(currentReserve.stableDebtTokenAddress).balanceOf(user) (contracts/protocol/libraries/logic/GenericLogic.sol#203-205)
GenericLogic.calculateUserAccountData(address,mapping(address => DataTypes.ReserveData),DataTypes.UserConfigurationMap,mapping(uint256 => address),uint256,address) (contracts/protocol/libraries/logic/GenericLogic.sol#150-235) has external calls inside a loop: vars.compoundedBorrowBalance = vars.compoundedBorrowBalance.add(IERC20(currentReserve.variableDebtTokenAddress).balanceOf(user)) (contracts/protocol/libraries/logic/GenericLogic.sol#206-208)
ValidationLogic.validateBorrow(address,DataTypes.ReserveData,address,uint256,uint256,uint256,uint256,mapping(address => DataTypes.ReserveData),DataTypes.UserConfigurationMap,mapping(uint256 => address),uint256,address) (contracts/protocol/libraries/logic/ValidationLogic.sol#120-213) has external calls inside a loop: require(bool,string)(! userConfig.isUsingAsCollateral(reserve.id) || reserve.configuration.getLtv() == 0 || amount > IERC20(reserve.aTokenAddress).balanceOf(userAddress),Errors.VL_COLLATERAL_SAME_AS_BORROWING_CURRENCY) (contracts/protocol/libraries/logic/ValidationLogic.sol#198-203)
ValidationLogic.validateBorrow(address,DataTypes.ReserveData,address,uint256,uint256,uint256,uint256,mapping(address => DataTypes.ReserveData),DataTypes.UserConfigurationMap,mapping(uint256 => address),uint256,address) (contracts/protocol/libraries/logic/ValidationLogic.sol#120-213) has external calls inside a loop: vars.availableLiquidity = IERC20(asset).balanceOf(reserve.aTokenAddress) (contracts/protocol/libraries/logic/ValidationLogic.sol#205)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation/#calls-inside-a-loop
Reentrancy in IncentivizedERC20.transferFrom(address,address,uint256) (contracts/protocol/tokenization/IncentivizedERC20.sol#120-133):
External calls:
- _transfer(sender,recipient,amount) (contracts/protocol/tokenization/IncentivizedERC20.sol#125)
- _incentivesController.handleAction(sender,currentTotalSupply,oldSenderBalance) (contracts/protocol/tokenization/IncentivizedERC20.sol#185)
- _incentivesController.handleAction(recipient,currentTotalSupply,oldRecipientBalance) (contracts/protocol/tokenization/IncentivizedERC20.sol#187)
State variables written after the call(s):
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (contracts/protocol/tokenization/IncentivizedERC20.sol#126-130)
- _allowances[owner][spender] = amount (contracts/protocol/tokenization/IncentivizedERC20.sol#232)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-2
Reentrancy in LendingPool._executeBorrow(LendingPool.ExecuteBorrowParams) (contracts/protocol/lendingpool/LendingPool.sol#832-907):
External calls:
- reserve.updateState() (contracts/protocol/lendingpool/LendingPool.sol#858)
- isFirstBorrowing = IStableDebtToken(reserve.stableDebtTokenAddress).mint(vars.user,vars.onBehalfOf,vars.amount,currentStableRate) (contracts/protocol/lendingpool/LendingPool.sol#866-871)
- isFirstBorrowing = IVariableDebtToken(reserve.variableDebtTokenAddress).mint(vars.user,vars.onBehalfOf,vars.amount,reserve.variableBorrowIndex) (contracts/protocol/lendingpool/LendingPool.sol#873-878)
- IAToken(vars.aTokenAddress).transferUnderlyingTo(vars.user,vars.amount) (contracts/protocol/lendingpool/LendingPool.sol#893)
Event emitted after the call(s):
- Borrow(vars.asset,vars.user,vars.onBehalfOf,vars.amount,vars.interestRateMode,currentStableRate,vars.referralCode) (contracts/protocol/lendingpool/LendingPool.sol#896-906)
- Borrow(vars.asset,vars.user,vars.onBehalfOf,vars.amount,vars.interestRateMode,reserve.currentVariableBorrowRate,vars.referralCode) (contracts/protocol/lendingpool/LendingPool.sol#896-906)
Reentrancy in AToken._transfer(address,address,uint256,bool) (contracts/protocol/tokenization/AToken.sol#302-327):
External calls:
- super._transfer(from,to,amount.rayDiv(index)) (contracts/protocol/tokenization/AToken.sol#313)
- _incentivesController.handleAction(sender,currentTotalSupply,oldSenderBalance) (contracts/protocol/tokenization/IncentivizedERC20.sol#185)
- _incentivesController.handleAction(recipient,currentTotalSupply,oldRecipientBalance) (contracts/protocol/tokenization/IncentivizedERC20.sol#187)
- POOL.finalizeTransfer(UNDERLYING_ASSET_ADDRESS,from,to,amount,fromBalanceBefore,toBalanceBefore) (contracts/protocol/tokenization/AToken.sol#316-323)
Event emitted after the call(s):
- BalanceTransfer(from,to,amount,index) (contracts/protocol/tokenization/AToken.sol#326)
Reentrancy in LendingPoolAddressesProvider._updateImpl(bytes32,address) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#194-209):
External calls:
- proxy.initialize(newAddress,params) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#203)
Event emitted after the call(s):
- ProxyCreated(id,address(proxy)) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#205)
Reentrancy in LendingPoolConfigurator.activateReserve(address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#421-429):
External calls:
- pool.setConfiguration(asset,currentConfig.data) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#426)
Event emitted after the call(s):
- ReserveActivated(asset) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#428)
Reentrancy in AToken.burn(address,address,uint256,uint256) (contracts/protocol/tokenization/AToken.sol#96-110):
External calls:
- _burn(user,amountScaled) (contracts/protocol/tokenization/AToken.sol#104)
- _incentivesController.handleAction(account,oldTotalSupply,oldAccountBalance) (contracts/protocol/tokenization/IncentivizedERC20.sol#220)
- IERC20(UNDERLYING_ASSET_ADDRESS).safeTransfer(receiverOfUnderlying,amount) (contracts/protocol/tokenization/AToken.sol#106)
Event emitted after the call(s):
- Burn(user,receiverOfUnderlying,amount,index) (contracts/protocol/tokenization/AToken.sol#109)
- Transfer(user,address(0),amount) (contracts/protocol/tokenization/AToken.sol#108)
Reentrancy in StableDebtToken.burn(address,uint256) (contracts/protocol/tokenization/StableDebtToken.sol#162-222):
External calls:
- _mint(user,amountToMint,previousSupply) (contracts/protocol/tokenization/StableDebtToken.sol#204)
- _incentivesController.handleAction(account,oldTotalSupply,oldAccountBalance) (contracts/protocol/tokenization/StableDebtToken.sol#336)
Event emitted after the call(s):
- Mint(user,user,amountToMint,currentBalance,balanceIncrease,userStableRate,newAvgStableRate,nextSupply) (contracts/protocol/tokenization/StableDebtToken.sol#205-214)
Reentrancy in StableDebtToken.burn(address,uint256) (contracts/protocol/tokenization/StableDebtToken.sol#162-222):
External calls:
- _burn(user,amountToBurn,previousSupply) (contracts/protocol/tokenization/StableDebtToken.sol#217)
- _incentivesController.handleAction(account,oldTotalSupply,oldAccountBalance) (contracts/protocol/tokenization/StableDebtToken.sol#355)
Event emitted after the call(s):
- Burn(user,amountToBurn,currentBalance,balanceIncrease,newAvgStableRate,nextSupply) (contracts/protocol/tokenization/StableDebtToken.sol#218)
Reentrancy in StableDebtToken.burn(address,uint256) (contracts/protocol/tokenization/StableDebtToken.sol#162-222):
External calls:
- _mint(user,amountToMint,previousSupply) (contracts/protocol/tokenization/StableDebtToken.sol#204)
- _incentivesController.handleAction(account,oldTotalSupply,oldAccountBalance) (contracts/protocol/tokenization/StableDebtToken.sol#336)
- _burn(user,amountToBurn,previousSupply) (contracts/protocol/tokenization/StableDebtToken.sol#217)
- _incentivesController.handleAction(account,oldTotalSupply,oldAccountBalance) (contracts/protocol/tokenization/StableDebtToken.sol#355)
Event emitted after the call(s):
- Transfer(user,address(0),amount) (contracts/protocol/tokenization/StableDebtToken.sol#221)
Reentrancy in VariableDebtToken.burn(address,uint256,uint256) (contracts/protocol/tokenization/VariableDebtToken.sol#89-101):
External calls:
- _burn(user,amountScaled) (contracts/protocol/tokenization/VariableDebtToken.sol#97)
- _incentivesController.handleAction(account,oldTotalSupply,oldAccountBalance) (contracts/protocol/tokenization/IncentivizedERC20.sol#220)
Event emitted after the call(s):
- Burn(user,amount,index) (contracts/protocol/tokenization/VariableDebtToken.sol#100)
- Transfer(user,address(0),amount) (contracts/protocol/tokenization/VariableDebtToken.sol#99)
Reentrancy in LendingPoolConfigurator.configureReserveAsCollateral(address,uint256,uint256,uint256) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#345-387):
External calls:
- pool.setConfiguration(asset,currentConfig.data) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#384)
Event emitted after the call(s):
- CollateralConfigurationChanged(asset,ltv,liquidationThreshold,liquidationBonus) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#386)
Reentrancy in LendingPoolConfigurator.deactivateReserve(address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#435-445):
External calls:
- pool.setConfiguration(asset,currentConfig.data) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#442)
Event emitted after the call(s):
- ReserveDeactivated(asset) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#444)
Reentrancy in LendingPool.deposit(address,uint256,address,uint16) (contracts/protocol/lendingpool/LendingPool.sol#105-130):
External calls:
- reserve.updateState() (contracts/protocol/lendingpool/LendingPool.sol#117)
- IERC20(asset).safeTransferFrom(msg.sender,aToken,amount) (contracts/protocol/lendingpool/LendingPool.sol#120)
- isFirstDeposit = IAToken(aToken).mint(onBehalfOf,amount,reserve.liquidityIndex) (contracts/protocol/lendingpool/LendingPool.sol#122)
Event emitted after the call(s):
- Deposit(asset,msg.sender,onBehalfOf,amount,referralCode) (contracts/protocol/lendingpool/LendingPool.sol#129)
- ReserveUsedAsCollateralEnabled(asset,onBehalfOf) (contracts/protocol/lendingpool/LendingPool.sol#126)
Reentrancy in LendingPoolConfigurator.disableBorrowingOnReserve(address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#327-334):
External calls:
- pool.setConfiguration(asset,currentConfig.data) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#332)
Event emitted after the call(s):
- BorrowingDisabledOnReserve(asset) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#333)
Reentrancy in LendingPoolConfigurator.disableReserveStableRate(address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#407-415):
External calls:
- pool.setConfiguration(asset,currentConfig.data) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#412)
Event emitted after the call(s):
- StableRateDisabledOnReserve(asset) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#414)
Reentrancy in LendingPoolConfigurator.enableBorrowingOnReserve(address,bool) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#309-321):
External calls:
- pool.setConfiguration(asset,currentConfig.data) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#318)
Event emitted after the call(s):
- BorrowingEnabledOnReserve(asset,stableBorrowRateEnabled) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#320)
Reentrancy in LendingPoolConfigurator.enableReserveStableRate(address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#393-401):
External calls:
- pool.setConfiguration(asset,currentConfig.data) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#398)
Event emitted after the call(s):
- StableRateEnabledOnReserve(asset) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#400)
Reentrancy in LendingPool.flashLoan(address,address[],uint256[],uint256[],address,bytes,uint16) (contracts/protocol/lendingpool/LendingPool.sol#481-562):
External calls:
- require(bool,string)(vars.receiver.executeOperation(assets,amounts,premiums,msg.sender,params),Errors.LP_INVALID_FLASH_LOAN_EXECUTOR_RETURN) (contracts/protocol/lendingpool/LendingPool.sol#507-510)
- _executeBorrow(ExecuteBorrowParams(vars.currentAsset,msg.sender,onBehalfOf,vars.currentAmount,modes[vars.i],vars.currentATokenAddress,referralCode,false)) (contracts/protocol/lendingpool/LendingPool.sol#540-551)
- reserve.updateState() (contracts/protocol/lendingpool/LendingPool.sol#858)
- isFirstBorrowing = IStableDebtToken(reserve.stableDebtTokenAddress).mint(vars.user,vars.onBehalfOf,vars.amount,currentStableRate) (contracts/protocol/lendingpool/LendingPool.sol#866-871)
- isFirstBorrowing = IVariableDebtToken(reserve.variableDebtTokenAddress).mint(vars.user,vars.onBehalfOf,vars.amount,reserve.variableBorrowIndex) (contracts/protocol/lendingpool/LendingPool.sol#873-878)
- IAToken(reserve.aTokenAddress).mintToTreasury(vars.amountToMint,newLiquidityIndex) (contracts/protocol/libraries/logic/ReserveLogic.sol#323)
- IAToken(vars.aTokenAddress).transferUnderlyingTo(vars.user,vars.amount) (contracts/protocol/lendingpool/LendingPool.sol#893)
Event emitted after the call(s):
- Borrow(vars.asset,vars.user,vars.onBehalfOf,vars.amount,vars.interestRateMode,currentStableRate,vars.referralCode) (contracts/protocol/lendingpool/LendingPool.sol#896-906)
- _executeBorrow(ExecuteBorrowParams(vars.currentAsset,msg.sender,onBehalfOf,vars.currentAmount,modes[vars.i],vars.currentATokenAddress,referralCode,false)) (contracts/protocol/lendingpool/LendingPool.sol#540-551)
- Borrow(vars.asset,vars.user,vars.onBehalfOf,vars.amount,vars.interestRateMode,reserve.currentVariableBorrowRate,vars.referralCode) (contracts/protocol/lendingpool/LendingPool.sol#896-906)
- _executeBorrow(ExecuteBorrowParams(vars.currentAsset,msg.sender,onBehalfOf,vars.currentAmount,modes[vars.i],vars.currentATokenAddress,referralCode,false)) (contracts/protocol/lendingpool/LendingPool.sol#540-551)
- ReserveDataUpdated(reserveAddress,vars.newLiquidityRate,vars.newStableRate,vars.newVariableRate,reserve.liquidityIndex,reserve.variableBorrowIndex) (contracts/protocol/libraries/logic/ReserveLogic.sol#241-248)
- _executeBorrow(ExecuteBorrowParams(vars.currentAsset,msg.sender,onBehalfOf,vars.currentAmount,modes[vars.i],vars.currentATokenAddress,referralCode,false)) (contracts/protocol/lendingpool/LendingPool.sol#540-551)
Reentrancy in LendingPool.flashLoan(address,address[],uint256[],uint256[],address,bytes,uint16) (contracts/protocol/lendingpool/LendingPool.sol#481-562):
External calls:
- require(bool,string)(vars.receiver.executeOperation(assets,amounts,premiums,msg.sender,params),Errors.LP_INVALID_FLASH_LOAN_EXECUTOR_RETURN) (contracts/protocol/lendingpool/LendingPool.sol#507-510)
- _reserves[vars.currentAsset].updateState() (contracts/protocol/lendingpool/LendingPool.sol#520)
- IERC20(vars.currentAsset).safeTransferFrom(receiverAddress,vars.currentATokenAddress,vars.currentAmountPlusPremium) (contracts/protocol/lendingpool/LendingPool.sol#532-536)
- _executeBorrow(ExecuteBorrowParams(vars.currentAsset,msg.sender,onBehalfOf,vars.currentAmount,modes[vars.i],vars.currentATokenAddress,referralCode,false)) (contracts/protocol/lendingpool/LendingPool.sol#540-551)
- reserve.updateState() (contracts/protocol/lendingpool/LendingPool.sol#858)
- isFirstBorrowing = IStableDebtToken(reserve.stableDebtTokenAddress).mint(vars.user,vars.onBehalfOf,vars.amount,currentStableRate) (contracts/protocol/lendingpool/LendingPool.sol#866-871)
- isFirstBorrowing = IVariableDebtToken(reserve.variableDebtTokenAddress).mint(vars.user,vars.onBehalfOf,vars.amount,reserve.variableBorrowIndex) (contracts/protocol/lendingpool/LendingPool.sol#873-878)
- IAToken(reserve.aTokenAddress).mintToTreasury(vars.amountToMint,newLiquidityIndex) (contracts/protocol/libraries/logic/ReserveLogic.sol#323)
- IAToken(vars.aTokenAddress).transferUnderlyingTo(vars.user,vars.amount) (contracts/protocol/lendingpool/LendingPool.sol#893)
Event emitted after the call(s):
- FlashLoan(receiverAddress,msg.sender,vars.currentAsset,vars.currentAmount,vars.currentPremium,referralCode) (contracts/protocol/lendingpool/LendingPool.sol#553-560)
Reentrancy in LendingPoolConfigurator.freezeReserve(address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#452-460):
External calls:
- pool.setConfiguration(asset,currentConfig.data) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#457)
Event emitted after the call(s):
- ReserveFrozen(asset) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#459)
Reentrancy in LendingPoolConfigurator.initReserve(address,address,address,uint8,address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#201-263):
External calls:
- aTokenProxyAddress = _initTokenWithProxy(aTokenImpl,underlyingAssetDecimals) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#231)
- proxy.initialize(implementation,params) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#524)
- stableDebtTokenProxyAddress = _initTokenWithProxy(stableDebtTokenImpl,underlyingAssetDecimals) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#233-234)
- proxy.initialize(implementation,params) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#524)
- variableDebtTokenProxyAddress = _initTokenWithProxy(variableDebtTokenImpl,underlyingAssetDecimals) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#236-237)
- proxy.initialize(implementation,params) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#524)
- pool.initReserve(asset,aTokenProxyAddress,stableDebtTokenProxyAddress,variableDebtTokenProxyAddress,interestRateStrategyAddress) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#239-245)
- pool.setConfiguration(asset,currentConfig.data) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#254)
Event emitted after the call(s):
- ReserveInitialized(asset,aTokenProxyAddress,stableDebtTokenProxyAddress,variableDebtTokenProxyAddress,interestRateStrategyAddress) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#256-262)
Reentrancy in LendingPoolCollateralManager.liquidationCall(address,address,address,uint256,bool) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#81-245):
External calls:
- debtReserve.updateState() (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#163)
- IVariableDebtToken(debtReserve.variableDebtTokenAddress).burn(user,vars.actualDebtToLiquidate,debtReserve.variableBorrowIndex) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#166-170)
- IVariableDebtToken(debtReserve.variableDebtTokenAddress).burn(user,vars.userVariableDebt,debtReserve.variableBorrowIndex) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#174-178)
- IStableDebtToken(debtReserve.stableDebtTokenAddress).burn(user,vars.actualDebtToLiquidate.sub(vars.userVariableDebt)) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#180-183)
- vars.collateralAtoken.transferOnLiquidation(user,msg.sender,vars.maxCollateralToLiquidate) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#195)
Event emitted after the call(s):
- ReserveUsedAsCollateralEnabled(collateralAsset,msg.sender) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#200)
Reentrancy in LendingPoolCollateralManager.liquidationCall(address,address,address,uint256,bool) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#81-245):
External calls:
- debtReserve.updateState() (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#163)
- IVariableDebtToken(debtReserve.variableDebtTokenAddress).burn(user,vars.actualDebtToLiquidate,debtReserve.variableBorrowIndex) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#166-170)
- IVariableDebtToken(debtReserve.variableDebtTokenAddress).burn(user,vars.userVariableDebt,debtReserve.variableBorrowIndex) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#174-178)
- IStableDebtToken(debtReserve.stableDebtTokenAddress).burn(user,vars.actualDebtToLiquidate.sub(vars.userVariableDebt)) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#180-183)
- vars.collateralAtoken.transferOnLiquidation(user,msg.sender,vars.maxCollateralToLiquidate) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#195)
- collateralReserve.updateState() (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#203)
- vars.collateralAtoken.burn(user,msg.sender,vars.maxCollateralToLiquidate,collateralReserve.liquidityIndex) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#212-217)
Event emitted after the call(s):
- ReserveUsedAsCollateralDisabled(collateralAsset,user) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#224)
Reentrancy in LendingPoolCollateralManager.liquidationCall(address,address,address,uint256,bool) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#81-245):
External calls:
- debtReserve.updateState() (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#163)
- IVariableDebtToken(debtReserve.variableDebtTokenAddress).burn(user,vars.actualDebtToLiquidate,debtReserve.variableBorrowIndex) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#166-170)
- IVariableDebtToken(debtReserve.variableDebtTokenAddress).burn(user,vars.userVariableDebt,debtReserve.variableBorrowIndex) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#174-178)
- IStableDebtToken(debtReserve.stableDebtTokenAddress).burn(user,vars.actualDebtToLiquidate.sub(vars.userVariableDebt)) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#180-183)
- vars.collateralAtoken.transferOnLiquidation(user,msg.sender,vars.maxCollateralToLiquidate) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#195)
- collateralReserve.updateState() (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#203)
- vars.collateralAtoken.burn(user,msg.sender,vars.maxCollateralToLiquidate,collateralReserve.liquidityIndex) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#212-217)
- IERC20(debtAsset).safeTransferFrom(msg.sender,debtReserve.aTokenAddress,vars.actualDebtToLiquidate) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#228-232)
Event emitted after the call(s):
- LiquidationCall(collateralAsset,debtAsset,user,vars.actualDebtToLiquidate,vars.maxCollateralToLiquidate,msg.sender,receiveAToken) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#234-242)
Reentrancy in AToken.mint(address,uint256,uint256) (contracts/protocol/tokenization/AToken.sol#120-135):
External calls:
- _mint(user,amountScaled) (contracts/protocol/tokenization/AToken.sol#129)
- _incentivesController.handleAction(account,oldTotalSupply,oldAccountBalance) (contracts/protocol/tokenization/IncentivizedERC20.sol#204)
Event emitted after the call(s):
- Mint(user,amount,index) (contracts/protocol/tokenization/AToken.sol#132)
- Transfer(address(0),user,amount) (contracts/protocol/tokenization/AToken.sol#131)
Reentrancy in StableDebtToken.mint(address,address,uint256,uint256) (contracts/protocol/tokenization/StableDebtToken.sol#101-155):
External calls:
- _mint(onBehalfOf,amount.add(balanceIncrease),vars.previousSupply) (contracts/protocol/tokenization/StableDebtToken.sol#139)
- _incentivesController.handleAction(account,oldTotalSupply,oldAccountBalance) (contracts/protocol/tokenization/StableDebtToken.sol#336)
Event emitted after the call(s):
- Mint(user,onBehalfOf,amount,currentBalance,balanceIncrease,vars.newStableRate,vars.currentAvgStableRate,vars.nextSupply) (contracts/protocol/tokenization/StableDebtToken.sol#143-152)
- Transfer(address(0),onBehalfOf,amount) (contracts/protocol/tokenization/StableDebtToken.sol#141)
Reentrancy in VariableDebtToken.mint(address,address,uint256,uint256) (contracts/protocol/tokenization/VariableDebtToken.sol#60-80):
External calls:
- _mint(onBehalfOf,amountScaled) (contracts/protocol/tokenization/VariableDebtToken.sol#74)
- _incentivesController.handleAction(account,oldTotalSupply,oldAccountBalance) (contracts/protocol/tokenization/IncentivizedERC20.sol#204)
Event emitted after the call(s):
- Mint(user,onBehalfOf,amount,index) (contracts/protocol/tokenization/VariableDebtToken.sol#77)
- Transfer(address(0),onBehalfOf,amount) (contracts/protocol/tokenization/VariableDebtToken.sol#76)
Reentrancy in AToken.mintToTreasury(uint256,uint256) (contracts/protocol/tokenization/AToken.sol#143-156):
External calls:
- _mint(RESERVE_TREASURY_ADDRESS,amount.rayDiv(index)) (contracts/protocol/tokenization/AToken.sol#152)
- _incentivesController.handleAction(account,oldTotalSupply,oldAccountBalance) (contracts/protocol/tokenization/IncentivizedERC20.sol#204)
Event emitted after the call(s):
- Mint(RESERVE_TREASURY_ADDRESS,amount,index) (contracts/protocol/tokenization/AToken.sol#155)
- Transfer(address(0),RESERVE_TREASURY_ADDRESS,amount) (contracts/protocol/tokenization/AToken.sol#154)
Reentrancy in LendingPool.rebalanceStableBorrowRate(address,address) (contracts/protocol/lendingpool/LendingPool.sol#349-379):
External calls:
- reserve.updateState() (contracts/protocol/lendingpool/LendingPool.sol#366)
- IStableDebtToken(address(stableDebtToken)).burn(user,stableDebt) (contracts/protocol/lendingpool/LendingPool.sol#368)
- IStableDebtToken(address(stableDebtToken)).mint(user,user,stableDebt,reserve.currentStableBorrowRate) (contracts/protocol/lendingpool/LendingPool.sol#369-374)
Event emitted after the call(s):
- RebalanceStableBorrowRate(asset,user) (contracts/protocol/lendingpool/LendingPool.sol#378)
Reentrancy in LendingPool.repay(address,uint256,uint256,address) (contracts/protocol/lendingpool/LendingPool.sol#237-289):
External calls:
- reserve.updateState() (contracts/protocol/lendingpool/LendingPool.sol#265)
- IStableDebtToken(reserve.stableDebtTokenAddress).burn(onBehalfOf,paybackAmount) (contracts/protocol/lendingpool/LendingPool.sol#268)
- IVariableDebtToken(reserve.variableDebtTokenAddress).burn(onBehalfOf,paybackAmount,reserve.variableBorrowIndex) (contracts/protocol/lendingpool/LendingPool.sol#270-274)
- IERC20(asset).safeTransferFrom(msg.sender,aToken,paybackAmount) (contracts/protocol/lendingpool/LendingPool.sol#284)
Event emitted after the call(s):
- Repay(asset,onBehalfOf,msg.sender,paybackAmount) (contracts/protocol/lendingpool/LendingPool.sol#286)
Reentrancy in LendingPoolAddressesProvider.setAddressAsProxy(bytes32,address) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#60-67):
External calls:
- _updateImpl(id,implementationAddress) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#65)
- proxy.initialize(newAddress,params) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#203)
- proxy.upgradeToAndCall(newAddress,params) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#207)
Event emitted after the call(s):
- AddressSet(id,implementationAddress,true) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#66)
Reentrancy in LendingPoolAddressesProvider.setLendingPoolConfiguratorImpl(address) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#119-122):
External calls:
- _updateImpl(LENDING_POOL_CONFIGURATOR,configurator) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#120)
- proxy.initialize(newAddress,params) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#203)
- proxy.upgradeToAndCall(newAddress,params) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#207)
Event emitted after the call(s):
- LendingPoolConfiguratorUpdated(configurator) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#121)
Reentrancy in LendingPoolAddressesProvider.setLendingPoolImpl(address) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#101-104):
External calls:
- _updateImpl(LENDING_POOL,pool) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#102)
- proxy.initialize(newAddress,params) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#203)
- proxy.upgradeToAndCall(newAddress,params) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#207)
Event emitted after the call(s):
- LendingPoolUpdated(pool) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#103)
Reentrancy in LendingPoolConfigurator.setReserveFactor(address,uint256) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#481-489):
External calls:
- pool.setConfiguration(asset,currentConfig.data) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#486)
Event emitted after the call(s):
- ReserveFactorChanged(asset,reserveFactor) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#488)
Reentrancy in LendingPoolConfigurator.setReserveInterestRateStrategyAddress(address,address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#496-502):
External calls:
- pool.setReserveInterestRateStrategyAddress(asset,rateStrategyAddress) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#500)
Event emitted after the call(s):
- ReserveInterestRateStrategyChanged(asset,rateStrategyAddress) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#501)
Reentrancy in LendingPool.swapBorrowRateMode(address,uint256) (contracts/protocol/lendingpool/LendingPool.sol#296-338):
External calls:
- reserve.updateState() (contracts/protocol/lendingpool/LendingPool.sol#311)
- IStableDebtToken(reserve.stableDebtTokenAddress).burn(msg.sender,stableDebt) (contracts/protocol/lendingpool/LendingPool.sol#314)
- IVariableDebtToken(reserve.variableDebtTokenAddress).mint(msg.sender,msg.sender,stableDebt,reserve.variableBorrowIndex) (contracts/protocol/lendingpool/LendingPool.sol#315-320)
- IVariableDebtToken(reserve.variableDebtTokenAddress).burn(msg.sender,variableDebt,reserve.variableBorrowIndex) (contracts/protocol/lendingpool/LendingPool.sol#322-326)
- IStableDebtToken(reserve.stableDebtTokenAddress).mint(msg.sender,msg.sender,variableDebt,reserve.currentStableBorrowRate) (contracts/protocol/lendingpool/LendingPool.sol#327-332)
Event emitted after the call(s):
- Swap(asset,msg.sender,rateMode) (contracts/protocol/lendingpool/LendingPool.sol#337)
Reentrancy in IncentivizedERC20.transfer(address,uint256) (contracts/protocol/tokenization/IncentivizedERC20.sol#81-85):
External calls:
- _transfer(_msgSender(),recipient,amount) (contracts/protocol/tokenization/IncentivizedERC20.sol#82)
- _incentivesController.handleAction(sender,currentTotalSupply,oldSenderBalance) (contracts/protocol/tokenization/IncentivizedERC20.sol#185)
- _incentivesController.handleAction(recipient,currentTotalSupply,oldRecipientBalance) (contracts/protocol/tokenization/IncentivizedERC20.sol#187)
Event emitted after the call(s):
- Transfer(_msgSender(),recipient,amount) (contracts/protocol/tokenization/IncentivizedERC20.sol#83)
Reentrancy in IncentivizedERC20.transferFrom(address,address,uint256) (contracts/protocol/tokenization/IncentivizedERC20.sol#120-133):
External calls:
- _transfer(sender,recipient,amount) (contracts/protocol/tokenization/IncentivizedERC20.sol#125)
- _incentivesController.handleAction(sender,currentTotalSupply,oldSenderBalance) (contracts/protocol/tokenization/IncentivizedERC20.sol#185)
- _incentivesController.handleAction(recipient,currentTotalSupply,oldRecipientBalance) (contracts/protocol/tokenization/IncentivizedERC20.sol#187)
Event emitted after the call(s):
- Approval(owner,spender,amount) (contracts/protocol/tokenization/IncentivizedERC20.sol#233)
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (contracts/protocol/tokenization/IncentivizedERC20.sol#126-130)
- Transfer(sender,recipient,amount) (contracts/protocol/tokenization/IncentivizedERC20.sol#131)
Reentrancy in AToken.transferOnLiquidation(address,address,uint256) (contracts/protocol/tokenization/AToken.sol#165-175):
External calls:
- _transfer(from,to,value,false) (contracts/protocol/tokenization/AToken.sol#172)
- POOL.finalizeTransfer(UNDERLYING_ASSET_ADDRESS,from,to,amount,fromBalanceBefore,toBalanceBefore) (contracts/protocol/tokenization/AToken.sol#316-323)
- _incentivesController.handleAction(sender,currentTotalSupply,oldSenderBalance) (contracts/protocol/tokenization/IncentivizedERC20.sol#185)
- _incentivesController.handleAction(recipient,currentTotalSupply,oldRecipientBalance) (contracts/protocol/tokenization/IncentivizedERC20.sol#187)
Event emitted after the call(s):
- Transfer(from,to,value) (contracts/protocol/tokenization/AToken.sol#174)
Reentrancy in LendingPoolConfigurator.unfreezeReserve(address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#466-474):
External calls:
- pool.setConfiguration(asset,currentConfig.data) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#471)
Event emitted after the call(s):
- ReserveUnfrozen(asset) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#473)
Reentrancy in LendingPoolConfigurator.updateAToken(address,address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#270-276):
External calls:
- _upgradeTokenImplementation(asset,reserveData.aTokenAddress,implementation) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#273)
- proxy.upgradeToAndCall(implementation,params) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#549)
Event emitted after the call(s):
- ATokenUpgraded(asset,reserveData.aTokenAddress,implementation) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#275)
Reentrancy in LendingPoolConfigurator.updateStableDebtToken(address,address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#283-289):
External calls:
- _upgradeTokenImplementation(asset,reserveData.stableDebtTokenAddress,implementation) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#286)
- proxy.upgradeToAndCall(implementation,params) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#549)
Event emitted after the call(s):
- StableDebtTokenUpgraded(asset,reserveData.stableDebtTokenAddress,implementation) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#288)
Reentrancy in LendingPoolConfigurator.updateVariableDebtToken(address,address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#296-302):
External calls:
- _upgradeTokenImplementation(asset,reserveData.variableDebtTokenAddress,implementation) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#299)
- proxy.upgradeToAndCall(implementation,params) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#549)
Event emitted after the call(s):
- VariableDebtTokenUpgraded(asset,reserveData.variableDebtTokenAddress,implementation) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#301)
Reentrancy in LendingPool.withdraw(address,uint256,address) (contracts/protocol/lendingpool/LendingPool.sol#143-185):
External calls:
- reserve.updateState() (contracts/protocol/lendingpool/LendingPool.sol#171)
Event emitted after the call(s):
- ReserveUsedAsCollateralDisabled(asset,msg.sender) (contracts/protocol/lendingpool/LendingPool.sol#177)
Reentrancy in LendingPool.withdraw(address,uint256,address) (contracts/protocol/lendingpool/LendingPool.sol#143-185):
External calls:
- reserve.updateState() (contracts/protocol/lendingpool/LendingPool.sol#171)
- IAToken(aToken).burn(msg.sender,to,amountToWithdraw,reserve.liquidityIndex) (contracts/protocol/lendingpool/LendingPool.sol#180)
Event emitted after the call(s):
- Withdraw(asset,msg.sender,to,amountToWithdraw) (contracts/protocol/lendingpool/LendingPool.sol#182)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-3
ReserveLogic.getNormalizedIncome(DataTypes.ReserveData) (contracts/protocol/libraries/logic/ReserveLogic.sol#57-76) uses timestamp for comparisons
Dangerous comparisons:
- timestamp == uint40(block.timestamp) (contracts/protocol/libraries/logic/ReserveLogic.sol#65)
ReserveLogic.getNormalizedDebt(DataTypes.ReserveData) (contracts/protocol/libraries/logic/ReserveLogic.sol#85-104) uses timestamp for comparisons
Dangerous comparisons:
- timestamp == uint40(block.timestamp) (contracts/protocol/libraries/logic/ReserveLogic.sol#93)
MathUtils.calculateCompoundedInterest(uint256,uint40,uint256) (contracts/protocol/libraries/math/MathUtils.sol#45-70) uses timestamp for comparisons
Dangerous comparisons:
- exp == 0 (contracts/protocol/libraries/math/MathUtils.sol#53)
- exp > 2 (contracts/protocol/libraries/math/MathUtils.sol#59)
AToken.permit(address,address,uint256,uint256,uint8,bytes32,bytes32) (contracts/protocol/tokenization/AToken.sol#268-292) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(block.timestamp <= deadline,INVALID_EXPIRATION) (contracts/protocol/tokenization/AToken.sol#279)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#block-timestamp
Address.isContract(address) (contracts/dependencies/openzeppelin/contracts/Address.sol#25-36) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/contracts/Address.sol#32-34)
BaseAdminUpgradeabilityProxy._admin() (contracts/dependencies/openzeppelin/upgradeability/BaseAdminUpgradeabilityProxy.sol#98-104) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/upgradeability/BaseAdminUpgradeabilityProxy.sol#101-103)
BaseAdminUpgradeabilityProxy._setAdmin(address) (contracts/dependencies/openzeppelin/upgradeability/BaseAdminUpgradeabilityProxy.sol#110-116) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/upgradeability/BaseAdminUpgradeabilityProxy.sol#113-115)
BaseUpgradeabilityProxy._implementation() (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#31-37) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#34-36)
BaseUpgradeabilityProxy._setImplementation(address) (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#52-64) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#61-63)
Proxy._delegate(address) (contracts/dependencies/openzeppelin/upgradeability/Proxy.sol#31-55) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/upgradeability/Proxy.sol#33-54)
VersionedInitializable.isConstructor() (contracts/protocol/libraries/aave-upgradeability/VersionedInitializable.sol#61-73) uses assembly
- INLINE ASM (contracts/protocol/libraries/aave-upgradeability/VersionedInitializable.sol#69-71)
AToken.initialize(uint8,string,string) (contracts/protocol/tokenization/AToken.sol#61-86) uses assembly
- INLINE ASM (contracts/protocol/tokenization/AToken.sol#69-71)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage
Address.sendValue(address,uint256) (contracts/dependencies/openzeppelin/contracts/Address.sol#54-60) is never used and should be removed
Context._msgData() (contracts/dependencies/openzeppelin/contracts/Context.sol#19-22) is never used and should be removed
ERC20._burn(address,uint256) (contracts/dependencies/openzeppelin/contracts/ERC20.sol#279-287) is never used and should be removed
LendingPoolCollateralManager.getRevision() (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#66-68) is never used and should be removed
ReserveConfiguration.getBorrowingEnabled(DataTypes.ReserveConfigurationMap) (contracts/protocol/libraries/configuration/ReserveConfiguration.sol#190-192) is never used and should be removed
ReserveConfiguration.getFrozen(DataTypes.ReserveConfigurationMap) (contracts/protocol/libraries/configuration/ReserveConfiguration.sol#170-172) is never used and should be removed
ReserveConfiguration.getLiquidationBonus(DataTypes.ReserveConfigurationMap) (contracts/protocol/libraries/configuration/ReserveConfiguration.sol#106-112) is never used and should be removed
ReserveConfiguration.getStableRateBorrowingEnabled(DataTypes.ReserveConfigurationMap) (contracts/protocol/libraries/configuration/ReserveConfiguration.sol#213-219) is never used and should be removed
SafeERC20.safeApprove(IERC20,address,uint256) (contracts/dependencies/openzeppelin/contracts/SafeERC20.sol#39-49) is never used and should be removed
SafeMath.mod(uint256,uint256) (contracts/dependencies/openzeppelin/contracts/SafeMath.sol#140-142) is never used and should be removed
SafeMath.mod(uint256,uint256,string) (contracts/dependencies/openzeppelin/contracts/SafeMath.sol#155-162) is never used and should be removed
StableDebtToken.getRevision() (contracts/protocol/tokenization/StableDebtToken.sol#38-40) is never used and should be removed
VariableDebtToken.getRevision() (contracts/protocol/tokenization/VariableDebtToken.sol#32-34) is never used and should be removed
WadRayMath.halfRay() (contracts/protocol/libraries/math/WadRayMath.sol#39-41) is never used and should be removed
WadRayMath.halfWad() (contracts/protocol/libraries/math/WadRayMath.sol#46-48) is never used and should be removed
WadRayMath.rayToWad(uint256) (contracts/protocol/libraries/math/WadRayMath.sol#117-123) is never used and should be removed
WadRayMath.wad() (contracts/protocol/libraries/math/WadRayMath.sol#32-34) is never used and should be removed
WadRayMath.wadMul(uint256,uint256) (contracts/protocol/libraries/math/WadRayMath.sol#56-64) is never used and should be removed
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dead-code
Low level call in Address.sendValue(address,uint256) (contracts/dependencies/openzeppelin/contracts/Address.sol#54-60):
- (success) = recipient.call{value: amount}() (contracts/dependencies/openzeppelin/contracts/Address.sol#58)
Low level call in SafeERC20.callOptionalReturn(IERC20,bytes) (contracts/dependencies/openzeppelin/contracts/SafeERC20.sol#51-63):
- (success,returndata) = address(token).call(data) (contracts/dependencies/openzeppelin/contracts/SafeERC20.sol#55)
Low level call in BaseAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes) (contracts/dependencies/openzeppelin/upgradeability/BaseAdminUpgradeabilityProxy.sol#85-93):
- (success) = newImplementation.delegatecall(data) (contracts/dependencies/openzeppelin/upgradeability/BaseAdminUpgradeabilityProxy.sol#91)
Low level call in InitializableUpgradeabilityProxy.initialize(address,bytes) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20-28):
- (success) = _logic.delegatecall(_data) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
Low level call in UpgradeabilityProxy.constructor(address,bytes) (contracts/dependencies/openzeppelin/upgradeability/UpgradeabilityProxy.sol#20-27):
- (success) = _logic.delegatecall(_data) (contracts/dependencies/openzeppelin/upgradeability/UpgradeabilityProxy.sol#24)
Low level call in WETHGateway._safeTransferETH(address,uint256) (contracts/misc/WETHGateway.sol#118-121):
- (success) = to.call{value: value}(new bytes(0)) (contracts/misc/WETHGateway.sol#119)
Low level call in LendingPool.liquidationCall(address,address,address,uint256,bool) (contracts/protocol/lendingpool/LendingPool.sol#424-450):
- (success,result) = collateralManager.delegatecall(abi.encodeWithSignature(liquidationCall(address,address,address,uint256,bool),collateralAsset,debtAsset,user,debtToCover,receiveAToken)) (contracts/protocol/lendingpool/LendingPool.sol#434-444)
Low level call in BaseImmutableAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes) (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#63-71):
- (success) = newImplementation.delegatecall(data) (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#69)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls
MintableDelegationERC20 (contracts/mocks/tokens/MintableDelegationERC20.sol#10-34) should inherit from IDelegationToken (contracts/interfaces/IDelegationToken.sol#9-11)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-inheritance
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) is not in mixedCase
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._data (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) is not in mixedCase
Event ATokensAndRatesHelperdeployedContracts(address,address) (contracts/deployments/ATokensAndRatesHelper.sol#21) is not in CapWords
Event StableAndVariableTokensHelperdeployedContracts(address,address) (contracts/deployments/StableAndVariableTokensHelper.sol#14) is not in CapWords
Variable FlashLoanReceiverBase.ADDRESSES_PROVIDER (contracts/flashloan/base/FlashLoanReceiverBase.sol#15) is not in mixedCase
Variable FlashLoanReceiverBase.LENDING_POOL (contracts/flashloan/base/FlashLoanReceiverBase.sol#16) is not in mixedCase
Function IFlashLoanReceiver.ADDRESSES_PROVIDER() (contracts/flashloan/interfaces/IFlashLoanReceiver.sol#22) is not in mixedCase
Function IFlashLoanReceiver.LENDING_POOL() (contracts/flashloan/interfaces/IFlashLoanReceiver.sol#24) is not in mixedCase
Function ITokenConfiguration.UNDERLYING_ASSET_ADDRESS() (contracts/interfaces/ITokenConfiguration.sol#11) is not in mixedCase
Function ITokenConfiguration.POOL() (contracts/interfaces/ITokenConfiguration.sol#13) is not in mixedCase
Variable AaveOracle.WETH (contracts/misc/AaveOracle.sol#27) is not in mixedCase
Variable AaveProtocolDataProvider.ADDRESSES_PROVIDER (contracts/misc/AaveProtocolDataProvider.sol#26) is not in mixedCase
Variable WETHGateway.WETH (contracts/misc/WETHGateway.sol#20) is not in mixedCase
Variable WETHGateway.POOL (contracts/misc/WETHGateway.sol#21) is not in mixedCase
Variable MockFlashLoanReceiver._provider (contracts/mocks/flashloan/MockFlashLoanReceiver.sol#15) is not in mixedCase
Variable MockFlashLoanReceiver._failExecution (contracts/mocks/flashloan/MockFlashLoanReceiver.sol#20) is not in mixedCase
Variable MockFlashLoanReceiver._amountToApprove (contracts/mocks/flashloan/MockFlashLoanReceiver.sol#21) is not in mixedCase
Variable MockFlashLoanReceiver._simulateEOA (contracts/mocks/flashloan/MockFlashLoanReceiver.sol#22) is not in mixedCase
Parameter LendingRateOracle.getMarketBorrowRate(address)._asset (contracts/mocks/oracle/LendingRateOracle.sol#11) is not in mixedCase
Parameter LendingRateOracle.setMarketBorrowRate(address,uint256)._asset (contracts/mocks/oracle/LendingRateOracle.sol#15) is not in mixedCase
Parameter LendingRateOracle.setMarketBorrowRate(address,uint256)._rate (contracts/mocks/oracle/LendingRateOracle.sol#15) is not in mixedCase
Parameter LendingRateOracle.getMarketLiquidityRate(address)._asset (contracts/mocks/oracle/LendingRateOracle.sol#19) is not in mixedCase
Parameter LendingRateOracle.setMarketLiquidityRate(address,uint256)._asset (contracts/mocks/oracle/LendingRateOracle.sol#23) is not in mixedCase
Parameter LendingRateOracle.setMarketLiquidityRate(address,uint256)._rate (contracts/mocks/oracle/LendingRateOracle.sol#23) is not in mixedCase
Parameter MockAToken.initialize(uint8,string,string)._underlyingAssetDecimals (contracts/mocks/upgradeability/MockAToken.sol#32) is not in mixedCase
Parameter MockAToken.initialize(uint8,string,string)._tokenName (contracts/mocks/upgradeability/MockAToken.sol#33) is not in mixedCase
Parameter MockAToken.initialize(uint8,string,string)._tokenSymbol (contracts/mocks/upgradeability/MockAToken.sol#34) is not in mixedCase
Variable DefaultReserveInterestRateStrategy.OPTIMAL_UTILIZATION_RATE (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#29) is not in mixedCase
Variable DefaultReserveInterestRateStrategy.EXCESS_UTILIZATION_RATE (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#37) is not in mixedCase
Variable DefaultReserveInterestRateStrategy._baseVariableBorrowRate (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#42) is not in mixedCase
Variable DefaultReserveInterestRateStrategy._variableRateSlope1 (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#45) is not in mixedCase
Variable DefaultReserveInterestRateStrategy._variableRateSlope2 (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#48) is not in mixedCase
Variable DefaultReserveInterestRateStrategy._stableRateSlope1 (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#51) is not in mixedCase
Variable DefaultReserveInterestRateStrategy._stableRateSlope2 (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#54) is not in mixedCase
Variable LendingPoolStorage._addressesProvider (contracts/protocol/lendingpool/LendingPoolStorage.sol#15) is not in mixedCase
Variable LendingPoolStorage._reserves (contracts/protocol/lendingpool/LendingPoolStorage.sol#17) is not in mixedCase
Variable LendingPoolStorage._usersConfig (contracts/protocol/lendingpool/LendingPoolStorage.sol#18) is not in mixedCase
Variable LendingPoolStorage._reservesList (contracts/protocol/lendingpool/LendingPoolStorage.sol#21) is not in mixedCase
Variable LendingPoolStorage._reservesCount (contracts/protocol/lendingpool/LendingPoolStorage.sol#23) is not in mixedCase
Variable LendingPoolStorage._paused (contracts/protocol/lendingpool/LendingPoolStorage.sol#25) is not in mixedCase
Variable BaseImmutableAdminUpgradeabilityProxy.ADMIN (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#17) is not in mixedCase
Variable VersionedInitializable.______gap (contracts/protocol/libraries/aave-upgradeability/VersionedInitializable.sol#76) is not in mixedCase
Struct GenericLogic.balanceDecreaseAllowedLocalVars (contracts/protocol/libraries/logic/GenericLogic.sol#30-41) is not in CapWords
Constant WadRayMath.halfWAD (contracts/protocol/libraries/math/WadRayMath.sol#14) is not in UPPER_CASE_WITH_UNDERSCORES
Constant WadRayMath.halfRAY (contracts/protocol/libraries/math/WadRayMath.sol#17) is not in UPPER_CASE_WITH_UNDERSCORES
Variable AToken.UNDERLYING_ASSET_ADDRESS (contracts/protocol/tokenization/AToken.sol#30) is not in mixedCase
Variable AToken.RESERVE_TREASURY_ADDRESS (contracts/protocol/tokenization/AToken.sol#31) is not in mixedCase
Variable AToken.POOL (contracts/protocol/tokenization/AToken.sol#32) is not in mixedCase
Variable AToken._nonces (contracts/protocol/tokenization/AToken.sol#35) is not in mixedCase
Variable AToken.DOMAIN_SEPARATOR (contracts/protocol/tokenization/AToken.sol#37) is not in mixedCase
Variable IncentivizedERC20._incentivesController (contracts/protocol/tokenization/IncentivizedERC20.sol#18) is not in mixedCase
Variable IncentivizedERC20._balances (contracts/protocol/tokenization/IncentivizedERC20.sol#20) is not in mixedCase
Variable IncentivizedERC20._totalSupply (contracts/protocol/tokenization/IncentivizedERC20.sol#23) is not in mixedCase
Variable StableDebtToken._avgStableRate (contracts/protocol/tokenization/StableDebtToken.sol#21) is not in mixedCase
Variable StableDebtToken._timestamps (contracts/protocol/tokenization/StableDebtToken.sol#22) is not in mixedCase
Variable StableDebtToken._usersStableRate (contracts/protocol/tokenization/StableDebtToken.sol#23) is not in mixedCase
Variable StableDebtToken._totalSupplyTimestamp (contracts/protocol/tokenization/StableDebtToken.sol#24) is not in mixedCase
Variable DebtTokenBase.UNDERLYING_ASSET_ADDRESS (contracts/protocol/tokenization/base/DebtTokenBase.sol#23) is not in mixedCase
Variable DebtTokenBase.POOL (contracts/protocol/tokenization/base/DebtTokenBase.sol#24) is not in mixedCase
Variable DebtTokenBase._borrowAllowances (contracts/protocol/tokenization/base/DebtTokenBase.sol#26) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
Redundant expression "this (contracts/dependencies/openzeppelin/contracts/Context.sol#20)" inContext (contracts/dependencies/openzeppelin/contracts/Context.sol#14-23)
Redundant expression "params (contracts/mocks/flashloan/MockFlashLoanReceiver.sol#53)" inMockFlashLoanReceiver (contracts/mocks/flashloan/MockFlashLoanReceiver.sol#12-85)
Redundant expression "initiator (contracts/mocks/flashloan/MockFlashLoanReceiver.sol#54)" inMockFlashLoanReceiver (contracts/mocks/flashloan/MockFlashLoanReceiver.sol#12-85)
Redundant expression "recipient (contracts/protocol/tokenization/base/DebtTokenBase.sol#99)" inDebtTokenBase (contracts/protocol/tokenization/base/DebtTokenBase.sol#18-167)
Redundant expression "amount (contracts/protocol/tokenization/base/DebtTokenBase.sol#100)" inDebtTokenBase (contracts/protocol/tokenization/base/DebtTokenBase.sol#18-167)
Redundant expression "owner (contracts/protocol/tokenization/base/DebtTokenBase.sol#111)" inDebtTokenBase (contracts/protocol/tokenization/base/DebtTokenBase.sol#18-167)
Redundant expression "spender (contracts/protocol/tokenization/base/DebtTokenBase.sol#112)" inDebtTokenBase (contracts/protocol/tokenization/base/DebtTokenBase.sol#18-167)
Redundant expression "spender (contracts/protocol/tokenization/base/DebtTokenBase.sol#117)" inDebtTokenBase (contracts/protocol/tokenization/base/DebtTokenBase.sol#18-167)
Redundant expression "amount (contracts/protocol/tokenization/base/DebtTokenBase.sol#118)" inDebtTokenBase (contracts/protocol/tokenization/base/DebtTokenBase.sol#18-167)
Redundant expression "sender (contracts/protocol/tokenization/base/DebtTokenBase.sol#127)" inDebtTokenBase (contracts/protocol/tokenization/base/DebtTokenBase.sol#18-167)
Redundant expression "recipient (contracts/protocol/tokenization/base/DebtTokenBase.sol#128)" inDebtTokenBase (contracts/protocol/tokenization/base/DebtTokenBase.sol#18-167)
Redundant expression "amount (contracts/protocol/tokenization/base/DebtTokenBase.sol#129)" inDebtTokenBase (contracts/protocol/tokenization/base/DebtTokenBase.sol#18-167)
Redundant expression "spender (contracts/protocol/tokenization/base/DebtTokenBase.sol#139)" inDebtTokenBase (contracts/protocol/tokenization/base/DebtTokenBase.sol#18-167)
Redundant expression "addedValue (contracts/protocol/tokenization/base/DebtTokenBase.sol#140)" inDebtTokenBase (contracts/protocol/tokenization/base/DebtTokenBase.sol#18-167)
Redundant expression "spender (contracts/protocol/tokenization/base/DebtTokenBase.sol#150)" inDebtTokenBase (contracts/protocol/tokenization/base/DebtTokenBase.sol#18-167)
Redundant expression "subtractedValue (contracts/protocol/tokenization/base/DebtTokenBase.sol#151)" inDebtTokenBase (contracts/protocol/tokenization/base/DebtTokenBase.sol#18-167)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#redundant-statements
Variable DefaultReserveInterestRateStrategy._stableRateSlope1 (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#51) is too similar to DefaultReserveInterestRateStrategy._stableRateSlope2 (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#54)
Variable DefaultReserveInterestRateStrategy._variableRateSlope1 (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#45) is too similar to DefaultReserveInterestRateStrategy._variableRateSlope2 (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#48)
Variable DefaultReserveInterestRateStrategy.constructor(ILendingPoolAddressesProvider,uint256,uint256,uint256,uint256,uint256,uint256).stableRateSlope1 (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#62) is too similar to DefaultReserveInterestRateStrategy.constructor(ILendingPoolAddressesProvider,uint256,uint256,uint256,uint256,uint256,uint256).stableRateSlope2 (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#63)
Variable DefaultReserveInterestRateStrategy.constructor(ILendingPoolAddressesProvider,uint256,uint256,uint256,uint256,uint256,uint256).variableRateSlope1 (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#60) is too similar to DefaultReserveInterestRateStrategy.constructor(ILendingPoolAddressesProvider,uint256,uint256,uint256,uint256,uint256,uint256).variableRateSlope2 (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#61)
Variable Errors.LP_INCONSISTENT_FLASHLOAN_PARAMS (contracts/protocol/libraries/helpers/Errors.sol#55) is too similar to Errors.VL_INCONSISTENT_FLASHLOAN_PARAMS (contracts/protocol/libraries/helpers/Errors.sol#100)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#variable-names-are-too-similar
MockFlashLoanReceiver._provider (contracts/mocks/flashloan/MockFlashLoanReceiver.sol#15) is never used in MockFlashLoanReceiver (contracts/mocks/flashloan/MockFlashLoanReceiver.sol#12-85)
VersionedInitializable.______gap (contracts/protocol/libraries/aave-upgradeability/VersionedInitializable.sol#76) is never used in MockAToken (contracts/mocks/upgradeability/MockAToken.sol#7-40)
AToken.EIP712_DOMAIN (contracts/protocol/tokenization/AToken.sol#23-24) is never used in MockAToken (contracts/mocks/upgradeability/MockAToken.sol#7-40)
VersionedInitializable.______gap (contracts/protocol/libraries/aave-upgradeability/VersionedInitializable.sol#76) is never used in MockStableDebtToken (contracts/mocks/upgradeability/MockStableDebtToken.sol#6-21)
VersionedInitializable.______gap (contracts/protocol/libraries/aave-upgradeability/VersionedInitializable.sol#76) is never used in MockVariableDebtToken (contracts/mocks/upgradeability/MockVariableDebtToken.sol#6-27)
VersionedInitializable.______gap (contracts/protocol/libraries/aave-upgradeability/VersionedInitializable.sol#76) is never used in LendingPool (contracts/protocol/lendingpool/LendingPool.sol#46-923)
VersionedInitializable.______gap (contracts/protocol/libraries/aave-upgradeability/VersionedInitializable.sol#76) is never used in LendingPoolCollateralManager (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#29-317)
LendingPoolStorage._paused (contracts/protocol/lendingpool/LendingPoolStorage.sol#25) is never used in LendingPoolCollateralManager (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#29-317)
VersionedInitializable.______gap (contracts/protocol/libraries/aave-upgradeability/VersionedInitializable.sol#76) is never used in LendingPoolConfigurator (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#25-562)
VersionedInitializable.______gap (contracts/protocol/libraries/aave-upgradeability/VersionedInitializable.sol#76) is never used in DelegationAwareAToken (contracts/protocol/tokenization/DelegationAwareAToken.sol#14-49)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unused-state-variable
0xC6845a5C768BF8D7681249f8927877Efda425baf analyzed (79 contracts with 72 detectors), 314 result(s) found