Updated as of block 15919259 at 11/7/2022, 11:11:59 AM ET
- ID: 113
- Proposer: 0xbC540e0729B732fb14afA240aA5A047aE9ba7dF0
- Start Block: 15876593 (11/1/2022, 1:13:11 PM ET)
- End Block: 15895793 (11/4/2022, 5:36:23 AM ET)
- Targets: 0x691B41805f7Ef2D7De6165bC42295b035a31600D
- Executor: 0xEE56e2B3D491590B5b31738cC34d5232F378a8D5 (Short executor)
- Simulation: https://dashboard.tenderly.co/me/simulator/ec19c8c8-3267-4e9d-97c0-f508b224058c
Proposal text
This proposal outlines a 12-month engagement for Chaos Labs to build and utilize risk and simulation tooling to help optimizations and protect Aave v3 markets.
This proposal acts as a mandate from the Aave community to engage with Chaos for the work defined on the Aave governance forum here and pre-approved by the Aave community via Snapshot here.
Chaos Labs is eager to collaborate with Aave to ensure it maintains its position as a best-in-class DeFi protocol with one of the most serious and intentional risk operations. Aave v3 has over $1b in locked TVL and will shortly be launching on Ethereum, drastically increasing the assets controlled and the users engaging with it. Chaos has previously built a v3 Risk Dashboard to help monitor these positions and is excited to expand that capability using its proprietary on-chain simulation engine.
Chaos Labs will focus on risk management and parameter recommendations for all v3 markets.
This includes:
- Borrow & lending caps recommendations
- Collateral factors recommendations
- Interest rates recommendations
- Asset listing risk analytics & tooling
- Open-sourced agent access
- Extending the AAVE v3 Risk Analytics App
- Community Risk Calls
While incorporating feedback from the community, we have committed to building trust between the Aave community and Chaos Labs. To this end, the payment streams will not start until 6 months after AIP approval with two incentive-based payments not included in this proposal but will be submitted after delivery. The DAO may terminate our engagement after 6 months prior to this stream initializing.
A full specification of the payload contract and tests enabling this mandate can be found on the Chaos Labs Github here.
In summary, the proposal creates a 6-month stream of 500,000 aUSDC ($0.5 Million) to the Chaos-controlled address starting at block height equivalent to the 6-month anniversary of on-chain approval.
The Proposal Payload has been tested and peer-reviewed by Bored Ghost Developing, including simulations on mainnet of the whole proposal lifecycle.
Link to Test Cases: Here
Link to Payload Implementation: Here
Deployed Contracts ProposalPayload = 0x691B41805f7Ef2D7De6165bC42295b035a31600D
Copyright and related rights waived via CC0.
Info:
- State changes:
# InitializableAdminUpgradeabilityProxy at `0x464C71f6c2F760DdA6093dCB91C24c39e5d6e18c` with implementation AaveEcosystemReserveV2 at `0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3`
@@ _nextStreamId @@
- 100004
+ 100005
@@ `_streams` key `"100004"`.deposit @@
- 0
+ 500012352000
@@ `_streams` key `"100004"`.ratePerSecond @@
- 0
+ 32151
@@ `_streams` key `"100004"`.remainingBalance @@
- 0
+ 500012352000
@@ `_streams` key `"100004"`.startTime @@
- 0
+ 1683388415
@@ `_streams` key `"100004"`.stopTime @@
- 0
+ 1698940415
@@ `_streams` key `"100004"`.recipient @@
- 0x0000000000000000000000000000000000000000
+ 0xbc540e0729b732fb14afa240aa5a047ae9ba7df0
@@ `_streams` key `"100004"`.sender @@
- 0x0000000000000000000000000000000000000000
+ 0x464c71f6c2f760dda6093dcb91c24c39e5d6e18c
@@ `_streams` key `"100004"`.tokenAddress @@
- 0x0000000000000000000000000000000000000000
+ 0xbcca60bb61934080951369a648fb03df4f96263c
Info:
- There is no SELFDESTRUCT inside of delegated call
Info:
- Events Emitted:
- InitializableAdminUpgradeabilityProxy at
0x464C71f6c2F760DdA6093dCB91C24c39e5d6e18cwith implementation AaveEcosystemReserveV2 at0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3CreateStream(streamId: 100004, sender: 0x464c71f6c2f760dda6093dcb91c24c39e5d6e18c, recipient: 0xbc540e0729b732fb14afa240aa5a047ae9ba7df0, deposit: 500012352000, tokenAddress: 0xbcca60bb61934080951369a648fb03df4f96263c, startTime: 1683388415, stopTime: 1698940415)
- InitializableAdminUpgradeabilityProxy at
Info:
- Targets:
- 0x691B41805f7Ef2D7De6165bC42295b035a31600D: Contract (verified) (ProposalPayload)
Info:
- Touched address:
- 0x92bC7e2bDB0f97Ffa68B65bBAB560F8502ae0367: EOA (verification not applicable)
- 0xEC568fffba86c094cf06b22134B23074DFE2252c: Contract (verified) (AaveGovernanceV2)
- 0xEE56e2B3D491590B5b31738cC34d5232F378a8D5: Contract (verified) (Executor)
- 0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e: Contract (verified) (GovernanceStrategy)
- 0x7Fc66500c84A76Ad7e9c93437bFc5Ac33E2DDaE9: Contract (verified) (InitializableAdminUpgradeabilityProxy)
- 0xC13eac3B4F9EED480045113B7af00F7B5655Ece8: Contract (verified) (AaveTokenV2)
- 0x691B41805f7Ef2D7De6165bC42295b035a31600D: Contract (verified) (ProposalPayload)
- 0x3d569673dAa0575c936c7c67c4E6AedA69CC630C: Contract (verified) (AaveEcosystemReserveController)
- 0x464C71f6c2F760DdA6093dCB91C24c39e5d6e18c: Contract (verified) (InitializableAdminUpgradeabilityProxy)
- 0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3: Contract (verified) (AaveEcosystemReserveV2)
Info:
View Details
View warnings for InitializableAdminUpgradeabilityProxy at `0x464C71f6c2F760DdA6093dCB91C24c39e5d6e18c` with implementation AaveEcosystemReserveV2 at `0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3`
WARNING:CryticCompile:Warning: crytic-export/etherscan-contracts/0x464C71f6c2F760DdA6093dCB91C24c39e5d6e18c-InitializableAdminUpgradeabilityProxy.sol:200:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
crytic-export/etherscan-contracts/0x464C71f6c2F760DdA6093dCB91C24c39e5d6e18c-InitializableAdminUpgradeabilityProxy.sol:76:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0x464C71f6c2F760DdA6093dCB91C24c39e5d6e18c-InitializableAdminUpgradeabilityProxy.sol:228:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract BaseAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
crytic-export/etherscan-contracts/0x464C71f6c2F760DdA6093dCB91C24c39e5d6e18c-InitializableAdminUpgradeabilityProxy.sol:76:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0x464C71f6c2F760DdA6093dCB91C24c39e5d6e18c-InitializableAdminUpgradeabilityProxy.sol:347:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableAdminUpgradeabilityProxy is
^ (Relevant source part starts here and spans across multiple lines).
crytic-export/etherscan-contracts/0x464C71f6c2F760DdA6093dCB91C24c39e5d6e18c-InitializableAdminUpgradeabilityProxy.sol:76:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
View warnings for ProposalPayload at `0x691B41805f7Ef2D7De6165bC42295b035a31600D`
ERROR:CryticCompile:Invalid solc compilation Traceback (most recent call last):
File "/opt/hostedtoolcache/Python/3.10.8/x64/bin/solc", line 8, in <module>
sys.exit(solc())
File "/opt/hostedtoolcache/Python/3.10.8/x64/lib/python3.10/site-packages/solc_select/__main__.py", line 86, in solc
process = subprocess.run(
File "/opt/hostedtoolcache/Python/3.10.8/x64/lib/python3.10/subprocess.py", line 503, in run
with Popen(*popenargs, **kwargs) as process:
File "/opt/hostedtoolcache/Python/3.10.8/x64/lib/python3.10/subprocess.py", line 971, in __init__
self._execute_child(args, executable, preexec_fn, close_fds,
File "/opt/hostedtoolcache/Python/3.10.8/x64/lib/python3.10/subprocess.py", line 1847, in _execute_child
raise child_exception_type(errno_num, err_msg, err_filename)
PermissionError: [Errno 13] Permission denied: '/home/runner/.solc-select/artifacts/solc-0.8.17/solc-0.8.17'
View warnings for InitializableAdminUpgradeabilityProxy at `0x7Fc66500c84A76Ad7e9c93437bFc5Ac33E2DDaE9` with implementation AaveTokenV2 (Aave Token) at `0xC13eac3B4F9EED480045113B7af00F7B5655Ece8`
WARNING:CryticCompile:Warning: contracts/open-zeppelin/Address.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/BaseUpgradeabilityProxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/Proxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/SafeMath.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/UpgradeabilityProxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol:13:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract BaseAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/open-zeppelin/Proxy.sol:15:3: The payable fallback function is defined here.
fallback () payable external {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/open-zeppelin/Proxy.sol:15:3: The payable fallback function is defined here.
fallback () payable external {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/open-zeppelin/InitializableAdminUpgradeabilityProxy.sol:12:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableAdminUpgradeabilityProxy is BaseAdminUpgradeabilityProxy, InitializableUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/open-zeppelin/Proxy.sol:15:3: The payable fallback function is defined here.
fallback () payable external {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/utils/MockTransferHook.sol:9:25: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function onTransfer(address from, address to, uint256 amount) external override {
^----------^
Warning: contracts/utils/MockTransferHook.sol:9:39: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function onTransfer(address from, address to, uint256 amount) external override {
^--------^
Warning: contracts/utils/MockTransferHook.sol:9:51: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function onTransfer(address from, address to, uint256 amount) external override {
^------------^
View warnings for AaveTokenV2 (Aave Token) at `0xC13eac3B4F9EED480045113B7af00F7B5655Ece8`
WARNING:CryticCompile:Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:453:18: Warning: This declaration shadows an existing declaration.
constructor (string memory name, string memory symbol) public {
^----------------^
crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:462:5: The shadowed declaration is here:
function name() public view returns (string memory) {
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:453:38: Warning: This declaration shadows an existing declaration.
constructor (string memory name, string memory symbol) public {
^------------------^
crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:470:5: The shadowed declaration is here:
function symbol() public view returns (string memory) {
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:35:3: Warning: Interface functions are implicitly "virtual"
function delegateByType(address delegatee, DelegationType delegationType) external virtual;
^-----------------------------------------------------------------------------------------^
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:40:3: Warning: Interface functions are implicitly "virtual"
function delegate(address delegatee) external virtual;
^----------------------------------------------------^
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:45:3: Warning: Interface functions are implicitly "virtual"
function getDelegateeByType(address delegator, DelegationType delegationType)
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:56:3: Warning: Interface functions are implicitly "virtual"
function getPowerCurrent(address user, DelegationType delegationType)
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:66:3: Warning: Interface functions are implicitly "virtual"
function getPowerAtBlock(
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:75:3: Warning: Interface functions are implicitly "virtual"
function totalSupplyAt(uint256 blockNumber) external virtual view returns (uint256);
^----------------------------------------------------------------------------------^
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:453:5: Warning: Visibility for constructor is ignored. If you want the contract to be non-deployable, making it "abstract" is sufficient.
constructor (string memory name, string memory symbol) public {
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:1161:3: Warning: Visibility for constructor is ignored. If you want the contract to be non-deployable, making it "abstract" is sufficient.
constructor() public ERC20(NAME, SYMBOL) {}
^-----------------------------------------^
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:913:26: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function totalSupplyAt(uint256 blockNumber) external override view returns (uint256) {
^-----------------^
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:1079:5: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
uint128 oldValue,
^--------------^
Info:
View Details
Slither report for AaveEcosystemReserveV2 at `0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3`
AaveEcosystemReserveV2.balanceOf(uint256,address).vars (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#860) is a local variable never initialized
AaveEcosystemReserveV2.createStream(address,uint256,address,uint256,uint256).vars (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#931) is a local variable never initialized
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#uninitialized-local-variables
Reentrancy in AaveEcosystemReserveV2.cancelStream(uint256) (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#1013-1038):
External calls:
- token.safeTransfer(stream.recipient,recipientBalance) (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#1028)
Event emitted after the call(s):
- CancelStream(streamId,stream.sender,stream.recipient,senderBalance,recipientBalance) (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#1030-1036)
Reentrancy in AaveEcosystemReserveV2.withdrawFromStream(uint256,uint256) (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#983-1003):
External calls:
- IERC20(stream.tokenAddress).safeTransfer(stream.recipient,amount) (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#1000)
Event emitted after the call(s):
- WithdrawFromStream(streamId,stream.recipient,amount) (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#1001)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-3
AaveEcosystemReserveV2.deltaOf(uint256) (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#827-838) uses timestamp for comparisons
Dangerous comparisons:
- block.timestamp <= stream.startTime (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#834)
- block.timestamp < stream.stopTime (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#835)
AaveEcosystemReserveV2.createStream(address,uint256,address,uint256,uint256) (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#914-972) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(startTime >= block.timestamp,start time before block.timestamp) (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#925-928)
AaveEcosystemReserveV2.withdrawFromStream(uint256,uint256) (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#983-1003) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(balance >= amount,amount exceeds the available balance) (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#994)
AaveEcosystemReserveV2.cancelStream(uint256) (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#1013-1038) uses timestamp for comparisons
Dangerous comparisons:
- recipientBalance > 0 (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#1027)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#block-timestamp
Address.verifyCallResult(bool,bytes,string) (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#437-457) uses assembly
- INLINE ASM (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#449-452)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage
Address.functionCall(address,bytes) (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#321-323) is never used and should be removed
Address.functionCallWithValue(address,bytes,uint256) (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#350-356) is never used and should be removed
Address.functionDelegateCall(address,bytes) (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#410-412) is never used and should be removed
Address.functionDelegateCall(address,bytes,string) (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#420-429) is never used and should be removed
Address.functionStaticCall(address,bytes) (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#383-385) is never used and should be removed
Address.functionStaticCall(address,bytes,string) (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#393-402) is never used and should be removed
SafeERC20.safeDecreaseAllowance(IERC20,address,uint256) (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#536-557) is never used and should be removed
SafeERC20.safeIncreaseAllowance(IERC20,address,uint256) (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#520-534) is never used and should be removed
SafeERC20.safeTransferFrom(IERC20,address,address,uint256) (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#483-493) is never used and should be removed
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dead-code
Low level call in Address.sendValue(address,uint256) (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#296-301):
- (success) = recipient.call{value: amount}() (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#299)
Low level call in Address.functionCallWithValue(address,bytes,uint256,string) (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#364-375):
- (success,returndata) = target.call{value: value}(data) (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#373)
Low level call in Address.functionStaticCall(address,bytes,string) (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#393-402):
- (success,returndata) = target.staticcall(data) (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#400)
Low level call in Address.functionDelegateCall(address,bytes,string) (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#420-429):
- (success,returndata) = target.delegatecall(data) (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#427)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls
Function IAdminControlledEcosystemReserve.ETH_MOCK_ADDRESS() (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#159) is not in mixedCase
Variable VersionedInitializable.______gap (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#231) is not in mixedCase
Variable AdminControlledEcosystemReserve._fundsAdmin (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#661) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
VersionedInitializable.______gap (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#231) is never used in AaveEcosystemReserveV2 (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#730-1040)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unused-state-variable
0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3 analyzed (9 contracts with 75 detectors), 26 result(s) found
Slither report for AaveEcosystemReserveController at `0x3d569673dAa0575c936c7c67c4E6AedA69CC630C`
Context._msgData() (crytic-export/etherscan-contracts/0x3d569673dAa0575c936c7c67c4E6AedA69CC630C-AaveEcosystemReserveController.sol#27-29) is never used and should be removed
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dead-code
Function IAdminControlledEcosystemReserve.ETH_MOCK_ADDRESS() (crytic-export/etherscan-contracts/0x3d569673dAa0575c936c7c67c4E6AedA69CC630C-AaveEcosystemReserveController.sol#263) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
0x3d569673dAa0575c936c7c67c4E6AedA69CC630C analyzed (7 contracts with 75 detectors), 2 result(s) found
Slither report for InitializableAdminUpgradeabilityProxy at `0x464C71f6c2F760DdA6093dCB91C24c39e5d6e18c` with implementation AaveEcosystemReserveV2 at `0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3`
Traceback (most recent call last):
File "/opt/hostedtoolcache/Python/3.10.8/x64/lib/python3.10/site-packages/crytic_compile/platform/solc_standard_json.py", line 161, in run_solc_standard_json
solc_json_output = json.loads(stdout)
File "/opt/hostedtoolcache/Python/3.10.8/x64/lib/python3.10/json/__init__.py", line 346, in loads
return _default_decoder.decode(s)
File "/opt/hostedtoolcache/Python/3.10.8/x64/lib/python3.10/json/decoder.py", line 337, in decode
obj, end = self.raw_decode(s, idx=_w(s, 0).end())
File "/opt/hostedtoolcache/Python/3.10.8/x64/lib/python3.10/json/decoder.py", line 355, in raw_decode
raise JSONDecodeError("Expecting value", s, err.value) from None
json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/opt/hostedtoolcache/Python/3.10.8/x64/lib/python3.10/site-packages/slither/__main__.py", line 826, in main_impl
) = process_all(filename, args, detector_classes, printer_classes)
File "/opt/hostedtoolcache/Python/3.10.8/x64/lib/python3.10/site-packages/slither/__main__.py", line 86, in process_all
compilations = compile_all(target, **vars(args))
File "/opt/hostedtoolcache/Python/3.10.8/x64/lib/python3.10/site-packages/crytic_compile/crytic_compile.py", line 637, in compile_all
compilations.append(CryticCompile(target, **kwargs))
File "/opt/hostedtoolcache/Python/3.10.8/x64/lib/python3.10/site-packages/crytic_compile/crytic_compile.py", line 117, in __init__
self._compile(**kwargs)
File "/opt/hostedtoolcache/Python/3.10.8/x64/lib/python3.10/site-packages/crytic_compile/crytic_compile.py", line 548, in _compile
self._platform.compile(self, **kwargs)
File "/opt/hostedtoolcache/Python/3.10.8/x64/lib/python3.10/site-packages/crytic_compile/platform/etherscan.py", line 358, in compile
solc_standard_json.standalone_compile(filenames, compilation_unit, working_dir=working_dir)
File "/opt/hostedtoolcache/Python/3.10.8/x64/lib/python3.10/site-packages/crytic_compile/platform/solc_standard_json.py", line 65, in standalone_compile
targets_json = run_solc_standard_json(
File "/opt/hostedtoolcache/Python/3.10.8/x64/lib/python3.10/site-packages/crytic_compile/platform/solc_standard_json.py", line 191, in run_solc_standard_json
raise InvalidCompilation(f"Invalid solc compilation {stderr}")
crytic_compile.platform.exceptions.InvalidCompilation: Invalid solc compilation Traceback (most recent call last):
File "/opt/hostedtoolcache/Python/3.10.8/x64/bin/solc", line 8, in <module>
sys.exit(solc())
File "/opt/hostedtoolcache/Python/3.10.8/x64/lib/python3.10/site-packages/solc_select/__main__.py", line 86, in solc
process = subprocess.run(
File "/opt/hostedtoolcache/Python/3.10.8/x64/lib/python3.10/subprocess.py", line 503, in run
with Popen(*popenargs, **kwargs) as process:
File "/opt/hostedtoolcache/Python/3.10.8/x64/lib/python3.10/subprocess.py", line 971, in __init__
self._execute_child(args, executable, preexec_fn, close_fds,
File "/opt/hostedtoolcache/Python/3.10.8/x64/lib/python3.10/subprocess.py", line 1847, in _execute_child
raise child_exception_type(errno_num, err_msg, err_filename)
PermissionError: [Errno 13] Permission denied: '/home/runner/.solc-select/artifacts/solc-0.6.12/solc-0.6.12'
Error in 0x464C71f6c2F760DdA6093dCB91C24c39e5d6e18c
Traceback (most recent call last):
File "/opt/hostedtoolcache/Python/3.10.8/x64/lib/python3.10/site-packages/crytic_compile/platform/solc_standard_json.py", line 161, in run_solc_standard_json
solc_json_output = json.loads(stdout)
File "/opt/hostedtoolcache/Python/3.10.8/x64/lib/python3.10/json/__init__.py", line 346, in loads
return _default_decoder.decode(s)
File "/opt/hostedtoolcache/Python/3.10.8/x64/lib/python3.10/json/decoder.py", line 337, in decode
obj, end = self.raw_decode(s, idx=_w(s, 0).end())
File "/opt/hostedtoolcache/Python/3.10.8/x64/lib/python3.10/json/decoder.py", line 355, in raw_decode
raise JSONDecodeError("Expecting value", s, err.value) from None
json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/opt/hostedtoolcache/Python/3.10.8/x64/lib/python3.10/site-packages/slither/__main__.py", line 826, in main_impl
) = process_all(filename, args, detector_classes, printer_classes)
File "/opt/hostedtoolcache/Python/3.10.8/x64/lib/python3.10/site-packages/slither/__main__.py", line 86, in process_all
compilations = compile_all(target, **vars(args))
File "/opt/hostedtoolcache/Python/3.10.8/x64/lib/python3.10/site-packages/crytic_compile/crytic_compile.py", line 637, in compile_all
compilations.append(CryticCompile(target, **kwargs))
File "/opt/hostedtoolcache/Python/3.10.8/x64/lib/python3.10/site-packages/crytic_compile/crytic_compile.py", line 117, in __init__
self._compile(**kwargs)
File "/opt/hostedtoolcache/Python/3.10.8/x64/lib/python3.10/site-packages/crytic_compile/crytic_compile.py", line 548, in _compile
self._platform.compile(self, **kwargs)
File "/opt/hostedtoolcache/Python/3.10.8/x64/lib/python3.10/site-packages/crytic_compile/platform/etherscan.py", line 358, in compile
solc_standard_json.standalone_compile(filenames, compilation_unit, working_dir=working_dir)
File "/opt/hostedtoolcache/Python/3.10.8/x64/lib/python3.10/site-packages/crytic_compile/platform/solc_standard_json.py", line 65, in standalone_compile
targets_json = run_solc_standard_json(
File "/opt/hostedtoolcache/Python/3.10.8/x64/lib/python3.10/site-packages/crytic_compile/platform/solc_standard_json.py", line 191, in run_solc_standard_json
raise InvalidCompilation(f"Invalid solc compilation {stderr}")
crytic_compile.platform.exceptions.InvalidCompilation: Invalid solc compilation Traceback (most recent call last):
File "/opt/hostedtoolcache/Python/3.10.8/x64/bin/solc", line 8, in <module>
sys.exit(solc())
File "/opt/hostedtoolcache/Python/3.10.8/x64/lib/python3.10/site-packages/solc_select/__main__.py", line 86, in solc
process = subprocess.run(
File "/opt/hostedtoolcache/Python/3.10.8/x64/lib/python3.10/subprocess.py", line 503, in run
with Popen(*popenargs, **kwargs) as process:
File "/opt/hostedtoolcache/Python/3.10.8/x64/lib/python3.10/subprocess.py", line 971, in __init__
self._execute_child(args, executable, preexec_fn, close_fds,
File "/opt/hostedtoolcache/Python/3.10.8/x64/lib/python3.10/subprocess.py", line 1847, in _execute_child
raise child_exception_type(errno_num, err_msg, err_filename)
PermissionError: [Errno 13] Permission denied: '/home/runner/.solc-select/artifacts/solc-0.6.12/solc-0.6.12'
Slither report for ProposalPayload at `0x691B41805f7Ef2D7De6165bC42295b035a31600D`
Traceback (most recent call last):
File "/opt/hostedtoolcache/Python/3.10.8/x64/lib/python3.10/site-packages/slither/__main__.py", line 826, in main_impl
) = process_all(filename, args, detector_classes, printer_classes)
File "/opt/hostedtoolcache/Python/3.10.8/x64/lib/python3.10/site-packages/slither/__main__.py", line 86, in process_all
compilations = compile_all(target, **vars(args))
File "/opt/hostedtoolcache/Python/3.10.8/x64/lib/python3.10/site-packages/crytic_compile/crytic_compile.py", line 637, in compile_all
compilations.append(CryticCompile(target, **kwargs))
File "/opt/hostedtoolcache/Python/3.10.8/x64/lib/python3.10/site-packages/crytic_compile/crytic_compile.py", line 117, in __init__
self._compile(**kwargs)
File "/opt/hostedtoolcache/Python/3.10.8/x64/lib/python3.10/site-packages/crytic_compile/crytic_compile.py", line 548, in _compile
self._platform.compile(self, **kwargs)
File "/opt/hostedtoolcache/Python/3.10.8/x64/lib/python3.10/site-packages/crytic_compile/platform/etherscan.py", line 358, in compile
solc_standard_json.standalone_compile(filenames, compilation_unit, working_dir=working_dir)
File "/opt/hostedtoolcache/Python/3.10.8/x64/lib/python3.10/site-packages/crytic_compile/platform/solc_standard_json.py", line 65, in standalone_compile
targets_json = run_solc_standard_json(
File "/opt/hostedtoolcache/Python/3.10.8/x64/lib/python3.10/site-packages/crytic_compile/platform/solc_standard_json.py", line 179, in run_solc_standard_json
raise InvalidCompilation(solc_exception_str)
crytic_compile.platform.exceptions.InvalidCompilation: ParserError: ParserError: Source "@aave-address-book/AaveV2Ethereum.sol" not found: File not found. Searched the following locations: "".
--> src/ProposalPayload.sol:5:1:
|
5 | import {AaveV2Ethereum} from "@aave-address-book/AaveV2Ethereum.sol";
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Error in 0x691B41805f7Ef2D7De6165bC42295b035a31600D
Traceback (most recent call last):
File "/opt/hostedtoolcache/Python/3.10.8/x64/lib/python3.10/site-packages/slither/__main__.py", line 826, in main_impl
) = process_all(filename, args, detector_classes, printer_classes)
File "/opt/hostedtoolcache/Python/3.10.8/x64/lib/python3.10/site-packages/slither/__main__.py", line 86, in process_all
compilations = compile_all(target, **vars(args))
File "/opt/hostedtoolcache/Python/3.10.8/x64/lib/python3.10/site-packages/crytic_compile/crytic_compile.py", line 637, in compile_all
compilations.append(CryticCompile(target, **kwargs))
File "/opt/hostedtoolcache/Python/3.10.8/x64/lib/python3.10/site-packages/crytic_compile/crytic_compile.py", line 117, in __init__
self._compile(**kwargs)
File "/opt/hostedtoolcache/Python/3.10.8/x64/lib/python3.10/site-packages/crytic_compile/crytic_compile.py", line 548, in _compile
self._platform.compile(self, **kwargs)
File "/opt/hostedtoolcache/Python/3.10.8/x64/lib/python3.10/site-packages/crytic_compile/platform/etherscan.py", line 358, in compile
solc_standard_json.standalone_compile(filenames, compilation_unit, working_dir=working_dir)
File "/opt/hostedtoolcache/Python/3.10.8/x64/lib/python3.10/site-packages/crytic_compile/platform/solc_standard_json.py", line 65, in standalone_compile
targets_json = run_solc_standard_json(
File "/opt/hostedtoolcache/Python/3.10.8/x64/lib/python3.10/site-packages/crytic_compile/platform/solc_standard_json.py", line 179, in run_solc_standard_json
raise InvalidCompilation(solc_exception_str)
crytic_compile.platform.exceptions.InvalidCompilation: ParserError: ParserError: Source "@aave-address-book/AaveV2Ethereum.sol" not found: File not found. Searched the following locations: "".
--> src/ProposalPayload.sol:5:1:
|
5 | import {AaveV2Ethereum} from "@aave-address-book/AaveV2Ethereum.sol";
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Slither report for InitializableAdminUpgradeabilityProxy at `0x7Fc66500c84A76Ad7e9c93437bFc5Ac33E2DDaE9` with implementation AaveTokenV2 (Aave Token) at `0xC13eac3B4F9EED480045113B7af00F7B5655Ece8`
Warning: contracts/open-zeppelin/Address.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/BaseUpgradeabilityProxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/Proxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/SafeMath.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/UpgradeabilityProxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol:13:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract BaseAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/open-zeppelin/Proxy.sol:15:3: The payable fallback function is defined here.
fallback () payable external {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/open-zeppelin/Proxy.sol:15:3: The payable fallback function is defined here.
fallback () payable external {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/open-zeppelin/InitializableAdminUpgradeabilityProxy.sol:12:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableAdminUpgradeabilityProxy is BaseAdminUpgradeabilityProxy, InitializableUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/open-zeppelin/Proxy.sol:15:3: The payable fallback function is defined here.
fallback () payable external {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/utils/MockTransferHook.sol:9:25: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function onTransfer(address from, address to, uint256 amount) external override {
^----------^
Warning: contracts/utils/MockTransferHook.sol:9:39: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function onTransfer(address from, address to, uint256 amount) external override {
^--------^
Warning: contracts/utils/MockTransferHook.sol:9:51: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function onTransfer(address from, address to, uint256 amount) external override {
^------------^
InitializableUpgradeabilityProxy.initialize(address,bytes) (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#20-28) uses delegatecall to a input-controlled function id
- (success) = _logic.delegatecall(_data) (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#25)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#controlled-delegatecall
LendToAaveMigrator.migrateFromLEND(uint256) (contracts/token/LendToAaveMigrator.sol#61-68) ignores return value by LEND.transferFrom(msg.sender,address(this),amount) (contracts/token/LendToAaveMigrator.sol#65)
LendToAaveMigrator.migrateFromLEND(uint256) (contracts/token/LendToAaveMigrator.sol#61-68) ignores return value by AAVE.transfer(msg.sender,amount.div(LEND_AAVE_RATIO)) (contracts/token/LendToAaveMigrator.sol#66)
DoubleTransferHelper.doubleSend(address,uint256,uint256) (contracts/utils/DoubleTransferHelper.sol#14-17) ignores return value by AAVE.transfer(to,amount1) (contracts/utils/DoubleTransferHelper.sol#15)
DoubleTransferHelper.doubleSend(address,uint256,uint256) (contracts/utils/DoubleTransferHelper.sol#14-17) ignores return value by AAVE.transfer(to,amount2) (contracts/utils/DoubleTransferHelper.sol#16)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unchecked-transfer
AaveToken._writeSnapshot(address,uint128,uint128) (contracts/token/AaveToken.sol#138-153) uses a dangerous strict equality:
- ownerCountOfSnapshots != 0 && snapshotsOwner[ownerCountOfSnapshots.sub(1)].blockNumber == currentBlock (contracts/token/AaveToken.sol#145)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dangerous-strict-equalities
Reentrancy in AaveToken.initialize(address,address,ITransferHook) (contracts/token/AaveToken.sol#59-85):
External calls:
- _mint(migrator,MIGRATION_AMOUNT) (contracts/token/AaveToken.sol#83)
- aaveGovernance.onTransfer(from,to,amount) (contracts/token/AaveToken.sol#181)
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
- aaveGovernance.onTransfer(from,to,amount) (contracts/token/AaveToken.sol#181)
State variables written after the call(s):
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
- _balances[account] = _balances[account].add(amount) (contracts/open-zeppelin/ERC20.sol#235)
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
- _countsSnapshots[owner] = ownerCountOfSnapshots.add(1) (contracts/token/AaveToken.sol#149)
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
- snapshotsOwner[ownerCountOfSnapshots.sub(1)].value = newValue (contracts/token/AaveToken.sol#146)
- snapshotsOwner[ownerCountOfSnapshots] = Snapshot(currentBlock,newValue) (contracts/token/AaveToken.sol#148)
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
- _totalSupply = _totalSupply.add(amount) (contracts/open-zeppelin/ERC20.sol#234)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-1
ERC20.constructor(string,string).name (contracts/open-zeppelin/ERC20.sol#57) shadows:
- ERC20.name() (contracts/open-zeppelin/ERC20.sol#66-68) (function)
ERC20.constructor(string,string).symbol (contracts/open-zeppelin/ERC20.sol#57) shadows:
- ERC20.symbol() (contracts/open-zeppelin/ERC20.sol#74-76) (function)
InitializableAdminUpgradeabilityProxy.initialize(address,address,bytes)._admin (contracts/open-zeppelin/InitializableAdminUpgradeabilityProxy.sol#22) shadows:
- BaseAdminUpgradeabilityProxy._admin() (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#94-99) (function)
MintableErc20.constructor(string,string,uint8).name (contracts/utils/MintableErc20.sol#11) shadows:
- ERC20.name() (contracts/open-zeppelin/ERC20.sol#66-68) (function)
MintableErc20.constructor(string,string,uint8).symbol (contracts/utils/MintableErc20.sol#11) shadows:
- ERC20.symbol() (contracts/open-zeppelin/ERC20.sol#74-76) (function)
MintableErc20.constructor(string,string,uint8).decimals (contracts/utils/MintableErc20.sol#11) shadows:
- ERC20.decimals() (contracts/open-zeppelin/ERC20.sol#91-93) (function)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#local-variable-shadowing
InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#20) lacks a zero-check on :
- (success) = _logic.delegatecall(_data) (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#25)
BaseAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes).newImplementation (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#85) lacks a zero-check on :
- (success) = newImplementation.delegatecall(data) (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#87)
UpgradeabilityProxy.constructor(address,bytes)._logic (contracts/open-zeppelin/UpgradeabilityProxy.sol#19) lacks a zero-check on :
- (success) = _logic.delegatecall(_data) (contracts/open-zeppelin/UpgradeabilityProxy.sol#23)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-zero-address-validation
Modifier BaseAdminUpgradeabilityProxy.ifAdmin() (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#34-40) does not always execute _; or revertReference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-modifier
Reentrancy in AaveToken.initialize(address,address,ITransferHook) (contracts/token/AaveToken.sol#59-85):
External calls:
- _mint(migrator,MIGRATION_AMOUNT) (contracts/token/AaveToken.sol#83)
- aaveGovernance.onTransfer(from,to,amount) (contracts/token/AaveToken.sol#181)
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
- aaveGovernance.onTransfer(from,to,amount) (contracts/token/AaveToken.sol#181)
Event emitted after the call(s):
- SnapshotDone(owner,oldValue,newValue) (contracts/token/AaveToken.sol#152)
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
- Transfer(address(0),account,amount) (contracts/open-zeppelin/ERC20.sol#236)
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
Reentrancy in LendToAaveMigrator.migrateFromLEND(uint256) (contracts/token/LendToAaveMigrator.sol#61-68):
External calls:
- LEND.transferFrom(msg.sender,address(this),amount) (contracts/token/LendToAaveMigrator.sol#65)
- AAVE.transfer(msg.sender,amount.div(LEND_AAVE_RATIO)) (contracts/token/LendToAaveMigrator.sol#66)
Event emitted after the call(s):
- LendMigrated(msg.sender,amount) (contracts/token/LendToAaveMigrator.sol#67)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-3
AaveToken.permit(address,address,uint256,uint256,uint8,bytes32,bytes32) (contracts/token/AaveToken.sol#98-123) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(block.timestamp <= deadline,INVALID_EXPIRATION) (contracts/token/AaveToken.sol#109)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#block-timestamp
Address.isContract(address) (contracts/open-zeppelin/Address.sol#24-33) uses assembly
- INLINE ASM (contracts/open-zeppelin/Address.sol#31)
BaseAdminUpgradeabilityProxy._admin() (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#94-99) uses assembly
- INLINE ASM (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#96-98)
BaseAdminUpgradeabilityProxy._setAdmin(address) (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#105-111) uses assembly
- INLINE ASM (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#108-110)
BaseUpgradeabilityProxy._implementation() (contracts/open-zeppelin/BaseUpgradeabilityProxy.sol#30-35) uses assembly
- INLINE ASM (contracts/open-zeppelin/BaseUpgradeabilityProxy.sol#32-34)
BaseUpgradeabilityProxy._setImplementation(address) (contracts/open-zeppelin/BaseUpgradeabilityProxy.sol#50-58) uses assembly
- INLINE ASM (contracts/open-zeppelin/BaseUpgradeabilityProxy.sol#55-57)
Proxy._delegate(address) (contracts/open-zeppelin/Proxy.sol#30-49) uses assembly
- INLINE ASM (contracts/open-zeppelin/Proxy.sol#31-48)
AaveToken.initialize(address,address,ITransferHook) (contracts/token/AaveToken.sol#59-85) uses assembly
- INLINE ASM (contracts/token/AaveToken.sol#68-70)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage
Address.sendValue(address,uint256) (contracts/open-zeppelin/Address.sol#51-57) is never used and should be removed
Context._msgData() (contracts/open-zeppelin/Context.sol#20-23) is never used and should be removed
ERC20._burn(address,uint256) (contracts/open-zeppelin/ERC20.sol#250-258) is never used and should be removed
SafeMath.mod(uint256,uint256) (contracts/open-zeppelin/SafeMath.sol#131-133) is never used and should be removed
SafeMath.mod(uint256,uint256,string) (contracts/open-zeppelin/SafeMath.sol#146-149) is never used and should be removed
SafeMath.mul(uint256,uint256) (contracts/open-zeppelin/SafeMath.sol#71-83) is never used and should be removed
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dead-code
Low level call in Address.sendValue(address,uint256) (contracts/open-zeppelin/Address.sol#51-57):
- (success) = recipient.call{value: amount}() (contracts/open-zeppelin/Address.sol#55)
Low level call in BaseAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes) (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#85-89):
- (success) = newImplementation.delegatecall(data) (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#87)
Low level call in InitializableUpgradeabilityProxy.initialize(address,bytes) (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#20-28):
- (success) = _logic.delegatecall(_data) (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#25)
Low level call in UpgradeabilityProxy.constructor(address,bytes) (contracts/open-zeppelin/UpgradeabilityProxy.sol#19-26):
- (success) = _logic.delegatecall(_data) (contracts/open-zeppelin/UpgradeabilityProxy.sol#23)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls
DoubleTransferHelper (contracts/utils/DoubleTransferHelper.sol#6-19) should inherit from VersionedInitializable (contracts/utils/VersionedInitializable.sol#18-44)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-inheritance
Variable ERC20._name (contracts/open-zeppelin/ERC20.sol#44) is not in mixedCase
Variable ERC20._symbol (contracts/open-zeppelin/ERC20.sol#45) is not in mixedCase
Parameter InitializableAdminUpgradeabilityProxy.initialize(address,address,bytes)._logic (contracts/open-zeppelin/InitializableAdminUpgradeabilityProxy.sol#22) is not in mixedCase
Parameter InitializableAdminUpgradeabilityProxy.initialize(address,address,bytes)._admin (contracts/open-zeppelin/InitializableAdminUpgradeabilityProxy.sol#22) is not in mixedCase
Parameter InitializableAdminUpgradeabilityProxy.initialize(address,address,bytes)._data (contracts/open-zeppelin/InitializableAdminUpgradeabilityProxy.sol#22) is not in mixedCase
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#20) is not in mixedCase
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._data (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#20) is not in mixedCase
Variable AaveToken._nonces (contracts/token/AaveToken.sol#34) is not in mixedCase
Variable AaveToken._snapshots (contracts/token/AaveToken.sol#36) is not in mixedCase
Variable AaveToken._countsSnapshots (contracts/token/AaveToken.sol#38) is not in mixedCase
Variable AaveToken._aaveGovernance (contracts/token/AaveToken.sol#43) is not in mixedCase
Variable AaveToken.DOMAIN_SEPARATOR (contracts/token/AaveToken.sol#45) is not in mixedCase
Variable LendToAaveMigrator.AAVE (contracts/token/LendToAaveMigrator.sol#17) is not in mixedCase
Variable LendToAaveMigrator.LEND (contracts/token/LendToAaveMigrator.sol#18) is not in mixedCase
Variable LendToAaveMigrator.LEND_AAVE_RATIO (contracts/token/LendToAaveMigrator.sol#19) is not in mixedCase
Variable LendToAaveMigrator._totalLendMigrated (contracts/token/LendToAaveMigrator.sol#22) is not in mixedCase
Variable DoubleTransferHelper.AAVE (contracts/utils/DoubleTransferHelper.sol#8) is not in mixedCase
Variable VersionedInitializable.______gap (contracts/utils/VersionedInitializable.sol#43) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
Redundant expression "this (contracts/open-zeppelin/Context.sol#21)" inContext (contracts/open-zeppelin/Context.sol#15-25)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#redundant-statements
VersionedInitializable.______gap (contracts/utils/VersionedInitializable.sol#43) is never used in AaveToken (contracts/token/AaveToken.sol#13-185)
VersionedInitializable.______gap (contracts/utils/VersionedInitializable.sol#43) is never used in LendToAaveMigrator (contracts/token/LendToAaveMigrator.sol#14-79)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unused-state-variable
0x7Fc66500c84A76Ad7e9c93437bFc5Ac33E2DDaE9 analyzed (19 contracts with 75 detectors), 59 result(s) found
Slither report for GovernanceStrategy at `0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e`
GovernanceStrategy.constructor(address,address).aave (crytic-export/etherscan-contracts/0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e-GovernanceStrategy.sol#78) lacks a zero-check on :
- AAVE = aave (crytic-export/etherscan-contracts/0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e-GovernanceStrategy.sol#79)
GovernanceStrategy.constructor(address,address).stkAave (crytic-export/etherscan-contracts/0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e-GovernanceStrategy.sol#78) lacks a zero-check on :
- STK_AAVE = stkAave (crytic-export/etherscan-contracts/0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e-GovernanceStrategy.sol#80)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-zero-address-validation
Variable GovernanceStrategy.AAVE (crytic-export/etherscan-contracts/0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e-GovernanceStrategy.sol#70) is not in mixedCase
Variable GovernanceStrategy.STK_AAVE (crytic-export/etherscan-contracts/0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e-GovernanceStrategy.sol#71) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e analyzed (4 contracts with 75 detectors), 4 result(s) found
Slither report for AaveTokenV2 (Aave Token) at `0xC13eac3B4F9EED480045113B7af00F7B5655Ece8`
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:453:18: Warning: This declaration shadows an existing declaration.
constructor (string memory name, string memory symbol) public {
^----------------^
crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:462:5: The shadowed declaration is here:
function name() public view returns (string memory) {
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:453:38: Warning: This declaration shadows an existing declaration.
constructor (string memory name, string memory symbol) public {
^------------------^
crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:470:5: The shadowed declaration is here:
function symbol() public view returns (string memory) {
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:35:3: Warning: Interface functions are implicitly "virtual"
function delegateByType(address delegatee, DelegationType delegationType) external virtual;
^-----------------------------------------------------------------------------------------^
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:40:3: Warning: Interface functions are implicitly "virtual"
function delegate(address delegatee) external virtual;
^----------------------------------------------------^
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:45:3: Warning: Interface functions are implicitly "virtual"
function getDelegateeByType(address delegator, DelegationType delegationType)
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:56:3: Warning: Interface functions are implicitly "virtual"
function getPowerCurrent(address user, DelegationType delegationType)
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:66:3: Warning: Interface functions are implicitly "virtual"
function getPowerAtBlock(
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:75:3: Warning: Interface functions are implicitly "virtual"
function totalSupplyAt(uint256 blockNumber) external virtual view returns (uint256);
^----------------------------------------------------------------------------------^
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:453:5: Warning: Visibility for constructor is ignored. If you want the contract to be non-deployable, making it "abstract" is sufficient.
constructor (string memory name, string memory symbol) public {
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:1161:3: Warning: Visibility for constructor is ignored. If you want the contract to be non-deployable, making it "abstract" is sufficient.
constructor() public ERC20(NAME, SYMBOL) {}
^-----------------------------------------^
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:913:26: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function totalSupplyAt(uint256 blockNumber) external override view returns (uint256) {
^-----------------^
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:1079:5: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
uint128 oldValue,
^--------------^
AaveTokenV2._votingSnapshots (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1136) is never initialized. It is used in:
- AaveTokenV2._getDelegationDataByType(IGovernancePowerDelegationToken.DelegationType) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1253-1272)
AaveTokenV2._votingSnapshotsCounts (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1138) is never initialized. It is used in:
- AaveTokenV2._getDelegationDataByType(IGovernancePowerDelegationToken.DelegationType) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1253-1272)
AaveTokenV2._aaveGovernance (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1143) is never initialized. It is used in:
- AaveTokenV2._beforeTokenTransfer(address,address,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1221-1251)
AaveTokenV2.DOMAIN_SEPARATOR (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1145) is never initialized. It is used in:
- AaveTokenV2.permit(address,address,uint256,uint256,uint8,bytes32,bytes32) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1179-1203)
- AaveTokenV2.delegateByTypeBySig(address,IGovernancePowerDelegationToken.DelegationType,uint256,uint256,uint8,bytes32,bytes32) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1284-1302)
- AaveTokenV2.delegateBySig(address,uint256,uint256,uint8,bytes32,bytes32) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1313-1329)
AaveTokenV2._propositionPowerSnapshots (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1156) is never initialized. It is used in:
- AaveTokenV2._getDelegationDataByType(IGovernancePowerDelegationToken.DelegationType) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1253-1272)
AaveTokenV2._propositionPowerSnapshotsCounts (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1157) is never initialized. It is used in:
- AaveTokenV2._getDelegationDataByType(IGovernancePowerDelegationToken.DelegationType) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1253-1272)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#uninitialized-state-variables
GovernancePowerDelegationERC20._searchByBlockNumber(mapping(address => mapping(uint256 => GovernancePowerDelegationERC20.Snapshot)),mapping(address => uint256),address,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1012-1050) uses a dangerous strict equality:
- snapshot.blockNumber == blockNumber (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1041)
GovernancePowerDelegationERC20._writeSnapshot(mapping(address => mapping(uint256 => GovernancePowerDelegationERC20.Snapshot)),mapping(address => uint256),address,uint128,uint128) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1075-1097) uses a dangerous strict equality:
- ownerSnapshotsCount != 0 && snapshotsOwner[ownerSnapshotsCount - 1].blockNumber == currentBlock (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1089-1090)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dangerous-strict-equalities
ERC20.constructor(string,string).name (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#453) shadows:
- ERC20.name() (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#462-464) (function)
ERC20.constructor(string,string).symbol (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#453) shadows:
- ERC20.symbol() (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#470-472) (function)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#local-variable-shadowing
AaveTokenV2.permit(address,address,uint256,uint256,uint8,bytes32,bytes32) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1179-1203) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(block.timestamp <= deadline,INVALID_EXPIRATION) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1190)
AaveTokenV2.delegateByTypeBySig(address,IGovernancePowerDelegationToken.DelegationType,uint256,uint256,uint8,bytes32,bytes32) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1284-1302) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(block.timestamp <= expiry,INVALID_EXPIRATION) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1300)
AaveTokenV2.delegateBySig(address,uint256,uint256,uint8,bytes32,bytes32) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1313-1329) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(block.timestamp <= expiry,INVALID_EXPIRATION) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1326)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#block-timestamp
Address.isContract(address) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#368-379) uses assembly
- INLINE ASM (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#375-377)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage
Address.isContract(address) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#368-379) is never used and should be removed
Address.sendValue(address,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#397-403) is never used and should be removed
Context._msgData() (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#94-97) is never used and should be removed
ERC20._beforeTokenTransfer(address,address,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#702) is never used and should be removed
ERC20._burn(address,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#646-654) is never used and should be removed
ERC20._mint(address,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#625-633) is never used and should be removed
ERC20._setupDecimals(uint8) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#684-686) is never used and should be removed
SafeERC20.callOptionalReturn(IERC20,bytes) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#757-769) is never used and should be removed
SafeERC20.safeApprove(IERC20,address,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#745-755) is never used and should be removed
SafeERC20.safeTransfer(IERC20,address,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#728-734) is never used and should be removed
SafeERC20.safeTransferFrom(IERC20,address,address,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#736-743) is never used and should be removed
SafeMath.div(uint256,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#280-282) is never used and should be removed
SafeMath.div(uint256,uint256,string) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#295-306) is never used and should be removed
SafeMath.mod(uint256,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#319-321) is never used and should be removed
SafeMath.mod(uint256,uint256,string) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#334-341) is never used and should be removed
SafeMath.mul(uint256,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#255-267) is never used and should be removed
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dead-code
Low level call in Address.sendValue(address,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#397-403):
- (success) = recipient.call{value: amount}() (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#401)
Low level call in SafeERC20.callOptionalReturn(IERC20,bytes) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#757-769):
- (success,returndata) = address(token).call(data) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#761)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls
Variable ERC20._name (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#440) is not in mixedCase
Variable ERC20._symbol (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#441) is not in mixedCase
Variable VersionedInitializable.______gap (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#809) is not in mixedCase
Variable AaveTokenV2._nonces (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1134) is not in mixedCase
Variable AaveTokenV2._votingSnapshots (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1136) is not in mixedCase
Variable AaveTokenV2._votingSnapshotsCounts (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1138) is not in mixedCase
Variable AaveTokenV2._aaveGovernance (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1143) is not in mixedCase
Variable AaveTokenV2.DOMAIN_SEPARATOR (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1145) is not in mixedCase
Variable AaveTokenV2._votingDelegates (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1154) is not in mixedCase
Variable AaveTokenV2._propositionPowerSnapshots (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1156) is not in mixedCase
Variable AaveTokenV2._propositionPowerSnapshotsCounts (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1157) is not in mixedCase
Variable AaveTokenV2._propositionPowerDelegates (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1159) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
Redundant expression "this (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#95)" inContext (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#89-98)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#redundant-statements
VersionedInitializable.______gap (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#809) is never used in AaveTokenV2 (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1124-1331)
AaveTokenV2.DECIMALS (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1129) is never used in AaveTokenV2 (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1124-1331)
AaveTokenV2.EIP712_DOMAIN (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1147-1149) is never used in AaveTokenV2 (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1124-1331)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unused-state-variable
0xC13eac3B4F9EED480045113B7af00F7B5655Ece8 analyzed (11 contracts with 75 detectors), 48 result(s) found