Updated as of block 16126005 at 12/6/2022, 8:18:47 AM ET
- ID: 127
- Proposer: 0xB85fa70cf9aB580580D437BdEA785b71631a8A7c
- Start Block: 16089593 (12/1/2022, 6:15:35 AM ET)
- End Block: 16108793 (12/3/2022, 10:34:35 PM ET)
- Targets: 0x4919E176f02142C20727da215e8dc1b3d046D026
- Executor: 0xEE56e2B3D491590B5b31738cC34d5232F378a8D5 (Short executor)
- Simulation: https://dashboard.tenderly.co/me/simulator/576182a8-52ee-46a7-8600-01b5081cdda0
Proposal text
This governance proposal deploys and activates the different smart contract components result of the community project to create a bridge of Aave v2 Ethereum aTokens from/to StarkNet.
All the information regarding the project is explained on https://governance.aave.com/t/aave-starknet-phase-i-release/10428.
In summary, with the previous approval of the project via governance, the Aave community has decided to start its expansion to StarkNet, a validity rollup, starting with smart contracts for bridging infrastructure of Aave v2 Ethereum aTokens.
Additionally, this also sets the foundation for the connection of instances of Aave in other networks (e.g. Polygon, Avalanche) with StarkNet.
This proposal's payload does the following:
Ethereum side
- Deploys the
Bridgesmart contract, main component on Ethereum of the system, by calling a transparent proxy factory. - Initializes the Ethereum
Bridgeto accept bridging of aUSDC, aUSDT and aDAI, with a 30'000 total ceiling for each one of them (in units of each asset, which in this case is relatively equivalent to USD). - Sends a message via the StarkNet core messaging smart contract to activate the smart contract components on the StarkNet side.
StarkNet side
- The message is received by the Governance Relay contract (proxy HERE and implementation HERE), which executes the payload on https://starkscan.co/class/0x00be3e7fe64939ef463bc80b76703b93c10a61944de34df5bb2dbc7b734e3159#code via delegatecall.
- The payload connects and activates all the components: activates rewAAVE (representing AAVE rewards on StarkNet), connects the L1 Bridge to the L2 side of it, and connects the L1 aTokens to their static versions on L2.
The payload smart contract for Ethereum can be found HERE,
The payload smart contract for StarkNet can be found HERE.
All the other components are also present in the same repository.
After this proposal gets approved and executed, the Bridge will be fully operative on https://etherscan.io/address/0x25c0667E46a704AfCF5305B0A586CC24c171E94D (no code at the moment, being a counterfactual/CREATE2 deployment).
This proposal has been tested using the available tools to be as close as possible to fork both Ethereum and StarkNet mainnets.
In addition, all the components apart from the payload had gone through the security procedures enumerated on the Aave governance forum HERE.
Bored Ghost Developing has reviewed the proposal payload too.
https://github.com/aave-starknet-project/aave-starknet-bridge#deployed-contracts
Copyright and related rights waived via CC0.
Info:
- State changes:
# unknown contract name at `0x25c0667E46a704AfCF5305B0A586CC24c171E94D`
@@ Slot `0x0000000000000000000000000000000000000000000000000000000000000000` @@
- "0x0000000000000000000000000000000000000000000000000000000000000000"
+ "0x00000000000000000000c662c410c0ecf747543f5ba90660f6abebd9c8c40001"
@@ Slot `0x0000000000000000000000000000000000000000000000000000000000000001` @@
- "0x0000000000000000000000000000000000000000000000000000000000000000"
+ "0x0434ab0e4f2a743f871e4d57a16aef3df84c1a29b61565e016da91c1f824b021"
@@ Slot `0x0000000000000000000000000000000000000000000000000000000000000002` @@
- "0x0000000000000000000000000000000000000000000000000000000000000000"
+ "0x0000000000000000000000000000000000000000000000000000000000000003"
@@ Slot `0x0000000000000000000000000000000000000000000000000000000000000003` @@
- "0x0000000000000000000000000000000000000000000000000000000000000000"
+ "0x0000000000000000000000004da27a545c0c5b758a6ba100e3a049001de870f5"
@@ Slot `0x0000000000000000000000000000000000000000000000000000000000000004` @@
- "0x0000000000000000000000000000000000000000000000000000000000000000"
+ "0x000000000000000000000000d784927ff2f95ba542bfc824c8a8a98f3495f6b5"
@@ Slot `0x1564b3eb8bad4f532b38f1bfadd7fe4dc98d7ad34935fd78282dbb8cea76e262` @@
- "0x0000000000000000000000000000000000000000000000000000000000000000"
+ "0x04212f12efcfc9e847bd98e58daff7dc588c4896f6cd320b74023ad5606f02fd"
@@ Slot `0x1564b3eb8bad4f532b38f1bfadd7fe4dc98d7ad34935fd78282dbb8cea76e263` @@
- "0x0000000000000000000000000000000000000000000000000000000000000000"
+ "0x0000000000000000000000006b175474e89094c44da98b954eedeac495271d0f"
@@ Slot `0x1564b3eb8bad4f532b38f1bfadd7fe4dc98d7ad34935fd78282dbb8cea76e264` @@
- "0x0000000000000000000000000000000000000000000000000000000000000000"
+ "0x0000000000000000000000007d2768de32b0b80b7a3454c06bdac94a69ddc7a9"
@@ Slot `0x1564b3eb8bad4f532b38f1bfadd7fe4dc98d7ad34935fd78282dbb8cea76e265` @@
- "0x0000000000000000000000000000000000000000000000000000000000000000"
+ "0x00000000000000000000000000000000000000000000065a4da25d3016c00000"
@@ Slot `0x1e9893ce84bd32a3a724102e42948db65608d42d52de3a29b9c0d5bb2857a956` @@
- "0x0000000000000000000000000000000000000000000000000000000000000000"
+ "0x014cdaa224881ea760b055a50b7b8e65447d9310f5c637294e08a0fc0d04c0ce"
@@ Slot `0x1e9893ce84bd32a3a724102e42948db65608d42d52de3a29b9c0d5bb2857a957` @@
- "0x0000000000000000000000000000000000000000000000000000000000000000"
+ "0x000000000000000000000000a0b86991c6218b36c1d19d4a2e9eb0ce3606eb48"
@@ Slot `0x1e9893ce84bd32a3a724102e42948db65608d42d52de3a29b9c0d5bb2857a958` @@
- "0x0000000000000000000000000000000000000000000000000000000000000000"
+ "0x0000000000000000000000007d2768de32b0b80b7a3454c06bdac94a69ddc7a9"
@@ Slot `0x1e9893ce84bd32a3a724102e42948db65608d42d52de3a29b9c0d5bb2857a959` @@
- "0x0000000000000000000000000000000000000000000000000000000000000000"
+ "0x00000000000000000000000000000000000000000000000000000006fc23ac00"
@@ Slot `0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc` @@
- "0x0000000000000000000000000000000000000000000000000000000000000000"
+ "0x00000000000000000000000069f4057cc8a32bde63c2d62724ce14ed1ad4b93a"
@@ Slot `0x405787fa12a823e0f2b7631cc41b3ba8828b3321ca811111fa75cd3aa3bb5ace` @@
- "0x0000000000000000000000000000000000000000000000000000000000000000"
+ "0x000000000000000000000000bcca60bb61934080951369a648fb03df4f96263c"
@@ Slot `0x405787fa12a823e0f2b7631cc41b3ba8828b3321ca811111fa75cd3aa3bb5acf` @@
- "0x0000000000000000000000000000000000000000000000000000000000000000"
+ "0x0000000000000000000000003ed3b47dd13ec9a98b44e6204a523e766b225811"
@@ Slot `0x405787fa12a823e0f2b7631cc41b3ba8828b3321ca811111fa75cd3aa3bb5ad0` @@
- "0x0000000000000000000000000000000000000000000000000000000000000000"
+ "0x000000000000000000000000028171bca77440897b824ca71d1c56cac55b68a3"
@@ Slot `0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103` @@
- "0x0000000000000000000000000000000000000000000000000000000000000000"
+ "0x000000000000000000000000ee56e2b3d491590b5b31738cc34d5232f378a8d5"
@@ Slot `0xfde530bdb5cd2486d01a15ab22ecf740ec4bd743ffeb0e7e6cb9b282a1897136` @@
- "0x0000000000000000000000000000000000000000000000000000000000000000"
+ "0x02e905e3d2fcf4e5813fef9bfe528a304e8e5adc8cbdc247b3980d7a96a01b90"
@@ Slot `0xfde530bdb5cd2486d01a15ab22ecf740ec4bd743ffeb0e7e6cb9b282a1897137` @@
- "0x0000000000000000000000000000000000000000000000000000000000000000"
+ "0x000000000000000000000000dac17f958d2ee523a2206206994597c13d831ec7"
@@ Slot `0xfde530bdb5cd2486d01a15ab22ecf740ec4bd743ffeb0e7e6cb9b282a1897138` @@
- "0x0000000000000000000000000000000000000000000000000000000000000000"
+ "0x0000000000000000000000007d2768de32b0b80b7a3454c06bdac94a69ddc7a9"
@@ Slot `0xfde530bdb5cd2486d01a15ab22ecf740ec4bd743ffeb0e7e6cb9b282a1897139` @@
- "0x0000000000000000000000000000000000000000000000000000000000000000"
+ "0x00000000000000000000000000000000000000000000000000000006fc23ac00"# Dai (Dai Stablecoin) at `0x6B175474E89094C44Da98b954EedeAC495271d0F`
@@ `allowance` key `0x25c0667e46a704afcf5305b0a586cc24c171e94d`.0x7d2768de32b0b80b7a3454c06bdac94a69ddc7a9 @@
- 0
+ 115792089237316195423570985008687907853269984665640564039457584007913129639935
# FiatTokenProxy at `0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48` with implementation FiatTokenV2_1 at `0xa2327a938Febf5FEC13baCFb16Ae10EcBc4cbDCF`
@@ `allowed` key `0x25c0667e46a704afcf5305b0a586cc24c171e94d`.0x7d2768de32b0b80b7a3454c06bdac94a69ddc7a9 @@
- 0
+ 115792089237316195423570985008687907853269984665640564039457584007913129639935
# Proxy at `0xc662c410C0ECf747543f5bA90660f6ABeBD9C8c4`
@@ Slot `0x3417c5e74af14d79f620c5547bb0cf36b7bcf8fa6c5802dfc1bed2bf4add11ce` @@
- "0x0000000000000000000000000000000000000000000000000000000000000000"
+ "0x0000000000000000000000000000000000000000000000000000000000000001"
@@ Slot `0x40af3c5d10641ea6a095e7a9b843218461f4c8d604207c721ffceec9721b1ac5` @@
- "0x000000000000000000000000000000000000000000000000000000000001b5b2"
+ "0x000000000000000000000000000000000000000000000000000000000001b5b3"# TetherToken (Tether USD) at `0xdAC17F958D2ee523a2206206994597C13D831ec7`
@@ `allowed` key `0x25c0667e46a704afcf5305b0a586cc24c171e94d`.0x7d2768de32b0b80b7a3454c06bdac94a69ddc7a9 @@
- 0
+ 115792089237316195423570985008687907853269984665640564039457584007913129639935
Info:
- There is no SELFDESTRUCT inside of delegated call
Info:
- Events Emitted:
- unknown contract name at
0x25c0667E46a704AfCF5305B0A586CC24c171E94DUpgraded(implementation: 0x69f4057cc8a32bde63c2d62724ce14ed1ad4b93a)- Undecoded log:
{"name":"","anonymous":false,"inputs":null,"raw":{"address":"0x25c0667e46a704afcf5305b0a586cc24c171e94d","topics":["0x455745af847e51faecf72ab3a7b8a79bfd214b0132c7e9bbc39c3912cf1ba4d6"],"data":"0x000000000000000000000000bcca60bb61934080951369a648fb03df4f96263c014cdaa224881ea760b055a50b7b8e65447d9310f5c637294e08a0fc0d04c0ce00000000000000000000000000000000000000000000000000000006fc23ac00"}} - Undecoded log:
{"name":"","anonymous":false,"inputs":null,"raw":{"address":"0x25c0667e46a704afcf5305b0a586cc24c171e94d","topics":["0x455745af847e51faecf72ab3a7b8a79bfd214b0132c7e9bbc39c3912cf1ba4d6"],"data":"0x0000000000000000000000003ed3b47dd13ec9a98b44e6204a523e766b22581102e905e3d2fcf4e5813fef9bfe528a304e8e5adc8cbdc247b3980d7a96a01b9000000000000000000000000000000000000000000000000000000006fc23ac00"}} - Undecoded log:
{"name":"","anonymous":false,"inputs":null,"raw":{"address":"0x25c0667e46a704afcf5305b0a586cc24c171e94d","topics":["0x455745af847e51faecf72ab3a7b8a79bfd214b0132c7e9bbc39c3912cf1ba4d6"],"data":"0x000000000000000000000000028171bca77440897b824ca71d1c56cac55b68a304212f12efcfc9e847bd98e58daff7dc588c4896f6cd320b74023ad5606f02fd00000000000000000000000000000000000000000000065a4da25d3016c00000"}} - Undecoded log:
{"name":"","anonymous":false,"inputs":null,"raw":{"address":"0x25c0667e46a704afcf5305b0a586cc24c171e94d","topics":["0x7f26b83ff96e1f2b6a682f133852f6798a09c465da95921460cefb3847402498"],"data":"0x0000000000000000000000000000000000000000000000000000000000000001"}} LogNote(sig: 0x7e644d79, data: 0x)
- FiatTokenProxy at
0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48with implementation FiatTokenV2_1 at0xa2327a938Febf5FEC13baCFb16Ae10EcBc4cbDCFApproval(owner: 0x25c0667e46a704afcf5305b0a586cc24c171e94d, spender: 0x7d2768de32b0b80b7a3454c06bdac94a69ddc7a9, value: 115792089237316195423570985008687907853269984665640564039457584007913129639935)
- TetherToken (Tether USD) at
0xdAC17F958D2ee523a2206206994597C13D831ec7Approval(owner: 0x25c0667e46a704afcf5305b0a586cc24c171e94d, spender: 0x7d2768de32b0b80b7a3454c06bdac94a69ddc7a9, value: 115792089237316195423570985008687907853269984665640564039457584007913129639935)
- Dai (Dai Stablecoin) at
0x6B175474E89094C44Da98b954EedeAC495271d0FApproval(owner: 0x25c0667e46a704afcf5305b0a586cc24c171e94d, spender: 0x7d2768de32b0b80b7a3454c06bdac94a69ddc7a9, value: 115792089237316195423570985008687907853269984665640564039457584007913129639935)
- TransparentProxyFactory at
0xC354ce29aa85e864e55277eF47Fc6a92532Dd6CaProxyDeterministicCreated(proxy: 0x25c0667e46a704afcf5305b0a586cc24c171e94d, logic: 0x69f4057cc8a32bde63c2d62724ce14ed1ad4b93a, admin: 0xee56e2b3d491590b5b31738cc34d5232f378a8d5, salt: 0xfefd94ac2e049b0e6992f7b2c659e3a2ca59a9c90b3176e3131e69a8fc7d9a05)
- Proxy at
0xc662c410C0ECf747543f5bA90660f6ABeBD9C8c4LogMessageToL2(fromAddress: 0xee56e2b3d491590b5b31738cc34d5232f378a8d5, toAddress: 3497856215714113292096158725864448932158135529955691197940892459736436243692, selector: 300224956480472355485152391090755024345070441743081995053718200325371913697, payload: 336132298746571405064124802081666372215486648199887314802401770236648763737, nonce: 112050, fee: 0)
- unknown contract name at
Info:
- Targets:
- 0x4919E176f02142C20727da215e8dc1b3d046D026: Contract (not verified)
Info:
- Touched address:
- 0x55B16934C3661E1990939bC57322554d9B09f262: EOA (verification not applicable)
- 0xEC568fffba86c094cf06b22134B23074DFE2252c: Contract (verified) (AaveGovernanceV2)
- 0xEE56e2B3D491590B5b31738cC34d5232F378a8D5: Contract (verified) (Executor)
- 0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e: Contract (verified) (GovernanceStrategy)
- 0x7Fc66500c84A76Ad7e9c93437bFc5Ac33E2DDaE9: Contract (verified) (InitializableAdminUpgradeabilityProxy)
- 0xC13eac3B4F9EED480045113B7af00F7B5655Ece8: Contract (verified) (AaveTokenV2)
- 0x4919E176f02142C20727da215e8dc1b3d046D026: Contract (not verified)
- 0xC354ce29aa85e864e55277eF47Fc6a92532Dd6Ca: Contract (verified) (TransparentProxyFactory)
- 0x25c0667E46a704AfCF5305B0A586CC24c171E94D: Contract (not verified)
- 0x69F4057cC8A32bdE63c2d62724CE14Ed1aD4B93A: Contract (not verified)
- 0xd784927Ff2f95ba542BfC824c8a8a98F3495f6b5: Contract (verified) (InitializableImmutableAdminUpgradeabilityProxy)
- 0xD9ED413bCF58c266F95fE6BA63B13cf79299CE31: Contract (verified) (StakedTokenIncentivesController)
- 0xBcca60bB61934080951369a648Fb03DF4F96263C: Contract (verified) (InitializableImmutableAdminUpgradeabilityProxy)
- 0x1C050bCa8BAbe53Ef769d0d2e411f556e1a27E7B: Contract (verified) (AToken)
- 0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48: Contract (verified) (FiatTokenProxy)
- 0xa2327a938Febf5FEC13baCFb16Ae10EcBc4cbDCF: Contract (verified) (FiatTokenV2_1)
- 0x3Ed3B47Dd13EC9a98b44e6204A523E766B225811: Contract (verified) (InitializableImmutableAdminUpgradeabilityProxy)
- 0x3F06560cfB7af6E6B5102c358f679DE5150b3b4C: Contract (verified) (AToken)
- 0xdAC17F958D2ee523a2206206994597C13D831ec7: Contract (verified) (TetherToken)
- 0x028171bCA77440897B824Ca71D1c56caC55b68A3: Contract (verified) (InitializableImmutableAdminUpgradeabilityProxy)
- 0x7b2a3CF972C3193F26CdeC6217D27379b6417bD0: Contract (verified) (AToken)
- 0x6B175474E89094C44Da98b954EedeAC495271d0F: Contract (verified) (Dai)
- 0x8c598667A5a6A14F04172326e62CE143BF8edaAB: Contract (not verified)
- 0xc662c410C0ECf747543f5bA90660f6ABeBD9C8c4: Contract (verified) (Proxy)
- 0xE267213B0749Bb94c575F6170812c887330d9cE3: Contract (verified) (Starknet)
Info:
View Details
View warnings for InitializableImmutableAdminUpgradeabilityProxy at `0x028171bCA77440897B824Ca71D1c56caC55b68A3`
WARNING:CryticCompile:Warning: contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:16:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract BaseImmutableAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableImmutableAdminUpgradeabilityProxy is
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
View warnings for InitializableImmutableAdminUpgradeabilityProxy at `0x3Ed3B47Dd13EC9a98b44e6204A523E766B225811`
WARNING:CryticCompile:Warning: contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:16:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract BaseImmutableAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableImmutableAdminUpgradeabilityProxy is
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
View warnings for InitializableAdminUpgradeabilityProxy at `0x7Fc66500c84A76Ad7e9c93437bFc5Ac33E2DDaE9` with implementation AaveTokenV2 (Aave Token) at `0xC13eac3B4F9EED480045113B7af00F7B5655Ece8`
WARNING:CryticCompile:Warning: contracts/open-zeppelin/Address.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/BaseUpgradeabilityProxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/Proxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/SafeMath.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/UpgradeabilityProxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol:13:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract BaseAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/open-zeppelin/Proxy.sol:15:3: The payable fallback function is defined here.
fallback () payable external {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/open-zeppelin/Proxy.sol:15:3: The payable fallback function is defined here.
fallback () payable external {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/open-zeppelin/InitializableAdminUpgradeabilityProxy.sol:12:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableAdminUpgradeabilityProxy is BaseAdminUpgradeabilityProxy, InitializableUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/open-zeppelin/Proxy.sol:15:3: The payable fallback function is defined here.
fallback () payable external {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/utils/MockTransferHook.sol:9:25: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function onTransfer(address from, address to, uint256 amount) external override {
^----------^
Warning: contracts/utils/MockTransferHook.sol:9:39: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function onTransfer(address from, address to, uint256 amount) external override {
^--------^
Warning: contracts/utils/MockTransferHook.sol:9:51: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function onTransfer(address from, address to, uint256 amount) external override {
^------------^
View warnings for FiatTokenProxy at `0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48` with implementation FiatTokenV2_1 at `0xa2327a938Febf5FEC13baCFb16Ae10EcBc4cbDCF`
WARNING:CryticCompile:Warning: crytic-export/etherscan-contracts/0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48-FiatTokenProxy.sol:219:34: Warning: Function declared as view, but this expression (potentially) modifies the state and thus requires non-payable (the default) or payable.
function admin() external view ifAdmin returns (address) {
^-----^
Warning: crytic-export/etherscan-contracts/0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48-FiatTokenProxy.sol:226:43: Warning: Function declared as view, but this expression (potentially) modifies the state and thus requires non-payable (the default) or payable.
function implementation() external view ifAdmin returns (address) {
^-----^
Warning: crytic-export/etherscan-contracts/0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48-FiatTokenProxy.sol:58:3: Warning: Function state mutability can be restricted to pure
function _willFallback() internal {
^ (Relevant source part starts here and spans across multiple lines).
View warnings for FiatTokenV2_1 at `0xa2327a938Febf5FEC13baCFb16Ae10EcBc4cbDCF`
WARNING:CryticCompile:Warning: crytic-export/etherscan-contracts/0xa2327a938Febf5FEC13baCFb16Ae10EcBc4cbDCF-FiatTokenV2_1.sol:2224:5: Warning: Function state mutability can be restricted to pure
function version() external view returns (string memory) {
^ (Relevant source part starts here and spans across multiple lines).
View warnings for InitializableImmutableAdminUpgradeabilityProxy at `0xBcca60bB61934080951369a648Fb03DF4F96263C`
WARNING:CryticCompile:Warning: contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:16:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract BaseImmutableAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableImmutableAdminUpgradeabilityProxy is
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
View warnings for AaveTokenV2 (Aave Token) at `0xC13eac3B4F9EED480045113B7af00F7B5655Ece8`
WARNING:CryticCompile:Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:453:18: Warning: This declaration shadows an existing declaration.
constructor (string memory name, string memory symbol) public {
^----------------^
crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:462:5: The shadowed declaration is here:
function name() public view returns (string memory) {
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:453:38: Warning: This declaration shadows an existing declaration.
constructor (string memory name, string memory symbol) public {
^------------------^
crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:470:5: The shadowed declaration is here:
function symbol() public view returns (string memory) {
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:35:3: Warning: Interface functions are implicitly "virtual"
function delegateByType(address delegatee, DelegationType delegationType) external virtual;
^-----------------------------------------------------------------------------------------^
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:40:3: Warning: Interface functions are implicitly "virtual"
function delegate(address delegatee) external virtual;
^----------------------------------------------------^
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:45:3: Warning: Interface functions are implicitly "virtual"
function getDelegateeByType(address delegator, DelegationType delegationType)
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:56:3: Warning: Interface functions are implicitly "virtual"
function getPowerCurrent(address user, DelegationType delegationType)
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:66:3: Warning: Interface functions are implicitly "virtual"
function getPowerAtBlock(
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:75:3: Warning: Interface functions are implicitly "virtual"
function totalSupplyAt(uint256 blockNumber) external virtual view returns (uint256);
^----------------------------------------------------------------------------------^
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:453:5: Warning: Visibility for constructor is ignored. If you want the contract to be non-deployable, making it "abstract" is sufficient.
constructor (string memory name, string memory symbol) public {
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:1161:3: Warning: Visibility for constructor is ignored. If you want the contract to be non-deployable, making it "abstract" is sufficient.
constructor() public ERC20(NAME, SYMBOL) {}
^-----------------------------------------^
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:913:26: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function totalSupplyAt(uint256 blockNumber) external override view returns (uint256) {
^-----------------^
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:1079:5: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
uint128 oldValue,
^--------------^
View warnings for InitializableImmutableAdminUpgradeabilityProxy at `0xd784927Ff2f95ba542BfC824c8a8a98F3495f6b5`
WARNING:CryticCompile:Warning: crytic-export/etherscan-contracts/0xd784927Ff2f95ba542BfC824c8a8a98F3495f6b5-InitializableImmutableAdminUpgradeabilityProxy.sol:199:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
crytic-export/etherscan-contracts/0xd784927Ff2f95ba542BfC824c8a8a98F3495f6b5-InitializableImmutableAdminUpgradeabilityProxy.sol:75:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0xd784927Ff2f95ba542BfC824c8a8a98F3495f6b5-InitializableImmutableAdminUpgradeabilityProxy.sol:229:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract BaseImmutableAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
crytic-export/etherscan-contracts/0xd784927Ff2f95ba542BfC824c8a8a98F3495f6b5-InitializableImmutableAdminUpgradeabilityProxy.sol:75:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0xd784927Ff2f95ba542BfC824c8a8a98F3495f6b5-InitializableImmutableAdminUpgradeabilityProxy.sol:299:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableImmutableAdminUpgradeabilityProxy is
^ (Relevant source part starts here and spans across multiple lines).
crytic-export/etherscan-contracts/0xd784927Ff2f95ba542BfC824c8a8a98F3495f6b5-InitializableImmutableAdminUpgradeabilityProxy.sol:75:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
View warnings for Starknet at `0xE267213B0749Bb94c575F6170812c887330d9cE3`
WARNING:CryticCompile:Warning: ProxySupport.sol:36:5: Warning: Function state mutability can be restricted to pure
function isFrozen() external view virtual returns (bool) {
^ (Relevant source part starts here and spans across multiple lines).
Info:
View Details
Slither report for InitializableImmutableAdminUpgradeabilityProxy at `0x028171bCA77440897B824Ca71D1c56caC55b68A3`
Warning: contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:16:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract BaseImmutableAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableImmutableAdminUpgradeabilityProxy is
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
InitializableUpgradeabilityProxy.initialize(address,bytes) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20-28) uses delegatecall to a input-controlled function id
- (success) = _logic.delegatecall(_data) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#controlled-delegatecall
BaseImmutableAdminUpgradeabilityProxy.constructor(address).admin (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#19) shadows:
- BaseImmutableAdminUpgradeabilityProxy.admin() (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#34-36) (function)
InitializableImmutableAdminUpgradeabilityProxy.constructor(address).admin (contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol#15) shadows:
- BaseImmutableAdminUpgradeabilityProxy.admin() (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#34-36) (function)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#local-variable-shadowing
InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) lacks a zero-check on :
- (success) = _logic.delegatecall(_data) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
BaseImmutableAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes).newImplementation (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#63) lacks a zero-check on :
- (success) = newImplementation.delegatecall(data) (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#69)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-zero-address-validation
Modifier BaseImmutableAdminUpgradeabilityProxy.ifAdmin() (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#23-29) does not always execute _; or revertReference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-modifier
Address.isContract(address) (contracts/dependencies/openzeppelin/contracts/Address.sol#25-36) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/contracts/Address.sol#32-34)
BaseUpgradeabilityProxy._implementation() (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#31-37) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#34-36)
BaseUpgradeabilityProxy._setImplementation(address) (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#52-64) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#61-63)
Proxy._delegate(address) (contracts/dependencies/openzeppelin/upgradeability/Proxy.sol#31-55) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/upgradeability/Proxy.sol#33-54)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage
Address.sendValue(address,uint256) (contracts/dependencies/openzeppelin/contracts/Address.sol#54-60) is never used and should be removed
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dead-code
Low level call in Address.sendValue(address,uint256) (contracts/dependencies/openzeppelin/contracts/Address.sol#54-60):
- (success) = recipient.call{value: amount}() (contracts/dependencies/openzeppelin/contracts/Address.sol#58)
Low level call in InitializableUpgradeabilityProxy.initialize(address,bytes) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20-28):
- (success) = _logic.delegatecall(_data) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
Low level call in BaseImmutableAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes) (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#63-71):
- (success) = newImplementation.delegatecall(data) (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#69)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) is not in mixedCase
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._data (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) is not in mixedCase
Variable BaseImmutableAdminUpgradeabilityProxy.ADMIN (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#17) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
0x028171bCA77440897B824Ca71D1c56caC55b68A3 analyzed (6 contracts with 75 detectors), 17 result(s) found
Slither report for AToken (Aave interest bearing USDC) at `0x1C050bCa8BAbe53Ef769d0d2e411f556e1a27E7B`
IncentivizedERC20.constructor(string,string,uint8,address).name (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#29) shadows:
- IncentivizedERC20.name() (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#43-45) (function)
- IERC20Detailed.name() (@aave/protocol-v2/contracts/dependencies/openzeppelin/contracts/IERC20Detailed.sol#7) (function)
IncentivizedERC20.constructor(string,string,uint8,address).symbol (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#30) shadows:
- IncentivizedERC20.symbol() (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#50-52) (function)
- IERC20Detailed.symbol() (@aave/protocol-v2/contracts/dependencies/openzeppelin/contracts/IERC20Detailed.sol#9) (function)
IncentivizedERC20.constructor(string,string,uint8,address).decimals (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#31) shadows:
- IncentivizedERC20.decimals() (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#57-59) (function)
- IERC20Detailed.decimals() (@aave/protocol-v2/contracts/dependencies/openzeppelin/contracts/IERC20Detailed.sol#11) (function)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#local-variable-shadowing
AToken.constructor(ILendingPool,address,address,string,string,address).underlyingAssetAddress (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#47) lacks a zero-check on :
- UNDERLYING_ASSET_ADDRESS = underlyingAssetAddress (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#54)
AToken.constructor(ILendingPool,address,address,string,string,address).reserveTreasuryAddress (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#48) lacks a zero-check on :
- RESERVE_TREASURY_ADDRESS = reserveTreasuryAddress (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#55)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-zero-address-validation
Reentrancy in IncentivizedERC20.transferFrom(address,address,uint256) (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#120-133):
External calls:
- _transfer(sender,recipient,amount) (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#125)
- _incentivesController.handleAction(sender,currentTotalSupply,oldSenderBalance) (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#185)
- _incentivesController.handleAction(recipient,currentTotalSupply,oldRecipientBalance) (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#187)
State variables written after the call(s):
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#126-130)
- _allowances[owner][spender] = amount (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#232)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-2
Reentrancy in AToken._transfer(address,address,uint256,bool) (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#321-346):
External calls:
- super._transfer(from,to,amount.rayDiv(index)) (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#332)
- _incentivesController.handleAction(sender,currentTotalSupply,oldSenderBalance) (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#185)
- _incentivesController.handleAction(recipient,currentTotalSupply,oldRecipientBalance) (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#187)
- POOL.finalizeTransfer(UNDERLYING_ASSET_ADDRESS,from,to,amount,fromBalanceBefore,toBalanceBefore) (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#335-342)
Event emitted after the call(s):
- BalanceTransfer(from,to,amount,index) (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#345)
Reentrancy in AToken.burn(address,address,uint256,uint256) (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#108-122):
External calls:
- _burn(user,amountScaled) (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#116)
- _incentivesController.handleAction(account,oldTotalSupply,oldAccountBalance) (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#220)
- IERC20(UNDERLYING_ASSET_ADDRESS).safeTransfer(receiverOfUnderlying,amount) (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#118)
Event emitted after the call(s):
- Burn(user,receiverOfUnderlying,amount,index) (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#121)
- Transfer(user,address(0),amount) (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#120)
Reentrancy in AToken.mint(address,uint256,uint256) (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#132-147):
External calls:
- _mint(user,amountScaled) (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#141)
- _incentivesController.handleAction(account,oldTotalSupply,oldAccountBalance) (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#204)
Event emitted after the call(s):
- Mint(user,amount,index) (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#144)
- Transfer(address(0),user,amount) (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#143)
Reentrancy in AToken.mintToTreasury(uint256,uint256) (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#155-168):
External calls:
- _mint(RESERVE_TREASURY_ADDRESS,amount.rayDiv(index)) (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#164)
- _incentivesController.handleAction(account,oldTotalSupply,oldAccountBalance) (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#204)
Event emitted after the call(s):
- Mint(RESERVE_TREASURY_ADDRESS,amount,index) (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#167)
- Transfer(address(0),RESERVE_TREASURY_ADDRESS,amount) (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#166)
Reentrancy in IncentivizedERC20.transfer(address,uint256) (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#81-85):
External calls:
- _transfer(_msgSender(),recipient,amount) (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#82)
- _incentivesController.handleAction(sender,currentTotalSupply,oldSenderBalance) (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#185)
- _incentivesController.handleAction(recipient,currentTotalSupply,oldRecipientBalance) (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#187)
Event emitted after the call(s):
- Transfer(_msgSender(),recipient,amount) (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#83)
Reentrancy in IncentivizedERC20.transferFrom(address,address,uint256) (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#120-133):
External calls:
- _transfer(sender,recipient,amount) (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#125)
- _incentivesController.handleAction(sender,currentTotalSupply,oldSenderBalance) (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#185)
- _incentivesController.handleAction(recipient,currentTotalSupply,oldRecipientBalance) (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#187)
Event emitted after the call(s):
- Approval(owner,spender,amount) (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#233)
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#126-130)
- Transfer(sender,recipient,amount) (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#131)
Reentrancy in AToken.transferOnLiquidation(address,address,uint256) (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#177-187):
External calls:
- _transfer(from,to,value,false) (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#184)
- POOL.finalizeTransfer(UNDERLYING_ASSET_ADDRESS,from,to,amount,fromBalanceBefore,toBalanceBefore) (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#335-342)
- _incentivesController.handleAction(sender,currentTotalSupply,oldSenderBalance) (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#185)
- _incentivesController.handleAction(recipient,currentTotalSupply,oldRecipientBalance) (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#187)
Event emitted after the call(s):
- Transfer(from,to,value) (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#186)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-3
AToken.permit(address,address,uint256,uint256,uint8,bytes32,bytes32) (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#287-311) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(block.timestamp <= deadline,INVALID_EXPIRATION) (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#298)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#block-timestamp
Address.isContract(address) (@aave/protocol-v2/contracts/dependencies/openzeppelin/contracts/Address.sol#25-36) uses assembly
- INLINE ASM (@aave/protocol-v2/contracts/dependencies/openzeppelin/contracts/Address.sol#32-34)
VersionedInitializable.isConstructor() (@aave/protocol-v2/contracts/protocol/libraries/aave-upgradeability/VersionedInitializable.sol#61-73) uses assembly
- INLINE ASM (@aave/protocol-v2/contracts/protocol/libraries/aave-upgradeability/VersionedInitializable.sol#69-71)
AToken.initialize(uint8,string,string) (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#62-98) uses assembly
- INLINE ASM (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#70-72)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage
Address.sendValue(address,uint256) (@aave/protocol-v2/contracts/dependencies/openzeppelin/contracts/Address.sol#54-60) is never used and should be removed
Context._msgData() (@aave/protocol-v2/contracts/dependencies/openzeppelin/contracts/Context.sol#19-22) is never used and should be removed
SafeERC20.safeApprove(IERC20,address,uint256) (@aave/protocol-v2/contracts/dependencies/openzeppelin/contracts/SafeERC20.sol#39-49) is never used and should be removed
SafeERC20.safeTransferFrom(IERC20,address,address,uint256) (@aave/protocol-v2/contracts/dependencies/openzeppelin/contracts/SafeERC20.sol#30-37) is never used and should be removed
SafeMath.div(uint256,uint256) (@aave/protocol-v2/contracts/dependencies/openzeppelin/contracts/SafeMath.sol#101-103) is never used and should be removed
SafeMath.div(uint256,uint256,string) (@aave/protocol-v2/contracts/dependencies/openzeppelin/contracts/SafeMath.sol#116-127) is never used and should be removed
SafeMath.mod(uint256,uint256) (@aave/protocol-v2/contracts/dependencies/openzeppelin/contracts/SafeMath.sol#140-142) is never used and should be removed
SafeMath.mod(uint256,uint256,string) (@aave/protocol-v2/contracts/dependencies/openzeppelin/contracts/SafeMath.sol#155-162) is never used and should be removed
SafeMath.mul(uint256,uint256) (@aave/protocol-v2/contracts/dependencies/openzeppelin/contracts/SafeMath.sol#76-88) is never used and should be removed
WadRayMath.halfRay() (@aave/protocol-v2/contracts/protocol/libraries/math/WadRayMath.sol#39-41) is never used and should be removed
WadRayMath.halfWad() (@aave/protocol-v2/contracts/protocol/libraries/math/WadRayMath.sol#46-48) is never used and should be removed
WadRayMath.ray() (@aave/protocol-v2/contracts/protocol/libraries/math/WadRayMath.sol#24-26) is never used and should be removed
WadRayMath.rayToWad(uint256) (@aave/protocol-v2/contracts/protocol/libraries/math/WadRayMath.sol#117-123) is never used and should be removed
WadRayMath.wad() (@aave/protocol-v2/contracts/protocol/libraries/math/WadRayMath.sol#32-34) is never used and should be removed
WadRayMath.wadDiv(uint256,uint256) (@aave/protocol-v2/contracts/protocol/libraries/math/WadRayMath.sol#72-79) is never used and should be removed
WadRayMath.wadMul(uint256,uint256) (@aave/protocol-v2/contracts/protocol/libraries/math/WadRayMath.sol#56-64) is never used and should be removed
WadRayMath.wadToRay(uint256) (@aave/protocol-v2/contracts/protocol/libraries/math/WadRayMath.sol#130-134) is never used and should be removed
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dead-code
Low level call in Address.sendValue(address,uint256) (@aave/protocol-v2/contracts/dependencies/openzeppelin/contracts/Address.sol#54-60):
- (success) = recipient.call{value: amount}() (@aave/protocol-v2/contracts/dependencies/openzeppelin/contracts/Address.sol#58)
Low level call in SafeERC20.callOptionalReturn(IERC20,bytes) (@aave/protocol-v2/contracts/dependencies/openzeppelin/contracts/SafeERC20.sol#51-63):
- (success,returndata) = address(token).call(data) (@aave/protocol-v2/contracts/dependencies/openzeppelin/contracts/SafeERC20.sol#55)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls
Variable VersionedInitializable.______gap (@aave/protocol-v2/contracts/protocol/libraries/aave-upgradeability/VersionedInitializable.sol#76) is not in mixedCase
Constant WadRayMath.halfWAD (@aave/protocol-v2/contracts/protocol/libraries/math/WadRayMath.sol#14) is not in UPPER_CASE_WITH_UNDERSCORES
Constant WadRayMath.halfRAY (@aave/protocol-v2/contracts/protocol/libraries/math/WadRayMath.sol#17) is not in UPPER_CASE_WITH_UNDERSCORES
Variable AToken.UNDERLYING_ASSET_ADDRESS (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#31) is not in mixedCase
Variable AToken.RESERVE_TREASURY_ADDRESS (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#32) is not in mixedCase
Variable AToken.POOL (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#33) is not in mixedCase
Variable AToken._nonces (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#36) is not in mixedCase
Variable AToken.DOMAIN_SEPARATOR (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#38) is not in mixedCase
Variable IncentivizedERC20._incentivesController (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#18) is not in mixedCase
Variable IncentivizedERC20._balances (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#20) is not in mixedCase
Variable IncentivizedERC20._totalSupply (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#23) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
Redundant expression "this (@aave/protocol-v2/contracts/dependencies/openzeppelin/contracts/Context.sol#20)" inContext (@aave/protocol-v2/contracts/dependencies/openzeppelin/contracts/Context.sol#14-23)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#redundant-statements
Variable Errors.LP_INCONSISTENT_FLASHLOAN_PARAMS (@aave/protocol-v2/contracts/protocol/libraries/helpers/Errors.sol#55) is too similar to Errors.VL_INCONSISTENT_FLASHLOAN_PARAMS (@aave/protocol-v2/contracts/protocol/libraries/helpers/Errors.sol#100)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#variable-names-too-similar
VersionedInitializable.______gap (@aave/protocol-v2/contracts/protocol/libraries/aave-upgradeability/VersionedInitializable.sol#76) is never used in AToken (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#19-361)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unused-state-variable
0x1C050bCa8BAbe53Ef769d0d2e411f556e1a27E7B analyzed (17 contracts with 75 detectors), 50 result(s) found
Slither report for InitializableImmutableAdminUpgradeabilityProxy at `0x3Ed3B47Dd13EC9a98b44e6204A523E766B225811`
Warning: contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:16:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract BaseImmutableAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableImmutableAdminUpgradeabilityProxy is
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
InitializableUpgradeabilityProxy.initialize(address,bytes) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20-28) uses delegatecall to a input-controlled function id
- (success) = _logic.delegatecall(_data) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#controlled-delegatecall
BaseImmutableAdminUpgradeabilityProxy.constructor(address).admin (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#19) shadows:
- BaseImmutableAdminUpgradeabilityProxy.admin() (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#34-36) (function)
InitializableImmutableAdminUpgradeabilityProxy.constructor(address).admin (contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol#15) shadows:
- BaseImmutableAdminUpgradeabilityProxy.admin() (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#34-36) (function)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#local-variable-shadowing
InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) lacks a zero-check on :
- (success) = _logic.delegatecall(_data) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
BaseImmutableAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes).newImplementation (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#63) lacks a zero-check on :
- (success) = newImplementation.delegatecall(data) (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#69)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-zero-address-validation
Modifier BaseImmutableAdminUpgradeabilityProxy.ifAdmin() (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#23-29) does not always execute _; or revertReference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-modifier
Address.isContract(address) (contracts/dependencies/openzeppelin/contracts/Address.sol#25-36) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/contracts/Address.sol#32-34)
BaseUpgradeabilityProxy._implementation() (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#31-37) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#34-36)
BaseUpgradeabilityProxy._setImplementation(address) (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#52-64) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#61-63)
Proxy._delegate(address) (contracts/dependencies/openzeppelin/upgradeability/Proxy.sol#31-55) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/upgradeability/Proxy.sol#33-54)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage
Address.sendValue(address,uint256) (contracts/dependencies/openzeppelin/contracts/Address.sol#54-60) is never used and should be removed
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dead-code
Low level call in Address.sendValue(address,uint256) (contracts/dependencies/openzeppelin/contracts/Address.sol#54-60):
- (success) = recipient.call{value: amount}() (contracts/dependencies/openzeppelin/contracts/Address.sol#58)
Low level call in InitializableUpgradeabilityProxy.initialize(address,bytes) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20-28):
- (success) = _logic.delegatecall(_data) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
Low level call in BaseImmutableAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes) (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#63-71):
- (success) = newImplementation.delegatecall(data) (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#69)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) is not in mixedCase
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._data (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) is not in mixedCase
Variable BaseImmutableAdminUpgradeabilityProxy.ADMIN (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#17) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
0x3Ed3B47Dd13EC9a98b44e6204A523E766B225811 analyzed (6 contracts with 75 detectors), 17 result(s) found
Slither report for AToken (Aave interest bearing USDT) at `0x3F06560cfB7af6E6B5102c358f679DE5150b3b4C`
IncentivizedERC20.constructor(string,string,uint8,address).name (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#29) shadows:
- IncentivizedERC20.name() (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#43-45) (function)
- IERC20Detailed.name() (@aave/protocol-v2/contracts/dependencies/openzeppelin/contracts/IERC20Detailed.sol#7) (function)
IncentivizedERC20.constructor(string,string,uint8,address).symbol (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#30) shadows:
- IncentivizedERC20.symbol() (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#50-52) (function)
- IERC20Detailed.symbol() (@aave/protocol-v2/contracts/dependencies/openzeppelin/contracts/IERC20Detailed.sol#9) (function)
IncentivizedERC20.constructor(string,string,uint8,address).decimals (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#31) shadows:
- IncentivizedERC20.decimals() (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#57-59) (function)
- IERC20Detailed.decimals() (@aave/protocol-v2/contracts/dependencies/openzeppelin/contracts/IERC20Detailed.sol#11) (function)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#local-variable-shadowing
AToken.constructor(ILendingPool,address,address,string,string,address).underlyingAssetAddress (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#47) lacks a zero-check on :
- UNDERLYING_ASSET_ADDRESS = underlyingAssetAddress (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#54)
AToken.constructor(ILendingPool,address,address,string,string,address).reserveTreasuryAddress (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#48) lacks a zero-check on :
- RESERVE_TREASURY_ADDRESS = reserveTreasuryAddress (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#55)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-zero-address-validation
Reentrancy in IncentivizedERC20.transferFrom(address,address,uint256) (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#120-133):
External calls:
- _transfer(sender,recipient,amount) (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#125)
- _incentivesController.handleAction(sender,currentTotalSupply,oldSenderBalance) (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#185)
- _incentivesController.handleAction(recipient,currentTotalSupply,oldRecipientBalance) (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#187)
State variables written after the call(s):
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#126-130)
- _allowances[owner][spender] = amount (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#232)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-2
Reentrancy in AToken._transfer(address,address,uint256,bool) (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#321-346):
External calls:
- super._transfer(from,to,amount.rayDiv(index)) (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#332)
- _incentivesController.handleAction(sender,currentTotalSupply,oldSenderBalance) (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#185)
- _incentivesController.handleAction(recipient,currentTotalSupply,oldRecipientBalance) (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#187)
- POOL.finalizeTransfer(UNDERLYING_ASSET_ADDRESS,from,to,amount,fromBalanceBefore,toBalanceBefore) (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#335-342)
Event emitted after the call(s):
- BalanceTransfer(from,to,amount,index) (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#345)
Reentrancy in AToken.burn(address,address,uint256,uint256) (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#108-122):
External calls:
- _burn(user,amountScaled) (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#116)
- _incentivesController.handleAction(account,oldTotalSupply,oldAccountBalance) (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#220)
- IERC20(UNDERLYING_ASSET_ADDRESS).safeTransfer(receiverOfUnderlying,amount) (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#118)
Event emitted after the call(s):
- Burn(user,receiverOfUnderlying,amount,index) (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#121)
- Transfer(user,address(0),amount) (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#120)
Reentrancy in AToken.mint(address,uint256,uint256) (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#132-147):
External calls:
- _mint(user,amountScaled) (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#141)
- _incentivesController.handleAction(account,oldTotalSupply,oldAccountBalance) (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#204)
Event emitted after the call(s):
- Mint(user,amount,index) (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#144)
- Transfer(address(0),user,amount) (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#143)
Reentrancy in AToken.mintToTreasury(uint256,uint256) (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#155-168):
External calls:
- _mint(RESERVE_TREASURY_ADDRESS,amount.rayDiv(index)) (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#164)
- _incentivesController.handleAction(account,oldTotalSupply,oldAccountBalance) (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#204)
Event emitted after the call(s):
- Mint(RESERVE_TREASURY_ADDRESS,amount,index) (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#167)
- Transfer(address(0),RESERVE_TREASURY_ADDRESS,amount) (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#166)
Reentrancy in IncentivizedERC20.transfer(address,uint256) (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#81-85):
External calls:
- _transfer(_msgSender(),recipient,amount) (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#82)
- _incentivesController.handleAction(sender,currentTotalSupply,oldSenderBalance) (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#185)
- _incentivesController.handleAction(recipient,currentTotalSupply,oldRecipientBalance) (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#187)
Event emitted after the call(s):
- Transfer(_msgSender(),recipient,amount) (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#83)
Reentrancy in IncentivizedERC20.transferFrom(address,address,uint256) (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#120-133):
External calls:
- _transfer(sender,recipient,amount) (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#125)
- _incentivesController.handleAction(sender,currentTotalSupply,oldSenderBalance) (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#185)
- _incentivesController.handleAction(recipient,currentTotalSupply,oldRecipientBalance) (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#187)
Event emitted after the call(s):
- Approval(owner,spender,amount) (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#233)
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#126-130)
- Transfer(sender,recipient,amount) (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#131)
Reentrancy in AToken.transferOnLiquidation(address,address,uint256) (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#177-187):
External calls:
- _transfer(from,to,value,false) (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#184)
- POOL.finalizeTransfer(UNDERLYING_ASSET_ADDRESS,from,to,amount,fromBalanceBefore,toBalanceBefore) (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#335-342)
- _incentivesController.handleAction(sender,currentTotalSupply,oldSenderBalance) (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#185)
- _incentivesController.handleAction(recipient,currentTotalSupply,oldRecipientBalance) (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#187)
Event emitted after the call(s):
- Transfer(from,to,value) (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#186)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-3
AToken.permit(address,address,uint256,uint256,uint8,bytes32,bytes32) (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#287-311) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(block.timestamp <= deadline,INVALID_EXPIRATION) (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#298)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#block-timestamp
Address.isContract(address) (@aave/protocol-v2/contracts/dependencies/openzeppelin/contracts/Address.sol#25-36) uses assembly
- INLINE ASM (@aave/protocol-v2/contracts/dependencies/openzeppelin/contracts/Address.sol#32-34)
VersionedInitializable.isConstructor() (@aave/protocol-v2/contracts/protocol/libraries/aave-upgradeability/VersionedInitializable.sol#61-73) uses assembly
- INLINE ASM (@aave/protocol-v2/contracts/protocol/libraries/aave-upgradeability/VersionedInitializable.sol#69-71)
AToken.initialize(uint8,string,string) (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#62-98) uses assembly
- INLINE ASM (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#70-72)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage
Address.sendValue(address,uint256) (@aave/protocol-v2/contracts/dependencies/openzeppelin/contracts/Address.sol#54-60) is never used and should be removed
Context._msgData() (@aave/protocol-v2/contracts/dependencies/openzeppelin/contracts/Context.sol#19-22) is never used and should be removed
SafeERC20.safeApprove(IERC20,address,uint256) (@aave/protocol-v2/contracts/dependencies/openzeppelin/contracts/SafeERC20.sol#39-49) is never used and should be removed
SafeERC20.safeTransferFrom(IERC20,address,address,uint256) (@aave/protocol-v2/contracts/dependencies/openzeppelin/contracts/SafeERC20.sol#30-37) is never used and should be removed
SafeMath.div(uint256,uint256) (@aave/protocol-v2/contracts/dependencies/openzeppelin/contracts/SafeMath.sol#101-103) is never used and should be removed
SafeMath.div(uint256,uint256,string) (@aave/protocol-v2/contracts/dependencies/openzeppelin/contracts/SafeMath.sol#116-127) is never used and should be removed
SafeMath.mod(uint256,uint256) (@aave/protocol-v2/contracts/dependencies/openzeppelin/contracts/SafeMath.sol#140-142) is never used and should be removed
SafeMath.mod(uint256,uint256,string) (@aave/protocol-v2/contracts/dependencies/openzeppelin/contracts/SafeMath.sol#155-162) is never used and should be removed
SafeMath.mul(uint256,uint256) (@aave/protocol-v2/contracts/dependencies/openzeppelin/contracts/SafeMath.sol#76-88) is never used and should be removed
WadRayMath.halfRay() (@aave/protocol-v2/contracts/protocol/libraries/math/WadRayMath.sol#39-41) is never used and should be removed
WadRayMath.halfWad() (@aave/protocol-v2/contracts/protocol/libraries/math/WadRayMath.sol#46-48) is never used and should be removed
WadRayMath.ray() (@aave/protocol-v2/contracts/protocol/libraries/math/WadRayMath.sol#24-26) is never used and should be removed
WadRayMath.rayToWad(uint256) (@aave/protocol-v2/contracts/protocol/libraries/math/WadRayMath.sol#117-123) is never used and should be removed
WadRayMath.wad() (@aave/protocol-v2/contracts/protocol/libraries/math/WadRayMath.sol#32-34) is never used and should be removed
WadRayMath.wadDiv(uint256,uint256) (@aave/protocol-v2/contracts/protocol/libraries/math/WadRayMath.sol#72-79) is never used and should be removed
WadRayMath.wadMul(uint256,uint256) (@aave/protocol-v2/contracts/protocol/libraries/math/WadRayMath.sol#56-64) is never used and should be removed
WadRayMath.wadToRay(uint256) (@aave/protocol-v2/contracts/protocol/libraries/math/WadRayMath.sol#130-134) is never used and should be removed
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dead-code
Low level call in Address.sendValue(address,uint256) (@aave/protocol-v2/contracts/dependencies/openzeppelin/contracts/Address.sol#54-60):
- (success) = recipient.call{value: amount}() (@aave/protocol-v2/contracts/dependencies/openzeppelin/contracts/Address.sol#58)
Low level call in SafeERC20.callOptionalReturn(IERC20,bytes) (@aave/protocol-v2/contracts/dependencies/openzeppelin/contracts/SafeERC20.sol#51-63):
- (success,returndata) = address(token).call(data) (@aave/protocol-v2/contracts/dependencies/openzeppelin/contracts/SafeERC20.sol#55)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls
Variable VersionedInitializable.______gap (@aave/protocol-v2/contracts/protocol/libraries/aave-upgradeability/VersionedInitializable.sol#76) is not in mixedCase
Constant WadRayMath.halfWAD (@aave/protocol-v2/contracts/protocol/libraries/math/WadRayMath.sol#14) is not in UPPER_CASE_WITH_UNDERSCORES
Constant WadRayMath.halfRAY (@aave/protocol-v2/contracts/protocol/libraries/math/WadRayMath.sol#17) is not in UPPER_CASE_WITH_UNDERSCORES
Variable AToken.UNDERLYING_ASSET_ADDRESS (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#31) is not in mixedCase
Variable AToken.RESERVE_TREASURY_ADDRESS (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#32) is not in mixedCase
Variable AToken.POOL (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#33) is not in mixedCase
Variable AToken._nonces (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#36) is not in mixedCase
Variable AToken.DOMAIN_SEPARATOR (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#38) is not in mixedCase
Variable IncentivizedERC20._incentivesController (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#18) is not in mixedCase
Variable IncentivizedERC20._balances (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#20) is not in mixedCase
Variable IncentivizedERC20._totalSupply (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#23) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
Redundant expression "this (@aave/protocol-v2/contracts/dependencies/openzeppelin/contracts/Context.sol#20)" inContext (@aave/protocol-v2/contracts/dependencies/openzeppelin/contracts/Context.sol#14-23)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#redundant-statements
Variable Errors.LP_INCONSISTENT_FLASHLOAN_PARAMS (@aave/protocol-v2/contracts/protocol/libraries/helpers/Errors.sol#55) is too similar to Errors.VL_INCONSISTENT_FLASHLOAN_PARAMS (@aave/protocol-v2/contracts/protocol/libraries/helpers/Errors.sol#100)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#variable-names-too-similar
VersionedInitializable.______gap (@aave/protocol-v2/contracts/protocol/libraries/aave-upgradeability/VersionedInitializable.sol#76) is never used in AToken (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#19-361)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unused-state-variable
0x3F06560cfB7af6E6B5102c358f679DE5150b3b4C analyzed (17 contracts with 75 detectors), 50 result(s) found
Slither report for Dai (Dai Stablecoin) at `0x6B175474E89094C44Da98b954EedeAC495271d0F`
Dai.permit(address,address,uint256,uint256,bool,uint8,bytes32,bytes32) (crytic-export/etherscan-contracts/0x6B175474E89094C44Da98b954EedeAC495271d0F-Dai.sol#167-189) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(expiry == 0 || now <= expiry,Dai/permit-expired) (crytic-export/etherscan-contracts/0x6B175474E89094C44Da98b954EedeAC495271d0F-Dai.sol#184)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#block-timestamp
Constant Dai.version (crytic-export/etherscan-contracts/0x6B175474E89094C44Da98b954EedeAC495271d0F-Dai.sol#82) is not in UPPER_CASE_WITH_UNDERSCORES
Variable Dai.DOMAIN_SEPARATOR (crytic-export/etherscan-contracts/0x6B175474E89094C44Da98b954EedeAC495271d0F-Dai.sol#102) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
0x6B175474E89094C44Da98b954EedeAC495271d0F analyzed (2 contracts with 75 detectors), 3 result(s) found
Slither report for AToken (Aave interest bearing DAI) at `0x7b2a3CF972C3193F26CdeC6217D27379b6417bD0`
IncentivizedERC20.constructor(string,string,uint8,address).name (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#29) shadows:
- IncentivizedERC20.name() (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#43-45) (function)
- IERC20Detailed.name() (@aave/protocol-v2/contracts/dependencies/openzeppelin/contracts/IERC20Detailed.sol#7) (function)
IncentivizedERC20.constructor(string,string,uint8,address).symbol (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#30) shadows:
- IncentivizedERC20.symbol() (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#50-52) (function)
- IERC20Detailed.symbol() (@aave/protocol-v2/contracts/dependencies/openzeppelin/contracts/IERC20Detailed.sol#9) (function)
IncentivizedERC20.constructor(string,string,uint8,address).decimals (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#31) shadows:
- IncentivizedERC20.decimals() (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#57-59) (function)
- IERC20Detailed.decimals() (@aave/protocol-v2/contracts/dependencies/openzeppelin/contracts/IERC20Detailed.sol#11) (function)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#local-variable-shadowing
AToken.constructor(ILendingPool,address,address,string,string,address).underlyingAssetAddress (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#47) lacks a zero-check on :
- UNDERLYING_ASSET_ADDRESS = underlyingAssetAddress (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#54)
AToken.constructor(ILendingPool,address,address,string,string,address).reserveTreasuryAddress (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#48) lacks a zero-check on :
- RESERVE_TREASURY_ADDRESS = reserveTreasuryAddress (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#55)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-zero-address-validation
Reentrancy in IncentivizedERC20.transferFrom(address,address,uint256) (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#120-133):
External calls:
- _transfer(sender,recipient,amount) (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#125)
- _incentivesController.handleAction(sender,currentTotalSupply,oldSenderBalance) (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#185)
- _incentivesController.handleAction(recipient,currentTotalSupply,oldRecipientBalance) (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#187)
State variables written after the call(s):
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#126-130)
- _allowances[owner][spender] = amount (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#232)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-2
Reentrancy in AToken._transfer(address,address,uint256,bool) (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#321-346):
External calls:
- super._transfer(from,to,amount.rayDiv(index)) (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#332)
- _incentivesController.handleAction(sender,currentTotalSupply,oldSenderBalance) (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#185)
- _incentivesController.handleAction(recipient,currentTotalSupply,oldRecipientBalance) (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#187)
- POOL.finalizeTransfer(UNDERLYING_ASSET_ADDRESS,from,to,amount,fromBalanceBefore,toBalanceBefore) (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#335-342)
Event emitted after the call(s):
- BalanceTransfer(from,to,amount,index) (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#345)
Reentrancy in AToken.burn(address,address,uint256,uint256) (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#108-122):
External calls:
- _burn(user,amountScaled) (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#116)
- _incentivesController.handleAction(account,oldTotalSupply,oldAccountBalance) (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#220)
- IERC20(UNDERLYING_ASSET_ADDRESS).safeTransfer(receiverOfUnderlying,amount) (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#118)
Event emitted after the call(s):
- Burn(user,receiverOfUnderlying,amount,index) (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#121)
- Transfer(user,address(0),amount) (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#120)
Reentrancy in AToken.mint(address,uint256,uint256) (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#132-147):
External calls:
- _mint(user,amountScaled) (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#141)
- _incentivesController.handleAction(account,oldTotalSupply,oldAccountBalance) (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#204)
Event emitted after the call(s):
- Mint(user,amount,index) (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#144)
- Transfer(address(0),user,amount) (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#143)
Reentrancy in AToken.mintToTreasury(uint256,uint256) (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#155-168):
External calls:
- _mint(RESERVE_TREASURY_ADDRESS,amount.rayDiv(index)) (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#164)
- _incentivesController.handleAction(account,oldTotalSupply,oldAccountBalance) (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#204)
Event emitted after the call(s):
- Mint(RESERVE_TREASURY_ADDRESS,amount,index) (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#167)
- Transfer(address(0),RESERVE_TREASURY_ADDRESS,amount) (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#166)
Reentrancy in IncentivizedERC20.transfer(address,uint256) (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#81-85):
External calls:
- _transfer(_msgSender(),recipient,amount) (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#82)
- _incentivesController.handleAction(sender,currentTotalSupply,oldSenderBalance) (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#185)
- _incentivesController.handleAction(recipient,currentTotalSupply,oldRecipientBalance) (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#187)
Event emitted after the call(s):
- Transfer(_msgSender(),recipient,amount) (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#83)
Reentrancy in IncentivizedERC20.transferFrom(address,address,uint256) (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#120-133):
External calls:
- _transfer(sender,recipient,amount) (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#125)
- _incentivesController.handleAction(sender,currentTotalSupply,oldSenderBalance) (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#185)
- _incentivesController.handleAction(recipient,currentTotalSupply,oldRecipientBalance) (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#187)
Event emitted after the call(s):
- Approval(owner,spender,amount) (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#233)
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#126-130)
- Transfer(sender,recipient,amount) (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#131)
Reentrancy in AToken.transferOnLiquidation(address,address,uint256) (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#177-187):
External calls:
- _transfer(from,to,value,false) (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#184)
- POOL.finalizeTransfer(UNDERLYING_ASSET_ADDRESS,from,to,amount,fromBalanceBefore,toBalanceBefore) (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#335-342)
- _incentivesController.handleAction(sender,currentTotalSupply,oldSenderBalance) (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#185)
- _incentivesController.handleAction(recipient,currentTotalSupply,oldRecipientBalance) (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#187)
Event emitted after the call(s):
- Transfer(from,to,value) (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#186)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-3
AToken.permit(address,address,uint256,uint256,uint8,bytes32,bytes32) (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#287-311) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(block.timestamp <= deadline,INVALID_EXPIRATION) (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#298)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#block-timestamp
Address.isContract(address) (@aave/protocol-v2/contracts/dependencies/openzeppelin/contracts/Address.sol#25-36) uses assembly
- INLINE ASM (@aave/protocol-v2/contracts/dependencies/openzeppelin/contracts/Address.sol#32-34)
VersionedInitializable.isConstructor() (@aave/protocol-v2/contracts/protocol/libraries/aave-upgradeability/VersionedInitializable.sol#61-73) uses assembly
- INLINE ASM (@aave/protocol-v2/contracts/protocol/libraries/aave-upgradeability/VersionedInitializable.sol#69-71)
AToken.initialize(uint8,string,string) (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#62-98) uses assembly
- INLINE ASM (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#70-72)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage
Address.sendValue(address,uint256) (@aave/protocol-v2/contracts/dependencies/openzeppelin/contracts/Address.sol#54-60) is never used and should be removed
Context._msgData() (@aave/protocol-v2/contracts/dependencies/openzeppelin/contracts/Context.sol#19-22) is never used and should be removed
SafeERC20.safeApprove(IERC20,address,uint256) (@aave/protocol-v2/contracts/dependencies/openzeppelin/contracts/SafeERC20.sol#39-49) is never used and should be removed
SafeERC20.safeTransferFrom(IERC20,address,address,uint256) (@aave/protocol-v2/contracts/dependencies/openzeppelin/contracts/SafeERC20.sol#30-37) is never used and should be removed
SafeMath.div(uint256,uint256) (@aave/protocol-v2/contracts/dependencies/openzeppelin/contracts/SafeMath.sol#101-103) is never used and should be removed
SafeMath.div(uint256,uint256,string) (@aave/protocol-v2/contracts/dependencies/openzeppelin/contracts/SafeMath.sol#116-127) is never used and should be removed
SafeMath.mod(uint256,uint256) (@aave/protocol-v2/contracts/dependencies/openzeppelin/contracts/SafeMath.sol#140-142) is never used and should be removed
SafeMath.mod(uint256,uint256,string) (@aave/protocol-v2/contracts/dependencies/openzeppelin/contracts/SafeMath.sol#155-162) is never used and should be removed
SafeMath.mul(uint256,uint256) (@aave/protocol-v2/contracts/dependencies/openzeppelin/contracts/SafeMath.sol#76-88) is never used and should be removed
WadRayMath.halfRay() (@aave/protocol-v2/contracts/protocol/libraries/math/WadRayMath.sol#39-41) is never used and should be removed
WadRayMath.halfWad() (@aave/protocol-v2/contracts/protocol/libraries/math/WadRayMath.sol#46-48) is never used and should be removed
WadRayMath.ray() (@aave/protocol-v2/contracts/protocol/libraries/math/WadRayMath.sol#24-26) is never used and should be removed
WadRayMath.rayToWad(uint256) (@aave/protocol-v2/contracts/protocol/libraries/math/WadRayMath.sol#117-123) is never used and should be removed
WadRayMath.wad() (@aave/protocol-v2/contracts/protocol/libraries/math/WadRayMath.sol#32-34) is never used and should be removed
WadRayMath.wadDiv(uint256,uint256) (@aave/protocol-v2/contracts/protocol/libraries/math/WadRayMath.sol#72-79) is never used and should be removed
WadRayMath.wadMul(uint256,uint256) (@aave/protocol-v2/contracts/protocol/libraries/math/WadRayMath.sol#56-64) is never used and should be removed
WadRayMath.wadToRay(uint256) (@aave/protocol-v2/contracts/protocol/libraries/math/WadRayMath.sol#130-134) is never used and should be removed
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dead-code
Low level call in Address.sendValue(address,uint256) (@aave/protocol-v2/contracts/dependencies/openzeppelin/contracts/Address.sol#54-60):
- (success) = recipient.call{value: amount}() (@aave/protocol-v2/contracts/dependencies/openzeppelin/contracts/Address.sol#58)
Low level call in SafeERC20.callOptionalReturn(IERC20,bytes) (@aave/protocol-v2/contracts/dependencies/openzeppelin/contracts/SafeERC20.sol#51-63):
- (success,returndata) = address(token).call(data) (@aave/protocol-v2/contracts/dependencies/openzeppelin/contracts/SafeERC20.sol#55)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls
Variable VersionedInitializable.______gap (@aave/protocol-v2/contracts/protocol/libraries/aave-upgradeability/VersionedInitializable.sol#76) is not in mixedCase
Constant WadRayMath.halfWAD (@aave/protocol-v2/contracts/protocol/libraries/math/WadRayMath.sol#14) is not in UPPER_CASE_WITH_UNDERSCORES
Constant WadRayMath.halfRAY (@aave/protocol-v2/contracts/protocol/libraries/math/WadRayMath.sol#17) is not in UPPER_CASE_WITH_UNDERSCORES
Variable AToken.UNDERLYING_ASSET_ADDRESS (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#31) is not in mixedCase
Variable AToken.RESERVE_TREASURY_ADDRESS (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#32) is not in mixedCase
Variable AToken.POOL (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#33) is not in mixedCase
Variable AToken._nonces (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#36) is not in mixedCase
Variable AToken.DOMAIN_SEPARATOR (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#38) is not in mixedCase
Variable IncentivizedERC20._incentivesController (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#18) is not in mixedCase
Variable IncentivizedERC20._balances (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#20) is not in mixedCase
Variable IncentivizedERC20._totalSupply (@aave/protocol-v2/contracts/protocol/tokenization/IncentivizedERC20.sol#23) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
Redundant expression "this (@aave/protocol-v2/contracts/dependencies/openzeppelin/contracts/Context.sol#20)" inContext (@aave/protocol-v2/contracts/dependencies/openzeppelin/contracts/Context.sol#14-23)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#redundant-statements
Variable Errors.LP_INCONSISTENT_FLASHLOAN_PARAMS (@aave/protocol-v2/contracts/protocol/libraries/helpers/Errors.sol#55) is too similar to Errors.VL_INCONSISTENT_FLASHLOAN_PARAMS (@aave/protocol-v2/contracts/protocol/libraries/helpers/Errors.sol#100)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#variable-names-too-similar
VersionedInitializable.______gap (@aave/protocol-v2/contracts/protocol/libraries/aave-upgradeability/VersionedInitializable.sol#76) is never used in AToken (@aave/protocol-v2/contracts/protocol/tokenization/AToken.sol#19-361)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unused-state-variable
0x7b2a3CF972C3193F26CdeC6217D27379b6417bD0 analyzed (17 contracts with 75 detectors), 50 result(s) found
Slither report for InitializableAdminUpgradeabilityProxy at `0x7Fc66500c84A76Ad7e9c93437bFc5Ac33E2DDaE9` with implementation AaveTokenV2 (Aave Token) at `0xC13eac3B4F9EED480045113B7af00F7B5655Ece8`
Warning: contracts/open-zeppelin/Address.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/BaseUpgradeabilityProxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/Proxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/SafeMath.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/UpgradeabilityProxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol:13:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract BaseAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/open-zeppelin/Proxy.sol:15:3: The payable fallback function is defined here.
fallback () payable external {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/open-zeppelin/Proxy.sol:15:3: The payable fallback function is defined here.
fallback () payable external {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/open-zeppelin/InitializableAdminUpgradeabilityProxy.sol:12:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableAdminUpgradeabilityProxy is BaseAdminUpgradeabilityProxy, InitializableUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/open-zeppelin/Proxy.sol:15:3: The payable fallback function is defined here.
fallback () payable external {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/utils/MockTransferHook.sol:9:25: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function onTransfer(address from, address to, uint256 amount) external override {
^----------^
Warning: contracts/utils/MockTransferHook.sol:9:39: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function onTransfer(address from, address to, uint256 amount) external override {
^--------^
Warning: contracts/utils/MockTransferHook.sol:9:51: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function onTransfer(address from, address to, uint256 amount) external override {
^------------^
InitializableUpgradeabilityProxy.initialize(address,bytes) (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#20-28) uses delegatecall to a input-controlled function id
- (success) = _logic.delegatecall(_data) (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#25)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#controlled-delegatecall
LendToAaveMigrator.migrateFromLEND(uint256) (contracts/token/LendToAaveMigrator.sol#61-68) ignores return value by LEND.transferFrom(msg.sender,address(this),amount) (contracts/token/LendToAaveMigrator.sol#65)
LendToAaveMigrator.migrateFromLEND(uint256) (contracts/token/LendToAaveMigrator.sol#61-68) ignores return value by AAVE.transfer(msg.sender,amount.div(LEND_AAVE_RATIO)) (contracts/token/LendToAaveMigrator.sol#66)
DoubleTransferHelper.doubleSend(address,uint256,uint256) (contracts/utils/DoubleTransferHelper.sol#14-17) ignores return value by AAVE.transfer(to,amount1) (contracts/utils/DoubleTransferHelper.sol#15)
DoubleTransferHelper.doubleSend(address,uint256,uint256) (contracts/utils/DoubleTransferHelper.sol#14-17) ignores return value by AAVE.transfer(to,amount2) (contracts/utils/DoubleTransferHelper.sol#16)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unchecked-transfer
AaveToken._writeSnapshot(address,uint128,uint128) (contracts/token/AaveToken.sol#138-153) uses a dangerous strict equality:
- ownerCountOfSnapshots != 0 && snapshotsOwner[ownerCountOfSnapshots.sub(1)].blockNumber == currentBlock (contracts/token/AaveToken.sol#145)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dangerous-strict-equalities
Reentrancy in AaveToken.initialize(address,address,ITransferHook) (contracts/token/AaveToken.sol#59-85):
External calls:
- _mint(migrator,MIGRATION_AMOUNT) (contracts/token/AaveToken.sol#83)
- aaveGovernance.onTransfer(from,to,amount) (contracts/token/AaveToken.sol#181)
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
- aaveGovernance.onTransfer(from,to,amount) (contracts/token/AaveToken.sol#181)
State variables written after the call(s):
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
- _balances[account] = _balances[account].add(amount) (contracts/open-zeppelin/ERC20.sol#235)
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
- _countsSnapshots[owner] = ownerCountOfSnapshots.add(1) (contracts/token/AaveToken.sol#149)
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
- snapshotsOwner[ownerCountOfSnapshots.sub(1)].value = newValue (contracts/token/AaveToken.sol#146)
- snapshotsOwner[ownerCountOfSnapshots] = Snapshot(currentBlock,newValue) (contracts/token/AaveToken.sol#148)
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
- _totalSupply = _totalSupply.add(amount) (contracts/open-zeppelin/ERC20.sol#234)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-1
ERC20.constructor(string,string).name (contracts/open-zeppelin/ERC20.sol#57) shadows:
- ERC20.name() (contracts/open-zeppelin/ERC20.sol#66-68) (function)
ERC20.constructor(string,string).symbol (contracts/open-zeppelin/ERC20.sol#57) shadows:
- ERC20.symbol() (contracts/open-zeppelin/ERC20.sol#74-76) (function)
InitializableAdminUpgradeabilityProxy.initialize(address,address,bytes)._admin (contracts/open-zeppelin/InitializableAdminUpgradeabilityProxy.sol#22) shadows:
- BaseAdminUpgradeabilityProxy._admin() (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#94-99) (function)
MintableErc20.constructor(string,string,uint8).name (contracts/utils/MintableErc20.sol#11) shadows:
- ERC20.name() (contracts/open-zeppelin/ERC20.sol#66-68) (function)
MintableErc20.constructor(string,string,uint8).symbol (contracts/utils/MintableErc20.sol#11) shadows:
- ERC20.symbol() (contracts/open-zeppelin/ERC20.sol#74-76) (function)
MintableErc20.constructor(string,string,uint8).decimals (contracts/utils/MintableErc20.sol#11) shadows:
- ERC20.decimals() (contracts/open-zeppelin/ERC20.sol#91-93) (function)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#local-variable-shadowing
InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#20) lacks a zero-check on :
- (success) = _logic.delegatecall(_data) (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#25)
BaseAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes).newImplementation (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#85) lacks a zero-check on :
- (success) = newImplementation.delegatecall(data) (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#87)
UpgradeabilityProxy.constructor(address,bytes)._logic (contracts/open-zeppelin/UpgradeabilityProxy.sol#19) lacks a zero-check on :
- (success) = _logic.delegatecall(_data) (contracts/open-zeppelin/UpgradeabilityProxy.sol#23)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-zero-address-validation
Modifier BaseAdminUpgradeabilityProxy.ifAdmin() (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#34-40) does not always execute _; or revertReference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-modifier
Reentrancy in AaveToken.initialize(address,address,ITransferHook) (contracts/token/AaveToken.sol#59-85):
External calls:
- _mint(migrator,MIGRATION_AMOUNT) (contracts/token/AaveToken.sol#83)
- aaveGovernance.onTransfer(from,to,amount) (contracts/token/AaveToken.sol#181)
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
- aaveGovernance.onTransfer(from,to,amount) (contracts/token/AaveToken.sol#181)
Event emitted after the call(s):
- SnapshotDone(owner,oldValue,newValue) (contracts/token/AaveToken.sol#152)
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
- Transfer(address(0),account,amount) (contracts/open-zeppelin/ERC20.sol#236)
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
Reentrancy in LendToAaveMigrator.migrateFromLEND(uint256) (contracts/token/LendToAaveMigrator.sol#61-68):
External calls:
- LEND.transferFrom(msg.sender,address(this),amount) (contracts/token/LendToAaveMigrator.sol#65)
- AAVE.transfer(msg.sender,amount.div(LEND_AAVE_RATIO)) (contracts/token/LendToAaveMigrator.sol#66)
Event emitted after the call(s):
- LendMigrated(msg.sender,amount) (contracts/token/LendToAaveMigrator.sol#67)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-3
AaveToken.permit(address,address,uint256,uint256,uint8,bytes32,bytes32) (contracts/token/AaveToken.sol#98-123) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(block.timestamp <= deadline,INVALID_EXPIRATION) (contracts/token/AaveToken.sol#109)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#block-timestamp
Address.isContract(address) (contracts/open-zeppelin/Address.sol#24-33) uses assembly
- INLINE ASM (contracts/open-zeppelin/Address.sol#31)
BaseAdminUpgradeabilityProxy._admin() (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#94-99) uses assembly
- INLINE ASM (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#96-98)
BaseAdminUpgradeabilityProxy._setAdmin(address) (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#105-111) uses assembly
- INLINE ASM (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#108-110)
BaseUpgradeabilityProxy._implementation() (contracts/open-zeppelin/BaseUpgradeabilityProxy.sol#30-35) uses assembly
- INLINE ASM (contracts/open-zeppelin/BaseUpgradeabilityProxy.sol#32-34)
BaseUpgradeabilityProxy._setImplementation(address) (contracts/open-zeppelin/BaseUpgradeabilityProxy.sol#50-58) uses assembly
- INLINE ASM (contracts/open-zeppelin/BaseUpgradeabilityProxy.sol#55-57)
Proxy._delegate(address) (contracts/open-zeppelin/Proxy.sol#30-49) uses assembly
- INLINE ASM (contracts/open-zeppelin/Proxy.sol#31-48)
AaveToken.initialize(address,address,ITransferHook) (contracts/token/AaveToken.sol#59-85) uses assembly
- INLINE ASM (contracts/token/AaveToken.sol#68-70)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage
Address.sendValue(address,uint256) (contracts/open-zeppelin/Address.sol#51-57) is never used and should be removed
Context._msgData() (contracts/open-zeppelin/Context.sol#20-23) is never used and should be removed
ERC20._burn(address,uint256) (contracts/open-zeppelin/ERC20.sol#250-258) is never used and should be removed
SafeMath.mod(uint256,uint256) (contracts/open-zeppelin/SafeMath.sol#131-133) is never used and should be removed
SafeMath.mod(uint256,uint256,string) (contracts/open-zeppelin/SafeMath.sol#146-149) is never used and should be removed
SafeMath.mul(uint256,uint256) (contracts/open-zeppelin/SafeMath.sol#71-83) is never used and should be removed
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dead-code
Low level call in Address.sendValue(address,uint256) (contracts/open-zeppelin/Address.sol#51-57):
- (success) = recipient.call{value: amount}() (contracts/open-zeppelin/Address.sol#55)
Low level call in BaseAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes) (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#85-89):
- (success) = newImplementation.delegatecall(data) (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#87)
Low level call in InitializableUpgradeabilityProxy.initialize(address,bytes) (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#20-28):
- (success) = _logic.delegatecall(_data) (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#25)
Low level call in UpgradeabilityProxy.constructor(address,bytes) (contracts/open-zeppelin/UpgradeabilityProxy.sol#19-26):
- (success) = _logic.delegatecall(_data) (contracts/open-zeppelin/UpgradeabilityProxy.sol#23)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls
DoubleTransferHelper (contracts/utils/DoubleTransferHelper.sol#6-19) should inherit from VersionedInitializable (contracts/utils/VersionedInitializable.sol#18-44)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-inheritance
Variable ERC20._name (contracts/open-zeppelin/ERC20.sol#44) is not in mixedCase
Variable ERC20._symbol (contracts/open-zeppelin/ERC20.sol#45) is not in mixedCase
Parameter InitializableAdminUpgradeabilityProxy.initialize(address,address,bytes)._logic (contracts/open-zeppelin/InitializableAdminUpgradeabilityProxy.sol#22) is not in mixedCase
Parameter InitializableAdminUpgradeabilityProxy.initialize(address,address,bytes)._admin (contracts/open-zeppelin/InitializableAdminUpgradeabilityProxy.sol#22) is not in mixedCase
Parameter InitializableAdminUpgradeabilityProxy.initialize(address,address,bytes)._data (contracts/open-zeppelin/InitializableAdminUpgradeabilityProxy.sol#22) is not in mixedCase
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#20) is not in mixedCase
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._data (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#20) is not in mixedCase
Variable AaveToken._nonces (contracts/token/AaveToken.sol#34) is not in mixedCase
Variable AaveToken._snapshots (contracts/token/AaveToken.sol#36) is not in mixedCase
Variable AaveToken._countsSnapshots (contracts/token/AaveToken.sol#38) is not in mixedCase
Variable AaveToken._aaveGovernance (contracts/token/AaveToken.sol#43) is not in mixedCase
Variable AaveToken.DOMAIN_SEPARATOR (contracts/token/AaveToken.sol#45) is not in mixedCase
Variable LendToAaveMigrator.AAVE (contracts/token/LendToAaveMigrator.sol#17) is not in mixedCase
Variable LendToAaveMigrator.LEND (contracts/token/LendToAaveMigrator.sol#18) is not in mixedCase
Variable LendToAaveMigrator.LEND_AAVE_RATIO (contracts/token/LendToAaveMigrator.sol#19) is not in mixedCase
Variable LendToAaveMigrator._totalLendMigrated (contracts/token/LendToAaveMigrator.sol#22) is not in mixedCase
Variable DoubleTransferHelper.AAVE (contracts/utils/DoubleTransferHelper.sol#8) is not in mixedCase
Variable VersionedInitializable.______gap (contracts/utils/VersionedInitializable.sol#43) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
Redundant expression "this (contracts/open-zeppelin/Context.sol#21)" inContext (contracts/open-zeppelin/Context.sol#15-25)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#redundant-statements
VersionedInitializable.______gap (contracts/utils/VersionedInitializable.sol#43) is never used in AaveToken (contracts/token/AaveToken.sol#13-185)
VersionedInitializable.______gap (contracts/utils/VersionedInitializable.sol#43) is never used in LendToAaveMigrator (contracts/token/LendToAaveMigrator.sol#14-79)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unused-state-variable
0x7Fc66500c84A76Ad7e9c93437bFc5Ac33E2DDaE9 analyzed (19 contracts with 75 detectors), 59 result(s) found
Slither report for FiatTokenProxy at `0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48` with implementation FiatTokenV2_1 at `0xa2327a938Febf5FEC13baCFb16Ae10EcBc4cbDCF`
Warning: crytic-export/etherscan-contracts/0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48-FiatTokenProxy.sol:219:34: Warning: Function declared as view, but this expression (potentially) modifies the state and thus requires non-payable (the default) or payable.
function admin() external view ifAdmin returns (address) {
^-----^
Warning: crytic-export/etherscan-contracts/0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48-FiatTokenProxy.sol:226:43: Warning: Function declared as view, but this expression (potentially) modifies the state and thus requires non-payable (the default) or payable.
function implementation() external view ifAdmin returns (address) {
^-----^
Warning: crytic-export/etherscan-contracts/0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48-FiatTokenProxy.sol:58:3: Warning: Function state mutability can be restricted to pure
function _willFallback() internal {
^ (Relevant source part starts here and spans across multiple lines).
AddressUtils.isContract(address) (crytic-export/etherscan-contracts/0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48-FiatTokenProxy.sol#85-96) is declared view but contains assembly code
UpgradeabilityProxy._implementation() (crytic-export/etherscan-contracts/0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48-FiatTokenProxy.sol#136-141) is declared view but contains assembly code
AdminUpgradeabilityProxy._admin() (crytic-export/etherscan-contracts/0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48-FiatTokenProxy.sol#268-273) is declared view but contains assembly code
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#constant-functions-using-assembly-code
UpgradeabilityProxy.constructor(address)._implementation (crytic-export/etherscan-contracts/0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48-FiatTokenProxy.sol#126) shadows:
- UpgradeabilityProxy._implementation() (crytic-export/etherscan-contracts/0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48-FiatTokenProxy.sol#136-141) (function)
- Proxy._implementation() (crytic-export/etherscan-contracts/0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48-FiatTokenProxy.sol#24) (function)
AdminUpgradeabilityProxy.constructor(address)._implementation (crytic-export/etherscan-contracts/0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48-FiatTokenProxy.sol#210) shadows:
- UpgradeabilityProxy._implementation() (crytic-export/etherscan-contracts/0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48-FiatTokenProxy.sol#136-141) (function)
- Proxy._implementation() (crytic-export/etherscan-contracts/0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48-FiatTokenProxy.sol#24) (function)
FiatTokenProxy.constructor(address)._implementation (crytic-export/etherscan-contracts/0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48-FiatTokenProxy.sol#327) shadows:
- UpgradeabilityProxy._implementation() (crytic-export/etherscan-contracts/0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48-FiatTokenProxy.sol#136-141) (function)
- Proxy._implementation() (crytic-export/etherscan-contracts/0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48-FiatTokenProxy.sol#24) (function)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#local-variable-shadowing
Modifier AdminUpgradeabilityProxy.ifAdmin() (crytic-export/etherscan-contracts/0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48-FiatTokenProxy.sol#197-203) does not always execute _; or revertReference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-modifier
Proxy._delegate(address) (crytic-export/etherscan-contracts/0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48-FiatTokenProxy.sol#32-51) uses assembly
- INLINE ASM (crytic-export/etherscan-contracts/0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48-FiatTokenProxy.sol#33-51)
AddressUtils.isContract(address) (crytic-export/etherscan-contracts/0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48-FiatTokenProxy.sol#85-96) uses assembly
- INLINE ASM (crytic-export/etherscan-contracts/0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48-FiatTokenProxy.sol#94-95)
UpgradeabilityProxy._implementation() (crytic-export/etherscan-contracts/0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48-FiatTokenProxy.sol#136-141) uses assembly
- INLINE ASM (crytic-export/etherscan-contracts/0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48-FiatTokenProxy.sol#138-141)
UpgradeabilityProxy._setImplementation(address) (crytic-export/etherscan-contracts/0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48-FiatTokenProxy.sol#156-164) uses assembly
- INLINE ASM (crytic-export/etherscan-contracts/0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48-FiatTokenProxy.sol#161-164)
AdminUpgradeabilityProxy._admin() (crytic-export/etherscan-contracts/0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48-FiatTokenProxy.sol#268-273) uses assembly
- INLINE ASM (crytic-export/etherscan-contracts/0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48-FiatTokenProxy.sol#270-273)
AdminUpgradeabilityProxy._setAdmin(address) (crytic-export/etherscan-contracts/0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48-FiatTokenProxy.sol#279-285) uses assembly
- INLINE ASM (crytic-export/etherscan-contracts/0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48-FiatTokenProxy.sol#282-285)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage
Low level call in AdminUpgradeabilityProxy.upgradeToAndCall(address,bytes) (crytic-export/etherscan-contracts/0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48-FiatTokenProxy.sol#260-263):
- require(bool)(address(this).call.value(msg.value)(data)) (crytic-export/etherscan-contracts/0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48-FiatTokenProxy.sol#262)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls
0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48 analyzed (5 contracts with 75 detectors), 14 result(s) found
Slither report for FiatTokenV2_1 at `0xa2327a938Febf5FEC13baCFb16Ae10EcBc4cbDCF`
Warning: crytic-export/etherscan-contracts/0xa2327a938Febf5FEC13baCFb16Ae10EcBc4cbDCF-FiatTokenV2_1.sol:2224:5: Warning: Function state mutability can be restricted to pure
function version() external view returns (string memory) {
^ (Relevant source part starts here and spans across multiple lines).
FiatTokenV1.allowance(address,address).owner (crytic-export/etherscan-contracts/0xa2327a938Febf5FEC13baCFb16Ae10EcBc4cbDCF-FiatTokenV2_1.sol#752) shadows:
- Ownable.owner() (crytic-export/etherscan-contracts/0xa2327a938Febf5FEC13baCFb16Ae10EcBc4cbDCF-FiatTokenV2_1.sol#363-365) (function)
FiatTokenV1._approve(address,address,uint256).owner (crytic-export/etherscan-contracts/0xa2327a938Febf5FEC13baCFb16Ae10EcBc4cbDCF-FiatTokenV2_1.sol#807) shadows:
- Ownable.owner() (crytic-export/etherscan-contracts/0xa2327a938Febf5FEC13baCFb16Ae10EcBc4cbDCF-FiatTokenV2_1.sol#363-365) (function)
FiatTokenV2.permit(address,address,uint256,uint256,uint8,bytes32,bytes32).owner (crytic-export/etherscan-contracts/0xa2327a938Febf5FEC13baCFb16Ae10EcBc4cbDCF-FiatTokenV2_1.sol#2123) shadows:
- Ownable.owner() (crytic-export/etherscan-contracts/0xa2327a938Febf5FEC13baCFb16Ae10EcBc4cbDCF-FiatTokenV2_1.sol#363-365) (function)
FiatTokenV2._increaseAllowance(address,address,uint256).owner (crytic-export/etherscan-contracts/0xa2327a938Febf5FEC13baCFb16Ae10EcBc4cbDCF-FiatTokenV2_1.sol#2141) shadows:
- Ownable.owner() (crytic-export/etherscan-contracts/0xa2327a938Febf5FEC13baCFb16Ae10EcBc4cbDCF-FiatTokenV2_1.sol#363-365) (function)
FiatTokenV2._decreaseAllowance(address,address,uint256).owner (crytic-export/etherscan-contracts/0xa2327a938Febf5FEC13baCFb16Ae10EcBc4cbDCF-FiatTokenV2_1.sol#2155) shadows:
- Ownable.owner() (crytic-export/etherscan-contracts/0xa2327a938Febf5FEC13baCFb16Ae10EcBc4cbDCF-FiatTokenV2_1.sol#363-365) (function)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#local-variable-shadowing
EIP3009._requireValidAuthorization(address,bytes32,uint256,uint256) (crytic-export/etherscan-contracts/0xa2327a938Febf5FEC13baCFb16Ae10EcBc4cbDCF-FiatTokenV2_1.sol#1829-1841) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(now > validAfter,FiatTokenV2: authorization is not yet valid) (crytic-export/etherscan-contracts/0xa2327a938Febf5FEC13baCFb16Ae10EcBc4cbDCF-FiatTokenV2_1.sol#1835-1838)
- require(bool,string)(now < validBefore,FiatTokenV2: authorization is expired) (crytic-export/etherscan-contracts/0xa2327a938Febf5FEC13baCFb16Ae10EcBc4cbDCF-FiatTokenV2_1.sol#1839)
EIP2612._permit(address,address,uint256,uint256,uint8,bytes32,bytes32) (crytic-export/etherscan-contracts/0xa2327a938Febf5FEC13baCFb16Ae10EcBc4cbDCF-FiatTokenV2_1.sol#1912-1937) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(deadline >= now,FiatTokenV2: permit is expired) (crytic-export/etherscan-contracts/0xa2327a938Febf5FEC13baCFb16Ae10EcBc4cbDCF-FiatTokenV2_1.sol#1921)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#block-timestamp
Address.isContract(address) (crytic-export/etherscan-contracts/0xa2327a938Febf5FEC13baCFb16Ae10EcBc4cbDCF-FiatTokenV2_1.sol#978-991) uses assembly
- INLINE ASM (crytic-export/etherscan-contracts/0xa2327a938Febf5FEC13baCFb16Ae10EcBc4cbDCF-FiatTokenV2_1.sol#987-989)
Address._functionCallWithValue(address,bytes,uint256,string) (crytic-export/etherscan-contracts/0xa2327a938Febf5FEC13baCFb16Ae10EcBc4cbDCF-FiatTokenV2_1.sol#1106-1134) uses assembly
- INLINE ASM (crytic-export/etherscan-contracts/0xa2327a938Febf5FEC13baCFb16Ae10EcBc4cbDCF-FiatTokenV2_1.sol#1126-1129)
EIP712.makeDomainSeparator(string,string) (crytic-export/etherscan-contracts/0xa2327a938Febf5FEC13baCFb16Ae10EcBc4cbDCF-FiatTokenV2_1.sol#1530-1550) uses assembly
- INLINE ASM (crytic-export/etherscan-contracts/0xa2327a938Febf5FEC13baCFb16Ae10EcBc4cbDCF-FiatTokenV2_1.sol#1536-1538)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage
Address.functionCall(address,bytes) (crytic-export/etherscan-contracts/0xa2327a938Febf5FEC13baCFb16Ae10EcBc4cbDCF-FiatTokenV2_1.sol#1041-1046) is never used and should be removed
Address.functionCallWithValue(address,bytes,uint256) (crytic-export/etherscan-contracts/0xa2327a938Febf5FEC13baCFb16Ae10EcBc4cbDCF-FiatTokenV2_1.sol#1073-1085) is never used and should be removed
Address.functionCallWithValue(address,bytes,uint256,string) (crytic-export/etherscan-contracts/0xa2327a938Febf5FEC13baCFb16Ae10EcBc4cbDCF-FiatTokenV2_1.sol#1093-1104) is never used and should be removed
Address.sendValue(address,uint256) (crytic-export/etherscan-contracts/0xa2327a938Febf5FEC13baCFb16Ae10EcBc4cbDCF-FiatTokenV2_1.sol#1009-1021) is never used and should be removed
SafeERC20.safeApprove(IERC20,address,uint256) (crytic-export/etherscan-contracts/0xa2327a938Febf5FEC13baCFb16Ae10EcBc4cbDCF-FiatTokenV2_1.sol#1184-1201) is never used and should be removed
SafeERC20.safeDecreaseAllowance(IERC20,address,uint256) (crytic-export/etherscan-contracts/0xa2327a938Febf5FEC13baCFb16Ae10EcBc4cbDCF-FiatTokenV2_1.sol#1221-1238) is never used and should be removed
SafeERC20.safeIncreaseAllowance(IERC20,address,uint256) (crytic-export/etherscan-contracts/0xa2327a938Febf5FEC13baCFb16Ae10EcBc4cbDCF-FiatTokenV2_1.sol#1203-1219) is never used and should be removed
SafeERC20.safeTransferFrom(IERC20,address,address,uint256) (crytic-export/etherscan-contracts/0xa2327a938Febf5FEC13baCFb16Ae10EcBc4cbDCF-FiatTokenV2_1.sol#1165-1175) is never used and should be removed
SafeMath.div(uint256,uint256) (crytic-export/etherscan-contracts/0xa2327a938Febf5FEC13baCFb16Ae10EcBc4cbDCF-FiatTokenV2_1.sol#109-111) is never used and should be removed
SafeMath.div(uint256,uint256,string) (crytic-export/etherscan-contracts/0xa2327a938Febf5FEC13baCFb16Ae10EcBc4cbDCF-FiatTokenV2_1.sol#125-135) is never used and should be removed
SafeMath.mod(uint256,uint256) (crytic-export/etherscan-contracts/0xa2327a938Febf5FEC13baCFb16Ae10EcBc4cbDCF-FiatTokenV2_1.sol#149-151) is never used and should be removed
SafeMath.mod(uint256,uint256,string) (crytic-export/etherscan-contracts/0xa2327a938Febf5FEC13baCFb16Ae10EcBc4cbDCF-FiatTokenV2_1.sol#165-172) is never used and should be removed
SafeMath.mul(uint256,uint256) (crytic-export/etherscan-contracts/0xa2327a938Febf5FEC13baCFb16Ae10EcBc4cbDCF-FiatTokenV2_1.sol#83-95) is never used and should be removed
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dead-code
Low level call in Address.sendValue(address,uint256) (crytic-export/etherscan-contracts/0xa2327a938Febf5FEC13baCFb16Ae10EcBc4cbDCF-FiatTokenV2_1.sol#1009-1021):
- (success) = recipient.call{value: amount}() (crytic-export/etherscan-contracts/0xa2327a938Febf5FEC13baCFb16Ae10EcBc4cbDCF-FiatTokenV2_1.sol#1016)
Low level call in Address._functionCallWithValue(address,bytes,uint256,string) (crytic-export/etherscan-contracts/0xa2327a938Febf5FEC13baCFb16Ae10EcBc4cbDCF-FiatTokenV2_1.sol#1106-1134):
- (success,returndata) = target.call{value: weiValue}(data) (crytic-export/etherscan-contracts/0xa2327a938Febf5FEC13baCFb16Ae10EcBc4cbDCF-FiatTokenV2_1.sol#1115-1117)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls
Parameter Pausable.updatePauser(address)._newPauser (crytic-export/etherscan-contracts/0xa2327a938Febf5FEC13baCFb16Ae10EcBc4cbDCF-FiatTokenV2_1.sol#479) is not in mixedCase
Parameter Blacklistable.isBlacklisted(address)._account (crytic-export/etherscan-contracts/0xa2327a938Febf5FEC13baCFb16Ae10EcBc4cbDCF-FiatTokenV2_1.sol#554) is not in mixedCase
Parameter Blacklistable.blacklist(address)._account (crytic-export/etherscan-contracts/0xa2327a938Febf5FEC13baCFb16Ae10EcBc4cbDCF-FiatTokenV2_1.sol#562) is not in mixedCase
Parameter Blacklistable.unBlacklist(address)._account (crytic-export/etherscan-contracts/0xa2327a938Febf5FEC13baCFb16Ae10EcBc4cbDCF-FiatTokenV2_1.sol#571) is not in mixedCase
Parameter Blacklistable.updateBlacklister(address)._newBlacklister (crytic-export/etherscan-contracts/0xa2327a938Febf5FEC13baCFb16Ae10EcBc4cbDCF-FiatTokenV2_1.sol#576) is not in mixedCase
Parameter FiatTokenV1.mint(address,uint256)._to (crytic-export/etherscan-contracts/0xa2327a938Febf5FEC13baCFb16Ae10EcBc4cbDCF-FiatTokenV2_1.sol#693) is not in mixedCase
Parameter FiatTokenV1.mint(address,uint256)._amount (crytic-export/etherscan-contracts/0xa2327a938Febf5FEC13baCFb16Ae10EcBc4cbDCF-FiatTokenV2_1.sol#693) is not in mixedCase
Parameter FiatTokenV1.burn(uint256)._amount (crytic-export/etherscan-contracts/0xa2327a938Febf5FEC13baCFb16Ae10EcBc4cbDCF-FiatTokenV2_1.sol#927) is not in mixedCase
Parameter FiatTokenV1.updateMasterMinter(address)._newMasterMinter (crytic-export/etherscan-contracts/0xa2327a938Febf5FEC13baCFb16Ae10EcBc4cbDCF-FiatTokenV2_1.sol#943) is not in mixedCase
Contract FiatTokenV1_1 (crytic-export/etherscan-contracts/0xa2327a938Febf5FEC13baCFb16Ae10EcBc4cbDCF-FiatTokenV2_1.sol#1373-1375) is not in CapWords
Variable EIP712Domain.DOMAIN_SEPARATOR (crytic-export/etherscan-contracts/0xa2327a938Febf5FEC13baCFb16Ae10EcBc4cbDCF-FiatTokenV2_1.sol#1612) is not in mixedCase
Variable FiatTokenV2._initializedVersion (crytic-export/etherscan-contracts/0xa2327a938Febf5FEC13baCFb16Ae10EcBc4cbDCF-FiatTokenV2_1.sol#1971) is not in mixedCase
Contract FiatTokenV2_1 (crytic-export/etherscan-contracts/0xa2327a938Febf5FEC13baCFb16Ae10EcBc4cbDCF-FiatTokenV2_1.sol#2202-2228) is not in CapWords
Function FiatTokenV2_1.initializeV2_1(address) (crytic-export/etherscan-contracts/0xa2327a938Febf5FEC13baCFb16Ae10EcBc4cbDCF-FiatTokenV2_1.sol#2207-2218) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
Variable Blacklistable.blacklisted (crytic-export/etherscan-contracts/0xa2327a938Febf5FEC13baCFb16Ae10EcBc4cbDCF-FiatTokenV2_1.sol#521) is too similar to Blacklistable.blacklister (crytic-export/etherscan-contracts/0xa2327a938Febf5FEC13baCFb16Ae10EcBc4cbDCF-FiatTokenV2_1.sol#520)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#variable-names-too-similar
0xa2327a938Febf5FEC13baCFb16Ae10EcBc4cbDCF analyzed (19 contracts with 75 detectors), 40 result(s) found
Slither report for GovernanceStrategy at `0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e`
GovernanceStrategy.constructor(address,address).aave (crytic-export/etherscan-contracts/0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e-GovernanceStrategy.sol#78) lacks a zero-check on :
- AAVE = aave (crytic-export/etherscan-contracts/0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e-GovernanceStrategy.sol#79)
GovernanceStrategy.constructor(address,address).stkAave (crytic-export/etherscan-contracts/0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e-GovernanceStrategy.sol#78) lacks a zero-check on :
- STK_AAVE = stkAave (crytic-export/etherscan-contracts/0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e-GovernanceStrategy.sol#80)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-zero-address-validation
Variable GovernanceStrategy.AAVE (crytic-export/etherscan-contracts/0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e-GovernanceStrategy.sol#70) is not in mixedCase
Variable GovernanceStrategy.STK_AAVE (crytic-export/etherscan-contracts/0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e-GovernanceStrategy.sol#71) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e analyzed (4 contracts with 75 detectors), 4 result(s) found
Slither report for InitializableImmutableAdminUpgradeabilityProxy at `0xBcca60bB61934080951369a648Fb03DF4F96263C`
Warning: contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:16:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract BaseImmutableAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableImmutableAdminUpgradeabilityProxy is
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
InitializableUpgradeabilityProxy.initialize(address,bytes) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20-28) uses delegatecall to a input-controlled function id
- (success) = _logic.delegatecall(_data) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#controlled-delegatecall
BaseImmutableAdminUpgradeabilityProxy.constructor(address).admin (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#19) shadows:
- BaseImmutableAdminUpgradeabilityProxy.admin() (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#34-36) (function)
InitializableImmutableAdminUpgradeabilityProxy.constructor(address).admin (contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol#15) shadows:
- BaseImmutableAdminUpgradeabilityProxy.admin() (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#34-36) (function)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#local-variable-shadowing
InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) lacks a zero-check on :
- (success) = _logic.delegatecall(_data) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
BaseImmutableAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes).newImplementation (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#63) lacks a zero-check on :
- (success) = newImplementation.delegatecall(data) (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#69)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-zero-address-validation
Modifier BaseImmutableAdminUpgradeabilityProxy.ifAdmin() (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#23-29) does not always execute _; or revertReference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-modifier
Address.isContract(address) (contracts/dependencies/openzeppelin/contracts/Address.sol#25-36) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/contracts/Address.sol#32-34)
BaseUpgradeabilityProxy._implementation() (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#31-37) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#34-36)
BaseUpgradeabilityProxy._setImplementation(address) (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#52-64) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#61-63)
Proxy._delegate(address) (contracts/dependencies/openzeppelin/upgradeability/Proxy.sol#31-55) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/upgradeability/Proxy.sol#33-54)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage
Address.sendValue(address,uint256) (contracts/dependencies/openzeppelin/contracts/Address.sol#54-60) is never used and should be removed
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dead-code
Low level call in Address.sendValue(address,uint256) (contracts/dependencies/openzeppelin/contracts/Address.sol#54-60):
- (success) = recipient.call{value: amount}() (contracts/dependencies/openzeppelin/contracts/Address.sol#58)
Low level call in InitializableUpgradeabilityProxy.initialize(address,bytes) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20-28):
- (success) = _logic.delegatecall(_data) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
Low level call in BaseImmutableAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes) (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#63-71):
- (success) = newImplementation.delegatecall(data) (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#69)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) is not in mixedCase
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._data (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) is not in mixedCase
Variable BaseImmutableAdminUpgradeabilityProxy.ADMIN (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#17) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
0xBcca60bB61934080951369a648Fb03DF4F96263C analyzed (6 contracts with 75 detectors), 17 result(s) found
Slither report for AaveTokenV2 (Aave Token) at `0xC13eac3B4F9EED480045113B7af00F7B5655Ece8`
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:453:18: Warning: This declaration shadows an existing declaration.
constructor (string memory name, string memory symbol) public {
^----------------^
crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:462:5: The shadowed declaration is here:
function name() public view returns (string memory) {
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:453:38: Warning: This declaration shadows an existing declaration.
constructor (string memory name, string memory symbol) public {
^------------------^
crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:470:5: The shadowed declaration is here:
function symbol() public view returns (string memory) {
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:35:3: Warning: Interface functions are implicitly "virtual"
function delegateByType(address delegatee, DelegationType delegationType) external virtual;
^-----------------------------------------------------------------------------------------^
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:40:3: Warning: Interface functions are implicitly "virtual"
function delegate(address delegatee) external virtual;
^----------------------------------------------------^
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:45:3: Warning: Interface functions are implicitly "virtual"
function getDelegateeByType(address delegator, DelegationType delegationType)
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:56:3: Warning: Interface functions are implicitly "virtual"
function getPowerCurrent(address user, DelegationType delegationType)
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:66:3: Warning: Interface functions are implicitly "virtual"
function getPowerAtBlock(
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:75:3: Warning: Interface functions are implicitly "virtual"
function totalSupplyAt(uint256 blockNumber) external virtual view returns (uint256);
^----------------------------------------------------------------------------------^
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:453:5: Warning: Visibility for constructor is ignored. If you want the contract to be non-deployable, making it "abstract" is sufficient.
constructor (string memory name, string memory symbol) public {
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:1161:3: Warning: Visibility for constructor is ignored. If you want the contract to be non-deployable, making it "abstract" is sufficient.
constructor() public ERC20(NAME, SYMBOL) {}
^-----------------------------------------^
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:913:26: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function totalSupplyAt(uint256 blockNumber) external override view returns (uint256) {
^-----------------^
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:1079:5: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
uint128 oldValue,
^--------------^
AaveTokenV2._votingSnapshots (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1136) is never initialized. It is used in:
- AaveTokenV2._getDelegationDataByType(IGovernancePowerDelegationToken.DelegationType) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1253-1272)
AaveTokenV2._votingSnapshotsCounts (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1138) is never initialized. It is used in:
- AaveTokenV2._getDelegationDataByType(IGovernancePowerDelegationToken.DelegationType) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1253-1272)
AaveTokenV2._aaveGovernance (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1143) is never initialized. It is used in:
- AaveTokenV2._beforeTokenTransfer(address,address,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1221-1251)
AaveTokenV2.DOMAIN_SEPARATOR (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1145) is never initialized. It is used in:
- AaveTokenV2.permit(address,address,uint256,uint256,uint8,bytes32,bytes32) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1179-1203)
- AaveTokenV2.delegateByTypeBySig(address,IGovernancePowerDelegationToken.DelegationType,uint256,uint256,uint8,bytes32,bytes32) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1284-1302)
- AaveTokenV2.delegateBySig(address,uint256,uint256,uint8,bytes32,bytes32) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1313-1329)
AaveTokenV2._propositionPowerSnapshots (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1156) is never initialized. It is used in:
- AaveTokenV2._getDelegationDataByType(IGovernancePowerDelegationToken.DelegationType) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1253-1272)
AaveTokenV2._propositionPowerSnapshotsCounts (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1157) is never initialized. It is used in:
- AaveTokenV2._getDelegationDataByType(IGovernancePowerDelegationToken.DelegationType) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1253-1272)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#uninitialized-state-variables
GovernancePowerDelegationERC20._searchByBlockNumber(mapping(address => mapping(uint256 => GovernancePowerDelegationERC20.Snapshot)),mapping(address => uint256),address,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1012-1050) uses a dangerous strict equality:
- snapshot.blockNumber == blockNumber (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1041)
GovernancePowerDelegationERC20._writeSnapshot(mapping(address => mapping(uint256 => GovernancePowerDelegationERC20.Snapshot)),mapping(address => uint256),address,uint128,uint128) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1075-1097) uses a dangerous strict equality:
- ownerSnapshotsCount != 0 && snapshotsOwner[ownerSnapshotsCount - 1].blockNumber == currentBlock (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1089-1090)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dangerous-strict-equalities
ERC20.constructor(string,string).name (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#453) shadows:
- ERC20.name() (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#462-464) (function)
ERC20.constructor(string,string).symbol (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#453) shadows:
- ERC20.symbol() (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#470-472) (function)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#local-variable-shadowing
AaveTokenV2.permit(address,address,uint256,uint256,uint8,bytes32,bytes32) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1179-1203) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(block.timestamp <= deadline,INVALID_EXPIRATION) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1190)
AaveTokenV2.delegateByTypeBySig(address,IGovernancePowerDelegationToken.DelegationType,uint256,uint256,uint8,bytes32,bytes32) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1284-1302) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(block.timestamp <= expiry,INVALID_EXPIRATION) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1300)
AaveTokenV2.delegateBySig(address,uint256,uint256,uint8,bytes32,bytes32) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1313-1329) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(block.timestamp <= expiry,INVALID_EXPIRATION) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1326)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#block-timestamp
Address.isContract(address) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#368-379) uses assembly
- INLINE ASM (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#375-377)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage
Address.isContract(address) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#368-379) is never used and should be removed
Address.sendValue(address,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#397-403) is never used and should be removed
Context._msgData() (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#94-97) is never used and should be removed
ERC20._beforeTokenTransfer(address,address,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#702) is never used and should be removed
ERC20._burn(address,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#646-654) is never used and should be removed
ERC20._mint(address,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#625-633) is never used and should be removed
ERC20._setupDecimals(uint8) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#684-686) is never used and should be removed
SafeERC20.callOptionalReturn(IERC20,bytes) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#757-769) is never used and should be removed
SafeERC20.safeApprove(IERC20,address,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#745-755) is never used and should be removed
SafeERC20.safeTransfer(IERC20,address,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#728-734) is never used and should be removed
SafeERC20.safeTransferFrom(IERC20,address,address,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#736-743) is never used and should be removed
SafeMath.div(uint256,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#280-282) is never used and should be removed
SafeMath.div(uint256,uint256,string) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#295-306) is never used and should be removed
SafeMath.mod(uint256,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#319-321) is never used and should be removed
SafeMath.mod(uint256,uint256,string) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#334-341) is never used and should be removed
SafeMath.mul(uint256,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#255-267) is never used and should be removed
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dead-code
Low level call in Address.sendValue(address,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#397-403):
- (success) = recipient.call{value: amount}() (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#401)
Low level call in SafeERC20.callOptionalReturn(IERC20,bytes) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#757-769):
- (success,returndata) = address(token).call(data) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#761)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls
Variable ERC20._name (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#440) is not in mixedCase
Variable ERC20._symbol (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#441) is not in mixedCase
Variable VersionedInitializable.______gap (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#809) is not in mixedCase
Variable AaveTokenV2._nonces (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1134) is not in mixedCase
Variable AaveTokenV2._votingSnapshots (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1136) is not in mixedCase
Variable AaveTokenV2._votingSnapshotsCounts (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1138) is not in mixedCase
Variable AaveTokenV2._aaveGovernance (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1143) is not in mixedCase
Variable AaveTokenV2.DOMAIN_SEPARATOR (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1145) is not in mixedCase
Variable AaveTokenV2._votingDelegates (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1154) is not in mixedCase
Variable AaveTokenV2._propositionPowerSnapshots (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1156) is not in mixedCase
Variable AaveTokenV2._propositionPowerSnapshotsCounts (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1157) is not in mixedCase
Variable AaveTokenV2._propositionPowerDelegates (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1159) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
Redundant expression "this (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#95)" inContext (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#89-98)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#redundant-statements
VersionedInitializable.______gap (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#809) is never used in AaveTokenV2 (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1124-1331)
AaveTokenV2.DECIMALS (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1129) is never used in AaveTokenV2 (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1124-1331)
AaveTokenV2.EIP712_DOMAIN (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1147-1149) is never used in AaveTokenV2 (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1124-1331)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unused-state-variable
0xC13eac3B4F9EED480045113B7af00F7B5655Ece8 analyzed (11 contracts with 75 detectors), 48 result(s) found
Slither report for TransparentProxyFactory at `0xC354ce29aa85e864e55277eF47Fc6a92532Dd6Ca`
ERC1967Upgrade._upgradeToAndCall(address,bytes,bool) (contracts/transparent-proxy/ERC1967Upgrade.sol#84-93) ignores return value by Address.functionDelegateCall(newImplementation,data) (contracts/transparent-proxy/ERC1967Upgrade.sol#91)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unused-return
Modifier TransparentUpgradeableProxy.ifAdmin() (contracts/transparent-proxy/TransparentUpgradeableProxy.sol#52-58) does not always execute _; or revertReference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-modifier
Reentrancy in TransparentProxyFactory.create(address,address,bytes) (contracts/transparent-proxy/TransparentProxyFactory.sol#19-28):
External calls:
- proxy = address(new TransparentUpgradeableProxy(logic,admin,data)) (contracts/transparent-proxy/TransparentProxyFactory.sol#24)
Event emitted after the call(s):
- ProxyCreated(proxy,logic,admin) (contracts/transparent-proxy/TransparentProxyFactory.sol#26)
Reentrancy in TransparentProxyFactory.createDeterministic(address,address,bytes,bytes32) (contracts/transparent-proxy/TransparentProxyFactory.sol#42-52):
External calls:
- proxy = address(new TransparentUpgradeableProxy(logic,admin,data)) (contracts/transparent-proxy/TransparentProxyFactory.sol#48)
Event emitted after the call(s):
- ProxyDeterministicCreated(proxy,logic,admin,salt) (contracts/transparent-proxy/TransparentProxyFactory.sol#50)
Reentrancy in TransparentProxyFactory.createDeterministicProxyAdmin(address,bytes32) (contracts/transparent-proxy/TransparentProxyFactory.sol#55-64):
External calls:
- IOwnable(proxyAdmin).transferOwnership(adminOwner) (contracts/transparent-proxy/TransparentProxyFactory.sol#60)
Event emitted after the call(s):
- ProxyAdminDeterministicCreated(proxyAdmin,adminOwner,salt) (contracts/transparent-proxy/TransparentProxyFactory.sol#62)
Reentrancy in TransparentProxyFactory.createProxyAdmin(address) (contracts/transparent-proxy/TransparentProxyFactory.sol#31-39):
External calls:
- IOwnable(proxyAdmin).transferOwnership(adminOwner) (contracts/transparent-proxy/TransparentProxyFactory.sol#35)
Event emitted after the call(s):
- ProxyAdminCreated(proxyAdmin,adminOwner) (contracts/transparent-proxy/TransparentProxyFactory.sol#37)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-3
Address._revert(bytes,string) (contracts/oz-common/Address.sol#236-248) uses assembly
- INLINE ASM (contracts/oz-common/Address.sol#241-244)
StorageSlot.getAddressSlot(bytes32) (contracts/oz-common/StorageSlot.sol#53-58) uses assembly
- INLINE ASM (contracts/oz-common/StorageSlot.sol#55-57)
StorageSlot.getBooleanSlot(bytes32) (contracts/oz-common/StorageSlot.sol#63-68) uses assembly
- INLINE ASM (contracts/oz-common/StorageSlot.sol#65-67)
StorageSlot.getBytes32Slot(bytes32) (contracts/oz-common/StorageSlot.sol#73-78) uses assembly
- INLINE ASM (contracts/oz-common/StorageSlot.sol#75-77)
StorageSlot.getUint256Slot(bytes32) (contracts/oz-common/StorageSlot.sol#83-88) uses assembly
- INLINE ASM (contracts/oz-common/StorageSlot.sol#85-87)
Proxy._delegate(address) (contracts/transparent-proxy/Proxy.sol#28-51) uses assembly
- INLINE ASM (contracts/transparent-proxy/Proxy.sol#29-50)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage
Address.functionCall(address,bytes) (contracts/oz-common/Address.sol#86-88) is never used and should be removed
Address.functionCall(address,bytes,string) (contracts/oz-common/Address.sol#96-102) is never used and should be removed
Address.functionCallWithValue(address,bytes,uint256) (contracts/oz-common/Address.sol#115-121) is never used and should be removed
Address.functionCallWithValue(address,bytes,uint256,string) (contracts/oz-common/Address.sol#129-138) is never used and should be removed
Address.functionStaticCall(address,bytes) (contracts/oz-common/Address.sol#146-152) is never used and should be removed
Address.functionStaticCall(address,bytes,string) (contracts/oz-common/Address.sol#160-167) is never used and should be removed
Address.sendValue(address,uint256) (contracts/oz-common/Address.sol#61-66) is never used and should be removed
Address.verifyCallResult(bool,bytes,string) (contracts/oz-common/Address.sol#224-234) is never used and should be removed
Context._msgData() (contracts/oz-common/Context.sol#22-24) is never used and should be removed
StorageSlot.getBooleanSlot(bytes32) (contracts/oz-common/StorageSlot.sol#63-68) is never used and should be removed
StorageSlot.getBytes32Slot(bytes32) (contracts/oz-common/StorageSlot.sol#73-78) is never used and should be removed
StorageSlot.getUint256Slot(bytes32) (contracts/oz-common/StorageSlot.sol#83-88) is never used and should be removed
TransparentUpgradeableProxy._admin() (contracts/transparent-proxy/TransparentUpgradeableProxy.sol#124-126) is never used and should be removed
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dead-code
Low level call in Address.sendValue(address,uint256) (contracts/oz-common/Address.sol#61-66):
- (success) = recipient.call{value: amount}() (contracts/oz-common/Address.sol#64)
Low level call in Address.functionCallWithValue(address,bytes,uint256,string) (contracts/oz-common/Address.sol#129-138):
- (success,returndata) = target.call{value: value}(data) (contracts/oz-common/Address.sol#136)
Low level call in Address.functionStaticCall(address,bytes,string) (contracts/oz-common/Address.sol#160-167):
- (success,returndata) = target.staticcall(data) (contracts/oz-common/Address.sol#165)
Low level call in Address.functionDelegateCall(address,bytes,string) (contracts/oz-common/Address.sol#185-192):
- (success,returndata) = target.delegatecall(data) (contracts/oz-common/Address.sol#190)
Low level call in ProxyAdmin.getProxyImplementation(TransparentUpgradeableProxy) (contracts/transparent-proxy/ProxyAdmin.sol#28-39):
- (success,returndata) = address(proxy).staticcall(0x5c60da1b) (contracts/transparent-proxy/ProxyAdmin.sol#36)
Low level call in ProxyAdmin.getProxyAdmin(TransparentUpgradeableProxy) (contracts/transparent-proxy/ProxyAdmin.sol#48-54):
- (success,returndata) = address(proxy).staticcall(0xf851a440) (contracts/transparent-proxy/ProxyAdmin.sol#51)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls
0xC354ce29aa85e864e55277eF47Fc6a92532Dd6Ca analyzed (12 contracts with 75 detectors), 31 result(s) found
Slither report for Proxy at `0xc662c410C0ECf747543f5bA90660f6ABeBD9C8c4`
GovernanceStorage.governanceInfo (GovernanceStorage.sol#25) is never initialized. It is used in:
- ProxyGovernance.getGovernanceInfo() (ProxyGovernance.sol#59-61)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#uninitialized-state-variables
Reentrancy in Proxy.upgradeTo(address,bytes,bool) (Proxy.sol#282-316):
External calls:
- (success,returndata) = newImplementation.delegatecall(abi.encodeWithSelector(this.initialize.selector,data)) (Proxy.sol#297-299)
- (success,returndata) = newImplementation.delegatecall(abi.encodeWithSignature(isFrozen())) (Proxy.sol#304-306)
- notFrozen() (Proxy.sol#286)
- (success,returndata) = _implementation.delegatecall(abi.encodeWithSignature(isFrozen())) (Proxy.sol#116-118)
Event emitted after the call(s):
- FinalizedImplementation(newImplementation) (Proxy.sol#312)
- ImplementationUpgraded(newImplementation,data) (Proxy.sol#315)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-3
Proxy.upgradeTo(address,bytes,bool) (Proxy.sol#282-316) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(activationTime <= block.timestamp,UPGRADE_NOT_ENABLED_YET) (Proxy.sol#292)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#block-timestamp
Addresses.isContract(address) (Common.sol#24-30) uses assembly
- INLINE ASM (Common.sol#26-28)
Proxy.setUpgradeActivationDelay(uint256) (Proxy.sol#77-82) uses assembly
- INLINE ASM (Proxy.sol#79-81)
Proxy.getUpgradeActivationDelay() (Proxy.sol#84-90) uses assembly
- INLINE ASM (Proxy.sol#86-88)
Proxy.implementation() (Proxy.sol#96-101) uses assembly
- INLINE ASM (Proxy.sol#98-100)
Proxy.fallback() (Proxy.sol#159-185) uses assembly
- INLINE ASM (Proxy.sol#163-184)
Proxy.setImplementation(address) (Proxy.sol#190-195) uses assembly
- INLINE ASM (Proxy.sol#192-194)
Proxy.isNotFinalized() (Proxy.sol#200-207) uses assembly
- INLINE ASM (Proxy.sol#203-205)
Proxy.setFinalizedFlag() (Proxy.sol#212-217) uses assembly
- INLINE ASM (Proxy.sol#214-216)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage
Addresses.performEthTransfer(address,uint256) (Common.sol#32-35) is never used and should be removed
Addresses.safeTokenContractCall(address,bytes) (Common.sol#42-51) is never used and should be removed
Addresses.validateContractId(address,bytes32) (Common.sol#57-68) is never used and should be removed
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dead-code
Low level call in Addresses.performEthTransfer(address,uint256) (Common.sol#32-35):
- (success) = recipient.call{value: amount}() (Common.sol#33)
Low level call in Addresses.safeTokenContractCall(address,bytes) (Common.sol#42-51):
- (success,returndata) = tokenAddress.call(callData) (Common.sol#45)
Low level call in Addresses.validateContractId(address,bytes32) (Common.sol#57-68):
- (success,returndata) = contractAddress.call(abi.encodeWithSignature(identify())) (Common.sol#59-61)
Low level call in Proxy.implementationIsFrozen() (Proxy.sol#107-121):
- (success,returndata) = _implementation.delegatecall(abi.encodeWithSignature(isFrozen())) (Proxy.sol#116-118)
Low level call in Proxy.upgradeTo(address,bytes,bool) (Proxy.sol#282-316):
- (success,returndata) = newImplementation.delegatecall(abi.encodeWithSelector(this.initialize.selector,data)) (Proxy.sol#297-299)
- (success,returndata) = newImplementation.delegatecall(abi.encodeWithSignature(isFrozen())) (Proxy.sol#304-306)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls
Variable ProxyStorage.initializationHash_DEPRECATED (ProxyStorage.sol#28) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
ProxyStorage.initializationHash_DEPRECATED (ProxyStorage.sol#28) is never used in Proxy (Proxy.sol#54-317)
ProxyStorage.initialized (ProxyStorage.sol#37) is never used in Proxy (Proxy.sol#54-317)
StorageSlots.CALL_PROXY_IMPL_SLOT (StorageSlots.sol#36-37) is never used in Proxy (Proxy.sol#54-317)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unused-state-variable
0xc662c410C0ECf747543f5bA90660f6ABeBD9C8c4 analyzed (9 contracts with 75 detectors), 23 result(s) found
Slither report for InitializableImmutableAdminUpgradeabilityProxy at `0xd784927Ff2f95ba542BfC824c8a8a98F3495f6b5`
Warning: crytic-export/etherscan-contracts/0xd784927Ff2f95ba542BfC824c8a8a98F3495f6b5-InitializableImmutableAdminUpgradeabilityProxy.sol:199:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
crytic-export/etherscan-contracts/0xd784927Ff2f95ba542BfC824c8a8a98F3495f6b5-InitializableImmutableAdminUpgradeabilityProxy.sol:75:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0xd784927Ff2f95ba542BfC824c8a8a98F3495f6b5-InitializableImmutableAdminUpgradeabilityProxy.sol:229:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract BaseImmutableAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
crytic-export/etherscan-contracts/0xd784927Ff2f95ba542BfC824c8a8a98F3495f6b5-InitializableImmutableAdminUpgradeabilityProxy.sol:75:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0xd784927Ff2f95ba542BfC824c8a8a98F3495f6b5-InitializableImmutableAdminUpgradeabilityProxy.sol:299:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableImmutableAdminUpgradeabilityProxy is
^ (Relevant source part starts here and spans across multiple lines).
crytic-export/etherscan-contracts/0xd784927Ff2f95ba542BfC824c8a8a98F3495f6b5-InitializableImmutableAdminUpgradeabilityProxy.sol:75:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
InitializableUpgradeabilityProxy.initialize(address,bytes) (crytic-export/etherscan-contracts/0xd784927Ff2f95ba542BfC824c8a8a98F3495f6b5-InitializableImmutableAdminUpgradeabilityProxy.sol#208-216) uses delegatecall to a input-controlled function id
- (success) = _logic.delegatecall(_data) (crytic-export/etherscan-contracts/0xd784927Ff2f95ba542BfC824c8a8a98F3495f6b5-InitializableImmutableAdminUpgradeabilityProxy.sol#213)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#controlled-delegatecall
BaseImmutableAdminUpgradeabilityProxy.constructor(address).admin (crytic-export/etherscan-contracts/0xd784927Ff2f95ba542BfC824c8a8a98F3495f6b5-InitializableImmutableAdminUpgradeabilityProxy.sol#232) shadows:
- BaseImmutableAdminUpgradeabilityProxy.admin() (crytic-export/etherscan-contracts/0xd784927Ff2f95ba542BfC824c8a8a98F3495f6b5-InitializableImmutableAdminUpgradeabilityProxy.sol#247-249) (function)
InitializableImmutableAdminUpgradeabilityProxy.constructor(address).admin (crytic-export/etherscan-contracts/0xd784927Ff2f95ba542BfC824c8a8a98F3495f6b5-InitializableImmutableAdminUpgradeabilityProxy.sol#303) shadows:
- BaseImmutableAdminUpgradeabilityProxy.admin() (crytic-export/etherscan-contracts/0xd784927Ff2f95ba542BfC824c8a8a98F3495f6b5-InitializableImmutableAdminUpgradeabilityProxy.sol#247-249) (function)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#local-variable-shadowing
InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (crytic-export/etherscan-contracts/0xd784927Ff2f95ba542BfC824c8a8a98F3495f6b5-InitializableImmutableAdminUpgradeabilityProxy.sol#208) lacks a zero-check on :
- (success) = _logic.delegatecall(_data) (crytic-export/etherscan-contracts/0xd784927Ff2f95ba542BfC824c8a8a98F3495f6b5-InitializableImmutableAdminUpgradeabilityProxy.sol#213)
BaseImmutableAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes).newImplementation (crytic-export/etherscan-contracts/0xd784927Ff2f95ba542BfC824c8a8a98F3495f6b5-InitializableImmutableAdminUpgradeabilityProxy.sol#276) lacks a zero-check on :
- (success) = newImplementation.delegatecall(data) (crytic-export/etherscan-contracts/0xd784927Ff2f95ba542BfC824c8a8a98F3495f6b5-InitializableImmutableAdminUpgradeabilityProxy.sol#282)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-zero-address-validation
Modifier BaseImmutableAdminUpgradeabilityProxy.ifAdmin() (crytic-export/etherscan-contracts/0xd784927Ff2f95ba542BfC824c8a8a98F3495f6b5-InitializableImmutableAdminUpgradeabilityProxy.sol#236-242) does not always execute _; or revertReference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-modifier
Address.isContract(address) (crytic-export/etherscan-contracts/0xd784927Ff2f95ba542BfC824c8a8a98F3495f6b5-InitializableImmutableAdminUpgradeabilityProxy.sol#25-36) uses assembly
- INLINE ASM (crytic-export/etherscan-contracts/0xd784927Ff2f95ba542BfC824c8a8a98F3495f6b5-InitializableImmutableAdminUpgradeabilityProxy.sol#32-34)
Proxy._delegate(address) (crytic-export/etherscan-contracts/0xd784927Ff2f95ba542BfC824c8a8a98F3495f6b5-InitializableImmutableAdminUpgradeabilityProxy.sol#90-114) uses assembly
- INLINE ASM (crytic-export/etherscan-contracts/0xd784927Ff2f95ba542BfC824c8a8a98F3495f6b5-InitializableImmutableAdminUpgradeabilityProxy.sol#92-113)
BaseUpgradeabilityProxy._implementation() (crytic-export/etherscan-contracts/0xd784927Ff2f95ba542BfC824c8a8a98F3495f6b5-InitializableImmutableAdminUpgradeabilityProxy.sol#158-164) uses assembly
- INLINE ASM (crytic-export/etherscan-contracts/0xd784927Ff2f95ba542BfC824c8a8a98F3495f6b5-InitializableImmutableAdminUpgradeabilityProxy.sol#161-163)
BaseUpgradeabilityProxy._setImplementation(address) (crytic-export/etherscan-contracts/0xd784927Ff2f95ba542BfC824c8a8a98F3495f6b5-InitializableImmutableAdminUpgradeabilityProxy.sol#179-191) uses assembly
- INLINE ASM (crytic-export/etherscan-contracts/0xd784927Ff2f95ba542BfC824c8a8a98F3495f6b5-InitializableImmutableAdminUpgradeabilityProxy.sol#188-190)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage
Address.sendValue(address,uint256) (crytic-export/etherscan-contracts/0xd784927Ff2f95ba542BfC824c8a8a98F3495f6b5-InitializableImmutableAdminUpgradeabilityProxy.sol#54-60) is never used and should be removed
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dead-code
Low level call in Address.sendValue(address,uint256) (crytic-export/etherscan-contracts/0xd784927Ff2f95ba542BfC824c8a8a98F3495f6b5-InitializableImmutableAdminUpgradeabilityProxy.sol#54-60):
- (success) = recipient.call{value: amount}() (crytic-export/etherscan-contracts/0xd784927Ff2f95ba542BfC824c8a8a98F3495f6b5-InitializableImmutableAdminUpgradeabilityProxy.sol#58)
Low level call in InitializableUpgradeabilityProxy.initialize(address,bytes) (crytic-export/etherscan-contracts/0xd784927Ff2f95ba542BfC824c8a8a98F3495f6b5-InitializableImmutableAdminUpgradeabilityProxy.sol#208-216):
- (success) = _logic.delegatecall(_data) (crytic-export/etherscan-contracts/0xd784927Ff2f95ba542BfC824c8a8a98F3495f6b5-InitializableImmutableAdminUpgradeabilityProxy.sol#213)
Low level call in BaseImmutableAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes) (crytic-export/etherscan-contracts/0xd784927Ff2f95ba542BfC824c8a8a98F3495f6b5-InitializableImmutableAdminUpgradeabilityProxy.sol#276-284):
- (success) = newImplementation.delegatecall(data) (crytic-export/etherscan-contracts/0xd784927Ff2f95ba542BfC824c8a8a98F3495f6b5-InitializableImmutableAdminUpgradeabilityProxy.sol#282)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (crytic-export/etherscan-contracts/0xd784927Ff2f95ba542BfC824c8a8a98F3495f6b5-InitializableImmutableAdminUpgradeabilityProxy.sol#208) is not in mixedCase
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._data (crytic-export/etherscan-contracts/0xd784927Ff2f95ba542BfC824c8a8a98F3495f6b5-InitializableImmutableAdminUpgradeabilityProxy.sol#208) is not in mixedCase
Variable BaseImmutableAdminUpgradeabilityProxy.ADMIN (crytic-export/etherscan-contracts/0xd784927Ff2f95ba542BfC824c8a8a98F3495f6b5-InitializableImmutableAdminUpgradeabilityProxy.sol#230) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
0xd784927Ff2f95ba542BfC824c8a8a98F3495f6b5 analyzed (6 contracts with 75 detectors), 17 result(s) found
Slither report for StakedTokenIncentivesController at `0xD9ED413bCF58c266F95fE6BA63B13cf79299CE31`
SafeMath is re-used:
- SafeMath (@aave/aave-stake/contracts/lib/SafeMath.sol#18-164)
- SafeMath (contracts/lib/SafeMath.sol#8-38)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#name-reused
StakedTokenIncentivesController._claimRewards(address[],uint256,address,address,address) (contracts/incentives/StakedTokenIncentivesController.sol#185-222) uses a dangerous strict equality:
- unclaimedRewards == 0 (contracts/incentives/StakedTokenIncentivesController.sol#211)
DistributionManager._getAssetIndex(uint256,uint256,uint128,uint256) (contracts/incentives/DistributionManager.sol#239-262) uses a dangerous strict equality:
- emissionPerSecond == 0 || totalBalance == 0 || lastUpdateTimestamp == block.timestamp || lastUpdateTimestamp >= distributionEnd (contracts/incentives/DistributionManager.sol#247-250)
DistributionManager._updateAssetStateInternal(address,DistributionManager.AssetData,uint256) (contracts/incentives/DistributionManager.sol#99-126) uses a dangerous strict equality:
- block.timestamp == lastUpdateTimestamp (contracts/incentives/DistributionManager.sol#108)
DistributionManager._updateAssetStateInternal(address,DistributionManager.AssetData,uint256) (contracts/incentives/DistributionManager.sol#99-126) uses a dangerous strict equality:
- require(bool,string)(uint104(newIndex) == newIndex,Index overflow) (contracts/incentives/DistributionManager.sol#116)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dangerous-strict-equalities
StakedTokenIncentivesController.configureAssets(address[],uint256[]).assets (contracts/incentives/StakedTokenIncentivesController.sol#57) shadows:
- DistributionManager.assets (contracts/incentives/DistributionManager.sol#28) (state variable)
StakedTokenIncentivesController.getRewardsBalance(address[],address).assets (contracts/incentives/StakedTokenIncentivesController.sol#92) shadows:
- DistributionManager.assets (contracts/incentives/DistributionManager.sol#28) (state variable)
StakedTokenIncentivesController.claimRewards(address[],uint256,address).assets (contracts/incentives/StakedTokenIncentivesController.sol#113) shadows:
- DistributionManager.assets (contracts/incentives/DistributionManager.sol#28) (state variable)
StakedTokenIncentivesController.claimRewardsOnBehalf(address[],uint256,address,address).assets (contracts/incentives/StakedTokenIncentivesController.sol#123) shadows:
- DistributionManager.assets (contracts/incentives/DistributionManager.sol#28) (state variable)
StakedTokenIncentivesController.claimRewardsToSelf(address[],uint256).assets (contracts/incentives/StakedTokenIncentivesController.sol#134) shadows:
- DistributionManager.assets (contracts/incentives/DistributionManager.sol#28) (state variable)
StakedTokenIncentivesController._claimRewards(address[],uint256,address,address,address).assets (contracts/incentives/StakedTokenIncentivesController.sol#186) shadows:
- DistributionManager.assets (contracts/incentives/DistributionManager.sol#28) (state variable)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#local-variable-shadowing
DistributionManager.constructor(address).emissionManager (contracts/incentives/DistributionManager.sol#37) lacks a zero-check on :
- EMISSION_MANAGER = emissionManager (contracts/incentives/DistributionManager.sol#38)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-zero-address-validation
StakedTokenIncentivesController.configureAssets(address[],uint256[]) (contracts/incentives/StakedTokenIncentivesController.sol#57-76) has external calls inside a loop: assetsConfig[i].totalStaked = IScaledBalanceToken(assets[i]).scaledTotalSupply() (contracts/incentives/StakedTokenIncentivesController.sol#73)
StakedTokenIncentivesController.getRewardsBalance(address[],address) (contracts/incentives/StakedTokenIncentivesController.sol#92-109) has external calls inside a loop: (userState[i].stakedByUser,userState[i].totalStaked) = IScaledBalanceToken(assets[i]).getScaledUserBalanceAndSupply(user) (contracts/incentives/StakedTokenIncentivesController.sol#104-105)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation/#calls-inside-a-loop
Reentrancy in StakedTokenIncentivesController._claimRewards(address[],uint256,address,address,address) (contracts/incentives/StakedTokenIncentivesController.sol#185-222):
External calls:
- STAKE_TOKEN.stake(to,amountToClaim) (contracts/incentives/StakedTokenIncentivesController.sol#218)
Event emitted after the call(s):
- RewardsClaimed(user,to,claimer,amountToClaim) (contracts/incentives/StakedTokenIncentivesController.sol#219)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-3
DistributionManager._updateAssetStateInternal(address,DistributionManager.AssetData,uint256) (contracts/incentives/DistributionManager.sol#99-126) uses timestamp for comparisons
Dangerous comparisons:
- block.timestamp == lastUpdateTimestamp (contracts/incentives/DistributionManager.sol#108)
- newIndex != oldIndex (contracts/incentives/DistributionManager.sol#115)
- require(bool,string)(uint104(newIndex) == newIndex,Index overflow) (contracts/incentives/DistributionManager.sol#116)
DistributionManager._updateUserAssetInternal(address,address,uint256,uint256) (contracts/incentives/DistributionManager.sol#136-158) uses timestamp for comparisons
Dangerous comparisons:
- userIndex != newIndex (contracts/incentives/DistributionManager.sol#148)
DistributionManager._getAssetIndex(uint256,uint256,uint128,uint256) (contracts/incentives/DistributionManager.sol#239-262) uses timestamp for comparisons
Dangerous comparisons:
- emissionPerSecond == 0 || totalBalance == 0 || lastUpdateTimestamp == block.timestamp || lastUpdateTimestamp >= distributionEnd (contracts/incentives/DistributionManager.sol#247-250)
- block.timestamp > distributionEnd (contracts/incentives/DistributionManager.sol#255-256)
StakedTokenIncentivesController.handleAction(address,uint256,uint256) (contracts/incentives/StakedTokenIncentivesController.sol#79-89) uses timestamp for comparisons
Dangerous comparisons:
- accruedRewards != 0 (contracts/incentives/StakedTokenIncentivesController.sol#85)
StakedTokenIncentivesController._claimRewards(address[],uint256,address,address,address) (contracts/incentives/StakedTokenIncentivesController.sol#185-222) uses timestamp for comparisons
Dangerous comparisons:
- accruedRewards != 0 (contracts/incentives/StakedTokenIncentivesController.sol#206)
- unclaimedRewards == 0 (contracts/incentives/StakedTokenIncentivesController.sol#211)
- amount > unclaimedRewards (contracts/incentives/StakedTokenIncentivesController.sol#215)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#block-timestamp
Address.isContract(address) (@aave/aave-stake/contracts/lib/Address.sol#26-37) uses assembly
- INLINE ASM (@aave/aave-stake/contracts/lib/Address.sol#33-35)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage
Address.isContract(address) (@aave/aave-stake/contracts/lib/Address.sol#26-37) is never used and should be removed
Address.sendValue(address,uint256) (@aave/aave-stake/contracts/lib/Address.sol#55-61) is never used and should be removed
SafeERC20.callOptionalReturn(IERC20,bytes) (@aave/aave-stake/contracts/lib/SafeERC20.sol#52-64) is never used and should be removed
SafeERC20.safeApprove(IERC20,address,uint256) (@aave/aave-stake/contracts/lib/SafeERC20.sol#40-50) is never used and should be removed
SafeERC20.safeTransfer(IERC20,address,uint256) (@aave/aave-stake/contracts/lib/SafeERC20.sol#23-29) is never used and should be removed
SafeERC20.safeTransferFrom(IERC20,address,address,uint256) (@aave/aave-stake/contracts/lib/SafeERC20.sol#31-38) is never used and should be removed
SafeMath.div(uint256,uint256,string) (@aave/aave-stake/contracts/lib/SafeMath.sol#117-128) is never used and should be removed
SafeMath.mod(uint256,uint256) (@aave/aave-stake/contracts/lib/SafeMath.sol#141-143) is never used and should be removed
SafeMath.mod(uint256,uint256,string) (@aave/aave-stake/contracts/lib/SafeMath.sol#156-163) is never used and should be removed
SafeMath.sub(uint256,uint256,string) (@aave/aave-stake/contracts/lib/SafeMath.sol#57-66) is never used and should be removed
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dead-code
Low level call in Address.sendValue(address,uint256) (@aave/aave-stake/contracts/lib/Address.sol#55-61):
- (success) = recipient.call{value: amount}() (@aave/aave-stake/contracts/lib/Address.sol#59)
Low level call in SafeERC20.callOptionalReturn(IERC20,bytes) (@aave/aave-stake/contracts/lib/SafeERC20.sol#52-64):
- (success,returndata) = address(token).call(data) (@aave/aave-stake/contracts/lib/SafeERC20.sol#56)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls
Variable VersionedInitializable.______gap (@aave/aave-stake/contracts/utils/VersionedInitializable.sol#41) is not in mixedCase
Function DistributionManager.DISTRIBUTION_END() (contracts/incentives/DistributionManager.sol#53-55) is not in mixedCase
Variable DistributionManager.EMISSION_MANAGER (contracts/incentives/DistributionManager.sol#24) is not in mixedCase
Variable DistributionManager._distributionEnd (contracts/incentives/DistributionManager.sol#30) is not in mixedCase
Parameter StakedTokenIncentivesController.getUserUnclaimedRewards(address)._user (contracts/incentives/StakedTokenIncentivesController.sol#162) is not in mixedCase
Function StakedTokenIncentivesController.REWARD_TOKEN() (contracts/incentives/StakedTokenIncentivesController.sol#167-169) is not in mixedCase
Variable StakedTokenIncentivesController.STAKE_TOKEN (contracts/incentives/StakedTokenIncentivesController.sol#32) is not in mixedCase
Variable StakedTokenIncentivesController._usersUnclaimedRewards (contracts/incentives/StakedTokenIncentivesController.sol#34) is not in mixedCase
Variable StakedTokenIncentivesController._authorizedClaimers (contracts/incentives/StakedTokenIncentivesController.sol#38) is not in mixedCase
Function IAaveDistributionManager.DISTRIBUTION_END() (contracts/interfaces/IAaveDistributionManager.sol#30) is not in mixedCase
Function IAaveIncentivesController.REWARD_TOKEN() (contracts/interfaces/IAaveIncentivesController.sol#111) is not in mixedCase
Function IStakedTokenWithConfig.STAKED_TOKEN() (contracts/interfaces/IStakedTokenWithConfig.sol#7) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
VersionedInitializable.______gap (@aave/aave-stake/contracts/utils/VersionedInitializable.sol#41) is never used in StakedTokenIncentivesController (contracts/incentives/StakedTokenIncentivesController.sol#22-223)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unused-state-variable
0xD9ED413bCF58c266F95fE6BA63B13cf79299CE31 analyzed (14 contracts with 75 detectors), 46 result(s) found
Slither report for TetherToken (Tether USD) at `0xdAC17F958D2ee523a2206206994597C13D831ec7`
UpgradedStandardToken (crytic-export/etherscan-contracts/0xdAC17F958D2ee523a2206206994597C13D831ec7-TetherToken.sol#303-309) has incorrect ERC20 function interface:StandardToken.transferFrom(address,address,uint256) (crytic-export/etherscan-contracts/0xdAC17F958D2ee523a2206206994597C13D831ec7-TetherToken.sol#167-188)
UpgradedStandardToken (crytic-export/etherscan-contracts/0xdAC17F958D2ee523a2206206994597C13D831ec7-TetherToken.sol#303-309) has incorrect ERC20 function interface:StandardToken.approve(address,uint256) (crytic-export/etherscan-contracts/0xdAC17F958D2ee523a2206206994597C13D831ec7-TetherToken.sol#195-205)
UpgradedStandardToken (crytic-export/etherscan-contracts/0xdAC17F958D2ee523a2206206994597C13D831ec7-TetherToken.sol#303-309) has incorrect ERC20 function interface:ERC20.transferFrom(address,address,uint256) (crytic-export/etherscan-contracts/0xdAC17F958D2ee523a2206206994597C13D831ec7-TetherToken.sol#91)
UpgradedStandardToken (crytic-export/etherscan-contracts/0xdAC17F958D2ee523a2206206994597C13D831ec7-TetherToken.sol#303-309) has incorrect ERC20 function interface:ERC20.approve(address,uint256) (crytic-export/etherscan-contracts/0xdAC17F958D2ee523a2206206994597C13D831ec7-TetherToken.sol#92)
UpgradedStandardToken (crytic-export/etherscan-contracts/0xdAC17F958D2ee523a2206206994597C13D831ec7-TetherToken.sol#303-309) has incorrect ERC20 function interface:ERC20Basic.transfer(address,uint256) (crytic-export/etherscan-contracts/0xdAC17F958D2ee523a2206206994597C13D831ec7-TetherToken.sol#81)
UpgradedStandardToken (crytic-export/etherscan-contracts/0xdAC17F958D2ee523a2206206994597C13D831ec7-TetherToken.sol#303-309) has incorrect ERC20 function interface:BasicToken.transfer(address,uint256) (crytic-export/etherscan-contracts/0xdAC17F958D2ee523a2206206994597C13D831ec7-TetherToken.sol#122-135)
TetherToken (crytic-export/etherscan-contracts/0xdAC17F958D2ee523a2206206994597C13D831ec7-TetherToken.sol#311-448) has incorrect ERC20 function interface:BasicToken.transfer(address,uint256) (crytic-export/etherscan-contracts/0xdAC17F958D2ee523a2206206994597C13D831ec7-TetherToken.sol#122-135)
TetherToken (crytic-export/etherscan-contracts/0xdAC17F958D2ee523a2206206994597C13D831ec7-TetherToken.sol#311-448) has incorrect ERC20 function interface:ERC20Basic.transfer(address,uint256) (crytic-export/etherscan-contracts/0xdAC17F958D2ee523a2206206994597C13D831ec7-TetherToken.sol#81)
TetherToken (crytic-export/etherscan-contracts/0xdAC17F958D2ee523a2206206994597C13D831ec7-TetherToken.sol#311-448) has incorrect ERC20 function interface:StandardToken.transferFrom(address,address,uint256) (crytic-export/etherscan-contracts/0xdAC17F958D2ee523a2206206994597C13D831ec7-TetherToken.sol#167-188)
TetherToken (crytic-export/etherscan-contracts/0xdAC17F958D2ee523a2206206994597C13D831ec7-TetherToken.sol#311-448) has incorrect ERC20 function interface:StandardToken.approve(address,uint256) (crytic-export/etherscan-contracts/0xdAC17F958D2ee523a2206206994597C13D831ec7-TetherToken.sol#195-205)
TetherToken (crytic-export/etherscan-contracts/0xdAC17F958D2ee523a2206206994597C13D831ec7-TetherToken.sol#311-448) has incorrect ERC20 function interface:ERC20.transferFrom(address,address,uint256) (crytic-export/etherscan-contracts/0xdAC17F958D2ee523a2206206994597C13D831ec7-TetherToken.sol#91)
TetherToken (crytic-export/etherscan-contracts/0xdAC17F958D2ee523a2206206994597C13D831ec7-TetherToken.sol#311-448) has incorrect ERC20 function interface:ERC20.approve(address,uint256) (crytic-export/etherscan-contracts/0xdAC17F958D2ee523a2206206994597C13D831ec7-TetherToken.sol#92)
TetherToken (crytic-export/etherscan-contracts/0xdAC17F958D2ee523a2206206994597C13D831ec7-TetherToken.sol#311-448) has incorrect ERC20 function interface:TetherToken.transfer(address,uint256) (crytic-export/etherscan-contracts/0xdAC17F958D2ee523a2206206994597C13D831ec7-TetherToken.sol#336-343)
TetherToken (crytic-export/etherscan-contracts/0xdAC17F958D2ee523a2206206994597C13D831ec7-TetherToken.sol#311-448) has incorrect ERC20 function interface:TetherToken.transferFrom(address,address,uint256) (crytic-export/etherscan-contracts/0xdAC17F958D2ee523a2206206994597C13D831ec7-TetherToken.sol#346-353)
TetherToken (crytic-export/etherscan-contracts/0xdAC17F958D2ee523a2206206994597C13D831ec7-TetherToken.sol#311-448) has incorrect ERC20 function interface:TetherToken.approve(address,uint256) (crytic-export/etherscan-contracts/0xdAC17F958D2ee523a2206206994597C13D831ec7-TetherToken.sol#365-371)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-erc20-interface
Ownable.transferOwnership(address) (crytic-export/etherscan-contracts/0xdAC17F958D2ee523a2206206994597C13D831ec7-TetherToken.sol#64-68) should emit an event for:
- owner = newOwner (crytic-export/etherscan-contracts/0xdAC17F958D2ee523a2206206994597C13D831ec7-TetherToken.sol#66)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-events-access-control
TetherToken.deprecate(address)._upgradedAddress (crytic-export/etherscan-contracts/0xdAC17F958D2ee523a2206206994597C13D831ec7-TetherToken.sol#383) lacks a zero-check on :
- upgradedAddress = _upgradedAddress (crytic-export/etherscan-contracts/0xdAC17F958D2ee523a2206206994597C13D831ec7-TetherToken.sol#385)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-zero-address-validation
Variable ERC20Basic._totalSupply (crytic-export/etherscan-contracts/0xdAC17F958D2ee523a2206206994597C13D831ec7-TetherToken.sol#78) is not in mixedCase
Parameter BasicToken.transfer(address,uint256)._to (crytic-export/etherscan-contracts/0xdAC17F958D2ee523a2206206994597C13D831ec7-TetherToken.sol#122) is not in mixedCase
Parameter BasicToken.transfer(address,uint256)._value (crytic-export/etherscan-contracts/0xdAC17F958D2ee523a2206206994597C13D831ec7-TetherToken.sol#122) is not in mixedCase
Parameter BasicToken.balanceOf(address)._owner (crytic-export/etherscan-contracts/0xdAC17F958D2ee523a2206206994597C13D831ec7-TetherToken.sol#142) is not in mixedCase
Parameter StandardToken.transferFrom(address,address,uint256)._from (crytic-export/etherscan-contracts/0xdAC17F958D2ee523a2206206994597C13D831ec7-TetherToken.sol#167) is not in mixedCase
Parameter StandardToken.transferFrom(address,address,uint256)._to (crytic-export/etherscan-contracts/0xdAC17F958D2ee523a2206206994597C13D831ec7-TetherToken.sol#167) is not in mixedCase
Parameter StandardToken.transferFrom(address,address,uint256)._value (crytic-export/etherscan-contracts/0xdAC17F958D2ee523a2206206994597C13D831ec7-TetherToken.sol#167) is not in mixedCase
Parameter StandardToken.approve(address,uint256)._spender (crytic-export/etherscan-contracts/0xdAC17F958D2ee523a2206206994597C13D831ec7-TetherToken.sol#195) is not in mixedCase
Parameter StandardToken.approve(address,uint256)._value (crytic-export/etherscan-contracts/0xdAC17F958D2ee523a2206206994597C13D831ec7-TetherToken.sol#195) is not in mixedCase
Parameter StandardToken.allowance(address,address)._owner (crytic-export/etherscan-contracts/0xdAC17F958D2ee523a2206206994597C13D831ec7-TetherToken.sol#213) is not in mixedCase
Parameter StandardToken.allowance(address,address)._spender (crytic-export/etherscan-contracts/0xdAC17F958D2ee523a2206206994597C13D831ec7-TetherToken.sol#213) is not in mixedCase
Parameter BlackList.getBlackListStatus(address)._maker (crytic-export/etherscan-contracts/0xdAC17F958D2ee523a2206206994597C13D831ec7-TetherToken.sol#267) is not in mixedCase
Parameter BlackList.addBlackList(address)._evilUser (crytic-export/etherscan-contracts/0xdAC17F958D2ee523a2206206994597C13D831ec7-TetherToken.sol#277) is not in mixedCase
Parameter BlackList.removeBlackList(address)._clearedUser (crytic-export/etherscan-contracts/0xdAC17F958D2ee523a2206206994597C13D831ec7-TetherToken.sol#282) is not in mixedCase
Parameter BlackList.destroyBlackFunds(address)._blackListedUser (crytic-export/etherscan-contracts/0xdAC17F958D2ee523a2206206994597C13D831ec7-TetherToken.sol#287) is not in mixedCase
Parameter TetherToken.transfer(address,uint256)._to (crytic-export/etherscan-contracts/0xdAC17F958D2ee523a2206206994597C13D831ec7-TetherToken.sol#336) is not in mixedCase
Parameter TetherToken.transfer(address,uint256)._value (crytic-export/etherscan-contracts/0xdAC17F958D2ee523a2206206994597C13D831ec7-TetherToken.sol#336) is not in mixedCase
Parameter TetherToken.transferFrom(address,address,uint256)._from (crytic-export/etherscan-contracts/0xdAC17F958D2ee523a2206206994597C13D831ec7-TetherToken.sol#346) is not in mixedCase
Parameter TetherToken.transferFrom(address,address,uint256)._to (crytic-export/etherscan-contracts/0xdAC17F958D2ee523a2206206994597C13D831ec7-TetherToken.sol#346) is not in mixedCase
Parameter TetherToken.transferFrom(address,address,uint256)._value (crytic-export/etherscan-contracts/0xdAC17F958D2ee523a2206206994597C13D831ec7-TetherToken.sol#346) is not in mixedCase
Parameter TetherToken.approve(address,uint256)._spender (crytic-export/etherscan-contracts/0xdAC17F958D2ee523a2206206994597C13D831ec7-TetherToken.sol#365) is not in mixedCase
Parameter TetherToken.approve(address,uint256)._value (crytic-export/etherscan-contracts/0xdAC17F958D2ee523a2206206994597C13D831ec7-TetherToken.sol#365) is not in mixedCase
Parameter TetherToken.allowance(address,address)._owner (crytic-export/etherscan-contracts/0xdAC17F958D2ee523a2206206994597C13D831ec7-TetherToken.sol#374) is not in mixedCase
Parameter TetherToken.allowance(address,address)._spender (crytic-export/etherscan-contracts/0xdAC17F958D2ee523a2206206994597C13D831ec7-TetherToken.sol#374) is not in mixedCase
Parameter TetherToken.deprecate(address)._upgradedAddress (crytic-export/etherscan-contracts/0xdAC17F958D2ee523a2206206994597C13D831ec7-TetherToken.sol#383) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
UpgradedStandardToken (crytic-export/etherscan-contracts/0xdAC17F958D2ee523a2206206994597C13D831ec7-TetherToken.sol#303-309) does not implement functions:
- UpgradedStandardToken.approveByLegacy(address,address,uint256) (crytic-export/etherscan-contracts/0xdAC17F958D2ee523a2206206994597C13D831ec7-TetherToken.sol#308)
- ERC20Basic.totalSupply() (crytic-export/etherscan-contracts/0xdAC17F958D2ee523a2206206994597C13D831ec7-TetherToken.sol#79)
- UpgradedStandardToken.transferByLegacy(address,address,uint256) (crytic-export/etherscan-contracts/0xdAC17F958D2ee523a2206206994597C13D831ec7-TetherToken.sol#306)
- UpgradedStandardToken.transferFromByLegacy(address,address,address,uint256) (crytic-export/etherscan-contracts/0xdAC17F958D2ee523a2206206994597C13D831ec7-TetherToken.sol#307)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unimplemented-functions
0xdAC17F958D2ee523a2206206994597C13D831ec7 analyzed (10 contracts with 75 detectors), 43 result(s) found
Slither report for Starknet at `0xE267213B0749Bb94c575F6170812c887330d9cE3`
Warning: ProxySupport.sol:36:5: Warning: Function state mutability can be restricted to pure
function isFrozen() external view virtual returns (bool) {
^ (Relevant source part starts here and spans across multiple lines).
StarknetOutput.processMessages(bool,uint256[],mapping(bytes32 => uint256)) (Output.sol#98-179) sends eth to arbitrary user
Dangerous calls:
- (success) = msg.sender.call{value: totalMsgFees}() (Output.sol#174)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#functions-that-send-ether-to-arbitrary-destinations
ProxySupport.callExternalInitializer(address,bytes) (ProxySupport.sol#81-92) uses delegatecall to a input-controlled function id
- (success,returndata) = externalInitializerAddr.delegatecall(abi.encodeWithSelector(this.initialize.selector,eicData)) (ProxySupport.sol#87-89)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#controlled-delegatecall
Reentrancy in Starknet.updateState(uint256[],uint256,uint256) (Starknet.sol#172-217):
External calls:
- outputOffset += StarknetOutput.processMessages(true,programOutput,l2ToL1Messages()) (Starknet.sol#196-201)
- outputOffset += StarknetOutput.processMessages(false,programOutput,l1ToL2Messages()) (Starknet.sol#204-209)
Event emitted after the call(s):
- LogStateUpdate(state_.globalRoot,state_.blockNumber) (Starknet.sol#216)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-3
StarknetMessaging.cancelL1ToL2Message(uint256,uint256,uint256[],uint256) (StarknetMessaging.sol#171-191) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(block.timestamp >= cancelAllowedTime,MESSAGE_CANCELLATION_NOT_ALLOWED_YET) (StarknetMessaging.sol#187)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#block-timestamp
Addresses.isContract(address) (Addresses.sol#29-35) uses assembly
- INLINE ASM (Addresses.sol#31-33)
NamedStorage.bytes32ToUint256Mapping(string) (NamedStorage.sol#25-34) uses assembly
- INLINE ASM (NamedStorage.sol#31-33)
NamedStorage.bytes32ToAddressMapping(string) (NamedStorage.sol#36-45) uses assembly
- INLINE ASM (NamedStorage.sol#42-44)
NamedStorage.uintToAddressMapping(string) (NamedStorage.sol#47-56) uses assembly
- INLINE ASM (NamedStorage.sol#53-55)
NamedStorage.addressToBoolMapping(string) (NamedStorage.sol#58-67) uses assembly
- INLINE ASM (NamedStorage.sol#64-66)
NamedStorage.getUintValue(string) (NamedStorage.sol#69-74) uses assembly
- INLINE ASM (NamedStorage.sol#71-73)
NamedStorage.setUintValue(string,uint256) (NamedStorage.sol#76-81) uses assembly
- INLINE ASM (NamedStorage.sol#78-80)
NamedStorage.getAddressValue(string) (NamedStorage.sol#88-93) uses assembly
- INLINE ASM (NamedStorage.sol#90-92)
NamedStorage.setAddressValue(string,address) (NamedStorage.sol#95-100) uses assembly
- INLINE ASM (NamedStorage.sol#97-99)
NamedStorage.getBoolValue(string) (NamedStorage.sol#107-112) uses assembly
- INLINE ASM (NamedStorage.sol#109-111)
NamedStorage.setBoolValue(string,bool) (NamedStorage.sol#114-119) uses assembly
- INLINE ASM (NamedStorage.sol#116-118)
Starknet.state() (Starknet.sol#104-109) uses assembly
- INLINE ASM (Starknet.sol#106-108)
StarknetGovernance.getGovernanceInfo() (StarknetGovernance.sol#27-32) uses assembly
- INLINE ASM (StarknetGovernance.sol#29-31)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage
Addresses.performEthTransfer(address,uint256) (Addresses.sol#37-40) is never used and should be removed
Addresses.safeTokenContractCall(address,bytes) (Addresses.sol#47-56) is never used and should be removed
NamedStorage.bytes32ToAddressMapping(string) (NamedStorage.sol#36-45) is never used and should be removed
NamedStorage.setUintValueOnce(string,uint256) (NamedStorage.sol#83-86) is never used and should be removed
NamedStorage.uintToAddressMapping(string) (NamedStorage.sol#47-56) is never used and should be removed
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dead-code
Low level call in Addresses.performEthTransfer(address,uint256) (Addresses.sol#37-40):
- (success) = recipient.call{value: amount}() (Addresses.sol#38)
Low level call in Addresses.safeTokenContractCall(address,bytes) (Addresses.sol#47-56):
- (success,returndata) = tokenAddress.call(callData) (Addresses.sol#50)
Low level call in StarknetOutput.processMessages(bool,uint256[],mapping(bytes32 => uint256)) (Output.sol#98-179):
- (success) = msg.sender.call{value: totalMsgFees}() (Output.sol#174)
Low level call in ProxySupport.callExternalInitializer(address,bytes) (ProxySupport.sol#81-92):
- (success,returndata) = externalInitializerAddr.delegatecall(abi.encodeWithSelector(this.initialize.selector,eicData)) (ProxySupport.sol#87-89)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls
Parameter StarknetOutput.validate(uint256[]).output_data (Output.sol#76) is not in mixedCase
Parameter StarknetOutput.getMerkleUpdate(uint256[]).output_data (Output.sol#83) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
Variable StarknetOutput.MESSAGE_TO_L1_FROM_ADDRESS_OFFSET (Output.sol#49) is too similar to StarknetOutput.MESSAGE_TO_L2_FROM_ADDRESS_OFFSET (Output.sol#54)
Variable StarknetOutput.MESSAGE_TO_L1_PAYLOAD_SIZE_OFFSET (Output.sol#51) is too similar to StarknetOutput.MESSAGE_TO_L2_PAYLOAD_SIZE_OFFSET (Output.sol#58)
Variable StarknetOutput.MESSAGE_TO_L1_PREFIX_SIZE (Output.sol#52) is too similar to StarknetOutput.MESSAGE_TO_L2_PREFIX_SIZE (Output.sol#59)
Variable StarknetOutput.MESSAGE_TO_L1_TO_ADDRESS_OFFSET (Output.sol#50) is too similar to StarknetOutput.MESSAGE_TO_L2_TO_ADDRESS_OFFSET (Output.sol#55)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#variable-names-too-similar
OnchainDataFactTreeEncoder.ONCHAIN_DATA_FACT_ADDITIONAL_WORDS (OnchainDataFactTreeEncoder.sol#27) is never used in OnchainDataFactTreeEncoder (OnchainDataFactTreeEncoder.sol#19-65)
StarknetOutput.MERKLE_UPDATE_OFFSET (Output.sol#44) is never used in StarknetOutput (Output.sol#43-180)
StarknetOutput.BLOCK_NUMBER_OFFSET (Output.sol#45) is never used in StarknetOutput (Output.sol#43-180)
StarknetOutput.CONFIG_HASH_OFFSET (Output.sol#46) is never used in StarknetOutput (Output.sol#43-180)
StarknetOutput.MESSAGE_TO_L1_PREFIX_SIZE (Output.sol#52) is never used in StarknetOutput (Output.sol#43-180)
StarknetOutput.MESSAGE_TO_L2_PREFIX_SIZE (Output.sol#59) is never used in StarknetOutput (Output.sol#43-180)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unused-state-variable
0xE267213B0749Bb94c575F6170812c887330d9cE3 analyzed (22 contracts with 75 detectors), 38 result(s) found