Updated as of block 16966350 at 4/3/2023, 1:10:11 AM ET
- ID: 174
- Proposer: 0xbC540e0729B732fb14afA240aA5A047aE9ba7dF0
- Start Block: 16784927 (3/8/2023, 12:09:59 PM ET)
- End Block: 16804127 (3/11/2023, 5:03:59 AM ET)
- Targets: 0x014B2Fc091CaD41F5d6a8EEb2FEF27852f4a97E7
- Executor: 0xEE56e2B3D491590B5b31738cC34d5232F378a8D5 (Short executor)
- Simulation: https://dashboard.tenderly.co/me/simulator/467a121e-cbd7-4ef7-ab7a-6d6c0571d519
Proposal text
A proposal to adjust two (2) total risk parameters, including Liquidation Threshold (LT) and Loan-To-Value (LTV), for one (1) asset on Aave V2 Ethereum.
This proposal is a continuation of a series of proposals (AIP-136, AIP-137) intended to reduce the viability of different attack vectors on V2 assets.
At Chaos Labs, we continuously monitor markets and utilize our Asset Protection Tool to assess potential attack vectors on the protocol and suggest parameter and configuration updates accordingly (Supply/Borrow Caps, Liquidation Threshold updates, freezing of assets, listing in isolation mode, etc.)
Capital efficiency reductions on V2 assets will further mitigate attack vectors by increasing the capital required to wage a price manipulation attack on Aave. In addition, these changes will act as an effective motivation to shift usage to V3, where users can enjoy the benefits of enhanced risk mitigation mechanisms.
As Liquidation Threshold reductions may lead to user accounts being eligible for liquidations upon their approval, we want to clarify the full implications to the community at each step. To minimize this impact, we suggest reaching the desired settings by a series of incremental decreases, following the Risk-Off Framework previously approved by the community, with a reduction of up to 3% in any given AIP.
To avoid liquidations, Chaos Labs will communicate the planned amendments before their on-chain execution via all available avenues (Twitter, forums, Nansen Connect, and Blockscan Chat).
Below, we share data to quantify the effect of the recommended reductions on protocol users.
At the time of this proposal, none of the current positions will be eligible for liquidation due to the proposed change.
$MKR Zero (0) accounts are eligible for liquidation.
The following risk parameter proposal is presented below:
| Asset | Parameter | Current | Recommended | Change |
|---|---|---|---|---|
| MKR | Liquidation Threshold | 67% | 64% | -3% |
| MKR | Loan-to-Value | 62% | 59% | -3% |
Proposal payload implementation
Copyright and related rights waived via CC0.
Info:
- State changes:
# InitializableImmutableAdminUpgradeabilityProxy at `0x7d2768dE32b0b80b7a3454c06BdAc94A69DDc7A9` with implementation LendingPool at `0xC6845a5C768BF8D7681249f8927877Efda425baf`
@@ `_reserves` key `0x9f8f72aa9304c8b593d555f12ef6589cc3a579a2`.configuration.data @@
- 36894141778486362904632
+ 36894141778486343243532
# decoded configuration.data for key `0x9f8f72aa9304c8b593d555f12ef6589cc3a579a2` (symbol: unknown)
@@ configuration.data.ltv @@
- 6200
+ 5900
@@ configuration.data.liquidationThreshold @@
- 6700
+ 6400
Info:
- There is no SELFDESTRUCT inside of delegated call
Info:
- Events Emitted:
- InitializableImmutableAdminUpgradeabilityProxy at
0x311Bb771e4F8952E6Da169b425E7e92d6Ac45756with implementation LendingPoolConfigurator at0x3a95Ee42f080ff7289C8B4a14EB483a8644d7521CollateralConfigurationChanged(asset: 0x9f8f72aa9304c8b593d555f12ef6589cc3a579a2, ltv: 5900, liquidationThreshold: 6400, liquidationBonus: 10750)
- InitializableImmutableAdminUpgradeabilityProxy at
Info:
- Targets:
- 0x014B2Fc091CaD41F5d6a8EEb2FEF27852f4a97E7: Contract (verified) (ProposalPayload)
Info:
- Touched address:
- 0x3Cbded22F878aFC8d39dCD744d3Fe62086B76193: EOA (verification not applicable)
- 0xEC568fffba86c094cf06b22134B23074DFE2252c: Contract (verified) (AaveGovernanceV2)
- 0xEE56e2B3D491590B5b31738cC34d5232F378a8D5: Contract (verified) (Executor)
- 0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e: Contract (verified) (GovernanceStrategy)
- 0x7Fc66500c84A76Ad7e9c93437bFc5Ac33E2DDaE9: Contract (verified) (InitializableAdminUpgradeabilityProxy)
- 0xC13eac3B4F9EED480045113B7af00F7B5655Ece8: Contract (verified) (AaveTokenV2)
- 0x014B2Fc091CaD41F5d6a8EEb2FEF27852f4a97E7: Contract (verified) (ProposalPayload)
- 0x311Bb771e4F8952E6Da169b425E7e92d6Ac45756: Contract (verified) (InitializableImmutableAdminUpgradeabilityProxy)
- 0x3a95Ee42f080ff7289C8B4a14EB483a8644d7521: Contract (verified) (LendingPoolConfigurator)
- 0xB53C1a33016B2DC2fF3653530bfF1848a515c8c5: Contract (verified) (LendingPoolAddressesProvider)
- 0x7d2768dE32b0b80b7a3454c06BdAc94A69DDc7A9: Contract (verified) (InitializableImmutableAdminUpgradeabilityProxy)
- 0xC6845a5C768BF8D7681249f8927877Efda425baf: Contract (verified) (LendingPool)
Info:
View Details
View warnings for ProposalPayload at `0x014B2Fc091CaD41F5d6a8EEb2FEF27852f4a97E7`
ERROR:CryticCompile:ParserError: ParserError: Source "@aave-address-book/AaveV2Ethereum.sol" not found: File not found. Searched the following locations: "".
--> src/payloads/MKRPayload-Feb26.sol:4:1:
|
4 | import {AaveV2Ethereum, AaveV2EthereumAssets } from "@aave-address-book/AaveV2Ethereum.sol";
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
View warnings for InitializableImmutableAdminUpgradeabilityProxy at `0x311Bb771e4F8952E6Da169b425E7e92d6Ac45756` with implementation LendingPoolConfigurator at `0x3a95Ee42f080ff7289C8B4a14EB483a8644d7521`
WARNING:CryticCompile:Warning: contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:16:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract BaseImmutableAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableImmutableAdminUpgradeabilityProxy is
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
View warnings for LendingPoolConfigurator at `0x3a95Ee42f080ff7289C8B4a14EB483a8644d7521`
WARNING:CryticCompile:Warning: contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:16:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract BaseImmutableAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableImmutableAdminUpgradeabilityProxy is
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
View warnings for InitializableImmutableAdminUpgradeabilityProxy at `0x7d2768dE32b0b80b7a3454c06BdAc94A69DDc7A9` with implementation LendingPool at `0xC6845a5C768BF8D7681249f8927877Efda425baf`
WARNING:CryticCompile:Warning: contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:16:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract BaseImmutableAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableImmutableAdminUpgradeabilityProxy is
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
View warnings for InitializableAdminUpgradeabilityProxy at `0x7Fc66500c84A76Ad7e9c93437bFc5Ac33E2DDaE9` with implementation unknown contract name at `0x96F68837877fd0414B55050c9e794AECdBcfCA59`
WARNING:CryticCompile:Warning: contracts/open-zeppelin/Address.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/BaseUpgradeabilityProxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/Proxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/SafeMath.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/UpgradeabilityProxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol:13:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract BaseAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/open-zeppelin/Proxy.sol:15:3: The payable fallback function is defined here.
fallback () payable external {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/open-zeppelin/Proxy.sol:15:3: The payable fallback function is defined here.
fallback () payable external {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/open-zeppelin/InitializableAdminUpgradeabilityProxy.sol:12:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableAdminUpgradeabilityProxy is BaseAdminUpgradeabilityProxy, InitializableUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/open-zeppelin/Proxy.sol:15:3: The payable fallback function is defined here.
fallback () payable external {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/utils/MockTransferHook.sol:9:25: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function onTransfer(address from, address to, uint256 amount) external override {
^----------^
Warning: contracts/utils/MockTransferHook.sol:9:39: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function onTransfer(address from, address to, uint256 amount) external override {
^--------^
Warning: contracts/utils/MockTransferHook.sol:9:51: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function onTransfer(address from, address to, uint256 amount) external override {
^------------^
View warnings for LendingPoolAddressesProvider at `0xB53C1a33016B2DC2fF3653530bfF1848a515c8c5`
WARNING:CryticCompile:Warning: contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:16:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract BaseImmutableAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableImmutableAdminUpgradeabilityProxy is
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
View warnings for AaveTokenV2 (Aave Token) at `0xC13eac3B4F9EED480045113B7af00F7B5655Ece8`
WARNING:CryticCompile:Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:453:18: Warning: This declaration shadows an existing declaration.
constructor (string memory name, string memory symbol) public {
^----------------^
crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:462:5: The shadowed declaration is here:
function name() public view returns (string memory) {
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:453:38: Warning: This declaration shadows an existing declaration.
constructor (string memory name, string memory symbol) public {
^------------------^
crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:470:5: The shadowed declaration is here:
function symbol() public view returns (string memory) {
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:35:3: Warning: Interface functions are implicitly "virtual"
function delegateByType(address delegatee, DelegationType delegationType) external virtual;
^-----------------------------------------------------------------------------------------^
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:40:3: Warning: Interface functions are implicitly "virtual"
function delegate(address delegatee) external virtual;
^----------------------------------------------------^
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:45:3: Warning: Interface functions are implicitly "virtual"
function getDelegateeByType(address delegator, DelegationType delegationType)
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:56:3: Warning: Interface functions are implicitly "virtual"
function getPowerCurrent(address user, DelegationType delegationType)
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:66:3: Warning: Interface functions are implicitly "virtual"
function getPowerAtBlock(
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:75:3: Warning: Interface functions are implicitly "virtual"
function totalSupplyAt(uint256 blockNumber) external virtual view returns (uint256);
^----------------------------------------------------------------------------------^
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:453:5: Warning: Visibility for constructor is ignored. If you want the contract to be non-deployable, making it "abstract" is sufficient.
constructor (string memory name, string memory symbol) public {
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:1161:3: Warning: Visibility for constructor is ignored. If you want the contract to be non-deployable, making it "abstract" is sufficient.
constructor() public ERC20(NAME, SYMBOL) {}
^-----------------------------------------^
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:913:26: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function totalSupplyAt(uint256 blockNumber) external override view returns (uint256) {
^-----------------^
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:1079:5: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
uint128 oldValue,
^--------------^
View warnings for LendingPool at `0xC6845a5C768BF8D7681249f8927877Efda425baf`
WARNING:CryticCompile:Warning: contracts/dependencies/openzeppelin/upgradeability/BaseAdminUpgradeabilityProxy.sol:14:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract BaseAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/dependencies/openzeppelin/upgradeability/AdminUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract AdminUpgradeabilityProxy is BaseAdminUpgradeabilityProxy, UpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/dependencies/openzeppelin/upgradeability/InitializableAdminUpgradeabilityProxy.sol:12:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableAdminUpgradeabilityProxy is
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:16:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract BaseImmutableAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableImmutableAdminUpgradeabilityProxy is
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Info:
View Details
Slither report for ProposalPayload at `0x014B2Fc091CaD41F5d6a8EEb2FEF27852f4a97E7`
Traceback (most recent call last):
File "/home/runner/.local/lib/python3.10/site-packages/slither/__main__.py", line 837, in main_impl
) = process_all(filename, args, detector_classes, printer_classes)
File "/home/runner/.local/lib/python3.10/site-packages/slither/__main__.py", line 90, in process_all
compilations = compile_all(target, **vars(args))
File "/home/runner/.local/lib/python3.10/site-packages/crytic_compile/crytic_compile.py", line 643, in compile_all
compilations.append(CryticCompile(target, **kwargs))
File "/home/runner/.local/lib/python3.10/site-packages/crytic_compile/crytic_compile.py", line 131, in __init__
self._compile(**kwargs)
File "/home/runner/.local/lib/python3.10/site-packages/crytic_compile/crytic_compile.py", line 553, in _compile
self._platform.compile(self, **kwargs)
File "/home/runner/.local/lib/python3.10/site-packages/crytic_compile/platform/etherscan.py", line 362, in compile
solc_standard_json.standalone_compile(filenames, compilation_unit, working_dir=working_dir)
File "/home/runner/.local/lib/python3.10/site-packages/crytic_compile/platform/solc_standard_json.py", line 66, in standalone_compile
targets_json = run_solc_standard_json(
File "/home/runner/.local/lib/python3.10/site-packages/crytic_compile/platform/solc_standard_json.py", line 181, in run_solc_standard_json
raise InvalidCompilation(solc_exception_str)
crytic_compile.platform.exceptions.InvalidCompilation: ParserError: ParserError: Source "@aave-address-book/AaveV2Ethereum.sol" not found: File not found. Searched the following locations: "".
--> src/payloads/MKRPayload-Feb26.sol:4:1:
|
4 | import {AaveV2Ethereum, AaveV2EthereumAssets } from "@aave-address-book/AaveV2Ethereum.sol";
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
ERROR:root:Error in 0x014B2Fc091CaD41F5d6a8EEb2FEF27852f4a97E7
ERROR:root:Traceback (most recent call last):
File "/home/runner/.local/lib/python3.10/site-packages/slither/__main__.py", line 837, in main_impl
) = process_all(filename, args, detector_classes, printer_classes)
File "/home/runner/.local/lib/python3.10/site-packages/slither/__main__.py", line 90, in process_all
compilations = compile_all(target, **vars(args))
File "/home/runner/.local/lib/python3.10/site-packages/crytic_compile/crytic_compile.py", line 643, in compile_all
compilations.append(CryticCompile(target, **kwargs))
File "/home/runner/.local/lib/python3.10/site-packages/crytic_compile/crytic_compile.py", line 131, in __init__
self._compile(**kwargs)
File "/home/runner/.local/lib/python3.10/site-packages/crytic_compile/crytic_compile.py", line 553, in _compile
self._platform.compile(self, **kwargs)
File "/home/runner/.local/lib/python3.10/site-packages/crytic_compile/platform/etherscan.py", line 362, in compile
solc_standard_json.standalone_compile(filenames, compilation_unit, working_dir=working_dir)
File "/home/runner/.local/lib/python3.10/site-packages/crytic_compile/platform/solc_standard_json.py", line 66, in standalone_compile
targets_json = run_solc_standard_json(
File "/home/runner/.local/lib/python3.10/site-packages/crytic_compile/platform/solc_standard_json.py", line 181, in run_solc_standard_json
raise InvalidCompilation(solc_exception_str)
crytic_compile.platform.exceptions.InvalidCompilation: ParserError: ParserError: Source "@aave-address-book/AaveV2Ethereum.sol" not found: File not found. Searched the following locations: "".
--> src/payloads/MKRPayload-Feb26.sol:4:1:
|
4 | import {AaveV2Ethereum, AaveV2EthereumAssets } from "@aave-address-book/AaveV2Ethereum.sol";
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Slither report for InitializableImmutableAdminUpgradeabilityProxy at `0x311Bb771e4F8952E6Da169b425E7e92d6Ac45756` with implementation LendingPoolConfigurator at `0x3a95Ee42f080ff7289C8B4a14EB483a8644d7521`
Warning: contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:16:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract BaseImmutableAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableImmutableAdminUpgradeabilityProxy is
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
INFO:Detectors:
InitializableUpgradeabilityProxy.initialize(address,bytes) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20-28) uses delegatecall to a input-controlled function id
- (success) = _logic.delegatecall(_data) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#controlled-delegatecall
INFO:Detectors:
BaseImmutableAdminUpgradeabilityProxy.constructor(address).admin (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#19) shadows:
- BaseImmutableAdminUpgradeabilityProxy.admin() (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#34-36) (function)
InitializableImmutableAdminUpgradeabilityProxy.constructor(address).admin (contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol#15) shadows:
- BaseImmutableAdminUpgradeabilityProxy.admin() (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#34-36) (function)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#local-variable-shadowing
INFO:Detectors:
InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) lacks a zero-check on :
- (success) = _logic.delegatecall(_data) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
BaseImmutableAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes).newImplementation (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#63) lacks a zero-check on :
- (success) = newImplementation.delegatecall(data) (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#69)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-zero-address-validation
INFO:Detectors:
Modifier BaseImmutableAdminUpgradeabilityProxy.ifAdmin() (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#23-29) does not always execute _; or revertReference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-modifier
INFO:Detectors:
Address.isContract(address) (contracts/dependencies/openzeppelin/contracts/Address.sol#25-36) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/contracts/Address.sol#32-34)
BaseUpgradeabilityProxy._implementation() (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#31-37) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#34-36)
BaseUpgradeabilityProxy._setImplementation(address) (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#52-64) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#61-63)
Proxy._delegate(address) (contracts/dependencies/openzeppelin/upgradeability/Proxy.sol#31-55) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/upgradeability/Proxy.sol#33-54)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage
INFO:Detectors:
Address.sendValue(address,uint256) (contracts/dependencies/openzeppelin/contracts/Address.sol#54-60) is never used and should be removed
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dead-code
INFO:Detectors:
Low level call in Address.sendValue(address,uint256) (contracts/dependencies/openzeppelin/contracts/Address.sol#54-60):
- (success) = recipient.call{value: amount}() (contracts/dependencies/openzeppelin/contracts/Address.sol#58)
Low level call in InitializableUpgradeabilityProxy.initialize(address,bytes) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20-28):
- (success) = _logic.delegatecall(_data) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
Low level call in BaseImmutableAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes) (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#63-71):
- (success) = newImplementation.delegatecall(data) (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#69)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls
INFO:Detectors:
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) is not in mixedCase
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._data (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) is not in mixedCase
Variable BaseImmutableAdminUpgradeabilityProxy.ADMIN (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#17) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
INFO:Slither:0x311Bb771e4F8952E6Da169b425E7e92d6Ac45756 analyzed (6 contracts with 79 detectors), 17 result(s) found
Slither report for LendingPoolConfigurator at `0x3a95Ee42f080ff7289C8B4a14EB483a8644d7521`
Warning: contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:16:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract BaseImmutableAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableImmutableAdminUpgradeabilityProxy is
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
INFO:Detectors:
InitializableUpgradeabilityProxy.initialize(address,bytes) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20-28) uses delegatecall to a input-controlled function id
- (success) = _logic.delegatecall(_data) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#controlled-delegatecall
INFO:Detectors:
LendingPoolConfigurator._checkNoLiquidity(address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#552-561) uses a dangerous strict equality:
- require(bool,string)(availableLiquidity == 0 && reserveData.currentLiquidityRate == 0,Errors.LPC_RESERVE_LIQUIDITY_NOT_0) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#557-560)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dangerous-strict-equalities
INFO:Detectors:
BaseImmutableAdminUpgradeabilityProxy.constructor(address).admin (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#19) shadows:
- BaseImmutableAdminUpgradeabilityProxy.admin() (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#34-36) (function)
InitializableImmutableAdminUpgradeabilityProxy.constructor(address).admin (contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol#15) shadows:
- BaseImmutableAdminUpgradeabilityProxy.admin() (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#34-36) (function)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#local-variable-shadowing
INFO:Detectors:
InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) lacks a zero-check on :
- (success) = _logic.delegatecall(_data) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
BaseImmutableAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes).newImplementation (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#63) lacks a zero-check on :
- (success) = newImplementation.delegatecall(data) (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#69)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-zero-address-validation
INFO:Detectors:
Modifier BaseImmutableAdminUpgradeabilityProxy.ifAdmin() (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#23-29) does not always execute _; or revertReference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-modifier
INFO:Detectors:
Reentrancy in LendingPoolConfigurator.activateReserve(address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#421-429):
External calls:
- pool.setConfiguration(asset,currentConfig.data) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#426)
Event emitted after the call(s):
- ReserveActivated(asset) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#428)
Reentrancy in LendingPoolConfigurator.configureReserveAsCollateral(address,uint256,uint256,uint256) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#345-387):
External calls:
- pool.setConfiguration(asset,currentConfig.data) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#384)
Event emitted after the call(s):
- CollateralConfigurationChanged(asset,ltv,liquidationThreshold,liquidationBonus) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#386)
Reentrancy in LendingPoolConfigurator.deactivateReserve(address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#435-445):
External calls:
- pool.setConfiguration(asset,currentConfig.data) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#442)
Event emitted after the call(s):
- ReserveDeactivated(asset) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#444)
Reentrancy in LendingPoolConfigurator.disableBorrowingOnReserve(address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#327-334):
External calls:
- pool.setConfiguration(asset,currentConfig.data) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#332)
Event emitted after the call(s):
- BorrowingDisabledOnReserve(asset) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#333)
Reentrancy in LendingPoolConfigurator.disableReserveStableRate(address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#407-415):
External calls:
- pool.setConfiguration(asset,currentConfig.data) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#412)
Event emitted after the call(s):
- StableRateDisabledOnReserve(asset) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#414)
Reentrancy in LendingPoolConfigurator.enableBorrowingOnReserve(address,bool) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#309-321):
External calls:
- pool.setConfiguration(asset,currentConfig.data) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#318)
Event emitted after the call(s):
- BorrowingEnabledOnReserve(asset,stableBorrowRateEnabled) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#320)
Reentrancy in LendingPoolConfigurator.enableReserveStableRate(address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#393-401):
External calls:
- pool.setConfiguration(asset,currentConfig.data) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#398)
Event emitted after the call(s):
- StableRateEnabledOnReserve(asset) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#400)
Reentrancy in LendingPoolConfigurator.freezeReserve(address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#452-460):
External calls:
- pool.setConfiguration(asset,currentConfig.data) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#457)
Event emitted after the call(s):
- ReserveFrozen(asset) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#459)
Reentrancy in LendingPoolConfigurator.initReserve(address,address,address,uint8,address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#201-263):
External calls:
- aTokenProxyAddress = _initTokenWithProxy(aTokenImpl,underlyingAssetDecimals) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#231)
- proxy.initialize(implementation,params) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#524)
- stableDebtTokenProxyAddress = _initTokenWithProxy(stableDebtTokenImpl,underlyingAssetDecimals) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#233-234)
- proxy.initialize(implementation,params) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#524)
- variableDebtTokenProxyAddress = _initTokenWithProxy(variableDebtTokenImpl,underlyingAssetDecimals) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#236-237)
- proxy.initialize(implementation,params) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#524)
- pool.initReserve(asset,aTokenProxyAddress,stableDebtTokenProxyAddress,variableDebtTokenProxyAddress,interestRateStrategyAddress) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#239-245)
- pool.setConfiguration(asset,currentConfig.data) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#254)
Event emitted after the call(s):
- ReserveInitialized(asset,aTokenProxyAddress,stableDebtTokenProxyAddress,variableDebtTokenProxyAddress,interestRateStrategyAddress) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#256-262)
Reentrancy in LendingPoolConfigurator.setReserveFactor(address,uint256) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#481-489):
External calls:
- pool.setConfiguration(asset,currentConfig.data) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#486)
Event emitted after the call(s):
- ReserveFactorChanged(asset,reserveFactor) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#488)
Reentrancy in LendingPoolConfigurator.setReserveInterestRateStrategyAddress(address,address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#496-502):
External calls:
- pool.setReserveInterestRateStrategyAddress(asset,rateStrategyAddress) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#500)
Event emitted after the call(s):
- ReserveInterestRateStrategyChanged(asset,rateStrategyAddress) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#501)
Reentrancy in LendingPoolConfigurator.unfreezeReserve(address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#466-474):
External calls:
- pool.setConfiguration(asset,currentConfig.data) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#471)
Event emitted after the call(s):
- ReserveUnfrozen(asset) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#473)
Reentrancy in LendingPoolConfigurator.updateAToken(address,address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#270-276):
External calls:
- _upgradeTokenImplementation(asset,reserveData.aTokenAddress,implementation) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#273)
- proxy.upgradeToAndCall(implementation,params) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#549)
Event emitted after the call(s):
- ATokenUpgraded(asset,reserveData.aTokenAddress,implementation) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#275)
Reentrancy in LendingPoolConfigurator.updateStableDebtToken(address,address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#283-289):
External calls:
- _upgradeTokenImplementation(asset,reserveData.stableDebtTokenAddress,implementation) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#286)
- proxy.upgradeToAndCall(implementation,params) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#549)
Event emitted after the call(s):
- StableDebtTokenUpgraded(asset,reserveData.stableDebtTokenAddress,implementation) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#288)
Reentrancy in LendingPoolConfigurator.updateVariableDebtToken(address,address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#296-302):
External calls:
- _upgradeTokenImplementation(asset,reserveData.variableDebtTokenAddress,implementation) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#299)
- proxy.upgradeToAndCall(implementation,params) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#549)
Event emitted after the call(s):
- VariableDebtTokenUpgraded(asset,reserveData.variableDebtTokenAddress,implementation) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#301)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-3
INFO:Detectors:
Address.isContract(address) (contracts/dependencies/openzeppelin/contracts/Address.sol#25-36) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/contracts/Address.sol#32-34)
BaseUpgradeabilityProxy._implementation() (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#31-37) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#34-36)
BaseUpgradeabilityProxy._setImplementation(address) (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#52-64) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#61-63)
Proxy._delegate(address) (contracts/dependencies/openzeppelin/upgradeability/Proxy.sol#31-55) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/upgradeability/Proxy.sol#33-54)
VersionedInitializable.isConstructor() (contracts/protocol/libraries/aave-upgradeability/VersionedInitializable.sol#61-73) uses assembly
- INLINE ASM (contracts/protocol/libraries/aave-upgradeability/VersionedInitializable.sol#69-71)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage
INFO:Detectors:
Address.sendValue(address,uint256) (contracts/dependencies/openzeppelin/contracts/Address.sol#54-60) is never used and should be removed
PercentageMath.percentDiv(uint256,uint256) (contracts/protocol/libraries/math/PercentageMath.sol#43-53) is never used and should be removed
ReserveConfiguration.getActive(DataTypes.ReserveConfigurationMap) (contracts/protocol/libraries/configuration/ReserveConfiguration.sol#150-152) is never used and should be removed
ReserveConfiguration.getBorrowingEnabled(DataTypes.ReserveConfigurationMap) (contracts/protocol/libraries/configuration/ReserveConfiguration.sol#190-192) is never used and should be removed
ReserveConfiguration.getDecimals(DataTypes.ReserveConfigurationMap) (contracts/protocol/libraries/configuration/ReserveConfiguration.sol#130-132) is never used and should be removed
ReserveConfiguration.getFlags(DataTypes.ReserveConfigurationMap) (contracts/protocol/libraries/configuration/ReserveConfiguration.sol#251-269) is never used and should be removed
ReserveConfiguration.getFlagsMemory(DataTypes.ReserveConfigurationMap) (contracts/protocol/libraries/configuration/ReserveConfiguration.sol#328-344) is never used and should be removed
ReserveConfiguration.getFrozen(DataTypes.ReserveConfigurationMap) (contracts/protocol/libraries/configuration/ReserveConfiguration.sol#170-172) is never used and should be removed
ReserveConfiguration.getLiquidationBonus(DataTypes.ReserveConfigurationMap) (contracts/protocol/libraries/configuration/ReserveConfiguration.sol#106-112) is never used and should be removed
ReserveConfiguration.getLiquidationThreshold(DataTypes.ReserveConfigurationMap) (contracts/protocol/libraries/configuration/ReserveConfiguration.sol#80-86) is never used and should be removed
ReserveConfiguration.getLtv(DataTypes.ReserveConfigurationMap) (contracts/protocol/libraries/configuration/ReserveConfiguration.sol#55-57) is never used and should be removed
ReserveConfiguration.getParams(DataTypes.ReserveConfigurationMap) (contracts/protocol/libraries/configuration/ReserveConfiguration.sol#276-296) is never used and should be removed
ReserveConfiguration.getReserveFactor(DataTypes.ReserveConfigurationMap) (contracts/protocol/libraries/configuration/ReserveConfiguration.sol#242-244) is never used and should be removed
ReserveConfiguration.getStableRateBorrowingEnabled(DataTypes.ReserveConfigurationMap) (contracts/protocol/libraries/configuration/ReserveConfiguration.sol#213-219) is never used and should be removed
SafeMath.add(uint256,uint256) (contracts/dependencies/openzeppelin/contracts/SafeMath.sol#27-32) is never used and should be removed
SafeMath.div(uint256,uint256) (contracts/dependencies/openzeppelin/contracts/SafeMath.sol#101-103) is never used and should be removed
SafeMath.div(uint256,uint256,string) (contracts/dependencies/openzeppelin/contracts/SafeMath.sol#116-127) is never used and should be removed
SafeMath.mod(uint256,uint256) (contracts/dependencies/openzeppelin/contracts/SafeMath.sol#140-142) is never used and should be removed
SafeMath.mod(uint256,uint256,string) (contracts/dependencies/openzeppelin/contracts/SafeMath.sol#155-162) is never used and should be removed
SafeMath.mul(uint256,uint256) (contracts/dependencies/openzeppelin/contracts/SafeMath.sol#76-88) is never used and should be removed
SafeMath.sub(uint256,uint256) (contracts/dependencies/openzeppelin/contracts/SafeMath.sol#43-45) is never used and should be removed
SafeMath.sub(uint256,uint256,string) (contracts/dependencies/openzeppelin/contracts/SafeMath.sol#56-65) is never used and should be removed
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dead-code
INFO:Detectors:
Low level call in Address.sendValue(address,uint256) (contracts/dependencies/openzeppelin/contracts/Address.sol#54-60):
- (success) = recipient.call{value: amount}() (contracts/dependencies/openzeppelin/contracts/Address.sol#58)
Low level call in InitializableUpgradeabilityProxy.initialize(address,bytes) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20-28):
- (success) = _logic.delegatecall(_data) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
Low level call in BaseImmutableAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes) (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#63-71):
- (success) = newImplementation.delegatecall(data) (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#69)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls
INFO:Detectors:
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) is not in mixedCase
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._data (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) is not in mixedCase
Function ITokenConfiguration.UNDERLYING_ASSET_ADDRESS() (contracts/interfaces/ITokenConfiguration.sol#11) is not in mixedCase
Function ITokenConfiguration.POOL() (contracts/interfaces/ITokenConfiguration.sol#13) is not in mixedCase
Variable BaseImmutableAdminUpgradeabilityProxy.ADMIN (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#17) is not in mixedCase
Variable VersionedInitializable.______gap (contracts/protocol/libraries/aave-upgradeability/VersionedInitializable.sol#76) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
INFO:Detectors:
Variable Errors.LP_INCONSISTENT_FLASHLOAN_PARAMS (contracts/protocol/libraries/helpers/Errors.sol#55) is too similar to Errors.VL_INCONSISTENT_FLASHLOAN_PARAMS (contracts/protocol/libraries/helpers/Errors.sol#100)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#variable-names-too-similar
INFO:Slither:0x3a95Ee42f080ff7289C8B4a14EB483a8644d7521 analyzed (18 contracts with 79 detectors), 59 result(s) found
Slither report for InitializableImmutableAdminUpgradeabilityProxy at `0x7d2768dE32b0b80b7a3454c06BdAc94A69DDc7A9` with implementation LendingPool at `0xC6845a5C768BF8D7681249f8927877Efda425baf`
Warning: contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:16:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract BaseImmutableAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableImmutableAdminUpgradeabilityProxy is
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
INFO:Detectors:
InitializableUpgradeabilityProxy.initialize(address,bytes) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20-28) uses delegatecall to a input-controlled function id
- (success) = _logic.delegatecall(_data) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#controlled-delegatecall
INFO:Detectors:
BaseImmutableAdminUpgradeabilityProxy.constructor(address).admin (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#19) shadows:
- BaseImmutableAdminUpgradeabilityProxy.admin() (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#34-36) (function)
InitializableImmutableAdminUpgradeabilityProxy.constructor(address).admin (contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol#15) shadows:
- BaseImmutableAdminUpgradeabilityProxy.admin() (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#34-36) (function)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#local-variable-shadowing
INFO:Detectors:
InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) lacks a zero-check on :
- (success) = _logic.delegatecall(_data) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
BaseImmutableAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes).newImplementation (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#63) lacks a zero-check on :
- (success) = newImplementation.delegatecall(data) (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#69)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-zero-address-validation
INFO:Detectors:
Modifier BaseImmutableAdminUpgradeabilityProxy.ifAdmin() (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#23-29) does not always execute _; or revertReference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-modifier
INFO:Detectors:
Address.isContract(address) (contracts/dependencies/openzeppelin/contracts/Address.sol#25-36) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/contracts/Address.sol#32-34)
BaseUpgradeabilityProxy._implementation() (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#31-37) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#34-36)
BaseUpgradeabilityProxy._setImplementation(address) (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#52-64) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#61-63)
Proxy._delegate(address) (contracts/dependencies/openzeppelin/upgradeability/Proxy.sol#31-55) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/upgradeability/Proxy.sol#33-54)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage
INFO:Detectors:
Address.sendValue(address,uint256) (contracts/dependencies/openzeppelin/contracts/Address.sol#54-60) is never used and should be removed
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dead-code
INFO:Detectors:
Low level call in Address.sendValue(address,uint256) (contracts/dependencies/openzeppelin/contracts/Address.sol#54-60):
- (success) = recipient.call{value: amount}() (contracts/dependencies/openzeppelin/contracts/Address.sol#58)
Low level call in InitializableUpgradeabilityProxy.initialize(address,bytes) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20-28):
- (success) = _logic.delegatecall(_data) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
Low level call in BaseImmutableAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes) (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#63-71):
- (success) = newImplementation.delegatecall(data) (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#69)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls
INFO:Detectors:
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) is not in mixedCase
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._data (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) is not in mixedCase
Variable BaseImmutableAdminUpgradeabilityProxy.ADMIN (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#17) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
INFO:Slither:0x7d2768dE32b0b80b7a3454c06BdAc94A69DDc7A9 analyzed (6 contracts with 79 detectors), 17 result(s) found
Slither report for InitializableAdminUpgradeabilityProxy at `0x7Fc66500c84A76Ad7e9c93437bFc5Ac33E2DDaE9` with implementation unknown contract name at `0x96F68837877fd0414B55050c9e794AECdBcfCA59`
Warning: contracts/open-zeppelin/Address.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/BaseUpgradeabilityProxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/Proxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/SafeMath.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/UpgradeabilityProxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol:13:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract BaseAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/open-zeppelin/Proxy.sol:15:3: The payable fallback function is defined here.
fallback () payable external {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/open-zeppelin/Proxy.sol:15:3: The payable fallback function is defined here.
fallback () payable external {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/open-zeppelin/InitializableAdminUpgradeabilityProxy.sol:12:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableAdminUpgradeabilityProxy is BaseAdminUpgradeabilityProxy, InitializableUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/open-zeppelin/Proxy.sol:15:3: The payable fallback function is defined here.
fallback () payable external {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/utils/MockTransferHook.sol:9:25: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function onTransfer(address from, address to, uint256 amount) external override {
^----------^
Warning: contracts/utils/MockTransferHook.sol:9:39: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function onTransfer(address from, address to, uint256 amount) external override {
^--------^
Warning: contracts/utils/MockTransferHook.sol:9:51: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function onTransfer(address from, address to, uint256 amount) external override {
^------------^
INFO:Detectors:
InitializableUpgradeabilityProxy.initialize(address,bytes) (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#20-28) uses delegatecall to a input-controlled function id
- (success) = _logic.delegatecall(_data) (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#25)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#controlled-delegatecall
INFO:Detectors:
LendToAaveMigrator.migrateFromLEND(uint256) (contracts/token/LendToAaveMigrator.sol#61-68) ignores return value by LEND.transferFrom(msg.sender,address(this),amount) (contracts/token/LendToAaveMigrator.sol#65)
LendToAaveMigrator.migrateFromLEND(uint256) (contracts/token/LendToAaveMigrator.sol#61-68) ignores return value by AAVE.transfer(msg.sender,amount.div(LEND_AAVE_RATIO)) (contracts/token/LendToAaveMigrator.sol#66)
DoubleTransferHelper.doubleSend(address,uint256,uint256) (contracts/utils/DoubleTransferHelper.sol#14-17) ignores return value by AAVE.transfer(to,amount1) (contracts/utils/DoubleTransferHelper.sol#15)
DoubleTransferHelper.doubleSend(address,uint256,uint256) (contracts/utils/DoubleTransferHelper.sol#14-17) ignores return value by AAVE.transfer(to,amount2) (contracts/utils/DoubleTransferHelper.sol#16)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unchecked-transfer
INFO:Detectors:
AaveToken._writeSnapshot(address,uint128,uint128) (contracts/token/AaveToken.sol#138-153) uses a dangerous strict equality:
- ownerCountOfSnapshots != 0 && snapshotsOwner[ownerCountOfSnapshots.sub(1)].blockNumber == currentBlock (contracts/token/AaveToken.sol#145)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dangerous-strict-equalities
INFO:Detectors:
Reentrancy in AaveToken.initialize(address,address,ITransferHook) (contracts/token/AaveToken.sol#59-85):
External calls:
- _mint(migrator,MIGRATION_AMOUNT) (contracts/token/AaveToken.sol#83)
- aaveGovernance.onTransfer(from,to,amount) (contracts/token/AaveToken.sol#181)
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
- aaveGovernance.onTransfer(from,to,amount) (contracts/token/AaveToken.sol#181)
State variables written after the call(s):
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
- _balances[account] = _balances[account].add(amount) (contracts/open-zeppelin/ERC20.sol#235)
ERC20._balances (contracts/open-zeppelin/ERC20.sol#38) can be used in cross function reentrancies:
- ERC20._mint(address,uint256) (contracts/open-zeppelin/ERC20.sol#229-237)
- ERC20._transfer(address,address,uint256) (contracts/open-zeppelin/ERC20.sol#209-218)
- ERC20.balanceOf(address) (contracts/open-zeppelin/ERC20.sol#105-107)
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
- _countsSnapshots[owner] = ownerCountOfSnapshots.add(1) (contracts/token/AaveToken.sol#149)
AaveToken._countsSnapshots (contracts/token/AaveToken.sol#38) can be used in cross function reentrancies:
- AaveToken._countsSnapshots (contracts/token/AaveToken.sol#38)
- AaveToken._writeSnapshot(address,uint128,uint128) (contracts/token/AaveToken.sol#138-153)
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
- snapshotsOwner[ownerCountOfSnapshots.sub(1)].value = newValue (contracts/token/AaveToken.sol#146)
- snapshotsOwner[ownerCountOfSnapshots] = Snapshot(currentBlock,newValue) (contracts/token/AaveToken.sol#148)
AaveToken._snapshots (contracts/token/AaveToken.sol#36) can be used in cross function reentrancies:
- AaveToken._snapshots (contracts/token/AaveToken.sol#36)
- AaveToken._writeSnapshot(address,uint128,uint128) (contracts/token/AaveToken.sol#138-153)
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
- _totalSupply = _totalSupply.add(amount) (contracts/open-zeppelin/ERC20.sol#234)
ERC20._totalSupply (contracts/open-zeppelin/ERC20.sol#42) can be used in cross function reentrancies:
- ERC20._mint(address,uint256) (contracts/open-zeppelin/ERC20.sol#229-237)
- ERC20.totalSupply() (contracts/open-zeppelin/ERC20.sol#98-100)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-1
INFO:Detectors:
ERC20.constructor(string,string).name (contracts/open-zeppelin/ERC20.sol#57) shadows:
- ERC20.name() (contracts/open-zeppelin/ERC20.sol#66-68) (function)
ERC20.constructor(string,string).symbol (contracts/open-zeppelin/ERC20.sol#57) shadows:
- ERC20.symbol() (contracts/open-zeppelin/ERC20.sol#74-76) (function)
InitializableAdminUpgradeabilityProxy.initialize(address,address,bytes)._admin (contracts/open-zeppelin/InitializableAdminUpgradeabilityProxy.sol#22) shadows:
- BaseAdminUpgradeabilityProxy._admin() (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#94-99) (function)
MintableErc20.constructor(string,string,uint8).name (contracts/utils/MintableErc20.sol#11) shadows:
- ERC20.name() (contracts/open-zeppelin/ERC20.sol#66-68) (function)
MintableErc20.constructor(string,string,uint8).symbol (contracts/utils/MintableErc20.sol#11) shadows:
- ERC20.symbol() (contracts/open-zeppelin/ERC20.sol#74-76) (function)
MintableErc20.constructor(string,string,uint8).decimals (contracts/utils/MintableErc20.sol#11) shadows:
- ERC20.decimals() (contracts/open-zeppelin/ERC20.sol#91-93) (function)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#local-variable-shadowing
INFO:Detectors:
InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#20) lacks a zero-check on :
- (success) = _logic.delegatecall(_data) (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#25)
BaseAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes).newImplementation (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#85) lacks a zero-check on :
- (success) = newImplementation.delegatecall(data) (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#87)
UpgradeabilityProxy.constructor(address,bytes)._logic (contracts/open-zeppelin/UpgradeabilityProxy.sol#19) lacks a zero-check on :
- (success) = _logic.delegatecall(_data) (contracts/open-zeppelin/UpgradeabilityProxy.sol#23)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-zero-address-validation
INFO:Detectors:
Modifier BaseAdminUpgradeabilityProxy.ifAdmin() (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#34-40) does not always execute _; or revertReference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-modifier
INFO:Detectors:
Reentrancy in AaveToken.initialize(address,address,ITransferHook) (contracts/token/AaveToken.sol#59-85):
External calls:
- _mint(migrator,MIGRATION_AMOUNT) (contracts/token/AaveToken.sol#83)
- aaveGovernance.onTransfer(from,to,amount) (contracts/token/AaveToken.sol#181)
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
- aaveGovernance.onTransfer(from,to,amount) (contracts/token/AaveToken.sol#181)
Event emitted after the call(s):
- SnapshotDone(owner,oldValue,newValue) (contracts/token/AaveToken.sol#152)
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
- Transfer(address(0),account,amount) (contracts/open-zeppelin/ERC20.sol#236)
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
Reentrancy in LendToAaveMigrator.migrateFromLEND(uint256) (contracts/token/LendToAaveMigrator.sol#61-68):
External calls:
- LEND.transferFrom(msg.sender,address(this),amount) (contracts/token/LendToAaveMigrator.sol#65)
- AAVE.transfer(msg.sender,amount.div(LEND_AAVE_RATIO)) (contracts/token/LendToAaveMigrator.sol#66)
Event emitted after the call(s):
- LendMigrated(msg.sender,amount) (contracts/token/LendToAaveMigrator.sol#67)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-3
INFO:Detectors:
AaveToken.permit(address,address,uint256,uint256,uint8,bytes32,bytes32) (contracts/token/AaveToken.sol#98-123) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(block.timestamp <= deadline,INVALID_EXPIRATION) (contracts/token/AaveToken.sol#109)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#block-timestamp
INFO:Detectors:
Address.isContract(address) (contracts/open-zeppelin/Address.sol#24-33) uses assembly
- INLINE ASM (contracts/open-zeppelin/Address.sol#31)
BaseAdminUpgradeabilityProxy._admin() (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#94-99) uses assembly
- INLINE ASM (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#96-98)
BaseAdminUpgradeabilityProxy._setAdmin(address) (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#105-111) uses assembly
- INLINE ASM (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#108-110)
BaseUpgradeabilityProxy._implementation() (contracts/open-zeppelin/BaseUpgradeabilityProxy.sol#30-35) uses assembly
- INLINE ASM (contracts/open-zeppelin/BaseUpgradeabilityProxy.sol#32-34)
BaseUpgradeabilityProxy._setImplementation(address) (contracts/open-zeppelin/BaseUpgradeabilityProxy.sol#50-58) uses assembly
- INLINE ASM (contracts/open-zeppelin/BaseUpgradeabilityProxy.sol#55-57)
Proxy._delegate(address) (contracts/open-zeppelin/Proxy.sol#30-49) uses assembly
- INLINE ASM (contracts/open-zeppelin/Proxy.sol#31-48)
AaveToken.initialize(address,address,ITransferHook) (contracts/token/AaveToken.sol#59-85) uses assembly
- INLINE ASM (contracts/token/AaveToken.sol#68-70)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage
INFO:Detectors:
Address.sendValue(address,uint256) (contracts/open-zeppelin/Address.sol#51-57) is never used and should be removed
Context._msgData() (contracts/open-zeppelin/Context.sol#20-23) is never used and should be removed
ERC20._burn(address,uint256) (contracts/open-zeppelin/ERC20.sol#250-258) is never used and should be removed
SafeMath.mod(uint256,uint256) (contracts/open-zeppelin/SafeMath.sol#131-133) is never used and should be removed
SafeMath.mod(uint256,uint256,string) (contracts/open-zeppelin/SafeMath.sol#146-149) is never used and should be removed
SafeMath.mul(uint256,uint256) (contracts/open-zeppelin/SafeMath.sol#71-83) is never used and should be removed
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dead-code
INFO:Detectors:
Low level call in Address.sendValue(address,uint256) (contracts/open-zeppelin/Address.sol#51-57):
- (success) = recipient.call{value: amount}() (contracts/open-zeppelin/Address.sol#55)
Low level call in BaseAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes) (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#85-89):
- (success) = newImplementation.delegatecall(data) (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#87)
Low level call in InitializableUpgradeabilityProxy.initialize(address,bytes) (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#20-28):
- (success) = _logic.delegatecall(_data) (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#25)
Low level call in UpgradeabilityProxy.constructor(address,bytes) (contracts/open-zeppelin/UpgradeabilityProxy.sol#19-26):
- (success) = _logic.delegatecall(_data) (contracts/open-zeppelin/UpgradeabilityProxy.sol#23)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls
INFO:Detectors:
DoubleTransferHelper (contracts/utils/DoubleTransferHelper.sol#6-19) should inherit from VersionedInitializable (contracts/utils/VersionedInitializable.sol#18-44)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-inheritance
INFO:Detectors:
Variable ERC20._name (contracts/open-zeppelin/ERC20.sol#44) is not in mixedCase
Variable ERC20._symbol (contracts/open-zeppelin/ERC20.sol#45) is not in mixedCase
Parameter InitializableAdminUpgradeabilityProxy.initialize(address,address,bytes)._logic (contracts/open-zeppelin/InitializableAdminUpgradeabilityProxy.sol#22) is not in mixedCase
Parameter InitializableAdminUpgradeabilityProxy.initialize(address,address,bytes)._admin (contracts/open-zeppelin/InitializableAdminUpgradeabilityProxy.sol#22) is not in mixedCase
Parameter InitializableAdminUpgradeabilityProxy.initialize(address,address,bytes)._data (contracts/open-zeppelin/InitializableAdminUpgradeabilityProxy.sol#22) is not in mixedCase
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#20) is not in mixedCase
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._data (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#20) is not in mixedCase
Variable AaveToken._nonces (contracts/token/AaveToken.sol#34) is not in mixedCase
Variable AaveToken._snapshots (contracts/token/AaveToken.sol#36) is not in mixedCase
Variable AaveToken._countsSnapshots (contracts/token/AaveToken.sol#38) is not in mixedCase
Variable AaveToken._aaveGovernance (contracts/token/AaveToken.sol#43) is not in mixedCase
Variable AaveToken.DOMAIN_SEPARATOR (contracts/token/AaveToken.sol#45) is not in mixedCase
Variable LendToAaveMigrator.AAVE (contracts/token/LendToAaveMigrator.sol#17) is not in mixedCase
Variable LendToAaveMigrator.LEND (contracts/token/LendToAaveMigrator.sol#18) is not in mixedCase
Variable LendToAaveMigrator.LEND_AAVE_RATIO (contracts/token/LendToAaveMigrator.sol#19) is not in mixedCase
Variable LendToAaveMigrator._totalLendMigrated (contracts/token/LendToAaveMigrator.sol#22) is not in mixedCase
Variable DoubleTransferHelper.AAVE (contracts/utils/DoubleTransferHelper.sol#8) is not in mixedCase
Variable VersionedInitializable.______gap (contracts/utils/VersionedInitializable.sol#43) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
INFO:Detectors:
Redundant expression "this (contracts/open-zeppelin/Context.sol#21)" inContext (contracts/open-zeppelin/Context.sol#15-25)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#redundant-statements
INFO:Slither:0x7Fc66500c84A76Ad7e9c93437bFc5Ac33E2DDaE9 analyzed (19 contracts with 79 detectors), 57 result(s) found
Slither report for LendingPoolAddressesProvider at `0xB53C1a33016B2DC2fF3653530bfF1848a515c8c5`
Warning: contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:16:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract BaseImmutableAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableImmutableAdminUpgradeabilityProxy is
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
INFO:Detectors:
InitializableUpgradeabilityProxy.initialize(address,bytes) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20-28) uses delegatecall to a input-controlled function id
- (success) = _logic.delegatecall(_data) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#controlled-delegatecall
INFO:Detectors:
Reentrancy in LendingPoolAddressesProvider._updateImpl(bytes32,address) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#194-209):
External calls:
- proxy.initialize(newAddress,params) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#203)
State variables written after the call(s):
- _addresses[id] = address(proxy) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#204)
LendingPoolAddressesProvider._addresses (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#21) can be used in cross function reentrancies:
- LendingPoolAddressesProvider._updateImpl(bytes32,address) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#194-209)
- LendingPoolAddressesProvider.getAddress(bytes32) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#84-86)
- LendingPoolAddressesProvider.setAddress(bytes32,address) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#75-78)
- LendingPoolAddressesProvider.setEmergencyAdmin(address) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#162-165)
- LendingPoolAddressesProvider.setLendingPoolCollateralManager(address) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#139-142)
- LendingPoolAddressesProvider.setLendingRateOracle(address) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#180-183)
- LendingPoolAddressesProvider.setPoolAdmin(address) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#153-156)
- LendingPoolAddressesProvider.setPriceOracle(address) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#171-174)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-1
INFO:Detectors:
BaseImmutableAdminUpgradeabilityProxy.constructor(address).admin (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#19) shadows:
- BaseImmutableAdminUpgradeabilityProxy.admin() (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#34-36) (function)
InitializableImmutableAdminUpgradeabilityProxy.constructor(address).admin (contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol#15) shadows:
- BaseImmutableAdminUpgradeabilityProxy.admin() (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#34-36) (function)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#local-variable-shadowing
INFO:Detectors:
InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) lacks a zero-check on :
- (success) = _logic.delegatecall(_data) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
BaseImmutableAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes).newImplementation (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#63) lacks a zero-check on :
- (success) = newImplementation.delegatecall(data) (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#69)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-zero-address-validation
INFO:Detectors:
Modifier BaseImmutableAdminUpgradeabilityProxy.ifAdmin() (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#23-29) does not always execute _; or revertReference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-modifier
INFO:Detectors:
Reentrancy in LendingPoolAddressesProvider._updateImpl(bytes32,address) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#194-209):
External calls:
- proxy.initialize(newAddress,params) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#203)
Event emitted after the call(s):
- ProxyCreated(id,address(proxy)) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#205)
Reentrancy in LendingPoolAddressesProvider.setAddressAsProxy(bytes32,address) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#60-67):
External calls:
- _updateImpl(id,implementationAddress) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#65)
- proxy.initialize(newAddress,params) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#203)
- proxy.upgradeToAndCall(newAddress,params) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#207)
Event emitted after the call(s):
- AddressSet(id,implementationAddress,true) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#66)
Reentrancy in LendingPoolAddressesProvider.setLendingPoolConfiguratorImpl(address) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#119-122):
External calls:
- _updateImpl(LENDING_POOL_CONFIGURATOR,configurator) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#120)
- proxy.initialize(newAddress,params) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#203)
- proxy.upgradeToAndCall(newAddress,params) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#207)
Event emitted after the call(s):
- LendingPoolConfiguratorUpdated(configurator) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#121)
Reentrancy in LendingPoolAddressesProvider.setLendingPoolImpl(address) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#101-104):
External calls:
- _updateImpl(LENDING_POOL,pool) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#102)
- proxy.initialize(newAddress,params) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#203)
- proxy.upgradeToAndCall(newAddress,params) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#207)
Event emitted after the call(s):
- LendingPoolUpdated(pool) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#103)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-3
INFO:Detectors:
Address.isContract(address) (contracts/dependencies/openzeppelin/contracts/Address.sol#25-36) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/contracts/Address.sol#32-34)
BaseUpgradeabilityProxy._implementation() (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#31-37) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#34-36)
BaseUpgradeabilityProxy._setImplementation(address) (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#52-64) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#61-63)
Proxy._delegate(address) (contracts/dependencies/openzeppelin/upgradeability/Proxy.sol#31-55) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/upgradeability/Proxy.sol#33-54)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage
INFO:Detectors:
Address.sendValue(address,uint256) (contracts/dependencies/openzeppelin/contracts/Address.sol#54-60) is never used and should be removed
Context._msgData() (contracts/dependencies/openzeppelin/contracts/Context.sol#19-22) is never used and should be removed
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dead-code
INFO:Detectors:
Low level call in Address.sendValue(address,uint256) (contracts/dependencies/openzeppelin/contracts/Address.sol#54-60):
- (success) = recipient.call{value: amount}() (contracts/dependencies/openzeppelin/contracts/Address.sol#58)
Low level call in InitializableUpgradeabilityProxy.initialize(address,bytes) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20-28):
- (success) = _logic.delegatecall(_data) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
Low level call in BaseImmutableAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes) (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#63-71):
- (success) = newImplementation.delegatecall(data) (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#69)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls
INFO:Detectors:
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) is not in mixedCase
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._data (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) is not in mixedCase
Variable BaseImmutableAdminUpgradeabilityProxy.ADMIN (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#17) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
INFO:Detectors:
Redundant expression "this (contracts/dependencies/openzeppelin/contracts/Context.sol#20)" inContext (contracts/dependencies/openzeppelin/contracts/Context.sol#14-23)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#redundant-statements
INFO:Slither:0xB53C1a33016B2DC2fF3653530bfF1848a515c8c5 analyzed (10 contracts with 79 detectors), 24 result(s) found
Slither report for GovernanceStrategy at `0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e`
INFO:Detectors:
GovernanceStrategy.constructor(address,address).aave (crytic-export/etherscan-contracts/0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e-GovernanceStrategy.sol#78) lacks a zero-check on :
- AAVE = aave (crytic-export/etherscan-contracts/0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e-GovernanceStrategy.sol#79)
GovernanceStrategy.constructor(address,address).stkAave (crytic-export/etherscan-contracts/0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e-GovernanceStrategy.sol#78) lacks a zero-check on :
- STK_AAVE = stkAave (crytic-export/etherscan-contracts/0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e-GovernanceStrategy.sol#80)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-zero-address-validation
INFO:Detectors:
Variable GovernanceStrategy.AAVE (crytic-export/etherscan-contracts/0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e-GovernanceStrategy.sol#70) is not in mixedCase
Variable GovernanceStrategy.STK_AAVE (crytic-export/etherscan-contracts/0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e-GovernanceStrategy.sol#71) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
INFO:Slither:0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e analyzed (4 contracts with 79 detectors), 4 result(s) found
Slither report for AaveTokenV2 (Aave Token) at `0xC13eac3B4F9EED480045113B7af00F7B5655Ece8`
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:453:18: Warning: This declaration shadows an existing declaration.
constructor (string memory name, string memory symbol) public {
^----------------^
crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:462:5: The shadowed declaration is here:
function name() public view returns (string memory) {
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:453:38: Warning: This declaration shadows an existing declaration.
constructor (string memory name, string memory symbol) public {
^------------------^
crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:470:5: The shadowed declaration is here:
function symbol() public view returns (string memory) {
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:35:3: Warning: Interface functions are implicitly "virtual"
function delegateByType(address delegatee, DelegationType delegationType) external virtual;
^-----------------------------------------------------------------------------------------^
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:40:3: Warning: Interface functions are implicitly "virtual"
function delegate(address delegatee) external virtual;
^----------------------------------------------------^
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:45:3: Warning: Interface functions are implicitly "virtual"
function getDelegateeByType(address delegator, DelegationType delegationType)
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:56:3: Warning: Interface functions are implicitly "virtual"
function getPowerCurrent(address user, DelegationType delegationType)
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:66:3: Warning: Interface functions are implicitly "virtual"
function getPowerAtBlock(
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:75:3: Warning: Interface functions are implicitly "virtual"
function totalSupplyAt(uint256 blockNumber) external virtual view returns (uint256);
^----------------------------------------------------------------------------------^
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:453:5: Warning: Visibility for constructor is ignored. If you want the contract to be non-deployable, making it "abstract" is sufficient.
constructor (string memory name, string memory symbol) public {
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:1161:3: Warning: Visibility for constructor is ignored. If you want the contract to be non-deployable, making it "abstract" is sufficient.
constructor() public ERC20(NAME, SYMBOL) {}
^-----------------------------------------^
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:913:26: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function totalSupplyAt(uint256 blockNumber) external override view returns (uint256) {
^-----------------^
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:1079:5: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
uint128 oldValue,
^--------------^
INFO:Detectors:
AaveTokenV2._votingSnapshots (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1136) is never initialized. It is used in:
- AaveTokenV2._getDelegationDataByType(IGovernancePowerDelegationToken.DelegationType) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1253-1272)
AaveTokenV2._votingSnapshotsCounts (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1138) is never initialized. It is used in:
- AaveTokenV2._getDelegationDataByType(IGovernancePowerDelegationToken.DelegationType) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1253-1272)
AaveTokenV2._aaveGovernance (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1143) is never initialized. It is used in:
- AaveTokenV2._beforeTokenTransfer(address,address,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1221-1251)
AaveTokenV2.DOMAIN_SEPARATOR (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1145) is never initialized. It is used in:
- AaveTokenV2.permit(address,address,uint256,uint256,uint8,bytes32,bytes32) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1179-1203)
- AaveTokenV2.delegateByTypeBySig(address,IGovernancePowerDelegationToken.DelegationType,uint256,uint256,uint8,bytes32,bytes32) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1284-1302)
- AaveTokenV2.delegateBySig(address,uint256,uint256,uint8,bytes32,bytes32) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1313-1329)
AaveTokenV2._propositionPowerSnapshots (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1156) is never initialized. It is used in:
- AaveTokenV2._getDelegationDataByType(IGovernancePowerDelegationToken.DelegationType) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1253-1272)
AaveTokenV2._propositionPowerSnapshotsCounts (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1157) is never initialized. It is used in:
- AaveTokenV2._getDelegationDataByType(IGovernancePowerDelegationToken.DelegationType) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1253-1272)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#uninitialized-state-variables
INFO:Detectors:
GovernancePowerDelegationERC20._searchByBlockNumber(mapping(address => mapping(uint256 => GovernancePowerDelegationERC20.Snapshot)),mapping(address => uint256),address,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1012-1050) uses a dangerous strict equality:
- snapshot.blockNumber == blockNumber (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1041)
GovernancePowerDelegationERC20._writeSnapshot(mapping(address => mapping(uint256 => GovernancePowerDelegationERC20.Snapshot)),mapping(address => uint256),address,uint128,uint128) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1075-1097) uses a dangerous strict equality:
- ownerSnapshotsCount != 0 && snapshotsOwner[ownerSnapshotsCount - 1].blockNumber == currentBlock (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1089-1090)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dangerous-strict-equalities
INFO:Detectors:
ERC20.constructor(string,string).name (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#453) shadows:
- ERC20.name() (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#462-464) (function)
ERC20.constructor(string,string).symbol (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#453) shadows:
- ERC20.symbol() (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#470-472) (function)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#local-variable-shadowing
INFO:Detectors:
AaveTokenV2.permit(address,address,uint256,uint256,uint8,bytes32,bytes32) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1179-1203) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(block.timestamp <= deadline,INVALID_EXPIRATION) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1190)
AaveTokenV2.delegateByTypeBySig(address,IGovernancePowerDelegationToken.DelegationType,uint256,uint256,uint8,bytes32,bytes32) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1284-1302) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(block.timestamp <= expiry,INVALID_EXPIRATION) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1300)
AaveTokenV2.delegateBySig(address,uint256,uint256,uint8,bytes32,bytes32) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1313-1329) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(block.timestamp <= expiry,INVALID_EXPIRATION) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1326)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#block-timestamp
INFO:Detectors:
Address.isContract(address) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#368-379) uses assembly
- INLINE ASM (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#375-377)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage
INFO:Detectors:
Address.isContract(address) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#368-379) is never used and should be removed
Address.sendValue(address,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#397-403) is never used and should be removed
Context._msgData() (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#94-97) is never used and should be removed
ERC20._beforeTokenTransfer(address,address,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#702) is never used and should be removed
ERC20._burn(address,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#646-654) is never used and should be removed
ERC20._mint(address,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#625-633) is never used and should be removed
ERC20._setupDecimals(uint8) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#684-686) is never used and should be removed
SafeERC20.callOptionalReturn(IERC20,bytes) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#757-769) is never used and should be removed
SafeERC20.safeApprove(IERC20,address,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#745-755) is never used and should be removed
SafeERC20.safeTransfer(IERC20,address,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#728-734) is never used and should be removed
SafeERC20.safeTransferFrom(IERC20,address,address,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#736-743) is never used and should be removed
SafeMath.div(uint256,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#280-282) is never used and should be removed
SafeMath.div(uint256,uint256,string) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#295-306) is never used and should be removed
SafeMath.mod(uint256,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#319-321) is never used and should be removed
SafeMath.mod(uint256,uint256,string) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#334-341) is never used and should be removed
SafeMath.mul(uint256,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#255-267) is never used and should be removed
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dead-code
INFO:Detectors:
Low level call in Address.sendValue(address,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#397-403):
- (success) = recipient.call{value: amount}() (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#401)
Low level call in SafeERC20.callOptionalReturn(IERC20,bytes) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#757-769):
- (success,returndata) = address(token).call(data) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#761)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls
INFO:Detectors:
Variable ERC20._name (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#440) is not in mixedCase
Variable ERC20._symbol (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#441) is not in mixedCase
Variable VersionedInitializable.______gap (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#809) is not in mixedCase
Variable AaveTokenV2._nonces (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1134) is not in mixedCase
Variable AaveTokenV2._votingSnapshots (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1136) is not in mixedCase
Variable AaveTokenV2._votingSnapshotsCounts (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1138) is not in mixedCase
Variable AaveTokenV2._aaveGovernance (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1143) is not in mixedCase
Variable AaveTokenV2.DOMAIN_SEPARATOR (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1145) is not in mixedCase
Variable AaveTokenV2._votingDelegates (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1154) is not in mixedCase
Variable AaveTokenV2._propositionPowerSnapshots (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1156) is not in mixedCase
Variable AaveTokenV2._propositionPowerSnapshotsCounts (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1157) is not in mixedCase
Variable AaveTokenV2._propositionPowerDelegates (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1159) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
INFO:Detectors:
Redundant expression "this (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#95)" inContext (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#89-98)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#redundant-statements
INFO:Detectors:
AaveTokenV2.DECIMALS (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1129) is never used in AaveTokenV2 (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1124-1331)
AaveTokenV2.EIP712_DOMAIN (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1147-1149) is never used in AaveTokenV2 (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1124-1331)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unused-state-variable
INFO:Slither:0xC13eac3B4F9EED480045113B7af00F7B5655Ece8 analyzed (11 contracts with 79 detectors), 47 result(s) found
Slither report for LendingPool at `0xC6845a5C768BF8D7681249f8927877Efda425baf`
Warning: contracts/dependencies/openzeppelin/upgradeability/BaseAdminUpgradeabilityProxy.sol:14:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract BaseAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/dependencies/openzeppelin/upgradeability/AdminUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract AdminUpgradeabilityProxy is BaseAdminUpgradeabilityProxy, UpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/dependencies/openzeppelin/upgradeability/InitializableAdminUpgradeabilityProxy.sol:12:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableAdminUpgradeabilityProxy is
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:16:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract BaseImmutableAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableImmutableAdminUpgradeabilityProxy is
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
INFO:Detectors:
LendingPool.flashLoan(address,address[],uint256[],uint256[],address,bytes,uint16) (contracts/protocol/lendingpool/LendingPool.sol#481-562) uses arbitrary from in transferFrom: IERC20(vars.currentAsset).safeTransferFrom(receiverAddress,vars.currentATokenAddress,vars.currentAmountPlusPremium) (contracts/protocol/lendingpool/LendingPool.sol#532-536)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#arbitrary-from-in-transferfrom
INFO:Detectors:
InitializableUpgradeabilityProxy.initialize(address,bytes) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20-28) uses delegatecall to a input-controlled function id
- (success) = _logic.delegatecall(_data) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#controlled-delegatecall
INFO:Detectors:
WETHGateway.withdrawETH(uint256,address) (contracts/misc/WETHGateway.sol#53-65) ignores return value by aWETH.transferFrom(msg.sender,address(this),amountToWithdraw) (contracts/misc/WETHGateway.sol#61)
WETHGateway.emergencyTokenTransfer(address,address,uint256) (contracts/misc/WETHGateway.sol#130-136) ignores return value by IERC20(token).transfer(to,amount) (contracts/misc/WETHGateway.sol#135)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unchecked-transfer
INFO:Detectors:
AToken.DOMAIN_SEPARATOR (contracts/protocol/tokenization/AToken.sol#37) is never initialized. It is used in:
- AToken.permit(address,address,uint256,uint256,uint8,bytes32,bytes32) (contracts/protocol/tokenization/AToken.sol#268-292)
LendingPoolStorage._addressesProvider (contracts/protocol/lendingpool/LendingPoolStorage.sol#15) is never initialized. It is used in:
- LendingPoolCollateralManager.liquidationCall(address,address,address,uint256,bool) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#81-245)
- LendingPoolCollateralManager._calculateAvailableCollateralToLiquidate(DataTypes.ReserveData,DataTypes.ReserveData,address,address,uint256,uint256) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#272-316)
LendingPoolStorage._usersConfig (contracts/protocol/lendingpool/LendingPoolStorage.sol#18) is never initialized. It is used in:
- LendingPoolCollateralManager.liquidationCall(address,address,address,uint256,bool) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#81-245)
LendingPoolStorage._reservesCount (contracts/protocol/lendingpool/LendingPoolStorage.sol#23) is never initialized. It is used in:
- LendingPoolCollateralManager.liquidationCall(address,address,address,uint256,bool) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#81-245)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#uninitialized-state-variables
INFO:Detectors:
LendingPool (contracts/protocol/lendingpool/LendingPool.sol#46-923) is an upgradeable contract that does not protect its initialize functions: LendingPool.initialize(ILendingPoolAddressesProvider) (contracts/protocol/lendingpool/LendingPool.sol#90-92). Anyone can delete the contract with: LendingPool.liquidationCall(address,address,address,uint256,bool) (contracts/protocol/lendingpool/LendingPool.sol#424-450)Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unprotected-upgradeable-contract
INFO:Detectors:
GenericLogic.calculateUserAccountData(address,mapping(address => DataTypes.ReserveData),DataTypes.UserConfigurationMap,mapping(uint256 => address),uint256,address) (contracts/protocol/libraries/logic/GenericLogic.sol#150-235) performs a multiplication on the result of a division:
- liquidityBalanceETH = vars.reserveUnitPrice.mul(vars.compoundedLiquidityBalance).div(vars.tokenUnit) (contracts/protocol/libraries/logic/GenericLogic.sol#191-192)
- vars.avgLtv = vars.avgLtv.add(liquidityBalanceETH.mul(vars.ltv)) (contracts/protocol/libraries/logic/GenericLogic.sol#196)
GenericLogic.calculateUserAccountData(address,mapping(address => DataTypes.ReserveData),DataTypes.UserConfigurationMap,mapping(uint256 => address),uint256,address) (contracts/protocol/libraries/logic/GenericLogic.sol#150-235) performs a multiplication on the result of a division:
- liquidityBalanceETH = vars.reserveUnitPrice.mul(vars.compoundedLiquidityBalance).div(vars.tokenUnit) (contracts/protocol/libraries/logic/GenericLogic.sol#191-192)
- vars.avgLiquidationThreshold = vars.avgLiquidationThreshold.add(liquidityBalanceETH.mul(vars.liquidationThreshold)) (contracts/protocol/libraries/logic/GenericLogic.sol#197-199)
MathUtils.calculateCompoundedInterest(uint256,uint40,uint256) (contracts/protocol/libraries/math/MathUtils.sol#45-70) performs a multiplication on the result of a division:
- ratePerSecond = rate / SECONDS_PER_YEAR (contracts/protocol/libraries/math/MathUtils.sol#61)
- WadRayMath.ray().add(ratePerSecond.mul(exp)).add(secondTerm).add(thirdTerm) (contracts/protocol/libraries/math/MathUtils.sol#69)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#divide-before-multiply
INFO:Detectors:
MathUtils.calculateCompoundedInterest(uint256,uint40,uint256) (contracts/protocol/libraries/math/MathUtils.sol#45-70) uses a dangerous strict equality:
- exp == 0 (contracts/protocol/libraries/math/MathUtils.sol#53)
GenericLogic.calculateHealthFactorFromBalances(uint256,uint256,uint256) (contracts/protocol/libraries/logic/GenericLogic.sol#244-252) uses a dangerous strict equality:
- totalDebtInETH == 0 (contracts/protocol/libraries/logic/GenericLogic.sol#249)
LendingPool.withdraw(address,uint256,address) (contracts/protocol/lendingpool/LendingPool.sol#143-185) uses a dangerous strict equality:
- amountToWithdraw == userBalance (contracts/protocol/lendingpool/LendingPool.sol#175)
LendingPoolCollateralManager.liquidationCall(address,address,address,uint256,bool) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#81-245) uses a dangerous strict equality:
- vars.liquidatorPreviousATokenBalance == 0 (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#197)
LendingPoolCollateralManager.liquidationCall(address,address,address,uint256,bool) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#81-245) uses a dangerous strict equality:
- vars.maxCollateralToLiquidate == vars.userCollateralBalance (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#222)
LendingPoolConfigurator._checkNoLiquidity(address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#552-561) uses a dangerous strict equality:
- require(bool,string)(availableLiquidity == 0 && reserveData.currentLiquidityRate == 0,Errors.LPC_RESERVE_LIQUIDITY_NOT_0) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#557-560)
GenericLogic.balanceDecreaseAllowed(address,address,uint256,mapping(address => DataTypes.ReserveData),DataTypes.UserConfigurationMap,mapping(uint256 => address),uint256,address) (contracts/protocol/libraries/logic/GenericLogic.sol#55-116) uses a dangerous strict equality:
- vars.liquidationThreshold == 0 (contracts/protocol/libraries/logic/GenericLogic.sol#75)
GenericLogic.balanceDecreaseAllowed(address,address,uint256,mapping(address => DataTypes.ReserveData),DataTypes.UserConfigurationMap,mapping(uint256 => address),uint256,address) (contracts/protocol/libraries/logic/GenericLogic.sol#55-116) uses a dangerous strict equality:
- vars.totalDebtInETH == 0 (contracts/protocol/libraries/logic/GenericLogic.sol#87)
GenericLogic.balanceDecreaseAllowed(address,address,uint256,mapping(address => DataTypes.ReserveData),DataTypes.UserConfigurationMap,mapping(uint256 => address),uint256,address) (contracts/protocol/libraries/logic/GenericLogic.sol#55-116) uses a dangerous strict equality:
- vars.collateralBalanceAfterDecrease == 0 (contracts/protocol/libraries/logic/GenericLogic.sol#98)
ReserveLogic.getNormalizedDebt(DataTypes.ReserveData) (contracts/protocol/libraries/logic/ReserveLogic.sol#85-104) uses a dangerous strict equality:
- timestamp == uint40(block.timestamp) (contracts/protocol/libraries/logic/ReserveLogic.sol#93)
ReserveLogic.getNormalizedIncome(DataTypes.ReserveData) (contracts/protocol/libraries/logic/ReserveLogic.sol#57-76) uses a dangerous strict equality:
- timestamp == uint40(block.timestamp) (contracts/protocol/libraries/logic/ReserveLogic.sol#65)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dangerous-strict-equalities
INFO:Detectors:
Reentrancy in LendingPoolAddressesProvider._updateImpl(bytes32,address) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#194-209):
External calls:
- proxy.initialize(newAddress,params) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#203)
State variables written after the call(s):
- _addresses[id] = address(proxy) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#204)
LendingPoolAddressesProvider._addresses (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#21) can be used in cross function reentrancies:
- LendingPoolAddressesProvider._updateImpl(bytes32,address) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#194-209)
- LendingPoolAddressesProvider.getAddress(bytes32) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#84-86)
- LendingPoolAddressesProvider.setAddress(bytes32,address) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#75-78)
- LendingPoolAddressesProvider.setEmergencyAdmin(address) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#162-165)
- LendingPoolAddressesProvider.setLendingPoolCollateralManager(address) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#139-142)
- LendingPoolAddressesProvider.setLendingRateOracle(address) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#180-183)
- LendingPoolAddressesProvider.setPoolAdmin(address) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#153-156)
- LendingPoolAddressesProvider.setPriceOracle(address) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#171-174)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-1
INFO:Detectors:
LendingPoolCollateralManager._calculateAvailableCollateralToLiquidate(DataTypes.ReserveData,DataTypes.ReserveData,address,address,uint256,uint256).vars (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#284) is a local variable never initialized
GenericLogic.calculateUserAccountData(address,mapping(address => DataTypes.ReserveData),DataTypes.UserConfigurationMap,mapping(uint256 => address),uint256,address).vars (contracts/protocol/libraries/logic/GenericLogic.sol#168) is a local variable never initialized
ValidationLogic.validateBorrow(address,DataTypes.ReserveData,address,uint256,uint256,uint256,uint256,mapping(address => DataTypes.ReserveData),DataTypes.UserConfigurationMap,mapping(uint256 => address),uint256,address).vars (contracts/protocol/libraries/logic/ValidationLogic.sol#134) is a local variable never initialized
GenericLogic.balanceDecreaseAllowed(address,address,uint256,mapping(address => DataTypes.ReserveData),DataTypes.UserConfigurationMap,mapping(uint256 => address),uint256,address).vars (contracts/protocol/libraries/logic/GenericLogic.sol#69) is a local variable never initialized
StableDebtToken.mint(address,address,uint256,uint256).vars (contracts/protocol/tokenization/StableDebtToken.sol#107) is a local variable never initialized
DefaultReserveInterestRateStrategy.calculateInterestRates(address,uint256,uint256,uint256,uint256,uint256).vars (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#134) is a local variable never initialized
ReserveLogic.updateInterestRates(DataTypes.ReserveData,address,address,uint256,uint256).vars (contracts/protocol/libraries/logic/ReserveLogic.sol#205) is a local variable never initialized
LendingPool.flashLoan(address,address[],uint256[],uint256[],address,bytes,uint16).vars (contracts/protocol/lendingpool/LendingPool.sol#490) is a local variable never initialized
ReserveLogic._mintToTreasury(DataTypes.ReserveData,uint256,uint256,uint256,uint256,uint40).vars (contracts/protocol/libraries/logic/ReserveLogic.sol#282) is a local variable never initialized
LendingPoolCollateralManager.liquidationCall(address,address,address,uint256,bool).vars (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#92) is a local variable never initialized
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#uninitialized-local-variables
INFO:Detectors:
WETHGateway.constructor(address,address) (contracts/misc/WETHGateway.sol#29-35) ignores return value by IWETH(weth).approve(pool,uint256(- 1)) (contracts/misc/WETHGateway.sol#34)
WETHGateway.withdrawETH(uint256,address) (contracts/misc/WETHGateway.sol#53-65) ignores return value by POOL.withdraw(address(WETH),amountToWithdraw,address(this)) (contracts/misc/WETHGateway.sol#62)
WETHGateway.repayETH(uint256,uint256,address) (contracts/misc/WETHGateway.sol#73-95) ignores return value by POOL.repay(address(WETH),msg.value,rateMode,onBehalfOf) (contracts/misc/WETHGateway.sol#91)
MockFlashLoanReceiver.executeOperation(address[],uint256[],uint256[],address,bytes) (contracts/mocks/flashloan/MockFlashLoanReceiver.sol#46-84) ignores return value by token.mint(premiums[i]) (contracts/mocks/flashloan/MockFlashLoanReceiver.sol#76)
MockFlashLoanReceiver.executeOperation(address[],uint256[],uint256[],address,bytes) (contracts/mocks/flashloan/MockFlashLoanReceiver.sol#46-84) ignores return value by IERC20(assets[i]).approve(address(LENDING_POOL),amountToReturn) (contracts/mocks/flashloan/MockFlashLoanReceiver.sol#78)
LendingPool.swapBorrowRateMode(address,uint256) (contracts/protocol/lendingpool/LendingPool.sol#296-338) ignores return value by IVariableDebtToken(reserve.variableDebtTokenAddress).mint(msg.sender,msg.sender,stableDebt,reserve.variableBorrowIndex) (contracts/protocol/lendingpool/LendingPool.sol#315-320)
LendingPool.swapBorrowRateMode(address,uint256) (contracts/protocol/lendingpool/LendingPool.sol#296-338) ignores return value by IStableDebtToken(reserve.stableDebtTokenAddress).mint(msg.sender,msg.sender,variableDebt,reserve.currentStableBorrowRate) (contracts/protocol/lendingpool/LendingPool.sol#327-332)
LendingPool.rebalanceStableBorrowRate(address,address) (contracts/protocol/lendingpool/LendingPool.sol#349-379) ignores return value by IStableDebtToken(address(stableDebtToken)).mint(user,user,stableDebt,reserve.currentStableBorrowRate) (contracts/protocol/lendingpool/LendingPool.sol#369-374)
LendingPool.flashLoan(address,address[],uint256[],uint256[],address,bytes,uint16) (contracts/protocol/lendingpool/LendingPool.sol#481-562) ignores return value by IAToken(aTokenAddresses[vars.i]).transferUnderlyingTo(receiverAddress,amounts[vars.i]) (contracts/protocol/lendingpool/LendingPool.sol#504)
LendingPool._executeBorrow(LendingPool.ExecuteBorrowParams) (contracts/protocol/lendingpool/LendingPool.sol#832-907) ignores return value by IAToken(vars.aTokenAddress).transferUnderlyingTo(vars.user,vars.amount) (contracts/protocol/lendingpool/LendingPool.sol#893)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unused-return
INFO:Detectors:
ERC20.constructor(string,string).name (contracts/dependencies/openzeppelin/contracts/ERC20.sol#57) shadows:
- ERC20.name() (contracts/dependencies/openzeppelin/contracts/ERC20.sol#66-68) (function)
ERC20.constructor(string,string).symbol (contracts/dependencies/openzeppelin/contracts/ERC20.sol#57) shadows:
- ERC20.symbol() (contracts/dependencies/openzeppelin/contracts/ERC20.sol#74-76) (function)
AdminUpgradeabilityProxy.constructor(address,address,bytes)._admin (contracts/dependencies/openzeppelin/upgradeability/AdminUpgradeabilityProxy.sol#23) shadows:
- BaseAdminUpgradeabilityProxy._admin() (contracts/dependencies/openzeppelin/upgradeability/BaseAdminUpgradeabilityProxy.sol#98-104) (function)
InitializableAdminUpgradeabilityProxy.initialize(address,address,bytes).admin (contracts/dependencies/openzeppelin/upgradeability/InitializableAdminUpgradeabilityProxy.sol#27) shadows:
- BaseAdminUpgradeabilityProxy.admin() (contracts/dependencies/openzeppelin/upgradeability/BaseAdminUpgradeabilityProxy.sol#45-47) (function)
MockFlashLoanReceiver.setAmountToApprove(uint256).amountToApprove (contracts/mocks/flashloan/MockFlashLoanReceiver.sol#30) shadows:
- MockFlashLoanReceiver.amountToApprove() (contracts/mocks/flashloan/MockFlashLoanReceiver.sol#38-40) (function)
MintableDelegationERC20.constructor(string,string,uint8).name (contracts/mocks/tokens/MintableDelegationERC20.sol#14) shadows:
- ERC20.name() (contracts/dependencies/openzeppelin/contracts/ERC20.sol#66-68) (function)
MintableDelegationERC20.constructor(string,string,uint8).symbol (contracts/mocks/tokens/MintableDelegationERC20.sol#15) shadows:
- ERC20.symbol() (contracts/dependencies/openzeppelin/contracts/ERC20.sol#74-76) (function)
MintableDelegationERC20.constructor(string,string,uint8).decimals (contracts/mocks/tokens/MintableDelegationERC20.sol#16) shadows:
- ERC20.decimals() (contracts/dependencies/openzeppelin/contracts/ERC20.sol#91-93) (function)
MintableERC20.constructor(string,string,uint8).name (contracts/mocks/tokens/MintableERC20.sol#12) shadows:
- ERC20.name() (contracts/dependencies/openzeppelin/contracts/ERC20.sol#66-68) (function)
MintableERC20.constructor(string,string,uint8).symbol (contracts/mocks/tokens/MintableERC20.sol#13) shadows:
- ERC20.symbol() (contracts/dependencies/openzeppelin/contracts/ERC20.sol#74-76) (function)
MintableERC20.constructor(string,string,uint8).decimals (contracts/mocks/tokens/MintableERC20.sol#14) shadows:
- ERC20.decimals() (contracts/dependencies/openzeppelin/contracts/ERC20.sol#91-93) (function)
DefaultReserveInterestRateStrategy.constructor(ILendingPoolAddressesProvider,uint256,uint256,uint256,uint256,uint256,uint256).baseVariableBorrowRate (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#59) shadows:
- DefaultReserveInterestRateStrategy.baseVariableBorrowRate() (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#91-93) (function)
- IReserveInterestRateStrategy.baseVariableBorrowRate() (contracts/interfaces/IReserveInterestRateStrategy.sol#10) (function)
DefaultReserveInterestRateStrategy.constructor(ILendingPoolAddressesProvider,uint256,uint256,uint256,uint256,uint256,uint256).variableRateSlope1 (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#60) shadows:
- DefaultReserveInterestRateStrategy.variableRateSlope1() (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#75-77) (function)
DefaultReserveInterestRateStrategy.constructor(ILendingPoolAddressesProvider,uint256,uint256,uint256,uint256,uint256,uint256).variableRateSlope2 (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#61) shadows:
- DefaultReserveInterestRateStrategy.variableRateSlope2() (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#79-81) (function)
DefaultReserveInterestRateStrategy.constructor(ILendingPoolAddressesProvider,uint256,uint256,uint256,uint256,uint256,uint256).stableRateSlope1 (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#62) shadows:
- DefaultReserveInterestRateStrategy.stableRateSlope1() (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#83-85) (function)
DefaultReserveInterestRateStrategy.constructor(ILendingPoolAddressesProvider,uint256,uint256,uint256,uint256,uint256,uint256).stableRateSlope2 (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#63) shadows:
- DefaultReserveInterestRateStrategy.stableRateSlope2() (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#87-89) (function)
BaseImmutableAdminUpgradeabilityProxy.constructor(address).admin (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#19) shadows:
- BaseImmutableAdminUpgradeabilityProxy.admin() (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#34-36) (function)
InitializableImmutableAdminUpgradeabilityProxy.constructor(address).admin (contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol#15) shadows:
- BaseImmutableAdminUpgradeabilityProxy.admin() (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#34-36) (function)
IncentivizedERC20.constructor(string,string,uint8,address).name (contracts/protocol/tokenization/IncentivizedERC20.sol#29) shadows:
- IncentivizedERC20.name() (contracts/protocol/tokenization/IncentivizedERC20.sol#43-45) (function)
- IERC20Detailed.name() (contracts/dependencies/openzeppelin/contracts/IERC20Detailed.sol#7) (function)
IncentivizedERC20.constructor(string,string,uint8,address).symbol (contracts/protocol/tokenization/IncentivizedERC20.sol#30) shadows:
- IncentivizedERC20.symbol() (contracts/protocol/tokenization/IncentivizedERC20.sol#50-52) (function)
- IERC20Detailed.symbol() (contracts/dependencies/openzeppelin/contracts/IERC20Detailed.sol#9) (function)
IncentivizedERC20.constructor(string,string,uint8,address).decimals (contracts/protocol/tokenization/IncentivizedERC20.sol#31) shadows:
- IncentivizedERC20.decimals() (contracts/protocol/tokenization/IncentivizedERC20.sol#57-59) (function)
- IERC20Detailed.decimals() (contracts/dependencies/openzeppelin/contracts/IERC20Detailed.sol#11) (function)
StableDebtToken.constructor(address,address,string,string,address).name (contracts/protocol/tokenization/StableDebtToken.sol#29) shadows:
- IncentivizedERC20.name() (contracts/protocol/tokenization/IncentivizedERC20.sol#43-45) (function)
- IERC20Detailed.name() (contracts/dependencies/openzeppelin/contracts/IERC20Detailed.sol#7) (function)
StableDebtToken.constructor(address,address,string,string,address).symbol (contracts/protocol/tokenization/StableDebtToken.sol#30) shadows:
- IncentivizedERC20.symbol() (contracts/protocol/tokenization/IncentivizedERC20.sol#50-52) (function)
- IERC20Detailed.symbol() (contracts/dependencies/openzeppelin/contracts/IERC20Detailed.sol#9) (function)
VariableDebtToken.constructor(address,address,string,string,address).name (contracts/protocol/tokenization/VariableDebtToken.sol#23) shadows:
- IncentivizedERC20.name() (contracts/protocol/tokenization/IncentivizedERC20.sol#43-45) (function)
- IERC20Detailed.name() (contracts/dependencies/openzeppelin/contracts/IERC20Detailed.sol#7) (function)
VariableDebtToken.constructor(address,address,string,string,address).symbol (contracts/protocol/tokenization/VariableDebtToken.sol#24) shadows:
- IncentivizedERC20.symbol() (contracts/protocol/tokenization/IncentivizedERC20.sol#50-52) (function)
- IERC20Detailed.symbol() (contracts/dependencies/openzeppelin/contracts/IERC20Detailed.sol#9) (function)
DebtTokenBase.constructor(address,address,string,string,address).name (contracts/protocol/tokenization/base/DebtTokenBase.sol#43) shadows:
- IncentivizedERC20.name() (contracts/protocol/tokenization/IncentivizedERC20.sol#43-45) (function)
- IERC20Detailed.name() (contracts/dependencies/openzeppelin/contracts/IERC20Detailed.sol#7) (function)
DebtTokenBase.constructor(address,address,string,string,address).symbol (contracts/protocol/tokenization/base/DebtTokenBase.sol#44) shadows:
- IncentivizedERC20.symbol() (contracts/protocol/tokenization/IncentivizedERC20.sol#50-52) (function)
- IERC20Detailed.symbol() (contracts/dependencies/openzeppelin/contracts/IERC20Detailed.sol#9) (function)
DebtTokenBase.initialize(uint8,string,string).decimals (contracts/protocol/tokenization/base/DebtTokenBase.sol#58) shadows:
- IncentivizedERC20.decimals() (contracts/protocol/tokenization/IncentivizedERC20.sol#57-59) (function)
- IERC20Detailed.decimals() (contracts/dependencies/openzeppelin/contracts/IERC20Detailed.sol#11) (function)
DebtTokenBase.initialize(uint8,string,string).name (contracts/protocol/tokenization/base/DebtTokenBase.sol#59) shadows:
- IncentivizedERC20.name() (contracts/protocol/tokenization/IncentivizedERC20.sol#43-45) (function)
- IERC20Detailed.name() (contracts/dependencies/openzeppelin/contracts/IERC20Detailed.sol#7) (function)
DebtTokenBase.initialize(uint8,string,string).symbol (contracts/protocol/tokenization/base/DebtTokenBase.sol#60) shadows:
- IncentivizedERC20.symbol() (contracts/protocol/tokenization/IncentivizedERC20.sol#50-52) (function)
- IERC20Detailed.symbol() (contracts/dependencies/openzeppelin/contracts/IERC20Detailed.sol#9) (function)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#local-variable-shadowing
INFO:Detectors:
UpgradeabilityProxy.constructor(address,bytes)._logic (contracts/dependencies/openzeppelin/upgradeability/UpgradeabilityProxy.sol#20) lacks a zero-check on :
- (success) = _logic.delegatecall(_data) (contracts/dependencies/openzeppelin/upgradeability/UpgradeabilityProxy.sol#24)
BaseAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes).newImplementation (contracts/dependencies/openzeppelin/upgradeability/BaseAdminUpgradeabilityProxy.sol#85) lacks a zero-check on :
- (success) = newImplementation.delegatecall(data) (contracts/dependencies/openzeppelin/upgradeability/BaseAdminUpgradeabilityProxy.sol#91)
InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) lacks a zero-check on :
- (success) = _logic.delegatecall(_data) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
ATokensAndRatesHelper.constructor(address,address,address)._pool (contracts/deployments/ATokensAndRatesHelper.sol#24) lacks a zero-check on :
- pool = _pool (contracts/deployments/ATokensAndRatesHelper.sol#28)
ATokensAndRatesHelper.constructor(address,address,address)._addressesProvider (contracts/deployments/ATokensAndRatesHelper.sol#25) lacks a zero-check on :
- addressesProvider = _addressesProvider (contracts/deployments/ATokensAndRatesHelper.sol#29)
ATokensAndRatesHelper.constructor(address,address,address)._poolConfigurator (contracts/deployments/ATokensAndRatesHelper.sol#26) lacks a zero-check on :
- poolConfigurator = _poolConfigurator (contracts/deployments/ATokensAndRatesHelper.sol#30)
StableAndVariableTokensHelper.constructor(address,address)._pool (contracts/deployments/StableAndVariableTokensHelper.sol#16) lacks a zero-check on :
- pool = _pool (contracts/deployments/StableAndVariableTokensHelper.sol#17)
StableAndVariableTokensHelper.constructor(address,address)._addressesProvider (contracts/deployments/StableAndVariableTokensHelper.sol#16) lacks a zero-check on :
- addressesProvider = _addressesProvider (contracts/deployments/StableAndVariableTokensHelper.sol#18)
AaveOracle.constructor(address[],address[],address,address).weth (contracts/misc/AaveOracle.sol#38) lacks a zero-check on :
- WETH = weth (contracts/misc/AaveOracle.sol#42)
MintableDelegationERC20.delegate(address).delegateeAddress (contracts/mocks/tokens/MintableDelegationERC20.sol#31) lacks a zero-check on :
- delegatee = delegateeAddress (contracts/mocks/tokens/MintableDelegationERC20.sol#32)
AToken.constructor(ILendingPool,address,address,string,string,address).underlyingAssetAddress (contracts/protocol/tokenization/AToken.sol#46) lacks a zero-check on :
- UNDERLYING_ASSET_ADDRESS = underlyingAssetAddress (contracts/protocol/tokenization/AToken.sol#53)
AToken.constructor(ILendingPool,address,address,string,string,address).reserveTreasuryAddress (contracts/protocol/tokenization/AToken.sol#47) lacks a zero-check on :
- RESERVE_TREASURY_ADDRESS = reserveTreasuryAddress (contracts/protocol/tokenization/AToken.sol#54)
LendingPool.liquidationCall(address,address,address,uint256,bool).user (contracts/protocol/lendingpool/LendingPool.sol#427) lacks a zero-check on :
- (success,result) = collateralManager.delegatecall(abi.encodeWithSignature(liquidationCall(address,address,address,uint256,bool),collateralAsset,debtAsset,user,debtToCover,receiveAToken)) (contracts/protocol/lendingpool/LendingPool.sol#434-444)
LendingPool.liquidationCall(address,address,address,uint256,bool).collateralAsset (contracts/protocol/lendingpool/LendingPool.sol#425) lacks a zero-check on :
- (success,result) = collateralManager.delegatecall(abi.encodeWithSignature(liquidationCall(address,address,address,uint256,bool),collateralAsset,debtAsset,user,debtToCover,receiveAToken)) (contracts/protocol/lendingpool/LendingPool.sol#434-444)
LendingPool.liquidationCall(address,address,address,uint256,bool).debtAsset (contracts/protocol/lendingpool/LendingPool.sol#426) lacks a zero-check on :
- (success,result) = collateralManager.delegatecall(abi.encodeWithSignature(liquidationCall(address,address,address,uint256,bool),collateralAsset,debtAsset,user,debtToCover,receiveAToken)) (contracts/protocol/lendingpool/LendingPool.sol#434-444)
BaseImmutableAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes).newImplementation (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#63) lacks a zero-check on :
- (success) = newImplementation.delegatecall(data) (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#69)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-zero-address-validation
INFO:Detectors:
Modifier BaseAdminUpgradeabilityProxy.ifAdmin() (contracts/dependencies/openzeppelin/upgradeability/BaseAdminUpgradeabilityProxy.sol#34-40) does not always execute _; or revertModifier BaseImmutableAdminUpgradeabilityProxy.ifAdmin() (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#23-29) does not always execute _; or revertReference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-modifier
INFO:Detectors:
ATokensAndRatesHelper.initReserve(address[],address[],address[],address[],uint8[]) (contracts/deployments/ATokensAndRatesHelper.sol#69-90) has external calls inside a loop: LendingPoolConfigurator(poolConfigurator).initReserve(aTokens[i],stables[i],variables[i],reserveDecimals[i],strategies[i]) (contracts/deployments/ATokensAndRatesHelper.sol#82-88)
ATokensAndRatesHelper.configureReserves(address[],uint256[],uint256[],uint256[],uint256[],bool[]) (contracts/deployments/ATokensAndRatesHelper.sol#92-121) has external calls inside a loop: configurator.configureReserveAsCollateral(assets[i],baseLTVs[i],liquidationThresholds[i],liquidationBonuses[i]) (contracts/deployments/ATokensAndRatesHelper.sol#108-113)
ATokensAndRatesHelper.configureReserves(address[],uint256[],uint256[],uint256[],uint256[],bool[]) (contracts/deployments/ATokensAndRatesHelper.sol#92-121) has external calls inside a loop: configurator.enableBorrowingOnReserve(assets[i],stableBorrowingEnabled[i]) (contracts/deployments/ATokensAndRatesHelper.sol#115-118)
ATokensAndRatesHelper.configureReserves(address[],uint256[],uint256[],uint256[],uint256[],bool[]) (contracts/deployments/ATokensAndRatesHelper.sol#92-121) has external calls inside a loop: configurator.setReserveFactor(assets[i],reserveFactors[i]) (contracts/deployments/ATokensAndRatesHelper.sol#119)
StableAndVariableTokensHelper.setOracleBorrowRates(address[],uint256[],address) (contracts/deployments/StableAndVariableTokensHelper.sol#52-63) has external calls inside a loop: LendingRateOracle(oracle).setMarketBorrowRate(assets[i],rates[i]) (contracts/deployments/StableAndVariableTokensHelper.sol#61)
AaveOracle.getAssetPrice(address) (contracts/misc/AaveOracle.sol#83-98) has external calls inside a loop: _fallbackOracle.getAssetPrice(asset) (contracts/misc/AaveOracle.sol#89)
AaveOracle.getAssetPrice(address) (contracts/misc/AaveOracle.sol#83-98) has external calls inside a loop: price = IChainlinkAggregator(source).latestAnswer() (contracts/misc/AaveOracle.sol#91)
AaveOracle.getAssetPrice(address) (contracts/misc/AaveOracle.sol#83-98) has external calls inside a loop: _fallbackOracle.getAssetPrice(asset) (contracts/misc/AaveOracle.sol#95)
AaveProtocolDataProvider.getAllReservesTokens() (contracts/misc/AaveProtocolDataProvider.sol#32-51) has external calls inside a loop: reservesTokens[i] = TokenData(IERC20Detailed(reserves[i]).symbol(),reserves[i]) (contracts/misc/AaveProtocolDataProvider.sol#45-48)
AaveProtocolDataProvider.getAllATokens() (contracts/misc/AaveProtocolDataProvider.sol#53-65) has external calls inside a loop: reserveData = pool.getReserveData(reserves[i]) (contracts/misc/AaveProtocolDataProvider.sol#58)
AaveProtocolDataProvider.getAllATokens() (contracts/misc/AaveProtocolDataProvider.sol#53-65) has external calls inside a loop: aTokens[i] = TokenData(IERC20Detailed(reserveData.aTokenAddress).symbol(),reserveData.aTokenAddress) (contracts/misc/AaveProtocolDataProvider.sol#59-62)
UiPoolDataProvider.getReservesData(ILendingPoolAddressesProvider,address) (contracts/misc/UiPoolDataProvider.sol#46-159) has external calls inside a loop: baseData = lendingPool.getReserveData(reserveData.underlyingAsset) (contracts/misc/UiPoolDataProvider.sol#70-71)
UiPoolDataProvider.getReservesData(ILendingPoolAddressesProvider,address) (contracts/misc/UiPoolDataProvider.sol#46-159) has external calls inside a loop: reserveData.priceInEth = oracle.getAssetPrice(reserveData.underlyingAsset) (contracts/misc/UiPoolDataProvider.sol#82)
UiPoolDataProvider.getReservesData(ILendingPoolAddressesProvider,address) (contracts/misc/UiPoolDataProvider.sol#46-159) has external calls inside a loop: reserveData.availableLiquidity = IERC20Detailed(reserveData.underlyingAsset).balanceOf(reserveData.aTokenAddress) (contracts/misc/UiPoolDataProvider.sol#84-86)
UiPoolDataProvider.getReservesData(ILendingPoolAddressesProvider,address) (contracts/misc/UiPoolDataProvider.sol#46-159) has external calls inside a loop: (reserveData.totalPrincipalStableDebt,None,reserveData.averageStableRate,reserveData.stableDebtLastUpdateTimestamp) = IStableDebtToken(reserveData.stableDebtTokenAddress).getSupplyData() (contracts/misc/UiPoolDataProvider.sol#87-92)
UiPoolDataProvider.getReservesData(ILendingPoolAddressesProvider,address) (contracts/misc/UiPoolDataProvider.sol#46-159) has external calls inside a loop: reserveData.totalScaledVariableDebt = IVariableDebtToken(reserveData.variableDebtTokenAddress).scaledTotalSupply() (contracts/misc/UiPoolDataProvider.sol#93-94)
UiPoolDataProvider.getReservesData(ILendingPoolAddressesProvider,address) (contracts/misc/UiPoolDataProvider.sol#46-159) has external calls inside a loop: reserveData.symbol = IERC20Detailed(reserveData.aTokenAddress).symbol() (contracts/misc/UiPoolDataProvider.sol#99)
UiPoolDataProvider.getInterestRateStrategySlopes(DefaultReserveInterestRateStrategy) (contracts/misc/UiPoolDataProvider.sol#28-44) has external calls inside a loop: (interestRateStrategy.variableRateSlope1(),interestRateStrategy.variableRateSlope2(),interestRateStrategy.stableRateSlope1(),interestRateStrategy.stableRateSlope2()) (contracts/misc/UiPoolDataProvider.sol#38-43)
UiPoolDataProvider.getReservesData(ILendingPoolAddressesProvider,address) (contracts/misc/UiPoolDataProvider.sol#46-159) has external calls inside a loop: userReservesData[i].scaledATokenBalance = IAToken(reserveData.aTokenAddress).scaledBalanceOf(user) (contracts/misc/UiPoolDataProvider.sol#128-129)
UiPoolDataProvider.getReservesData(ILendingPoolAddressesProvider,address) (contracts/misc/UiPoolDataProvider.sol#46-159) has external calls inside a loop: userReservesData[i].scaledVariableDebt = IVariableDebtToken(reserveData.variableDebtTokenAddress).scaledBalanceOf(user) (contracts/misc/UiPoolDataProvider.sol#133-137)
UiPoolDataProvider.getReservesData(ILendingPoolAddressesProvider,address) (contracts/misc/UiPoolDataProvider.sol#46-159) has external calls inside a loop: userReservesData[i].principalStableDebt = IStableDebtToken(reserveData.stableDebtTokenAddress).principalBalanceOf(user) (contracts/misc/UiPoolDataProvider.sol#138-142)
UiPoolDataProvider.getReservesData(ILendingPoolAddressesProvider,address) (contracts/misc/UiPoolDataProvider.sol#46-159) has external calls inside a loop: userReservesData[i].stableBorrowRate = IStableDebtToken(reserveData.stableDebtTokenAddress).getUserStableRate(user) (contracts/misc/UiPoolDataProvider.sol#144-148)
UiPoolDataProvider.getReservesData(ILendingPoolAddressesProvider,address) (contracts/misc/UiPoolDataProvider.sol#46-159) has external calls inside a loop: userReservesData[i].stableBorrowLastUpdateTimestamp = IStableDebtToken(reserveData.stableDebtTokenAddress).getUserLastUpdated(user) (contracts/misc/UiPoolDataProvider.sol#149-153)
WalletBalanceProvider.balanceOf(address,address) (contracts/misc/WalletBalanceProvider.sol#44-52) has external calls inside a loop: IERC20(token).balanceOf(user) (contracts/misc/WalletBalanceProvider.sol#49)
WalletBalanceProvider.getUserWalletBalances(address,address) (contracts/misc/WalletBalanceProvider.sol#79-109) has external calls inside a loop: configuration = pool.getConfiguration(reservesWithEth[j]) (contracts/misc/WalletBalanceProvider.sol#96)
MockFlashLoanReceiver.executeOperation(address[],uint256[],uint256[],address,bytes) (contracts/mocks/flashloan/MockFlashLoanReceiver.sol#46-84) has external calls inside a loop: require(bool,string)(amounts[i] <= IERC20(assets[i]).balanceOf(address(this)),Invalid balance for the contract) (contracts/mocks/flashloan/MockFlashLoanReceiver.sol#66-69)
MockFlashLoanReceiver.executeOperation(address[],uint256[],uint256[],address,bytes) (contracts/mocks/flashloan/MockFlashLoanReceiver.sol#46-84) has external calls inside a loop: token.mint(premiums[i]) (contracts/mocks/flashloan/MockFlashLoanReceiver.sol#76)
MockFlashLoanReceiver.executeOperation(address[],uint256[],uint256[],address,bytes) (contracts/mocks/flashloan/MockFlashLoanReceiver.sol#46-84) has external calls inside a loop: IERC20(assets[i]).approve(address(LENDING_POOL),amountToReturn) (contracts/mocks/flashloan/MockFlashLoanReceiver.sol#78)
LendingPool.flashLoan(address,address[],uint256[],uint256[],address,bytes,uint16) (contracts/protocol/lendingpool/LendingPool.sol#481-562) has external calls inside a loop: IAToken(aTokenAddresses[vars.i]).transferUnderlyingTo(receiverAddress,amounts[vars.i]) (contracts/protocol/lendingpool/LendingPool.sol#504)
LendingPool.flashLoan(address,address[],uint256[],uint256[],address,bytes,uint16) (contracts/protocol/lendingpool/LendingPool.sol#481-562) has external calls inside a loop: _reserves[vars.currentAsset].cumulateToLiquidityIndex(IERC20(vars.currentATokenAddress).totalSupply(),vars.currentPremium) (contracts/protocol/lendingpool/LendingPool.sol#521-524)
LendingPool._executeBorrow(LendingPool.ExecuteBorrowParams) (contracts/protocol/lendingpool/LendingPool.sol#832-907) has external calls inside a loop: oracle = _addressesProvider.getPriceOracle() (contracts/protocol/lendingpool/LendingPool.sol#836)
LendingPool._executeBorrow(LendingPool.ExecuteBorrowParams) (contracts/protocol/lendingpool/LendingPool.sol#832-907) has external calls inside a loop: amountInETH = IPriceOracleGetter(oracle).getAssetPrice(vars.asset).mul(vars.amount).div(10 ** reserve.configuration.getDecimals()) (contracts/protocol/lendingpool/LendingPool.sol#838-841)
LendingPool._executeBorrow(LendingPool.ExecuteBorrowParams) (contracts/protocol/lendingpool/LendingPool.sol#832-907) has external calls inside a loop: isFirstBorrowing = IStableDebtToken(reserve.stableDebtTokenAddress).mint(vars.user,vars.onBehalfOf,vars.amount,currentStableRate) (contracts/protocol/lendingpool/LendingPool.sol#866-871)
LendingPool._executeBorrow(LendingPool.ExecuteBorrowParams) (contracts/protocol/lendingpool/LendingPool.sol#832-907) has external calls inside a loop: IAToken(vars.aTokenAddress).transferUnderlyingTo(vars.user,vars.amount) (contracts/protocol/lendingpool/LendingPool.sol#893)
LendingPool._executeBorrow(LendingPool.ExecuteBorrowParams) (contracts/protocol/lendingpool/LendingPool.sol#832-907) has external calls inside a loop: isFirstBorrowing = IVariableDebtToken(reserve.variableDebtTokenAddress).mint(vars.user,vars.onBehalfOf,vars.amount,reserve.variableBorrowIndex) (contracts/protocol/lendingpool/LendingPool.sol#873-878)
GenericLogic.calculateUserAccountData(address,mapping(address => DataTypes.ReserveData),DataTypes.UserConfigurationMap,mapping(uint256 => address),uint256,address) (contracts/protocol/libraries/logic/GenericLogic.sol#150-235) has external calls inside a loop: vars.reserveUnitPrice = IPriceOracleGetter(oracle).getAssetPrice(vars.currentReserveAddress) (contracts/protocol/libraries/logic/GenericLogic.sol#186)
ReserveLogic.updateInterestRates(DataTypes.ReserveData,address,address,uint256,uint256) (contracts/protocol/libraries/logic/ReserveLogic.sol#198-249) has external calls inside a loop: (vars.newLiquidityRate,vars.newStableRate,vars.newVariableRate) = IReserveInterestRateStrategy(reserve.interestRateStrategyAddress).calculateInterestRates(reserveAddress,vars.availableLiquidity.add(liquidityAdded).sub(liquidityTaken),vars.totalStableDebt,vars.totalVariableDebt,vars.avgStableRate,reserve.configuration.getReserveFactor()) (contracts/protocol/libraries/logic/ReserveLogic.sol#221-232)
GenericLogic.calculateUserAccountData(address,mapping(address => DataTypes.ReserveData),DataTypes.UserConfigurationMap,mapping(uint256 => address),uint256,address) (contracts/protocol/libraries/logic/GenericLogic.sol#150-235) has external calls inside a loop: vars.compoundedLiquidityBalance = IERC20(currentReserve.aTokenAddress).balanceOf(user) (contracts/protocol/libraries/logic/GenericLogic.sol#189)
GenericLogic.calculateUserAccountData(address,mapping(address => DataTypes.ReserveData),DataTypes.UserConfigurationMap,mapping(uint256 => address),uint256,address) (contracts/protocol/libraries/logic/GenericLogic.sol#150-235) has external calls inside a loop: vars.compoundedBorrowBalance = IERC20(currentReserve.stableDebtTokenAddress).balanceOf(user) (contracts/protocol/libraries/logic/GenericLogic.sol#203-205)
GenericLogic.calculateUserAccountData(address,mapping(address => DataTypes.ReserveData),DataTypes.UserConfigurationMap,mapping(uint256 => address),uint256,address) (contracts/protocol/libraries/logic/GenericLogic.sol#150-235) has external calls inside a loop: vars.compoundedBorrowBalance = vars.compoundedBorrowBalance.add(IERC20(currentReserve.variableDebtTokenAddress).balanceOf(user)) (contracts/protocol/libraries/logic/GenericLogic.sol#206-208)
ValidationLogic.validateBorrow(address,DataTypes.ReserveData,address,uint256,uint256,uint256,uint256,mapping(address => DataTypes.ReserveData),DataTypes.UserConfigurationMap,mapping(uint256 => address),uint256,address) (contracts/protocol/libraries/logic/ValidationLogic.sol#120-213) has external calls inside a loop: require(bool,string)(! userConfig.isUsingAsCollateral(reserve.id) || reserve.configuration.getLtv() == 0 || amount > IERC20(reserve.aTokenAddress).balanceOf(userAddress),Errors.VL_COLLATERAL_SAME_AS_BORROWING_CURRENCY) (contracts/protocol/libraries/logic/ValidationLogic.sol#198-203)
ValidationLogic.validateBorrow(address,DataTypes.ReserveData,address,uint256,uint256,uint256,uint256,mapping(address => DataTypes.ReserveData),DataTypes.UserConfigurationMap,mapping(uint256 => address),uint256,address) (contracts/protocol/libraries/logic/ValidationLogic.sol#120-213) has external calls inside a loop: vars.availableLiquidity = IERC20(asset).balanceOf(reserve.aTokenAddress) (contracts/protocol/libraries/logic/ValidationLogic.sol#205)
ReserveLogic._mintToTreasury(DataTypes.ReserveData,uint256,uint256,uint256,uint256,uint40) (contracts/protocol/libraries/logic/ReserveLogic.sol#274-325) has external calls inside a loop: (vars.principalStableDebt,vars.currentStableDebt,vars.avgStableRate,vars.stableSupplyUpdatedTimestamp) = IStableDebtToken(reserve.stableDebtTokenAddress).getSupplyData() (contracts/protocol/libraries/logic/ReserveLogic.sol#291-296)
ReserveLogic._mintToTreasury(DataTypes.ReserveData,uint256,uint256,uint256,uint256,uint40) (contracts/protocol/libraries/logic/ReserveLogic.sol#274-325) has external calls inside a loop: IAToken(reserve.aTokenAddress).mintToTreasury(vars.amountToMint,newLiquidityIndex) (contracts/protocol/libraries/logic/ReserveLogic.sol#323)
ReserveLogic.updateState(DataTypes.ReserveData) (contracts/protocol/libraries/logic/ReserveLogic.sol#110-134) has external calls inside a loop: scaledVariableDebt = IVariableDebtToken(reserve.variableDebtTokenAddress).scaledTotalSupply() (contracts/protocol/libraries/logic/ReserveLogic.sol#111-112)
ReserveLogic.updateInterestRates(DataTypes.ReserveData,address,address,uint256,uint256) (contracts/protocol/libraries/logic/ReserveLogic.sol#198-249) has external calls inside a loop: (vars.totalStableDebt,vars.avgStableRate) = IStableDebtToken(vars.stableDebtTokenAddress).getTotalSupplyAndAvgRate() (contracts/protocol/libraries/logic/ReserveLogic.sol#209-210)
ReserveLogic.updateInterestRates(DataTypes.ReserveData,address,address,uint256,uint256) (contracts/protocol/libraries/logic/ReserveLogic.sol#198-249) has external calls inside a loop: vars.totalVariableDebt = IVariableDebtToken(reserve.variableDebtTokenAddress).scaledTotalSupply().rayMul(reserve.variableBorrowIndex) (contracts/protocol/libraries/logic/ReserveLogic.sol#215-217)
ReserveLogic.updateInterestRates(DataTypes.ReserveData,address,address,uint256,uint256) (contracts/protocol/libraries/logic/ReserveLogic.sol#198-249) has external calls inside a loop: vars.availableLiquidity = IERC20(reserveAddress).balanceOf(aTokenAddress) (contracts/protocol/libraries/logic/ReserveLogic.sol#219)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation/#calls-inside-a-loop
INFO:Detectors:
Reentrancy in IncentivizedERC20.transferFrom(address,address,uint256) (contracts/protocol/tokenization/IncentivizedERC20.sol#120-133):
External calls:
- _transfer(sender,recipient,amount) (contracts/protocol/tokenization/IncentivizedERC20.sol#125)
- _incentivesController.handleAction(sender,currentTotalSupply,oldSenderBalance) (contracts/protocol/tokenization/IncentivizedERC20.sol#185)
- _incentivesController.handleAction(recipient,currentTotalSupply,oldRecipientBalance) (contracts/protocol/tokenization/IncentivizedERC20.sol#187)
State variables written after the call(s):
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (contracts/protocol/tokenization/IncentivizedERC20.sol#126-130)
- _allowances[owner][spender] = amount (contracts/protocol/tokenization/IncentivizedERC20.sol#232)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-2
INFO:Detectors:
Reentrancy in LendingPool._executeBorrow(LendingPool.ExecuteBorrowParams) (contracts/protocol/lendingpool/LendingPool.sol#832-907):
External calls:
- reserve.updateState() (contracts/protocol/lendingpool/LendingPool.sol#858)
- isFirstBorrowing = IStableDebtToken(reserve.stableDebtTokenAddress).mint(vars.user,vars.onBehalfOf,vars.amount,currentStableRate) (contracts/protocol/lendingpool/LendingPool.sol#866-871)
- isFirstBorrowing = IVariableDebtToken(reserve.variableDebtTokenAddress).mint(vars.user,vars.onBehalfOf,vars.amount,reserve.variableBorrowIndex) (contracts/protocol/lendingpool/LendingPool.sol#873-878)
- IAToken(vars.aTokenAddress).transferUnderlyingTo(vars.user,vars.amount) (contracts/protocol/lendingpool/LendingPool.sol#893)
Event emitted after the call(s):
- Borrow(vars.asset,vars.user,vars.onBehalfOf,vars.amount,vars.interestRateMode,currentStableRate,vars.referralCode) (contracts/protocol/lendingpool/LendingPool.sol#896-906)
- Borrow(vars.asset,vars.user,vars.onBehalfOf,vars.amount,vars.interestRateMode,reserve.currentVariableBorrowRate,vars.referralCode) (contracts/protocol/lendingpool/LendingPool.sol#896-906)
Reentrancy in AToken._transfer(address,address,uint256,bool) (contracts/protocol/tokenization/AToken.sol#302-327):
External calls:
- super._transfer(from,to,amount.rayDiv(index)) (contracts/protocol/tokenization/AToken.sol#313)
- _incentivesController.handleAction(sender,currentTotalSupply,oldSenderBalance) (contracts/protocol/tokenization/IncentivizedERC20.sol#185)
- _incentivesController.handleAction(recipient,currentTotalSupply,oldRecipientBalance) (contracts/protocol/tokenization/IncentivizedERC20.sol#187)
- POOL.finalizeTransfer(UNDERLYING_ASSET_ADDRESS,from,to,amount,fromBalanceBefore,toBalanceBefore) (contracts/protocol/tokenization/AToken.sol#316-323)
Event emitted after the call(s):
- BalanceTransfer(from,to,amount,index) (contracts/protocol/tokenization/AToken.sol#326)
Reentrancy in LendingPoolAddressesProvider._updateImpl(bytes32,address) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#194-209):
External calls:
- proxy.initialize(newAddress,params) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#203)
Event emitted after the call(s):
- ProxyCreated(id,address(proxy)) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#205)
Reentrancy in LendingPoolConfigurator.activateReserve(address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#421-429):
External calls:
- pool.setConfiguration(asset,currentConfig.data) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#426)
Event emitted after the call(s):
- ReserveActivated(asset) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#428)
Reentrancy in AToken.burn(address,address,uint256,uint256) (contracts/protocol/tokenization/AToken.sol#96-110):
External calls:
- _burn(user,amountScaled) (contracts/protocol/tokenization/AToken.sol#104)
- _incentivesController.handleAction(account,oldTotalSupply,oldAccountBalance) (contracts/protocol/tokenization/IncentivizedERC20.sol#220)
- IERC20(UNDERLYING_ASSET_ADDRESS).safeTransfer(receiverOfUnderlying,amount) (contracts/protocol/tokenization/AToken.sol#106)
Event emitted after the call(s):
- Burn(user,receiverOfUnderlying,amount,index) (contracts/protocol/tokenization/AToken.sol#109)
- Transfer(user,address(0),amount) (contracts/protocol/tokenization/AToken.sol#108)
Reentrancy in StableDebtToken.burn(address,uint256) (contracts/protocol/tokenization/StableDebtToken.sol#162-222):
External calls:
- _mint(user,amountToMint,previousSupply) (contracts/protocol/tokenization/StableDebtToken.sol#204)
- _incentivesController.handleAction(account,oldTotalSupply,oldAccountBalance) (contracts/protocol/tokenization/StableDebtToken.sol#336)
Event emitted after the call(s):
- Mint(user,user,amountToMint,currentBalance,balanceIncrease,userStableRate,newAvgStableRate,nextSupply) (contracts/protocol/tokenization/StableDebtToken.sol#205-214)
Reentrancy in StableDebtToken.burn(address,uint256) (contracts/protocol/tokenization/StableDebtToken.sol#162-222):
External calls:
- _burn(user,amountToBurn,previousSupply) (contracts/protocol/tokenization/StableDebtToken.sol#217)
- _incentivesController.handleAction(account,oldTotalSupply,oldAccountBalance) (contracts/protocol/tokenization/StableDebtToken.sol#355)
Event emitted after the call(s):
- Burn(user,amountToBurn,currentBalance,balanceIncrease,newAvgStableRate,nextSupply) (contracts/protocol/tokenization/StableDebtToken.sol#218)
Reentrancy in StableDebtToken.burn(address,uint256) (contracts/protocol/tokenization/StableDebtToken.sol#162-222):
External calls:
- _mint(user,amountToMint,previousSupply) (contracts/protocol/tokenization/StableDebtToken.sol#204)
- _incentivesController.handleAction(account,oldTotalSupply,oldAccountBalance) (contracts/protocol/tokenization/StableDebtToken.sol#336)
- _burn(user,amountToBurn,previousSupply) (contracts/protocol/tokenization/StableDebtToken.sol#217)
- _incentivesController.handleAction(account,oldTotalSupply,oldAccountBalance) (contracts/protocol/tokenization/StableDebtToken.sol#355)
Event emitted after the call(s):
- Transfer(user,address(0),amount) (contracts/protocol/tokenization/StableDebtToken.sol#221)
Reentrancy in VariableDebtToken.burn(address,uint256,uint256) (contracts/protocol/tokenization/VariableDebtToken.sol#89-101):
External calls:
- _burn(user,amountScaled) (contracts/protocol/tokenization/VariableDebtToken.sol#97)
- _incentivesController.handleAction(account,oldTotalSupply,oldAccountBalance) (contracts/protocol/tokenization/IncentivizedERC20.sol#220)
Event emitted after the call(s):
- Burn(user,amount,index) (contracts/protocol/tokenization/VariableDebtToken.sol#100)
- Transfer(user,address(0),amount) (contracts/protocol/tokenization/VariableDebtToken.sol#99)
Reentrancy in LendingPoolConfigurator.configureReserveAsCollateral(address,uint256,uint256,uint256) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#345-387):
External calls:
- pool.setConfiguration(asset,currentConfig.data) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#384)
Event emitted after the call(s):
- CollateralConfigurationChanged(asset,ltv,liquidationThreshold,liquidationBonus) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#386)
Reentrancy in LendingPoolConfigurator.deactivateReserve(address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#435-445):
External calls:
- pool.setConfiguration(asset,currentConfig.data) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#442)
Event emitted after the call(s):
- ReserveDeactivated(asset) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#444)
Reentrancy in LendingPool.deposit(address,uint256,address,uint16) (contracts/protocol/lendingpool/LendingPool.sol#105-130):
External calls:
- reserve.updateState() (contracts/protocol/lendingpool/LendingPool.sol#117)
- IERC20(asset).safeTransferFrom(msg.sender,aToken,amount) (contracts/protocol/lendingpool/LendingPool.sol#120)
- isFirstDeposit = IAToken(aToken).mint(onBehalfOf,amount,reserve.liquidityIndex) (contracts/protocol/lendingpool/LendingPool.sol#122)
Event emitted after the call(s):
- Deposit(asset,msg.sender,onBehalfOf,amount,referralCode) (contracts/protocol/lendingpool/LendingPool.sol#129)
- ReserveUsedAsCollateralEnabled(asset,onBehalfOf) (contracts/protocol/lendingpool/LendingPool.sol#126)
Reentrancy in LendingPoolConfigurator.disableBorrowingOnReserve(address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#327-334):
External calls:
- pool.setConfiguration(asset,currentConfig.data) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#332)
Event emitted after the call(s):
- BorrowingDisabledOnReserve(asset) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#333)
Reentrancy in LendingPoolConfigurator.disableReserveStableRate(address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#407-415):
External calls:
- pool.setConfiguration(asset,currentConfig.data) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#412)
Event emitted after the call(s):
- StableRateDisabledOnReserve(asset) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#414)
Reentrancy in LendingPoolConfigurator.enableBorrowingOnReserve(address,bool) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#309-321):
External calls:
- pool.setConfiguration(asset,currentConfig.data) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#318)
Event emitted after the call(s):
- BorrowingEnabledOnReserve(asset,stableBorrowRateEnabled) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#320)
Reentrancy in LendingPoolConfigurator.enableReserveStableRate(address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#393-401):
External calls:
- pool.setConfiguration(asset,currentConfig.data) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#398)
Event emitted after the call(s):
- StableRateEnabledOnReserve(asset) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#400)
Reentrancy in MockFlashLoanReceiver.executeOperation(address[],uint256[],uint256[],address,bytes) (contracts/mocks/flashloan/MockFlashLoanReceiver.sol#46-84):
External calls:
- token.mint(premiums[i]) (contracts/mocks/flashloan/MockFlashLoanReceiver.sol#76)
- IERC20(assets[i]).approve(address(LENDING_POOL),amountToReturn) (contracts/mocks/flashloan/MockFlashLoanReceiver.sol#78)
Event emitted after the call(s):
- ExecutedWithSuccess(assets,amounts,premiums) (contracts/mocks/flashloan/MockFlashLoanReceiver.sol#81)
Reentrancy in LendingPool.flashLoan(address,address[],uint256[],uint256[],address,bytes,uint16) (contracts/protocol/lendingpool/LendingPool.sol#481-562):
External calls:
- IAToken(aTokenAddresses[vars.i]).transferUnderlyingTo(receiverAddress,amounts[vars.i]) (contracts/protocol/lendingpool/LendingPool.sol#504)
- require(bool,string)(vars.receiver.executeOperation(assets,amounts,premiums,msg.sender,params),Errors.LP_INVALID_FLASH_LOAN_EXECUTOR_RETURN) (contracts/protocol/lendingpool/LendingPool.sol#507-510)
- _reserves[vars.currentAsset].updateState() (contracts/protocol/lendingpool/LendingPool.sol#520)
- IERC20(vars.currentAsset).safeTransferFrom(receiverAddress,vars.currentATokenAddress,vars.currentAmountPlusPremium) (contracts/protocol/lendingpool/LendingPool.sol#532-536)
- _executeBorrow(ExecuteBorrowParams(vars.currentAsset,msg.sender,onBehalfOf,vars.currentAmount,modes[vars.i],vars.currentATokenAddress,referralCode,false)) (contracts/protocol/lendingpool/LendingPool.sol#540-551)
- reserve.updateState() (contracts/protocol/lendingpool/LendingPool.sol#858)
- isFirstBorrowing = IStableDebtToken(reserve.stableDebtTokenAddress).mint(vars.user,vars.onBehalfOf,vars.amount,currentStableRate) (contracts/protocol/lendingpool/LendingPool.sol#866-871)
- isFirstBorrowing = IVariableDebtToken(reserve.variableDebtTokenAddress).mint(vars.user,vars.onBehalfOf,vars.amount,reserve.variableBorrowIndex) (contracts/protocol/lendingpool/LendingPool.sol#873-878)
- IAToken(reserve.aTokenAddress).mintToTreasury(vars.amountToMint,newLiquidityIndex) (contracts/protocol/libraries/logic/ReserveLogic.sol#323)
- IAToken(vars.aTokenAddress).transferUnderlyingTo(vars.user,vars.amount) (contracts/protocol/lendingpool/LendingPool.sol#893)
Event emitted after the call(s):
- Borrow(vars.asset,vars.user,vars.onBehalfOf,vars.amount,vars.interestRateMode,currentStableRate,vars.referralCode) (contracts/protocol/lendingpool/LendingPool.sol#896-906)
- _executeBorrow(ExecuteBorrowParams(vars.currentAsset,msg.sender,onBehalfOf,vars.currentAmount,modes[vars.i],vars.currentATokenAddress,referralCode,false)) (contracts/protocol/lendingpool/LendingPool.sol#540-551)
- Borrow(vars.asset,vars.user,vars.onBehalfOf,vars.amount,vars.interestRateMode,reserve.currentVariableBorrowRate,vars.referralCode) (contracts/protocol/lendingpool/LendingPool.sol#896-906)
- _executeBorrow(ExecuteBorrowParams(vars.currentAsset,msg.sender,onBehalfOf,vars.currentAmount,modes[vars.i],vars.currentATokenAddress,referralCode,false)) (contracts/protocol/lendingpool/LendingPool.sol#540-551)
- FlashLoan(receiverAddress,msg.sender,vars.currentAsset,vars.currentAmount,vars.currentPremium,referralCode) (contracts/protocol/lendingpool/LendingPool.sol#553-560)
- ReserveDataUpdated(reserveAddress,vars.newLiquidityRate,vars.newStableRate,vars.newVariableRate,reserve.liquidityIndex,reserve.variableBorrowIndex) (contracts/protocol/libraries/logic/ReserveLogic.sol#241-248)
- _executeBorrow(ExecuteBorrowParams(vars.currentAsset,msg.sender,onBehalfOf,vars.currentAmount,modes[vars.i],vars.currentATokenAddress,referralCode,false)) (contracts/protocol/lendingpool/LendingPool.sol#540-551)
Reentrancy in LendingPoolConfigurator.freezeReserve(address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#452-460):
External calls:
- pool.setConfiguration(asset,currentConfig.data) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#457)
Event emitted after the call(s):
- ReserveFrozen(asset) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#459)
Reentrancy in LendingPoolConfigurator.initReserve(address,address,address,uint8,address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#201-263):
External calls:
- aTokenProxyAddress = _initTokenWithProxy(aTokenImpl,underlyingAssetDecimals) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#231)
- proxy.initialize(implementation,params) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#524)
- stableDebtTokenProxyAddress = _initTokenWithProxy(stableDebtTokenImpl,underlyingAssetDecimals) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#233-234)
- proxy.initialize(implementation,params) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#524)
- variableDebtTokenProxyAddress = _initTokenWithProxy(variableDebtTokenImpl,underlyingAssetDecimals) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#236-237)
- proxy.initialize(implementation,params) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#524)
- pool.initReserve(asset,aTokenProxyAddress,stableDebtTokenProxyAddress,variableDebtTokenProxyAddress,interestRateStrategyAddress) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#239-245)
- pool.setConfiguration(asset,currentConfig.data) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#254)
Event emitted after the call(s):
- ReserveInitialized(asset,aTokenProxyAddress,stableDebtTokenProxyAddress,variableDebtTokenProxyAddress,interestRateStrategyAddress) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#256-262)
Reentrancy in LendingPoolCollateralManager.liquidationCall(address,address,address,uint256,bool) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#81-245):
External calls:
- debtReserve.updateState() (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#163)
- IVariableDebtToken(debtReserve.variableDebtTokenAddress).burn(user,vars.actualDebtToLiquidate,debtReserve.variableBorrowIndex) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#166-170)
- IVariableDebtToken(debtReserve.variableDebtTokenAddress).burn(user,vars.userVariableDebt,debtReserve.variableBorrowIndex) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#174-178)
- IStableDebtToken(debtReserve.stableDebtTokenAddress).burn(user,vars.actualDebtToLiquidate.sub(vars.userVariableDebt)) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#180-183)
- vars.collateralAtoken.transferOnLiquidation(user,msg.sender,vars.maxCollateralToLiquidate) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#195)
Event emitted after the call(s):
- ReserveUsedAsCollateralEnabled(collateralAsset,msg.sender) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#200)
Reentrancy in LendingPoolCollateralManager.liquidationCall(address,address,address,uint256,bool) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#81-245):
External calls:
- debtReserve.updateState() (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#163)
- IVariableDebtToken(debtReserve.variableDebtTokenAddress).burn(user,vars.actualDebtToLiquidate,debtReserve.variableBorrowIndex) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#166-170)
- IVariableDebtToken(debtReserve.variableDebtTokenAddress).burn(user,vars.userVariableDebt,debtReserve.variableBorrowIndex) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#174-178)
- IStableDebtToken(debtReserve.stableDebtTokenAddress).burn(user,vars.actualDebtToLiquidate.sub(vars.userVariableDebt)) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#180-183)
- vars.collateralAtoken.transferOnLiquidation(user,msg.sender,vars.maxCollateralToLiquidate) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#195)
- collateralReserve.updateState() (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#203)
- vars.collateralAtoken.burn(user,msg.sender,vars.maxCollateralToLiquidate,collateralReserve.liquidityIndex) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#212-217)
Event emitted after the call(s):
- ReserveUsedAsCollateralDisabled(collateralAsset,user) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#224)
Reentrancy in LendingPoolCollateralManager.liquidationCall(address,address,address,uint256,bool) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#81-245):
External calls:
- debtReserve.updateState() (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#163)
- IVariableDebtToken(debtReserve.variableDebtTokenAddress).burn(user,vars.actualDebtToLiquidate,debtReserve.variableBorrowIndex) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#166-170)
- IVariableDebtToken(debtReserve.variableDebtTokenAddress).burn(user,vars.userVariableDebt,debtReserve.variableBorrowIndex) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#174-178)
- IStableDebtToken(debtReserve.stableDebtTokenAddress).burn(user,vars.actualDebtToLiquidate.sub(vars.userVariableDebt)) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#180-183)
- vars.collateralAtoken.transferOnLiquidation(user,msg.sender,vars.maxCollateralToLiquidate) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#195)
- collateralReserve.updateState() (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#203)
- vars.collateralAtoken.burn(user,msg.sender,vars.maxCollateralToLiquidate,collateralReserve.liquidityIndex) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#212-217)
- IERC20(debtAsset).safeTransferFrom(msg.sender,debtReserve.aTokenAddress,vars.actualDebtToLiquidate) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#228-232)
Event emitted after the call(s):
- LiquidationCall(collateralAsset,debtAsset,user,vars.actualDebtToLiquidate,vars.maxCollateralToLiquidate,msg.sender,receiveAToken) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#234-242)
Reentrancy in AToken.mint(address,uint256,uint256) (contracts/protocol/tokenization/AToken.sol#120-135):
External calls:
- _mint(user,amountScaled) (contracts/protocol/tokenization/AToken.sol#129)
- _incentivesController.handleAction(account,oldTotalSupply,oldAccountBalance) (contracts/protocol/tokenization/IncentivizedERC20.sol#204)
Event emitted after the call(s):
- Mint(user,amount,index) (contracts/protocol/tokenization/AToken.sol#132)
- Transfer(address(0),user,amount) (contracts/protocol/tokenization/AToken.sol#131)
Reentrancy in StableDebtToken.mint(address,address,uint256,uint256) (contracts/protocol/tokenization/StableDebtToken.sol#101-155):
External calls:
- _mint(onBehalfOf,amount.add(balanceIncrease),vars.previousSupply) (contracts/protocol/tokenization/StableDebtToken.sol#139)
- _incentivesController.handleAction(account,oldTotalSupply,oldAccountBalance) (contracts/protocol/tokenization/StableDebtToken.sol#336)
Event emitted after the call(s):
- Mint(user,onBehalfOf,amount,currentBalance,balanceIncrease,vars.newStableRate,vars.currentAvgStableRate,vars.nextSupply) (contracts/protocol/tokenization/StableDebtToken.sol#143-152)
- Transfer(address(0),onBehalfOf,amount) (contracts/protocol/tokenization/StableDebtToken.sol#141)
Reentrancy in VariableDebtToken.mint(address,address,uint256,uint256) (contracts/protocol/tokenization/VariableDebtToken.sol#60-80):
External calls:
- _mint(onBehalfOf,amountScaled) (contracts/protocol/tokenization/VariableDebtToken.sol#74)
- _incentivesController.handleAction(account,oldTotalSupply,oldAccountBalance) (contracts/protocol/tokenization/IncentivizedERC20.sol#204)
Event emitted after the call(s):
- Mint(user,onBehalfOf,amount,index) (contracts/protocol/tokenization/VariableDebtToken.sol#77)
- Transfer(address(0),onBehalfOf,amount) (contracts/protocol/tokenization/VariableDebtToken.sol#76)
Reentrancy in AToken.mintToTreasury(uint256,uint256) (contracts/protocol/tokenization/AToken.sol#143-156):
External calls:
- _mint(RESERVE_TREASURY_ADDRESS,amount.rayDiv(index)) (contracts/protocol/tokenization/AToken.sol#152)
- _incentivesController.handleAction(account,oldTotalSupply,oldAccountBalance) (contracts/protocol/tokenization/IncentivizedERC20.sol#204)
Event emitted after the call(s):
- Mint(RESERVE_TREASURY_ADDRESS,amount,index) (contracts/protocol/tokenization/AToken.sol#155)
- Transfer(address(0),RESERVE_TREASURY_ADDRESS,amount) (contracts/protocol/tokenization/AToken.sol#154)
Reentrancy in LendingPool.rebalanceStableBorrowRate(address,address) (contracts/protocol/lendingpool/LendingPool.sol#349-379):
External calls:
- reserve.updateState() (contracts/protocol/lendingpool/LendingPool.sol#366)
- IStableDebtToken(address(stableDebtToken)).burn(user,stableDebt) (contracts/protocol/lendingpool/LendingPool.sol#368)
- IStableDebtToken(address(stableDebtToken)).mint(user,user,stableDebt,reserve.currentStableBorrowRate) (contracts/protocol/lendingpool/LendingPool.sol#369-374)
Event emitted after the call(s):
- RebalanceStableBorrowRate(asset,user) (contracts/protocol/lendingpool/LendingPool.sol#378)
Reentrancy in LendingPool.repay(address,uint256,uint256,address) (contracts/protocol/lendingpool/LendingPool.sol#237-289):
External calls:
- reserve.updateState() (contracts/protocol/lendingpool/LendingPool.sol#265)
- IStableDebtToken(reserve.stableDebtTokenAddress).burn(onBehalfOf,paybackAmount) (contracts/protocol/lendingpool/LendingPool.sol#268)
- IVariableDebtToken(reserve.variableDebtTokenAddress).burn(onBehalfOf,paybackAmount,reserve.variableBorrowIndex) (contracts/protocol/lendingpool/LendingPool.sol#270-274)
- IERC20(asset).safeTransferFrom(msg.sender,aToken,paybackAmount) (contracts/protocol/lendingpool/LendingPool.sol#284)
Event emitted after the call(s):
- Repay(asset,onBehalfOf,msg.sender,paybackAmount) (contracts/protocol/lendingpool/LendingPool.sol#286)
Reentrancy in LendingPoolAddressesProvider.setAddressAsProxy(bytes32,address) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#60-67):
External calls:
- _updateImpl(id,implementationAddress) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#65)
- proxy.initialize(newAddress,params) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#203)
- proxy.upgradeToAndCall(newAddress,params) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#207)
Event emitted after the call(s):
- AddressSet(id,implementationAddress,true) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#66)
Reentrancy in LendingPoolAddressesProvider.setLendingPoolConfiguratorImpl(address) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#119-122):
External calls:
- _updateImpl(LENDING_POOL_CONFIGURATOR,configurator) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#120)
- proxy.initialize(newAddress,params) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#203)
- proxy.upgradeToAndCall(newAddress,params) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#207)
Event emitted after the call(s):
- LendingPoolConfiguratorUpdated(configurator) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#121)
Reentrancy in LendingPoolAddressesProvider.setLendingPoolImpl(address) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#101-104):
External calls:
- _updateImpl(LENDING_POOL,pool) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#102)
- proxy.initialize(newAddress,params) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#203)
- proxy.upgradeToAndCall(newAddress,params) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#207)
Event emitted after the call(s):
- LendingPoolUpdated(pool) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#103)
Reentrancy in LendingPoolConfigurator.setReserveFactor(address,uint256) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#481-489):
External calls:
- pool.setConfiguration(asset,currentConfig.data) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#486)
Event emitted after the call(s):
- ReserveFactorChanged(asset,reserveFactor) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#488)
Reentrancy in LendingPoolConfigurator.setReserveInterestRateStrategyAddress(address,address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#496-502):
External calls:
- pool.setReserveInterestRateStrategyAddress(asset,rateStrategyAddress) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#500)
Event emitted after the call(s):
- ReserveInterestRateStrategyChanged(asset,rateStrategyAddress) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#501)
Reentrancy in LendingPool.swapBorrowRateMode(address,uint256) (contracts/protocol/lendingpool/LendingPool.sol#296-338):
External calls:
- reserve.updateState() (contracts/protocol/lendingpool/LendingPool.sol#311)
- IStableDebtToken(reserve.stableDebtTokenAddress).burn(msg.sender,stableDebt) (contracts/protocol/lendingpool/LendingPool.sol#314)
- IVariableDebtToken(reserve.variableDebtTokenAddress).mint(msg.sender,msg.sender,stableDebt,reserve.variableBorrowIndex) (contracts/protocol/lendingpool/LendingPool.sol#315-320)
- IVariableDebtToken(reserve.variableDebtTokenAddress).burn(msg.sender,variableDebt,reserve.variableBorrowIndex) (contracts/protocol/lendingpool/LendingPool.sol#322-326)
- IStableDebtToken(reserve.stableDebtTokenAddress).mint(msg.sender,msg.sender,variableDebt,reserve.currentStableBorrowRate) (contracts/protocol/lendingpool/LendingPool.sol#327-332)
Event emitted after the call(s):
- Swap(asset,msg.sender,rateMode) (contracts/protocol/lendingpool/LendingPool.sol#337)
Reentrancy in IncentivizedERC20.transfer(address,uint256) (contracts/protocol/tokenization/IncentivizedERC20.sol#81-85):
External calls:
- _transfer(_msgSender(),recipient,amount) (contracts/protocol/tokenization/IncentivizedERC20.sol#82)
- _incentivesController.handleAction(sender,currentTotalSupply,oldSenderBalance) (contracts/protocol/tokenization/IncentivizedERC20.sol#185)
- _incentivesController.handleAction(recipient,currentTotalSupply,oldRecipientBalance) (contracts/protocol/tokenization/IncentivizedERC20.sol#187)
Event emitted after the call(s):
- Transfer(_msgSender(),recipient,amount) (contracts/protocol/tokenization/IncentivizedERC20.sol#83)
Reentrancy in IncentivizedERC20.transferFrom(address,address,uint256) (contracts/protocol/tokenization/IncentivizedERC20.sol#120-133):
External calls:
- _transfer(sender,recipient,amount) (contracts/protocol/tokenization/IncentivizedERC20.sol#125)
- _incentivesController.handleAction(sender,currentTotalSupply,oldSenderBalance) (contracts/protocol/tokenization/IncentivizedERC20.sol#185)
- _incentivesController.handleAction(recipient,currentTotalSupply,oldRecipientBalance) (contracts/protocol/tokenization/IncentivizedERC20.sol#187)
Event emitted after the call(s):
- Approval(owner,spender,amount) (contracts/protocol/tokenization/IncentivizedERC20.sol#233)
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (contracts/protocol/tokenization/IncentivizedERC20.sol#126-130)
- Transfer(sender,recipient,amount) (contracts/protocol/tokenization/IncentivizedERC20.sol#131)
Reentrancy in AToken.transferOnLiquidation(address,address,uint256) (contracts/protocol/tokenization/AToken.sol#165-175):
External calls:
- _transfer(from,to,value,false) (contracts/protocol/tokenization/AToken.sol#172)
- POOL.finalizeTransfer(UNDERLYING_ASSET_ADDRESS,from,to,amount,fromBalanceBefore,toBalanceBefore) (contracts/protocol/tokenization/AToken.sol#316-323)
- _incentivesController.handleAction(sender,currentTotalSupply,oldSenderBalance) (contracts/protocol/tokenization/IncentivizedERC20.sol#185)
- _incentivesController.handleAction(recipient,currentTotalSupply,oldRecipientBalance) (contracts/protocol/tokenization/IncentivizedERC20.sol#187)
Event emitted after the call(s):
- Transfer(from,to,value) (contracts/protocol/tokenization/AToken.sol#174)
Reentrancy in LendingPoolConfigurator.unfreezeReserve(address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#466-474):
External calls:
- pool.setConfiguration(asset,currentConfig.data) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#471)
Event emitted after the call(s):
- ReserveUnfrozen(asset) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#473)
Reentrancy in LendingPoolConfigurator.updateAToken(address,address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#270-276):
External calls:
- _upgradeTokenImplementation(asset,reserveData.aTokenAddress,implementation) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#273)
- proxy.upgradeToAndCall(implementation,params) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#549)
Event emitted after the call(s):
- ATokenUpgraded(asset,reserveData.aTokenAddress,implementation) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#275)
Reentrancy in LendingPoolConfigurator.updateStableDebtToken(address,address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#283-289):
External calls:
- _upgradeTokenImplementation(asset,reserveData.stableDebtTokenAddress,implementation) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#286)
- proxy.upgradeToAndCall(implementation,params) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#549)
Event emitted after the call(s):
- StableDebtTokenUpgraded(asset,reserveData.stableDebtTokenAddress,implementation) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#288)
Reentrancy in LendingPoolConfigurator.updateVariableDebtToken(address,address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#296-302):
External calls:
- _upgradeTokenImplementation(asset,reserveData.variableDebtTokenAddress,implementation) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#299)
- proxy.upgradeToAndCall(implementation,params) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#549)
Event emitted after the call(s):
- VariableDebtTokenUpgraded(asset,reserveData.variableDebtTokenAddress,implementation) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#301)
Reentrancy in LendingPool.withdraw(address,uint256,address) (contracts/protocol/lendingpool/LendingPool.sol#143-185):
External calls:
- reserve.updateState() (contracts/protocol/lendingpool/LendingPool.sol#171)
Event emitted after the call(s):
- ReserveUsedAsCollateralDisabled(asset,msg.sender) (contracts/protocol/lendingpool/LendingPool.sol#177)
Reentrancy in LendingPool.withdraw(address,uint256,address) (contracts/protocol/lendingpool/LendingPool.sol#143-185):
External calls:
- reserve.updateState() (contracts/protocol/lendingpool/LendingPool.sol#171)
- IAToken(aToken).burn(msg.sender,to,amountToWithdraw,reserve.liquidityIndex) (contracts/protocol/lendingpool/LendingPool.sol#180)
Event emitted after the call(s):
- Withdraw(asset,msg.sender,to,amountToWithdraw) (contracts/protocol/lendingpool/LendingPool.sol#182)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-3
INFO:Detectors:
ReserveLogic.getNormalizedIncome(DataTypes.ReserveData) (contracts/protocol/libraries/logic/ReserveLogic.sol#57-76) uses timestamp for comparisons
Dangerous comparisons:
- timestamp == uint40(block.timestamp) (contracts/protocol/libraries/logic/ReserveLogic.sol#65)
ReserveLogic.getNormalizedDebt(DataTypes.ReserveData) (contracts/protocol/libraries/logic/ReserveLogic.sol#85-104) uses timestamp for comparisons
Dangerous comparisons:
- timestamp == uint40(block.timestamp) (contracts/protocol/libraries/logic/ReserveLogic.sol#93)
MathUtils.calculateCompoundedInterest(uint256,uint40,uint256) (contracts/protocol/libraries/math/MathUtils.sol#45-70) uses timestamp for comparisons
Dangerous comparisons:
- exp == 0 (contracts/protocol/libraries/math/MathUtils.sol#53)
- exp > 2 (contracts/protocol/libraries/math/MathUtils.sol#59)
AToken.permit(address,address,uint256,uint256,uint8,bytes32,bytes32) (contracts/protocol/tokenization/AToken.sol#268-292) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(block.timestamp <= deadline,INVALID_EXPIRATION) (contracts/protocol/tokenization/AToken.sol#279)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#block-timestamp
INFO:Detectors:
Address.isContract(address) (contracts/dependencies/openzeppelin/contracts/Address.sol#25-36) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/contracts/Address.sol#32-34)
BaseAdminUpgradeabilityProxy._admin() (contracts/dependencies/openzeppelin/upgradeability/BaseAdminUpgradeabilityProxy.sol#98-104) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/upgradeability/BaseAdminUpgradeabilityProxy.sol#101-103)
BaseAdminUpgradeabilityProxy._setAdmin(address) (contracts/dependencies/openzeppelin/upgradeability/BaseAdminUpgradeabilityProxy.sol#110-116) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/upgradeability/BaseAdminUpgradeabilityProxy.sol#113-115)
BaseUpgradeabilityProxy._implementation() (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#31-37) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#34-36)
BaseUpgradeabilityProxy._setImplementation(address) (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#52-64) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#61-63)
Proxy._delegate(address) (contracts/dependencies/openzeppelin/upgradeability/Proxy.sol#31-55) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/upgradeability/Proxy.sol#33-54)
VersionedInitializable.isConstructor() (contracts/protocol/libraries/aave-upgradeability/VersionedInitializable.sol#61-73) uses assembly
- INLINE ASM (contracts/protocol/libraries/aave-upgradeability/VersionedInitializable.sol#69-71)
AToken.initialize(uint8,string,string) (contracts/protocol/tokenization/AToken.sol#61-86) uses assembly
- INLINE ASM (contracts/protocol/tokenization/AToken.sol#69-71)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage
INFO:Detectors:
Address.sendValue(address,uint256) (contracts/dependencies/openzeppelin/contracts/Address.sol#54-60) is never used and should be removed
Context._msgData() (contracts/dependencies/openzeppelin/contracts/Context.sol#19-22) is never used and should be removed
ERC20._burn(address,uint256) (contracts/dependencies/openzeppelin/contracts/ERC20.sol#279-287) is never used and should be removed
LendingPoolCollateralManager.getRevision() (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#66-68) is never used and should be removed
ReserveConfiguration.getBorrowingEnabled(DataTypes.ReserveConfigurationMap) (contracts/protocol/libraries/configuration/ReserveConfiguration.sol#190-192) is never used and should be removed
ReserveConfiguration.getFrozen(DataTypes.ReserveConfigurationMap) (contracts/protocol/libraries/configuration/ReserveConfiguration.sol#170-172) is never used and should be removed
ReserveConfiguration.getLiquidationBonus(DataTypes.ReserveConfigurationMap) (contracts/protocol/libraries/configuration/ReserveConfiguration.sol#106-112) is never used and should be removed
ReserveConfiguration.getStableRateBorrowingEnabled(DataTypes.ReserveConfigurationMap) (contracts/protocol/libraries/configuration/ReserveConfiguration.sol#213-219) is never used and should be removed
SafeERC20.safeApprove(IERC20,address,uint256) (contracts/dependencies/openzeppelin/contracts/SafeERC20.sol#39-49) is never used and should be removed
SafeMath.mod(uint256,uint256) (contracts/dependencies/openzeppelin/contracts/SafeMath.sol#140-142) is never used and should be removed
SafeMath.mod(uint256,uint256,string) (contracts/dependencies/openzeppelin/contracts/SafeMath.sol#155-162) is never used and should be removed
StableDebtToken.getRevision() (contracts/protocol/tokenization/StableDebtToken.sol#38-40) is never used and should be removed
VariableDebtToken.getRevision() (contracts/protocol/tokenization/VariableDebtToken.sol#32-34) is never used and should be removed
WadRayMath.halfRay() (contracts/protocol/libraries/math/WadRayMath.sol#39-41) is never used and should be removed
WadRayMath.halfWad() (contracts/protocol/libraries/math/WadRayMath.sol#46-48) is never used and should be removed
WadRayMath.rayToWad(uint256) (contracts/protocol/libraries/math/WadRayMath.sol#117-123) is never used and should be removed
WadRayMath.wad() (contracts/protocol/libraries/math/WadRayMath.sol#32-34) is never used and should be removed
WadRayMath.wadMul(uint256,uint256) (contracts/protocol/libraries/math/WadRayMath.sol#56-64) is never used and should be removed
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dead-code
INFO:Detectors:
Low level call in Address.sendValue(address,uint256) (contracts/dependencies/openzeppelin/contracts/Address.sol#54-60):
- (success) = recipient.call{value: amount}() (contracts/dependencies/openzeppelin/contracts/Address.sol#58)
Low level call in SafeERC20.callOptionalReturn(IERC20,bytes) (contracts/dependencies/openzeppelin/contracts/SafeERC20.sol#51-63):
- (success,returndata) = address(token).call(data) (contracts/dependencies/openzeppelin/contracts/SafeERC20.sol#55)
Low level call in BaseAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes) (contracts/dependencies/openzeppelin/upgradeability/BaseAdminUpgradeabilityProxy.sol#85-93):
- (success) = newImplementation.delegatecall(data) (contracts/dependencies/openzeppelin/upgradeability/BaseAdminUpgradeabilityProxy.sol#91)
Low level call in InitializableUpgradeabilityProxy.initialize(address,bytes) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20-28):
- (success) = _logic.delegatecall(_data) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
Low level call in UpgradeabilityProxy.constructor(address,bytes) (contracts/dependencies/openzeppelin/upgradeability/UpgradeabilityProxy.sol#20-27):
- (success) = _logic.delegatecall(_data) (contracts/dependencies/openzeppelin/upgradeability/UpgradeabilityProxy.sol#24)
Low level call in WETHGateway._safeTransferETH(address,uint256) (contracts/misc/WETHGateway.sol#118-121):
- (success) = to.call{value: value}(new bytes(0)) (contracts/misc/WETHGateway.sol#119)
Low level call in LendingPool.liquidationCall(address,address,address,uint256,bool) (contracts/protocol/lendingpool/LendingPool.sol#424-450):
- (success,result) = collateralManager.delegatecall(abi.encodeWithSignature(liquidationCall(address,address,address,uint256,bool),collateralAsset,debtAsset,user,debtToCover,receiveAToken)) (contracts/protocol/lendingpool/LendingPool.sol#434-444)
Low level call in BaseImmutableAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes) (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#63-71):
- (success) = newImplementation.delegatecall(data) (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#69)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls
INFO:Detectors:
MintableDelegationERC20 (contracts/mocks/tokens/MintableDelegationERC20.sol#10-34) should inherit from IDelegationToken (contracts/interfaces/IDelegationToken.sol#9-11)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-inheritance
INFO:Detectors:
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) is not in mixedCase
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._data (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) is not in mixedCase
Event ATokensAndRatesHelperdeployedContracts(address,address) (contracts/deployments/ATokensAndRatesHelper.sol#21) is not in CapWords
Event StableAndVariableTokensHelperdeployedContracts(address,address) (contracts/deployments/StableAndVariableTokensHelper.sol#14) is not in CapWords
Variable FlashLoanReceiverBase.ADDRESSES_PROVIDER (contracts/flashloan/base/FlashLoanReceiverBase.sol#15) is not in mixedCase
Variable FlashLoanReceiverBase.LENDING_POOL (contracts/flashloan/base/FlashLoanReceiverBase.sol#16) is not in mixedCase
Function IFlashLoanReceiver.ADDRESSES_PROVIDER() (contracts/flashloan/interfaces/IFlashLoanReceiver.sol#22) is not in mixedCase
Function IFlashLoanReceiver.LENDING_POOL() (contracts/flashloan/interfaces/IFlashLoanReceiver.sol#24) is not in mixedCase
Function ITokenConfiguration.UNDERLYING_ASSET_ADDRESS() (contracts/interfaces/ITokenConfiguration.sol#11) is not in mixedCase
Function ITokenConfiguration.POOL() (contracts/interfaces/ITokenConfiguration.sol#13) is not in mixedCase
Variable AaveOracle.WETH (contracts/misc/AaveOracle.sol#27) is not in mixedCase
Variable AaveProtocolDataProvider.ADDRESSES_PROVIDER (contracts/misc/AaveProtocolDataProvider.sol#26) is not in mixedCase
Variable WETHGateway.WETH (contracts/misc/WETHGateway.sol#20) is not in mixedCase
Variable WETHGateway.POOL (contracts/misc/WETHGateway.sol#21) is not in mixedCase
Variable MockFlashLoanReceiver._provider (contracts/mocks/flashloan/MockFlashLoanReceiver.sol#15) is not in mixedCase
Variable MockFlashLoanReceiver._failExecution (contracts/mocks/flashloan/MockFlashLoanReceiver.sol#20) is not in mixedCase
Variable MockFlashLoanReceiver._amountToApprove (contracts/mocks/flashloan/MockFlashLoanReceiver.sol#21) is not in mixedCase
Variable MockFlashLoanReceiver._simulateEOA (contracts/mocks/flashloan/MockFlashLoanReceiver.sol#22) is not in mixedCase
Parameter LendingRateOracle.getMarketBorrowRate(address)._asset (contracts/mocks/oracle/LendingRateOracle.sol#11) is not in mixedCase
Parameter LendingRateOracle.setMarketBorrowRate(address,uint256)._asset (contracts/mocks/oracle/LendingRateOracle.sol#15) is not in mixedCase
Parameter LendingRateOracle.setMarketBorrowRate(address,uint256)._rate (contracts/mocks/oracle/LendingRateOracle.sol#15) is not in mixedCase
Parameter LendingRateOracle.getMarketLiquidityRate(address)._asset (contracts/mocks/oracle/LendingRateOracle.sol#19) is not in mixedCase
Parameter LendingRateOracle.setMarketLiquidityRate(address,uint256)._asset (contracts/mocks/oracle/LendingRateOracle.sol#23) is not in mixedCase
Parameter LendingRateOracle.setMarketLiquidityRate(address,uint256)._rate (contracts/mocks/oracle/LendingRateOracle.sol#23) is not in mixedCase
Parameter MockAToken.initialize(uint8,string,string)._underlyingAssetDecimals (contracts/mocks/upgradeability/MockAToken.sol#32) is not in mixedCase
Parameter MockAToken.initialize(uint8,string,string)._tokenName (contracts/mocks/upgradeability/MockAToken.sol#33) is not in mixedCase
Parameter MockAToken.initialize(uint8,string,string)._tokenSymbol (contracts/mocks/upgradeability/MockAToken.sol#34) is not in mixedCase
Variable DefaultReserveInterestRateStrategy.OPTIMAL_UTILIZATION_RATE (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#29) is not in mixedCase
Variable DefaultReserveInterestRateStrategy.EXCESS_UTILIZATION_RATE (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#37) is not in mixedCase
Variable DefaultReserveInterestRateStrategy._baseVariableBorrowRate (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#42) is not in mixedCase
Variable DefaultReserveInterestRateStrategy._variableRateSlope1 (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#45) is not in mixedCase
Variable DefaultReserveInterestRateStrategy._variableRateSlope2 (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#48) is not in mixedCase
Variable DefaultReserveInterestRateStrategy._stableRateSlope1 (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#51) is not in mixedCase
Variable DefaultReserveInterestRateStrategy._stableRateSlope2 (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#54) is not in mixedCase
Variable LendingPoolStorage._addressesProvider (contracts/protocol/lendingpool/LendingPoolStorage.sol#15) is not in mixedCase
Variable LendingPoolStorage._reserves (contracts/protocol/lendingpool/LendingPoolStorage.sol#17) is not in mixedCase
Variable LendingPoolStorage._usersConfig (contracts/protocol/lendingpool/LendingPoolStorage.sol#18) is not in mixedCase
Variable LendingPoolStorage._reservesList (contracts/protocol/lendingpool/LendingPoolStorage.sol#21) is not in mixedCase
Variable LendingPoolStorage._reservesCount (contracts/protocol/lendingpool/LendingPoolStorage.sol#23) is not in mixedCase
Variable LendingPoolStorage._paused (contracts/protocol/lendingpool/LendingPoolStorage.sol#25) is not in mixedCase
Variable BaseImmutableAdminUpgradeabilityProxy.ADMIN (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#17) is not in mixedCase
Variable VersionedInitializable.______gap (contracts/protocol/libraries/aave-upgradeability/VersionedInitializable.sol#76) is not in mixedCase
Struct GenericLogic.balanceDecreaseAllowedLocalVars (contracts/protocol/libraries/logic/GenericLogic.sol#30-41) is not in CapWords
Constant WadRayMath.halfWAD (contracts/protocol/libraries/math/WadRayMath.sol#14) is not in UPPER_CASE_WITH_UNDERSCORES
Constant WadRayMath.halfRAY (contracts/protocol/libraries/math/WadRayMath.sol#17) is not in UPPER_CASE_WITH_UNDERSCORES
Variable AToken.UNDERLYING_ASSET_ADDRESS (contracts/protocol/tokenization/AToken.sol#30) is not in mixedCase
Variable AToken.RESERVE_TREASURY_ADDRESS (contracts/protocol/tokenization/AToken.sol#31) is not in mixedCase
Variable AToken.POOL (contracts/protocol/tokenization/AToken.sol#32) is not in mixedCase
Variable AToken._nonces (contracts/protocol/tokenization/AToken.sol#35) is not in mixedCase
Variable AToken.DOMAIN_SEPARATOR (contracts/protocol/tokenization/AToken.sol#37) is not in mixedCase
Variable IncentivizedERC20._incentivesController (contracts/protocol/tokenization/IncentivizedERC20.sol#18) is not in mixedCase
Variable IncentivizedERC20._balances (contracts/protocol/tokenization/IncentivizedERC20.sol#20) is not in mixedCase
Variable IncentivizedERC20._totalSupply (contracts/protocol/tokenization/IncentivizedERC20.sol#23) is not in mixedCase
Variable StableDebtToken._avgStableRate (contracts/protocol/tokenization/StableDebtToken.sol#21) is not in mixedCase
Variable StableDebtToken._timestamps (contracts/protocol/tokenization/StableDebtToken.sol#22) is not in mixedCase
Variable StableDebtToken._usersStableRate (contracts/protocol/tokenization/StableDebtToken.sol#23) is not in mixedCase
Variable StableDebtToken._totalSupplyTimestamp (contracts/protocol/tokenization/StableDebtToken.sol#24) is not in mixedCase
Variable DebtTokenBase.UNDERLYING_ASSET_ADDRESS (contracts/protocol/tokenization/base/DebtTokenBase.sol#23) is not in mixedCase
Variable DebtTokenBase.POOL (contracts/protocol/tokenization/base/DebtTokenBase.sol#24) is not in mixedCase
Variable DebtTokenBase._borrowAllowances (contracts/protocol/tokenization/base/DebtTokenBase.sol#26) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
INFO:Detectors:
Redundant expression "this (contracts/dependencies/openzeppelin/contracts/Context.sol#20)" inContext (contracts/dependencies/openzeppelin/contracts/Context.sol#14-23)
Redundant expression "params (contracts/mocks/flashloan/MockFlashLoanReceiver.sol#53)" inMockFlashLoanReceiver (contracts/mocks/flashloan/MockFlashLoanReceiver.sol#12-85)
Redundant expression "initiator (contracts/mocks/flashloan/MockFlashLoanReceiver.sol#54)" inMockFlashLoanReceiver (contracts/mocks/flashloan/MockFlashLoanReceiver.sol#12-85)
Redundant expression "recipient (contracts/protocol/tokenization/base/DebtTokenBase.sol#99)" inDebtTokenBase (contracts/protocol/tokenization/base/DebtTokenBase.sol#18-167)
Redundant expression "amount (contracts/protocol/tokenization/base/DebtTokenBase.sol#100)" inDebtTokenBase (contracts/protocol/tokenization/base/DebtTokenBase.sol#18-167)
Redundant expression "owner (contracts/protocol/tokenization/base/DebtTokenBase.sol#111)" inDebtTokenBase (contracts/protocol/tokenization/base/DebtTokenBase.sol#18-167)
Redundant expression "spender (contracts/protocol/tokenization/base/DebtTokenBase.sol#112)" inDebtTokenBase (contracts/protocol/tokenization/base/DebtTokenBase.sol#18-167)
Redundant expression "spender (contracts/protocol/tokenization/base/DebtTokenBase.sol#117)" inDebtTokenBase (contracts/protocol/tokenization/base/DebtTokenBase.sol#18-167)
Redundant expression "amount (contracts/protocol/tokenization/base/DebtTokenBase.sol#118)" inDebtTokenBase (contracts/protocol/tokenization/base/DebtTokenBase.sol#18-167)
Redundant expression "sender (contracts/protocol/tokenization/base/DebtTokenBase.sol#127)" inDebtTokenBase (contracts/protocol/tokenization/base/DebtTokenBase.sol#18-167)
Redundant expression "recipient (contracts/protocol/tokenization/base/DebtTokenBase.sol#128)" inDebtTokenBase (contracts/protocol/tokenization/base/DebtTokenBase.sol#18-167)
Redundant expression "amount (contracts/protocol/tokenization/base/DebtTokenBase.sol#129)" inDebtTokenBase (contracts/protocol/tokenization/base/DebtTokenBase.sol#18-167)
Redundant expression "spender (contracts/protocol/tokenization/base/DebtTokenBase.sol#139)" inDebtTokenBase (contracts/protocol/tokenization/base/DebtTokenBase.sol#18-167)
Redundant expression "addedValue (contracts/protocol/tokenization/base/DebtTokenBase.sol#140)" inDebtTokenBase (contracts/protocol/tokenization/base/DebtTokenBase.sol#18-167)
Redundant expression "spender (contracts/protocol/tokenization/base/DebtTokenBase.sol#150)" inDebtTokenBase (contracts/protocol/tokenization/base/DebtTokenBase.sol#18-167)
Redundant expression "subtractedValue (contracts/protocol/tokenization/base/DebtTokenBase.sol#151)" inDebtTokenBase (contracts/protocol/tokenization/base/DebtTokenBase.sol#18-167)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#redundant-statements
INFO:Detectors:
Variable DefaultReserveInterestRateStrategy._stableRateSlope1 (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#51) is too similar to DefaultReserveInterestRateStrategy._stableRateSlope2 (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#54)
Variable DefaultReserveInterestRateStrategy._variableRateSlope1 (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#45) is too similar to DefaultReserveInterestRateStrategy._variableRateSlope2 (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#48)
Variable DefaultReserveInterestRateStrategy.constructor(ILendingPoolAddressesProvider,uint256,uint256,uint256,uint256,uint256,uint256).stableRateSlope1 (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#62) is too similar to DefaultReserveInterestRateStrategy.constructor(ILendingPoolAddressesProvider,uint256,uint256,uint256,uint256,uint256,uint256).stableRateSlope2 (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#63)
Variable DefaultReserveInterestRateStrategy.constructor(ILendingPoolAddressesProvider,uint256,uint256,uint256,uint256,uint256,uint256).variableRateSlope1 (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#60) is too similar to DefaultReserveInterestRateStrategy.constructor(ILendingPoolAddressesProvider,uint256,uint256,uint256,uint256,uint256,uint256).variableRateSlope2 (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#61)
Variable Errors.LP_INCONSISTENT_FLASHLOAN_PARAMS (contracts/protocol/libraries/helpers/Errors.sol#55) is too similar to Errors.VL_INCONSISTENT_FLASHLOAN_PARAMS (contracts/protocol/libraries/helpers/Errors.sol#100)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#variable-names-too-similar
INFO:Detectors:
MockFlashLoanReceiver._provider (contracts/mocks/flashloan/MockFlashLoanReceiver.sol#15) is never used in MockFlashLoanReceiver (contracts/mocks/flashloan/MockFlashLoanReceiver.sol#12-85)
AToken.EIP712_DOMAIN (contracts/protocol/tokenization/AToken.sol#23-24) is never used in MockAToken (contracts/mocks/upgradeability/MockAToken.sol#7-40)
LendingPoolStorage._paused (contracts/protocol/lendingpool/LendingPoolStorage.sol#25) is never used in LendingPoolCollateralManager (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#29-317)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unused-state-variable
INFO:Detectors:
ATokensAndRatesHelper.addressesProvider (contracts/deployments/ATokensAndRatesHelper.sol#19) should be immutable
ATokensAndRatesHelper.pool (contracts/deployments/ATokensAndRatesHelper.sol#18) should be immutable
ATokensAndRatesHelper.poolConfigurator (contracts/deployments/ATokensAndRatesHelper.sol#20) should be immutable
StableAndVariableTokensHelper.addressesProvider (contracts/deployments/StableAndVariableTokensHelper.sol#13) should be immutable
StableAndVariableTokensHelper.pool (contracts/deployments/StableAndVariableTokensHelper.sol#12) should be immutable
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#state-variables-that-could-be-declared-immutable
INFO:Slither:0xC6845a5C768BF8D7681249f8927877Efda425baf analyzed (79 contracts with 79 detectors), 313 result(s) found