Updated as of block 16863787 at 3/19/2023, 3:18:47 PM ET
- ID: 179
- Proposer: 0xbC540e0729B732fb14afA240aA5A047aE9ba7dF0
- Start Block: 16834833 (3/15/2023, 1:39:23 PM ET)
- End Block: 16854033 (3/18/2023, 6:25:35 AM ET)
- Targets: 0x158a6bC04F0828318821baE797f50B0A1299d45b
- Executor: 0xEE56e2B3D491590B5b31738cC34d5232F378a8D5 (Short executor)
- Simulation: https://dashboard.tenderly.co/me/simulator/565c4e4f-767c-4f41-bb41-09d0ccac39b8
Proposal text
A proposal to to disable borrows of agEUR on the Aave V3 Polygon market.
Following the recent exploit on Euler, Angle Protocol has announced having $17.6M of USDC deposited into the protocol, leading them to pause the protocol and to uncertainty around the collateralization of agEUR.
agEUR is not listed as collateral on Aave V3 Polygon and is only borrowable, with utilization currently at nearly 100%. Still, we think it is reasonable to disable further asset borrowing as an immediate and temporary measure until the backing is restored 1:1.
We continue to follow the situation closely as it develops and will update recommendations and actions accordingly.
Ticker: agEUR
Contract Address: 0xE0B52e49357Fd4DAf2c15e02058DCE6BC0057db4
The proposal payload simply executes setReserveBorrowing(false) on the Aave V3 Polygon LendingPoolConfigurator for agEUR.
Copyright and related rights waived via CC0.
Info:
- State changes:
# StateSender at `0x28e4F3a7f651294B9564800b2D01f35189A5bFbE`
@@ counter @@
- 2616501
+ 2616502Info:
- There is no SELFDESTRUCT inside of delegated call
Info:
- Events Emitted:
- StateSender at
0x28e4F3a7f651294B9564800b2D01f35189A5bFbEStateSynced(id: 2616502, contractAddress: 0x8397259c983751daf40400790063935a11afa28a, data: 0x000000000000000000000000ee56e2b3d491590b5b31738cc34d5232f378a8d5000000000000000000000000dc9a35b16db4e126cfedc41322b3a36454b1f7720000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000024000000000000000000000000000000000000000000000000000000000000000a000000000000000000000000000000000000000000000000000000000000000e0000000000000000000000000000000000000000000000000000000000000012000000000000000000000000000000000000000000000000000000000000001a00000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000100000000000000000000000060bcd1caf97c3fcbc35bf92a8852728420c34fb500000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000009657865637574652829000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000001)
- StateSender at
Info:
- Targets:
- 0x158a6bC04F0828318821baE797f50B0A1299d45b: Contract (verified) (CrosschainForwarderPolygon)
Info:
- Touched address:
- 0xD73a92Be73EfbFcF3854433A5FcbAbF9c1316073: EOA (verification not applicable)
- 0xEC568fffba86c094cf06b22134B23074DFE2252c: Contract (verified) (AaveGovernanceV2)
- 0xEE56e2B3D491590B5b31738cC34d5232F378a8D5: Contract (verified) (Executor)
- 0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e: Contract (verified) (GovernanceStrategy)
- 0x7Fc66500c84A76Ad7e9c93437bFc5Ac33E2DDaE9: Contract (verified) (InitializableAdminUpgradeabilityProxy)
- 0x96F68837877fd0414B55050c9e794AECdBcfCA59: Contract (not verified)
- 0x158a6bC04F0828318821baE797f50B0A1299d45b: Contract (verified) (CrosschainForwarderPolygon)
- 0xfe5e5D361b2ad62c541bAb87C45a0B9B018389a2: Contract (verified) (FxRoot)
- 0x28e4F3a7f651294B9564800b2D01f35189A5bFbE: Contract (verified) (StateSender)
Info:
View Details
View warnings for InitializableAdminUpgradeabilityProxy at `0x7Fc66500c84A76Ad7e9c93437bFc5Ac33E2DDaE9` with implementation unknown contract name at `0x96F68837877fd0414B55050c9e794AECdBcfCA59`
WARNING:CryticCompile:Warning: contracts/open-zeppelin/Address.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/BaseUpgradeabilityProxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/Proxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/SafeMath.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/UpgradeabilityProxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol:13:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract BaseAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/open-zeppelin/Proxy.sol:15:3: The payable fallback function is defined here.
fallback () payable external {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/open-zeppelin/Proxy.sol:15:3: The payable fallback function is defined here.
fallback () payable external {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/open-zeppelin/InitializableAdminUpgradeabilityProxy.sol:12:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableAdminUpgradeabilityProxy is BaseAdminUpgradeabilityProxy, InitializableUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/open-zeppelin/Proxy.sol:15:3: The payable fallback function is defined here.
fallback () payable external {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/utils/MockTransferHook.sol:9:25: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function onTransfer(address from, address to, uint256 amount) external override {
^----------^
Warning: contracts/utils/MockTransferHook.sol:9:39: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function onTransfer(address from, address to, uint256 amount) external override {
^--------^
Warning: contracts/utils/MockTransferHook.sol:9:51: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function onTransfer(address from, address to, uint256 amount) external override {
^------------^
Info:
View Details
Slither report for CrosschainForwarderPolygon at `0x158a6bC04F0828318821baE797f50B0A1299d45b`
0x158a6bC04F0828318821baE797f50B0A1299d45b analyzed (2 contracts with 72 detectors), 0 result(s) found
Slither report for StateSender at `0x28e4F3a7f651294B9564800b2D01f35189A5bFbE`
SafeMath.div(uint256,uint256) (crytic-export/etherscan-contracts/0x28e4F3a7f651294B9564800b2D01f35189A5bFbE-StateSender.sol#96-103) is never used and should be removed
SafeMath.mod(uint256,uint256) (crytic-export/etherscan-contracts/0x28e4F3a7f651294B9564800b2D01f35189A5bFbE-StateSender.sol#129-132) is never used and should be removed
SafeMath.mul(uint256,uint256) (crytic-export/etherscan-contracts/0x28e4F3a7f651294B9564800b2D01f35189A5bFbE-StateSender.sol#79-91) is never used and should be removed
SafeMath.sub(uint256,uint256) (crytic-export/etherscan-contracts/0x28e4F3a7f651294B9564800b2D01f35189A5bFbE-StateSender.sol#108-113) is never used and should be removed
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dead-code
0x28e4F3a7f651294B9564800b2D01f35189A5bFbE analyzed (3 contracts with 72 detectors), 4 result(s) found
Slither report for InitializableAdminUpgradeabilityProxy at `0x7Fc66500c84A76Ad7e9c93437bFc5Ac33E2DDaE9` with implementation unknown contract name at `0x96F68837877fd0414B55050c9e794AECdBcfCA59`
Warning: contracts/open-zeppelin/Address.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/BaseUpgradeabilityProxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/Proxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/SafeMath.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/UpgradeabilityProxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol:13:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract BaseAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/open-zeppelin/Proxy.sol:15:3: The payable fallback function is defined here.
fallback () payable external {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/open-zeppelin/Proxy.sol:15:3: The payable fallback function is defined here.
fallback () payable external {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/open-zeppelin/InitializableAdminUpgradeabilityProxy.sol:12:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableAdminUpgradeabilityProxy is BaseAdminUpgradeabilityProxy, InitializableUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/open-zeppelin/Proxy.sol:15:3: The payable fallback function is defined here.
fallback () payable external {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/utils/MockTransferHook.sol:9:25: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function onTransfer(address from, address to, uint256 amount) external override {
^----------^
Warning: contracts/utils/MockTransferHook.sol:9:39: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function onTransfer(address from, address to, uint256 amount) external override {
^--------^
Warning: contracts/utils/MockTransferHook.sol:9:51: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function onTransfer(address from, address to, uint256 amount) external override {
^------------^
InitializableUpgradeabilityProxy.initialize(address,bytes) (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#20-28) uses delegatecall to a input-controlled function id
- (success) = _logic.delegatecall(_data) (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#25)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#controlled-delegatecall
LendToAaveMigrator.migrateFromLEND(uint256) (contracts/token/LendToAaveMigrator.sol#61-68) ignores return value by LEND.transferFrom(msg.sender,address(this),amount) (contracts/token/LendToAaveMigrator.sol#65)
LendToAaveMigrator.migrateFromLEND(uint256) (contracts/token/LendToAaveMigrator.sol#61-68) ignores return value by AAVE.transfer(msg.sender,amount.div(LEND_AAVE_RATIO)) (contracts/token/LendToAaveMigrator.sol#66)
DoubleTransferHelper.doubleSend(address,uint256,uint256) (contracts/utils/DoubleTransferHelper.sol#14-17) ignores return value by AAVE.transfer(to,amount1) (contracts/utils/DoubleTransferHelper.sol#15)
DoubleTransferHelper.doubleSend(address,uint256,uint256) (contracts/utils/DoubleTransferHelper.sol#14-17) ignores return value by AAVE.transfer(to,amount2) (contracts/utils/DoubleTransferHelper.sol#16)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unchecked-transfer
AaveToken._writeSnapshot(address,uint128,uint128) (contracts/token/AaveToken.sol#138-153) uses a dangerous strict equality:
- ownerCountOfSnapshots != 0 && snapshotsOwner[ownerCountOfSnapshots.sub(1)].blockNumber == currentBlock (contracts/token/AaveToken.sol#145)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dangerous-strict-equalities
Reentrancy in AaveToken.initialize(address,address,ITransferHook) (contracts/token/AaveToken.sol#59-85):
External calls:
- _mint(migrator,MIGRATION_AMOUNT) (contracts/token/AaveToken.sol#83)
- aaveGovernance.onTransfer(from,to,amount) (contracts/token/AaveToken.sol#181)
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
- aaveGovernance.onTransfer(from,to,amount) (contracts/token/AaveToken.sol#181)
State variables written after the call(s):
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
- _balances[account] = _balances[account].add(amount) (contracts/open-zeppelin/ERC20.sol#235)
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
- _countsSnapshots[owner] = ownerCountOfSnapshots.add(1) (contracts/token/AaveToken.sol#149)
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
- snapshotsOwner[ownerCountOfSnapshots.sub(1)].value = newValue (contracts/token/AaveToken.sol#146)
- snapshotsOwner[ownerCountOfSnapshots] = Snapshot(currentBlock,newValue) (contracts/token/AaveToken.sol#148)
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
- _totalSupply = _totalSupply.add(amount) (contracts/open-zeppelin/ERC20.sol#234)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-1
ERC20.constructor(string,string).name (contracts/open-zeppelin/ERC20.sol#57) shadows:
- ERC20.name() (contracts/open-zeppelin/ERC20.sol#66-68) (function)
ERC20.constructor(string,string).symbol (contracts/open-zeppelin/ERC20.sol#57) shadows:
- ERC20.symbol() (contracts/open-zeppelin/ERC20.sol#74-76) (function)
InitializableAdminUpgradeabilityProxy.initialize(address,address,bytes)._admin (contracts/open-zeppelin/InitializableAdminUpgradeabilityProxy.sol#22) shadows:
- BaseAdminUpgradeabilityProxy._admin() (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#94-99) (function)
MintableErc20.constructor(string,string,uint8).name (contracts/utils/MintableErc20.sol#11) shadows:
- ERC20.name() (contracts/open-zeppelin/ERC20.sol#66-68) (function)
MintableErc20.constructor(string,string,uint8).symbol (contracts/utils/MintableErc20.sol#11) shadows:
- ERC20.symbol() (contracts/open-zeppelin/ERC20.sol#74-76) (function)
MintableErc20.constructor(string,string,uint8).decimals (contracts/utils/MintableErc20.sol#11) shadows:
- ERC20.decimals() (contracts/open-zeppelin/ERC20.sol#91-93) (function)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#local-variable-shadowing
InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#20) lacks a zero-check on :
- (success) = _logic.delegatecall(_data) (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#25)
BaseAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes).newImplementation (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#85) lacks a zero-check on :
- (success) = newImplementation.delegatecall(data) (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#87)
UpgradeabilityProxy.constructor(address,bytes)._logic (contracts/open-zeppelin/UpgradeabilityProxy.sol#19) lacks a zero-check on :
- (success) = _logic.delegatecall(_data) (contracts/open-zeppelin/UpgradeabilityProxy.sol#23)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-zero-address-validation
Modifier BaseAdminUpgradeabilityProxy.ifAdmin() (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#34-40) does not always execute _; or revertReference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-modifier
Reentrancy in AaveToken.initialize(address,address,ITransferHook) (contracts/token/AaveToken.sol#59-85):
External calls:
- _mint(migrator,MIGRATION_AMOUNT) (contracts/token/AaveToken.sol#83)
- aaveGovernance.onTransfer(from,to,amount) (contracts/token/AaveToken.sol#181)
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
- aaveGovernance.onTransfer(from,to,amount) (contracts/token/AaveToken.sol#181)
Event emitted after the call(s):
- SnapshotDone(owner,oldValue,newValue) (contracts/token/AaveToken.sol#152)
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
- Transfer(address(0),account,amount) (contracts/open-zeppelin/ERC20.sol#236)
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
Reentrancy in LendToAaveMigrator.migrateFromLEND(uint256) (contracts/token/LendToAaveMigrator.sol#61-68):
External calls:
- LEND.transferFrom(msg.sender,address(this),amount) (contracts/token/LendToAaveMigrator.sol#65)
- AAVE.transfer(msg.sender,amount.div(LEND_AAVE_RATIO)) (contracts/token/LendToAaveMigrator.sol#66)
Event emitted after the call(s):
- LendMigrated(msg.sender,amount) (contracts/token/LendToAaveMigrator.sol#67)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-3
AaveToken.permit(address,address,uint256,uint256,uint8,bytes32,bytes32) (contracts/token/AaveToken.sol#98-123) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(block.timestamp <= deadline,INVALID_EXPIRATION) (contracts/token/AaveToken.sol#109)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#block-timestamp
Address.isContract(address) (contracts/open-zeppelin/Address.sol#24-33) uses assembly
- INLINE ASM (contracts/open-zeppelin/Address.sol#31)
BaseAdminUpgradeabilityProxy._admin() (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#94-99) uses assembly
- INLINE ASM (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#96-98)
BaseAdminUpgradeabilityProxy._setAdmin(address) (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#105-111) uses assembly
- INLINE ASM (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#108-110)
BaseUpgradeabilityProxy._implementation() (contracts/open-zeppelin/BaseUpgradeabilityProxy.sol#30-35) uses assembly
- INLINE ASM (contracts/open-zeppelin/BaseUpgradeabilityProxy.sol#32-34)
BaseUpgradeabilityProxy._setImplementation(address) (contracts/open-zeppelin/BaseUpgradeabilityProxy.sol#50-58) uses assembly
- INLINE ASM (contracts/open-zeppelin/BaseUpgradeabilityProxy.sol#55-57)
Proxy._delegate(address) (contracts/open-zeppelin/Proxy.sol#30-49) uses assembly
- INLINE ASM (contracts/open-zeppelin/Proxy.sol#31-48)
AaveToken.initialize(address,address,ITransferHook) (contracts/token/AaveToken.sol#59-85) uses assembly
- INLINE ASM (contracts/token/AaveToken.sol#68-70)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage
Address.sendValue(address,uint256) (contracts/open-zeppelin/Address.sol#51-57) is never used and should be removed
Context._msgData() (contracts/open-zeppelin/Context.sol#20-23) is never used and should be removed
ERC20._burn(address,uint256) (contracts/open-zeppelin/ERC20.sol#250-258) is never used and should be removed
SafeMath.mod(uint256,uint256) (contracts/open-zeppelin/SafeMath.sol#131-133) is never used and should be removed
SafeMath.mod(uint256,uint256,string) (contracts/open-zeppelin/SafeMath.sol#146-149) is never used and should be removed
SafeMath.mul(uint256,uint256) (contracts/open-zeppelin/SafeMath.sol#71-83) is never used and should be removed
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dead-code
Low level call in Address.sendValue(address,uint256) (contracts/open-zeppelin/Address.sol#51-57):
- (success) = recipient.call{value: amount}() (contracts/open-zeppelin/Address.sol#55)
Low level call in BaseAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes) (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#85-89):
- (success) = newImplementation.delegatecall(data) (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#87)
Low level call in InitializableUpgradeabilityProxy.initialize(address,bytes) (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#20-28):
- (success) = _logic.delegatecall(_data) (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#25)
Low level call in UpgradeabilityProxy.constructor(address,bytes) (contracts/open-zeppelin/UpgradeabilityProxy.sol#19-26):
- (success) = _logic.delegatecall(_data) (contracts/open-zeppelin/UpgradeabilityProxy.sol#23)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls
DoubleTransferHelper (contracts/utils/DoubleTransferHelper.sol#6-19) should inherit from VersionedInitializable (contracts/utils/VersionedInitializable.sol#18-44)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-inheritance
Variable ERC20._name (contracts/open-zeppelin/ERC20.sol#44) is not in mixedCase
Variable ERC20._symbol (contracts/open-zeppelin/ERC20.sol#45) is not in mixedCase
Parameter InitializableAdminUpgradeabilityProxy.initialize(address,address,bytes)._logic (contracts/open-zeppelin/InitializableAdminUpgradeabilityProxy.sol#22) is not in mixedCase
Parameter InitializableAdminUpgradeabilityProxy.initialize(address,address,bytes)._admin (contracts/open-zeppelin/InitializableAdminUpgradeabilityProxy.sol#22) is not in mixedCase
Parameter InitializableAdminUpgradeabilityProxy.initialize(address,address,bytes)._data (contracts/open-zeppelin/InitializableAdminUpgradeabilityProxy.sol#22) is not in mixedCase
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#20) is not in mixedCase
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._data (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#20) is not in mixedCase
Variable AaveToken._nonces (contracts/token/AaveToken.sol#34) is not in mixedCase
Variable AaveToken._snapshots (contracts/token/AaveToken.sol#36) is not in mixedCase
Variable AaveToken._countsSnapshots (contracts/token/AaveToken.sol#38) is not in mixedCase
Variable AaveToken._aaveGovernance (contracts/token/AaveToken.sol#43) is not in mixedCase
Variable AaveToken.DOMAIN_SEPARATOR (contracts/token/AaveToken.sol#45) is not in mixedCase
Variable LendToAaveMigrator.AAVE (contracts/token/LendToAaveMigrator.sol#17) is not in mixedCase
Variable LendToAaveMigrator.LEND (contracts/token/LendToAaveMigrator.sol#18) is not in mixedCase
Variable LendToAaveMigrator.LEND_AAVE_RATIO (contracts/token/LendToAaveMigrator.sol#19) is not in mixedCase
Variable LendToAaveMigrator._totalLendMigrated (contracts/token/LendToAaveMigrator.sol#22) is not in mixedCase
Variable DoubleTransferHelper.AAVE (contracts/utils/DoubleTransferHelper.sol#8) is not in mixedCase
Variable VersionedInitializable.______gap (contracts/utils/VersionedInitializable.sol#43) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
Redundant expression "this (contracts/open-zeppelin/Context.sol#21)" inContext (contracts/open-zeppelin/Context.sol#15-25)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#redundant-statements
VersionedInitializable.______gap (contracts/utils/VersionedInitializable.sol#43) is never used in AaveToken (contracts/token/AaveToken.sol#13-185)
VersionedInitializable.______gap (contracts/utils/VersionedInitializable.sol#43) is never used in LendToAaveMigrator (contracts/token/LendToAaveMigrator.sol#14-79)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unused-state-variable
0x7Fc66500c84A76Ad7e9c93437bFc5Ac33E2DDaE9 analyzed (19 contracts with 72 detectors), 59 result(s) found
Slither report for GovernanceStrategy at `0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e`
GovernanceStrategy.constructor(address,address).aave (crytic-export/etherscan-contracts/0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e-GovernanceStrategy.sol#78) lacks a zero-check on :
- AAVE = aave (crytic-export/etherscan-contracts/0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e-GovernanceStrategy.sol#79)
GovernanceStrategy.constructor(address,address).stkAave (crytic-export/etherscan-contracts/0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e-GovernanceStrategy.sol#78) lacks a zero-check on :
- STK_AAVE = stkAave (crytic-export/etherscan-contracts/0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e-GovernanceStrategy.sol#80)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-zero-address-validation
Variable GovernanceStrategy.AAVE (crytic-export/etherscan-contracts/0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e-GovernanceStrategy.sol#70) is not in mixedCase
Variable GovernanceStrategy.STK_AAVE (crytic-export/etherscan-contracts/0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e-GovernanceStrategy.sol#71) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e analyzed (4 contracts with 72 detectors), 4 result(s) found
Slither report for FxRoot at `0xfe5e5D361b2ad62c541bAb87C45a0B9B018389a2`
FxRoot.setFxChild(address)._fxChild (crytic-export/etherscan-contracts/0xfe5e5D361b2ad62c541bAb87C45a0B9B018389a2-FxRoot.sol#24) lacks a zero-check on :
- fxChild = _fxChild (crytic-export/etherscan-contracts/0xfe5e5D361b2ad62c541bAb87C45a0B9B018389a2-FxRoot.sol#26)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-zero-address-validation
Parameter FxRoot.setFxChild(address)._fxChild (crytic-export/etherscan-contracts/0xfe5e5D361b2ad62c541bAb87C45a0B9B018389a2-FxRoot.sol#24) is not in mixedCase
Parameter FxRoot.sendMessageToChild(address,bytes)._receiver (crytic-export/etherscan-contracts/0xfe5e5D361b2ad62c541bAb87C45a0B9B018389a2-FxRoot.sol#29) is not in mixedCase
Parameter FxRoot.sendMessageToChild(address,bytes)._data (crytic-export/etherscan-contracts/0xfe5e5D361b2ad62c541bAb87C45a0B9B018389a2-FxRoot.sol#29) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
0xfe5e5D361b2ad62c541bAb87C45a0B9B018389a2 analyzed (3 contracts with 72 detectors), 4 result(s) found