Updated as of block 16946072 at 3/31/2023, 4:43:11 AM ET
- ID: 189
- Proposer: 0xbC540e0729B732fb14afA240aA5A047aE9ba7dF0
- Start Block: 16897495 (3/24/2023, 8:55:47 AM ET)
- End Block: 16916695 (3/27/2023, 1:39:35 AM ET)
- Targets: 0x6Fc2AC992cdA41ED830cDffe16122F6136C60646
- Executor: 0xEE56e2B3D491590B5b31738cC34d5232F378a8D5 (Short executor)
- Simulation: https://dashboard.tenderly.co/me/simulator/f0b04b5b-5fd0-4ef4-b26b-40033fc0c528
Proposal text
A proposal to to freeze DPI on the Aave V2 Ethereum market.
DPI is an index token redeemable for a basket of ERC-20s. Due to an extremely low market cap and trading volumes, combined with centralization considerations, we recommend freezing DPI on Aave V2. Through 2021 DPI held a market cap between $100M and $200M with daily trading volumes in the $Ms. However, throughout 2022 the market cap has decreased drastically, staying between $10M-$30M for the past three months, with daily trading volume rarely crossing the $200K mark. On top of the low market cap and low trading volume, there is also implied centralization risk of DPI compared with the direct holding of the basket of underlying assets. The respective governance forum discussion is linked below:
Ticker: DPI
Contract Address: 0x1494CA1F11D487c2bBe4543E90080AeBa4BA3C2b
The proposal payload simply executes setReserveBorrowing(false) on the Aave V2 Ethereum LendingPoolConfigurator for DPI.
Proposal payload implementation
Copyright and related rights waived via CC0.
Info:
- State changes:
# InitializableImmutableAdminUpgradeabilityProxy at `0x7d2768dE32b0b80b7a3454c06BdAc94A69DDc7A9` with implementation LendingPool at `0xC6845a5C768BF8D7681249f8927877Efda425baf`
@@ `_reserves` key `0x1494ca1f11d487c2bbe4543e90080aeba4ba3c2b`.configuration.data @@
- 36893565317734079142244
+ 36893709432922154998116
# decoded configuration.data for key `0x1494ca1f11d487c2bbe4543e90080aeba4ba3c2b` (symbol: DPI)
@@ configuration.data.frozen @@
- false
+ true
Info:
- There is no SELFDESTRUCT inside of delegated call
Info:
- Events Emitted:
- InitializableImmutableAdminUpgradeabilityProxy at
0x311Bb771e4F8952E6Da169b425E7e92d6Ac45756with implementation LendingPoolConfigurator at0x3a95Ee42f080ff7289C8B4a14EB483a8644d7521ReserveFrozen(asset: 0x1494ca1f11d487c2bbe4543e90080aeba4ba3c2b)
- InitializableImmutableAdminUpgradeabilityProxy at
Info:
- Targets:
- 0x6Fc2AC992cdA41ED830cDffe16122F6136C60646: Contract (not verified)
Info:
- Touched address:
- 0xD73a92Be73EfbFcF3854433A5FcbAbF9c1316073: EOA (verification not applicable)
- 0xEC568fffba86c094cf06b22134B23074DFE2252c: Contract (verified) (AaveGovernanceV2)
- 0xEE56e2B3D491590B5b31738cC34d5232F378a8D5: Contract (verified) (Executor)
- 0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e: Contract (verified) (GovernanceStrategy)
- 0x7Fc66500c84A76Ad7e9c93437bFc5Ac33E2DDaE9: Contract (verified) (InitializableAdminUpgradeabilityProxy)
- 0x96F68837877fd0414B55050c9e794AECdBcfCA59: Contract (not verified)
- 0x6Fc2AC992cdA41ED830cDffe16122F6136C60646: Contract (not verified)
- 0x311Bb771e4F8952E6Da169b425E7e92d6Ac45756: Contract (verified) (InitializableImmutableAdminUpgradeabilityProxy)
- 0x3a95Ee42f080ff7289C8B4a14EB483a8644d7521: Contract (verified) (LendingPoolConfigurator)
- 0xB53C1a33016B2DC2fF3653530bfF1848a515c8c5: Contract (verified) (LendingPoolAddressesProvider)
- 0x7d2768dE32b0b80b7a3454c06BdAc94A69DDc7A9: Contract (verified) (InitializableImmutableAdminUpgradeabilityProxy)
- 0xC6845a5C768BF8D7681249f8927877Efda425baf: Contract (verified) (LendingPool)
Info:
View Details
View warnings for InitializableImmutableAdminUpgradeabilityProxy at `0x311Bb771e4F8952E6Da169b425E7e92d6Ac45756` with implementation LendingPoolConfigurator at `0x3a95Ee42f080ff7289C8B4a14EB483a8644d7521`
WARNING:CryticCompile:Warning: contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:16:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract BaseImmutableAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableImmutableAdminUpgradeabilityProxy is
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
View warnings for LendingPoolConfigurator at `0x3a95Ee42f080ff7289C8B4a14EB483a8644d7521`
WARNING:CryticCompile:Warning: contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:16:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract BaseImmutableAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableImmutableAdminUpgradeabilityProxy is
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
View warnings for InitializableImmutableAdminUpgradeabilityProxy at `0x7d2768dE32b0b80b7a3454c06BdAc94A69DDc7A9` with implementation LendingPool at `0xC6845a5C768BF8D7681249f8927877Efda425baf`
WARNING:CryticCompile:Warning: contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:16:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract BaseImmutableAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableImmutableAdminUpgradeabilityProxy is
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
View warnings for InitializableAdminUpgradeabilityProxy at `0x7Fc66500c84A76Ad7e9c93437bFc5Ac33E2DDaE9` with implementation unknown contract name at `0x96F68837877fd0414B55050c9e794AECdBcfCA59`
WARNING:CryticCompile:Warning: contracts/open-zeppelin/Address.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/BaseUpgradeabilityProxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/Proxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/SafeMath.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/UpgradeabilityProxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol:13:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract BaseAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/open-zeppelin/Proxy.sol:15:3: The payable fallback function is defined here.
fallback () payable external {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/open-zeppelin/Proxy.sol:15:3: The payable fallback function is defined here.
fallback () payable external {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/open-zeppelin/InitializableAdminUpgradeabilityProxy.sol:12:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableAdminUpgradeabilityProxy is BaseAdminUpgradeabilityProxy, InitializableUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/open-zeppelin/Proxy.sol:15:3: The payable fallback function is defined here.
fallback () payable external {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/utils/MockTransferHook.sol:9:25: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function onTransfer(address from, address to, uint256 amount) external override {
^----------^
Warning: contracts/utils/MockTransferHook.sol:9:39: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function onTransfer(address from, address to, uint256 amount) external override {
^--------^
Warning: contracts/utils/MockTransferHook.sol:9:51: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function onTransfer(address from, address to, uint256 amount) external override {
^------------^
View warnings for LendingPoolAddressesProvider at `0xB53C1a33016B2DC2fF3653530bfF1848a515c8c5`
WARNING:CryticCompile:Warning: contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:16:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract BaseImmutableAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableImmutableAdminUpgradeabilityProxy is
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
View warnings for LendingPool at `0xC6845a5C768BF8D7681249f8927877Efda425baf`
WARNING:CryticCompile:Warning: contracts/dependencies/openzeppelin/upgradeability/BaseAdminUpgradeabilityProxy.sol:14:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract BaseAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/dependencies/openzeppelin/upgradeability/AdminUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract AdminUpgradeabilityProxy is BaseAdminUpgradeabilityProxy, UpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/dependencies/openzeppelin/upgradeability/InitializableAdminUpgradeabilityProxy.sol:12:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableAdminUpgradeabilityProxy is
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:16:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract BaseImmutableAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableImmutableAdminUpgradeabilityProxy is
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Info:
View Details
Slither report for InitializableImmutableAdminUpgradeabilityProxy at `0x311Bb771e4F8952E6Da169b425E7e92d6Ac45756` with implementation LendingPoolConfigurator at `0x3a95Ee42f080ff7289C8B4a14EB483a8644d7521`
Warning: contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:16:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract BaseImmutableAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableImmutableAdminUpgradeabilityProxy is
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
InitializableUpgradeabilityProxy.initialize(address,bytes) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20-28) uses delegatecall to a input-controlled function id
- (success) = _logic.delegatecall(_data) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#controlled-delegatecall
BaseImmutableAdminUpgradeabilityProxy.constructor(address).admin (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#19) shadows:
- BaseImmutableAdminUpgradeabilityProxy.admin() (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#34-36) (function)
InitializableImmutableAdminUpgradeabilityProxy.constructor(address).admin (contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol#15) shadows:
- BaseImmutableAdminUpgradeabilityProxy.admin() (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#34-36) (function)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#local-variable-shadowing
InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) lacks a zero-check on :
- (success) = _logic.delegatecall(_data) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
BaseImmutableAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes).newImplementation (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#63) lacks a zero-check on :
- (success) = newImplementation.delegatecall(data) (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#69)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-zero-address-validation
Modifier BaseImmutableAdminUpgradeabilityProxy.ifAdmin() (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#23-29) does not always execute _; or revertReference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-modifier
Address.isContract(address) (contracts/dependencies/openzeppelin/contracts/Address.sol#25-36) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/contracts/Address.sol#32-34)
BaseUpgradeabilityProxy._implementation() (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#31-37) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#34-36)
BaseUpgradeabilityProxy._setImplementation(address) (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#52-64) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#61-63)
Proxy._delegate(address) (contracts/dependencies/openzeppelin/upgradeability/Proxy.sol#31-55) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/upgradeability/Proxy.sol#33-54)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage
Address.sendValue(address,uint256) (contracts/dependencies/openzeppelin/contracts/Address.sol#54-60) is never used and should be removed
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dead-code
Low level call in Address.sendValue(address,uint256) (contracts/dependencies/openzeppelin/contracts/Address.sol#54-60):
- (success) = recipient.call{value: amount}() (contracts/dependencies/openzeppelin/contracts/Address.sol#58)
Low level call in InitializableUpgradeabilityProxy.initialize(address,bytes) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20-28):
- (success) = _logic.delegatecall(_data) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
Low level call in BaseImmutableAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes) (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#63-71):
- (success) = newImplementation.delegatecall(data) (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#69)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) is not in mixedCase
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._data (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) is not in mixedCase
Variable BaseImmutableAdminUpgradeabilityProxy.ADMIN (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#17) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
0x311Bb771e4F8952E6Da169b425E7e92d6Ac45756 analyzed (6 contracts with 72 detectors), 17 result(s) found
Slither report for LendingPoolConfigurator at `0x3a95Ee42f080ff7289C8B4a14EB483a8644d7521`
Warning: contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:16:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract BaseImmutableAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableImmutableAdminUpgradeabilityProxy is
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
InitializableUpgradeabilityProxy.initialize(address,bytes) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20-28) uses delegatecall to a input-controlled function id
- (success) = _logic.delegatecall(_data) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#controlled-delegatecall
LendingPoolConfigurator._checkNoLiquidity(address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#552-561) uses a dangerous strict equality:
- require(bool,string)(availableLiquidity == 0 && reserveData.currentLiquidityRate == 0,Errors.LPC_RESERVE_LIQUIDITY_NOT_0) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#557-560)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dangerous-strict-equalities
BaseImmutableAdminUpgradeabilityProxy.constructor(address).admin (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#19) shadows:
- BaseImmutableAdminUpgradeabilityProxy.admin() (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#34-36) (function)
InitializableImmutableAdminUpgradeabilityProxy.constructor(address).admin (contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol#15) shadows:
- BaseImmutableAdminUpgradeabilityProxy.admin() (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#34-36) (function)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#local-variable-shadowing
InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) lacks a zero-check on :
- (success) = _logic.delegatecall(_data) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
BaseImmutableAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes).newImplementation (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#63) lacks a zero-check on :
- (success) = newImplementation.delegatecall(data) (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#69)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-zero-address-validation
Modifier BaseImmutableAdminUpgradeabilityProxy.ifAdmin() (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#23-29) does not always execute _; or revertReference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-modifier
Reentrancy in LendingPoolConfigurator.activateReserve(address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#421-429):
External calls:
- pool.setConfiguration(asset,currentConfig.data) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#426)
Event emitted after the call(s):
- ReserveActivated(asset) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#428)
Reentrancy in LendingPoolConfigurator.configureReserveAsCollateral(address,uint256,uint256,uint256) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#345-387):
External calls:
- pool.setConfiguration(asset,currentConfig.data) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#384)
Event emitted after the call(s):
- CollateralConfigurationChanged(asset,ltv,liquidationThreshold,liquidationBonus) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#386)
Reentrancy in LendingPoolConfigurator.deactivateReserve(address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#435-445):
External calls:
- pool.setConfiguration(asset,currentConfig.data) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#442)
Event emitted after the call(s):
- ReserveDeactivated(asset) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#444)
Reentrancy in LendingPoolConfigurator.disableBorrowingOnReserve(address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#327-334):
External calls:
- pool.setConfiguration(asset,currentConfig.data) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#332)
Event emitted after the call(s):
- BorrowingDisabledOnReserve(asset) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#333)
Reentrancy in LendingPoolConfigurator.disableReserveStableRate(address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#407-415):
External calls:
- pool.setConfiguration(asset,currentConfig.data) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#412)
Event emitted after the call(s):
- StableRateDisabledOnReserve(asset) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#414)
Reentrancy in LendingPoolConfigurator.enableBorrowingOnReserve(address,bool) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#309-321):
External calls:
- pool.setConfiguration(asset,currentConfig.data) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#318)
Event emitted after the call(s):
- BorrowingEnabledOnReserve(asset,stableBorrowRateEnabled) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#320)
Reentrancy in LendingPoolConfigurator.enableReserveStableRate(address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#393-401):
External calls:
- pool.setConfiguration(asset,currentConfig.data) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#398)
Event emitted after the call(s):
- StableRateEnabledOnReserve(asset) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#400)
Reentrancy in LendingPoolConfigurator.freezeReserve(address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#452-460):
External calls:
- pool.setConfiguration(asset,currentConfig.data) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#457)
Event emitted after the call(s):
- ReserveFrozen(asset) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#459)
Reentrancy in LendingPoolConfigurator.initReserve(address,address,address,uint8,address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#201-263):
External calls:
- aTokenProxyAddress = _initTokenWithProxy(aTokenImpl,underlyingAssetDecimals) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#231)
- proxy.initialize(implementation,params) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#524)
- stableDebtTokenProxyAddress = _initTokenWithProxy(stableDebtTokenImpl,underlyingAssetDecimals) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#233-234)
- proxy.initialize(implementation,params) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#524)
- variableDebtTokenProxyAddress = _initTokenWithProxy(variableDebtTokenImpl,underlyingAssetDecimals) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#236-237)
- proxy.initialize(implementation,params) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#524)
- pool.initReserve(asset,aTokenProxyAddress,stableDebtTokenProxyAddress,variableDebtTokenProxyAddress,interestRateStrategyAddress) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#239-245)
- pool.setConfiguration(asset,currentConfig.data) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#254)
Event emitted after the call(s):
- ReserveInitialized(asset,aTokenProxyAddress,stableDebtTokenProxyAddress,variableDebtTokenProxyAddress,interestRateStrategyAddress) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#256-262)
Reentrancy in LendingPoolConfigurator.setReserveFactor(address,uint256) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#481-489):
External calls:
- pool.setConfiguration(asset,currentConfig.data) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#486)
Event emitted after the call(s):
- ReserveFactorChanged(asset,reserveFactor) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#488)
Reentrancy in LendingPoolConfigurator.setReserveInterestRateStrategyAddress(address,address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#496-502):
External calls:
- pool.setReserveInterestRateStrategyAddress(asset,rateStrategyAddress) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#500)
Event emitted after the call(s):
- ReserveInterestRateStrategyChanged(asset,rateStrategyAddress) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#501)
Reentrancy in LendingPoolConfigurator.unfreezeReserve(address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#466-474):
External calls:
- pool.setConfiguration(asset,currentConfig.data) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#471)
Event emitted after the call(s):
- ReserveUnfrozen(asset) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#473)
Reentrancy in LendingPoolConfigurator.updateAToken(address,address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#270-276):
External calls:
- _upgradeTokenImplementation(asset,reserveData.aTokenAddress,implementation) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#273)
- proxy.upgradeToAndCall(implementation,params) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#549)
Event emitted after the call(s):
- ATokenUpgraded(asset,reserveData.aTokenAddress,implementation) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#275)
Reentrancy in LendingPoolConfigurator.updateStableDebtToken(address,address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#283-289):
External calls:
- _upgradeTokenImplementation(asset,reserveData.stableDebtTokenAddress,implementation) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#286)
- proxy.upgradeToAndCall(implementation,params) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#549)
Event emitted after the call(s):
- StableDebtTokenUpgraded(asset,reserveData.stableDebtTokenAddress,implementation) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#288)
Reentrancy in LendingPoolConfigurator.updateVariableDebtToken(address,address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#296-302):
External calls:
- _upgradeTokenImplementation(asset,reserveData.variableDebtTokenAddress,implementation) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#299)
- proxy.upgradeToAndCall(implementation,params) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#549)
Event emitted after the call(s):
- VariableDebtTokenUpgraded(asset,reserveData.variableDebtTokenAddress,implementation) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#301)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-3
Address.isContract(address) (contracts/dependencies/openzeppelin/contracts/Address.sol#25-36) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/contracts/Address.sol#32-34)
BaseUpgradeabilityProxy._implementation() (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#31-37) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#34-36)
BaseUpgradeabilityProxy._setImplementation(address) (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#52-64) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#61-63)
Proxy._delegate(address) (contracts/dependencies/openzeppelin/upgradeability/Proxy.sol#31-55) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/upgradeability/Proxy.sol#33-54)
VersionedInitializable.isConstructor() (contracts/protocol/libraries/aave-upgradeability/VersionedInitializable.sol#61-73) uses assembly
- INLINE ASM (contracts/protocol/libraries/aave-upgradeability/VersionedInitializable.sol#69-71)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage
Address.sendValue(address,uint256) (contracts/dependencies/openzeppelin/contracts/Address.sol#54-60) is never used and should be removed
PercentageMath.percentDiv(uint256,uint256) (contracts/protocol/libraries/math/PercentageMath.sol#43-53) is never used and should be removed
ReserveConfiguration.getActive(DataTypes.ReserveConfigurationMap) (contracts/protocol/libraries/configuration/ReserveConfiguration.sol#150-152) is never used and should be removed
ReserveConfiguration.getBorrowingEnabled(DataTypes.ReserveConfigurationMap) (contracts/protocol/libraries/configuration/ReserveConfiguration.sol#190-192) is never used and should be removed
ReserveConfiguration.getDecimals(DataTypes.ReserveConfigurationMap) (contracts/protocol/libraries/configuration/ReserveConfiguration.sol#130-132) is never used and should be removed
ReserveConfiguration.getFlags(DataTypes.ReserveConfigurationMap) (contracts/protocol/libraries/configuration/ReserveConfiguration.sol#251-269) is never used and should be removed
ReserveConfiguration.getFlagsMemory(DataTypes.ReserveConfigurationMap) (contracts/protocol/libraries/configuration/ReserveConfiguration.sol#328-344) is never used and should be removed
ReserveConfiguration.getFrozen(DataTypes.ReserveConfigurationMap) (contracts/protocol/libraries/configuration/ReserveConfiguration.sol#170-172) is never used and should be removed
ReserveConfiguration.getLiquidationBonus(DataTypes.ReserveConfigurationMap) (contracts/protocol/libraries/configuration/ReserveConfiguration.sol#106-112) is never used and should be removed
ReserveConfiguration.getLiquidationThreshold(DataTypes.ReserveConfigurationMap) (contracts/protocol/libraries/configuration/ReserveConfiguration.sol#80-86) is never used and should be removed
ReserveConfiguration.getLtv(DataTypes.ReserveConfigurationMap) (contracts/protocol/libraries/configuration/ReserveConfiguration.sol#55-57) is never used and should be removed
ReserveConfiguration.getParams(DataTypes.ReserveConfigurationMap) (contracts/protocol/libraries/configuration/ReserveConfiguration.sol#276-296) is never used and should be removed
ReserveConfiguration.getReserveFactor(DataTypes.ReserveConfigurationMap) (contracts/protocol/libraries/configuration/ReserveConfiguration.sol#242-244) is never used and should be removed
ReserveConfiguration.getStableRateBorrowingEnabled(DataTypes.ReserveConfigurationMap) (contracts/protocol/libraries/configuration/ReserveConfiguration.sol#213-219) is never used and should be removed
SafeMath.add(uint256,uint256) (contracts/dependencies/openzeppelin/contracts/SafeMath.sol#27-32) is never used and should be removed
SafeMath.div(uint256,uint256) (contracts/dependencies/openzeppelin/contracts/SafeMath.sol#101-103) is never used and should be removed
SafeMath.div(uint256,uint256,string) (contracts/dependencies/openzeppelin/contracts/SafeMath.sol#116-127) is never used and should be removed
SafeMath.mod(uint256,uint256) (contracts/dependencies/openzeppelin/contracts/SafeMath.sol#140-142) is never used and should be removed
SafeMath.mod(uint256,uint256,string) (contracts/dependencies/openzeppelin/contracts/SafeMath.sol#155-162) is never used and should be removed
SafeMath.mul(uint256,uint256) (contracts/dependencies/openzeppelin/contracts/SafeMath.sol#76-88) is never used and should be removed
SafeMath.sub(uint256,uint256) (contracts/dependencies/openzeppelin/contracts/SafeMath.sol#43-45) is never used and should be removed
SafeMath.sub(uint256,uint256,string) (contracts/dependencies/openzeppelin/contracts/SafeMath.sol#56-65) is never used and should be removed
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dead-code
Low level call in Address.sendValue(address,uint256) (contracts/dependencies/openzeppelin/contracts/Address.sol#54-60):
- (success) = recipient.call{value: amount}() (contracts/dependencies/openzeppelin/contracts/Address.sol#58)
Low level call in InitializableUpgradeabilityProxy.initialize(address,bytes) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20-28):
- (success) = _logic.delegatecall(_data) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
Low level call in BaseImmutableAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes) (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#63-71):
- (success) = newImplementation.delegatecall(data) (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#69)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) is not in mixedCase
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._data (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) is not in mixedCase
Function ITokenConfiguration.UNDERLYING_ASSET_ADDRESS() (contracts/interfaces/ITokenConfiguration.sol#11) is not in mixedCase
Function ITokenConfiguration.POOL() (contracts/interfaces/ITokenConfiguration.sol#13) is not in mixedCase
Variable BaseImmutableAdminUpgradeabilityProxy.ADMIN (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#17) is not in mixedCase
Variable VersionedInitializable.______gap (contracts/protocol/libraries/aave-upgradeability/VersionedInitializable.sol#76) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
Variable Errors.LP_INCONSISTENT_FLASHLOAN_PARAMS (contracts/protocol/libraries/helpers/Errors.sol#55) is too similar to Errors.VL_INCONSISTENT_FLASHLOAN_PARAMS (contracts/protocol/libraries/helpers/Errors.sol#100)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#variable-names-are-too-similar
VersionedInitializable.______gap (contracts/protocol/libraries/aave-upgradeability/VersionedInitializable.sol#76) is never used in LendingPoolConfigurator (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#25-562)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unused-state-variable
0x3a95Ee42f080ff7289C8B4a14EB483a8644d7521 analyzed (18 contracts with 72 detectors), 60 result(s) found
Slither report for InitializableImmutableAdminUpgradeabilityProxy at `0x7d2768dE32b0b80b7a3454c06BdAc94A69DDc7A9` with implementation LendingPool at `0xC6845a5C768BF8D7681249f8927877Efda425baf`
Warning: contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:16:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract BaseImmutableAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableImmutableAdminUpgradeabilityProxy is
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
InitializableUpgradeabilityProxy.initialize(address,bytes) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20-28) uses delegatecall to a input-controlled function id
- (success) = _logic.delegatecall(_data) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#controlled-delegatecall
BaseImmutableAdminUpgradeabilityProxy.constructor(address).admin (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#19) shadows:
- BaseImmutableAdminUpgradeabilityProxy.admin() (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#34-36) (function)
InitializableImmutableAdminUpgradeabilityProxy.constructor(address).admin (contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol#15) shadows:
- BaseImmutableAdminUpgradeabilityProxy.admin() (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#34-36) (function)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#local-variable-shadowing
InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) lacks a zero-check on :
- (success) = _logic.delegatecall(_data) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
BaseImmutableAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes).newImplementation (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#63) lacks a zero-check on :
- (success) = newImplementation.delegatecall(data) (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#69)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-zero-address-validation
Modifier BaseImmutableAdminUpgradeabilityProxy.ifAdmin() (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#23-29) does not always execute _; or revertReference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-modifier
Address.isContract(address) (contracts/dependencies/openzeppelin/contracts/Address.sol#25-36) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/contracts/Address.sol#32-34)
BaseUpgradeabilityProxy._implementation() (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#31-37) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#34-36)
BaseUpgradeabilityProxy._setImplementation(address) (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#52-64) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#61-63)
Proxy._delegate(address) (contracts/dependencies/openzeppelin/upgradeability/Proxy.sol#31-55) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/upgradeability/Proxy.sol#33-54)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage
Address.sendValue(address,uint256) (contracts/dependencies/openzeppelin/contracts/Address.sol#54-60) is never used and should be removed
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dead-code
Low level call in Address.sendValue(address,uint256) (contracts/dependencies/openzeppelin/contracts/Address.sol#54-60):
- (success) = recipient.call{value: amount}() (contracts/dependencies/openzeppelin/contracts/Address.sol#58)
Low level call in InitializableUpgradeabilityProxy.initialize(address,bytes) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20-28):
- (success) = _logic.delegatecall(_data) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
Low level call in BaseImmutableAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes) (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#63-71):
- (success) = newImplementation.delegatecall(data) (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#69)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) is not in mixedCase
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._data (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) is not in mixedCase
Variable BaseImmutableAdminUpgradeabilityProxy.ADMIN (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#17) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
0x7d2768dE32b0b80b7a3454c06BdAc94A69DDc7A9 analyzed (6 contracts with 72 detectors), 17 result(s) found
Slither report for InitializableAdminUpgradeabilityProxy at `0x7Fc66500c84A76Ad7e9c93437bFc5Ac33E2DDaE9` with implementation unknown contract name at `0x96F68837877fd0414B55050c9e794AECdBcfCA59`
Warning: contracts/open-zeppelin/Address.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/BaseUpgradeabilityProxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/Proxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/SafeMath.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/UpgradeabilityProxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol:13:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract BaseAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/open-zeppelin/Proxy.sol:15:3: The payable fallback function is defined here.
fallback () payable external {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/open-zeppelin/Proxy.sol:15:3: The payable fallback function is defined here.
fallback () payable external {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/open-zeppelin/InitializableAdminUpgradeabilityProxy.sol:12:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableAdminUpgradeabilityProxy is BaseAdminUpgradeabilityProxy, InitializableUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/open-zeppelin/Proxy.sol:15:3: The payable fallback function is defined here.
fallback () payable external {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/utils/MockTransferHook.sol:9:25: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function onTransfer(address from, address to, uint256 amount) external override {
^----------^
Warning: contracts/utils/MockTransferHook.sol:9:39: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function onTransfer(address from, address to, uint256 amount) external override {
^--------^
Warning: contracts/utils/MockTransferHook.sol:9:51: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function onTransfer(address from, address to, uint256 amount) external override {
^------------^
InitializableUpgradeabilityProxy.initialize(address,bytes) (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#20-28) uses delegatecall to a input-controlled function id
- (success) = _logic.delegatecall(_data) (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#25)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#controlled-delegatecall
LendToAaveMigrator.migrateFromLEND(uint256) (contracts/token/LendToAaveMigrator.sol#61-68) ignores return value by LEND.transferFrom(msg.sender,address(this),amount) (contracts/token/LendToAaveMigrator.sol#65)
LendToAaveMigrator.migrateFromLEND(uint256) (contracts/token/LendToAaveMigrator.sol#61-68) ignores return value by AAVE.transfer(msg.sender,amount.div(LEND_AAVE_RATIO)) (contracts/token/LendToAaveMigrator.sol#66)
DoubleTransferHelper.doubleSend(address,uint256,uint256) (contracts/utils/DoubleTransferHelper.sol#14-17) ignores return value by AAVE.transfer(to,amount1) (contracts/utils/DoubleTransferHelper.sol#15)
DoubleTransferHelper.doubleSend(address,uint256,uint256) (contracts/utils/DoubleTransferHelper.sol#14-17) ignores return value by AAVE.transfer(to,amount2) (contracts/utils/DoubleTransferHelper.sol#16)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unchecked-transfer
AaveToken._writeSnapshot(address,uint128,uint128) (contracts/token/AaveToken.sol#138-153) uses a dangerous strict equality:
- ownerCountOfSnapshots != 0 && snapshotsOwner[ownerCountOfSnapshots.sub(1)].blockNumber == currentBlock (contracts/token/AaveToken.sol#145)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dangerous-strict-equalities
Reentrancy in AaveToken.initialize(address,address,ITransferHook) (contracts/token/AaveToken.sol#59-85):
External calls:
- _mint(migrator,MIGRATION_AMOUNT) (contracts/token/AaveToken.sol#83)
- aaveGovernance.onTransfer(from,to,amount) (contracts/token/AaveToken.sol#181)
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
- aaveGovernance.onTransfer(from,to,amount) (contracts/token/AaveToken.sol#181)
State variables written after the call(s):
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
- _balances[account] = _balances[account].add(amount) (contracts/open-zeppelin/ERC20.sol#235)
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
- _countsSnapshots[owner] = ownerCountOfSnapshots.add(1) (contracts/token/AaveToken.sol#149)
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
- snapshotsOwner[ownerCountOfSnapshots.sub(1)].value = newValue (contracts/token/AaveToken.sol#146)
- snapshotsOwner[ownerCountOfSnapshots] = Snapshot(currentBlock,newValue) (contracts/token/AaveToken.sol#148)
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
- _totalSupply = _totalSupply.add(amount) (contracts/open-zeppelin/ERC20.sol#234)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-1
ERC20.constructor(string,string).name (contracts/open-zeppelin/ERC20.sol#57) shadows:
- ERC20.name() (contracts/open-zeppelin/ERC20.sol#66-68) (function)
ERC20.constructor(string,string).symbol (contracts/open-zeppelin/ERC20.sol#57) shadows:
- ERC20.symbol() (contracts/open-zeppelin/ERC20.sol#74-76) (function)
InitializableAdminUpgradeabilityProxy.initialize(address,address,bytes)._admin (contracts/open-zeppelin/InitializableAdminUpgradeabilityProxy.sol#22) shadows:
- BaseAdminUpgradeabilityProxy._admin() (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#94-99) (function)
MintableErc20.constructor(string,string,uint8).name (contracts/utils/MintableErc20.sol#11) shadows:
- ERC20.name() (contracts/open-zeppelin/ERC20.sol#66-68) (function)
MintableErc20.constructor(string,string,uint8).symbol (contracts/utils/MintableErc20.sol#11) shadows:
- ERC20.symbol() (contracts/open-zeppelin/ERC20.sol#74-76) (function)
MintableErc20.constructor(string,string,uint8).decimals (contracts/utils/MintableErc20.sol#11) shadows:
- ERC20.decimals() (contracts/open-zeppelin/ERC20.sol#91-93) (function)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#local-variable-shadowing
InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#20) lacks a zero-check on :
- (success) = _logic.delegatecall(_data) (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#25)
BaseAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes).newImplementation (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#85) lacks a zero-check on :
- (success) = newImplementation.delegatecall(data) (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#87)
UpgradeabilityProxy.constructor(address,bytes)._logic (contracts/open-zeppelin/UpgradeabilityProxy.sol#19) lacks a zero-check on :
- (success) = _logic.delegatecall(_data) (contracts/open-zeppelin/UpgradeabilityProxy.sol#23)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-zero-address-validation
Modifier BaseAdminUpgradeabilityProxy.ifAdmin() (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#34-40) does not always execute _; or revertReference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-modifier
Reentrancy in AaveToken.initialize(address,address,ITransferHook) (contracts/token/AaveToken.sol#59-85):
External calls:
- _mint(migrator,MIGRATION_AMOUNT) (contracts/token/AaveToken.sol#83)
- aaveGovernance.onTransfer(from,to,amount) (contracts/token/AaveToken.sol#181)
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
- aaveGovernance.onTransfer(from,to,amount) (contracts/token/AaveToken.sol#181)
Event emitted after the call(s):
- SnapshotDone(owner,oldValue,newValue) (contracts/token/AaveToken.sol#152)
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
- Transfer(address(0),account,amount) (contracts/open-zeppelin/ERC20.sol#236)
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
Reentrancy in LendToAaveMigrator.migrateFromLEND(uint256) (contracts/token/LendToAaveMigrator.sol#61-68):
External calls:
- LEND.transferFrom(msg.sender,address(this),amount) (contracts/token/LendToAaveMigrator.sol#65)
- AAVE.transfer(msg.sender,amount.div(LEND_AAVE_RATIO)) (contracts/token/LendToAaveMigrator.sol#66)
Event emitted after the call(s):
- LendMigrated(msg.sender,amount) (contracts/token/LendToAaveMigrator.sol#67)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-3
AaveToken.permit(address,address,uint256,uint256,uint8,bytes32,bytes32) (contracts/token/AaveToken.sol#98-123) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(block.timestamp <= deadline,INVALID_EXPIRATION) (contracts/token/AaveToken.sol#109)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#block-timestamp
Address.isContract(address) (contracts/open-zeppelin/Address.sol#24-33) uses assembly
- INLINE ASM (contracts/open-zeppelin/Address.sol#31)
BaseAdminUpgradeabilityProxy._admin() (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#94-99) uses assembly
- INLINE ASM (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#96-98)
BaseAdminUpgradeabilityProxy._setAdmin(address) (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#105-111) uses assembly
- INLINE ASM (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#108-110)
BaseUpgradeabilityProxy._implementation() (contracts/open-zeppelin/BaseUpgradeabilityProxy.sol#30-35) uses assembly
- INLINE ASM (contracts/open-zeppelin/BaseUpgradeabilityProxy.sol#32-34)
BaseUpgradeabilityProxy._setImplementation(address) (contracts/open-zeppelin/BaseUpgradeabilityProxy.sol#50-58) uses assembly
- INLINE ASM (contracts/open-zeppelin/BaseUpgradeabilityProxy.sol#55-57)
Proxy._delegate(address) (contracts/open-zeppelin/Proxy.sol#30-49) uses assembly
- INLINE ASM (contracts/open-zeppelin/Proxy.sol#31-48)
AaveToken.initialize(address,address,ITransferHook) (contracts/token/AaveToken.sol#59-85) uses assembly
- INLINE ASM (contracts/token/AaveToken.sol#68-70)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage
Address.sendValue(address,uint256) (contracts/open-zeppelin/Address.sol#51-57) is never used and should be removed
Context._msgData() (contracts/open-zeppelin/Context.sol#20-23) is never used and should be removed
ERC20._burn(address,uint256) (contracts/open-zeppelin/ERC20.sol#250-258) is never used and should be removed
SafeMath.mod(uint256,uint256) (contracts/open-zeppelin/SafeMath.sol#131-133) is never used and should be removed
SafeMath.mod(uint256,uint256,string) (contracts/open-zeppelin/SafeMath.sol#146-149) is never used and should be removed
SafeMath.mul(uint256,uint256) (contracts/open-zeppelin/SafeMath.sol#71-83) is never used and should be removed
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dead-code
Low level call in Address.sendValue(address,uint256) (contracts/open-zeppelin/Address.sol#51-57):
- (success) = recipient.call{value: amount}() (contracts/open-zeppelin/Address.sol#55)
Low level call in BaseAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes) (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#85-89):
- (success) = newImplementation.delegatecall(data) (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#87)
Low level call in InitializableUpgradeabilityProxy.initialize(address,bytes) (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#20-28):
- (success) = _logic.delegatecall(_data) (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#25)
Low level call in UpgradeabilityProxy.constructor(address,bytes) (contracts/open-zeppelin/UpgradeabilityProxy.sol#19-26):
- (success) = _logic.delegatecall(_data) (contracts/open-zeppelin/UpgradeabilityProxy.sol#23)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls
DoubleTransferHelper (contracts/utils/DoubleTransferHelper.sol#6-19) should inherit from VersionedInitializable (contracts/utils/VersionedInitializable.sol#18-44)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-inheritance
Variable ERC20._name (contracts/open-zeppelin/ERC20.sol#44) is not in mixedCase
Variable ERC20._symbol (contracts/open-zeppelin/ERC20.sol#45) is not in mixedCase
Parameter InitializableAdminUpgradeabilityProxy.initialize(address,address,bytes)._logic (contracts/open-zeppelin/InitializableAdminUpgradeabilityProxy.sol#22) is not in mixedCase
Parameter InitializableAdminUpgradeabilityProxy.initialize(address,address,bytes)._admin (contracts/open-zeppelin/InitializableAdminUpgradeabilityProxy.sol#22) is not in mixedCase
Parameter InitializableAdminUpgradeabilityProxy.initialize(address,address,bytes)._data (contracts/open-zeppelin/InitializableAdminUpgradeabilityProxy.sol#22) is not in mixedCase
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#20) is not in mixedCase
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._data (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#20) is not in mixedCase
Variable AaveToken._nonces (contracts/token/AaveToken.sol#34) is not in mixedCase
Variable AaveToken._snapshots (contracts/token/AaveToken.sol#36) is not in mixedCase
Variable AaveToken._countsSnapshots (contracts/token/AaveToken.sol#38) is not in mixedCase
Variable AaveToken._aaveGovernance (contracts/token/AaveToken.sol#43) is not in mixedCase
Variable AaveToken.DOMAIN_SEPARATOR (contracts/token/AaveToken.sol#45) is not in mixedCase
Variable LendToAaveMigrator.AAVE (contracts/token/LendToAaveMigrator.sol#17) is not in mixedCase
Variable LendToAaveMigrator.LEND (contracts/token/LendToAaveMigrator.sol#18) is not in mixedCase
Variable LendToAaveMigrator.LEND_AAVE_RATIO (contracts/token/LendToAaveMigrator.sol#19) is not in mixedCase
Variable LendToAaveMigrator._totalLendMigrated (contracts/token/LendToAaveMigrator.sol#22) is not in mixedCase
Variable DoubleTransferHelper.AAVE (contracts/utils/DoubleTransferHelper.sol#8) is not in mixedCase
Variable VersionedInitializable.______gap (contracts/utils/VersionedInitializable.sol#43) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
Redundant expression "this (contracts/open-zeppelin/Context.sol#21)" inContext (contracts/open-zeppelin/Context.sol#15-25)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#redundant-statements
VersionedInitializable.______gap (contracts/utils/VersionedInitializable.sol#43) is never used in AaveToken (contracts/token/AaveToken.sol#13-185)
VersionedInitializable.______gap (contracts/utils/VersionedInitializable.sol#43) is never used in LendToAaveMigrator (contracts/token/LendToAaveMigrator.sol#14-79)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unused-state-variable
0x7Fc66500c84A76Ad7e9c93437bFc5Ac33E2DDaE9 analyzed (19 contracts with 72 detectors), 59 result(s) found
Slither report for LendingPoolAddressesProvider at `0xB53C1a33016B2DC2fF3653530bfF1848a515c8c5`
Warning: contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:16:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract BaseImmutableAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableImmutableAdminUpgradeabilityProxy is
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
InitializableUpgradeabilityProxy.initialize(address,bytes) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20-28) uses delegatecall to a input-controlled function id
- (success) = _logic.delegatecall(_data) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#controlled-delegatecall
Reentrancy in LendingPoolAddressesProvider._updateImpl(bytes32,address) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#194-209):
External calls:
- proxy.initialize(newAddress,params) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#203)
State variables written after the call(s):
- _addresses[id] = address(proxy) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#204)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-1
BaseImmutableAdminUpgradeabilityProxy.constructor(address).admin (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#19) shadows:
- BaseImmutableAdminUpgradeabilityProxy.admin() (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#34-36) (function)
InitializableImmutableAdminUpgradeabilityProxy.constructor(address).admin (contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol#15) shadows:
- BaseImmutableAdminUpgradeabilityProxy.admin() (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#34-36) (function)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#local-variable-shadowing
InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) lacks a zero-check on :
- (success) = _logic.delegatecall(_data) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
BaseImmutableAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes).newImplementation (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#63) lacks a zero-check on :
- (success) = newImplementation.delegatecall(data) (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#69)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-zero-address-validation
Modifier BaseImmutableAdminUpgradeabilityProxy.ifAdmin() (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#23-29) does not always execute _; or revertReference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-modifier
Reentrancy in LendingPoolAddressesProvider._updateImpl(bytes32,address) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#194-209):
External calls:
- proxy.initialize(newAddress,params) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#203)
Event emitted after the call(s):
- ProxyCreated(id,address(proxy)) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#205)
Reentrancy in LendingPoolAddressesProvider.setAddressAsProxy(bytes32,address) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#60-67):
External calls:
- _updateImpl(id,implementationAddress) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#65)
- proxy.initialize(newAddress,params) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#203)
- proxy.upgradeToAndCall(newAddress,params) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#207)
Event emitted after the call(s):
- AddressSet(id,implementationAddress,true) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#66)
Reentrancy in LendingPoolAddressesProvider.setLendingPoolConfiguratorImpl(address) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#119-122):
External calls:
- _updateImpl(LENDING_POOL_CONFIGURATOR,configurator) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#120)
- proxy.initialize(newAddress,params) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#203)
- proxy.upgradeToAndCall(newAddress,params) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#207)
Event emitted after the call(s):
- LendingPoolConfiguratorUpdated(configurator) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#121)
Reentrancy in LendingPoolAddressesProvider.setLendingPoolImpl(address) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#101-104):
External calls:
- _updateImpl(LENDING_POOL,pool) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#102)
- proxy.initialize(newAddress,params) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#203)
- proxy.upgradeToAndCall(newAddress,params) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#207)
Event emitted after the call(s):
- LendingPoolUpdated(pool) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#103)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-3
Address.isContract(address) (contracts/dependencies/openzeppelin/contracts/Address.sol#25-36) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/contracts/Address.sol#32-34)
BaseUpgradeabilityProxy._implementation() (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#31-37) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#34-36)
BaseUpgradeabilityProxy._setImplementation(address) (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#52-64) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#61-63)
Proxy._delegate(address) (contracts/dependencies/openzeppelin/upgradeability/Proxy.sol#31-55) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/upgradeability/Proxy.sol#33-54)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage
Address.sendValue(address,uint256) (contracts/dependencies/openzeppelin/contracts/Address.sol#54-60) is never used and should be removed
Context._msgData() (contracts/dependencies/openzeppelin/contracts/Context.sol#19-22) is never used and should be removed
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dead-code
Low level call in Address.sendValue(address,uint256) (contracts/dependencies/openzeppelin/contracts/Address.sol#54-60):
- (success) = recipient.call{value: amount}() (contracts/dependencies/openzeppelin/contracts/Address.sol#58)
Low level call in InitializableUpgradeabilityProxy.initialize(address,bytes) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20-28):
- (success) = _logic.delegatecall(_data) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
Low level call in BaseImmutableAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes) (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#63-71):
- (success) = newImplementation.delegatecall(data) (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#69)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) is not in mixedCase
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._data (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) is not in mixedCase
Variable BaseImmutableAdminUpgradeabilityProxy.ADMIN (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#17) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
Redundant expression "this (contracts/dependencies/openzeppelin/contracts/Context.sol#20)" inContext (contracts/dependencies/openzeppelin/contracts/Context.sol#14-23)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#redundant-statements
0xB53C1a33016B2DC2fF3653530bfF1848a515c8c5 analyzed (10 contracts with 72 detectors), 24 result(s) found
Slither report for GovernanceStrategy at `0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e`
GovernanceStrategy.constructor(address,address).aave (crytic-export/etherscan-contracts/0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e-GovernanceStrategy.sol#78) lacks a zero-check on :
- AAVE = aave (crytic-export/etherscan-contracts/0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e-GovernanceStrategy.sol#79)
GovernanceStrategy.constructor(address,address).stkAave (crytic-export/etherscan-contracts/0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e-GovernanceStrategy.sol#78) lacks a zero-check on :
- STK_AAVE = stkAave (crytic-export/etherscan-contracts/0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e-GovernanceStrategy.sol#80)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-zero-address-validation
Variable GovernanceStrategy.AAVE (crytic-export/etherscan-contracts/0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e-GovernanceStrategy.sol#70) is not in mixedCase
Variable GovernanceStrategy.STK_AAVE (crytic-export/etherscan-contracts/0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e-GovernanceStrategy.sol#71) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e analyzed (4 contracts with 72 detectors), 4 result(s) found
Slither report for LendingPool at `0xC6845a5C768BF8D7681249f8927877Efda425baf`
Warning: contracts/dependencies/openzeppelin/upgradeability/BaseAdminUpgradeabilityProxy.sol:14:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract BaseAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/dependencies/openzeppelin/upgradeability/AdminUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract AdminUpgradeabilityProxy is BaseAdminUpgradeabilityProxy, UpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/dependencies/openzeppelin/upgradeability/InitializableAdminUpgradeabilityProxy.sol:12:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableAdminUpgradeabilityProxy is
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:16:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract BaseImmutableAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableImmutableAdminUpgradeabilityProxy is
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
InitializableUpgradeabilityProxy.initialize(address,bytes) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20-28) uses delegatecall to a input-controlled function id
- (success) = _logic.delegatecall(_data) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#controlled-delegatecall
WETHGateway.withdrawETH(uint256,address) (contracts/misc/WETHGateway.sol#53-65) ignores return value by aWETH.transferFrom(msg.sender,address(this),amountToWithdraw) (contracts/misc/WETHGateway.sol#61)
WETHGateway.emergencyTokenTransfer(address,address,uint256) (contracts/misc/WETHGateway.sol#130-136) ignores return value by IERC20(token).transfer(to,amount) (contracts/misc/WETHGateway.sol#135)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unchecked-transfer
AToken.DOMAIN_SEPARATOR (contracts/protocol/tokenization/AToken.sol#37) is never initialized. It is used in:
- AToken.permit(address,address,uint256,uint256,uint8,bytes32,bytes32) (contracts/protocol/tokenization/AToken.sol#268-292)
LendingPoolStorage._addressesProvider (contracts/protocol/lendingpool/LendingPoolStorage.sol#15) is never initialized. It is used in:
- LendingPoolCollateralManager.liquidationCall(address,address,address,uint256,bool) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#81-245)
- LendingPoolCollateralManager._calculateAvailableCollateralToLiquidate(DataTypes.ReserveData,DataTypes.ReserveData,address,address,uint256,uint256) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#272-316)
LendingPoolStorage._usersConfig (contracts/protocol/lendingpool/LendingPoolStorage.sol#18) is never initialized. It is used in:
- LendingPoolCollateralManager.liquidationCall(address,address,address,uint256,bool) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#81-245)
LendingPoolStorage._reservesCount (contracts/protocol/lendingpool/LendingPoolStorage.sol#23) is never initialized. It is used in:
- LendingPoolCollateralManager.liquidationCall(address,address,address,uint256,bool) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#81-245)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#uninitialized-state-variables
LendingPool (contracts/protocol/lendingpool/LendingPool.sol#46-923) is an upgradeable contract that does not protect its initiliaze functions: LendingPool.initialize(ILendingPoolAddressesProvider) (contracts/protocol/lendingpool/LendingPool.sol#90-92). Anyone can delete the contract with: LendingPool.liquidationCall(address,address,address,uint256,bool) (contracts/protocol/lendingpool/LendingPool.sol#424-450)Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unprotected-upgradeable-contract
GenericLogic.calculateUserAccountData(address,mapping(address => DataTypes.ReserveData),DataTypes.UserConfigurationMap,mapping(uint256 => address),uint256,address) (contracts/protocol/libraries/logic/GenericLogic.sol#150-235) performs a multiplication on the result of a division:
-liquidityBalanceETH = vars.reserveUnitPrice.mul(vars.compoundedLiquidityBalance).div(vars.tokenUnit) (contracts/protocol/libraries/logic/GenericLogic.sol#191-192)
-vars.avgLtv = vars.avgLtv.add(liquidityBalanceETH.mul(vars.ltv)) (contracts/protocol/libraries/logic/GenericLogic.sol#196)
GenericLogic.calculateUserAccountData(address,mapping(address => DataTypes.ReserveData),DataTypes.UserConfigurationMap,mapping(uint256 => address),uint256,address) (contracts/protocol/libraries/logic/GenericLogic.sol#150-235) performs a multiplication on the result of a division:
-liquidityBalanceETH = vars.reserveUnitPrice.mul(vars.compoundedLiquidityBalance).div(vars.tokenUnit) (contracts/protocol/libraries/logic/GenericLogic.sol#191-192)
-vars.avgLiquidationThreshold = vars.avgLiquidationThreshold.add(liquidityBalanceETH.mul(vars.liquidationThreshold)) (contracts/protocol/libraries/logic/GenericLogic.sol#197-199)
MathUtils.calculateCompoundedInterest(uint256,uint40,uint256) (contracts/protocol/libraries/math/MathUtils.sol#45-70) performs a multiplication on the result of a division:
-ratePerSecond = rate / SECONDS_PER_YEAR (contracts/protocol/libraries/math/MathUtils.sol#61)
-WadRayMath.ray().add(ratePerSecond.mul(exp)).add(secondTerm).add(thirdTerm) (contracts/protocol/libraries/math/MathUtils.sol#69)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#divide-before-multiply
MathUtils.calculateCompoundedInterest(uint256,uint40,uint256) (contracts/protocol/libraries/math/MathUtils.sol#45-70) uses a dangerous strict equality:
- exp == 0 (contracts/protocol/libraries/math/MathUtils.sol#53)
GenericLogic.calculateHealthFactorFromBalances(uint256,uint256,uint256) (contracts/protocol/libraries/logic/GenericLogic.sol#244-252) uses a dangerous strict equality:
- totalDebtInETH == 0 (contracts/protocol/libraries/logic/GenericLogic.sol#249)
LendingPool.withdraw(address,uint256,address) (contracts/protocol/lendingpool/LendingPool.sol#143-185) uses a dangerous strict equality:
- amountToWithdraw == userBalance (contracts/protocol/lendingpool/LendingPool.sol#175)
LendingPoolCollateralManager.liquidationCall(address,address,address,uint256,bool) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#81-245) uses a dangerous strict equality:
- vars.liquidatorPreviousATokenBalance == 0 (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#197)
LendingPoolCollateralManager.liquidationCall(address,address,address,uint256,bool) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#81-245) uses a dangerous strict equality:
- vars.maxCollateralToLiquidate == vars.userCollateralBalance (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#222)
LendingPoolConfigurator._checkNoLiquidity(address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#552-561) uses a dangerous strict equality:
- require(bool,string)(availableLiquidity == 0 && reserveData.currentLiquidityRate == 0,Errors.LPC_RESERVE_LIQUIDITY_NOT_0) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#557-560)
GenericLogic.balanceDecreaseAllowed(address,address,uint256,mapping(address => DataTypes.ReserveData),DataTypes.UserConfigurationMap,mapping(uint256 => address),uint256,address) (contracts/protocol/libraries/logic/GenericLogic.sol#55-116) uses a dangerous strict equality:
- vars.liquidationThreshold == 0 (contracts/protocol/libraries/logic/GenericLogic.sol#75)
GenericLogic.balanceDecreaseAllowed(address,address,uint256,mapping(address => DataTypes.ReserveData),DataTypes.UserConfigurationMap,mapping(uint256 => address),uint256,address) (contracts/protocol/libraries/logic/GenericLogic.sol#55-116) uses a dangerous strict equality:
- vars.totalDebtInETH == 0 (contracts/protocol/libraries/logic/GenericLogic.sol#87)
GenericLogic.balanceDecreaseAllowed(address,address,uint256,mapping(address => DataTypes.ReserveData),DataTypes.UserConfigurationMap,mapping(uint256 => address),uint256,address) (contracts/protocol/libraries/logic/GenericLogic.sol#55-116) uses a dangerous strict equality:
- vars.collateralBalanceAfterDecrease == 0 (contracts/protocol/libraries/logic/GenericLogic.sol#98)
ReserveLogic.getNormalizedDebt(DataTypes.ReserveData) (contracts/protocol/libraries/logic/ReserveLogic.sol#85-104) uses a dangerous strict equality:
- timestamp == uint40(block.timestamp) (contracts/protocol/libraries/logic/ReserveLogic.sol#93)
ReserveLogic.getNormalizedIncome(DataTypes.ReserveData) (contracts/protocol/libraries/logic/ReserveLogic.sol#57-76) uses a dangerous strict equality:
- timestamp == uint40(block.timestamp) (contracts/protocol/libraries/logic/ReserveLogic.sol#65)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dangerous-strict-equalities
Reentrancy in LendingPoolAddressesProvider._updateImpl(bytes32,address) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#194-209):
External calls:
- proxy.initialize(newAddress,params) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#203)
State variables written after the call(s):
- _addresses[id] = address(proxy) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#204)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-1
LendingPoolCollateralManager._calculateAvailableCollateralToLiquidate(DataTypes.ReserveData,DataTypes.ReserveData,address,address,uint256,uint256).vars (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#284) is a local variable never initialized
DefaultReserveInterestRateStrategy.calculateInterestRates(address,uint256,uint256,uint256,uint256,uint256).vars (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#134) is a local variable never initialized
LendingPool.flashLoan(address,address[],uint256[],uint256[],address,bytes,uint16).vars (contracts/protocol/lendingpool/LendingPool.sol#490) is a local variable never initialized
LendingPoolCollateralManager.liquidationCall(address,address,address,uint256,bool).vars (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#92) is a local variable never initialized
ReserveLogic._mintToTreasury(DataTypes.ReserveData,uint256,uint256,uint256,uint256,uint40).vars (contracts/protocol/libraries/logic/ReserveLogic.sol#282) is a local variable never initialized
ReserveLogic.updateInterestRates(DataTypes.ReserveData,address,address,uint256,uint256).vars (contracts/protocol/libraries/logic/ReserveLogic.sol#205) is a local variable never initialized
StableDebtToken.mint(address,address,uint256,uint256).vars (contracts/protocol/tokenization/StableDebtToken.sol#107) is a local variable never initialized
GenericLogic.calculateUserAccountData(address,mapping(address => DataTypes.ReserveData),DataTypes.UserConfigurationMap,mapping(uint256 => address),uint256,address).vars (contracts/protocol/libraries/logic/GenericLogic.sol#168) is a local variable never initialized
ValidationLogic.validateBorrow(address,DataTypes.ReserveData,address,uint256,uint256,uint256,uint256,mapping(address => DataTypes.ReserveData),DataTypes.UserConfigurationMap,mapping(uint256 => address),uint256,address).vars (contracts/protocol/libraries/logic/ValidationLogic.sol#134) is a local variable never initialized
GenericLogic.balanceDecreaseAllowed(address,address,uint256,mapping(address => DataTypes.ReserveData),DataTypes.UserConfigurationMap,mapping(uint256 => address),uint256,address).vars (contracts/protocol/libraries/logic/GenericLogic.sol#69) is a local variable never initialized
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#uninitialized-local-variables
WETHGateway.constructor(address,address) (contracts/misc/WETHGateway.sol#29-35) ignores return value by IWETH(weth).approve(pool,uint256(- 1)) (contracts/misc/WETHGateway.sol#34)
WETHGateway.withdrawETH(uint256,address) (contracts/misc/WETHGateway.sol#53-65) ignores return value by POOL.withdraw(address(WETH),amountToWithdraw,address(this)) (contracts/misc/WETHGateway.sol#62)
WETHGateway.repayETH(uint256,uint256,address) (contracts/misc/WETHGateway.sol#73-95) ignores return value by POOL.repay(address(WETH),msg.value,rateMode,onBehalfOf) (contracts/misc/WETHGateway.sol#91)
MockFlashLoanReceiver.executeOperation(address[],uint256[],uint256[],address,bytes) (contracts/mocks/flashloan/MockFlashLoanReceiver.sol#46-84) ignores return value by token.mint(premiums[i]) (contracts/mocks/flashloan/MockFlashLoanReceiver.sol#76)
MockFlashLoanReceiver.executeOperation(address[],uint256[],uint256[],address,bytes) (contracts/mocks/flashloan/MockFlashLoanReceiver.sol#46-84) ignores return value by IERC20(assets[i]).approve(address(LENDING_POOL),amountToReturn) (contracts/mocks/flashloan/MockFlashLoanReceiver.sol#78)
LendingPool.swapBorrowRateMode(address,uint256) (contracts/protocol/lendingpool/LendingPool.sol#296-338) ignores return value by IVariableDebtToken(reserve.variableDebtTokenAddress).mint(msg.sender,msg.sender,stableDebt,reserve.variableBorrowIndex) (contracts/protocol/lendingpool/LendingPool.sol#315-320)
LendingPool.swapBorrowRateMode(address,uint256) (contracts/protocol/lendingpool/LendingPool.sol#296-338) ignores return value by IStableDebtToken(reserve.stableDebtTokenAddress).mint(msg.sender,msg.sender,variableDebt,reserve.currentStableBorrowRate) (contracts/protocol/lendingpool/LendingPool.sol#327-332)
LendingPool.rebalanceStableBorrowRate(address,address) (contracts/protocol/lendingpool/LendingPool.sol#349-379) ignores return value by IStableDebtToken(address(stableDebtToken)).mint(user,user,stableDebt,reserve.currentStableBorrowRate) (contracts/protocol/lendingpool/LendingPool.sol#369-374)
LendingPool.flashLoan(address,address[],uint256[],uint256[],address,bytes,uint16) (contracts/protocol/lendingpool/LendingPool.sol#481-562) ignores return value by IAToken(aTokenAddresses[vars.i]).transferUnderlyingTo(receiverAddress,amounts[vars.i]) (contracts/protocol/lendingpool/LendingPool.sol#504)
LendingPool._executeBorrow(LendingPool.ExecuteBorrowParams) (contracts/protocol/lendingpool/LendingPool.sol#832-907) ignores return value by IAToken(vars.aTokenAddress).transferUnderlyingTo(vars.user,vars.amount) (contracts/protocol/lendingpool/LendingPool.sol#893)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unused-return
ERC20.constructor(string,string).name (contracts/dependencies/openzeppelin/contracts/ERC20.sol#57) shadows:
- ERC20.name() (contracts/dependencies/openzeppelin/contracts/ERC20.sol#66-68) (function)
ERC20.constructor(string,string).symbol (contracts/dependencies/openzeppelin/contracts/ERC20.sol#57) shadows:
- ERC20.symbol() (contracts/dependencies/openzeppelin/contracts/ERC20.sol#74-76) (function)
AdminUpgradeabilityProxy.constructor(address,address,bytes)._admin (contracts/dependencies/openzeppelin/upgradeability/AdminUpgradeabilityProxy.sol#23) shadows:
- BaseAdminUpgradeabilityProxy._admin() (contracts/dependencies/openzeppelin/upgradeability/BaseAdminUpgradeabilityProxy.sol#98-104) (function)
InitializableAdminUpgradeabilityProxy.initialize(address,address,bytes).admin (contracts/dependencies/openzeppelin/upgradeability/InitializableAdminUpgradeabilityProxy.sol#27) shadows:
- BaseAdminUpgradeabilityProxy.admin() (contracts/dependencies/openzeppelin/upgradeability/BaseAdminUpgradeabilityProxy.sol#45-47) (function)
MockFlashLoanReceiver.setAmountToApprove(uint256).amountToApprove (contracts/mocks/flashloan/MockFlashLoanReceiver.sol#30) shadows:
- MockFlashLoanReceiver.amountToApprove() (contracts/mocks/flashloan/MockFlashLoanReceiver.sol#38-40) (function)
MintableDelegationERC20.constructor(string,string,uint8).name (contracts/mocks/tokens/MintableDelegationERC20.sol#14) shadows:
- ERC20.name() (contracts/dependencies/openzeppelin/contracts/ERC20.sol#66-68) (function)
MintableDelegationERC20.constructor(string,string,uint8).symbol (contracts/mocks/tokens/MintableDelegationERC20.sol#15) shadows:
- ERC20.symbol() (contracts/dependencies/openzeppelin/contracts/ERC20.sol#74-76) (function)
MintableDelegationERC20.constructor(string,string,uint8).decimals (contracts/mocks/tokens/MintableDelegationERC20.sol#16) shadows:
- ERC20.decimals() (contracts/dependencies/openzeppelin/contracts/ERC20.sol#91-93) (function)
MintableERC20.constructor(string,string,uint8).name (contracts/mocks/tokens/MintableERC20.sol#12) shadows:
- ERC20.name() (contracts/dependencies/openzeppelin/contracts/ERC20.sol#66-68) (function)
MintableERC20.constructor(string,string,uint8).symbol (contracts/mocks/tokens/MintableERC20.sol#13) shadows:
- ERC20.symbol() (contracts/dependencies/openzeppelin/contracts/ERC20.sol#74-76) (function)
MintableERC20.constructor(string,string,uint8).decimals (contracts/mocks/tokens/MintableERC20.sol#14) shadows:
- ERC20.decimals() (contracts/dependencies/openzeppelin/contracts/ERC20.sol#91-93) (function)
DefaultReserveInterestRateStrategy.constructor(ILendingPoolAddressesProvider,uint256,uint256,uint256,uint256,uint256,uint256).baseVariableBorrowRate (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#59) shadows:
- DefaultReserveInterestRateStrategy.baseVariableBorrowRate() (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#91-93) (function)
- IReserveInterestRateStrategy.baseVariableBorrowRate() (contracts/interfaces/IReserveInterestRateStrategy.sol#10) (function)
DefaultReserveInterestRateStrategy.constructor(ILendingPoolAddressesProvider,uint256,uint256,uint256,uint256,uint256,uint256).variableRateSlope1 (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#60) shadows:
- DefaultReserveInterestRateStrategy.variableRateSlope1() (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#75-77) (function)
DefaultReserveInterestRateStrategy.constructor(ILendingPoolAddressesProvider,uint256,uint256,uint256,uint256,uint256,uint256).variableRateSlope2 (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#61) shadows:
- DefaultReserveInterestRateStrategy.variableRateSlope2() (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#79-81) (function)
DefaultReserveInterestRateStrategy.constructor(ILendingPoolAddressesProvider,uint256,uint256,uint256,uint256,uint256,uint256).stableRateSlope1 (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#62) shadows:
- DefaultReserveInterestRateStrategy.stableRateSlope1() (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#83-85) (function)
DefaultReserveInterestRateStrategy.constructor(ILendingPoolAddressesProvider,uint256,uint256,uint256,uint256,uint256,uint256).stableRateSlope2 (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#63) shadows:
- DefaultReserveInterestRateStrategy.stableRateSlope2() (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#87-89) (function)
BaseImmutableAdminUpgradeabilityProxy.constructor(address).admin (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#19) shadows:
- BaseImmutableAdminUpgradeabilityProxy.admin() (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#34-36) (function)
InitializableImmutableAdminUpgradeabilityProxy.constructor(address).admin (contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol#15) shadows:
- BaseImmutableAdminUpgradeabilityProxy.admin() (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#34-36) (function)
IncentivizedERC20.constructor(string,string,uint8,address).name (contracts/protocol/tokenization/IncentivizedERC20.sol#29) shadows:
- IncentivizedERC20.name() (contracts/protocol/tokenization/IncentivizedERC20.sol#43-45) (function)
- IERC20Detailed.name() (contracts/dependencies/openzeppelin/contracts/IERC20Detailed.sol#7) (function)
IncentivizedERC20.constructor(string,string,uint8,address).symbol (contracts/protocol/tokenization/IncentivizedERC20.sol#30) shadows:
- IncentivizedERC20.symbol() (contracts/protocol/tokenization/IncentivizedERC20.sol#50-52) (function)
- IERC20Detailed.symbol() (contracts/dependencies/openzeppelin/contracts/IERC20Detailed.sol#9) (function)
IncentivizedERC20.constructor(string,string,uint8,address).decimals (contracts/protocol/tokenization/IncentivizedERC20.sol#31) shadows:
- IncentivizedERC20.decimals() (contracts/protocol/tokenization/IncentivizedERC20.sol#57-59) (function)
- IERC20Detailed.decimals() (contracts/dependencies/openzeppelin/contracts/IERC20Detailed.sol#11) (function)
StableDebtToken.constructor(address,address,string,string,address).name (contracts/protocol/tokenization/StableDebtToken.sol#29) shadows:
- IncentivizedERC20.name() (contracts/protocol/tokenization/IncentivizedERC20.sol#43-45) (function)
- IERC20Detailed.name() (contracts/dependencies/openzeppelin/contracts/IERC20Detailed.sol#7) (function)
StableDebtToken.constructor(address,address,string,string,address).symbol (contracts/protocol/tokenization/StableDebtToken.sol#30) shadows:
- IncentivizedERC20.symbol() (contracts/protocol/tokenization/IncentivizedERC20.sol#50-52) (function)
- IERC20Detailed.symbol() (contracts/dependencies/openzeppelin/contracts/IERC20Detailed.sol#9) (function)
VariableDebtToken.constructor(address,address,string,string,address).name (contracts/protocol/tokenization/VariableDebtToken.sol#23) shadows:
- IncentivizedERC20.name() (contracts/protocol/tokenization/IncentivizedERC20.sol#43-45) (function)
- IERC20Detailed.name() (contracts/dependencies/openzeppelin/contracts/IERC20Detailed.sol#7) (function)
VariableDebtToken.constructor(address,address,string,string,address).symbol (contracts/protocol/tokenization/VariableDebtToken.sol#24) shadows:
- IncentivizedERC20.symbol() (contracts/protocol/tokenization/IncentivizedERC20.sol#50-52) (function)
- IERC20Detailed.symbol() (contracts/dependencies/openzeppelin/contracts/IERC20Detailed.sol#9) (function)
DebtTokenBase.constructor(address,address,string,string,address).name (contracts/protocol/tokenization/base/DebtTokenBase.sol#43) shadows:
- IncentivizedERC20.name() (contracts/protocol/tokenization/IncentivizedERC20.sol#43-45) (function)
- IERC20Detailed.name() (contracts/dependencies/openzeppelin/contracts/IERC20Detailed.sol#7) (function)
DebtTokenBase.constructor(address,address,string,string,address).symbol (contracts/protocol/tokenization/base/DebtTokenBase.sol#44) shadows:
- IncentivizedERC20.symbol() (contracts/protocol/tokenization/IncentivizedERC20.sol#50-52) (function)
- IERC20Detailed.symbol() (contracts/dependencies/openzeppelin/contracts/IERC20Detailed.sol#9) (function)
DebtTokenBase.initialize(uint8,string,string).decimals (contracts/protocol/tokenization/base/DebtTokenBase.sol#58) shadows:
- IncentivizedERC20.decimals() (contracts/protocol/tokenization/IncentivizedERC20.sol#57-59) (function)
- IERC20Detailed.decimals() (contracts/dependencies/openzeppelin/contracts/IERC20Detailed.sol#11) (function)
DebtTokenBase.initialize(uint8,string,string).name (contracts/protocol/tokenization/base/DebtTokenBase.sol#59) shadows:
- IncentivizedERC20.name() (contracts/protocol/tokenization/IncentivizedERC20.sol#43-45) (function)
- IERC20Detailed.name() (contracts/dependencies/openzeppelin/contracts/IERC20Detailed.sol#7) (function)
DebtTokenBase.initialize(uint8,string,string).symbol (contracts/protocol/tokenization/base/DebtTokenBase.sol#60) shadows:
- IncentivizedERC20.symbol() (contracts/protocol/tokenization/IncentivizedERC20.sol#50-52) (function)
- IERC20Detailed.symbol() (contracts/dependencies/openzeppelin/contracts/IERC20Detailed.sol#9) (function)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#local-variable-shadowing
UpgradeabilityProxy.constructor(address,bytes)._logic (contracts/dependencies/openzeppelin/upgradeability/UpgradeabilityProxy.sol#20) lacks a zero-check on :
- (success) = _logic.delegatecall(_data) (contracts/dependencies/openzeppelin/upgradeability/UpgradeabilityProxy.sol#24)
BaseAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes).newImplementation (contracts/dependencies/openzeppelin/upgradeability/BaseAdminUpgradeabilityProxy.sol#85) lacks a zero-check on :
- (success) = newImplementation.delegatecall(data) (contracts/dependencies/openzeppelin/upgradeability/BaseAdminUpgradeabilityProxy.sol#91)
InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) lacks a zero-check on :
- (success) = _logic.delegatecall(_data) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
ATokensAndRatesHelper.constructor(address,address,address)._pool (contracts/deployments/ATokensAndRatesHelper.sol#24) lacks a zero-check on :
- pool = _pool (contracts/deployments/ATokensAndRatesHelper.sol#28)
ATokensAndRatesHelper.constructor(address,address,address)._addressesProvider (contracts/deployments/ATokensAndRatesHelper.sol#25) lacks a zero-check on :
- addressesProvider = _addressesProvider (contracts/deployments/ATokensAndRatesHelper.sol#29)
ATokensAndRatesHelper.constructor(address,address,address)._poolConfigurator (contracts/deployments/ATokensAndRatesHelper.sol#26) lacks a zero-check on :
- poolConfigurator = _poolConfigurator (contracts/deployments/ATokensAndRatesHelper.sol#30)
StableAndVariableTokensHelper.constructor(address,address)._pool (contracts/deployments/StableAndVariableTokensHelper.sol#16) lacks a zero-check on :
- pool = _pool (contracts/deployments/StableAndVariableTokensHelper.sol#17)
StableAndVariableTokensHelper.constructor(address,address)._addressesProvider (contracts/deployments/StableAndVariableTokensHelper.sol#16) lacks a zero-check on :
- addressesProvider = _addressesProvider (contracts/deployments/StableAndVariableTokensHelper.sol#18)
AaveOracle.constructor(address[],address[],address,address).weth (contracts/misc/AaveOracle.sol#38) lacks a zero-check on :
- WETH = weth (contracts/misc/AaveOracle.sol#42)
MintableDelegationERC20.delegate(address).delegateeAddress (contracts/mocks/tokens/MintableDelegationERC20.sol#31) lacks a zero-check on :
- delegatee = delegateeAddress (contracts/mocks/tokens/MintableDelegationERC20.sol#32)
AToken.constructor(ILendingPool,address,address,string,string,address).underlyingAssetAddress (contracts/protocol/tokenization/AToken.sol#46) lacks a zero-check on :
- UNDERLYING_ASSET_ADDRESS = underlyingAssetAddress (contracts/protocol/tokenization/AToken.sol#53)
AToken.constructor(ILendingPool,address,address,string,string,address).reserveTreasuryAddress (contracts/protocol/tokenization/AToken.sol#47) lacks a zero-check on :
- RESERVE_TREASURY_ADDRESS = reserveTreasuryAddress (contracts/protocol/tokenization/AToken.sol#54)
LendingPool.liquidationCall(address,address,address,uint256,bool).debtAsset (contracts/protocol/lendingpool/LendingPool.sol#426) lacks a zero-check on :
- (success,result) = collateralManager.delegatecall(abi.encodeWithSignature(liquidationCall(address,address,address,uint256,bool),collateralAsset,debtAsset,user,debtToCover,receiveAToken)) (contracts/protocol/lendingpool/LendingPool.sol#434-444)
LendingPool.liquidationCall(address,address,address,uint256,bool).user (contracts/protocol/lendingpool/LendingPool.sol#427) lacks a zero-check on :
- (success,result) = collateralManager.delegatecall(abi.encodeWithSignature(liquidationCall(address,address,address,uint256,bool),collateralAsset,debtAsset,user,debtToCover,receiveAToken)) (contracts/protocol/lendingpool/LendingPool.sol#434-444)
LendingPool.liquidationCall(address,address,address,uint256,bool).collateralAsset (contracts/protocol/lendingpool/LendingPool.sol#425) lacks a zero-check on :
- (success,result) = collateralManager.delegatecall(abi.encodeWithSignature(liquidationCall(address,address,address,uint256,bool),collateralAsset,debtAsset,user,debtToCover,receiveAToken)) (contracts/protocol/lendingpool/LendingPool.sol#434-444)
BaseImmutableAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes).newImplementation (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#63) lacks a zero-check on :
- (success) = newImplementation.delegatecall(data) (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#69)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-zero-address-validation
Modifier BaseAdminUpgradeabilityProxy.ifAdmin() (contracts/dependencies/openzeppelin/upgradeability/BaseAdminUpgradeabilityProxy.sol#34-40) does not always execute _; or revertModifier BaseImmutableAdminUpgradeabilityProxy.ifAdmin() (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#23-29) does not always execute _; or revertReference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-modifier
ATokensAndRatesHelper.initReserve(address[],address[],address[],address[],uint8[]) (contracts/deployments/ATokensAndRatesHelper.sol#69-90) has external calls inside a loop: LendingPoolConfigurator(poolConfigurator).initReserve(aTokens[i],stables[i],variables[i],reserveDecimals[i],strategies[i]) (contracts/deployments/ATokensAndRatesHelper.sol#82-88)
ATokensAndRatesHelper.configureReserves(address[],uint256[],uint256[],uint256[],uint256[],bool[]) (contracts/deployments/ATokensAndRatesHelper.sol#92-121) has external calls inside a loop: configurator.configureReserveAsCollateral(assets[i],baseLTVs[i],liquidationThresholds[i],liquidationBonuses[i]) (contracts/deployments/ATokensAndRatesHelper.sol#108-113)
ATokensAndRatesHelper.configureReserves(address[],uint256[],uint256[],uint256[],uint256[],bool[]) (contracts/deployments/ATokensAndRatesHelper.sol#92-121) has external calls inside a loop: configurator.enableBorrowingOnReserve(assets[i],stableBorrowingEnabled[i]) (contracts/deployments/ATokensAndRatesHelper.sol#115-118)
ATokensAndRatesHelper.configureReserves(address[],uint256[],uint256[],uint256[],uint256[],bool[]) (contracts/deployments/ATokensAndRatesHelper.sol#92-121) has external calls inside a loop: configurator.setReserveFactor(assets[i],reserveFactors[i]) (contracts/deployments/ATokensAndRatesHelper.sol#119)
StableAndVariableTokensHelper.setOracleBorrowRates(address[],uint256[],address) (contracts/deployments/StableAndVariableTokensHelper.sol#52-63) has external calls inside a loop: LendingRateOracle(oracle).setMarketBorrowRate(assets[i],rates[i]) (contracts/deployments/StableAndVariableTokensHelper.sol#61)
AaveOracle.getAssetPrice(address) (contracts/misc/AaveOracle.sol#83-98) has external calls inside a loop: _fallbackOracle.getAssetPrice(asset) (contracts/misc/AaveOracle.sol#89)
AaveOracle.getAssetPrice(address) (contracts/misc/AaveOracle.sol#83-98) has external calls inside a loop: price = IChainlinkAggregator(source).latestAnswer() (contracts/misc/AaveOracle.sol#91)
AaveOracle.getAssetPrice(address) (contracts/misc/AaveOracle.sol#83-98) has external calls inside a loop: _fallbackOracle.getAssetPrice(asset) (contracts/misc/AaveOracle.sol#95)
AaveProtocolDataProvider.getAllReservesTokens() (contracts/misc/AaveProtocolDataProvider.sol#32-51) has external calls inside a loop: reservesTokens[i] = TokenData(IERC20Detailed(reserves[i]).symbol(),reserves[i]) (contracts/misc/AaveProtocolDataProvider.sol#45-48)
AaveProtocolDataProvider.getAllATokens() (contracts/misc/AaveProtocolDataProvider.sol#53-65) has external calls inside a loop: reserveData = pool.getReserveData(reserves[i]) (contracts/misc/AaveProtocolDataProvider.sol#58)
AaveProtocolDataProvider.getAllATokens() (contracts/misc/AaveProtocolDataProvider.sol#53-65) has external calls inside a loop: aTokens[i] = TokenData(IERC20Detailed(reserveData.aTokenAddress).symbol(),reserveData.aTokenAddress) (contracts/misc/AaveProtocolDataProvider.sol#59-62)
UiPoolDataProvider.getReservesData(ILendingPoolAddressesProvider,address) (contracts/misc/UiPoolDataProvider.sol#46-159) has external calls inside a loop: baseData = lendingPool.getReserveData(reserveData.underlyingAsset) (contracts/misc/UiPoolDataProvider.sol#70-71)
UiPoolDataProvider.getReservesData(ILendingPoolAddressesProvider,address) (contracts/misc/UiPoolDataProvider.sol#46-159) has external calls inside a loop: reserveData.priceInEth = oracle.getAssetPrice(reserveData.underlyingAsset) (contracts/misc/UiPoolDataProvider.sol#82)
UiPoolDataProvider.getReservesData(ILendingPoolAddressesProvider,address) (contracts/misc/UiPoolDataProvider.sol#46-159) has external calls inside a loop: reserveData.availableLiquidity = IERC20Detailed(reserveData.underlyingAsset).balanceOf(reserveData.aTokenAddress) (contracts/misc/UiPoolDataProvider.sol#84-86)
UiPoolDataProvider.getReservesData(ILendingPoolAddressesProvider,address) (contracts/misc/UiPoolDataProvider.sol#46-159) has external calls inside a loop: (reserveData.totalPrincipalStableDebt,None,reserveData.averageStableRate,reserveData.stableDebtLastUpdateTimestamp) = IStableDebtToken(reserveData.stableDebtTokenAddress).getSupplyData() (contracts/misc/UiPoolDataProvider.sol#87-92)
UiPoolDataProvider.getReservesData(ILendingPoolAddressesProvider,address) (contracts/misc/UiPoolDataProvider.sol#46-159) has external calls inside a loop: reserveData.totalScaledVariableDebt = IVariableDebtToken(reserveData.variableDebtTokenAddress).scaledTotalSupply() (contracts/misc/UiPoolDataProvider.sol#93-94)
UiPoolDataProvider.getReservesData(ILendingPoolAddressesProvider,address) (contracts/misc/UiPoolDataProvider.sol#46-159) has external calls inside a loop: reserveData.symbol = IERC20Detailed(reserveData.aTokenAddress).symbol() (contracts/misc/UiPoolDataProvider.sol#99)
UiPoolDataProvider.getInterestRateStrategySlopes(DefaultReserveInterestRateStrategy) (contracts/misc/UiPoolDataProvider.sol#28-44) has external calls inside a loop: (interestRateStrategy.variableRateSlope1(),interestRateStrategy.variableRateSlope2(),interestRateStrategy.stableRateSlope1(),interestRateStrategy.stableRateSlope2()) (contracts/misc/UiPoolDataProvider.sol#38-43)
UiPoolDataProvider.getReservesData(ILendingPoolAddressesProvider,address) (contracts/misc/UiPoolDataProvider.sol#46-159) has external calls inside a loop: userReservesData[i].scaledATokenBalance = IAToken(reserveData.aTokenAddress).scaledBalanceOf(user) (contracts/misc/UiPoolDataProvider.sol#128-129)
UiPoolDataProvider.getReservesData(ILendingPoolAddressesProvider,address) (contracts/misc/UiPoolDataProvider.sol#46-159) has external calls inside a loop: userReservesData[i].scaledVariableDebt = IVariableDebtToken(reserveData.variableDebtTokenAddress).scaledBalanceOf(user) (contracts/misc/UiPoolDataProvider.sol#133-137)
UiPoolDataProvider.getReservesData(ILendingPoolAddressesProvider,address) (contracts/misc/UiPoolDataProvider.sol#46-159) has external calls inside a loop: userReservesData[i].principalStableDebt = IStableDebtToken(reserveData.stableDebtTokenAddress).principalBalanceOf(user) (contracts/misc/UiPoolDataProvider.sol#138-142)
UiPoolDataProvider.getReservesData(ILendingPoolAddressesProvider,address) (contracts/misc/UiPoolDataProvider.sol#46-159) has external calls inside a loop: userReservesData[i].stableBorrowRate = IStableDebtToken(reserveData.stableDebtTokenAddress).getUserStableRate(user) (contracts/misc/UiPoolDataProvider.sol#144-148)
UiPoolDataProvider.getReservesData(ILendingPoolAddressesProvider,address) (contracts/misc/UiPoolDataProvider.sol#46-159) has external calls inside a loop: userReservesData[i].stableBorrowLastUpdateTimestamp = IStableDebtToken(reserveData.stableDebtTokenAddress).getUserLastUpdated(user) (contracts/misc/UiPoolDataProvider.sol#149-153)
WalletBalanceProvider.balanceOf(address,address) (contracts/misc/WalletBalanceProvider.sol#44-52) has external calls inside a loop: IERC20(token).balanceOf(user) (contracts/misc/WalletBalanceProvider.sol#49)
WalletBalanceProvider.getUserWalletBalances(address,address) (contracts/misc/WalletBalanceProvider.sol#79-109) has external calls inside a loop: configuration = pool.getConfiguration(reservesWithEth[j]) (contracts/misc/WalletBalanceProvider.sol#96)
MockFlashLoanReceiver.executeOperation(address[],uint256[],uint256[],address,bytes) (contracts/mocks/flashloan/MockFlashLoanReceiver.sol#46-84) has external calls inside a loop: require(bool,string)(amounts[i] <= IERC20(assets[i]).balanceOf(address(this)),Invalid balance for the contract) (contracts/mocks/flashloan/MockFlashLoanReceiver.sol#66-69)
MockFlashLoanReceiver.executeOperation(address[],uint256[],uint256[],address,bytes) (contracts/mocks/flashloan/MockFlashLoanReceiver.sol#46-84) has external calls inside a loop: token.mint(premiums[i]) (contracts/mocks/flashloan/MockFlashLoanReceiver.sol#76)
MockFlashLoanReceiver.executeOperation(address[],uint256[],uint256[],address,bytes) (contracts/mocks/flashloan/MockFlashLoanReceiver.sol#46-84) has external calls inside a loop: IERC20(assets[i]).approve(address(LENDING_POOL),amountToReturn) (contracts/mocks/flashloan/MockFlashLoanReceiver.sol#78)
LendingPool.flashLoan(address,address[],uint256[],uint256[],address,bytes,uint16) (contracts/protocol/lendingpool/LendingPool.sol#481-562) has external calls inside a loop: IAToken(aTokenAddresses[vars.i]).transferUnderlyingTo(receiverAddress,amounts[vars.i]) (contracts/protocol/lendingpool/LendingPool.sol#504)
LendingPool.flashLoan(address,address[],uint256[],uint256[],address,bytes,uint16) (contracts/protocol/lendingpool/LendingPool.sol#481-562) has external calls inside a loop: _reserves[vars.currentAsset].cumulateToLiquidityIndex(IERC20(vars.currentATokenAddress).totalSupply(),vars.currentPremium) (contracts/protocol/lendingpool/LendingPool.sol#521-524)
LendingPool._executeBorrow(LendingPool.ExecuteBorrowParams) (contracts/protocol/lendingpool/LendingPool.sol#832-907) has external calls inside a loop: oracle = _addressesProvider.getPriceOracle() (contracts/protocol/lendingpool/LendingPool.sol#836)
LendingPool._executeBorrow(LendingPool.ExecuteBorrowParams) (contracts/protocol/lendingpool/LendingPool.sol#832-907) has external calls inside a loop: amountInETH = IPriceOracleGetter(oracle).getAssetPrice(vars.asset).mul(vars.amount).div(10 ** reserve.configuration.getDecimals()) (contracts/protocol/lendingpool/LendingPool.sol#838-841)
LendingPool._executeBorrow(LendingPool.ExecuteBorrowParams) (contracts/protocol/lendingpool/LendingPool.sol#832-907) has external calls inside a loop: isFirstBorrowing = IStableDebtToken(reserve.stableDebtTokenAddress).mint(vars.user,vars.onBehalfOf,vars.amount,currentStableRate) (contracts/protocol/lendingpool/LendingPool.sol#866-871)
LendingPool._executeBorrow(LendingPool.ExecuteBorrowParams) (contracts/protocol/lendingpool/LendingPool.sol#832-907) has external calls inside a loop: IAToken(vars.aTokenAddress).transferUnderlyingTo(vars.user,vars.amount) (contracts/protocol/lendingpool/LendingPool.sol#893)
LendingPool._executeBorrow(LendingPool.ExecuteBorrowParams) (contracts/protocol/lendingpool/LendingPool.sol#832-907) has external calls inside a loop: isFirstBorrowing = IVariableDebtToken(reserve.variableDebtTokenAddress).mint(vars.user,vars.onBehalfOf,vars.amount,reserve.variableBorrowIndex) (contracts/protocol/lendingpool/LendingPool.sol#873-878)
ReserveLogic._mintToTreasury(DataTypes.ReserveData,uint256,uint256,uint256,uint256,uint40) (contracts/protocol/libraries/logic/ReserveLogic.sol#274-325) has external calls inside a loop: (vars.principalStableDebt,vars.currentStableDebt,vars.avgStableRate,vars.stableSupplyUpdatedTimestamp) = IStableDebtToken(reserve.stableDebtTokenAddress).getSupplyData() (contracts/protocol/libraries/logic/ReserveLogic.sol#291-296)
ReserveLogic._mintToTreasury(DataTypes.ReserveData,uint256,uint256,uint256,uint256,uint40) (contracts/protocol/libraries/logic/ReserveLogic.sol#274-325) has external calls inside a loop: IAToken(reserve.aTokenAddress).mintToTreasury(vars.amountToMint,newLiquidityIndex) (contracts/protocol/libraries/logic/ReserveLogic.sol#323)
GenericLogic.calculateUserAccountData(address,mapping(address => DataTypes.ReserveData),DataTypes.UserConfigurationMap,mapping(uint256 => address),uint256,address) (contracts/protocol/libraries/logic/GenericLogic.sol#150-235) has external calls inside a loop: vars.compoundedBorrowBalance = IERC20(currentReserve.stableDebtTokenAddress).balanceOf(user) (contracts/protocol/libraries/logic/GenericLogic.sol#203-205)
GenericLogic.calculateUserAccountData(address,mapping(address => DataTypes.ReserveData),DataTypes.UserConfigurationMap,mapping(uint256 => address),uint256,address) (contracts/protocol/libraries/logic/GenericLogic.sol#150-235) has external calls inside a loop: vars.compoundedBorrowBalance = vars.compoundedBorrowBalance.add(IERC20(currentReserve.variableDebtTokenAddress).balanceOf(user)) (contracts/protocol/libraries/logic/GenericLogic.sol#206-208)
ValidationLogic.validateBorrow(address,DataTypes.ReserveData,address,uint256,uint256,uint256,uint256,mapping(address => DataTypes.ReserveData),DataTypes.UserConfigurationMap,mapping(uint256 => address),uint256,address) (contracts/protocol/libraries/logic/ValidationLogic.sol#120-213) has external calls inside a loop: require(bool,string)(! userConfig.isUsingAsCollateral(reserve.id) || reserve.configuration.getLtv() == 0 || amount > IERC20(reserve.aTokenAddress).balanceOf(userAddress),Errors.VL_COLLATERAL_SAME_AS_BORROWING_CURRENCY) (contracts/protocol/libraries/logic/ValidationLogic.sol#198-203)
ValidationLogic.validateBorrow(address,DataTypes.ReserveData,address,uint256,uint256,uint256,uint256,mapping(address => DataTypes.ReserveData),DataTypes.UserConfigurationMap,mapping(uint256 => address),uint256,address) (contracts/protocol/libraries/logic/ValidationLogic.sol#120-213) has external calls inside a loop: vars.availableLiquidity = IERC20(asset).balanceOf(reserve.aTokenAddress) (contracts/protocol/libraries/logic/ValidationLogic.sol#205)
ReserveLogic.updateInterestRates(DataTypes.ReserveData,address,address,uint256,uint256) (contracts/protocol/libraries/logic/ReserveLogic.sol#198-249) has external calls inside a loop: (vars.totalStableDebt,vars.avgStableRate) = IStableDebtToken(vars.stableDebtTokenAddress).getTotalSupplyAndAvgRate() (contracts/protocol/libraries/logic/ReserveLogic.sol#209-210)
ReserveLogic.updateInterestRates(DataTypes.ReserveData,address,address,uint256,uint256) (contracts/protocol/libraries/logic/ReserveLogic.sol#198-249) has external calls inside a loop: vars.totalVariableDebt = IVariableDebtToken(reserve.variableDebtTokenAddress).scaledTotalSupply().rayMul(reserve.variableBorrowIndex) (contracts/protocol/libraries/logic/ReserveLogic.sol#215-217)
ReserveLogic.updateInterestRates(DataTypes.ReserveData,address,address,uint256,uint256) (contracts/protocol/libraries/logic/ReserveLogic.sol#198-249) has external calls inside a loop: vars.availableLiquidity = IERC20(reserveAddress).balanceOf(aTokenAddress) (contracts/protocol/libraries/logic/ReserveLogic.sol#219)
ReserveLogic.updateInterestRates(DataTypes.ReserveData,address,address,uint256,uint256) (contracts/protocol/libraries/logic/ReserveLogic.sol#198-249) has external calls inside a loop: (vars.newLiquidityRate,vars.newStableRate,vars.newVariableRate) = IReserveInterestRateStrategy(reserve.interestRateStrategyAddress).calculateInterestRates(reserveAddress,vars.availableLiquidity.add(liquidityAdded).sub(liquidityTaken),vars.totalStableDebt,vars.totalVariableDebt,vars.avgStableRate,reserve.configuration.getReserveFactor()) (contracts/protocol/libraries/logic/ReserveLogic.sol#221-232)
ReserveLogic.updateState(DataTypes.ReserveData) (contracts/protocol/libraries/logic/ReserveLogic.sol#110-134) has external calls inside a loop: scaledVariableDebt = IVariableDebtToken(reserve.variableDebtTokenAddress).scaledTotalSupply() (contracts/protocol/libraries/logic/ReserveLogic.sol#111-112)
GenericLogic.calculateUserAccountData(address,mapping(address => DataTypes.ReserveData),DataTypes.UserConfigurationMap,mapping(uint256 => address),uint256,address) (contracts/protocol/libraries/logic/GenericLogic.sol#150-235) has external calls inside a loop: vars.reserveUnitPrice = IPriceOracleGetter(oracle).getAssetPrice(vars.currentReserveAddress) (contracts/protocol/libraries/logic/GenericLogic.sol#186)
GenericLogic.calculateUserAccountData(address,mapping(address => DataTypes.ReserveData),DataTypes.UserConfigurationMap,mapping(uint256 => address),uint256,address) (contracts/protocol/libraries/logic/GenericLogic.sol#150-235) has external calls inside a loop: vars.compoundedLiquidityBalance = IERC20(currentReserve.aTokenAddress).balanceOf(user) (contracts/protocol/libraries/logic/GenericLogic.sol#189)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation/#calls-inside-a-loop
Reentrancy in IncentivizedERC20.transferFrom(address,address,uint256) (contracts/protocol/tokenization/IncentivizedERC20.sol#120-133):
External calls:
- _transfer(sender,recipient,amount) (contracts/protocol/tokenization/IncentivizedERC20.sol#125)
- _incentivesController.handleAction(sender,currentTotalSupply,oldSenderBalance) (contracts/protocol/tokenization/IncentivizedERC20.sol#185)
- _incentivesController.handleAction(recipient,currentTotalSupply,oldRecipientBalance) (contracts/protocol/tokenization/IncentivizedERC20.sol#187)
State variables written after the call(s):
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (contracts/protocol/tokenization/IncentivizedERC20.sol#126-130)
- _allowances[owner][spender] = amount (contracts/protocol/tokenization/IncentivizedERC20.sol#232)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-2
Reentrancy in LendingPool._executeBorrow(LendingPool.ExecuteBorrowParams) (contracts/protocol/lendingpool/LendingPool.sol#832-907):
External calls:
- reserve.updateState() (contracts/protocol/lendingpool/LendingPool.sol#858)
- isFirstBorrowing = IStableDebtToken(reserve.stableDebtTokenAddress).mint(vars.user,vars.onBehalfOf,vars.amount,currentStableRate) (contracts/protocol/lendingpool/LendingPool.sol#866-871)
- isFirstBorrowing = IVariableDebtToken(reserve.variableDebtTokenAddress).mint(vars.user,vars.onBehalfOf,vars.amount,reserve.variableBorrowIndex) (contracts/protocol/lendingpool/LendingPool.sol#873-878)
- IAToken(vars.aTokenAddress).transferUnderlyingTo(vars.user,vars.amount) (contracts/protocol/lendingpool/LendingPool.sol#893)
Event emitted after the call(s):
- Borrow(vars.asset,vars.user,vars.onBehalfOf,vars.amount,vars.interestRateMode,currentStableRate,vars.referralCode) (contracts/protocol/lendingpool/LendingPool.sol#896-906)
- Borrow(vars.asset,vars.user,vars.onBehalfOf,vars.amount,vars.interestRateMode,reserve.currentVariableBorrowRate,vars.referralCode) (contracts/protocol/lendingpool/LendingPool.sol#896-906)
Reentrancy in AToken._transfer(address,address,uint256,bool) (contracts/protocol/tokenization/AToken.sol#302-327):
External calls:
- super._transfer(from,to,amount.rayDiv(index)) (contracts/protocol/tokenization/AToken.sol#313)
- _incentivesController.handleAction(sender,currentTotalSupply,oldSenderBalance) (contracts/protocol/tokenization/IncentivizedERC20.sol#185)
- _incentivesController.handleAction(recipient,currentTotalSupply,oldRecipientBalance) (contracts/protocol/tokenization/IncentivizedERC20.sol#187)
- POOL.finalizeTransfer(UNDERLYING_ASSET_ADDRESS,from,to,amount,fromBalanceBefore,toBalanceBefore) (contracts/protocol/tokenization/AToken.sol#316-323)
Event emitted after the call(s):
- BalanceTransfer(from,to,amount,index) (contracts/protocol/tokenization/AToken.sol#326)
Reentrancy in LendingPoolAddressesProvider._updateImpl(bytes32,address) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#194-209):
External calls:
- proxy.initialize(newAddress,params) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#203)
Event emitted after the call(s):
- ProxyCreated(id,address(proxy)) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#205)
Reentrancy in LendingPoolConfigurator.activateReserve(address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#421-429):
External calls:
- pool.setConfiguration(asset,currentConfig.data) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#426)
Event emitted after the call(s):
- ReserveActivated(asset) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#428)
Reentrancy in AToken.burn(address,address,uint256,uint256) (contracts/protocol/tokenization/AToken.sol#96-110):
External calls:
- _burn(user,amountScaled) (contracts/protocol/tokenization/AToken.sol#104)
- _incentivesController.handleAction(account,oldTotalSupply,oldAccountBalance) (contracts/protocol/tokenization/IncentivizedERC20.sol#220)
- IERC20(UNDERLYING_ASSET_ADDRESS).safeTransfer(receiverOfUnderlying,amount) (contracts/protocol/tokenization/AToken.sol#106)
Event emitted after the call(s):
- Burn(user,receiverOfUnderlying,amount,index) (contracts/protocol/tokenization/AToken.sol#109)
- Transfer(user,address(0),amount) (contracts/protocol/tokenization/AToken.sol#108)
Reentrancy in StableDebtToken.burn(address,uint256) (contracts/protocol/tokenization/StableDebtToken.sol#162-222):
External calls:
- _mint(user,amountToMint,previousSupply) (contracts/protocol/tokenization/StableDebtToken.sol#204)
- _incentivesController.handleAction(account,oldTotalSupply,oldAccountBalance) (contracts/protocol/tokenization/StableDebtToken.sol#336)
Event emitted after the call(s):
- Mint(user,user,amountToMint,currentBalance,balanceIncrease,userStableRate,newAvgStableRate,nextSupply) (contracts/protocol/tokenization/StableDebtToken.sol#205-214)
Reentrancy in StableDebtToken.burn(address,uint256) (contracts/protocol/tokenization/StableDebtToken.sol#162-222):
External calls:
- _burn(user,amountToBurn,previousSupply) (contracts/protocol/tokenization/StableDebtToken.sol#217)
- _incentivesController.handleAction(account,oldTotalSupply,oldAccountBalance) (contracts/protocol/tokenization/StableDebtToken.sol#355)
Event emitted after the call(s):
- Burn(user,amountToBurn,currentBalance,balanceIncrease,newAvgStableRate,nextSupply) (contracts/protocol/tokenization/StableDebtToken.sol#218)
Reentrancy in StableDebtToken.burn(address,uint256) (contracts/protocol/tokenization/StableDebtToken.sol#162-222):
External calls:
- _mint(user,amountToMint,previousSupply) (contracts/protocol/tokenization/StableDebtToken.sol#204)
- _incentivesController.handleAction(account,oldTotalSupply,oldAccountBalance) (contracts/protocol/tokenization/StableDebtToken.sol#336)
- _burn(user,amountToBurn,previousSupply) (contracts/protocol/tokenization/StableDebtToken.sol#217)
- _incentivesController.handleAction(account,oldTotalSupply,oldAccountBalance) (contracts/protocol/tokenization/StableDebtToken.sol#355)
Event emitted after the call(s):
- Transfer(user,address(0),amount) (contracts/protocol/tokenization/StableDebtToken.sol#221)
Reentrancy in VariableDebtToken.burn(address,uint256,uint256) (contracts/protocol/tokenization/VariableDebtToken.sol#89-101):
External calls:
- _burn(user,amountScaled) (contracts/protocol/tokenization/VariableDebtToken.sol#97)
- _incentivesController.handleAction(account,oldTotalSupply,oldAccountBalance) (contracts/protocol/tokenization/IncentivizedERC20.sol#220)
Event emitted after the call(s):
- Burn(user,amount,index) (contracts/protocol/tokenization/VariableDebtToken.sol#100)
- Transfer(user,address(0),amount) (contracts/protocol/tokenization/VariableDebtToken.sol#99)
Reentrancy in LendingPoolConfigurator.configureReserveAsCollateral(address,uint256,uint256,uint256) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#345-387):
External calls:
- pool.setConfiguration(asset,currentConfig.data) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#384)
Event emitted after the call(s):
- CollateralConfigurationChanged(asset,ltv,liquidationThreshold,liquidationBonus) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#386)
Reentrancy in LendingPoolConfigurator.deactivateReserve(address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#435-445):
External calls:
- pool.setConfiguration(asset,currentConfig.data) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#442)
Event emitted after the call(s):
- ReserveDeactivated(asset) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#444)
Reentrancy in LendingPool.deposit(address,uint256,address,uint16) (contracts/protocol/lendingpool/LendingPool.sol#105-130):
External calls:
- reserve.updateState() (contracts/protocol/lendingpool/LendingPool.sol#117)
- IERC20(asset).safeTransferFrom(msg.sender,aToken,amount) (contracts/protocol/lendingpool/LendingPool.sol#120)
- isFirstDeposit = IAToken(aToken).mint(onBehalfOf,amount,reserve.liquidityIndex) (contracts/protocol/lendingpool/LendingPool.sol#122)
Event emitted after the call(s):
- Deposit(asset,msg.sender,onBehalfOf,amount,referralCode) (contracts/protocol/lendingpool/LendingPool.sol#129)
- ReserveUsedAsCollateralEnabled(asset,onBehalfOf) (contracts/protocol/lendingpool/LendingPool.sol#126)
Reentrancy in LendingPoolConfigurator.disableBorrowingOnReserve(address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#327-334):
External calls:
- pool.setConfiguration(asset,currentConfig.data) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#332)
Event emitted after the call(s):
- BorrowingDisabledOnReserve(asset) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#333)
Reentrancy in LendingPoolConfigurator.disableReserveStableRate(address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#407-415):
External calls:
- pool.setConfiguration(asset,currentConfig.data) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#412)
Event emitted after the call(s):
- StableRateDisabledOnReserve(asset) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#414)
Reentrancy in LendingPoolConfigurator.enableBorrowingOnReserve(address,bool) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#309-321):
External calls:
- pool.setConfiguration(asset,currentConfig.data) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#318)
Event emitted after the call(s):
- BorrowingEnabledOnReserve(asset,stableBorrowRateEnabled) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#320)
Reentrancy in LendingPoolConfigurator.enableReserveStableRate(address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#393-401):
External calls:
- pool.setConfiguration(asset,currentConfig.data) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#398)
Event emitted after the call(s):
- StableRateEnabledOnReserve(asset) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#400)
Reentrancy in LendingPool.flashLoan(address,address[],uint256[],uint256[],address,bytes,uint16) (contracts/protocol/lendingpool/LendingPool.sol#481-562):
External calls:
- require(bool,string)(vars.receiver.executeOperation(assets,amounts,premiums,msg.sender,params),Errors.LP_INVALID_FLASH_LOAN_EXECUTOR_RETURN) (contracts/protocol/lendingpool/LendingPool.sol#507-510)
- _executeBorrow(ExecuteBorrowParams(vars.currentAsset,msg.sender,onBehalfOf,vars.currentAmount,modes[vars.i],vars.currentATokenAddress,referralCode,false)) (contracts/protocol/lendingpool/LendingPool.sol#540-551)
- reserve.updateState() (contracts/protocol/lendingpool/LendingPool.sol#858)
- isFirstBorrowing = IStableDebtToken(reserve.stableDebtTokenAddress).mint(vars.user,vars.onBehalfOf,vars.amount,currentStableRate) (contracts/protocol/lendingpool/LendingPool.sol#866-871)
- isFirstBorrowing = IVariableDebtToken(reserve.variableDebtTokenAddress).mint(vars.user,vars.onBehalfOf,vars.amount,reserve.variableBorrowIndex) (contracts/protocol/lendingpool/LendingPool.sol#873-878)
- IAToken(reserve.aTokenAddress).mintToTreasury(vars.amountToMint,newLiquidityIndex) (contracts/protocol/libraries/logic/ReserveLogic.sol#323)
- IAToken(vars.aTokenAddress).transferUnderlyingTo(vars.user,vars.amount) (contracts/protocol/lendingpool/LendingPool.sol#893)
Event emitted after the call(s):
- Borrow(vars.asset,vars.user,vars.onBehalfOf,vars.amount,vars.interestRateMode,currentStableRate,vars.referralCode) (contracts/protocol/lendingpool/LendingPool.sol#896-906)
- _executeBorrow(ExecuteBorrowParams(vars.currentAsset,msg.sender,onBehalfOf,vars.currentAmount,modes[vars.i],vars.currentATokenAddress,referralCode,false)) (contracts/protocol/lendingpool/LendingPool.sol#540-551)
- Borrow(vars.asset,vars.user,vars.onBehalfOf,vars.amount,vars.interestRateMode,reserve.currentVariableBorrowRate,vars.referralCode) (contracts/protocol/lendingpool/LendingPool.sol#896-906)
- _executeBorrow(ExecuteBorrowParams(vars.currentAsset,msg.sender,onBehalfOf,vars.currentAmount,modes[vars.i],vars.currentATokenAddress,referralCode,false)) (contracts/protocol/lendingpool/LendingPool.sol#540-551)
- ReserveDataUpdated(reserveAddress,vars.newLiquidityRate,vars.newStableRate,vars.newVariableRate,reserve.liquidityIndex,reserve.variableBorrowIndex) (contracts/protocol/libraries/logic/ReserveLogic.sol#241-248)
- _executeBorrow(ExecuteBorrowParams(vars.currentAsset,msg.sender,onBehalfOf,vars.currentAmount,modes[vars.i],vars.currentATokenAddress,referralCode,false)) (contracts/protocol/lendingpool/LendingPool.sol#540-551)
Reentrancy in LendingPool.flashLoan(address,address[],uint256[],uint256[],address,bytes,uint16) (contracts/protocol/lendingpool/LendingPool.sol#481-562):
External calls:
- require(bool,string)(vars.receiver.executeOperation(assets,amounts,premiums,msg.sender,params),Errors.LP_INVALID_FLASH_LOAN_EXECUTOR_RETURN) (contracts/protocol/lendingpool/LendingPool.sol#507-510)
- _reserves[vars.currentAsset].updateState() (contracts/protocol/lendingpool/LendingPool.sol#520)
- IERC20(vars.currentAsset).safeTransferFrom(receiverAddress,vars.currentATokenAddress,vars.currentAmountPlusPremium) (contracts/protocol/lendingpool/LendingPool.sol#532-536)
- _executeBorrow(ExecuteBorrowParams(vars.currentAsset,msg.sender,onBehalfOf,vars.currentAmount,modes[vars.i],vars.currentATokenAddress,referralCode,false)) (contracts/protocol/lendingpool/LendingPool.sol#540-551)
- reserve.updateState() (contracts/protocol/lendingpool/LendingPool.sol#858)
- isFirstBorrowing = IStableDebtToken(reserve.stableDebtTokenAddress).mint(vars.user,vars.onBehalfOf,vars.amount,currentStableRate) (contracts/protocol/lendingpool/LendingPool.sol#866-871)
- isFirstBorrowing = IVariableDebtToken(reserve.variableDebtTokenAddress).mint(vars.user,vars.onBehalfOf,vars.amount,reserve.variableBorrowIndex) (contracts/protocol/lendingpool/LendingPool.sol#873-878)
- IAToken(reserve.aTokenAddress).mintToTreasury(vars.amountToMint,newLiquidityIndex) (contracts/protocol/libraries/logic/ReserveLogic.sol#323)
- IAToken(vars.aTokenAddress).transferUnderlyingTo(vars.user,vars.amount) (contracts/protocol/lendingpool/LendingPool.sol#893)
Event emitted after the call(s):
- FlashLoan(receiverAddress,msg.sender,vars.currentAsset,vars.currentAmount,vars.currentPremium,referralCode) (contracts/protocol/lendingpool/LendingPool.sol#553-560)
Reentrancy in LendingPoolConfigurator.freezeReserve(address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#452-460):
External calls:
- pool.setConfiguration(asset,currentConfig.data) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#457)
Event emitted after the call(s):
- ReserveFrozen(asset) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#459)
Reentrancy in LendingPoolConfigurator.initReserve(address,address,address,uint8,address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#201-263):
External calls:
- aTokenProxyAddress = _initTokenWithProxy(aTokenImpl,underlyingAssetDecimals) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#231)
- proxy.initialize(implementation,params) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#524)
- stableDebtTokenProxyAddress = _initTokenWithProxy(stableDebtTokenImpl,underlyingAssetDecimals) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#233-234)
- proxy.initialize(implementation,params) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#524)
- variableDebtTokenProxyAddress = _initTokenWithProxy(variableDebtTokenImpl,underlyingAssetDecimals) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#236-237)
- proxy.initialize(implementation,params) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#524)
- pool.initReserve(asset,aTokenProxyAddress,stableDebtTokenProxyAddress,variableDebtTokenProxyAddress,interestRateStrategyAddress) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#239-245)
- pool.setConfiguration(asset,currentConfig.data) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#254)
Event emitted after the call(s):
- ReserveInitialized(asset,aTokenProxyAddress,stableDebtTokenProxyAddress,variableDebtTokenProxyAddress,interestRateStrategyAddress) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#256-262)
Reentrancy in LendingPoolCollateralManager.liquidationCall(address,address,address,uint256,bool) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#81-245):
External calls:
- debtReserve.updateState() (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#163)
- IVariableDebtToken(debtReserve.variableDebtTokenAddress).burn(user,vars.actualDebtToLiquidate,debtReserve.variableBorrowIndex) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#166-170)
- IVariableDebtToken(debtReserve.variableDebtTokenAddress).burn(user,vars.userVariableDebt,debtReserve.variableBorrowIndex) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#174-178)
- IStableDebtToken(debtReserve.stableDebtTokenAddress).burn(user,vars.actualDebtToLiquidate.sub(vars.userVariableDebt)) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#180-183)
- vars.collateralAtoken.transferOnLiquidation(user,msg.sender,vars.maxCollateralToLiquidate) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#195)
Event emitted after the call(s):
- ReserveUsedAsCollateralEnabled(collateralAsset,msg.sender) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#200)
Reentrancy in LendingPoolCollateralManager.liquidationCall(address,address,address,uint256,bool) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#81-245):
External calls:
- debtReserve.updateState() (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#163)
- IVariableDebtToken(debtReserve.variableDebtTokenAddress).burn(user,vars.actualDebtToLiquidate,debtReserve.variableBorrowIndex) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#166-170)
- IVariableDebtToken(debtReserve.variableDebtTokenAddress).burn(user,vars.userVariableDebt,debtReserve.variableBorrowIndex) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#174-178)
- IStableDebtToken(debtReserve.stableDebtTokenAddress).burn(user,vars.actualDebtToLiquidate.sub(vars.userVariableDebt)) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#180-183)
- vars.collateralAtoken.transferOnLiquidation(user,msg.sender,vars.maxCollateralToLiquidate) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#195)
- collateralReserve.updateState() (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#203)
- vars.collateralAtoken.burn(user,msg.sender,vars.maxCollateralToLiquidate,collateralReserve.liquidityIndex) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#212-217)
Event emitted after the call(s):
- ReserveUsedAsCollateralDisabled(collateralAsset,user) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#224)
Reentrancy in LendingPoolCollateralManager.liquidationCall(address,address,address,uint256,bool) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#81-245):
External calls:
- debtReserve.updateState() (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#163)
- IVariableDebtToken(debtReserve.variableDebtTokenAddress).burn(user,vars.actualDebtToLiquidate,debtReserve.variableBorrowIndex) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#166-170)
- IVariableDebtToken(debtReserve.variableDebtTokenAddress).burn(user,vars.userVariableDebt,debtReserve.variableBorrowIndex) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#174-178)
- IStableDebtToken(debtReserve.stableDebtTokenAddress).burn(user,vars.actualDebtToLiquidate.sub(vars.userVariableDebt)) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#180-183)
- vars.collateralAtoken.transferOnLiquidation(user,msg.sender,vars.maxCollateralToLiquidate) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#195)
- collateralReserve.updateState() (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#203)
- vars.collateralAtoken.burn(user,msg.sender,vars.maxCollateralToLiquidate,collateralReserve.liquidityIndex) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#212-217)
- IERC20(debtAsset).safeTransferFrom(msg.sender,debtReserve.aTokenAddress,vars.actualDebtToLiquidate) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#228-232)
Event emitted after the call(s):
- LiquidationCall(collateralAsset,debtAsset,user,vars.actualDebtToLiquidate,vars.maxCollateralToLiquidate,msg.sender,receiveAToken) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#234-242)
Reentrancy in AToken.mint(address,uint256,uint256) (contracts/protocol/tokenization/AToken.sol#120-135):
External calls:
- _mint(user,amountScaled) (contracts/protocol/tokenization/AToken.sol#129)
- _incentivesController.handleAction(account,oldTotalSupply,oldAccountBalance) (contracts/protocol/tokenization/IncentivizedERC20.sol#204)
Event emitted after the call(s):
- Mint(user,amount,index) (contracts/protocol/tokenization/AToken.sol#132)
- Transfer(address(0),user,amount) (contracts/protocol/tokenization/AToken.sol#131)
Reentrancy in StableDebtToken.mint(address,address,uint256,uint256) (contracts/protocol/tokenization/StableDebtToken.sol#101-155):
External calls:
- _mint(onBehalfOf,amount.add(balanceIncrease),vars.previousSupply) (contracts/protocol/tokenization/StableDebtToken.sol#139)
- _incentivesController.handleAction(account,oldTotalSupply,oldAccountBalance) (contracts/protocol/tokenization/StableDebtToken.sol#336)
Event emitted after the call(s):
- Mint(user,onBehalfOf,amount,currentBalance,balanceIncrease,vars.newStableRate,vars.currentAvgStableRate,vars.nextSupply) (contracts/protocol/tokenization/StableDebtToken.sol#143-152)
- Transfer(address(0),onBehalfOf,amount) (contracts/protocol/tokenization/StableDebtToken.sol#141)
Reentrancy in VariableDebtToken.mint(address,address,uint256,uint256) (contracts/protocol/tokenization/VariableDebtToken.sol#60-80):
External calls:
- _mint(onBehalfOf,amountScaled) (contracts/protocol/tokenization/VariableDebtToken.sol#74)
- _incentivesController.handleAction(account,oldTotalSupply,oldAccountBalance) (contracts/protocol/tokenization/IncentivizedERC20.sol#204)
Event emitted after the call(s):
- Mint(user,onBehalfOf,amount,index) (contracts/protocol/tokenization/VariableDebtToken.sol#77)
- Transfer(address(0),onBehalfOf,amount) (contracts/protocol/tokenization/VariableDebtToken.sol#76)
Reentrancy in AToken.mintToTreasury(uint256,uint256) (contracts/protocol/tokenization/AToken.sol#143-156):
External calls:
- _mint(RESERVE_TREASURY_ADDRESS,amount.rayDiv(index)) (contracts/protocol/tokenization/AToken.sol#152)
- _incentivesController.handleAction(account,oldTotalSupply,oldAccountBalance) (contracts/protocol/tokenization/IncentivizedERC20.sol#204)
Event emitted after the call(s):
- Mint(RESERVE_TREASURY_ADDRESS,amount,index) (contracts/protocol/tokenization/AToken.sol#155)
- Transfer(address(0),RESERVE_TREASURY_ADDRESS,amount) (contracts/protocol/tokenization/AToken.sol#154)
Reentrancy in LendingPool.rebalanceStableBorrowRate(address,address) (contracts/protocol/lendingpool/LendingPool.sol#349-379):
External calls:
- reserve.updateState() (contracts/protocol/lendingpool/LendingPool.sol#366)
- IStableDebtToken(address(stableDebtToken)).burn(user,stableDebt) (contracts/protocol/lendingpool/LendingPool.sol#368)
- IStableDebtToken(address(stableDebtToken)).mint(user,user,stableDebt,reserve.currentStableBorrowRate) (contracts/protocol/lendingpool/LendingPool.sol#369-374)
Event emitted after the call(s):
- RebalanceStableBorrowRate(asset,user) (contracts/protocol/lendingpool/LendingPool.sol#378)
Reentrancy in LendingPool.repay(address,uint256,uint256,address) (contracts/protocol/lendingpool/LendingPool.sol#237-289):
External calls:
- reserve.updateState() (contracts/protocol/lendingpool/LendingPool.sol#265)
- IStableDebtToken(reserve.stableDebtTokenAddress).burn(onBehalfOf,paybackAmount) (contracts/protocol/lendingpool/LendingPool.sol#268)
- IVariableDebtToken(reserve.variableDebtTokenAddress).burn(onBehalfOf,paybackAmount,reserve.variableBorrowIndex) (contracts/protocol/lendingpool/LendingPool.sol#270-274)
- IERC20(asset).safeTransferFrom(msg.sender,aToken,paybackAmount) (contracts/protocol/lendingpool/LendingPool.sol#284)
Event emitted after the call(s):
- Repay(asset,onBehalfOf,msg.sender,paybackAmount) (contracts/protocol/lendingpool/LendingPool.sol#286)
Reentrancy in LendingPoolAddressesProvider.setAddressAsProxy(bytes32,address) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#60-67):
External calls:
- _updateImpl(id,implementationAddress) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#65)
- proxy.initialize(newAddress,params) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#203)
- proxy.upgradeToAndCall(newAddress,params) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#207)
Event emitted after the call(s):
- AddressSet(id,implementationAddress,true) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#66)
Reentrancy in LendingPoolAddressesProvider.setLendingPoolConfiguratorImpl(address) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#119-122):
External calls:
- _updateImpl(LENDING_POOL_CONFIGURATOR,configurator) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#120)
- proxy.initialize(newAddress,params) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#203)
- proxy.upgradeToAndCall(newAddress,params) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#207)
Event emitted after the call(s):
- LendingPoolConfiguratorUpdated(configurator) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#121)
Reentrancy in LendingPoolAddressesProvider.setLendingPoolImpl(address) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#101-104):
External calls:
- _updateImpl(LENDING_POOL,pool) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#102)
- proxy.initialize(newAddress,params) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#203)
- proxy.upgradeToAndCall(newAddress,params) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#207)
Event emitted after the call(s):
- LendingPoolUpdated(pool) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#103)
Reentrancy in LendingPoolConfigurator.setReserveFactor(address,uint256) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#481-489):
External calls:
- pool.setConfiguration(asset,currentConfig.data) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#486)
Event emitted after the call(s):
- ReserveFactorChanged(asset,reserveFactor) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#488)
Reentrancy in LendingPoolConfigurator.setReserveInterestRateStrategyAddress(address,address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#496-502):
External calls:
- pool.setReserveInterestRateStrategyAddress(asset,rateStrategyAddress) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#500)
Event emitted after the call(s):
- ReserveInterestRateStrategyChanged(asset,rateStrategyAddress) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#501)
Reentrancy in LendingPool.swapBorrowRateMode(address,uint256) (contracts/protocol/lendingpool/LendingPool.sol#296-338):
External calls:
- reserve.updateState() (contracts/protocol/lendingpool/LendingPool.sol#311)
- IStableDebtToken(reserve.stableDebtTokenAddress).burn(msg.sender,stableDebt) (contracts/protocol/lendingpool/LendingPool.sol#314)
- IVariableDebtToken(reserve.variableDebtTokenAddress).mint(msg.sender,msg.sender,stableDebt,reserve.variableBorrowIndex) (contracts/protocol/lendingpool/LendingPool.sol#315-320)
- IVariableDebtToken(reserve.variableDebtTokenAddress).burn(msg.sender,variableDebt,reserve.variableBorrowIndex) (contracts/protocol/lendingpool/LendingPool.sol#322-326)
- IStableDebtToken(reserve.stableDebtTokenAddress).mint(msg.sender,msg.sender,variableDebt,reserve.currentStableBorrowRate) (contracts/protocol/lendingpool/LendingPool.sol#327-332)
Event emitted after the call(s):
- Swap(asset,msg.sender,rateMode) (contracts/protocol/lendingpool/LendingPool.sol#337)
Reentrancy in IncentivizedERC20.transfer(address,uint256) (contracts/protocol/tokenization/IncentivizedERC20.sol#81-85):
External calls:
- _transfer(_msgSender(),recipient,amount) (contracts/protocol/tokenization/IncentivizedERC20.sol#82)
- _incentivesController.handleAction(sender,currentTotalSupply,oldSenderBalance) (contracts/protocol/tokenization/IncentivizedERC20.sol#185)
- _incentivesController.handleAction(recipient,currentTotalSupply,oldRecipientBalance) (contracts/protocol/tokenization/IncentivizedERC20.sol#187)
Event emitted after the call(s):
- Transfer(_msgSender(),recipient,amount) (contracts/protocol/tokenization/IncentivizedERC20.sol#83)
Reentrancy in IncentivizedERC20.transferFrom(address,address,uint256) (contracts/protocol/tokenization/IncentivizedERC20.sol#120-133):
External calls:
- _transfer(sender,recipient,amount) (contracts/protocol/tokenization/IncentivizedERC20.sol#125)
- _incentivesController.handleAction(sender,currentTotalSupply,oldSenderBalance) (contracts/protocol/tokenization/IncentivizedERC20.sol#185)
- _incentivesController.handleAction(recipient,currentTotalSupply,oldRecipientBalance) (contracts/protocol/tokenization/IncentivizedERC20.sol#187)
Event emitted after the call(s):
- Approval(owner,spender,amount) (contracts/protocol/tokenization/IncentivizedERC20.sol#233)
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (contracts/protocol/tokenization/IncentivizedERC20.sol#126-130)
- Transfer(sender,recipient,amount) (contracts/protocol/tokenization/IncentivizedERC20.sol#131)
Reentrancy in AToken.transferOnLiquidation(address,address,uint256) (contracts/protocol/tokenization/AToken.sol#165-175):
External calls:
- _transfer(from,to,value,false) (contracts/protocol/tokenization/AToken.sol#172)
- POOL.finalizeTransfer(UNDERLYING_ASSET_ADDRESS,from,to,amount,fromBalanceBefore,toBalanceBefore) (contracts/protocol/tokenization/AToken.sol#316-323)
- _incentivesController.handleAction(sender,currentTotalSupply,oldSenderBalance) (contracts/protocol/tokenization/IncentivizedERC20.sol#185)
- _incentivesController.handleAction(recipient,currentTotalSupply,oldRecipientBalance) (contracts/protocol/tokenization/IncentivizedERC20.sol#187)
Event emitted after the call(s):
- Transfer(from,to,value) (contracts/protocol/tokenization/AToken.sol#174)
Reentrancy in LendingPoolConfigurator.unfreezeReserve(address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#466-474):
External calls:
- pool.setConfiguration(asset,currentConfig.data) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#471)
Event emitted after the call(s):
- ReserveUnfrozen(asset) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#473)
Reentrancy in LendingPoolConfigurator.updateAToken(address,address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#270-276):
External calls:
- _upgradeTokenImplementation(asset,reserveData.aTokenAddress,implementation) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#273)
- proxy.upgradeToAndCall(implementation,params) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#549)
Event emitted after the call(s):
- ATokenUpgraded(asset,reserveData.aTokenAddress,implementation) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#275)
Reentrancy in LendingPoolConfigurator.updateStableDebtToken(address,address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#283-289):
External calls:
- _upgradeTokenImplementation(asset,reserveData.stableDebtTokenAddress,implementation) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#286)
- proxy.upgradeToAndCall(implementation,params) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#549)
Event emitted after the call(s):
- StableDebtTokenUpgraded(asset,reserveData.stableDebtTokenAddress,implementation) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#288)
Reentrancy in LendingPoolConfigurator.updateVariableDebtToken(address,address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#296-302):
External calls:
- _upgradeTokenImplementation(asset,reserveData.variableDebtTokenAddress,implementation) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#299)
- proxy.upgradeToAndCall(implementation,params) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#549)
Event emitted after the call(s):
- VariableDebtTokenUpgraded(asset,reserveData.variableDebtTokenAddress,implementation) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#301)
Reentrancy in LendingPool.withdraw(address,uint256,address) (contracts/protocol/lendingpool/LendingPool.sol#143-185):
External calls:
- reserve.updateState() (contracts/protocol/lendingpool/LendingPool.sol#171)
Event emitted after the call(s):
- ReserveUsedAsCollateralDisabled(asset,msg.sender) (contracts/protocol/lendingpool/LendingPool.sol#177)
Reentrancy in LendingPool.withdraw(address,uint256,address) (contracts/protocol/lendingpool/LendingPool.sol#143-185):
External calls:
- reserve.updateState() (contracts/protocol/lendingpool/LendingPool.sol#171)
- IAToken(aToken).burn(msg.sender,to,amountToWithdraw,reserve.liquidityIndex) (contracts/protocol/lendingpool/LendingPool.sol#180)
Event emitted after the call(s):
- Withdraw(asset,msg.sender,to,amountToWithdraw) (contracts/protocol/lendingpool/LendingPool.sol#182)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-3
ReserveLogic.getNormalizedIncome(DataTypes.ReserveData) (contracts/protocol/libraries/logic/ReserveLogic.sol#57-76) uses timestamp for comparisons
Dangerous comparisons:
- timestamp == uint40(block.timestamp) (contracts/protocol/libraries/logic/ReserveLogic.sol#65)
ReserveLogic.getNormalizedDebt(DataTypes.ReserveData) (contracts/protocol/libraries/logic/ReserveLogic.sol#85-104) uses timestamp for comparisons
Dangerous comparisons:
- timestamp == uint40(block.timestamp) (contracts/protocol/libraries/logic/ReserveLogic.sol#93)
MathUtils.calculateCompoundedInterest(uint256,uint40,uint256) (contracts/protocol/libraries/math/MathUtils.sol#45-70) uses timestamp for comparisons
Dangerous comparisons:
- exp == 0 (contracts/protocol/libraries/math/MathUtils.sol#53)
- exp > 2 (contracts/protocol/libraries/math/MathUtils.sol#59)
AToken.permit(address,address,uint256,uint256,uint8,bytes32,bytes32) (contracts/protocol/tokenization/AToken.sol#268-292) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(block.timestamp <= deadline,INVALID_EXPIRATION) (contracts/protocol/tokenization/AToken.sol#279)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#block-timestamp
Address.isContract(address) (contracts/dependencies/openzeppelin/contracts/Address.sol#25-36) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/contracts/Address.sol#32-34)
BaseAdminUpgradeabilityProxy._admin() (contracts/dependencies/openzeppelin/upgradeability/BaseAdminUpgradeabilityProxy.sol#98-104) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/upgradeability/BaseAdminUpgradeabilityProxy.sol#101-103)
BaseAdminUpgradeabilityProxy._setAdmin(address) (contracts/dependencies/openzeppelin/upgradeability/BaseAdminUpgradeabilityProxy.sol#110-116) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/upgradeability/BaseAdminUpgradeabilityProxy.sol#113-115)
BaseUpgradeabilityProxy._implementation() (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#31-37) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#34-36)
BaseUpgradeabilityProxy._setImplementation(address) (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#52-64) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#61-63)
Proxy._delegate(address) (contracts/dependencies/openzeppelin/upgradeability/Proxy.sol#31-55) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/upgradeability/Proxy.sol#33-54)
VersionedInitializable.isConstructor() (contracts/protocol/libraries/aave-upgradeability/VersionedInitializable.sol#61-73) uses assembly
- INLINE ASM (contracts/protocol/libraries/aave-upgradeability/VersionedInitializable.sol#69-71)
AToken.initialize(uint8,string,string) (contracts/protocol/tokenization/AToken.sol#61-86) uses assembly
- INLINE ASM (contracts/protocol/tokenization/AToken.sol#69-71)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage
Address.sendValue(address,uint256) (contracts/dependencies/openzeppelin/contracts/Address.sol#54-60) is never used and should be removed
Context._msgData() (contracts/dependencies/openzeppelin/contracts/Context.sol#19-22) is never used and should be removed
ERC20._burn(address,uint256) (contracts/dependencies/openzeppelin/contracts/ERC20.sol#279-287) is never used and should be removed
LendingPoolCollateralManager.getRevision() (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#66-68) is never used and should be removed
ReserveConfiguration.getBorrowingEnabled(DataTypes.ReserveConfigurationMap) (contracts/protocol/libraries/configuration/ReserveConfiguration.sol#190-192) is never used and should be removed
ReserveConfiguration.getFrozen(DataTypes.ReserveConfigurationMap) (contracts/protocol/libraries/configuration/ReserveConfiguration.sol#170-172) is never used and should be removed
ReserveConfiguration.getLiquidationBonus(DataTypes.ReserveConfigurationMap) (contracts/protocol/libraries/configuration/ReserveConfiguration.sol#106-112) is never used and should be removed
ReserveConfiguration.getStableRateBorrowingEnabled(DataTypes.ReserveConfigurationMap) (contracts/protocol/libraries/configuration/ReserveConfiguration.sol#213-219) is never used and should be removed
SafeERC20.safeApprove(IERC20,address,uint256) (contracts/dependencies/openzeppelin/contracts/SafeERC20.sol#39-49) is never used and should be removed
SafeMath.mod(uint256,uint256) (contracts/dependencies/openzeppelin/contracts/SafeMath.sol#140-142) is never used and should be removed
SafeMath.mod(uint256,uint256,string) (contracts/dependencies/openzeppelin/contracts/SafeMath.sol#155-162) is never used and should be removed
StableDebtToken.getRevision() (contracts/protocol/tokenization/StableDebtToken.sol#38-40) is never used and should be removed
VariableDebtToken.getRevision() (contracts/protocol/tokenization/VariableDebtToken.sol#32-34) is never used and should be removed
WadRayMath.halfRay() (contracts/protocol/libraries/math/WadRayMath.sol#39-41) is never used and should be removed
WadRayMath.halfWad() (contracts/protocol/libraries/math/WadRayMath.sol#46-48) is never used and should be removed
WadRayMath.rayToWad(uint256) (contracts/protocol/libraries/math/WadRayMath.sol#117-123) is never used and should be removed
WadRayMath.wad() (contracts/protocol/libraries/math/WadRayMath.sol#32-34) is never used and should be removed
WadRayMath.wadMul(uint256,uint256) (contracts/protocol/libraries/math/WadRayMath.sol#56-64) is never used and should be removed
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dead-code
Low level call in Address.sendValue(address,uint256) (contracts/dependencies/openzeppelin/contracts/Address.sol#54-60):
- (success) = recipient.call{value: amount}() (contracts/dependencies/openzeppelin/contracts/Address.sol#58)
Low level call in SafeERC20.callOptionalReturn(IERC20,bytes) (contracts/dependencies/openzeppelin/contracts/SafeERC20.sol#51-63):
- (success,returndata) = address(token).call(data) (contracts/dependencies/openzeppelin/contracts/SafeERC20.sol#55)
Low level call in BaseAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes) (contracts/dependencies/openzeppelin/upgradeability/BaseAdminUpgradeabilityProxy.sol#85-93):
- (success) = newImplementation.delegatecall(data) (contracts/dependencies/openzeppelin/upgradeability/BaseAdminUpgradeabilityProxy.sol#91)
Low level call in InitializableUpgradeabilityProxy.initialize(address,bytes) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20-28):
- (success) = _logic.delegatecall(_data) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
Low level call in UpgradeabilityProxy.constructor(address,bytes) (contracts/dependencies/openzeppelin/upgradeability/UpgradeabilityProxy.sol#20-27):
- (success) = _logic.delegatecall(_data) (contracts/dependencies/openzeppelin/upgradeability/UpgradeabilityProxy.sol#24)
Low level call in WETHGateway._safeTransferETH(address,uint256) (contracts/misc/WETHGateway.sol#118-121):
- (success) = to.call{value: value}(new bytes(0)) (contracts/misc/WETHGateway.sol#119)
Low level call in LendingPool.liquidationCall(address,address,address,uint256,bool) (contracts/protocol/lendingpool/LendingPool.sol#424-450):
- (success,result) = collateralManager.delegatecall(abi.encodeWithSignature(liquidationCall(address,address,address,uint256,bool),collateralAsset,debtAsset,user,debtToCover,receiveAToken)) (contracts/protocol/lendingpool/LendingPool.sol#434-444)
Low level call in BaseImmutableAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes) (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#63-71):
- (success) = newImplementation.delegatecall(data) (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#69)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls
MintableDelegationERC20 (contracts/mocks/tokens/MintableDelegationERC20.sol#10-34) should inherit from IDelegationToken (contracts/interfaces/IDelegationToken.sol#9-11)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-inheritance
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) is not in mixedCase
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._data (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) is not in mixedCase
Event ATokensAndRatesHelperdeployedContracts(address,address) (contracts/deployments/ATokensAndRatesHelper.sol#21) is not in CapWords
Event StableAndVariableTokensHelperdeployedContracts(address,address) (contracts/deployments/StableAndVariableTokensHelper.sol#14) is not in CapWords
Variable FlashLoanReceiverBase.ADDRESSES_PROVIDER (contracts/flashloan/base/FlashLoanReceiverBase.sol#15) is not in mixedCase
Variable FlashLoanReceiverBase.LENDING_POOL (contracts/flashloan/base/FlashLoanReceiverBase.sol#16) is not in mixedCase
Function IFlashLoanReceiver.ADDRESSES_PROVIDER() (contracts/flashloan/interfaces/IFlashLoanReceiver.sol#22) is not in mixedCase
Function IFlashLoanReceiver.LENDING_POOL() (contracts/flashloan/interfaces/IFlashLoanReceiver.sol#24) is not in mixedCase
Function ITokenConfiguration.UNDERLYING_ASSET_ADDRESS() (contracts/interfaces/ITokenConfiguration.sol#11) is not in mixedCase
Function ITokenConfiguration.POOL() (contracts/interfaces/ITokenConfiguration.sol#13) is not in mixedCase
Variable AaveOracle.WETH (contracts/misc/AaveOracle.sol#27) is not in mixedCase
Variable AaveProtocolDataProvider.ADDRESSES_PROVIDER (contracts/misc/AaveProtocolDataProvider.sol#26) is not in mixedCase
Variable WETHGateway.WETH (contracts/misc/WETHGateway.sol#20) is not in mixedCase
Variable WETHGateway.POOL (contracts/misc/WETHGateway.sol#21) is not in mixedCase
Variable MockFlashLoanReceiver._provider (contracts/mocks/flashloan/MockFlashLoanReceiver.sol#15) is not in mixedCase
Variable MockFlashLoanReceiver._failExecution (contracts/mocks/flashloan/MockFlashLoanReceiver.sol#20) is not in mixedCase
Variable MockFlashLoanReceiver._amountToApprove (contracts/mocks/flashloan/MockFlashLoanReceiver.sol#21) is not in mixedCase
Variable MockFlashLoanReceiver._simulateEOA (contracts/mocks/flashloan/MockFlashLoanReceiver.sol#22) is not in mixedCase
Parameter LendingRateOracle.getMarketBorrowRate(address)._asset (contracts/mocks/oracle/LendingRateOracle.sol#11) is not in mixedCase
Parameter LendingRateOracle.setMarketBorrowRate(address,uint256)._asset (contracts/mocks/oracle/LendingRateOracle.sol#15) is not in mixedCase
Parameter LendingRateOracle.setMarketBorrowRate(address,uint256)._rate (contracts/mocks/oracle/LendingRateOracle.sol#15) is not in mixedCase
Parameter LendingRateOracle.getMarketLiquidityRate(address)._asset (contracts/mocks/oracle/LendingRateOracle.sol#19) is not in mixedCase
Parameter LendingRateOracle.setMarketLiquidityRate(address,uint256)._asset (contracts/mocks/oracle/LendingRateOracle.sol#23) is not in mixedCase
Parameter LendingRateOracle.setMarketLiquidityRate(address,uint256)._rate (contracts/mocks/oracle/LendingRateOracle.sol#23) is not in mixedCase
Parameter MockAToken.initialize(uint8,string,string)._underlyingAssetDecimals (contracts/mocks/upgradeability/MockAToken.sol#32) is not in mixedCase
Parameter MockAToken.initialize(uint8,string,string)._tokenName (contracts/mocks/upgradeability/MockAToken.sol#33) is not in mixedCase
Parameter MockAToken.initialize(uint8,string,string)._tokenSymbol (contracts/mocks/upgradeability/MockAToken.sol#34) is not in mixedCase
Variable DefaultReserveInterestRateStrategy.OPTIMAL_UTILIZATION_RATE (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#29) is not in mixedCase
Variable DefaultReserveInterestRateStrategy.EXCESS_UTILIZATION_RATE (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#37) is not in mixedCase
Variable DefaultReserveInterestRateStrategy._baseVariableBorrowRate (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#42) is not in mixedCase
Variable DefaultReserveInterestRateStrategy._variableRateSlope1 (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#45) is not in mixedCase
Variable DefaultReserveInterestRateStrategy._variableRateSlope2 (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#48) is not in mixedCase
Variable DefaultReserveInterestRateStrategy._stableRateSlope1 (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#51) is not in mixedCase
Variable DefaultReserveInterestRateStrategy._stableRateSlope2 (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#54) is not in mixedCase
Variable LendingPoolStorage._addressesProvider (contracts/protocol/lendingpool/LendingPoolStorage.sol#15) is not in mixedCase
Variable LendingPoolStorage._reserves (contracts/protocol/lendingpool/LendingPoolStorage.sol#17) is not in mixedCase
Variable LendingPoolStorage._usersConfig (contracts/protocol/lendingpool/LendingPoolStorage.sol#18) is not in mixedCase
Variable LendingPoolStorage._reservesList (contracts/protocol/lendingpool/LendingPoolStorage.sol#21) is not in mixedCase
Variable LendingPoolStorage._reservesCount (contracts/protocol/lendingpool/LendingPoolStorage.sol#23) is not in mixedCase
Variable LendingPoolStorage._paused (contracts/protocol/lendingpool/LendingPoolStorage.sol#25) is not in mixedCase
Variable BaseImmutableAdminUpgradeabilityProxy.ADMIN (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#17) is not in mixedCase
Variable VersionedInitializable.______gap (contracts/protocol/libraries/aave-upgradeability/VersionedInitializable.sol#76) is not in mixedCase
Struct GenericLogic.balanceDecreaseAllowedLocalVars (contracts/protocol/libraries/logic/GenericLogic.sol#30-41) is not in CapWords
Constant WadRayMath.halfWAD (contracts/protocol/libraries/math/WadRayMath.sol#14) is not in UPPER_CASE_WITH_UNDERSCORES
Constant WadRayMath.halfRAY (contracts/protocol/libraries/math/WadRayMath.sol#17) is not in UPPER_CASE_WITH_UNDERSCORES
Variable AToken.UNDERLYING_ASSET_ADDRESS (contracts/protocol/tokenization/AToken.sol#30) is not in mixedCase
Variable AToken.RESERVE_TREASURY_ADDRESS (contracts/protocol/tokenization/AToken.sol#31) is not in mixedCase
Variable AToken.POOL (contracts/protocol/tokenization/AToken.sol#32) is not in mixedCase
Variable AToken._nonces (contracts/protocol/tokenization/AToken.sol#35) is not in mixedCase
Variable AToken.DOMAIN_SEPARATOR (contracts/protocol/tokenization/AToken.sol#37) is not in mixedCase
Variable IncentivizedERC20._incentivesController (contracts/protocol/tokenization/IncentivizedERC20.sol#18) is not in mixedCase
Variable IncentivizedERC20._balances (contracts/protocol/tokenization/IncentivizedERC20.sol#20) is not in mixedCase
Variable IncentivizedERC20._totalSupply (contracts/protocol/tokenization/IncentivizedERC20.sol#23) is not in mixedCase
Variable StableDebtToken._avgStableRate (contracts/protocol/tokenization/StableDebtToken.sol#21) is not in mixedCase
Variable StableDebtToken._timestamps (contracts/protocol/tokenization/StableDebtToken.sol#22) is not in mixedCase
Variable StableDebtToken._usersStableRate (contracts/protocol/tokenization/StableDebtToken.sol#23) is not in mixedCase
Variable StableDebtToken._totalSupplyTimestamp (contracts/protocol/tokenization/StableDebtToken.sol#24) is not in mixedCase
Variable DebtTokenBase.UNDERLYING_ASSET_ADDRESS (contracts/protocol/tokenization/base/DebtTokenBase.sol#23) is not in mixedCase
Variable DebtTokenBase.POOL (contracts/protocol/tokenization/base/DebtTokenBase.sol#24) is not in mixedCase
Variable DebtTokenBase._borrowAllowances (contracts/protocol/tokenization/base/DebtTokenBase.sol#26) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
Redundant expression "this (contracts/dependencies/openzeppelin/contracts/Context.sol#20)" inContext (contracts/dependencies/openzeppelin/contracts/Context.sol#14-23)
Redundant expression "params (contracts/mocks/flashloan/MockFlashLoanReceiver.sol#53)" inMockFlashLoanReceiver (contracts/mocks/flashloan/MockFlashLoanReceiver.sol#12-85)
Redundant expression "initiator (contracts/mocks/flashloan/MockFlashLoanReceiver.sol#54)" inMockFlashLoanReceiver (contracts/mocks/flashloan/MockFlashLoanReceiver.sol#12-85)
Redundant expression "recipient (contracts/protocol/tokenization/base/DebtTokenBase.sol#99)" inDebtTokenBase (contracts/protocol/tokenization/base/DebtTokenBase.sol#18-167)
Redundant expression "amount (contracts/protocol/tokenization/base/DebtTokenBase.sol#100)" inDebtTokenBase (contracts/protocol/tokenization/base/DebtTokenBase.sol#18-167)
Redundant expression "owner (contracts/protocol/tokenization/base/DebtTokenBase.sol#111)" inDebtTokenBase (contracts/protocol/tokenization/base/DebtTokenBase.sol#18-167)
Redundant expression "spender (contracts/protocol/tokenization/base/DebtTokenBase.sol#112)" inDebtTokenBase (contracts/protocol/tokenization/base/DebtTokenBase.sol#18-167)
Redundant expression "spender (contracts/protocol/tokenization/base/DebtTokenBase.sol#117)" inDebtTokenBase (contracts/protocol/tokenization/base/DebtTokenBase.sol#18-167)
Redundant expression "amount (contracts/protocol/tokenization/base/DebtTokenBase.sol#118)" inDebtTokenBase (contracts/protocol/tokenization/base/DebtTokenBase.sol#18-167)
Redundant expression "sender (contracts/protocol/tokenization/base/DebtTokenBase.sol#127)" inDebtTokenBase (contracts/protocol/tokenization/base/DebtTokenBase.sol#18-167)
Redundant expression "recipient (contracts/protocol/tokenization/base/DebtTokenBase.sol#128)" inDebtTokenBase (contracts/protocol/tokenization/base/DebtTokenBase.sol#18-167)
Redundant expression "amount (contracts/protocol/tokenization/base/DebtTokenBase.sol#129)" inDebtTokenBase (contracts/protocol/tokenization/base/DebtTokenBase.sol#18-167)
Redundant expression "spender (contracts/protocol/tokenization/base/DebtTokenBase.sol#139)" inDebtTokenBase (contracts/protocol/tokenization/base/DebtTokenBase.sol#18-167)
Redundant expression "addedValue (contracts/protocol/tokenization/base/DebtTokenBase.sol#140)" inDebtTokenBase (contracts/protocol/tokenization/base/DebtTokenBase.sol#18-167)
Redundant expression "spender (contracts/protocol/tokenization/base/DebtTokenBase.sol#150)" inDebtTokenBase (contracts/protocol/tokenization/base/DebtTokenBase.sol#18-167)
Redundant expression "subtractedValue (contracts/protocol/tokenization/base/DebtTokenBase.sol#151)" inDebtTokenBase (contracts/protocol/tokenization/base/DebtTokenBase.sol#18-167)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#redundant-statements
Variable DefaultReserveInterestRateStrategy._stableRateSlope1 (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#51) is too similar to DefaultReserveInterestRateStrategy._stableRateSlope2 (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#54)
Variable DefaultReserveInterestRateStrategy._variableRateSlope1 (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#45) is too similar to DefaultReserveInterestRateStrategy._variableRateSlope2 (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#48)
Variable DefaultReserveInterestRateStrategy.constructor(ILendingPoolAddressesProvider,uint256,uint256,uint256,uint256,uint256,uint256).stableRateSlope1 (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#62) is too similar to DefaultReserveInterestRateStrategy.constructor(ILendingPoolAddressesProvider,uint256,uint256,uint256,uint256,uint256,uint256).stableRateSlope2 (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#63)
Variable DefaultReserveInterestRateStrategy.constructor(ILendingPoolAddressesProvider,uint256,uint256,uint256,uint256,uint256,uint256).variableRateSlope1 (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#60) is too similar to DefaultReserveInterestRateStrategy.constructor(ILendingPoolAddressesProvider,uint256,uint256,uint256,uint256,uint256,uint256).variableRateSlope2 (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#61)
Variable Errors.LP_INCONSISTENT_FLASHLOAN_PARAMS (contracts/protocol/libraries/helpers/Errors.sol#55) is too similar to Errors.VL_INCONSISTENT_FLASHLOAN_PARAMS (contracts/protocol/libraries/helpers/Errors.sol#100)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#variable-names-are-too-similar
MockFlashLoanReceiver._provider (contracts/mocks/flashloan/MockFlashLoanReceiver.sol#15) is never used in MockFlashLoanReceiver (contracts/mocks/flashloan/MockFlashLoanReceiver.sol#12-85)
VersionedInitializable.______gap (contracts/protocol/libraries/aave-upgradeability/VersionedInitializable.sol#76) is never used in MockAToken (contracts/mocks/upgradeability/MockAToken.sol#7-40)
AToken.EIP712_DOMAIN (contracts/protocol/tokenization/AToken.sol#23-24) is never used in MockAToken (contracts/mocks/upgradeability/MockAToken.sol#7-40)
VersionedInitializable.______gap (contracts/protocol/libraries/aave-upgradeability/VersionedInitializable.sol#76) is never used in MockStableDebtToken (contracts/mocks/upgradeability/MockStableDebtToken.sol#6-21)
VersionedInitializable.______gap (contracts/protocol/libraries/aave-upgradeability/VersionedInitializable.sol#76) is never used in MockVariableDebtToken (contracts/mocks/upgradeability/MockVariableDebtToken.sol#6-27)
VersionedInitializable.______gap (contracts/protocol/libraries/aave-upgradeability/VersionedInitializable.sol#76) is never used in LendingPool (contracts/protocol/lendingpool/LendingPool.sol#46-923)
VersionedInitializable.______gap (contracts/protocol/libraries/aave-upgradeability/VersionedInitializable.sol#76) is never used in LendingPoolCollateralManager (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#29-317)
LendingPoolStorage._paused (contracts/protocol/lendingpool/LendingPoolStorage.sol#25) is never used in LendingPoolCollateralManager (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#29-317)
VersionedInitializable.______gap (contracts/protocol/libraries/aave-upgradeability/VersionedInitializable.sol#76) is never used in LendingPoolConfigurator (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#25-562)
VersionedInitializable.______gap (contracts/protocol/libraries/aave-upgradeability/VersionedInitializable.sol#76) is never used in DelegationAwareAToken (contracts/protocol/tokenization/DelegationAwareAToken.sol#14-49)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unused-state-variable
0xC6845a5C768BF8D7681249f8927877Efda425baf analyzed (79 contracts with 72 detectors), 314 result(s) found