Updated as of block 17054938 at 4/15/2023, 5:06:11 PM ET
- ID: 200
- Proposer: 0x683a4F9915D6216f73d6Df50151725036bD26C02
- Start Block: 17028565 (4/11/2023, 9:06:11 PM ET)
- End Block: 17047765 (4/14/2023, 4:32:47 PM ET)
- Targets: 0xd1B3E25fD7C8AE7CADDC6F71b461b79CD4ddcFa3
- Executor: 0xEE56e2B3D491590B5b31738cC34d5232F378a8D5 (Short executor)
- Simulation: https://dashboard.tenderly.co/me/simulator/5bdc4cb7-8012-4566-968c-9988beb22c49
Proposal text
Per our Methodology, Gauntlet would recommend the following changes to the caps on V3 Arbitrum:
- Increase wstETH Borrow Cap from 400 to 800.
Full forum post is here.
- Increase wstETH Borrow Cap from 400 to 800.
This proposal updates the borrow cap of wstETH using a pre-deployed payload:
Copyright and related rights waived via CC0.
By approving this proposal, you agree that any services provided by Gauntlet shall be governed by the terms of service available at gauntlet.network/tos. This message is for informational purposes only and does not constitute an offer to sell, a solicitation to buy, or a recommendation for any security, nor does it constitute an offer to provide investment advisory or other services by Gauntlet Networks Inc. No reference to any specific security constitutes a recommendation to buy, sell or hold that security or any other security. Nothing in this report shall be considered a solicitation or offer to buy or sell any security, future, option or other financial instrument or to offer or provide any investment advice or service to any person in any jurisdiction. Nothing contained in this report constitutes investment advice or offers any opinion with respect to the suitability of any security, and the views expressed in this report should not be taken as advice to buy, sell or hold any security. The information in this report should not be relied upon for the purpose of investing. In preparing the information contained in this report, we have not taken into account the investment needs, objectives and financial circumstances of any particular investor. This information has no regard to the specific investment objectives, financial situation and particular needs of any specific recipient of this information and investments discussed may not be suitable for all investors. Any views expressed in this report by us were prepared based upon the information available to us at the time such views were written. Changed or additional information could cause such views to change. All information is subject to possible correction. Information may quickly become unreliable for various reasons, including changes in market conditions or economic circumstances.
Info:
- State changes:
# TransparentUpgradeableProxy at `0x8315177aB297bA92A06054cE80a67Ed4DBd7ed3a` with implementation Bridge at `0x1066CEcC8880948FE55e427E94F1FF221d626591`
@@ Slot `0x0000000000000000000000000000000000000000000000000000000000000006` @@
- "0x00000000000000000000000000000000000000000000000000000000000bc00e"
+ "0x00000000000000000000000000000000000000000000000000000000000bc00f"
@@ Slot `0xf652222313e28459528d920b65115c16c04f3efc82aaedc97be59f3f3787cd4d` @@
- "0x0000000000000000000000000000000000000000000000000000000000000000"
+ "0x7db4f9af8ededaf9c928fef358694844066af25a86f92994f20dc17846cf3b5f"Info:
- There is no SELFDESTRUCT inside of delegated call
Info:
- Events Emitted:
- TransparentUpgradeableProxy at
0x8315177aB297bA92A06054cE80a67Ed4DBd7ed3awith implementation Bridge at0x1066CEcC8880948FE55e427E94F1FF221d626591MessageDelivered(messageIndex: 770062, beforeInboxAcc: 0xf9e0ca757b4d13e9b62182a2c8e44cc2d8f1fdabcd925b518e537908684109d2, inbox: 0x4dbd4fc535ac27206064b68ffcf827b0a60bab3f, kind: 9, sender: 0xff67e2b3d491590b5b31738cc34d5232f378b9e6, messageDataHash: 0x61d3da9ae4a941d6ce40b0e8cc874ddc2f8745aba61ba037664f4ebd64f503b8, baseFeeL1: 25379859778, timestamp: 1681590875)
- TransparentUpgradeableProxy at
0x4Dbd4fc535Ac27206064B68FfCf827b0A60BAB3fwith implementation Inbox at0x5aED5f8A1e3607476F1f81c3d8fe126deB0aFE94InboxMessageDelivered(messageNum: 770062, data: 0x0000000000000000000000007d9103572be58ffe99dc390e8246f02dcae6f61100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002364cdd8b1a2000000000000000000000000000000000000000000000000000009d071364fa200000000000000000000000007d9103572be58ffe99dc390e8246f02dcae6f611000000000000000000000000bbd9f90699c1fa0d7a65870d241dd1f1217c96eb000000000000000000000000000000000000000000000000000000000006ddd0000000000000000000000000000000000000000000000000000000003b9aca000000000000000000000000000000000000000000000000000000000000000244d9a4cbdf00000000000000000000000000000000000000000000000000000000000000a000000000000000000000000000000000000000000000000000000000000000e0000000000000000000000000000000000000000000000000000000000000012000000000000000000000000000000000000000000000000000000000000001a00000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000100000000000000000000000031976dc2ea27e75cc5a3687ed594d17127f9b72e00000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000009657865637574652829000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000001)
- TransparentUpgradeableProxy at
Info:
- Targets:
- 0xd1B3E25fD7C8AE7CADDC6F71b461b79CD4ddcFa3: Contract (not verified)
Info:
- Touched address:
- 0x3Cbded22F878aFC8d39dCD744d3Fe62086B76193: EOA (verification not applicable)
- 0xEC568fffba86c094cf06b22134B23074DFE2252c: Contract (verified) (AaveGovernanceV2)
- 0xEE56e2B3D491590B5b31738cC34d5232F378a8D5: Contract (verified) (Executor)
- 0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e: Contract (verified) (GovernanceStrategy)
- 0x7Fc66500c84A76Ad7e9c93437bFc5Ac33E2DDaE9: Contract (verified) (InitializableAdminUpgradeabilityProxy)
- 0x96F68837877fd0414B55050c9e794AECdBcfCA59: Contract (not verified)
- 0xd1B3E25fD7C8AE7CADDC6F71b461b79CD4ddcFa3: Contract (not verified)
- 0x4Dbd4fc535Ac27206064B68FfCf827b0A60BAB3f: Contract (verified) (TransparentUpgradeableProxy)
- 0x5aED5f8A1e3607476F1f81c3d8fe126deB0aFE94: Contract (verified) (Inbox)
- 0x8315177aB297bA92A06054cE80a67Ed4DBd7ed3a: Contract (verified) (TransparentUpgradeableProxy)
- 0x1066CEcC8880948FE55e427E94F1FF221d626591: Contract (verified) (Bridge)
Info:
View Details
View warnings for InitializableAdminUpgradeabilityProxy at `0x7Fc66500c84A76Ad7e9c93437bFc5Ac33E2DDaE9` with implementation unknown contract name at `0x96F68837877fd0414B55050c9e794AECdBcfCA59`
WARNING:CryticCompile:Warning: contracts/open-zeppelin/Address.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/BaseUpgradeabilityProxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/Proxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/SafeMath.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/UpgradeabilityProxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol:13:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract BaseAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/open-zeppelin/Proxy.sol:15:3: The payable fallback function is defined here.
fallback () payable external {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/open-zeppelin/Proxy.sol:15:3: The payable fallback function is defined here.
fallback () payable external {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/open-zeppelin/InitializableAdminUpgradeabilityProxy.sol:12:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableAdminUpgradeabilityProxy is BaseAdminUpgradeabilityProxy, InitializableUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/open-zeppelin/Proxy.sol:15:3: The payable fallback function is defined here.
fallback () payable external {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/utils/MockTransferHook.sol:9:25: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function onTransfer(address from, address to, uint256 amount) external override {
^----------^
Warning: contracts/utils/MockTransferHook.sol:9:39: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function onTransfer(address from, address to, uint256 amount) external override {
^--------^
Warning: contracts/utils/MockTransferHook.sol:9:51: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function onTransfer(address from, address to, uint256 amount) external override {
^------------^
Info:
View Details
Slither report for Bridge at `0x1066CEcC8880948FE55e427E94F1FF221d626591`
INFO:Detectors:
Reentrancy in Bridge.executeCall(address,uint256,bytes) (src/bridge/Bridge.sol#205-222):
External calls:
- (success,returnData) = to.call{value: value}(data) (src/bridge/Bridge.sol#219)
State variables written after the call(s):
- _activeOutbox = prevOutbox (src/bridge/Bridge.sol#220)
Bridge._activeOutbox (src/bridge/Bridge.sol#46) can be used in cross function reentrancies:
- Bridge.activeOutbox() (src/bridge/Bridge.sol#77-85)
- Bridge.executeCall(address,uint256,bytes) (src/bridge/Bridge.sol#205-222)
- Bridge.initialize(IOwnable) (src/bridge/Bridge.sol#61-64)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities
INFO:Detectors:
Bridge.setSequencerInbox(address)._sequencerInbox (src/bridge/Bridge.sol#224) lacks a zero-check on :
- sequencerInbox = _sequencerInbox (src/bridge/Bridge.sol#225)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-zero-address-validation
INFO:Detectors:
Reentrancy in Bridge.executeCall(address,uint256,bytes) (src/bridge/Bridge.sol#205-222):
External calls:
- (success,returnData) = to.call{value: value}(data) (src/bridge/Bridge.sol#219)
Event emitted after the call(s):
- BridgeCallTriggered(msg.sender,to,value,data) (src/bridge/Bridge.sol#221)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-3
INFO:Detectors:
Bridge.addMessageToDelayedAccumulator(uint8,address,uint64,uint64,uint256,bytes32) (src/bridge/Bridge.sol#169-203) uses timestamp for comparisons
Dangerous comparisons:
- count > 0 (src/bridge/Bridge.sol#188)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#block-timestamp
INFO:Detectors:
AddressUpgradeable.verifyCallResult(bool,bytes,string) (@openzeppelin/contracts-upgradeable/utils/AddressUpgradeable.sol#174-194) uses assembly
- INLINE ASM (@openzeppelin/contracts-upgradeable/utils/AddressUpgradeable.sol#186-189)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage
INFO:Detectors:
AddressUpgradeable.functionCall(address,bytes) (@openzeppelin/contracts-upgradeable/utils/AddressUpgradeable.sol#85-87) is never used and should be removed
AddressUpgradeable.functionCall(address,bytes,string) (@openzeppelin/contracts-upgradeable/utils/AddressUpgradeable.sol#95-101) is never used and should be removed
AddressUpgradeable.functionCallWithValue(address,bytes,uint256) (@openzeppelin/contracts-upgradeable/utils/AddressUpgradeable.sol#114-120) is never used and should be removed
AddressUpgradeable.functionCallWithValue(address,bytes,uint256,string) (@openzeppelin/contracts-upgradeable/utils/AddressUpgradeable.sol#128-139) is never used and should be removed
AddressUpgradeable.functionStaticCall(address,bytes) (@openzeppelin/contracts-upgradeable/utils/AddressUpgradeable.sol#147-149) is never used and should be removed
AddressUpgradeable.functionStaticCall(address,bytes,string) (@openzeppelin/contracts-upgradeable/utils/AddressUpgradeable.sol#157-166) is never used and should be removed
AddressUpgradeable.sendValue(address,uint256) (@openzeppelin/contracts-upgradeable/utils/AddressUpgradeable.sol#60-65) is never used and should be removed
AddressUpgradeable.verifyCallResult(bool,bytes,string) (@openzeppelin/contracts-upgradeable/utils/AddressUpgradeable.sol#174-194) is never used and should be removed
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dead-code
INFO:Detectors:
Low level call in AddressUpgradeable.sendValue(address,uint256) (@openzeppelin/contracts-upgradeable/utils/AddressUpgradeable.sol#60-65):
- (success) = recipient.call{value: amount}() (@openzeppelin/contracts-upgradeable/utils/AddressUpgradeable.sol#63)
Low level call in AddressUpgradeable.functionCallWithValue(address,bytes,uint256,string) (@openzeppelin/contracts-upgradeable/utils/AddressUpgradeable.sol#128-139):
- (success,returndata) = target.call{value: value}(data) (@openzeppelin/contracts-upgradeable/utils/AddressUpgradeable.sol#137)
Low level call in AddressUpgradeable.functionStaticCall(address,bytes,string) (@openzeppelin/contracts-upgradeable/utils/AddressUpgradeable.sol#157-166):
- (success,returndata) = target.staticcall(data) (@openzeppelin/contracts-upgradeable/utils/AddressUpgradeable.sol#164)
Low level call in Bridge.executeCall(address,uint256,bytes) (src/bridge/Bridge.sol#205-222):
- (success,returnData) = to.call{value: value}(data) (src/bridge/Bridge.sol#219)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls
INFO:Detectors:
Parameter Bridge.setSequencerInbox(address)._sequencerInbox (src/bridge/Bridge.sol#224) is not in mixedCase
Variable DelegateCallAware.__self (src/libraries/DelegateCallAware.sol#12) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
INFO:Slither:0x1066CEcC8880948FE55e427E94F1FF221d626591 analyzed (7 contracts with 79 detectors), 19 result(s) found
Slither report for TransparentUpgradeableProxy at `0x4Dbd4fc535Ac27206064B68FfCf827b0A60BAB3f` with implementation Inbox at `0x5aED5f8A1e3607476F1f81c3d8fe126deB0aFE94`
INFO:Detectors:
TransparentUpgradeableProxy.upgradeToAndCall(address,bytes) (@openzeppelin/contracts/proxy/TransparentUpgradeableProxy.sol#116-119) ignores return value by Address.functionDelegateCall(newImplementation,data) (@openzeppelin/contracts/proxy/TransparentUpgradeableProxy.sol#118)
UpgradeableProxy.constructor(address,bytes) (@openzeppelin/contracts/proxy/UpgradeableProxy.sol#24-30) ignores return value by Address.functionDelegateCall(_logic,_data) (@openzeppelin/contracts/proxy/UpgradeableProxy.sol#28)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unused-return
INFO:Detectors:
Modifier TransparentUpgradeableProxy.ifAdmin() (@openzeppelin/contracts/proxy/TransparentUpgradeableProxy.sol#53-59) does not always execute _; or revertReference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-modifier
INFO:Detectors:
Proxy._delegate(address) (@openzeppelin/contracts/proxy/Proxy.sol#21-41) uses assembly
- INLINE ASM (@openzeppelin/contracts/proxy/Proxy.sol#23-40)
TransparentUpgradeableProxy._admin() (@openzeppelin/contracts/proxy/TransparentUpgradeableProxy.sol#124-130) uses assembly
- INLINE ASM (@openzeppelin/contracts/proxy/TransparentUpgradeableProxy.sol#127-129)
TransparentUpgradeableProxy._setAdmin(address) (@openzeppelin/contracts/proxy/TransparentUpgradeableProxy.sol#135-142) uses assembly
- INLINE ASM (@openzeppelin/contracts/proxy/TransparentUpgradeableProxy.sol#139-141)
UpgradeableProxy._implementation() (@openzeppelin/contracts/proxy/UpgradeableProxy.sol#47-53) uses assembly
- INLINE ASM (@openzeppelin/contracts/proxy/UpgradeableProxy.sol#50-52)
UpgradeableProxy._setImplementation(address) (@openzeppelin/contracts/proxy/UpgradeableProxy.sol#68-77) uses assembly
- INLINE ASM (@openzeppelin/contracts/proxy/UpgradeableProxy.sol#74-76)
Address.isContract(address) (@openzeppelin/contracts/utils/Address.sol#26-35) uses assembly
- INLINE ASM (@openzeppelin/contracts/utils/Address.sol#33)
Address._verifyCallResult(bool,bytes,string) (@openzeppelin/contracts/utils/Address.sol#171-188) uses assembly
- INLINE ASM (@openzeppelin/contracts/utils/Address.sol#180-183)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage
INFO:Detectors:
Address.functionCall(address,bytes) (@openzeppelin/contracts/utils/Address.sol#79-81) is never used and should be removed
Address.functionCall(address,bytes,string) (@openzeppelin/contracts/utils/Address.sol#89-91) is never used and should be removed
Address.functionCallWithValue(address,bytes,uint256) (@openzeppelin/contracts/utils/Address.sol#104-106) is never used and should be removed
Address.functionCallWithValue(address,bytes,uint256,string) (@openzeppelin/contracts/utils/Address.sol#114-121) is never used and should be removed
Address.functionStaticCall(address,bytes) (@openzeppelin/contracts/utils/Address.sol#129-131) is never used and should be removed
Address.functionStaticCall(address,bytes,string) (@openzeppelin/contracts/utils/Address.sol#139-145) is never used and should be removed
Address.sendValue(address,uint256) (@openzeppelin/contracts/utils/Address.sol#53-59) is never used and should be removed
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dead-code
INFO:Detectors:
Low level call in Address.sendValue(address,uint256) (@openzeppelin/contracts/utils/Address.sol#53-59):
- (success) = recipient.call{value: amount}() (@openzeppelin/contracts/utils/Address.sol#57)
Low level call in Address.functionCallWithValue(address,bytes,uint256,string) (@openzeppelin/contracts/utils/Address.sol#114-121):
- (success,returndata) = target.call{value: value}(data) (@openzeppelin/contracts/utils/Address.sol#119)
Low level call in Address.functionStaticCall(address,bytes,string) (@openzeppelin/contracts/utils/Address.sol#139-145):
- (success,returndata) = target.staticcall(data) (@openzeppelin/contracts/utils/Address.sol#143)
Low level call in Address.functionDelegateCall(address,bytes,string) (@openzeppelin/contracts/utils/Address.sol#163-169):
- (success,returndata) = target.delegatecall(data) (@openzeppelin/contracts/utils/Address.sol#167)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls
INFO:Slither:0x4Dbd4fc535Ac27206064B68FfCf827b0A60BAB3f analyzed (4 contracts with 79 detectors), 21 result(s) found
Slither report for Inbox at `0x5aED5f8A1e3607476F1f81c3d8fe126deB0aFE94`
INFO:Detectors:
GasRefundEnabled.refundsGas(IGasRefunder) (src/libraries/IGasRefunder.sol#20-41) ignores return value by gasRefunder.onGasSpent(address(msg.sender),startGasLeft - gasleft()(),calldataSize) (src/libraries/IGasRefunder.sol#39)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unused-return
INFO:Detectors:
Reentrancy in Inbox._deliverMessage(uint8,address,bytes) (src/bridge/Inbox.sol#608-618):
External calls:
- msgNum = deliverToBridge(_kind,_sender,keccak256(bytes)(_messageData)) (src/bridge/Inbox.sol#615)
- bridge.enqueueDelayedMessage{value: msg.value}(kind,AddressAliasHelper.applyL1ToL2Alias(sender),messageDataHash) (src/bridge/Inbox.sol#625-630)
Event emitted after the call(s):
- InboxMessageDelivered(msgNum,_messageData) (src/bridge/Inbox.sol#616)
Reentrancy in Inbox.sendL2MessageFromOrigin(bytes) (src/bridge/Inbox.sol#130-144):
External calls:
- msgNum = deliverToBridge(L2_MSG,msg.sender,keccak256(bytes)(messageData)) (src/bridge/Inbox.sol#141)
- bridge.enqueueDelayedMessage{value: msg.value}(kind,AddressAliasHelper.applyL1ToL2Alias(sender),messageDataHash) (src/bridge/Inbox.sol#625-630)
Event emitted after the call(s):
- InboxMessageDeliveredFromOrigin(msgNum) (src/bridge/Inbox.sol#142)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-3
INFO:Detectors:
AddressUpgradeable.verifyCallResult(bool,bytes,string) (@openzeppelin/contracts-upgradeable/utils/AddressUpgradeable.sol#174-194) uses assembly
- INLINE ASM (@openzeppelin/contracts-upgradeable/utils/AddressUpgradeable.sol#186-189)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage
INFO:Detectors:
AddressUpgradeable.functionCall(address,bytes) (@openzeppelin/contracts-upgradeable/utils/AddressUpgradeable.sol#85-87) is never used and should be removed
AddressUpgradeable.functionCall(address,bytes,string) (@openzeppelin/contracts-upgradeable/utils/AddressUpgradeable.sol#95-101) is never used and should be removed
AddressUpgradeable.functionCallWithValue(address,bytes,uint256) (@openzeppelin/contracts-upgradeable/utils/AddressUpgradeable.sol#114-120) is never used and should be removed
AddressUpgradeable.functionCallWithValue(address,bytes,uint256,string) (@openzeppelin/contracts-upgradeable/utils/AddressUpgradeable.sol#128-139) is never used and should be removed
AddressUpgradeable.functionStaticCall(address,bytes) (@openzeppelin/contracts-upgradeable/utils/AddressUpgradeable.sol#147-149) is never used and should be removed
AddressUpgradeable.functionStaticCall(address,bytes,string) (@openzeppelin/contracts-upgradeable/utils/AddressUpgradeable.sol#157-166) is never used and should be removed
AddressUpgradeable.sendValue(address,uint256) (@openzeppelin/contracts-upgradeable/utils/AddressUpgradeable.sol#60-65) is never used and should be removed
AddressUpgradeable.verifyCallResult(bool,bytes,string) (@openzeppelin/contracts-upgradeable/utils/AddressUpgradeable.sol#174-194) is never used and should be removed
ContextUpgradeable.__Context_init() (@openzeppelin/contracts-upgradeable/utils/ContextUpgradeable.sol#18-19) is never used and should be removed
ContextUpgradeable.__Context_init_unchained() (@openzeppelin/contracts-upgradeable/utils/ContextUpgradeable.sol#21-22) is never used and should be removed
ContextUpgradeable._msgData() (@openzeppelin/contracts-upgradeable/utils/ContextUpgradeable.sol#27-29) is never used and should be removed
Messages.accumulateInboxMessage(bytes32,bytes32) (src/bridge/Messages.sol#31-37) is never used and should be removed
Messages.messageHash(uint8,address,uint64,uint64,uint256,uint256,bytes32) (src/bridge/Messages.sol#8-29) is never used and should be removed
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dead-code
INFO:Detectors:
Low level call in AddressUpgradeable.sendValue(address,uint256) (@openzeppelin/contracts-upgradeable/utils/AddressUpgradeable.sol#60-65):
- (success) = recipient.call{value: amount}() (@openzeppelin/contracts-upgradeable/utils/AddressUpgradeable.sol#63)
Low level call in AddressUpgradeable.functionCallWithValue(address,bytes,uint256,string) (@openzeppelin/contracts-upgradeable/utils/AddressUpgradeable.sol#128-139):
- (success,returndata) = target.call{value: value}(data) (@openzeppelin/contracts-upgradeable/utils/AddressUpgradeable.sol#137)
Low level call in AddressUpgradeable.functionStaticCall(address,bytes,string) (@openzeppelin/contracts-upgradeable/utils/AddressUpgradeable.sol#157-166):
- (success,returndata) = target.staticcall(data) (@openzeppelin/contracts-upgradeable/utils/AddressUpgradeable.sol#164)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls
INFO:Detectors:
Function PausableUpgradeable.__Pausable_init() (@openzeppelin/contracts-upgradeable/security/PausableUpgradeable.sol#34-36) is not in mixedCase
Function PausableUpgradeable.__Pausable_init_unchained() (@openzeppelin/contracts-upgradeable/security/PausableUpgradeable.sol#38-40) is not in mixedCase
Variable PausableUpgradeable.__gap (@openzeppelin/contracts-upgradeable/security/PausableUpgradeable.sol#102) is not in mixedCase
Function ContextUpgradeable.__Context_init() (@openzeppelin/contracts-upgradeable/utils/ContextUpgradeable.sol#18-19) is not in mixedCase
Function ContextUpgradeable.__Context_init_unchained() (@openzeppelin/contracts-upgradeable/utils/ContextUpgradeable.sol#21-22) is not in mixedCase
Variable ContextUpgradeable.__gap (@openzeppelin/contracts-upgradeable/utils/ContextUpgradeable.sol#36) is not in mixedCase
Function ISequencerInbox.HEADER_LENGTH() (src/bridge/ISequencerInbox.sol#61) is not in mixedCase
Function ISequencerInbox.DATA_AUTHENTICATED_FLAG() (src/bridge/ISequencerInbox.sol#66) is not in mixedCase
Parameter Inbox.setAllowListEnabled(bool)._allowListEnabled (src/bridge/Inbox.sol#70) is not in mixedCase
Parameter Inbox.initialize(IBridge,ISequencerInbox)._bridge (src/bridge/Inbox.sol#115) is not in mixedCase
Parameter Inbox.initialize(IBridge,ISequencerInbox)._sequencerInbox (src/bridge/Inbox.sol#115) is not in mixedCase
Variable DelegateCallAware.__self (src/libraries/DelegateCallAware.sol#12) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
INFO:Slither:0x5aED5f8A1e3607476F1f81c3d8fe126deB0aFE94 analyzed (16 contracts with 79 detectors), 32 result(s) found
Slither report for InitializableAdminUpgradeabilityProxy at `0x7Fc66500c84A76Ad7e9c93437bFc5Ac33E2DDaE9` with implementation unknown contract name at `0x96F68837877fd0414B55050c9e794AECdBcfCA59`
Warning: contracts/open-zeppelin/Address.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/BaseUpgradeabilityProxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/Proxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/SafeMath.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/UpgradeabilityProxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol:13:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract BaseAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/open-zeppelin/Proxy.sol:15:3: The payable fallback function is defined here.
fallback () payable external {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/open-zeppelin/Proxy.sol:15:3: The payable fallback function is defined here.
fallback () payable external {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/open-zeppelin/InitializableAdminUpgradeabilityProxy.sol:12:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableAdminUpgradeabilityProxy is BaseAdminUpgradeabilityProxy, InitializableUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/open-zeppelin/Proxy.sol:15:3: The payable fallback function is defined here.
fallback () payable external {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/utils/MockTransferHook.sol:9:25: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function onTransfer(address from, address to, uint256 amount) external override {
^----------^
Warning: contracts/utils/MockTransferHook.sol:9:39: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function onTransfer(address from, address to, uint256 amount) external override {
^--------^
Warning: contracts/utils/MockTransferHook.sol:9:51: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function onTransfer(address from, address to, uint256 amount) external override {
^------------^
INFO:Detectors:
InitializableUpgradeabilityProxy.initialize(address,bytes) (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#20-28) uses delegatecall to a input-controlled function id
- (success) = _logic.delegatecall(_data) (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#25)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#controlled-delegatecall
INFO:Detectors:
LendToAaveMigrator.migrateFromLEND(uint256) (contracts/token/LendToAaveMigrator.sol#61-68) ignores return value by LEND.transferFrom(msg.sender,address(this),amount) (contracts/token/LendToAaveMigrator.sol#65)
LendToAaveMigrator.migrateFromLEND(uint256) (contracts/token/LendToAaveMigrator.sol#61-68) ignores return value by AAVE.transfer(msg.sender,amount.div(LEND_AAVE_RATIO)) (contracts/token/LendToAaveMigrator.sol#66)
DoubleTransferHelper.doubleSend(address,uint256,uint256) (contracts/utils/DoubleTransferHelper.sol#14-17) ignores return value by AAVE.transfer(to,amount1) (contracts/utils/DoubleTransferHelper.sol#15)
DoubleTransferHelper.doubleSend(address,uint256,uint256) (contracts/utils/DoubleTransferHelper.sol#14-17) ignores return value by AAVE.transfer(to,amount2) (contracts/utils/DoubleTransferHelper.sol#16)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unchecked-transfer
INFO:Detectors:
AaveToken._writeSnapshot(address,uint128,uint128) (contracts/token/AaveToken.sol#138-153) uses a dangerous strict equality:
- ownerCountOfSnapshots != 0 && snapshotsOwner[ownerCountOfSnapshots.sub(1)].blockNumber == currentBlock (contracts/token/AaveToken.sol#145)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dangerous-strict-equalities
INFO:Detectors:
Reentrancy in AaveToken.initialize(address,address,ITransferHook) (contracts/token/AaveToken.sol#59-85):
External calls:
- _mint(migrator,MIGRATION_AMOUNT) (contracts/token/AaveToken.sol#83)
- aaveGovernance.onTransfer(from,to,amount) (contracts/token/AaveToken.sol#181)
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
- aaveGovernance.onTransfer(from,to,amount) (contracts/token/AaveToken.sol#181)
State variables written after the call(s):
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
- _balances[account] = _balances[account].add(amount) (contracts/open-zeppelin/ERC20.sol#235)
ERC20._balances (contracts/open-zeppelin/ERC20.sol#38) can be used in cross function reentrancies:
- ERC20._mint(address,uint256) (contracts/open-zeppelin/ERC20.sol#229-237)
- ERC20._transfer(address,address,uint256) (contracts/open-zeppelin/ERC20.sol#209-218)
- ERC20.balanceOf(address) (contracts/open-zeppelin/ERC20.sol#105-107)
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
- _countsSnapshots[owner] = ownerCountOfSnapshots.add(1) (contracts/token/AaveToken.sol#149)
AaveToken._countsSnapshots (contracts/token/AaveToken.sol#38) can be used in cross function reentrancies:
- AaveToken._countsSnapshots (contracts/token/AaveToken.sol#38)
- AaveToken._writeSnapshot(address,uint128,uint128) (contracts/token/AaveToken.sol#138-153)
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
- snapshotsOwner[ownerCountOfSnapshots.sub(1)].value = newValue (contracts/token/AaveToken.sol#146)
- snapshotsOwner[ownerCountOfSnapshots] = Snapshot(currentBlock,newValue) (contracts/token/AaveToken.sol#148)
AaveToken._snapshots (contracts/token/AaveToken.sol#36) can be used in cross function reentrancies:
- AaveToken._snapshots (contracts/token/AaveToken.sol#36)
- AaveToken._writeSnapshot(address,uint128,uint128) (contracts/token/AaveToken.sol#138-153)
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
- _totalSupply = _totalSupply.add(amount) (contracts/open-zeppelin/ERC20.sol#234)
ERC20._totalSupply (contracts/open-zeppelin/ERC20.sol#42) can be used in cross function reentrancies:
- ERC20._mint(address,uint256) (contracts/open-zeppelin/ERC20.sol#229-237)
- ERC20.totalSupply() (contracts/open-zeppelin/ERC20.sol#98-100)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-1
INFO:Detectors:
ERC20.constructor(string,string).name (contracts/open-zeppelin/ERC20.sol#57) shadows:
- ERC20.name() (contracts/open-zeppelin/ERC20.sol#66-68) (function)
ERC20.constructor(string,string).symbol (contracts/open-zeppelin/ERC20.sol#57) shadows:
- ERC20.symbol() (contracts/open-zeppelin/ERC20.sol#74-76) (function)
InitializableAdminUpgradeabilityProxy.initialize(address,address,bytes)._admin (contracts/open-zeppelin/InitializableAdminUpgradeabilityProxy.sol#22) shadows:
- BaseAdminUpgradeabilityProxy._admin() (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#94-99) (function)
MintableErc20.constructor(string,string,uint8).name (contracts/utils/MintableErc20.sol#11) shadows:
- ERC20.name() (contracts/open-zeppelin/ERC20.sol#66-68) (function)
MintableErc20.constructor(string,string,uint8).symbol (contracts/utils/MintableErc20.sol#11) shadows:
- ERC20.symbol() (contracts/open-zeppelin/ERC20.sol#74-76) (function)
MintableErc20.constructor(string,string,uint8).decimals (contracts/utils/MintableErc20.sol#11) shadows:
- ERC20.decimals() (contracts/open-zeppelin/ERC20.sol#91-93) (function)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#local-variable-shadowing
INFO:Detectors:
InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#20) lacks a zero-check on :
- (success) = _logic.delegatecall(_data) (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#25)
BaseAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes).newImplementation (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#85) lacks a zero-check on :
- (success) = newImplementation.delegatecall(data) (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#87)
UpgradeabilityProxy.constructor(address,bytes)._logic (contracts/open-zeppelin/UpgradeabilityProxy.sol#19) lacks a zero-check on :
- (success) = _logic.delegatecall(_data) (contracts/open-zeppelin/UpgradeabilityProxy.sol#23)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-zero-address-validation
INFO:Detectors:
Modifier BaseAdminUpgradeabilityProxy.ifAdmin() (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#34-40) does not always execute _; or revertReference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-modifier
INFO:Detectors:
Reentrancy in AaveToken.initialize(address,address,ITransferHook) (contracts/token/AaveToken.sol#59-85):
External calls:
- _mint(migrator,MIGRATION_AMOUNT) (contracts/token/AaveToken.sol#83)
- aaveGovernance.onTransfer(from,to,amount) (contracts/token/AaveToken.sol#181)
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
- aaveGovernance.onTransfer(from,to,amount) (contracts/token/AaveToken.sol#181)
Event emitted after the call(s):
- SnapshotDone(owner,oldValue,newValue) (contracts/token/AaveToken.sol#152)
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
- Transfer(address(0),account,amount) (contracts/open-zeppelin/ERC20.sol#236)
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
Reentrancy in LendToAaveMigrator.migrateFromLEND(uint256) (contracts/token/LendToAaveMigrator.sol#61-68):
External calls:
- LEND.transferFrom(msg.sender,address(this),amount) (contracts/token/LendToAaveMigrator.sol#65)
- AAVE.transfer(msg.sender,amount.div(LEND_AAVE_RATIO)) (contracts/token/LendToAaveMigrator.sol#66)
Event emitted after the call(s):
- LendMigrated(msg.sender,amount) (contracts/token/LendToAaveMigrator.sol#67)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-3
INFO:Detectors:
AaveToken.permit(address,address,uint256,uint256,uint8,bytes32,bytes32) (contracts/token/AaveToken.sol#98-123) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(block.timestamp <= deadline,INVALID_EXPIRATION) (contracts/token/AaveToken.sol#109)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#block-timestamp
INFO:Detectors:
Address.isContract(address) (contracts/open-zeppelin/Address.sol#24-33) uses assembly
- INLINE ASM (contracts/open-zeppelin/Address.sol#31)
BaseAdminUpgradeabilityProxy._admin() (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#94-99) uses assembly
- INLINE ASM (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#96-98)
BaseAdminUpgradeabilityProxy._setAdmin(address) (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#105-111) uses assembly
- INLINE ASM (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#108-110)
BaseUpgradeabilityProxy._implementation() (contracts/open-zeppelin/BaseUpgradeabilityProxy.sol#30-35) uses assembly
- INLINE ASM (contracts/open-zeppelin/BaseUpgradeabilityProxy.sol#32-34)
BaseUpgradeabilityProxy._setImplementation(address) (contracts/open-zeppelin/BaseUpgradeabilityProxy.sol#50-58) uses assembly
- INLINE ASM (contracts/open-zeppelin/BaseUpgradeabilityProxy.sol#55-57)
Proxy._delegate(address) (contracts/open-zeppelin/Proxy.sol#30-49) uses assembly
- INLINE ASM (contracts/open-zeppelin/Proxy.sol#31-48)
AaveToken.initialize(address,address,ITransferHook) (contracts/token/AaveToken.sol#59-85) uses assembly
- INLINE ASM (contracts/token/AaveToken.sol#68-70)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage
INFO:Detectors:
Address.sendValue(address,uint256) (contracts/open-zeppelin/Address.sol#51-57) is never used and should be removed
Context._msgData() (contracts/open-zeppelin/Context.sol#20-23) is never used and should be removed
ERC20._burn(address,uint256) (contracts/open-zeppelin/ERC20.sol#250-258) is never used and should be removed
SafeMath.mod(uint256,uint256) (contracts/open-zeppelin/SafeMath.sol#131-133) is never used and should be removed
SafeMath.mod(uint256,uint256,string) (contracts/open-zeppelin/SafeMath.sol#146-149) is never used and should be removed
SafeMath.mul(uint256,uint256) (contracts/open-zeppelin/SafeMath.sol#71-83) is never used and should be removed
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dead-code
INFO:Detectors:
Low level call in Address.sendValue(address,uint256) (contracts/open-zeppelin/Address.sol#51-57):
- (success) = recipient.call{value: amount}() (contracts/open-zeppelin/Address.sol#55)
Low level call in BaseAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes) (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#85-89):
- (success) = newImplementation.delegatecall(data) (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#87)
Low level call in InitializableUpgradeabilityProxy.initialize(address,bytes) (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#20-28):
- (success) = _logic.delegatecall(_data) (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#25)
Low level call in UpgradeabilityProxy.constructor(address,bytes) (contracts/open-zeppelin/UpgradeabilityProxy.sol#19-26):
- (success) = _logic.delegatecall(_data) (contracts/open-zeppelin/UpgradeabilityProxy.sol#23)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls
INFO:Detectors:
DoubleTransferHelper (contracts/utils/DoubleTransferHelper.sol#6-19) should inherit from VersionedInitializable (contracts/utils/VersionedInitializable.sol#18-44)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-inheritance
INFO:Detectors:
Variable ERC20._name (contracts/open-zeppelin/ERC20.sol#44) is not in mixedCase
Variable ERC20._symbol (contracts/open-zeppelin/ERC20.sol#45) is not in mixedCase
Parameter InitializableAdminUpgradeabilityProxy.initialize(address,address,bytes)._logic (contracts/open-zeppelin/InitializableAdminUpgradeabilityProxy.sol#22) is not in mixedCase
Parameter InitializableAdminUpgradeabilityProxy.initialize(address,address,bytes)._admin (contracts/open-zeppelin/InitializableAdminUpgradeabilityProxy.sol#22) is not in mixedCase
Parameter InitializableAdminUpgradeabilityProxy.initialize(address,address,bytes)._data (contracts/open-zeppelin/InitializableAdminUpgradeabilityProxy.sol#22) is not in mixedCase
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#20) is not in mixedCase
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._data (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#20) is not in mixedCase
Variable AaveToken._nonces (contracts/token/AaveToken.sol#34) is not in mixedCase
Variable AaveToken._snapshots (contracts/token/AaveToken.sol#36) is not in mixedCase
Variable AaveToken._countsSnapshots (contracts/token/AaveToken.sol#38) is not in mixedCase
Variable AaveToken._aaveGovernance (contracts/token/AaveToken.sol#43) is not in mixedCase
Variable AaveToken.DOMAIN_SEPARATOR (contracts/token/AaveToken.sol#45) is not in mixedCase
Variable LendToAaveMigrator.AAVE (contracts/token/LendToAaveMigrator.sol#17) is not in mixedCase
Variable LendToAaveMigrator.LEND (contracts/token/LendToAaveMigrator.sol#18) is not in mixedCase
Variable LendToAaveMigrator.LEND_AAVE_RATIO (contracts/token/LendToAaveMigrator.sol#19) is not in mixedCase
Variable LendToAaveMigrator._totalLendMigrated (contracts/token/LendToAaveMigrator.sol#22) is not in mixedCase
Variable DoubleTransferHelper.AAVE (contracts/utils/DoubleTransferHelper.sol#8) is not in mixedCase
Variable VersionedInitializable.______gap (contracts/utils/VersionedInitializable.sol#43) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
INFO:Detectors:
Redundant expression "this (contracts/open-zeppelin/Context.sol#21)" inContext (contracts/open-zeppelin/Context.sol#15-25)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#redundant-statements
INFO:Slither:0x7Fc66500c84A76Ad7e9c93437bFc5Ac33E2DDaE9 analyzed (19 contracts with 79 detectors), 57 result(s) found
Slither report for TransparentUpgradeableProxy at `0x8315177aB297bA92A06054cE80a67Ed4DBd7ed3a` with implementation Bridge at `0x1066CEcC8880948FE55e427E94F1FF221d626591`
INFO:Detectors:
ERC1967Upgrade._upgradeToAndCallUUPS(address,bytes,bool).slot (@openzeppelin/contracts/proxy/ERC1967/ERC1967Upgrade.sol#92) is a local variable never initialized
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#uninitialized-local-variables
INFO:Detectors:
ERC1967Upgrade._upgradeToAndCall(address,bytes,bool) (@openzeppelin/contracts/proxy/ERC1967/ERC1967Upgrade.sol#65-74) ignores return value by Address.functionDelegateCall(newImplementation,data) (@openzeppelin/contracts/proxy/ERC1967/ERC1967Upgrade.sol#72)
ERC1967Upgrade._upgradeToAndCallUUPS(address,bytes,bool) (@openzeppelin/contracts/proxy/ERC1967/ERC1967Upgrade.sol#81-99) ignores return value by IERC1822Proxiable(newImplementation).proxiableUUID() (@openzeppelin/contracts/proxy/ERC1967/ERC1967Upgrade.sol#92-96)
ERC1967Upgrade._upgradeBeaconToAndCall(address,bytes,bool) (@openzeppelin/contracts/proxy/ERC1967/ERC1967Upgrade.sol#174-184) ignores return value by Address.functionDelegateCall(IBeacon(newBeacon).implementation(),data) (@openzeppelin/contracts/proxy/ERC1967/ERC1967Upgrade.sol#182)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unused-return
INFO:Detectors:
Modifier TransparentUpgradeableProxy.ifAdmin() (@openzeppelin/contracts/proxy/transparent/TransparentUpgradeableProxy.sol#46-52) does not always execute _; or revertReference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-modifier
INFO:Detectors:
Proxy._delegate(address) (@openzeppelin/contracts/proxy/Proxy.sol#22-45) uses assembly
- INLINE ASM (@openzeppelin/contracts/proxy/Proxy.sol#23-44)
Address.verifyCallResult(bool,bytes,string) (@openzeppelin/contracts/utils/Address.sol#201-221) uses assembly
- INLINE ASM (@openzeppelin/contracts/utils/Address.sol#213-216)
StorageSlot.getAddressSlot(bytes32) (@openzeppelin/contracts/utils/StorageSlot.sol#52-56) uses assembly
- INLINE ASM (@openzeppelin/contracts/utils/StorageSlot.sol#53-55)
StorageSlot.getBooleanSlot(bytes32) (@openzeppelin/contracts/utils/StorageSlot.sol#61-65) uses assembly
- INLINE ASM (@openzeppelin/contracts/utils/StorageSlot.sol#62-64)
StorageSlot.getBytes32Slot(bytes32) (@openzeppelin/contracts/utils/StorageSlot.sol#70-74) uses assembly
- INLINE ASM (@openzeppelin/contracts/utils/StorageSlot.sol#71-73)
StorageSlot.getUint256Slot(bytes32) (@openzeppelin/contracts/utils/StorageSlot.sol#79-83) uses assembly
- INLINE ASM (@openzeppelin/contracts/utils/StorageSlot.sol#80-82)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage
INFO:Detectors:
Address.functionCall(address,bytes) (@openzeppelin/contracts/utils/Address.sol#85-87) is never used and should be removed
Address.functionCall(address,bytes,string) (@openzeppelin/contracts/utils/Address.sol#95-101) is never used and should be removed
Address.functionCallWithValue(address,bytes,uint256) (@openzeppelin/contracts/utils/Address.sol#114-120) is never used and should be removed
Address.functionCallWithValue(address,bytes,uint256,string) (@openzeppelin/contracts/utils/Address.sol#128-139) is never used and should be removed
Address.functionStaticCall(address,bytes) (@openzeppelin/contracts/utils/Address.sol#147-149) is never used and should be removed
Address.functionStaticCall(address,bytes,string) (@openzeppelin/contracts/utils/Address.sol#157-166) is never used and should be removed
Address.sendValue(address,uint256) (@openzeppelin/contracts/utils/Address.sol#60-65) is never used and should be removed
ERC1967Upgrade._getBeacon() (@openzeppelin/contracts/proxy/ERC1967/ERC1967Upgrade.sol#152-154) is never used and should be removed
ERC1967Upgrade._setBeacon(address) (@openzeppelin/contracts/proxy/ERC1967/ERC1967Upgrade.sol#159-166) is never used and should be removed
ERC1967Upgrade._upgradeBeaconToAndCall(address,bytes,bool) (@openzeppelin/contracts/proxy/ERC1967/ERC1967Upgrade.sol#174-184) is never used and should be removed
ERC1967Upgrade._upgradeToAndCallUUPS(address,bytes,bool) (@openzeppelin/contracts/proxy/ERC1967/ERC1967Upgrade.sol#81-99) is never used and should be removed
StorageSlot.getBooleanSlot(bytes32) (@openzeppelin/contracts/utils/StorageSlot.sol#61-65) is never used and should be removed
StorageSlot.getBytes32Slot(bytes32) (@openzeppelin/contracts/utils/StorageSlot.sol#70-74) is never used and should be removed
StorageSlot.getUint256Slot(bytes32) (@openzeppelin/contracts/utils/StorageSlot.sol#79-83) is never used and should be removed
TransparentUpgradeableProxy._admin() (@openzeppelin/contracts/proxy/transparent/TransparentUpgradeableProxy.sol#114-116) is never used and should be removed
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dead-code
INFO:Detectors:
Low level call in Address.sendValue(address,uint256) (@openzeppelin/contracts/utils/Address.sol#60-65):
- (success) = recipient.call{value: amount}() (@openzeppelin/contracts/utils/Address.sol#63)
Low level call in Address.functionCallWithValue(address,bytes,uint256,string) (@openzeppelin/contracts/utils/Address.sol#128-139):
- (success,returndata) = target.call{value: value}(data) (@openzeppelin/contracts/utils/Address.sol#137)
Low level call in Address.functionStaticCall(address,bytes,string) (@openzeppelin/contracts/utils/Address.sol#157-166):
- (success,returndata) = target.staticcall(data) (@openzeppelin/contracts/utils/Address.sol#164)
Low level call in Address.functionDelegateCall(address,bytes,string) (@openzeppelin/contracts/utils/Address.sol#184-193):
- (success,returndata) = target.delegatecall(data) (@openzeppelin/contracts/utils/Address.sol#191)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls
INFO:Detectors:
TransparentUpgradeableProxy (@openzeppelin/contracts/proxy/transparent/TransparentUpgradeableProxy.sol#29-125) should inherit from IBeacon (@openzeppelin/contracts/proxy/beacon/IBeacon.sol#9-16)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-inheritance
INFO:Slither:0x8315177aB297bA92A06054cE80a67Ed4DBd7ed3a analyzed (8 contracts with 79 detectors), 31 result(s) found
Slither report for GovernanceStrategy at `0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e`
INFO:Detectors:
GovernanceStrategy.constructor(address,address).aave (crytic-export/etherscan-contracts/0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e-GovernanceStrategy.sol#78) lacks a zero-check on :
- AAVE = aave (crytic-export/etherscan-contracts/0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e-GovernanceStrategy.sol#79)
GovernanceStrategy.constructor(address,address).stkAave (crytic-export/etherscan-contracts/0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e-GovernanceStrategy.sol#78) lacks a zero-check on :
- STK_AAVE = stkAave (crytic-export/etherscan-contracts/0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e-GovernanceStrategy.sol#80)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-zero-address-validation
INFO:Detectors:
Variable GovernanceStrategy.AAVE (crytic-export/etherscan-contracts/0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e-GovernanceStrategy.sol#70) is not in mixedCase
Variable GovernanceStrategy.STK_AAVE (crytic-export/etherscan-contracts/0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e-GovernanceStrategy.sol#71) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
INFO:Slither:0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e analyzed (4 contracts with 79 detectors), 4 result(s) found