- ID: 268
- Proposer: 0x1c037b3C22240048807cC9d7111be5d455F640bd
- Targets: 0x16765d275c00Caa7Ec9a30D1629fD42121c3ae6B
- Executor: 0xEE56e2B3D491590B5b31738cC34d5232F378a8D5 (Short executor)
- Simulation: https://dashboard.tenderly.co/me/simulator/5eb8151a-10b8-4fea-a39f-c2b9bf045ea3
Proposal text
This AIP proposes launching GHO, an Aave native stablecoin, with two initial facilitators: the Aave V3 Ethereum Facilitator and the FlashMinter Facilitator. If this AIP is approved by the Aave DAO, GHO will become live on Ethereum Mainnet.
After extensive community discussion, multiple phases of the Aave DAO governance process, and months of testing on Ethereum’s Goerli Testnet, this AIP proposes the introduction of GHO to Ethereum Mainnet with the Aave V3 Facilitator and FlashMinter Facilitator.
Following the approval of this AIP, users of Aave V3 on Ethereum will be able to mint GHO against their collateral, kickstarting a new era for the Aave ecosystem and the Aave DAO.
If approved, the introduction of GHO would make stablecoin borrowing on the Aave Protocol more competitive and generate additional revenue for the Aave DAO by providing to the DAO treasury 100% of the interest payments made on GHO borrows.
Following the introduction of GHO, the DAO will also be able to change GHO’s interest rate, as necessary, over time through a governance process. GHO’s financial framework will be managed by the Aave DAO in a decentralized way.
GHO introduces the concept of Facilitators. A Facilitator (e.g., a protocol, an entity, etc.) can generate (and burn) GHO tokens up to a certain bucket size. This proposal combined two previously approved Facilitators (the Aave V3 Ethereum Pool and the FlashMinter), and their corresponding initial parameters, into this AIP for approval.
The Aave V3 Ethereum Pool Facilitator would allow depositors to borrow GHO against their collateral which is deposited in the V3 Ethereum Mainnet Pool.
After much community discussion, which can be found here, GHO’s initial parameters for the Aave V3 Ethereum Pool Facilitator passed the following TEMP CHECK, with 440,000 votes in favour of Option A.
Option A provides the following parameters for the launch of GHO in the Aave V3 Ethereum Pool:
| Parameter | Value |
|---|---|
| Borrow Rate | 1.5% |
| Bucket Capacity | 100M GHO |
| stkAAVE Discount Rate | 30% |
If this AIP is approved by the community, GHO would launch with the above parameters for this Facilitator.
At launch, given community approval, GHO will have a second facilitator as discussed in this forum post.
FlashMinting provides the same functionality as a Flashloan, but instead of borrowing assets from a pool, users will be able to FlashMint GHO and repay in a single transaction. The FlashMinter would have a beneficial influence on GHO’s ability to maintain its peg because, amongst other benefits, it enables more efficient arbitrage.
The TEMP CHECK approving the FlashMinter Facilitator and its parameters, with 679,000 votes in support, can be found here.
As a result of this TEMP CHECK, it is agreed by the community that the FlashMinter Facilitators initial bucket capacity will be 2,000,000 GHO and that there will be no fee paid to the Facilitator. In the early stages, GHO's ability to maintain its peg will be enhanced by low fees, which further incentivizes arbitrage.
This proposal initiates GHO, which consists of a set of actions:
- Deployment of GHO ERC20 and transfer control over the smart contract to the Aave DAO.
- Listing of GHO as a borrowable asset in the Aave Protocol.
- Enrollment of Aave V3 Ethereum Pool as the first Facilitator of GHO.
- Deployment of GhoFlashMinter and enrollment as the second Facilitator of GHO.
- Configuration of stkAAVE as discount token for GHO borrow rate.
In terms of relevant links, you can find a directory of GHO’s smart contracts here and all audits of GHO’s codebase, along with audits of the relevant Facilitators, can be found here.
Copyright and related rights waived via CC0.
Info:
- State changes:
# unknown contract name at `0x00907f9921424583e7ffBfEdf84F92B7B2Be4977`
@@ Slot `0x0000000000000000000000000000000000000000000000000000000000000000` @@
- "0x0000000000000000000000000000000000000000000000000000000000000000"
+ "0x0000000000000000000000000000000000000000000000000000000000000001"
@@ Slot `0x0000000000000000000000000000000000000000000000000000000000000037` @@
- "0x0000000000000000000000000000000000000000000000000000000000000000"
+ "0x4161766520457468657265756d2047484f000000000000000000000000000022"
@@ Slot `0x0000000000000000000000000000000000000000000000000000000000000038` @@
- "0x0000000000000000000000000000000000000000000000000000000000000000"
+ "0x6145746847484f0000000000000000000000000000000000000000000000000e"
@@ Slot `0x0000000000000000000000000000000000000000000000000000000000000039` @@
- "0x0000000000000000000000000000000000000000000000000000000000000000"
+ "0x00000000000000000000008164cc65827dcfe994ab23944cbc90e0aa80bfcb12"
@@ Slot `0x000000000000000000000000000000000000000000000000000000000000003b` @@
- "0x0000000000000000000000000000000000000000000000000000000000000000"
+ "0x4d9e7124bf12b213460312c83337d694edfe76ce036e0b41ba823a97ace96b32"
@@ Slot `0x000000000000000000000000000000000000000000000000000000000000003c` @@
- "0x0000000000000000000000000000000000000000000000000000000000000000"
+ "0x000000000000000000000000464c71f6c2f760dda6093dcb91c24c39e5d6e18c"
@@ Slot `0x000000000000000000000000000000000000000000000000000000000000003d` @@
- "0x0000000000000000000000000000000000000000000000000000000000000000"
+ "0x00000000000000000000000040d16fc0246ad3160ccc09b8d0d3a2cd28ae6c2f"
@@ Slot `0x000000000000000000000000000000000000000000000000000000000000003e` @@
- "0x0000000000000000000000000000000000000000000000000000000000000000"
+ "0x000000000000000000000000786dbff3f1292ae8f92ea68cf93c30b34b1ed04b"
@@ Slot `0x000000000000000000000000000000000000000000000000000000000000003f` @@
- "0x0000000000000000000000000000000000000000000000000000000000000000"
+ "0x000000000000000000000000464c71f6c2f760dda6093dcb91c24c39e5d6e18c"
@@ Slot `0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc` @@
- "0x0000000000000000000000000000000000000000000000000000000000000000"
+ "0x0000000000000000000000002f32a274e02fa356423ce5e97a8e3155c1ac396b"# unknown contract name at `0x3f3DF7266dA30102344A813F1a3D07f5F041B5AC`
@@ Slot `0x0000000000000000000000000000000000000000000000000000000000000000` @@
- "0x0000000000000000000000000000000000000000000000000000000000000000"
+ "0x0000000000000000000000000000000000000000000000000000000000000001"
@@ Slot `0x0000000000000000000000000000000000000000000000000000000000000035` @@
- "0x0000000000000000000000000000000000000000000000000000000000000000"
+ "0xfe48a58c05f986b03f0b5ab2aa9338195cbd39c077700cb38b491478fd44718a"
@@ Slot `0x0000000000000000000000000000000000000000000000000000000000000037` @@
- "0x0000000000000000000000000000000000000000000000000000000000000000"
+ "0x00000000000000000000000040d16fc0246ad3160ccc09b8d0d3a2cd28ae6c2f"
@@ Slot `0x000000000000000000000000000000000000000000000000000000000000003b` @@
- "0x0000000000000000000000000000000000000000000000000000000000000000"
+ "0x4161766520457468657265756d20537461626c6520446562742047484f00003a"
@@ Slot `0x000000000000000000000000000000000000000000000000000000000000003c` @@
- "0x0000000000000000000000000000000000000000000000000000000000000000"
+ "0x737461626c654465627445746847484f00000000000000000000000000000020"
@@ Slot `0x000000000000000000000000000000000000000000000000000000000000003d` @@
- "0x0000000000000000000000000000000000000000000000000000000000000000"
+ "0x00000000000000000000008164cc65827dcfe994ab23944cbc90e0aa80bfcb12"
@@ Slot `0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc` @@
- "0x0000000000000000000000000000000000000000000000000000000000000000"
+ "0x00000000000000000000000005b435c741f5ab03c2e6735e23f1b7fe01cc6b22"# GhoToken at `0x40D16FC0246aD3160Ccc09B8D0D3A2cD28aE6C2f`
@@ Slot `0x0000000000000000000000000000000000000000000000000000000000000008` @@
- "0x0000000000000000000000000000000000000000000000000000000000000000"
+ "0x0000000000000000000000000000000000000000000000000000000000000002"
@@ Slot `0x06423557a482290ef799493b6234b5a1252b43e3c8a08198ebaea1d8e719c84f` @@
- "0x0000000000000000000000000000000000000000000000000000000000000000"
+ "0x0000000000000000000000000000000000000000000000000000000000000001"
@@ `_roles` key `0x5e20732f79076148980e17b6ce9f22756f85058fe2765420ed48a504bef5a8bc`.members.0xee56e2b3d491590b5b31738cc34d5232f378a8d5 @@
- false
+ true
@@ `_roles` key `0xc7f115822aabac0cd6b9d21b08c0c63819451a58157aecad689d1b5674fad408`.members.0xee56e2b3d491590b5b31738cc34d5232f378a8d5 @@
- false
+ true
@@ Slot `0x47a93fcad00c98ce28db5720ee4b98529db6a0963ab5c107f058b43b9f1b870e` @@
- "0x0000000000000000000000000000000000000000000000000000000000000000"
+ "0x0000000000000000000000000000000000000000000000000000000000000002"
@@ Slot `0x7170b4e5898737af51bcab6edc3bc654e4f471d63cace5f61fa8dc0c1c0b4470` @@
- "0x0000000000000000000000000000000000000000000000000000000000000000"
+ "0x00000000000000000000000000000000000000000052b7d2dcc80cd2e4000000"
@@ Slot `0x7170b4e5898737af51bcab6edc3bc654e4f471d63cace5f61fa8dc0c1c0b4471` @@
- "0x0000000000000000000000000000000000000000000000000000000000000000"
+ "0x4161766520563320457468657265756d20506f6f6c000000000000000000002a"
@@ Slot `0xac4b83f0960b67ce4032848c9a1828523a1bd87e5074df3b312a61a62a668311` @@
- "0x0000000000000000000000000000000000000000000000000000000000000000"
+ "0x00000000000000000000000000000000000000000001a784379d99db42000000"
@@ Slot `0xac4b83f0960b67ce4032848c9a1828523a1bd87e5074df3b312a61a62a668312` @@
- "0x0000000000000000000000000000000000000000000000000000000000000000"
+ "0x466c6173684d696e74657220466163696c697461746f7200000000000000002e"
@@ Slot `0xf3f7a9fe364faab93b216da50a3214154f22a0a2b415b23a84c8169e8b636ee3` @@
- "0x0000000000000000000000000000000000000000000000000000000000000000"
+ "0x00000000000000000000000000907f9921424583e7ffbfedf84f92b7b2be4977"
@@ Slot `0xf3f7a9fe364faab93b216da50a3214154f22a0a2b415b23a84c8169e8b636ee4` @@
- "0x0000000000000000000000000000000000000000000000000000000000000000"
+ "0x000000000000000000000000b639d208bcf0589d54fac24e655c79ec529762b8"# InitializableAdminUpgradeabilityProxy at `0x4da27a545c0c5B758a6BA100e3a049001de870f5` with implementation StakedAaveV3 at `0xAa9FAa887bce5182C39F68Ac46C43F36723C395b`
@@ ghoDebtToken @@
- 0x0000000000000000000000000000000000000000
+ 0x786dbff3f1292ae8f92ea68cf93c30b34b1ed04b# AaveOracle at `0x54586bE62E3c3580375aE3723C145253060Ca0C2`
@@ `assetsSources` key `0x40d16fc0246ad3160ccc09b8d0d3a2cd28ae6c2f` @@
- 0x0000000000000000000000000000000000000000
+ 0xd110cac5d8682a3b045d5524a9903e031d70fccd
# unknown contract name at `0x786dBff3f1292ae8F92ea68Cf93c30b34B1ed04B`
@@ Slot `0x0000000000000000000000000000000000000000000000000000000000000000` @@
- "0x0000000000000000000000000000000000000000000000000000000000000000"
+ "0x0000000000000000000000000000000000000000000000000000000000000001"
@@ Slot `0x0000000000000000000000000000000000000000000000000000000000000035` @@
- "0x0000000000000000000000000000000000000000000000000000000000000000"
+ "0x0b0892b4b32b69f7be67492954f1ef7eeabd72aaa4c84084de8b51539f7d8f59"
@@ Slot `0x0000000000000000000000000000000000000000000000000000000000000037` @@
- "0x0000000000000000000000000000000000000000000000000000000000000000"
+ "0x00000000000000000000000040d16fc0246ad3160ccc09b8d0d3a2cd28ae6c2f"
@@ Slot `0x000000000000000000000000000000000000000000000000000000000000003b` @@
- "0x0000000000000000000000000000000000000000000000000000000000000000"
+ "0x4161766520457468657265756d205661726961626c6520446562742047484f3e"
@@ Slot `0x000000000000000000000000000000000000000000000000000000000000003c` @@
- "0x0000000000000000000000000000000000000000000000000000000000000000"
+ "0x7661726961626c654465627445746847484f0000000000000000000000000024"
@@ Slot `0x000000000000000000000000000000000000000000000000000000000000003d` @@
- "0x0000000000000000000000000000000000000000000000000000000000000000"
+ "0x00000000000000000000008164cc65827dcfe994ab23944cbc90e0aa80bfcb12"
@@ Slot `0x000000000000000000000000000000000000000000000000000000000000003e` @@
- "0x0000000000000000000000000000000000000000000000000000000000000000"
+ "0x00000000000000000000000000907f9921424583e7ffbfedf84f92b7b2be4977"
@@ Slot `0x000000000000000000000000000000000000000000000000000000000000003f` @@
- "0x0000000000000000000000000000000000000000000000000000000000000000"
+ "0x0000000000000000000000004da27a545c0c5b758a6ba100e3a049001de870f5"
@@ Slot `0x0000000000000000000000000000000000000000000000000000000000000040` @@
- "0x0000000000000000000000000000000000000000000000000000000000000000"
+ "0x0000000000000000000000004c38ec4d1d2068540dfc11dfa4de41f733ddf812"
@@ Slot `0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc` @@
- "0x0000000000000000000000000000000000000000000000000000000000000000"
+ "0x0000000000000000000000003feab6f8510c73e05b8c0fdf96df012e3a144319"# InitializableImmutableAdminUpgradeabilityProxy at `0x87870Bca3F3fD6335C3F4ce8392D69350B4fA4E2` with implementation Pool at `0xF1Cd4193bbc1aD4a23E833170f49d60f3D35a621`
@@ _reservesCount @@
- 20
+ 21
@@ _maxStableRateBorrowSizePercent @@
- 2500
+ 2500
@@ Slot `0xd012ca7af76c4f6c57661a030d076f2e2da917e2514383571e38d769dc6e4fb5` @@
- "0x0000000000000000000000000000000000000000000000000000000000000000"
+ "0x00000000000000000000000040d16fc0246ad3160ccc09b8d0d3a2cd28ae6c2f"
@@ `_reserves` key `0x40d16fc0246ad3160ccc09b8d0d3a2cd28ae6c2f`.configuration.data @@
- 0
+ 365354519770431488
# decoded configuration.data for key `0x40d16fc0246ad3160ccc09b8d0d3a2cd28ae6c2f` (symbol: GHO)
@@ configuration.data.ltv @@
- 0
+ 0
@@ configuration.data.liquidationThreshold @@
- 0
+ 0
@@ configuration.data.liquidationBonus @@
- 0
+ 0
@@ configuration.data.decimals @@
- 0
+ 18
@@ configuration.data.active @@
- false
+ true
@@ configuration.data.borrowingEnabled @@
- false
+ true
@@ configuration.data.reserveFactor @@
- 0
+ 0
@@ configuration.data.borrowCap @@
- 0
+ 0
@@ configuration.data.supplyCap @@
- 0
+ 0
@@ configuration.data.liquidationProtocolFee @@
- 0
+ 0
@@ configuration.data.eModeCategory @@
- 0
+ 0
@@ configuration.data.unbackedMintCap @@
- 0
+ 0
@@ configuration.data.debtCeiling @@
- 0
+ 0
@@ Slot `0xfd2dab4be6d07bba0109696859cf3ea9f610b92569d2a062e705af4b9c58ff17` @@
- "0x0000000000000000000000000000000000000000000000000000000000000000"
+ "0x0000000000000000000000000000000000000000033b2e3c9fd0803ce8000000"
@@ Slot `0xfd2dab4be6d07bba0109696859cf3ea9f610b92569d2a062e705af4b9c58ff18` @@
- "0x0000000000000000000000000000000000000000000000000000000000000000"
+ "0x0000000000000000000000000000000000000000033b2e3c9fd0803ce8000000"
@@ Slot `0xfd2dab4be6d07bba0109696859cf3ea9f610b92569d2a062e705af4b9c58ff19` @@
- "0x0000000000000000000000000000000000000000000000000000000000000000"
+ "0x0000000000000000000014000000000000000000000000000000000000000000"
@@ Slot `0xfd2dab4be6d07bba0109696859cf3ea9f610b92569d2a062e705af4b9c58ff1a` @@
- "0x0000000000000000000000000000000000000000000000000000000000000000"
+ "0x00000000000000000000000000907f9921424583e7ffbfedf84f92b7b2be4977"
@@ Slot `0xfd2dab4be6d07bba0109696859cf3ea9f610b92569d2a062e705af4b9c58ff1b` @@
- "0x0000000000000000000000000000000000000000000000000000000000000000"
+ "0x0000000000000000000000003f3df7266da30102344a813f1a3d07f5f041b5ac"
@@ Slot `0xfd2dab4be6d07bba0109696859cf3ea9f610b92569d2a062e705af4b9c58ff1c` @@
- "0x0000000000000000000000000000000000000000000000000000000000000000"
+ "0x000000000000000000000000786dbff3f1292ae8f92ea68cf93c30b34b1ed04b"
@@ Slot `0xfd2dab4be6d07bba0109696859cf3ea9f610b92569d2a062e705af4b9c58ff1d` @@
- "0x0000000000000000000000000000000000000000000000000000000000000000"
+ "0x00000000000000000000000016e77d8a7192b65fed49b3374417885ff4421a74"# GhoFlashMinter at `0xb639D208Bcf0589D54FaC24E655C79EC529762B8`
@@ Slot `0x0000000000000000000000000000000000000000000000000000000000000001` @@
- "0x0000000000000000000000000000000000000000000000000000000000000000"
+ "0x000000000000000000000000464c71f6c2f760dda6093dcb91c24c39e5d6e18c"Info:
- There is no SELFDESTRUCT inside of delegated call
Info:
- Events Emitted:
- GhoToken at
0x40D16FC0246aD3160Ccc09B8D0D3A2cD28aE6C2fRoleGranted(role: 0x5e20732f79076148980e17b6ce9f22756f85058fe2765420ed48a504bef5a8bc, account: 0xee56e2b3d491590b5b31738cc34d5232f378a8d5, sender: 0xee56e2b3d491590b5b31738cc34d5232f378a8d5)RoleGranted(role: 0xc7f115822aabac0cd6b9d21b08c0c63819451a58157aecad689d1b5674fad408, account: 0xee56e2b3d491590b5b31738cc34d5232f378a8d5, sender: 0xee56e2b3d491590b5b31738cc34d5232f378a8d5)FacilitatorAdded(facilitatorAddress: 0x00907f9921424583e7ffbfedf84f92b7b2be4977, label: 0xea9d249a55b3367167f8487bc2d39e7a1ef17abdaf3a4db5a469a65228b3fd76, bucketCapacity: 100000000000000000000000000)FacilitatorAdded(facilitatorAddress: 0xb639d208bcf0589d54fac24e655c79ec529762b8, label: 0xcec96f96fc12bd8bc18d80b1080988b208436c50d1d11687e6c0922908b6ea3b, bucketCapacity: 2000000000000000000000000)
- GhoFlashMinter at
0xb639D208Bcf0589D54FaC24E655C79EC529762B8GhoTreasuryUpdated(oldGhoTreasury: 0x0000000000000000000000000000000000000000, newGhoTreasury: 0x464c71f6c2f760dda6093dcb91c24c39e5d6e18c)FeeUpdated(oldFee: 0, newFee: 0)
- AaveOracle at
0x54586bE62E3c3580375aE3723C145253060Ca0C2AssetSourceUpdated(asset: 0x40d16fc0246ad3160ccc09b8d0d3a2cd28ae6c2f, source: 0xd110cac5d8682a3b045d5524a9903e031d70fccd)
- unknown contract name at
0x00907f9921424583e7ffBfEdf84F92B7B2Be4977Initialized(underlyingAsset: 0x40d16fc0246ad3160ccc09b8d0d3a2cd28ae6c2f, pool: 0x87870bca3f3fd6335c3f4ce8392d69350b4fa4e2, treasury: 0x464c71f6c2f760dda6093dcb91c24c39e5d6e18c, incentivesController: 0x8164cc65827dcfe994ab23944cbc90e0aa80bfcb, aTokenDecimals: 18, aTokenName: Aave Ethereum GHO, aTokenSymbol: aEthGHO, params: 0x)VariableDebtTokenSet(variableDebtToken: 0x786dbff3f1292ae8f92ea68cf93c30b34b1ed04b)GhoTreasuryUpdated(oldGhoTreasury: 0x0000000000000000000000000000000000000000, newGhoTreasury: 0x464c71f6c2f760dda6093dcb91c24c39e5d6e18c)
- unknown contract name at
0x3f3DF7266dA30102344A813F1a3D07f5F041B5ACInitialized(underlyingAsset: 0x40d16fc0246ad3160ccc09b8d0d3a2cd28ae6c2f, pool: 0x87870bca3f3fd6335c3f4ce8392d69350b4fa4e2, incentivesController: 0x8164cc65827dcfe994ab23944cbc90e0aa80bfcb, debtTokenDecimals: 18, debtTokenName: Aave Ethereum Stable Debt GHO, debtTokenSymbol: stableDebtEthGHO, params: 0x)
- unknown contract name at
0x786dBff3f1292ae8F92ea68Cf93c30b34B1ed04BInitialized(underlyingAsset: 0x40d16fc0246ad3160ccc09b8d0d3a2cd28ae6c2f, pool: 0x87870bca3f3fd6335c3f4ce8392d69350b4fa4e2, incentivesController: 0x8164cc65827dcfe994ab23944cbc90e0aa80bfcb, debtTokenDecimals: 18, debtTokenName: Aave Ethereum Variable Debt GHO, debtTokenSymbol: variableDebtEthGHO, params: 0x)ATokenSet(aToken: 0x00907f9921424583e7ffbfedf84f92b7b2be4977)DiscountRateStrategyUpdated(oldDiscountRateStrategy: 0x0000000000000000000000000000000000000000, newDiscountRateStrategy: 0x4c38ec4d1d2068540dfc11dfa4de41f733ddf812)DiscountTokenUpdated(oldDiscountToken: 0x0000000000000000000000000000000000000000, newDiscountToken: 0x4da27a545c0c5b758a6ba100e3a049001de870f5)
- InitializableImmutableAdminUpgradeabilityProxy at
0x64b761D848206f447Fe2dd461b0c635Ec39EbB27with implementation PoolConfigurator at0xFDA7ffA872bDc906D43079EA134ebC9a511db0c2ReserveInitialized(asset: 0x40d16fc0246ad3160ccc09b8d0d3a2cd28ae6c2f, aToken: 0x00907f9921424583e7ffbfedf84f92b7b2be4977, stableDebtToken: 0x3f3df7266da30102344a813f1a3d07f5f041b5ac, variableDebtToken: 0x786dbff3f1292ae8f92ea68cf93c30b34b1ed04b, interestRateStrategyAddress: 0x16e77d8a7192b65fed49b3374417885ff4421a74)ReserveBorrowing(asset: 0x40d16fc0246ad3160ccc09b8d0d3a2cd28ae6c2f, enabled: true)
- InitializableAdminUpgradeabilityProxy at
0x4da27a545c0c5B758a6BA100e3a049001de870f5with implementation StakedAaveV3 at0xAa9FAa887bce5182C39F68Ac46C43F36723C395bGHODebtTokenChanged(newDebtToken: 0x786dbff3f1292ae8f92ea68cf93c30b34b1ed04b)
- GhoToken at
Info:
- Targets:
- 0x16765d275c00Caa7Ec9a30D1629fD42121c3ae6B: Contract (not verified)
Info:
- Touched address:
- 0xcd83f6e78897563eb694fbdf9c8f1eb2f2a9ae28: EOA (verification not applicable)
- 0xec568fffba86c094cf06b22134b23074dfe2252c: Contract (verified) (AaveGovernanceV2)
- 0xee56e2b3d491590b5b31738cc34d5232f378a8d5: Contract (verified) (Executor)
- 0xb7e383ef9b1e9189fc0f71fb30af8aa14377429e: Contract (verified) (GovernanceStrategy)
- 0x7fc66500c84a76ad7e9c93437bfc5ac33e2ddae9: Contract (verified) (InitializableAdminUpgradeabilityProxy)
- 0x96f68837877fd0414b55050c9e794aecdbcfca59: Contract (verified) (AaveTokenV2)
- 0x16765d275c00caa7ec9a30d1629fd42121c3ae6b: Contract (verified) (GhoListingPayload)
- 0xecebedbf26013fb55a5b0a275191a90984e5ae5e: Contract (not verified)
- 0x40d16fc0246ad3160ccc09b8d0d3a2cd28ae6c2f: Contract (verified) (GhoToken)
- 0x2401ae9bbef67458362710f90302eb52b5ce835a: Contract (not verified)
- 0xb639d208bcf0589d54fac24e655c79ec529762b8: Contract (verified) (GhoFlashMinter)
- 0x2f39d218133afab8f2b819b1066c7e434ad94e9e: Contract (verified) (PoolAddressesProvider)
- 0x54586be62e3c3580375ae3723c145253060ca0c2: Contract (verified) (AaveOracle)
- 0xc2aacf6553d20d1e9d78e365aaba8032af9c85b0: Contract (verified) (ACLManager)
- 0x64b761d848206f447fe2dd461b0c635ec39ebb27: Contract (verified) (InitializableImmutableAdminUpgradeabilityProxy)
- 0xfda7ffa872bdc906d43079ea134ebc9a511db0c2: Contract (verified) (PoolConfigurator)
- 0x66ac02c3120b848d65231ce977af3db1f60b97f9: Contract (verified) (ConfiguratorLogic)
- 0x00907f9921424583e7ffbfedf84f92b7b2be4977: Contract (not verified)
- 0x2f32a274e02fa356423ce5e97a8e3155c1ac396b: Contract (not verified)
- 0x3f3df7266da30102344a813f1a3d07f5f041b5ac: Contract (not verified)
- 0x05b435c741f5ab03c2e6735e23f1b7fe01cc6b22: Contract (not verified)
- 0x786dbff3f1292ae8f92ea68cf93c30b34b1ed04b: Contract (not verified)
- 0x3feab6f8510c73e05b8c0fdf96df012e3a144319: Contract (not verified)
- 0x87870bca3f3fd6335c3f4ce8392d69350b4fa4e2: Contract (verified) (InitializableImmutableAdminUpgradeabilityProxy)
- 0xf1cd4193bbc1ad4a23e833170f49d60f3d35a621: Contract (verified) (Pool)
- 0xd5256981e08492afc543af2a779af989e9f9f7e7: Contract (not verified)
- 0x7b4eb56e7cd4b454ba8ff71e4518426369a138a3: Contract (verified) (AaveProtocolDataProvider)
- 0x4da27a545c0c5b758a6ba100e3a049001de870f5: Contract (verified) (InitializableAdminUpgradeabilityProxy)
- 0xaa9faa887bce5182c39f68ac46c43f36723c395b: Contract (verified) (StakedAaveV3)
Info:
View Details
View warnings for GhoListingPayload at `0x16765d275c00Caa7Ec9a30D1629fD42121c3ae6B`
INFO:CryticCompile:'solc --standard-json --allow-paths /home/runner/work/seatbelt-for-ghosts/seatbelt-for-ghosts/crytic-export/etherscan-contracts/0x16765d275c00caa7ec9a30d1629fd42121c3ae6b-GhoListingPayload' running
View warnings for PoolAddressesProvider at `0x2f39d218133AFaB8F2B819B1066c7E434Ad94E9e`
INFO:CryticCompile:'solc --standard-json --allow-paths /home/runner/work/seatbelt-for-ghosts/seatbelt-for-ghosts/crytic-export/etherscan-contracts/0x2f39d218133afab8f2b819b1066c7e434ad94e9e-PoolAddressesProvider' running
WARNING:CryticCompile:Warning: Warning: This declaration has the same name as another declaration.
--> @aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:23:15:
|
23 | constructor(address admin) {
| ^^^^^^^^^^^^^
Note: The other declaration is here:
--> @aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:39:3:
|
39 | function admin() external ifAdmin returns (address) {
| ^ (Relevant source part starts here and spans across multiple lines).
Warning: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
--> @aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol:11:1:
|
11 | contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
| ^ (Relevant source part starts here and spans across multiple lines).
Note: The payable fallback function is defined here.
--> @aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:17:3:
|
17 | fallback() external payable {
| ^ (Relevant source part starts here and spans across multiple lines).
Warning: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
--> @aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:16:1:
|
16 | contract BaseImmutableAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
| ^ (Relevant source part starts here and spans across multiple lines).
Note: The payable fallback function is defined here.
--> @aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:17:3:
|
17 | fallback() external payable {
| ^ (Relevant source part starts here and spans across multiple lines).
Warning: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
--> @aave/core-v3/contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol:13:1:
|
13 | contract InitializableImmutableAdminUpgradeabilityProxy is
| ^ (Relevant source part starts here and spans across multiple lines).
Note: The payable fallback function is defined here.
--> @aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:17:3:
|
17 | fallback() external payable {
| ^ (Relevant source part starts here and spans across multiple lines).
View warnings for GhoToken at `0x40D16FC0246aD3160Ccc09B8D0D3A2cD28aE6C2f`
INFO:CryticCompile:'solc --standard-json --allow-paths /home/runner/work/seatbelt-for-ghosts/seatbelt-for-ghosts/crytic-export/etherscan-contracts/0x40d16fc0246ad3160ccc09b8d0d3a2cd28ae6c2f-GhoToken' running
View warnings for InitializableAdminUpgradeabilityProxy at `0x4da27a545c0c5B758a6BA100e3a049001de870f5` with implementation StakedAaveV3 at `0xAa9FAa887bce5182C39F68Ac46C43F36723C395b`
INFO:CryticCompile:'solc --standard-json --allow-paths /home/runner/work/seatbelt-for-ghosts/seatbelt-for-ghosts/crytic-export/etherscan-contracts/0x4da27a545c0c5b758a6ba100e3a049001de870f5-InitializableAdminUpgradeabilityProxy' running
WARNING:CryticCompile:Warning: contracts/interfaces/IAToken.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/stake/StakedToken.sol:256:7: Warning: This declaration shadows an existing declaration.
uint256 fromCooldownTimestamp = (minimalValidCooldownTimestamp > fromCooldownTimestamp)
^---------------------------^
contracts/stake/StakedToken.sol:239:5: The shadowed declaration is here:
uint256 fromCooldownTimestamp,
^---------------------------^
Warning: contracts/lib/BaseAdminUpgradeabilityProxy.sol:15:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract BaseAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/lib/Proxy.sol:17:5: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/lib/InitializableUpgradeabilityProxy.sol:12:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/lib/Proxy.sol:17:5: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/lib/InitializableAdminUpgradeabilityProxy.sol:13:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableAdminUpgradeabilityProxy is
^ (Relevant source part starts here and spans across multiple lines).
contracts/lib/Proxy.sol:17:5: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/mocks/ATokenMock.sol:39:42: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function getScaledUserBalanceAndSupply(address user)
^----------^
Warning: contracts/mocks/MockTransferHook.sol:9:25: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function onTransfer(address from, address to, uint256 amount) external override {
^----------^
Warning: contracts/mocks/MockTransferHook.sol:9:39: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function onTransfer(address from, address to, uint256 amount) external override {
^--------^
Warning: contracts/mocks/MockTransferHook.sol:9:51: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function onTransfer(address from, address to, uint256 amount) external override {
^------------^
View warnings for AaveOracle at `0x54586bE62E3c3580375aE3723C145253060Ca0C2`
INFO:CryticCompile:'solc --standard-json --allow-paths /home/runner/work/seatbelt-for-ghosts/seatbelt-for-ghosts/crytic-export/etherscan-contracts/0x54586be62e3c3580375ae3723c145253060ca0c2-AaveOracle' running
View warnings for InitializableImmutableAdminUpgradeabilityProxy at `0x64b761D848206f447Fe2dd461b0c635Ec39EbB27` with implementation PoolConfigurator at `0xFDA7ffA872bDc906D43079EA134ebC9a511db0c2`
INFO:CryticCompile:'solc --standard-json --allow-paths /home/runner/work/seatbelt-for-ghosts/seatbelt-for-ghosts/crytic-export/etherscan-contracts/0x64b761d848206f447fe2dd461b0c635ec39ebb27-InitializableImmutableAdminUpgradeabilityProxy' running
WARNING:CryticCompile:Warning: Warning: This declaration has the same name as another declaration.
--> @aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:23:15:
|
23 | constructor(address admin) {
| ^^^^^^^^^^^^^
Note: The other declaration is here:
--> @aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:39:3:
|
39 | function admin() external ifAdmin returns (address) {
| ^ (Relevant source part starts here and spans across multiple lines).
Warning: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
--> @aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol:11:1:
|
11 | contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
| ^ (Relevant source part starts here and spans across multiple lines).
Note: The payable fallback function is defined here.
--> @aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:17:3:
|
17 | fallback() external payable {
| ^ (Relevant source part starts here and spans across multiple lines).
Warning: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
--> @aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:16:1:
|
16 | contract BaseImmutableAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
| ^ (Relevant source part starts here and spans across multiple lines).
Note: The payable fallback function is defined here.
--> @aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:17:3:
|
17 | fallback() external payable {
| ^ (Relevant source part starts here and spans across multiple lines).
Warning: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
--> @aave/core-v3/contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol:13:1:
|
13 | contract InitializableImmutableAdminUpgradeabilityProxy is
| ^ (Relevant source part starts here and spans across multiple lines).
Note: The payable fallback function is defined here.
--> @aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:17:3:
|
17 | fallback() external payable {
| ^ (Relevant source part starts here and spans across multiple lines).
View warnings for ConfiguratorLogic at `0x66aC02C3120B848d65231ce977aF3dB1f60B97F9`
INFO:CryticCompile:'solc --standard-json --allow-paths /home/runner/work/seatbelt-for-ghosts/seatbelt-for-ghosts/crytic-export/etherscan-contracts/0x66ac02c3120b848d65231ce977af3db1f60b97f9-ConfiguratorLogic' running
WARNING:CryticCompile:Warning: Warning: This declaration has the same name as another declaration.
--> @aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:23:15:
|
23 | constructor(address admin) {
| ^^^^^^^^^^^^^
Note: The other declaration is here:
--> @aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:39:3:
|
39 | function admin() external ifAdmin returns (address) {
| ^ (Relevant source part starts here and spans across multiple lines).
Warning: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
--> @aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol:11:1:
|
11 | contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
| ^ (Relevant source part starts here and spans across multiple lines).
Note: The payable fallback function is defined here.
--> @aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:17:3:
|
17 | fallback() external payable {
| ^ (Relevant source part starts here and spans across multiple lines).
Warning: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
--> @aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:16:1:
|
16 | contract BaseImmutableAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
| ^ (Relevant source part starts here and spans across multiple lines).
Note: The payable fallback function is defined here.
--> @aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:17:3:
|
17 | fallback() external payable {
| ^ (Relevant source part starts here and spans across multiple lines).
Warning: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
--> @aave/core-v3/contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol:13:1:
|
13 | contract InitializableImmutableAdminUpgradeabilityProxy is
| ^ (Relevant source part starts here and spans across multiple lines).
Note: The payable fallback function is defined here.
--> @aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:17:3:
|
17 | fallback() external payable {
| ^ (Relevant source part starts here and spans across multiple lines).
View warnings for AaveProtocolDataProvider at `0x7B4EB56E7CD4b454BA8ff71E4518426369a138a3`
INFO:CryticCompile:'solc --standard-json --allow-paths /home/runner/work/seatbelt-for-ghosts/seatbelt-for-ghosts/crytic-export/etherscan-contracts/0x7b4eb56e7cd4b454ba8ff71e4518426369a138a3-AaveProtocolDataProvider' running
View warnings for InitializableAdminUpgradeabilityProxy at `0x7Fc66500c84A76Ad7e9c93437bFc5Ac33E2DDaE9` with implementation AaveTokenV2 at `0x96F68837877fd0414B55050c9e794AECdBcfCA59`
INFO:CryticCompile:'solc --standard-json --allow-paths /home/runner/work/seatbelt-for-ghosts/seatbelt-for-ghosts/crytic-export/etherscan-contracts/0x7fc66500c84a76ad7e9c93437bfc5ac33e2ddae9-InitializableAdminUpgradeabilityProxy' running
WARNING:CryticCompile:Warning: contracts/open-zeppelin/Address.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/BaseUpgradeabilityProxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/Proxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/SafeMath.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/UpgradeabilityProxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol:13:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract BaseAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/open-zeppelin/Proxy.sol:15:3: The payable fallback function is defined here.
fallback () payable external {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/open-zeppelin/Proxy.sol:15:3: The payable fallback function is defined here.
fallback () payable external {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/open-zeppelin/InitializableAdminUpgradeabilityProxy.sol:12:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableAdminUpgradeabilityProxy is BaseAdminUpgradeabilityProxy, InitializableUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/open-zeppelin/Proxy.sol:15:3: The payable fallback function is defined here.
fallback () payable external {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/utils/MockTransferHook.sol:9:25: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function onTransfer(address from, address to, uint256 amount) external override {
^----------^
Warning: contracts/utils/MockTransferHook.sol:9:39: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function onTransfer(address from, address to, uint256 amount) external override {
^--------^
Warning: contracts/utils/MockTransferHook.sol:9:51: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function onTransfer(address from, address to, uint256 amount) external override {
^------------^
View warnings for InitializableImmutableAdminUpgradeabilityProxy at `0x87870Bca3F3fD6335C3F4ce8392D69350B4fA4E2` with implementation Pool at `0xF1Cd4193bbc1aD4a23E833170f49d60f3D35a621`
INFO:CryticCompile:'solc --standard-json --allow-paths /home/runner/work/seatbelt-for-ghosts/seatbelt-for-ghosts/crytic-export/etherscan-contracts/0x87870bca3f3fd6335c3f4ce8392d69350b4fa4e2-InitializableImmutableAdminUpgradeabilityProxy' running
WARNING:CryticCompile:Warning: Warning: This declaration has the same name as another declaration.
--> @aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:23:15:
|
23 | constructor(address admin) {
| ^^^^^^^^^^^^^
Note: The other declaration is here:
--> @aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:39:3:
|
39 | function admin() external ifAdmin returns (address) {
| ^ (Relevant source part starts here and spans across multiple lines).
Warning: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
--> @aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol:11:1:
|
11 | contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
| ^ (Relevant source part starts here and spans across multiple lines).
Note: The payable fallback function is defined here.
--> @aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:17:3:
|
17 | fallback() external payable {
| ^ (Relevant source part starts here and spans across multiple lines).
Warning: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
--> @aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:16:1:
|
16 | contract BaseImmutableAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
| ^ (Relevant source part starts here and spans across multiple lines).
Note: The payable fallback function is defined here.
--> @aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:17:3:
|
17 | fallback() external payable {
| ^ (Relevant source part starts here and spans across multiple lines).
Warning: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
--> @aave/core-v3/contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol:13:1:
|
13 | contract InitializableImmutableAdminUpgradeabilityProxy is
| ^ (Relevant source part starts here and spans across multiple lines).
Note: The payable fallback function is defined here.
--> @aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:17:3:
|
17 | fallback() external payable {
| ^ (Relevant source part starts here and spans across multiple lines).
View warnings for AaveTokenV2 at `0x96F68837877fd0414B55050c9e794AECdBcfCA59`
INFO:CryticCompile:'solc --standard-json --allow-paths /home/runner/work/seatbelt-for-ghosts/seatbelt-for-ghosts/crytic-export/etherscan-contracts/0x96f68837877fd0414b55050c9e794aecdbcfca59-AaveTokenV2' running
WARNING:CryticCompile:Warning: src/contracts/AaveTokenV2.sol:453:18: Warning: This declaration shadows an existing declaration.
constructor (string memory name, string memory symbol) public {
^----------------^
src/contracts/AaveTokenV2.sol:462:5: The shadowed declaration is here:
function name() public view returns (string memory) {
^ (Relevant source part starts here and spans across multiple lines).
Warning: src/contracts/AaveTokenV2.sol:453:38: Warning: This declaration shadows an existing declaration.
constructor (string memory name, string memory symbol) public {
^------------------^
src/contracts/AaveTokenV2.sol:470:5: The shadowed declaration is here:
function symbol() public view returns (string memory) {
^ (Relevant source part starts here and spans across multiple lines).
Warning: src/contracts/AaveTokenV2.sol:35:3: Warning: Interface functions are implicitly "virtual"
function delegateByType(address delegatee, DelegationType delegationType) external virtual;
^-----------------------------------------------------------------------------------------^
Warning: src/contracts/AaveTokenV2.sol:40:3: Warning: Interface functions are implicitly "virtual"
function delegate(address delegatee) external virtual;
^----------------------------------------------------^
Warning: src/contracts/AaveTokenV2.sol:45:3: Warning: Interface functions are implicitly "virtual"
function getDelegateeByType(address delegator, DelegationType delegationType)
^ (Relevant source part starts here and spans across multiple lines).
Warning: src/contracts/AaveTokenV2.sol:56:3: Warning: Interface functions are implicitly "virtual"
function getPowerCurrent(address user, DelegationType delegationType)
^ (Relevant source part starts here and spans across multiple lines).
Warning: src/contracts/AaveTokenV2.sol:66:3: Warning: Interface functions are implicitly "virtual"
function getPowerAtBlock(
^ (Relevant source part starts here and spans across multiple lines).
Warning: src/contracts/AaveTokenV2.sol:75:3: Warning: Interface functions are implicitly "virtual"
function totalSupplyAt(uint256 blockNumber) external virtual view returns (uint256);
^----------------------------------------------------------------------------------^
Warning: src/contracts/AaveTokenV2.sol:453:5: Warning: Visibility for constructor is ignored. If you want the contract to be non-deployable, making it "abstract" is sufficient.
constructor (string memory name, string memory symbol) public {
^ (Relevant source part starts here and spans across multiple lines).
Warning: src/contracts/AaveTokenV2.sol:1164:3: Warning: Visibility for constructor is ignored. If you want the contract to be non-deployable, making it "abstract" is sufficient.
constructor() ERC20(NAME, SYMBOL) public {
^ (Relevant source part starts here and spans across multiple lines).
Warning: src/contracts/AaveTokenV2.sol:913:26: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function totalSupplyAt(uint256 blockNumber) external override view returns (uint256) {
^-----------------^
Warning: src/contracts/AaveTokenV2.sol:1079:5: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
uint128 oldValue,
^--------------^
View warnings for StakedAaveV3 at `0xAa9FAa887bce5182C39F68Ac46C43F36723C395b`
INFO:CryticCompile:'solc --standard-json --allow-paths /home/runner/work/seatbelt-for-ghosts/seatbelt-for-ghosts/crytic-export/etherscan-contracts/0xaa9faa887bce5182c39f68ac46c43f36723c395b-StakedAaveV3' running
WARNING:CryticCompile:Warning: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
--> src/utils/RoleManager.sol
Warning: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
--> src/lib/GovernancePowerDelegationERC20.sol:278:5:
|
278 | uint128 oldValue,
| ^^^^^^^^^^^^^^^^
View warnings for GhoFlashMinter at `0xb639D208Bcf0589D54FaC24E655C79EC529762B8`
INFO:CryticCompile:'solc --standard-json --allow-paths /home/runner/work/seatbelt-for-ghosts/seatbelt-for-ghosts/crytic-export/etherscan-contracts/0xb639d208bcf0589d54fac24e655c79ec529762b8-GhoFlashMinter' running
View warnings for GovernanceStrategy at `0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e`
INFO:CryticCompile:'solc --standard-json --allow-paths /home/runner/work/seatbelt-for-ghosts/seatbelt-for-ghosts' running
View warnings for ACLManager at `0xc2aaCf6553D20d1e9d78E365AAba8032af9c85b0`
INFO:CryticCompile:'solc --standard-json --allow-paths /home/runner/work/seatbelt-for-ghosts/seatbelt-for-ghosts/crytic-export/etherscan-contracts/0xc2aacf6553d20d1e9d78e365aaba8032af9c85b0-ACLManager' running
View warnings for Pool at `0xF1Cd4193bbc1aD4a23E833170f49d60f3D35a621`
INFO:CryticCompile:'solc --standard-json --allow-paths /home/runner/work/seatbelt-for-ghosts/seatbelt-for-ghosts/crytic-export/etherscan-contracts/0xf1cd4193bbc1ad4a23e833170f49d60f3d35a621-Pool' running
WARNING:CryticCompile:Warning: Warning: This declaration shadows an existing declaration.
--> lib/aave-v3-core/contracts/protocol/tokenization/base/IncentivizedERC20.sol:72:27:
|
72 | constructor(IPool pool, string memory name, string memory symbol, uint8 decimals) {
| ^^^^^^^^^^^^^^^^^^
Note: The shadowed declaration is here:
--> lib/aave-v3-core/contracts/protocol/tokenization/base/IncentivizedERC20.sol:81:3:
|
81 | function name() public view override returns (string memory) {
| ^ (Relevant source part starts here and spans across multiple lines).
Warning: Warning: This declaration has the same name as another declaration.
--> lib/aave-v3-core/contracts/protocol/tokenization/base/IncentivizedERC20.sol:72:47:
|
72 | constructor(IPool pool, string memory name, string memory symbol, uint8 decimals) {
| ^^^^^^^^^^^^^^^^^^^^
Note: The other declaration is here:
--> lib/aave-v3-core/contracts/protocol/tokenization/base/IncentivizedERC20.sol:86:3:
|
86 | function symbol() external view override returns (string memory) {
| ^ (Relevant source part starts here and spans across multiple lines).
Warning: Warning: This declaration has the same name as another declaration.
--> lib/aave-v3-core/contracts/protocol/tokenization/base/IncentivizedERC20.sol:72:69:
|
72 | constructor(IPool pool, string memory name, string memory symbol, uint8 decimals) {
| ^^^^^^^^^^^^^^
Note: The other declaration is here:
--> lib/aave-v3-core/contracts/protocol/tokenization/base/IncentivizedERC20.sol:91:3:
|
91 | function decimals() external view override returns (uint8) {
| ^ (Relevant source part starts here and spans across multiple lines).
View warnings for PoolConfigurator at `0xFDA7ffA872bDc906D43079EA134ebC9a511db0c2`
INFO:CryticCompile:'solc --standard-json --allow-paths /home/runner/work/seatbelt-for-ghosts/seatbelt-for-ghosts/crytic-export/etherscan-contracts/0xfda7ffa872bdc906d43079ea134ebc9a511db0c2-PoolConfigurator' running
WARNING:CryticCompile:Warning: Warning: This declaration has the same name as another declaration.
--> @aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:23:15:
|
23 | constructor(address admin) {
| ^^^^^^^^^^^^^
Note: The other declaration is here:
--> @aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:39:3:
|
39 | function admin() external ifAdmin returns (address) {
| ^ (Relevant source part starts here and spans across multiple lines).
Warning: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
--> @aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol:11:1:
|
11 | contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
| ^ (Relevant source part starts here and spans across multiple lines).
Note: The payable fallback function is defined here.
--> @aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:17:3:
|
17 | fallback() external payable {
| ^ (Relevant source part starts here and spans across multiple lines).
Warning: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
--> @aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:16:1:
|
16 | contract BaseImmutableAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
| ^ (Relevant source part starts here and spans across multiple lines).
Note: The payable fallback function is defined here.
--> @aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:17:3:
|
17 | fallback() external payable {
| ^ (Relevant source part starts here and spans across multiple lines).
Warning: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
--> @aave/core-v3/contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol:13:1:
|
13 | contract InitializableImmutableAdminUpgradeabilityProxy is
| ^ (Relevant source part starts here and spans across multiple lines).
Note: The payable fallback function is defined here.
--> @aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:17:3:
|
17 | fallback() external payable {
| ^ (Relevant source part starts here and spans across multiple lines).
Info:
View Details
Slither report for GhoListingPayload at `0x16765d275c00Caa7Ec9a30D1629fD42121c3ae6B`
'solc --standard-json --allow-paths /home/runner/work/seatbelt-for-ghosts/seatbelt-for-ghosts/crytic-export/etherscan-contracts/0x16765d275c00caa7ec9a30d1629fd42121c3ae6b-GhoListingPayload' running
Traceback (most recent call last):
File "/home/runner/.local/lib/python3.10/site-packages/slither/__main__.py", line 814, in main_impl
) = process_all(filename, args, detector_classes, printer_classes)
File "/home/runner/.local/lib/python3.10/site-packages/slither/__main__.py", line 102, in process_all
) = process_single(compilation, args, detector_classes, printer_classes)
File "/home/runner/.local/lib/python3.10/site-packages/slither/__main__.py", line 80, in process_single
slither = Slither(target, ast_format=ast, **vars(args))
File "/home/runner/.local/lib/python3.10/site-packages/slither/slither.py", line 135, in __init__
self._init_parsing_and_analyses(kwargs.get("skip_analyze", False))
File "/home/runner/.local/lib/python3.10/site-packages/slither/slither.py", line 145, in _init_parsing_and_analyses
raise e
File "/home/runner/.local/lib/python3.10/site-packages/slither/slither.py", line 141, in _init_parsing_and_analyses
parser.parse_contracts()
File "/home/runner/.local/lib/python3.10/site-packages/slither/solc_parsing/slither_compilation_unit_solc.py", line 447, in parse_contracts
raise InheritanceResolutionError(
slither.solc_parsing.slither_compilation_unit_solc.InheritanceResolutionError: Could not resolve contract inheritance. This is likely caused by an import renaming that collides with existing names (see https://github.com/crytic/slither/issues/1758).
Try changing `contract IACLManager` (lib/aave-address-book/src/AaveV3.sol#76-88) to a unique name.
ERROR:root:Error:
ERROR:root:Could not resolve contract inheritance. This is likely caused by an import renaming that collides with existing names (see https://github.com/crytic/slither/issues/1758).
Try changing `contract IACLManager` (lib/aave-address-book/src/AaveV3.sol#76-88) to a unique name.
ERROR:root:Please report an issue to https://github.com/crytic/slither/issues
Slither report for PoolAddressesProvider at `0x2f39d218133AFaB8F2B819B1066c7E434Ad94E9e`
'solc --standard-json --allow-paths /home/runner/work/seatbelt-for-ghosts/seatbelt-for-ghosts/crytic-export/etherscan-contracts/0x2f39d218133afab8f2b819b1066c7e434ad94e9e-PoolAddressesProvider' running
Warning: Warning: This declaration has the same name as another declaration.
--> @aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:23:15:
|
23 | constructor(address admin) {
| ^^^^^^^^^^^^^
Note: The other declaration is here:
--> @aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:39:3:
|
39 | function admin() external ifAdmin returns (address) {
| ^ (Relevant source part starts here and spans across multiple lines).
Warning: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
--> @aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol:11:1:
|
11 | contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
| ^ (Relevant source part starts here and spans across multiple lines).
Note: The payable fallback function is defined here.
--> @aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:17:3:
|
17 | fallback() external payable {
| ^ (Relevant source part starts here and spans across multiple lines).
Warning: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
--> @aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:16:1:
|
16 | contract BaseImmutableAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
| ^ (Relevant source part starts here and spans across multiple lines).
Note: The payable fallback function is defined here.
--> @aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:17:3:
|
17 | fallback() external payable {
| ^ (Relevant source part starts here and spans across multiple lines).
Warning: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
--> @aave/core-v3/contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol:13:1:
|
13 | contract InitializableImmutableAdminUpgradeabilityProxy is
| ^ (Relevant source part starts here and spans across multiple lines).
Note: The payable fallback function is defined here.
--> @aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:17:3:
|
17 | fallback() external payable {
| ^ (Relevant source part starts here and spans across multiple lines).
INFO:Detectors:
InitializableUpgradeabilityProxy.initialize(address,bytes) (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20-28) uses delegatecall to a input-controlled function id
- (success) = _logic.delegatecall(_data) (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#controlled-delegatecall
INFO:Detectors:
Reentrancy in PoolAddressesProvider.setAddressAsProxy(bytes32,address) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#64-73):
External calls:
- oldImplementationAddress = _getProxyImplementation(id) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#70)
- InitializableImmutableAdminUpgradeabilityProxy(payableProxyAddress).implementation() (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#207)
- _updateImpl(id,newImplementationAddress) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#71)
- proxy.initialize(newAddress,params) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#176)
- proxy.upgradeToAndCall(newAddress,params) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#180)
State variables written after the call(s):
- _updateImpl(id,newImplementationAddress) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#71)
- _addresses[id] = proxyAddress = address(proxy) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#175)
PoolAddressesProvider._addresses (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#20) can be used in cross function reentrancies:
- PoolAddressesProvider._getProxyImplementation(bytes32) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#201-209)
- PoolAddressesProvider._updateImpl(bytes32,address) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#168-182)
- PoolAddressesProvider.getAddress(bytes32) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#52-54)
- PoolAddressesProvider.setACLAdmin(address) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#129-133)
- PoolAddressesProvider.setACLManager(address) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#117-121)
- PoolAddressesProvider.setAddress(bytes32,address) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#57-61)
- PoolAddressesProvider.setAddressAsProxy(bytes32,address) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#64-73)
- PoolAddressesProvider.setPoolDataProvider(address) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#153-157)
- PoolAddressesProvider.setPriceOracle(address) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#105-109)
- PoolAddressesProvider.setPriceOracleSentinel(address) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#141-145)
Reentrancy in PoolAddressesProvider.setPoolConfiguratorImpl(address) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#93-97):
External calls:
- oldPoolConfiguratorImpl = _getProxyImplementation(POOL_CONFIGURATOR) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#94)
- InitializableImmutableAdminUpgradeabilityProxy(payableProxyAddress).implementation() (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#207)
- _updateImpl(POOL_CONFIGURATOR,newPoolConfiguratorImpl) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#95)
- proxy.initialize(newAddress,params) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#176)
- proxy.upgradeToAndCall(newAddress,params) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#180)
State variables written after the call(s):
- _updateImpl(POOL_CONFIGURATOR,newPoolConfiguratorImpl) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#95)
- _addresses[id] = proxyAddress = address(proxy) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#175)
PoolAddressesProvider._addresses (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#20) can be used in cross function reentrancies:
- PoolAddressesProvider._getProxyImplementation(bytes32) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#201-209)
- PoolAddressesProvider._updateImpl(bytes32,address) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#168-182)
- PoolAddressesProvider.getAddress(bytes32) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#52-54)
- PoolAddressesProvider.setACLAdmin(address) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#129-133)
- PoolAddressesProvider.setACLManager(address) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#117-121)
- PoolAddressesProvider.setAddress(bytes32,address) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#57-61)
- PoolAddressesProvider.setAddressAsProxy(bytes32,address) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#64-73)
- PoolAddressesProvider.setPoolDataProvider(address) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#153-157)
- PoolAddressesProvider.setPriceOracle(address) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#105-109)
- PoolAddressesProvider.setPriceOracleSentinel(address) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#141-145)
Reentrancy in PoolAddressesProvider.setPoolImpl(address) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#81-85):
External calls:
- oldPoolImpl = _getProxyImplementation(POOL) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#82)
- InitializableImmutableAdminUpgradeabilityProxy(payableProxyAddress).implementation() (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#207)
- _updateImpl(POOL,newPoolImpl) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#83)
- proxy.initialize(newAddress,params) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#176)
- proxy.upgradeToAndCall(newAddress,params) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#180)
State variables written after the call(s):
- _updateImpl(POOL,newPoolImpl) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#83)
- _addresses[id] = proxyAddress = address(proxy) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#175)
PoolAddressesProvider._addresses (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#20) can be used in cross function reentrancies:
- PoolAddressesProvider._getProxyImplementation(bytes32) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#201-209)
- PoolAddressesProvider._updateImpl(bytes32,address) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#168-182)
- PoolAddressesProvider.getAddress(bytes32) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#52-54)
- PoolAddressesProvider.setACLAdmin(address) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#129-133)
- PoolAddressesProvider.setACLManager(address) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#117-121)
- PoolAddressesProvider.setAddress(bytes32,address) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#57-61)
- PoolAddressesProvider.setAddressAsProxy(bytes32,address) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#64-73)
- PoolAddressesProvider.setPoolDataProvider(address) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#153-157)
- PoolAddressesProvider.setPriceOracle(address) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#105-109)
- PoolAddressesProvider.setPriceOracleSentinel(address) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#141-145)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-1
INFO:Detectors:
PoolAddressesProvider.constructor(string,address).owner (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#36) shadows:
- Ownable.owner() (@aave/core-v3/contracts/dependencies/openzeppelin/contracts/Ownable.sol#36-38) (function)
BaseImmutableAdminUpgradeabilityProxy.constructor(address).admin (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#23) shadows:
- BaseImmutableAdminUpgradeabilityProxy.admin() (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#39-41) (function)
InitializableImmutableAdminUpgradeabilityProxy.constructor(address).admin (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol#21) shadows:
- BaseImmutableAdminUpgradeabilityProxy.admin() (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#39-41) (function)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#local-variable-shadowing
INFO:Detectors:
InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) lacks a zero-check on :
- (success) = _logic.delegatecall(_data) (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
BaseImmutableAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes).newImplementation (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#69) lacks a zero-check on :
- (success) = newImplementation.delegatecall(data) (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#75)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-zero-address-validation
INFO:Detectors:
Modifier BaseImmutableAdminUpgradeabilityProxy.ifAdmin() (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#27-33) does not always execute _; or revertReference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-modifier
INFO:Detectors:
Reentrancy in PoolAddressesProvider._updateImpl(bytes32,address) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#168-182):
External calls:
- proxy.initialize(newAddress,params) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#176)
Event emitted after the call(s):
- ProxyCreated(id,proxyAddress,newAddress) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#177)
Reentrancy in PoolAddressesProvider.setAddressAsProxy(bytes32,address) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#64-73):
External calls:
- oldImplementationAddress = _getProxyImplementation(id) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#70)
- InitializableImmutableAdminUpgradeabilityProxy(payableProxyAddress).implementation() (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#207)
- _updateImpl(id,newImplementationAddress) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#71)
- proxy.initialize(newAddress,params) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#176)
- proxy.upgradeToAndCall(newAddress,params) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#180)
Event emitted after the call(s):
- AddressSetAsProxy(id,proxyAddress,oldImplementationAddress,newImplementationAddress) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#72)
- ProxyCreated(id,proxyAddress,newAddress) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#177)
- _updateImpl(id,newImplementationAddress) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#71)
Reentrancy in PoolAddressesProvider.setPoolConfiguratorImpl(address) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#93-97):
External calls:
- oldPoolConfiguratorImpl = _getProxyImplementation(POOL_CONFIGURATOR) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#94)
- InitializableImmutableAdminUpgradeabilityProxy(payableProxyAddress).implementation() (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#207)
- _updateImpl(POOL_CONFIGURATOR,newPoolConfiguratorImpl) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#95)
- proxy.initialize(newAddress,params) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#176)
- proxy.upgradeToAndCall(newAddress,params) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#180)
Event emitted after the call(s):
- PoolConfiguratorUpdated(oldPoolConfiguratorImpl,newPoolConfiguratorImpl) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#96)
- ProxyCreated(id,proxyAddress,newAddress) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#177)
- _updateImpl(POOL_CONFIGURATOR,newPoolConfiguratorImpl) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#95)
Reentrancy in PoolAddressesProvider.setPoolImpl(address) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#81-85):
External calls:
- oldPoolImpl = _getProxyImplementation(POOL) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#82)
- InitializableImmutableAdminUpgradeabilityProxy(payableProxyAddress).implementation() (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#207)
- _updateImpl(POOL,newPoolImpl) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#83)
- proxy.initialize(newAddress,params) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#176)
- proxy.upgradeToAndCall(newAddress,params) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#180)
Event emitted after the call(s):
- PoolUpdated(oldPoolImpl,newPoolImpl) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#84)
- ProxyCreated(id,proxyAddress,newAddress) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#177)
- _updateImpl(POOL,newPoolImpl) (@aave/core-v3/contracts/protocol/configuration/PoolAddressesProvider.sol#83)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-3
INFO:Detectors:
Address.isContract(address) (@aave/core-v3/contracts/dependencies/openzeppelin/contracts/Address.sol#25-36) uses assembly
- INLINE ASM (@aave/core-v3/contracts/dependencies/openzeppelin/contracts/Address.sol#32-34)
BaseUpgradeabilityProxy._implementation() (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#32-38) uses assembly
- INLINE ASM (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#35-37)
BaseUpgradeabilityProxy._setImplementation(address) (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#53-65) uses assembly
- INLINE ASM (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#62-64)
Proxy._delegate(address) (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/Proxy.sol#32-56) uses assembly
- INLINE ASM (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/Proxy.sol#34-55)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage
INFO:Detectors:
Address.sendValue(address,uint256) (@aave/core-v3/contracts/dependencies/openzeppelin/contracts/Address.sol#54-60) is never used and should be removed
Context._msgData() (@aave/core-v3/contracts/dependencies/openzeppelin/contracts/Context.sol#19-22) is never used and should be removed
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dead-code
INFO:Detectors:
Low level call in Address.sendValue(address,uint256) (@aave/core-v3/contracts/dependencies/openzeppelin/contracts/Address.sol#54-60):
- (success) = recipient.call{value: amount}() (@aave/core-v3/contracts/dependencies/openzeppelin/contracts/Address.sol#58)
Low level call in InitializableUpgradeabilityProxy.initialize(address,bytes) (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20-28):
- (success) = _logic.delegatecall(_data) (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
Low level call in BaseImmutableAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes) (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#69-77):
- (success) = newImplementation.delegatecall(data) (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#75)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls
INFO:Detectors:
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) is not in mixedCase
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._data (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) is not in mixedCase
Variable BaseImmutableAdminUpgradeabilityProxy._admin (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#17) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
INFO:Detectors:
Redundant expression "this (@aave/core-v3/contracts/dependencies/openzeppelin/contracts/Context.sol#20)" inContext (@aave/core-v3/contracts/dependencies/openzeppelin/contracts/Context.sol#14-23)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#redundant-statements
INFO:Slither:0x2f39d218133afab8f2b819b1066c7e434ad94e9e analyzed (10 contracts with 82 detectors), 27 result(s) found
Slither report for GhoToken at `0x40D16FC0246aD3160Ccc09B8D0D3A2cD28aE6C2f`
'solc --standard-json --allow-paths /home/runner/work/seatbelt-for-ghosts/seatbelt-for-ghosts/crytic-export/etherscan-contracts/0x40d16fc0246ad3160ccc09b8d0d3a2cd28ae6c2f-GhoToken' running
INFO:Detectors:
Math.mulDiv(uint256,uint256,uint256) (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#55-135) performs a multiplication on the result of a division:
- denominator = denominator / twos (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#102)
- inverse = (3 * denominator) ^ 2 (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#117)
Math.mulDiv(uint256,uint256,uint256) (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#55-135) performs a multiplication on the result of a division:
- denominator = denominator / twos (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#102)
- inverse *= 2 - denominator * inverse (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#121)
Math.mulDiv(uint256,uint256,uint256) (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#55-135) performs a multiplication on the result of a division:
- denominator = denominator / twos (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#102)
- inverse *= 2 - denominator * inverse (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#122)
Math.mulDiv(uint256,uint256,uint256) (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#55-135) performs a multiplication on the result of a division:
- denominator = denominator / twos (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#102)
- inverse *= 2 - denominator * inverse (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#123)
Math.mulDiv(uint256,uint256,uint256) (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#55-135) performs a multiplication on the result of a division:
- denominator = denominator / twos (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#102)
- inverse *= 2 - denominator * inverse (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#124)
Math.mulDiv(uint256,uint256,uint256) (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#55-135) performs a multiplication on the result of a division:
- denominator = denominator / twos (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#102)
- inverse *= 2 - denominator * inverse (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#125)
Math.mulDiv(uint256,uint256,uint256) (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#55-135) performs a multiplication on the result of a division:
- denominator = denominator / twos (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#102)
- inverse *= 2 - denominator * inverse (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#126)
Math.mulDiv(uint256,uint256,uint256) (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#55-135) performs a multiplication on the result of a division:
- prod0 = prod0 / twos (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#105)
- result = prod0 * inverse (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#132)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#divide-before-multiply
INFO:Detectors:
GhoToken.addFacilitator(address,string,uint128) (lib/gho-core/src/contracts/gho/GhoToken.sol#63-82) ignores return value by _facilitatorsList.add(facilitatorAddress) (lib/gho-core/src/contracts/gho/GhoToken.sol#75)
GhoToken.removeFacilitator(address) (lib/gho-core/src/contracts/gho/GhoToken.sol#85-101) ignores return value by _facilitatorsList.remove(facilitatorAddress) (lib/gho-core/src/contracts/gho/GhoToken.sol#98)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unused-return
INFO:Detectors:
ERC20.permit(address,address,uint256,uint256,uint8,bytes32,bytes32) (lib/gho-core/src/contracts/gho/ERC20.sol#107-137) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(deadline >= block.timestamp,PERMIT_DEADLINE_EXPIRED) (lib/gho-core/src/contracts/gho/ERC20.sol#116)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#block-timestamp
INFO:Detectors:
Strings.toString(uint256) (lib/openzeppelin-contracts/contracts/utils/Strings.sol#18-38) uses assembly
- INLINE ASM (lib/openzeppelin-contracts/contracts/utils/Strings.sol#24-26)
- INLINE ASM (lib/openzeppelin-contracts/contracts/utils/Strings.sol#30-32)
Math.mulDiv(uint256,uint256,uint256) (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#55-135) uses assembly
- INLINE ASM (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#66-70)
- INLINE ASM (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#86-93)
- INLINE ASM (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#100-109)
EnumerableSet.values(EnumerableSet.Bytes32Set) (lib/openzeppelin-contracts/contracts/utils/structs/EnumerableSet.sol#219-229) uses assembly
- INLINE ASM (lib/openzeppelin-contracts/contracts/utils/structs/EnumerableSet.sol#224-226)
EnumerableSet.values(EnumerableSet.AddressSet) (lib/openzeppelin-contracts/contracts/utils/structs/EnumerableSet.sol#293-303) uses assembly
- INLINE ASM (lib/openzeppelin-contracts/contracts/utils/structs/EnumerableSet.sol#298-300)
EnumerableSet.values(EnumerableSet.UintSet) (lib/openzeppelin-contracts/contracts/utils/structs/EnumerableSet.sol#367-377) uses assembly
- INLINE ASM (lib/openzeppelin-contracts/contracts/utils/structs/EnumerableSet.sol#372-374)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage
INFO:Detectors:
AccessControl._setRoleAdmin(bytes32,bytes32) (lib/openzeppelin-contracts/contracts/access/AccessControl.sol#214-218) is never used and should be removed
Context._msgData() (lib/openzeppelin-contracts/contracts/utils/Context.sol#21-23) is never used and should be removed
EnumerableSet._at(EnumerableSet.Set,uint256) (lib/openzeppelin-contracts/contracts/utils/structs/EnumerableSet.sol#141-143) is never used and should be removed
EnumerableSet._length(EnumerableSet.Set) (lib/openzeppelin-contracts/contracts/utils/structs/EnumerableSet.sol#127-129) is never used and should be removed
EnumerableSet.add(EnumerableSet.Bytes32Set,bytes32) (lib/openzeppelin-contracts/contracts/utils/structs/EnumerableSet.sol#169-171) is never used and should be removed
EnumerableSet.add(EnumerableSet.UintSet,uint256) (lib/openzeppelin-contracts/contracts/utils/structs/EnumerableSet.sol#317-319) is never used and should be removed
EnumerableSet.at(EnumerableSet.AddressSet,uint256) (lib/openzeppelin-contracts/contracts/utils/structs/EnumerableSet.sol#281-283) is never used and should be removed
EnumerableSet.at(EnumerableSet.Bytes32Set,uint256) (lib/openzeppelin-contracts/contracts/utils/structs/EnumerableSet.sol#207-209) is never used and should be removed
EnumerableSet.at(EnumerableSet.UintSet,uint256) (lib/openzeppelin-contracts/contracts/utils/structs/EnumerableSet.sol#355-357) is never used and should be removed
EnumerableSet.contains(EnumerableSet.AddressSet,address) (lib/openzeppelin-contracts/contracts/utils/structs/EnumerableSet.sol#260-262) is never used and should be removed
EnumerableSet.contains(EnumerableSet.Bytes32Set,bytes32) (lib/openzeppelin-contracts/contracts/utils/structs/EnumerableSet.sol#186-188) is never used and should be removed
EnumerableSet.contains(EnumerableSet.UintSet,uint256) (lib/openzeppelin-contracts/contracts/utils/structs/EnumerableSet.sol#334-336) is never used and should be removed
EnumerableSet.length(EnumerableSet.AddressSet) (lib/openzeppelin-contracts/contracts/utils/structs/EnumerableSet.sol#267-269) is never used and should be removed
EnumerableSet.length(EnumerableSet.Bytes32Set) (lib/openzeppelin-contracts/contracts/utils/structs/EnumerableSet.sol#193-195) is never used and should be removed
EnumerableSet.length(EnumerableSet.UintSet) (lib/openzeppelin-contracts/contracts/utils/structs/EnumerableSet.sol#341-343) is never used and should be removed
EnumerableSet.remove(EnumerableSet.Bytes32Set,bytes32) (lib/openzeppelin-contracts/contracts/utils/structs/EnumerableSet.sol#179-181) is never used and should be removed
EnumerableSet.remove(EnumerableSet.UintSet,uint256) (lib/openzeppelin-contracts/contracts/utils/structs/EnumerableSet.sol#327-329) is never used and should be removed
EnumerableSet.values(EnumerableSet.Bytes32Set) (lib/openzeppelin-contracts/contracts/utils/structs/EnumerableSet.sol#219-229) is never used and should be removed
EnumerableSet.values(EnumerableSet.UintSet) (lib/openzeppelin-contracts/contracts/utils/structs/EnumerableSet.sol#367-377) is never used and should be removed
Math.average(uint256,uint256) (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#34-37) is never used and should be removed
Math.ceilDiv(uint256,uint256) (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#45-48) is never used and should be removed
Math.log10(uint256) (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#258-290) is never used and should be removed
Math.log10(uint256,Math.Rounding) (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#296-301) is never used and should be removed
Math.log2(uint256) (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#205-241) is never used and should be removed
Math.log2(uint256,Math.Rounding) (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#247-252) is never used and should be removed
Math.log256(uint256) (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#309-333) is never used and should be removed
Math.log256(uint256,Math.Rounding) (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#339-344) is never used and should be removed
Math.max(uint256,uint256) (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#19-21) is never used and should be removed
Math.min(uint256,uint256) (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#26-28) is never used and should be removed
Math.mulDiv(uint256,uint256,uint256) (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#55-135) is never used and should be removed
Math.mulDiv(uint256,uint256,uint256,Math.Rounding) (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#140-151) is never used and should be removed
Math.sqrt(uint256) (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#158-189) is never used and should be removed
Math.sqrt(uint256,Math.Rounding) (lib/openzeppelin-contracts/contracts/utils/math/Math.sol#194-199) is never used and should be removed
Strings.toHexString(uint256) (lib/openzeppelin-contracts/contracts/utils/Strings.sol#43-47) is never used and should be removed
Strings.toString(uint256) (lib/openzeppelin-contracts/contracts/utils/Strings.sol#18-38) is never used and should be removed
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dead-code
INFO:Detectors:
Function ERC20.DOMAIN_SEPARATOR() (lib/gho-core/src/contracts/gho/ERC20.sol#139-141) is not in mixedCase
Variable ERC20.INITIAL_CHAIN_ID (lib/gho-core/src/contracts/gho/ERC20.sol#40) is not in mixedCase
Variable ERC20.INITIAL_DOMAIN_SEPARATOR (lib/gho-core/src/contracts/gho/ERC20.sol#42) is not in mixedCase
Variable GhoToken._facilitators (lib/gho-core/src/contracts/gho/GhoToken.sol#16) is not in mixedCase
Variable GhoToken._facilitatorsList (lib/gho-core/src/contracts/gho/GhoToken.sol#17) is not in mixedCase
Function IGhoToken.FACILITATOR_MANAGER_ROLE() (lib/gho-core/src/contracts/gho/interfaces/IGhoToken.sol#64) is not in mixedCase
Function IGhoToken.BUCKET_MANAGER_ROLE() (lib/gho-core/src/contracts/gho/interfaces/IGhoToken.sol#70) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
INFO:Slither:0x40d16fc0246ad3160ccc09b8d0d3a2cd28ae6c2f analyzed (12 contracts with 82 detectors), 58 result(s) found
Slither report for InitializableAdminUpgradeabilityProxy at `0x4da27a545c0c5B758a6BA100e3a049001de870f5` with implementation StakedAaveV3 at `0xAa9FAa887bce5182C39F68Ac46C43F36723C395b`
'solc --standard-json --allow-paths /home/runner/work/seatbelt-for-ghosts/seatbelt-for-ghosts/crytic-export/etherscan-contracts/0x4da27a545c0c5b758a6ba100e3a049001de870f5-InitializableAdminUpgradeabilityProxy' running
Warning: contracts/interfaces/IAToken.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/stake/StakedToken.sol:256:7: Warning: This declaration shadows an existing declaration.
uint256 fromCooldownTimestamp = (minimalValidCooldownTimestamp > fromCooldownTimestamp)
^---------------------------^
contracts/stake/StakedToken.sol:239:5: The shadowed declaration is here:
uint256 fromCooldownTimestamp,
^---------------------------^
Warning: contracts/lib/BaseAdminUpgradeabilityProxy.sol:15:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract BaseAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/lib/Proxy.sol:17:5: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/lib/InitializableUpgradeabilityProxy.sol:12:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/lib/Proxy.sol:17:5: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/lib/InitializableAdminUpgradeabilityProxy.sol:13:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableAdminUpgradeabilityProxy is
^ (Relevant source part starts here and spans across multiple lines).
contracts/lib/Proxy.sol:17:5: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/mocks/ATokenMock.sol:39:42: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function getScaledUserBalanceAndSupply(address user)
^----------^
Warning: contracts/mocks/MockTransferHook.sol:9:25: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function onTransfer(address from, address to, uint256 amount) external override {
^----------^
Warning: contracts/mocks/MockTransferHook.sol:9:39: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function onTransfer(address from, address to, uint256 amount) external override {
^--------^
Warning: contracts/mocks/MockTransferHook.sol:9:51: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function onTransfer(address from, address to, uint256 amount) external override {
^------------^
INFO:Detectors:
AaveIncentivesController.claimRewards(address[],uint256,address,bool) (contracts/stake/AaveIncentivesController.sol#109-153) uses arbitrary from in transferFrom: REWARD_TOKEN.transferFrom(REWARDS_VAULT,address(this),amountToClaim) (contracts/stake/AaveIncentivesController.sol#145)
AaveIncentivesController.claimRewards(address[],uint256,address,bool) (contracts/stake/AaveIncentivesController.sol#109-153) uses arbitrary from in transferFrom: REWARD_TOKEN.transferFrom(REWARDS_VAULT,to,amountToClaim) (contracts/stake/AaveIncentivesController.sol#148)
StakedToken.claimRewards(address,uint256) (contracts/stake/StakedToken.sol#148-161) uses arbitrary from in transferFrom: REWARD_TOKEN.safeTransferFrom(REWARDS_VAULT,to,amountToClaim) (contracts/stake/StakedToken.sol#158)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#arbitrary-from-in-transferfrom
INFO:Detectors:
InitializableUpgradeabilityProxy.initialize(address,bytes) (contracts/lib/InitializableUpgradeabilityProxy.sol#21-31) uses delegatecall to a input-controlled function id
- (success) = _logic.delegatecall(_data) (contracts/lib/InitializableUpgradeabilityProxy.sol#28)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#controlled-delegatecall
INFO:Detectors:
AaveIncentivesController.claimRewards(address[],uint256,address,bool) (contracts/stake/AaveIncentivesController.sol#109-153) ignores return value by REWARD_TOKEN.transferFrom(REWARDS_VAULT,address(this),amountToClaim) (contracts/stake/AaveIncentivesController.sol#145)
AaveIncentivesController.claimRewards(address[],uint256,address,bool) (contracts/stake/AaveIncentivesController.sol#109-153) ignores return value by REWARD_TOKEN.transferFrom(REWARDS_VAULT,to,amountToClaim) (contracts/stake/AaveIncentivesController.sol#148)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unchecked-transfer
INFO:Detectors:
AaveDistributionManager._getAssetIndex(uint256,uint256,uint128,uint256) (contracts/stake/AaveDistributionManager.sol#212-235) uses a dangerous strict equality:
- emissionPerSecond == 0 || totalBalance == 0 || lastUpdateTimestamp == block.timestamp || lastUpdateTimestamp >= DISTRIBUTION_END (contracts/stake/AaveDistributionManager.sol#219-222)
AaveDistributionManager._updateAssetStateInternal(address,AaveDistributionManager.AssetData,uint256) (contracts/stake/AaveDistributionManager.sol#73-100) uses a dangerous strict equality:
- block.timestamp == lastUpdateTimestamp (contracts/stake/AaveDistributionManager.sol#81)
AaveIncentivesController.claimRewards(address[],uint256,address,bool) (contracts/stake/AaveIncentivesController.sol#109-153) uses a dangerous strict equality:
- unclaimedRewards == 0 (contracts/stake/AaveIncentivesController.sol#136)
ERC20WithSnapshot._writeSnapshot(address,uint128,uint128) (contracts/lib/ERC20WithSnapshot.sol#41-56) uses a dangerous strict equality:
- ownerCountOfSnapshots != 0 && snapshotsOwner[ownerCountOfSnapshots.sub(1)].blockNumber == currentBlock (contracts/lib/ERC20WithSnapshot.sol#48)
StakedToken.getNextCooldownTimestamp(uint256,uint256,address,uint256) (contracts/stake/StakedToken.sol#238-272) uses a dangerous strict equality:
- toCooldownTimestamp == 0 (contracts/stake/StakedToken.sol#245)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dangerous-strict-equalities
INFO:Detectors:
Reentrancy in StakedToken.redeem(address,uint256) (contracts/stake/StakedToken.sol#102-129):
External calls:
- _burn(msg.sender,amountToRedeem) (contracts/stake/StakedToken.sol#120)
- aaveGovernance.onTransfer(from,to,amount) (contracts/lib/ERC20WithSnapshot.sol#84)
State variables written after the call(s):
- stakersCooldowns[msg.sender] = 0 (contracts/stake/StakedToken.sol#123)
StakedToken.stakersCooldowns (contracts/stake/StakedToken.sol#35) can be used in cross function reentrancies:
- StakedToken._transfer(address,address,uint256) (contracts/stake/StakedToken.sol#169-192)
- StakedToken.cooldown() (contracts/stake/StakedToken.sol#135-141)
- StakedToken.getNextCooldownTimestamp(uint256,uint256,address,uint256) (contracts/stake/StakedToken.sol#238-272)
- StakedToken.redeem(address,uint256) (contracts/stake/StakedToken.sol#102-129)
- StakedToken.stake(address,uint256) (contracts/stake/StakedToken.sol#74-95)
- StakedToken.stakersCooldowns (contracts/stake/StakedToken.sol#35)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-1
INFO:Detectors:
AaveIncentivesController.initialize() (contracts/stake/AaveIncentivesController.sol#54-57) ignores return value by REWARD_TOKEN.approve(address(PSM),type()(uint256).max) (contracts/stake/AaveIncentivesController.sol#56)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unused-return
INFO:Detectors:
ERC20.constructor(string,string,uint8).name (contracts/lib/ERC20.sol#25) shadows:
- ERC20.name() (contracts/lib/ERC20.sol#37-39) (function)
- IERC20Detailed.name() (contracts/interfaces/IERC20Detailed.sol#10) (function)
ERC20.constructor(string,string,uint8).symbol (contracts/lib/ERC20.sol#26) shadows:
- ERC20.symbol() (contracts/lib/ERC20.sol#44-46) (function)
- IERC20Detailed.symbol() (contracts/interfaces/IERC20Detailed.sol#11) (function)
ERC20.constructor(string,string,uint8).decimals (contracts/lib/ERC20.sol#27) shadows:
- ERC20.decimals() (contracts/lib/ERC20.sol#51-53) (function)
- IERC20Detailed.decimals() (contracts/interfaces/IERC20Detailed.sol#12) (function)
ERC20WithSnapshot.constructor(string,string,uint8).name (contracts/lib/ERC20WithSnapshot.sol#29) shadows:
- ERC20.name() (contracts/lib/ERC20.sol#37-39) (function)
- IERC20Detailed.name() (contracts/interfaces/IERC20Detailed.sol#10) (function)
ERC20WithSnapshot.constructor(string,string,uint8).symbol (contracts/lib/ERC20WithSnapshot.sol#29) shadows:
- ERC20.symbol() (contracts/lib/ERC20.sol#44-46) (function)
- IERC20Detailed.symbol() (contracts/interfaces/IERC20Detailed.sol#11) (function)
ERC20WithSnapshot.constructor(string,string,uint8).decimals (contracts/lib/ERC20WithSnapshot.sol#29) shadows:
- ERC20.decimals() (contracts/lib/ERC20.sol#51-53) (function)
- IERC20Detailed.decimals() (contracts/interfaces/IERC20Detailed.sol#12) (function)
InitializableAdminUpgradeabilityProxy.initialize(address,address,bytes)._admin (contracts/lib/InitializableAdminUpgradeabilityProxy.sol#28) shadows:
- BaseAdminUpgradeabilityProxy._admin() (contracts/lib/BaseAdminUpgradeabilityProxy.sol#101-106) (function)
AaveIncentivesController.getRewardsBalance(address[],address).assets (contracts/stake/AaveIncentivesController.sol#82) shadows:
- AaveDistributionManager.assets (contracts/stake/AaveDistributionManager.sol#30) (state variable)
AaveIncentivesController.claimRewards(address[],uint256,address,bool).assets (contracts/stake/AaveIncentivesController.sol#110) shadows:
- AaveDistributionManager.assets (contracts/stake/AaveDistributionManager.sol#30) (state variable)
StakedToken.constructor(IERC20,IERC20,uint256,uint256,address,address,uint128,string,string,uint8).name (contracts/stake/StakedToken.sol#53) shadows:
- ERC20.name() (contracts/lib/ERC20.sol#37-39) (function)
- IERC20Detailed.name() (contracts/interfaces/IERC20Detailed.sol#10) (function)
StakedToken.constructor(IERC20,IERC20,uint256,uint256,address,address,uint128,string,string,uint8).symbol (contracts/stake/StakedToken.sol#54) shadows:
- ERC20.symbol() (contracts/lib/ERC20.sol#44-46) (function)
- IERC20Detailed.symbol() (contracts/interfaces/IERC20Detailed.sol#11) (function)
StakedToken.constructor(IERC20,IERC20,uint256,uint256,address,address,uint128,string,string,uint8).decimals (contracts/stake/StakedToken.sol#55) shadows:
- ERC20.decimals() (contracts/lib/ERC20.sol#51-53) (function)
- IERC20Detailed.decimals() (contracts/interfaces/IERC20Detailed.sol#12) (function)
StakedToken.initialize(ITransferHook,string,string,uint8).name (contracts/stake/StakedToken.sol#67) shadows:
- ERC20.name() (contracts/lib/ERC20.sol#37-39) (function)
- IERC20Detailed.name() (contracts/interfaces/IERC20Detailed.sol#10) (function)
StakedToken.initialize(ITransferHook,string,string,uint8).symbol (contracts/stake/StakedToken.sol#67) shadows:
- ERC20.symbol() (contracts/lib/ERC20.sol#44-46) (function)
- IERC20Detailed.symbol() (contracts/interfaces/IERC20Detailed.sol#11) (function)
StakedToken.initialize(ITransferHook,string,string,uint8).decimals (contracts/stake/StakedToken.sol#67) shadows:
- ERC20.decimals() (contracts/lib/ERC20.sol#51-53) (function)
- IERC20Detailed.decimals() (contracts/interfaces/IERC20Detailed.sol#12) (function)
MintableErc20.constructor(string,string,uint8).name (contracts/utils/MintableErc20.sol#12) shadows:
- ERC20.name() (contracts/lib/ERC20.sol#37-39) (function)
- IERC20Detailed.name() (contracts/interfaces/IERC20Detailed.sol#10) (function)
MintableErc20.constructor(string,string,uint8).symbol (contracts/utils/MintableErc20.sol#13) shadows:
- ERC20.symbol() (contracts/lib/ERC20.sol#44-46) (function)
- IERC20Detailed.symbol() (contracts/interfaces/IERC20Detailed.sol#11) (function)
MintableErc20.constructor(string,string,uint8).decimals (contracts/utils/MintableErc20.sol#14) shadows:
- ERC20.decimals() (contracts/lib/ERC20.sol#51-53) (function)
- IERC20Detailed.decimals() (contracts/interfaces/IERC20Detailed.sol#12) (function)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#local-variable-shadowing
INFO:Detectors:
InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (contracts/lib/InitializableUpgradeabilityProxy.sol#21) lacks a zero-check on :
- (success) = _logic.delegatecall(_data) (contracts/lib/InitializableUpgradeabilityProxy.sol#28)
BaseAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes).newImplementation (contracts/lib/BaseAdminUpgradeabilityProxy.sol#88) lacks a zero-check on :
- (success) = newImplementation.delegatecall(data) (contracts/lib/BaseAdminUpgradeabilityProxy.sol#94)
UpgradeabilityProxy.constructor(address,bytes)._logic (contracts/lib/UpgradeabilityProxy.sol#21) lacks a zero-check on :
- (success) = _logic.delegatecall(_data) (contracts/lib/UpgradeabilityProxy.sol#27)
AaveDistributionManager.constructor(address,uint256).emissionManager (contracts/stake/AaveDistributionManager.sol#36) lacks a zero-check on :
- EMISSION_MANAGER = emissionManager (contracts/stake/AaveDistributionManager.sol#38)
AaveIncentivesController.constructor(IERC20,address,IStakedAave,uint256,address,uint128).rewardsVault (contracts/stake/AaveIncentivesController.sol#39) lacks a zero-check on :
- REWARDS_VAULT = rewardsVault (contracts/stake/AaveIncentivesController.sol#46)
StakedToken.constructor(IERC20,IERC20,uint256,uint256,address,address,uint128,string,string,uint8).rewardsVault (contracts/stake/StakedToken.sol#50) lacks a zero-check on :
- REWARDS_VAULT = rewardsVault (contracts/stake/StakedToken.sol#61)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-zero-address-validation
INFO:Detectors:
Modifier BaseAdminUpgradeabilityProxy.ifAdmin() (contracts/lib/BaseAdminUpgradeabilityProxy.sol#37-43) does not always execute _; or revertReference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-modifier
INFO:Detectors:
AaveIncentivesController.getRewardsBalance(address[],address) (contracts/stake/AaveIncentivesController.sol#82-100) has external calls inside a loop: (userState[i].stakedByUser,userState[i].totalStaked) = IAToken(assets[i]).getScaledUserBalanceAndSupply(user) (contracts/stake/AaveIncentivesController.sol#95-96)
AaveIncentivesController.claimRewards(address[],uint256,address,bool) (contracts/stake/AaveIncentivesController.sol#109-153) has external calls inside a loop: (userState[i].stakedByUser,userState[i].totalStaked) = IAToken(assets[i]).getScaledUserBalanceAndSupply(user) (contracts/stake/AaveIncentivesController.sol#126-127)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation/#calls-inside-a-loop
INFO:Detectors:
Reentrancy in AaveIncentivesController.claimRewards(address[],uint256,address,bool) (contracts/stake/AaveIncentivesController.sol#109-153):
External calls:
- REWARD_TOKEN.transferFrom(REWARDS_VAULT,address(this),amountToClaim) (contracts/stake/AaveIncentivesController.sol#145)
- PSM.stake(to,amountToClaim) (contracts/stake/AaveIncentivesController.sol#146)
- REWARD_TOKEN.transferFrom(REWARDS_VAULT,to,amountToClaim) (contracts/stake/AaveIncentivesController.sol#148)
Event emitted after the call(s):
- RewardsClaimed(msg.sender,to,amountToClaim) (contracts/stake/AaveIncentivesController.sol#150)
Reentrancy in StakedToken.claimRewards(address,uint256) (contracts/stake/StakedToken.sol#148-161):
External calls:
- REWARD_TOKEN.safeTransferFrom(REWARDS_VAULT,to,amountToClaim) (contracts/stake/StakedToken.sol#158)
Event emitted after the call(s):
- RewardsClaimed(msg.sender,to,amountToClaim) (contracts/stake/StakedToken.sol#160)
Reentrancy in StakedToken.redeem(address,uint256) (contracts/stake/StakedToken.sol#102-129):
External calls:
- _burn(msg.sender,amountToRedeem) (contracts/stake/StakedToken.sol#120)
- aaveGovernance.onTransfer(from,to,amount) (contracts/lib/ERC20WithSnapshot.sol#84)
- IERC20(STAKED_TOKEN).safeTransfer(to,amountToRedeem) (contracts/stake/StakedToken.sol#126)
Event emitted after the call(s):
- Redeem(msg.sender,to,amountToRedeem) (contracts/stake/StakedToken.sol#128)
Reentrancy in StakedToken.stake(address,uint256) (contracts/stake/StakedToken.sol#74-95):
External calls:
- _mint(onBehalfOf,amount) (contracts/stake/StakedToken.sol#91)
- aaveGovernance.onTransfer(from,to,amount) (contracts/lib/ERC20WithSnapshot.sol#84)
- IERC20(STAKED_TOKEN).safeTransferFrom(msg.sender,address(this),amount) (contracts/stake/StakedToken.sol#92)
Event emitted after the call(s):
- Staked(msg.sender,onBehalfOf,amount) (contracts/stake/StakedToken.sol#94)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-3
INFO:Detectors:
AaveDistributionManager._updateAssetStateInternal(address,AaveDistributionManager.AssetData,uint256) (contracts/stake/AaveDistributionManager.sol#73-100) uses timestamp for comparisons
Dangerous comparisons:
- block.timestamp == lastUpdateTimestamp (contracts/stake/AaveDistributionManager.sol#81)
- newIndex != oldIndex (contracts/stake/AaveDistributionManager.sol#92)
AaveDistributionManager._updateUserAssetInternal(address,address,uint256,uint256) (contracts/stake/AaveDistributionManager.sol#110-132) uses timestamp for comparisons
Dangerous comparisons:
- userIndex != newIndex (contracts/stake/AaveDistributionManager.sol#122)
AaveDistributionManager._getAssetIndex(uint256,uint256,uint128,uint256) (contracts/stake/AaveDistributionManager.sol#212-235) uses timestamp for comparisons
Dangerous comparisons:
- emissionPerSecond == 0 || totalBalance == 0 || lastUpdateTimestamp == block.timestamp || lastUpdateTimestamp >= DISTRIBUTION_END (contracts/stake/AaveDistributionManager.sol#219-222)
- block.timestamp > DISTRIBUTION_END (contracts/stake/AaveDistributionManager.sol#227-229)
AaveIncentivesController.handleAction(address,uint256,uint256) (contracts/stake/AaveIncentivesController.sol#65-75) uses timestamp for comparisons
Dangerous comparisons:
- accruedRewards != 0 (contracts/stake/AaveIncentivesController.sol#71)
AaveIncentivesController.claimRewards(address[],uint256,address,bool) (contracts/stake/AaveIncentivesController.sol#109-153) uses timestamp for comparisons
Dangerous comparisons:
- accruedRewards != 0 (contracts/stake/AaveIncentivesController.sol#131)
- unclaimedRewards == 0 (contracts/stake/AaveIncentivesController.sol#136)
- amount > unclaimedRewards (contracts/stake/AaveIncentivesController.sol#140)
StakedToken.stake(address,uint256) (contracts/stake/StakedToken.sol#74-95) uses timestamp for comparisons
Dangerous comparisons:
- accruedRewards != 0 (contracts/stake/StakedToken.sol#84)
StakedToken.redeem(address,uint256) (contracts/stake/StakedToken.sol#102-129) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(block.timestamp > cooldownStartTimestamp.add(COOLDOWN_SECONDS),INSUFFICIENT_COOLDOWN) (contracts/stake/StakedToken.sol#106-109)
- require(bool,string)(block.timestamp.sub(cooldownStartTimestamp.add(COOLDOWN_SECONDS)) <= UNSTAKE_WINDOW,UNSTAKE_WINDOW_FINISHED) (contracts/stake/StakedToken.sol#110-113)
StakedToken._updateCurrentUnclaimedRewards(address,uint256,bool) (contracts/stake/StakedToken.sol#201-222) uses timestamp for comparisons
Dangerous comparisons:
- accruedRewards != 0 (contracts/stake/StakedToken.sol#214)
StakedToken.getNextCooldownTimestamp(uint256,uint256,address,uint256) (contracts/stake/StakedToken.sol#238-272) uses timestamp for comparisons
Dangerous comparisons:
- toCooldownTimestamp == 0 (contracts/stake/StakedToken.sol#245)
- minimalValidCooldownTimestamp > toCooldownTimestamp (contracts/stake/StakedToken.sol#253)
- fromCooldownTimestamp_scope_0 < toCooldownTimestamp (contracts/stake/StakedToken.sol#260)
- (minimalValidCooldownTimestamp > fromCooldownTimestamp) (contracts/stake/StakedToken.sol#256-258)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#block-timestamp
INFO:Detectors:
Address.isContract(address) (contracts/lib/Address.sol#26-37) uses assembly
- INLINE ASM (contracts/lib/Address.sol#33-35)
BaseAdminUpgradeabilityProxy._admin() (contracts/lib/BaseAdminUpgradeabilityProxy.sol#101-106) uses assembly
- INLINE ASM (contracts/lib/BaseAdminUpgradeabilityProxy.sol#103-105)
BaseAdminUpgradeabilityProxy._setAdmin(address) (contracts/lib/BaseAdminUpgradeabilityProxy.sol#112-118) uses assembly
- INLINE ASM (contracts/lib/BaseAdminUpgradeabilityProxy.sol#115-117)
BaseUpgradeabilityProxy._implementation() (contracts/lib/BaseUpgradeabilityProxy.sol#33-38) uses assembly
- INLINE ASM (contracts/lib/BaseUpgradeabilityProxy.sol#35-37)
BaseUpgradeabilityProxy._setImplementation(address) (contracts/lib/BaseUpgradeabilityProxy.sol#53-64) uses assembly
- INLINE ASM (contracts/lib/BaseUpgradeabilityProxy.sol#61-63)
Proxy._delegate(address) (contracts/lib/Proxy.sol#32-55) uses assembly
- INLINE ASM (contracts/lib/Proxy.sol#33-54)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage
INFO:Detectors:
Address.sendValue(address,uint256) (contracts/lib/Address.sol#55-61) is never used and should be removed
Context._msgData() (contracts/lib/Context.sol#21-24) is never used and should be removed
SafeERC20.safeApprove(IERC20,address,uint256) (contracts/lib/SafeERC20.sol#31-36) is never used and should be removed
SafeMath.mod(uint256,uint256) (contracts/lib/SafeMath.sol#141-143) is never used and should be removed
SafeMath.mod(uint256,uint256,string) (contracts/lib/SafeMath.sol#156-163) is never used and should be removed
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dead-code
INFO:Detectors:
Low level call in Address.sendValue(address,uint256) (contracts/lib/Address.sol#55-61):
- (success) = recipient.call{value: amount}() (contracts/lib/Address.sol#59)
Low level call in BaseAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes) (contracts/lib/BaseAdminUpgradeabilityProxy.sol#88-96):
- (success) = newImplementation.delegatecall(data) (contracts/lib/BaseAdminUpgradeabilityProxy.sol#94)
Low level call in InitializableUpgradeabilityProxy.initialize(address,bytes) (contracts/lib/InitializableUpgradeabilityProxy.sol#21-31):
- (success) = _logic.delegatecall(_data) (contracts/lib/InitializableUpgradeabilityProxy.sol#28)
Low level call in SafeERC20.callOptionalReturn(IERC20,bytes) (contracts/lib/SafeERC20.sol#38-49):
- (success,returndata) = address(token).call(data) (contracts/lib/SafeERC20.sol#42)
Low level call in UpgradeabilityProxy.constructor(address,bytes) (contracts/lib/UpgradeabilityProxy.sol#21-30):
- (success) = _logic.delegatecall(_data) (contracts/lib/UpgradeabilityProxy.sol#27)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls
INFO:Detectors:
Variable ERC20WithSnapshot._snapshots (contracts/lib/ERC20WithSnapshot.sol#20) is not in mixedCase
Variable ERC20WithSnapshot._countsSnapshots (contracts/lib/ERC20WithSnapshot.sol#21) is not in mixedCase
Variable ERC20WithSnapshot._aaveGovernance (contracts/lib/ERC20WithSnapshot.sol#25) is not in mixedCase
Parameter InitializableAdminUpgradeabilityProxy.initialize(address,address,bytes)._logic (contracts/lib/InitializableAdminUpgradeabilityProxy.sol#27) is not in mixedCase
Parameter InitializableAdminUpgradeabilityProxy.initialize(address,address,bytes)._admin (contracts/lib/InitializableAdminUpgradeabilityProxy.sol#28) is not in mixedCase
Parameter InitializableAdminUpgradeabilityProxy.initialize(address,address,bytes)._data (contracts/lib/InitializableAdminUpgradeabilityProxy.sol#29) is not in mixedCase
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (contracts/lib/InitializableUpgradeabilityProxy.sol#21) is not in mixedCase
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._data (contracts/lib/InitializableUpgradeabilityProxy.sol#21) is not in mixedCase
Variable ATokenMock._aic (contracts/mocks/ATokenMock.sol#10) is not in mixedCase
Variable ATokenMock._userBalance (contracts/mocks/ATokenMock.sol#11) is not in mixedCase
Variable ATokenMock._totalSupply (contracts/mocks/ATokenMock.sol#12) is not in mixedCase
Variable AaveDistributionManager.DISTRIBUTION_END (contracts/stake/AaveDistributionManager.sol#24) is not in mixedCase
Variable AaveDistributionManager.EMISSION_MANAGER (contracts/stake/AaveDistributionManager.sol#26) is not in mixedCase
Parameter AaveIncentivesController.getUserUnclaimedRewards(address)._user (contracts/stake/AaveIncentivesController.sol#160) is not in mixedCase
Variable AaveIncentivesController.PSM (contracts/stake/AaveIncentivesController.sol#26) is not in mixedCase
Variable AaveIncentivesController.REWARD_TOKEN (contracts/stake/AaveIncentivesController.sol#28) is not in mixedCase
Variable AaveIncentivesController.REWARDS_VAULT (contracts/stake/AaveIncentivesController.sol#29) is not in mixedCase
Variable AaveIncentivesController.EXTRA_PSM_REWARD (contracts/stake/AaveIncentivesController.sol#30) is not in mixedCase
Variable AaveIncentivesController._usersUnclaimedRewards (contracts/stake/AaveIncentivesController.sol#32) is not in mixedCase
Variable StakedToken.STAKED_TOKEN (contracts/stake/StakedToken.sol#24) is not in mixedCase
Variable StakedToken.REWARD_TOKEN (contracts/stake/StakedToken.sol#25) is not in mixedCase
Variable StakedToken.COOLDOWN_SECONDS (contracts/stake/StakedToken.sol#26) is not in mixedCase
Variable StakedToken.UNSTAKE_WINDOW (contracts/stake/StakedToken.sol#29) is not in mixedCase
Variable StakedToken.REWARDS_VAULT (contracts/stake/StakedToken.sol#32) is not in mixedCase
Variable VersionedInitializable.______gap (contracts/utils/VersionedInitializable.sol#44) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
INFO:Detectors:
Redundant expression "this (contracts/lib/Context.sol#22)" inContext (contracts/lib/Context.sol#16-25)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#redundant-statements
INFO:Detectors:
ATokenMock._aic (contracts/mocks/ATokenMock.sol#10) should be immutable
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#state-variables-that-could-be-declared-immutable
INFO:Slither:0x4da27a545c0c5b758a6ba100e3a049001de870f5 analyzed (28 contracts with 82 detectors), 96 result(s) found
Slither report for AaveOracle at `0x54586bE62E3c3580375aE3723C145253060Ca0C2`
'solc --standard-json --allow-paths /home/runner/work/seatbelt-for-ghosts/seatbelt-for-ghosts/crytic-export/etherscan-contracts/0x54586be62e3c3580375ae3723c145253060ca0c2-AaveOracle' running
INFO:Detectors:
AaveOracle.constructor(IPoolAddressesProvider,address[],address[],address,address,uint256).baseCurrency (@aave/core-v3/contracts/misc/AaveOracle.sol#52) lacks a zero-check on :
- BASE_CURRENCY = baseCurrency (@aave/core-v3/contracts/misc/AaveOracle.sol#58)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-zero-address-validation
INFO:Detectors:
AaveOracle.getAssetPrice(address) (@aave/core-v3/contracts/misc/AaveOracle.sol#104-119) has external calls inside a loop: _fallbackOracle.getAssetPrice(asset) (@aave/core-v3/contracts/misc/AaveOracle.sol#110)
AaveOracle.getAssetPrice(address) (@aave/core-v3/contracts/misc/AaveOracle.sol#104-119) has external calls inside a loop: price = source.latestAnswer() (@aave/core-v3/contracts/misc/AaveOracle.sol#112)
AaveOracle.getAssetPrice(address) (@aave/core-v3/contracts/misc/AaveOracle.sol#104-119) has external calls inside a loop: _fallbackOracle.getAssetPrice(asset) (@aave/core-v3/contracts/misc/AaveOracle.sol#116)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation/#calls-inside-a-loop
INFO:Detectors:
Function IACLManager.ADDRESSES_PROVIDER() (@aave/core-v3/contracts/interfaces/IACLManager.sol#16) is not in mixedCase
Function IACLManager.POOL_ADMIN_ROLE() (@aave/core-v3/contracts/interfaces/IACLManager.sol#22) is not in mixedCase
Function IACLManager.EMERGENCY_ADMIN_ROLE() (@aave/core-v3/contracts/interfaces/IACLManager.sol#28) is not in mixedCase
Function IACLManager.RISK_ADMIN_ROLE() (@aave/core-v3/contracts/interfaces/IACLManager.sol#34) is not in mixedCase
Function IACLManager.FLASH_BORROWER_ROLE() (@aave/core-v3/contracts/interfaces/IACLManager.sol#40) is not in mixedCase
Function IACLManager.BRIDGE_ROLE() (@aave/core-v3/contracts/interfaces/IACLManager.sol#46) is not in mixedCase
Function IACLManager.ASSET_LISTING_ADMIN_ROLE() (@aave/core-v3/contracts/interfaces/IACLManager.sol#52) is not in mixedCase
Function IAaveOracle.ADDRESSES_PROVIDER() (@aave/core-v3/contracts/interfaces/IAaveOracle.sol#37) is not in mixedCase
Function IPriceOracleGetter.BASE_CURRENCY() (@aave/core-v3/contracts/interfaces/IPriceOracleGetter.sol#15) is not in mixedCase
Function IPriceOracleGetter.BASE_CURRENCY_UNIT() (@aave/core-v3/contracts/interfaces/IPriceOracleGetter.sol#22) is not in mixedCase
Variable AaveOracle.ADDRESSES_PROVIDER (@aave/core-v3/contracts/misc/AaveOracle.sol#20) is not in mixedCase
Variable AaveOracle.BASE_CURRENCY (@aave/core-v3/contracts/misc/AaveOracle.sol#26) is not in mixedCase
Variable AaveOracle.BASE_CURRENCY_UNIT (@aave/core-v3/contracts/misc/AaveOracle.sol#27) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
INFO:Slither:0x54586be62e3c3580375ae3723c145253060ca0c2 analyzed (7 contracts with 82 detectors), 17 result(s) found
Slither report for InitializableImmutableAdminUpgradeabilityProxy at `0x64b761D848206f447Fe2dd461b0c635Ec39EbB27` with implementation PoolConfigurator at `0xFDA7ffA872bDc906D43079EA134ebC9a511db0c2`
'solc --standard-json --allow-paths /home/runner/work/seatbelt-for-ghosts/seatbelt-for-ghosts/crytic-export/etherscan-contracts/0x64b761d848206f447fe2dd461b0c635ec39ebb27-InitializableImmutableAdminUpgradeabilityProxy' running
Warning: Warning: This declaration has the same name as another declaration.
--> @aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:23:15:
|
23 | constructor(address admin) {
| ^^^^^^^^^^^^^
Note: The other declaration is here:
--> @aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:39:3:
|
39 | function admin() external ifAdmin returns (address) {
| ^ (Relevant source part starts here and spans across multiple lines).
Warning: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
--> @aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol:11:1:
|
11 | contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
| ^ (Relevant source part starts here and spans across multiple lines).
Note: The payable fallback function is defined here.
--> @aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:17:3:
|
17 | fallback() external payable {
| ^ (Relevant source part starts here and spans across multiple lines).
Warning: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
--> @aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:16:1:
|
16 | contract BaseImmutableAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
| ^ (Relevant source part starts here and spans across multiple lines).
Note: The payable fallback function is defined here.
--> @aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:17:3:
|
17 | fallback() external payable {
| ^ (Relevant source part starts here and spans across multiple lines).
Warning: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
--> @aave/core-v3/contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol:13:1:
|
13 | contract InitializableImmutableAdminUpgradeabilityProxy is
| ^ (Relevant source part starts here and spans across multiple lines).
Note: The payable fallback function is defined here.
--> @aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:17:3:
|
17 | fallback() external payable {
| ^ (Relevant source part starts here and spans across multiple lines).
INFO:Detectors:
InitializableUpgradeabilityProxy.initialize(address,bytes) (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20-28) uses delegatecall to a input-controlled function id
- (success) = _logic.delegatecall(_data) (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#controlled-delegatecall
INFO:Detectors:
BaseImmutableAdminUpgradeabilityProxy.constructor(address).admin (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#23) shadows:
- BaseImmutableAdminUpgradeabilityProxy.admin() (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#39-41) (function)
InitializableImmutableAdminUpgradeabilityProxy.constructor(address).admin (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol#21) shadows:
- BaseImmutableAdminUpgradeabilityProxy.admin() (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#39-41) (function)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#local-variable-shadowing
INFO:Detectors:
InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) lacks a zero-check on :
- (success) = _logic.delegatecall(_data) (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
BaseImmutableAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes).newImplementation (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#69) lacks a zero-check on :
- (success) = newImplementation.delegatecall(data) (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#75)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-zero-address-validation
INFO:Detectors:
Modifier BaseImmutableAdminUpgradeabilityProxy.ifAdmin() (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#27-33) does not always execute _; or revertReference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-modifier
INFO:Detectors:
Address.isContract(address) (@aave/core-v3/contracts/dependencies/openzeppelin/contracts/Address.sol#25-36) uses assembly
- INLINE ASM (@aave/core-v3/contracts/dependencies/openzeppelin/contracts/Address.sol#32-34)
BaseUpgradeabilityProxy._implementation() (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#32-38) uses assembly
- INLINE ASM (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#35-37)
BaseUpgradeabilityProxy._setImplementation(address) (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#53-65) uses assembly
- INLINE ASM (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#62-64)
Proxy._delegate(address) (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/Proxy.sol#32-56) uses assembly
- INLINE ASM (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/Proxy.sol#34-55)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage
INFO:Detectors:
Address.sendValue(address,uint256) (@aave/core-v3/contracts/dependencies/openzeppelin/contracts/Address.sol#54-60) is never used and should be removed
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dead-code
INFO:Detectors:
Low level call in Address.sendValue(address,uint256) (@aave/core-v3/contracts/dependencies/openzeppelin/contracts/Address.sol#54-60):
- (success) = recipient.call{value: amount}() (@aave/core-v3/contracts/dependencies/openzeppelin/contracts/Address.sol#58)
Low level call in InitializableUpgradeabilityProxy.initialize(address,bytes) (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20-28):
- (success) = _logic.delegatecall(_data) (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
Low level call in BaseImmutableAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes) (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#69-77):
- (success) = newImplementation.delegatecall(data) (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#75)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls
INFO:Detectors:
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) is not in mixedCase
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._data (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) is not in mixedCase
Variable BaseImmutableAdminUpgradeabilityProxy._admin (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#17) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
INFO:Slither:0x64b761d848206f447fe2dd461b0c635ec39ebb27 analyzed (6 contracts with 82 detectors), 17 result(s) found
Slither report for ConfiguratorLogic at `0x66aC02C3120B848d65231ce977aF3dB1f60B97F9`
'solc --standard-json --allow-paths /home/runner/work/seatbelt-for-ghosts/seatbelt-for-ghosts/crytic-export/etherscan-contracts/0x66ac02c3120b848d65231ce977af3db1f60b97f9-ConfiguratorLogic' running
Warning: Warning: This declaration has the same name as another declaration.
--> @aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:23:15:
|
23 | constructor(address admin) {
| ^^^^^^^^^^^^^
Note: The other declaration is here:
--> @aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:39:3:
|
39 | function admin() external ifAdmin returns (address) {
| ^ (Relevant source part starts here and spans across multiple lines).
Warning: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
--> @aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol:11:1:
|
11 | contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
| ^ (Relevant source part starts here and spans across multiple lines).
Note: The payable fallback function is defined here.
--> @aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:17:3:
|
17 | fallback() external payable {
| ^ (Relevant source part starts here and spans across multiple lines).
Warning: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
--> @aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:16:1:
|
16 | contract BaseImmutableAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
| ^ (Relevant source part starts here and spans across multiple lines).
Note: The payable fallback function is defined here.
--> @aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:17:3:
|
17 | fallback() external payable {
| ^ (Relevant source part starts here and spans across multiple lines).
Warning: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
--> @aave/core-v3/contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol:13:1:
|
13 | contract InitializableImmutableAdminUpgradeabilityProxy is
| ^ (Relevant source part starts here and spans across multiple lines).
Note: The payable fallback function is defined here.
--> @aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:17:3:
|
17 | fallback() external payable {
| ^ (Relevant source part starts here and spans across multiple lines).
INFO:Detectors:
InitializableUpgradeabilityProxy.initialize(address,bytes) (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20-28) uses delegatecall to a input-controlled function id
- (success) = _logic.delegatecall(_data) (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#controlled-delegatecall
INFO:Detectors:
ConfiguratorLogic.executeUpdateAToken(IPool,ConfiguratorInputTypes.UpdateATokenInput) (@aave/core-v3/contracts/protocol/libraries/logic/ConfiguratorLogic.sol#129-152) ignores return value by (decimals) = cachedPool.getConfiguration(input.asset).getParams() (@aave/core-v3/contracts/protocol/libraries/logic/ConfiguratorLogic.sol#135)
ConfiguratorLogic.executeUpdateStableDebtToken(IPool,ConfiguratorInputTypes.UpdateDebtTokenInput) (@aave/core-v3/contracts/protocol/libraries/logic/ConfiguratorLogic.sol#160-190) ignores return value by (decimals) = cachedPool.getConfiguration(input.asset).getParams() (@aave/core-v3/contracts/protocol/libraries/logic/ConfiguratorLogic.sol#166)
ConfiguratorLogic.executeUpdateVariableDebtToken(IPool,ConfiguratorInputTypes.UpdateDebtTokenInput) (@aave/core-v3/contracts/protocol/libraries/logic/ConfiguratorLogic.sol#198-228) ignores return value by (decimals) = cachedPool.getConfiguration(input.asset).getParams() (@aave/core-v3/contracts/protocol/libraries/logic/ConfiguratorLogic.sol#204)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unused-return
INFO:Detectors:
BaseImmutableAdminUpgradeabilityProxy.constructor(address).admin (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#23) shadows:
- BaseImmutableAdminUpgradeabilityProxy.admin() (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#39-41) (function)
InitializableImmutableAdminUpgradeabilityProxy.constructor(address).admin (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol#21) shadows:
- BaseImmutableAdminUpgradeabilityProxy.admin() (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#39-41) (function)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#local-variable-shadowing
INFO:Detectors:
InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) lacks a zero-check on :
- (success) = _logic.delegatecall(_data) (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
BaseImmutableAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes).newImplementation (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#69) lacks a zero-check on :
- (success) = newImplementation.delegatecall(data) (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#75)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-zero-address-validation
INFO:Detectors:
Modifier BaseImmutableAdminUpgradeabilityProxy.ifAdmin() (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#27-33) does not always execute _; or revertReference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-modifier
INFO:Detectors:
Reentrancy in ConfiguratorLogic.executeInitReserve(IPool,ConfiguratorInputTypes.InitReserveInput) (@aave/core-v3/contracts/protocol/libraries/logic/ConfiguratorLogic.sol#50-121):
External calls:
- aTokenProxyAddress = _initTokenWithProxy(input.aTokenImpl,abi.encodeWithSelector(IInitializableAToken.initialize.selector,pool,input.treasury,input.underlyingAsset,input.incentivesController,input.underlyingAssetDecimals,input.aTokenName,input.aTokenSymbol,input.params)) (@aave/core-v3/contracts/protocol/libraries/logic/ConfiguratorLogic.sol#53-66)
- proxy.initialize(implementation,initParams) (@aave/core-v3/contracts/protocol/libraries/logic/ConfiguratorLogic.sol#244)
- stableDebtTokenProxyAddress = _initTokenWithProxy(input.stableDebtTokenImpl,abi.encodeWithSelector(IInitializableDebtToken.initialize.selector,pool,input.underlyingAsset,input.incentivesController,input.underlyingAssetDecimals,input.stableDebtTokenName,input.stableDebtTokenSymbol,input.params)) (@aave/core-v3/contracts/protocol/libraries/logic/ConfiguratorLogic.sol#68-80)
- proxy.initialize(implementation,initParams) (@aave/core-v3/contracts/protocol/libraries/logic/ConfiguratorLogic.sol#244)
- variableDebtTokenProxyAddress = _initTokenWithProxy(input.variableDebtTokenImpl,abi.encodeWithSelector(IInitializableDebtToken.initialize.selector,pool,input.underlyingAsset,input.incentivesController,input.underlyingAssetDecimals,input.variableDebtTokenName,input.variableDebtTokenSymbol,input.params)) (@aave/core-v3/contracts/protocol/libraries/logic/ConfiguratorLogic.sol#82-94)
- proxy.initialize(implementation,initParams) (@aave/core-v3/contracts/protocol/libraries/logic/ConfiguratorLogic.sol#244)
- pool.initReserve(input.underlyingAsset,aTokenProxyAddress,stableDebtTokenProxyAddress,variableDebtTokenProxyAddress,input.interestRateStrategyAddress) (@aave/core-v3/contracts/protocol/libraries/logic/ConfiguratorLogic.sol#96-102)
- pool.setConfiguration(input.underlyingAsset,currentConfig) (@aave/core-v3/contracts/protocol/libraries/logic/ConfiguratorLogic.sol#112)
Event emitted after the call(s):
- ReserveInitialized(input.underlyingAsset,aTokenProxyAddress,stableDebtTokenProxyAddress,variableDebtTokenProxyAddress,input.interestRateStrategyAddress) (@aave/core-v3/contracts/protocol/libraries/logic/ConfiguratorLogic.sol#114-120)
Reentrancy in ConfiguratorLogic.executeUpdateAToken(IPool,ConfiguratorInputTypes.UpdateATokenInput) (@aave/core-v3/contracts/protocol/libraries/logic/ConfiguratorLogic.sol#129-152):
External calls:
- _upgradeTokenImplementation(reserveData.aTokenAddress,input.implementation,encodedCall) (@aave/core-v3/contracts/protocol/libraries/logic/ConfiguratorLogic.sol#149)
- proxy.upgradeToAndCall(implementation,initParams) (@aave/core-v3/contracts/protocol/libraries/logic/ConfiguratorLogic.sol#265)
Event emitted after the call(s):
- ATokenUpgraded(input.asset,reserveData.aTokenAddress,input.implementation) (@aave/core-v3/contracts/protocol/libraries/logic/ConfiguratorLogic.sol#151)
Reentrancy in ConfiguratorLogic.executeUpdateStableDebtToken(IPool,ConfiguratorInputTypes.UpdateDebtTokenInput) (@aave/core-v3/contracts/protocol/libraries/logic/ConfiguratorLogic.sol#160-190):
External calls:
- _upgradeTokenImplementation(reserveData.stableDebtTokenAddress,input.implementation,encodedCall) (@aave/core-v3/contracts/protocol/libraries/logic/ConfiguratorLogic.sol#179-183)
- proxy.upgradeToAndCall(implementation,initParams) (@aave/core-v3/contracts/protocol/libraries/logic/ConfiguratorLogic.sol#265)
Event emitted after the call(s):
- StableDebtTokenUpgraded(input.asset,reserveData.stableDebtTokenAddress,input.implementation) (@aave/core-v3/contracts/protocol/libraries/logic/ConfiguratorLogic.sol#185-189)
Reentrancy in ConfiguratorLogic.executeUpdateVariableDebtToken(IPool,ConfiguratorInputTypes.UpdateDebtTokenInput) (@aave/core-v3/contracts/protocol/libraries/logic/ConfiguratorLogic.sol#198-228):
External calls:
- _upgradeTokenImplementation(reserveData.variableDebtTokenAddress,input.implementation,encodedCall) (@aave/core-v3/contracts/protocol/libraries/logic/ConfiguratorLogic.sol#217-221)
- proxy.upgradeToAndCall(implementation,initParams) (@aave/core-v3/contracts/protocol/libraries/logic/ConfiguratorLogic.sol#265)
Event emitted after the call(s):
- VariableDebtTokenUpgraded(input.asset,reserveData.variableDebtTokenAddress,input.implementation) (@aave/core-v3/contracts/protocol/libraries/logic/ConfiguratorLogic.sol#223-227)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-3
INFO:Detectors:
Address.isContract(address) (@aave/core-v3/contracts/dependencies/openzeppelin/contracts/Address.sol#25-36) uses assembly
- INLINE ASM (@aave/core-v3/contracts/dependencies/openzeppelin/contracts/Address.sol#32-34)
BaseUpgradeabilityProxy._implementation() (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#32-38) uses assembly
- INLINE ASM (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#35-37)
BaseUpgradeabilityProxy._setImplementation(address) (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#53-65) uses assembly
- INLINE ASM (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#62-64)
Proxy._delegate(address) (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/Proxy.sol#32-56) uses assembly
- INLINE ASM (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/Proxy.sol#34-55)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage
INFO:Detectors:
Address.sendValue(address,uint256) (@aave/core-v3/contracts/dependencies/openzeppelin/contracts/Address.sol#54-60) is never used and should be removed
ReserveConfiguration.getActive(DataTypes.ReserveConfigurationMap) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#189-191) is never used and should be removed
ReserveConfiguration.getBorrowCap(DataTypes.ReserveConfigurationMap) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#399-405) is never used and should be removed
ReserveConfiguration.getBorrowableInIsolation(DataTypes.ReserveConfigurationMap) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#260-266) is never used and should be removed
ReserveConfiguration.getBorrowingEnabled(DataTypes.ReserveConfigurationMap) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#316-322) is never used and should be removed
ReserveConfiguration.getCaps(DataTypes.ReserveConfigurationMap) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#648-659) is never used and should be removed
ReserveConfiguration.getDebtCeiling(DataTypes.ReserveConfigurationMap) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#453-459) is never used and should be removed
ReserveConfiguration.getDecimals(DataTypes.ReserveConfigurationMap) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#165-171) is never used and should be removed
ReserveConfiguration.getEModeCategory(DataTypes.ReserveConfigurationMap) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#542-548) is never used and should be removed
ReserveConfiguration.getFlags(DataTypes.ReserveConfigurationMap) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#586-606) is never used and should be removed
ReserveConfiguration.getFlashLoanEnabled(DataTypes.ReserveConfigurationMap) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#569-575) is never used and should be removed
ReserveConfiguration.getFrozen(DataTypes.ReserveConfigurationMap) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#209-211) is never used and should be removed
ReserveConfiguration.getLiquidationBonus(DataTypes.ReserveConfigurationMap) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#138-144) is never used and should be removed
ReserveConfiguration.getLiquidationProtocolFee(DataTypes.ReserveConfigurationMap) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#485-492) is never used and should be removed
ReserveConfiguration.getLiquidationThreshold(DataTypes.ReserveConfigurationMap) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#109-115) is never used and should be removed
ReserveConfiguration.getLtv(DataTypes.ReserveConfigurationMap) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#84-86) is never used and should be removed
ReserveConfiguration.getPaused(DataTypes.ReserveConfigurationMap) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#229-231) is never used and should be removed
ReserveConfiguration.getReserveFactor(DataTypes.ReserveConfigurationMap) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#372-378) is never used and should be removed
ReserveConfiguration.getSiloedBorrowing(DataTypes.ReserveConfigurationMap) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#289-295) is never used and should be removed
ReserveConfiguration.getStableRateBorrowingEnabled(DataTypes.ReserveConfigurationMap) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#343-349) is never used and should be removed
ReserveConfiguration.getSupplyCap(DataTypes.ReserveConfigurationMap) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#426-432) is never used and should be removed
ReserveConfiguration.getUnbackedMintCap(DataTypes.ReserveConfigurationMap) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#515-521) is never used and should be removed
ReserveConfiguration.setBorrowCap(DataTypes.ReserveConfigurationMap,uint256) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#385-392) is never used and should be removed
ReserveConfiguration.setBorrowableInIsolation(DataTypes.ReserveConfigurationMap,bool) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#242-249) is never used and should be removed
ReserveConfiguration.setBorrowingEnabled(DataTypes.ReserveConfigurationMap,bool) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#302-309) is never used and should be removed
ReserveConfiguration.setDebtCeiling(DataTypes.ReserveConfigurationMap,uint256) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#439-446) is never used and should be removed
ReserveConfiguration.setEModeCategory(DataTypes.ReserveConfigurationMap,uint256) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#528-535) is never used and should be removed
ReserveConfiguration.setFlashLoanEnabled(DataTypes.ReserveConfigurationMap,bool) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#555-562) is never used and should be removed
ReserveConfiguration.setLiquidationBonus(DataTypes.ReserveConfigurationMap,uint256) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#122-131) is never used and should be removed
ReserveConfiguration.setLiquidationProtocolFee(DataTypes.ReserveConfigurationMap,uint256) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#466-478) is never used and should be removed
ReserveConfiguration.setLiquidationThreshold(DataTypes.ReserveConfigurationMap,uint256) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#93-102) is never used and should be removed
ReserveConfiguration.setLtv(DataTypes.ReserveConfigurationMap,uint256) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#73-77) is never used and should be removed
ReserveConfiguration.setReserveFactor(DataTypes.ReserveConfigurationMap,uint256) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#356-365) is never used and should be removed
ReserveConfiguration.setSiloedBorrowing(DataTypes.ReserveConfigurationMap,bool) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#274-281) is never used and should be removed
ReserveConfiguration.setStableRateBorrowingEnabled(DataTypes.ReserveConfigurationMap,bool) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#329-336) is never used and should be removed
ReserveConfiguration.setSupplyCap(DataTypes.ReserveConfigurationMap,uint256) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#412-419) is never used and should be removed
ReserveConfiguration.setUnbackedMintCap(DataTypes.ReserveConfigurationMap,uint256) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#499-508) is never used and should be removed
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dead-code
INFO:Detectors:
Low level call in Address.sendValue(address,uint256) (@aave/core-v3/contracts/dependencies/openzeppelin/contracts/Address.sol#54-60):
- (success) = recipient.call{value: amount}() (@aave/core-v3/contracts/dependencies/openzeppelin/contracts/Address.sol#58)
Low level call in InitializableUpgradeabilityProxy.initialize(address,bytes) (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20-28):
- (success) = _logic.delegatecall(_data) (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
Low level call in BaseImmutableAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes) (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#69-77):
- (success) = newImplementation.delegatecall(data) (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#75)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls
INFO:Detectors:
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) is not in mixedCase
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._data (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) is not in mixedCase
Function IPool.ADDRESSES_PROVIDER() (@aave/core-v3/contracts/interfaces/IPool.sol#630) is not in mixedCase
Function IPool.MAX_STABLE_RATE_BORROW_SIZE_PERCENT() (@aave/core-v3/contracts/interfaces/IPool.sol#693) is not in mixedCase
Function IPool.FLASHLOAN_PREMIUM_TOTAL() (@aave/core-v3/contracts/interfaces/IPool.sol#699) is not in mixedCase
Function IPool.BRIDGE_PROTOCOL_FEE() (@aave/core-v3/contracts/interfaces/IPool.sol#705) is not in mixedCase
Function IPool.FLASHLOAN_PREMIUM_TO_PROTOCOL() (@aave/core-v3/contracts/interfaces/IPool.sol#711) is not in mixedCase
Function IPool.MAX_NUMBER_RESERVES() (@aave/core-v3/contracts/interfaces/IPool.sol#717) is not in mixedCase
Variable BaseImmutableAdminUpgradeabilityProxy._admin (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#17) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
INFO:Slither:0x66ac02c3120b848d65231ce977af3db1f60b97f9 analyzed (16 contracts with 82 detectors), 66 result(s) found
Slither report for AaveProtocolDataProvider at `0x7B4EB56E7CD4b454BA8ff71E4518426369a138a3`
'solc --standard-json --allow-paths /home/runner/work/seatbelt-for-ghosts/seatbelt-for-ghosts/crytic-export/etherscan-contracts/0x7b4eb56e7cd4b454ba8ff71e4518426369a138a3-AaveProtocolDataProvider' running
INFO:Detectors:
AaveProtocolDataProvider.getReserveConfigurationData(address) (@aave/core-v3/contracts/misc/AaveProtocolDataProvider.sol#77-103) ignores return value by (ltv,liquidationThreshold,liquidationBonus,decimals,reserveFactor,None) = configuration.getParams() (@aave/core-v3/contracts/misc/AaveProtocolDataProvider.sol#97-98)
AaveProtocolDataProvider.getReserveConfigurationData(address) (@aave/core-v3/contracts/misc/AaveProtocolDataProvider.sol#77-103) ignores return value by (isActive,isFrozen,borrowingEnabled,stableBorrowRateEnabled,None) = configuration.getFlags() (@aave/core-v3/contracts/misc/AaveProtocolDataProvider.sol#100)
AaveProtocolDataProvider.getPaused(address) (@aave/core-v3/contracts/misc/AaveProtocolDataProvider.sol#123-125) ignores return value by (None,None,None,None,isPaused) = IPool(ADDRESSES_PROVIDER.getPool()).getConfiguration(asset).getFlags() (@aave/core-v3/contracts/misc/AaveProtocolDataProvider.sol#124)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unused-return
INFO:Detectors:
AaveProtocolDataProvider.getAllReservesTokens() (@aave/core-v3/contracts/misc/AaveProtocolDataProvider.sol#40-59) has external calls inside a loop: reservesTokens[i] = TokenData(IERC20Detailed(reserves[i]).symbol(),reserves[i]) (@aave/core-v3/contracts/misc/AaveProtocolDataProvider.sol#53-56)
AaveProtocolDataProvider.getAllATokens() (@aave/core-v3/contracts/misc/AaveProtocolDataProvider.sol#62-74) has external calls inside a loop: reserveData = pool.getReserveData(reserves[i]) (@aave/core-v3/contracts/misc/AaveProtocolDataProvider.sol#67)
AaveProtocolDataProvider.getAllATokens() (@aave/core-v3/contracts/misc/AaveProtocolDataProvider.sol#62-74) has external calls inside a loop: aTokens[i] = TokenData(IERC20Detailed(reserveData.aTokenAddress).symbol(),reserveData.aTokenAddress) (@aave/core-v3/contracts/misc/AaveProtocolDataProvider.sol#68-71)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation/#calls-inside-a-loop
INFO:Detectors:
WadRayMath.wadMul(uint256,uint256) (@aave/core-v3/contracts/protocol/libraries/math/WadRayMath.sol#29-38) uses assembly
- INLINE ASM (@aave/core-v3/contracts/protocol/libraries/math/WadRayMath.sol#31-37)
WadRayMath.wadDiv(uint256,uint256) (@aave/core-v3/contracts/protocol/libraries/math/WadRayMath.sol#47-56) uses assembly
- INLINE ASM (@aave/core-v3/contracts/protocol/libraries/math/WadRayMath.sol#49-55)
WadRayMath.rayMul(uint256,uint256) (@aave/core-v3/contracts/protocol/libraries/math/WadRayMath.sol#65-74) uses assembly
- INLINE ASM (@aave/core-v3/contracts/protocol/libraries/math/WadRayMath.sol#67-73)
WadRayMath.rayDiv(uint256,uint256) (@aave/core-v3/contracts/protocol/libraries/math/WadRayMath.sol#83-92) uses assembly
- INLINE ASM (@aave/core-v3/contracts/protocol/libraries/math/WadRayMath.sol#85-91)
WadRayMath.rayToWad(uint256) (@aave/core-v3/contracts/protocol/libraries/math/WadRayMath.sol#100-108) uses assembly
- INLINE ASM (@aave/core-v3/contracts/protocol/libraries/math/WadRayMath.sol#101-107)
WadRayMath.wadToRay(uint256) (@aave/core-v3/contracts/protocol/libraries/math/WadRayMath.sol#116-125) uses assembly
- INLINE ASM (@aave/core-v3/contracts/protocol/libraries/math/WadRayMath.sol#118-124)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage
INFO:Detectors:
ReserveConfiguration.getActive(DataTypes.ReserveConfigurationMap) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#189-191) is never used and should be removed
ReserveConfiguration.getBorrowCap(DataTypes.ReserveConfigurationMap) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#399-405) is never used and should be removed
ReserveConfiguration.getBorrowableInIsolation(DataTypes.ReserveConfigurationMap) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#260-266) is never used and should be removed
ReserveConfiguration.getBorrowingEnabled(DataTypes.ReserveConfigurationMap) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#316-322) is never used and should be removed
ReserveConfiguration.getDecimals(DataTypes.ReserveConfigurationMap) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#165-171) is never used and should be removed
ReserveConfiguration.getFrozen(DataTypes.ReserveConfigurationMap) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#209-211) is never used and should be removed
ReserveConfiguration.getLiquidationBonus(DataTypes.ReserveConfigurationMap) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#138-144) is never used and should be removed
ReserveConfiguration.getLiquidationThreshold(DataTypes.ReserveConfigurationMap) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#109-115) is never used and should be removed
ReserveConfiguration.getLtv(DataTypes.ReserveConfigurationMap) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#84-86) is never used and should be removed
ReserveConfiguration.getPaused(DataTypes.ReserveConfigurationMap) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#229-231) is never used and should be removed
ReserveConfiguration.getReserveFactor(DataTypes.ReserveConfigurationMap) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#372-378) is never used and should be removed
ReserveConfiguration.getStableRateBorrowingEnabled(DataTypes.ReserveConfigurationMap) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#343-349) is never used and should be removed
ReserveConfiguration.getSupplyCap(DataTypes.ReserveConfigurationMap) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#426-432) is never used and should be removed
ReserveConfiguration.setActive(DataTypes.ReserveConfigurationMap,bool) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#178-182) is never used and should be removed
ReserveConfiguration.setBorrowCap(DataTypes.ReserveConfigurationMap,uint256) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#385-392) is never used and should be removed
ReserveConfiguration.setBorrowableInIsolation(DataTypes.ReserveConfigurationMap,bool) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#242-249) is never used and should be removed
ReserveConfiguration.setBorrowingEnabled(DataTypes.ReserveConfigurationMap,bool) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#302-309) is never used and should be removed
ReserveConfiguration.setDebtCeiling(DataTypes.ReserveConfigurationMap,uint256) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#439-446) is never used and should be removed
ReserveConfiguration.setDecimals(DataTypes.ReserveConfigurationMap,uint256) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#151-158) is never used and should be removed
ReserveConfiguration.setEModeCategory(DataTypes.ReserveConfigurationMap,uint256) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#528-535) is never used and should be removed
ReserveConfiguration.setFlashLoanEnabled(DataTypes.ReserveConfigurationMap,bool) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#555-562) is never used and should be removed
ReserveConfiguration.setFrozen(DataTypes.ReserveConfigurationMap,bool) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#198-202) is never used and should be removed
ReserveConfiguration.setLiquidationBonus(DataTypes.ReserveConfigurationMap,uint256) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#122-131) is never used and should be removed
ReserveConfiguration.setLiquidationProtocolFee(DataTypes.ReserveConfigurationMap,uint256) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#466-478) is never used and should be removed
ReserveConfiguration.setLiquidationThreshold(DataTypes.ReserveConfigurationMap,uint256) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#93-102) is never used and should be removed
ReserveConfiguration.setLtv(DataTypes.ReserveConfigurationMap,uint256) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#73-77) is never used and should be removed
ReserveConfiguration.setPaused(DataTypes.ReserveConfigurationMap,bool) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#218-222) is never used and should be removed
ReserveConfiguration.setReserveFactor(DataTypes.ReserveConfigurationMap,uint256) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#356-365) is never used and should be removed
ReserveConfiguration.setSiloedBorrowing(DataTypes.ReserveConfigurationMap,bool) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#274-281) is never used and should be removed
ReserveConfiguration.setStableRateBorrowingEnabled(DataTypes.ReserveConfigurationMap,bool) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#329-336) is never used and should be removed
ReserveConfiguration.setSupplyCap(DataTypes.ReserveConfigurationMap,uint256) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#412-419) is never used and should be removed
ReserveConfiguration.setUnbackedMintCap(DataTypes.ReserveConfigurationMap,uint256) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#499-508) is never used and should be removed
UserConfiguration._getFirstAssetIdByMask(DataTypes.UserConfigurationMap,uint256) (@aave/core-v3/contracts/protocol/libraries/configuration/UserConfiguration.sol#235-250) is never used and should be removed
UserConfiguration.getIsolationModeState(DataTypes.UserConfigurationMap,mapping(address => DataTypes.ReserveData),mapping(uint256 => address)) (@aave/core-v3/contracts/protocol/libraries/configuration/UserConfiguration.sol#181-204) is never used and should be removed
UserConfiguration.getSiloedBorrowingState(DataTypes.UserConfigurationMap,mapping(address => DataTypes.ReserveData),mapping(uint256 => address)) (@aave/core-v3/contracts/protocol/libraries/configuration/UserConfiguration.sol#214-228) is never used and should be removed
UserConfiguration.isBorrowing(DataTypes.UserConfigurationMap,uint256) (@aave/core-v3/contracts/protocol/libraries/configuration/UserConfiguration.sol#87-96) is never used and should be removed
UserConfiguration.isBorrowingAny(DataTypes.UserConfigurationMap) (@aave/core-v3/contracts/protocol/libraries/configuration/UserConfiguration.sol#159-161) is never used and should be removed
UserConfiguration.isBorrowingOne(DataTypes.UserConfigurationMap) (@aave/core-v3/contracts/protocol/libraries/configuration/UserConfiguration.sol#149-152) is never used and should be removed
UserConfiguration.isEmpty(DataTypes.UserConfigurationMap) (@aave/core-v3/contracts/protocol/libraries/configuration/UserConfiguration.sol#168-170) is never used and should be removed
UserConfiguration.isUsingAsCollateralAny(DataTypes.UserConfigurationMap) (@aave/core-v3/contracts/protocol/libraries/configuration/UserConfiguration.sol#135-141) is never used and should be removed
UserConfiguration.isUsingAsCollateralOne(DataTypes.UserConfigurationMap) (@aave/core-v3/contracts/protocol/libraries/configuration/UserConfiguration.sol#121-128) is never used and should be removed
UserConfiguration.isUsingAsCollateralOrBorrowing(DataTypes.UserConfigurationMap,uint256) (@aave/core-v3/contracts/protocol/libraries/configuration/UserConfiguration.sol#71-79) is never used and should be removed
UserConfiguration.setBorrowing(DataTypes.UserConfigurationMap,uint256,bool) (@aave/core-v3/contracts/protocol/libraries/configuration/UserConfiguration.sol#27-41) is never used and should be removed
UserConfiguration.setUsingAsCollateral(DataTypes.UserConfigurationMap,uint256,bool) (@aave/core-v3/contracts/protocol/libraries/configuration/UserConfiguration.sol#49-63) is never used and should be removed
WadRayMath.rayDiv(uint256,uint256) (@aave/core-v3/contracts/protocol/libraries/math/WadRayMath.sol#83-92) is never used and should be removed
WadRayMath.rayMul(uint256,uint256) (@aave/core-v3/contracts/protocol/libraries/math/WadRayMath.sol#65-74) is never used and should be removed
WadRayMath.rayToWad(uint256) (@aave/core-v3/contracts/protocol/libraries/math/WadRayMath.sol#100-108) is never used and should be removed
WadRayMath.wadDiv(uint256,uint256) (@aave/core-v3/contracts/protocol/libraries/math/WadRayMath.sol#47-56) is never used and should be removed
WadRayMath.wadMul(uint256,uint256) (@aave/core-v3/contracts/protocol/libraries/math/WadRayMath.sol#29-38) is never used and should be removed
WadRayMath.wadToRay(uint256) (@aave/core-v3/contracts/protocol/libraries/math/WadRayMath.sol#116-125) is never used and should be removed
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dead-code
INFO:Detectors:
Function IPool.ADDRESSES_PROVIDER() (@aave/core-v3/contracts/interfaces/IPool.sol#630) is not in mixedCase
Function IPool.MAX_STABLE_RATE_BORROW_SIZE_PERCENT() (@aave/core-v3/contracts/interfaces/IPool.sol#693) is not in mixedCase
Function IPool.FLASHLOAN_PREMIUM_TOTAL() (@aave/core-v3/contracts/interfaces/IPool.sol#699) is not in mixedCase
Function IPool.BRIDGE_PROTOCOL_FEE() (@aave/core-v3/contracts/interfaces/IPool.sol#705) is not in mixedCase
Function IPool.FLASHLOAN_PREMIUM_TO_PROTOCOL() (@aave/core-v3/contracts/interfaces/IPool.sol#711) is not in mixedCase
Function IPool.MAX_NUMBER_RESERVES() (@aave/core-v3/contracts/interfaces/IPool.sol#717) is not in mixedCase
Function IPoolDataProvider.ADDRESSES_PROVIDER() (@aave/core-v3/contracts/interfaces/IPoolDataProvider.sol#21) is not in mixedCase
Function IStableDebtToken.UNDERLYING_ASSET_ADDRESS() (@aave/core-v3/contracts/interfaces/IStableDebtToken.sol#152) is not in mixedCase
Function IVariableDebtToken.UNDERLYING_ASSET_ADDRESS() (@aave/core-v3/contracts/interfaces/IVariableDebtToken.sol#49) is not in mixedCase
Variable AaveProtocolDataProvider.ADDRESSES_PROVIDER (@aave/core-v3/contracts/misc/AaveProtocolDataProvider.sol#29) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
INFO:Slither:0x7b4eb56e7cd4b454ba8ff71e4518426369a138a3 analyzed (16 contracts with 82 detectors), 72 result(s) found
Slither report for InitializableAdminUpgradeabilityProxy at `0x7Fc66500c84A76Ad7e9c93437bFc5Ac33E2DDaE9` with implementation AaveTokenV2 at `0x96F68837877fd0414B55050c9e794AECdBcfCA59`
'solc --standard-json --allow-paths /home/runner/work/seatbelt-for-ghosts/seatbelt-for-ghosts/crytic-export/etherscan-contracts/0x7fc66500c84a76ad7e9c93437bfc5ac33e2ddae9-InitializableAdminUpgradeabilityProxy' running
Warning: contracts/open-zeppelin/Address.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/BaseUpgradeabilityProxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/Proxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/SafeMath.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/UpgradeabilityProxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol:13:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract BaseAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/open-zeppelin/Proxy.sol:15:3: The payable fallback function is defined here.
fallback () payable external {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/open-zeppelin/Proxy.sol:15:3: The payable fallback function is defined here.
fallback () payable external {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/open-zeppelin/InitializableAdminUpgradeabilityProxy.sol:12:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableAdminUpgradeabilityProxy is BaseAdminUpgradeabilityProxy, InitializableUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/open-zeppelin/Proxy.sol:15:3: The payable fallback function is defined here.
fallback () payable external {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/utils/MockTransferHook.sol:9:25: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function onTransfer(address from, address to, uint256 amount) external override {
^----------^
Warning: contracts/utils/MockTransferHook.sol:9:39: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function onTransfer(address from, address to, uint256 amount) external override {
^--------^
Warning: contracts/utils/MockTransferHook.sol:9:51: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function onTransfer(address from, address to, uint256 amount) external override {
^------------^
INFO:Detectors:
InitializableUpgradeabilityProxy.initialize(address,bytes) (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#20-28) uses delegatecall to a input-controlled function id
- (success) = _logic.delegatecall(_data) (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#25)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#controlled-delegatecall
INFO:Detectors:
LendToAaveMigrator.migrateFromLEND(uint256) (contracts/token/LendToAaveMigrator.sol#61-68) ignores return value by LEND.transferFrom(msg.sender,address(this),amount) (contracts/token/LendToAaveMigrator.sol#65)
LendToAaveMigrator.migrateFromLEND(uint256) (contracts/token/LendToAaveMigrator.sol#61-68) ignores return value by AAVE.transfer(msg.sender,amount.div(LEND_AAVE_RATIO)) (contracts/token/LendToAaveMigrator.sol#66)
DoubleTransferHelper.doubleSend(address,uint256,uint256) (contracts/utils/DoubleTransferHelper.sol#14-17) ignores return value by AAVE.transfer(to,amount1) (contracts/utils/DoubleTransferHelper.sol#15)
DoubleTransferHelper.doubleSend(address,uint256,uint256) (contracts/utils/DoubleTransferHelper.sol#14-17) ignores return value by AAVE.transfer(to,amount2) (contracts/utils/DoubleTransferHelper.sol#16)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unchecked-transfer
INFO:Detectors:
AaveToken._writeSnapshot(address,uint128,uint128) (contracts/token/AaveToken.sol#138-153) uses a dangerous strict equality:
- ownerCountOfSnapshots != 0 && snapshotsOwner[ownerCountOfSnapshots.sub(1)].blockNumber == currentBlock (contracts/token/AaveToken.sol#145)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dangerous-strict-equalities
INFO:Detectors:
Reentrancy in AaveToken.initialize(address,address,ITransferHook) (contracts/token/AaveToken.sol#59-85):
External calls:
- _mint(migrator,MIGRATION_AMOUNT) (contracts/token/AaveToken.sol#83)
- aaveGovernance.onTransfer(from,to,amount) (contracts/token/AaveToken.sol#181)
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
- aaveGovernance.onTransfer(from,to,amount) (contracts/token/AaveToken.sol#181)
State variables written after the call(s):
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
- _balances[account] = _balances[account].add(amount) (contracts/open-zeppelin/ERC20.sol#235)
ERC20._balances (contracts/open-zeppelin/ERC20.sol#38) can be used in cross function reentrancies:
- ERC20._mint(address,uint256) (contracts/open-zeppelin/ERC20.sol#229-237)
- ERC20._transfer(address,address,uint256) (contracts/open-zeppelin/ERC20.sol#209-218)
- ERC20.balanceOf(address) (contracts/open-zeppelin/ERC20.sol#105-107)
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
- _countsSnapshots[owner] = ownerCountOfSnapshots.add(1) (contracts/token/AaveToken.sol#149)
AaveToken._countsSnapshots (contracts/token/AaveToken.sol#38) can be used in cross function reentrancies:
- AaveToken._countsSnapshots (contracts/token/AaveToken.sol#38)
- AaveToken._writeSnapshot(address,uint128,uint128) (contracts/token/AaveToken.sol#138-153)
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
- snapshotsOwner[ownerCountOfSnapshots.sub(1)].value = newValue (contracts/token/AaveToken.sol#146)
- snapshotsOwner[ownerCountOfSnapshots] = Snapshot(currentBlock,newValue) (contracts/token/AaveToken.sol#148)
AaveToken._snapshots (contracts/token/AaveToken.sol#36) can be used in cross function reentrancies:
- AaveToken._snapshots (contracts/token/AaveToken.sol#36)
- AaveToken._writeSnapshot(address,uint128,uint128) (contracts/token/AaveToken.sol#138-153)
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
- _totalSupply = _totalSupply.add(amount) (contracts/open-zeppelin/ERC20.sol#234)
ERC20._totalSupply (contracts/open-zeppelin/ERC20.sol#42) can be used in cross function reentrancies:
- ERC20._mint(address,uint256) (contracts/open-zeppelin/ERC20.sol#229-237)
- ERC20.totalSupply() (contracts/open-zeppelin/ERC20.sol#98-100)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-1
INFO:Detectors:
ERC20.constructor(string,string).name (contracts/open-zeppelin/ERC20.sol#57) shadows:
- ERC20.name() (contracts/open-zeppelin/ERC20.sol#66-68) (function)
ERC20.constructor(string,string).symbol (contracts/open-zeppelin/ERC20.sol#57) shadows:
- ERC20.symbol() (contracts/open-zeppelin/ERC20.sol#74-76) (function)
InitializableAdminUpgradeabilityProxy.initialize(address,address,bytes)._admin (contracts/open-zeppelin/InitializableAdminUpgradeabilityProxy.sol#22) shadows:
- BaseAdminUpgradeabilityProxy._admin() (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#94-99) (function)
MintableErc20.constructor(string,string,uint8).name (contracts/utils/MintableErc20.sol#11) shadows:
- ERC20.name() (contracts/open-zeppelin/ERC20.sol#66-68) (function)
MintableErc20.constructor(string,string,uint8).symbol (contracts/utils/MintableErc20.sol#11) shadows:
- ERC20.symbol() (contracts/open-zeppelin/ERC20.sol#74-76) (function)
MintableErc20.constructor(string,string,uint8).decimals (contracts/utils/MintableErc20.sol#11) shadows:
- ERC20.decimals() (contracts/open-zeppelin/ERC20.sol#91-93) (function)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#local-variable-shadowing
INFO:Detectors:
InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#20) lacks a zero-check on :
- (success) = _logic.delegatecall(_data) (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#25)
BaseAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes).newImplementation (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#85) lacks a zero-check on :
- (success) = newImplementation.delegatecall(data) (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#87)
UpgradeabilityProxy.constructor(address,bytes)._logic (contracts/open-zeppelin/UpgradeabilityProxy.sol#19) lacks a zero-check on :
- (success) = _logic.delegatecall(_data) (contracts/open-zeppelin/UpgradeabilityProxy.sol#23)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-zero-address-validation
INFO:Detectors:
Modifier BaseAdminUpgradeabilityProxy.ifAdmin() (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#34-40) does not always execute _; or revertReference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-modifier
INFO:Detectors:
Reentrancy in AaveToken.initialize(address,address,ITransferHook) (contracts/token/AaveToken.sol#59-85):
External calls:
- _mint(migrator,MIGRATION_AMOUNT) (contracts/token/AaveToken.sol#83)
- aaveGovernance.onTransfer(from,to,amount) (contracts/token/AaveToken.sol#181)
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
- aaveGovernance.onTransfer(from,to,amount) (contracts/token/AaveToken.sol#181)
Event emitted after the call(s):
- SnapshotDone(owner,oldValue,newValue) (contracts/token/AaveToken.sol#152)
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
- Transfer(address(0),account,amount) (contracts/open-zeppelin/ERC20.sol#236)
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
Reentrancy in LendToAaveMigrator.migrateFromLEND(uint256) (contracts/token/LendToAaveMigrator.sol#61-68):
External calls:
- LEND.transferFrom(msg.sender,address(this),amount) (contracts/token/LendToAaveMigrator.sol#65)
- AAVE.transfer(msg.sender,amount.div(LEND_AAVE_RATIO)) (contracts/token/LendToAaveMigrator.sol#66)
Event emitted after the call(s):
- LendMigrated(msg.sender,amount) (contracts/token/LendToAaveMigrator.sol#67)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-3
INFO:Detectors:
AaveToken.permit(address,address,uint256,uint256,uint8,bytes32,bytes32) (contracts/token/AaveToken.sol#98-123) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(block.timestamp <= deadline,INVALID_EXPIRATION) (contracts/token/AaveToken.sol#109)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#block-timestamp
INFO:Detectors:
Address.isContract(address) (contracts/open-zeppelin/Address.sol#24-33) uses assembly
- INLINE ASM (contracts/open-zeppelin/Address.sol#31)
BaseAdminUpgradeabilityProxy._admin() (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#94-99) uses assembly
- INLINE ASM (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#96-98)
BaseAdminUpgradeabilityProxy._setAdmin(address) (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#105-111) uses assembly
- INLINE ASM (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#108-110)
BaseUpgradeabilityProxy._implementation() (contracts/open-zeppelin/BaseUpgradeabilityProxy.sol#30-35) uses assembly
- INLINE ASM (contracts/open-zeppelin/BaseUpgradeabilityProxy.sol#32-34)
BaseUpgradeabilityProxy._setImplementation(address) (contracts/open-zeppelin/BaseUpgradeabilityProxy.sol#50-58) uses assembly
- INLINE ASM (contracts/open-zeppelin/BaseUpgradeabilityProxy.sol#55-57)
Proxy._delegate(address) (contracts/open-zeppelin/Proxy.sol#30-49) uses assembly
- INLINE ASM (contracts/open-zeppelin/Proxy.sol#31-48)
AaveToken.initialize(address,address,ITransferHook) (contracts/token/AaveToken.sol#59-85) uses assembly
- INLINE ASM (contracts/token/AaveToken.sol#68-70)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage
INFO:Detectors:
Address.sendValue(address,uint256) (contracts/open-zeppelin/Address.sol#51-57) is never used and should be removed
Context._msgData() (contracts/open-zeppelin/Context.sol#20-23) is never used and should be removed
ERC20._burn(address,uint256) (contracts/open-zeppelin/ERC20.sol#250-258) is never used and should be removed
SafeMath.mod(uint256,uint256) (contracts/open-zeppelin/SafeMath.sol#131-133) is never used and should be removed
SafeMath.mod(uint256,uint256,string) (contracts/open-zeppelin/SafeMath.sol#146-149) is never used and should be removed
SafeMath.mul(uint256,uint256) (contracts/open-zeppelin/SafeMath.sol#71-83) is never used and should be removed
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dead-code
INFO:Detectors:
Low level call in Address.sendValue(address,uint256) (contracts/open-zeppelin/Address.sol#51-57):
- (success) = recipient.call{value: amount}() (contracts/open-zeppelin/Address.sol#55)
Low level call in BaseAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes) (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#85-89):
- (success) = newImplementation.delegatecall(data) (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#87)
Low level call in InitializableUpgradeabilityProxy.initialize(address,bytes) (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#20-28):
- (success) = _logic.delegatecall(_data) (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#25)
Low level call in UpgradeabilityProxy.constructor(address,bytes) (contracts/open-zeppelin/UpgradeabilityProxy.sol#19-26):
- (success) = _logic.delegatecall(_data) (contracts/open-zeppelin/UpgradeabilityProxy.sol#23)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls
INFO:Detectors:
DoubleTransferHelper (contracts/utils/DoubleTransferHelper.sol#6-19) should inherit from VersionedInitializable (contracts/utils/VersionedInitializable.sol#18-44)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-inheritance
INFO:Detectors:
Variable ERC20._name (contracts/open-zeppelin/ERC20.sol#44) is not in mixedCase
Variable ERC20._symbol (contracts/open-zeppelin/ERC20.sol#45) is not in mixedCase
Parameter InitializableAdminUpgradeabilityProxy.initialize(address,address,bytes)._logic (contracts/open-zeppelin/InitializableAdminUpgradeabilityProxy.sol#22) is not in mixedCase
Parameter InitializableAdminUpgradeabilityProxy.initialize(address,address,bytes)._admin (contracts/open-zeppelin/InitializableAdminUpgradeabilityProxy.sol#22) is not in mixedCase
Parameter InitializableAdminUpgradeabilityProxy.initialize(address,address,bytes)._data (contracts/open-zeppelin/InitializableAdminUpgradeabilityProxy.sol#22) is not in mixedCase
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#20) is not in mixedCase
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._data (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#20) is not in mixedCase
Variable AaveToken._nonces (contracts/token/AaveToken.sol#34) is not in mixedCase
Variable AaveToken._snapshots (contracts/token/AaveToken.sol#36) is not in mixedCase
Variable AaveToken._countsSnapshots (contracts/token/AaveToken.sol#38) is not in mixedCase
Variable AaveToken._aaveGovernance (contracts/token/AaveToken.sol#43) is not in mixedCase
Variable AaveToken.DOMAIN_SEPARATOR (contracts/token/AaveToken.sol#45) is not in mixedCase
Variable LendToAaveMigrator.AAVE (contracts/token/LendToAaveMigrator.sol#17) is not in mixedCase
Variable LendToAaveMigrator.LEND (contracts/token/LendToAaveMigrator.sol#18) is not in mixedCase
Variable LendToAaveMigrator.LEND_AAVE_RATIO (contracts/token/LendToAaveMigrator.sol#19) is not in mixedCase
Variable LendToAaveMigrator._totalLendMigrated (contracts/token/LendToAaveMigrator.sol#22) is not in mixedCase
Variable DoubleTransferHelper.AAVE (contracts/utils/DoubleTransferHelper.sol#8) is not in mixedCase
Variable VersionedInitializable.______gap (contracts/utils/VersionedInitializable.sol#43) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
INFO:Detectors:
Redundant expression "this (contracts/open-zeppelin/Context.sol#21)" inContext (contracts/open-zeppelin/Context.sol#15-25)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#redundant-statements
INFO:Slither:0x7fc66500c84a76ad7e9c93437bfc5ac33e2ddae9 analyzed (19 contracts with 82 detectors), 57 result(s) found
Slither report for InitializableImmutableAdminUpgradeabilityProxy at `0x87870Bca3F3fD6335C3F4ce8392D69350B4fA4E2` with implementation Pool at `0xF1Cd4193bbc1aD4a23E833170f49d60f3D35a621`
'solc --standard-json --allow-paths /home/runner/work/seatbelt-for-ghosts/seatbelt-for-ghosts/crytic-export/etherscan-contracts/0x87870bca3f3fd6335c3f4ce8392d69350b4fa4e2-InitializableImmutableAdminUpgradeabilityProxy' running
Warning: Warning: This declaration has the same name as another declaration.
--> @aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:23:15:
|
23 | constructor(address admin) {
| ^^^^^^^^^^^^^
Note: The other declaration is here:
--> @aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:39:3:
|
39 | function admin() external ifAdmin returns (address) {
| ^ (Relevant source part starts here and spans across multiple lines).
Warning: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
--> @aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol:11:1:
|
11 | contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
| ^ (Relevant source part starts here and spans across multiple lines).
Note: The payable fallback function is defined here.
--> @aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:17:3:
|
17 | fallback() external payable {
| ^ (Relevant source part starts here and spans across multiple lines).
Warning: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
--> @aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:16:1:
|
16 | contract BaseImmutableAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
| ^ (Relevant source part starts here and spans across multiple lines).
Note: The payable fallback function is defined here.
--> @aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:17:3:
|
17 | fallback() external payable {
| ^ (Relevant source part starts here and spans across multiple lines).
Warning: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
--> @aave/core-v3/contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol:13:1:
|
13 | contract InitializableImmutableAdminUpgradeabilityProxy is
| ^ (Relevant source part starts here and spans across multiple lines).
Note: The payable fallback function is defined here.
--> @aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:17:3:
|
17 | fallback() external payable {
| ^ (Relevant source part starts here and spans across multiple lines).
INFO:Detectors:
InitializableUpgradeabilityProxy.initialize(address,bytes) (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20-28) uses delegatecall to a input-controlled function id
- (success) = _logic.delegatecall(_data) (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#controlled-delegatecall
INFO:Detectors:
BaseImmutableAdminUpgradeabilityProxy.constructor(address).admin (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#23) shadows:
- BaseImmutableAdminUpgradeabilityProxy.admin() (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#39-41) (function)
InitializableImmutableAdminUpgradeabilityProxy.constructor(address).admin (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol#21) shadows:
- BaseImmutableAdminUpgradeabilityProxy.admin() (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#39-41) (function)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#local-variable-shadowing
INFO:Detectors:
InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) lacks a zero-check on :
- (success) = _logic.delegatecall(_data) (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
BaseImmutableAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes).newImplementation (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#69) lacks a zero-check on :
- (success) = newImplementation.delegatecall(data) (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#75)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-zero-address-validation
INFO:Detectors:
Modifier BaseImmutableAdminUpgradeabilityProxy.ifAdmin() (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#27-33) does not always execute _; or revertReference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-modifier
INFO:Detectors:
Address.isContract(address) (@aave/core-v3/contracts/dependencies/openzeppelin/contracts/Address.sol#25-36) uses assembly
- INLINE ASM (@aave/core-v3/contracts/dependencies/openzeppelin/contracts/Address.sol#32-34)
BaseUpgradeabilityProxy._implementation() (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#32-38) uses assembly
- INLINE ASM (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#35-37)
BaseUpgradeabilityProxy._setImplementation(address) (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#53-65) uses assembly
- INLINE ASM (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#62-64)
Proxy._delegate(address) (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/Proxy.sol#32-56) uses assembly
- INLINE ASM (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/Proxy.sol#34-55)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage
INFO:Detectors:
Address.sendValue(address,uint256) (@aave/core-v3/contracts/dependencies/openzeppelin/contracts/Address.sol#54-60) is never used and should be removed
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dead-code
INFO:Detectors:
Low level call in Address.sendValue(address,uint256) (@aave/core-v3/contracts/dependencies/openzeppelin/contracts/Address.sol#54-60):
- (success) = recipient.call{value: amount}() (@aave/core-v3/contracts/dependencies/openzeppelin/contracts/Address.sol#58)
Low level call in InitializableUpgradeabilityProxy.initialize(address,bytes) (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20-28):
- (success) = _logic.delegatecall(_data) (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
Low level call in BaseImmutableAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes) (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#69-77):
- (success) = newImplementation.delegatecall(data) (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#75)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls
INFO:Detectors:
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) is not in mixedCase
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._data (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) is not in mixedCase
Variable BaseImmutableAdminUpgradeabilityProxy._admin (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#17) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
INFO:Slither:0x87870bca3f3fd6335c3f4ce8392d69350b4fa4e2 analyzed (6 contracts with 82 detectors), 17 result(s) found
Slither report for AaveTokenV2 at `0x96F68837877fd0414B55050c9e794AECdBcfCA59`
'solc --standard-json --allow-paths /home/runner/work/seatbelt-for-ghosts/seatbelt-for-ghosts/crytic-export/etherscan-contracts/0x96f68837877fd0414b55050c9e794aecdbcfca59-AaveTokenV2' running
Warning: src/contracts/AaveTokenV2.sol:453:18: Warning: This declaration shadows an existing declaration.
constructor (string memory name, string memory symbol) public {
^----------------^
src/contracts/AaveTokenV2.sol:462:5: The shadowed declaration is here:
function name() public view returns (string memory) {
^ (Relevant source part starts here and spans across multiple lines).
Warning: src/contracts/AaveTokenV2.sol:453:38: Warning: This declaration shadows an existing declaration.
constructor (string memory name, string memory symbol) public {
^------------------^
src/contracts/AaveTokenV2.sol:470:5: The shadowed declaration is here:
function symbol() public view returns (string memory) {
^ (Relevant source part starts here and spans across multiple lines).
Warning: src/contracts/AaveTokenV2.sol:35:3: Warning: Interface functions are implicitly "virtual"
function delegateByType(address delegatee, DelegationType delegationType) external virtual;
^-----------------------------------------------------------------------------------------^
Warning: src/contracts/AaveTokenV2.sol:40:3: Warning: Interface functions are implicitly "virtual"
function delegate(address delegatee) external virtual;
^----------------------------------------------------^
Warning: src/contracts/AaveTokenV2.sol:45:3: Warning: Interface functions are implicitly "virtual"
function getDelegateeByType(address delegator, DelegationType delegationType)
^ (Relevant source part starts here and spans across multiple lines).
Warning: src/contracts/AaveTokenV2.sol:56:3: Warning: Interface functions are implicitly "virtual"
function getPowerCurrent(address user, DelegationType delegationType)
^ (Relevant source part starts here and spans across multiple lines).
Warning: src/contracts/AaveTokenV2.sol:66:3: Warning: Interface functions are implicitly "virtual"
function getPowerAtBlock(
^ (Relevant source part starts here and spans across multiple lines).
Warning: src/contracts/AaveTokenV2.sol:75:3: Warning: Interface functions are implicitly "virtual"
function totalSupplyAt(uint256 blockNumber) external virtual view returns (uint256);
^----------------------------------------------------------------------------------^
Warning: src/contracts/AaveTokenV2.sol:453:5: Warning: Visibility for constructor is ignored. If you want the contract to be non-deployable, making it "abstract" is sufficient.
constructor (string memory name, string memory symbol) public {
^ (Relevant source part starts here and spans across multiple lines).
Warning: src/contracts/AaveTokenV2.sol:1164:3: Warning: Visibility for constructor is ignored. If you want the contract to be non-deployable, making it "abstract" is sufficient.
constructor() ERC20(NAME, SYMBOL) public {
^ (Relevant source part starts here and spans across multiple lines).
Warning: src/contracts/AaveTokenV2.sol:913:26: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function totalSupplyAt(uint256 blockNumber) external override view returns (uint256) {
^-----------------^
Warning: src/contracts/AaveTokenV2.sol:1079:5: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
uint128 oldValue,
^--------------^
INFO:Detectors:
AaveTokenV2._votingSnapshots (src/contracts/AaveTokenV2.sol#1137) is never initialized. It is used in:
- AaveTokenV2._getDelegationDataByType(IGovernancePowerDelegationToken.DelegationType) (src/contracts/AaveTokenV2.sol#1268-1287)
AaveTokenV2._votingSnapshotsCounts (src/contracts/AaveTokenV2.sol#1139) is never initialized. It is used in:
- AaveTokenV2._getDelegationDataByType(IGovernancePowerDelegationToken.DelegationType) (src/contracts/AaveTokenV2.sol#1268-1287)
AaveTokenV2._aaveGovernance (src/contracts/AaveTokenV2.sol#1144) is never initialized. It is used in:
- AaveTokenV2._beforeTokenTransfer(address,address,uint256) (src/contracts/AaveTokenV2.sol#1236-1266)
AaveTokenV2.DOMAIN_SEPARATOR (src/contracts/AaveTokenV2.sol#1146) is never initialized. It is used in:
- AaveTokenV2.permit(address,address,uint256,uint256,uint8,bytes32,bytes32) (src/contracts/AaveTokenV2.sol#1194-1218)
- AaveTokenV2.delegateByTypeBySig(address,IGovernancePowerDelegationToken.DelegationType,uint256,uint256,uint8,bytes32,bytes32) (src/contracts/AaveTokenV2.sol#1299-1317)
- AaveTokenV2.delegateBySig(address,uint256,uint256,uint8,bytes32,bytes32) (src/contracts/AaveTokenV2.sol#1328-1344)
AaveTokenV2._propositionPowerSnapshots (src/contracts/AaveTokenV2.sol#1157) is never initialized. It is used in:
- AaveTokenV2._getDelegationDataByType(IGovernancePowerDelegationToken.DelegationType) (src/contracts/AaveTokenV2.sol#1268-1287)
AaveTokenV2._propositionPowerSnapshotsCounts (src/contracts/AaveTokenV2.sol#1158) is never initialized. It is used in:
- AaveTokenV2._getDelegationDataByType(IGovernancePowerDelegationToken.DelegationType) (src/contracts/AaveTokenV2.sol#1268-1287)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#uninitialized-state-variables
INFO:Detectors:
GovernancePowerDelegationERC20._searchByBlockNumber(mapping(address => mapping(uint256 => GovernancePowerDelegationERC20.Snapshot)),mapping(address => uint256),address,uint256) (src/contracts/AaveTokenV2.sol#1012-1050) uses a dangerous strict equality:
- snapshot.blockNumber == blockNumber (src/contracts/AaveTokenV2.sol#1041)
GovernancePowerDelegationERC20._writeSnapshot(mapping(address => mapping(uint256 => GovernancePowerDelegationERC20.Snapshot)),mapping(address => uint256),address,uint128,uint128) (src/contracts/AaveTokenV2.sol#1075-1097) uses a dangerous strict equality:
- ownerSnapshotsCount != 0 && snapshotsOwner[ownerSnapshotsCount - 1].blockNumber == currentBlock (src/contracts/AaveTokenV2.sol#1089-1090)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dangerous-strict-equalities
INFO:Detectors:
ERC20.constructor(string,string).name (src/contracts/AaveTokenV2.sol#453) shadows:
- ERC20.name() (src/contracts/AaveTokenV2.sol#462-464) (function)
ERC20.constructor(string,string).symbol (src/contracts/AaveTokenV2.sol#453) shadows:
- ERC20.symbol() (src/contracts/AaveTokenV2.sol#470-472) (function)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#local-variable-shadowing
INFO:Detectors:
Reentrancy in AaveTokenV2.initialize(address[],uint256[],address,address,uint256) (src/contracts/AaveTokenV2.sol#1171-1181):
External calls:
- IERC20(tokens[i]).safeTransfer(aaveMerkleDistributor,amounts[i]) (src/contracts/AaveTokenV2.sol#1175)
Event emitted after the call(s):
- TokensRescued(tokens[i],aaveMerkleDistributor,amounts[i]) (src/contracts/AaveTokenV2.sol#1177)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-3
INFO:Detectors:
AaveTokenV2.permit(address,address,uint256,uint256,uint8,bytes32,bytes32) (src/contracts/AaveTokenV2.sol#1194-1218) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(block.timestamp <= deadline,INVALID_EXPIRATION) (src/contracts/AaveTokenV2.sol#1205)
AaveTokenV2.delegateByTypeBySig(address,IGovernancePowerDelegationToken.DelegationType,uint256,uint256,uint8,bytes32,bytes32) (src/contracts/AaveTokenV2.sol#1299-1317) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(block.timestamp <= expiry,INVALID_EXPIRATION) (src/contracts/AaveTokenV2.sol#1315)
AaveTokenV2.delegateBySig(address,uint256,uint256,uint8,bytes32,bytes32) (src/contracts/AaveTokenV2.sol#1328-1344) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(block.timestamp <= expiry,INVALID_EXPIRATION) (src/contracts/AaveTokenV2.sol#1341)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#block-timestamp
INFO:Detectors:
Address.isContract(address) (src/contracts/AaveTokenV2.sol#368-379) uses assembly
- INLINE ASM (src/contracts/AaveTokenV2.sol#375-377)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage
INFO:Detectors:
Address.sendValue(address,uint256) (src/contracts/AaveTokenV2.sol#397-403) is never used and should be removed
Context._msgData() (src/contracts/AaveTokenV2.sol#94-97) is never used and should be removed
ERC20._beforeTokenTransfer(address,address,uint256) (src/contracts/AaveTokenV2.sol#702) is never used and should be removed
ERC20._burn(address,uint256) (src/contracts/AaveTokenV2.sol#646-654) is never used and should be removed
ERC20._mint(address,uint256) (src/contracts/AaveTokenV2.sol#625-633) is never used and should be removed
ERC20._setupDecimals(uint8) (src/contracts/AaveTokenV2.sol#684-686) is never used and should be removed
SafeERC20.safeApprove(IERC20,address,uint256) (src/contracts/AaveTokenV2.sol#745-755) is never used and should be removed
SafeERC20.safeTransferFrom(IERC20,address,address,uint256) (src/contracts/AaveTokenV2.sol#736-743) is never used and should be removed
SafeMath.div(uint256,uint256) (src/contracts/AaveTokenV2.sol#280-282) is never used and should be removed
SafeMath.div(uint256,uint256,string) (src/contracts/AaveTokenV2.sol#295-306) is never used and should be removed
SafeMath.mod(uint256,uint256) (src/contracts/AaveTokenV2.sol#319-321) is never used and should be removed
SafeMath.mod(uint256,uint256,string) (src/contracts/AaveTokenV2.sol#334-341) is never used and should be removed
SafeMath.mul(uint256,uint256) (src/contracts/AaveTokenV2.sol#255-267) is never used and should be removed
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dead-code
INFO:Detectors:
Low level call in Address.sendValue(address,uint256) (src/contracts/AaveTokenV2.sol#397-403):
- (success) = recipient.call{value: amount}() (src/contracts/AaveTokenV2.sol#401)
Low level call in SafeERC20.callOptionalReturn(IERC20,bytes) (src/contracts/AaveTokenV2.sol#757-769):
- (success,returndata) = address(token).call(data) (src/contracts/AaveTokenV2.sol#761)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls
INFO:Detectors:
Variable ERC20._name (src/contracts/AaveTokenV2.sol#440) is not in mixedCase
Variable ERC20._symbol (src/contracts/AaveTokenV2.sol#441) is not in mixedCase
Variable VersionedInitializable.______gap (src/contracts/AaveTokenV2.sol#809) is not in mixedCase
Variable AaveTokenV2._nonces (src/contracts/AaveTokenV2.sol#1135) is not in mixedCase
Variable AaveTokenV2._votingSnapshots (src/contracts/AaveTokenV2.sol#1137) is not in mixedCase
Variable AaveTokenV2._votingSnapshotsCounts (src/contracts/AaveTokenV2.sol#1139) is not in mixedCase
Variable AaveTokenV2._aaveGovernance (src/contracts/AaveTokenV2.sol#1144) is not in mixedCase
Variable AaveTokenV2.DOMAIN_SEPARATOR (src/contracts/AaveTokenV2.sol#1146) is not in mixedCase
Variable AaveTokenV2._votingDelegates (src/contracts/AaveTokenV2.sol#1155) is not in mixedCase
Variable AaveTokenV2._propositionPowerSnapshots (src/contracts/AaveTokenV2.sol#1157) is not in mixedCase
Variable AaveTokenV2._propositionPowerSnapshotsCounts (src/contracts/AaveTokenV2.sol#1158) is not in mixedCase
Variable AaveTokenV2._propositionPowerDelegates (src/contracts/AaveTokenV2.sol#1160) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
INFO:Detectors:
Redundant expression "this (src/contracts/AaveTokenV2.sol#95)" inContext (src/contracts/AaveTokenV2.sol#89-98)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#redundant-statements
INFO:Detectors:
AaveTokenV2.DECIMALS (src/contracts/AaveTokenV2.sol#1130) is never used in AaveTokenV2 (src/contracts/AaveTokenV2.sol#1124-1346)
AaveTokenV2.EIP712_DOMAIN (src/contracts/AaveTokenV2.sol#1148-1150) is never used in AaveTokenV2 (src/contracts/AaveTokenV2.sol#1124-1346)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unused-state-variable
INFO:Slither:0x96f68837877fd0414b55050c9e794aecdbcfca59 analyzed (11 contracts with 82 detectors), 45 result(s) found
Slither report for StakedAaveV3 at `0xAa9FAa887bce5182C39F68Ac46C43F36723C395b`
'solc --standard-json --allow-paths /home/runner/work/seatbelt-for-ghosts/seatbelt-for-ghosts/crytic-export/etherscan-contracts/0xaa9faa887bce5182c39f68ac46c43f36723c395b-StakedAaveV3' running
Warning: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
--> src/utils/RoleManager.sol
Warning: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
--> src/lib/GovernancePowerDelegationERC20.sol:278:5:
|
278 | uint128 oldValue,
| ^^^^^^^^^^^^^^^^
ERROR:ContractSolcParsing:Missing function Variable not found: _searchByBlockNumber(mapping(address (context StakedAaveV3)
INFO:Detectors:
Reentrancy in StakedTokenV3._claimRewardsAndStakeOnBehalf(address,address,uint256) (src/contracts/StakedTokenV3.sol#413-435):
External calls:
- _claimRewards(from,address(this),amountToClaim) (src/contracts/StakedTokenV3.sol#430)
- returndata = address(token).functionCall(data,SafeERC20: low-level call failed) (src/lib/SafeERC20.sol#119-122)
- (success,returndata) = target.call{value: value}(data) (src/lib/Address.sol#135)
- REWARD_TOKEN.safeTransferFrom(REWARDS_VAULT,to,amountToClaim) (src/contracts/StakedTokenV3.sol#401)
- _stake(address(this),to,amountToClaim) (src/contracts/StakedTokenV3.sol#431)
- returndata = address(token).functionCall(data,SafeERC20: low-level call failed) (src/lib/SafeERC20.sol#119-122)
- (success,returndata) = target.call{value: value}(data) (src/lib/Address.sol#135)
- STAKED_TOKEN.safeTransferFrom(from,address(this),amount) (src/contracts/StakedTokenV3.sol#466)
External calls sending eth:
- _claimRewards(from,address(this),amountToClaim) (src/contracts/StakedTokenV3.sol#430)
- (success,returndata) = target.call{value: value}(data) (src/lib/Address.sol#135)
- _stake(address(this),to,amountToClaim) (src/contracts/StakedTokenV3.sol#431)
- (success,returndata) = target.call{value: value}(data) (src/lib/Address.sol#135)
State variables written after the call(s):
- _stake(address(this),to,amountToClaim) (src/contracts/StakedTokenV3.sol#431)
- _balances[account] += amount (src/lib/ERC20.sol#263)
ERC20._balances (src/lib/ERC20.sol#35) can be used in cross function reentrancies:
- ERC20._burn(address,uint256) (src/lib/ERC20.sol#281-297)
- ERC20._mint(address,uint256) (src/lib/ERC20.sol#255-268)
- ERC20._transfer(address,address,uint256) (src/lib/ERC20.sol#222-244)
- ERC20.balanceOf(address) (src/lib/ERC20.sol#97-99)
- _stake(address(this),to,amountToClaim) (src/contracts/StakedTokenV3.sol#431)
- _totalSupply += amount (src/lib/ERC20.sol#260)
ERC20._totalSupply (src/lib/ERC20.sol#39) can be used in cross function reentrancies:
- ERC20._burn(address,uint256) (src/lib/ERC20.sol#281-297)
- ERC20._mint(address,uint256) (src/lib/ERC20.sol#255-268)
- ERC20.totalSupply() (src/lib/ERC20.sol#90-92)
- _stake(address(this),to,amountToClaim) (src/contracts/StakedTokenV3.sol#431)
- assetData.users[user] = newIndex (src/contracts/AaveDistributionManager.sol#128)
AaveDistributionManager.assets (src/contracts/AaveDistributionManager.sol#25) can be used in cross function reentrancies:
- AaveDistributionManager._configureAssets(DistributionTypes.AssetConfigInput[]) (src/contracts/AaveDistributionManager.sol#44-65)
- AaveDistributionManager._getUnclaimedRewards(address,DistributionTypes.UserStakeInput[]) (src/contracts/AaveDistributionManager.sol#167-191)
- AaveDistributionManager._updateUserAssetInternal(address,address,uint256,uint256) (src/contracts/AaveDistributionManager.sol#111-133)
- AaveDistributionManager.assets (src/contracts/AaveDistributionManager.sol#25)
- AaveDistributionManager.getUserAssetData(address,address) (src/contracts/AaveDistributionManager.sol#248-254)
- _stake(address(this),to,amountToClaim) (src/contracts/StakedTokenV3.sol#431)
- stakerRewardsToClaim[to] = stakerRewardsToClaim[to] + accruedRewards (src/contracts/StakedTokenV3.sol#460)
StakedTokenV2.stakerRewardsToClaim (src/contracts/StakedTokenV2.sol#37) can be used in cross function reentrancies:
- StakedTokenV3._claimRewards(address,address,uint256) (src/contracts/StakedTokenV3.sol#383-404)
- StakedTokenV3._stake(address,address,uint256) (src/contracts/StakedTokenV3.sol#442-471)
- StakedTokenV2._updateCurrentUnclaimedRewards(address,uint256,bool) (src/contracts/StakedTokenV2.sol#222-243)
- StakedTokenV2.getTotalRewardsBalance(address) (src/contracts/StakedTokenV2.sol#91-106)
- StakedTokenV2.stakerRewardsToClaim (src/contracts/StakedTokenV2.sol#37)
Reentrancy in StakedTokenV3.claimRewardsAndRedeem(address,uint256,uint256) (src/contracts/StakedTokenV3.sol#235-242):
External calls:
- _claimRewards(msg.sender,to,claimAmount) (src/contracts/StakedTokenV3.sol#240)
- returndata = address(token).functionCall(data,SafeERC20: low-level call failed) (src/lib/SafeERC20.sol#119-122)
- (success,returndata) = target.call{value: value}(data) (src/lib/Address.sol#135)
- REWARD_TOKEN.safeTransferFrom(REWARDS_VAULT,to,amountToClaim) (src/contracts/StakedTokenV3.sol#401)
- _redeem(msg.sender,to,redeemAmount) (src/contracts/StakedTokenV3.sol#241)
- returndata = address(token).functionCall(data,SafeERC20: low-level call failed) (src/lib/SafeERC20.sol#119-122)
- (success,returndata) = target.call{value: value}(data) (src/lib/Address.sol#135)
- IERC20(STAKED_TOKEN).safeTransfer(to,underlyingToRedeem) (src/contracts/StakedTokenV3.sol#523)
External calls sending eth:
- _claimRewards(msg.sender,to,claimAmount) (src/contracts/StakedTokenV3.sol#240)
- (success,returndata) = target.call{value: value}(data) (src/lib/Address.sol#135)
- _redeem(msg.sender,to,redeemAmount) (src/contracts/StakedTokenV3.sol#241)
- (success,returndata) = target.call{value: value}(data) (src/lib/Address.sol#135)
State variables written after the call(s):
- _redeem(msg.sender,to,redeemAmount) (src/contracts/StakedTokenV3.sol#241)
- _balances[account] = accountBalance - amount (src/lib/ERC20.sol#289)
ERC20._balances (src/lib/ERC20.sol#35) can be used in cross function reentrancies:
- ERC20._burn(address,uint256) (src/lib/ERC20.sol#281-297)
- ERC20._mint(address,uint256) (src/lib/ERC20.sol#255-268)
- ERC20._transfer(address,address,uint256) (src/lib/ERC20.sol#222-244)
- ERC20.balanceOf(address) (src/lib/ERC20.sol#97-99)
- _redeem(msg.sender,to,redeemAmount) (src/contracts/StakedTokenV3.sol#241)
- _totalSupply -= amount (src/lib/ERC20.sol#291)
ERC20._totalSupply (src/lib/ERC20.sol#39) can be used in cross function reentrancies:
- ERC20._burn(address,uint256) (src/lib/ERC20.sol#281-297)
- ERC20._mint(address,uint256) (src/lib/ERC20.sol#255-268)
- ERC20.totalSupply() (src/lib/ERC20.sol#90-92)
- _redeem(msg.sender,to,redeemAmount) (src/contracts/StakedTokenV3.sol#241)
- assetData.users[user] = newIndex (src/contracts/AaveDistributionManager.sol#128)
AaveDistributionManager.assets (src/contracts/AaveDistributionManager.sol#25) can be used in cross function reentrancies:
- AaveDistributionManager._configureAssets(DistributionTypes.AssetConfigInput[]) (src/contracts/AaveDistributionManager.sol#44-65)
- AaveDistributionManager._getUnclaimedRewards(address,DistributionTypes.UserStakeInput[]) (src/contracts/AaveDistributionManager.sol#167-191)
- AaveDistributionManager._updateUserAssetInternal(address,address,uint256,uint256) (src/contracts/AaveDistributionManager.sol#111-133)
- AaveDistributionManager.assets (src/contracts/AaveDistributionManager.sol#25)
- AaveDistributionManager.getUserAssetData(address,address) (src/contracts/AaveDistributionManager.sol#248-254)
- _redeem(msg.sender,to,redeemAmount) (src/contracts/StakedTokenV3.sol#241)
- stakerRewardsToClaim[user] = unclaimedRewards (src/contracts/StakedTokenV2.sol#237)
StakedTokenV2.stakerRewardsToClaim (src/contracts/StakedTokenV2.sol#37) can be used in cross function reentrancies:
- StakedTokenV3._claimRewards(address,address,uint256) (src/contracts/StakedTokenV3.sol#383-404)
- StakedTokenV3._stake(address,address,uint256) (src/contracts/StakedTokenV3.sol#442-471)
- StakedTokenV2._updateCurrentUnclaimedRewards(address,uint256,bool) (src/contracts/StakedTokenV2.sol#222-243)
- StakedTokenV2.getTotalRewardsBalance(address) (src/contracts/StakedTokenV2.sol#91-106)
- StakedTokenV2.stakerRewardsToClaim (src/contracts/StakedTokenV2.sol#37)
Reentrancy in StakedTokenV3.claimRewardsAndRedeemOnBehalf(address,address,uint256,uint256) (src/contracts/StakedTokenV3.sol#245-253):
External calls:
- _claimRewards(from,to,claimAmount) (src/contracts/StakedTokenV3.sol#251)
- returndata = address(token).functionCall(data,SafeERC20: low-level call failed) (src/lib/SafeERC20.sol#119-122)
- (success,returndata) = target.call{value: value}(data) (src/lib/Address.sol#135)
- REWARD_TOKEN.safeTransferFrom(REWARDS_VAULT,to,amountToClaim) (src/contracts/StakedTokenV3.sol#401)
- _redeem(from,to,redeemAmount) (src/contracts/StakedTokenV3.sol#252)
- returndata = address(token).functionCall(data,SafeERC20: low-level call failed) (src/lib/SafeERC20.sol#119-122)
- (success,returndata) = target.call{value: value}(data) (src/lib/Address.sol#135)
- IERC20(STAKED_TOKEN).safeTransfer(to,underlyingToRedeem) (src/contracts/StakedTokenV3.sol#523)
External calls sending eth:
- _claimRewards(from,to,claimAmount) (src/contracts/StakedTokenV3.sol#251)
- (success,returndata) = target.call{value: value}(data) (src/lib/Address.sol#135)
- _redeem(from,to,redeemAmount) (src/contracts/StakedTokenV3.sol#252)
- (success,returndata) = target.call{value: value}(data) (src/lib/Address.sol#135)
State variables written after the call(s):
- _redeem(from,to,redeemAmount) (src/contracts/StakedTokenV3.sol#252)
- _balances[account] = accountBalance - amount (src/lib/ERC20.sol#289)
ERC20._balances (src/lib/ERC20.sol#35) can be used in cross function reentrancies:
- ERC20._burn(address,uint256) (src/lib/ERC20.sol#281-297)
- ERC20._mint(address,uint256) (src/lib/ERC20.sol#255-268)
- ERC20._transfer(address,address,uint256) (src/lib/ERC20.sol#222-244)
- ERC20.balanceOf(address) (src/lib/ERC20.sol#97-99)
- _redeem(from,to,redeemAmount) (src/contracts/StakedTokenV3.sol#252)
- _totalSupply -= amount (src/lib/ERC20.sol#291)
ERC20._totalSupply (src/lib/ERC20.sol#39) can be used in cross function reentrancies:
- ERC20._burn(address,uint256) (src/lib/ERC20.sol#281-297)
- ERC20._mint(address,uint256) (src/lib/ERC20.sol#255-268)
- ERC20.totalSupply() (src/lib/ERC20.sol#90-92)
- _redeem(from,to,redeemAmount) (src/contracts/StakedTokenV3.sol#252)
- assetData.users[user] = newIndex (src/contracts/AaveDistributionManager.sol#128)
AaveDistributionManager.assets (src/contracts/AaveDistributionManager.sol#25) can be used in cross function reentrancies:
- AaveDistributionManager._configureAssets(DistributionTypes.AssetConfigInput[]) (src/contracts/AaveDistributionManager.sol#44-65)
- AaveDistributionManager._getUnclaimedRewards(address,DistributionTypes.UserStakeInput[]) (src/contracts/AaveDistributionManager.sol#167-191)
- AaveDistributionManager._updateUserAssetInternal(address,address,uint256,uint256) (src/contracts/AaveDistributionManager.sol#111-133)
- AaveDistributionManager.assets (src/contracts/AaveDistributionManager.sol#25)
- AaveDistributionManager.getUserAssetData(address,address) (src/contracts/AaveDistributionManager.sol#248-254)
- _redeem(from,to,redeemAmount) (src/contracts/StakedTokenV3.sol#252)
- stakerRewardsToClaim[user] = unclaimedRewards (src/contracts/StakedTokenV2.sol#237)
StakedTokenV2.stakerRewardsToClaim (src/contracts/StakedTokenV2.sol#37) can be used in cross function reentrancies:
- StakedTokenV3._claimRewards(address,address,uint256) (src/contracts/StakedTokenV3.sol#383-404)
- StakedTokenV3._stake(address,address,uint256) (src/contracts/StakedTokenV3.sol#442-471)
- StakedTokenV2._updateCurrentUnclaimedRewards(address,uint256,bool) (src/contracts/StakedTokenV2.sol#222-243)
- StakedTokenV2.getTotalRewardsBalance(address) (src/contracts/StakedTokenV2.sol#91-106)
- StakedTokenV2.stakerRewardsToClaim (src/contracts/StakedTokenV2.sol#37)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities
INFO:Detectors:
StakedTokenV3.______gap (src/contracts/StakedTokenV3.sol#42) shadows:
- VersionedInitializable.______gap (src/utils/VersionedInitializable.sol#44)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#state-variable-shadowing
INFO:Detectors:
StakedTokenV2._votingDelegates (src/contracts/StakedTokenV2.sol#43) is never initialized. It is used in:
- StakedAaveV3._beforeTokenTransfer(address,address,uint256) (src/contracts/StakedAaveV3.sol#146-196)
StakedTokenV2._propositionPowerDelegates (src/contracts/StakedTokenV2.sol#48) is never initialized. It is used in:
- StakedAaveV3._beforeTokenTransfer(address,address,uint256) (src/contracts/StakedAaveV3.sol#146-196)
StakedAaveV3._exchangeRateSnapshotsCount (src/contracts/StakedAaveV3.sol#21) is never initialized. It is used in:
- StakedAaveV3.getExchangeRateSnapshotsCount() (src/contracts/StakedAaveV3.sol#124-126)
StakedAaveV3._exchangeRateSnapshots (src/contracts/StakedAaveV3.sol#23) is never initialized. It is used in:
- StakedAaveV3.getExchangeRateSnapshot(uint32) (src/contracts/StakedAaveV3.sol#129-135)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#uninitialized-state-variables
INFO:Detectors:
Reentrancy in StakedTokenV3._stake(address,address,uint256) (src/contracts/StakedTokenV3.sol#442-471):
External calls:
- STAKED_TOKEN.safeTransferFrom(from,address(this),amount) (src/contracts/StakedTokenV3.sol#466)
State variables written after the call(s):
- _mint(to,sharesToMint) (src/contracts/StakedTokenV3.sol#468)
- _balances[account] += amount (src/lib/ERC20.sol#263)
ERC20._balances (src/lib/ERC20.sol#35) can be used in cross function reentrancies:
- ERC20._burn(address,uint256) (src/lib/ERC20.sol#281-297)
- ERC20._mint(address,uint256) (src/lib/ERC20.sol#255-268)
- ERC20._transfer(address,address,uint256) (src/lib/ERC20.sol#222-244)
- ERC20.balanceOf(address) (src/lib/ERC20.sol#97-99)
- _mint(to,sharesToMint) (src/contracts/StakedTokenV3.sol#468)
- _totalSupply += amount (src/lib/ERC20.sol#260)
ERC20._totalSupply (src/lib/ERC20.sol#39) can be used in cross function reentrancies:
- ERC20._burn(address,uint256) (src/lib/ERC20.sol#281-297)
- ERC20._mint(address,uint256) (src/lib/ERC20.sol#255-268)
- ERC20.totalSupply() (src/lib/ERC20.sol#90-92)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-1
INFO:Detectors:
StakedAaveV3.initialize(address,address,address,uint256,uint256) (src/contracts/StakedAaveV3.sol#56-73) ignores return value by STAKED_TOKEN.approve(address(this),type()(uint256).max) (src/contracts/StakedAaveV3.sol#72)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unused-return
INFO:Detectors:
StakedTokenV3.constructor(IERC20,IERC20,uint256,address,address,uint128).decimals (src/contracts/StakedTokenV3.sol#95) shadows:
- ERC20.decimals() (src/lib/ERC20.sol#83-85) (function)
- IERC20Metadata.decimals() (src/interfaces/IERC20Metadata.sol#27) (function)
StakedTokenV3.previewStake(uint256).assets (src/contracts/StakedTokenV3.sol#167) shadows:
- AaveDistributionManager.assets (src/contracts/AaveDistributionManager.sol#25) (state variable)
StakedTokenV3.returnFunds(uint256).assets (src/contracts/StakedTokenV3.sol#303) shadows:
- AaveDistributionManager.assets (src/contracts/AaveDistributionManager.sol#25) (state variable)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#local-variable-shadowing
INFO:Detectors:
Reentrancy in StakedTokenV3._claimRewards(address,address,uint256) (src/contracts/StakedTokenV3.sol#383-404):
External calls:
- REWARD_TOKEN.safeTransferFrom(REWARDS_VAULT,to,amountToClaim) (src/contracts/StakedTokenV3.sol#401)
Event emitted after the call(s):
- RewardsClaimed(from,to,amountToClaim) (src/contracts/StakedTokenV3.sol#402)
Reentrancy in StakedTokenV3._claimRewardsAndStakeOnBehalf(address,address,uint256) (src/contracts/StakedTokenV3.sol#413-435):
External calls:
- _claimRewards(from,address(this),amountToClaim) (src/contracts/StakedTokenV3.sol#430)
- returndata = address(token).functionCall(data,SafeERC20: low-level call failed) (src/lib/SafeERC20.sol#119-122)
- (success,returndata) = target.call{value: value}(data) (src/lib/Address.sol#135)
- REWARD_TOKEN.safeTransferFrom(REWARDS_VAULT,to,amountToClaim) (src/contracts/StakedTokenV3.sol#401)
- _stake(address(this),to,amountToClaim) (src/contracts/StakedTokenV3.sol#431)
- returndata = address(token).functionCall(data,SafeERC20: low-level call failed) (src/lib/SafeERC20.sol#119-122)
- (success,returndata) = target.call{value: value}(data) (src/lib/Address.sol#135)
- STAKED_TOKEN.safeTransferFrom(from,address(this),amount) (src/contracts/StakedTokenV3.sol#466)
External calls sending eth:
- _claimRewards(from,address(this),amountToClaim) (src/contracts/StakedTokenV3.sol#430)
- (success,returndata) = target.call{value: value}(data) (src/lib/Address.sol#135)
- _stake(address(this),to,amountToClaim) (src/contracts/StakedTokenV3.sol#431)
- (success,returndata) = target.call{value: value}(data) (src/lib/Address.sol#135)
Event emitted after the call(s):
- AssetIndexUpdated(underlyingAsset,newIndex) (src/contracts/AaveDistributionManager.sol#95)
- _stake(address(this),to,amountToClaim) (src/contracts/StakedTokenV3.sol#431)
- RewardsAccrued(to,accruedRewards) (src/contracts/StakedTokenV3.sol#461)
- _stake(address(this),to,amountToClaim) (src/contracts/StakedTokenV3.sol#431)
- Staked(from,to,amount,sharesToMint) (src/contracts/StakedTokenV3.sol#470)
- _stake(address(this),to,amountToClaim) (src/contracts/StakedTokenV3.sol#431)
- Transfer(address(0),account,amount) (src/lib/ERC20.sol#265)
- _stake(address(this),to,amountToClaim) (src/contracts/StakedTokenV3.sol#431)
- UserIndexUpdated(user,asset,newIndex) (src/contracts/AaveDistributionManager.sol#129)
- _stake(address(this),to,amountToClaim) (src/contracts/StakedTokenV3.sol#431)
Reentrancy in StakedTokenV3._redeem(address,address,uint256) (src/contracts/StakedTokenV3.sol#479-526):
External calls:
- IERC20(STAKED_TOKEN).safeTransfer(to,underlyingToRedeem) (src/contracts/StakedTokenV3.sol#523)
Event emitted after the call(s):
- Redeem(from,to,underlyingToRedeem,amountToRedeem) (src/contracts/StakedTokenV3.sol#525)
Reentrancy in StakedTokenV3._stake(address,address,uint256) (src/contracts/StakedTokenV3.sol#442-471):
External calls:
- STAKED_TOKEN.safeTransferFrom(from,address(this),amount) (src/contracts/StakedTokenV3.sol#466)
Event emitted after the call(s):
- Staked(from,to,amount,sharesToMint) (src/contracts/StakedTokenV3.sol#470)
- Transfer(address(0),account,amount) (src/lib/ERC20.sol#265)
- _mint(to,sharesToMint) (src/contracts/StakedTokenV3.sol#468)
Reentrancy in StakedTokenV3.claimRewardsAndRedeem(address,uint256,uint256) (src/contracts/StakedTokenV3.sol#235-242):
External calls:
- _claimRewards(msg.sender,to,claimAmount) (src/contracts/StakedTokenV3.sol#240)
- returndata = address(token).functionCall(data,SafeERC20: low-level call failed) (src/lib/SafeERC20.sol#119-122)
- (success,returndata) = target.call{value: value}(data) (src/lib/Address.sol#135)
- REWARD_TOKEN.safeTransferFrom(REWARDS_VAULT,to,amountToClaim) (src/contracts/StakedTokenV3.sol#401)
- _redeem(msg.sender,to,redeemAmount) (src/contracts/StakedTokenV3.sol#241)
- returndata = address(token).functionCall(data,SafeERC20: low-level call failed) (src/lib/SafeERC20.sol#119-122)
- (success,returndata) = target.call{value: value}(data) (src/lib/Address.sol#135)
- IERC20(STAKED_TOKEN).safeTransfer(to,underlyingToRedeem) (src/contracts/StakedTokenV3.sol#523)
External calls sending eth:
- _claimRewards(msg.sender,to,claimAmount) (src/contracts/StakedTokenV3.sol#240)
- (success,returndata) = target.call{value: value}(data) (src/lib/Address.sol#135)
- _redeem(msg.sender,to,redeemAmount) (src/contracts/StakedTokenV3.sol#241)
- (success,returndata) = target.call{value: value}(data) (src/lib/Address.sol#135)
Event emitted after the call(s):
- AssetIndexUpdated(underlyingAsset,newIndex) (src/contracts/AaveDistributionManager.sol#95)
- _redeem(msg.sender,to,redeemAmount) (src/contracts/StakedTokenV3.sol#241)
- Redeem(from,to,underlyingToRedeem,amountToRedeem) (src/contracts/StakedTokenV3.sol#525)
- _redeem(msg.sender,to,redeemAmount) (src/contracts/StakedTokenV3.sol#241)
- RewardsAccrued(user,accruedRewards) (src/contracts/StakedTokenV2.sol#239)
- _redeem(msg.sender,to,redeemAmount) (src/contracts/StakedTokenV3.sol#241)
- Transfer(account,address(0),amount) (src/lib/ERC20.sol#294)
- _redeem(msg.sender,to,redeemAmount) (src/contracts/StakedTokenV3.sol#241)
- UserIndexUpdated(user,asset,newIndex) (src/contracts/AaveDistributionManager.sol#129)
- _redeem(msg.sender,to,redeemAmount) (src/contracts/StakedTokenV3.sol#241)
Reentrancy in StakedTokenV3.claimRewardsAndRedeemOnBehalf(address,address,uint256,uint256) (src/contracts/StakedTokenV3.sol#245-253):
External calls:
- _claimRewards(from,to,claimAmount) (src/contracts/StakedTokenV3.sol#251)
- returndata = address(token).functionCall(data,SafeERC20: low-level call failed) (src/lib/SafeERC20.sol#119-122)
- (success,returndata) = target.call{value: value}(data) (src/lib/Address.sol#135)
- REWARD_TOKEN.safeTransferFrom(REWARDS_VAULT,to,amountToClaim) (src/contracts/StakedTokenV3.sol#401)
- _redeem(from,to,redeemAmount) (src/contracts/StakedTokenV3.sol#252)
- returndata = address(token).functionCall(data,SafeERC20: low-level call failed) (src/lib/SafeERC20.sol#119-122)
- (success,returndata) = target.call{value: value}(data) (src/lib/Address.sol#135)
- IERC20(STAKED_TOKEN).safeTransfer(to,underlyingToRedeem) (src/contracts/StakedTokenV3.sol#523)
External calls sending eth:
- _claimRewards(from,to,claimAmount) (src/contracts/StakedTokenV3.sol#251)
- (success,returndata) = target.call{value: value}(data) (src/lib/Address.sol#135)
- _redeem(from,to,redeemAmount) (src/contracts/StakedTokenV3.sol#252)
- (success,returndata) = target.call{value: value}(data) (src/lib/Address.sol#135)
Event emitted after the call(s):
- AssetIndexUpdated(underlyingAsset,newIndex) (src/contracts/AaveDistributionManager.sol#95)
- _redeem(from,to,redeemAmount) (src/contracts/StakedTokenV3.sol#252)
- Redeem(from,to,underlyingToRedeem,amountToRedeem) (src/contracts/StakedTokenV3.sol#525)
- _redeem(from,to,redeemAmount) (src/contracts/StakedTokenV3.sol#252)
- RewardsAccrued(user,accruedRewards) (src/contracts/StakedTokenV2.sol#239)
- _redeem(from,to,redeemAmount) (src/contracts/StakedTokenV3.sol#252)
- Transfer(account,address(0),amount) (src/lib/ERC20.sol#294)
- _redeem(from,to,redeemAmount) (src/contracts/StakedTokenV3.sol#252)
- UserIndexUpdated(user,asset,newIndex) (src/contracts/AaveDistributionManager.sol#129)
- _redeem(from,to,redeemAmount) (src/contracts/StakedTokenV3.sol#252)
Reentrancy in StakedTokenV3.returnFunds(uint256) (src/contracts/StakedTokenV3.sol#299-308):
External calls:
- STAKED_TOKEN.safeTransferFrom(msg.sender,address(this),amount) (src/contracts/StakedTokenV3.sol#306)
Event emitted after the call(s):
- FundsReturned(amount) (src/contracts/StakedTokenV3.sol#307)
Reentrancy in StakedTokenV3.slash(address,uint256) (src/contracts/StakedTokenV3.sol#271-296):
External calls:
- STAKED_TOKEN.safeTransfer(destination,amount) (src/contracts/StakedTokenV3.sol#292)
Event emitted after the call(s):
- Slashed(destination,amount) (src/contracts/StakedTokenV3.sol#294)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-3
INFO:Detectors:
AaveDistributionManager._updateAssetStateInternal(address,AaveDistributionManager.AssetData,uint256) (src/contracts/AaveDistributionManager.sol#74-101) uses timestamp for comparisons
Dangerous comparisons:
- block.timestamp == lastUpdateTimestamp (src/contracts/AaveDistributionManager.sol#82)
- newIndex != oldIndex (src/contracts/AaveDistributionManager.sol#93)
AaveDistributionManager._updateUserAssetInternal(address,address,uint256,uint256) (src/contracts/AaveDistributionManager.sol#111-133) uses timestamp for comparisons
Dangerous comparisons:
- userIndex != newIndex (src/contracts/AaveDistributionManager.sol#123)
AaveDistributionManager._getAssetIndex(uint256,uint256,uint128,uint256) (src/contracts/AaveDistributionManager.sol#218-240) uses timestamp for comparisons
Dangerous comparisons:
- emissionPerSecond == 0 || totalBalance == 0 || lastUpdateTimestamp == block.timestamp || lastUpdateTimestamp >= DISTRIBUTION_END (src/contracts/AaveDistributionManager.sol#225-228)
- block.timestamp > DISTRIBUTION_END (src/contracts/AaveDistributionManager.sol#233-235)
StakedTokenV2.permit(address,address,uint256,uint256,uint8,bytes32,bytes32) (src/contracts/StakedTokenV2.sol#109-144) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(block.timestamp <= deadline,INVALID_EXPIRATION) (src/contracts/StakedTokenV2.sol#120)
StakedTokenV2.delegateByTypeBySig(address,IGovernancePowerDelegationToken.DelegationType,uint256,uint256,uint8,bytes32,bytes32) (src/contracts/StakedTokenV2.sol#156-182) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(block.timestamp <= expiry,INVALID_EXPIRATION) (src/contracts/StakedTokenV2.sol#180)
StakedTokenV2.delegateBySig(address,uint256,uint256,uint8,bytes32,bytes32) (src/contracts/StakedTokenV2.sol#193-213) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(block.timestamp <= expiry,INVALID_EXPIRATION) (src/contracts/StakedTokenV2.sol#210)
StakedTokenV2._updateCurrentUnclaimedRewards(address,uint256,bool) (src/contracts/StakedTokenV2.sol#222-243) uses timestamp for comparisons
Dangerous comparisons:
- accruedRewards != 0 (src/contracts/StakedTokenV2.sol#235)
StakedTokenV3._cooldown(address) (src/contracts/StakedTokenV3.sol#189-198) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(amount != 0,INVALID_BALANCE_ON_COOLDOWN) (src/contracts/StakedTokenV3.sol#191)
StakedTokenV3.slash(address,uint256) (src/contracts/StakedTokenV3.sol#271-296) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(amount > 0,ZERO_AMOUNT) (src/contracts/StakedTokenV3.sol#278)
- amount > maxSlashable (src/contracts/StakedTokenV3.sol#284)
- require(bool,string)(balance - amount >= LOWER_BOUND,REMAINING_LT_MINIMUM) (src/contracts/StakedTokenV3.sol#287)
StakedTokenV3.returnFunds(uint256) (src/contracts/StakedTokenV3.sol#299-308) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(currentShares >= LOWER_BOUND,SHARES_LT_MINIMUM) (src/contracts/StakedTokenV3.sol#302)
StakedTokenV3._claimRewards(address,address,uint256) (src/contracts/StakedTokenV3.sol#383-404) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(amount != 0,INVALID_ZERO_AMOUNT) (src/contracts/StakedTokenV3.sol#388)
- require(bool,string)(amountToClaim != 0,INVALID_ZERO_AMOUNT) (src/contracts/StakedTokenV3.sol#398)
- (amount > newTotalRewards) (src/contracts/StakedTokenV3.sol#395-397)
StakedTokenV3._claimRewardsAndStakeOnBehalf(address,address,uint256) (src/contracts/StakedTokenV3.sol#413-435) uses timestamp for comparisons
Dangerous comparisons:
- amountToClaim != 0 (src/contracts/StakedTokenV3.sol#429)
- (amount > userUpdatedRewards) (src/contracts/StakedTokenV3.sol#425-427)
StakedTokenV3._stake(address,address,uint256) (src/contracts/StakedTokenV3.sol#442-471) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(amount != 0,INVALID_ZERO_AMOUNT) (src/contracts/StakedTokenV3.sol#448)
- accruedRewards != 0 (src/contracts/StakedTokenV3.sol#459)
StakedTokenV3._redeem(address,address,uint256) (src/contracts/StakedTokenV3.sol#479-526) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)((block.timestamp > cooldownSnapshot.timestamp + _cooldownSeconds),INSUFFICIENT_COOLDOWN) (src/contracts/StakedTokenV3.sol#488-491)
- require(bool,string)((block.timestamp - (cooldownSnapshot.timestamp + _cooldownSeconds) <= UNSTAKE_WINDOW),UNSTAKE_WINDOW_FINISHED) (src/contracts/StakedTokenV3.sol#492-496)
- require(bool,string)(maxRedeemable != 0,INVALID_ZERO_MAX_REDEEMABLE) (src/contracts/StakedTokenV3.sol#503)
- cooldownSnapshot.timestamp != 0 (src/contracts/StakedTokenV3.sol#513)
- cooldownSnapshot.amount - amountToRedeem == 0 (src/contracts/StakedTokenV3.sol#514)
- (amount > maxRedeemable) (src/contracts/StakedTokenV3.sol#505)
StakedTokenV3._updateExchangeRate(uint216) (src/contracts/StakedTokenV3.sol#532-536) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(newExchangeRate != 0,ZERO_EXCHANGE_RATE) (src/contracts/StakedTokenV3.sol#533)
StakedTokenV3._transfer(address,address,uint256) (src/contracts/StakedTokenV3.sol#555-581) uses timestamp for comparisons
Dangerous comparisons:
- balanceOfFrom == amount (src/contracts/StakedTokenV3.sol#572)
- balanceOfFrom - amount < previousSenderCooldown.amount (src/contracts/StakedTokenV3.sol#574)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#block-timestamp
INFO:Detectors:
Address._revert(bytes,string) (src/lib/Address.sol#231-243) uses assembly
- INLINE ASM (src/lib/Address.sol#236-239)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage
INFO:Detectors:
AaveDistributionManager._claimRewards(address,DistributionTypes.UserStakeInput[]) (src/contracts/AaveDistributionManager.sol#141-159) is never used and should be removed
AaveDistributionManager._configureAssets(DistributionTypes.AssetConfigInput[]) (src/contracts/AaveDistributionManager.sol#44-65) is never used and should be removed
AaveDistributionManager._getAssetIndex(uint256,uint256,uint128,uint256) (src/contracts/AaveDistributionManager.sol#218-240) is never used and should be removed
AaveDistributionManager._getRewards(uint256,uint256,uint256) (src/contracts/AaveDistributionManager.sol#200-208) is never used and should be removed
AaveDistributionManager._getUnclaimedRewards(address,DistributionTypes.UserStakeInput[]) (src/contracts/AaveDistributionManager.sol#167-191) is never used and should be removed
AaveDistributionManager._updateAssetStateInternal(address,AaveDistributionManager.AssetData,uint256) (src/contracts/AaveDistributionManager.sol#74-101) is never used and should be removed
AaveDistributionManager._updateUserAssetInternal(address,address,uint256,uint256) (src/contracts/AaveDistributionManager.sol#111-133) is never used and should be removed
Address._revert(bytes,string) (src/lib/Address.sol#231-243) is never used and should be removed
Address.functionCall(address,bytes) (src/lib/Address.sol#85-87) is never used and should be removed
Address.functionCall(address,bytes,string) (src/lib/Address.sol#95-101) is never used and should be removed
Address.functionCallWithValue(address,bytes,uint256) (src/lib/Address.sol#114-120) is never used and should be removed
Address.functionCallWithValue(address,bytes,uint256,string) (src/lib/Address.sol#128-137) is never used and should be removed
Address.functionDelegateCall(address,bytes) (src/lib/Address.sol#170-172) is never used and should be removed
Address.functionDelegateCall(address,bytes,string) (src/lib/Address.sol#180-187) is never used and should be removed
Address.functionStaticCall(address,bytes) (src/lib/Address.sol#145-147) is never used and should be removed
Address.functionStaticCall(address,bytes,string) (src/lib/Address.sol#155-162) is never used and should be removed
Address.isContract(address) (src/lib/Address.sol#36-42) is never used and should be removed
Address.sendValue(address,uint256) (src/lib/Address.sol#60-65) is never used and should be removed
Address.verifyCallResult(bool,bytes,string) (src/lib/Address.sol#219-229) is never used and should be removed
Address.verifyCallResultFromTarget(address,bool,bytes,string) (src/lib/Address.sol#195-211) is never used and should be removed
Context._msgData() (src/lib/Context.sol#21-23) is never used and should be removed
Context._msgSender() (src/lib/Context.sol#17-19) is never used and should be removed
ERC20._afterTokenTransfer(address,address,uint256) (src/lib/ERC20.sol#380-384) is never used and should be removed
ERC20._approve(address,address,uint256) (src/lib/ERC20.sol#312-322) is never used and should be removed
ERC20._beforeTokenTransfer(address,address,uint256) (src/lib/ERC20.sol#360-364) is never used and should be removed
ERC20._burn(address,uint256) (src/lib/ERC20.sol#281-297) is never used and should be removed
ERC20._mint(address,uint256) (src/lib/ERC20.sol#255-268) is never used and should be removed
ERC20._spendAllowance(address,address,uint256) (src/lib/ERC20.sol#332-344) is never used and should be removed
ERC20._transfer(address,address,uint256) (src/lib/ERC20.sol#222-244) is never used and should be removed
GovernancePowerDelegationERC20._binarySearch(mapping(uint256 => GovernancePowerDelegationERC20.Snapshot),uint256,uint256) (src/lib/GovernancePowerDelegationERC20.sol#227-249) is never used and should be removed
GovernancePowerDelegationERC20._delegateByType(address,address,IGovernancePowerDelegationToken.DelegationType) (src/lib/GovernancePowerDelegationERC20.sol#115-132) is never used and should be removed
GovernancePowerDelegationERC20._getDelegatee(address,mapping(address => address)) (src/lib/GovernancePowerDelegationERC20.sol#304-316) is never used and should be removed
GovernancePowerDelegationERC20._moveDelegatesByType(address,address,uint256,IGovernancePowerDelegationToken.DelegationType) (src/lib/GovernancePowerDelegationERC20.sol#141-196) is never used and should be removed
GovernancePowerDelegationERC20._searchByBlockNumber(mapping(address => mapping(uint256 => GovernancePowerDelegationERC20.Snapshot)),mapping(address => uint256),address,uint256) (src/lib/GovernancePowerDelegationERC20.sol#205-225) is never used and should be removed
GovernancePowerDelegationERC20._writeSnapshot(mapping(address => mapping(uint256 => GovernancePowerDelegationERC20.Snapshot)),mapping(address => uint256),address,uint128,uint128) (src/lib/GovernancePowerDelegationERC20.sol#274-296) is never used and should be removed
PercentageMath.percentDiv(uint256,uint256) (src/lib/PercentageMath.sol#45-58) is never used and should be removed
PercentageMath.percentMul(uint256,uint256) (src/lib/PercentageMath.sol#22-37) is never used and should be removed
RoleManager._initAdmins(RoleManager.InitAdmin[]) (src/utils/RoleManager.sol#73-83) is never used and should be removed
SafeCast.toInt104(int256) (src/lib/SafeCast.sol#901-904) is never used and should be removed
SafeCast.toInt112(int256) (src/lib/SafeCast.sol#883-886) is never used and should be removed
SafeCast.toInt120(int256) (src/lib/SafeCast.sol#865-868) is never used and should be removed
SafeCast.toInt128(int256) (src/lib/SafeCast.sol#847-850) is never used and should be removed
SafeCast.toInt136(int256) (src/lib/SafeCast.sol#829-832) is never used and should be removed
SafeCast.toInt144(int256) (src/lib/SafeCast.sol#811-814) is never used and should be removed
SafeCast.toInt152(int256) (src/lib/SafeCast.sol#793-796) is never used and should be removed
SafeCast.toInt16(int256) (src/lib/SafeCast.sol#1099-1102) is never used and should be removed
SafeCast.toInt160(int256) (src/lib/SafeCast.sol#775-778) is never used and should be removed
SafeCast.toInt168(int256) (src/lib/SafeCast.sol#757-760) is never used and should be removed
SafeCast.toInt176(int256) (src/lib/SafeCast.sol#739-742) is never used and should be removed
SafeCast.toInt184(int256) (src/lib/SafeCast.sol#721-724) is never used and should be removed
SafeCast.toInt192(int256) (src/lib/SafeCast.sol#703-706) is never used and should be removed
SafeCast.toInt200(int256) (src/lib/SafeCast.sol#685-688) is never used and should be removed
SafeCast.toInt208(int256) (src/lib/SafeCast.sol#667-670) is never used and should be removed
SafeCast.toInt216(int256) (src/lib/SafeCast.sol#649-652) is never used and should be removed
SafeCast.toInt224(int256) (src/lib/SafeCast.sol#631-634) is never used and should be removed
SafeCast.toInt232(int256) (src/lib/SafeCast.sol#613-616) is never used and should be removed
SafeCast.toInt24(int256) (src/lib/SafeCast.sol#1081-1084) is never used and should be removed
SafeCast.toInt240(int256) (src/lib/SafeCast.sol#595-598) is never used and should be removed
SafeCast.toInt248(int256) (src/lib/SafeCast.sol#577-580) is never used and should be removed
SafeCast.toInt256(uint256) (src/lib/SafeCast.sol#1131-1135) is never used and should be removed
SafeCast.toInt32(int256) (src/lib/SafeCast.sol#1063-1066) is never used and should be removed
SafeCast.toInt40(int256) (src/lib/SafeCast.sol#1045-1048) is never used and should be removed
SafeCast.toInt48(int256) (src/lib/SafeCast.sol#1027-1030) is never used and should be removed
SafeCast.toInt56(int256) (src/lib/SafeCast.sol#1009-1012) is never used and should be removed
SafeCast.toInt64(int256) (src/lib/SafeCast.sol#991-994) is never used and should be removed
SafeCast.toInt72(int256) (src/lib/SafeCast.sol#973-976) is never used and should be removed
SafeCast.toInt8(int256) (src/lib/SafeCast.sol#1117-1120) is never used and should be removed
SafeCast.toInt80(int256) (src/lib/SafeCast.sol#955-958) is never used and should be removed
SafeCast.toInt88(int256) (src/lib/SafeCast.sol#937-940) is never used and should be removed
SafeCast.toInt96(int256) (src/lib/SafeCast.sol#919-922) is never used and should be removed
SafeCast.toUint104(uint256) (src/lib/SafeCast.sol#341-344) is never used and should be removed
SafeCast.toUint112(uint256) (src/lib/SafeCast.sol#324-327) is never used and should be removed
SafeCast.toUint120(uint256) (src/lib/SafeCast.sol#307-310) is never used and should be removed
SafeCast.toUint128(uint256) (src/lib/SafeCast.sol#290-293) is never used and should be removed
SafeCast.toUint136(uint256) (src/lib/SafeCast.sol#273-276) is never used and should be removed
SafeCast.toUint144(uint256) (src/lib/SafeCast.sol#256-259) is never used and should be removed
SafeCast.toUint152(uint256) (src/lib/SafeCast.sol#239-242) is never used and should be removed
SafeCast.toUint16(uint256) (src/lib/SafeCast.sol#528-531) is never used and should be removed
SafeCast.toUint160(uint256) (src/lib/SafeCast.sol#222-225) is never used and should be removed
SafeCast.toUint168(uint256) (src/lib/SafeCast.sol#205-208) is never used and should be removed
SafeCast.toUint176(uint256) (src/lib/SafeCast.sol#188-191) is never used and should be removed
SafeCast.toUint184(uint256) (src/lib/SafeCast.sol#171-174) is never used and should be removed
SafeCast.toUint192(uint256) (src/lib/SafeCast.sol#154-157) is never used and should be removed
SafeCast.toUint200(uint256) (src/lib/SafeCast.sol#137-140) is never used and should be removed
SafeCast.toUint208(uint256) (src/lib/SafeCast.sol#120-123) is never used and should be removed
SafeCast.toUint216(uint256) (src/lib/SafeCast.sol#103-106) is never used and should be removed
SafeCast.toUint224(uint256) (src/lib/SafeCast.sol#86-89) is never used and should be removed
SafeCast.toUint232(uint256) (src/lib/SafeCast.sol#69-72) is never used and should be removed
SafeCast.toUint24(uint256) (src/lib/SafeCast.sol#511-514) is never used and should be removed
SafeCast.toUint240(uint256) (src/lib/SafeCast.sol#52-55) is never used and should be removed
SafeCast.toUint248(uint256) (src/lib/SafeCast.sol#35-38) is never used and should be removed
SafeCast.toUint256(int256) (src/lib/SafeCast.sol#559-562) is never used and should be removed
SafeCast.toUint32(uint256) (src/lib/SafeCast.sol#494-497) is never used and should be removed
SafeCast.toUint40(uint256) (src/lib/SafeCast.sol#477-480) is never used and should be removed
SafeCast.toUint48(uint256) (src/lib/SafeCast.sol#460-463) is never used and should be removed
SafeCast.toUint56(uint256) (src/lib/SafeCast.sol#443-446) is never used and should be removed
SafeCast.toUint64(uint256) (src/lib/SafeCast.sol#426-429) is never used and should be removed
SafeCast.toUint72(uint256) (src/lib/SafeCast.sol#409-412) is never used and should be removed
SafeCast.toUint8(uint256) (src/lib/SafeCast.sol#545-548) is never used and should be removed
SafeCast.toUint80(uint256) (src/lib/SafeCast.sol#392-395) is never used and should be removed
SafeCast.toUint88(uint256) (src/lib/SafeCast.sol#375-378) is never used and should be removed
SafeCast.toUint96(uint256) (src/lib/SafeCast.sol#358-361) is never used and should be removed
SafeERC20._callOptionalReturn(IERC20,bytes) (src/lib/SafeERC20.sol#114-130) is never used and should be removed
SafeERC20.safeApprove(IERC20,address,uint256) (src/lib/SafeERC20.sol#51-67) is never used and should be removed
SafeERC20.safeDecreaseAllowance(IERC20,address,uint256) (src/lib/SafeERC20.sol#85-106) is never used and should be removed
SafeERC20.safeIncreaseAllowance(IERC20,address,uint256) (src/lib/SafeERC20.sol#69-83) is never used and should be removed
SafeERC20.safeTransfer(IERC20,address,uint256) (src/lib/SafeERC20.sol#21-30) is never used and should be removed
SafeERC20.safeTransferFrom(IERC20,address,address,uint256) (src/lib/SafeERC20.sol#32-42) is never used and should be removed
StakedAaveV3._beforeTokenTransfer(address,address,uint256) (src/contracts/StakedAaveV3.sol#146-196) is never used and should be removed
StakedAaveV3._searchByBlockNumber(mapping(address => mapping(uint256 => GovernancePowerDelegationERC20.Snapshot)),mapping(address => uint256),address,uint256) (src/contracts/StakedAaveV3.sol#200-218) is never used and should be removed
StakedTokenV2._getDelegationDataByType(IGovernancePowerDelegationToken.DelegationType) (src/contracts/StakedTokenV2.sol#250-269) is never used and should be removed
StakedTokenV2._updateCurrentUnclaimedRewards(address,uint256,bool) (src/contracts/StakedTokenV2.sol#222-243) is never used and should be removed
StakedTokenV3._claimRewards(address,address,uint256) (src/contracts/StakedTokenV3.sol#383-404) is never used and should be removed
StakedTokenV3._cooldown(address) (src/contracts/StakedTokenV3.sol#189-198) is never used and should be removed
StakedTokenV3._getExchangeRate(uint256,uint256) (src/contracts/StakedTokenV3.sol#545-553) is never used and should be removed
StakedTokenV3._redeem(address,address,uint256) (src/contracts/StakedTokenV3.sol#479-526) is never used and should be removed
StakedTokenV3._setCooldownSeconds(uint256) (src/contracts/StakedTokenV3.sol#371-374) is never used and should be removed
StakedTokenV3._setMaxSlashablePercentage(uint256) (src/contracts/StakedTokenV3.sol#357-365) is never used and should be removed
StakedTokenV3._transfer(address,address,uint256) (src/contracts/StakedTokenV3.sol#555-581) is never used and should be removed
StakedTokenV3._updateExchangeRate(uint216) (src/contracts/StakedTokenV3.sol#532-536) is never used and should be removed
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dead-code
INFO:Detectors:
Low level call in Address.sendValue(address,uint256) (src/lib/Address.sol#60-65):
- (success) = recipient.call{value: amount}() (src/lib/Address.sol#63)
Low level call in Address.functionCallWithValue(address,bytes,uint256,string) (src/lib/Address.sol#128-137):
- (success,returndata) = target.call{value: value}(data) (src/lib/Address.sol#135)
Low level call in Address.functionStaticCall(address,bytes,string) (src/lib/Address.sol#155-162):
- (success,returndata) = target.staticcall(data) (src/lib/Address.sol#160)
Low level call in Address.functionDelegateCall(address,bytes,string) (src/lib/Address.sol#180-187):
- (success,returndata) = target.delegatecall(data) (src/lib/Address.sol#185)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls
INFO:Detectors:
Variable AaveDistributionManager.DISTRIBUTION_END (src/contracts/AaveDistributionManager.sol#19) is not in mixedCase
Variable AaveDistributionManager.EMISSION_MANAGER (src/contracts/AaveDistributionManager.sol#21) is not in mixedCase
Function StakedAaveV3.REVISION() (src/contracts/StakedAaveV3.sol#28-30) is not in mixedCase
Variable StakedAaveV3._exchangeRateSnapshotsCount (src/contracts/StakedAaveV3.sol#21) is not in mixedCase
Variable StakedAaveV3._exchangeRateSnapshots (src/contracts/StakedAaveV3.sol#23) is not in mixedCase
Variable StakedTokenV2.STAKED_TOKEN (src/contracts/StakedTokenV2.sol#28) is not in mixedCase
Variable StakedTokenV2.REWARD_TOKEN (src/contracts/StakedTokenV2.sol#29) is not in mixedCase
Variable StakedTokenV2.UNSTAKE_WINDOW (src/contracts/StakedTokenV2.sol#32) is not in mixedCase
Variable StakedTokenV2.REWARDS_VAULT (src/contracts/StakedTokenV2.sol#35) is not in mixedCase
Variable StakedTokenV2._votingDelegates (src/contracts/StakedTokenV2.sol#43) is not in mixedCase
Variable StakedTokenV2._propositionPowerSnapshots (src/contracts/StakedTokenV2.sol#45-46) is not in mixedCase
Variable StakedTokenV2._propositionPowerSnapshotsCounts (src/contracts/StakedTokenV2.sol#47) is not in mixedCase
Variable StakedTokenV2._propositionPowerDelegates (src/contracts/StakedTokenV2.sol#48) is not in mixedCase
Variable StakedTokenV2.DOMAIN_SEPARATOR (src/contracts/StakedTokenV2.sol#50) is not in mixedCase
Variable StakedTokenV2._nonces (src/contracts/StakedTokenV2.sol#62) is not in mixedCase
Function StakedTokenV3.REVISION() (src/contracts/StakedTokenV3.sol#103-105) is not in mixedCase
Function StakedTokenV3.COOLDOWN_SECONDS() (src/contracts/StakedTokenV3.sol#349-351) is not in mixedCase
Variable StakedTokenV3.LOWER_BOUND (src/contracts/StakedTokenV3.sol#39) is not in mixedCase
Variable StakedTokenV3.______gap (src/contracts/StakedTokenV3.sol#42) is not in mixedCase
Variable StakedTokenV3._cooldownSeconds (src/contracts/StakedTokenV3.sol#44) is not in mixedCase
Variable StakedTokenV3._maxSlashablePercentage (src/contracts/StakedTokenV3.sol#46) is not in mixedCase
Variable StakedTokenV3._currentExchangeRate (src/contracts/StakedTokenV3.sol#48) is not in mixedCase
Function IStakedTokenV3.COOLDOWN_SECONDS() (src/interfaces/IStakedTokenV3.sol#70) is not in mixedCase
Variable ERC20._balances (src/lib/ERC20.sol#35) is not in mixedCase
Variable ERC20._totalSupply (src/lib/ERC20.sol#39) is not in mixedCase
Variable GovernancePowerWithSnapshot._votingSnapshots (src/lib/GovernancePowerWithSnapshot.sol#22) is not in mixedCase
Variable GovernancePowerWithSnapshot._votingSnapshotsCounts (src/lib/GovernancePowerWithSnapshot.sol#23) is not in mixedCase
Variable GovernancePowerWithSnapshot._aaveGovernance (src/lib/GovernancePowerWithSnapshot.sol#29) is not in mixedCase
Variable VersionedInitializable.______gap (src/utils/VersionedInitializable.sol#44) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
INFO:Detectors:
StakedAaveV3 (src/contracts/StakedAaveV3.sol#18-260) does not implement functions:
- StakedTokenV3.COOLDOWN_SECONDS() (src/contracts/StakedTokenV3.sol#349-351)
- ERC20._afterTokenTransfer(address,address,uint256) (src/lib/ERC20.sol#380-384)
- ERC20._approve(address,address,uint256) (src/lib/ERC20.sol#312-322)
- GovernancePowerDelegationERC20._binarySearch(mapping(uint256 => GovernancePowerDelegationERC20.Snapshot),uint256,uint256) (src/lib/GovernancePowerDelegationERC20.sol#227-249)
- StakedAaveV3._binarySearchExchangeRate(mapping(uint256 => IStakedAaveV3.ExchangeRateSnapshot),uint256,uint256) (src/contracts/StakedAaveV3.sol#233-259)
- ERC20._burn(address,uint256) (src/lib/ERC20.sol#281-297)
- AaveDistributionManager._claimRewards(address,DistributionTypes.UserStakeInput[]) (src/contracts/AaveDistributionManager.sol#141-159)
- StakedTokenV3._claimRewards(address,address,uint256) (src/contracts/StakedTokenV3.sol#383-404)
- StakedTokenV3._claimRewardsAndStakeOnBehalf(address,address,uint256) (src/contracts/StakedTokenV3.sol#413-435)
- AaveDistributionManager._configureAssets(DistributionTypes.AssetConfigInput[]) (src/contracts/AaveDistributionManager.sol#44-65)
- StakedTokenV3._cooldown(address) (src/contracts/StakedTokenV3.sol#189-198)
- GovernancePowerDelegationERC20._delegateByType(address,address,IGovernancePowerDelegationToken.DelegationType) (src/lib/GovernancePowerDelegationERC20.sol#115-132)
- AaveDistributionManager._getAssetIndex(uint256,uint256,uint128,uint256) (src/contracts/AaveDistributionManager.sol#218-240)
- GovernancePowerDelegationERC20._getDelegatee(address,mapping(address => address)) (src/lib/GovernancePowerDelegationERC20.sol#304-316)
- StakedTokenV2._getDelegationDataByType(IGovernancePowerDelegationToken.DelegationType) (src/contracts/StakedTokenV2.sol#250-269)
- StakedTokenV3._getExchangeRate(uint256,uint256) (src/contracts/StakedTokenV3.sol#545-553)
- AaveDistributionManager._getRewards(uint256,uint256,uint256) (src/contracts/AaveDistributionManager.sol#200-208)
- AaveDistributionManager._getUnclaimedRewards(address,DistributionTypes.UserStakeInput[]) (src/contracts/AaveDistributionManager.sol#167-191)
- RoleManager._initAdmins(RoleManager.InitAdmin[]) (src/utils/RoleManager.sol#73-83)
- StakedTokenV3._initialize(address,address,address,uint256,uint256) (src/contracts/StakedTokenV3.sol#134-151)
- ERC20._mint(address,uint256) (src/lib/ERC20.sol#255-268)
- GovernancePowerDelegationERC20._moveDelegatesByType(address,address,uint256,IGovernancePowerDelegationToken.DelegationType) (src/lib/GovernancePowerDelegationERC20.sol#141-196)
- Context._msgData() (src/lib/Context.sol#21-23)
- Context._msgSender() (src/lib/Context.sol#17-19)
- StakedTokenV3._redeem(address,address,uint256) (src/contracts/StakedTokenV3.sol#479-526)
- StakedTokenV3._setCooldownSeconds(uint256) (src/contracts/StakedTokenV3.sol#371-374)
- StakedTokenV3._setMaxSlashablePercentage(uint256) (src/contracts/StakedTokenV3.sol#357-365)
- ERC20._spendAllowance(address,address,uint256) (src/lib/ERC20.sol#332-344)
- StakedTokenV3._stake(address,address,uint256) (src/contracts/StakedTokenV3.sol#442-471)
- StakedTokenV3._transfer(address,address,uint256) (src/contracts/StakedTokenV3.sol#555-581)
- AaveDistributionManager._updateAssetStateInternal(address,AaveDistributionManager.AssetData,uint256) (src/contracts/AaveDistributionManager.sol#74-101)
- StakedTokenV2._updateCurrentUnclaimedRewards(address,uint256,bool) (src/contracts/StakedTokenV2.sol#222-243)
- StakedAaveV3._updateExchangeRate(uint216) (src/contracts/StakedAaveV3.sol#224-231)
- AaveDistributionManager._updateUserAssetInternal(address,address,uint256,uint256) (src/contracts/AaveDistributionManager.sol#111-133)
- GovernancePowerDelegationERC20._writeSnapshot(mapping(address => mapping(uint256 => GovernancePowerDelegationERC20.Snapshot)),mapping(address => uint256),address,uint128,uint128) (src/lib/GovernancePowerDelegationERC20.sol#274-296)
- ERC20.allowance(address,address) (src/lib/ERC20.sol#118-120)
- ERC20.approve(address,uint256) (src/lib/ERC20.sol#132-136)
- ERC20.balanceOf(address) (src/lib/ERC20.sol#97-99)
- StakedTokenV3.claimRewards(address,uint256) (src/contracts/StakedTokenV3.sol#218-223)
- StakedTokenV3.claimRewardsAndRedeem(address,uint256,uint256) (src/contracts/StakedTokenV3.sol#235-242)
- StakedTokenV3.claimRewardsAndRedeemOnBehalf(address,address,uint256,uint256) (src/contracts/StakedTokenV3.sol#245-253)
- StakedTokenV3.claimRewardsOnBehalf(address,address,uint256) (src/contracts/StakedTokenV3.sol#226-232)
- RoleManager.claimRoleAdmin(uint256) (src/utils/RoleManager.sol#67-71)
- StakedTokenV3.configureAssets(DistributionTypes.AssetConfigInput[]) (src/contracts/StakedTokenV3.sol#154-164)
- StakedTokenV3.cooldown() (src/contracts/StakedTokenV3.sol#180-182)
- StakedTokenV3.cooldownOnBehalfOf(address) (src/contracts/StakedTokenV3.sol#185-187)
- ERC20.decimals() (src/lib/ERC20.sol#83-85)
- ERC20.decreaseAllowance(address,uint256) (src/lib/ERC20.sol#197-206)
- GovernancePowerDelegationERC20.delegate(address) (src/lib/GovernancePowerDelegationERC20.sol#42-45)
- StakedTokenV2.delegateBySig(address,uint256,uint256,uint8,bytes32,bytes32) (src/contracts/StakedTokenV2.sol#193-213)
- GovernancePowerDelegationERC20.delegateByType(address,IGovernancePowerDelegationToken.DelegationType) (src/lib/GovernancePowerDelegationERC20.sol#34-36)
- StakedTokenV2.delegateByTypeBySig(address,IGovernancePowerDelegationToken.DelegationType,uint256,uint256,uint8,bytes32,bytes32) (src/contracts/StakedTokenV2.sol#156-182)
- RoleManager.getAdmin(uint256) (src/utils/RoleManager.sol#38-40)
- StakedTokenV3.getCooldownSeconds() (src/contracts/StakedTokenV3.sol#344-346)
- GovernancePowerDelegationERC20.getDelegateeByType(address,IGovernancePowerDelegationToken.DelegationType) (src/lib/GovernancePowerDelegationERC20.sol#51-60)
- StakedTokenV3.getExchangeRate() (src/contracts/StakedTokenV3.sol#256-258)
- StakedTokenV3.getMaxSlashablePercentage() (src/contracts/StakedTokenV3.sol#326-333)
- RoleManager.getPendingAdmin(uint256) (src/utils/RoleManager.sol#46-48)
- GovernancePowerDelegationERC20.getPowerAtBlock(address,uint256,IGovernancePowerDelegationToken.DelegationType) (src/lib/GovernancePowerDelegationERC20.sol#86-98)
- GovernancePowerDelegationERC20.getPowerCurrent(address,IGovernancePowerDelegationToken.DelegationType) (src/lib/GovernancePowerDelegationERC20.sol#67-80)
- StakedTokenV3.getRevision() (src/contracts/StakedTokenV3.sol#111-113)
- StakedTokenV2.getTotalRewardsBalance(address) (src/contracts/StakedTokenV2.sol#91-106)
- AaveDistributionManager.getUserAssetData(address,address) (src/contracts/AaveDistributionManager.sol#248-254)
- ERC20.increaseAllowance(address,uint256) (src/lib/ERC20.sol#177-181)
- ERC20.name() (src/lib/ERC20.sol#58-60)
- StakedTokenV2.permit(address,address,uint256,uint256,uint8,bytes32,bytes32) (src/contracts/StakedTokenV2.sol#109-144)
- StakedTokenV3.previewRedeem(uint256) (src/contracts/StakedTokenV3.sol#261-268)
- StakedTokenV3.previewStake(uint256) (src/contracts/StakedTokenV3.sol#167-169)
- StakedTokenV3.redeem(address,uint256) (src/contracts/StakedTokenV3.sol#201-206)
- StakedTokenV3.redeemOnBehalf(address,address,uint256) (src/contracts/StakedTokenV3.sol#209-215)
- StakedTokenV3.returnFunds(uint256) (src/contracts/StakedTokenV3.sol#299-308)
- StakedTokenV3.setCooldownSeconds(uint256) (src/contracts/StakedTokenV3.sol#336-341)
- StakedTokenV3.setMaxSlashablePercentage(uint256) (src/contracts/StakedTokenV3.sol#317-323)
- RoleManager.setPendingAdmin(uint256,address) (src/utils/RoleManager.sol#55-61)
- StakedTokenV3.settleSlashing() (src/contracts/StakedTokenV3.sol#311-314)
- StakedTokenV3.slash(address,uint256) (src/contracts/StakedTokenV3.sol#271-296)
- StakedTokenV3.stake(address,uint256) (src/contracts/StakedTokenV3.sol#172-177)
- ERC20.symbol() (src/lib/ERC20.sol#66-68)
- ERC20.totalSupply() (src/lib/ERC20.sol#90-92)
- GovernancePowerDelegationERC20.totalSupplyAt(uint256) (src/lib/GovernancePowerDelegationERC20.sol#106-108)
- ERC20.transfer(address,uint256) (src/lib/ERC20.sol#109-113)
- ERC20.transferFrom(address,address,uint256) (src/lib/ERC20.sol#154-163)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unimplemented-functions
INFO:Detectors:
ERC20._balances (src/lib/ERC20.sol#35) is never used in StakedAaveV3 (src/contracts/StakedAaveV3.sol#18-260)
ERC20._totalSupply (src/lib/ERC20.sol#39) is never used in StakedAaveV3 (src/contracts/StakedAaveV3.sol#18-260)
StakedTokenV2._propositionPowerSnapshots (src/contracts/StakedTokenV2.sol#45-46) is never used in StakedAaveV3 (src/contracts/StakedAaveV3.sol#18-260)
StakedTokenV2._propositionPowerSnapshotsCounts (src/contracts/StakedTokenV2.sol#47) is never used in StakedAaveV3 (src/contracts/StakedAaveV3.sol#18-260)
StakedTokenV2.EIP712_DOMAIN (src/contracts/StakedTokenV2.sol#52-55) is never used in StakedAaveV3 (src/contracts/StakedAaveV3.sol#18-260)
StakedTokenV3._cooldownSeconds (src/contracts/StakedTokenV3.sol#44) is never used in StakedAaveV3 (src/contracts/StakedAaveV3.sol#18-260)
StakedTokenV3._maxSlashablePercentage (src/contracts/StakedTokenV3.sol#46) is never used in StakedAaveV3 (src/contracts/StakedAaveV3.sol#18-260)
StakedTokenV3._currentExchangeRate (src/contracts/StakedTokenV3.sol#48) is never used in StakedAaveV3 (src/contracts/StakedAaveV3.sol#18-260)
PercentageMath.HALF_PERCENT (src/lib/PercentageMath.sol#14) is never used in PercentageMath (src/lib/PercentageMath.sol#12-59)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unused-state-variable
INFO:Slither:0xaa9faa887bce5182c39f68ac46c43f36723c395b analyzed (25 contracts with 82 detectors), 201 result(s) found
Slither report for GhoFlashMinter at `0xb639D208Bcf0589D54FaC24E655C79EC529762B8`
'solc --standard-json --allow-paths /home/runner/work/seatbelt-for-ghosts/seatbelt-for-ghosts/crytic-export/etherscan-contracts/0xb639d208bcf0589d54fac24e655c79ec529762b8-GhoFlashMinter' running
INFO:Detectors:
GhoFlashMinter.flashLoan(IERC3156FlashBorrower,address,uint256,bytes) (lib/gho-core/src/contracts/facilitators/flashMinter/GhoFlashMinter.sol#68-90) uses arbitrary from in transferFrom: GHO_TOKEN.transferFrom(address(receiver),address(this),amount + fee) (lib/gho-core/src/contracts/facilitators/flashMinter/GhoFlashMinter.sol#84)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#arbitrary-from-in-transferfrom
INFO:Detectors:
GhoFlashMinter.flashLoan(IERC3156FlashBorrower,address,uint256,bytes) (lib/gho-core/src/contracts/facilitators/flashMinter/GhoFlashMinter.sol#68-90) ignores return value by GHO_TOKEN.transferFrom(address(receiver),address(this),amount + fee) (lib/gho-core/src/contracts/facilitators/flashMinter/GhoFlashMinter.sol#84)
GhoFlashMinter.distributeFeesToTreasury() (lib/gho-core/src/contracts/facilitators/flashMinter/GhoFlashMinter.sol#93-97) ignores return value by GHO_TOKEN.transfer(_ghoTreasury,balance) (lib/gho-core/src/contracts/facilitators/flashMinter/GhoFlashMinter.sol#95)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unchecked-transfer
INFO:Detectors:
Reentrancy in GhoFlashMinter.distributeFeesToTreasury() (lib/gho-core/src/contracts/facilitators/flashMinter/GhoFlashMinter.sol#93-97):
External calls:
- GHO_TOKEN.transfer(_ghoTreasury,balance) (lib/gho-core/src/contracts/facilitators/flashMinter/GhoFlashMinter.sol#95)
Event emitted after the call(s):
- FeesDistributedToTreasury(_ghoTreasury,address(GHO_TOKEN),balance) (lib/gho-core/src/contracts/facilitators/flashMinter/GhoFlashMinter.sol#96)
Reentrancy in GhoFlashMinter.flashLoan(IERC3156FlashBorrower,address,uint256,bytes) (lib/gho-core/src/contracts/facilitators/flashMinter/GhoFlashMinter.sol#68-90):
External calls:
- GHO_TOKEN.mint(address(receiver),amount) (lib/gho-core/src/contracts/facilitators/flashMinter/GhoFlashMinter.sol#77)
- require(bool,string)(receiver.onFlashLoan(msg.sender,address(GHO_TOKEN),amount,fee,data) == CALLBACK_SUCCESS,FlashMinter: Callback failed) (lib/gho-core/src/contracts/facilitators/flashMinter/GhoFlashMinter.sol#79-82)
- GHO_TOKEN.transferFrom(address(receiver),address(this),amount + fee) (lib/gho-core/src/contracts/facilitators/flashMinter/GhoFlashMinter.sol#84)
- GHO_TOKEN.burn(amount) (lib/gho-core/src/contracts/facilitators/flashMinter/GhoFlashMinter.sol#85)
Event emitted after the call(s):
- FlashMint(address(receiver),msg.sender,address(GHO_TOKEN),amount,fee) (lib/gho-core/src/contracts/facilitators/flashMinter/GhoFlashMinter.sol#87)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-3
INFO:Detectors:
PercentageMath.percentMul(uint256,uint256) (lib/aave-v3-core/contracts/protocol/libraries/math/PercentageMath.sol#25-39) uses assembly
- INLINE ASM (lib/aave-v3-core/contracts/protocol/libraries/math/PercentageMath.sol#27-38)
PercentageMath.percentDiv(uint256,uint256) (lib/aave-v3-core/contracts/protocol/libraries/math/PercentageMath.sol#48-60) uses assembly
- INLINE ASM (lib/aave-v3-core/contracts/protocol/libraries/math/PercentageMath.sol#50-59)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage
INFO:Detectors:
PercentageMath.percentDiv(uint256,uint256) (lib/aave-v3-core/contracts/protocol/libraries/math/PercentageMath.sol#48-60) is never used and should be removed
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dead-code
INFO:Detectors:
Function IACLManager.ADDRESSES_PROVIDER() (lib/aave-v3-core/contracts/interfaces/IACLManager.sol#16) is not in mixedCase
Function IACLManager.POOL_ADMIN_ROLE() (lib/aave-v3-core/contracts/interfaces/IACLManager.sol#22) is not in mixedCase
Function IACLManager.EMERGENCY_ADMIN_ROLE() (lib/aave-v3-core/contracts/interfaces/IACLManager.sol#28) is not in mixedCase
Function IACLManager.RISK_ADMIN_ROLE() (lib/aave-v3-core/contracts/interfaces/IACLManager.sol#34) is not in mixedCase
Function IACLManager.FLASH_BORROWER_ROLE() (lib/aave-v3-core/contracts/interfaces/IACLManager.sol#40) is not in mixedCase
Function IACLManager.BRIDGE_ROLE() (lib/aave-v3-core/contracts/interfaces/IACLManager.sol#46) is not in mixedCase
Function IACLManager.ASSET_LISTING_ADMIN_ROLE() (lib/aave-v3-core/contracts/interfaces/IACLManager.sol#52) is not in mixedCase
Variable GhoFlashMinter.ADDRESSES_PROVIDER (lib/gho-core/src/contracts/facilitators/flashMinter/GhoFlashMinter.sol#29) is not in mixedCase
Variable GhoFlashMinter.GHO_TOKEN (lib/gho-core/src/contracts/facilitators/flashMinter/GhoFlashMinter.sol#32) is not in mixedCase
Variable GhoFlashMinter.ACL_MANAGER (lib/gho-core/src/contracts/facilitators/flashMinter/GhoFlashMinter.sol#35) is not in mixedCase
Function IGhoFlashMinter.CALLBACK_SUCCESS() (lib/gho-core/src/contracts/facilitators/flashMinter/interfaces/IGhoFlashMinter.sol#42) is not in mixedCase
Function IGhoFlashMinter.MAX_FEE() (lib/gho-core/src/contracts/facilitators/flashMinter/interfaces/IGhoFlashMinter.sol#48) is not in mixedCase
Function IGhoFlashMinter.ADDRESSES_PROVIDER() (lib/gho-core/src/contracts/facilitators/flashMinter/interfaces/IGhoFlashMinter.sol#54) is not in mixedCase
Function IGhoFlashMinter.GHO_TOKEN() (lib/gho-core/src/contracts/facilitators/flashMinter/interfaces/IGhoFlashMinter.sol#60) is not in mixedCase
Function IGhoToken.FACILITATOR_MANAGER_ROLE() (lib/gho-core/src/contracts/gho/interfaces/IGhoToken.sol#64) is not in mixedCase
Function IGhoToken.BUCKET_MANAGER_ROLE() (lib/gho-core/src/contracts/gho/interfaces/IGhoToken.sol#70) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
INFO:Slither:0xb639d208bcf0589d54fac24e655c79ec529762b8 analyzed (11 contracts with 82 detectors), 24 result(s) found
Slither report for GovernanceStrategy at `0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e`
'solc --standard-json --allow-paths /home/runner/work/seatbelt-for-ghosts/seatbelt-for-ghosts' running
INFO:Detectors:
GovernanceStrategy.constructor(address,address).aave (crytic-export/etherscan-contracts/0xb7e383ef9b1e9189fc0f71fb30af8aa14377429e-GovernanceStrategy.sol#78) lacks a zero-check on :
- AAVE = aave (crytic-export/etherscan-contracts/0xb7e383ef9b1e9189fc0f71fb30af8aa14377429e-GovernanceStrategy.sol#79)
GovernanceStrategy.constructor(address,address).stkAave (crytic-export/etherscan-contracts/0xb7e383ef9b1e9189fc0f71fb30af8aa14377429e-GovernanceStrategy.sol#78) lacks a zero-check on :
- STK_AAVE = stkAave (crytic-export/etherscan-contracts/0xb7e383ef9b1e9189fc0f71fb30af8aa14377429e-GovernanceStrategy.sol#80)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-zero-address-validation
INFO:Detectors:
Variable GovernanceStrategy.AAVE (crytic-export/etherscan-contracts/0xb7e383ef9b1e9189fc0f71fb30af8aa14377429e-GovernanceStrategy.sol#70) is not in mixedCase
Variable GovernanceStrategy.STK_AAVE (crytic-export/etherscan-contracts/0xb7e383ef9b1e9189fc0f71fb30af8aa14377429e-GovernanceStrategy.sol#71) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
INFO:Slither:0xb7e383ef9b1e9189fc0f71fb30af8aa14377429e analyzed (4 contracts with 82 detectors), 4 result(s) found
Slither report for ACLManager at `0xc2aaCf6553D20d1e9d78E365AAba8032af9c85b0`
'solc --standard-json --allow-paths /home/runner/work/seatbelt-for-ghosts/seatbelt-for-ghosts/crytic-export/etherscan-contracts/0xc2aacf6553d20d1e9d78e365aaba8032af9c85b0-ACLManager' running
INFO:Detectors:
Context._msgData() (@aave/core-v3/contracts/dependencies/openzeppelin/contracts/Context.sol#19-22) is never used and should be removed
Strings.toHexString(uint256) (@aave/core-v3/contracts/dependencies/openzeppelin/contracts/Strings.sol#39-50) is never used and should be removed
Strings.toString(uint256) (@aave/core-v3/contracts/dependencies/openzeppelin/contracts/Strings.sol#14-34) is never used and should be removed
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dead-code
INFO:Detectors:
Function IACLManager.ADDRESSES_PROVIDER() (@aave/core-v3/contracts/interfaces/IACLManager.sol#16) is not in mixedCase
Function IACLManager.POOL_ADMIN_ROLE() (@aave/core-v3/contracts/interfaces/IACLManager.sol#22) is not in mixedCase
Function IACLManager.EMERGENCY_ADMIN_ROLE() (@aave/core-v3/contracts/interfaces/IACLManager.sol#28) is not in mixedCase
Function IACLManager.RISK_ADMIN_ROLE() (@aave/core-v3/contracts/interfaces/IACLManager.sol#34) is not in mixedCase
Function IACLManager.FLASH_BORROWER_ROLE() (@aave/core-v3/contracts/interfaces/IACLManager.sol#40) is not in mixedCase
Function IACLManager.BRIDGE_ROLE() (@aave/core-v3/contracts/interfaces/IACLManager.sol#46) is not in mixedCase
Function IACLManager.ASSET_LISTING_ADMIN_ROLE() (@aave/core-v3/contracts/interfaces/IACLManager.sol#52) is not in mixedCase
Variable ACLManager.ADDRESSES_PROVIDER (@aave/core-v3/contracts/protocol/configuration/ACLManager.sol#22) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
INFO:Detectors:
Redundant expression "this (@aave/core-v3/contracts/dependencies/openzeppelin/contracts/Context.sol#20)" inContext (@aave/core-v3/contracts/dependencies/openzeppelin/contracts/Context.sol#14-23)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#redundant-statements
INFO:Slither:0xc2aacf6553d20d1e9d78e365aaba8032af9c85b0 analyzed (10 contracts with 82 detectors), 12 result(s) found
Slither report for Pool at `0xF1Cd4193bbc1aD4a23E833170f49d60f3D35a621`
'solc --standard-json --allow-paths /home/runner/work/seatbelt-for-ghosts/seatbelt-for-ghosts/crytic-export/etherscan-contracts/0xf1cd4193bbc1ad4a23e833170f49d60f3d35a621-Pool' running
Warning: Warning: This declaration shadows an existing declaration.
--> lib/aave-v3-core/contracts/protocol/tokenization/base/IncentivizedERC20.sol:72:27:
|
72 | constructor(IPool pool, string memory name, string memory symbol, uint8 decimals) {
| ^^^^^^^^^^^^^^^^^^
Note: The shadowed declaration is here:
--> lib/aave-v3-core/contracts/protocol/tokenization/base/IncentivizedERC20.sol:81:3:
|
81 | function name() public view override returns (string memory) {
| ^ (Relevant source part starts here and spans across multiple lines).
Warning: Warning: This declaration has the same name as another declaration.
--> lib/aave-v3-core/contracts/protocol/tokenization/base/IncentivizedERC20.sol:72:47:
|
72 | constructor(IPool pool, string memory name, string memory symbol, uint8 decimals) {
| ^^^^^^^^^^^^^^^^^^^^
Note: The other declaration is here:
--> lib/aave-v3-core/contracts/protocol/tokenization/base/IncentivizedERC20.sol:86:3:
|
86 | function symbol() external view override returns (string memory) {
| ^ (Relevant source part starts here and spans across multiple lines).
Warning: Warning: This declaration has the same name as another declaration.
--> lib/aave-v3-core/contracts/protocol/tokenization/base/IncentivizedERC20.sol:72:69:
|
72 | constructor(IPool pool, string memory name, string memory symbol, uint8 decimals) {
| ^^^^^^^^^^^^^^
Note: The other declaration is here:
--> lib/aave-v3-core/contracts/protocol/tokenization/base/IncentivizedERC20.sol:91:3:
|
91 | function decimals() external view override returns (uint8) {
| ^ (Relevant source part starts here and spans across multiple lines).
INFO:Detectors:
FlashLoanLogic._handleFlashLoanRepayment(DataTypes.ReserveData,DataTypes.FlashLoanRepaymentParams) (lib/aave-v3-core/contracts/protocol/libraries/logic/FlashLoanLogic.sol#226-269) uses arbitrary from in transferFrom: IERC20(params.asset).safeTransferFrom(params.receiverAddress,reserveCache.aTokenAddress,amountPlusPremium) (lib/aave-v3-core/contracts/protocol/libraries/logic/FlashLoanLogic.sol#248-252)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#arbitrary-from-in-transferfrom
INFO:Detectors:
IncentivizedERC20._totalSupply (lib/aave-v3-core/contracts/protocol/tokenization/base/IncentivizedERC20.sol#57) is never initialized. It is used in:
- IncentivizedERC20.totalSupply() (lib/aave-v3-core/contracts/protocol/tokenization/base/IncentivizedERC20.sol#96-98)
- IncentivizedERC20._transfer(address,address,uint128) (lib/aave-v3-core/contracts/protocol/tokenization/base/IncentivizedERC20.sol#185-199)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#uninitialized-state-variables
INFO:Detectors:
MathUtils.calculateCompoundedInterest(uint256,uint40,uint256) (lib/aave-v3-core/contracts/protocol/libraries/math/MathUtils.sol#50-85) performs a multiplication on the result of a division:
- basePowerTwo = rate.rayMul(rate) / (SECONDS_PER_YEAR * SECONDS_PER_YEAR) (lib/aave-v3-core/contracts/protocol/libraries/math/MathUtils.sol#71)
- secondTerm = exp * expMinusOne * basePowerTwo (lib/aave-v3-core/contracts/protocol/libraries/math/MathUtils.sol#75)
MathUtils.calculateCompoundedInterest(uint256,uint40,uint256) (lib/aave-v3-core/contracts/protocol/libraries/math/MathUtils.sol#50-85) performs a multiplication on the result of a division:
- basePowerThree = basePowerTwo.rayMul(rate) / SECONDS_PER_YEAR (lib/aave-v3-core/contracts/protocol/libraries/math/MathUtils.sol#72)
- thirdTerm = exp * expMinusOne * expMinusTwo * basePowerThree (lib/aave-v3-core/contracts/protocol/libraries/math/MathUtils.sol#79)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#divide-before-multiply
INFO:Detectors:
MathUtils.calculateCompoundedInterest(uint256,uint40,uint256) (lib/aave-v3-core/contracts/protocol/libraries/math/MathUtils.sol#50-85) uses a dangerous strict equality:
- exp == 0 (lib/aave-v3-core/contracts/protocol/libraries/math/MathUtils.sol#58)
BorrowLogic.executeRepay(mapping(address => DataTypes.ReserveData),mapping(uint256 => address),DataTypes.UserConfigurationMap,DataTypes.ExecuteRepayParams) (lib/aave-v3-core/contracts/protocol/libraries/logic/BorrowLogic.sol#180-265) uses a dangerous strict equality:
- params.interestRateMode == DataTypes.InterestRateMode.STABLE (lib/aave-v3-core/contracts/protocol/libraries/logic/BorrowLogic.sol#217)
BorrowLogic.executeRepay(mapping(address => DataTypes.ReserveData),mapping(uint256 => address),DataTypes.UserConfigurationMap,DataTypes.ExecuteRepayParams) (lib/aave-v3-core/contracts/protocol/libraries/logic/BorrowLogic.sol#180-265) uses a dangerous strict equality:
- stableDebt + variableDebt - paybackAmount == 0 (lib/aave-v3-core/contracts/protocol/libraries/logic/BorrowLogic.sol#234)
GenericLogic.calculateUserAccountData(mapping(address => DataTypes.ReserveData),mapping(uint256 => address),mapping(uint8 => DataTypes.EModeCategory),DataTypes.CalculateUserAccountDataParams) (lib/aave-v3-core/contracts/protocol/libraries/logic/GenericLogic.sol#64-185) uses a dangerous strict equality:
- vars.eModeAssetPrice != 0 && params.userEModeCategory == vars.eModeAssetCategory (lib/aave-v3-core/contracts/protocol/libraries/logic/GenericLogic.sol#116-119)
GenericLogic.calculateUserAccountData(mapping(address => DataTypes.ReserveData),mapping(uint256 => address),mapping(uint8 => DataTypes.EModeCategory),DataTypes.CalculateUserAccountDataParams) (lib/aave-v3-core/contracts/protocol/libraries/logic/GenericLogic.sol#64-185) uses a dangerous strict equality:
- (vars.totalDebtInBaseCurrency == 0) (lib/aave-v3-core/contracts/protocol/libraries/logic/GenericLogic.sol#172-176)
LiquidationLogic._liquidateATokens(mapping(address => DataTypes.ReserveData),mapping(uint256 => address),mapping(address => DataTypes.UserConfigurationMap),DataTypes.ReserveData,DataTypes.ExecuteLiquidationCallParams,LiquidationLogic.LiquidationCallLocalVars) (lib/aave-v3-core/contracts/protocol/libraries/logic/LiquidationLogic.sol#285-315) uses a dangerous strict equality:
- liquidatorPreviousATokenBalance == 0 (lib/aave-v3-core/contracts/protocol/libraries/logic/LiquidationLogic.sol#300)
LiquidationLogic.executeLiquidationCall(mapping(address => DataTypes.ReserveData),mapping(uint256 => address),mapping(address => DataTypes.UserConfigurationMap),mapping(uint8 => DataTypes.EModeCategory),DataTypes.ExecuteLiquidationCallParams) (lib/aave-v3-core/contracts/protocol/libraries/logic/LiquidationLogic.sol#96-242) uses a dangerous strict equality:
- vars.userTotalDebt == vars.actualDebtToLiquidate (lib/aave-v3-core/contracts/protocol/libraries/logic/LiquidationLogic.sol#165)
LiquidationLogic.executeLiquidationCall(mapping(address => DataTypes.ReserveData),mapping(uint256 => address),mapping(address => DataTypes.UserConfigurationMap),mapping(uint8 => DataTypes.EModeCategory),DataTypes.ExecuteLiquidationCallParams) (lib/aave-v3-core/contracts/protocol/libraries/logic/LiquidationLogic.sol#96-242) uses a dangerous strict equality:
- vars.actualCollateralToLiquidate + vars.liquidationProtocolFeeAmount == vars.userCollateralBalance (lib/aave-v3-core/contracts/protocol/libraries/logic/LiquidationLogic.sol#172-173)
ReserveLogic.getNormalizedDebt(DataTypes.ReserveData) (lib/aave-v3-core/contracts/protocol/libraries/logic/ReserveLogic.sol#71-86) uses a dangerous strict equality:
- timestamp == block.timestamp (lib/aave-v3-core/contracts/protocol/libraries/logic/ReserveLogic.sol#77)
ReserveLogic.getNormalizedIncome(DataTypes.ReserveData) (lib/aave-v3-core/contracts/protocol/libraries/logic/ReserveLogic.sol#47-62) uses a dangerous strict equality:
- timestamp == block.timestamp (lib/aave-v3-core/contracts/protocol/libraries/logic/ReserveLogic.sol#53)
ReserveLogic.updateState(DataTypes.ReserveData,DataTypes.ReserveCache) (lib/aave-v3-core/contracts/protocol/libraries/logic/ReserveLogic.sol#93-108) uses a dangerous strict equality:
- reserve.lastUpdateTimestamp == uint40(block.timestamp) (lib/aave-v3-core/contracts/protocol/libraries/logic/ReserveLogic.sol#99)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dangerous-strict-equalities
INFO:Detectors:
ReserveLogic.updateInterestRates(DataTypes.ReserveData,DataTypes.ReserveCache,address,uint256,uint256).vars (lib/aave-v3-core/contracts/protocol/libraries/logic/ReserveLogic.sol#179) is a local variable never initialized
FlashLoanLogic.executeFlashLoan(mapping(address => DataTypes.ReserveData),mapping(uint256 => address),mapping(uint8 => DataTypes.EModeCategory),DataTypes.UserConfigurationMap,DataTypes.FlashloanParams).vars (lib/aave-v3-core/contracts/protocol/libraries/logic/FlashLoanLogic.sol#83) is a local variable never initialized
ReserveLogic._accrueToTreasury(DataTypes.ReserveData,DataTypes.ReserveCache).vars (lib/aave-v3-core/contracts/protocol/libraries/logic/ReserveLogic.sol#236) is a local variable never initialized
GenericLogic.calculateUserAccountData(mapping(address => DataTypes.ReserveData),mapping(uint256 => address),mapping(uint8 => DataTypes.EModeCategory),DataTypes.CalculateUserAccountDataParams).vars (lib/aave-v3-core/contracts/protocol/libraries/logic/GenericLogic.sol#74) is a local variable never initialized
ReserveLogic.cache(DataTypes.ReserveData).reserveCache (lib/aave-v3-core/contracts/protocol/libraries/logic/ReserveLogic.sol#328) is a local variable never initialized
ValidationLogic.validateBorrow(mapping(address => DataTypes.ReserveData),mapping(uint256 => address),mapping(uint8 => DataTypes.EModeCategory),DataTypes.ValidateBorrowParams).vars (lib/aave-v3-core/contracts/protocol/libraries/logic/ValidationLogic.sol#147) is a local variable never initialized
LiquidationLogic._calculateAvailableCollateralToLiquidate(DataTypes.ReserveData,DataTypes.ReserveCache,address,address,uint256,uint256,uint256,IPriceOracleGetter).vars (lib/aave-v3-core/contracts/protocol/libraries/logic/LiquidationLogic.sol#476) is a local variable never initialized
LiquidationLogic.executeLiquidationCall(mapping(address => DataTypes.ReserveData),mapping(uint256 => address),mapping(address => DataTypes.UserConfigurationMap),mapping(uint8 => DataTypes.EModeCategory),DataTypes.ExecuteLiquidationCallParams).vars (lib/aave-v3-core/contracts/protocol/libraries/logic/LiquidationLogic.sol#103) is a local variable never initialized
ValidationLogic.validateLiquidationCall(DataTypes.UserConfigurationMap,DataTypes.ReserveData,DataTypes.ValidateLiquidationCallParams).vars (lib/aave-v3-core/contracts/protocol/libraries/logic/ValidationLogic.sol#501) is a local variable never initialized
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#uninitialized-local-variables
INFO:Detectors:
BorrowLogic.executeRebalanceStableBorrowRate(DataTypes.ReserveData,address,address) (lib/aave-v3-core/contracts/protocol/libraries/logic/BorrowLogic.sol#276-297) ignores return value by stableDebtToken.burn(user,stableDebt) (lib/aave-v3-core/contracts/protocol/libraries/logic/BorrowLogic.sol#289)
BorrowLogic.executeRebalanceStableBorrowRate(DataTypes.ReserveData,address,address) (lib/aave-v3-core/contracts/protocol/libraries/logic/BorrowLogic.sol#276-297) ignores return value by (None,reserveCache.nextTotalStableDebt,reserveCache.nextAvgStableBorrowRate) = stableDebtToken.mint(user,user,stableDebt,reserve.currentStableBorrowRate) (lib/aave-v3-core/contracts/protocol/libraries/logic/BorrowLogic.sol#291-292)
BorrowLogic.executeSwapBorrowRateMode(DataTypes.ReserveData,DataTypes.UserConfigurationMap,address,DataTypes.InterestRateMode) (lib/aave-v3-core/contracts/protocol/libraries/logic/BorrowLogic.sol#307-352) ignores return value by (None,reserveCache.nextScaledVariableDebt) = IVariableDebtToken(reserveCache.variableDebtTokenAddress).mint(msg.sender,msg.sender,stableDebt,reserveCache.nextVariableBorrowIndex) (lib/aave-v3-core/contracts/protocol/libraries/logic/BorrowLogic.sol#336-338)
BorrowLogic.executeSwapBorrowRateMode(DataTypes.ReserveData,DataTypes.UserConfigurationMap,address,DataTypes.InterestRateMode) (lib/aave-v3-core/contracts/protocol/libraries/logic/BorrowLogic.sol#307-352) ignores return value by (None,reserveCache.nextTotalStableDebt,reserveCache.nextAvgStableBorrowRate) = IStableDebtToken(reserveCache.stableDebtTokenAddress).mint(msg.sender,msg.sender,variableDebt,reserve.currentStableBorrowRate) (lib/aave-v3-core/contracts/protocol/libraries/logic/BorrowLogic.sol#344-346)
EModeLogic.executeSetUserEMode(mapping(address => DataTypes.ReserveData),mapping(uint256 => address),mapping(uint8 => DataTypes.EModeCategory),mapping(address => uint8),DataTypes.UserConfigurationMap,DataTypes.ExecuteSetUserEModeParams) (lib/aave-v3-core/contracts/protocol/libraries/logic/EModeLogic.sol#42-75) ignores return value by ValidationLogic.validateHealthFactor(reservesData,reservesList,eModeCategories,userConfig,msg.sender,params.categoryId,params.reservesCount,params.oracle) (lib/aave-v3-core/contracts/protocol/libraries/logic/EModeLogic.sol#63-72)
GenericLogic.calculateUserAccountData(mapping(address => DataTypes.ReserveData),mapping(uint256 => address),mapping(uint8 => DataTypes.EModeCategory),DataTypes.CalculateUserAccountDataParams) (lib/aave-v3-core/contracts/protocol/libraries/logic/GenericLogic.sol#64-185) ignores return value by (vars.ltv,vars.liquidationThreshold,None,vars.decimals,None,vars.eModeAssetCategory) = currentReserve.configuration.getParams() (lib/aave-v3-core/contracts/protocol/libraries/logic/GenericLogic.sol#103-110)
IsolationModeLogic.updateIsolatedDebtIfIsolated(mapping(address => DataTypes.ReserveData),mapping(uint256 => address),DataTypes.UserConfigurationMap,DataTypes.ReserveCache,uint256) (lib/aave-v3-core/contracts/protocol/libraries/logic/IsolationModeLogic.sol#30-63) ignores return value by (isolationModeActive,isolationModeCollateralAddress) = userConfig.getIsolationModeState(reservesData,reservesList) (lib/aave-v3-core/contracts/protocol/libraries/logic/IsolationModeLogic.sol#37-38)
LiquidationLogic.executeLiquidationCall(mapping(address => DataTypes.ReserveData),mapping(uint256 => address),mapping(address => DataTypes.UserConfigurationMap),mapping(uint8 => DataTypes.EModeCategory),DataTypes.ExecuteLiquidationCallParams) (lib/aave-v3-core/contracts/protocol/libraries/logic/LiquidationLogic.sol#96-242) ignores return value by (None,None,None,None,vars.healthFactor,None) = GenericLogic.calculateUserAccountData(reservesData,reservesList,eModeCategories,DataTypes.CalculateUserAccountDataParams(userConfig,params.reservesCount,params.user,params.priceOracle,params.userEModeCategory)) (lib/aave-v3-core/contracts/protocol/libraries/logic/LiquidationLogic.sol#111-122)
PoolLogic.executeGetUserAccountData(mapping(address => DataTypes.ReserveData),mapping(uint256 => address),mapping(uint8 => DataTypes.EModeCategory),DataTypes.CalculateUserAccountDataParams) (lib/aave-v3-core/contracts/protocol/libraries/logic/PoolLogic.sol#156-187) ignores return value by (totalCollateralBase,totalDebtBase,ltv,currentLiquidationThreshold,healthFactor,None) = GenericLogic.calculateUserAccountData(reservesData,reservesList,eModeCategories,params) (lib/aave-v3-core/contracts/protocol/libraries/logic/PoolLogic.sol#173-180)
ValidationLogic.validateSupply(DataTypes.ReserveCache,DataTypes.ReserveData,uint256) (lib/aave-v3-core/contracts/protocol/libraries/logic/ValidationLogic.sol#66-88) ignores return value by (isActive,isFrozen,isPaused) = reserveCache.reserveConfiguration.getFlags() (lib/aave-v3-core/contracts/protocol/libraries/logic/ValidationLogic.sol#73-75)
ValidationLogic.validateWithdraw(DataTypes.ReserveCache,uint256,uint256) (lib/aave-v3-core/contracts/protocol/libraries/logic/ValidationLogic.sol#96-107) ignores return value by (isActive,isPaused) = reserveCache.reserveConfiguration.getFlags() (lib/aave-v3-core/contracts/protocol/libraries/logic/ValidationLogic.sol#104)
ValidationLogic.validateBorrow(mapping(address => DataTypes.ReserveData),mapping(uint256 => address),mapping(uint8 => DataTypes.EModeCategory),DataTypes.ValidateBorrowParams) (lib/aave-v3-core/contracts/protocol/libraries/logic/ValidationLogic.sol#139-311) ignores return value by (vars.userCollateralInBaseCurrency,vars.userDebtInBaseCurrency,vars.currentLtv,None,vars.healthFactor,None) = GenericLogic.calculateUserAccountData(reservesData,reservesList,eModeCategories,DataTypes.CalculateUserAccountDataParams(params.userConfig,params.reservesCount,params.userAddress,params.oracle,params.userEModeCategory)) (lib/aave-v3-core/contracts/protocol/libraries/logic/ValidationLogic.sol#222-240)
ValidationLogic.validateRepay(DataTypes.ReserveCache,uint256,DataTypes.InterestRateMode,address,uint256,uint256) (lib/aave-v3-core/contracts/protocol/libraries/logic/ValidationLogic.sol#322-345) ignores return value by (isActive,isPaused) = reserveCache.reserveConfiguration.getFlags() (lib/aave-v3-core/contracts/protocol/libraries/logic/ValidationLogic.sol#336)
ValidationLogic.validateSwapRateMode(DataTypes.ReserveData,DataTypes.ReserveCache,DataTypes.UserConfigurationMap,uint256,uint256,DataTypes.InterestRateMode) (lib/aave-v3-core/contracts/protocol/libraries/logic/ValidationLogic.sol#356-393) ignores return value by (isActive,isFrozen,stableRateEnabled,isPaused) = reserveCache.reserveConfiguration.getFlags() (lib/aave-v3-core/contracts/protocol/libraries/logic/ValidationLogic.sol#364-366)
ValidationLogic.validateRebalanceStableBorrowRate(DataTypes.ReserveData,DataTypes.ReserveCache,address) (lib/aave-v3-core/contracts/protocol/libraries/logic/ValidationLogic.sol#403-436) ignores return value by (isActive,isPaused) = reserveCache.reserveConfiguration.getFlags() (lib/aave-v3-core/contracts/protocol/libraries/logic/ValidationLogic.sol#408)
ValidationLogic.validateRebalanceStableBorrowRate(DataTypes.ReserveData,DataTypes.ReserveCache,address) (lib/aave-v3-core/contracts/protocol/libraries/logic/ValidationLogic.sol#403-436) ignores return value by (liquidityRateVariableDebtOnly) = IReserveInterestRateStrategy(reserve.interestRateStrategyAddress).calculateInterestRates(DataTypes.CalculateInterestRatesParams(reserve.unbacked,0,0,0,totalDebt,0,reserveCache.reserveFactor,reserveAddress,reserveCache.aTokenAddress)) (lib/aave-v3-core/contracts/protocol/libraries/logic/ValidationLogic.sol#415-429)
ValidationLogic.validateSetUseReserveAsCollateral(DataTypes.ReserveCache,uint256) (lib/aave-v3-core/contracts/protocol/libraries/logic/ValidationLogic.sol#443-452) ignores return value by (isActive,isPaused) = reserveCache.reserveConfiguration.getFlags() (lib/aave-v3-core/contracts/protocol/libraries/logic/ValidationLogic.sol#449)
ValidationLogic.validateLiquidationCall(DataTypes.UserConfigurationMap,DataTypes.ReserveData,DataTypes.ValidateLiquidationCallParams) (lib/aave-v3-core/contracts/protocol/libraries/logic/ValidationLogic.sol#496-534) ignores return value by (vars.collateralReserveActive,None,None,None,vars.collateralReservePaused) = collateralReserve.configuration.getFlags() (lib/aave-v3-core/contracts/protocol/libraries/logic/ValidationLogic.sol#503-505)
ValidationLogic.validateLiquidationCall(DataTypes.UserConfigurationMap,DataTypes.ReserveData,DataTypes.ValidateLiquidationCallParams) (lib/aave-v3-core/contracts/protocol/libraries/logic/ValidationLogic.sol#496-534) ignores return value by (vars.principalReserveActive,None,None,None,vars.principalReservePaused) = params.debtReserveCache.reserveConfiguration.getFlags() (lib/aave-v3-core/contracts/protocol/libraries/logic/ValidationLogic.sol#507-510)
ValidationLogic.validateHealthFactor(mapping(address => DataTypes.ReserveData),mapping(uint256 => address),mapping(uint8 => DataTypes.EModeCategory),DataTypes.UserConfigurationMap,address,uint8,uint256,address) (lib/aave-v3-core/contracts/protocol/libraries/logic/ValidationLogic.sol#547-577) ignores return value by (healthFactor,hasZeroLtvCollateral) = GenericLogic.calculateUserAccountData(reservesData,reservesList,eModeCategories,DataTypes.CalculateUserAccountDataParams(userConfig,reservesCount,user,oracle,userEModeCategory)) (lib/aave-v3-core/contracts/protocol/libraries/logic/ValidationLogic.sol#557-569)
ValidationLogic.validateUseAsCollateral(mapping(address => DataTypes.ReserveData),mapping(uint256 => address),DataTypes.UserConfigurationMap,DataTypes.ReserveConfigurationMap) (lib/aave-v3-core/contracts/protocol/libraries/logic/ValidationLogic.sol#708-723) ignores return value by (isolationModeActive) = userConfig.getIsolationModeState(reservesData,reservesList) (lib/aave-v3-core/contracts/protocol/libraries/logic/ValidationLogic.sol#720)
Pool.getUserAccountData(address) (lib/aave-v3-core/contracts/protocol/pool/Pool.sol#458-487) ignores return value by PoolLogic.executeGetUserAccountData(_reserves,_reservesList,_eModeCategories,DataTypes.CalculateUserAccountDataParams(_usersConfig[user],_reservesCount,user,ADDRESSES_PROVIDER.getPriceOracle(),_usersEModeCategory[user])) (lib/aave-v3-core/contracts/protocol/pool/Pool.sol#474-486)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unused-return
INFO:Detectors:
IncentivizedERC20.constructor(IPool,string,string,uint8).name (lib/aave-v3-core/contracts/protocol/tokenization/base/IncentivizedERC20.sol#72) shadows:
- IncentivizedERC20.name() (lib/aave-v3-core/contracts/protocol/tokenization/base/IncentivizedERC20.sol#81-83) (function)
- IERC20Detailed.name() (lib/aave-v3-core/contracts/dependencies/openzeppelin/contracts/IERC20Detailed.sol#7) (function)
IncentivizedERC20.constructor(IPool,string,string,uint8).symbol (lib/aave-v3-core/contracts/protocol/tokenization/base/IncentivizedERC20.sol#72) shadows:
- IncentivizedERC20.symbol() (lib/aave-v3-core/contracts/protocol/tokenization/base/IncentivizedERC20.sol#86-88) (function)
- IERC20Detailed.symbol() (lib/aave-v3-core/contracts/dependencies/openzeppelin/contracts/IERC20Detailed.sol#9) (function)
IncentivizedERC20.constructor(IPool,string,string,uint8).decimals (lib/aave-v3-core/contracts/protocol/tokenization/base/IncentivizedERC20.sol#72) shadows:
- IncentivizedERC20.decimals() (lib/aave-v3-core/contracts/protocol/tokenization/base/IncentivizedERC20.sol#91-93) (function)
- IERC20Detailed.decimals() (lib/aave-v3-core/contracts/dependencies/openzeppelin/contracts/IERC20Detailed.sol#11) (function)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#local-variable-shadowing
INFO:Detectors:
Pool.updateBridgeProtocolFee(uint256) (lib/aave-v3-core/contracts/protocol/pool/Pool.sol#650-654) should emit an event for:
- _bridgeProtocolFee = protocolFee (lib/aave-v3-core/contracts/protocol/pool/Pool.sol#653)
Pool.updateFlashloanPremiums(uint128,uint128) (lib/aave-v3-core/contracts/protocol/pool/Pool.sol#657-663) should emit an event for:
- _flashLoanPremiumTotal = flashLoanPremiumTotal (lib/aave-v3-core/contracts/protocol/pool/Pool.sol#661)
- _flashLoanPremiumToProtocol = flashLoanPremiumToProtocol (lib/aave-v3-core/contracts/protocol/pool/Pool.sol#662)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-events-arithmetic
INFO:Detectors:
FlashLoanLogic.executeFlashLoan(mapping(address => DataTypes.ReserveData),mapping(uint256 => address),mapping(uint8 => DataTypes.EModeCategory),DataTypes.UserConfigurationMap,DataTypes.FlashloanParams) (lib/aave-v3-core/contracts/protocol/libraries/logic/FlashLoanLogic.sol#70-170) has external calls inside a loop: IAToken(reservesData[params.assets[vars.i]].aTokenAddress).transferUnderlyingTo(params.receiverAddress,vars.currentAmount) (lib/aave-v3-core/contracts/protocol/libraries/logic/FlashLoanLogic.sol#98-101)
FlashLoanLogic._handleFlashLoanRepayment(DataTypes.ReserveData,DataTypes.FlashLoanRepaymentParams) (lib/aave-v3-core/contracts/protocol/libraries/logic/FlashLoanLogic.sol#226-269) has external calls inside a loop: reserveCache.nextLiquidityIndex = reserve.cumulateToLiquidityIndex(IERC20(reserveCache.aTokenAddress).totalSupply() + uint256(reserve.accruedToTreasury).rayMul(reserveCache.nextLiquidityIndex),premiumToLP) (lib/aave-v3-core/contracts/protocol/libraries/logic/FlashLoanLogic.sol#236-240)
FlashLoanLogic._handleFlashLoanRepayment(DataTypes.ReserveData,DataTypes.FlashLoanRepaymentParams) (lib/aave-v3-core/contracts/protocol/libraries/logic/FlashLoanLogic.sol#226-269) has external calls inside a loop: IAToken(reserveCache.aTokenAddress).handleRepayment(params.receiverAddress,params.receiverAddress,amountPlusPremium) (lib/aave-v3-core/contracts/protocol/libraries/logic/FlashLoanLogic.sol#254-258)
ReserveLogic.cache(DataTypes.ReserveData) (lib/aave-v3-core/contracts/protocol/libraries/logic/ReserveLogic.sol#325-361) has external calls inside a loop: reserveCache.currScaledVariableDebt = reserveCache.nextScaledVariableDebt = IVariableDebtToken(reserveCache.variableDebtTokenAddress).scaledTotalSupply() (lib/aave-v3-core/contracts/protocol/libraries/logic/ReserveLogic.sol#344-346)
ReserveLogic.cache(DataTypes.ReserveData) (lib/aave-v3-core/contracts/protocol/libraries/logic/ReserveLogic.sol#325-361) has external calls inside a loop: (reserveCache.currPrincipalStableDebt,reserveCache.currTotalStableDebt,reserveCache.currAvgStableBorrowRate,reserveCache.stableDebtLastUpdateTimestamp) = IStableDebtToken(reserveCache.stableDebtTokenAddress).getSupplyData() (lib/aave-v3-core/contracts/protocol/libraries/logic/ReserveLogic.sol#348-353)
ReserveLogic.updateInterestRates(DataTypes.ReserveData,DataTypes.ReserveCache,address,uint256,uint256) (lib/aave-v3-core/contracts/protocol/libraries/logic/ReserveLogic.sol#172-215) has external calls inside a loop: (vars.nextLiquidityRate,vars.nextStableRate,vars.nextVariableRate) = IReserveInterestRateStrategy(reserve.interestRateStrategyAddress).calculateInterestRates(DataTypes.CalculateInterestRatesParams(reserve.unbacked,liquidityAdded,liquidityTaken,reserveCache.nextTotalStableDebt,vars.totalVariableDebt,reserveCache.nextAvgStableBorrowRate,reserveCache.reserveFactor,reserveAddress,reserveCache.aTokenAddress)) (lib/aave-v3-core/contracts/protocol/libraries/logic/ReserveLogic.sol#185-201)
FlashLoanLogic.executeFlashLoan(mapping(address => DataTypes.ReserveData),mapping(uint256 => address),mapping(uint8 => DataTypes.EModeCategory),DataTypes.UserConfigurationMap,DataTypes.FlashloanParams) (lib/aave-v3-core/contracts/protocol/libraries/logic/FlashLoanLogic.sol#70-170) has external calls inside a loop: BorrowLogic.executeBorrow(reservesData,reservesList,eModeCategories,userConfig,DataTypes.ExecuteBorrowParams(vars.currentAsset,msg.sender,params.onBehalfOf,vars.currentAmount,DataTypes.InterestRateMode(params.interestRateModes[vars.i]),params.referralCode,false,params.maxStableRateBorrowSizePercent,params.reservesCount,IPoolAddressesProvider(params.addressesProvider).getPriceOracle(),params.userEModeCategory,IPoolAddressesProvider(params.addressesProvider).getPriceOracleSentinel())) (lib/aave-v3-core/contracts/protocol/libraries/logic/FlashLoanLogic.sol#137-157)
PoolLogic.executeMintToTreasury(mapping(address => DataTypes.ReserveData),address[]) (lib/aave-v3-core/contracts/protocol/libraries/logic/PoolLogic.sol#84-109) has external calls inside a loop: IAToken(reserve.aTokenAddress).mintToTreasury(amountToMint,normalizedIncome) (lib/aave-v3-core/contracts/protocol/libraries/logic/PoolLogic.sol#104)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation/#calls-inside-a-loop
INFO:Detectors:
Reentrancy in FlashLoanLogic._handleFlashLoanRepayment(DataTypes.ReserveData,DataTypes.FlashLoanRepaymentParams) (lib/aave-v3-core/contracts/protocol/libraries/logic/FlashLoanLogic.sol#226-269):
External calls:
- IAToken(reserveCache.aTokenAddress).handleRepayment(params.receiverAddress,params.receiverAddress,amountPlusPremium) (lib/aave-v3-core/contracts/protocol/libraries/logic/FlashLoanLogic.sol#254-258)
Event emitted after the call(s):
- FlashLoan(params.receiverAddress,msg.sender,params.asset,params.amount,DataTypes.InterestRateMode(0),params.totalPremium,params.referralCode) (lib/aave-v3-core/contracts/protocol/libraries/logic/FlashLoanLogic.sol#260-268)
Reentrancy in LiquidationLogic._liquidateATokens(mapping(address => DataTypes.ReserveData),mapping(uint256 => address),mapping(address => DataTypes.UserConfigurationMap),DataTypes.ReserveData,DataTypes.ExecuteLiquidationCallParams,LiquidationLogic.LiquidationCallLocalVars) (lib/aave-v3-core/contracts/protocol/libraries/logic/LiquidationLogic.sol#285-315):
External calls:
- vars.collateralAToken.transferOnLiquidation(params.user,msg.sender,vars.actualCollateralToLiquidate) (lib/aave-v3-core/contracts/protocol/libraries/logic/LiquidationLogic.sol#294-298)
Event emitted after the call(s):
- ReserveUsedAsCollateralEnabled(params.collateralAsset,msg.sender) (lib/aave-v3-core/contracts/protocol/libraries/logic/LiquidationLogic.sol#312)
Reentrancy in BorrowLogic.executeBorrow(mapping(address => DataTypes.ReserveData),mapping(uint256 => address),mapping(uint8 => DataTypes.EModeCategory),DataTypes.UserConfigurationMap,DataTypes.ExecuteBorrowParams) (lib/aave-v3-core/contracts/protocol/libraries/logic/BorrowLogic.sol#67-167):
External calls:
- (isFirstBorrowing,reserveCache.nextTotalStableDebt,reserveCache.nextAvgStableBorrowRate) = IStableDebtToken(reserveCache.stableDebtTokenAddress).mint(params.user,params.onBehalfOf,params.amount,currentStableRate) (lib/aave-v3-core/contracts/protocol/libraries/logic/BorrowLogic.sol#113-122)
- (isFirstBorrowing,reserveCache.nextScaledVariableDebt) = IVariableDebtToken(reserveCache.variableDebtTokenAddress).mint(params.user,params.onBehalfOf,params.amount,reserveCache.nextVariableBorrowIndex) (lib/aave-v3-core/contracts/protocol/libraries/logic/BorrowLogic.sol#124-126)
Event emitted after the call(s):
- IsolationModeTotalDebtUpdated(isolationModeCollateralAddress,nextIsolationModeTotalDebt) (lib/aave-v3-core/contracts/protocol/libraries/logic/BorrowLogic.sol#139-142)
Reentrancy in BorrowLogic.executeBorrow(mapping(address => DataTypes.ReserveData),mapping(uint256 => address),mapping(uint8 => DataTypes.EModeCategory),DataTypes.UserConfigurationMap,DataTypes.ExecuteBorrowParams) (lib/aave-v3-core/contracts/protocol/libraries/logic/BorrowLogic.sol#67-167):
External calls:
- (isFirstBorrowing,reserveCache.nextTotalStableDebt,reserveCache.nextAvgStableBorrowRate) = IStableDebtToken(reserveCache.stableDebtTokenAddress).mint(params.user,params.onBehalfOf,params.amount,currentStableRate) (lib/aave-v3-core/contracts/protocol/libraries/logic/BorrowLogic.sol#113-122)
- (isFirstBorrowing,reserveCache.nextScaledVariableDebt) = IVariableDebtToken(reserveCache.variableDebtTokenAddress).mint(params.user,params.onBehalfOf,params.amount,reserveCache.nextVariableBorrowIndex) (lib/aave-v3-core/contracts/protocol/libraries/logic/BorrowLogic.sol#124-126)
- IAToken(reserveCache.aTokenAddress).transferUnderlyingTo(params.user,params.amount) (lib/aave-v3-core/contracts/protocol/libraries/logic/BorrowLogic.sol#153)
Event emitted after the call(s):
- Borrow(params.asset,params.user,params.onBehalfOf,params.amount,params.interestRateMode,currentStableRate,params.referralCode) (lib/aave-v3-core/contracts/protocol/libraries/logic/BorrowLogic.sol#156-166)
- Borrow(params.asset,params.user,params.onBehalfOf,params.amount,params.interestRateMode,reserve.currentVariableBorrowRate,params.referralCode) (lib/aave-v3-core/contracts/protocol/libraries/logic/BorrowLogic.sol#156-166)
Reentrancy in FlashLoanLogic.executeFlashLoan(mapping(address => DataTypes.ReserveData),mapping(uint256 => address),mapping(uint8 => DataTypes.EModeCategory),DataTypes.UserConfigurationMap,DataTypes.FlashloanParams) (lib/aave-v3-core/contracts/protocol/libraries/logic/FlashLoanLogic.sol#70-170):
External calls:
- IAToken(reservesData[params.assets[vars.i]].aTokenAddress).transferUnderlyingTo(params.receiverAddress,vars.currentAmount) (lib/aave-v3-core/contracts/protocol/libraries/logic/FlashLoanLogic.sol#98-101)
- require(bool,string)(vars.receiver.executeOperation(params.assets,params.amounts,vars.totalPremiums,msg.sender,params.params),Errors.INVALID_FLASHLOAN_EXECUTOR_RETURN) (lib/aave-v3-core/contracts/protocol/libraries/logic/FlashLoanLogic.sol#104-113)
- _handleFlashLoanRepayment(reservesData[vars.currentAsset],DataTypes.FlashLoanRepaymentParams(vars.currentAsset,params.receiverAddress,vars.currentAmount,vars.totalPremiums[vars.i],vars.flashloanPremiumToProtocol,params.referralCode)) (lib/aave-v3-core/contracts/protocol/libraries/logic/FlashLoanLogic.sol#123-133)
- IAToken(reserveCache.aTokenAddress).handleRepayment(params.receiverAddress,params.receiverAddress,amountPlusPremium) (lib/aave-v3-core/contracts/protocol/libraries/logic/FlashLoanLogic.sol#254-258)
- BorrowLogic.executeBorrow(reservesData,reservesList,eModeCategories,userConfig,DataTypes.ExecuteBorrowParams(vars.currentAsset,msg.sender,params.onBehalfOf,vars.currentAmount,DataTypes.InterestRateMode(params.interestRateModes[vars.i]),params.referralCode,false,params.maxStableRateBorrowSizePercent,params.reservesCount,IPoolAddressesProvider(params.addressesProvider).getPriceOracle(),params.userEModeCategory,IPoolAddressesProvider(params.addressesProvider).getPriceOracleSentinel())) (lib/aave-v3-core/contracts/protocol/libraries/logic/FlashLoanLogic.sol#137-157)
Event emitted after the call(s):
- FlashLoan(params.receiverAddress,msg.sender,params.asset,params.amount,DataTypes.InterestRateMode(0),params.totalPremium,params.referralCode) (lib/aave-v3-core/contracts/protocol/libraries/logic/FlashLoanLogic.sol#260-268)
- _handleFlashLoanRepayment(reservesData[vars.currentAsset],DataTypes.FlashLoanRepaymentParams(vars.currentAsset,params.receiverAddress,vars.currentAmount,vars.totalPremiums[vars.i],vars.flashloanPremiumToProtocol,params.referralCode)) (lib/aave-v3-core/contracts/protocol/libraries/logic/FlashLoanLogic.sol#123-133)
- FlashLoan(params.receiverAddress,msg.sender,vars.currentAsset,vars.currentAmount,DataTypes.InterestRateMode(params.interestRateModes[vars.i]),0,params.referralCode) (lib/aave-v3-core/contracts/protocol/libraries/logic/FlashLoanLogic.sol#159-167)
- ReserveDataUpdated(reserveAddress,vars.nextLiquidityRate,vars.nextStableRate,vars.nextVariableRate,reserveCache.nextLiquidityIndex,reserveCache.nextVariableBorrowIndex) (lib/aave-v3-core/contracts/protocol/libraries/logic/ReserveLogic.sol#207-214)
- _handleFlashLoanRepayment(reservesData[vars.currentAsset],DataTypes.FlashLoanRepaymentParams(vars.currentAsset,params.receiverAddress,vars.currentAmount,vars.totalPremiums[vars.i],vars.flashloanPremiumToProtocol,params.referralCode)) (lib/aave-v3-core/contracts/protocol/libraries/logic/FlashLoanLogic.sol#123-133)
Reentrancy in FlashLoanLogic.executeFlashLoanSimple(DataTypes.ReserveData,DataTypes.FlashloanSimpleParams) (lib/aave-v3-core/contracts/protocol/libraries/logic/FlashLoanLogic.sol#182-218):
External calls:
- IAToken(reserve.aTokenAddress).transferUnderlyingTo(params.receiverAddress,params.amount) (lib/aave-v3-core/contracts/protocol/libraries/logic/FlashLoanLogic.sol#194)
- require(bool,string)(receiver.executeOperation(params.asset,params.amount,totalPremium,msg.sender,params.params),Errors.INVALID_FLASHLOAN_EXECUTOR_RETURN) (lib/aave-v3-core/contracts/protocol/libraries/logic/FlashLoanLogic.sol#196-205)
- _handleFlashLoanRepayment(reserve,DataTypes.FlashLoanRepaymentParams(params.asset,params.receiverAddress,params.amount,totalPremium,params.flashLoanPremiumToProtocol,params.referralCode)) (lib/aave-v3-core/contracts/protocol/libraries/logic/FlashLoanLogic.sol#207-217)
- IAToken(reserveCache.aTokenAddress).handleRepayment(params.receiverAddress,params.receiverAddress,amountPlusPremium) (lib/aave-v3-core/contracts/protocol/libraries/logic/FlashLoanLogic.sol#254-258)
Event emitted after the call(s):
- FlashLoan(params.receiverAddress,msg.sender,params.asset,params.amount,DataTypes.InterestRateMode(0),params.totalPremium,params.referralCode) (lib/aave-v3-core/contracts/protocol/libraries/logic/FlashLoanLogic.sol#260-268)
- _handleFlashLoanRepayment(reserve,DataTypes.FlashLoanRepaymentParams(params.asset,params.receiverAddress,params.amount,totalPremium,params.flashLoanPremiumToProtocol,params.referralCode)) (lib/aave-v3-core/contracts/protocol/libraries/logic/FlashLoanLogic.sol#207-217)
- ReserveDataUpdated(reserveAddress,vars.nextLiquidityRate,vars.nextStableRate,vars.nextVariableRate,reserveCache.nextLiquidityIndex,reserveCache.nextVariableBorrowIndex) (lib/aave-v3-core/contracts/protocol/libraries/logic/ReserveLogic.sol#207-214)
- _handleFlashLoanRepayment(reserve,DataTypes.FlashLoanRepaymentParams(params.asset,params.receiverAddress,params.amount,totalPremium,params.flashLoanPremiumToProtocol,params.referralCode)) (lib/aave-v3-core/contracts/protocol/libraries/logic/FlashLoanLogic.sol#207-217)
Reentrancy in LiquidationLogic.executeLiquidationCall(mapping(address => DataTypes.ReserveData),mapping(uint256 => address),mapping(address => DataTypes.UserConfigurationMap),mapping(uint8 => DataTypes.EModeCategory),DataTypes.ExecuteLiquidationCallParams) (lib/aave-v3-core/contracts/protocol/libraries/logic/LiquidationLogic.sol#96-242):
External calls:
- _burnDebtTokens(params,vars) (lib/aave-v3-core/contracts/protocol/libraries/logic/LiquidationLogic.sol#179)
- vars.debtReserveCache.nextScaledVariableDebt = IVariableDebtToken(vars.debtReserveCache.variableDebtTokenAddress).burn(params.user,vars.actualDebtToLiquidate,vars.debtReserveCache.nextVariableBorrowIndex) (lib/aave-v3-core/contracts/protocol/libraries/logic/LiquidationLogic.sol#328-334)
- vars.debtReserveCache.nextScaledVariableDebt = IVariableDebtToken(vars.debtReserveCache.variableDebtTokenAddress).burn(params.user,vars.userVariableDebt,vars.debtReserveCache.nextVariableBorrowIndex) (lib/aave-v3-core/contracts/protocol/libraries/logic/LiquidationLogic.sol#338-340)
- (vars.debtReserveCache.nextTotalStableDebt,vars.debtReserveCache.nextAvgStableBorrowRate) = IStableDebtToken(vars.debtReserveCache.stableDebtTokenAddress).burn(params.user,vars.actualDebtToLiquidate - vars.userVariableDebt) (lib/aave-v3-core/contracts/protocol/libraries/logic/LiquidationLogic.sol#342-348)
- _liquidateATokens(reservesData,reservesList,usersConfig,collateralReserve,params,vars) (lib/aave-v3-core/contracts/protocol/libraries/logic/LiquidationLogic.sol#197)
- vars.collateralAToken.transferOnLiquidation(params.user,msg.sender,vars.actualCollateralToLiquidate) (lib/aave-v3-core/contracts/protocol/libraries/logic/LiquidationLogic.sol#294-298)
Event emitted after the call(s):
- ReserveUsedAsCollateralEnabled(params.collateralAsset,msg.sender) (lib/aave-v3-core/contracts/protocol/libraries/logic/LiquidationLogic.sol#312)
- _liquidateATokens(reservesData,reservesList,usersConfig,collateralReserve,params,vars) (lib/aave-v3-core/contracts/protocol/libraries/logic/LiquidationLogic.sol#197)
Reentrancy in LiquidationLogic.executeLiquidationCall(mapping(address => DataTypes.ReserveData),mapping(uint256 => address),mapping(address => DataTypes.UserConfigurationMap),mapping(uint8 => DataTypes.EModeCategory),DataTypes.ExecuteLiquidationCallParams) (lib/aave-v3-core/contracts/protocol/libraries/logic/LiquidationLogic.sol#96-242):
External calls:
- _burnDebtTokens(params,vars) (lib/aave-v3-core/contracts/protocol/libraries/logic/LiquidationLogic.sol#179)
- vars.debtReserveCache.nextScaledVariableDebt = IVariableDebtToken(vars.debtReserveCache.variableDebtTokenAddress).burn(params.user,vars.actualDebtToLiquidate,vars.debtReserveCache.nextVariableBorrowIndex) (lib/aave-v3-core/contracts/protocol/libraries/logic/LiquidationLogic.sol#328-334)
- vars.debtReserveCache.nextScaledVariableDebt = IVariableDebtToken(vars.debtReserveCache.variableDebtTokenAddress).burn(params.user,vars.userVariableDebt,vars.debtReserveCache.nextVariableBorrowIndex) (lib/aave-v3-core/contracts/protocol/libraries/logic/LiquidationLogic.sol#338-340)
- (vars.debtReserveCache.nextTotalStableDebt,vars.debtReserveCache.nextAvgStableBorrowRate) = IStableDebtToken(vars.debtReserveCache.stableDebtTokenAddress).burn(params.user,vars.actualDebtToLiquidate - vars.userVariableDebt) (lib/aave-v3-core/contracts/protocol/libraries/logic/LiquidationLogic.sol#342-348)
- _burnCollateralATokens(collateralReserve,params,vars) (lib/aave-v3-core/contracts/protocol/libraries/logic/LiquidationLogic.sol#199)
- vars.collateralAToken.burn(params.user,msg.sender,vars.actualCollateralToLiquidate,collateralReserveCache.nextLiquidityIndex) (lib/aave-v3-core/contracts/protocol/libraries/logic/LiquidationLogic.sol#266-271)
Event emitted after the call(s):
- ReserveDataUpdated(reserveAddress,vars.nextLiquidityRate,vars.nextStableRate,vars.nextVariableRate,reserveCache.nextLiquidityIndex,reserveCache.nextVariableBorrowIndex) (lib/aave-v3-core/contracts/protocol/libraries/logic/ReserveLogic.sol#207-214)
- _burnCollateralATokens(collateralReserve,params,vars) (lib/aave-v3-core/contracts/protocol/libraries/logic/LiquidationLogic.sol#199)
Reentrancy in LiquidationLogic.executeLiquidationCall(mapping(address => DataTypes.ReserveData),mapping(uint256 => address),mapping(address => DataTypes.UserConfigurationMap),mapping(uint8 => DataTypes.EModeCategory),DataTypes.ExecuteLiquidationCallParams) (lib/aave-v3-core/contracts/protocol/libraries/logic/LiquidationLogic.sol#96-242):
External calls:
- _burnDebtTokens(params,vars) (lib/aave-v3-core/contracts/protocol/libraries/logic/LiquidationLogic.sol#179)
- vars.debtReserveCache.nextScaledVariableDebt = IVariableDebtToken(vars.debtReserveCache.variableDebtTokenAddress).burn(params.user,vars.actualDebtToLiquidate,vars.debtReserveCache.nextVariableBorrowIndex) (lib/aave-v3-core/contracts/protocol/libraries/logic/LiquidationLogic.sol#328-334)
- vars.debtReserveCache.nextScaledVariableDebt = IVariableDebtToken(vars.debtReserveCache.variableDebtTokenAddress).burn(params.user,vars.userVariableDebt,vars.debtReserveCache.nextVariableBorrowIndex) (lib/aave-v3-core/contracts/protocol/libraries/logic/LiquidationLogic.sol#338-340)
- (vars.debtReserveCache.nextTotalStableDebt,vars.debtReserveCache.nextAvgStableBorrowRate) = IStableDebtToken(vars.debtReserveCache.stableDebtTokenAddress).burn(params.user,vars.actualDebtToLiquidate - vars.userVariableDebt) (lib/aave-v3-core/contracts/protocol/libraries/logic/LiquidationLogic.sol#342-348)
- _liquidateATokens(reservesData,reservesList,usersConfig,collateralReserve,params,vars) (lib/aave-v3-core/contracts/protocol/libraries/logic/LiquidationLogic.sol#197)
- vars.collateralAToken.transferOnLiquidation(params.user,msg.sender,vars.actualCollateralToLiquidate) (lib/aave-v3-core/contracts/protocol/libraries/logic/LiquidationLogic.sol#294-298)
- _burnCollateralATokens(collateralReserve,params,vars) (lib/aave-v3-core/contracts/protocol/libraries/logic/LiquidationLogic.sol#199)
- vars.collateralAToken.burn(params.user,msg.sender,vars.actualCollateralToLiquidate,collateralReserveCache.nextLiquidityIndex) (lib/aave-v3-core/contracts/protocol/libraries/logic/LiquidationLogic.sol#266-271)
- vars.collateralAToken.transferOnLiquidation(params.user,vars.collateralAToken.RESERVE_TREASURY_ADDRESS(),vars.liquidationProtocolFeeAmount) (lib/aave-v3-core/contracts/protocol/libraries/logic/LiquidationLogic.sol#213-217)
- IAToken(vars.debtReserveCache.aTokenAddress).handleRepayment(msg.sender,params.user,vars.actualDebtToLiquidate) (lib/aave-v3-core/contracts/protocol/libraries/logic/LiquidationLogic.sol#227-231)
Event emitted after the call(s):
- LiquidationCall(params.collateralAsset,params.debtAsset,params.user,vars.actualDebtToLiquidate,vars.actualCollateralToLiquidate,msg.sender,params.receiveAToken) (lib/aave-v3-core/contracts/protocol/libraries/logic/LiquidationLogic.sol#233-241)
Reentrancy in PoolLogic.executeMintToTreasury(mapping(address => DataTypes.ReserveData),address[]) (lib/aave-v3-core/contracts/protocol/libraries/logic/PoolLogic.sol#84-109):
External calls:
- IAToken(reserve.aTokenAddress).mintToTreasury(amountToMint,normalizedIncome) (lib/aave-v3-core/contracts/protocol/libraries/logic/PoolLogic.sol#104)
Event emitted after the call(s):
- MintedToTreasury(assetAddress,amountToMint) (lib/aave-v3-core/contracts/protocol/libraries/logic/PoolLogic.sol#106)
Reentrancy in BridgeLogic.executeMintUnbacked(mapping(address => DataTypes.ReserveData),mapping(uint256 => address),DataTypes.UserConfigurationMap,address,uint256,address,uint16) (lib/aave-v3-core/contracts/protocol/libraries/logic/BridgeLogic.sol#52-103):
External calls:
- isFirstSupply = IAToken(reserveCache.aTokenAddress).mint(msg.sender,onBehalfOf,amount,reserveCache.nextLiquidityIndex) (lib/aave-v3-core/contracts/protocol/libraries/logic/BridgeLogic.sol#80-85)
Event emitted after the call(s):
- MintUnbacked(asset,msg.sender,onBehalfOf,amount,referralCode) (lib/aave-v3-core/contracts/protocol/libraries/logic/BridgeLogic.sol#102)
- ReserveUsedAsCollateralEnabled(asset,onBehalfOf) (lib/aave-v3-core/contracts/protocol/libraries/logic/BridgeLogic.sol#98)
Reentrancy in BorrowLogic.executeRebalanceStableBorrowRate(DataTypes.ReserveData,address,address) (lib/aave-v3-core/contracts/protocol/libraries/logic/BorrowLogic.sol#276-297):
External calls:
- stableDebtToken.burn(user,stableDebt) (lib/aave-v3-core/contracts/protocol/libraries/logic/BorrowLogic.sol#289)
- (None,reserveCache.nextTotalStableDebt,reserveCache.nextAvgStableBorrowRate) = stableDebtToken.mint(user,user,stableDebt,reserve.currentStableBorrowRate) (lib/aave-v3-core/contracts/protocol/libraries/logic/BorrowLogic.sol#291-292)
Event emitted after the call(s):
- RebalanceStableBorrowRate(asset,user) (lib/aave-v3-core/contracts/protocol/libraries/logic/BorrowLogic.sol#296)
Reentrancy in BorrowLogic.executeRepay(mapping(address => DataTypes.ReserveData),mapping(uint256 => address),DataTypes.UserConfigurationMap,DataTypes.ExecuteRepayParams) (lib/aave-v3-core/contracts/protocol/libraries/logic/BorrowLogic.sol#180-265):
External calls:
- (reserveCache.nextTotalStableDebt,reserveCache.nextAvgStableBorrowRate) = IStableDebtToken(reserveCache.stableDebtTokenAddress).burn(params.onBehalfOf,paybackAmount) (lib/aave-v3-core/contracts/protocol/libraries/logic/BorrowLogic.sol#218-220)
- reserveCache.nextScaledVariableDebt = IVariableDebtToken(reserveCache.variableDebtTokenAddress).burn(params.onBehalfOf,paybackAmount,reserveCache.nextVariableBorrowIndex) (lib/aave-v3-core/contracts/protocol/libraries/logic/BorrowLogic.sol#222-224)
- IAToken(reserveCache.aTokenAddress).burn(msg.sender,reserveCache.aTokenAddress,paybackAmount,reserveCache.nextLiquidityIndex) (lib/aave-v3-core/contracts/protocol/libraries/logic/BorrowLogic.sol#247-252)
- IAToken(reserveCache.aTokenAddress).handleRepayment(msg.sender,params.onBehalfOf,paybackAmount) (lib/aave-v3-core/contracts/protocol/libraries/logic/BorrowLogic.sol#255-259)
Event emitted after the call(s):
- Repay(params.asset,params.onBehalfOf,msg.sender,paybackAmount,params.useATokens) (lib/aave-v3-core/contracts/protocol/libraries/logic/BorrowLogic.sol#262)
Reentrancy in SupplyLogic.executeSupply(mapping(address => DataTypes.ReserveData),mapping(uint256 => address),DataTypes.UserConfigurationMap,DataTypes.ExecuteSupplyParams) (lib/aave-v3-core/contracts/protocol/libraries/logic/SupplyLogic.sol#52-92):
External calls:
- isFirstSupply = IAToken(reserveCache.aTokenAddress).mint(msg.sender,params.onBehalfOf,params.amount,reserveCache.nextLiquidityIndex) (lib/aave-v3-core/contracts/protocol/libraries/logic/SupplyLogic.sol#69-74)
Event emitted after the call(s):
- ReserveUsedAsCollateralEnabled(params.asset,params.onBehalfOf) (lib/aave-v3-core/contracts/protocol/libraries/logic/SupplyLogic.sol#87)
- Supply(params.asset,msg.sender,params.onBehalfOf,params.amount,params.referralCode) (lib/aave-v3-core/contracts/protocol/libraries/logic/SupplyLogic.sol#91)
Reentrancy in BorrowLogic.executeSwapBorrowRateMode(DataTypes.ReserveData,DataTypes.UserConfigurationMap,address,DataTypes.InterestRateMode) (lib/aave-v3-core/contracts/protocol/libraries/logic/BorrowLogic.sol#307-352):
External calls:
- (reserveCache.nextTotalStableDebt,reserveCache.nextAvgStableBorrowRate) = IStableDebtToken(reserveCache.stableDebtTokenAddress).burn(msg.sender,stableDebt) (lib/aave-v3-core/contracts/protocol/libraries/logic/BorrowLogic.sol#332-334)
- (None,reserveCache.nextScaledVariableDebt) = IVariableDebtToken(reserveCache.variableDebtTokenAddress).mint(msg.sender,msg.sender,stableDebt,reserveCache.nextVariableBorrowIndex) (lib/aave-v3-core/contracts/protocol/libraries/logic/BorrowLogic.sol#336-338)
- reserveCache.nextScaledVariableDebt = IVariableDebtToken(reserveCache.variableDebtTokenAddress).burn(msg.sender,variableDebt,reserveCache.nextVariableBorrowIndex) (lib/aave-v3-core/contracts/protocol/libraries/logic/BorrowLogic.sol#340-342)
- (None,reserveCache.nextTotalStableDebt,reserveCache.nextAvgStableBorrowRate) = IStableDebtToken(reserveCache.stableDebtTokenAddress).mint(msg.sender,msg.sender,variableDebt,reserve.currentStableBorrowRate) (lib/aave-v3-core/contracts/protocol/libraries/logic/BorrowLogic.sol#344-346)
Event emitted after the call(s):
- SwapBorrowRateMode(asset,msg.sender,interestRateMode) (lib/aave-v3-core/contracts/protocol/libraries/logic/BorrowLogic.sol#351)
Reentrancy in SupplyLogic.executeWithdraw(mapping(address => DataTypes.ReserveData),mapping(uint256 => address),mapping(uint8 => DataTypes.EModeCategory),DataTypes.UserConfigurationMap,DataTypes.ExecuteWithdrawParams) (lib/aave-v3-core/contracts/protocol/libraries/logic/SupplyLogic.sol#106-163):
External calls:
- IAToken(reserveCache.aTokenAddress).burn(msg.sender,params.to,amountToWithdraw,reserveCache.nextLiquidityIndex) (lib/aave-v3-core/contracts/protocol/libraries/logic/SupplyLogic.sol#139-144)
Event emitted after the call(s):
- Withdraw(params.asset,msg.sender,params.to,amountToWithdraw) (lib/aave-v3-core/contracts/protocol/libraries/logic/SupplyLogic.sol#160)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-3
INFO:Detectors:
ReserveLogic.getNormalizedIncome(DataTypes.ReserveData) (lib/aave-v3-core/contracts/protocol/libraries/logic/ReserveLogic.sol#47-62) uses timestamp for comparisons
Dangerous comparisons:
- timestamp == block.timestamp (lib/aave-v3-core/contracts/protocol/libraries/logic/ReserveLogic.sol#53)
ReserveLogic.getNormalizedDebt(DataTypes.ReserveData) (lib/aave-v3-core/contracts/protocol/libraries/logic/ReserveLogic.sol#71-86) uses timestamp for comparisons
Dangerous comparisons:
- timestamp == block.timestamp (lib/aave-v3-core/contracts/protocol/libraries/logic/ReserveLogic.sol#77)
ReserveLogic.updateState(DataTypes.ReserveData,DataTypes.ReserveCache) (lib/aave-v3-core/contracts/protocol/libraries/logic/ReserveLogic.sol#93-108) uses timestamp for comparisons
Dangerous comparisons:
- reserve.lastUpdateTimestamp == uint40(block.timestamp) (lib/aave-v3-core/contracts/protocol/libraries/logic/ReserveLogic.sol#99)
MathUtils.calculateCompoundedInterest(uint256,uint40,uint256) (lib/aave-v3-core/contracts/protocol/libraries/math/MathUtils.sol#50-85) uses timestamp for comparisons
Dangerous comparisons:
- exp == 0 (lib/aave-v3-core/contracts/protocol/libraries/math/MathUtils.sol#58)
- exp > 2 (lib/aave-v3-core/contracts/protocol/libraries/math/MathUtils.sol#69)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#block-timestamp
INFO:Detectors:
GPv2SafeERC20.safeTransfer(IERC20,address,uint256) (lib/aave-v3-core/contracts/dependencies/gnosis/contracts/GPv2SafeERC20.sol#12-29) uses assembly
- INLINE ASM (lib/aave-v3-core/contracts/dependencies/gnosis/contracts/GPv2SafeERC20.sol#16-26)
GPv2SafeERC20.safeTransferFrom(IERC20,address,address,uint256) (lib/aave-v3-core/contracts/dependencies/gnosis/contracts/GPv2SafeERC20.sol#33-51) uses assembly
- INLINE ASM (lib/aave-v3-core/contracts/dependencies/gnosis/contracts/GPv2SafeERC20.sol#37-48)
GPv2SafeERC20.getLastTransferResult(IERC20) (lib/aave-v3-core/contracts/dependencies/gnosis/contracts/GPv2SafeERC20.sol#56-114) uses assembly
- INLINE ASM (lib/aave-v3-core/contracts/dependencies/gnosis/contracts/GPv2SafeERC20.sol#64-113)
GPv2SafeERC20.getLastTransferResult.asm_0.revertWithMessage() (lib/aave-v3-core/contracts/dependencies/gnosis/contracts/GPv2SafeERC20.sol#77-83) uses assembly
- INLINE ASM (lib/aave-v3-core/contracts/dependencies/gnosis/contracts/GPv2SafeERC20.sol#77-83)
Address.isContract(address) (lib/aave-v3-core/contracts/dependencies/openzeppelin/contracts/Address.sol#25-36) uses assembly
- INLINE ASM (lib/aave-v3-core/contracts/dependencies/openzeppelin/contracts/Address.sol#32-34)
VersionedInitializable.isConstructor() (lib/aave-v3-core/contracts/protocol/libraries/aave-upgradeability/VersionedInitializable.sol#61-73) uses assembly
- INLINE ASM (lib/aave-v3-core/contracts/protocol/libraries/aave-upgradeability/VersionedInitializable.sol#69-71)
PercentageMath.percentMul(uint256,uint256) (lib/aave-v3-core/contracts/protocol/libraries/math/PercentageMath.sol#25-39) uses assembly
- INLINE ASM (lib/aave-v3-core/contracts/protocol/libraries/math/PercentageMath.sol#27-38)
PercentageMath.percentDiv(uint256,uint256) (lib/aave-v3-core/contracts/protocol/libraries/math/PercentageMath.sol#48-60) uses assembly
- INLINE ASM (lib/aave-v3-core/contracts/protocol/libraries/math/PercentageMath.sol#50-59)
WadRayMath.wadMul(uint256,uint256) (lib/aave-v3-core/contracts/protocol/libraries/math/WadRayMath.sol#29-38) uses assembly
- INLINE ASM (lib/aave-v3-core/contracts/protocol/libraries/math/WadRayMath.sol#31-37)
WadRayMath.wadDiv(uint256,uint256) (lib/aave-v3-core/contracts/protocol/libraries/math/WadRayMath.sol#47-56) uses assembly
- INLINE ASM (lib/aave-v3-core/contracts/protocol/libraries/math/WadRayMath.sol#49-55)
WadRayMath.rayMul(uint256,uint256) (lib/aave-v3-core/contracts/protocol/libraries/math/WadRayMath.sol#65-74) uses assembly
- INLINE ASM (lib/aave-v3-core/contracts/protocol/libraries/math/WadRayMath.sol#67-73)
WadRayMath.rayDiv(uint256,uint256) (lib/aave-v3-core/contracts/protocol/libraries/math/WadRayMath.sol#83-92) uses assembly
- INLINE ASM (lib/aave-v3-core/contracts/protocol/libraries/math/WadRayMath.sol#85-91)
WadRayMath.rayToWad(uint256) (lib/aave-v3-core/contracts/protocol/libraries/math/WadRayMath.sol#100-108) uses assembly
- INLINE ASM (lib/aave-v3-core/contracts/protocol/libraries/math/WadRayMath.sol#101-107)
WadRayMath.wadToRay(uint256) (lib/aave-v3-core/contracts/protocol/libraries/math/WadRayMath.sol#116-125) uses assembly
- INLINE ASM (lib/aave-v3-core/contracts/protocol/libraries/math/WadRayMath.sol#118-124)
Pool.getReservesList() (lib/aave-v3-core/contracts/protocol/pool/Pool.sol#518-536) uses assembly
- INLINE ASM (lib/aave-v3-core/contracts/protocol/pool/Pool.sol#532-534)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage
INFO:Detectors:
GenericLogic.calculateUserAccountData(mapping(address => DataTypes.ReserveData),mapping(uint256 => address),mapping(uint8 => DataTypes.EModeCategory),DataTypes.CalculateUserAccountDataParams) (lib/aave-v3-core/contracts/protocol/libraries/logic/GenericLogic.sol#64-185) has a high cyclomatic complexity (14).
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#cyclomatic-complexity
INFO:Detectors:
Address.sendValue(address,uint256) (lib/aave-v3-core/contracts/dependencies/openzeppelin/contracts/Address.sol#54-60) is never used and should be removed
Context._msgData() (lib/aave-v3-core/contracts/dependencies/openzeppelin/contracts/Context.sol#19-22) is never used and should be removed
IncentivizedERC20._setDecimals(uint8) (lib/aave-v3-core/contracts/protocol/tokenization/base/IncentivizedERC20.sol#232-234) is never used and should be removed
IncentivizedERC20._setName(string) (lib/aave-v3-core/contracts/protocol/tokenization/base/IncentivizedERC20.sol#216-218) is never used and should be removed
IncentivizedERC20._setSymbol(string) (lib/aave-v3-core/contracts/protocol/tokenization/base/IncentivizedERC20.sol#224-226) is never used and should be removed
ReserveConfiguration.getBorrowingEnabled(DataTypes.ReserveConfigurationMap) (lib/aave-v3-core/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#306-310) is never used and should be removed
ReserveConfiguration.getCaps(DataTypes.ReserveConfigurationMap) (lib/aave-v3-core/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#601-610) is never used and should be removed
ReserveConfiguration.getFrozen(DataTypes.ReserveConfigurationMap) (lib/aave-v3-core/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#203-205) is never used and should be removed
ReserveConfiguration.getStableRateBorrowingEnabled(DataTypes.ReserveConfigurationMap) (lib/aave-v3-core/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#331-335) is never used and should be removed
ReserveConfiguration.setActive(DataTypes.ReserveConfigurationMap,bool) (lib/aave-v3-core/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#172-176) is never used and should be removed
ReserveConfiguration.setBorrowCap(DataTypes.ReserveConfigurationMap,uint256) (lib/aave-v3-core/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#369-376) is never used and should be removed
ReserveConfiguration.setBorrowableInIsolation(DataTypes.ReserveConfigurationMap,bool) (lib/aave-v3-core/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#236-243) is never used and should be removed
ReserveConfiguration.setBorrowingEnabled(DataTypes.ReserveConfigurationMap,bool) (lib/aave-v3-core/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#292-299) is never used and should be removed
ReserveConfiguration.setDebtCeiling(DataTypes.ReserveConfigurationMap,uint256) (lib/aave-v3-core/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#419-426) is never used and should be removed
ReserveConfiguration.setDecimals(DataTypes.ReserveConfigurationMap,uint256) (lib/aave-v3-core/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#147-154) is never used and should be removed
ReserveConfiguration.setEModeCategory(DataTypes.ReserveConfigurationMap,uint256) (lib/aave-v3-core/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#502-509) is never used and should be removed
ReserveConfiguration.setFlashLoanEnabled(DataTypes.ReserveConfigurationMap,bool) (lib/aave-v3-core/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#527-534) is never used and should be removed
ReserveConfiguration.setFrozen(DataTypes.ReserveConfigurationMap,bool) (lib/aave-v3-core/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#192-196) is never used and should be removed
ReserveConfiguration.setLiquidationBonus(DataTypes.ReserveConfigurationMap,uint256) (lib/aave-v3-core/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#120-129) is never used and should be removed
ReserveConfiguration.setLiquidationProtocolFee(DataTypes.ReserveConfigurationMap,uint256) (lib/aave-v3-core/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#444-456) is never used and should be removed
ReserveConfiguration.setLiquidationThreshold(DataTypes.ReserveConfigurationMap,uint256) (lib/aave-v3-core/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#93-102) is never used and should be removed
ReserveConfiguration.setLtv(DataTypes.ReserveConfigurationMap,uint256) (lib/aave-v3-core/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#73-77) is never used and should be removed
ReserveConfiguration.setPaused(DataTypes.ReserveConfigurationMap,bool) (lib/aave-v3-core/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#212-216) is never used and should be removed
ReserveConfiguration.setReserveFactor(DataTypes.ReserveConfigurationMap,uint256) (lib/aave-v3-core/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#342-351) is never used and should be removed
ReserveConfiguration.setSiloedBorrowing(DataTypes.ReserveConfigurationMap,bool) (lib/aave-v3-core/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#266-273) is never used and should be removed
ReserveConfiguration.setStableRateBorrowingEnabled(DataTypes.ReserveConfigurationMap,bool) (lib/aave-v3-core/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#317-324) is never used and should be removed
ReserveConfiguration.setSupplyCap(DataTypes.ReserveConfigurationMap,uint256) (lib/aave-v3-core/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#394-401) is never used and should be removed
ReserveConfiguration.setUnbackedMintCap(DataTypes.ReserveConfigurationMap,uint256) (lib/aave-v3-core/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#475-484) is never used and should be removed
SafeCast.toInt128(int256) (lib/aave-v3-core/contracts/dependencies/openzeppelin/contracts/SafeCast.sol#151-157) is never used and should be removed
SafeCast.toInt16(int256) (lib/aave-v3-core/contracts/dependencies/openzeppelin/contracts/SafeCast.sol#214-220) is never used and should be removed
SafeCast.toInt256(uint256) (lib/aave-v3-core/contracts/dependencies/openzeppelin/contracts/SafeCast.sol#250-254) is never used and should be removed
SafeCast.toInt32(int256) (lib/aave-v3-core/contracts/dependencies/openzeppelin/contracts/SafeCast.sol#193-199) is never used and should be removed
SafeCast.toInt64(int256) (lib/aave-v3-core/contracts/dependencies/openzeppelin/contracts/SafeCast.sol#172-178) is never used and should be removed
SafeCast.toInt8(int256) (lib/aave-v3-core/contracts/dependencies/openzeppelin/contracts/SafeCast.sol#235-241) is never used and should be removed
SafeCast.toUint16(uint256) (lib/aave-v3-core/contracts/dependencies/openzeppelin/contracts/SafeCast.sol#106-109) is never used and should be removed
SafeCast.toUint224(uint256) (lib/aave-v3-core/contracts/dependencies/openzeppelin/contracts/SafeCast.sol#31-34) is never used and should be removed
SafeCast.toUint256(int256) (lib/aave-v3-core/contracts/dependencies/openzeppelin/contracts/SafeCast.sol#133-136) is never used and should be removed
SafeCast.toUint32(uint256) (lib/aave-v3-core/contracts/dependencies/openzeppelin/contracts/SafeCast.sol#91-94) is never used and should be removed
SafeCast.toUint64(uint256) (lib/aave-v3-core/contracts/dependencies/openzeppelin/contracts/SafeCast.sol#76-79) is never used and should be removed
SafeCast.toUint8(uint256) (lib/aave-v3-core/contracts/dependencies/openzeppelin/contracts/SafeCast.sol#121-124) is never used and should be removed
SafeCast.toUint96(uint256) (lib/aave-v3-core/contracts/dependencies/openzeppelin/contracts/SafeCast.sol#61-64) is never used and should be removed
WadRayMath.rayToWad(uint256) (lib/aave-v3-core/contracts/protocol/libraries/math/WadRayMath.sol#100-108) is never used and should be removed
WadRayMath.wadMul(uint256,uint256) (lib/aave-v3-core/contracts/protocol/libraries/math/WadRayMath.sol#29-38) is never used and should be removed
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dead-code
INFO:Detectors:
Low level call in Address.sendValue(address,uint256) (lib/aave-v3-core/contracts/dependencies/openzeppelin/contracts/Address.sol#54-60):
- (success) = recipient.call{value: amount}() (lib/aave-v3-core/contracts/dependencies/openzeppelin/contracts/Address.sol#58)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls
INFO:Detectors:
Parameter GPv2SafeERC20.getLastTransferResult.asm_0.revertWithMessage().length_getLastTransferResult_asm_0_revertWithMessage (lib/aave-v3-core/contracts/dependencies/gnosis/contracts/GPv2SafeERC20.sol#77) is not in mixedCase
Parameter GPv2SafeERC20.getLastTransferResult.asm_0.revertWithMessage().message_getLastTransferResult_asm_0_revertWithMessage (lib/aave-v3-core/contracts/dependencies/gnosis/contracts/GPv2SafeERC20.sol#77) is not in mixedCase
Function IFlashLoanReceiver.ADDRESSES_PROVIDER() (lib/aave-v3-core/contracts/flashloan/interfaces/IFlashLoanReceiver.sol#33) is not in mixedCase
Function IFlashLoanReceiver.POOL() (lib/aave-v3-core/contracts/flashloan/interfaces/IFlashLoanReceiver.sol#35) is not in mixedCase
Function IFlashLoanSimpleReceiver.ADDRESSES_PROVIDER() (lib/aave-v3-core/contracts/flashloan/interfaces/IFlashLoanSimpleReceiver.sol#33) is not in mixedCase
Function IFlashLoanSimpleReceiver.POOL() (lib/aave-v3-core/contracts/flashloan/interfaces/IFlashLoanSimpleReceiver.sol#35) is not in mixedCase
Function IACLManager.ADDRESSES_PROVIDER() (lib/aave-v3-core/contracts/interfaces/IACLManager.sol#16) is not in mixedCase
Function IACLManager.POOL_ADMIN_ROLE() (lib/aave-v3-core/contracts/interfaces/IACLManager.sol#22) is not in mixedCase
Function IACLManager.EMERGENCY_ADMIN_ROLE() (lib/aave-v3-core/contracts/interfaces/IACLManager.sol#28) is not in mixedCase
Function IACLManager.RISK_ADMIN_ROLE() (lib/aave-v3-core/contracts/interfaces/IACLManager.sol#34) is not in mixedCase
Function IACLManager.FLASH_BORROWER_ROLE() (lib/aave-v3-core/contracts/interfaces/IACLManager.sol#40) is not in mixedCase
Function IACLManager.BRIDGE_ROLE() (lib/aave-v3-core/contracts/interfaces/IACLManager.sol#46) is not in mixedCase
Function IACLManager.ASSET_LISTING_ADMIN_ROLE() (lib/aave-v3-core/contracts/interfaces/IACLManager.sol#52) is not in mixedCase
Function IAToken.UNDERLYING_ASSET_ADDRESS() (lib/aave-v3-core/contracts/interfaces/IAToken.sol#109) is not in mixedCase
Function IAToken.RESERVE_TREASURY_ADDRESS() (lib/aave-v3-core/contracts/interfaces/IAToken.sol#115) is not in mixedCase
Function IAToken.DOMAIN_SEPARATOR() (lib/aave-v3-core/contracts/interfaces/IAToken.sol#122) is not in mixedCase
Function IPool.ADDRESSES_PROVIDER() (lib/aave-v3-core/contracts/interfaces/IPool.sol#621) is not in mixedCase
Function IPool.MAX_STABLE_RATE_BORROW_SIZE_PERCENT() (lib/aave-v3-core/contracts/interfaces/IPool.sol#684) is not in mixedCase
Function IPool.FLASHLOAN_PREMIUM_TOTAL() (lib/aave-v3-core/contracts/interfaces/IPool.sol#690) is not in mixedCase
Function IPool.BRIDGE_PROTOCOL_FEE() (lib/aave-v3-core/contracts/interfaces/IPool.sol#696) is not in mixedCase
Function IPool.FLASHLOAN_PREMIUM_TO_PROTOCOL() (lib/aave-v3-core/contracts/interfaces/IPool.sol#702) is not in mixedCase
Function IPool.MAX_NUMBER_RESERVES() (lib/aave-v3-core/contracts/interfaces/IPool.sol#708) is not in mixedCase
Function IPriceOracleGetter.BASE_CURRENCY() (lib/aave-v3-core/contracts/interfaces/IPriceOracleGetter.sol#15) is not in mixedCase
Function IPriceOracleGetter.BASE_CURRENCY_UNIT() (lib/aave-v3-core/contracts/interfaces/IPriceOracleGetter.sol#22) is not in mixedCase
Function IPriceOracleSentinel.ADDRESSES_PROVIDER() (lib/aave-v3-core/contracts/interfaces/IPriceOracleSentinel.sol#28) is not in mixedCase
Function IStableDebtToken.UNDERLYING_ASSET_ADDRESS() (lib/aave-v3-core/contracts/interfaces/IStableDebtToken.sol#138) is not in mixedCase
Function IVariableDebtToken.UNDERLYING_ASSET_ADDRESS() (lib/aave-v3-core/contracts/interfaces/IVariableDebtToken.sol#45) is not in mixedCase
Variable VersionedInitializable.______gap (lib/aave-v3-core/contracts/protocol/libraries/aave-upgradeability/VersionedInitializable.sol#76) is not in mixedCase
Function Pool.MAX_STABLE_RATE_BORROW_SIZE_PERCENT() (lib/aave-v3-core/contracts/protocol/pool/Pool.sol#544-546) is not in mixedCase
Function Pool.BRIDGE_PROTOCOL_FEE() (lib/aave-v3-core/contracts/protocol/pool/Pool.sol#549-551) is not in mixedCase
Function Pool.FLASHLOAN_PREMIUM_TOTAL() (lib/aave-v3-core/contracts/protocol/pool/Pool.sol#554-556) is not in mixedCase
Function Pool.FLASHLOAN_PREMIUM_TO_PROTOCOL() (lib/aave-v3-core/contracts/protocol/pool/Pool.sol#559-561) is not in mixedCase
Function Pool.MAX_NUMBER_RESERVES() (lib/aave-v3-core/contracts/protocol/pool/Pool.sol#564-566) is not in mixedCase
Variable Pool.ADDRESSES_PROVIDER (lib/aave-v3-core/contracts/protocol/pool/Pool.sol#43) is not in mixedCase
Variable PoolStorage._reserves (lib/aave-v3-core/contracts/protocol/pool/PoolStorage.sol#21) is not in mixedCase
Variable PoolStorage._usersConfig (lib/aave-v3-core/contracts/protocol/pool/PoolStorage.sol#24) is not in mixedCase
Variable PoolStorage._reservesList (lib/aave-v3-core/contracts/protocol/pool/PoolStorage.sol#28) is not in mixedCase
Variable PoolStorage._eModeCategories (lib/aave-v3-core/contracts/protocol/pool/PoolStorage.sol#32) is not in mixedCase
Variable PoolStorage._usersEModeCategory (lib/aave-v3-core/contracts/protocol/pool/PoolStorage.sol#35) is not in mixedCase
Variable PoolStorage._bridgeProtocolFee (lib/aave-v3-core/contracts/protocol/pool/PoolStorage.sol#38) is not in mixedCase
Variable PoolStorage._flashLoanPremiumTotal (lib/aave-v3-core/contracts/protocol/pool/PoolStorage.sol#41) is not in mixedCase
Variable PoolStorage._flashLoanPremiumToProtocol (lib/aave-v3-core/contracts/protocol/pool/PoolStorage.sol#44) is not in mixedCase
Variable PoolStorage._maxStableRateBorrowSizePercent (lib/aave-v3-core/contracts/protocol/pool/PoolStorage.sol#47) is not in mixedCase
Variable PoolStorage._reservesCount (lib/aave-v3-core/contracts/protocol/pool/PoolStorage.sol#50) is not in mixedCase
Variable IncentivizedERC20._userState (lib/aave-v3-core/contracts/protocol/tokenization/base/IncentivizedERC20.sol#52) is not in mixedCase
Variable IncentivizedERC20._totalSupply (lib/aave-v3-core/contracts/protocol/tokenization/base/IncentivizedERC20.sol#57) is not in mixedCase
Variable IncentivizedERC20._incentivesController (lib/aave-v3-core/contracts/protocol/tokenization/base/IncentivizedERC20.sol#61) is not in mixedCase
Variable IncentivizedERC20._addressesProvider (lib/aave-v3-core/contracts/protocol/tokenization/base/IncentivizedERC20.sol#62) is not in mixedCase
Variable IncentivizedERC20.POOL (lib/aave-v3-core/contracts/protocol/tokenization/base/IncentivizedERC20.sol#63) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
INFO:Detectors:
Redundant expression "this (lib/aave-v3-core/contracts/dependencies/openzeppelin/contracts/Context.sol#20)" inContext (lib/aave-v3-core/contracts/dependencies/openzeppelin/contracts/Context.sol#14-23)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#redundant-statements
INFO:Slither:0xf1cd4193bbc1ad4a23e833170f49d60f3d35a621 analyzed (46 contracts with 82 detectors), 189 result(s) found
Slither report for PoolConfigurator at `0xFDA7ffA872bDc906D43079EA134ebC9a511db0c2`
'solc --standard-json --allow-paths /home/runner/work/seatbelt-for-ghosts/seatbelt-for-ghosts/crytic-export/etherscan-contracts/0xfda7ffa872bdc906d43079ea134ebc9a511db0c2-PoolConfigurator' running
Warning: Warning: This declaration has the same name as another declaration.
--> @aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:23:15:
|
23 | constructor(address admin) {
| ^^^^^^^^^^^^^
Note: The other declaration is here:
--> @aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:39:3:
|
39 | function admin() external ifAdmin returns (address) {
| ^ (Relevant source part starts here and spans across multiple lines).
Warning: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
--> @aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol:11:1:
|
11 | contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
| ^ (Relevant source part starts here and spans across multiple lines).
Note: The payable fallback function is defined here.
--> @aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:17:3:
|
17 | fallback() external payable {
| ^ (Relevant source part starts here and spans across multiple lines).
Warning: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
--> @aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:16:1:
|
16 | contract BaseImmutableAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
| ^ (Relevant source part starts here and spans across multiple lines).
Note: The payable fallback function is defined here.
--> @aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:17:3:
|
17 | fallback() external payable {
| ^ (Relevant source part starts here and spans across multiple lines).
Warning: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
--> @aave/core-v3/contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol:13:1:
|
13 | contract InitializableImmutableAdminUpgradeabilityProxy is
| ^ (Relevant source part starts here and spans across multiple lines).
Note: The payable fallback function is defined here.
--> @aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:17:3:
|
17 | fallback() external payable {
| ^ (Relevant source part starts here and spans across multiple lines).
INFO:Detectors:
InitializableUpgradeabilityProxy.initialize(address,bytes) (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20-28) uses delegatecall to a input-controlled function id
- (success) = _logic.delegatecall(_data) (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#controlled-delegatecall
INFO:Detectors:
ConfiguratorLogic.executeUpdateAToken(IPool,ConfiguratorInputTypes.UpdateATokenInput) (@aave/core-v3/contracts/protocol/libraries/logic/ConfiguratorLogic.sol#129-152) ignores return value by (decimals) = cachedPool.getConfiguration(input.asset).getParams() (@aave/core-v3/contracts/protocol/libraries/logic/ConfiguratorLogic.sol#135)
ConfiguratorLogic.executeUpdateStableDebtToken(IPool,ConfiguratorInputTypes.UpdateDebtTokenInput) (@aave/core-v3/contracts/protocol/libraries/logic/ConfiguratorLogic.sol#160-190) ignores return value by (decimals) = cachedPool.getConfiguration(input.asset).getParams() (@aave/core-v3/contracts/protocol/libraries/logic/ConfiguratorLogic.sol#166)
ConfiguratorLogic.executeUpdateVariableDebtToken(IPool,ConfiguratorInputTypes.UpdateDebtTokenInput) (@aave/core-v3/contracts/protocol/libraries/logic/ConfiguratorLogic.sol#198-228) ignores return value by (decimals) = cachedPool.getConfiguration(input.asset).getParams() (@aave/core-v3/contracts/protocol/libraries/logic/ConfiguratorLogic.sol#204)
PoolConfigurator._checkNoSuppliers(address) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#495-501) ignores return value by (accruedToTreasury,totalATokens) = IPoolDataProvider(_addressesProvider.getPoolDataProvider()).getReserveData(asset) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#496-498)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unused-return
INFO:Detectors:
BaseImmutableAdminUpgradeabilityProxy.constructor(address).admin (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#23) shadows:
- BaseImmutableAdminUpgradeabilityProxy.admin() (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#39-41) (function)
InitializableImmutableAdminUpgradeabilityProxy.constructor(address).admin (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol#21) shadows:
- BaseImmutableAdminUpgradeabilityProxy.admin() (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#39-41) (function)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#local-variable-shadowing
INFO:Detectors:
InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) lacks a zero-check on :
- (success) = _logic.delegatecall(_data) (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
BaseImmutableAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes).newImplementation (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#69) lacks a zero-check on :
- (success) = newImplementation.delegatecall(data) (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#75)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-zero-address-validation
INFO:Detectors:
Modifier BaseImmutableAdminUpgradeabilityProxy.ifAdmin() (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#27-33) does not always execute _; or revertReference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-modifier
INFO:Detectors:
PoolConfigurator.setEModeCategory(uint8,uint16,uint16,uint16,address,string) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#341-392) has external calls inside a loop: currentConfig = _pool.getConfiguration(reserves[i]) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#371)
PoolConfigurator._onlyPoolOrEmergencyAdmin() (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#520-526) has external calls inside a loop: aclManager = IACLManager(_addressesProvider.getACLManager()) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#521)
PoolConfigurator._onlyPoolOrEmergencyAdmin() (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#520-526) has external calls inside a loop: require(bool,string)(aclManager.isPoolAdmin(msg.sender) || aclManager.isEmergencyAdmin(msg.sender),Errors.CALLER_NOT_POOL_OR_EMERGENCY_ADMIN) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#522-525)
PoolConfigurator.setReservePause(address,bool) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#237-242) has external calls inside a loop: currentConfig = _pool.getConfiguration(asset) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#238)
PoolConfigurator.setReservePause(address,bool) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#237-242) has external calls inside a loop: _pool.setConfiguration(asset,currentConfig) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#240)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation/#calls-inside-a-loop
INFO:Detectors:
Reentrancy in PoolConfigurator.configureReserveAsCollateral(address,uint256,uint256,uint256) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#138-177):
External calls:
- _pool.setConfiguration(asset,currentConfig) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#174)
Event emitted after the call(s):
- CollateralConfigurationChanged(asset,ltv,liquidationThreshold,liquidationBonus) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#176)
Reentrancy in PoolConfigurator.dropReserve(address) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#94-97):
External calls:
- _pool.dropReserve(asset) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#95)
Event emitted after the call(s):
- ReserveDropped(asset) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#96)
Reentrancy in ConfiguratorLogic.executeInitReserve(IPool,ConfiguratorInputTypes.InitReserveInput) (@aave/core-v3/contracts/protocol/libraries/logic/ConfiguratorLogic.sol#50-121):
External calls:
- aTokenProxyAddress = _initTokenWithProxy(input.aTokenImpl,abi.encodeWithSelector(IInitializableAToken.initialize.selector,pool,input.treasury,input.underlyingAsset,input.incentivesController,input.underlyingAssetDecimals,input.aTokenName,input.aTokenSymbol,input.params)) (@aave/core-v3/contracts/protocol/libraries/logic/ConfiguratorLogic.sol#53-66)
- proxy.initialize(implementation,initParams) (@aave/core-v3/contracts/protocol/libraries/logic/ConfiguratorLogic.sol#244)
- stableDebtTokenProxyAddress = _initTokenWithProxy(input.stableDebtTokenImpl,abi.encodeWithSelector(IInitializableDebtToken.initialize.selector,pool,input.underlyingAsset,input.incentivesController,input.underlyingAssetDecimals,input.stableDebtTokenName,input.stableDebtTokenSymbol,input.params)) (@aave/core-v3/contracts/protocol/libraries/logic/ConfiguratorLogic.sol#68-80)
- proxy.initialize(implementation,initParams) (@aave/core-v3/contracts/protocol/libraries/logic/ConfiguratorLogic.sol#244)
- variableDebtTokenProxyAddress = _initTokenWithProxy(input.variableDebtTokenImpl,abi.encodeWithSelector(IInitializableDebtToken.initialize.selector,pool,input.underlyingAsset,input.incentivesController,input.underlyingAssetDecimals,input.variableDebtTokenName,input.variableDebtTokenSymbol,input.params)) (@aave/core-v3/contracts/protocol/libraries/logic/ConfiguratorLogic.sol#82-94)
- proxy.initialize(implementation,initParams) (@aave/core-v3/contracts/protocol/libraries/logic/ConfiguratorLogic.sol#244)
- pool.initReserve(input.underlyingAsset,aTokenProxyAddress,stableDebtTokenProxyAddress,variableDebtTokenProxyAddress,input.interestRateStrategyAddress) (@aave/core-v3/contracts/protocol/libraries/logic/ConfiguratorLogic.sol#96-102)
- pool.setConfiguration(input.underlyingAsset,currentConfig) (@aave/core-v3/contracts/protocol/libraries/logic/ConfiguratorLogic.sol#112)
Event emitted after the call(s):
- ReserveInitialized(input.underlyingAsset,aTokenProxyAddress,stableDebtTokenProxyAddress,variableDebtTokenProxyAddress,input.interestRateStrategyAddress) (@aave/core-v3/contracts/protocol/libraries/logic/ConfiguratorLogic.sol#114-120)
Reentrancy in ConfiguratorLogic.executeUpdateAToken(IPool,ConfiguratorInputTypes.UpdateATokenInput) (@aave/core-v3/contracts/protocol/libraries/logic/ConfiguratorLogic.sol#129-152):
External calls:
- _upgradeTokenImplementation(reserveData.aTokenAddress,input.implementation,encodedCall) (@aave/core-v3/contracts/protocol/libraries/logic/ConfiguratorLogic.sol#149)
- proxy.upgradeToAndCall(implementation,initParams) (@aave/core-v3/contracts/protocol/libraries/logic/ConfiguratorLogic.sol#265)
Event emitted after the call(s):
- ATokenUpgraded(input.asset,reserveData.aTokenAddress,input.implementation) (@aave/core-v3/contracts/protocol/libraries/logic/ConfiguratorLogic.sol#151)
Reentrancy in ConfiguratorLogic.executeUpdateStableDebtToken(IPool,ConfiguratorInputTypes.UpdateDebtTokenInput) (@aave/core-v3/contracts/protocol/libraries/logic/ConfiguratorLogic.sol#160-190):
External calls:
- _upgradeTokenImplementation(reserveData.stableDebtTokenAddress,input.implementation,encodedCall) (@aave/core-v3/contracts/protocol/libraries/logic/ConfiguratorLogic.sol#179-183)
- proxy.upgradeToAndCall(implementation,initParams) (@aave/core-v3/contracts/protocol/libraries/logic/ConfiguratorLogic.sol#265)
Event emitted after the call(s):
- StableDebtTokenUpgraded(input.asset,reserveData.stableDebtTokenAddress,input.implementation) (@aave/core-v3/contracts/protocol/libraries/logic/ConfiguratorLogic.sol#185-189)
Reentrancy in ConfiguratorLogic.executeUpdateVariableDebtToken(IPool,ConfiguratorInputTypes.UpdateDebtTokenInput) (@aave/core-v3/contracts/protocol/libraries/logic/ConfiguratorLogic.sol#198-228):
External calls:
- _upgradeTokenImplementation(reserveData.variableDebtTokenAddress,input.implementation,encodedCall) (@aave/core-v3/contracts/protocol/libraries/logic/ConfiguratorLogic.sol#217-221)
- proxy.upgradeToAndCall(implementation,initParams) (@aave/core-v3/contracts/protocol/libraries/logic/ConfiguratorLogic.sol#265)
Event emitted after the call(s):
- VariableDebtTokenUpgraded(input.asset,reserveData.variableDebtTokenAddress,input.implementation) (@aave/core-v3/contracts/protocol/libraries/logic/ConfiguratorLogic.sol#223-227)
Reentrancy in PoolConfigurator.setAssetEModeCategory(address,uint8) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#395-413):
External calls:
- _pool.setConfiguration(asset,currentConfig) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#411)
Event emitted after the call(s):
- EModeAssetCategoryChanged(asset,uint8(oldCategoryId),newCategoryId) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#412)
Reentrancy in PoolConfigurator.setBorrowCap(address,uint256) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#301-311):
External calls:
- _pool.setConfiguration(asset,currentConfig) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#309)
Event emitted after the call(s):
- BorrowCapChanged(asset,oldBorrowCap,newBorrowCap) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#310)
Reentrancy in PoolConfigurator.setBorrowableInIsolation(address,bool) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#225-234):
External calls:
- _pool.setConfiguration(asset,currentConfig) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#232)
Event emitted after the call(s):
- BorrowableInIsolationChanged(asset,borrowable) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#233)
Reentrancy in PoolConfigurator.setDebtCeiling(address,uint256) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#259-278):
External calls:
- _pool.setConfiguration(asset,currentConfig) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#271)
- _pool.resetIsolationModeTotalDebt(asset) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#274)
Event emitted after the call(s):
- DebtCeilingChanged(asset,oldDebtCeiling,newDebtCeiling) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#277)
Reentrancy in PoolConfigurator.setEModeCategory(uint8,uint16,uint16,uint16,address,string) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#341-392):
External calls:
- _pool.configureEModeCategory(categoryId,DataTypes.EModeCategory(ltv,liquidationThreshold,liquidationBonus,oracle,label)) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#381-390)
Event emitted after the call(s):
- EModeCategoryAdded(categoryId,ltv,liquidationThreshold,liquidationBonus,oracle,label) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#391)
Reentrancy in PoolConfigurator.setLiquidationProtocolFee(address,uint256) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#327-338):
External calls:
- _pool.setConfiguration(asset,currentConfig) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#336)
Event emitted after the call(s):
- LiquidationProtocolFeeChanged(asset,oldFee,newFee) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#337)
Reentrancy in PoolConfigurator.setReserveActive(address,bool) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#208-214):
External calls:
- _pool.setConfiguration(asset,currentConfig) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#212)
Event emitted after the call(s):
- ReserveActive(asset,active) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#213)
Reentrancy in PoolConfigurator.setReserveBorrowing(address,bool) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#127-135):
External calls:
- _pool.setConfiguration(asset,currentConfig) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#133)
Event emitted after the call(s):
- ReserveBorrowing(asset,enabled) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#134)
Reentrancy in PoolConfigurator.setReserveFactor(address,uint256) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#245-256):
External calls:
- _pool.setConfiguration(asset,currentConfig) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#254)
Event emitted after the call(s):
- ReserveFactorChanged(asset,oldReserveFactor,newReserveFactor) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#255)
Reentrancy in PoolConfigurator.setReserveFlashLoaning(address,bool) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#195-205):
External calls:
- _pool.setConfiguration(asset,currentConfig) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#203)
Event emitted after the call(s):
- ReserveFlashLoaning(asset,enabled) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#204)
Reentrancy in PoolConfigurator.setReserveFreeze(address,bool) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#217-222):
External calls:
- _pool.setConfiguration(asset,currentConfig) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#220)
Event emitted after the call(s):
- ReserveFrozen(asset,freeze) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#221)
Reentrancy in PoolConfigurator.setReserveInterestRateStrategyAddress(address,address) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#429-438):
External calls:
- _pool.setReserveInterestRateStrategyAddress(asset,newRateStrategyAddress) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#436)
Event emitted after the call(s):
- ReserveInterestRateStrategyChanged(asset,oldRateStrategyAddress,newRateStrategyAddress) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#437)
Reentrancy in PoolConfigurator.setReservePause(address,bool) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#237-242):
External calls:
- _pool.setConfiguration(asset,currentConfig) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#240)
Event emitted after the call(s):
- ReservePaused(asset,paused) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#241)
Reentrancy in PoolConfigurator.setReserveStableRateBorrowing(address,bool) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#180-192):
External calls:
- _pool.setConfiguration(asset,currentConfig) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#190)
Event emitted after the call(s):
- ReserveStableRateBorrowing(asset,enabled) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#191)
Reentrancy in PoolConfigurator.setSiloedBorrowing(address,bool) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#281-298):
External calls:
- _pool.setConfiguration(asset,currentConfig) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#295)
Event emitted after the call(s):
- SiloedBorrowingChanged(asset,oldSiloed,newSiloed) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#297)
Reentrancy in PoolConfigurator.setSupplyCap(address,uint256) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#314-324):
External calls:
- _pool.setConfiguration(asset,currentConfig) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#322)
Event emitted after the call(s):
- SupplyCapChanged(asset,oldSupplyCap,newSupplyCap) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#323)
Reentrancy in PoolConfigurator.setUnbackedMintCap(address,uint256) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#416-426):
External calls:
- _pool.setConfiguration(asset,currentConfig) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#424)
Event emitted after the call(s):
- UnbackedMintCapChanged(asset,oldUnbackedMintCap,newUnbackedMintCap) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#425)
Reentrancy in PoolConfigurator.updateBridgeProtocolFee(uint256) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#452-460):
External calls:
- _pool.updateBridgeProtocolFee(newBridgeProtocolFee) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#458)
Event emitted after the call(s):
- BridgeProtocolFeeUpdated(oldBridgeProtocolFee,newBridgeProtocolFee) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#459)
Reentrancy in PoolConfigurator.updateFlashloanPremiumToProtocol(uint128) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#478-493):
External calls:
- _pool.updateFlashloanPremiums(_pool.FLASHLOAN_PREMIUM_TOTAL(),newFlashloanPremiumToProtocol) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#488)
Event emitted after the call(s):
- FlashloanPremiumToProtocolUpdated(oldFlashloanPremiumToProtocol,newFlashloanPremiumToProtocol) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#489-492)
Reentrancy in PoolConfigurator.updateFlashloanPremiumTotal(uint128) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#463-475):
External calls:
- _pool.updateFlashloanPremiums(newFlashloanPremiumTotal,_pool.FLASHLOAN_PREMIUM_TO_PROTOCOL()) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#473)
Event emitted after the call(s):
- FlashloanPremiumTotalUpdated(oldFlashloanPremiumTotal,newFlashloanPremiumTotal) (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#474)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-3
INFO:Detectors:
Address.isContract(address) (@aave/core-v3/contracts/dependencies/openzeppelin/contracts/Address.sol#25-36) uses assembly
- INLINE ASM (@aave/core-v3/contracts/dependencies/openzeppelin/contracts/Address.sol#32-34)
BaseUpgradeabilityProxy._implementation() (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#32-38) uses assembly
- INLINE ASM (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#35-37)
BaseUpgradeabilityProxy._setImplementation(address) (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#53-65) uses assembly
- INLINE ASM (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#62-64)
Proxy._delegate(address) (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/Proxy.sol#32-56) uses assembly
- INLINE ASM (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/Proxy.sol#34-55)
VersionedInitializable.isConstructor() (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/VersionedInitializable.sol#61-73) uses assembly
- INLINE ASM (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/VersionedInitializable.sol#69-71)
PercentageMath.percentMul(uint256,uint256) (@aave/core-v3/contracts/protocol/libraries/math/PercentageMath.sol#25-39) uses assembly
- INLINE ASM (@aave/core-v3/contracts/protocol/libraries/math/PercentageMath.sol#27-38)
PercentageMath.percentDiv(uint256,uint256) (@aave/core-v3/contracts/protocol/libraries/math/PercentageMath.sol#48-60) uses assembly
- INLINE ASM (@aave/core-v3/contracts/protocol/libraries/math/PercentageMath.sol#50-59)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage
INFO:Detectors:
Address.sendValue(address,uint256) (@aave/core-v3/contracts/dependencies/openzeppelin/contracts/Address.sol#54-60) is never used and should be removed
PercentageMath.percentDiv(uint256,uint256) (@aave/core-v3/contracts/protocol/libraries/math/PercentageMath.sol#48-60) is never used and should be removed
ReserveConfiguration.getActive(DataTypes.ReserveConfigurationMap) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#189-191) is never used and should be removed
ReserveConfiguration.getBorrowableInIsolation(DataTypes.ReserveConfigurationMap) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#260-266) is never used and should be removed
ReserveConfiguration.getCaps(DataTypes.ReserveConfigurationMap) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#648-659) is never used and should be removed
ReserveConfiguration.getDecimals(DataTypes.ReserveConfigurationMap) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#165-171) is never used and should be removed
ReserveConfiguration.getFlags(DataTypes.ReserveConfigurationMap) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#586-606) is never used and should be removed
ReserveConfiguration.getFlashLoanEnabled(DataTypes.ReserveConfigurationMap) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#569-575) is never used and should be removed
ReserveConfiguration.getFrozen(DataTypes.ReserveConfigurationMap) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#209-211) is never used and should be removed
ReserveConfiguration.getLiquidationBonus(DataTypes.ReserveConfigurationMap) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#138-144) is never used and should be removed
ReserveConfiguration.getPaused(DataTypes.ReserveConfigurationMap) (@aave/core-v3/contracts/protocol/libraries/configuration/ReserveConfiguration.sol#229-231) is never used and should be removed
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dead-code
INFO:Detectors:
Low level call in Address.sendValue(address,uint256) (@aave/core-v3/contracts/dependencies/openzeppelin/contracts/Address.sol#54-60):
- (success) = recipient.call{value: amount}() (@aave/core-v3/contracts/dependencies/openzeppelin/contracts/Address.sol#58)
Low level call in InitializableUpgradeabilityProxy.initialize(address,bytes) (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20-28):
- (success) = _logic.delegatecall(_data) (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
Low level call in BaseImmutableAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes) (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#69-77):
- (success) = newImplementation.delegatecall(data) (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#75)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls
INFO:Detectors:
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) is not in mixedCase
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._data (@aave/core-v3/contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) is not in mixedCase
Function IACLManager.ADDRESSES_PROVIDER() (@aave/core-v3/contracts/interfaces/IACLManager.sol#16) is not in mixedCase
Function IACLManager.POOL_ADMIN_ROLE() (@aave/core-v3/contracts/interfaces/IACLManager.sol#22) is not in mixedCase
Function IACLManager.EMERGENCY_ADMIN_ROLE() (@aave/core-v3/contracts/interfaces/IACLManager.sol#28) is not in mixedCase
Function IACLManager.RISK_ADMIN_ROLE() (@aave/core-v3/contracts/interfaces/IACLManager.sol#34) is not in mixedCase
Function IACLManager.FLASH_BORROWER_ROLE() (@aave/core-v3/contracts/interfaces/IACLManager.sol#40) is not in mixedCase
Function IACLManager.BRIDGE_ROLE() (@aave/core-v3/contracts/interfaces/IACLManager.sol#46) is not in mixedCase
Function IACLManager.ASSET_LISTING_ADMIN_ROLE() (@aave/core-v3/contracts/interfaces/IACLManager.sol#52) is not in mixedCase
Function IPool.ADDRESSES_PROVIDER() (@aave/core-v3/contracts/interfaces/IPool.sol#630) is not in mixedCase
Function IPool.MAX_STABLE_RATE_BORROW_SIZE_PERCENT() (@aave/core-v3/contracts/interfaces/IPool.sol#693) is not in mixedCase
Function IPool.FLASHLOAN_PREMIUM_TOTAL() (@aave/core-v3/contracts/interfaces/IPool.sol#699) is not in mixedCase
Function IPool.BRIDGE_PROTOCOL_FEE() (@aave/core-v3/contracts/interfaces/IPool.sol#705) is not in mixedCase
Function IPool.FLASHLOAN_PREMIUM_TO_PROTOCOL() (@aave/core-v3/contracts/interfaces/IPool.sol#711) is not in mixedCase
Function IPool.MAX_NUMBER_RESERVES() (@aave/core-v3/contracts/interfaces/IPool.sol#717) is not in mixedCase
Function IPoolDataProvider.ADDRESSES_PROVIDER() (@aave/core-v3/contracts/interfaces/IPoolDataProvider.sol#21) is not in mixedCase
Variable BaseImmutableAdminUpgradeabilityProxy._admin (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#17) is not in mixedCase
Variable VersionedInitializable.______gap (@aave/core-v3/contracts/protocol/libraries/aave-upgradeability/VersionedInitializable.sol#76) is not in mixedCase
Variable PoolConfigurator._addressesProvider (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#26) is not in mixedCase
Variable PoolConfigurator._pool (@aave/core-v3/contracts/protocol/pool/PoolConfigurator.sol#27) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
INFO:Slither:0xfda7ffa872bdc906d43079ea134ebc9a511db0c2 analyzed (22 contracts with 82 detectors), 82 result(s) found