Skip to content

Instantly share code, notes, and snippets.

@maxsam4

maxsam4/index-finance-slither Secret

Created October 31, 2020 11:44
Show Gist options
  • Save maxsam4/f6d0a55e41721512bafb917040201f7e to your computer and use it in GitHub Desktop.
Save maxsam4/f6d0a55e41721512bafb917040201f7e to your computer and use it in GitHub Desktop.
Download ZIP
Raw
index-finance-slither
'npx buidler compile' running
All contracts have already been compiled, skipping compilation.
ERROR:ContractSolcParsing:Missing inheritance <slither.solc_parsing.declarations.contract.ContractSolc object at 0x7f1b6ce37f98>
ERROR:ConvertToIR:Function not found getFreeTokens(address,uint256)
ERROR:ContractSolcParsing:Impossible to generate IR for MockTokenMarketDeployer.addLiquidity
ERROR:ConvertToIR:Function not found getFreeTokens(address,uint256)
ERROR:ContractSolcParsing:Impossible to generate IR for MockTokenMarketDeployer.deployPoolMarketWithLiquidity
ERROR:ConvertToIR:Function not found getFreeTokens(address,uint256)
ERROR:ContractSolcParsing:Impossible to generate IR for MockTokenMarketDeployer.addPoolMarketLiquidity
ERROR:ConvertToIR:Function not found getFreeTokens(address,uint256)
ERROR:ContractSolcParsing:Impossible to generate IR for MockTokenMarketDeployer.mintPoolTokens
INFO:Detectors:
IERC20 is re-used:
- contracts/interfaces/IERC20.sol#3-17
- contracts/balancer/BToken.sol#8-27
SafeMath is re-used:
- contracts/openzeppelin/SafeMath.sol#18-159
- contracts/lib/SafeMath.sol#5-17
MockERC20 (contracts/mocks/MockERC20.sol#5-29) inherits from a contract for which the name is reused.
- Slither could not determine which contract has a duplicate name:
-BaseERC20 (contracts/openzeppelin/BaseERC20.sol#32-272)
- Check if:
- A inherited contract is missing from this list,
- The contract are imported from the correct files.
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#name-reused
INFO:Detectors:
BaseERC20._totalSupply (contracts/openzeppelin/BaseERC20.sol#39) is never initialized. It is used in:
- BaseERC20.totalSupply() (contracts/openzeppelin/BaseERC20.sol#95-97)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#uninitialized-state-variables
INFO:Detectors:
PoolController.reindexPool(uint256,uint256) (contracts/PoolController.sol#126-156) performs a multiplication on the result of a division:
-minimumBalances[i] = prices[i].reciprocal().mul(totalValue / 25).decode144() (contracts/PoolController.sol#148-150)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#divide-before-multiply
INFO:Detectors:
BPool._pullUnderlying(address,address,uint256) (contracts/balancer/BPool.sol#1086-1098) uses a dangerous strict equality:
- require(bool,string)(success && (data.length == 0 || abi.decode(data,(bool))),ERR_ERC20_FALSE) (contracts/balancer/BPool.sol#1094-1097)
BPool._pushUnderlying(address,address,uint256) (contracts/balancer/BPool.sol#1100-1112) uses a dangerous strict equality:
- require(bool,string)(success && (data.length == 0 || abi.decode(data,(bool))),ERR_ERC20_FALSE) (contracts/balancer/BPool.sol#1108-1111)
BNum.bdiv(uint256,uint256) (contracts/balancer/BNum.sol#49-57) uses a dangerous strict equality:
- require(bool,string)(a == 0 || c0 / a == BONE,ERR_DIV_INTERNAL) (contracts/balancer/BNum.sol#52)
BNum.bmul(uint256,uint256) (contracts/balancer/BNum.sol#40-47) uses a dangerous strict equality:
- require(bool,string)(a == 0 || c0 / a == b,ERR_MUL_OVERFLOW) (contracts/balancer/BNum.sol#42)
BNum.bpow(uint256,uint256) (contracts/balancer/BNum.sol#76-91) uses a dangerous strict equality:
- remain == 0 (contracts/balancer/BNum.sol#85)
BNum.bpowApprox(uint256,uint256,uint256) (contracts/balancer/BNum.sol#93-126) uses a dangerous strict equality:
- term == 0 (contracts/balancer/BNum.sol#114)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dangerous-strict-equalities
INFO:Detectors:
Reentrancy in BaseERC20._transfer(address,address,uint256) (contracts/openzeppelin/BaseERC20.sol#214-223):
External calls:
- _balances[sender] = _balances[sender].sub(amount,ERC20: transfer amount exceeds balance) (contracts/openzeppelin/BaseERC20.sol#220)
State variables written after the call(s):
- _balances[recipient] = _balances[recipient].add(amount) (contracts/openzeppelin/BaseERC20.sol#221)
Reentrancy in BPool.exitswapExternAmountOut(address,uint256,uint256) (contracts/balancer/BPool.sol#503-543):
External calls:
- _decreaseDenorm(outRecord,tokenOut) (contracts/balancer/BPool.sol#531)
- (success,data) = erc20.call(abi.encodeWithSelector(TRANSFER_SELECTOR,to,amount)) (contracts/balancer/BPool.sol#1105-1107)
State variables written after the call(s):
- _burnPoolShare(bsub(poolAmountIn,exitFee)) (contracts/balancer/BPool.sol#538)
- _totalSupply = bsub(_totalSupply,amt) (contracts/balancer/BToken.sol#47)
Reentrancy in BPool.exitswapPoolAmountIn(address,uint256,uint256) (contracts/balancer/BPool.sol#455-494):
External calls:
- _decreaseDenorm(outRecord,tokenOut) (contracts/balancer/BPool.sol#483)
- (success,data) = erc20.call(abi.encodeWithSelector(TRANSFER_SELECTOR,to,amount)) (contracts/balancer/BPool.sol#1105-1107)
State variables written after the call(s):
- _burnPoolShare(bsub(poolAmountIn,exitFee)) (contracts/balancer/BPool.sol#489)
- _totalSupply = bsub(_totalSupply,amt) (contracts/balancer/BToken.sol#47)
Reentrancy in BPool.flashBorrow(IFlashLoanRecipient,address,uint256,bytes) (contracts/balancer/BPool.sol#583-617):
External calls:
- _pushUnderlying(token,address(recipient),amount) (contracts/balancer/BPool.sol#596)
- (success,data) = erc20.call(abi.encodeWithSelector(TRANSFER_SELECTOR,to,amount)) (contracts/balancer/BPool.sol#1105-1107)
- recipient.receiveFlashLoan(data) (contracts/balancer/BPool.sol#597)
State variables written after the call(s):
- _records[token].balance = balEnd (contracts/balancer/BPool.sol#605)
- _records[token].ready = true (contracts/balancer/BPool.sol#612)
- _records[token].denorm = uint96(MIN_WEIGHT) (contracts/balancer/BPool.sol#613)
Reentrancy in PoolController.reindexPool(uint256,uint256) (contracts/PoolController.sol#126-156):
External calls:
- BPool(poolAddress).reindexTokens(tokens,denormalizedWeights,minimumBalances) (contracts/PoolController.sol#153)
State variables written after the call(s):
- _poolUpdateRecords[poolAddress] = record (contracts/PoolController.sol#155)
Reentrancy in PoolController.reweighPool(address) (contracts/PoolController.sol#162-183):
External calls:
- BPool(poolAddress).reweighTokens(tokens,denormalizedWeights) (contracts/PoolController.sol#180)
State variables written after the call(s):
- _poolUpdateRecords[poolAddress] = record (contracts/PoolController.sol#182)
Reentrancy in BPool.swapExactAmountIn(address,uint256,address,uint256,uint256) (contracts/balancer/BPool.sol#626-695):
External calls:
- _decreaseDenorm(outRecord,tokenOut) (contracts/balancer/BPool.sol#668)
- (success,data) = erc20.call(abi.encodeWithSelector(TRANSFER_SELECTOR,to,amount)) (contracts/balancer/BPool.sol#1105-1107)
State variables written after the call(s):
- _records[tokenOut].balance = outRecord.balance (contracts/balancer/BPool.sol#672)
Reentrancy in BPool.swapExactAmountOut(address,uint256,address,uint256,uint256) (contracts/balancer/BPool.sol#703-772):
External calls:
- _decreaseDenorm(outRecord,tokenOut) (contracts/balancer/BPool.sol#745)
- (success,data) = erc20.call(abi.encodeWithSelector(TRANSFER_SELECTOR,to,amount)) (contracts/balancer/BPool.sol#1105-1107)
State variables written after the call(s):
- _records[tokenOut].balance = outRecord.balance (contracts/balancer/BPool.sol#749)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-1
INFO:Detectors:
FixedPoint.mul(FixedPoint.uq112x112,uint256).z (contracts/lib/FixedPoint.sol#44) is a local variable never initialized
UniswapV2Library.getAmountsOut(address,uint256,address[]).i (contracts/lib/UniswapV2Library.sol#135) is a local variable never initialized
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#uninitialized-local-variables
INFO:Detectors:
PoolController.deployIndexPool(uint256,uint256,string,string,uint256) (contracts/PoolController.sol#85-120) ignores return value by IERC20(tokens[i]).approve(bpoolAddress,balances[i]) (contracts/PoolController.sol#110)
MockTokenMarketDeployer.deployTokenAndMarketWithLiquidity(string,string,uint256,uint256) (contracts/mocks/MockTokenMarketDeployer.sol#54-64) ignores return value by factory.createPair(address(token),address(weth)) (contracts/mocks/MockTokenMarketDeployer.sol#62)
MockTokenMarketDeployer.deployPoolMarketWithLiquidity(BPool,uint256,uint256) (contracts/mocks/MockTokenMarketDeployer.sol#87-98) ignores return value by factory.createPair(address(pool),address(weth)) (contracts/mocks/MockTokenMarketDeployer.sol#93)
MockTokenMarketDeployer.deployPoolMarketWithLiquidity(BPool,uint256,uint256) (contracts/mocks/MockTokenMarketDeployer.sol#87-98) ignores return value by pool.approve(address(router),amountPool) (contracts/mocks/MockTokenMarketDeployer.sol#95)
MockTokenMarketDeployer.addPoolMarketLiquidity(BPool,uint256,uint256) (contracts/mocks/MockTokenMarketDeployer.sol#100-119) ignores return value by pool.approve(address(router),amountPool) (contracts/mocks/MockTokenMarketDeployer.sol#106)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unused-return
INFO:Detectors:
MarketOracle.constructor(address,address,address)._uniswapFactory (contracts/MarketOracle.sol#37) shadows:
- UniSwapV2PriceOracle._uniswapFactory (contracts/UniSwapV2PriceOracle.sol#37) (state variable)
MarketOracle.constructor(address,address,address)._weth (contracts/MarketOracle.sol#38) shadows:
- UniSwapV2PriceOracle._weth (contracts/UniSwapV2PriceOracle.sol#40) (state variable)
BPool.initialize(address,string,string,address[],uint256[],uint96[]).name (contracts/balancer/BPool.sol#121) shadows:
- BToken.name() (contracts/balancer/BToken.sol#88-90) (function)
BPool.initialize(address,string,string,address[],uint256[],uint96[]).symbol (contracts/balancer/BPool.sol#122) shadows:
- BToken.symbol() (contracts/balancer/BToken.sol#92-94) (function)
BToken._initializeToken(string,string).name (contracts/balancer/BToken.sol#77) shadows:
- BToken.name() (contracts/balancer/BToken.sol#88-90) (function)
BToken._initializeToken(string,string).symbol (contracts/balancer/BToken.sol#77) shadows:
- BToken.symbol() (contracts/balancer/BToken.sol#92-94) (function)
BaseERC20.constructor(string,string).name (contracts/openzeppelin/BaseERC20.sol#54) shadows:
- BaseERC20.name() (contracts/openzeppelin/BaseERC20.sol#63-65) (function)
BaseERC20.constructor(string,string).symbol (contracts/openzeppelin/BaseERC20.sol#54) shadows:
- BaseERC20.symbol() (contracts/openzeppelin/BaseERC20.sol#71-73) (function)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#local-variable-shadowing
INFO:Detectors:
PoolController.deployIndexPool(uint256,uint256,string,string,uint256) (contracts/PoolController.sol#85-120) has external calls inside a loop: IERC20(tokens[i]).approve(bpoolAddress,balances[i]) (contracts/PoolController.sol#110)
IndexLibrary.computePoolValue(address,address[],FixedPoint.uq112x112[]) (contracts/lib/IndexLibrary.sol#95-106) has external calls inside a loop: balance = token.balanceOf(poolAddress) (contracts/lib/IndexLibrary.sol#103)
MockTokenMarketDeployer.computePoolValue(MarketOracle,BPool) (contracts/mocks/MockTokenMarketDeployer.sol#39-52) has external calls inside a loop: bal = pool.getBalance(token) (contracts/mocks/MockTokenMarketDeployer.sol#47)
MockTokenMarketDeployer.computePoolValue(MarketOracle,BPool) (contracts/mocks/MockTokenMarketDeployer.sol#39-52) has external calls inside a loop: balValue = oracle.computeAverageAmountOut(token,bal) (contracts/mocks/MockTokenMarketDeployer.sol#48)
MockTokenMarketDeployer.testMintPoolTokens(BPool,uint256) (contracts/mocks/MockTokenMarketDeployer.sol#121-138) has external calls inside a loop: usedBalance = pool.getUsedBalance(token) (contracts/mocks/MockTokenMarketDeployer.sol#133)
MockTokenMarketDeployer.mintPoolTokens(BPool,uint256) (contracts/mocks/MockTokenMarketDeployer.sol#140-160) has external calls inside a loop: usedBalance = pool.getUsedBalance(token) (contracts/mocks/MockTokenMarketDeployer.sol#150)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation/#calls-inside-a-loop
INFO:Detectors:
Reentrancy in BPool.exitswapExternAmountOut(address,uint256,uint256) (contracts/balancer/BPool.sol#503-543):
External calls:
- _decreaseDenorm(outRecord,tokenOut) (contracts/balancer/BPool.sol#531)
- (success,data) = erc20.call(abi.encodeWithSelector(TRANSFER_SELECTOR,to,amount)) (contracts/balancer/BPool.sol#1105-1107)
State variables written after the call(s):
- _pullPoolShare(msg.sender,poolAmountIn) (contracts/balancer/BPool.sol#537)
- _balance[src] = bsub(_balance[src],amt) (contracts/balancer/BToken.sol#57)
- _balance[dst] = badd(_balance[dst],amt) (contracts/balancer/BToken.sol#58)
- _burnPoolShare(bsub(poolAmountIn,exitFee)) (contracts/balancer/BPool.sol#538)
- _balance[address(this)] = bsub(_balance[address(this)],amt) (contracts/balancer/BToken.sol#46)
- _pushPoolShare(_controller,exitFee) (contracts/balancer/BPool.sol#539)
- _balance[src] = bsub(_balance[src],amt) (contracts/balancer/BToken.sol#57)
- _balance[dst] = badd(_balance[dst],amt) (contracts/balancer/BToken.sol#58)
Reentrancy in BPool.exitswapPoolAmountIn(address,uint256,uint256) (contracts/balancer/BPool.sol#455-494):
External calls:
- _decreaseDenorm(outRecord,tokenOut) (contracts/balancer/BPool.sol#483)
- (success,data) = erc20.call(abi.encodeWithSelector(TRANSFER_SELECTOR,to,amount)) (contracts/balancer/BPool.sol#1105-1107)
State variables written after the call(s):
- _pullPoolShare(msg.sender,poolAmountIn) (contracts/balancer/BPool.sol#488)
- _balance[src] = bsub(_balance[src],amt) (contracts/balancer/BToken.sol#57)
- _balance[dst] = badd(_balance[dst],amt) (contracts/balancer/BToken.sol#58)
- _burnPoolShare(bsub(poolAmountIn,exitFee)) (contracts/balancer/BPool.sol#489)
- _balance[address(this)] = bsub(_balance[address(this)],amt) (contracts/balancer/BToken.sol#46)
- _pushPoolShare(_controller,exitFee) (contracts/balancer/BPool.sol#490)
- _balance[src] = bsub(_balance[src],amt) (contracts/balancer/BToken.sol#57)
- _balance[dst] = badd(_balance[dst],amt) (contracts/balancer/BToken.sol#58)
Reentrancy in BPool.flashBorrow(IFlashLoanRecipient,address,uint256,bytes) (contracts/balancer/BPool.sol#583-617):
External calls:
- _pushUnderlying(token,address(recipient),amount) (contracts/balancer/BPool.sol#596)
- (success,data) = erc20.call(abi.encodeWithSelector(TRANSFER_SELECTOR,to,amount)) (contracts/balancer/BPool.sol#1105-1107)
- recipient.receiveFlashLoan(data) (contracts/balancer/BPool.sol#597)
State variables written after the call(s):
- _minimumBalances[token] = 0 (contracts/balancer/BPool.sol#611)
- _totalWeight = badd(_totalWeight,MIN_WEIGHT) (contracts/balancer/BPool.sol#614)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-2
INFO:Detectors:
Reentrancy in BaseERC20._transfer(address,address,uint256) (contracts/openzeppelin/BaseERC20.sol#214-223):
External calls:
- _balances[sender] = _balances[sender].sub(amount,ERC20: transfer amount exceeds balance) (contracts/openzeppelin/BaseERC20.sol#220)
Event emitted after the call(s):
- Transfer(sender,recipient,amount) (contracts/openzeppelin/BaseERC20.sol#222)
Reentrancy in BPool._unbind(address) (contracts/balancer/BPool.sol#1159-1186):
External calls:
- _pushUnderlying(token,_controller,tokenBalance) (contracts/balancer/BPool.sol#1184)
- (success,data) = erc20.call(abi.encodeWithSelector(TRANSFER_SELECTOR,to,amount)) (contracts/balancer/BPool.sol#1105-1107)
Event emitted after the call(s):
- LOG_TOKEN_REMOVED(token) (contracts/balancer/BPool.sol#1185)
Reentrancy in BPool.exitswapExternAmountOut(address,uint256,uint256) (contracts/balancer/BPool.sol#503-543):
External calls:
- _decreaseDenorm(outRecord,tokenOut) (contracts/balancer/BPool.sol#531)
- (success,data) = erc20.call(abi.encodeWithSelector(TRANSFER_SELECTOR,to,amount)) (contracts/balancer/BPool.sol#1105-1107)
Event emitted after the call(s):
- LOG_EXIT(msg.sender,tokenOut,tokenAmountOut) (contracts/balancer/BPool.sol#535)
- Transfer(src,dst,amt) (contracts/balancer/BToken.sol#59)
- _pushPoolShare(_controller,exitFee) (contracts/balancer/BPool.sol#539)
- Transfer(address(this),address(0),amt) (contracts/balancer/BToken.sol#48)
- _burnPoolShare(bsub(poolAmountIn,exitFee)) (contracts/balancer/BPool.sol#538)
- Transfer(src,dst,amt) (contracts/balancer/BToken.sol#59)
- _pullPoolShare(msg.sender,poolAmountIn) (contracts/balancer/BPool.sol#537)
Reentrancy in BPool.exitswapPoolAmountIn(address,uint256,uint256) (contracts/balancer/BPool.sol#455-494):
External calls:
- _decreaseDenorm(outRecord,tokenOut) (contracts/balancer/BPool.sol#483)
- (success,data) = erc20.call(abi.encodeWithSelector(TRANSFER_SELECTOR,to,amount)) (contracts/balancer/BPool.sol#1105-1107)
Event emitted after the call(s):
- LOG_EXIT(msg.sender,tokenOut,tokenAmountOut) (contracts/balancer/BPool.sol#486)
- Transfer(src,dst,amt) (contracts/balancer/BToken.sol#59)
- _pushPoolShare(_controller,exitFee) (contracts/balancer/BPool.sol#490)
- Transfer(address(this),address(0),amt) (contracts/balancer/BToken.sol#48)
- _burnPoolShare(bsub(poolAmountIn,exitFee)) (contracts/balancer/BPool.sol#489)
- Transfer(src,dst,amt) (contracts/balancer/BToken.sol#59)
- _pullPoolShare(msg.sender,poolAmountIn) (contracts/balancer/BPool.sol#488)
Reentrancy in BPool.swapExactAmountIn(address,uint256,address,uint256,uint256) (contracts/balancer/BPool.sol#626-695):
External calls:
- _decreaseDenorm(outRecord,tokenOut) (contracts/balancer/BPool.sol#668)
- (success,data) = erc20.call(abi.encodeWithSelector(TRANSFER_SELECTOR,to,amount)) (contracts/balancer/BPool.sol#1105-1107)
Event emitted after the call(s):
- LOG_SWAP(msg.sender,tokenIn,tokenOut,tokenAmountIn,tokenAmountOut) (contracts/balancer/BPool.sol#689)
Reentrancy in BPool.swapExactAmountOut(address,uint256,address,uint256,uint256) (contracts/balancer/BPool.sol#703-772):
External calls:
- _decreaseDenorm(outRecord,tokenOut) (contracts/balancer/BPool.sol#745)
- (success,data) = erc20.call(abi.encodeWithSelector(TRANSFER_SELECTOR,to,amount)) (contracts/balancer/BPool.sol#1105-1107)
Event emitted after the call(s):
- LOG_SWAP(msg.sender,tokenIn,tokenOut,tokenAmountIn,tokenAmountOut) (contracts/balancer/BPool.sol#766)
Reentrancy in BaseERC20.transferFrom(address,address,uint256) (contracts/openzeppelin/BaseERC20.sol#150-158):
External calls:
- _transfer(sender,recipient,amount) (contracts/openzeppelin/BaseERC20.sol#151)
- _balances[sender] = _balances[sender].sub(amount,ERC20: transfer amount exceeds balance) (contracts/openzeppelin/BaseERC20.sol#220)
- _approve(sender,msg.sender,_allowances[sender][msg.sender].sub(amount,ERC20: transfer amount exceeds allowance)) (contracts/openzeppelin/BaseERC20.sol#152-156)
Event emitted after the call(s):
- Approval(owner,spender,amount) (contracts/openzeppelin/BaseERC20.sol#243)
- _approve(sender,msg.sender,_allowances[sender][msg.sender].sub(amount,ERC20: transfer amount exceeds allowance)) (contracts/openzeppelin/BaseERC20.sol#152-156)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-3
INFO:Detectors:
MarketOracle.getTopCategoryTokens(uint256,uint256) (contracts/MarketOracle.sol#94-114) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(now - lastCategoryUpdate[categoryID] <= MAX_SORT_DELAY,ERR_CATEGORY_NOT_READY) (contracts/MarketOracle.sol#108-111)
PoolController.reindexPool(uint256,uint256) (contracts/PoolController.sol#126-156) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)((record.index ++ % (REWEIGHS_BEFORE_REINDEX + 1)) == REWEIGHS_BEFORE_REINDEX,ERR_REWEIGH_INDEX) (contracts/PoolController.sol#130-133)
- require(bool,string)(now - record.timestamp >= POOL_REWEIGH_DELAY,ERR_POOL_REWEIGH_DELAY) (contracts/PoolController.sol#134-137)
PoolController.reweighPool(address) (contracts/PoolController.sol#162-183) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)((record.index ++ % (REWEIGHS_BEFORE_REINDEX + 1)) != REWEIGHS_BEFORE_REINDEX,ERR_REWEIGH_INDEX) (contracts/PoolController.sol#165-168)
- require(bool,string)(now - record.timestamp >= POOL_REWEIGH_DELAY,ERR_POOL_REWEIGH_DELAY) (contracts/PoolController.sol#169-172)
BPool.initialize(address,string,string,address[],uint256[],uint96[]) (contracts/balancer/BPool.sol#119-166) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(totalWeight <= MAX_TOTAL_WEIGHT,ERR_MAX_TOTAL_WEIGHT) (contracts/balancer/BPool.sol#161)
BPool.unbind(address) (contracts/balancer/BPool.sol#278-282) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(_records[token].bound,ERR_NOT_BOUND) (contracts/balancer/BPool.sol#279)
BPool.joinPool(uint256,uint256[]) (contracts/balancer/BPool.sol#292-313) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(ratio != 0,ERR_MATH_APPROX) (contracts/balancer/BPool.sol#299)
- require(bool,string)(tokenAmountIn != 0,ERR_MATH_APPROX) (contracts/balancer/BPool.sol#305)
- require(bool,string)(tokenAmountIn <= maxAmountsIn[i],ERR_LIMIT_IN) (contracts/balancer/BPool.sol#306)
BPool.joinswapExternAmountIn(address,uint256,uint256) (contracts/balancer/BPool.sol#322-361) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(tokenAmountIn <= bmul(inRecord.balance,MAX_IN_RATIO),ERR_MAX_IN_RATIO) (contracts/balancer/BPool.sol#336-339)
- require(bool,string)(poolAmountOut >= minPoolAmountOut,ERR_LIMIT_OUT) (contracts/balancer/BPool.sol#350)
BPool.joinswapPoolAmountOut(address,uint256,uint256) (contracts/balancer/BPool.sol#369-407) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(tokenAmountIn != 0,ERR_MATH_APPROX) (contracts/balancer/BPool.sol#390)
- require(bool,string)(tokenAmountIn <= maxAmountIn,ERR_LIMIT_IN) (contracts/balancer/BPool.sol#391)
- require(bool,string)(tokenAmountIn <= bmul(inRecord.balance,MAX_IN_RATIO),ERR_MAX_IN_RATIO) (contracts/balancer/BPool.sol#393-396)
BPool.exitPool(uint256,uint256[]) (contracts/balancer/BPool.sol#416-446) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(ratio != 0,ERR_MATH_APPROX) (contracts/balancer/BPool.sol#424)
- require(bool,string)(tokenAmountOut != 0,ERR_MATH_APPROX) (contracts/balancer/BPool.sol#435)
- require(bool,string)(tokenAmountOut >= minAmountsOut[i],ERR_LIMIT_OUT) (contracts/balancer/BPool.sol#436)
BPool.exitswapPoolAmountIn(address,uint256,uint256) (contracts/balancer/BPool.sol#455-494) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(tokenAmountOut >= minAmountOut,ERR_LIMIT_OUT) (contracts/balancer/BPool.sol#475)
- require(bool,string)(tokenAmountOut <= bmul(outRecord.balance,MAX_OUT_RATIO),ERR_MAX_OUT_RATIO) (contracts/balancer/BPool.sol#477-480)
BPool.exitswapExternAmountOut(address,uint256,uint256) (contracts/balancer/BPool.sol#503-543) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(tokenAmountOut <= bmul(outRecord.balance,MAX_OUT_RATIO),ERR_MAX_OUT_RATIO) (contracts/balancer/BPool.sol#513-516)
- require(bool,string)(poolAmountIn != 0,ERR_MATH_APPROX) (contracts/balancer/BPool.sol#527)
- require(bool,string)(poolAmountIn <= maxPoolAmountIn,ERR_LIMIT_IN) (contracts/balancer/BPool.sol#528)
BPool.flashBorrow(IFlashLoanRecipient,address,uint256,bytes) (contracts/balancer/BPool.sol#583-617) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(balEnd > balStart && fee >= gained,ERR_INSUFFICIENT_PAYMENT) (contracts/balancer/BPool.sol#601-604)
BPool.swapExactAmountIn(address,uint256,address,uint256,uint256) (contracts/balancer/BPool.sol#626-695) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(tokenAmountIn <= bmul(inRecord.balance,MAX_IN_RATIO),ERR_MAX_IN_RATIO) (contracts/balancer/BPool.sol#641-644)
- require(bool,string)(spotPriceBefore <= maxPrice,ERR_BAD_LIMIT_PRICE) (contracts/balancer/BPool.sol#653)
- require(bool,string)(tokenAmountOut >= minAmountOut,ERR_LIMIT_OUT) (contracts/balancer/BPool.sol#664)
- require(bool,string)(spotPriceAfter >= spotPriceBefore,ERR_MATH_APPROX) (contracts/balancer/BPool.sol#682)
- require(bool,string)(spotPriceAfter <= maxPrice,ERR_LIMIT_PRICE) (contracts/balancer/BPool.sol#683)
- require(bool,string)(spotPriceBefore <= bdiv(tokenAmountIn,tokenAmountOut),ERR_MATH_APPROX) (contracts/balancer/BPool.sol#684-687)
BPool.swapExactAmountOut(address,uint256,address,uint256,uint256) (contracts/balancer/BPool.sol#703-772) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(tokenAmountOut <= bmul(outRecord.balance,MAX_OUT_RATIO),ERR_MAX_OUT_RATIO) (contracts/balancer/BPool.sol#718-721)
- require(bool,string)(spotPriceBefore <= maxPrice,ERR_BAD_LIMIT_PRICE) (contracts/balancer/BPool.sol#730)
- require(bool,string)(tokenAmountIn <= maxAmountIn,ERR_LIMIT_IN) (contracts/balancer/BPool.sol#741)
- require(bool,string)(spotPriceAfter >= spotPriceBefore,ERR_MATH_APPROX) (contracts/balancer/BPool.sol#759)
- require(bool,string)(spotPriceAfter <= maxPrice,ERR_LIMIT_PRICE) (contracts/balancer/BPool.sol#760)
- require(bool,string)(spotPriceBefore <= bdiv(tokenAmountIn,tokenAmountOut),ERR_MATH_APPROX) (contracts/balancer/BPool.sol#761-764)
BPool.getDenormalizedWeight(address) (contracts/balancer/BPool.sol#846-854) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(_records[token].bound,ERR_NOT_BOUND) (contracts/balancer/BPool.sol#852)
BPool.extrapolatePoolValueFromToken() (contracts/balancer/BPool.sol#877-893) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(extrapolatedValue > 0,ERR_NONE_READY) (contracts/balancer/BPool.sol#892)
BPool.getInGivenOut(address,address,uint256) (contracts/balancer/BPool.sol#1004-1030) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(tokenAmountOut <= bmul(outRecord.balance,MAX_OUT_RATIO),ERR_MAX_OUT_RATIO) (contracts/balancer/BPool.sol#1018-1021)
BPool.getOutGivenIn(address,address,uint256) (contracts/balancer/BPool.sol#1036-1062) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(tokenAmountIn <= bmul(inRecord.balance,MAX_IN_RATIO),ERR_MAX_IN_RATIO) (contracts/balancer/BPool.sol#1050-1053)
BPool._pullUnderlying(address,address,uint256) (contracts/balancer/BPool.sol#1086-1098) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(success && (data.length == 0 || abi.decode(data,(bool))),ERR_ERC20_FALSE) (contracts/balancer/BPool.sol#1094-1097)
BPool._pushUnderlying(address,address,uint256) (contracts/balancer/BPool.sol#1100-1112) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(success && (data.length == 0 || abi.decode(data,(bool))),ERR_ERC20_FALSE) (contracts/balancer/BPool.sol#1108-1111)
BPool._bind(address,uint256,uint96) (contracts/balancer/BPool.sol#1125-1148) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(! _records[token].bound,ERR_IS_BOUND) (contracts/balancer/BPool.sol#1130)
BPool._unbind(address) (contracts/balancer/BPool.sol#1159-1186) uses timestamp for comparisons
Dangerous comparisons:
- index != last (contracts/balancer/BPool.sol#1169)
BPool._setDesiredDenorm(address,uint96) (contracts/balancer/BPool.sol#1188-1201) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(record.bound,ERR_NOT_BOUND) (contracts/balancer/BPool.sol#1190)
BPool._increaseDenorm(BPool.Record,address) (contracts/balancer/BPool.sol#1203-1227) uses timestamp for comparisons
Dangerous comparisons:
- record.denorm >= record.desiredDenorm || ! record.ready || now - record.lastDenormUpdate < WEIGHT_UPDATE_DELAY (contracts/balancer/BPool.sol#1207-1209)
- diff > maxDiff (contracts/balancer/BPool.sol#1215)
- require(bool,string)(_totalWeight <= MAX_TOTAL_WEIGHT,ERR_MAX_TOTAL_WEIGHT) (contracts/balancer/BPool.sol#1220)
BPool._decreaseDenorm(BPool.Record,address) (contracts/balancer/BPool.sol#1229-1261) uses timestamp for comparisons
Dangerous comparisons:
- record.denorm <= record.desiredDenorm || ! record.ready || now - record.lastDenormUpdate < WEIGHT_UPDATE_DELAY (contracts/balancer/BPool.sol#1232-1234)
- diff > maxDiff (contracts/balancer/BPool.sol#1240)
- denorm <= MIN_WEIGHT (contracts/balancer/BPool.sol#1244)
BPool._getInputToken(address) (contracts/balancer/BPool.sol#1274-1290) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(record.bound,ERR_NOT_BOUND) (contracts/balancer/BPool.sol#1280)
BPool._getOutputToken(address) (contracts/balancer/BPool.sol#1292-1302) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(record.bound,ERR_NOT_BOUND) (contracts/balancer/BPool.sol#1298)
- require(bool,string)(record.ready,ERR_OUT_NOT_READY) (contracts/balancer/BPool.sol#1301)
BPool._updateBalanceIn(address,BPool.Record,uint256) (contracts/balancer/BPool.sol#1324-1362) uses timestamp for comparisons
Dangerous comparisons:
- realBalance >= record.balance (contracts/balancer/BPool.sol#1333)
UniswapV2OracleLibrary.currentCumulativePrices(address) (contracts/lib/UniswapV2OracleLibrary.sol#17-51) uses timestamp for comparisons
Dangerous comparisons:
- blockTimestampLast != blockTimestamp (contracts/lib/UniswapV2OracleLibrary.sol#36)
UniswapV2OracleLibrary.currentCumulativePrice0(address) (contracts/lib/UniswapV2OracleLibrary.sol#55-79) uses timestamp for comparisons
Dangerous comparisons:
- blockTimestampLast != blockTimestamp (contracts/lib/UniswapV2OracleLibrary.sol#69)
UniswapV2OracleLibrary.currentCumulativePrice1(address) (contracts/lib/UniswapV2OracleLibrary.sol#83-107) uses timestamp for comparisons
Dangerous comparisons:
- blockTimestampLast != blockTimestamp (contracts/lib/UniswapV2OracleLibrary.sol#97)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#block-timestamp
INFO:Detectors:
BPool.getCurrentDesiredTokens() (contracts/balancer/BPool.sol#824-841) uses assembly
- INLINE ASM (contracts/balancer/BPool.sol#840)
Create2.deploy(uint256,bytes32,bytes) (contracts/lib/Create2.sol#27-36) uses assembly
- INLINE ASM (contracts/lib/Create2.sol#31-33)
ProxyLib.getProxyDeploymentCode(address) (contracts/lib/ProxyLib.sol#54-63) uses assembly
- INLINE ASM (contracts/lib/ProxyLib.sol#56-61)
MockProxyFactory.compareCodeHash(bytes32) (contracts/mocks/MockProxyFactory.sol#20-25) uses assembly
- INLINE ASM (contracts/mocks/MockProxyFactory.sol#23)
MockProxyFactory.getProxyRuntimeCode() (contracts/mocks/MockProxyFactory.sol#32-42) uses assembly
- INLINE ASM (contracts/mocks/MockProxyFactory.sol#35-40)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage
INFO:Detectors:
Different versions of Solidity is used in :
- Version used: ['>=0.4.0', '>=0.5.0', '>=0.6.0', '>=0.6.2', '^0.6.0']
- ^0.6.0 (contracts/MarketOracle.sol#1)
- ABIEncoderV2 (contracts/MarketOracle.sol#2)
- ^0.6.0 (contracts/PoolController.sol#1)
- ABIEncoderV2 (contracts/PoolController.sol#2)
- ^0.6.0 (contracts/UniSwapV2PriceOracle.sol#1)
- ABIEncoderV2 (contracts/UniSwapV2PriceOracle.sol#2)
- ^0.6.0 (contracts/balancer/BConst.sol#2)
- ^0.6.0 (contracts/balancer/BMath.sol#2)
- ^0.6.0 (contracts/balancer/BNum.sol#2)
- ^0.6.0 (contracts/balancer/BPool.sol#2)
- ABIEncoderV2 (contracts/balancer/BPool.sol#3)
- ^0.6.0 (contracts/balancer/BToken.sol#2)
- ^0.6.0 (contracts/interfaces/IBPool.sol#2)
- ABIEncoderV2 (contracts/interfaces/IBPool.sol#3)
- >=0.5.0 (contracts/interfaces/IERC20.sol#1)
- ^0.6.0 (contracts/interfaces/IFlashLoanRecipient.sol#1)
- ^0.6.0 (contracts/interfaces/IUniSwap.sol#1)
- ^0.6.0 (contracts/interfaces/IUniswapV2Factory.sol#1)
- ^0.6.0 (contracts/interfaces/IUniswapV2Library.sol#1)
- ^0.6.0 (contracts/interfaces/IUniswapV2Pair.sol#1)
- >=0.6.2 (contracts/interfaces/IUniswapV2Router01.sol#1)
- >=0.6.2 (contracts/interfaces/IUniswapV2Router02.sol#1)
- >=0.4.0 (contracts/lib/Babylonian.sol#3)
- ^0.6.0 (contracts/lib/Create2.sol#1)
- >=0.4.0 (contracts/lib/FixedPoint.sol#3)
- ^0.6.0 (contracts/lib/IndexLibrary.sol#1)
- ABIEncoderV2 (contracts/lib/IndexLibrary.sol#2)
- ^0.6.0 (contracts/lib/ProxyLib.sol#1)
- ^0.6.0 (contracts/lib/SafeMath.sol#1)
- >=0.6.0 (contracts/lib/UniswapV2Library.sol#1)
- ^0.6.0 (contracts/lib/UniswapV2OracleLibrary.sol#1)
- ^0.6.0 (contracts/mocks/MockERC20.sol#1)
- ^0.6.0 (contracts/mocks/MockProxyFactory.sol#1)
- ^0.6.0 (contracts/mocks/MockProxyLogic.sol#1)
- ^0.6.0 (contracts/mocks/MockTokenMarketDeployer.sol#1)
- ABIEncoderV2 (contracts/mocks/MockTokenMarketDeployer.sol#2)
- ^0.6.0 (contracts/openzeppelin/BaseERC20.sol#3)
- ^0.6.0 (contracts/openzeppelin/SafeMath.sol#3)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#different-pragma-directives-are-used
INFO:Detectors:
Pragma version^0.6.0 (contracts/MarketOracle.sol#1) allows old versions
Pragma version^0.6.0 (contracts/PoolController.sol#1) allows old versions
Pragma version^0.6.0 (contracts/UniSwapV2PriceOracle.sol#1) allows old versions
Pragma version^0.6.0 (contracts/balancer/BConst.sol#2) allows old versions
Pragma version^0.6.0 (contracts/balancer/BMath.sol#2) allows old versions
Pragma version^0.6.0 (contracts/balancer/BNum.sol#2) allows old versions
Pragma version^0.6.0 (contracts/balancer/BPool.sol#2) allows old versions
Pragma version^0.6.0 (contracts/balancer/BToken.sol#2) allows old versions
Pragma version^0.6.0 (contracts/interfaces/IBPool.sol#2) allows old versions
Pragma version>=0.5.0 (contracts/interfaces/IERC20.sol#1) allows old versions
Pragma version^0.6.0 (contracts/interfaces/IFlashLoanRecipient.sol#1) allows old versions
Pragma version^0.6.0 (contracts/interfaces/IUniSwap.sol#1) allows old versions
Pragma version^0.6.0 (contracts/interfaces/IUniswapV2Factory.sol#1) allows old versions
Pragma version^0.6.0 (contracts/interfaces/IUniswapV2Library.sol#1) allows old versions
Pragma version^0.6.0 (contracts/interfaces/IUniswapV2Pair.sol#1) allows old versions
Pragma version>=0.6.2 (contracts/interfaces/IUniswapV2Router01.sol#1) allows old versions
Pragma version>=0.6.2 (contracts/interfaces/IUniswapV2Router02.sol#1) allows old versions
Pragma version>=0.4.0 (contracts/lib/Babylonian.sol#3) allows old versions
Pragma version^0.6.0 (contracts/lib/Create2.sol#1) allows old versions
Pragma version>=0.4.0 (contracts/lib/FixedPoint.sol#3) allows old versions
Pragma version^0.6.0 (contracts/lib/IndexLibrary.sol#1) allows old versions
Pragma version^0.6.0 (contracts/lib/ProxyLib.sol#1) allows old versions
Pragma version^0.6.0 (contracts/lib/SafeMath.sol#1) allows old versions
Pragma version>=0.6.0 (contracts/lib/UniswapV2Library.sol#1) allows old versions
Pragma version^0.6.0 (contracts/lib/UniswapV2OracleLibrary.sol#1) allows old versions
Pragma version^0.6.0 (contracts/mocks/MockERC20.sol#1) allows old versions
Pragma version^0.6.0 (contracts/mocks/MockProxyFactory.sol#1) allows old versions
Pragma version^0.6.0 (contracts/mocks/MockProxyLogic.sol#1) allows old versions
Pragma version^0.6.0 (contracts/mocks/MockTokenMarketDeployer.sol#1) allows old versions
Pragma version^0.6.0 (contracts/openzeppelin/BaseERC20.sol#3) allows old versions
Pragma version^0.6.0 (contracts/openzeppelin/SafeMath.sol#3) allows old versions
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-versions-of-solidity
INFO:Detectors:
Low level call in BPool._pullUnderlying(address,address,uint256) (contracts/balancer/BPool.sol#1086-1098):
- (success,data) = erc20.call(abi.encodeWithSelector(TRANSFER_FROM_SELECTOR,from,address(this),amount)) (contracts/balancer/BPool.sol#1091-1093)
Low level call in BPool._pushUnderlying(address,address,uint256) (contracts/balancer/BPool.sol#1100-1112):
- (success,data) = erc20.call(abi.encodeWithSelector(TRANSFER_SELECTOR,to,amount)) (contracts/balancer/BPool.sol#1105-1107)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls
INFO:Detectors:
Variable MarketOracle._categoryTokens (contracts/MarketOracle.sol#24) is not in mixedCase
Variable MarketOracle._tokenCategories (contracts/MarketOracle.sol#26) is not in mixedCase
Event PoolControllerLOG_NEW_POOL(address,address,uint256,uint256) (contracts/PoolController.sol#34-39) is not in CapWords
Event PoolControllerLOG_MANAGER(address) (contracts/PoolController.sol#41) is not in CapWords
Variable PoolController._manager (contracts/PoolController.sol#45) is not in mixedCase
Variable PoolController._poolContract (contracts/PoolController.sol#46) is not in mixedCase
Variable PoolController._isBPool (contracts/PoolController.sol#47) is not in mixedCase
Variable PoolController._poolUpdateRecords (contracts/PoolController.sol#48) is not in mixedCase
Variable UniSwapV2PriceOracle._uniswapFactory (contracts/UniSwapV2PriceOracle.sol#37) is not in mixedCase
Variable UniSwapV2PriceOracle._weth (contracts/UniSwapV2PriceOracle.sol#40) is not in mixedCase
Variable UniSwapV2PriceOracle._priceObservations (contracts/UniSwapV2PriceOracle.sol#43-45) is not in mixedCase
Event BPoolLOG_SWAP(address,address,address,uint256,uint256) (contracts/balancer/BPool.sol#36-42) is not in CapWords
Event BPoolLOG_JOIN(address,address,uint256) (contracts/balancer/BPool.sol#44-48) is not in CapWords
Event BPoolLOG_EXIT(address,address,uint256) (contracts/balancer/BPool.sol#50-54) is not in CapWords
Event BPoolLOG_DENORM_UPDATED(address,uint256) (contracts/balancer/BPool.sol#56) is not in CapWords
Event BPoolLOG_DESIRED_DENORM_SET(address,uint256) (contracts/balancer/BPool.sol#58) is not in CapWords
Event BPoolLOG_TOKEN_REMOVED(address) (contracts/balancer/BPool.sol#60) is not in CapWords
Event BPoolLOG_TOKEN_ADDED(address,uint256,uint256) (contracts/balancer/BPool.sol#62-66) is not in CapWords
Event BPoolLOG_TOKEN_READY(address) (contracts/balancer/BPool.sol#68) is not in CapWords
Variable BPool._mutex (contracts/balancer/BPool.sol#96) is not in mixedCase
Variable BPool._controller (contracts/balancer/BPool.sol#98) is not in mixedCase
Variable BPool._publicSwap (contracts/balancer/BPool.sol#102) is not in mixedCase
Variable BPool._swapFee (contracts/balancer/BPool.sol#105) is not in mixedCase
Variable BPool._tokens (contracts/balancer/BPool.sol#107) is not in mixedCase
Variable BPool._records (contracts/balancer/BPool.sol#109) is not in mixedCase
Variable BPool._totalWeight (contracts/balancer/BPool.sol#110) is not in mixedCase
Variable BPool._minimumBalances (contracts/balancer/BPool.sol#113) is not in mixedCase
Modifier BPool._lock_() (contracts/balancer/BPool.sol#72-77) is not in mixedCase
Modifier BPool._viewlock_() (contracts/balancer/BPool.sol#79-82) is not in mixedCase
Modifier BPool._control_() (contracts/balancer/BPool.sol#84-87) is not in mixedCase
Modifier BPool._public_() (contracts/balancer/BPool.sol#89-92) is not in mixedCase
Variable BTokenBase._balance (contracts/balancer/BToken.sol#31) is not in mixedCase
Variable BTokenBase._allowance (contracts/balancer/BToken.sol#32) is not in mixedCase
Variable BTokenBase._totalSupply (contracts/balancer/BToken.sol#33) is not in mixedCase
Function IUniswapV2Pair.DOMAIN_SEPARATOR() (contracts/interfaces/IUniswapV2Pair.sol#18) is not in mixedCase
Function IUniswapV2Pair.PERMIT_TYPEHASH() (contracts/interfaces/IUniswapV2Pair.sol#19) is not in mixedCase
Function IUniswapV2Pair.MINIMUM_LIQUIDITY() (contracts/interfaces/IUniswapV2Pair.sol#36) is not in mixedCase
Function IUniswapV2Router01.WETH() (contracts/interfaces/IUniswapV2Router01.sol#6) is not in mixedCase
Struct FixedPoint.uq112x112 (contracts/lib/FixedPoint.sol#11-13) is not in CapWords
Struct FixedPoint.uq144x112 (contracts/lib/FixedPoint.sol#17-19) is not in CapWords
Variable MockProxyLogic._value (contracts/mocks/MockProxyLogic.sol#4) is not in mixedCase
Variable BaseERC20._balances (contracts/openzeppelin/BaseERC20.sol#35) is not in mixedCase
Variable BaseERC20._allowances (contracts/openzeppelin/BaseERC20.sol#37) is not in mixedCase
Variable BaseERC20._totalSupply (contracts/openzeppelin/BaseERC20.sol#39) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformity-to-solidity-naming-conventions
INFO:Detectors:
ProxyLib.getProxyDeploymentCode(address) (contracts/lib/ProxyLib.sol#54-63) uses literals with too many digits:
- mstore(uint256,uint256)(ptr,0x602e598160098239f35959365936595937730000000000000000000000000000) (contracts/lib/ProxyLib.sol#58)
ProxyLib.getProxyDeploymentCode(address) (contracts/lib/ProxyLib.sol#54-63) uses literals with too many digits:
- mstore(uint256,uint256)(ptr + 38,0x5af460003d3d82803e9161002c57fd5bf3000000000000000000000000000000) (contracts/lib/ProxyLib.sol#60)
MockProxyFactory.getProxyRuntimeCode() (contracts/mocks/MockProxyFactory.sol#32-42) uses literals with too many digits:
- mstore(uint256,uint256)(ptr,0x5959365936595937730000000000000000000000000000000000000000000000) (contracts/mocks/MockProxyFactory.sol#37)
MockProxyFactory.getProxyRuntimeCode() (contracts/mocks/MockProxyFactory.sol#32-42) uses literals with too many digits:
- mstore(uint256,uint256)(ptr + 29,0x5af460003d3d82803e9161002c57fd5bf3000000000000000000000000000000) (contracts/mocks/MockProxyFactory.sol#39)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#too-many-digits
INFO:Detectors:
BConst.TRANSFER_SELECTOR (contracts/balancer/BConst.sol#8-10) is never used in PoolController (contracts/PoolController.sol#13-268)
BConst.TRANSFER_FROM_SELECTOR (contracts/balancer/BConst.sol#12-14) is never used in PoolController (contracts/PoolController.sol#13-268)
BConst.WEIGHT_UPDATE_DELAY (contracts/balancer/BConst.sol#16) is never used in PoolController (contracts/PoolController.sol#13-268)
BConst.MIN_FEE (contracts/balancer/BConst.sol#23) is never used in PoolController (contracts/PoolController.sol#13-268)
BConst.MAX_FEE (contracts/balancer/BConst.sol#24) is never used in PoolController (contracts/PoolController.sol#13-268)
BConst.EXIT_FEE (contracts/balancer/BConst.sol#25) is never used in PoolController (contracts/PoolController.sol#13-268)
BConst.MIN_WEIGHT (contracts/balancer/BConst.sol#27) is never used in PoolController (contracts/PoolController.sol#13-268)
BConst.MAX_WEIGHT (contracts/balancer/BConst.sol#28) is never used in PoolController (contracts/PoolController.sol#13-268)
BConst.MAX_TOTAL_WEIGHT (contracts/balancer/BConst.sol#29) is never used in PoolController (contracts/PoolController.sol#13-268)
BConst.MIN_BALANCE (contracts/balancer/BConst.sol#30) is never used in PoolController (contracts/PoolController.sol#13-268)
BConst.INIT_POOL_SUPPLY (contracts/balancer/BConst.sol#32) is never used in PoolController (contracts/PoolController.sol#13-268)
BConst.MAX_IN_RATIO (contracts/balancer/BConst.sol#38) is never used in PoolController (contracts/PoolController.sol#13-268)
BConst.MAX_OUT_RATIO (contracts/balancer/BConst.sol#39) is never used in PoolController (contracts/PoolController.sol#13-268)
BConst.TRANSFER_SELECTOR (contracts/balancer/BConst.sol#8-10) is never used in MockTokenMarketDeployer (contracts/mocks/MockTokenMarketDeployer.sol#12-161)
BConst.TRANSFER_FROM_SELECTOR (contracts/balancer/BConst.sol#12-14) is never used in MockTokenMarketDeployer (contracts/mocks/MockTokenMarketDeployer.sol#12-161)
BConst.WEIGHT_UPDATE_DELAY (contracts/balancer/BConst.sol#16) is never used in MockTokenMarketDeployer (contracts/mocks/MockTokenMarketDeployer.sol#12-161)
BConst.MIN_BOUND_TOKENS (contracts/balancer/BConst.sol#20) is never used in MockTokenMarketDeployer (contracts/mocks/MockTokenMarketDeployer.sol#12-161)
BConst.MAX_BOUND_TOKENS (contracts/balancer/BConst.sol#21) is never used in MockTokenMarketDeployer (contracts/mocks/MockTokenMarketDeployer.sol#12-161)
BConst.MIN_FEE (contracts/balancer/BConst.sol#23) is never used in MockTokenMarketDeployer (contracts/mocks/MockTokenMarketDeployer.sol#12-161)
BConst.MAX_FEE (contracts/balancer/BConst.sol#24) is never used in MockTokenMarketDeployer (contracts/mocks/MockTokenMarketDeployer.sol#12-161)
BConst.MIN_WEIGHT (contracts/balancer/BConst.sol#27) is never used in MockTokenMarketDeployer (contracts/mocks/MockTokenMarketDeployer.sol#12-161)
BConst.MAX_WEIGHT (contracts/balancer/BConst.sol#28) is never used in MockTokenMarketDeployer (contracts/mocks/MockTokenMarketDeployer.sol#12-161)
BConst.MAX_TOTAL_WEIGHT (contracts/balancer/BConst.sol#29) is never used in MockTokenMarketDeployer (contracts/mocks/MockTokenMarketDeployer.sol#12-161)
BConst.MIN_BALANCE (contracts/balancer/BConst.sol#30) is never used in MockTokenMarketDeployer (contracts/mocks/MockTokenMarketDeployer.sol#12-161)
BConst.INIT_POOL_SUPPLY (contracts/balancer/BConst.sol#32) is never used in MockTokenMarketDeployer (contracts/mocks/MockTokenMarketDeployer.sol#12-161)
BConst.MAX_IN_RATIO (contracts/balancer/BConst.sol#38) is never used in MockTokenMarketDeployer (contracts/mocks/MockTokenMarketDeployer.sol#12-161)
BConst.MAX_OUT_RATIO (contracts/balancer/BConst.sol#39) is never used in MockTokenMarketDeployer (contracts/mocks/MockTokenMarketDeployer.sol#12-161)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unused-state-variables
INFO:Detectors:
BToken._decimals (contracts/balancer/BToken.sol#75) should be constant
BaseERC20._totalSupply (contracts/openzeppelin/BaseERC20.sol#39) should be constant
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#state-variables-that-could-be-declared-constant
INFO:Detectors:
addToken(address,uint256) should be declared external:
- MarketOracle.addToken(address,uint256) (contracts/MarketOracle.sol#133-143)
orderCategoryTokensByMarketCap(uint256,address[]) should be declared external:
- MarketOracle.orderCategoryTokensByMarketCap(uint256,address[]) (contracts/MarketOracle.sol#175-211)
updatePrices(address[]) should be declared external:
- UniSwapV2PriceOracle.updatePrices(address[]) (contracts/UniSwapV2PriceOracle.sol#93-101)
computeAveragePrices(address[]) should be declared external:
- UniSwapV2PriceOracle.computeAveragePrices(address[]) (contracts/UniSwapV2PriceOracle.sol#228-238)
name() should be declared external:
- BToken.name() (contracts/balancer/BToken.sol#88-90)
symbol() should be declared external:
- BToken.symbol() (contracts/balancer/BToken.sol#92-94)
decimals() should be declared external:
- BToken.decimals() (contracts/balancer/BToken.sol#96-98)
deployProxy(bytes32) should be declared external:
- MockProxyFactory.deployProxy(bytes32) (contracts/mocks/MockProxyFactory.sol#27-30)
deployTokenAndMarketWithLiquidity(string,string,uint256,uint256) should be declared external:
- MockTokenMarketDeployer.deployTokenAndMarketWithLiquidity(string,string,uint256,uint256) (contracts/mocks/MockTokenMarketDeployer.sol#54-64)
deployPoolMarketWithLiquidity(BPool,uint256,uint256) should be declared external:
- MockTokenMarketDeployer.deployPoolMarketWithLiquidity(BPool,uint256,uint256) (contracts/mocks/MockTokenMarketDeployer.sol#87-98)
addPoolMarketLiquidity(BPool,uint256,uint256) should be declared external:
- MockTokenMarketDeployer.addPoolMarketLiquidity(BPool,uint256,uint256) (contracts/mocks/MockTokenMarketDeployer.sol#100-119)
name() should be declared external:
- BaseERC20.name() (contracts/openzeppelin/BaseERC20.sol#63-65)
symbol() should be declared external:
- BaseERC20.symbol() (contracts/openzeppelin/BaseERC20.sol#71-73)
decimals() should be declared external:
- BaseERC20.decimals() (contracts/openzeppelin/BaseERC20.sol#88-90)
balanceOf(address) should be declared external:
- BaseERC20.balanceOf(address) (contracts/openzeppelin/BaseERC20.sol#102-104)
transfer(address,uint256) should be declared external:
- BaseERC20.transfer(address,uint256) (contracts/openzeppelin/BaseERC20.sol#114-117)
allowance(address,address) should be declared external:
- BaseERC20.allowance(address,address) (contracts/openzeppelin/BaseERC20.sol#122-124)
approve(address,uint256) should be declared external:
- BaseERC20.approve(address,uint256) (contracts/openzeppelin/BaseERC20.sol#133-136)
transferFrom(address,address,uint256) should be declared external:
- BaseERC20.transferFrom(address,address,uint256) (contracts/openzeppelin/BaseERC20.sol#150-158)
increaseAllowance(address,uint256) should be declared external:
- BaseERC20.increaseAllowance(address,uint256) (contracts/openzeppelin/BaseERC20.sol#172-175)
decreaseAllowance(address,uint256) should be declared external:
- BaseERC20.decreaseAllowance(address,uint256) (contracts/openzeppelin/BaseERC20.sol#191-198)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#public-function-that-could-be-declared-external
INFO:Slither:. analyzed (31 contracts with 46 detectors), 218 result(s) found
INFO:Slither:Use https://crytic.io/ to get access to additional detectors and Github integration
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment