Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Slither report: solidity version, reentrancy bugs #386

Open
atoulme opened this issue Oct 31, 2021 · 0 comments
Open

Slither report: solidity version, reentrancy bugs #386

atoulme opened this issue Oct 31, 2021 · 0 comments

Comments

@atoulme
Copy link

atoulme commented Oct 31, 2021

I have run slither against the main branch (apologies, if another branch is used for contract development, please let me know).

Slither runs static code analysis and has reported 228 elements. Half of them report to mixed case usage, but there are a few around reentrancy bugs. The version of Solidity used is also not recommended.

SafeMath is re-used:
	- node_modules/@uniswap/v2-periphery/contracts/libraries/SafeMath.sol#5-17
	- node_modules/@openzeppelin/contracts/math/SafeMath.sol#18-159
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#name-reused

TestLogicContract.transferTokens(address,uint256,uint256) (contracts/TestLogicContract.sol#16-23) ignores return value by IERC20(state_tokenContract).transfer(_to,_a + _b) (contracts/TestLogicContract.sol#21)
TestUniswapLiquidity.transferTokens(address,uint256,uint256,address) (contracts/TestUniswapLiquidity.sol#62-69) ignores return value by IERC20(state_tokenContract).transfer(_to,_a + _b) (contracts/TestUniswapLiquidity.sol#68)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unchecked-transfer

UniswapV2Library.getAmountsOut(address,uint256,address[]).i (node_modules/@uniswap/v2-periphery/contracts/libraries/UniswapV2Library.sol#66) is a local variable never initialized
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#uninitialized-local-variables

TestUniswapLiquidity.redeemLiquidityETH(address,uint256,uint256,uint256,address,uint256) (contracts/TestUniswapLiquidity.sol#16-40) ignores return value by IUniswapV2Pair(pair).approve(router,2 ** 256 - 1) (contracts/TestUniswapLiquidity.sol#30)
TestUniswapLiquidity.redeemLiquidityETH(address,uint256,uint256,uint256,address,uint256) (contracts/TestUniswapLiquidity.sol#16-40) ignores return value by IUniswapV2Router02(router).removeLiquidityETH(token,liquidity,amountTokenMin,amountETHMin,to,deadline) (contracts/TestUniswapLiquidity.sol#32-39)
TestUniswapLiquidity.redeemLiquidity(address,address,uint256,uint256,uint256,address,uint256) (contracts/TestUniswapLiquidity.sol#42-60) ignores return value by IUniswapV2Router02(router).removeLiquidity(tokenA,tokenB,liquidity,amountAMin,amountBMin,to,deadline) (contracts/TestUniswapLiquidity.sol#51-59)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unused-return

ERC20.constructor(string,string).name (node_modules/@openzeppelin/contracts/token/ERC20/ERC20.sol#57) shadows:
	- ERC20.name() (node_modules/@openzeppelin/contracts/token/ERC20/ERC20.sol#66-68) (function)
ERC20.constructor(string,string).symbol (node_modules/@openzeppelin/contracts/token/ERC20/ERC20.sol#57) shadows:
	- ERC20.symbol() (node_modules/@openzeppelin/contracts/token/ERC20/ERC20.sol#74-76) (function)
CosmosERC20.constructor(address,string,string,uint8)._name (contracts/CosmosToken.sol#9) shadows:
	- ERC20._name (node_modules/@openzeppelin/contracts/token/ERC20/ERC20.sol#44) (state variable)
CosmosERC20.constructor(address,string,string,uint8)._symbol (contracts/CosmosToken.sol#10) shadows:
	- ERC20._symbol (node_modules/@openzeppelin/contracts/token/ERC20/ERC20.sol#45) (state variable)
CosmosERC20.constructor(address,string,string,uint8)._decimals (contracts/CosmosToken.sol#11) shadows:
	- ERC20._decimals (node_modules/@openzeppelin/contracts/token/ERC20/ERC20.sol#46) (state variable)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#local-variable-shadowing

ReentrantERC20.constructor(address)._gravityAddress (contracts/ReentrantERC20.sol#11) lacks a zero-check on :
		- state_gravityAddress = _gravityAddress (contracts/ReentrantERC20.sol#12)
TestLogicContract.constructor(address)._tokenContract (contracts/TestLogicContract.sol#12) lacks a zero-check on :
		- state_tokenContract = _tokenContract (contracts/TestLogicContract.sol#13)
TestUniswapLiquidity.constructor(address)._uni_router (contracts/TestUniswapLiquidity.sol#12) lacks a zero-check on :
		- router = _uni_router (contracts/TestUniswapLiquidity.sol#13)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-zero-address-validation

Reentrancy in Gravity.sendToCosmos(address,bytes32,uint256) (contracts/Gravity.sol#524-538):
	External calls:
	- IERC20(_tokenContract).safeTransferFrom(msg.sender,address(this),_amount) (contracts/Gravity.sol#529)
	State variables written after the call(s):
	- state_lastEventNonce = state_lastEventNonce.add(1) (contracts/Gravity.sol#530)
Reentrancy in Gravity.submitBatch(address[],uint256[],uint256,uint8[],bytes32[],bytes32[],uint256[],address[],uint256[],uint256,address,uint256) (contracts/Gravity.sol#287-393):
	External calls:
	- IERC20(_tokenContract).safeTransfer(msg.sender,totalFee) (contracts/Gravity.sol#384)
	State variables written after the call(s):
	- state_lastEventNonce = state_lastEventNonce.add(1) (contracts/Gravity.sol#390)
Reentrancy in Gravity.submitLogicCall(address[],uint256[],uint256,uint8[],bytes32[],bytes32[],LogicCallArgs) (contracts/Gravity.sol#404-522):
	External calls:
	- returnData = Address.functionCall(_args.logicContractAddress,_args.payload) (contracts/Gravity.sol#505)
	State variables written after the call(s):
	- state_lastEventNonce = state_lastEventNonce.add(1) (contracts/Gravity.sol#514)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-2

Reentrancy in SimpleLogicBatchMiddleware.logicBatch(uint256[],bytes[],address,address) (contracts/SimpleLogicBatch.sol#27-42):
	External calls:
	- IERC20(_tokenContract).safeTransfer(_logicContract,_amounts[i]) (contracts/SimpleLogicBatch.sol#38)
	- returnData = Address.functionCall(_logicContract,_payloads[i]) (contracts/SimpleLogicBatch.sol#39)
	Event emitted after the call(s):
	- LogicCallEvent(_tokenContract,_logicContract,true,returnData) (contracts/SimpleLogicBatch.sol#40)
Reentrancy in Gravity.sendToCosmos(address,bytes32,uint256) (contracts/Gravity.sol#524-538):
	External calls:
	- IERC20(_tokenContract).safeTransferFrom(msg.sender,address(this),_amount) (contracts/Gravity.sol#529)
	Event emitted after the call(s):
	- SendToCosmosEvent(_tokenContract,msg.sender,_destination,_amount,state_lastEventNonce) (contracts/Gravity.sol#531-537)
Reentrancy in Gravity.submitBatch(address[],uint256[],uint256,uint8[],bytes32[],bytes32[],uint256[],address[],uint256[],uint256,address,uint256) (contracts/Gravity.sol#287-393):
	External calls:
	- IERC20(_tokenContract).safeTransfer(msg.sender,totalFee) (contracts/Gravity.sol#384)
	Event emitted after the call(s):
	- TransactionBatchExecutedEvent(_batchNonce,_tokenContract,state_lastEventNonce) (contracts/Gravity.sol#391)
Reentrancy in Gravity.submitLogicCall(address[],uint256[],uint256,uint8[],bytes32[],bytes32[],LogicCallArgs) (contracts/Gravity.sol#404-522):
	External calls:
	- returnData = Address.functionCall(_args.logicContractAddress,_args.payload) (contracts/Gravity.sol#505)
	Event emitted after the call(s):
	- LogicCallEvent(_args.invalidationId,_args.invalidationNonce,returnData,state_lastEventNonce) (contracts/Gravity.sol#515-520)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-3

Address.isContract(address) (node_modules/@openzeppelin/contracts/utils/Address.sol#26-35) uses assembly
	- INLINE ASM (node_modules/@openzeppelin/contracts/utils/Address.sol#33)
Address._functionCallWithValue(address,bytes,uint256,string) (node_modules/@openzeppelin/contracts/utils/Address.sol#119-140) uses assembly
	- INLINE ASM (node_modules/@openzeppelin/contracts/utils/Address.sol#132-135)
console._sendLogPayload(bytes) (node_modules/hardhat/console.sol#7-14) uses assembly
	- INLINE ASM (node_modules/hardhat/console.sol#10-13)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage

Different versions of Solidity is used:
	- Version used: ['=0.6.6', '>=0.4.22<0.9.0', '>=0.5.0', '>=0.6.2', '^0.6.0', '^0.6.2', '^0.6.6']
	- ^0.6.0 (node_modules/@openzeppelin/contracts/GSN/Context.sol#3)
	- ^0.6.0 (node_modules/@openzeppelin/contracts/access/Ownable.sol#3)
	- ^0.6.0 (node_modules/@openzeppelin/contracts/math/SafeMath.sol#3)
	- ^0.6.0 (node_modules/@openzeppelin/contracts/token/ERC20/ERC20.sol#3)
	- ^0.6.0 (node_modules/@openzeppelin/contracts/token/ERC20/IERC20.sol#3)
	- ^0.6.0 (node_modules/@openzeppelin/contracts/token/ERC20/SafeERC20.sol#3)
	- ^0.6.2 (node_modules/@openzeppelin/contracts/utils/Address.sol#3)
	- ^0.6.0 (node_modules/@openzeppelin/contracts/utils/ReentrancyGuard.sol#3)
	- >=0.5.0 (node_modules/@uniswap/v2-core/contracts/interfaces/IUniswapV2Pair.sol#1)
	- >=0.6.2 (node_modules/@uniswap/v2-periphery/contracts/interfaces/IUniswapV2Router01.sol#1)
	- >=0.6.2 (node_modules/@uniswap/v2-periphery/contracts/interfaces/IUniswapV2Router02.sol#1)
	- =0.6.6 (node_modules/@uniswap/v2-periphery/contracts/libraries/SafeMath.sol#1)
	- >=0.5.0 (node_modules/@uniswap/v2-periphery/contracts/libraries/UniswapV2Library.sol#1)
	- ^0.6.6 (contracts/CosmosToken.sol#1)
	- ^0.6.6 (contracts/Gravity.sol#1)
	- ABIEncoderV2 (contracts/Gravity.sol#10)
	- ^0.6.6 (contracts/HashingTest.sol#1)
	- ^0.6.6 (contracts/ReentrantERC20.sol#1)
	- ABIEncoderV2 (contracts/ReentrantERC20.sol#5)
	- ^0.6.6 (contracts/SigningTest.sol#1)
	- ^0.6.6 (contracts/SimpleLogicBatch.sol#1)
	- ABIEncoderV2 (contracts/SimpleLogicBatch.sol#2)
	- ^0.6.6 (contracts/TestERC20A.sol#1)
	- ^0.6.6 (contracts/TestERC20B.sol#1)
	- ^0.6.6 (contracts/TestERC20C.sol#1)
	- ^0.6.6 (contracts/TestLogicContract.sol#1)
	- ^0.6.6 (contracts/TestTokenBatchMiddleware copy.sol#1)
	- ^0.6.6 (contracts/TestUniswapLiquidity.sol#1)
	- >=0.4.22<0.9.0 (node_modules/hardhat/console.sol#2)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#different-pragma-directives-are-used

Pragma version^0.6.0 (node_modules/@openzeppelin/contracts/GSN/Context.sol#3) allows old versions
Pragma version^0.6.0 (node_modules/@openzeppelin/contracts/access/Ownable.sol#3) allows old versions
Pragma version^0.6.0 (node_modules/@openzeppelin/contracts/math/SafeMath.sol#3) allows old versions
Pragma version^0.6.0 (node_modules/@openzeppelin/contracts/token/ERC20/ERC20.sol#3) allows old versions
Pragma version^0.6.0 (node_modules/@openzeppelin/contracts/token/ERC20/IERC20.sol#3) allows old versions
Pragma version^0.6.0 (node_modules/@openzeppelin/contracts/token/ERC20/SafeERC20.sol#3) allows old versions
Pragma version^0.6.2 (node_modules/@openzeppelin/contracts/utils/Address.sol#3) allows old versions
Pragma version^0.6.0 (node_modules/@openzeppelin/contracts/utils/ReentrancyGuard.sol#3) allows old versions
Pragma version>=0.5.0 (node_modules/@uniswap/v2-core/contracts/interfaces/IUniswapV2Pair.sol#1) allows old versions
Pragma version>=0.6.2 (node_modules/@uniswap/v2-periphery/contracts/interfaces/IUniswapV2Router01.sol#1) allows old versions
Pragma version>=0.6.2 (node_modules/@uniswap/v2-periphery/contracts/interfaces/IUniswapV2Router02.sol#1) allows old versions
Pragma version=0.6.6 (node_modules/@uniswap/v2-periphery/contracts/libraries/SafeMath.sol#1) allows old versions
Pragma version>=0.5.0 (node_modules/@uniswap/v2-periphery/contracts/libraries/UniswapV2Library.sol#1) allows old versions
Pragma version^0.6.6 (contracts/CosmosToken.sol#1) allows old versions
Pragma version^0.6.6 (contracts/Gravity.sol#1) allows old versions
Pragma version^0.6.6 (contracts/HashingTest.sol#1) allows old versions
Pragma version^0.6.6 (contracts/ReentrantERC20.sol#1) allows old versions
Pragma version^0.6.6 (contracts/SigningTest.sol#1) allows old versions
Pragma version^0.6.6 (contracts/SimpleLogicBatch.sol#1) allows old versions
Pragma version^0.6.6 (contracts/TestERC20A.sol#1) allows old versions
Pragma version^0.6.6 (contracts/TestERC20B.sol#1) allows old versions
Pragma version^0.6.6 (contracts/TestERC20C.sol#1) allows old versions
Pragma version^0.6.6 (contracts/TestLogicContract.sol#1) allows old versions
Pragma version^0.6.6 (contracts/TestTokenBatchMiddleware copy.sol#1) allows old versions
Pragma version^0.6.6 (contracts/TestUniswapLiquidity.sol#1) allows old versions
Pragma version>=0.4.22<0.9.0 (node_modules/hardhat/console.sol#2) is too complex
solc-0.6.6 is not recommended for deployment
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-versions-of-solidity

Low level call in Address.sendValue(address,uint256) (node_modules/@openzeppelin/contracts/utils/Address.sol#53-59):
	- (success) = recipient.call{value: amount}() (node_modules/@openzeppelin/contracts/utils/Address.sol#57)
Low level call in Address._functionCallWithValue(address,bytes,uint256,string) (node_modules/@openzeppelin/contracts/utils/Address.sol#119-140):
	- (success,returndata) = target.call{value: weiValue}(data) (node_modules/@openzeppelin/contracts/utils/Address.sol#123)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls

Function IUniswapV2Pair.DOMAIN_SEPARATOR() (node_modules/@uniswap/v2-core/contracts/interfaces/IUniswapV2Pair.sol#18) is not in mixedCase
Function IUniswapV2Pair.PERMIT_TYPEHASH() (node_modules/@uniswap/v2-core/contracts/interfaces/IUniswapV2Pair.sol#19) is not in mixedCase
Function IUniswapV2Pair.MINIMUM_LIQUIDITY() (node_modules/@uniswap/v2-core/contracts/interfaces/IUniswapV2Pair.sol#36) is not in mixedCase
Function IUniswapV2Router01.WETH() (node_modules/@uniswap/v2-periphery/contracts/interfaces/IUniswapV2Router01.sol#5) is not in mixedCase
Variable CosmosERC20.MAX_UINT (contracts/CosmosToken.sol#5) is not in mixedCase
Parameter Gravity.testMakeCheckpoint(address[],uint256[],uint256,bytes32)._validators (contracts/Gravity.sol#89) is not in mixedCase
Parameter Gravity.testMakeCheckpoint(address[],uint256[],uint256,bytes32)._powers (contracts/Gravity.sol#90) is not in mixedCase
Parameter Gravity.testMakeCheckpoint(address[],uint256[],uint256,bytes32)._valsetNonce (contracts/Gravity.sol#91) is not in mixedCase
Parameter Gravity.testMakeCheckpoint(address[],uint256[],uint256,bytes32)._gravityId (contracts/Gravity.sol#92) is not in mixedCase
Parameter Gravity.testCheckValidatorSignatures(address[],uint256[],uint8[],bytes32[],bytes32[],bytes32,uint256)._currentValidators (contracts/Gravity.sol#98) is not in mixedCase
Parameter Gravity.testCheckValidatorSignatures(address[],uint256[],uint8[],bytes32[],bytes32[],bytes32,uint256)._currentPowers (contracts/Gravity.sol#99) is not in mixedCase
Parameter Gravity.testCheckValidatorSignatures(address[],uint256[],uint8[],bytes32[],bytes32[],bytes32,uint256)._v (contracts/Gravity.sol#100) is not in mixedCase
Parameter Gravity.testCheckValidatorSignatures(address[],uint256[],uint8[],bytes32[],bytes32[],bytes32,uint256)._r (contracts/Gravity.sol#101) is not in mixedCase
Parameter Gravity.testCheckValidatorSignatures(address[],uint256[],uint8[],bytes32[],bytes32[],bytes32,uint256)._s (contracts/Gravity.sol#102) is not in mixedCase
Parameter Gravity.testCheckValidatorSignatures(address[],uint256[],uint8[],bytes32[],bytes32[],bytes32,uint256)._theHash (contracts/Gravity.sol#103) is not in mixedCase
Parameter Gravity.testCheckValidatorSignatures(address[],uint256[],uint8[],bytes32[],bytes32[],bytes32,uint256)._powerThreshold (contracts/Gravity.sol#104) is not in mixedCase
Parameter Gravity.lastBatchNonce(address)._erc20Address (contracts/Gravity.sol#119) is not in mixedCase
Parameter Gravity.lastLogicCallNonce(bytes32)._invalidation_id (contracts/Gravity.sol#123) is not in mixedCase
Parameter Gravity.verifySig(address,bytes32,uint8,bytes32,bytes32)._signer (contracts/Gravity.sol#129) is not in mixedCase
Parameter Gravity.verifySig(address,bytes32,uint8,bytes32,bytes32)._theHash (contracts/Gravity.sol#130) is not in mixedCase
Parameter Gravity.verifySig(address,bytes32,uint8,bytes32,bytes32)._v (contracts/Gravity.sol#131) is not in mixedCase
Parameter Gravity.verifySig(address,bytes32,uint8,bytes32,bytes32)._r (contracts/Gravity.sol#132) is not in mixedCase
Parameter Gravity.verifySig(address,bytes32,uint8,bytes32,bytes32)._s (contracts/Gravity.sol#133) is not in mixedCase
Parameter Gravity.makeCheckpoint(address[],uint256[],uint256,bytes32)._validators (contracts/Gravity.sol#149) is not in mixedCase
Parameter Gravity.makeCheckpoint(address[],uint256[],uint256,bytes32)._powers (contracts/Gravity.sol#150) is not in mixedCase
Parameter Gravity.makeCheckpoint(address[],uint256[],uint256,bytes32)._valsetNonce (contracts/Gravity.sol#151) is not in mixedCase
Parameter Gravity.makeCheckpoint(address[],uint256[],uint256,bytes32)._gravityId (contracts/Gravity.sol#152) is not in mixedCase
Parameter Gravity.checkValidatorSignatures(address[],uint256[],uint8[],bytes32[],bytes32[],bytes32,uint256)._currentValidators (contracts/Gravity.sol#165) is not in mixedCase
Parameter Gravity.checkValidatorSignatures(address[],uint256[],uint8[],bytes32[],bytes32[],bytes32,uint256)._currentPowers (contracts/Gravity.sol#166) is not in mixedCase
Parameter Gravity.checkValidatorSignatures(address[],uint256[],uint8[],bytes32[],bytes32[],bytes32,uint256)._v (contracts/Gravity.sol#168) is not in mixedCase
Parameter Gravity.checkValidatorSignatures(address[],uint256[],uint8[],bytes32[],bytes32[],bytes32,uint256)._r (contracts/Gravity.sol#169) is not in mixedCase
Parameter Gravity.checkValidatorSignatures(address[],uint256[],uint8[],bytes32[],bytes32[],bytes32,uint256)._s (contracts/Gravity.sol#170) is not in mixedCase
Parameter Gravity.checkValidatorSignatures(address[],uint256[],uint8[],bytes32[],bytes32[],bytes32,uint256)._theHash (contracts/Gravity.sol#172) is not in mixedCase
Parameter Gravity.checkValidatorSignatures(address[],uint256[],uint8[],bytes32[],bytes32[],bytes32,uint256)._powerThreshold (contracts/Gravity.sol#173) is not in mixedCase
Parameter Gravity.updateValset(address[],uint256[],uint256,address[],uint256[],uint256,uint8[],bytes32[],bytes32[])._newValidators (contracts/Gravity.sol#212) is not in mixedCase
Parameter Gravity.updateValset(address[],uint256[],uint256,address[],uint256[],uint256,uint8[],bytes32[],bytes32[])._newPowers (contracts/Gravity.sol#213) is not in mixedCase
Parameter Gravity.updateValset(address[],uint256[],uint256,address[],uint256[],uint256,uint8[],bytes32[],bytes32[])._newValsetNonce (contracts/Gravity.sol#214) is not in mixedCase
Parameter Gravity.updateValset(address[],uint256[],uint256,address[],uint256[],uint256,uint8[],bytes32[],bytes32[])._currentValidators (contracts/Gravity.sol#216) is not in mixedCase
Parameter Gravity.updateValset(address[],uint256[],uint256,address[],uint256[],uint256,uint8[],bytes32[],bytes32[])._currentPowers (contracts/Gravity.sol#217) is not in mixedCase
Parameter Gravity.updateValset(address[],uint256[],uint256,address[],uint256[],uint256,uint8[],bytes32[],bytes32[])._currentValsetNonce (contracts/Gravity.sol#218) is not in mixedCase
Parameter Gravity.updateValset(address[],uint256[],uint256,address[],uint256[],uint256,uint8[],bytes32[],bytes32[])._v (contracts/Gravity.sol#220) is not in mixedCase
Parameter Gravity.updateValset(address[],uint256[],uint256,address[],uint256[],uint256,uint8[],bytes32[],bytes32[])._r (contracts/Gravity.sol#221) is not in mixedCase
Parameter Gravity.updateValset(address[],uint256[],uint256,address[],uint256[],uint256,uint8[],bytes32[],bytes32[])._s (contracts/Gravity.sol#222) is not in mixedCase
Parameter Gravity.submitBatch(address[],uint256[],uint256,uint8[],bytes32[],bytes32[],uint256[],address[],uint256[],uint256,address,uint256)._currentValidators (contracts/Gravity.sol#289) is not in mixedCase
Parameter Gravity.submitBatch(address[],uint256[],uint256,uint8[],bytes32[],bytes32[],uint256[],address[],uint256[],uint256,address,uint256)._currentPowers (contracts/Gravity.sol#290) is not in mixedCase
Parameter Gravity.submitBatch(address[],uint256[],uint256,uint8[],bytes32[],bytes32[],uint256[],address[],uint256[],uint256,address,uint256)._currentValsetNonce (contracts/Gravity.sol#291) is not in mixedCase
Parameter Gravity.submitBatch(address[],uint256[],uint256,uint8[],bytes32[],bytes32[],uint256[],address[],uint256[],uint256,address,uint256)._v (contracts/Gravity.sol#293) is not in mixedCase
Parameter Gravity.submitBatch(address[],uint256[],uint256,uint8[],bytes32[],bytes32[],uint256[],address[],uint256[],uint256,address,uint256)._r (contracts/Gravity.sol#294) is not in mixedCase
Parameter Gravity.submitBatch(address[],uint256[],uint256,uint8[],bytes32[],bytes32[],uint256[],address[],uint256[],uint256,address,uint256)._s (contracts/Gravity.sol#295) is not in mixedCase
Parameter Gravity.submitBatch(address[],uint256[],uint256,uint8[],bytes32[],bytes32[],uint256[],address[],uint256[],uint256,address,uint256)._amounts (contracts/Gravity.sol#297) is not in mixedCase
Parameter Gravity.submitBatch(address[],uint256[],uint256,uint8[],bytes32[],bytes32[],uint256[],address[],uint256[],uint256,address,uint256)._destinations (contracts/Gravity.sol#298) is not in mixedCase
Parameter Gravity.submitBatch(address[],uint256[],uint256,uint8[],bytes32[],bytes32[],uint256[],address[],uint256[],uint256,address,uint256)._fees (contracts/Gravity.sol#299) is not in mixedCase
Parameter Gravity.submitBatch(address[],uint256[],uint256,uint8[],bytes32[],bytes32[],uint256[],address[],uint256[],uint256,address,uint256)._batchNonce (contracts/Gravity.sol#300) is not in mixedCase
Parameter Gravity.submitBatch(address[],uint256[],uint256,uint8[],bytes32[],bytes32[],uint256[],address[],uint256[],uint256,address,uint256)._tokenContract (contracts/Gravity.sol#301) is not in mixedCase
Parameter Gravity.submitBatch(address[],uint256[],uint256,uint8[],bytes32[],bytes32[],uint256[],address[],uint256[],uint256,address,uint256)._batchTimeout (contracts/Gravity.sol#304) is not in mixedCase
Parameter Gravity.submitLogicCall(address[],uint256[],uint256,uint8[],bytes32[],bytes32[],LogicCallArgs)._currentValidators (contracts/Gravity.sol#406) is not in mixedCase
Parameter Gravity.submitLogicCall(address[],uint256[],uint256,uint8[],bytes32[],bytes32[],LogicCallArgs)._currentPowers (contracts/Gravity.sol#407) is not in mixedCase
Parameter Gravity.submitLogicCall(address[],uint256[],uint256,uint8[],bytes32[],bytes32[],LogicCallArgs)._currentValsetNonce (contracts/Gravity.sol#408) is not in mixedCase
Parameter Gravity.submitLogicCall(address[],uint256[],uint256,uint8[],bytes32[],bytes32[],LogicCallArgs)._v (contracts/Gravity.sol#410) is not in mixedCase
Parameter Gravity.submitLogicCall(address[],uint256[],uint256,uint8[],bytes32[],bytes32[],LogicCallArgs)._r (contracts/Gravity.sol#411) is not in mixedCase
Parameter Gravity.submitLogicCall(address[],uint256[],uint256,uint8[],bytes32[],bytes32[],LogicCallArgs)._s (contracts/Gravity.sol#412) is not in mixedCase
Parameter Gravity.submitLogicCall(address[],uint256[],uint256,uint8[],bytes32[],bytes32[],LogicCallArgs)._args (contracts/Gravity.sol#413) is not in mixedCase
Parameter Gravity.sendToCosmos(address,bytes32,uint256)._tokenContract (contracts/Gravity.sol#525) is not in mixedCase
Parameter Gravity.sendToCosmos(address,bytes32,uint256)._destination (contracts/Gravity.sol#526) is not in mixedCase
Parameter Gravity.sendToCosmos(address,bytes32,uint256)._amount (contracts/Gravity.sol#527) is not in mixedCase
Parameter Gravity.deployERC20(string,string,string,uint8)._cosmosDenom (contracts/Gravity.sol#541) is not in mixedCase
Parameter Gravity.deployERC20(string,string,string,uint8)._name (contracts/Gravity.sol#542) is not in mixedCase
Parameter Gravity.deployERC20(string,string,string,uint8)._symbol (contracts/Gravity.sol#543) is not in mixedCase
Parameter Gravity.deployERC20(string,string,string,uint8)._decimals (contracts/Gravity.sol#544) is not in mixedCase
Variable Gravity.state_lastValsetCheckpoint (contracts/Gravity.sol#34) is not in mixedCase
Variable Gravity.state_lastBatchNonces (contracts/Gravity.sol#35) is not in mixedCase
Variable Gravity.state_invalidationMapping (contracts/Gravity.sol#36) is not in mixedCase
Variable Gravity.state_lastValsetNonce (contracts/Gravity.sol#37) is not in mixedCase
Variable Gravity.state_lastEventNonce (contracts/Gravity.sol#40) is not in mixedCase
Variable Gravity.state_gravityId (contracts/Gravity.sol#43) is not in mixedCase
Variable Gravity.state_powerThreshold (contracts/Gravity.sol#44) is not in mixedCase
Function HashingTest.IterativeHash(address[],uint256[],uint256,bytes32) (contracts/HashingTest.sol#14-41) is not in mixedCase
Parameter HashingTest.IterativeHash(address[],uint256[],uint256,bytes32)._validators (contracts/HashingTest.sol#15) is not in mixedCase
Parameter HashingTest.IterativeHash(address[],uint256[],uint256,bytes32)._powers (contracts/HashingTest.sol#16) is not in mixedCase
Parameter HashingTest.IterativeHash(address[],uint256[],uint256,bytes32)._valsetNonce (contracts/HashingTest.sol#17) is not in mixedCase
Parameter HashingTest.IterativeHash(address[],uint256[],uint256,bytes32)._gravityId (contracts/HashingTest.sol#18) is not in mixedCase
Function HashingTest.ConcatHash(address[],uint256[],uint256,bytes32) (contracts/HashingTest.sol#43-61) is not in mixedCase
Parameter HashingTest.ConcatHash(address[],uint256[],uint256,bytes32)._validators (contracts/HashingTest.sol#44) is not in mixedCase
Parameter HashingTest.ConcatHash(address[],uint256[],uint256,bytes32)._powers (contracts/HashingTest.sol#45) is not in mixedCase
Parameter HashingTest.ConcatHash(address[],uint256[],uint256,bytes32)._valsetNonce (contracts/HashingTest.sol#46) is not in mixedCase
Parameter HashingTest.ConcatHash(address[],uint256[],uint256,bytes32)._gravityId (contracts/HashingTest.sol#47) is not in mixedCase
Function HashingTest.ConcatHash2(address[],uint256[],uint256,bytes32) (contracts/HashingTest.sol#63-77) is not in mixedCase
Parameter HashingTest.ConcatHash2(address[],uint256[],uint256,bytes32)._validators (contracts/HashingTest.sol#64) is not in mixedCase
Parameter HashingTest.ConcatHash2(address[],uint256[],uint256,bytes32)._powers (contracts/HashingTest.sol#65) is not in mixedCase
Parameter HashingTest.ConcatHash2(address[],uint256[],uint256,bytes32)._valsetNonce (contracts/HashingTest.sol#66) is not in mixedCase
Parameter HashingTest.ConcatHash2(address[],uint256[],uint256,bytes32)._gravityId (contracts/HashingTest.sol#67) is not in mixedCase
Function HashingTest.JustSaveEverything(address[],uint256[],uint256) (contracts/HashingTest.sol#79-87) is not in mixedCase
Parameter HashingTest.JustSaveEverything(address[],uint256[],uint256)._validators (contracts/HashingTest.sol#80) is not in mixedCase
Parameter HashingTest.JustSaveEverything(address[],uint256[],uint256)._powers (contracts/HashingTest.sol#81) is not in mixedCase
Parameter HashingTest.JustSaveEverything(address[],uint256[],uint256)._valsetNonce (contracts/HashingTest.sol#82) is not in mixedCase
Function HashingTest.JustSaveEverythingAgain(address[],uint256[],uint256) (contracts/HashingTest.sol#89-97) is not in mixedCase
Parameter HashingTest.JustSaveEverythingAgain(address[],uint256[],uint256)._validators (contracts/HashingTest.sol#90) is not in mixedCase
Parameter HashingTest.JustSaveEverythingAgain(address[],uint256[],uint256)._powers (contracts/HashingTest.sol#91) is not in mixedCase
Parameter HashingTest.JustSaveEverythingAgain(address[],uint256[],uint256)._valsetNonce (contracts/HashingTest.sol#92) is not in mixedCase
Variable HashingTest.state_validators (contracts/HashingTest.sol#10) is not in mixedCase
Variable HashingTest.state_powers (contracts/HashingTest.sol#11) is not in mixedCase
Variable HashingTest.state_nonce (contracts/HashingTest.sol#12) is not in mixedCase
Variable ReentrantERC20.state_gravityAddress (contracts/ReentrantERC20.sol#9) is not in mixedCase
Parameter SigningTest.checkSignature(address,bytes32,uint8,bytes32,bytes32)._signer (contracts/SigningTest.sol#7) is not in mixedCase
Parameter SigningTest.checkSignature(address,bytes32,uint8,bytes32,bytes32)._theHash (contracts/SigningTest.sol#8) is not in mixedCase
Parameter SigningTest.checkSignature(address,bytes32,uint8,bytes32,bytes32)._v (contracts/SigningTest.sol#9) is not in mixedCase
Parameter SigningTest.checkSignature(address,bytes32,uint8,bytes32,bytes32)._r (contracts/SigningTest.sol#10) is not in mixedCase
Parameter SigningTest.checkSignature(address,bytes32,uint8,bytes32,bytes32)._s (contracts/SigningTest.sol#11) is not in mixedCase
Parameter SimpleLogicBatchMiddleware.logicBatch(uint256[],bytes[],address,address)._amounts (contracts/SimpleLogicBatch.sol#28) is not in mixedCase
Parameter SimpleLogicBatchMiddleware.logicBatch(uint256[],bytes[],address,address)._payloads (contracts/SimpleLogicBatch.sol#29) is not in mixedCase
Parameter SimpleLogicBatchMiddleware.logicBatch(uint256[],bytes[],address,address)._logicContract (contracts/SimpleLogicBatch.sol#30) is not in mixedCase
Parameter SimpleLogicBatchMiddleware.logicBatch(uint256[],bytes[],address,address)._tokenContract (contracts/SimpleLogicBatch.sol#31) is not in mixedCase
Parameter TestLogicContract.transferTokens(address,uint256,uint256)._to (contracts/TestLogicContract.sol#17) is not in mixedCase
Parameter TestLogicContract.transferTokens(address,uint256,uint256)._a (contracts/TestLogicContract.sol#18) is not in mixedCase
Parameter TestLogicContract.transferTokens(address,uint256,uint256)._b (contracts/TestLogicContract.sol#19) is not in mixedCase
Variable TestLogicContract.state_tokenContract (contracts/TestLogicContract.sol#10) is not in mixedCase
Parameter TestTokenBatchMiddleware.submitBatch(uint256[],address[],address)._amounts (contracts/TestTokenBatchMiddleware copy.sol#11) is not in mixedCase
Parameter TestTokenBatchMiddleware.submitBatch(uint256[],address[],address)._destinations (contracts/TestTokenBatchMiddleware copy.sol#12) is not in mixedCase
Parameter TestTokenBatchMiddleware.submitBatch(uint256[],address[],address)._tokenContract (contracts/TestTokenBatchMiddleware copy.sol#13) is not in mixedCase
Parameter TestUniswapLiquidity.transferTokens(address,uint256,uint256,address)._to (contracts/TestUniswapLiquidity.sol#63) is not in mixedCase
Parameter TestUniswapLiquidity.transferTokens(address,uint256,uint256,address)._a (contracts/TestUniswapLiquidity.sol#64) is not in mixedCase
Parameter TestUniswapLiquidity.transferTokens(address,uint256,uint256,address)._b (contracts/TestUniswapLiquidity.sol#65) is not in mixedCase
Parameter TestUniswapLiquidity.transferTokens(address,uint256,uint256,address).state_tokenContract (contracts/TestUniswapLiquidity.sol#66) is not in mixedCase
Contract console (node_modules/hardhat/console.sol#4-1532) is not in CapWords
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions

Redundant expression "this (node_modules/@openzeppelin/contracts/GSN/Context.sol#21)" inContext (node_modules/@openzeppelin/contracts/GSN/Context.sol#15-24)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#redundant-statements

Variable IUniswapV2Router01.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountADesired (node_modules/@uniswap/v2-periphery/contracts/interfaces/IUniswapV2Router01.sol#10) is too similar to IUniswapV2Router01.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountBDesired (node_modules/@uniswap/v2-periphery/contracts/interfaces/IUniswapV2Router01.sol#11)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#variable-names-are-too-similar

Gravity.makeCheckpoint(address[],uint256[],uint256,bytes32) (contracts/Gravity.sol#148-161) uses literals with too many digits:
	- methodName = 0x636865636b706f696e7400000000000000000000000000000000000000000000 (contracts/Gravity.sol#155)
Gravity.submitBatch(address[],uint256[],uint256,uint8[],bytes32[],bytes32[],uint256[],address[],uint256[],uint256,address,uint256) (contracts/Gravity.sol#287-393) uses literals with too many digits:
	- checkValidatorSignatures(_currentValidators,_currentPowers,_v,_r,_s,keccak256(bytes)(abi.encode(state_gravityId,0x7472616e73616374696f6e426174636800000000000000000000000000000000,_amounts,_destinations,_fees,_batchNonce,_tokenContract,_batchTimeout)),state_powerThreshold) (contracts/Gravity.sol#347-368)
Gravity.submitLogicCall(address[],uint256[],uint256,uint8[],bytes32[],bytes32[],LogicCallArgs) (contracts/Gravity.sol#404-522) uses literals with too many digits:
	- argsHash = keccak256(bytes)(abi.encode(state_gravityId,0x6c6f67696343616c6c0000000000000000000000000000000000000000000000,_args.transferAmounts,_args.transferTokenContracts,_args.feeAmounts,_args.feeTokenContracts,_args.logicContractAddress,_args.payload,_args.timeOut,_args.invalidationId,_args.invalidationNonce)) (contracts/Gravity.sol#459-475)
HashingTest.IterativeHash(address[],uint256[],uint256,bytes32) (contracts/HashingTest.sol#14-41) uses literals with too many digits:
	- methodName = 0x636865636b706f696e7400000000000000000000000000000000000000000000 (contracts/HashingTest.sol#21)
HashingTest.ConcatHash(address[],uint256[],uint256,bytes32) (contracts/HashingTest.sol#43-61) uses literals with too many digits:
	- methodName = 0x636865636b706f696e7400000000000000000000000000000000000000000000 (contracts/HashingTest.sol#50)
HashingTest.ConcatHash2(address[],uint256[],uint256,bytes32) (contracts/HashingTest.sol#63-77) uses literals with too many digits:
	- methodName = 0x636865636b706f696e7400000000000000000000000000000000000000000000 (contracts/HashingTest.sol#70)
TestERC20A.constructor() (contracts/TestERC20A.sol#6-16) uses literals with too many digits:
	- _mint(0xBf660843528035a5A4921534E156a27e64B231fE,100000000000000000000000000) (contracts/TestERC20A.sol#15)
TestERC20B.constructor() (contracts/TestERC20B.sol#6-16) uses literals with too many digits:
	- _mint(0xBf660843528035a5A4921534E156a27e64B231fE,100000000000000000000000000) (contracts/TestERC20B.sol#15)
TestERC20C.constructor() (contracts/TestERC20C.sol#6-16) uses literals with too many digits:
	- _mint(0xBf660843528035a5A4921534E156a27e64B231fE,100000000000000000000000000) (contracts/TestERC20C.sol#15)
console.slitherConstructorConstantVariables() (node_modules/hardhat/console.sol#4-1532) uses literals with too many digits:
	- CONSOLE_ADDRESS = address(0x000000000000000000636F6e736F6c652e6c6f67) (node_modules/hardhat/console.sol#5)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#too-many-digits

CosmosERC20.MAX_UINT (contracts/CosmosToken.sol#5) should be constant
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#state-variables-that-could-be-declared-constant

owner() should be declared external:
	- Ownable.owner() (node_modules/@openzeppelin/contracts/access/Ownable.sol#35-37)
renounceOwnership() should be declared external:
	- Ownable.renounceOwnership() (node_modules/@openzeppelin/contracts/access/Ownable.sol#54-57)
transferOwnership(address) should be declared external:
	- Ownable.transferOwnership(address) (node_modules/@openzeppelin/contracts/access/Ownable.sol#63-67)
name() should be declared external:
	- ERC20.name() (node_modules/@openzeppelin/contracts/token/ERC20/ERC20.sol#66-68)
symbol() should be declared external:
	- ERC20.symbol() (node_modules/@openzeppelin/contracts/token/ERC20/ERC20.sol#74-76)
decimals() should be declared external:
	- ERC20.decimals() (node_modules/@openzeppelin/contracts/token/ERC20/ERC20.sol#91-93)
totalSupply() should be declared external:
	- ERC20.totalSupply() (node_modules/@openzeppelin/contracts/token/ERC20/ERC20.sol#98-100)
balanceOf(address) should be declared external:
	- ERC20.balanceOf(address) (node_modules/@openzeppelin/contracts/token/ERC20/ERC20.sol#105-107)
transfer(address,uint256) should be declared external:
	- ERC20.transfer(address,uint256) (node_modules/@openzeppelin/contracts/token/ERC20/ERC20.sol#117-120)
allowance(address,address) should be declared external:
	- ERC20.allowance(address,address) (node_modules/@openzeppelin/contracts/token/ERC20/ERC20.sol#125-127)
approve(address,uint256) should be declared external:
	- ERC20.approve(address,uint256) (node_modules/@openzeppelin/contracts/token/ERC20/ERC20.sol#136-139)
transferFrom(address,address,uint256) should be declared external:
	- ERC20.transferFrom(address,address,uint256) (node_modules/@openzeppelin/contracts/token/ERC20/ERC20.sol#153-157)
increaseAllowance(address,uint256) should be declared external:
	- ERC20.increaseAllowance(address,uint256) (node_modules/@openzeppelin/contracts/token/ERC20/ERC20.sol#171-174)
decreaseAllowance(address,uint256) should be declared external:
	- ERC20.decreaseAllowance(address,uint256) (node_modules/@openzeppelin/contracts/token/ERC20/ERC20.sol#190-193)
testMakeCheckpoint(address[],uint256[],uint256,bytes32) should be declared external:
	- Gravity.testMakeCheckpoint(address[],uint256[],uint256,bytes32) (contracts/Gravity.sol#88-95)
testCheckValidatorSignatures(address[],uint256[],uint8[],bytes32[],bytes32[],bytes32,uint256) should be declared external:
	- Gravity.testCheckValidatorSignatures(address[],uint256[],uint8[],bytes32[],bytes32[],bytes32,uint256) (contracts/Gravity.sol#97-115)
lastBatchNonce(address) should be declared external:
	- Gravity.lastBatchNonce(address) (contracts/Gravity.sol#119-121)
lastLogicCallNonce(bytes32) should be declared external:
	- Gravity.lastLogicCallNonce(bytes32) (contracts/Gravity.sol#123-125)
updateValset(address[],uint256[],uint256,address[],uint256[],uint256,uint8[],bytes32[],bytes32[]) should be declared external:
	- Gravity.updateValset(address[],uint256[],uint256,address[],uint256[],uint256,uint8[],bytes32[],bytes32[]) (contracts/Gravity.sol#210-281)
submitBatch(address[],uint256[],uint256,uint8[],bytes32[],bytes32[],uint256[],address[],uint256[],uint256,address,uint256) should be declared external:
	- Gravity.submitBatch(address[],uint256[],uint256,uint8[],bytes32[],bytes32[],uint256[],address[],uint256[],uint256,address,uint256) (contracts/Gravity.sol#287-393)
submitLogicCall(address[],uint256[],uint256,uint8[],bytes32[],bytes32[],LogicCallArgs) should be declared external:
	- Gravity.submitLogicCall(address[],uint256[],uint256,uint8[],bytes32[],bytes32[],LogicCallArgs) (contracts/Gravity.sol#404-522)
sendToCosmos(address,bytes32,uint256) should be declared external:
	- Gravity.sendToCosmos(address,bytes32,uint256) (contracts/Gravity.sol#524-538)
deployERC20(string,string,string,uint8) should be declared external:
	- Gravity.deployERC20(string,string,string,uint8) (contracts/Gravity.sol#540-559)
IterativeHash(address[],uint256[],uint256,bytes32) should be declared external:
	- HashingTest.IterativeHash(address[],uint256[],uint256,bytes32) (contracts/HashingTest.sol#14-41)
ConcatHash(address[],uint256[],uint256,bytes32) should be declared external:
	- HashingTest.ConcatHash(address[],uint256[],uint256,bytes32) (contracts/HashingTest.sol#43-61)
ConcatHash2(address[],uint256[],uint256,bytes32) should be declared external:
	- HashingTest.ConcatHash2(address[],uint256[],uint256,bytes32) (contracts/HashingTest.sol#63-77)
JustSaveEverything(address[],uint256[],uint256) should be declared external:
	- HashingTest.JustSaveEverything(address[],uint256[],uint256) (contracts/HashingTest.sol#79-87)
JustSaveEverythingAgain(address[],uint256[],uint256) should be declared external:
	- HashingTest.JustSaveEverythingAgain(address[],uint256[],uint256) (contracts/HashingTest.sol#89-97)
transfer(address,uint256) should be declared external:
	- ReentrantERC20.transfer(address,uint256) (contracts/ReentrantERC20.sol#15-47)
checkSignature(address,bytes32,uint8,bytes32,bytes32) should be declared external:
	- SigningTest.checkSignature(address,bytes32,uint8,bytes32,bytes32) (contracts/SigningTest.sol#6-31)
logicBatch(uint256[],bytes[],address,address) should be declared external:
	- SimpleLogicBatchMiddleware.logicBatch(uint256[],bytes[],address,address) (contracts/SimpleLogicBatch.sol#27-42)
transferTokens(address,uint256,uint256) should be declared external:
	- TestLogicContract.transferTokens(address,uint256,uint256) (contracts/TestLogicContract.sol#16-23)
submitBatch(uint256[],address[],address) should be declared external:
	- TestTokenBatchMiddleware.submitBatch(uint256[],address[],address) (contracts/TestTokenBatchMiddleware copy.sol#10-19)
redeemLiquidityETH(address,uint256,uint256,uint256,address,uint256) should be declared external:
	- TestUniswapLiquidity.redeemLiquidityETH(address,uint256,uint256,uint256,address,uint256) (contracts/TestUniswapLiquidity.sol#16-40)
redeemLiquidity(address,address,uint256,uint256,uint256,address,uint256) should be declared external:
	- TestUniswapLiquidity.redeemLiquidity(address,address,uint256,uint256,uint256,address,uint256) (contracts/TestUniswapLiquidity.sol#42-60)
transferTokens(address,uint256,uint256,address) should be declared external:
	- TestUniswapLiquidity.transferTokens(address,uint256,uint256,address) (contracts/TestUniswapLiquidity.sol#62-69)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#public-function-that-could-be-declared-external
. analyzed (25 contracts with 75 detectors), 228 result(s) found
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@atoulme