Skip to content

Latest commit

 

History

History
131 lines (112 loc) · 8.6 KB

Test-07-22-2024.md

File metadata and controls

131 lines (112 loc) · 8.6 KB

Slither Analysis Report

The following test was conducted by Pavon Dunbar using Slither.

Slither High Level Summary

  • Total number of contracts in source files: 10
  • Source lines of code (SLOC) in source files: 570
  • Number of assembly lines: 0
  • Number of optimization issues: 0
  • Number of informational issues: 30
  • Number of low issues: 1
  • Number of medium issues: 0
  • Number of high issues: 0

ERCs: ERC20

Name # Functions ERCs ERC20 Info Complex Code Features
IWETH 8 ERC20 No Minting No Receive ETH
Approve Race Cond.
AMM 53 No Receive ETH, Send ETH, Tokens interaction
IERC20Permit 3 No
SafeERC20 7 No Send ETH, Tokens interaction
Address 8 No Send ETH, Delegatecall, Assembly

AMM.sol analyzed (10 contracts)

Slither Detailed Summary

The following issues were detected in the AMM.sol contract using Slither:

Detectors

1. Local Variable Shadowing

  • Location: AMM._approve(address,address,uint256).owner (AMM.sol#97) shadows:
    • Ownable.owner() (lib/openzeppelin-contracts/contracts/access/Ownable.sol#56-58) (function)
  • Reference: Local Variable Shadowing

2. Assembly Usage

  • Location: Address._revert(bytes) (lib/openzeppelin-contracts/contracts/utils/Address.sol#146-158) uses assembly
    • INLINE ASM (lib/openzeppelin-contracts/contracts/utils/Address.sol#151-154)
  • Reference: Assembly Usage

3. Different Pragma Directives

  • Details:
    • Version constraint 0.8.25 is used by:
      • 0.8.25 (AMM.sol#2)
    • Version constraint ^0.8.20 is used by:
      • ^0.8.20 (lib/openzeppelin-contracts/contracts/access/Ownable.sol#4)
      • ^0.8.20 (lib/openzeppelin-contracts/contracts/token/ERC20/IERC20.sol#4)
      • ^0.8.20 (lib/openzeppelin-contracts/contracts/token/ERC20/extensions/IERC20Permit.sol#4)
      • ^0.8.20 (lib/openzeppelin-contracts/contracts/token/ERC20/utils/SafeERC20.sol#4)
      • ^0.8.20 (lib/openzeppelin-contracts/contracts/utils/Address.sol#4)
      • ^0.8.20 (lib/openzeppelin-contracts/contracts/utils/Context.sol#4)
      • ^0.8.20 (lib/openzeppelin-contracts/contracts/utils/Pausable.sol#4)
      • ^0.8.20 (lib/openzeppelin-contracts/contracts/utils/ReentrancyGuard.sol#4)
  • Reference: Different Pragma Directives

4. Dead Code

  • Details:
    • AMM._calculateAmountOut(AMM.SwapInfo) (AMM.sol#350-354) is never used and should be removed
    • AMM._transferTokensToContract(AMM.AddLiquidityParams) (AMM.sol#228-231) is never used and should be removed
    • Context._contextSuffixLength() (lib/openzeppelin-contracts/contracts/utils/Context.sol#25-27) is never used and should be removed
    • Context._msgData() (lib/openzeppelin-contracts/contracts/utils/Context.sol#21-23) is never used and should be removed
    • ReentrancyGuard._reentrancyGuardEntered() (lib/openzeppelin-contracts/contracts/utils/ReentrancyGuard.sol#81-83) is never used and should be removed
  • Reference: Dead Code

5. Incorrect Versions of Solidity

  • Details:
    • Version constraint 0.8.25 contains known severe issues: Solidity Bugs
      • It is used by: 0.8.25 (AMM.sol#2)
    • Version constraint ^0.8.20 contains known severe issues: Solidity Bugs
      • VerbatimInvalidDeduplication
      • FullInlinerNonExpressionSplitArgumentEvaluationOrder
      • MissingSideEffectsOnSelectorAccess
      • It is used by:
        • ^0.8.20 (lib/openzeppelin-contracts/contracts/access/Ownable.sol#4)
        • ^0.8.20 (lib/openzeppelin-contracts/contracts/token/ERC20/IERC20.sol#4)
        • ^0.8.20 (lib/openzeppelin-contracts/contracts/token/ERC20/extensions/IERC20Permit.sol#4)
        • ^0.8.20 (lib/openzeppelin-contracts/contracts/token/ERC20/utils/SafeERC20.sol#4)
        • ^0.8.20 (lib/openzeppelin-contracts/contracts/utils/Address.sol#4)
        • ^0.8.20 (lib/openzeppelin-contracts/contracts/utils/Context.sol#4)
        • ^0.8.20 (lib/openzeppelin-contracts/contracts/utils/Pausable.sol#4)
        • ^0.8.20 (lib/openzeppelin-contracts/contracts/utils/ReentrancyGuard.sol#4)
  • Reference: Incorrect Versions of Solidity

6. Low-Level Calls

  • Details:
    • Low-level call in SafeERC20._callOptionalReturnBool(IERC20,bytes) (lib/openzeppelin-contracts/contracts/token/ERC20/utils/SafeERC20.sol#110-117)
      • (success,returndata) = address(token).call(data) (lib/openzeppelin-contracts/contracts/token/ERC20/utils/SafeERC20.sol#115)
    • Low-level call in Address.sendValue(address,uint256) (lib/openzeppelin-contracts/contracts/utils/Address.sol#41-50)
      • (success,None) = recipient.call{value: amount}() (lib/openzeppelin-contracts/contracts/utils/Address.sol#46)
    • Low-level call in Address.functionCallWithValue(address,bytes,uint256) (lib/openzeppelin-contracts/contracts/utils/Address.sol#83-89)
      • (success,returndata) = target.call{value: value}(data) (lib/openzeppelin-contracts/contracts/utils/Address.sol#87)
    • Low-level call in Address.functionStaticCall(address,bytes) (lib/openzeppelin-contracts/contracts/utils/Address.sol#95-98)
      • (success,returndata) = target.staticcall(data) (lib/openzeppelin-contracts/contracts/utils/Address.sol#96)
    • Low-level call in Address.functionDelegateCall(address,bytes) (lib/openzeppelin-contracts/contracts/utils/Address.sol#104-107)
      • (success,returndata) = target.delegatecall(data) (lib/openzeppelin-contracts/contracts/utils/Address.sol#105)
  • Reference: Low-Level Calls

7. Conformance to Solidity Naming Conventions

  • Details:
    • Parameter AMM.setSwapFee(uint256)._swapFee (AMM.sol#106) is not in mixedCase
    • Parameter AMM.createPair(address,address)._token0 (AMM.sol#124) is not in mixedCase
    • Parameter AMM.createPair(address,address)._token1 (AMM.sol#124) is not in mixedCase
    • Parameter AMM.getPairInfo(uint256)._pairId (AMM.sol#145) is not in mixedCase
    • Parameter AMM.getBalance(uint256,address)._pairId (AMM.sol#151) is not in mixedCase
    • Parameter AMM.getBalance(uint256,address)._account (AMM.sol#151) is not in mixedCase
    • Parameter AMM.addLiquidity(uint256,uint256,uint256)._pairId (AMM.sol#171) is not in mixedCase
    • Parameter AMM.addLiquidity(uint256,uint256,uint256)._amount0 (AMM.sol#171) is not in mixedCase
    • Parameter AMM.addLiquidity(uint256,uint256,uint256)._amount1 (AMM.sol#171) is not in mixedCase
    • Parameter AMM.swap(uint256,address,uint256)._pairId (AMM.sol#258) is not in mixedCase
    • Parameter AMM.swap(uint256,address,uint256)._tokenIn (AMM.sol#258) is not in mixedCase
    • Parameter AMM.swap(uint256,address,uint256)._amountIn (AMM.sol#258) is not in mixedCase
    • Parameter AMM.removeLiquidity(uint256,uint256)._pairId (AMM.sol#306) is not in mixedCase
    • Parameter AMM.removeLiquidity(uint256,uint256)._shares (AMM.sol#306) is not in mixedCase
    • Function IERC20Permit.DOMAIN_SEPARATOR() (lib/openzeppelin-contracts/contracts/token/ERC20/extensions/IERC20Permit.sol#89) is not in mixedCase
  • Reference: Conformance to Solidity Naming Conventions

8. Unused Imports

  • Details:
    • The following unused import(s) in lib/openzeppelin-contracts/contracts/token/ERC20/utils/SafeERC20.sol should be removed:
      • import {IERC20Permit} from "../extensions/IERC20Permit.sol"; (lib/openzeppelin-contracts/contracts/token/ERC20/utils/SafeERC20.sol#7)
  • Reference: Unused Imports

Summary

  • Contracts Analyzed: 10
  • Detectors Run: 94
  • Issues Found: 31