Create Test-07-22-2024.md

pavondunbar · web-flow · commit e5706e9e5fb4 · 2024-07-22T15:32:53.000-07:00
Slither analysis summary

Signed-off-by: Pavon Dunbar &lt;36899956+pavondunbar@users.noreply.github.com&gt;
diff --git a/SlitherTest/Test-07-22-2024.md b/SlitherTest/Test-07-22-2024.md
@@ -0,0 +1,131 @@
+# Slither Analysis Report 
+
+The following test was conducted by Pavon Dunbar using Slither.
+
+## Slither High Level Summary
+
+- **Total number of contracts in source files**: 10
+- **Source lines of code (SLOC) in source files**: 570
+- **Number of assembly lines**: 0
+- **Number of optimization issues**: 0
+- **Number of informational issues**: 30
+- **Number of low issues**: 1
+- **Number of medium issues**: 0
+- **Number of high issues**: 0
+
+**ERCs**: ERC20
+
+| Name         | # Functions | ERCs | ERC20 Info         | Complex Code | Features                |
+|--------------|-------------|------|--------------------|--------------|-------------------------|
+| IWETH        | 8           | ERC20| No Minting         | No           | Receive ETH             |
+|              |             |      | Approve Race Cond. |              |                         |
+| AMM          | 53          |      |                    | No           | Receive ETH, Send ETH, Tokens interaction |
+| IERC20Permit | 3           |      |                    | No           |                         |
+| SafeERC20    | 7           |      |                    | No           | Send ETH, Tokens interaction |
+| Address      | 8           |      |                    | No           | Send ETH, Delegatecall, Assembly |
+
+AMM.sol analyzed (10 contracts)
+
+
+## Slither Detailed Summary
+
+The following issues were detected in the `AMM.sol` contract using Slither:
+
+## Detectors
+
+### 1. Local Variable Shadowing
+- **Location:** `AMM._approve(address,address,uint256).owner` (AMM.sol#97) shadows:
+  - `Ownable.owner()` (lib/openzeppelin-contracts/contracts/access/Ownable.sol#56-58) (function)
+- **Reference:** [Local Variable Shadowing](https://github.com/crytic/slither/wiki/Detector-Documentation#local-variable-shadowing)
+
+### 2. Assembly Usage
+- **Location:** `Address._revert(bytes)` (lib/openzeppelin-contracts/contracts/utils/Address.sol#146-158) uses assembly
+  - INLINE ASM (lib/openzeppelin-contracts/contracts/utils/Address.sol#151-154)
+- **Reference:** [Assembly Usage](https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage)
+
+### 3. Different Pragma Directives
+- **Details:**
+  - **Version constraint 0.8.25 is used by:**
+    - `0.8.25` (AMM.sol#2)
+  - **Version constraint ^0.8.20 is used by:**
+    - `^0.8.20` (lib/openzeppelin-contracts/contracts/access/Ownable.sol#4)
+    - `^0.8.20` (lib/openzeppelin-contracts/contracts/token/ERC20/IERC20.sol#4)
+    - `^0.8.20` (lib/openzeppelin-contracts/contracts/token/ERC20/extensions/IERC20Permit.sol#4)
+    - `^0.8.20` (lib/openzeppelin-contracts/contracts/token/ERC20/utils/SafeERC20.sol#4)
+    - `^0.8.20` (lib/openzeppelin-contracts/contracts/utils/Address.sol#4)
+    - `^0.8.20` (lib/openzeppelin-contracts/contracts/utils/Context.sol#4)
+    - `^0.8.20` (lib/openzeppelin-contracts/contracts/utils/Pausable.sol#4)
+    - `^0.8.20` (lib/openzeppelin-contracts/contracts/utils/ReentrancyGuard.sol#4)
+- **Reference:** [Different Pragma Directives](https://github.com/crytic/slither/wiki/Detector-Documentation#different-pragma-directives-are-used)
+
+### 4. Dead Code
+- **Details:**
+  - `AMM._calculateAmountOut(AMM.SwapInfo)` (AMM.sol#350-354) is never used and should be removed
+  - `AMM._transferTokensToContract(AMM.AddLiquidityParams)` (AMM.sol#228-231) is never used and should be removed
+  - `Context._contextSuffixLength()` (lib/openzeppelin-contracts/contracts/utils/Context.sol#25-27) is never used and should be removed
+  - `Context._msgData()` (lib/openzeppelin-contracts/contracts/utils/Context.sol#21-23) is never used and should be removed
+  - `ReentrancyGuard._reentrancyGuardEntered()` (lib/openzeppelin-contracts/contracts/utils/ReentrancyGuard.sol#81-83) is never used and should be removed
+- **Reference:** [Dead Code](https://github.com/crytic/slither/wiki/Detector-Documentation#dead-code)
+
+### 5. Incorrect Versions of Solidity
+- **Details:**
+  - **Version constraint 0.8.25 contains known severe issues:** [Solidity Bugs](https://solidity.readthedocs.io/en/latest/bugs.html)
+    - It is used by: `0.8.25` (AMM.sol#2)
+  - **Version constraint ^0.8.20 contains known severe issues:** [Solidity Bugs](https://solidity.readthedocs.io/en/latest/bugs.html)
+    - VerbatimInvalidDeduplication
+    - FullInlinerNonExpressionSplitArgumentEvaluationOrder
+    - MissingSideEffectsOnSelectorAccess
+    - It is used by:
+      - `^0.8.20` (lib/openzeppelin-contracts/contracts/access/Ownable.sol#4)
+      - `^0.8.20` (lib/openzeppelin-contracts/contracts/token/ERC20/IERC20.sol#4)
+      - `^0.8.20` (lib/openzeppelin-contracts/contracts/token/ERC20/extensions/IERC20Permit.sol#4)
+      - `^0.8.20` (lib/openzeppelin-contracts/contracts/token/ERC20/utils/SafeERC20.sol#4)
+      - `^0.8.20` (lib/openzeppelin-contracts/contracts/utils/Address.sol#4)
+      - `^0.8.20` (lib/openzeppelin-contracts/contracts/utils/Context.sol#4)
+      - `^0.8.20` (lib/openzeppelin-contracts/contracts/utils/Pausable.sol#4)
+      - `^0.8.20` (lib/openzeppelin-contracts/contracts/utils/ReentrancyGuard.sol#4)
+- **Reference:** [Incorrect Versions of Solidity](https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-versions-of-solidity)
+
+### 6. Low-Level Calls
+- **Details:**
+  - Low-level call in `SafeERC20._callOptionalReturnBool(IERC20,bytes)` (lib/openzeppelin-contracts/contracts/token/ERC20/utils/SafeERC20.sol#110-117)
+    - `(success,returndata) = address(token).call(data)` (lib/openzeppelin-contracts/contracts/token/ERC20/utils/SafeERC20.sol#115)
+  - Low-level call in `Address.sendValue(address,uint256)` (lib/openzeppelin-contracts/contracts/utils/Address.sol#41-50)
+    - `(success,None) = recipient.call{value: amount}()` (lib/openzeppelin-contracts/contracts/utils/Address.sol#46)
+  - Low-level call in `Address.functionCallWithValue(address,bytes,uint256)` (lib/openzeppelin-contracts/contracts/utils/Address.sol#83-89)
+    - `(success,returndata) = target.call{value: value}(data)` (lib/openzeppelin-contracts/contracts/utils/Address.sol#87)
+  - Low-level call in `Address.functionStaticCall(address,bytes)` (lib/openzeppelin-contracts/contracts/utils/Address.sol#95-98)
+    - `(success,returndata) = target.staticcall(data)` (lib/openzeppelin-contracts/contracts/utils/Address.sol#96)
+  - Low-level call in `Address.functionDelegateCall(address,bytes)` (lib/openzeppelin-contracts/contracts/utils/Address.sol#104-107)
+    - `(success,returndata) = target.delegatecall(data)` (lib/openzeppelin-contracts/contracts/utils/Address.sol#105)
+- **Reference:** [Low-Level Calls](https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls)
+
+### 7. Conformance to Solidity Naming Conventions
+- **Details:**
+  - Parameter `AMM.setSwapFee(uint256)._swapFee` (AMM.sol#106) is not in mixedCase
+  - Parameter `AMM.createPair(address,address)._token0` (AMM.sol#124) is not in mixedCase
+  - Parameter `AMM.createPair(address,address)._token1` (AMM.sol#124) is not in mixedCase
+  - Parameter `AMM.getPairInfo(uint256)._pairId` (AMM.sol#145) is not in mixedCase
+  - Parameter `AMM.getBalance(uint256,address)._pairId` (AMM.sol#151) is not in mixedCase
+  - Parameter `AMM.getBalance(uint256,address)._account` (AMM.sol#151) is not in mixedCase
+  - Parameter `AMM.addLiquidity(uint256,uint256,uint256)._pairId` (AMM.sol#171) is not in mixedCase
+  - Parameter `AMM.addLiquidity(uint256,uint256,uint256)._amount0` (AMM.sol#171) is not in mixedCase
+  - Parameter `AMM.addLiquidity(uint256,uint256,uint256)._amount1` (AMM.sol#171) is not in mixedCase
+  - Parameter `AMM.swap(uint256,address,uint256)._pairId` (AMM.sol#258) is not in mixedCase
+  - Parameter `AMM.swap(uint256,address,uint256)._tokenIn` (AMM.sol#258) is not in mixedCase
+  - Parameter `AMM.swap(uint256,address,uint256)._amountIn` (AMM.sol#258) is not in mixedCase
+  - Parameter `AMM.removeLiquidity(uint256,uint256)._pairId` (AMM.sol#306) is not in mixedCase
+  - Parameter `AMM.removeLiquidity(uint256,uint256)._shares` (AMM.sol#306) is not in mixedCase
+  - Function `IERC20Permit.DOMAIN_SEPARATOR()` (lib/openzeppelin-contracts/contracts/token/ERC20/extensions/IERC20Permit.sol#89) is not in mixedCase
+- **Reference:** [Conformance to Solidity Naming Conventions](https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions)
+
+### 8. Unused Imports
+- **Details:**
+  - The following unused import(s) in `lib/openzeppelin-contracts/contracts/token/ERC20/utils/SafeERC20.sol` should be removed:
+    - `import {IERC20Permit} from "../extensions/IERC20Permit.sol";` (lib/openzeppelin-contracts/contracts/token/ERC20/utils/SafeERC20.sol#7)
+- **Reference:** [Unused Imports](https://github.com/crytic/slither/wiki/Detector-Documentation#unused-imports)
+
+## Summary
+- **Contracts Analyzed:** 10
+- **Detectors Run:** 94
+- **Issues Found:** 31
