This report was generated by Aderyn, a static analysis tool built by Cyfrin, a blockchain security company. This report is not a substitute for manual audit or security review. It should not be relied upon for any purpose other than to assist in the identification of potential security vulnerabilities.
- Summary
- High Issues
- H-1: Using
delegatecallin loop - H-2:
abi.encodePacked()should not be used with dynamic types when passing the result to a hash function such askeccak256() - H-3: Using
block.timestampfor swap deadline offers no protection - H-4: Arbitrary
frompassed totransferFrom(orsafeTransferFrom) - H-5: Unprotected initializer
- H-6: Unsafe Casting
- H-7: EnumerableSet.remove in loop corrupts the set order.
- H-8: Experimental ABI Encoder
- H-9: Incorrect Assembly Shift Parameter Order
- H-10: Storage Array Edited with Memory
- H-11: Contract Has Multiple Constructors
- H-12: Contract Name Reused in Different Files
- H-13: Nested Structs in Mappings pre-0.5.0
- H-14: Depracated EVM Instruction for
selfdestructshould not be used. - H-15: Array length value has a direct assignment.
- H-16: Uninitialized State Variables
- H-17: Incorrect use of caret operator on a non hexadcimal constant
- H-18: Yul block contains
returnfunction call. - H-19: High Issue Title
- H-20: Misused boolean with logical operators
- H-21: Sending native Eth is not protected from these functions.
- H-22: Delegatecall made by the function without checks on any adress.
- H-23: Tautological comparison.
- H-24: RTLO character detected in file. \u{202e}
- H-25: Return value of the function call is not checked.
- H-26: Dangerous unary operator found in assignment.
- H-27: Usage of variable before declaration.
- H-28: Deletion from a nested mappping.
- H-1: Using
- Low Issues
- L-1: Centralization Risk for trusted owners
- L-2: Solmate's SafeTransferLib does not check for token contract's existence
- L-3:
ecrecoveris susceptible to signature malleability - L-4: Deprecated OpenZeppelin functions should not be used
- L-5: Unsafe ERC20 Operations should not be used
- L-6: Solidity pragma should be specific, not wide
- L-7: Missing checks for
address(0)when assigning values to address state variables - L-8:
publicfunctions not used internally could be markedexternal - L-9: Define and use
constantvariables instead of using literals - L-10: Event is missing
indexedfields - L-11: Empty
require()/revert()statements - L-12: The
nonReentrantmodifiershould occur before all other modifiers - L-13: Using
ERC721::_mint()can be dangerous - L-14: PUSH0 is not supported by all chains
- L-15: Modifiers invoked only once can be shoe-horned into the function
- L-16: Empty Block
- L-17: Large literal values multiples of 10000 can be replaced with scientific notation
- L-18: Internal functions called only once can be inlined
- L-19: Contract still has TODOs
- L-20: Inconsistency in declaring uint256/uint (or) int256/int variables within a contract. Use explicit size declarations (uint256 or int256).
- L-21: Unused Custom Error
- L-22: Loop contains
require/revertstatements - L-23: Incorrect Order of Division and Multiplication
| Key | Value |
|---|---|
| .sol Files | 66 |
| Total nSLOC | 1845 |
| Filepath | nSLOC |
|---|---|
| src/AbstractContract.sol | 11 |
| src/AdminContract.sol | 11 |
| src/ArbitraryTransferFrom.sol | 37 |
| src/AssemblyExample.sol | 9 |
| src/CallGraphTests.sol | 49 |
| src/Casting.sol | 126 |
| src/ConstantsLiterals.sol | 28 |
| src/ContractWithTodo.sol | 7 |
| src/Counter.sol | 20 |
| src/CrazyPragma.sol | 4 |
| src/DangerousUnaryOperator.sol | 13 |
| src/DelegateCallWithoutAddressCheck.sol | 31 |
| src/DeletionNestedMappingStructureContract.sol | 11 |
| src/DeprecatedOZFunctions.sol | 32 |
| src/DivisionBeforeMultiplication.sol | 22 |
| src/DynamicArrayLengthAssignment.sol | 16 |
| src/EmptyBlocks.sol | 48 |
| src/EnumerableSetIteration.sol | 55 |
| src/ExperimentalEncoder.sol | 4 |
| src/HugeConstants.sol | 36 |
| src/InconsistentUints.sol | 17 |
| src/IncorrectCaretOperator.sol | 16 |
| src/IncorrectShift.sol | 17 |
| src/InternalFunctions.sol | 22 |
| src/KeccakContract.sol | 21 |
| src/MisusedBoolean.sol | 67 |
| src/MultipleConstructorSchemes.sol | 10 |
| src/OnceModifierExample.sol | 8 |
| src/PreDeclaredVarUsage.sol | 9 |
| src/RTLO.sol | 7 |
| src/RevertsAndRequriesInLoops.sol | 27 |
| src/SendEtherNoChecks.sol | 58 |
| src/StateShadowing.sol | 17 |
| src/StateVariables.sol | 58 |
| src/StorageConditionals.sol | 59 |
| src/StorageParameters.sol | 16 |
| src/T11sTranferer.sol | 8 |
| src/TautologicalCompare.sol | 17 |
| src/TestERC20.sol | 62 |
| src/UncheckedReturn.sol | 33 |
| src/UninitializedStateVariable.sol | 29 |
| src/UnprotectedInitialize.sol | 25 |
| src/UnsafeERC721Mint.sol | 18 |
| src/UnusedError.sol | 19 |
| src/UsingSelfdestruct.sol | 6 |
| src/WrongOrderOfLayout.sol | 13 |
| src/YulReturn.sol | 8 |
| src/ZeroAddressCheck.sol | 41 |
| src/auditor_mode/ExternalCalls.sol | 65 |
| src/auditor_mode/PublicFunctionsWithoutSenderCheck.sol | 45 |
| src/cloc/AnotherHeavilyCommentedContract.sol | 32 |
| src/cloc/EmptyContractFile.sol | 0 |
| src/cloc/HeavilyCommentedContract.sol | 21 |
| src/eth2/DepositContract.sol | 95 |
| src/inheritance/ExtendedInheritance.sol | 17 |
| src/inheritance/IContractInheritance.sol | 4 |
| src/inheritance/InheritanceBase.sol | 8 |
| src/nested/1/Nested.sol | 10 |
| src/nested/2/Nested.sol | 7 |
| src/nested_mappings/LaterVersion.sol | 10 |
| src/nested_mappings/NestedMappings.sol | 10 |
| src/parent_chain/ParentChainContract.sol | 29 |
| src/reused_contract_name/ContractA.sol | 7 |
| src/reused_contract_name/ContractB.sol | 7 |
| src/uniswap/UniswapV2Swapper.sol | 50 |
| src/uniswap/UniswapV3Swapper.sol | 150 |
| Total | 1845 |
| Category | No. of Issues |
|---|---|
| High | 28 |
| Low | 23 |
When calling delegatecall the same msg.value amount will be accredited multiple times.
1 Found Instances
-
Found in src/inheritance/ExtendedInheritance.sol Line: 16
target.delegatecall(abi.encodeWithSignature("doSomething(uint256)", i));
H-2: abi.encodePacked() should not be used with dynamic types when passing the result to a hash function such as keccak256()
Use abi.encode() instead which will pad items to 32 bytes, which will prevent hash collisions (e.g. abi.encodePacked(0x123,0x456) => 0x123456 => abi.encodePacked(0x1,0x23456), but abi.encode(0x123,0x456) => 0x0...1230...456). Unless there is a compelling reason, abi.encode should be preferred. If there is only one argument to abi.encodePacked() it can often be cast to bytes() or bytes32() instead.
If all arguments are strings and or bytes, bytes.concat() should be used instead.
3 Found Instances
In the PoS model, proposers know well in advance if they will propose one or consecutive blocks ahead of time. In such a scenario, a malicious validator can hold back the transaction and execute it at a more favourable block number.Consider allowing function caller to specify swap deadline input parameter.
16 Found Instances
-
Found in src/uniswap/UniswapV2Swapper.sol Line: 23
router1.swapExactTokensForTokens(amountIn, amountOutMin, path, to, block.timestamp);
-
Found in src/uniswap/UniswapV2Swapper.sol Line: 24
router1.swapTokensForExactTokens(amountOut, amountInMax, path, to, block.timestamp);
-
Found in src/uniswap/UniswapV2Swapper.sol Line: 25
router1.swapExactETHForTokens(amountOutMin, path, to, block.timestamp);
-
Found in src/uniswap/UniswapV2Swapper.sol Line: 26
router1.swapTokensForExactETH(amountOut, amountInMax, path, to, block.timestamp);
-
Found in src/uniswap/UniswapV2Swapper.sol Line: 27
router1.swapExactTokensForETH(amountIn, amountOutMin, path, to, block.timestamp);
-
Found in src/uniswap/UniswapV2Swapper.sol Line: 31
router2.swapExactTokensForTokensSupportingFeeOnTransferTokens(amountIn, amountOutMin, path, to, block.timestamp);
-
Found in src/uniswap/UniswapV2Swapper.sol Line: 32
router2.swapExactETHForTokensSupportingFeeOnTransferTokens(amountOutMin, path, to, block.timestamp);
-
Found in src/uniswap/UniswapV2Swapper.sol Line: 33
router2.swapExactTokensForETHSupportingFeeOnTransferTokens(amountIn, amountOutMin, path, to, block.timestamp);
-
Found in src/uniswap/UniswapV3Swapper.sol Line: 52
ExactInputSingleParams memory exactInputSingleParams = ExactInputSingleParams(
-
Found in src/uniswap/UniswapV3Swapper.sol Line: 55
exactInputSingleParams = ExactInputSingleParams({
-
Found in src/uniswap/UniswapV3Swapper.sol Line: 66
ExactInputParams memory exactInputParams = ExactInputParams(
-
Found in src/uniswap/UniswapV3Swapper.sol Line: 69
exactInputParams = ExactInputParams({
-
Found in src/uniswap/UniswapV3Swapper.sol Line: 77
ExactOutputSingleParams memory exactOutputSingleParams = ExactOutputSingleParams(
-
Found in src/uniswap/UniswapV3Swapper.sol Line: 80
exactOutputSingleParams = ExactOutputSingleParams({
-
Found in src/uniswap/UniswapV3Swapper.sol Line: 91
ExactOutputParams memory exactOutputParams = ExactOutputParams(
-
Found in src/uniswap/UniswapV3Swapper.sol Line: 94
exactOutputParams = ExactOutputParams({
Passing an arbitrary from address to transferFrom (or safeTransferFrom) can lead to loss of funds, because anyone can transfer tokens from the from address if an approval is made.
6 Found Instances
-
Found in src/ArbitraryTransferFrom.sol Line: 16
s_token.transferFrom(from, to, amount); -
Found in src/ArbitraryTransferFrom.sol Line: 20
s_token.safeTransferFrom(from, to, amount); -
Found in src/ArbitraryTransferFrom.sol Line: 24
SafeERC20.safeTransferFrom(s_token, from, to, amount); -
Found in src/ArbitraryTransferFrom.sol Line: 30
s_token.transferFrom(from_msgsender, to, am); -
Found in src/DeprecatedOZFunctions.sol Line: 17
token.safeTransferFrom(from, to, value); -
Found in src/DeprecatedOZFunctions.sol Line: 47
token.transferFrom(from, to, value);
Consider protecting the initializer functions with modifiers.
1 Found Instances
-
Found in src/UnprotectedInitialize.sol Line: 35
function initializeWithoutModifierOrRevert() external {
Downcasting int/uints in Solidity can be unsafe due to the potential for data loss and unintended behavior.When downcasting a larger integer type to a smaller one (e.g., uint256 to uint128), the value may exceed the range of the target type,leading to truncation and loss of significant digits. Use OpenZeppelin's SafeCast library to safely downcast integers.
93 Found Instances
-
Found in src/Casting.sol Line: 35
uint248 b = uint248(a);
-
Found in src/Casting.sol Line: 36
uint240 c = uint240(b);
-
Found in src/Casting.sol Line: 37
uint232 d = uint232(c);
-
Found in src/Casting.sol Line: 38
uint224 e = uint224(d);
-
Found in src/Casting.sol Line: 39
uint216 f = uint216(e);
-
Found in src/Casting.sol Line: 40
uint208 g = uint208(f);
-
Found in src/Casting.sol Line: 41
uint200 h = uint200(g);
-
Found in src/Casting.sol Line: 42
uint192 i = uint192(h);
-
Found in src/Casting.sol Line: 43
uint184 j = uint184(i);
-
Found in src/Casting.sol Line: 44
uint176 k = uint176(j);
-
Found in src/Casting.sol Line: 45
uint168 l = uint168(k);
-
Found in src/Casting.sol Line: 46
uint160 m = uint160(l);
-
Found in src/Casting.sol Line: 47
uint152 n = uint152(m);
-
Found in src/Casting.sol Line: 48
uint144 o = uint144(n);
-
Found in src/Casting.sol Line: 49
uint136 p = uint136(o);
-
Found in src/Casting.sol Line: 50
uint128 q = uint128(p);
-
Found in src/Casting.sol Line: 51
uint120 r = uint120(q);
-
Found in src/Casting.sol Line: 52
uint112 s = uint112(r);
-
Found in src/Casting.sol Line: 53
uint104 t = uint104(s);
-
Found in src/Casting.sol Line: 54
uint96 u = uint96(t);
-
Found in src/Casting.sol Line: 55
uint88 v = uint88(u);
-
Found in src/Casting.sol Line: 56
uint80 w = uint80(v);
-
Found in src/Casting.sol Line: 57
uint72 x = uint72(w);
-
Found in src/Casting.sol Line: 58
uint64 y = uint64(x);
-
Found in src/Casting.sol Line: 59
uint56 z = uint56(y);
-
Found in src/Casting.sol Line: 60
uint48 aa = uint48(z);
-
Found in src/Casting.sol Line: 61
uint40 ab = uint40(aa);
-
Found in src/Casting.sol Line: 62
uint32 ac = uint32(ab);
-
Found in src/Casting.sol Line: 63
uint24 ad = uint24(ac);
-
Found in src/Casting.sol Line: 64
uint16 ae = uint16(ad);
-
Found in src/Casting.sol Line: 65
uint8Value = uint8(ae);
-
Found in src/Casting.sol Line: 73
int248 b = int248(a);
-
Found in src/Casting.sol Line: 74
int240 c = int240(b);
-
Found in src/Casting.sol Line: 75
int232 d = int232(c);
-
Found in src/Casting.sol Line: 76
int224 e = int224(d);
-
Found in src/Casting.sol Line: 77
int216 f = int216(e);
-
Found in src/Casting.sol Line: 78
int208 g = int208(f);
-
Found in src/Casting.sol Line: 79
int200 h = int200(g);
-
Found in src/Casting.sol Line: 80
int192 i = int192(h);
-
Found in src/Casting.sol Line: 81
int184 j = int184(i);
-
Found in src/Casting.sol Line: 82
int176 k = int176(j);
-
Found in src/Casting.sol Line: 83
int168 l = int168(k);
-
Found in src/Casting.sol Line: 84
int160 m = int160(l);
-
Found in src/Casting.sol Line: 85
int152 n = int152(m);
-
Found in src/Casting.sol Line: 86
int144 o = int144(n);
-
Found in src/Casting.sol Line: 87
int136 p = int136(o);
-
Found in src/Casting.sol Line: 88
int128 q = int128(p);
-
Found in src/Casting.sol Line: 89
int120 r = int120(q);
-
Found in src/Casting.sol Line: 90
int112 s = int112(r);
-
Found in src/Casting.sol Line: 91
int104 t = int104(s);
-
Found in src/Casting.sol Line: 92
int96 u = int96(t);
-
Found in src/Casting.sol Line: 93
int88 v = int88(u);
-
Found in src/Casting.sol Line: 94
int80 w = int80(v);
-
Found in src/Casting.sol Line: 95
int72 x = int72(w);
-
Found in src/Casting.sol Line: 96
int64 y = int64(x);
-
Found in src/Casting.sol Line: 97
int56 z = int56(y);
-
Found in src/Casting.sol Line: 98
int48 aa = int48(z);
-
Found in src/Casting.sol Line: 99
int40 ab = int40(aa);
-
Found in src/Casting.sol Line: 100
int32 ac = int32(ab);
-
Found in src/Casting.sol Line: 101
int24 ad = int24(ac);
-
Found in src/Casting.sol Line: 102
int16 ae = int16(ad);
-
Found in src/Casting.sol Line: 103
int8Value = int8(ae);
-
Found in src/Casting.sol Line: 111
bytes31 b = bytes31(a);
-
Found in src/Casting.sol Line: 112
bytes30 c = bytes30(b);
-
Found in src/Casting.sol Line: 113
bytes29 d = bytes29(c);
-
Found in src/Casting.sol Line: 114
bytes28 e = bytes28(d);
-
Found in src/Casting.sol Line: 115
bytes27 f = bytes27(e);
-
Found in src/Casting.sol Line: 116
bytes26 g = bytes26(f);
-
Found in src/Casting.sol Line: 117
bytes25 h = bytes25(g);
-
Found in src/Casting.sol Line: 118
bytes24 i = bytes24(h);
-
Found in src/Casting.sol Line: 119
bytes23 j = bytes23(i);
-
Found in src/Casting.sol Line: 120
bytes22 k = bytes22(j);
-
Found in src/Casting.sol Line: 121
bytes21 l = bytes21(k);
-
Found in src/Casting.sol Line: 122
bytes20 m = bytes20(l);
-
Found in src/Casting.sol Line: 123
bytes19 n = bytes19(m);
-
Found in src/Casting.sol Line: 124
bytes18 o = bytes18(n);
-
Found in src/Casting.sol Line: 125
bytes17 p = bytes17(o);
-
Found in src/Casting.sol Line: 126
bytes16 q = bytes16(p);
-
Found in src/Casting.sol Line: 127
bytes15 r = bytes15(q);
-
Found in src/Casting.sol Line: 128
bytes14 s = bytes14(r);
-
Found in src/Casting.sol Line: 129
bytes13 t = bytes13(s);
-
Found in src/Casting.sol Line: 130
bytes12 u = bytes12(t);
-
Found in src/Casting.sol Line: 131
bytes11 v = bytes11(u);
-
Found in src/Casting.sol Line: 132
bytes10 w = bytes10(v);
-
Found in src/Casting.sol Line: 133
bytes9 x = bytes9(w);
-
Found in src/Casting.sol Line: 134
bytes8 y = bytes8(x);
-
Found in src/Casting.sol Line: 135
bytes7 z = bytes7(y);
-
Found in src/Casting.sol Line: 136
bytes6 aa = bytes6(z);
-
Found in src/Casting.sol Line: 137
bytes5 ab = bytes5(aa);
-
Found in src/Casting.sol Line: 138
bytes4 ac = bytes4(ab);
-
Found in src/Casting.sol Line: 139
bytes3 ad = bytes3(ac);
-
Found in src/Casting.sol Line: 140
bytes2 ae = bytes2(ad);
-
Found in src/Casting.sol Line: 141
bytes1Value = bytes1(ae);
If the order of an EnumerableSet is required, removing items in a loop using at and remove corrupts this order.
Consider using a different data structure or removing items by collecting them during the loop, then removing after the loop.
5 Found Instances
-
Found in src/EnumerableSetIteration.sol Line: 31
bytes32Set.remove(thisBytes32); -
Found in src/EnumerableSetIteration.sol Line: 40
bytes32Set.remove(thisBytes32); -
Found in src/EnumerableSetIteration.sol Line: 50
bytes32Set.remove(thisBytes32); -
Found in src/EnumerableSetIteration.sol Line: 59
addressSet.remove(thisAddress); -
Found in src/EnumerableSetIteration.sol Line: 67
uintSet.remove(thisUint);
Experimental encoders should not be used in production. There are multiple known compiler bugs that are caused by the experimental encoder. Upgrade your solidity version to remove the need for experimental features.
1 Found Instances
-
Found in src/ExperimentalEncoder.sol Line: 2
pragma experimental ABIEncoderV2;
Example: shl(shifted, 4) will shift the right constant 4 by a bits. The correct order is shl(4, shifted).
2 Found Instances
Storage reference is passed to a function with a memory parameter. This will not update the storage variable as expected. Consider using storage parameters instead.
1 Found Instances
-
Found in src/StorageParameters.sol Line: 11
editMemory(storageArray); // BAD LINE
In some versions of Solidity, contracts compile with multiple constructors. The first constructor takes precedence. This can lead to unexpected behavior.
1 Found Instances
-
Found in src/MultipleConstructorSchemes.sol Line: 3
contract MultipleConstructorSchemes {
When compiling contracts with certain development frameworks (for example: Truffle), having contracts with the same name across different files can lead to one being overwritten.
4 Found Instances
Prior to updates in Solidity 0.5.0, public mappings with nested structs compiled, but produced incorrect values. Refrain from using these, or update to a more recent version of Solidity.
1 Found Instances
-
Found in src/nested_mappings/NestedMappings.sol Line: 17
mapping(uint256 => structMain) public s_mapOfNestedStructs;
1 Found Instances
-
Found in src/UsingSelfdestruct.sol Line: 7
selfdestruct(payable(sink));
If the length of a dynamic array (storage variable) directly assigned to, it may allow access to other storage slots by tweaking it's value. This practice has been depracated in newer Solidity versions
5 Found Instances
-
Found in src/DynamicArrayLengthAssignment.sol Line: 13
myArray.length = 200;
-
Found in src/DynamicArrayLengthAssignment.sol Line: 14
myArray2[7].length = 200;
-
Found in src/DynamicArrayLengthAssignment.sol Line: 15
myArray3[bytes("blah")][5].length = 100;
-
Found in src/DynamicArrayLengthAssignment.sol Line: 16
myArray4.length = 900;
-
Found in src/DynamicArrayLengthAssignment.sol Line: 17
myArray.length += 200;
Solidity does initialize variables by default when you declare them, however it's good practice to explicitly declare an initial value. For example, if you transfer money to an address we must make sure that the address has been initialized.
13 Found Instances
-
Found in src/AssemblyExample.sol Line: 5
uint b; -
Found in src/DelegateCallWithoutAddressCheck.sol Line: 9
address public manager;
-
Found in src/InconsistentUints.sol Line: 7
int public intVariable; // 1
-
Found in src/InconsistentUints.sol Line: 8
int256 public int256Variable; // 1
-
Found in src/IncorrectCaretOperator.sol Line: 10
uint256 private s_first;
-
Found in src/StateShadowing.sol Line: 5
address owner; -
Found in src/StateVariables.sol Line: 8
uint256 private staticPrivateNumber;
-
Found in src/StateVariables.sol Line: 9
uint256 internal staticInternalNumber;
-
Found in src/StateVariables.sol Line: 10
uint256 public staticPublicNumber;
-
Found in src/UninitializedStateVariable.sol Line: 7
string public s_author; // BAD (because it's used without initializing)
-
Found in src/UninitializedStateVariable.sol Line: 15
address destination; // BAD
-
Found in src/WrongOrderOfLayout.sol Line: 11
uint256 public multiplier;
-
Found in src/auditor_mode/PublicFunctionsWithoutSenderCheck.sol Line: 68
address public owner;
The caret operator is usually mistakenly thought of as an exponentiation operator but actually, it's a bitwise xor operator.
5 Found Instances
-
Found in src/IncorrectCaretOperator.sol Line: 16
uint256 x = 3^40 - 1;
-
Found in src/IncorrectCaretOperator.sol Line: 17
uint256 z = s_second^89 + 13;
-
Found in src/IncorrectCaretOperator.sol Line: 18
uint256 w = s_second^s_first + 13;
-
Found in src/IncorrectCaretOperator.sol Line: 19
uint256 y = s_first ^ 100; // s_first is not a constant but, 100 is.
-
Found in src/IncorrectCaretOperator.sol Line: 20
uint256 p = s_third ^ 20;
Remove this, as this causes execution to halt. Nothing after that call will execute, including code following the assembly block.
1 Found Instances
-
Found in src/YulReturn.sol Line: 8
return(0, 0)
Description of the high issue.
1 Found Instances
-
Found in src/StateShadowing.sol Line: 15
address owner;
The patterns if (… || true) and if (.. && false) will always evaluate to true and false respectively.
10 Found Instances
-
Found in src/MisusedBoolean.sol Line: 12
if (isEven(num) || true) {
-
Found in src/MisusedBoolean.sol Line: 19
if (isEven(num) && false) {
-
Found in src/MisusedBoolean.sol Line: 26
if (false && isEven(num)) {
-
Found in src/MisusedBoolean.sol Line: 33
if (true || isEven(num)) {
-
Found in src/MisusedBoolean.sol Line: 40
if (true) {
-
Found in src/MisusedBoolean.sol Line: 47
if (false) {
-
Found in src/MisusedBoolean.sol Line: 54
if (!false) {
-
Found in src/MisusedBoolean.sol Line: 61
if (isEven(num) && !false) {
-
Found in src/MisusedBoolean.sol Line: 68
if (isEven(num) && NO) {
-
Found in src/MisusedBoolean.sol Line: 75
if (isEven(num) && !NO) {
Introduce checks for msg.sender in the function
5 Found Instances
-
Found in src/CallGraphTests.sol Line: 38
function enterTenthFloor2(address x) external passThroughNinthFloor2(x) {
-
Found in src/SendEtherNoChecks.sol Line: 53
function func1(address x) external mod1(x) {
-
Found in src/SendEtherNoChecks.sol Line: 77
function func1(address x) external mod1(x) {
-
Found in src/SendEtherNoChecks.sol Line: 99
function func1(address x) external mod1(x) {
-
Found in src/UninitializedStateVariable.sol Line: 17
function transfer() payable public {
Introduce checks on the address
3 Found Instances
-
Found in src/DelegateCallWithoutAddressCheck.sol Line: 15
function delegate1(address to, bytes memory data) external {
-
Found in src/auditor_mode/ExternalCalls.sol Line: 38
function rawDelegateCallFromParameter(address myTarget, bytes calldata data) external returns (bytes memory) {
-
Found in src/inheritance/ExtendedInheritance.sol Line: 14
function doSomethingElse(address target) external {
The left hand side and the right hand side of the binary operation has the same value. This makes the condition always true or always false.
4 Found Instances
Right to left override character may be misledaing and cause potential attacks by visually misordering method arguments!
1 Found Instances
-
Found in src/RTLO.sol Line: 3
pragma solidity 0.6.4;
Function returns a value but it is ignored.
2 Found Instances
Potentially mistakened =+ for += or =- for -=. Please include a space in between.
2 Found Instances
This is a bad practice that may lead to unintended consequences. Please declare the variable before using it.
1 Found Instances
-
Found in src/PreDeclaredVarUsage.sol Line: 8
a = 100;
A deletion in a structure containing a mapping will not delete the mapping. The remaining data may be used to compromise the contract.
1 Found Instances
-
Found in src/DeletionNestedMappingStructureContract.sol Line: 17
delete people[msg.sender];
Contracts have owners with privileged rights to perform admin tasks and need to be trusted to not perform malicious updates or drain funds.
13 Found Instances
-
Found in src/AdminContract.sol Line: 7
contract AdminContract is Ownable, ReentrancyGuard {
-
Found in src/AdminContract.sol Line: 10
function setOwner(address _owner) external onlyOwner nonReentrant {
-
Found in src/AdminContract.sol Line: 14
function someOtherImportantThing() external nonReentrant onlyOwner {
-
Found in src/DeprecatedOZFunctions.sol Line: 7
contract DeprecatedOZFunctions is AccessControl {
-
Found in src/EmptyBlocks.sol Line: 6
contract EmptyBlocksWithOwnableConstructor is Ownable {
-
Found in src/InternalFunctions.sol Line: 12
function setValue(uint256 _newValue) external onlyOwner {
-
Found in src/auditor_mode/PublicFunctionsWithoutSenderCheck.sol Line: 9
contract OwnableExamples is Ownable {
-
Found in src/auditor_mode/PublicFunctionsWithoutSenderCheck.sol Line: 11
function onlyOwnerFunction() external onlyOwner {
-
Found in src/auditor_mode/PublicFunctionsWithoutSenderCheck.sol Line: 35
contract AccessControlExamples is AccessControl {
-
Found in src/auditor_mode/PublicFunctionsWithoutSenderCheck.sol Line: 38
function onlyRoleFunction() external onlyRole(ROLE) {
-
Found in src/parent_chain/ParentChainContract.sol Line: 7
contract ParentChainContract is Ownable, ReentrancyGuard {
-
Found in src/parent_chain/ParentChainContract.sol Line: 28
function setOwner(address _owner) external onlyOwner nonReentrant {
-
Found in src/parent_chain/ParentChainContract.sol Line: 32
function someOtherImportantThing() external nonReentrant onlyOwner {
There is a subtle difference between the implementation of solmate's SafeTransferLib and OZ's SafeERC20: OZ's SafeERC20 checks if the token is a contract or not, solmate's SafeTransferLib does not.
https://github.com/transmissions11/solmate/blob/main/src/utils/SafeTransferLib.sol#L9
@dev Note that none of the functions in this library check that a token has code at all! That responsibility is delegated to the caller
1 Found Instances
-
Found in src/T11sTranferer.sol Line: 4
import {ERC20, SafeTransferLib} from "../lib/solmate/src/utils/SafeTransferLib.sol";
The ecrecover function is susceptible to signature malleability. This means that the same message can be signed in multiple ways, allowing an attacker to change the message signature without invalidating it. This can lead to unexpected behavior in smart contracts, such as the loss of funds or the ability to bypass access control. Consider using OpenZeppelin's ECDSA library instead of the built-in function.
1 Found Instances
-
Found in src/inheritance/ExtendedInheritance.sol Line: 21
return ecrecover(theHash, v, r, s);
Openzeppelin has deprecated several functions and replaced with newer versions. Please consult https://docs.openzeppelin.com/
2 Found Instances
ERC20 functions may not behave as expected. For example: return values are not always meaningful. It is recommended to use OpenZeppelin's SafeERC20 library.
11 Found Instances
-
Found in src/ArbitraryTransferFrom.sol Line: 16
s_token.transferFrom(from, to, amount); -
Found in src/ArbitraryTransferFrom.sol Line: 30
s_token.transferFrom(from_msgsender, to, am); -
Found in src/ArbitraryTransferFrom.sol Line: 50
s_token.transferFrom(msg.sender, to, amount);
-
Found in src/DeprecatedOZFunctions.sol Line: 32
token.approve(spender, value); -
Found in src/DeprecatedOZFunctions.sol Line: 37
require(token.approve(spender, value));
-
Found in src/DeprecatedOZFunctions.sol Line: 38
success = token.approve(spender, value);
-
Found in src/DeprecatedOZFunctions.sol Line: 42
return token.approve(spender, value);
-
Found in src/DeprecatedOZFunctions.sol Line: 47
token.transferFrom(from, to, value); -
Found in src/SendEtherNoChecks.sol Line: 67
payable(x).transfer(BAL);
-
Found in src/StateShadowing.sol Line: 22
msg.sender.transfer(address(this).balance);
-
Found in src/UninitializedStateVariable.sol Line: 18
payable(destination).transfer(msg.value); // `destination` does not have any assignments.
Consider using a specific version of Solidity in your contracts instead of a wide version. For example, instead of pragma solidity ^0.8.0;, use pragma solidity 0.8.0;
15 Found Instances
-
Found in src/ContractWithTodo.sol Line: 2
pragma solidity ^0.8.0;
-
Found in src/Counter.sol Line: 2
pragma solidity ^0.8.13;
-
Found in src/CrazyPragma.sol Line: 2
pragma solidity >=0.8.19 <0.9.1;
-
Found in src/DangerousUnaryOperator.sol Line: 2
pragma solidity ^0.4.0;
-
Found in src/DelegateCallWithoutAddressCheck.sol Line: 2
pragma solidity ^0.8;
-
Found in src/DeletionNestedMappingStructureContract.sol Line: 2
pragma solidity ^0.8.0;
-
Found in src/InconsistentUints.sol Line: 1
pragma solidity ^0.8.24;
-
Found in src/PreDeclaredVarUsage.sol Line: 2
pragma solidity ^0.4.0;
-
Found in src/UsingSelfdestruct.sol Line: 2
pragma solidity ^0.6.0;
-
Found in src/cloc/AnotherHeavilyCommentedContract.sol Line: 6
pragma solidity ^0.8.18;
-
Found in src/cloc/HeavilyCommentedContract.sol Line: 6
pragma solidity >=0.8.0 <0.8.25;
-
Found in src/inheritance/IContractInheritance.sol Line: 2
pragma solidity >=0.8.0;
-
Found in src/inheritance/InheritanceBase.sol Line: 2
pragma solidity ^0.8.0;
-
Found in src/nested_mappings/LaterVersion.sol Line: 2
pragma solidity ^0.8.0;
-
Found in src/nested_mappings/NestedMappings.sol Line: 2
pragma solidity ^0.4.25;
Check for address(0) when assigning values to address state variables.
6 Found Instances
-
Found in src/ArbitraryTransferFrom.sol Line: 12
s_token = token; -
Found in src/StateVariables.sol Line: 58
addr = newAddr; -
Found in src/ZeroAddressCheck.sol Line: 43
addr = newAddr; -
Found in src/ZeroAddressCheck.sol Line: 47
token = newToken; -
Found in src/ZeroAddressCheck.sol Line: 51
token = IERC20(newAddr);
-
Found in src/uniswap/UniswapV2Swapper.sol Line: 11
s_router = router;
Instead of marking a function as public, consider marking it as external if it is not used internally.
23 Found Instances
-
Found in src/ArbitraryTransferFrom.sol Line: 28
function good1(address to, uint256 am) public {
-
Found in src/AssemblyExample.sol Line: 6
function f(uint x) public view returns (uint r) {
-
Found in src/ContractWithTodo.sol Line: 13
function toggleCompleted(uint _taskId) public {
-
Found in src/Counter.sol Line: 7
function setNumber(uint256 newNumber) public {
-
Found in src/StateVariables.sol Line: 47
function setAddrNoZeroError(address newAddr) public {
-
Found in src/StateVariables.sol Line: 52
function setAddrNoZeroRequire(address newAddr) public {
-
Found in src/StateVariables.sol Line: 57
function setAddrNoCheck(address newAddr) public {
-
Found in src/StateVariables.sol Line: 61
function setEmptyAlteredNumbers( -
Found in src/StateVariables.sol Line: 71
function setNonEmptyAlteredNumbers( -
Found in src/UninitializedStateVariable.sol Line: 17
function transfer() payable public {
-
Found in src/auditor_mode/PublicFunctionsWithoutSenderCheck.sol Line: 16
function onlyOwnerManualRequireCheck() public view {
-
Found in src/auditor_mode/PublicFunctionsWithoutSenderCheck.sol Line: 22
function onlyOwnerManualIfRevertCheck() public view {
-
Found in src/auditor_mode/PublicFunctionsWithoutSenderCheck.sol Line: 45
function onlyRoleManualRequireCheck() public view {
-
Found in src/auditor_mode/PublicFunctionsWithoutSenderCheck.sol Line: 53
function onlyRoleManualIfRevertCheck() public view {
-
Found in src/auditor_mode/PublicFunctionsWithoutSenderCheck.sol Line: 71
function onlyOwnerManualCheck() public view {
-
Found in src/auditor_mode/PublicFunctionsWithoutSenderCheck.sol Line: 77
function onlyOwnerManualIfRevertCheck() public view {
-
Found in src/cloc/AnotherHeavilyCommentedContract.sol Line: 31
function foo(address bar) public pure {
-
Found in src/cloc/AnotherHeavilyCommentedContract.sol Line: 38
function emoji() public pure {
-
Found in src/cloc/AnotherHeavilyCommentedContract.sol Line: 42
function foo2(address bar) public pure {
-
Found in src/cloc/HeavilyCommentedContract.sol Line: 31
function foo(address bar) public pure {
-
Found in src/cloc/HeavilyCommentedContract.sol Line: 38
function foo2(address bar) public pure {
-
Found in src/parent_chain/ParentChainContract.sol Line: 11
function setNumber(uint256 newNumber) public {
-
Found in src/parent_chain/ParentChainContract.sol Line: 15
function increment(uint256 newNumber) public {
If the same constant literal value is used multiple times, create a constant state variable and reference it throughout the contract.
31 Found Instances
-
Found in src/Casting.sol Line: 16
uint256 a = 0x1234567890abcdef;
-
Found in src/Casting.sol Line: 22
int256 c = -0x1234567890abcdef;
-
Found in src/Casting.sol Line: 31
uint unspecificUint = 0x1234567890abcdef;
-
Found in src/Casting.sol Line: 69
int unspecificInt = -0x1234567890abcdef;
-
Found in src/ConstantsLiterals.sol Line: 25
uint multipleUseOfValue = 987;
-
Found in src/ConstantsLiterals.sol Line: 26
multipleUseOfValue = 987;
-
Found in src/ConstantsLiterals.sol Line: 27
uint multipleUseOfValue2 = 9876;
-
Found in src/ConstantsLiterals.sol Line: 28
multipleUseOfValue2 = 9876 + 1;
-
Found in src/ConstantsLiterals.sol Line: 29
address multipleUseOfAddress = 0x95222290DD7278Aa3Ddd389Cc1E1d165CC4BAfe5;
-
Found in src/ConstantsLiterals.sol Line: 30
multipleUseOfAddress = 0x95222290DD7278Aa3Ddd389Cc1E1d165CC4BAfe5;
-
Found in src/ConstantsLiterals.sol Line: 31
bytes32 multipleUseOfBytes32 = 0x8a1b3dbe6301650442bfa765d4de23775fc9a4ec4329ebb5995ec7f1e3777dc4;
-
Found in src/DelegateCallWithoutAddressCheck.sol Line: 24
address[3] memory allowed = [address(1), address(2), address(3)];
-
Found in src/DelegateCallWithoutAddressCheck.sol Line: 26
for (uint256 i = 0; i < 3; i++) {
-
Found in src/DynamicArrayLengthAssignment.sol Line: 13
myArray.length = 200;
-
Found in src/DynamicArrayLengthAssignment.sol Line: 14
myArray2[7].length = 200;
-
Found in src/DynamicArrayLengthAssignment.sol Line: 17
myArray.length += 200;
-
Found in src/IncorrectCaretOperator.sol Line: 17
uint256 z = s_second^89 + 13;
-
Found in src/IncorrectCaretOperator.sol Line: 18
uint256 w = s_second^s_first + 13;
-
Found in src/PreDeclaredVarUsage.sol Line: 8
a = 100;
-
Found in src/PreDeclaredVarUsage.sol Line: 9
uint b = 100;
-
Found in src/RevertsAndRequriesInLoops.sol Line: 10
for (uint256 id = 0; id < 10; ++id) {
-
Found in src/RevertsAndRequriesInLoops.sol Line: 17
for (uint256 id = 0; id < 10; ++id) {
-
Found in src/RevertsAndRequriesInLoops.sol Line: 26
uint256[] memory failedIds = new uint256[](10);
-
Found in src/RevertsAndRequriesInLoops.sol Line: 27
for (uint256 id = 0; id < 10; ++id) {
-
Found in src/UncheckedReturn.sol Line: 27
UncheckedHelperExternal(address(0x12345)).two();
-
Found in src/UncheckedReturn.sol Line: 32
uint256 _answer = UncheckedHelperExternal(address(0x12345)).two();
-
Found in src/UncheckedReturn.sol Line: 37
require(UncheckedHelperExternal(address(0x12345)).two() == 2, "Not two");
-
Found in src/UncheckedReturn.sol Line: 42
if (UncheckedHelperExternal(address(0x12345)).two() != 2) {
-
Found in src/eth2/DepositContract.sol Line: 113
abi.encodePacked(sha256(abi.encodePacked(signature[:64])), sha256(abi.encodePacked(signature[64:], bytes32(0))))
Index event fields make the field more quickly accessible to off-chain tools that parse events. However, note that each index field costs extra gas during emission, so it's not necessarily best to index the maximum allowed per event (three fields). Each event should use three indexed fields if there are three or more fields, and gas usage is not particularly of concern for the events in question. If there are fewer than three fields, all of the fields should be indexed.
7 Found Instances
-
Found in src/TestERC20.sol Line: 14
event Approval(address indexed src, address indexed usr, uint256 wad);
-
Found in src/TestERC20.sol Line: 15
event Transfer(address indexed src, address indexed dst, uint256 wad);
-
Found in src/UncheckedReturn.sol Line: 17
event OneCalled(uint256 what);
-
Found in src/UninitializedStateVariable.sol Line: 21
event TellEveryone(string);
-
Found in src/eth2/DepositContract.sol Line: 19
event DepositEvent(bytes pubkey, bytes withdrawal_credentials, bytes amount, bytes signature, bytes index);
-
Found in src/inheritance/ExtendedInheritance.sol Line: 7
event DoSomethingElse(uint256 somethingElse);
-
Found in src/inheritance/InheritanceBase.sol Line: 7
event Do(uint256 something);
Use descriptive reason strings or custom errors for revert paths.
19 Found Instances
-
Found in src/CallGraphTests.sol Line: 7
require(msg.sender == address(0x11));
-
Found in src/CallGraphTests.sol Line: 28
revert(); -
Found in src/CallGraphTests.sol Line: 50
revert(); -
Found in src/CallGraphTests.sol Line: 65
require(msg.sender == address(0x11));
-
Found in src/DelegateCallWithoutAddressCheck.sol Line: 31
require(isLegit); -
Found in src/DeprecatedOZFunctions.sol Line: 37
require(token.approve(spender, value));
-
Found in src/DeprecatedOZFunctions.sol Line: 40
revert(); -
Found in src/RevertsAndRequriesInLoops.sol Line: 19
revert(); -
Found in src/SendEtherNoChecks.sol Line: 12
revert(); -
Found in src/SendEtherNoChecks.sol Line: 27
require(msg.sender == address(0x11));
-
Found in src/SendEtherNoChecks.sol Line: 43
revert(); -
Found in src/StateShadowing.sol Line: 8
require(owner == msg.sender);
-
Found in src/ZeroAddressCheck.sol Line: 13
if (newAddr == address(0)) revert();
-
Found in src/ZeroAddressCheck.sol Line: 23
if (newAddr == address(0)) revert();
-
Found in src/ZeroAddressCheck.sol Line: 38
if (address(newToken) == address(0)) revert();
-
Found in src/cloc/AnotherHeavilyCommentedContract.sol Line: 35
require(bar != address(0));
-
Found in src/cloc/AnotherHeavilyCommentedContract.sol Line: 56
require(bar != address(0));
-
Found in src/cloc/HeavilyCommentedContract.sol Line: 35
require(bar != address(0));
-
Found in src/cloc/HeavilyCommentedContract.sol Line: 53
require(bar != address(0));
This is a best-practice to protect against reentrancy in other modifiers.
2 Found Instances
Using ERC721::_mint() can mint ERC721 tokens to addresses which don't support ERC721 tokens. Use _safeMint() instead of _mint() for ERC721.
1 Found Instances
-
Found in src/UnsafeERC721Mint.sol Line: 12
_mint(to, tokenId);
Solc compiler version 0.8.20 switches the default target EVM version to Shanghai, which means that the generated bytecode will include PUSH0 opcodes. Be sure to select the appropriate EVM version in case you intend to deploy on a chain other than mainnet like L2 chains that may not support PUSH0, otherwise deployment of your contracts will fail.
26 Found Instances
-
Found in src/AdminContract.sol Line: 2
pragma solidity 0.8.20;
-
Found in src/ContractWithTodo.sol Line: 2
pragma solidity ^0.8.0;
-
Found in src/Counter.sol Line: 2
pragma solidity ^0.8.13;
-
Found in src/CrazyPragma.sol Line: 2
pragma solidity >=0.8.19 <0.9.1;
-
Found in src/DelegateCallWithoutAddressCheck.sol Line: 2
pragma solidity ^0.8;
-
Found in src/DeletionNestedMappingStructureContract.sol Line: 2
pragma solidity ^0.8.0;
-
Found in src/DeprecatedOZFunctions.sol Line: 2
pragma solidity 0.8.20;
-
Found in src/InconsistentUints.sol Line: 1
pragma solidity ^0.8.24;
-
Found in src/KeccakContract.sol Line: 2
pragma solidity 0.8.20;
-
Found in src/StateVariables.sol Line: 2
pragma solidity 0.8.20;
-
Found in src/StorageConditionals.sol Line: 2
pragma solidity 0.8.20;
-
Found in src/T11sTranferer.sol Line: 2
pragma solidity 0.8.20;
-
Found in src/TautologicalCompare.sol Line: 2
pragma solidity 0.8.20;
-
Found in src/UnsafeERC721Mint.sol Line: 2
pragma solidity 0.8.20;
-
Found in src/cloc/AnotherHeavilyCommentedContract.sol Line: 6
pragma solidity ^0.8.18;
-
Found in src/cloc/HeavilyCommentedContract.sol Line: 6
pragma solidity >=0.8.0 <0.8.25;
-
Found in src/eth2/DepositContract.sol Line: 12
pragma solidity 0.8.20;
-
Found in src/inheritance/ExtendedInheritance.sol Line: 2
pragma solidity 0.8.20;
-
Found in src/inheritance/IContractInheritance.sol Line: 2
pragma solidity >=0.8.0;
-
Found in src/inheritance/InheritanceBase.sol Line: 2
pragma solidity ^0.8.0;
-
Found in src/nested/1/Nested.sol Line: 5
pragma solidity 0.8.20;
-
Found in src/nested/2/Nested.sol Line: 5
pragma solidity 0.8.20;
-
Found in src/nested_mappings/LaterVersion.sol Line: 2
pragma solidity ^0.8.0;
-
Found in src/parent_chain/ParentChainContract.sol Line: 2
pragma solidity 0.8.20;
-
Found in src/uniswap/UniswapV2Swapper.sol Line: 2
pragma solidity 0.8.20;
-
Found in src/uniswap/UniswapV3Swapper.sol Line: 2
pragma solidity 0.8.20;
12 Found Instances
-
Found in src/CallGraphTests.sol Line: 10
modifier passThroughNinthFloor1() { -
Found in src/CallGraphTests.sol Line: 32
modifier passThroughNinthFloor2(address x) {
-
Found in src/CallGraphTests.sol Line: 54
modifier passThroughNinthFloor3(address x) {
-
Found in src/DelegateCallWithoutAddressCheck.sol Line: 23
modifier isAllowed(address to) {
-
Found in src/InternalFunctions.sol Line: 18
modifier onlyOwner() { -
Found in src/OnceModifierExample.sol Line: 6
modifier onlyOnce() { -
Found in src/SendEtherNoChecks.sol Line: 16
modifier mod1(address x) {
-
Found in src/SendEtherNoChecks.sol Line: 47
modifier mod1(address x) {
-
Found in src/SendEtherNoChecks.sol Line: 70
modifier mod1(address x) {
-
Found in src/SendEtherNoChecks.sol Line: 93
modifier mod1(address x) {
-
Found in src/StateShadowing.sol Line: 7
modifier isOwner(){ -
Found in src/UnprotectedInitialize.sol Line: 13
modifier firstTimeInitializing() {
Consider removing empty blocks.
25 Found Instances
-
Found in src/AdminContract.sol Line: 14
function someOtherImportantThing() external nonReentrant onlyOwner {
-
Found in src/CallGraphTests.sol Line: 16
function enterTenthFloor1() external passThroughNinthFloor1() {
-
Found in src/CallGraphTests.sol Line: 38
function enterTenthFloor2(address x) external passThroughNinthFloor2(x) {
-
Found in src/ContractWithTodo.sol Line: 7
function createTask(string memory _content) private {
-
Found in src/ContractWithTodo.sol Line: 13
function toggleCompleted(uint _taskId) public {
-
Found in src/EmptyBlocks.sol Line: 30
{ -
Found in src/EmptyBlocks.sol Line: 38
{ -
Found in src/EmptyBlocks.sol Line: 49
{ -
Found in src/EmptyBlocks.sol Line: 63
function emptyFunction() external {
-
Found in src/EmptyBlocks.sol Line: 67
function emptyFunctionWithComment() external {
-
Found in src/EmptyBlocks.sol Line: 73
function emptyBlockInsideNormalFunction() external {
-
Found in src/EmptyBlocks.sol Line: 81
function emptyBlockWithCommentInsideNormalFunction() external {
-
Found in src/OnceModifierExample.sol Line: 10
function perform() external onlyOnce {
-
Found in src/SendEtherNoChecks.sol Line: 53
function func1(address x) external mod1(x) {
-
Found in src/SendEtherNoChecks.sol Line: 77
function func1(address x) external mod1(x) {
-
Found in src/SendEtherNoChecks.sol Line: 99
function func1(address x) external mod1(x) {
-
Found in src/auditor_mode/PublicFunctionsWithoutSenderCheck.sol Line: 11
function onlyOwnerFunction() external onlyOwner {
-
Found in src/auditor_mode/PublicFunctionsWithoutSenderCheck.sol Line: 30
function transferOwnershipFunction(address newOwner) external {
-
Found in src/auditor_mode/PublicFunctionsWithoutSenderCheck.sol Line: 38
function onlyRoleFunction() external onlyRole(ROLE) {
-
Found in src/auditor_mode/PublicFunctionsWithoutSenderCheck.sol Line: 61
function grantRoleFunction(address account) external {
-
Found in src/auditor_mode/PublicFunctionsWithoutSenderCheck.sol Line: 85
function transferOwnershipFunction(address newOwner) external {
-
Found in src/parent_chain/ParentChainContract.sol Line: 11
function setNumber(uint256 newNumber) public {
-
Found in src/parent_chain/ParentChainContract.sol Line: 32
function someOtherImportantThing() external nonReentrant onlyOwner {
-
Found in src/parent_chain/ParentChainContract.sol Line: 40
function setOwner(address _owner) external {
-
Found in src/parent_chain/ParentChainContract.sol Line: 44
function someOtherImportantThing() external {
Use e notation, for example: 1e18, instead of its full numeric value.
22 Found Instances
-
Found in src/HugeConstants.sol Line: 6
uint256 constant public HUGE_NUMBER_1 = 100000000000000000000000;
-
Found in src/HugeConstants.sol Line: 7
uint256 constant public HUGE_NUMBER_2 = 10000000000000000000000;
-
Found in src/HugeConstants.sol Line: 8
uint256 constant public HUGE_NUMBER_3 = 1000000000000000000000;
-
Found in src/HugeConstants.sol Line: 9
uint256 constant public HUGE_NUMBER_4 = 100000000000000000000;
-
Found in src/HugeConstants.sol Line: 10
uint256 constant public HUGE_NUMBER_5 = 10000000000000000000;
-
Found in src/HugeConstants.sol Line: 11
uint256 constant public HUGE_NUMBER_6 = 1000000000000000000;
-
Found in src/HugeConstants.sol Line: 12
uint256 constant public HUGE_NUMBER_7 = 100000000000000000;
-
Found in src/HugeConstants.sol Line: 13
uint256 constant public HUGE_NUMBER_8 = 10000000000000000;
-
Found in src/HugeConstants.sol Line: 14
uint256 constant public HUGE_NUMBER_9 = 1000000000000000;
-
Found in src/HugeConstants.sol Line: 15
uint256 constant public HUGE_NUMBER_10 = 100000000000000;
-
Found in src/HugeConstants.sol Line: 16
uint256 constant public HUGE_NUMBER_11 = 10000000000000;
-
Found in src/HugeConstants.sol Line: 17
uint256 constant public HUGE_NUMBER_12 = 1000000000000;
-
Found in src/HugeConstants.sol Line: 18
uint256 constant public HUGE_NUMBER_13 = 100000000000;
-
Found in src/HugeConstants.sol Line: 19
uint256 constant public HUGE_NUMBER_14 = 10000000000;
-
Found in src/HugeConstants.sol Line: 20
uint256 constant public HUGE_NUMBER_15 = 1000000000;
-
Found in src/HugeConstants.sol Line: 21
uint256 constant public HUGE_NUMBER_16 = 100000000;
-
Found in src/HugeConstants.sol Line: 22
uint256 constant public HUGE_NUMBER_17 = 10000000;
-
Found in src/HugeConstants.sol Line: 23
uint256 constant public HUGE_NUMBER_18 = 1000000;
-
Found in src/HugeConstants.sol Line: 24
uint256 constant public HUGE_NUMBER_19 = 100000;
-
Found in src/HugeConstants.sol Line: 25
uint256 constant public HUGE_NUMBER_20 = 10000;
-
Found in src/HugeConstants.sol Line: 31
uint256 constant public HUGE_NUMBER_24_UNDERSCORES = 1_000_000_000_000_000_000_000;
-
Found in src/HugeConstants.sol Line: 32
uint256 constant public HUGE_NUMBER_25_UNDERSCORES = 10_000;
Instead of separating the logic into a separate function, consider inlining the logic into the calling function. This can reduce the number of function calls and improve readability.
11 Found Instances
-
Found in src/CallGraphTests.sol Line: 6
function visitEighthFloor1() internal {
-
Found in src/CallGraphTests.sol Line: 25
function visitEighthFloor2(address x) internal {
-
Found in src/CallGraphTests.sol Line: 47
function visitEighthFloor3(address x) internal {
-
Found in src/CallGraphTests.sol Line: 64
function visitSeventhFloor3() internal {
-
Found in src/InternalFunctions.sol Line: 28
function internalSet2(uint256 _newValue) internal {
-
Found in src/SendEtherNoChecks.sol Line: 9
function callAndSendNativeEth(address x) internal {
-
Found in src/SendEtherNoChecks.sol Line: 26
function func2() internal view {
-
Found in src/SendEtherNoChecks.sol Line: 40
function callAndSendNativeEth(address x) internal {
-
Found in src/SendEtherNoChecks.sol Line: 66
function transferBalance(address x) internal {
-
Found in src/SendEtherNoChecks.sol Line: 88
function sendBalance(address x) internal {
-
Found in src/StorageParameters.sol Line: 17
function editStorage(uint[1] storage arr) internal {
Contract contains comments with TODOS
2 Found Instances
L-20: Inconsistency in declaring uint256/uint (or) int256/int variables within a contract. Use explicit size declarations (uint256 or int256).
Consider keeping the naming convention consistent in a given contract. Explicit size declarations are preferred (uint256, int256) over implicit ones (uint, int) to avoid confusion.
20 Found Instances
-
Found in src/Casting.sol Line: 31
uint unspecificUint = 0x1234567890abcdef;
-
Found in src/Casting.sol Line: 69
int unspecificInt = -0x1234567890abcdef;
-
Found in src/InconsistentUints.sol Line: 5
uint public uintVariable; // 1
-
Found in src/InconsistentUints.sol Line: 7
int public intVariable; // 1
-
Found in src/InconsistentUints.sol Line: 11
uint personUint; // 2
-
Found in src/InconsistentUints.sol Line: 12
mapping (uint => uint256) personMap; // 3 2
-
Found in src/InconsistentUints.sol Line: 15
uint[] public uintArray; // 4
-
Found in src/InconsistentUints.sol Line: 16
mapping(uint256 => uint other) u2uMapping; // 5 3
-
Found in src/InconsistentUints.sol Line: 19
constructor(uint _uintInitial, uint256 _uint256Initial) { // 6 4
-
Found in src/TautologicalCompare.sol Line: 11
function check(uint a) external pure returns(bool){
-
Found in src/eth2/DepositContract.sol Line: 59
uint constant DEPOSIT_CONTRACT_TREE_DEPTH = 32;
-
Found in src/eth2/DepositContract.sol Line: 61
uint constant MAX_DEPOSIT_COUNT = 2**DEPOSIT_CONTRACT_TREE_DEPTH - 1;
-
Found in src/eth2/DepositContract.sol Line: 70
for (uint height = 0; height < DEPOSIT_CONTRACT_TREE_DEPTH - 1; height++)
-
Found in src/eth2/DepositContract.sol Line: 76
uint size = deposit_count;
-
Found in src/eth2/DepositContract.sol Line: 77
for (uint height = 0; height < DEPOSIT_CONTRACT_TREE_DEPTH; height++) {
-
Found in src/eth2/DepositContract.sol Line: 103
uint deposit_amount = msg.value / 1 gwei;
-
Found in src/eth2/DepositContract.sol Line: 133
uint size = deposit_count;
-
Found in src/eth2/DepositContract.sol Line: 134
for (uint height = 0; height < DEPOSIT_CONTRACT_TREE_DEPTH; height++) {
-
Found in src/nested_mappings/LaterVersion.sol Line: 8
uint dummy; -
Found in src/nested_mappings/NestedMappings.sol Line: 8
uint dummy;
it is recommended that the definition be removed when custom error is unused
3 Found Instances
Avoid require / revert statements in a loop because a single bad item can cause the whole transaction to fail. It's better to forgive on fail and return failed elements post processing of the loop
2 Found Instances
Division operations followed directly by multiplication operations can lead to precision loss due to the way integer arithmetic is handled in Solidity.
4 Found Instances
-
Found in src/DivisionBeforeMultiplication.sol Line: 8
result = a * d + b / c * b / d;
-
Found in src/DivisionBeforeMultiplication.sol Line: 12
result = (a + b / c * b) * c;
-
Found in src/DivisionBeforeMultiplication.sol Line: 16
result = (a / b * c);
-
Found in src/DivisionBeforeMultiplication.sol Line: 20
result = a + b / c * b * c;