Updated as of block 15874996 at 11/1/2022, 7:51:47 AM ET
- ID: 111
- Proposer: 0x683a4F9915D6216f73d6Df50151725036bD26C02
- Start Block: 15798685 (10/21/2022, 3:51:35 PM ET)
- End Block: 15817885 (10/24/2022, 8:12:23 AM ET)
- Targets: 0x311Bb771e4F8952E6Da169b425E7e92d6Ac45756; 0x311Bb771e4F8952E6Da169b425E7e92d6Ac45756; 0x311Bb771e4F8952E6Da169b425E7e92d6Ac45756; 0x311Bb771e4F8952E6Da169b425E7e92d6Ac45756; 0x311Bb771e4F8952E6Da169b425E7e92d6Ac45756; 0x311Bb771e4F8952E6Da169b425E7e92d6Ac45756; 0x311Bb771e4F8952E6Da169b425E7e92d6Ac45756; 0x311Bb771e4F8952E6Da169b425E7e92d6Ac45756; 0x311Bb771e4F8952E6Da169b425E7e92d6Ac45756
- Executor: 0xEE56e2B3D491590B5b31738cC34d5232F378a8D5 (Short executor)
- Simulation: https://dashboard.tenderly.co/me/simulator/e3fabb70-1ea2-4c95-8414-c21c8d6b7acc
Proposal text
A proposal to take precautionary measures on the Aave V2 Ethereum market, including parameter changes on six (6) assets on Aave V2.
The proposal disables borrowing by calling disableBorrowingOnReserve on the LendingPoolConfigurator using the address and parameters specific to each token.
The proposal sets the liquidation bonus, LTV and liquidation threshold ratios by calling configureReserveAsCollateral on the LendingPoolConfigurator using the address and parameters specific to each token.
Copyright and related rights waived via CC0.
By approving this proposal, you agree that any services provided by Gauntlet shall be governed by the terms of service available at gauntlet.network/tos. This message is for informational purposes only and does not constitute an offer to sell, a solicitation to buy, or a recommendation for any security, nor does it constitute an offer to provide investment advisory or other services by Gauntlet Networks Inc. No reference to any specific security constitutes a recommendation to buy, sell or hold that security or any other security. Nothing in this report shall be considered a solicitation or offer to buy or sell any security, future, option or other financial instrument or to offer or provide any investment advice or service to any person in any jurisdiction. Nothing contained in this report constitutes investment advice or offers any opinion with respect to the suitability of any security, and the views expressed in this report should not be taken as advice to buy, sell or hold any security. The information in this report should not be relied upon for the purpose of investing. In preparing the information contained in this report, we have not taken into account the investment needs, objectives and financial circumstances of any particular investor. This information has no regard to the specific investment objectives, financial situation and particular needs of any specific recipient of this information and investments discussed may not be suitable for all investors. Any views expressed in this report by us were prepared based upon the information available to us at the time such views were written. Changed or additional information could cause such views to change. All information is subject to possible correction. Information may quickly become unreliable for various reasons, including changes in market conditions or economic circumstances
Info:
- State changes:
# InitializableImmutableAdminUpgradeabilityProxy at `0x7d2768dE32b0b80b7a3454c06BdAc94A69DDc7A9` with implementation LendingPool at `0xC6845a5C768BF8D7681249f8927877Efda425baf`
@@ `_reserves` key `0x0d8775f648430679a709e98d2b0cb6250d2887ef`.configuration.data @@
- 36894430008862599814476
+ 36894141778486382565732
# decoded configuration.data for key `0x0d8775f648430679a709e98d2b0cb6250d2887ef` (symbol: BAT)
@@ configuration.data.ltv @@
- 7500
+ 6500
@@ configuration.data.liquidationThreshold @@
- 8000
+ 7000
@@ configuration.data.borrowingEnabled @@
- true
+ false
@@ `_reserves` key `0x1494ca1f11d487c2bbe4543e90080aeba4ba3c2b`.configuration.data @@
- 36893853548110230853988
+ 36893565317734079142244
# decoded configuration.data for key `0x1494ca1f11d487c2bbe4543e90080aeba4ba3c2b` (symbol: DPI)
@@ configuration.data.borrowingEnabled @@
- true
+ false
@@ `_reserves` key `0x408e41876cccdc0f92210600ef50372656052a38`.configuration.data @@
- 36894430008862501508976
+ 36894141778486349797232
# decoded configuration.data for key `0x408e41876cccdc0f92210600ef50372656052a38` (symbol: REN)
@@ configuration.data.borrowingEnabled @@
- true
+ false
@@ `_reserves` key `0x4e3fbd56cd56c3e72c1403e103b45db9da5b9d2b`.configuration.data @@
- 36893853548539662045588
+ 36893565318163412028844
# decoded configuration.data for key `0x4e3fbd56cd56c3e72c1403e103b45db9da5b9d2b` (symbol: CVX)
@@ configuration.data.ltv @@
- 4500
+ 3500
@@ configuration.data.liquidationThreshold @@
- 6000
+ 4500
@@ configuration.data.borrowingEnabled @@
- true
+ false
@@ `_reserves` key `0xba100000625a3754423978a60c9317c58a424e3d`.configuration.data @@
- 36893853548324979218788
+ 36893565317948827507044
# decoded configuration.data for key `0xba100000625a3754423978a60c9317c58a424e3d` (symbol: BAL)
@@ configuration.data.borrowingEnabled @@
- true
+ false
@@ `_reserves` key `0xe41d2489571d322189246dafa5ebde1f4699f498`.configuration.data @@
- 36894430008862567045476
+ 36894141778486349796732
# decoded configuration.data for key `0xe41d2489571d322189246dafa5ebde1f4699f498` (symbol: ZRX)
@@ configuration.data.ltv @@
- 6500
+ 5500
@@ configuration.data.liquidationThreshold @@
- 7500
+ 6500
@@ configuration.data.borrowingEnabled @@
- true
+ false
Info:
- There is no SELFDESTRUCT inside of delegated call
Info:
- Events Emitted:
- InitializableImmutableAdminUpgradeabilityProxy at
0x311Bb771e4F8952E6Da169b425E7e92d6Ac45756with implementation LendingPoolConfigurator at0x3a95Ee42f080ff7289C8B4a14EB483a8644d7521CollateralConfigurationChanged(asset: 0x0d8775f648430679a709e98d2b0cb6250d2887ef, ltv: 6500, liquidationThreshold: 7000, liquidationBonus: 10750)CollateralConfigurationChanged(asset: 0x4e3fbd56cd56c3e72c1403e103b45db9da5b9d2b, ltv: 3500, liquidationThreshold: 4500, liquidationBonus: 10850)CollateralConfigurationChanged(asset: 0xe41d2489571d322189246dafa5ebde1f4699f498, ltv: 5500, liquidationThreshold: 6500, liquidationBonus: 10750)BorrowingDisabledOnReserve(asset: 0xba100000625a3754423978a60c9317c58a424e3d)BorrowingDisabledOnReserve(asset: 0x0d8775f648430679a709e98d2b0cb6250d2887ef)BorrowingDisabledOnReserve(asset: 0x4e3fbd56cd56c3e72c1403e103b45db9da5b9d2b)BorrowingDisabledOnReserve(asset: 0x1494ca1f11d487c2bbe4543e90080aeba4ba3c2b)BorrowingDisabledOnReserve(asset: 0x408e41876cccdc0f92210600ef50372656052a38)BorrowingDisabledOnReserve(asset: 0xe41d2489571d322189246dafa5ebde1f4699f498)
- InitializableImmutableAdminUpgradeabilityProxy at
Info:
- Targets:
- 0x311Bb771e4F8952E6Da169b425E7e92d6Ac45756: Contract (verified) (InitializableImmutableAdminUpgradeabilityProxy)
Info:
- Touched address:
- 0xDD659911EcBD4458db07Ee7cDdeC79bf8F859AbC: EOA (verification not applicable)
- 0xEC568fffba86c094cf06b22134B23074DFE2252c: Contract (verified) (AaveGovernanceV2)
- 0xEE56e2B3D491590B5b31738cC34d5232F378a8D5: Contract (verified) (Executor)
- 0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e: Contract (verified) (GovernanceStrategy)
- 0x7Fc66500c84A76Ad7e9c93437bFc5Ac33E2DDaE9: Contract (verified) (InitializableAdminUpgradeabilityProxy)
- 0xC13eac3B4F9EED480045113B7af00F7B5655Ece8: Contract (verified) (AaveTokenV2)
- 0x311Bb771e4F8952E6Da169b425E7e92d6Ac45756: Contract (verified) (InitializableImmutableAdminUpgradeabilityProxy)
- 0x3a95Ee42f080ff7289C8B4a14EB483a8644d7521: Contract (verified) (LendingPoolConfigurator)
- 0xB53C1a33016B2DC2fF3653530bfF1848a515c8c5: Contract (verified) (LendingPoolAddressesProvider)
- 0x7d2768dE32b0b80b7a3454c06BdAc94A69DDc7A9: Contract (verified) (InitializableImmutableAdminUpgradeabilityProxy)
- 0xC6845a5C768BF8D7681249f8927877Efda425baf: Contract (verified) (LendingPool)
Info:
View Details
View warnings for InitializableImmutableAdminUpgradeabilityProxy at `0x311Bb771e4F8952E6Da169b425E7e92d6Ac45756` with implementation LendingPoolConfigurator at `0x3a95Ee42f080ff7289C8B4a14EB483a8644d7521`
WARNING:CryticCompile:Warning: contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:16:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract BaseImmutableAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableImmutableAdminUpgradeabilityProxy is
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
View warnings for LendingPoolConfigurator at `0x3a95Ee42f080ff7289C8B4a14EB483a8644d7521`
WARNING:CryticCompile:Warning: contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:16:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract BaseImmutableAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableImmutableAdminUpgradeabilityProxy is
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
View warnings for InitializableImmutableAdminUpgradeabilityProxy at `0x7d2768dE32b0b80b7a3454c06BdAc94A69DDc7A9` with implementation LendingPool at `0xC6845a5C768BF8D7681249f8927877Efda425baf`
WARNING:CryticCompile:Warning: contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:16:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract BaseImmutableAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableImmutableAdminUpgradeabilityProxy is
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
View warnings for InitializableAdminUpgradeabilityProxy at `0x7Fc66500c84A76Ad7e9c93437bFc5Ac33E2DDaE9` with implementation AaveTokenV2 (Aave Token) at `0xC13eac3B4F9EED480045113B7af00F7B5655Ece8`
WARNING:CryticCompile:Warning: contracts/open-zeppelin/Address.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/BaseUpgradeabilityProxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/Proxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/SafeMath.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/UpgradeabilityProxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol:13:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract BaseAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/open-zeppelin/Proxy.sol:15:3: The payable fallback function is defined here.
fallback () payable external {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/open-zeppelin/Proxy.sol:15:3: The payable fallback function is defined here.
fallback () payable external {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/open-zeppelin/InitializableAdminUpgradeabilityProxy.sol:12:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableAdminUpgradeabilityProxy is BaseAdminUpgradeabilityProxy, InitializableUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/open-zeppelin/Proxy.sol:15:3: The payable fallback function is defined here.
fallback () payable external {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/utils/MockTransferHook.sol:9:25: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function onTransfer(address from, address to, uint256 amount) external override {
^----------^
Warning: contracts/utils/MockTransferHook.sol:9:39: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function onTransfer(address from, address to, uint256 amount) external override {
^--------^
Warning: contracts/utils/MockTransferHook.sol:9:51: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function onTransfer(address from, address to, uint256 amount) external override {
^------------^
View warnings for LendingPoolAddressesProvider at `0xB53C1a33016B2DC2fF3653530bfF1848a515c8c5`
WARNING:CryticCompile:Warning: contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:16:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract BaseImmutableAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableImmutableAdminUpgradeabilityProxy is
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
View warnings for AaveTokenV2 (Aave Token) at `0xC13eac3B4F9EED480045113B7af00F7B5655Ece8`
WARNING:CryticCompile:Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:453:18: Warning: This declaration shadows an existing declaration.
constructor (string memory name, string memory symbol) public {
^----------------^
crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:462:5: The shadowed declaration is here:
function name() public view returns (string memory) {
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:453:38: Warning: This declaration shadows an existing declaration.
constructor (string memory name, string memory symbol) public {
^------------------^
crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:470:5: The shadowed declaration is here:
function symbol() public view returns (string memory) {
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:35:3: Warning: Interface functions are implicitly "virtual"
function delegateByType(address delegatee, DelegationType delegationType) external virtual;
^-----------------------------------------------------------------------------------------^
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:40:3: Warning: Interface functions are implicitly "virtual"
function delegate(address delegatee) external virtual;
^----------------------------------------------------^
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:45:3: Warning: Interface functions are implicitly "virtual"
function getDelegateeByType(address delegator, DelegationType delegationType)
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:56:3: Warning: Interface functions are implicitly "virtual"
function getPowerCurrent(address user, DelegationType delegationType)
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:66:3: Warning: Interface functions are implicitly "virtual"
function getPowerAtBlock(
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:75:3: Warning: Interface functions are implicitly "virtual"
function totalSupplyAt(uint256 blockNumber) external virtual view returns (uint256);
^----------------------------------------------------------------------------------^
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:453:5: Warning: Visibility for constructor is ignored. If you want the contract to be non-deployable, making it "abstract" is sufficient.
constructor (string memory name, string memory symbol) public {
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:1161:3: Warning: Visibility for constructor is ignored. If you want the contract to be non-deployable, making it "abstract" is sufficient.
constructor() public ERC20(NAME, SYMBOL) {}
^-----------------------------------------^
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:913:26: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function totalSupplyAt(uint256 blockNumber) external override view returns (uint256) {
^-----------------^
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:1079:5: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
uint128 oldValue,
^--------------^
View warnings for LendingPool at `0xC6845a5C768BF8D7681249f8927877Efda425baf`
WARNING:CryticCompile:Warning: contracts/dependencies/openzeppelin/upgradeability/BaseAdminUpgradeabilityProxy.sol:14:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract BaseAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/dependencies/openzeppelin/upgradeability/AdminUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract AdminUpgradeabilityProxy is BaseAdminUpgradeabilityProxy, UpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/dependencies/openzeppelin/upgradeability/InitializableAdminUpgradeabilityProxy.sol:12:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableAdminUpgradeabilityProxy is
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:16:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract BaseImmutableAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableImmutableAdminUpgradeabilityProxy is
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Info:
View Details
Slither report for InitializableImmutableAdminUpgradeabilityProxy at `0x311Bb771e4F8952E6Da169b425E7e92d6Ac45756` with implementation LendingPoolConfigurator at `0x3a95Ee42f080ff7289C8B4a14EB483a8644d7521`
Warning: contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:16:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract BaseImmutableAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableImmutableAdminUpgradeabilityProxy is
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
InitializableUpgradeabilityProxy.initialize(address,bytes) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20-28) uses delegatecall to a input-controlled function id
- (success) = _logic.delegatecall(_data) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#controlled-delegatecall
BaseImmutableAdminUpgradeabilityProxy.constructor(address).admin (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#19) shadows:
- BaseImmutableAdminUpgradeabilityProxy.admin() (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#34-36) (function)
InitializableImmutableAdminUpgradeabilityProxy.constructor(address).admin (contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol#15) shadows:
- BaseImmutableAdminUpgradeabilityProxy.admin() (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#34-36) (function)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#local-variable-shadowing
InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) lacks a zero-check on :
- (success) = _logic.delegatecall(_data) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
BaseImmutableAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes).newImplementation (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#63) lacks a zero-check on :
- (success) = newImplementation.delegatecall(data) (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#69)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-zero-address-validation
Modifier BaseImmutableAdminUpgradeabilityProxy.ifAdmin() (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#23-29) does not always execute _; or revertReference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-modifier
Address.isContract(address) (contracts/dependencies/openzeppelin/contracts/Address.sol#25-36) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/contracts/Address.sol#32-34)
BaseUpgradeabilityProxy._implementation() (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#31-37) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#34-36)
BaseUpgradeabilityProxy._setImplementation(address) (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#52-64) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#61-63)
Proxy._delegate(address) (contracts/dependencies/openzeppelin/upgradeability/Proxy.sol#31-55) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/upgradeability/Proxy.sol#33-54)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage
Address.sendValue(address,uint256) (contracts/dependencies/openzeppelin/contracts/Address.sol#54-60) is never used and should be removed
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dead-code
Low level call in Address.sendValue(address,uint256) (contracts/dependencies/openzeppelin/contracts/Address.sol#54-60):
- (success) = recipient.call{value: amount}() (contracts/dependencies/openzeppelin/contracts/Address.sol#58)
Low level call in InitializableUpgradeabilityProxy.initialize(address,bytes) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20-28):
- (success) = _logic.delegatecall(_data) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
Low level call in BaseImmutableAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes) (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#63-71):
- (success) = newImplementation.delegatecall(data) (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#69)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) is not in mixedCase
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._data (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) is not in mixedCase
Variable BaseImmutableAdminUpgradeabilityProxy.ADMIN (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#17) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
0x311Bb771e4F8952E6Da169b425E7e92d6Ac45756 analyzed (6 contracts with 75 detectors), 17 result(s) found
Slither report for LendingPoolConfigurator at `0x3a95Ee42f080ff7289C8B4a14EB483a8644d7521`
Warning: contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:16:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract BaseImmutableAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableImmutableAdminUpgradeabilityProxy is
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
InitializableUpgradeabilityProxy.initialize(address,bytes) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20-28) uses delegatecall to a input-controlled function id
- (success) = _logic.delegatecall(_data) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#controlled-delegatecall
LendingPoolConfigurator._checkNoLiquidity(address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#552-561) uses a dangerous strict equality:
- require(bool,string)(availableLiquidity == 0 && reserveData.currentLiquidityRate == 0,Errors.LPC_RESERVE_LIQUIDITY_NOT_0) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#557-560)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dangerous-strict-equalities
BaseImmutableAdminUpgradeabilityProxy.constructor(address).admin (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#19) shadows:
- BaseImmutableAdminUpgradeabilityProxy.admin() (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#34-36) (function)
InitializableImmutableAdminUpgradeabilityProxy.constructor(address).admin (contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol#15) shadows:
- BaseImmutableAdminUpgradeabilityProxy.admin() (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#34-36) (function)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#local-variable-shadowing
InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) lacks a zero-check on :
- (success) = _logic.delegatecall(_data) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
BaseImmutableAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes).newImplementation (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#63) lacks a zero-check on :
- (success) = newImplementation.delegatecall(data) (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#69)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-zero-address-validation
Modifier BaseImmutableAdminUpgradeabilityProxy.ifAdmin() (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#23-29) does not always execute _; or revertReference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-modifier
Reentrancy in LendingPoolConfigurator.activateReserve(address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#421-429):
External calls:
- pool.setConfiguration(asset,currentConfig.data) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#426)
Event emitted after the call(s):
- ReserveActivated(asset) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#428)
Reentrancy in LendingPoolConfigurator.configureReserveAsCollateral(address,uint256,uint256,uint256) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#345-387):
External calls:
- pool.setConfiguration(asset,currentConfig.data) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#384)
Event emitted after the call(s):
- CollateralConfigurationChanged(asset,ltv,liquidationThreshold,liquidationBonus) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#386)
Reentrancy in LendingPoolConfigurator.deactivateReserve(address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#435-445):
External calls:
- pool.setConfiguration(asset,currentConfig.data) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#442)
Event emitted after the call(s):
- ReserveDeactivated(asset) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#444)
Reentrancy in LendingPoolConfigurator.disableBorrowingOnReserve(address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#327-334):
External calls:
- pool.setConfiguration(asset,currentConfig.data) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#332)
Event emitted after the call(s):
- BorrowingDisabledOnReserve(asset) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#333)
Reentrancy in LendingPoolConfigurator.disableReserveStableRate(address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#407-415):
External calls:
- pool.setConfiguration(asset,currentConfig.data) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#412)
Event emitted after the call(s):
- StableRateDisabledOnReserve(asset) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#414)
Reentrancy in LendingPoolConfigurator.enableBorrowingOnReserve(address,bool) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#309-321):
External calls:
- pool.setConfiguration(asset,currentConfig.data) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#318)
Event emitted after the call(s):
- BorrowingEnabledOnReserve(asset,stableBorrowRateEnabled) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#320)
Reentrancy in LendingPoolConfigurator.enableReserveStableRate(address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#393-401):
External calls:
- pool.setConfiguration(asset,currentConfig.data) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#398)
Event emitted after the call(s):
- StableRateEnabledOnReserve(asset) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#400)
Reentrancy in LendingPoolConfigurator.freezeReserve(address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#452-460):
External calls:
- pool.setConfiguration(asset,currentConfig.data) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#457)
Event emitted after the call(s):
- ReserveFrozen(asset) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#459)
Reentrancy in LendingPoolConfigurator.initReserve(address,address,address,uint8,address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#201-263):
External calls:
- aTokenProxyAddress = _initTokenWithProxy(aTokenImpl,underlyingAssetDecimals) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#231)
- proxy.initialize(implementation,params) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#524)
- stableDebtTokenProxyAddress = _initTokenWithProxy(stableDebtTokenImpl,underlyingAssetDecimals) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#233-234)
- proxy.initialize(implementation,params) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#524)
- variableDebtTokenProxyAddress = _initTokenWithProxy(variableDebtTokenImpl,underlyingAssetDecimals) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#236-237)
- proxy.initialize(implementation,params) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#524)
- pool.initReserve(asset,aTokenProxyAddress,stableDebtTokenProxyAddress,variableDebtTokenProxyAddress,interestRateStrategyAddress) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#239-245)
- pool.setConfiguration(asset,currentConfig.data) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#254)
Event emitted after the call(s):
- ReserveInitialized(asset,aTokenProxyAddress,stableDebtTokenProxyAddress,variableDebtTokenProxyAddress,interestRateStrategyAddress) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#256-262)
Reentrancy in LendingPoolConfigurator.setReserveFactor(address,uint256) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#481-489):
External calls:
- pool.setConfiguration(asset,currentConfig.data) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#486)
Event emitted after the call(s):
- ReserveFactorChanged(asset,reserveFactor) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#488)
Reentrancy in LendingPoolConfigurator.setReserveInterestRateStrategyAddress(address,address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#496-502):
External calls:
- pool.setReserveInterestRateStrategyAddress(asset,rateStrategyAddress) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#500)
Event emitted after the call(s):
- ReserveInterestRateStrategyChanged(asset,rateStrategyAddress) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#501)
Reentrancy in LendingPoolConfigurator.unfreezeReserve(address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#466-474):
External calls:
- pool.setConfiguration(asset,currentConfig.data) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#471)
Event emitted after the call(s):
- ReserveUnfrozen(asset) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#473)
Reentrancy in LendingPoolConfigurator.updateAToken(address,address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#270-276):
External calls:
- _upgradeTokenImplementation(asset,reserveData.aTokenAddress,implementation) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#273)
- proxy.upgradeToAndCall(implementation,params) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#549)
Event emitted after the call(s):
- ATokenUpgraded(asset,reserveData.aTokenAddress,implementation) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#275)
Reentrancy in LendingPoolConfigurator.updateStableDebtToken(address,address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#283-289):
External calls:
- _upgradeTokenImplementation(asset,reserveData.stableDebtTokenAddress,implementation) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#286)
- proxy.upgradeToAndCall(implementation,params) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#549)
Event emitted after the call(s):
- StableDebtTokenUpgraded(asset,reserveData.stableDebtTokenAddress,implementation) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#288)
Reentrancy in LendingPoolConfigurator.updateVariableDebtToken(address,address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#296-302):
External calls:
- _upgradeTokenImplementation(asset,reserveData.variableDebtTokenAddress,implementation) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#299)
- proxy.upgradeToAndCall(implementation,params) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#549)
Event emitted after the call(s):
- VariableDebtTokenUpgraded(asset,reserveData.variableDebtTokenAddress,implementation) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#301)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-3
Address.isContract(address) (contracts/dependencies/openzeppelin/contracts/Address.sol#25-36) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/contracts/Address.sol#32-34)
BaseUpgradeabilityProxy._implementation() (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#31-37) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#34-36)
BaseUpgradeabilityProxy._setImplementation(address) (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#52-64) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#61-63)
Proxy._delegate(address) (contracts/dependencies/openzeppelin/upgradeability/Proxy.sol#31-55) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/upgradeability/Proxy.sol#33-54)
VersionedInitializable.isConstructor() (contracts/protocol/libraries/aave-upgradeability/VersionedInitializable.sol#61-73) uses assembly
- INLINE ASM (contracts/protocol/libraries/aave-upgradeability/VersionedInitializable.sol#69-71)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage
Address.sendValue(address,uint256) (contracts/dependencies/openzeppelin/contracts/Address.sol#54-60) is never used and should be removed
PercentageMath.percentDiv(uint256,uint256) (contracts/protocol/libraries/math/PercentageMath.sol#43-53) is never used and should be removed
ReserveConfiguration.getActive(DataTypes.ReserveConfigurationMap) (contracts/protocol/libraries/configuration/ReserveConfiguration.sol#150-152) is never used and should be removed
ReserveConfiguration.getBorrowingEnabled(DataTypes.ReserveConfigurationMap) (contracts/protocol/libraries/configuration/ReserveConfiguration.sol#190-192) is never used and should be removed
ReserveConfiguration.getDecimals(DataTypes.ReserveConfigurationMap) (contracts/protocol/libraries/configuration/ReserveConfiguration.sol#130-132) is never used and should be removed
ReserveConfiguration.getFlags(DataTypes.ReserveConfigurationMap) (contracts/protocol/libraries/configuration/ReserveConfiguration.sol#251-269) is never used and should be removed
ReserveConfiguration.getFlagsMemory(DataTypes.ReserveConfigurationMap) (contracts/protocol/libraries/configuration/ReserveConfiguration.sol#328-344) is never used and should be removed
ReserveConfiguration.getFrozen(DataTypes.ReserveConfigurationMap) (contracts/protocol/libraries/configuration/ReserveConfiguration.sol#170-172) is never used and should be removed
ReserveConfiguration.getLiquidationBonus(DataTypes.ReserveConfigurationMap) (contracts/protocol/libraries/configuration/ReserveConfiguration.sol#106-112) is never used and should be removed
ReserveConfiguration.getLiquidationThreshold(DataTypes.ReserveConfigurationMap) (contracts/protocol/libraries/configuration/ReserveConfiguration.sol#80-86) is never used and should be removed
ReserveConfiguration.getLtv(DataTypes.ReserveConfigurationMap) (contracts/protocol/libraries/configuration/ReserveConfiguration.sol#55-57) is never used and should be removed
ReserveConfiguration.getParams(DataTypes.ReserveConfigurationMap) (contracts/protocol/libraries/configuration/ReserveConfiguration.sol#276-296) is never used and should be removed
ReserveConfiguration.getReserveFactor(DataTypes.ReserveConfigurationMap) (contracts/protocol/libraries/configuration/ReserveConfiguration.sol#242-244) is never used and should be removed
ReserveConfiguration.getStableRateBorrowingEnabled(DataTypes.ReserveConfigurationMap) (contracts/protocol/libraries/configuration/ReserveConfiguration.sol#213-219) is never used and should be removed
SafeMath.add(uint256,uint256) (contracts/dependencies/openzeppelin/contracts/SafeMath.sol#27-32) is never used and should be removed
SafeMath.div(uint256,uint256) (contracts/dependencies/openzeppelin/contracts/SafeMath.sol#101-103) is never used and should be removed
SafeMath.div(uint256,uint256,string) (contracts/dependencies/openzeppelin/contracts/SafeMath.sol#116-127) is never used and should be removed
SafeMath.mod(uint256,uint256) (contracts/dependencies/openzeppelin/contracts/SafeMath.sol#140-142) is never used and should be removed
SafeMath.mod(uint256,uint256,string) (contracts/dependencies/openzeppelin/contracts/SafeMath.sol#155-162) is never used and should be removed
SafeMath.mul(uint256,uint256) (contracts/dependencies/openzeppelin/contracts/SafeMath.sol#76-88) is never used and should be removed
SafeMath.sub(uint256,uint256) (contracts/dependencies/openzeppelin/contracts/SafeMath.sol#43-45) is never used and should be removed
SafeMath.sub(uint256,uint256,string) (contracts/dependencies/openzeppelin/contracts/SafeMath.sol#56-65) is never used and should be removed
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dead-code
Low level call in Address.sendValue(address,uint256) (contracts/dependencies/openzeppelin/contracts/Address.sol#54-60):
- (success) = recipient.call{value: amount}() (contracts/dependencies/openzeppelin/contracts/Address.sol#58)
Low level call in InitializableUpgradeabilityProxy.initialize(address,bytes) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20-28):
- (success) = _logic.delegatecall(_data) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
Low level call in BaseImmutableAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes) (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#63-71):
- (success) = newImplementation.delegatecall(data) (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#69)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) is not in mixedCase
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._data (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) is not in mixedCase
Function ITokenConfiguration.UNDERLYING_ASSET_ADDRESS() (contracts/interfaces/ITokenConfiguration.sol#11) is not in mixedCase
Function ITokenConfiguration.POOL() (contracts/interfaces/ITokenConfiguration.sol#13) is not in mixedCase
Variable BaseImmutableAdminUpgradeabilityProxy.ADMIN (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#17) is not in mixedCase
Variable VersionedInitializable.______gap (contracts/protocol/libraries/aave-upgradeability/VersionedInitializable.sol#76) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
Variable Errors.LP_INCONSISTENT_FLASHLOAN_PARAMS (contracts/protocol/libraries/helpers/Errors.sol#55) is too similar to Errors.VL_INCONSISTENT_FLASHLOAN_PARAMS (contracts/protocol/libraries/helpers/Errors.sol#100)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#variable-names-too-similar
VersionedInitializable.______gap (contracts/protocol/libraries/aave-upgradeability/VersionedInitializable.sol#76) is never used in LendingPoolConfigurator (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#25-562)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unused-state-variable
0x3a95Ee42f080ff7289C8B4a14EB483a8644d7521 analyzed (18 contracts with 75 detectors), 60 result(s) found
Slither report for InitializableImmutableAdminUpgradeabilityProxy at `0x7d2768dE32b0b80b7a3454c06BdAc94A69DDc7A9` with implementation LendingPool at `0xC6845a5C768BF8D7681249f8927877Efda425baf`
Warning: contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:16:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract BaseImmutableAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableImmutableAdminUpgradeabilityProxy is
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
InitializableUpgradeabilityProxy.initialize(address,bytes) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20-28) uses delegatecall to a input-controlled function id
- (success) = _logic.delegatecall(_data) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#controlled-delegatecall
BaseImmutableAdminUpgradeabilityProxy.constructor(address).admin (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#19) shadows:
- BaseImmutableAdminUpgradeabilityProxy.admin() (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#34-36) (function)
InitializableImmutableAdminUpgradeabilityProxy.constructor(address).admin (contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol#15) shadows:
- BaseImmutableAdminUpgradeabilityProxy.admin() (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#34-36) (function)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#local-variable-shadowing
InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) lacks a zero-check on :
- (success) = _logic.delegatecall(_data) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
BaseImmutableAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes).newImplementation (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#63) lacks a zero-check on :
- (success) = newImplementation.delegatecall(data) (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#69)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-zero-address-validation
Modifier BaseImmutableAdminUpgradeabilityProxy.ifAdmin() (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#23-29) does not always execute _; or revertReference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-modifier
Address.isContract(address) (contracts/dependencies/openzeppelin/contracts/Address.sol#25-36) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/contracts/Address.sol#32-34)
BaseUpgradeabilityProxy._implementation() (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#31-37) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#34-36)
BaseUpgradeabilityProxy._setImplementation(address) (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#52-64) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#61-63)
Proxy._delegate(address) (contracts/dependencies/openzeppelin/upgradeability/Proxy.sol#31-55) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/upgradeability/Proxy.sol#33-54)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage
Address.sendValue(address,uint256) (contracts/dependencies/openzeppelin/contracts/Address.sol#54-60) is never used and should be removed
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dead-code
Low level call in Address.sendValue(address,uint256) (contracts/dependencies/openzeppelin/contracts/Address.sol#54-60):
- (success) = recipient.call{value: amount}() (contracts/dependencies/openzeppelin/contracts/Address.sol#58)
Low level call in InitializableUpgradeabilityProxy.initialize(address,bytes) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20-28):
- (success) = _logic.delegatecall(_data) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
Low level call in BaseImmutableAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes) (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#63-71):
- (success) = newImplementation.delegatecall(data) (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#69)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) is not in mixedCase
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._data (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) is not in mixedCase
Variable BaseImmutableAdminUpgradeabilityProxy.ADMIN (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#17) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
0x7d2768dE32b0b80b7a3454c06BdAc94A69DDc7A9 analyzed (6 contracts with 75 detectors), 17 result(s) found
Slither report for InitializableAdminUpgradeabilityProxy at `0x7Fc66500c84A76Ad7e9c93437bFc5Ac33E2DDaE9` with implementation AaveTokenV2 (Aave Token) at `0xC13eac3B4F9EED480045113B7af00F7B5655Ece8`
Warning: contracts/open-zeppelin/Address.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/BaseUpgradeabilityProxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/Proxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/SafeMath.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/UpgradeabilityProxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol:13:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract BaseAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/open-zeppelin/Proxy.sol:15:3: The payable fallback function is defined here.
fallback () payable external {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/open-zeppelin/Proxy.sol:15:3: The payable fallback function is defined here.
fallback () payable external {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/open-zeppelin/InitializableAdminUpgradeabilityProxy.sol:12:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableAdminUpgradeabilityProxy is BaseAdminUpgradeabilityProxy, InitializableUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/open-zeppelin/Proxy.sol:15:3: The payable fallback function is defined here.
fallback () payable external {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/utils/MockTransferHook.sol:9:25: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function onTransfer(address from, address to, uint256 amount) external override {
^----------^
Warning: contracts/utils/MockTransferHook.sol:9:39: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function onTransfer(address from, address to, uint256 amount) external override {
^--------^
Warning: contracts/utils/MockTransferHook.sol:9:51: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function onTransfer(address from, address to, uint256 amount) external override {
^------------^
InitializableUpgradeabilityProxy.initialize(address,bytes) (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#20-28) uses delegatecall to a input-controlled function id
- (success) = _logic.delegatecall(_data) (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#25)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#controlled-delegatecall
LendToAaveMigrator.migrateFromLEND(uint256) (contracts/token/LendToAaveMigrator.sol#61-68) ignores return value by LEND.transferFrom(msg.sender,address(this),amount) (contracts/token/LendToAaveMigrator.sol#65)
LendToAaveMigrator.migrateFromLEND(uint256) (contracts/token/LendToAaveMigrator.sol#61-68) ignores return value by AAVE.transfer(msg.sender,amount.div(LEND_AAVE_RATIO)) (contracts/token/LendToAaveMigrator.sol#66)
DoubleTransferHelper.doubleSend(address,uint256,uint256) (contracts/utils/DoubleTransferHelper.sol#14-17) ignores return value by AAVE.transfer(to,amount1) (contracts/utils/DoubleTransferHelper.sol#15)
DoubleTransferHelper.doubleSend(address,uint256,uint256) (contracts/utils/DoubleTransferHelper.sol#14-17) ignores return value by AAVE.transfer(to,amount2) (contracts/utils/DoubleTransferHelper.sol#16)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unchecked-transfer
AaveToken._writeSnapshot(address,uint128,uint128) (contracts/token/AaveToken.sol#138-153) uses a dangerous strict equality:
- ownerCountOfSnapshots != 0 && snapshotsOwner[ownerCountOfSnapshots.sub(1)].blockNumber == currentBlock (contracts/token/AaveToken.sol#145)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dangerous-strict-equalities
Reentrancy in AaveToken.initialize(address,address,ITransferHook) (contracts/token/AaveToken.sol#59-85):
External calls:
- _mint(migrator,MIGRATION_AMOUNT) (contracts/token/AaveToken.sol#83)
- aaveGovernance.onTransfer(from,to,amount) (contracts/token/AaveToken.sol#181)
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
- aaveGovernance.onTransfer(from,to,amount) (contracts/token/AaveToken.sol#181)
State variables written after the call(s):
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
- _balances[account] = _balances[account].add(amount) (contracts/open-zeppelin/ERC20.sol#235)
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
- _countsSnapshots[owner] = ownerCountOfSnapshots.add(1) (contracts/token/AaveToken.sol#149)
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
- snapshotsOwner[ownerCountOfSnapshots.sub(1)].value = newValue (contracts/token/AaveToken.sol#146)
- snapshotsOwner[ownerCountOfSnapshots] = Snapshot(currentBlock,newValue) (contracts/token/AaveToken.sol#148)
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
- _totalSupply = _totalSupply.add(amount) (contracts/open-zeppelin/ERC20.sol#234)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-1
ERC20.constructor(string,string).name (contracts/open-zeppelin/ERC20.sol#57) shadows:
- ERC20.name() (contracts/open-zeppelin/ERC20.sol#66-68) (function)
ERC20.constructor(string,string).symbol (contracts/open-zeppelin/ERC20.sol#57) shadows:
- ERC20.symbol() (contracts/open-zeppelin/ERC20.sol#74-76) (function)
InitializableAdminUpgradeabilityProxy.initialize(address,address,bytes)._admin (contracts/open-zeppelin/InitializableAdminUpgradeabilityProxy.sol#22) shadows:
- BaseAdminUpgradeabilityProxy._admin() (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#94-99) (function)
MintableErc20.constructor(string,string,uint8).name (contracts/utils/MintableErc20.sol#11) shadows:
- ERC20.name() (contracts/open-zeppelin/ERC20.sol#66-68) (function)
MintableErc20.constructor(string,string,uint8).symbol (contracts/utils/MintableErc20.sol#11) shadows:
- ERC20.symbol() (contracts/open-zeppelin/ERC20.sol#74-76) (function)
MintableErc20.constructor(string,string,uint8).decimals (contracts/utils/MintableErc20.sol#11) shadows:
- ERC20.decimals() (contracts/open-zeppelin/ERC20.sol#91-93) (function)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#local-variable-shadowing
InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#20) lacks a zero-check on :
- (success) = _logic.delegatecall(_data) (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#25)
BaseAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes).newImplementation (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#85) lacks a zero-check on :
- (success) = newImplementation.delegatecall(data) (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#87)
UpgradeabilityProxy.constructor(address,bytes)._logic (contracts/open-zeppelin/UpgradeabilityProxy.sol#19) lacks a zero-check on :
- (success) = _logic.delegatecall(_data) (contracts/open-zeppelin/UpgradeabilityProxy.sol#23)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-zero-address-validation
Modifier BaseAdminUpgradeabilityProxy.ifAdmin() (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#34-40) does not always execute _; or revertReference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-modifier
Reentrancy in AaveToken.initialize(address,address,ITransferHook) (contracts/token/AaveToken.sol#59-85):
External calls:
- _mint(migrator,MIGRATION_AMOUNT) (contracts/token/AaveToken.sol#83)
- aaveGovernance.onTransfer(from,to,amount) (contracts/token/AaveToken.sol#181)
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
- aaveGovernance.onTransfer(from,to,amount) (contracts/token/AaveToken.sol#181)
Event emitted after the call(s):
- SnapshotDone(owner,oldValue,newValue) (contracts/token/AaveToken.sol#152)
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
- Transfer(address(0),account,amount) (contracts/open-zeppelin/ERC20.sol#236)
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
Reentrancy in LendToAaveMigrator.migrateFromLEND(uint256) (contracts/token/LendToAaveMigrator.sol#61-68):
External calls:
- LEND.transferFrom(msg.sender,address(this),amount) (contracts/token/LendToAaveMigrator.sol#65)
- AAVE.transfer(msg.sender,amount.div(LEND_AAVE_RATIO)) (contracts/token/LendToAaveMigrator.sol#66)
Event emitted after the call(s):
- LendMigrated(msg.sender,amount) (contracts/token/LendToAaveMigrator.sol#67)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-3
AaveToken.permit(address,address,uint256,uint256,uint8,bytes32,bytes32) (contracts/token/AaveToken.sol#98-123) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(block.timestamp <= deadline,INVALID_EXPIRATION) (contracts/token/AaveToken.sol#109)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#block-timestamp
Address.isContract(address) (contracts/open-zeppelin/Address.sol#24-33) uses assembly
- INLINE ASM (contracts/open-zeppelin/Address.sol#31)
BaseAdminUpgradeabilityProxy._admin() (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#94-99) uses assembly
- INLINE ASM (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#96-98)
BaseAdminUpgradeabilityProxy._setAdmin(address) (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#105-111) uses assembly
- INLINE ASM (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#108-110)
BaseUpgradeabilityProxy._implementation() (contracts/open-zeppelin/BaseUpgradeabilityProxy.sol#30-35) uses assembly
- INLINE ASM (contracts/open-zeppelin/BaseUpgradeabilityProxy.sol#32-34)
BaseUpgradeabilityProxy._setImplementation(address) (contracts/open-zeppelin/BaseUpgradeabilityProxy.sol#50-58) uses assembly
- INLINE ASM (contracts/open-zeppelin/BaseUpgradeabilityProxy.sol#55-57)
Proxy._delegate(address) (contracts/open-zeppelin/Proxy.sol#30-49) uses assembly
- INLINE ASM (contracts/open-zeppelin/Proxy.sol#31-48)
AaveToken.initialize(address,address,ITransferHook) (contracts/token/AaveToken.sol#59-85) uses assembly
- INLINE ASM (contracts/token/AaveToken.sol#68-70)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage
Address.sendValue(address,uint256) (contracts/open-zeppelin/Address.sol#51-57) is never used and should be removed
Context._msgData() (contracts/open-zeppelin/Context.sol#20-23) is never used and should be removed
ERC20._burn(address,uint256) (contracts/open-zeppelin/ERC20.sol#250-258) is never used and should be removed
SafeMath.mod(uint256,uint256) (contracts/open-zeppelin/SafeMath.sol#131-133) is never used and should be removed
SafeMath.mod(uint256,uint256,string) (contracts/open-zeppelin/SafeMath.sol#146-149) is never used and should be removed
SafeMath.mul(uint256,uint256) (contracts/open-zeppelin/SafeMath.sol#71-83) is never used and should be removed
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dead-code
Low level call in Address.sendValue(address,uint256) (contracts/open-zeppelin/Address.sol#51-57):
- (success) = recipient.call{value: amount}() (contracts/open-zeppelin/Address.sol#55)
Low level call in BaseAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes) (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#85-89):
- (success) = newImplementation.delegatecall(data) (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#87)
Low level call in InitializableUpgradeabilityProxy.initialize(address,bytes) (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#20-28):
- (success) = _logic.delegatecall(_data) (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#25)
Low level call in UpgradeabilityProxy.constructor(address,bytes) (contracts/open-zeppelin/UpgradeabilityProxy.sol#19-26):
- (success) = _logic.delegatecall(_data) (contracts/open-zeppelin/UpgradeabilityProxy.sol#23)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls
DoubleTransferHelper (contracts/utils/DoubleTransferHelper.sol#6-19) should inherit from VersionedInitializable (contracts/utils/VersionedInitializable.sol#18-44)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-inheritance
Variable ERC20._name (contracts/open-zeppelin/ERC20.sol#44) is not in mixedCase
Variable ERC20._symbol (contracts/open-zeppelin/ERC20.sol#45) is not in mixedCase
Parameter InitializableAdminUpgradeabilityProxy.initialize(address,address,bytes)._logic (contracts/open-zeppelin/InitializableAdminUpgradeabilityProxy.sol#22) is not in mixedCase
Parameter InitializableAdminUpgradeabilityProxy.initialize(address,address,bytes)._admin (contracts/open-zeppelin/InitializableAdminUpgradeabilityProxy.sol#22) is not in mixedCase
Parameter InitializableAdminUpgradeabilityProxy.initialize(address,address,bytes)._data (contracts/open-zeppelin/InitializableAdminUpgradeabilityProxy.sol#22) is not in mixedCase
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#20) is not in mixedCase
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._data (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#20) is not in mixedCase
Variable AaveToken._nonces (contracts/token/AaveToken.sol#34) is not in mixedCase
Variable AaveToken._snapshots (contracts/token/AaveToken.sol#36) is not in mixedCase
Variable AaveToken._countsSnapshots (contracts/token/AaveToken.sol#38) is not in mixedCase
Variable AaveToken._aaveGovernance (contracts/token/AaveToken.sol#43) is not in mixedCase
Variable AaveToken.DOMAIN_SEPARATOR (contracts/token/AaveToken.sol#45) is not in mixedCase
Variable LendToAaveMigrator.AAVE (contracts/token/LendToAaveMigrator.sol#17) is not in mixedCase
Variable LendToAaveMigrator.LEND (contracts/token/LendToAaveMigrator.sol#18) is not in mixedCase
Variable LendToAaveMigrator.LEND_AAVE_RATIO (contracts/token/LendToAaveMigrator.sol#19) is not in mixedCase
Variable LendToAaveMigrator._totalLendMigrated (contracts/token/LendToAaveMigrator.sol#22) is not in mixedCase
Variable DoubleTransferHelper.AAVE (contracts/utils/DoubleTransferHelper.sol#8) is not in mixedCase
Variable VersionedInitializable.______gap (contracts/utils/VersionedInitializable.sol#43) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
Redundant expression "this (contracts/open-zeppelin/Context.sol#21)" inContext (contracts/open-zeppelin/Context.sol#15-25)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#redundant-statements
VersionedInitializable.______gap (contracts/utils/VersionedInitializable.sol#43) is never used in AaveToken (contracts/token/AaveToken.sol#13-185)
VersionedInitializable.______gap (contracts/utils/VersionedInitializable.sol#43) is never used in LendToAaveMigrator (contracts/token/LendToAaveMigrator.sol#14-79)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unused-state-variable
0x7Fc66500c84A76Ad7e9c93437bFc5Ac33E2DDaE9 analyzed (19 contracts with 75 detectors), 59 result(s) found
Slither report for LendingPoolAddressesProvider at `0xB53C1a33016B2DC2fF3653530bfF1848a515c8c5`
Warning: contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:16:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract BaseImmutableAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableImmutableAdminUpgradeabilityProxy is
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
InitializableUpgradeabilityProxy.initialize(address,bytes) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20-28) uses delegatecall to a input-controlled function id
- (success) = _logic.delegatecall(_data) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#controlled-delegatecall
Reentrancy in LendingPoolAddressesProvider._updateImpl(bytes32,address) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#194-209):
External calls:
- proxy.initialize(newAddress,params) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#203)
State variables written after the call(s):
- _addresses[id] = address(proxy) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#204)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-1
BaseImmutableAdminUpgradeabilityProxy.constructor(address).admin (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#19) shadows:
- BaseImmutableAdminUpgradeabilityProxy.admin() (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#34-36) (function)
InitializableImmutableAdminUpgradeabilityProxy.constructor(address).admin (contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol#15) shadows:
- BaseImmutableAdminUpgradeabilityProxy.admin() (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#34-36) (function)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#local-variable-shadowing
InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) lacks a zero-check on :
- (success) = _logic.delegatecall(_data) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
BaseImmutableAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes).newImplementation (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#63) lacks a zero-check on :
- (success) = newImplementation.delegatecall(data) (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#69)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-zero-address-validation
Modifier BaseImmutableAdminUpgradeabilityProxy.ifAdmin() (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#23-29) does not always execute _; or revertReference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-modifier
Reentrancy in LendingPoolAddressesProvider._updateImpl(bytes32,address) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#194-209):
External calls:
- proxy.initialize(newAddress,params) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#203)
Event emitted after the call(s):
- ProxyCreated(id,address(proxy)) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#205)
Reentrancy in LendingPoolAddressesProvider.setAddressAsProxy(bytes32,address) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#60-67):
External calls:
- _updateImpl(id,implementationAddress) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#65)
- proxy.initialize(newAddress,params) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#203)
- proxy.upgradeToAndCall(newAddress,params) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#207)
Event emitted after the call(s):
- AddressSet(id,implementationAddress,true) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#66)
Reentrancy in LendingPoolAddressesProvider.setLendingPoolConfiguratorImpl(address) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#119-122):
External calls:
- _updateImpl(LENDING_POOL_CONFIGURATOR,configurator) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#120)
- proxy.initialize(newAddress,params) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#203)
- proxy.upgradeToAndCall(newAddress,params) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#207)
Event emitted after the call(s):
- LendingPoolConfiguratorUpdated(configurator) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#121)
Reentrancy in LendingPoolAddressesProvider.setLendingPoolImpl(address) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#101-104):
External calls:
- _updateImpl(LENDING_POOL,pool) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#102)
- proxy.initialize(newAddress,params) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#203)
- proxy.upgradeToAndCall(newAddress,params) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#207)
Event emitted after the call(s):
- LendingPoolUpdated(pool) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#103)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-3
Address.isContract(address) (contracts/dependencies/openzeppelin/contracts/Address.sol#25-36) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/contracts/Address.sol#32-34)
BaseUpgradeabilityProxy._implementation() (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#31-37) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#34-36)
BaseUpgradeabilityProxy._setImplementation(address) (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#52-64) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#61-63)
Proxy._delegate(address) (contracts/dependencies/openzeppelin/upgradeability/Proxy.sol#31-55) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/upgradeability/Proxy.sol#33-54)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage
Address.sendValue(address,uint256) (contracts/dependencies/openzeppelin/contracts/Address.sol#54-60) is never used and should be removed
Context._msgData() (contracts/dependencies/openzeppelin/contracts/Context.sol#19-22) is never used and should be removed
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dead-code
Low level call in Address.sendValue(address,uint256) (contracts/dependencies/openzeppelin/contracts/Address.sol#54-60):
- (success) = recipient.call{value: amount}() (contracts/dependencies/openzeppelin/contracts/Address.sol#58)
Low level call in InitializableUpgradeabilityProxy.initialize(address,bytes) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20-28):
- (success) = _logic.delegatecall(_data) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
Low level call in BaseImmutableAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes) (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#63-71):
- (success) = newImplementation.delegatecall(data) (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#69)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) is not in mixedCase
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._data (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) is not in mixedCase
Variable BaseImmutableAdminUpgradeabilityProxy.ADMIN (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#17) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
Redundant expression "this (contracts/dependencies/openzeppelin/contracts/Context.sol#20)" inContext (contracts/dependencies/openzeppelin/contracts/Context.sol#14-23)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#redundant-statements
0xB53C1a33016B2DC2fF3653530bfF1848a515c8c5 analyzed (10 contracts with 75 detectors), 24 result(s) found
Slither report for GovernanceStrategy at `0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e`
GovernanceStrategy.constructor(address,address).aave (crytic-export/etherscan-contracts/0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e-GovernanceStrategy.sol#78) lacks a zero-check on :
- AAVE = aave (crytic-export/etherscan-contracts/0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e-GovernanceStrategy.sol#79)
GovernanceStrategy.constructor(address,address).stkAave (crytic-export/etherscan-contracts/0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e-GovernanceStrategy.sol#78) lacks a zero-check on :
- STK_AAVE = stkAave (crytic-export/etherscan-contracts/0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e-GovernanceStrategy.sol#80)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-zero-address-validation
Variable GovernanceStrategy.AAVE (crytic-export/etherscan-contracts/0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e-GovernanceStrategy.sol#70) is not in mixedCase
Variable GovernanceStrategy.STK_AAVE (crytic-export/etherscan-contracts/0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e-GovernanceStrategy.sol#71) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e analyzed (4 contracts with 75 detectors), 4 result(s) found
Slither report for AaveTokenV2 (Aave Token) at `0xC13eac3B4F9EED480045113B7af00F7B5655Ece8`
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:453:18: Warning: This declaration shadows an existing declaration.
constructor (string memory name, string memory symbol) public {
^----------------^
crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:462:5: The shadowed declaration is here:
function name() public view returns (string memory) {
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:453:38: Warning: This declaration shadows an existing declaration.
constructor (string memory name, string memory symbol) public {
^------------------^
crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:470:5: The shadowed declaration is here:
function symbol() public view returns (string memory) {
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:35:3: Warning: Interface functions are implicitly "virtual"
function delegateByType(address delegatee, DelegationType delegationType) external virtual;
^-----------------------------------------------------------------------------------------^
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:40:3: Warning: Interface functions are implicitly "virtual"
function delegate(address delegatee) external virtual;
^----------------------------------------------------^
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:45:3: Warning: Interface functions are implicitly "virtual"
function getDelegateeByType(address delegator, DelegationType delegationType)
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:56:3: Warning: Interface functions are implicitly "virtual"
function getPowerCurrent(address user, DelegationType delegationType)
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:66:3: Warning: Interface functions are implicitly "virtual"
function getPowerAtBlock(
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:75:3: Warning: Interface functions are implicitly "virtual"
function totalSupplyAt(uint256 blockNumber) external virtual view returns (uint256);
^----------------------------------------------------------------------------------^
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:453:5: Warning: Visibility for constructor is ignored. If you want the contract to be non-deployable, making it "abstract" is sufficient.
constructor (string memory name, string memory symbol) public {
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:1161:3: Warning: Visibility for constructor is ignored. If you want the contract to be non-deployable, making it "abstract" is sufficient.
constructor() public ERC20(NAME, SYMBOL) {}
^-----------------------------------------^
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:913:26: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function totalSupplyAt(uint256 blockNumber) external override view returns (uint256) {
^-----------------^
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:1079:5: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
uint128 oldValue,
^--------------^
AaveTokenV2._votingSnapshots (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1136) is never initialized. It is used in:
- AaveTokenV2._getDelegationDataByType(IGovernancePowerDelegationToken.DelegationType) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1253-1272)
AaveTokenV2._votingSnapshotsCounts (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1138) is never initialized. It is used in:
- AaveTokenV2._getDelegationDataByType(IGovernancePowerDelegationToken.DelegationType) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1253-1272)
AaveTokenV2._aaveGovernance (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1143) is never initialized. It is used in:
- AaveTokenV2._beforeTokenTransfer(address,address,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1221-1251)
AaveTokenV2.DOMAIN_SEPARATOR (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1145) is never initialized. It is used in:
- AaveTokenV2.permit(address,address,uint256,uint256,uint8,bytes32,bytes32) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1179-1203)
- AaveTokenV2.delegateByTypeBySig(address,IGovernancePowerDelegationToken.DelegationType,uint256,uint256,uint8,bytes32,bytes32) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1284-1302)
- AaveTokenV2.delegateBySig(address,uint256,uint256,uint8,bytes32,bytes32) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1313-1329)
AaveTokenV2._propositionPowerSnapshots (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1156) is never initialized. It is used in:
- AaveTokenV2._getDelegationDataByType(IGovernancePowerDelegationToken.DelegationType) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1253-1272)
AaveTokenV2._propositionPowerSnapshotsCounts (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1157) is never initialized. It is used in:
- AaveTokenV2._getDelegationDataByType(IGovernancePowerDelegationToken.DelegationType) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1253-1272)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#uninitialized-state-variables
GovernancePowerDelegationERC20._searchByBlockNumber(mapping(address => mapping(uint256 => GovernancePowerDelegationERC20.Snapshot)),mapping(address => uint256),address,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1012-1050) uses a dangerous strict equality:
- snapshot.blockNumber == blockNumber (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1041)
GovernancePowerDelegationERC20._writeSnapshot(mapping(address => mapping(uint256 => GovernancePowerDelegationERC20.Snapshot)),mapping(address => uint256),address,uint128,uint128) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1075-1097) uses a dangerous strict equality:
- ownerSnapshotsCount != 0 && snapshotsOwner[ownerSnapshotsCount - 1].blockNumber == currentBlock (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1089-1090)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dangerous-strict-equalities
ERC20.constructor(string,string).name (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#453) shadows:
- ERC20.name() (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#462-464) (function)
ERC20.constructor(string,string).symbol (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#453) shadows:
- ERC20.symbol() (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#470-472) (function)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#local-variable-shadowing
AaveTokenV2.permit(address,address,uint256,uint256,uint8,bytes32,bytes32) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1179-1203) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(block.timestamp <= deadline,INVALID_EXPIRATION) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1190)
AaveTokenV2.delegateByTypeBySig(address,IGovernancePowerDelegationToken.DelegationType,uint256,uint256,uint8,bytes32,bytes32) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1284-1302) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(block.timestamp <= expiry,INVALID_EXPIRATION) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1300)
AaveTokenV2.delegateBySig(address,uint256,uint256,uint8,bytes32,bytes32) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1313-1329) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(block.timestamp <= expiry,INVALID_EXPIRATION) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1326)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#block-timestamp
Address.isContract(address) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#368-379) uses assembly
- INLINE ASM (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#375-377)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage
Address.isContract(address) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#368-379) is never used and should be removed
Address.sendValue(address,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#397-403) is never used and should be removed
Context._msgData() (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#94-97) is never used and should be removed
ERC20._beforeTokenTransfer(address,address,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#702) is never used and should be removed
ERC20._burn(address,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#646-654) is never used and should be removed
ERC20._mint(address,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#625-633) is never used and should be removed
ERC20._setupDecimals(uint8) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#684-686) is never used and should be removed
SafeERC20.callOptionalReturn(IERC20,bytes) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#757-769) is never used and should be removed
SafeERC20.safeApprove(IERC20,address,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#745-755) is never used and should be removed
SafeERC20.safeTransfer(IERC20,address,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#728-734) is never used and should be removed
SafeERC20.safeTransferFrom(IERC20,address,address,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#736-743) is never used and should be removed
SafeMath.div(uint256,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#280-282) is never used and should be removed
SafeMath.div(uint256,uint256,string) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#295-306) is never used and should be removed
SafeMath.mod(uint256,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#319-321) is never used and should be removed
SafeMath.mod(uint256,uint256,string) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#334-341) is never used and should be removed
SafeMath.mul(uint256,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#255-267) is never used and should be removed
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dead-code
Low level call in Address.sendValue(address,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#397-403):
- (success) = recipient.call{value: amount}() (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#401)
Low level call in SafeERC20.callOptionalReturn(IERC20,bytes) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#757-769):
- (success,returndata) = address(token).call(data) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#761)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls
Variable ERC20._name (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#440) is not in mixedCase
Variable ERC20._symbol (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#441) is not in mixedCase
Variable VersionedInitializable.______gap (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#809) is not in mixedCase
Variable AaveTokenV2._nonces (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1134) is not in mixedCase
Variable AaveTokenV2._votingSnapshots (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1136) is not in mixedCase
Variable AaveTokenV2._votingSnapshotsCounts (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1138) is not in mixedCase
Variable AaveTokenV2._aaveGovernance (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1143) is not in mixedCase
Variable AaveTokenV2.DOMAIN_SEPARATOR (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1145) is not in mixedCase
Variable AaveTokenV2._votingDelegates (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1154) is not in mixedCase
Variable AaveTokenV2._propositionPowerSnapshots (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1156) is not in mixedCase
Variable AaveTokenV2._propositionPowerSnapshotsCounts (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1157) is not in mixedCase
Variable AaveTokenV2._propositionPowerDelegates (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1159) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
Redundant expression "this (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#95)" inContext (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#89-98)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#redundant-statements
VersionedInitializable.______gap (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#809) is never used in AaveTokenV2 (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1124-1331)
AaveTokenV2.DECIMALS (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1129) is never used in AaveTokenV2 (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1124-1331)
AaveTokenV2.EIP712_DOMAIN (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1147-1149) is never used in AaveTokenV2 (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1124-1331)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unused-state-variable
0xC13eac3B4F9EED480045113B7af00F7B5655Ece8 analyzed (11 contracts with 75 detectors), 48 result(s) found
Slither report for LendingPool at `0xC6845a5C768BF8D7681249f8927877Efda425baf`
Warning: contracts/dependencies/openzeppelin/upgradeability/BaseAdminUpgradeabilityProxy.sol:14:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract BaseAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/dependencies/openzeppelin/upgradeability/AdminUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract AdminUpgradeabilityProxy is BaseAdminUpgradeabilityProxy, UpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/dependencies/openzeppelin/upgradeability/InitializableAdminUpgradeabilityProxy.sol:12:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableAdminUpgradeabilityProxy is
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol:16:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract BaseImmutableAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableImmutableAdminUpgradeabilityProxy is
^ (Relevant source part starts here and spans across multiple lines).
contracts/dependencies/openzeppelin/upgradeability/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
LendingPool.flashLoan(address,address[],uint256[],uint256[],address,bytes,uint16) (contracts/protocol/lendingpool/LendingPool.sol#481-562) uses arbitrary from in transferFrom: IERC20(vars.currentAsset).safeTransferFrom(receiverAddress,vars.currentATokenAddress,vars.currentAmountPlusPremium) (contracts/protocol/lendingpool/LendingPool.sol#532-536)
Reference: https://github.com/trailofbits/slither/wiki/Detector-Documentation#arbitrary-send-erc20
InitializableUpgradeabilityProxy.initialize(address,bytes) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20-28) uses delegatecall to a input-controlled function id
- (success) = _logic.delegatecall(_data) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#controlled-delegatecall
WETHGateway.withdrawETH(uint256,address) (contracts/misc/WETHGateway.sol#53-65) ignores return value by aWETH.transferFrom(msg.sender,address(this),amountToWithdraw) (contracts/misc/WETHGateway.sol#61)
WETHGateway.emergencyTokenTransfer(address,address,uint256) (contracts/misc/WETHGateway.sol#130-136) ignores return value by IERC20(token).transfer(to,amount) (contracts/misc/WETHGateway.sol#135)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unchecked-transfer
AToken.DOMAIN_SEPARATOR (contracts/protocol/tokenization/AToken.sol#37) is never initialized. It is used in:
- AToken.permit(address,address,uint256,uint256,uint8,bytes32,bytes32) (contracts/protocol/tokenization/AToken.sol#268-292)
LendingPoolStorage._addressesProvider (contracts/protocol/lendingpool/LendingPoolStorage.sol#15) is never initialized. It is used in:
- LendingPoolCollateralManager.liquidationCall(address,address,address,uint256,bool) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#81-245)
- LendingPoolCollateralManager._calculateAvailableCollateralToLiquidate(DataTypes.ReserveData,DataTypes.ReserveData,address,address,uint256,uint256) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#272-316)
LendingPoolStorage._usersConfig (contracts/protocol/lendingpool/LendingPoolStorage.sol#18) is never initialized. It is used in:
- LendingPoolCollateralManager.liquidationCall(address,address,address,uint256,bool) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#81-245)
LendingPoolStorage._reservesCount (contracts/protocol/lendingpool/LendingPoolStorage.sol#23) is never initialized. It is used in:
- LendingPoolCollateralManager.liquidationCall(address,address,address,uint256,bool) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#81-245)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#uninitialized-state-variables
LendingPool (contracts/protocol/lendingpool/LendingPool.sol#46-923) is an upgradeable contract that does not protect its initialize functions: LendingPool.initialize(ILendingPoolAddressesProvider) (contracts/protocol/lendingpool/LendingPool.sol#90-92). Anyone can delete the contract with: LendingPool.liquidationCall(address,address,address,uint256,bool) (contracts/protocol/lendingpool/LendingPool.sol#424-450)Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unprotected-upgradeable-contract
GenericLogic.calculateUserAccountData(address,mapping(address => DataTypes.ReserveData),DataTypes.UserConfigurationMap,mapping(uint256 => address),uint256,address) (contracts/protocol/libraries/logic/GenericLogic.sol#150-235) performs a multiplication on the result of a division:
- liquidityBalanceETH = vars.reserveUnitPrice.mul(vars.compoundedLiquidityBalance).div(vars.tokenUnit) (contracts/protocol/libraries/logic/GenericLogic.sol#191-192)
- vars.avgLtv = vars.avgLtv.add(liquidityBalanceETH.mul(vars.ltv)) (contracts/protocol/libraries/logic/GenericLogic.sol#196)
GenericLogic.calculateUserAccountData(address,mapping(address => DataTypes.ReserveData),DataTypes.UserConfigurationMap,mapping(uint256 => address),uint256,address) (contracts/protocol/libraries/logic/GenericLogic.sol#150-235) performs a multiplication on the result of a division:
- liquidityBalanceETH = vars.reserveUnitPrice.mul(vars.compoundedLiquidityBalance).div(vars.tokenUnit) (contracts/protocol/libraries/logic/GenericLogic.sol#191-192)
- vars.avgLiquidationThreshold = vars.avgLiquidationThreshold.add(liquidityBalanceETH.mul(vars.liquidationThreshold)) (contracts/protocol/libraries/logic/GenericLogic.sol#197-199)
MathUtils.calculateCompoundedInterest(uint256,uint40,uint256) (contracts/protocol/libraries/math/MathUtils.sol#45-70) performs a multiplication on the result of a division:
- ratePerSecond = rate / SECONDS_PER_YEAR (contracts/protocol/libraries/math/MathUtils.sol#61)
- WadRayMath.ray().add(ratePerSecond.mul(exp)).add(secondTerm).add(thirdTerm) (contracts/protocol/libraries/math/MathUtils.sol#69)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#divide-before-multiply
MathUtils.calculateCompoundedInterest(uint256,uint40,uint256) (contracts/protocol/libraries/math/MathUtils.sol#45-70) uses a dangerous strict equality:
- exp == 0 (contracts/protocol/libraries/math/MathUtils.sol#53)
GenericLogic.calculateHealthFactorFromBalances(uint256,uint256,uint256) (contracts/protocol/libraries/logic/GenericLogic.sol#244-252) uses a dangerous strict equality:
- totalDebtInETH == 0 (contracts/protocol/libraries/logic/GenericLogic.sol#249)
LendingPool.withdraw(address,uint256,address) (contracts/protocol/lendingpool/LendingPool.sol#143-185) uses a dangerous strict equality:
- amountToWithdraw == userBalance (contracts/protocol/lendingpool/LendingPool.sol#175)
LendingPoolCollateralManager.liquidationCall(address,address,address,uint256,bool) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#81-245) uses a dangerous strict equality:
- vars.liquidatorPreviousATokenBalance == 0 (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#197)
LendingPoolCollateralManager.liquidationCall(address,address,address,uint256,bool) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#81-245) uses a dangerous strict equality:
- vars.maxCollateralToLiquidate == vars.userCollateralBalance (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#222)
LendingPoolConfigurator._checkNoLiquidity(address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#552-561) uses a dangerous strict equality:
- require(bool,string)(availableLiquidity == 0 && reserveData.currentLiquidityRate == 0,Errors.LPC_RESERVE_LIQUIDITY_NOT_0) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#557-560)
GenericLogic.balanceDecreaseAllowed(address,address,uint256,mapping(address => DataTypes.ReserveData),DataTypes.UserConfigurationMap,mapping(uint256 => address),uint256,address) (contracts/protocol/libraries/logic/GenericLogic.sol#55-116) uses a dangerous strict equality:
- vars.liquidationThreshold == 0 (contracts/protocol/libraries/logic/GenericLogic.sol#75)
GenericLogic.balanceDecreaseAllowed(address,address,uint256,mapping(address => DataTypes.ReserveData),DataTypes.UserConfigurationMap,mapping(uint256 => address),uint256,address) (contracts/protocol/libraries/logic/GenericLogic.sol#55-116) uses a dangerous strict equality:
- vars.totalDebtInETH == 0 (contracts/protocol/libraries/logic/GenericLogic.sol#87)
GenericLogic.balanceDecreaseAllowed(address,address,uint256,mapping(address => DataTypes.ReserveData),DataTypes.UserConfigurationMap,mapping(uint256 => address),uint256,address) (contracts/protocol/libraries/logic/GenericLogic.sol#55-116) uses a dangerous strict equality:
- vars.collateralBalanceAfterDecrease == 0 (contracts/protocol/libraries/logic/GenericLogic.sol#98)
ReserveLogic.getNormalizedDebt(DataTypes.ReserveData) (contracts/protocol/libraries/logic/ReserveLogic.sol#85-104) uses a dangerous strict equality:
- timestamp == uint40(block.timestamp) (contracts/protocol/libraries/logic/ReserveLogic.sol#93)
ReserveLogic.getNormalizedIncome(DataTypes.ReserveData) (contracts/protocol/libraries/logic/ReserveLogic.sol#57-76) uses a dangerous strict equality:
- timestamp == uint40(block.timestamp) (contracts/protocol/libraries/logic/ReserveLogic.sol#65)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dangerous-strict-equalities
Reentrancy in LendingPoolAddressesProvider._updateImpl(bytes32,address) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#194-209):
External calls:
- proxy.initialize(newAddress,params) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#203)
State variables written after the call(s):
- _addresses[id] = address(proxy) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#204)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-1
LendingPool.flashLoan(address,address[],uint256[],uint256[],address,bytes,uint16).vars (contracts/protocol/lendingpool/LendingPool.sol#490) is a local variable never initialized
LendingPoolCollateralManager._calculateAvailableCollateralToLiquidate(DataTypes.ReserveData,DataTypes.ReserveData,address,address,uint256,uint256).vars (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#284) is a local variable never initialized
GenericLogic.balanceDecreaseAllowed(address,address,uint256,mapping(address => DataTypes.ReserveData),DataTypes.UserConfigurationMap,mapping(uint256 => address),uint256,address).vars (contracts/protocol/libraries/logic/GenericLogic.sol#69) is a local variable never initialized
ReserveLogic._mintToTreasury(DataTypes.ReserveData,uint256,uint256,uint256,uint256,uint40).vars (contracts/protocol/libraries/logic/ReserveLogic.sol#282) is a local variable never initialized
ValidationLogic.validateBorrow(address,DataTypes.ReserveData,address,uint256,uint256,uint256,uint256,mapping(address => DataTypes.ReserveData),DataTypes.UserConfigurationMap,mapping(uint256 => address),uint256,address).vars (contracts/protocol/libraries/logic/ValidationLogic.sol#134) is a local variable never initialized
LendingPoolCollateralManager.liquidationCall(address,address,address,uint256,bool).vars (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#92) is a local variable never initialized
DefaultReserveInterestRateStrategy.calculateInterestRates(address,uint256,uint256,uint256,uint256,uint256).vars (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#134) is a local variable never initialized
StableDebtToken.mint(address,address,uint256,uint256).vars (contracts/protocol/tokenization/StableDebtToken.sol#107) is a local variable never initialized
GenericLogic.calculateUserAccountData(address,mapping(address => DataTypes.ReserveData),DataTypes.UserConfigurationMap,mapping(uint256 => address),uint256,address).vars (contracts/protocol/libraries/logic/GenericLogic.sol#168) is a local variable never initialized
ReserveLogic.updateInterestRates(DataTypes.ReserveData,address,address,uint256,uint256).vars (contracts/protocol/libraries/logic/ReserveLogic.sol#205) is a local variable never initialized
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#uninitialized-local-variables
WETHGateway.constructor(address,address) (contracts/misc/WETHGateway.sol#29-35) ignores return value by IWETH(weth).approve(pool,uint256(- 1)) (contracts/misc/WETHGateway.sol#34)
WETHGateway.withdrawETH(uint256,address) (contracts/misc/WETHGateway.sol#53-65) ignores return value by POOL.withdraw(address(WETH),amountToWithdraw,address(this)) (contracts/misc/WETHGateway.sol#62)
WETHGateway.repayETH(uint256,uint256,address) (contracts/misc/WETHGateway.sol#73-95) ignores return value by POOL.repay(address(WETH),msg.value,rateMode,onBehalfOf) (contracts/misc/WETHGateway.sol#91)
MockFlashLoanReceiver.executeOperation(address[],uint256[],uint256[],address,bytes) (contracts/mocks/flashloan/MockFlashLoanReceiver.sol#46-84) ignores return value by token.mint(premiums[i]) (contracts/mocks/flashloan/MockFlashLoanReceiver.sol#76)
MockFlashLoanReceiver.executeOperation(address[],uint256[],uint256[],address,bytes) (contracts/mocks/flashloan/MockFlashLoanReceiver.sol#46-84) ignores return value by IERC20(assets[i]).approve(address(LENDING_POOL),amountToReturn) (contracts/mocks/flashloan/MockFlashLoanReceiver.sol#78)
LendingPool.swapBorrowRateMode(address,uint256) (contracts/protocol/lendingpool/LendingPool.sol#296-338) ignores return value by IVariableDebtToken(reserve.variableDebtTokenAddress).mint(msg.sender,msg.sender,stableDebt,reserve.variableBorrowIndex) (contracts/protocol/lendingpool/LendingPool.sol#315-320)
LendingPool.swapBorrowRateMode(address,uint256) (contracts/protocol/lendingpool/LendingPool.sol#296-338) ignores return value by IStableDebtToken(reserve.stableDebtTokenAddress).mint(msg.sender,msg.sender,variableDebt,reserve.currentStableBorrowRate) (contracts/protocol/lendingpool/LendingPool.sol#327-332)
LendingPool.rebalanceStableBorrowRate(address,address) (contracts/protocol/lendingpool/LendingPool.sol#349-379) ignores return value by IStableDebtToken(address(stableDebtToken)).mint(user,user,stableDebt,reserve.currentStableBorrowRate) (contracts/protocol/lendingpool/LendingPool.sol#369-374)
LendingPool.flashLoan(address,address[],uint256[],uint256[],address,bytes,uint16) (contracts/protocol/lendingpool/LendingPool.sol#481-562) ignores return value by IAToken(aTokenAddresses[vars.i]).transferUnderlyingTo(receiverAddress,amounts[vars.i]) (contracts/protocol/lendingpool/LendingPool.sol#504)
LendingPool._executeBorrow(LendingPool.ExecuteBorrowParams) (contracts/protocol/lendingpool/LendingPool.sol#832-907) ignores return value by IAToken(vars.aTokenAddress).transferUnderlyingTo(vars.user,vars.amount) (contracts/protocol/lendingpool/LendingPool.sol#893)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unused-return
ERC20.constructor(string,string).name (contracts/dependencies/openzeppelin/contracts/ERC20.sol#57) shadows:
- ERC20.name() (contracts/dependencies/openzeppelin/contracts/ERC20.sol#66-68) (function)
ERC20.constructor(string,string).symbol (contracts/dependencies/openzeppelin/contracts/ERC20.sol#57) shadows:
- ERC20.symbol() (contracts/dependencies/openzeppelin/contracts/ERC20.sol#74-76) (function)
AdminUpgradeabilityProxy.constructor(address,address,bytes)._admin (contracts/dependencies/openzeppelin/upgradeability/AdminUpgradeabilityProxy.sol#23) shadows:
- BaseAdminUpgradeabilityProxy._admin() (contracts/dependencies/openzeppelin/upgradeability/BaseAdminUpgradeabilityProxy.sol#98-104) (function)
InitializableAdminUpgradeabilityProxy.initialize(address,address,bytes).admin (contracts/dependencies/openzeppelin/upgradeability/InitializableAdminUpgradeabilityProxy.sol#27) shadows:
- BaseAdminUpgradeabilityProxy.admin() (contracts/dependencies/openzeppelin/upgradeability/BaseAdminUpgradeabilityProxy.sol#45-47) (function)
MockFlashLoanReceiver.setAmountToApprove(uint256).amountToApprove (contracts/mocks/flashloan/MockFlashLoanReceiver.sol#30) shadows:
- MockFlashLoanReceiver.amountToApprove() (contracts/mocks/flashloan/MockFlashLoanReceiver.sol#38-40) (function)
MintableDelegationERC20.constructor(string,string,uint8).name (contracts/mocks/tokens/MintableDelegationERC20.sol#14) shadows:
- ERC20.name() (contracts/dependencies/openzeppelin/contracts/ERC20.sol#66-68) (function)
MintableDelegationERC20.constructor(string,string,uint8).symbol (contracts/mocks/tokens/MintableDelegationERC20.sol#15) shadows:
- ERC20.symbol() (contracts/dependencies/openzeppelin/contracts/ERC20.sol#74-76) (function)
MintableDelegationERC20.constructor(string,string,uint8).decimals (contracts/mocks/tokens/MintableDelegationERC20.sol#16) shadows:
- ERC20.decimals() (contracts/dependencies/openzeppelin/contracts/ERC20.sol#91-93) (function)
MintableERC20.constructor(string,string,uint8).name (contracts/mocks/tokens/MintableERC20.sol#12) shadows:
- ERC20.name() (contracts/dependencies/openzeppelin/contracts/ERC20.sol#66-68) (function)
MintableERC20.constructor(string,string,uint8).symbol (contracts/mocks/tokens/MintableERC20.sol#13) shadows:
- ERC20.symbol() (contracts/dependencies/openzeppelin/contracts/ERC20.sol#74-76) (function)
MintableERC20.constructor(string,string,uint8).decimals (contracts/mocks/tokens/MintableERC20.sol#14) shadows:
- ERC20.decimals() (contracts/dependencies/openzeppelin/contracts/ERC20.sol#91-93) (function)
DefaultReserveInterestRateStrategy.constructor(ILendingPoolAddressesProvider,uint256,uint256,uint256,uint256,uint256,uint256).baseVariableBorrowRate (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#59) shadows:
- DefaultReserveInterestRateStrategy.baseVariableBorrowRate() (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#91-93) (function)
- IReserveInterestRateStrategy.baseVariableBorrowRate() (contracts/interfaces/IReserveInterestRateStrategy.sol#10) (function)
DefaultReserveInterestRateStrategy.constructor(ILendingPoolAddressesProvider,uint256,uint256,uint256,uint256,uint256,uint256).variableRateSlope1 (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#60) shadows:
- DefaultReserveInterestRateStrategy.variableRateSlope1() (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#75-77) (function)
DefaultReserveInterestRateStrategy.constructor(ILendingPoolAddressesProvider,uint256,uint256,uint256,uint256,uint256,uint256).variableRateSlope2 (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#61) shadows:
- DefaultReserveInterestRateStrategy.variableRateSlope2() (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#79-81) (function)
DefaultReserveInterestRateStrategy.constructor(ILendingPoolAddressesProvider,uint256,uint256,uint256,uint256,uint256,uint256).stableRateSlope1 (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#62) shadows:
- DefaultReserveInterestRateStrategy.stableRateSlope1() (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#83-85) (function)
DefaultReserveInterestRateStrategy.constructor(ILendingPoolAddressesProvider,uint256,uint256,uint256,uint256,uint256,uint256).stableRateSlope2 (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#63) shadows:
- DefaultReserveInterestRateStrategy.stableRateSlope2() (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#87-89) (function)
BaseImmutableAdminUpgradeabilityProxy.constructor(address).admin (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#19) shadows:
- BaseImmutableAdminUpgradeabilityProxy.admin() (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#34-36) (function)
InitializableImmutableAdminUpgradeabilityProxy.constructor(address).admin (contracts/protocol/libraries/aave-upgradeability/InitializableImmutableAdminUpgradeabilityProxy.sol#15) shadows:
- BaseImmutableAdminUpgradeabilityProxy.admin() (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#34-36) (function)
IncentivizedERC20.constructor(string,string,uint8,address).name (contracts/protocol/tokenization/IncentivizedERC20.sol#29) shadows:
- IncentivizedERC20.name() (contracts/protocol/tokenization/IncentivizedERC20.sol#43-45) (function)
- IERC20Detailed.name() (contracts/dependencies/openzeppelin/contracts/IERC20Detailed.sol#7) (function)
IncentivizedERC20.constructor(string,string,uint8,address).symbol (contracts/protocol/tokenization/IncentivizedERC20.sol#30) shadows:
- IncentivizedERC20.symbol() (contracts/protocol/tokenization/IncentivizedERC20.sol#50-52) (function)
- IERC20Detailed.symbol() (contracts/dependencies/openzeppelin/contracts/IERC20Detailed.sol#9) (function)
IncentivizedERC20.constructor(string,string,uint8,address).decimals (contracts/protocol/tokenization/IncentivizedERC20.sol#31) shadows:
- IncentivizedERC20.decimals() (contracts/protocol/tokenization/IncentivizedERC20.sol#57-59) (function)
- IERC20Detailed.decimals() (contracts/dependencies/openzeppelin/contracts/IERC20Detailed.sol#11) (function)
StableDebtToken.constructor(address,address,string,string,address).name (contracts/protocol/tokenization/StableDebtToken.sol#29) shadows:
- IncentivizedERC20.name() (contracts/protocol/tokenization/IncentivizedERC20.sol#43-45) (function)
- IERC20Detailed.name() (contracts/dependencies/openzeppelin/contracts/IERC20Detailed.sol#7) (function)
StableDebtToken.constructor(address,address,string,string,address).symbol (contracts/protocol/tokenization/StableDebtToken.sol#30) shadows:
- IncentivizedERC20.symbol() (contracts/protocol/tokenization/IncentivizedERC20.sol#50-52) (function)
- IERC20Detailed.symbol() (contracts/dependencies/openzeppelin/contracts/IERC20Detailed.sol#9) (function)
VariableDebtToken.constructor(address,address,string,string,address).name (contracts/protocol/tokenization/VariableDebtToken.sol#23) shadows:
- IncentivizedERC20.name() (contracts/protocol/tokenization/IncentivizedERC20.sol#43-45) (function)
- IERC20Detailed.name() (contracts/dependencies/openzeppelin/contracts/IERC20Detailed.sol#7) (function)
VariableDebtToken.constructor(address,address,string,string,address).symbol (contracts/protocol/tokenization/VariableDebtToken.sol#24) shadows:
- IncentivizedERC20.symbol() (contracts/protocol/tokenization/IncentivizedERC20.sol#50-52) (function)
- IERC20Detailed.symbol() (contracts/dependencies/openzeppelin/contracts/IERC20Detailed.sol#9) (function)
DebtTokenBase.constructor(address,address,string,string,address).name (contracts/protocol/tokenization/base/DebtTokenBase.sol#43) shadows:
- IncentivizedERC20.name() (contracts/protocol/tokenization/IncentivizedERC20.sol#43-45) (function)
- IERC20Detailed.name() (contracts/dependencies/openzeppelin/contracts/IERC20Detailed.sol#7) (function)
DebtTokenBase.constructor(address,address,string,string,address).symbol (contracts/protocol/tokenization/base/DebtTokenBase.sol#44) shadows:
- IncentivizedERC20.symbol() (contracts/protocol/tokenization/IncentivizedERC20.sol#50-52) (function)
- IERC20Detailed.symbol() (contracts/dependencies/openzeppelin/contracts/IERC20Detailed.sol#9) (function)
DebtTokenBase.initialize(uint8,string,string).decimals (contracts/protocol/tokenization/base/DebtTokenBase.sol#58) shadows:
- IncentivizedERC20.decimals() (contracts/protocol/tokenization/IncentivizedERC20.sol#57-59) (function)
- IERC20Detailed.decimals() (contracts/dependencies/openzeppelin/contracts/IERC20Detailed.sol#11) (function)
DebtTokenBase.initialize(uint8,string,string).name (contracts/protocol/tokenization/base/DebtTokenBase.sol#59) shadows:
- IncentivizedERC20.name() (contracts/protocol/tokenization/IncentivizedERC20.sol#43-45) (function)
- IERC20Detailed.name() (contracts/dependencies/openzeppelin/contracts/IERC20Detailed.sol#7) (function)
DebtTokenBase.initialize(uint8,string,string).symbol (contracts/protocol/tokenization/base/DebtTokenBase.sol#60) shadows:
- IncentivizedERC20.symbol() (contracts/protocol/tokenization/IncentivizedERC20.sol#50-52) (function)
- IERC20Detailed.symbol() (contracts/dependencies/openzeppelin/contracts/IERC20Detailed.sol#9) (function)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#local-variable-shadowing
UpgradeabilityProxy.constructor(address,bytes)._logic (contracts/dependencies/openzeppelin/upgradeability/UpgradeabilityProxy.sol#20) lacks a zero-check on :
- (success) = _logic.delegatecall(_data) (contracts/dependencies/openzeppelin/upgradeability/UpgradeabilityProxy.sol#24)
BaseAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes).newImplementation (contracts/dependencies/openzeppelin/upgradeability/BaseAdminUpgradeabilityProxy.sol#85) lacks a zero-check on :
- (success) = newImplementation.delegatecall(data) (contracts/dependencies/openzeppelin/upgradeability/BaseAdminUpgradeabilityProxy.sol#91)
InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) lacks a zero-check on :
- (success) = _logic.delegatecall(_data) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
ATokensAndRatesHelper.constructor(address,address,address)._pool (contracts/deployments/ATokensAndRatesHelper.sol#24) lacks a zero-check on :
- pool = _pool (contracts/deployments/ATokensAndRatesHelper.sol#28)
ATokensAndRatesHelper.constructor(address,address,address)._addressesProvider (contracts/deployments/ATokensAndRatesHelper.sol#25) lacks a zero-check on :
- addressesProvider = _addressesProvider (contracts/deployments/ATokensAndRatesHelper.sol#29)
ATokensAndRatesHelper.constructor(address,address,address)._poolConfigurator (contracts/deployments/ATokensAndRatesHelper.sol#26) lacks a zero-check on :
- poolConfigurator = _poolConfigurator (contracts/deployments/ATokensAndRatesHelper.sol#30)
StableAndVariableTokensHelper.constructor(address,address)._pool (contracts/deployments/StableAndVariableTokensHelper.sol#16) lacks a zero-check on :
- pool = _pool (contracts/deployments/StableAndVariableTokensHelper.sol#17)
StableAndVariableTokensHelper.constructor(address,address)._addressesProvider (contracts/deployments/StableAndVariableTokensHelper.sol#16) lacks a zero-check on :
- addressesProvider = _addressesProvider (contracts/deployments/StableAndVariableTokensHelper.sol#18)
AaveOracle.constructor(address[],address[],address,address).weth (contracts/misc/AaveOracle.sol#38) lacks a zero-check on :
- WETH = weth (contracts/misc/AaveOracle.sol#42)
MintableDelegationERC20.delegate(address).delegateeAddress (contracts/mocks/tokens/MintableDelegationERC20.sol#31) lacks a zero-check on :
- delegatee = delegateeAddress (contracts/mocks/tokens/MintableDelegationERC20.sol#32)
AToken.constructor(ILendingPool,address,address,string,string,address).underlyingAssetAddress (contracts/protocol/tokenization/AToken.sol#46) lacks a zero-check on :
- UNDERLYING_ASSET_ADDRESS = underlyingAssetAddress (contracts/protocol/tokenization/AToken.sol#53)
AToken.constructor(ILendingPool,address,address,string,string,address).reserveTreasuryAddress (contracts/protocol/tokenization/AToken.sol#47) lacks a zero-check on :
- RESERVE_TREASURY_ADDRESS = reserveTreasuryAddress (contracts/protocol/tokenization/AToken.sol#54)
LendingPool.liquidationCall(address,address,address,uint256,bool).user (contracts/protocol/lendingpool/LendingPool.sol#427) lacks a zero-check on :
- (success,result) = collateralManager.delegatecall(abi.encodeWithSignature(liquidationCall(address,address,address,uint256,bool),collateralAsset,debtAsset,user,debtToCover,receiveAToken)) (contracts/protocol/lendingpool/LendingPool.sol#434-444)
LendingPool.liquidationCall(address,address,address,uint256,bool).debtAsset (contracts/protocol/lendingpool/LendingPool.sol#426) lacks a zero-check on :
- (success,result) = collateralManager.delegatecall(abi.encodeWithSignature(liquidationCall(address,address,address,uint256,bool),collateralAsset,debtAsset,user,debtToCover,receiveAToken)) (contracts/protocol/lendingpool/LendingPool.sol#434-444)
LendingPool.liquidationCall(address,address,address,uint256,bool).collateralAsset (contracts/protocol/lendingpool/LendingPool.sol#425) lacks a zero-check on :
- (success,result) = collateralManager.delegatecall(abi.encodeWithSignature(liquidationCall(address,address,address,uint256,bool),collateralAsset,debtAsset,user,debtToCover,receiveAToken)) (contracts/protocol/lendingpool/LendingPool.sol#434-444)
BaseImmutableAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes).newImplementation (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#63) lacks a zero-check on :
- (success) = newImplementation.delegatecall(data) (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#69)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-zero-address-validation
Modifier BaseAdminUpgradeabilityProxy.ifAdmin() (contracts/dependencies/openzeppelin/upgradeability/BaseAdminUpgradeabilityProxy.sol#34-40) does not always execute _; or revertModifier BaseImmutableAdminUpgradeabilityProxy.ifAdmin() (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#23-29) does not always execute _; or revertReference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-modifier
ATokensAndRatesHelper.initReserve(address[],address[],address[],address[],uint8[]) (contracts/deployments/ATokensAndRatesHelper.sol#69-90) has external calls inside a loop: LendingPoolConfigurator(poolConfigurator).initReserve(aTokens[i],stables[i],variables[i],reserveDecimals[i],strategies[i]) (contracts/deployments/ATokensAndRatesHelper.sol#82-88)
ATokensAndRatesHelper.configureReserves(address[],uint256[],uint256[],uint256[],uint256[],bool[]) (contracts/deployments/ATokensAndRatesHelper.sol#92-121) has external calls inside a loop: configurator.configureReserveAsCollateral(assets[i],baseLTVs[i],liquidationThresholds[i],liquidationBonuses[i]) (contracts/deployments/ATokensAndRatesHelper.sol#108-113)
ATokensAndRatesHelper.configureReserves(address[],uint256[],uint256[],uint256[],uint256[],bool[]) (contracts/deployments/ATokensAndRatesHelper.sol#92-121) has external calls inside a loop: configurator.enableBorrowingOnReserve(assets[i],stableBorrowingEnabled[i]) (contracts/deployments/ATokensAndRatesHelper.sol#115-118)
ATokensAndRatesHelper.configureReserves(address[],uint256[],uint256[],uint256[],uint256[],bool[]) (contracts/deployments/ATokensAndRatesHelper.sol#92-121) has external calls inside a loop: configurator.setReserveFactor(assets[i],reserveFactors[i]) (contracts/deployments/ATokensAndRatesHelper.sol#119)
StableAndVariableTokensHelper.setOracleBorrowRates(address[],uint256[],address) (contracts/deployments/StableAndVariableTokensHelper.sol#52-63) has external calls inside a loop: LendingRateOracle(oracle).setMarketBorrowRate(assets[i],rates[i]) (contracts/deployments/StableAndVariableTokensHelper.sol#61)
AaveOracle.getAssetPrice(address) (contracts/misc/AaveOracle.sol#83-98) has external calls inside a loop: _fallbackOracle.getAssetPrice(asset) (contracts/misc/AaveOracle.sol#89)
AaveOracle.getAssetPrice(address) (contracts/misc/AaveOracle.sol#83-98) has external calls inside a loop: price = IChainlinkAggregator(source).latestAnswer() (contracts/misc/AaveOracle.sol#91)
AaveOracle.getAssetPrice(address) (contracts/misc/AaveOracle.sol#83-98) has external calls inside a loop: _fallbackOracle.getAssetPrice(asset) (contracts/misc/AaveOracle.sol#95)
AaveProtocolDataProvider.getAllReservesTokens() (contracts/misc/AaveProtocolDataProvider.sol#32-51) has external calls inside a loop: reservesTokens[i] = TokenData(IERC20Detailed(reserves[i]).symbol(),reserves[i]) (contracts/misc/AaveProtocolDataProvider.sol#45-48)
AaveProtocolDataProvider.getAllATokens() (contracts/misc/AaveProtocolDataProvider.sol#53-65) has external calls inside a loop: reserveData = pool.getReserveData(reserves[i]) (contracts/misc/AaveProtocolDataProvider.sol#58)
AaveProtocolDataProvider.getAllATokens() (contracts/misc/AaveProtocolDataProvider.sol#53-65) has external calls inside a loop: aTokens[i] = TokenData(IERC20Detailed(reserveData.aTokenAddress).symbol(),reserveData.aTokenAddress) (contracts/misc/AaveProtocolDataProvider.sol#59-62)
UiPoolDataProvider.getReservesData(ILendingPoolAddressesProvider,address) (contracts/misc/UiPoolDataProvider.sol#46-159) has external calls inside a loop: baseData = lendingPool.getReserveData(reserveData.underlyingAsset) (contracts/misc/UiPoolDataProvider.sol#70-71)
UiPoolDataProvider.getReservesData(ILendingPoolAddressesProvider,address) (contracts/misc/UiPoolDataProvider.sol#46-159) has external calls inside a loop: reserveData.priceInEth = oracle.getAssetPrice(reserveData.underlyingAsset) (contracts/misc/UiPoolDataProvider.sol#82)
UiPoolDataProvider.getReservesData(ILendingPoolAddressesProvider,address) (contracts/misc/UiPoolDataProvider.sol#46-159) has external calls inside a loop: reserveData.availableLiquidity = IERC20Detailed(reserveData.underlyingAsset).balanceOf(reserveData.aTokenAddress) (contracts/misc/UiPoolDataProvider.sol#84-86)
UiPoolDataProvider.getReservesData(ILendingPoolAddressesProvider,address) (contracts/misc/UiPoolDataProvider.sol#46-159) has external calls inside a loop: (reserveData.totalPrincipalStableDebt,None,reserveData.averageStableRate,reserveData.stableDebtLastUpdateTimestamp) = IStableDebtToken(reserveData.stableDebtTokenAddress).getSupplyData() (contracts/misc/UiPoolDataProvider.sol#87-92)
UiPoolDataProvider.getReservesData(ILendingPoolAddressesProvider,address) (contracts/misc/UiPoolDataProvider.sol#46-159) has external calls inside a loop: reserveData.totalScaledVariableDebt = IVariableDebtToken(reserveData.variableDebtTokenAddress).scaledTotalSupply() (contracts/misc/UiPoolDataProvider.sol#93-94)
UiPoolDataProvider.getReservesData(ILendingPoolAddressesProvider,address) (contracts/misc/UiPoolDataProvider.sol#46-159) has external calls inside a loop: reserveData.symbol = IERC20Detailed(reserveData.aTokenAddress).symbol() (contracts/misc/UiPoolDataProvider.sol#99)
UiPoolDataProvider.getInterestRateStrategySlopes(DefaultReserveInterestRateStrategy) (contracts/misc/UiPoolDataProvider.sol#28-44) has external calls inside a loop: (interestRateStrategy.variableRateSlope1(),interestRateStrategy.variableRateSlope2(),interestRateStrategy.stableRateSlope1(),interestRateStrategy.stableRateSlope2()) (contracts/misc/UiPoolDataProvider.sol#38-43)
UiPoolDataProvider.getReservesData(ILendingPoolAddressesProvider,address) (contracts/misc/UiPoolDataProvider.sol#46-159) has external calls inside a loop: userReservesData[i].scaledATokenBalance = IAToken(reserveData.aTokenAddress).scaledBalanceOf(user) (contracts/misc/UiPoolDataProvider.sol#128-129)
UiPoolDataProvider.getReservesData(ILendingPoolAddressesProvider,address) (contracts/misc/UiPoolDataProvider.sol#46-159) has external calls inside a loop: userReservesData[i].scaledVariableDebt = IVariableDebtToken(reserveData.variableDebtTokenAddress).scaledBalanceOf(user) (contracts/misc/UiPoolDataProvider.sol#133-137)
UiPoolDataProvider.getReservesData(ILendingPoolAddressesProvider,address) (contracts/misc/UiPoolDataProvider.sol#46-159) has external calls inside a loop: userReservesData[i].principalStableDebt = IStableDebtToken(reserveData.stableDebtTokenAddress).principalBalanceOf(user) (contracts/misc/UiPoolDataProvider.sol#138-142)
UiPoolDataProvider.getReservesData(ILendingPoolAddressesProvider,address) (contracts/misc/UiPoolDataProvider.sol#46-159) has external calls inside a loop: userReservesData[i].stableBorrowRate = IStableDebtToken(reserveData.stableDebtTokenAddress).getUserStableRate(user) (contracts/misc/UiPoolDataProvider.sol#144-148)
UiPoolDataProvider.getReservesData(ILendingPoolAddressesProvider,address) (contracts/misc/UiPoolDataProvider.sol#46-159) has external calls inside a loop: userReservesData[i].stableBorrowLastUpdateTimestamp = IStableDebtToken(reserveData.stableDebtTokenAddress).getUserLastUpdated(user) (contracts/misc/UiPoolDataProvider.sol#149-153)
WalletBalanceProvider.balanceOf(address,address) (contracts/misc/WalletBalanceProvider.sol#44-52) has external calls inside a loop: IERC20(token).balanceOf(user) (contracts/misc/WalletBalanceProvider.sol#49)
WalletBalanceProvider.getUserWalletBalances(address,address) (contracts/misc/WalletBalanceProvider.sol#79-109) has external calls inside a loop: configuration = pool.getConfiguration(reservesWithEth[j]) (contracts/misc/WalletBalanceProvider.sol#96)
MockFlashLoanReceiver.executeOperation(address[],uint256[],uint256[],address,bytes) (contracts/mocks/flashloan/MockFlashLoanReceiver.sol#46-84) has external calls inside a loop: require(bool,string)(amounts[i] <= IERC20(assets[i]).balanceOf(address(this)),Invalid balance for the contract) (contracts/mocks/flashloan/MockFlashLoanReceiver.sol#66-69)
MockFlashLoanReceiver.executeOperation(address[],uint256[],uint256[],address,bytes) (contracts/mocks/flashloan/MockFlashLoanReceiver.sol#46-84) has external calls inside a loop: token.mint(premiums[i]) (contracts/mocks/flashloan/MockFlashLoanReceiver.sol#76)
MockFlashLoanReceiver.executeOperation(address[],uint256[],uint256[],address,bytes) (contracts/mocks/flashloan/MockFlashLoanReceiver.sol#46-84) has external calls inside a loop: IERC20(assets[i]).approve(address(LENDING_POOL),amountToReturn) (contracts/mocks/flashloan/MockFlashLoanReceiver.sol#78)
LendingPool.flashLoan(address,address[],uint256[],uint256[],address,bytes,uint16) (contracts/protocol/lendingpool/LendingPool.sol#481-562) has external calls inside a loop: IAToken(aTokenAddresses[vars.i]).transferUnderlyingTo(receiverAddress,amounts[vars.i]) (contracts/protocol/lendingpool/LendingPool.sol#504)
LendingPool.flashLoan(address,address[],uint256[],uint256[],address,bytes,uint16) (contracts/protocol/lendingpool/LendingPool.sol#481-562) has external calls inside a loop: _reserves[vars.currentAsset].cumulateToLiquidityIndex(IERC20(vars.currentATokenAddress).totalSupply(),vars.currentPremium) (contracts/protocol/lendingpool/LendingPool.sol#521-524)
LendingPool._executeBorrow(LendingPool.ExecuteBorrowParams) (contracts/protocol/lendingpool/LendingPool.sol#832-907) has external calls inside a loop: oracle = _addressesProvider.getPriceOracle() (contracts/protocol/lendingpool/LendingPool.sol#836)
LendingPool._executeBorrow(LendingPool.ExecuteBorrowParams) (contracts/protocol/lendingpool/LendingPool.sol#832-907) has external calls inside a loop: amountInETH = IPriceOracleGetter(oracle).getAssetPrice(vars.asset).mul(vars.amount).div(10 ** reserve.configuration.getDecimals()) (contracts/protocol/lendingpool/LendingPool.sol#838-841)
LendingPool._executeBorrow(LendingPool.ExecuteBorrowParams) (contracts/protocol/lendingpool/LendingPool.sol#832-907) has external calls inside a loop: isFirstBorrowing = IStableDebtToken(reserve.stableDebtTokenAddress).mint(vars.user,vars.onBehalfOf,vars.amount,currentStableRate) (contracts/protocol/lendingpool/LendingPool.sol#866-871)
LendingPool._executeBorrow(LendingPool.ExecuteBorrowParams) (contracts/protocol/lendingpool/LendingPool.sol#832-907) has external calls inside a loop: IAToken(vars.aTokenAddress).transferUnderlyingTo(vars.user,vars.amount) (contracts/protocol/lendingpool/LendingPool.sol#893)
LendingPool._executeBorrow(LendingPool.ExecuteBorrowParams) (contracts/protocol/lendingpool/LendingPool.sol#832-907) has external calls inside a loop: isFirstBorrowing = IVariableDebtToken(reserve.variableDebtTokenAddress).mint(vars.user,vars.onBehalfOf,vars.amount,reserve.variableBorrowIndex) (contracts/protocol/lendingpool/LendingPool.sol#873-878)
GenericLogic.calculateUserAccountData(address,mapping(address => DataTypes.ReserveData),DataTypes.UserConfigurationMap,mapping(uint256 => address),uint256,address) (contracts/protocol/libraries/logic/GenericLogic.sol#150-235) has external calls inside a loop: vars.reserveUnitPrice = IPriceOracleGetter(oracle).getAssetPrice(vars.currentReserveAddress) (contracts/protocol/libraries/logic/GenericLogic.sol#186)
ValidationLogic.validateBorrow(address,DataTypes.ReserveData,address,uint256,uint256,uint256,uint256,mapping(address => DataTypes.ReserveData),DataTypes.UserConfigurationMap,mapping(uint256 => address),uint256,address) (contracts/protocol/libraries/logic/ValidationLogic.sol#120-213) has external calls inside a loop: require(bool,string)(! userConfig.isUsingAsCollateral(reserve.id) || reserve.configuration.getLtv() == 0 || amount > IERC20(reserve.aTokenAddress).balanceOf(userAddress),Errors.VL_COLLATERAL_SAME_AS_BORROWING_CURRENCY) (contracts/protocol/libraries/logic/ValidationLogic.sol#198-203)
ValidationLogic.validateBorrow(address,DataTypes.ReserveData,address,uint256,uint256,uint256,uint256,mapping(address => DataTypes.ReserveData),DataTypes.UserConfigurationMap,mapping(uint256 => address),uint256,address) (contracts/protocol/libraries/logic/ValidationLogic.sol#120-213) has external calls inside a loop: vars.availableLiquidity = IERC20(asset).balanceOf(reserve.aTokenAddress) (contracts/protocol/libraries/logic/ValidationLogic.sol#205)
GenericLogic.calculateUserAccountData(address,mapping(address => DataTypes.ReserveData),DataTypes.UserConfigurationMap,mapping(uint256 => address),uint256,address) (contracts/protocol/libraries/logic/GenericLogic.sol#150-235) has external calls inside a loop: vars.compoundedLiquidityBalance = IERC20(currentReserve.aTokenAddress).balanceOf(user) (contracts/protocol/libraries/logic/GenericLogic.sol#189)
ReserveLogic.updateInterestRates(DataTypes.ReserveData,address,address,uint256,uint256) (contracts/protocol/libraries/logic/ReserveLogic.sol#198-249) has external calls inside a loop: (vars.totalStableDebt,vars.avgStableRate) = IStableDebtToken(vars.stableDebtTokenAddress).getTotalSupplyAndAvgRate() (contracts/protocol/libraries/logic/ReserveLogic.sol#209-210)
ReserveLogic.updateInterestRates(DataTypes.ReserveData,address,address,uint256,uint256) (contracts/protocol/libraries/logic/ReserveLogic.sol#198-249) has external calls inside a loop: vars.totalVariableDebt = IVariableDebtToken(reserve.variableDebtTokenAddress).scaledTotalSupply().rayMul(reserve.variableBorrowIndex) (contracts/protocol/libraries/logic/ReserveLogic.sol#215-217)
GenericLogic.calculateUserAccountData(address,mapping(address => DataTypes.ReserveData),DataTypes.UserConfigurationMap,mapping(uint256 => address),uint256,address) (contracts/protocol/libraries/logic/GenericLogic.sol#150-235) has external calls inside a loop: vars.compoundedBorrowBalance = IERC20(currentReserve.stableDebtTokenAddress).balanceOf(user) (contracts/protocol/libraries/logic/GenericLogic.sol#203-205)
ReserveLogic.updateInterestRates(DataTypes.ReserveData,address,address,uint256,uint256) (contracts/protocol/libraries/logic/ReserveLogic.sol#198-249) has external calls inside a loop: vars.availableLiquidity = IERC20(reserveAddress).balanceOf(aTokenAddress) (contracts/protocol/libraries/logic/ReserveLogic.sol#219)
GenericLogic.calculateUserAccountData(address,mapping(address => DataTypes.ReserveData),DataTypes.UserConfigurationMap,mapping(uint256 => address),uint256,address) (contracts/protocol/libraries/logic/GenericLogic.sol#150-235) has external calls inside a loop: vars.compoundedBorrowBalance = vars.compoundedBorrowBalance.add(IERC20(currentReserve.variableDebtTokenAddress).balanceOf(user)) (contracts/protocol/libraries/logic/GenericLogic.sol#206-208)
ReserveLogic._mintToTreasury(DataTypes.ReserveData,uint256,uint256,uint256,uint256,uint40) (contracts/protocol/libraries/logic/ReserveLogic.sol#274-325) has external calls inside a loop: (vars.principalStableDebt,vars.currentStableDebt,vars.avgStableRate,vars.stableSupplyUpdatedTimestamp) = IStableDebtToken(reserve.stableDebtTokenAddress).getSupplyData() (contracts/protocol/libraries/logic/ReserveLogic.sol#291-296)
ReserveLogic.updateInterestRates(DataTypes.ReserveData,address,address,uint256,uint256) (contracts/protocol/libraries/logic/ReserveLogic.sol#198-249) has external calls inside a loop: (vars.newLiquidityRate,vars.newStableRate,vars.newVariableRate) = IReserveInterestRateStrategy(reserve.interestRateStrategyAddress).calculateInterestRates(reserveAddress,vars.availableLiquidity.add(liquidityAdded).sub(liquidityTaken),vars.totalStableDebt,vars.totalVariableDebt,vars.avgStableRate,reserve.configuration.getReserveFactor()) (contracts/protocol/libraries/logic/ReserveLogic.sol#221-232)
ReserveLogic.updateState(DataTypes.ReserveData) (contracts/protocol/libraries/logic/ReserveLogic.sol#110-134) has external calls inside a loop: scaledVariableDebt = IVariableDebtToken(reserve.variableDebtTokenAddress).scaledTotalSupply() (contracts/protocol/libraries/logic/ReserveLogic.sol#111-112)
ReserveLogic._mintToTreasury(DataTypes.ReserveData,uint256,uint256,uint256,uint256,uint40) (contracts/protocol/libraries/logic/ReserveLogic.sol#274-325) has external calls inside a loop: IAToken(reserve.aTokenAddress).mintToTreasury(vars.amountToMint,newLiquidityIndex) (contracts/protocol/libraries/logic/ReserveLogic.sol#323)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation/#calls-inside-a-loop
Reentrancy in IncentivizedERC20.transferFrom(address,address,uint256) (contracts/protocol/tokenization/IncentivizedERC20.sol#120-133):
External calls:
- _transfer(sender,recipient,amount) (contracts/protocol/tokenization/IncentivizedERC20.sol#125)
- _incentivesController.handleAction(sender,currentTotalSupply,oldSenderBalance) (contracts/protocol/tokenization/IncentivizedERC20.sol#185)
- _incentivesController.handleAction(recipient,currentTotalSupply,oldRecipientBalance) (contracts/protocol/tokenization/IncentivizedERC20.sol#187)
State variables written after the call(s):
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (contracts/protocol/tokenization/IncentivizedERC20.sol#126-130)
- _allowances[owner][spender] = amount (contracts/protocol/tokenization/IncentivizedERC20.sol#232)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-2
Reentrancy in LendingPool._executeBorrow(LendingPool.ExecuteBorrowParams) (contracts/protocol/lendingpool/LendingPool.sol#832-907):
External calls:
- reserve.updateState() (contracts/protocol/lendingpool/LendingPool.sol#858)
- isFirstBorrowing = IStableDebtToken(reserve.stableDebtTokenAddress).mint(vars.user,vars.onBehalfOf,vars.amount,currentStableRate) (contracts/protocol/lendingpool/LendingPool.sol#866-871)
- isFirstBorrowing = IVariableDebtToken(reserve.variableDebtTokenAddress).mint(vars.user,vars.onBehalfOf,vars.amount,reserve.variableBorrowIndex) (contracts/protocol/lendingpool/LendingPool.sol#873-878)
- IAToken(vars.aTokenAddress).transferUnderlyingTo(vars.user,vars.amount) (contracts/protocol/lendingpool/LendingPool.sol#893)
Event emitted after the call(s):
- Borrow(vars.asset,vars.user,vars.onBehalfOf,vars.amount,vars.interestRateMode,currentStableRate,vars.referralCode) (contracts/protocol/lendingpool/LendingPool.sol#896-906)
- Borrow(vars.asset,vars.user,vars.onBehalfOf,vars.amount,vars.interestRateMode,reserve.currentVariableBorrowRate,vars.referralCode) (contracts/protocol/lendingpool/LendingPool.sol#896-906)
Reentrancy in AToken._transfer(address,address,uint256,bool) (contracts/protocol/tokenization/AToken.sol#302-327):
External calls:
- super._transfer(from,to,amount.rayDiv(index)) (contracts/protocol/tokenization/AToken.sol#313)
- _incentivesController.handleAction(sender,currentTotalSupply,oldSenderBalance) (contracts/protocol/tokenization/IncentivizedERC20.sol#185)
- _incentivesController.handleAction(recipient,currentTotalSupply,oldRecipientBalance) (contracts/protocol/tokenization/IncentivizedERC20.sol#187)
- POOL.finalizeTransfer(UNDERLYING_ASSET_ADDRESS,from,to,amount,fromBalanceBefore,toBalanceBefore) (contracts/protocol/tokenization/AToken.sol#316-323)
Event emitted after the call(s):
- BalanceTransfer(from,to,amount,index) (contracts/protocol/tokenization/AToken.sol#326)
Reentrancy in LendingPoolAddressesProvider._updateImpl(bytes32,address) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#194-209):
External calls:
- proxy.initialize(newAddress,params) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#203)
Event emitted after the call(s):
- ProxyCreated(id,address(proxy)) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#205)
Reentrancy in LendingPoolConfigurator.activateReserve(address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#421-429):
External calls:
- pool.setConfiguration(asset,currentConfig.data) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#426)
Event emitted after the call(s):
- ReserveActivated(asset) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#428)
Reentrancy in AToken.burn(address,address,uint256,uint256) (contracts/protocol/tokenization/AToken.sol#96-110):
External calls:
- _burn(user,amountScaled) (contracts/protocol/tokenization/AToken.sol#104)
- _incentivesController.handleAction(account,oldTotalSupply,oldAccountBalance) (contracts/protocol/tokenization/IncentivizedERC20.sol#220)
- IERC20(UNDERLYING_ASSET_ADDRESS).safeTransfer(receiverOfUnderlying,amount) (contracts/protocol/tokenization/AToken.sol#106)
Event emitted after the call(s):
- Burn(user,receiverOfUnderlying,amount,index) (contracts/protocol/tokenization/AToken.sol#109)
- Transfer(user,address(0),amount) (contracts/protocol/tokenization/AToken.sol#108)
Reentrancy in StableDebtToken.burn(address,uint256) (contracts/protocol/tokenization/StableDebtToken.sol#162-222):
External calls:
- _mint(user,amountToMint,previousSupply) (contracts/protocol/tokenization/StableDebtToken.sol#204)
- _incentivesController.handleAction(account,oldTotalSupply,oldAccountBalance) (contracts/protocol/tokenization/StableDebtToken.sol#336)
Event emitted after the call(s):
- Mint(user,user,amountToMint,currentBalance,balanceIncrease,userStableRate,newAvgStableRate,nextSupply) (contracts/protocol/tokenization/StableDebtToken.sol#205-214)
Reentrancy in StableDebtToken.burn(address,uint256) (contracts/protocol/tokenization/StableDebtToken.sol#162-222):
External calls:
- _burn(user,amountToBurn,previousSupply) (contracts/protocol/tokenization/StableDebtToken.sol#217)
- _incentivesController.handleAction(account,oldTotalSupply,oldAccountBalance) (contracts/protocol/tokenization/StableDebtToken.sol#355)
Event emitted after the call(s):
- Burn(user,amountToBurn,currentBalance,balanceIncrease,newAvgStableRate,nextSupply) (contracts/protocol/tokenization/StableDebtToken.sol#218)
Reentrancy in StableDebtToken.burn(address,uint256) (contracts/protocol/tokenization/StableDebtToken.sol#162-222):
External calls:
- _mint(user,amountToMint,previousSupply) (contracts/protocol/tokenization/StableDebtToken.sol#204)
- _incentivesController.handleAction(account,oldTotalSupply,oldAccountBalance) (contracts/protocol/tokenization/StableDebtToken.sol#336)
- _burn(user,amountToBurn,previousSupply) (contracts/protocol/tokenization/StableDebtToken.sol#217)
- _incentivesController.handleAction(account,oldTotalSupply,oldAccountBalance) (contracts/protocol/tokenization/StableDebtToken.sol#355)
Event emitted after the call(s):
- Transfer(user,address(0),amount) (contracts/protocol/tokenization/StableDebtToken.sol#221)
Reentrancy in VariableDebtToken.burn(address,uint256,uint256) (contracts/protocol/tokenization/VariableDebtToken.sol#89-101):
External calls:
- _burn(user,amountScaled) (contracts/protocol/tokenization/VariableDebtToken.sol#97)
- _incentivesController.handleAction(account,oldTotalSupply,oldAccountBalance) (contracts/protocol/tokenization/IncentivizedERC20.sol#220)
Event emitted after the call(s):
- Burn(user,amount,index) (contracts/protocol/tokenization/VariableDebtToken.sol#100)
- Transfer(user,address(0),amount) (contracts/protocol/tokenization/VariableDebtToken.sol#99)
Reentrancy in LendingPoolConfigurator.configureReserveAsCollateral(address,uint256,uint256,uint256) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#345-387):
External calls:
- pool.setConfiguration(asset,currentConfig.data) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#384)
Event emitted after the call(s):
- CollateralConfigurationChanged(asset,ltv,liquidationThreshold,liquidationBonus) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#386)
Reentrancy in LendingPoolConfigurator.deactivateReserve(address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#435-445):
External calls:
- pool.setConfiguration(asset,currentConfig.data) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#442)
Event emitted after the call(s):
- ReserveDeactivated(asset) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#444)
Reentrancy in LendingPool.deposit(address,uint256,address,uint16) (contracts/protocol/lendingpool/LendingPool.sol#105-130):
External calls:
- reserve.updateState() (contracts/protocol/lendingpool/LendingPool.sol#117)
- IERC20(asset).safeTransferFrom(msg.sender,aToken,amount) (contracts/protocol/lendingpool/LendingPool.sol#120)
- isFirstDeposit = IAToken(aToken).mint(onBehalfOf,amount,reserve.liquidityIndex) (contracts/protocol/lendingpool/LendingPool.sol#122)
Event emitted after the call(s):
- Deposit(asset,msg.sender,onBehalfOf,amount,referralCode) (contracts/protocol/lendingpool/LendingPool.sol#129)
- ReserveUsedAsCollateralEnabled(asset,onBehalfOf) (contracts/protocol/lendingpool/LendingPool.sol#126)
Reentrancy in LendingPoolConfigurator.disableBorrowingOnReserve(address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#327-334):
External calls:
- pool.setConfiguration(asset,currentConfig.data) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#332)
Event emitted after the call(s):
- BorrowingDisabledOnReserve(asset) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#333)
Reentrancy in LendingPoolConfigurator.disableReserveStableRate(address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#407-415):
External calls:
- pool.setConfiguration(asset,currentConfig.data) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#412)
Event emitted after the call(s):
- StableRateDisabledOnReserve(asset) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#414)
Reentrancy in LendingPoolConfigurator.enableBorrowingOnReserve(address,bool) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#309-321):
External calls:
- pool.setConfiguration(asset,currentConfig.data) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#318)
Event emitted after the call(s):
- BorrowingEnabledOnReserve(asset,stableBorrowRateEnabled) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#320)
Reentrancy in LendingPoolConfigurator.enableReserveStableRate(address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#393-401):
External calls:
- pool.setConfiguration(asset,currentConfig.data) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#398)
Event emitted after the call(s):
- StableRateEnabledOnReserve(asset) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#400)
Reentrancy in LendingPool.flashLoan(address,address[],uint256[],uint256[],address,bytes,uint16) (contracts/protocol/lendingpool/LendingPool.sol#481-562):
External calls:
- require(bool,string)(vars.receiver.executeOperation(assets,amounts,premiums,msg.sender,params),Errors.LP_INVALID_FLASH_LOAN_EXECUTOR_RETURN) (contracts/protocol/lendingpool/LendingPool.sol#507-510)
- _executeBorrow(ExecuteBorrowParams(vars.currentAsset,msg.sender,onBehalfOf,vars.currentAmount,modes[vars.i],vars.currentATokenAddress,referralCode,false)) (contracts/protocol/lendingpool/LendingPool.sol#540-551)
- reserve.updateState() (contracts/protocol/lendingpool/LendingPool.sol#858)
- isFirstBorrowing = IStableDebtToken(reserve.stableDebtTokenAddress).mint(vars.user,vars.onBehalfOf,vars.amount,currentStableRate) (contracts/protocol/lendingpool/LendingPool.sol#866-871)
- isFirstBorrowing = IVariableDebtToken(reserve.variableDebtTokenAddress).mint(vars.user,vars.onBehalfOf,vars.amount,reserve.variableBorrowIndex) (contracts/protocol/lendingpool/LendingPool.sol#873-878)
- IAToken(reserve.aTokenAddress).mintToTreasury(vars.amountToMint,newLiquidityIndex) (contracts/protocol/libraries/logic/ReserveLogic.sol#323)
- IAToken(vars.aTokenAddress).transferUnderlyingTo(vars.user,vars.amount) (contracts/protocol/lendingpool/LendingPool.sol#893)
Event emitted after the call(s):
- Borrow(vars.asset,vars.user,vars.onBehalfOf,vars.amount,vars.interestRateMode,currentStableRate,vars.referralCode) (contracts/protocol/lendingpool/LendingPool.sol#896-906)
- _executeBorrow(ExecuteBorrowParams(vars.currentAsset,msg.sender,onBehalfOf,vars.currentAmount,modes[vars.i],vars.currentATokenAddress,referralCode,false)) (contracts/protocol/lendingpool/LendingPool.sol#540-551)
- Borrow(vars.asset,vars.user,vars.onBehalfOf,vars.amount,vars.interestRateMode,reserve.currentVariableBorrowRate,vars.referralCode) (contracts/protocol/lendingpool/LendingPool.sol#896-906)
- _executeBorrow(ExecuteBorrowParams(vars.currentAsset,msg.sender,onBehalfOf,vars.currentAmount,modes[vars.i],vars.currentATokenAddress,referralCode,false)) (contracts/protocol/lendingpool/LendingPool.sol#540-551)
- ReserveDataUpdated(reserveAddress,vars.newLiquidityRate,vars.newStableRate,vars.newVariableRate,reserve.liquidityIndex,reserve.variableBorrowIndex) (contracts/protocol/libraries/logic/ReserveLogic.sol#241-248)
- _executeBorrow(ExecuteBorrowParams(vars.currentAsset,msg.sender,onBehalfOf,vars.currentAmount,modes[vars.i],vars.currentATokenAddress,referralCode,false)) (contracts/protocol/lendingpool/LendingPool.sol#540-551)
Reentrancy in LendingPool.flashLoan(address,address[],uint256[],uint256[],address,bytes,uint16) (contracts/protocol/lendingpool/LendingPool.sol#481-562):
External calls:
- require(bool,string)(vars.receiver.executeOperation(assets,amounts,premiums,msg.sender,params),Errors.LP_INVALID_FLASH_LOAN_EXECUTOR_RETURN) (contracts/protocol/lendingpool/LendingPool.sol#507-510)
- _reserves[vars.currentAsset].updateState() (contracts/protocol/lendingpool/LendingPool.sol#520)
- IERC20(vars.currentAsset).safeTransferFrom(receiverAddress,vars.currentATokenAddress,vars.currentAmountPlusPremium) (contracts/protocol/lendingpool/LendingPool.sol#532-536)
- _executeBorrow(ExecuteBorrowParams(vars.currentAsset,msg.sender,onBehalfOf,vars.currentAmount,modes[vars.i],vars.currentATokenAddress,referralCode,false)) (contracts/protocol/lendingpool/LendingPool.sol#540-551)
- reserve.updateState() (contracts/protocol/lendingpool/LendingPool.sol#858)
- isFirstBorrowing = IStableDebtToken(reserve.stableDebtTokenAddress).mint(vars.user,vars.onBehalfOf,vars.amount,currentStableRate) (contracts/protocol/lendingpool/LendingPool.sol#866-871)
- isFirstBorrowing = IVariableDebtToken(reserve.variableDebtTokenAddress).mint(vars.user,vars.onBehalfOf,vars.amount,reserve.variableBorrowIndex) (contracts/protocol/lendingpool/LendingPool.sol#873-878)
- IAToken(reserve.aTokenAddress).mintToTreasury(vars.amountToMint,newLiquidityIndex) (contracts/protocol/libraries/logic/ReserveLogic.sol#323)
- IAToken(vars.aTokenAddress).transferUnderlyingTo(vars.user,vars.amount) (contracts/protocol/lendingpool/LendingPool.sol#893)
Event emitted after the call(s):
- FlashLoan(receiverAddress,msg.sender,vars.currentAsset,vars.currentAmount,vars.currentPremium,referralCode) (contracts/protocol/lendingpool/LendingPool.sol#553-560)
Reentrancy in LendingPoolConfigurator.freezeReserve(address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#452-460):
External calls:
- pool.setConfiguration(asset,currentConfig.data) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#457)
Event emitted after the call(s):
- ReserveFrozen(asset) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#459)
Reentrancy in LendingPoolConfigurator.initReserve(address,address,address,uint8,address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#201-263):
External calls:
- aTokenProxyAddress = _initTokenWithProxy(aTokenImpl,underlyingAssetDecimals) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#231)
- proxy.initialize(implementation,params) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#524)
- stableDebtTokenProxyAddress = _initTokenWithProxy(stableDebtTokenImpl,underlyingAssetDecimals) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#233-234)
- proxy.initialize(implementation,params) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#524)
- variableDebtTokenProxyAddress = _initTokenWithProxy(variableDebtTokenImpl,underlyingAssetDecimals) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#236-237)
- proxy.initialize(implementation,params) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#524)
- pool.initReserve(asset,aTokenProxyAddress,stableDebtTokenProxyAddress,variableDebtTokenProxyAddress,interestRateStrategyAddress) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#239-245)
- pool.setConfiguration(asset,currentConfig.data) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#254)
Event emitted after the call(s):
- ReserveInitialized(asset,aTokenProxyAddress,stableDebtTokenProxyAddress,variableDebtTokenProxyAddress,interestRateStrategyAddress) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#256-262)
Reentrancy in LendingPoolCollateralManager.liquidationCall(address,address,address,uint256,bool) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#81-245):
External calls:
- debtReserve.updateState() (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#163)
- IVariableDebtToken(debtReserve.variableDebtTokenAddress).burn(user,vars.actualDebtToLiquidate,debtReserve.variableBorrowIndex) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#166-170)
- IVariableDebtToken(debtReserve.variableDebtTokenAddress).burn(user,vars.userVariableDebt,debtReserve.variableBorrowIndex) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#174-178)
- IStableDebtToken(debtReserve.stableDebtTokenAddress).burn(user,vars.actualDebtToLiquidate.sub(vars.userVariableDebt)) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#180-183)
- vars.collateralAtoken.transferOnLiquidation(user,msg.sender,vars.maxCollateralToLiquidate) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#195)
Event emitted after the call(s):
- ReserveUsedAsCollateralEnabled(collateralAsset,msg.sender) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#200)
Reentrancy in LendingPoolCollateralManager.liquidationCall(address,address,address,uint256,bool) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#81-245):
External calls:
- debtReserve.updateState() (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#163)
- IVariableDebtToken(debtReserve.variableDebtTokenAddress).burn(user,vars.actualDebtToLiquidate,debtReserve.variableBorrowIndex) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#166-170)
- IVariableDebtToken(debtReserve.variableDebtTokenAddress).burn(user,vars.userVariableDebt,debtReserve.variableBorrowIndex) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#174-178)
- IStableDebtToken(debtReserve.stableDebtTokenAddress).burn(user,vars.actualDebtToLiquidate.sub(vars.userVariableDebt)) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#180-183)
- vars.collateralAtoken.transferOnLiquidation(user,msg.sender,vars.maxCollateralToLiquidate) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#195)
- collateralReserve.updateState() (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#203)
- vars.collateralAtoken.burn(user,msg.sender,vars.maxCollateralToLiquidate,collateralReserve.liquidityIndex) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#212-217)
Event emitted after the call(s):
- ReserveUsedAsCollateralDisabled(collateralAsset,user) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#224)
Reentrancy in LendingPoolCollateralManager.liquidationCall(address,address,address,uint256,bool) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#81-245):
External calls:
- debtReserve.updateState() (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#163)
- IVariableDebtToken(debtReserve.variableDebtTokenAddress).burn(user,vars.actualDebtToLiquidate,debtReserve.variableBorrowIndex) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#166-170)
- IVariableDebtToken(debtReserve.variableDebtTokenAddress).burn(user,vars.userVariableDebt,debtReserve.variableBorrowIndex) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#174-178)
- IStableDebtToken(debtReserve.stableDebtTokenAddress).burn(user,vars.actualDebtToLiquidate.sub(vars.userVariableDebt)) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#180-183)
- vars.collateralAtoken.transferOnLiquidation(user,msg.sender,vars.maxCollateralToLiquidate) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#195)
- collateralReserve.updateState() (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#203)
- vars.collateralAtoken.burn(user,msg.sender,vars.maxCollateralToLiquidate,collateralReserve.liquidityIndex) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#212-217)
- IERC20(debtAsset).safeTransferFrom(msg.sender,debtReserve.aTokenAddress,vars.actualDebtToLiquidate) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#228-232)
Event emitted after the call(s):
- LiquidationCall(collateralAsset,debtAsset,user,vars.actualDebtToLiquidate,vars.maxCollateralToLiquidate,msg.sender,receiveAToken) (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#234-242)
Reentrancy in AToken.mint(address,uint256,uint256) (contracts/protocol/tokenization/AToken.sol#120-135):
External calls:
- _mint(user,amountScaled) (contracts/protocol/tokenization/AToken.sol#129)
- _incentivesController.handleAction(account,oldTotalSupply,oldAccountBalance) (contracts/protocol/tokenization/IncentivizedERC20.sol#204)
Event emitted after the call(s):
- Mint(user,amount,index) (contracts/protocol/tokenization/AToken.sol#132)
- Transfer(address(0),user,amount) (contracts/protocol/tokenization/AToken.sol#131)
Reentrancy in StableDebtToken.mint(address,address,uint256,uint256) (contracts/protocol/tokenization/StableDebtToken.sol#101-155):
External calls:
- _mint(onBehalfOf,amount.add(balanceIncrease),vars.previousSupply) (contracts/protocol/tokenization/StableDebtToken.sol#139)
- _incentivesController.handleAction(account,oldTotalSupply,oldAccountBalance) (contracts/protocol/tokenization/StableDebtToken.sol#336)
Event emitted after the call(s):
- Mint(user,onBehalfOf,amount,currentBalance,balanceIncrease,vars.newStableRate,vars.currentAvgStableRate,vars.nextSupply) (contracts/protocol/tokenization/StableDebtToken.sol#143-152)
- Transfer(address(0),onBehalfOf,amount) (contracts/protocol/tokenization/StableDebtToken.sol#141)
Reentrancy in VariableDebtToken.mint(address,address,uint256,uint256) (contracts/protocol/tokenization/VariableDebtToken.sol#60-80):
External calls:
- _mint(onBehalfOf,amountScaled) (contracts/protocol/tokenization/VariableDebtToken.sol#74)
- _incentivesController.handleAction(account,oldTotalSupply,oldAccountBalance) (contracts/protocol/tokenization/IncentivizedERC20.sol#204)
Event emitted after the call(s):
- Mint(user,onBehalfOf,amount,index) (contracts/protocol/tokenization/VariableDebtToken.sol#77)
- Transfer(address(0),onBehalfOf,amount) (contracts/protocol/tokenization/VariableDebtToken.sol#76)
Reentrancy in AToken.mintToTreasury(uint256,uint256) (contracts/protocol/tokenization/AToken.sol#143-156):
External calls:
- _mint(RESERVE_TREASURY_ADDRESS,amount.rayDiv(index)) (contracts/protocol/tokenization/AToken.sol#152)
- _incentivesController.handleAction(account,oldTotalSupply,oldAccountBalance) (contracts/protocol/tokenization/IncentivizedERC20.sol#204)
Event emitted after the call(s):
- Mint(RESERVE_TREASURY_ADDRESS,amount,index) (contracts/protocol/tokenization/AToken.sol#155)
- Transfer(address(0),RESERVE_TREASURY_ADDRESS,amount) (contracts/protocol/tokenization/AToken.sol#154)
Reentrancy in LendingPool.rebalanceStableBorrowRate(address,address) (contracts/protocol/lendingpool/LendingPool.sol#349-379):
External calls:
- reserve.updateState() (contracts/protocol/lendingpool/LendingPool.sol#366)
- IStableDebtToken(address(stableDebtToken)).burn(user,stableDebt) (contracts/protocol/lendingpool/LendingPool.sol#368)
- IStableDebtToken(address(stableDebtToken)).mint(user,user,stableDebt,reserve.currentStableBorrowRate) (contracts/protocol/lendingpool/LendingPool.sol#369-374)
Event emitted after the call(s):
- RebalanceStableBorrowRate(asset,user) (contracts/protocol/lendingpool/LendingPool.sol#378)
Reentrancy in LendingPool.repay(address,uint256,uint256,address) (contracts/protocol/lendingpool/LendingPool.sol#237-289):
External calls:
- reserve.updateState() (contracts/protocol/lendingpool/LendingPool.sol#265)
- IStableDebtToken(reserve.stableDebtTokenAddress).burn(onBehalfOf,paybackAmount) (contracts/protocol/lendingpool/LendingPool.sol#268)
- IVariableDebtToken(reserve.variableDebtTokenAddress).burn(onBehalfOf,paybackAmount,reserve.variableBorrowIndex) (contracts/protocol/lendingpool/LendingPool.sol#270-274)
- IERC20(asset).safeTransferFrom(msg.sender,aToken,paybackAmount) (contracts/protocol/lendingpool/LendingPool.sol#284)
Event emitted after the call(s):
- Repay(asset,onBehalfOf,msg.sender,paybackAmount) (contracts/protocol/lendingpool/LendingPool.sol#286)
Reentrancy in LendingPoolAddressesProvider.setAddressAsProxy(bytes32,address) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#60-67):
External calls:
- _updateImpl(id,implementationAddress) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#65)
- proxy.initialize(newAddress,params) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#203)
- proxy.upgradeToAndCall(newAddress,params) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#207)
Event emitted after the call(s):
- AddressSet(id,implementationAddress,true) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#66)
Reentrancy in LendingPoolAddressesProvider.setLendingPoolConfiguratorImpl(address) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#119-122):
External calls:
- _updateImpl(LENDING_POOL_CONFIGURATOR,configurator) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#120)
- proxy.initialize(newAddress,params) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#203)
- proxy.upgradeToAndCall(newAddress,params) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#207)
Event emitted after the call(s):
- LendingPoolConfiguratorUpdated(configurator) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#121)
Reentrancy in LendingPoolAddressesProvider.setLendingPoolImpl(address) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#101-104):
External calls:
- _updateImpl(LENDING_POOL,pool) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#102)
- proxy.initialize(newAddress,params) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#203)
- proxy.upgradeToAndCall(newAddress,params) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#207)
Event emitted after the call(s):
- LendingPoolUpdated(pool) (contracts/protocol/configuration/LendingPoolAddressesProvider.sol#103)
Reentrancy in LendingPoolConfigurator.setReserveFactor(address,uint256) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#481-489):
External calls:
- pool.setConfiguration(asset,currentConfig.data) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#486)
Event emitted after the call(s):
- ReserveFactorChanged(asset,reserveFactor) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#488)
Reentrancy in LendingPoolConfigurator.setReserveInterestRateStrategyAddress(address,address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#496-502):
External calls:
- pool.setReserveInterestRateStrategyAddress(asset,rateStrategyAddress) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#500)
Event emitted after the call(s):
- ReserveInterestRateStrategyChanged(asset,rateStrategyAddress) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#501)
Reentrancy in LendingPool.swapBorrowRateMode(address,uint256) (contracts/protocol/lendingpool/LendingPool.sol#296-338):
External calls:
- reserve.updateState() (contracts/protocol/lendingpool/LendingPool.sol#311)
- IStableDebtToken(reserve.stableDebtTokenAddress).burn(msg.sender,stableDebt) (contracts/protocol/lendingpool/LendingPool.sol#314)
- IVariableDebtToken(reserve.variableDebtTokenAddress).mint(msg.sender,msg.sender,stableDebt,reserve.variableBorrowIndex) (contracts/protocol/lendingpool/LendingPool.sol#315-320)
- IVariableDebtToken(reserve.variableDebtTokenAddress).burn(msg.sender,variableDebt,reserve.variableBorrowIndex) (contracts/protocol/lendingpool/LendingPool.sol#322-326)
- IStableDebtToken(reserve.stableDebtTokenAddress).mint(msg.sender,msg.sender,variableDebt,reserve.currentStableBorrowRate) (contracts/protocol/lendingpool/LendingPool.sol#327-332)
Event emitted after the call(s):
- Swap(asset,msg.sender,rateMode) (contracts/protocol/lendingpool/LendingPool.sol#337)
Reentrancy in IncentivizedERC20.transfer(address,uint256) (contracts/protocol/tokenization/IncentivizedERC20.sol#81-85):
External calls:
- _transfer(_msgSender(),recipient,amount) (contracts/protocol/tokenization/IncentivizedERC20.sol#82)
- _incentivesController.handleAction(sender,currentTotalSupply,oldSenderBalance) (contracts/protocol/tokenization/IncentivizedERC20.sol#185)
- _incentivesController.handleAction(recipient,currentTotalSupply,oldRecipientBalance) (contracts/protocol/tokenization/IncentivizedERC20.sol#187)
Event emitted after the call(s):
- Transfer(_msgSender(),recipient,amount) (contracts/protocol/tokenization/IncentivizedERC20.sol#83)
Reentrancy in IncentivizedERC20.transferFrom(address,address,uint256) (contracts/protocol/tokenization/IncentivizedERC20.sol#120-133):
External calls:
- _transfer(sender,recipient,amount) (contracts/protocol/tokenization/IncentivizedERC20.sol#125)
- _incentivesController.handleAction(sender,currentTotalSupply,oldSenderBalance) (contracts/protocol/tokenization/IncentivizedERC20.sol#185)
- _incentivesController.handleAction(recipient,currentTotalSupply,oldRecipientBalance) (contracts/protocol/tokenization/IncentivizedERC20.sol#187)
Event emitted after the call(s):
- Approval(owner,spender,amount) (contracts/protocol/tokenization/IncentivizedERC20.sol#233)
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (contracts/protocol/tokenization/IncentivizedERC20.sol#126-130)
- Transfer(sender,recipient,amount) (contracts/protocol/tokenization/IncentivizedERC20.sol#131)
Reentrancy in AToken.transferOnLiquidation(address,address,uint256) (contracts/protocol/tokenization/AToken.sol#165-175):
External calls:
- _transfer(from,to,value,false) (contracts/protocol/tokenization/AToken.sol#172)
- POOL.finalizeTransfer(UNDERLYING_ASSET_ADDRESS,from,to,amount,fromBalanceBefore,toBalanceBefore) (contracts/protocol/tokenization/AToken.sol#316-323)
- _incentivesController.handleAction(sender,currentTotalSupply,oldSenderBalance) (contracts/protocol/tokenization/IncentivizedERC20.sol#185)
- _incentivesController.handleAction(recipient,currentTotalSupply,oldRecipientBalance) (contracts/protocol/tokenization/IncentivizedERC20.sol#187)
Event emitted after the call(s):
- Transfer(from,to,value) (contracts/protocol/tokenization/AToken.sol#174)
Reentrancy in LendingPoolConfigurator.unfreezeReserve(address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#466-474):
External calls:
- pool.setConfiguration(asset,currentConfig.data) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#471)
Event emitted after the call(s):
- ReserveUnfrozen(asset) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#473)
Reentrancy in LendingPoolConfigurator.updateAToken(address,address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#270-276):
External calls:
- _upgradeTokenImplementation(asset,reserveData.aTokenAddress,implementation) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#273)
- proxy.upgradeToAndCall(implementation,params) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#549)
Event emitted after the call(s):
- ATokenUpgraded(asset,reserveData.aTokenAddress,implementation) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#275)
Reentrancy in LendingPoolConfigurator.updateStableDebtToken(address,address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#283-289):
External calls:
- _upgradeTokenImplementation(asset,reserveData.stableDebtTokenAddress,implementation) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#286)
- proxy.upgradeToAndCall(implementation,params) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#549)
Event emitted after the call(s):
- StableDebtTokenUpgraded(asset,reserveData.stableDebtTokenAddress,implementation) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#288)
Reentrancy in LendingPoolConfigurator.updateVariableDebtToken(address,address) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#296-302):
External calls:
- _upgradeTokenImplementation(asset,reserveData.variableDebtTokenAddress,implementation) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#299)
- proxy.upgradeToAndCall(implementation,params) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#549)
Event emitted after the call(s):
- VariableDebtTokenUpgraded(asset,reserveData.variableDebtTokenAddress,implementation) (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#301)
Reentrancy in LendingPool.withdraw(address,uint256,address) (contracts/protocol/lendingpool/LendingPool.sol#143-185):
External calls:
- reserve.updateState() (contracts/protocol/lendingpool/LendingPool.sol#171)
Event emitted after the call(s):
- ReserveUsedAsCollateralDisabled(asset,msg.sender) (contracts/protocol/lendingpool/LendingPool.sol#177)
Reentrancy in LendingPool.withdraw(address,uint256,address) (contracts/protocol/lendingpool/LendingPool.sol#143-185):
External calls:
- reserve.updateState() (contracts/protocol/lendingpool/LendingPool.sol#171)
- IAToken(aToken).burn(msg.sender,to,amountToWithdraw,reserve.liquidityIndex) (contracts/protocol/lendingpool/LendingPool.sol#180)
Event emitted after the call(s):
- Withdraw(asset,msg.sender,to,amountToWithdraw) (contracts/protocol/lendingpool/LendingPool.sol#182)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-3
ReserveLogic.getNormalizedIncome(DataTypes.ReserveData) (contracts/protocol/libraries/logic/ReserveLogic.sol#57-76) uses timestamp for comparisons
Dangerous comparisons:
- timestamp == uint40(block.timestamp) (contracts/protocol/libraries/logic/ReserveLogic.sol#65)
ReserveLogic.getNormalizedDebt(DataTypes.ReserveData) (contracts/protocol/libraries/logic/ReserveLogic.sol#85-104) uses timestamp for comparisons
Dangerous comparisons:
- timestamp == uint40(block.timestamp) (contracts/protocol/libraries/logic/ReserveLogic.sol#93)
MathUtils.calculateCompoundedInterest(uint256,uint40,uint256) (contracts/protocol/libraries/math/MathUtils.sol#45-70) uses timestamp for comparisons
Dangerous comparisons:
- exp == 0 (contracts/protocol/libraries/math/MathUtils.sol#53)
- exp > 2 (contracts/protocol/libraries/math/MathUtils.sol#59)
AToken.permit(address,address,uint256,uint256,uint8,bytes32,bytes32) (contracts/protocol/tokenization/AToken.sol#268-292) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(block.timestamp <= deadline,INVALID_EXPIRATION) (contracts/protocol/tokenization/AToken.sol#279)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#block-timestamp
Address.isContract(address) (contracts/dependencies/openzeppelin/contracts/Address.sol#25-36) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/contracts/Address.sol#32-34)
BaseAdminUpgradeabilityProxy._admin() (contracts/dependencies/openzeppelin/upgradeability/BaseAdminUpgradeabilityProxy.sol#98-104) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/upgradeability/BaseAdminUpgradeabilityProxy.sol#101-103)
BaseAdminUpgradeabilityProxy._setAdmin(address) (contracts/dependencies/openzeppelin/upgradeability/BaseAdminUpgradeabilityProxy.sol#110-116) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/upgradeability/BaseAdminUpgradeabilityProxy.sol#113-115)
BaseUpgradeabilityProxy._implementation() (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#31-37) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#34-36)
BaseUpgradeabilityProxy._setImplementation(address) (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#52-64) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/upgradeability/BaseUpgradeabilityProxy.sol#61-63)
Proxy._delegate(address) (contracts/dependencies/openzeppelin/upgradeability/Proxy.sol#31-55) uses assembly
- INLINE ASM (contracts/dependencies/openzeppelin/upgradeability/Proxy.sol#33-54)
VersionedInitializable.isConstructor() (contracts/protocol/libraries/aave-upgradeability/VersionedInitializable.sol#61-73) uses assembly
- INLINE ASM (contracts/protocol/libraries/aave-upgradeability/VersionedInitializable.sol#69-71)
AToken.initialize(uint8,string,string) (contracts/protocol/tokenization/AToken.sol#61-86) uses assembly
- INLINE ASM (contracts/protocol/tokenization/AToken.sol#69-71)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage
Address.sendValue(address,uint256) (contracts/dependencies/openzeppelin/contracts/Address.sol#54-60) is never used and should be removed
Context._msgData() (contracts/dependencies/openzeppelin/contracts/Context.sol#19-22) is never used and should be removed
ERC20._burn(address,uint256) (contracts/dependencies/openzeppelin/contracts/ERC20.sol#279-287) is never used and should be removed
LendingPoolCollateralManager.getRevision() (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#66-68) is never used and should be removed
ReserveConfiguration.getBorrowingEnabled(DataTypes.ReserveConfigurationMap) (contracts/protocol/libraries/configuration/ReserveConfiguration.sol#190-192) is never used and should be removed
ReserveConfiguration.getFrozen(DataTypes.ReserveConfigurationMap) (contracts/protocol/libraries/configuration/ReserveConfiguration.sol#170-172) is never used and should be removed
ReserveConfiguration.getLiquidationBonus(DataTypes.ReserveConfigurationMap) (contracts/protocol/libraries/configuration/ReserveConfiguration.sol#106-112) is never used and should be removed
ReserveConfiguration.getStableRateBorrowingEnabled(DataTypes.ReserveConfigurationMap) (contracts/protocol/libraries/configuration/ReserveConfiguration.sol#213-219) is never used and should be removed
SafeERC20.safeApprove(IERC20,address,uint256) (contracts/dependencies/openzeppelin/contracts/SafeERC20.sol#39-49) is never used and should be removed
SafeMath.mod(uint256,uint256) (contracts/dependencies/openzeppelin/contracts/SafeMath.sol#140-142) is never used and should be removed
SafeMath.mod(uint256,uint256,string) (contracts/dependencies/openzeppelin/contracts/SafeMath.sol#155-162) is never used and should be removed
StableDebtToken.getRevision() (contracts/protocol/tokenization/StableDebtToken.sol#38-40) is never used and should be removed
VariableDebtToken.getRevision() (contracts/protocol/tokenization/VariableDebtToken.sol#32-34) is never used and should be removed
WadRayMath.halfRay() (contracts/protocol/libraries/math/WadRayMath.sol#39-41) is never used and should be removed
WadRayMath.halfWad() (contracts/protocol/libraries/math/WadRayMath.sol#46-48) is never used and should be removed
WadRayMath.rayToWad(uint256) (contracts/protocol/libraries/math/WadRayMath.sol#117-123) is never used and should be removed
WadRayMath.wad() (contracts/protocol/libraries/math/WadRayMath.sol#32-34) is never used and should be removed
WadRayMath.wadMul(uint256,uint256) (contracts/protocol/libraries/math/WadRayMath.sol#56-64) is never used and should be removed
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dead-code
Low level call in Address.sendValue(address,uint256) (contracts/dependencies/openzeppelin/contracts/Address.sol#54-60):
- (success) = recipient.call{value: amount}() (contracts/dependencies/openzeppelin/contracts/Address.sol#58)
Low level call in SafeERC20.callOptionalReturn(IERC20,bytes) (contracts/dependencies/openzeppelin/contracts/SafeERC20.sol#51-63):
- (success,returndata) = address(token).call(data) (contracts/dependencies/openzeppelin/contracts/SafeERC20.sol#55)
Low level call in BaseAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes) (contracts/dependencies/openzeppelin/upgradeability/BaseAdminUpgradeabilityProxy.sol#85-93):
- (success) = newImplementation.delegatecall(data) (contracts/dependencies/openzeppelin/upgradeability/BaseAdminUpgradeabilityProxy.sol#91)
Low level call in InitializableUpgradeabilityProxy.initialize(address,bytes) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20-28):
- (success) = _logic.delegatecall(_data) (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#25)
Low level call in UpgradeabilityProxy.constructor(address,bytes) (contracts/dependencies/openzeppelin/upgradeability/UpgradeabilityProxy.sol#20-27):
- (success) = _logic.delegatecall(_data) (contracts/dependencies/openzeppelin/upgradeability/UpgradeabilityProxy.sol#24)
Low level call in WETHGateway._safeTransferETH(address,uint256) (contracts/misc/WETHGateway.sol#118-121):
- (success) = to.call{value: value}(new bytes(0)) (contracts/misc/WETHGateway.sol#119)
Low level call in LendingPool.liquidationCall(address,address,address,uint256,bool) (contracts/protocol/lendingpool/LendingPool.sol#424-450):
- (success,result) = collateralManager.delegatecall(abi.encodeWithSignature(liquidationCall(address,address,address,uint256,bool),collateralAsset,debtAsset,user,debtToCover,receiveAToken)) (contracts/protocol/lendingpool/LendingPool.sol#434-444)
Low level call in BaseImmutableAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes) (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#63-71):
- (success) = newImplementation.delegatecall(data) (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#69)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls
MintableDelegationERC20 (contracts/mocks/tokens/MintableDelegationERC20.sol#10-34) should inherit from IDelegationToken (contracts/interfaces/IDelegationToken.sol#9-11)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-inheritance
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) is not in mixedCase
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._data (contracts/dependencies/openzeppelin/upgradeability/InitializableUpgradeabilityProxy.sol#20) is not in mixedCase
Event ATokensAndRatesHelperdeployedContracts(address,address) (contracts/deployments/ATokensAndRatesHelper.sol#21) is not in CapWords
Event StableAndVariableTokensHelperdeployedContracts(address,address) (contracts/deployments/StableAndVariableTokensHelper.sol#14) is not in CapWords
Variable FlashLoanReceiverBase.ADDRESSES_PROVIDER (contracts/flashloan/base/FlashLoanReceiverBase.sol#15) is not in mixedCase
Variable FlashLoanReceiverBase.LENDING_POOL (contracts/flashloan/base/FlashLoanReceiverBase.sol#16) is not in mixedCase
Function IFlashLoanReceiver.ADDRESSES_PROVIDER() (contracts/flashloan/interfaces/IFlashLoanReceiver.sol#22) is not in mixedCase
Function IFlashLoanReceiver.LENDING_POOL() (contracts/flashloan/interfaces/IFlashLoanReceiver.sol#24) is not in mixedCase
Function ITokenConfiguration.UNDERLYING_ASSET_ADDRESS() (contracts/interfaces/ITokenConfiguration.sol#11) is not in mixedCase
Function ITokenConfiguration.POOL() (contracts/interfaces/ITokenConfiguration.sol#13) is not in mixedCase
Variable AaveOracle.WETH (contracts/misc/AaveOracle.sol#27) is not in mixedCase
Variable AaveProtocolDataProvider.ADDRESSES_PROVIDER (contracts/misc/AaveProtocolDataProvider.sol#26) is not in mixedCase
Variable WETHGateway.WETH (contracts/misc/WETHGateway.sol#20) is not in mixedCase
Variable WETHGateway.POOL (contracts/misc/WETHGateway.sol#21) is not in mixedCase
Variable MockFlashLoanReceiver._provider (contracts/mocks/flashloan/MockFlashLoanReceiver.sol#15) is not in mixedCase
Variable MockFlashLoanReceiver._failExecution (contracts/mocks/flashloan/MockFlashLoanReceiver.sol#20) is not in mixedCase
Variable MockFlashLoanReceiver._amountToApprove (contracts/mocks/flashloan/MockFlashLoanReceiver.sol#21) is not in mixedCase
Variable MockFlashLoanReceiver._simulateEOA (contracts/mocks/flashloan/MockFlashLoanReceiver.sol#22) is not in mixedCase
Parameter LendingRateOracle.getMarketBorrowRate(address)._asset (contracts/mocks/oracle/LendingRateOracle.sol#11) is not in mixedCase
Parameter LendingRateOracle.setMarketBorrowRate(address,uint256)._asset (contracts/mocks/oracle/LendingRateOracle.sol#15) is not in mixedCase
Parameter LendingRateOracle.setMarketBorrowRate(address,uint256)._rate (contracts/mocks/oracle/LendingRateOracle.sol#15) is not in mixedCase
Parameter LendingRateOracle.getMarketLiquidityRate(address)._asset (contracts/mocks/oracle/LendingRateOracle.sol#19) is not in mixedCase
Parameter LendingRateOracle.setMarketLiquidityRate(address,uint256)._asset (contracts/mocks/oracle/LendingRateOracle.sol#23) is not in mixedCase
Parameter LendingRateOracle.setMarketLiquidityRate(address,uint256)._rate (contracts/mocks/oracle/LendingRateOracle.sol#23) is not in mixedCase
Parameter MockAToken.initialize(uint8,string,string)._underlyingAssetDecimals (contracts/mocks/upgradeability/MockAToken.sol#32) is not in mixedCase
Parameter MockAToken.initialize(uint8,string,string)._tokenName (contracts/mocks/upgradeability/MockAToken.sol#33) is not in mixedCase
Parameter MockAToken.initialize(uint8,string,string)._tokenSymbol (contracts/mocks/upgradeability/MockAToken.sol#34) is not in mixedCase
Variable DefaultReserveInterestRateStrategy.OPTIMAL_UTILIZATION_RATE (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#29) is not in mixedCase
Variable DefaultReserveInterestRateStrategy.EXCESS_UTILIZATION_RATE (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#37) is not in mixedCase
Variable DefaultReserveInterestRateStrategy._baseVariableBorrowRate (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#42) is not in mixedCase
Variable DefaultReserveInterestRateStrategy._variableRateSlope1 (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#45) is not in mixedCase
Variable DefaultReserveInterestRateStrategy._variableRateSlope2 (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#48) is not in mixedCase
Variable DefaultReserveInterestRateStrategy._stableRateSlope1 (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#51) is not in mixedCase
Variable DefaultReserveInterestRateStrategy._stableRateSlope2 (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#54) is not in mixedCase
Variable LendingPoolStorage._addressesProvider (contracts/protocol/lendingpool/LendingPoolStorage.sol#15) is not in mixedCase
Variable LendingPoolStorage._reserves (contracts/protocol/lendingpool/LendingPoolStorage.sol#17) is not in mixedCase
Variable LendingPoolStorage._usersConfig (contracts/protocol/lendingpool/LendingPoolStorage.sol#18) is not in mixedCase
Variable LendingPoolStorage._reservesList (contracts/protocol/lendingpool/LendingPoolStorage.sol#21) is not in mixedCase
Variable LendingPoolStorage._reservesCount (contracts/protocol/lendingpool/LendingPoolStorage.sol#23) is not in mixedCase
Variable LendingPoolStorage._paused (contracts/protocol/lendingpool/LendingPoolStorage.sol#25) is not in mixedCase
Variable BaseImmutableAdminUpgradeabilityProxy.ADMIN (contracts/protocol/libraries/aave-upgradeability/BaseImmutableAdminUpgradeabilityProxy.sol#17) is not in mixedCase
Variable VersionedInitializable.______gap (contracts/protocol/libraries/aave-upgradeability/VersionedInitializable.sol#76) is not in mixedCase
Struct GenericLogic.balanceDecreaseAllowedLocalVars (contracts/protocol/libraries/logic/GenericLogic.sol#30-41) is not in CapWords
Constant WadRayMath.halfWAD (contracts/protocol/libraries/math/WadRayMath.sol#14) is not in UPPER_CASE_WITH_UNDERSCORES
Constant WadRayMath.halfRAY (contracts/protocol/libraries/math/WadRayMath.sol#17) is not in UPPER_CASE_WITH_UNDERSCORES
Variable AToken.UNDERLYING_ASSET_ADDRESS (contracts/protocol/tokenization/AToken.sol#30) is not in mixedCase
Variable AToken.RESERVE_TREASURY_ADDRESS (contracts/protocol/tokenization/AToken.sol#31) is not in mixedCase
Variable AToken.POOL (contracts/protocol/tokenization/AToken.sol#32) is not in mixedCase
Variable AToken._nonces (contracts/protocol/tokenization/AToken.sol#35) is not in mixedCase
Variable AToken.DOMAIN_SEPARATOR (contracts/protocol/tokenization/AToken.sol#37) is not in mixedCase
Variable IncentivizedERC20._incentivesController (contracts/protocol/tokenization/IncentivizedERC20.sol#18) is not in mixedCase
Variable IncentivizedERC20._balances (contracts/protocol/tokenization/IncentivizedERC20.sol#20) is not in mixedCase
Variable IncentivizedERC20._totalSupply (contracts/protocol/tokenization/IncentivizedERC20.sol#23) is not in mixedCase
Variable StableDebtToken._avgStableRate (contracts/protocol/tokenization/StableDebtToken.sol#21) is not in mixedCase
Variable StableDebtToken._timestamps (contracts/protocol/tokenization/StableDebtToken.sol#22) is not in mixedCase
Variable StableDebtToken._usersStableRate (contracts/protocol/tokenization/StableDebtToken.sol#23) is not in mixedCase
Variable StableDebtToken._totalSupplyTimestamp (contracts/protocol/tokenization/StableDebtToken.sol#24) is not in mixedCase
Variable DebtTokenBase.UNDERLYING_ASSET_ADDRESS (contracts/protocol/tokenization/base/DebtTokenBase.sol#23) is not in mixedCase
Variable DebtTokenBase.POOL (contracts/protocol/tokenization/base/DebtTokenBase.sol#24) is not in mixedCase
Variable DebtTokenBase._borrowAllowances (contracts/protocol/tokenization/base/DebtTokenBase.sol#26) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
Redundant expression "this (contracts/dependencies/openzeppelin/contracts/Context.sol#20)" inContext (contracts/dependencies/openzeppelin/contracts/Context.sol#14-23)
Redundant expression "params (contracts/mocks/flashloan/MockFlashLoanReceiver.sol#53)" inMockFlashLoanReceiver (contracts/mocks/flashloan/MockFlashLoanReceiver.sol#12-85)
Redundant expression "initiator (contracts/mocks/flashloan/MockFlashLoanReceiver.sol#54)" inMockFlashLoanReceiver (contracts/mocks/flashloan/MockFlashLoanReceiver.sol#12-85)
Redundant expression "recipient (contracts/protocol/tokenization/base/DebtTokenBase.sol#99)" inDebtTokenBase (contracts/protocol/tokenization/base/DebtTokenBase.sol#18-167)
Redundant expression "amount (contracts/protocol/tokenization/base/DebtTokenBase.sol#100)" inDebtTokenBase (contracts/protocol/tokenization/base/DebtTokenBase.sol#18-167)
Redundant expression "owner (contracts/protocol/tokenization/base/DebtTokenBase.sol#111)" inDebtTokenBase (contracts/protocol/tokenization/base/DebtTokenBase.sol#18-167)
Redundant expression "spender (contracts/protocol/tokenization/base/DebtTokenBase.sol#112)" inDebtTokenBase (contracts/protocol/tokenization/base/DebtTokenBase.sol#18-167)
Redundant expression "spender (contracts/protocol/tokenization/base/DebtTokenBase.sol#117)" inDebtTokenBase (contracts/protocol/tokenization/base/DebtTokenBase.sol#18-167)
Redundant expression "amount (contracts/protocol/tokenization/base/DebtTokenBase.sol#118)" inDebtTokenBase (contracts/protocol/tokenization/base/DebtTokenBase.sol#18-167)
Redundant expression "sender (contracts/protocol/tokenization/base/DebtTokenBase.sol#127)" inDebtTokenBase (contracts/protocol/tokenization/base/DebtTokenBase.sol#18-167)
Redundant expression "recipient (contracts/protocol/tokenization/base/DebtTokenBase.sol#128)" inDebtTokenBase (contracts/protocol/tokenization/base/DebtTokenBase.sol#18-167)
Redundant expression "amount (contracts/protocol/tokenization/base/DebtTokenBase.sol#129)" inDebtTokenBase (contracts/protocol/tokenization/base/DebtTokenBase.sol#18-167)
Redundant expression "spender (contracts/protocol/tokenization/base/DebtTokenBase.sol#139)" inDebtTokenBase (contracts/protocol/tokenization/base/DebtTokenBase.sol#18-167)
Redundant expression "addedValue (contracts/protocol/tokenization/base/DebtTokenBase.sol#140)" inDebtTokenBase (contracts/protocol/tokenization/base/DebtTokenBase.sol#18-167)
Redundant expression "spender (contracts/protocol/tokenization/base/DebtTokenBase.sol#150)" inDebtTokenBase (contracts/protocol/tokenization/base/DebtTokenBase.sol#18-167)
Redundant expression "subtractedValue (contracts/protocol/tokenization/base/DebtTokenBase.sol#151)" inDebtTokenBase (contracts/protocol/tokenization/base/DebtTokenBase.sol#18-167)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#redundant-statements
Variable DefaultReserveInterestRateStrategy._stableRateSlope1 (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#51) is too similar to DefaultReserveInterestRateStrategy._stableRateSlope2 (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#54)
Variable DefaultReserveInterestRateStrategy._variableRateSlope1 (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#45) is too similar to DefaultReserveInterestRateStrategy._variableRateSlope2 (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#48)
Variable DefaultReserveInterestRateStrategy.constructor(ILendingPoolAddressesProvider,uint256,uint256,uint256,uint256,uint256,uint256).stableRateSlope1 (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#62) is too similar to DefaultReserveInterestRateStrategy.constructor(ILendingPoolAddressesProvider,uint256,uint256,uint256,uint256,uint256,uint256).stableRateSlope2 (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#63)
Variable DefaultReserveInterestRateStrategy.constructor(ILendingPoolAddressesProvider,uint256,uint256,uint256,uint256,uint256,uint256).variableRateSlope1 (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#60) is too similar to DefaultReserveInterestRateStrategy.constructor(ILendingPoolAddressesProvider,uint256,uint256,uint256,uint256,uint256,uint256).variableRateSlope2 (contracts/protocol/lendingpool/DefaultReserveInterestRateStrategy.sol#61)
Variable Errors.LP_INCONSISTENT_FLASHLOAN_PARAMS (contracts/protocol/libraries/helpers/Errors.sol#55) is too similar to Errors.VL_INCONSISTENT_FLASHLOAN_PARAMS (contracts/protocol/libraries/helpers/Errors.sol#100)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#variable-names-too-similar
MockFlashLoanReceiver._provider (contracts/mocks/flashloan/MockFlashLoanReceiver.sol#15) is never used in MockFlashLoanReceiver (contracts/mocks/flashloan/MockFlashLoanReceiver.sol#12-85)
VersionedInitializable.______gap (contracts/protocol/libraries/aave-upgradeability/VersionedInitializable.sol#76) is never used in MockAToken (contracts/mocks/upgradeability/MockAToken.sol#7-40)
AToken.EIP712_DOMAIN (contracts/protocol/tokenization/AToken.sol#23-24) is never used in MockAToken (contracts/mocks/upgradeability/MockAToken.sol#7-40)
VersionedInitializable.______gap (contracts/protocol/libraries/aave-upgradeability/VersionedInitializable.sol#76) is never used in MockStableDebtToken (contracts/mocks/upgradeability/MockStableDebtToken.sol#6-21)
VersionedInitializable.______gap (contracts/protocol/libraries/aave-upgradeability/VersionedInitializable.sol#76) is never used in MockVariableDebtToken (contracts/mocks/upgradeability/MockVariableDebtToken.sol#6-27)
VersionedInitializable.______gap (contracts/protocol/libraries/aave-upgradeability/VersionedInitializable.sol#76) is never used in LendingPool (contracts/protocol/lendingpool/LendingPool.sol#46-923)
VersionedInitializable.______gap (contracts/protocol/libraries/aave-upgradeability/VersionedInitializable.sol#76) is never used in LendingPoolCollateralManager (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#29-317)
LendingPoolStorage._paused (contracts/protocol/lendingpool/LendingPoolStorage.sol#25) is never used in LendingPoolCollateralManager (contracts/protocol/lendingpool/LendingPoolCollateralManager.sol#29-317)
VersionedInitializable.______gap (contracts/protocol/libraries/aave-upgradeability/VersionedInitializable.sol#76) is never used in LendingPoolConfigurator (contracts/protocol/lendingpool/LendingPoolConfigurator.sol#25-562)
VersionedInitializable.______gap (contracts/protocol/libraries/aave-upgradeability/VersionedInitializable.sol#76) is never used in DelegationAwareAToken (contracts/protocol/tokenization/DelegationAwareAToken.sol#14-49)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unused-state-variable
0xC6845a5C768BF8D7681249f8927877Efda425baf analyzed (79 contracts with 75 detectors), 315 result(s) found