Updated as of block 16964257 at 4/2/2023, 6:07:23 PM ET
- ID: 139
- Proposer: 0xbC540e0729B732fb14afA240aA5A047aE9ba7dF0
- Start Block: 16332530 (1/4/2023, 4:28:23 AM ET)
- End Block: 16351730 (1/6/2023, 8:49:35 PM ET)
- Targets: 0x8922235734EC69e956977E2ea9774de8f614053a
- Executor: 0xEE56e2B3D491590B5b31738cC34d5232F378a8D5 (Short executor)
- Simulation: https://dashboard.tenderly.co/me/simulator/ae94ada3-5af0-48b0-80f7-8bd1237bebc8
Proposal text
This proposal outlines a 5-month engagement for Chaos Labs to expand the scope of its engagement with Aave to include proactive risk analysis and management of the v2 markets while encouraging and supporting a safe migration to the upcoming Ethereum v3 deployment.
This proposal acts as a mandate from the Aave community to engage with Chaos for the work defined on the Aave governance forum here and pre-approved by the Aave community via Snapshot here.
Based on the work done to date in a short time frame and the amount of work ahead to transition from v2 to v3 on Ethereum, Chaos Labs is proposing to extend the scope of the original engagement to support parameter optimization on v2 as well as conduct relevant risk analyses during the transition planning.
Our priority with this added scope would be to methodically update parameters, protect existing user funds, and mitigate new potential risk factors on v2 while ensuring the capital efficiency of v3 is a more attractive option for new users.
This includes topics and considerations such as:
- Methodically amending asset parameters to incentivize new users to open accounts on v3
- Initiating coordination with third-party protocols building on top of v2 to assist in transition planning, communications, and timing
- Helping analyze incentive (both treasury- and parameter-managed) schemes to incite account transitions
- Continued analysis of the impact of market events and risk scenarios for the DAO
This work will be in conjunction with our existing v3 responsibilities and should not materially impact timelines for delivery during the coming months.
Duration: We propose this engagement to start immediately after the proposal execution, for a 5-month period. The intent is to bridge the transition from v2 to v3 during this period with a finite end date and not continue on indefinitely. If there is still material TVL on v2 at the end of this period, we will discuss the appropriate next steps and maintenance/monitoring expectations with the community.
A full specification of the payload contract and tests enabling this mandate can be found on the Chaos Labs Github here.
In summary, the proposal creates a 5-month stream of 175,000 aUSDC and 1242 AAVE ($75,000 using 30 day TWAP, calculated on day of proposal) starting on proposal execution to the Chaos-controlled address.
The Proposal Payload has been tested and peer-reviewed by Bored Ghost Developing, including simulations on mainnet of the whole proposal lifecycle.
Copyright and related rights waived via CC0.
Info:
- State changes:
# InitializableAdminUpgradeabilityProxy at `0x25F2226B597E8F9514B3F68F00f494cF4f286491` with implementation AaveEcosystemReserveV2 at `0x10c74b37Ad4541E394c607d78062e6d22D9ad632`
@@ _nextStreamId @@
- 100004
+ 100005
@@ `_streams` key `"100004"`.deposit @@
- 0
+ 1241999999999995680000
@@ `_streams` key `"100004"`.ratePerSecond @@
- 0
+ 95833333333333
@@ `_streams` key `"100004"`.remainingBalance @@
- 0
+ 1241999999999995680000
@@ `_streams` key `"100004"`.startTime @@
- 0
+ 1673553335
@@ `_streams` key `"100004"`.stopTime @@
- 0
+ 1686513335
@@ `_streams` key `"100004"`.recipient @@
- 0x0000000000000000000000000000000000000000
+ 0xbc540e0729b732fb14afa240aa5a047ae9ba7df0
@@ `_streams` key `"100004"`.sender @@
- 0x0000000000000000000000000000000000000000
+ 0x25f2226b597e8f9514b3f68f00f494cf4f286491
@@ `_streams` key `"100004"`.tokenAddress @@
- 0x0000000000000000000000000000000000000000
+ 0x7fc66500c84a76ad7e9c93437bfc5ac33e2ddae9
# InitializableAdminUpgradeabilityProxy at `0x464C71f6c2F760DdA6093dCB91C24c39e5d6e18c` with implementation AaveEcosystemReserveV2 at `0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3`
@@ _nextStreamId @@
- 100007
+ 100008
@@ `_streams` key `"100007"`.deposit @@
- 0
+ 174998880000
@@ `_streams` key `"100007"`.ratePerSecond @@
- 0
+ 13503
@@ `_streams` key `"100007"`.remainingBalance @@
- 0
+ 174998880000
@@ `_streams` key `"100007"`.startTime @@
- 0
+ 1673553335
@@ `_streams` key `"100007"`.stopTime @@
- 0
+ 1686513335
@@ `_streams` key `"100007"`.recipient @@
- 0x0000000000000000000000000000000000000000
+ 0xbc540e0729b732fb14afa240aa5a047ae9ba7df0
@@ `_streams` key `"100007"`.sender @@
- 0x0000000000000000000000000000000000000000
+ 0x464c71f6c2f760dda6093dcb91c24c39e5d6e18c
@@ `_streams` key `"100007"`.tokenAddress @@
- 0x0000000000000000000000000000000000000000
+ 0xbcca60bb61934080951369a648fb03df4f96263c
Info:
- There is no SELFDESTRUCT inside of delegated call
Info:
- Events Emitted:
- InitializableAdminUpgradeabilityProxy at
0x464C71f6c2F760DdA6093dCB91C24c39e5d6e18cwith implementation AaveEcosystemReserveV2 at0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3CreateStream(streamId: 100007, sender: 0x464c71f6c2f760dda6093dcb91c24c39e5d6e18c, recipient: 0xbc540e0729b732fb14afa240aa5a047ae9ba7df0, deposit: 174998880000, tokenAddress: 0xbcca60bb61934080951369a648fb03df4f96263c, startTime: 1673553335, stopTime: 1686513335)
- InitializableAdminUpgradeabilityProxy at
0x25F2226B597E8F9514B3F68F00f494cF4f286491with implementation AaveEcosystemReserveV2 at0x10c74b37Ad4541E394c607d78062e6d22D9ad632CreateStream(streamId: 100004, sender: 0x25f2226b597e8f9514b3f68f00f494cf4f286491, recipient: 0xbc540e0729b732fb14afa240aa5a047ae9ba7df0, deposit: 1241999999999995680000, tokenAddress: 0x7fc66500c84a76ad7e9c93437bfc5ac33e2ddae9, startTime: 1673553335, stopTime: 1686513335)
- InitializableAdminUpgradeabilityProxy at
Info:
- Targets:
- 0x8922235734EC69e956977E2ea9774de8f614053a: Contract (not verified)
Info:
- Touched address:
- 0x5d49dBcdd300aECc2C311cFB56593E71c445d60d: EOA (verification not applicable)
- 0xEC568fffba86c094cf06b22134B23074DFE2252c: Contract (verified) (AaveGovernanceV2)
- 0xEE56e2B3D491590B5b31738cC34d5232F378a8D5: Contract (verified) (Executor)
- 0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e: Contract (verified) (GovernanceStrategy)
- 0x7Fc66500c84A76Ad7e9c93437bFc5Ac33E2DDaE9: Contract (verified) (InitializableAdminUpgradeabilityProxy)
- 0xC13eac3B4F9EED480045113B7af00F7B5655Ece8: Contract (verified) (AaveTokenV2)
- 0x8922235734EC69e956977E2ea9774de8f614053a: Contract (not verified)
- 0x3d569673dAa0575c936c7c67c4E6AedA69CC630C: Contract (verified) (AaveEcosystemReserveController)
- 0x464C71f6c2F760DdA6093dCB91C24c39e5d6e18c: Contract (verified) (InitializableAdminUpgradeabilityProxy)
- 0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3: Contract (verified) (AaveEcosystemReserveV2)
- 0x25F2226B597E8F9514B3F68F00f494cF4f286491: Contract (verified) (InitializableAdminUpgradeabilityProxy)
- 0x10c74b37Ad4541E394c607d78062e6d22D9ad632: Contract (verified) (AaveEcosystemReserveV2)
Info:
View Details
View warnings for InitializableAdminUpgradeabilityProxy at `0x25F2226B597E8F9514B3F68F00f494cF4f286491` with implementation AaveEcosystemReserveV2 at `0x10c74b37Ad4541E394c607d78062e6d22D9ad632`
WARNING:CryticCompile:Warning: contracts/libs/BaseAdminUpgradeabilityProxy.sol:14:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract BaseAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/libs/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/libs/InitializableUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/libs/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/libs/InitializableAdminUpgradeabilityProxy.sol:12:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableAdminUpgradeabilityProxy is
^ (Relevant source part starts here and spans across multiple lines).
contracts/libs/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
View warnings for InitializableAdminUpgradeabilityProxy at `0x464C71f6c2F760DdA6093dCB91C24c39e5d6e18c` with implementation AaveEcosystemReserveV2 at `0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3`
WARNING:CryticCompile:Warning: crytic-export/etherscan-contracts/0x464C71f6c2F760DdA6093dCB91C24c39e5d6e18c-InitializableAdminUpgradeabilityProxy.sol:200:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
crytic-export/etherscan-contracts/0x464C71f6c2F760DdA6093dCB91C24c39e5d6e18c-InitializableAdminUpgradeabilityProxy.sol:76:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0x464C71f6c2F760DdA6093dCB91C24c39e5d6e18c-InitializableAdminUpgradeabilityProxy.sol:228:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract BaseAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
crytic-export/etherscan-contracts/0x464C71f6c2F760DdA6093dCB91C24c39e5d6e18c-InitializableAdminUpgradeabilityProxy.sol:76:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0x464C71f6c2F760DdA6093dCB91C24c39e5d6e18c-InitializableAdminUpgradeabilityProxy.sol:347:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableAdminUpgradeabilityProxy is
^ (Relevant source part starts here and spans across multiple lines).
crytic-export/etherscan-contracts/0x464C71f6c2F760DdA6093dCB91C24c39e5d6e18c-InitializableAdminUpgradeabilityProxy.sol:76:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
View warnings for InitializableAdminUpgradeabilityProxy at `0x7Fc66500c84A76Ad7e9c93437bFc5Ac33E2DDaE9` with implementation unknown contract name at `0x96F68837877fd0414B55050c9e794AECdBcfCA59`
WARNING:CryticCompile:Warning: contracts/open-zeppelin/Address.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/BaseUpgradeabilityProxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/Proxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/SafeMath.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/UpgradeabilityProxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol:13:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract BaseAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/open-zeppelin/Proxy.sol:15:3: The payable fallback function is defined here.
fallback () payable external {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/open-zeppelin/Proxy.sol:15:3: The payable fallback function is defined here.
fallback () payable external {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/open-zeppelin/InitializableAdminUpgradeabilityProxy.sol:12:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableAdminUpgradeabilityProxy is BaseAdminUpgradeabilityProxy, InitializableUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/open-zeppelin/Proxy.sol:15:3: The payable fallback function is defined here.
fallback () payable external {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/utils/MockTransferHook.sol:9:25: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function onTransfer(address from, address to, uint256 amount) external override {
^----------^
Warning: contracts/utils/MockTransferHook.sol:9:39: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function onTransfer(address from, address to, uint256 amount) external override {
^--------^
Warning: contracts/utils/MockTransferHook.sol:9:51: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function onTransfer(address from, address to, uint256 amount) external override {
^------------^
View warnings for AaveTokenV2 (Aave Token) at `0xC13eac3B4F9EED480045113B7af00F7B5655Ece8`
WARNING:CryticCompile:Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:453:18: Warning: This declaration shadows an existing declaration.
constructor (string memory name, string memory symbol) public {
^----------------^
crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:462:5: The shadowed declaration is here:
function name() public view returns (string memory) {
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:453:38: Warning: This declaration shadows an existing declaration.
constructor (string memory name, string memory symbol) public {
^------------------^
crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:470:5: The shadowed declaration is here:
function symbol() public view returns (string memory) {
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:35:3: Warning: Interface functions are implicitly "virtual"
function delegateByType(address delegatee, DelegationType delegationType) external virtual;
^-----------------------------------------------------------------------------------------^
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:40:3: Warning: Interface functions are implicitly "virtual"
function delegate(address delegatee) external virtual;
^----------------------------------------------------^
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:45:3: Warning: Interface functions are implicitly "virtual"
function getDelegateeByType(address delegator, DelegationType delegationType)
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:56:3: Warning: Interface functions are implicitly "virtual"
function getPowerCurrent(address user, DelegationType delegationType)
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:66:3: Warning: Interface functions are implicitly "virtual"
function getPowerAtBlock(
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:75:3: Warning: Interface functions are implicitly "virtual"
function totalSupplyAt(uint256 blockNumber) external virtual view returns (uint256);
^----------------------------------------------------------------------------------^
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:453:5: Warning: Visibility for constructor is ignored. If you want the contract to be non-deployable, making it "abstract" is sufficient.
constructor (string memory name, string memory symbol) public {
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:1161:3: Warning: Visibility for constructor is ignored. If you want the contract to be non-deployable, making it "abstract" is sufficient.
constructor() public ERC20(NAME, SYMBOL) {}
^-----------------------------------------^
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:913:26: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function totalSupplyAt(uint256 blockNumber) external override view returns (uint256) {
^-----------------^
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:1079:5: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
uint128 oldValue,
^--------------^
Info:
View Details
Slither report for AaveEcosystemReserveV2 at `0x10c74b37Ad4541E394c607d78062e6d22D9ad632`
INFO:Detectors:
AaveEcosystemReserveV2.balanceOf(uint256,address).vars (src/contracts/AaveEcosystemReserveV2.sol#867) is a local variable never initialized
AaveEcosystemReserveV2.createStream(address,uint256,address,uint256,uint256).vars (src/contracts/AaveEcosystemReserveV2.sol#938) is a local variable never initialized
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#uninitialized-local-variables
INFO:Detectors:
AaveEcosystemReserveV2.deltaOf(uint256) (src/contracts/AaveEcosystemReserveV2.sol#834-845) uses timestamp for comparisons
Dangerous comparisons:
- block.timestamp <= stream.startTime (src/contracts/AaveEcosystemReserveV2.sol#841)
- block.timestamp < stream.stopTime (src/contracts/AaveEcosystemReserveV2.sol#842)
AaveEcosystemReserveV2.createStream(address,uint256,address,uint256,uint256) (src/contracts/AaveEcosystemReserveV2.sol#921-979) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(startTime >= block.timestamp,start time before block.timestamp) (src/contracts/AaveEcosystemReserveV2.sol#932-935)
AaveEcosystemReserveV2.withdrawFromStream(uint256,uint256) (src/contracts/AaveEcosystemReserveV2.sol#990-1010) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(balance >= amount,amount exceeds the available balance) (src/contracts/AaveEcosystemReserveV2.sol#1001)
AaveEcosystemReserveV2.cancelStream(uint256) (src/contracts/AaveEcosystemReserveV2.sol#1020-1045) uses timestamp for comparisons
Dangerous comparisons:
- recipientBalance > 0 (src/contracts/AaveEcosystemReserveV2.sol#1034)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#block-timestamp
INFO:Detectors:
Address.verifyCallResult(bool,bytes,string) (src/contracts/AaveEcosystemReserveV2.sol#440-460) uses assembly
- INLINE ASM (src/contracts/AaveEcosystemReserveV2.sol#452-455)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage
INFO:Detectors:
Address.functionCall(address,bytes) (src/contracts/AaveEcosystemReserveV2.sol#324-326) is never used and should be removed
Address.functionCallWithValue(address,bytes,uint256) (src/contracts/AaveEcosystemReserveV2.sol#353-359) is never used and should be removed
Address.functionDelegateCall(address,bytes) (src/contracts/AaveEcosystemReserveV2.sol#413-415) is never used and should be removed
Address.functionDelegateCall(address,bytes,string) (src/contracts/AaveEcosystemReserveV2.sol#423-432) is never used and should be removed
Address.functionStaticCall(address,bytes) (src/contracts/AaveEcosystemReserveV2.sol#386-388) is never used and should be removed
Address.functionStaticCall(address,bytes,string) (src/contracts/AaveEcosystemReserveV2.sol#396-405) is never used and should be removed
AdminControlledEcosystemReserve._setFundsAdmin(address) (src/contracts/AaveEcosystemReserveV2.sol#713-716) is never used and should be removed
SafeERC20.safeDecreaseAllowance(IERC20,address,uint256) (src/contracts/AaveEcosystemReserveV2.sol#539-560) is never used and should be removed
SafeERC20.safeIncreaseAllowance(IERC20,address,uint256) (src/contracts/AaveEcosystemReserveV2.sol#523-537) is never used and should be removed
SafeERC20.safeTransferFrom(IERC20,address,address,uint256) (src/contracts/AaveEcosystemReserveV2.sol#486-496) is never used and should be removed
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dead-code
INFO:Detectors:
Low level call in Address.sendValue(address,uint256) (src/contracts/AaveEcosystemReserveV2.sol#299-304):
- (success) = recipient.call{value: amount}() (src/contracts/AaveEcosystemReserveV2.sol#302)
Low level call in Address.functionCallWithValue(address,bytes,uint256,string) (src/contracts/AaveEcosystemReserveV2.sol#367-378):
- (success,returndata) = target.call{value: value}(data) (src/contracts/AaveEcosystemReserveV2.sol#376)
Low level call in Address.functionStaticCall(address,bytes,string) (src/contracts/AaveEcosystemReserveV2.sol#396-405):
- (success,returndata) = target.staticcall(data) (src/contracts/AaveEcosystemReserveV2.sol#403)
Low level call in Address.functionDelegateCall(address,bytes,string) (src/contracts/AaveEcosystemReserveV2.sol#423-432):
- (success,returndata) = target.delegatecall(data) (src/contracts/AaveEcosystemReserveV2.sol#430)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls
INFO:Detectors:
Function IAdminControlledEcosystemReserve.ETH_MOCK_ADDRESS() (src/contracts/AaveEcosystemReserveV2.sol#159) is not in mixedCase
Variable VersionedInitializable.______gap (src/contracts/AaveEcosystemReserveV2.sol#234) is not in mixedCase
Variable AdminControlledEcosystemReserve._fundsAdmin (src/contracts/AaveEcosystemReserveV2.sol#664) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
INFO:Slither:0x10c74b37Ad4541E394c607d78062e6d22D9ad632 analyzed (10 contracts with 79 detectors), 24 result(s) found
Slither report for AaveEcosystemReserveV2 at `0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3`
INFO:Detectors:
AaveEcosystemReserveV2.balanceOf(uint256,address).vars (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#860) is a local variable never initialized
AaveEcosystemReserveV2.createStream(address,uint256,address,uint256,uint256).vars (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#931) is a local variable never initialized
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#uninitialized-local-variables
INFO:Detectors:
AaveEcosystemReserveV2.deltaOf(uint256) (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#827-838) uses timestamp for comparisons
Dangerous comparisons:
- block.timestamp <= stream.startTime (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#834)
- block.timestamp < stream.stopTime (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#835)
AaveEcosystemReserveV2.createStream(address,uint256,address,uint256,uint256) (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#914-972) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(startTime >= block.timestamp,start time before block.timestamp) (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#925-928)
AaveEcosystemReserveV2.withdrawFromStream(uint256,uint256) (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#983-1003) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(balance >= amount,amount exceeds the available balance) (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#994)
AaveEcosystemReserveV2.cancelStream(uint256) (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#1013-1038) uses timestamp for comparisons
Dangerous comparisons:
- recipientBalance > 0 (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#1027)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#block-timestamp
INFO:Detectors:
Address.verifyCallResult(bool,bytes,string) (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#437-457) uses assembly
- INLINE ASM (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#449-452)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage
INFO:Detectors:
Address.functionCall(address,bytes) (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#321-323) is never used and should be removed
Address.functionCallWithValue(address,bytes,uint256) (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#350-356) is never used and should be removed
Address.functionDelegateCall(address,bytes) (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#410-412) is never used and should be removed
Address.functionDelegateCall(address,bytes,string) (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#420-429) is never used and should be removed
Address.functionStaticCall(address,bytes) (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#383-385) is never used and should be removed
Address.functionStaticCall(address,bytes,string) (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#393-402) is never used and should be removed
SafeERC20.safeDecreaseAllowance(IERC20,address,uint256) (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#536-557) is never used and should be removed
SafeERC20.safeIncreaseAllowance(IERC20,address,uint256) (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#520-534) is never used and should be removed
SafeERC20.safeTransferFrom(IERC20,address,address,uint256) (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#483-493) is never used and should be removed
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dead-code
INFO:Detectors:
Low level call in Address.sendValue(address,uint256) (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#296-301):
- (success) = recipient.call{value: amount}() (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#299)
Low level call in Address.functionCallWithValue(address,bytes,uint256,string) (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#364-375):
- (success,returndata) = target.call{value: value}(data) (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#373)
Low level call in Address.functionStaticCall(address,bytes,string) (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#393-402):
- (success,returndata) = target.staticcall(data) (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#400)
Low level call in Address.functionDelegateCall(address,bytes,string) (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#420-429):
- (success,returndata) = target.delegatecall(data) (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#427)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls
INFO:Detectors:
Function IAdminControlledEcosystemReserve.ETH_MOCK_ADDRESS() (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#159) is not in mixedCase
Variable VersionedInitializable.______gap (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#231) is not in mixedCase
Variable AdminControlledEcosystemReserve._fundsAdmin (crytic-export/etherscan-contracts/0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3-AaveEcosystemReserveV2.sol#661) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
INFO:Slither:0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3 analyzed (9 contracts with 79 detectors), 23 result(s) found
Slither report for InitializableAdminUpgradeabilityProxy at `0x25F2226B597E8F9514B3F68F00f494cF4f286491` with implementation AaveEcosystemReserveV2 at `0x10c74b37Ad4541E394c607d78062e6d22D9ad632`
Warning: contracts/libs/BaseAdminUpgradeabilityProxy.sol:14:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract BaseAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/libs/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/libs/InitializableUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/libs/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/libs/InitializableAdminUpgradeabilityProxy.sol:12:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableAdminUpgradeabilityProxy is
^ (Relevant source part starts here and spans across multiple lines).
contracts/libs/Proxy.sol:16:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
INFO:Detectors:
InitializableUpgradeabilityProxy.initialize(address,bytes) (contracts/libs/InitializableUpgradeabilityProxy.sol#20-28) uses delegatecall to a input-controlled function id
- (success) = _logic.delegatecall(_data) (contracts/libs/InitializableUpgradeabilityProxy.sol#25)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#controlled-delegatecall
INFO:Detectors:
ERC20.constructor(string,string,uint8).name (contracts/libs/ERC20.sol#25) shadows:
- ERC20.name() (contracts/libs/ERC20.sol#37-39) (function)
- IERC20Detailed.name() (contracts/interfaces/IERC20Detailed.sol#10) (function)
ERC20.constructor(string,string,uint8).symbol (contracts/libs/ERC20.sol#26) shadows:
- ERC20.symbol() (contracts/libs/ERC20.sol#44-46) (function)
- IERC20Detailed.symbol() (contracts/interfaces/IERC20Detailed.sol#12) (function)
ERC20.constructor(string,string,uint8).decimals (contracts/libs/ERC20.sol#27) shadows:
- ERC20.decimals() (contracts/libs/ERC20.sol#51-53) (function)
- IERC20Detailed.decimals() (contracts/interfaces/IERC20Detailed.sol#14) (function)
InitializableAdminUpgradeabilityProxy.initialize(address,address,bytes)._admin (contracts/libs/InitializableAdminUpgradeabilityProxy.sol#27) shadows:
- BaseAdminUpgradeabilityProxy._admin() (contracts/libs/BaseAdminUpgradeabilityProxy.sol#100-105) (function)
MintableErc20.constructor(string,string,uint8).name (contracts/mocks/MintableErc20.sol#12) shadows:
- ERC20.name() (contracts/libs/ERC20.sol#37-39) (function)
- IERC20Detailed.name() (contracts/interfaces/IERC20Detailed.sol#10) (function)
MintableErc20.constructor(string,string,uint8).symbol (contracts/mocks/MintableErc20.sol#13) shadows:
- ERC20.symbol() (contracts/libs/ERC20.sol#44-46) (function)
- IERC20Detailed.symbol() (contracts/interfaces/IERC20Detailed.sol#12) (function)
MintableErc20.constructor(string,string,uint8).decimals (contracts/mocks/MintableErc20.sol#14) shadows:
- ERC20.decimals() (contracts/libs/ERC20.sol#51-53) (function)
- IERC20Detailed.decimals() (contracts/interfaces/IERC20Detailed.sol#14) (function)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#local-variable-shadowing
INFO:Detectors:
AaveGenesisExecutor.constructor(address,uint256,IProxyWithAdminActions,ILendToAaveMigratorImplWithInitialize,IProxyWithAdminActions,IAaveTokenImpl,IProxyWithAdminActions,IAaveIncentivesVaultImplWithInitialize,IProxyWithAdminActions).aaveGovernance (contracts/AaveGenesisExecutor.sol#48) lacks a zero-check on :
- AAVE_GOVERNANCE = aaveGovernance (contracts/AaveGenesisExecutor.sol#58)
AaveGenesisProposalPayload.constructor(uint256,IAssetVotingWeightProvider,IAaveGenesisExecutor,IProxyWithAdminActions,IProxyWithAdminActions,IProxyWithAdminActions,IProxyWithAdminActions,address,address).lendVoteStrategyToken (contracts/AaveGenesisProposalPayload.sol#56) lacks a zero-check on :
- LEND_VOTE_STRATEGY_TOKEN = lendVoteStrategyToken (contracts/AaveGenesisProposalPayload.sol#66)
AaveGenesisProposalPayload.constructor(uint256,IAssetVotingWeightProvider,IAaveGenesisExecutor,IProxyWithAdminActions,IProxyWithAdminActions,IProxyWithAdminActions,IProxyWithAdminActions,address,address).aaveVoteStrategyToken (contracts/AaveGenesisProposalPayload.sol#57) lacks a zero-check on :
- AAVE_VOTE_STRATEGY_TOKEN = aaveVoteStrategyToken (contracts/AaveGenesisProposalPayload.sol#67)
InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (contracts/libs/InitializableUpgradeabilityProxy.sol#20) lacks a zero-check on :
- (success) = _logic.delegatecall(_data) (contracts/libs/InitializableUpgradeabilityProxy.sol#25)
BaseAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes).newImplementation (contracts/libs/BaseAdminUpgradeabilityProxy.sol#87) lacks a zero-check on :
- (success) = newImplementation.delegatecall(data) (contracts/libs/BaseAdminUpgradeabilityProxy.sol#93)
UpgradeabilityProxy.constructor(address,bytes)._logic (contracts/libs/UpgradeabilityProxy.sol#20) lacks a zero-check on :
- (success) = _logic.delegatecall(_data) (contracts/libs/UpgradeabilityProxy.sol#24)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-zero-address-validation
INFO:Detectors:
Modifier BaseAdminUpgradeabilityProxy.ifAdmin() (contracts/libs/BaseAdminUpgradeabilityProxy.sol#36-42) does not always execute _; or revertReference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-modifier
INFO:Detectors:
Reentrancy in AaveGenesisProposalPayload.execute() (contracts/AaveGenesisProposalPayload.sol#73-102):
External calls:
- LEND_TO_AAVE_MIGRATOR_PROXY.changeAdmin(newAdmin) (contracts/AaveGenesisProposalPayload.sol#76)
- AAVE_TOKEN_PROXY.changeAdmin(newAdmin) (contracts/AaveGenesisProposalPayload.sol#77)
- AAVE_INCENTIVES_VAULT_PROXY.changeAdmin(newAdmin) (contracts/AaveGenesisProposalPayload.sol#78)
- STAKED_AAVE_PROXY.changeAdmin(newAdmin) (contracts/AaveGenesisProposalPayload.sol#79)
- ASSET_VOTING_WEIGHT_PROVIDER.setVotingWeight(IERC20(LEND_VOTE_STRATEGY_TOKEN),0) (contracts/AaveGenesisProposalPayload.sol#82)
- ASSET_VOTING_WEIGHT_PROVIDER.setVotingWeight(IERC20(AAVE_VOTE_STRATEGY_TOKEN),1) (contracts/AaveGenesisProposalPayload.sol#85)
- IStakedAaveConfig(address(STAKED_AAVE_PROXY)).configureAssets(config) (contracts/AaveGenesisProposalPayload.sol#98)
- AAVE_GENESIS_EXECUTOR.setActivationBlock(block.number + ACTIVATION_BLOCK_DELAY) (contracts/AaveGenesisProposalPayload.sol#100)
Event emitted after the call(s):
- ProposalExecuted() (contracts/AaveGenesisProposalPayload.sol#101)
Reentrancy in AaveGenesisExecutor.startMigration() (contracts/AaveGenesisExecutor.sol#84-125):
External calls:
- LEND_TO_AAVE_MIGRATOR_PROXY.upgradeToAndCall(address(LEND_TO_AAVE_MIGRATOR_IMPL),migratorParams) (contracts/AaveGenesisExecutor.sol#92-95)
- AAVE_TOKEN_PROXY.upgradeToAndCall(address(AAVE_TOKEN_IMPL),aaveTokenParams) (contracts/AaveGenesisExecutor.sol#106)
- AAVE_INCENTIVES_VAULT_PROXY.upgradeToAndCall(address(AAVE_INCENTIVES_VAULT_IMPL),aaveIncentivesVaultParams) (contracts/AaveGenesisExecutor.sol#117-120)
- _returnAdminsToGovernance() (contracts/AaveGenesisExecutor.sol#122)
- LEND_TO_AAVE_MIGRATOR_PROXY.changeAdmin(AAVE_GOVERNANCE) (contracts/AaveGenesisExecutor.sol#138)
- AAVE_TOKEN_PROXY.changeAdmin(AAVE_GOVERNANCE) (contracts/AaveGenesisExecutor.sol#139)
- AAVE_INCENTIVES_VAULT_PROXY.changeAdmin(AAVE_GOVERNANCE) (contracts/AaveGenesisExecutor.sol#140)
- STAKED_AAVE_PROXY.changeAdmin(AAVE_GOVERNANCE) (contracts/AaveGenesisExecutor.sol#141)
Event emitted after the call(s):
- MigrationStarted() (contracts/AaveGenesisExecutor.sol#124)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-3
INFO:Detectors:
Address.isContract(address) (contracts/libs/Address.sol#25-36) uses assembly
- INLINE ASM (contracts/libs/Address.sol#32-34)
BaseAdminUpgradeabilityProxy._admin() (contracts/libs/BaseAdminUpgradeabilityProxy.sol#100-105) uses assembly
- INLINE ASM (contracts/libs/BaseAdminUpgradeabilityProxy.sol#102-104)
BaseAdminUpgradeabilityProxy._setAdmin(address) (contracts/libs/BaseAdminUpgradeabilityProxy.sol#111-117) uses assembly
- INLINE ASM (contracts/libs/BaseAdminUpgradeabilityProxy.sol#114-116)
BaseUpgradeabilityProxy._implementation() (contracts/libs/BaseUpgradeabilityProxy.sol#32-37) uses assembly
- INLINE ASM (contracts/libs/BaseUpgradeabilityProxy.sol#34-36)
BaseUpgradeabilityProxy._setImplementation(address) (contracts/libs/BaseUpgradeabilityProxy.sol#52-63) uses assembly
- INLINE ASM (contracts/libs/BaseUpgradeabilityProxy.sol#60-62)
Proxy._delegate(address) (contracts/libs/Proxy.sol#31-54) uses assembly
- INLINE ASM (contracts/libs/Proxy.sol#32-53)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage
INFO:Detectors:
Address.sendValue(address,uint256) (contracts/libs/Address.sol#54-60) is never used and should be removed
Context._msgData() (contracts/libs/Context.sol#19-22) is never used and should be removed
ERC20._burn(address,uint256) (contracts/libs/ERC20.sol#185-193) is never used and should be removed
ERC20._setDecimals(uint8) (contracts/libs/ERC20.sol#215-217) is never used and should be removed
ERC20._setName(string) (contracts/libs/ERC20.sol#207-209) is never used and should be removed
ERC20._setSymbol(string) (contracts/libs/ERC20.sol#211-213) is never used and should be removed
SafeERC20.safeTransfer(IERC20,address,uint256) (contracts/libs/SafeERC20.sol#22-28) is never used and should be removed
SafeERC20.safeTransferFrom(IERC20,address,address,uint256) (contracts/libs/SafeERC20.sol#30-37) is never used and should be removed
SafeMath.div(uint256,uint256) (contracts/libs/SafeMath.sol#101-103) is never used and should be removed
SafeMath.div(uint256,uint256,string) (contracts/libs/SafeMath.sol#116-127) is never used and should be removed
SafeMath.mod(uint256,uint256) (contracts/libs/SafeMath.sol#140-142) is never used and should be removed
SafeMath.mod(uint256,uint256,string) (contracts/libs/SafeMath.sol#155-162) is never used and should be removed
SafeMath.mul(uint256,uint256) (contracts/libs/SafeMath.sol#76-88) is never used and should be removed
SafeMath.sub(uint256,uint256) (contracts/libs/SafeMath.sol#43-45) is never used and should be removed
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dead-code
INFO:Detectors:
Low level call in Address.sendValue(address,uint256) (contracts/libs/Address.sol#54-60):
- (success) = recipient.call{value: amount}() (contracts/libs/Address.sol#58)
Low level call in BaseAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes) (contracts/libs/BaseAdminUpgradeabilityProxy.sol#87-95):
- (success) = newImplementation.delegatecall(data) (contracts/libs/BaseAdminUpgradeabilityProxy.sol#93)
Low level call in InitializableUpgradeabilityProxy.initialize(address,bytes) (contracts/libs/InitializableUpgradeabilityProxy.sol#20-28):
- (success) = _logic.delegatecall(_data) (contracts/libs/InitializableUpgradeabilityProxy.sol#25)
Low level call in SafeERC20.callOptionalReturn(IERC20,bytes) (contracts/libs/SafeERC20.sol#51-63):
- (success,returndata) = address(token).call(data) (contracts/libs/SafeERC20.sol#55)
Low level call in UpgradeabilityProxy.constructor(address,bytes) (contracts/libs/UpgradeabilityProxy.sol#20-27):
- (success) = _logic.delegatecall(_data) (contracts/libs/UpgradeabilityProxy.sol#24)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls
INFO:Detectors:
Variable AaveGenesisExecutor.AAVE_GOVERNANCE (contracts/AaveGenesisExecutor.sol#29) is not in mixedCase
Variable AaveGenesisExecutor.LEND_TO_AAVE_MIGRATOR_PROXY (contracts/AaveGenesisExecutor.sol#30) is not in mixedCase
Variable AaveGenesisExecutor.LEND_TO_AAVE_MIGRATOR_IMPL (contracts/AaveGenesisExecutor.sol#31) is not in mixedCase
Variable AaveGenesisExecutor.AAVE_TOKEN_PROXY (contracts/AaveGenesisExecutor.sol#32) is not in mixedCase
Variable AaveGenesisExecutor.AAVE_TOKEN_IMPL (contracts/AaveGenesisExecutor.sol#33) is not in mixedCase
Variable AaveGenesisExecutor.AAVE_INCENTIVES_VAULT_PROXY (contracts/AaveGenesisExecutor.sol#34) is not in mixedCase
Variable AaveGenesisExecutor.AAVE_INCENTIVES_VAULT_IMPL (contracts/AaveGenesisExecutor.sol#35) is not in mixedCase
Variable AaveGenesisExecutor.STAKED_AAVE_PROXY (contracts/AaveGenesisExecutor.sol#36) is not in mixedCase
Variable AaveGenesisExecutor.AAVE_ALLOWANCE_FOR_STAKE (contracts/AaveGenesisExecutor.sol#42) is not in mixedCase
Variable AaveGenesisProposalPayload.ACTIVATION_BLOCK_DELAY (contracts/AaveGenesisProposalPayload.sol#27) is not in mixedCase
Variable AaveGenesisProposalPayload.AAVE_GENESIS_EXECUTOR (contracts/AaveGenesisProposalPayload.sol#30) is not in mixedCase
Variable AaveGenesisProposalPayload.ASSET_VOTING_WEIGHT_PROVIDER (contracts/AaveGenesisProposalPayload.sol#33) is not in mixedCase
Variable AaveGenesisProposalPayload.LEND_TO_AAVE_MIGRATOR_PROXY (contracts/AaveGenesisProposalPayload.sol#37) is not in mixedCase
Variable AaveGenesisProposalPayload.AAVE_TOKEN_PROXY (contracts/AaveGenesisProposalPayload.sol#38) is not in mixedCase
Variable AaveGenesisProposalPayload.AAVE_INCENTIVES_VAULT_PROXY (contracts/AaveGenesisProposalPayload.sol#39) is not in mixedCase
Variable AaveGenesisProposalPayload.STAKED_AAVE_PROXY (contracts/AaveGenesisProposalPayload.sol#40) is not in mixedCase
Variable AaveGenesisProposalPayload.LEND_VOTE_STRATEGY_TOKEN (contracts/AaveGenesisProposalPayload.sol#43) is not in mixedCase
Variable AaveGenesisProposalPayload.AAVE_VOTE_STRATEGY_TOKEN (contracts/AaveGenesisProposalPayload.sol#46) is not in mixedCase
Variable AaveVoteStrategyToken.AAVE (contracts/AaveVoteStrategyToken.sol#17) is not in mixedCase
Variable AaveVoteStrategyToken.STKAAVE (contracts/AaveVoteStrategyToken.sol#18) is not in mixedCase
Variable LendVoteStrategyToken.LEND (contracts/LendVoteStrategyToken.sol#17) is not in mixedCase
Variable LendVoteStrategyToken.ALEND (contracts/LendVoteStrategyToken.sol#18) is not in mixedCase
Parameter InitializableAdminUpgradeabilityProxy.initialize(address,address,bytes)._logic (contracts/libs/InitializableAdminUpgradeabilityProxy.sol#26) is not in mixedCase
Parameter InitializableAdminUpgradeabilityProxy.initialize(address,address,bytes)._admin (contracts/libs/InitializableAdminUpgradeabilityProxy.sol#27) is not in mixedCase
Parameter InitializableAdminUpgradeabilityProxy.initialize(address,address,bytes)._data (contracts/libs/InitializableAdminUpgradeabilityProxy.sol#28) is not in mixedCase
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (contracts/libs/InitializableUpgradeabilityProxy.sol#20) is not in mixedCase
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._data (contracts/libs/InitializableUpgradeabilityProxy.sol#20) is not in mixedCase
Variable VersionedInitializable.______gap (contracts/libs/VersionedInitializable.sol#41) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
INFO:Detectors:
Redundant expression "this (contracts/libs/Context.sol#20)" inContext (contracts/libs/Context.sol#14-23)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#redundant-statements
INFO:Slither:0x25F2226B597E8F9514B3F68F00f494cF4f286491 analyzed (30 contracts with 79 detectors), 71 result(s) found
Slither report for AaveEcosystemReserveController at `0x3d569673dAa0575c936c7c67c4E6AedA69CC630C`
INFO:Detectors:
Context._msgData() (crytic-export/etherscan-contracts/0x3d569673dAa0575c936c7c67c4E6AedA69CC630C-AaveEcosystemReserveController.sol#27-29) is never used and should be removed
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dead-code
INFO:Detectors:
Function IAdminControlledEcosystemReserve.ETH_MOCK_ADDRESS() (crytic-export/etherscan-contracts/0x3d569673dAa0575c936c7c67c4E6AedA69CC630C-AaveEcosystemReserveController.sol#263) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
INFO:Slither:0x3d569673dAa0575c936c7c67c4E6AedA69CC630C analyzed (7 contracts with 79 detectors), 2 result(s) found
Slither report for InitializableAdminUpgradeabilityProxy at `0x464C71f6c2F760DdA6093dCB91C24c39e5d6e18c` with implementation AaveEcosystemReserveV2 at `0x1aa435ed226014407Fa6b889e9d06c02B1a12AF3`
Warning: crytic-export/etherscan-contracts/0x464C71f6c2F760DdA6093dCB91C24c39e5d6e18c-InitializableAdminUpgradeabilityProxy.sol:200:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
crytic-export/etherscan-contracts/0x464C71f6c2F760DdA6093dCB91C24c39e5d6e18c-InitializableAdminUpgradeabilityProxy.sol:76:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0x464C71f6c2F760DdA6093dCB91C24c39e5d6e18c-InitializableAdminUpgradeabilityProxy.sol:228:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract BaseAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
crytic-export/etherscan-contracts/0x464C71f6c2F760DdA6093dCB91C24c39e5d6e18c-InitializableAdminUpgradeabilityProxy.sol:76:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0x464C71f6c2F760DdA6093dCB91C24c39e5d6e18c-InitializableAdminUpgradeabilityProxy.sol:347:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableAdminUpgradeabilityProxy is
^ (Relevant source part starts here and spans across multiple lines).
crytic-export/etherscan-contracts/0x464C71f6c2F760DdA6093dCB91C24c39e5d6e18c-InitializableAdminUpgradeabilityProxy.sol:76:3: The payable fallback function is defined here.
fallback() external payable {
^ (Relevant source part starts here and spans across multiple lines).
INFO:Detectors:
InitializableUpgradeabilityProxy.initialize(address,bytes) (crytic-export/etherscan-contracts/0x464C71f6c2F760DdA6093dCB91C24c39e5d6e18c-InitializableAdminUpgradeabilityProxy.sol#209-217) uses delegatecall to a input-controlled function id
- (success) = _logic.delegatecall(_data) (crytic-export/etherscan-contracts/0x464C71f6c2F760DdA6093dCB91C24c39e5d6e18c-InitializableAdminUpgradeabilityProxy.sol#214)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#controlled-delegatecall
INFO:Detectors:
InitializableAdminUpgradeabilityProxy.initialize(address,address,bytes).admin (crytic-export/etherscan-contracts/0x464C71f6c2F760DdA6093dCB91C24c39e5d6e18c-InitializableAdminUpgradeabilityProxy.sol#362) shadows:
- BaseAdminUpgradeabilityProxy.admin() (crytic-export/etherscan-contracts/0x464C71f6c2F760DdA6093dCB91C24c39e5d6e18c-InitializableAdminUpgradeabilityProxy.sol#259-261) (function)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#local-variable-shadowing
INFO:Detectors:
InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (crytic-export/etherscan-contracts/0x464C71f6c2F760DdA6093dCB91C24c39e5d6e18c-InitializableAdminUpgradeabilityProxy.sol#209) lacks a zero-check on :
- (success) = _logic.delegatecall(_data) (crytic-export/etherscan-contracts/0x464C71f6c2F760DdA6093dCB91C24c39e5d6e18c-InitializableAdminUpgradeabilityProxy.sol#214)
BaseAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes).newImplementation (crytic-export/etherscan-contracts/0x464C71f6c2F760DdA6093dCB91C24c39e5d6e18c-InitializableAdminUpgradeabilityProxy.sol#299) lacks a zero-check on :
- (success) = newImplementation.delegatecall(data) (crytic-export/etherscan-contracts/0x464C71f6c2F760DdA6093dCB91C24c39e5d6e18c-InitializableAdminUpgradeabilityProxy.sol#305)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-zero-address-validation
INFO:Detectors:
Modifier BaseAdminUpgradeabilityProxy.ifAdmin() (crytic-export/etherscan-contracts/0x464C71f6c2F760DdA6093dCB91C24c39e5d6e18c-InitializableAdminUpgradeabilityProxy.sol#248-254) does not always execute _; or revertReference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-modifier
INFO:Detectors:
Address.isContract(address) (crytic-export/etherscan-contracts/0x464C71f6c2F760DdA6093dCB91C24c39e5d6e18c-InitializableAdminUpgradeabilityProxy.sol#25-36) uses assembly
- INLINE ASM (crytic-export/etherscan-contracts/0x464C71f6c2F760DdA6093dCB91C24c39e5d6e18c-InitializableAdminUpgradeabilityProxy.sol#32-34)
Proxy._delegate(address) (crytic-export/etherscan-contracts/0x464C71f6c2F760DdA6093dCB91C24c39e5d6e18c-InitializableAdminUpgradeabilityProxy.sol#91-115) uses assembly
- INLINE ASM (crytic-export/etherscan-contracts/0x464C71f6c2F760DdA6093dCB91C24c39e5d6e18c-InitializableAdminUpgradeabilityProxy.sol#93-114)
BaseUpgradeabilityProxy._implementation() (crytic-export/etherscan-contracts/0x464C71f6c2F760DdA6093dCB91C24c39e5d6e18c-InitializableAdminUpgradeabilityProxy.sol#159-165) uses assembly
- INLINE ASM (crytic-export/etherscan-contracts/0x464C71f6c2F760DdA6093dCB91C24c39e5d6e18c-InitializableAdminUpgradeabilityProxy.sol#162-164)
BaseUpgradeabilityProxy._setImplementation(address) (crytic-export/etherscan-contracts/0x464C71f6c2F760DdA6093dCB91C24c39e5d6e18c-InitializableAdminUpgradeabilityProxy.sol#180-192) uses assembly
- INLINE ASM (crytic-export/etherscan-contracts/0x464C71f6c2F760DdA6093dCB91C24c39e5d6e18c-InitializableAdminUpgradeabilityProxy.sol#189-191)
BaseAdminUpgradeabilityProxy._admin() (crytic-export/etherscan-contracts/0x464C71f6c2F760DdA6093dCB91C24c39e5d6e18c-InitializableAdminUpgradeabilityProxy.sol#312-318) uses assembly
- INLINE ASM (crytic-export/etherscan-contracts/0x464C71f6c2F760DdA6093dCB91C24c39e5d6e18c-InitializableAdminUpgradeabilityProxy.sol#315-317)
BaseAdminUpgradeabilityProxy._setAdmin(address) (crytic-export/etherscan-contracts/0x464C71f6c2F760DdA6093dCB91C24c39e5d6e18c-InitializableAdminUpgradeabilityProxy.sol#324-330) uses assembly
- INLINE ASM (crytic-export/etherscan-contracts/0x464C71f6c2F760DdA6093dCB91C24c39e5d6e18c-InitializableAdminUpgradeabilityProxy.sol#327-329)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage
INFO:Detectors:
Address.sendValue(address,uint256) (crytic-export/etherscan-contracts/0x464C71f6c2F760DdA6093dCB91C24c39e5d6e18c-InitializableAdminUpgradeabilityProxy.sol#54-60) is never used and should be removed
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dead-code
INFO:Detectors:
Low level call in Address.sendValue(address,uint256) (crytic-export/etherscan-contracts/0x464C71f6c2F760DdA6093dCB91C24c39e5d6e18c-InitializableAdminUpgradeabilityProxy.sol#54-60):
- (success) = recipient.call{value: amount}() (crytic-export/etherscan-contracts/0x464C71f6c2F760DdA6093dCB91C24c39e5d6e18c-InitializableAdminUpgradeabilityProxy.sol#58)
Low level call in InitializableUpgradeabilityProxy.initialize(address,bytes) (crytic-export/etherscan-contracts/0x464C71f6c2F760DdA6093dCB91C24c39e5d6e18c-InitializableAdminUpgradeabilityProxy.sol#209-217):
- (success) = _logic.delegatecall(_data) (crytic-export/etherscan-contracts/0x464C71f6c2F760DdA6093dCB91C24c39e5d6e18c-InitializableAdminUpgradeabilityProxy.sol#214)
Low level call in BaseAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes) (crytic-export/etherscan-contracts/0x464C71f6c2F760DdA6093dCB91C24c39e5d6e18c-InitializableAdminUpgradeabilityProxy.sol#299-307):
- (success) = newImplementation.delegatecall(data) (crytic-export/etherscan-contracts/0x464C71f6c2F760DdA6093dCB91C24c39e5d6e18c-InitializableAdminUpgradeabilityProxy.sol#305)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls
INFO:Detectors:
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (crytic-export/etherscan-contracts/0x464C71f6c2F760DdA6093dCB91C24c39e5d6e18c-InitializableAdminUpgradeabilityProxy.sol#209) is not in mixedCase
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._data (crytic-export/etherscan-contracts/0x464C71f6c2F760DdA6093dCB91C24c39e5d6e18c-InitializableAdminUpgradeabilityProxy.sol#209) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
INFO:Slither:0x464C71f6c2F760DdA6093dCB91C24c39e5d6e18c analyzed (6 contracts with 79 detectors), 17 result(s) found
Slither report for InitializableAdminUpgradeabilityProxy at `0x7Fc66500c84A76Ad7e9c93437bFc5Ac33E2DDaE9` with implementation unknown contract name at `0x96F68837877fd0414B55050c9e794AECdBcfCA59`
Warning: contracts/open-zeppelin/Address.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/BaseUpgradeabilityProxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/Proxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/SafeMath.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/UpgradeabilityProxy.sol: Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
Warning: contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol:13:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract BaseAdminUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/open-zeppelin/Proxy.sol:15:3: The payable fallback function is defined here.
fallback () payable external {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol:11:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableUpgradeabilityProxy is BaseUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/open-zeppelin/Proxy.sol:15:3: The payable fallback function is defined here.
fallback () payable external {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/open-zeppelin/InitializableAdminUpgradeabilityProxy.sol:12:1: Warning: This contract has a payable fallback function, but no receive ether function. Consider adding a receive ether function.
contract InitializableAdminUpgradeabilityProxy is BaseAdminUpgradeabilityProxy, InitializableUpgradeabilityProxy {
^ (Relevant source part starts here and spans across multiple lines).
contracts/open-zeppelin/Proxy.sol:15:3: The payable fallback function is defined here.
fallback () payable external {
^ (Relevant source part starts here and spans across multiple lines).
Warning: contracts/utils/MockTransferHook.sol:9:25: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function onTransfer(address from, address to, uint256 amount) external override {
^----------^
Warning: contracts/utils/MockTransferHook.sol:9:39: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function onTransfer(address from, address to, uint256 amount) external override {
^--------^
Warning: contracts/utils/MockTransferHook.sol:9:51: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function onTransfer(address from, address to, uint256 amount) external override {
^------------^
INFO:Detectors:
InitializableUpgradeabilityProxy.initialize(address,bytes) (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#20-28) uses delegatecall to a input-controlled function id
- (success) = _logic.delegatecall(_data) (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#25)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#controlled-delegatecall
INFO:Detectors:
LendToAaveMigrator.migrateFromLEND(uint256) (contracts/token/LendToAaveMigrator.sol#61-68) ignores return value by LEND.transferFrom(msg.sender,address(this),amount) (contracts/token/LendToAaveMigrator.sol#65)
LendToAaveMigrator.migrateFromLEND(uint256) (contracts/token/LendToAaveMigrator.sol#61-68) ignores return value by AAVE.transfer(msg.sender,amount.div(LEND_AAVE_RATIO)) (contracts/token/LendToAaveMigrator.sol#66)
DoubleTransferHelper.doubleSend(address,uint256,uint256) (contracts/utils/DoubleTransferHelper.sol#14-17) ignores return value by AAVE.transfer(to,amount1) (contracts/utils/DoubleTransferHelper.sol#15)
DoubleTransferHelper.doubleSend(address,uint256,uint256) (contracts/utils/DoubleTransferHelper.sol#14-17) ignores return value by AAVE.transfer(to,amount2) (contracts/utils/DoubleTransferHelper.sol#16)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unchecked-transfer
INFO:Detectors:
AaveToken._writeSnapshot(address,uint128,uint128) (contracts/token/AaveToken.sol#138-153) uses a dangerous strict equality:
- ownerCountOfSnapshots != 0 && snapshotsOwner[ownerCountOfSnapshots.sub(1)].blockNumber == currentBlock (contracts/token/AaveToken.sol#145)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dangerous-strict-equalities
INFO:Detectors:
Reentrancy in AaveToken.initialize(address,address,ITransferHook) (contracts/token/AaveToken.sol#59-85):
External calls:
- _mint(migrator,MIGRATION_AMOUNT) (contracts/token/AaveToken.sol#83)
- aaveGovernance.onTransfer(from,to,amount) (contracts/token/AaveToken.sol#181)
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
- aaveGovernance.onTransfer(from,to,amount) (contracts/token/AaveToken.sol#181)
State variables written after the call(s):
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
- _balances[account] = _balances[account].add(amount) (contracts/open-zeppelin/ERC20.sol#235)
ERC20._balances (contracts/open-zeppelin/ERC20.sol#38) can be used in cross function reentrancies:
- ERC20._mint(address,uint256) (contracts/open-zeppelin/ERC20.sol#229-237)
- ERC20._transfer(address,address,uint256) (contracts/open-zeppelin/ERC20.sol#209-218)
- ERC20.balanceOf(address) (contracts/open-zeppelin/ERC20.sol#105-107)
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
- _countsSnapshots[owner] = ownerCountOfSnapshots.add(1) (contracts/token/AaveToken.sol#149)
AaveToken._countsSnapshots (contracts/token/AaveToken.sol#38) can be used in cross function reentrancies:
- AaveToken._countsSnapshots (contracts/token/AaveToken.sol#38)
- AaveToken._writeSnapshot(address,uint128,uint128) (contracts/token/AaveToken.sol#138-153)
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
- snapshotsOwner[ownerCountOfSnapshots.sub(1)].value = newValue (contracts/token/AaveToken.sol#146)
- snapshotsOwner[ownerCountOfSnapshots] = Snapshot(currentBlock,newValue) (contracts/token/AaveToken.sol#148)
AaveToken._snapshots (contracts/token/AaveToken.sol#36) can be used in cross function reentrancies:
- AaveToken._snapshots (contracts/token/AaveToken.sol#36)
- AaveToken._writeSnapshot(address,uint128,uint128) (contracts/token/AaveToken.sol#138-153)
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
- _totalSupply = _totalSupply.add(amount) (contracts/open-zeppelin/ERC20.sol#234)
ERC20._totalSupply (contracts/open-zeppelin/ERC20.sol#42) can be used in cross function reentrancies:
- ERC20._mint(address,uint256) (contracts/open-zeppelin/ERC20.sol#229-237)
- ERC20.totalSupply() (contracts/open-zeppelin/ERC20.sol#98-100)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-1
INFO:Detectors:
ERC20.constructor(string,string).name (contracts/open-zeppelin/ERC20.sol#57) shadows:
- ERC20.name() (contracts/open-zeppelin/ERC20.sol#66-68) (function)
ERC20.constructor(string,string).symbol (contracts/open-zeppelin/ERC20.sol#57) shadows:
- ERC20.symbol() (contracts/open-zeppelin/ERC20.sol#74-76) (function)
InitializableAdminUpgradeabilityProxy.initialize(address,address,bytes)._admin (contracts/open-zeppelin/InitializableAdminUpgradeabilityProxy.sol#22) shadows:
- BaseAdminUpgradeabilityProxy._admin() (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#94-99) (function)
MintableErc20.constructor(string,string,uint8).name (contracts/utils/MintableErc20.sol#11) shadows:
- ERC20.name() (contracts/open-zeppelin/ERC20.sol#66-68) (function)
MintableErc20.constructor(string,string,uint8).symbol (contracts/utils/MintableErc20.sol#11) shadows:
- ERC20.symbol() (contracts/open-zeppelin/ERC20.sol#74-76) (function)
MintableErc20.constructor(string,string,uint8).decimals (contracts/utils/MintableErc20.sol#11) shadows:
- ERC20.decimals() (contracts/open-zeppelin/ERC20.sol#91-93) (function)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#local-variable-shadowing
INFO:Detectors:
InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#20) lacks a zero-check on :
- (success) = _logic.delegatecall(_data) (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#25)
BaseAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes).newImplementation (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#85) lacks a zero-check on :
- (success) = newImplementation.delegatecall(data) (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#87)
UpgradeabilityProxy.constructor(address,bytes)._logic (contracts/open-zeppelin/UpgradeabilityProxy.sol#19) lacks a zero-check on :
- (success) = _logic.delegatecall(_data) (contracts/open-zeppelin/UpgradeabilityProxy.sol#23)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-zero-address-validation
INFO:Detectors:
Modifier BaseAdminUpgradeabilityProxy.ifAdmin() (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#34-40) does not always execute _; or revertReference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-modifier
INFO:Detectors:
Reentrancy in AaveToken.initialize(address,address,ITransferHook) (contracts/token/AaveToken.sol#59-85):
External calls:
- _mint(migrator,MIGRATION_AMOUNT) (contracts/token/AaveToken.sol#83)
- aaveGovernance.onTransfer(from,to,amount) (contracts/token/AaveToken.sol#181)
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
- aaveGovernance.onTransfer(from,to,amount) (contracts/token/AaveToken.sol#181)
Event emitted after the call(s):
- SnapshotDone(owner,oldValue,newValue) (contracts/token/AaveToken.sol#152)
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
- Transfer(address(0),account,amount) (contracts/open-zeppelin/ERC20.sol#236)
- _mint(distributor,DISTRIBUTION_AMOUNT) (contracts/token/AaveToken.sol#84)
Reentrancy in LendToAaveMigrator.migrateFromLEND(uint256) (contracts/token/LendToAaveMigrator.sol#61-68):
External calls:
- LEND.transferFrom(msg.sender,address(this),amount) (contracts/token/LendToAaveMigrator.sol#65)
- AAVE.transfer(msg.sender,amount.div(LEND_AAVE_RATIO)) (contracts/token/LendToAaveMigrator.sol#66)
Event emitted after the call(s):
- LendMigrated(msg.sender,amount) (contracts/token/LendToAaveMigrator.sol#67)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-3
INFO:Detectors:
AaveToken.permit(address,address,uint256,uint256,uint8,bytes32,bytes32) (contracts/token/AaveToken.sol#98-123) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(block.timestamp <= deadline,INVALID_EXPIRATION) (contracts/token/AaveToken.sol#109)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#block-timestamp
INFO:Detectors:
Address.isContract(address) (contracts/open-zeppelin/Address.sol#24-33) uses assembly
- INLINE ASM (contracts/open-zeppelin/Address.sol#31)
BaseAdminUpgradeabilityProxy._admin() (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#94-99) uses assembly
- INLINE ASM (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#96-98)
BaseAdminUpgradeabilityProxy._setAdmin(address) (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#105-111) uses assembly
- INLINE ASM (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#108-110)
BaseUpgradeabilityProxy._implementation() (contracts/open-zeppelin/BaseUpgradeabilityProxy.sol#30-35) uses assembly
- INLINE ASM (contracts/open-zeppelin/BaseUpgradeabilityProxy.sol#32-34)
BaseUpgradeabilityProxy._setImplementation(address) (contracts/open-zeppelin/BaseUpgradeabilityProxy.sol#50-58) uses assembly
- INLINE ASM (contracts/open-zeppelin/BaseUpgradeabilityProxy.sol#55-57)
Proxy._delegate(address) (contracts/open-zeppelin/Proxy.sol#30-49) uses assembly
- INLINE ASM (contracts/open-zeppelin/Proxy.sol#31-48)
AaveToken.initialize(address,address,ITransferHook) (contracts/token/AaveToken.sol#59-85) uses assembly
- INLINE ASM (contracts/token/AaveToken.sol#68-70)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage
INFO:Detectors:
Address.sendValue(address,uint256) (contracts/open-zeppelin/Address.sol#51-57) is never used and should be removed
Context._msgData() (contracts/open-zeppelin/Context.sol#20-23) is never used and should be removed
ERC20._burn(address,uint256) (contracts/open-zeppelin/ERC20.sol#250-258) is never used and should be removed
SafeMath.mod(uint256,uint256) (contracts/open-zeppelin/SafeMath.sol#131-133) is never used and should be removed
SafeMath.mod(uint256,uint256,string) (contracts/open-zeppelin/SafeMath.sol#146-149) is never used and should be removed
SafeMath.mul(uint256,uint256) (contracts/open-zeppelin/SafeMath.sol#71-83) is never used and should be removed
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dead-code
INFO:Detectors:
Low level call in Address.sendValue(address,uint256) (contracts/open-zeppelin/Address.sol#51-57):
- (success) = recipient.call{value: amount}() (contracts/open-zeppelin/Address.sol#55)
Low level call in BaseAdminUpgradeabilityProxy.upgradeToAndCall(address,bytes) (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#85-89):
- (success) = newImplementation.delegatecall(data) (contracts/open-zeppelin/BaseAdminUpgradeabilityProxy.sol#87)
Low level call in InitializableUpgradeabilityProxy.initialize(address,bytes) (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#20-28):
- (success) = _logic.delegatecall(_data) (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#25)
Low level call in UpgradeabilityProxy.constructor(address,bytes) (contracts/open-zeppelin/UpgradeabilityProxy.sol#19-26):
- (success) = _logic.delegatecall(_data) (contracts/open-zeppelin/UpgradeabilityProxy.sol#23)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls
INFO:Detectors:
DoubleTransferHelper (contracts/utils/DoubleTransferHelper.sol#6-19) should inherit from VersionedInitializable (contracts/utils/VersionedInitializable.sol#18-44)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-inheritance
INFO:Detectors:
Variable ERC20._name (contracts/open-zeppelin/ERC20.sol#44) is not in mixedCase
Variable ERC20._symbol (contracts/open-zeppelin/ERC20.sol#45) is not in mixedCase
Parameter InitializableAdminUpgradeabilityProxy.initialize(address,address,bytes)._logic (contracts/open-zeppelin/InitializableAdminUpgradeabilityProxy.sol#22) is not in mixedCase
Parameter InitializableAdminUpgradeabilityProxy.initialize(address,address,bytes)._admin (contracts/open-zeppelin/InitializableAdminUpgradeabilityProxy.sol#22) is not in mixedCase
Parameter InitializableAdminUpgradeabilityProxy.initialize(address,address,bytes)._data (contracts/open-zeppelin/InitializableAdminUpgradeabilityProxy.sol#22) is not in mixedCase
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._logic (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#20) is not in mixedCase
Parameter InitializableUpgradeabilityProxy.initialize(address,bytes)._data (contracts/open-zeppelin/InitializableUpgradeabilityProxy.sol#20) is not in mixedCase
Variable AaveToken._nonces (contracts/token/AaveToken.sol#34) is not in mixedCase
Variable AaveToken._snapshots (contracts/token/AaveToken.sol#36) is not in mixedCase
Variable AaveToken._countsSnapshots (contracts/token/AaveToken.sol#38) is not in mixedCase
Variable AaveToken._aaveGovernance (contracts/token/AaveToken.sol#43) is not in mixedCase
Variable AaveToken.DOMAIN_SEPARATOR (contracts/token/AaveToken.sol#45) is not in mixedCase
Variable LendToAaveMigrator.AAVE (contracts/token/LendToAaveMigrator.sol#17) is not in mixedCase
Variable LendToAaveMigrator.LEND (contracts/token/LendToAaveMigrator.sol#18) is not in mixedCase
Variable LendToAaveMigrator.LEND_AAVE_RATIO (contracts/token/LendToAaveMigrator.sol#19) is not in mixedCase
Variable LendToAaveMigrator._totalLendMigrated (contracts/token/LendToAaveMigrator.sol#22) is not in mixedCase
Variable DoubleTransferHelper.AAVE (contracts/utils/DoubleTransferHelper.sol#8) is not in mixedCase
Variable VersionedInitializable.______gap (contracts/utils/VersionedInitializable.sol#43) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
INFO:Detectors:
Redundant expression "this (contracts/open-zeppelin/Context.sol#21)" inContext (contracts/open-zeppelin/Context.sol#15-25)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#redundant-statements
INFO:Slither:0x7Fc66500c84A76Ad7e9c93437bFc5Ac33E2DDaE9 analyzed (19 contracts with 79 detectors), 57 result(s) found
Slither report for GovernanceStrategy at `0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e`
INFO:Detectors:
GovernanceStrategy.constructor(address,address).aave (crytic-export/etherscan-contracts/0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e-GovernanceStrategy.sol#78) lacks a zero-check on :
- AAVE = aave (crytic-export/etherscan-contracts/0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e-GovernanceStrategy.sol#79)
GovernanceStrategy.constructor(address,address).stkAave (crytic-export/etherscan-contracts/0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e-GovernanceStrategy.sol#78) lacks a zero-check on :
- STK_AAVE = stkAave (crytic-export/etherscan-contracts/0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e-GovernanceStrategy.sol#80)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-zero-address-validation
INFO:Detectors:
Variable GovernanceStrategy.AAVE (crytic-export/etherscan-contracts/0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e-GovernanceStrategy.sol#70) is not in mixedCase
Variable GovernanceStrategy.STK_AAVE (crytic-export/etherscan-contracts/0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e-GovernanceStrategy.sol#71) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
INFO:Slither:0xb7e383ef9B1E9189Fc0F71fb30af8aa14377429e analyzed (4 contracts with 79 detectors), 4 result(s) found
Slither report for AaveTokenV2 (Aave Token) at `0xC13eac3B4F9EED480045113B7af00F7B5655Ece8`
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:453:18: Warning: This declaration shadows an existing declaration.
constructor (string memory name, string memory symbol) public {
^----------------^
crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:462:5: The shadowed declaration is here:
function name() public view returns (string memory) {
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:453:38: Warning: This declaration shadows an existing declaration.
constructor (string memory name, string memory symbol) public {
^------------------^
crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:470:5: The shadowed declaration is here:
function symbol() public view returns (string memory) {
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:35:3: Warning: Interface functions are implicitly "virtual"
function delegateByType(address delegatee, DelegationType delegationType) external virtual;
^-----------------------------------------------------------------------------------------^
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:40:3: Warning: Interface functions are implicitly "virtual"
function delegate(address delegatee) external virtual;
^----------------------------------------------------^
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:45:3: Warning: Interface functions are implicitly "virtual"
function getDelegateeByType(address delegator, DelegationType delegationType)
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:56:3: Warning: Interface functions are implicitly "virtual"
function getPowerCurrent(address user, DelegationType delegationType)
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:66:3: Warning: Interface functions are implicitly "virtual"
function getPowerAtBlock(
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:75:3: Warning: Interface functions are implicitly "virtual"
function totalSupplyAt(uint256 blockNumber) external virtual view returns (uint256);
^----------------------------------------------------------------------------------^
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:453:5: Warning: Visibility for constructor is ignored. If you want the contract to be non-deployable, making it "abstract" is sufficient.
constructor (string memory name, string memory symbol) public {
^ (Relevant source part starts here and spans across multiple lines).
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:1161:3: Warning: Visibility for constructor is ignored. If you want the contract to be non-deployable, making it "abstract" is sufficient.
constructor() public ERC20(NAME, SYMBOL) {}
^-----------------------------------------^
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:913:26: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
function totalSupplyAt(uint256 blockNumber) external override view returns (uint256) {
^-----------------^
Warning: crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol:1079:5: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
uint128 oldValue,
^--------------^
INFO:Detectors:
AaveTokenV2._votingSnapshots (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1136) is never initialized. It is used in:
- AaveTokenV2._getDelegationDataByType(IGovernancePowerDelegationToken.DelegationType) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1253-1272)
AaveTokenV2._votingSnapshotsCounts (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1138) is never initialized. It is used in:
- AaveTokenV2._getDelegationDataByType(IGovernancePowerDelegationToken.DelegationType) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1253-1272)
AaveTokenV2._aaveGovernance (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1143) is never initialized. It is used in:
- AaveTokenV2._beforeTokenTransfer(address,address,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1221-1251)
AaveTokenV2.DOMAIN_SEPARATOR (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1145) is never initialized. It is used in:
- AaveTokenV2.permit(address,address,uint256,uint256,uint8,bytes32,bytes32) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1179-1203)
- AaveTokenV2.delegateByTypeBySig(address,IGovernancePowerDelegationToken.DelegationType,uint256,uint256,uint8,bytes32,bytes32) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1284-1302)
- AaveTokenV2.delegateBySig(address,uint256,uint256,uint8,bytes32,bytes32) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1313-1329)
AaveTokenV2._propositionPowerSnapshots (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1156) is never initialized. It is used in:
- AaveTokenV2._getDelegationDataByType(IGovernancePowerDelegationToken.DelegationType) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1253-1272)
AaveTokenV2._propositionPowerSnapshotsCounts (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1157) is never initialized. It is used in:
- AaveTokenV2._getDelegationDataByType(IGovernancePowerDelegationToken.DelegationType) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1253-1272)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#uninitialized-state-variables
INFO:Detectors:
GovernancePowerDelegationERC20._searchByBlockNumber(mapping(address => mapping(uint256 => GovernancePowerDelegationERC20.Snapshot)),mapping(address => uint256),address,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1012-1050) uses a dangerous strict equality:
- snapshot.blockNumber == blockNumber (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1041)
GovernancePowerDelegationERC20._writeSnapshot(mapping(address => mapping(uint256 => GovernancePowerDelegationERC20.Snapshot)),mapping(address => uint256),address,uint128,uint128) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1075-1097) uses a dangerous strict equality:
- ownerSnapshotsCount != 0 && snapshotsOwner[ownerSnapshotsCount - 1].blockNumber == currentBlock (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1089-1090)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dangerous-strict-equalities
INFO:Detectors:
ERC20.constructor(string,string).name (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#453) shadows:
- ERC20.name() (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#462-464) (function)
ERC20.constructor(string,string).symbol (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#453) shadows:
- ERC20.symbol() (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#470-472) (function)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#local-variable-shadowing
INFO:Detectors:
AaveTokenV2.permit(address,address,uint256,uint256,uint8,bytes32,bytes32) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1179-1203) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(block.timestamp <= deadline,INVALID_EXPIRATION) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1190)
AaveTokenV2.delegateByTypeBySig(address,IGovernancePowerDelegationToken.DelegationType,uint256,uint256,uint8,bytes32,bytes32) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1284-1302) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(block.timestamp <= expiry,INVALID_EXPIRATION) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1300)
AaveTokenV2.delegateBySig(address,uint256,uint256,uint8,bytes32,bytes32) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1313-1329) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(block.timestamp <= expiry,INVALID_EXPIRATION) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1326)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#block-timestamp
INFO:Detectors:
Address.isContract(address) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#368-379) uses assembly
- INLINE ASM (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#375-377)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage
INFO:Detectors:
Address.isContract(address) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#368-379) is never used and should be removed
Address.sendValue(address,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#397-403) is never used and should be removed
Context._msgData() (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#94-97) is never used and should be removed
ERC20._beforeTokenTransfer(address,address,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#702) is never used and should be removed
ERC20._burn(address,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#646-654) is never used and should be removed
ERC20._mint(address,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#625-633) is never used and should be removed
ERC20._setupDecimals(uint8) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#684-686) is never used and should be removed
SafeERC20.callOptionalReturn(IERC20,bytes) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#757-769) is never used and should be removed
SafeERC20.safeApprove(IERC20,address,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#745-755) is never used and should be removed
SafeERC20.safeTransfer(IERC20,address,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#728-734) is never used and should be removed
SafeERC20.safeTransferFrom(IERC20,address,address,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#736-743) is never used and should be removed
SafeMath.div(uint256,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#280-282) is never used and should be removed
SafeMath.div(uint256,uint256,string) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#295-306) is never used and should be removed
SafeMath.mod(uint256,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#319-321) is never used and should be removed
SafeMath.mod(uint256,uint256,string) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#334-341) is never used and should be removed
SafeMath.mul(uint256,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#255-267) is never used and should be removed
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dead-code
INFO:Detectors:
Low level call in Address.sendValue(address,uint256) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#397-403):
- (success) = recipient.call{value: amount}() (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#401)
Low level call in SafeERC20.callOptionalReturn(IERC20,bytes) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#757-769):
- (success,returndata) = address(token).call(data) (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#761)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls
INFO:Detectors:
Variable ERC20._name (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#440) is not in mixedCase
Variable ERC20._symbol (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#441) is not in mixedCase
Variable VersionedInitializable.______gap (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#809) is not in mixedCase
Variable AaveTokenV2._nonces (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1134) is not in mixedCase
Variable AaveTokenV2._votingSnapshots (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1136) is not in mixedCase
Variable AaveTokenV2._votingSnapshotsCounts (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1138) is not in mixedCase
Variable AaveTokenV2._aaveGovernance (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1143) is not in mixedCase
Variable AaveTokenV2.DOMAIN_SEPARATOR (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1145) is not in mixedCase
Variable AaveTokenV2._votingDelegates (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1154) is not in mixedCase
Variable AaveTokenV2._propositionPowerSnapshots (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1156) is not in mixedCase
Variable AaveTokenV2._propositionPowerSnapshotsCounts (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1157) is not in mixedCase
Variable AaveTokenV2._propositionPowerDelegates (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1159) is not in mixedCase
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
INFO:Detectors:
Redundant expression "this (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#95)" inContext (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#89-98)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#redundant-statements
INFO:Detectors:
AaveTokenV2.DECIMALS (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1129) is never used in AaveTokenV2 (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1124-1331)
AaveTokenV2.EIP712_DOMAIN (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1147-1149) is never used in AaveTokenV2 (crytic-export/etherscan-contracts/0xC13eac3B4F9EED480045113B7af00F7B5655Ece8-AaveTokenV2.sol#1124-1331)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unused-state-variable
INFO:Slither:0xC13eac3B4F9EED480045113B7af00F7B5655Ece8 analyzed (11 contracts with 79 detectors), 47 result(s) found