gravity-bridge icon indicating copy to clipboard operation
gravity-bridge copied to clipboard

Published 20 hours ago verified publisher icon cosmos

Slither report: solidity version, reentrancy bugs

Open atoulme opened this issue 2 years ago • 0 comments

I have run slither against the main branch (apologies, if another branch is used for contract development, please let me know).

Slither runs static code analysis and has reported 228 elements. Half of them report to mixed case usage, but there are a few around reentrancy bugs. The version of Solidity used is also not recommended.

SafeMath is re-used:
	- node_modules/@uniswap/v2-periphery/contracts/libraries/SafeMath.sol#5-17
	- node_modules/@openzeppelin/contracts/math/SafeMath.sol#18-159
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#name-reused

TestLogicContract.transferTokens(address,uint256,uint256) (contracts/TestLogicContract.sol#16-23) ignores return value by IERC20(state_tokenContract).transfer(_to,_a + _b) (contracts/TestLogicContract.sol#21)
TestUniswapLiquidity.transferTokens(address,uint256,uint256,address) (contracts/TestUniswapLiquidity.sol#62-69) ignores return value by IERC20(state_tokenContract).transfer(_to,_a + _b) (contracts/TestUniswapLiquidity.sol#68)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unchecked-transfer

UniswapV2Library.getAmountsOut(address,uint256,address[]).i (node_modules/@uniswap/v2-periphery/contracts/libraries/UniswapV2Library.sol#66) is a local variable never initialized
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#uninitialized-local-variables

TestUniswapLiquidity.redeemLiquidityETH(address,uint256,uint256,uint256,address,uint256) (contracts/TestUniswapLiquidity.sol#16-40) ignores return value by IUniswapV2Pair(pair).approve(router,2 ** 256 - 1) (contracts/TestUniswapLiquidity.sol#30)
TestUniswapLiquidity.redeemLiquidityETH(address,uint256,uint256,uint256,address,uint256) (contracts/TestUniswapLiquidity.sol#16-40) ignores return value by IUniswapV2Router02(router).removeLiquidityETH(token,liquidity,amountTokenMin,amountETHMin,to,deadline) (contracts/TestUniswapLiquidity.sol#32-39)
TestUniswapLiquidity.redeemLiquidity(address,address,uint256,uint256,uint256,address,uint256) (contracts/TestUniswapLiquidity.sol#42-60) ignores return value by IUniswapV2Router02(router).removeLiquidity(tokenA,tokenB,liquidity,amountAMin,amountBMin,to,deadline) (contracts/TestUniswapLiquidity.sol#51-59)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unused-return

ERC20.constructor(string,string).name (node_modules/@openzeppelin/contracts/token/ERC20/ERC20.sol#57) shadows:
	- ERC20.name() (node_modules/@openzeppelin/contracts/token/ERC20/ERC20.sol#66-68) (function)
ERC20.constructor(string,string).symbol (node_modules/@openzeppelin/contracts/token/ERC20/ERC20.sol#57) shadows:
	- ERC20.symbol() (node_modules/@openzeppelin/contracts/token/ERC20/ERC20.sol#74-76) (function)
CosmosERC20.constructor(address,string,string,uint8)._name (contracts/CosmosToken.sol#9) shadows:
	- ERC20._name (node_modules/@openzeppelin/contracts/token/ERC20/ERC20.sol#44) (state variable)
CosmosERC20.constructor(address,string,string,uint8)._symbol (contracts/CosmosToken.sol#10) shadows:
	- ERC20._symbol (node_modules/@openzeppelin/contracts/token/ERC20/ERC20.sol#45) (state variable)
CosmosERC20.constructor(address,string,string,uint8)._decimals (contracts/CosmosToken.sol#11) shadows:
	- ERC20._decimals (node_modules/@openzeppelin/contracts/token/ERC20/ERC20.sol#46) (state variable)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#local-variable-shadowing

ReentrantERC20.constructor(address)._gravityAddress (contracts/ReentrantERC20.sol#11) lacks a zero-check on :
		- state_gravityAddress = _gravityAddress (contracts/ReentrantERC20.sol#12)
TestLogicContract.constructor(address)._tokenContract (contracts/TestLogicContract.sol#12) lacks a zero-check on :
		- state_tokenContract = _tokenContract (contracts/TestLogicContract.sol#13)
TestUniswapLiquidity.constructor(address)._uni_router (contracts/TestUniswapLiquidity.sol#12) lacks a zero-check on :
		- router = _uni_router (contracts/TestUniswapLiquidity.sol#13)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-zero-address-validation

Reentrancy in Gravity.sendToCosmos(address,bytes32,uint256) (contracts/Gravity.sol#524-538):
	External calls:
	- IERC20(_tokenContract).safeTransferFrom(msg.sender,address(this),_amount) (contracts/Gravity.sol#529)
	State variables written after the call(s):
	- state_lastEventNonce = state_lastEventNonce.add(1) (contracts/Gravity.sol#530)
Reentrancy in Gravity.submitBatch(address[],uint256[],uint256,uint8[],bytes32[],bytes32[],uint256[],address[],uint256[],uint256,address,uint256) (contracts/Gravity.sol#287-393):
	External calls:
	- IERC20(_tokenContract).safeTransfer(msg.sender,totalFee) (contracts/Gravity.sol#384)
	State variables written after the call(s):
	- state_lastEventNonce = state_lastEventNonce.add(1) (contracts/Gravity.sol#390)
Reentrancy in Gravity.submitLogicCall(address[],uint256[],uint256,uint8[],bytes32[],bytes32[],LogicCallArgs) (contracts/Gravity.sol#404-522):
	External calls:
	- returnData = Address.functionCall(_args.logicContractAddress,_args.payload) (contracts/Gravity.sol#505)
	State variables written after the call(s):
	- state_lastEventNonce = state_lastEventNonce.add(1) (contracts/Gravity.sol#514)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-2

Reentrancy in SimpleLogicBatchMiddleware.logicBatch(uint256[],bytes[],address,address) (contracts/SimpleLogicBatch.sol#27-42):
	External calls:
	- IERC20(_tokenContract).safeTransfer(_logicContract,_amounts[i]) (contracts/SimpleLogicBatch.sol#38)
	- returnData = Address.functionCall(_logicContract,_payloads[i]) (contracts/SimpleLogicBatch.sol#39)
	Event emitted after the call(s):
	- LogicCallEvent(_tokenContract,_logicContract,true,returnData) (contracts/SimpleLogicBatch.sol#40)
Reentrancy in Gravity.sendToCosmos(address,bytes32,uint256) (contracts/Gravity.sol#524-538):
	External calls:
	- IERC20(_tokenContract).safeTransferFrom(msg.sender,address(this),_amount) (contracts/Gravity.sol#529)
	Event emitted after the call(s):
	- SendToCosmosEvent(_tokenContract,msg.sender,_destination,_amount,state_lastEventNonce) (contracts/Gravity.sol#531-537)
Reentrancy in Gravity.submitBatch(address[],uint256[],uint256,uint8[],bytes32[],bytes32[],uint256[],address[],uint256[],uint256,address,uint256) (contracts/Gravity.sol#287-393):
	External calls:
	- IERC20(_tokenContract).safeTransfer(msg.sender,totalFee) (contracts/Gravity.sol#384)
	Event emitted after the call(s):
	- TransactionBatchExecutedEvent(_batchNonce,_tokenContract,state_lastEventNonce) (contracts/Gravity.sol#391)
Reentrancy in Gravity.submitLogicCall(address[],uint256[],uint256,uint8[],bytes32[],bytes32[],LogicCallArgs) (contracts/Gravity.sol#404-522):
	External calls:
	- returnData = Address.functionCall(_args.logicContractAddress,_args.payload) (contracts/Gravity.sol#505)
	Event emitted after the call(s):
	- LogicCallEvent(_args.invalidationId,_args.invalidationNonce,returnData,state_lastEventNonce) (contracts/Gravity.sol#515-520)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-3

Address.isContract(address) (node_modules/@openzeppelin/contracts/utils/Address.sol#26-35) uses assembly
	- INLINE ASM (node_modules/@openzeppelin/contracts/utils/Address.sol#33)
Address._functionCallWithValue(address,bytes,uint256,string) (node_modules/@openzeppelin/contracts/utils/Address.sol#119-140) uses assembly
	- INLINE ASM (node_modules/@openzeppelin/contracts/utils/Address.sol#132-135)
console._sendLogPayload(bytes) (node_modules/hardhat/console.sol#7-14) uses assembly
	- INLINE ASM (node_modules/hardhat/console.sol#10-13)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage

Different versions of Solidity is used:
	- Version used: ['=0.6.6', '>=0.4.22<0.9.0', '>=0.5.0', '>=0.6.2', '^0.6.0', '^0.6.2', '^0.6.6']
	- ^0.6.0 (node_modules/@openzeppelin/contracts/GSN/Context.sol#3)
	- ^0.6.0 (node_modules/@openzeppelin/contracts/access/Ownable.sol#3)
	- ^0.6.0 (node_modules/@openzeppelin/contracts/math/SafeMath.sol#3)
	- ^0.6.0 (node_modules/@openzeppelin/contracts/token/ERC20/ERC20.sol#3)
	- ^0.6.0 (node_modules/@openzeppelin/contracts/token/ERC20/IERC20.sol#3)
	- ^0.6.0 (node_modules/@openzeppelin/contracts/token/ERC20/SafeERC20.sol#3)
	- ^0.6.2 (node_modules/@openzeppelin/contracts/utils/Address.sol#3)
	- ^0.6.0 (node_modules/@openzeppelin/contracts/utils/ReentrancyGuard.sol#3)
	- >=0.5.0 (node_modules/@uniswap/v2-core/contracts/interfaces/IUniswapV2Pair.sol#1)
	- >=0.6.2 (node_modules/@uniswap/v2-periphery/contracts/interfaces/IUniswapV2Router01.sol#1)
	- >=0.6.2 (node_modules/@uniswap/v2-periphery/contracts/interfaces/IUniswapV2Router02.sol#1)
	- =0.6.6 (node_modules/@uniswap/v2-periphery/contracts/libraries/SafeMath.sol#1)
	- >=0.5.0 (node_modules/@uniswap/v2-periphery/contracts/libraries/UniswapV2Library.sol#1)
	- ^0.6.6 (contracts/CosmosToken.sol#1)
	- ^0.6.6 (contracts/Gravity.sol#1)
	- ABIEncoderV2 (contracts/Gravity.sol#10)
	- ^0.6.6 (contracts/HashingTest.sol#1)
	- ^0.6.6 (contracts/ReentrantERC20.sol#1)
	- ABIEncoderV2 (contracts/ReentrantERC20.sol#5)
	- ^0.6.6 (contracts/SigningTest.sol#1)
	- ^0.6.6 (contracts/SimpleLogicBatch.sol#1)
	- ABIEncoderV2 (contracts/SimpleLogicBatch.sol#2)
	- ^0.6.6 (contracts/TestERC20A.sol#1)
	- ^0.6.6 (contracts/TestERC20B.sol#1)
	- ^0.6.6 (contracts/TestERC20C.sol#1)
	- ^0.6.6 (contracts/TestLogicContract.sol#1)
	- ^0.6.6 (contracts/TestTokenBatchMiddleware copy.sol#1)
	- ^0.6.6 (contracts/TestUniswapLiquidity.sol#1)
	- >=0.4.22<0.9.0 (node_modules/hardhat/console.sol#2)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#different-pragma-directives-are-used

Pragma version^0.6.0 (node_modules/@openzeppelin/contracts/GSN/Context.sol#3) allows old versions
Pragma version^0.6.0 (node_modules/@openzeppelin/contracts/access/Ownable.sol#3) allows old versions
Pragma version^0.6.0 (node_modules/@openzeppelin/contracts/math/SafeMath.sol#3) allows old versions
Pragma version^0.6.0 (node_modules/@openzeppelin/contracts/token/ERC20/ERC20.sol#3) allows old versions
Pragma version^0.6.0 (node_modules/@openzeppelin/contracts/token/ERC20/IERC20.sol#3) allows old versions
Pragma version^0.6.0 (node_modules/@openzeppelin/contracts/token/ERC20/SafeERC20.sol#3) allows old versions
Pragma version^0.6.2 (node_modules/@openzeppelin/contracts/utils/Address.sol#3) allows old versions
Pragma version^0.6.0 (node_modules/@openzeppelin/contracts/utils/ReentrancyGuard.sol#3) allows old versions
Pragma version>=0.5.0 (node_modules/@uniswap/v2-core/contracts/interfaces/IUniswapV2Pair.sol#1) allows old versions
Pragma version>=0.6.2 (node_modules/@uniswap/v2-periphery/contracts/interfaces/IUniswapV2Router01.sol#1) allows old versions
Pragma version>=0.6.2 (node_modules/@uniswap/v2-periphery/contracts/interfaces/IUniswapV2Router02.sol#1) allows old versions
Pragma version=0.6.6 (node_modules/@uniswap/v2-periphery/contracts/libraries/SafeMath.sol#1) allows old versions
Pragma version>=0.5.0 (node_modules/@uniswap/v2-periphery/contracts/libraries/UniswapV2Library.sol#1) allows old versions
Pragma version^0.6.6 (contracts/CosmosToken.sol#1) allows old versions
Pragma version^0.6.6 (contracts/Gravity.sol#1) allows old versions
Pragma version^0.6.6 (contracts/HashingTest.sol#1) allows old versions
Pragma version^0.6.6 (contracts/ReentrantERC20.sol#1) allows old versions
Pragma version^0.6.6 (contracts/SigningTest.sol#1) allows old versions
Pragma version^0.6.6 (contracts/SimpleLogicBatch.sol#1) allows old versions
Pragma version^0.6.6 (contracts/TestERC20A.sol#1) allows old versions
Pragma version^0.6.6 (contracts/TestERC20B.sol#1) allows old versions
Pragma version^0.6.6 (contracts/TestERC20C.sol#1) allows old versions
Pragma version^0.6.6 (contracts/TestLogicContract.sol#1) allows old versions
Pragma version^0.6.6 (contracts/TestTokenBatchMiddleware copy.sol#1) allows old versions
Pragma version^0.6.6 (contracts/TestUniswapLiquidity.sol#1) allows old versions
Pragma version>=0.4.22<0.9.0 (node_modules/hardhat/console.sol#2) is too complex
solc-0.6.6 is not recommended for deployment
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-versions-of-solidity

Low level call in Address.sendValue(address,uint256) (node_modules/@openzeppelin/contracts/utils/Address.sol#53-59):
	- (success) = recipient.call{value: amount}() (node_modules/@openzeppelin/contracts/utils/Address.sol#57)
Low level call in Address._functionCallWithValue(address,bytes,uint256,string) (node_modules/@openzeppelin/contracts/utils/Address.sol#119-140):
	- (success,returndata) = target.call{value: weiValue}(data) (node_modules/@openzeppelin/contracts/utils/Address.sol#123)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls

Function IUniswapV2Pair.DOMAIN_SEPARATOR() (node_modules/@uniswap/v2-core/contracts/interfaces/IUniswapV2Pair.sol#18) is not in mixedCase
Function IUniswapV2Pair.PERMIT_TYPEHASH() (node_modules/@uniswap/v2-core/contracts/interfaces/IUniswapV2Pair.sol#19) is not in mixedCase
Function IUniswapV2Pair.MINIMUM_LIQUIDITY() (node_modules/@uniswap/v2-core/contracts/interfaces/IUniswapV2Pair.sol#36) is not in mixedCase
Function IUniswapV2Router01.WETH() (node_modules/@uniswap/v2-periphery/contracts/interfaces/IUniswapV2Router01.sol#5) is not in mixedCase
Variable CosmosERC20.MAX_UINT (contracts/CosmosToken.sol#5) is not in mixedCase
Parameter Gravity.testMakeCheckpoint(address[],uint256[],uint256,bytes32)._validators (contracts/Gravity.sol#89) is not in mixedCase
Parameter Gravity.testMakeCheckpoint(address[],uint256[],uint256,bytes32)._powers (contracts/Gravity.sol#90) is not in mixedCase
Parameter Gravity.testMakeCheckpoint(address[],uint256[],uint256,bytes32)._valsetNonce (contracts/Gravity.sol#91) is not in mixedCase
Parameter Gravity.testMakeCheckpoint(address[],uint256[],uint256,bytes32)._gravityId (contracts/Gravity.sol#92) is not in mixedCase
Parameter Gravity.testCheckValidatorSignatures(address[],uint256[],uint8[],bytes32[],bytes32[],bytes32,uint256)._currentValidators (contracts/Gravity.sol#98) is not in mixedCase
Parameter Gravity.testCheckValidatorSignatures(address[],uint256[],uint8[],bytes32[],bytes32[],bytes32,uint256)._currentPowers (contracts/Gravity.sol#99) is not in mixedCase
Parameter Gravity.testCheckValidatorSignatures(address[],uint256[],uint8[],bytes32[],bytes32[],bytes32,uint256)._v (contracts/Gravity.sol#100) is not in mixedCase
Parameter Gravity.testCheckValidatorSignatures(address[],uint256[],uint8[],bytes32[],bytes32[],bytes32,uint256)._r (contracts/Gravity.sol#101) is not in mixedCase
Parameter Gravity.testCheckValidatorSignatures(address[],uint256[],uint8[],bytes32[],bytes32[],bytes32,uint256)._s (contracts/Gravity.sol#102) is not in mixedCase
Parameter Gravity.testCheckValidatorSignatures(address[],uint256[],uint8[],bytes32[],bytes32[],bytes32,uint256)._theHash (contracts/Gravity.sol#103) is not in mixedCase
Parameter Gravity.testCheckValidatorSignatures(address[],uint256[],uint8[],bytes32[],bytes32[],bytes32,uint256)._powerThreshold (contracts/Gravity.sol#104) is not in mixedCase
Parameter Gravity.lastBatchNonce(address)._erc20Address (contracts/Gravity.sol#119) is not in mixedCase
Parameter Gravity.lastLogicCallNonce(bytes32)._invalidation_id (contracts/Gravity.sol#123) is not in mixedCase
Parameter Gravity.verifySig(address,bytes32,uint8,bytes32,bytes32)._signer (contracts/Gravity.sol#129) is not in mixedCase
Parameter Gravity.verifySig(address,bytes32,uint8,bytes32,bytes32)._theHash (contracts/Gravity.sol#130) is not in mixedCase
Parameter Gravity.verifySig(address,bytes32,uint8,bytes32,bytes32)._v (contracts/Gravity.sol#131) is not in mixedCase
Parameter Gravity.verifySig(address,bytes32,uint8,bytes32,bytes32)._r (contracts/Gravity.sol#132) is not in mixedCase
Parameter Gravity.verifySig(address,bytes32,uint8,bytes32,bytes32)._s (contracts/Gravity.sol#133) is not in mixedCase
Parameter Gravity.makeCheckpoint(address[],uint256[],uint256,bytes32)._validators (contracts/Gravity.sol#149) is not in mixedCase
Parameter Gravity.makeCheckpoint(address[],uint256[],uint256,bytes32)._powers (contracts/Gravity.sol#150) is not in mixedCase
Parameter Gravity.makeCheckpoint(address[],uint256[],uint256,bytes32)._valsetNonce (contracts/Gravity.sol#151) is not in mixedCase
Parameter Gravity.makeCheckpoint(address[],uint256[],uint256,bytes32)._gravityId (contracts/Gravity.sol#152) is not in mixedCase
Parameter Gravity.checkValidatorSignatures(address[],uint256[],uint8[],bytes32[],bytes32[],bytes32,uint256)._currentValidators (contracts/Gravity.sol#165) is not in mixedCase
Parameter Gravity.checkValidatorSignatures(address[],uint256[],uint8[],bytes32[],bytes32[],bytes32,uint256)._currentPowers (contracts/Gravity.sol#166) is not in mixedCase
Parameter Gravity.checkValidatorSignatures(address[],uint256[],uint8[],bytes32[],bytes32[],bytes32,uint256)._v (contracts/Gravity.sol#168) is not in mixedCase
Parameter Gravity.checkValidatorSignatures(address[],uint256[],uint8[],bytes32[],bytes32[],bytes32,uint256)._r (contracts/Gravity.sol#169) is not in mixedCase
Parameter Gravity.checkValidatorSignatures(address[],uint256[],uint8[],bytes32[],bytes32[],bytes32,uint256)._s (contracts/Gravity.sol#170) is not in mixedCase
Parameter Gravity.checkValidatorSignatures(address[],uint256[],uint8[],bytes32[],bytes32[],bytes32,uint256)._theHash (contracts/Gravity.sol#172) is not in mixedCase
Parameter Gravity.checkValidatorSignatures(address[],uint256[],uint8[],bytes32[],bytes32[],bytes32,uint256)._powerThreshold (contracts/Gravity.sol#173) is not in mixedCase
Parameter Gravity.updateValset(address[],uint256[],uint256,address[],uint256[],uint256,uint8[],bytes32[],bytes32[])._newValidators (contracts/Gravity.sol#212) is not in mixedCase
Parameter Gravity.updateValset(address[],uint256[],uint256,address[],uint256[],uint256,uint8[],bytes32[],bytes32[])._newPowers (contracts/Gravity.sol#213) is not in mixedCase
Parameter Gravity.updateValset(address[],uint256[],uint256,address[],uint256[],uint256,uint8[],bytes32[],bytes32[])._newValsetNonce (contracts/Gravity.sol#214) is not in mixedCase
Parameter Gravity.updateValset(address[],uint256[],uint256,address[],uint256[],uint256,uint8[],bytes32[],bytes32[])._currentValidators (contracts/Gravity.sol#216) is not in mixedCase
Parameter Gravity.updateValset(address[],uint256[],uint256,address[],uint256[],uint256,uint8[],bytes32[],bytes32[])._currentPowers (contracts/Gravity.sol#217) is not in mixedCase
Parameter Gravity.updateValset(address[],uint256[],uint256,address[],uint256[],uint256,uint8[],bytes32[],bytes32[])._currentValsetNonce (contracts/Gravity.sol#218) is not in mixedCase
Parameter Gravity.updateValset(address[],uint256[],uint256,address[],uint256[],uint256,uint8[],bytes32[],bytes32[])._v (contracts/Gravity.sol#220) is not in mixedCase
Parameter Gravity.updateValset(address[],uint256[],uint256,address[],uint256[],uint256,uint8[],bytes32[],bytes32[])._r (contracts/Gravity.sol#221) is not in mixedCase
Parameter Gravity.updateValset(address[],uint256[],uint256,address[],uint256[],uint256,uint8[],bytes32[],bytes32[])._s (contracts/Gravity.sol#222) is not in mixedCase
Parameter Gravity.submitBatch(address[],uint256[],uint256,uint8[],bytes32[],bytes32[],uint256[],address[],uint256[],uint256,address,uint256)._currentValidators (contracts/Gravity.sol#289) is not in mixedCase
Parameter Gravity.submitBatch(address[],uint256[],uint256,uint8[],bytes32[],bytes32[],uint256[],address[],uint256[],uint256,address,uint256)._currentPowers (contracts/Gravity.sol#290) is not in mixedCase
Parameter Gravity.submitBatch(address[],uint256[],uint256,uint8[],bytes32[],bytes32[],uint256[],address[],uint256[],uint256,address,uint256)._currentValsetNonce (contracts/Gravity.sol#291) is not in mixedCase
Parameter Gravity.submitBatch(address[],uint256[],uint256,uint8[],bytes32[],bytes32[],uint256[],address[],uint256[],uint256,address,uint256)._v (contracts/Gravity.sol#293) is not in mixedCase
Parameter Gravity.submitBatch(address[],uint256[],uint256,uint8[],bytes32[],bytes32[],uint256[],address[],uint256[],uint256,address,uint256)._r (contracts/Gravity.sol#294) is not in mixedCase
Parameter Gravity.submitBatch(address[],uint256[],uint256,uint8[],bytes32[],bytes32[],uint256[],address[],uint256[],uint256,address,uint256)._s (contracts/Gravity.sol#295) is not in mixedCase
Parameter Gravity.submitBatch(address[],uint256[],uint256,uint8[],bytes32[],bytes32[],uint256[],address[],uint256[],uint256,address,uint256)._amounts (contracts/Gravity.sol#297) is not in mixedCase
Parameter Gravity.submitBatch(address[],uint256[],uint256,uint8[],bytes32[],bytes32[],uint256[],address[],uint256[],uint256,address,uint256)._destinations (contracts/Gravity.sol#298) is not in mixedCase
Parameter Gravity.submitBatch(address[],uint256[],uint256,uint8[],bytes32[],bytes32[],uint256[],address[],uint256[],uint256,address,uint256)._fees (contracts/Gravity.sol#299) is not in mixedCase
Parameter Gravity.submitBatch(address[],uint256[],uint256,uint8[],bytes32[],bytes32[],uint256[],address[],uint256[],uint256,address,uint256)._batchNonce (contracts/Gravity.sol#300) is not in mixedCase
Parameter Gravity.submitBatch(address[],uint256[],uint256,uint8[],bytes32[],bytes32[],uint256[],address[],uint256[],uint256,address,uint256)._tokenContract (contracts/Gravity.sol#301) is not in mixedCase
Parameter Gravity.submitBatch(address[],uint256[],uint256,uint8[],bytes32[],bytes32[],uint256[],address[],uint256[],uint256,address,uint256)._batchTimeout (contracts/Gravity.sol#304) is not in mixedCase
Parameter Gravity.submitLogicCall(address[],uint256[],uint256,uint8[],bytes32[],bytes32[],LogicCallArgs)._currentValidators (contracts/Gravity.sol#406) is not in mixedCase
Parameter Gravity.submitLogicCall(address[],uint256[],uint256,uint8[],bytes32[],bytes32[],LogicCallArgs)._currentPowers (contracts/Gravity.sol#407) is not in mixedCase
Parameter Gravity.submitLogicCall(address[],uint256[],uint256,uint8[],bytes32[],bytes32[],LogicCallArgs)._currentValsetNonce (contracts/Gravity.sol#408) is not in mixedCase
Parameter Gravity.submitLogicCall(address[],uint256[],uint256,uint8[],bytes32[],bytes32[],LogicCallArgs)._v (contracts/Gravity.sol#410) is not in mixedCase
Parameter Gravity.submitLogicCall(address[],uint256[],uint256,uint8[],bytes32[],bytes32[],LogicCallArgs)._r (contracts/Gravity.sol#411) is not in mixedCase
Parameter Gravity.submitLogicCall(address[],uint256[],uint256,uint8[],bytes32[],bytes32[],LogicCallArgs)._s (contracts/Gravity.sol#412) is not in mixedCase
Parameter Gravity.submitLogicCall(address[],uint256[],uint256,uint8[],bytes32[],bytes32[],LogicCallArgs)._args (contracts/Gravity.sol#413) is not in mixedCase
Parameter Gravity.sendToCosmos(address,bytes32,uint256)._tokenContract (contracts/Gravity.sol#525) is not in mixedCase
Parameter Gravity.sendToCosmos(address,bytes32,uint256)._destination (contracts/Gravity.sol#526) is not in mixedCase
Parameter Gravity.sendToCosmos(address,bytes32,uint256)._amount (contracts/Gravity.sol#527) is not in mixedCase
Parameter Gravity.deployERC20(string,string,string,uint8)._cosmosDenom (contracts/Gravity.sol#541) is not in mixedCase
Parameter Gravity.deployERC20(string,string,string,uint8)._name (contracts/Gravity.sol#542) is not in mixedCase
Parameter Gravity.deployERC20(string,string,string,uint8)._symbol (contracts/Gravity.sol#543) is not in mixedCase
Parameter Gravity.deployERC20(string,string,string,uint8)._decimals (contracts/Gravity.sol#544) is not in mixedCase
Variable Gravity.state_lastValsetCheckpoint (contracts/Gravity.sol#34) is not in mixedCase
Variable Gravity.state_lastBatchNonces (contracts/Gravity.sol#35) is not in mixedCase
Variable Gravity.state_invalidationMapping (contracts/Gravity.sol#36) is not in mixedCase
Variable Gravity.state_lastValsetNonce (contracts/Gravity.sol#37) is not in mixedCase
Variable Gravity.state_lastEventNonce (contracts/Gravity.sol#40) is not in mixedCase
Variable Gravity.state_gravityId (contracts/Gravity.sol#43) is not in mixedCase
Variable Gravity.state_powerThreshold (contracts/Gravity.sol#44) is not in mixedCase
Function HashingTest.IterativeHash(address[],uint256[],uint256,bytes32) (contracts/HashingTest.sol#14-41) is not in mixedCase
Parameter HashingTest.IterativeHash(address[],uint256[],uint256,bytes32)._validators (contracts/HashingTest.sol#15) is not in mixedCase
Parameter HashingTest.IterativeHash(address[],uint256[],uint256,bytes32)._powers (contracts/HashingTest.sol#16) is not in mixedCase
Parameter HashingTest.IterativeHash(address[],uint256[],uint256,bytes32)._valsetNonce (contracts/HashingTest.sol#17) is not in mixedCase
Parameter HashingTest.IterativeHash(address[],uint256[],uint256,bytes32)._gravityId (contracts/HashingTest.sol#18) is not in mixedCase
Function HashingTest.ConcatHash(address[],uint256[],uint256,bytes32) (contracts/HashingTest.sol#43-61) is not in mixedCase
Parameter HashingTest.ConcatHash(address[],uint256[],uint256,bytes32)._validators (contracts/HashingTest.sol#44) is not in mixedCase
Parameter HashingTest.ConcatHash(address[],uint256[],uint256,bytes32)._powers (contracts/HashingTest.sol#45) is not in mixedCase
Parameter HashingTest.ConcatHash(address[],uint256[],uint256,bytes32)._valsetNonce (contracts/HashingTest.sol#46) is not in mixedCase
Parameter HashingTest.ConcatHash(address[],uint256[],uint256,bytes32)._gravityId (contracts/HashingTest.sol#47) is not in mixedCase
Function HashingTest.ConcatHash2(address[],uint256[],uint256,bytes32) (contracts/HashingTest.sol#63-77) is not in mixedCase
Parameter HashingTest.ConcatHash2(address[],uint256[],uint256,bytes32)._validators (contracts/HashingTest.sol#64) is not in mixedCase
Parameter HashingTest.ConcatHash2(address[],uint256[],uint256,bytes32)._powers (contracts/HashingTest.sol#65) is not in mixedCase
Parameter HashingTest.ConcatHash2(address[],uint256[],uint256,bytes32)._valsetNonce (contracts/HashingTest.sol#66) is not in mixedCase
Parameter HashingTest.ConcatHash2(address[],uint256[],uint256,bytes32)._gravityId (contracts/HashingTest.sol#67) is not in mixedCase
Function HashingTest.JustSaveEverything(address[],uint256[],uint256) (contracts/HashingTest.sol#79-87) is not in mixedCase
Parameter HashingTest.JustSaveEverything(address[],uint256[],uint256)._validators (contracts/HashingTest.sol#80) is not in mixedCase
Parameter HashingTest.JustSaveEverything(address[],uint256[],uint256)._powers (contracts/HashingTest.sol#81) is not in mixedCase
Parameter HashingTest.JustSaveEverything(address[],uint256[],uint256)._valsetNonce (contracts/HashingTest.sol#82) is not in mixedCase
Function HashingTest.JustSaveEverythingAgain(address[],uint256[],uint256) (contracts/HashingTest.sol#89-97) is not in mixedCase
Parameter HashingTest.JustSaveEverythingAgain(address[],uint256[],uint256)._validators (contracts/HashingTest.sol#90) is not in mixedCase
Parameter HashingTest.JustSaveEverythingAgain(address[],uint256[],uint256)._powers (contracts/HashingTest.sol#91) is not in mixedCase
Parameter HashingTest.JustSaveEverythingAgain(address[],uint256[],uint256)._valsetNonce (contracts/HashingTest.sol#92) is not in mixedCase
Variable HashingTest.state_validators (contracts/HashingTest.sol#10) is not in mixedCase
Variable HashingTest.state_powers (contracts/HashingTest.sol#11) is not in mixedCase
Variable HashingTest.state_nonce (contracts/HashingTest.sol#12) is not in mixedCase
Variable ReentrantERC20.state_gravityAddress (contracts/ReentrantERC20.sol#9) is not in mixedCase
Parameter SigningTest.checkSignature(address,bytes32,uint8,bytes32,bytes32)._signer (contracts/SigningTest.sol#7) is not in mixedCase
Parameter SigningTest.checkSignature(address,bytes32,uint8,bytes32,bytes32)._theHash (contracts/SigningTest.sol#8) is not in mixedCase
Parameter SigningTest.checkSignature(address,bytes32,uint8,bytes32,bytes32)._v (contracts/SigningTest.sol#9) is not in mixedCase
Parameter SigningTest.checkSignature(address,bytes32,uint8,bytes32,bytes32)._r (contracts/SigningTest.sol#10) is not in mixedCase
Parameter SigningTest.checkSignature(address,bytes32,uint8,bytes32,bytes32)._s (contracts/SigningTest.sol#11) is not in mixedCase
Parameter SimpleLogicBatchMiddleware.logicBatch(uint256[],bytes[],address,address)._amounts (contracts/SimpleLogicBatch.sol#28) is not in mixedCase
Parameter SimpleLogicBatchMiddleware.logicBatch(uint256[],bytes[],address,address)._payloads (contracts/SimpleLogicBatch.sol#29) is not in mixedCase
Parameter SimpleLogicBatchMiddleware.logicBatch(uint256[],bytes[],address,address)._logicContract (contracts/SimpleLogicBatch.sol#30) is not in mixedCase
Parameter SimpleLogicBatchMiddleware.logicBatch(uint256[],bytes[],address,address)._tokenContract (contracts/SimpleLogicBatch.sol#31) is not in mixedCase
Parameter TestLogicContract.transferTokens(address,uint256,uint256)._to (contracts/TestLogicContract.sol#17) is not in mixedCase
Parameter TestLogicContract.transferTokens(address,uint256,uint256)._a (contracts/TestLogicContract.sol#18) is not in mixedCase
Parameter TestLogicContract.transferTokens(address,uint256,uint256)._b (contracts/TestLogicContract.sol#19) is not in mixedCase
Variable TestLogicContract.state_tokenContract (contracts/TestLogicContract.sol#10) is not in mixedCase
Parameter TestTokenBatchMiddleware.submitBatch(uint256[],address[],address)._amounts (contracts/TestTokenBatchMiddleware copy.sol#11) is not in mixedCase
Parameter TestTokenBatchMiddleware.submitBatch(uint256[],address[],address)._destinations (contracts/TestTokenBatchMiddleware copy.sol#12) is not in mixedCase
Parameter TestTokenBatchMiddleware.submitBatch(uint256[],address[],address)._tokenContract (contracts/TestTokenBatchMiddleware copy.sol#13) is not in mixedCase
Parameter TestUniswapLiquidity.transferTokens(address,uint256,uint256,address)._to (contracts/TestUniswapLiquidity.sol#63) is not in mixedCase
Parameter TestUniswapLiquidity.transferTokens(address,uint256,uint256,address)._a (contracts/TestUniswapLiquidity.sol#64) is not in mixedCase
Parameter TestUniswapLiquidity.transferTokens(address,uint256,uint256,address)._b (contracts/TestUniswapLiquidity.sol#65) is not in mixedCase
Parameter TestUniswapLiquidity.transferTokens(address,uint256,uint256,address).state_tokenContract (contracts/TestUniswapLiquidity.sol#66) is not in mixedCase
Contract console (node_modules/hardhat/console.sol#4-1532) is not in CapWords
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions

Redundant expression "this (node_modules/@openzeppelin/contracts/GSN/Context.sol#21)" inContext (node_modules/@openzeppelin/contracts/GSN/Context.sol#15-24)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#redundant-statements

Variable IUniswapV2Router01.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountADesired (node_modules/@uniswap/v2-periphery/contracts/interfaces/IUniswapV2Router01.sol#10) is too similar to IUniswapV2Router01.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountBDesired (node_modules/@uniswap/v2-periphery/contracts/interfaces/IUniswapV2Router01.sol#11)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#variable-names-are-too-similar

Gravity.makeCheckpoint(address[],uint256[],uint256,bytes32) (contracts/Gravity.sol#148-161) uses literals with too many digits:
	- methodName = 0x636865636b706f696e7400000000000000000000000000000000000000000000 (contracts/Gravity.sol#155)
Gravity.submitBatch(address[],uint256[],uint256,uint8[],bytes32[],bytes32[],uint256[],address[],uint256[],uint256,address,uint256) (contracts/Gravity.sol#287-393) uses literals with too many digits:
	- checkValidatorSignatures(_currentValidators,_currentPowers,_v,_r,_s,keccak256(bytes)(abi.encode(state_gravityId,0x7472616e73616374696f6e426174636800000000000000000000000000000000,_amounts,_destinations,_fees,_batchNonce,_tokenContract,_batchTimeout)),state_powerThreshold) (contracts/Gravity.sol#347-368)
Gravity.submitLogicCall(address[],uint256[],uint256,uint8[],bytes32[],bytes32[],LogicCallArgs) (contracts/Gravity.sol#404-522) uses literals with too many digits:
	- argsHash = keccak256(bytes)(abi.encode(state_gravityId,0x6c6f67696343616c6c0000000000000000000000000000000000000000000000,_args.transferAmounts,_args.transferTokenContracts,_args.feeAmounts,_args.feeTokenContracts,_args.logicContractAddress,_args.payload,_args.timeOut,_args.invalidationId,_args.invalidationNonce)) (contracts/Gravity.sol#459-475)
HashingTest.IterativeHash(address[],uint256[],uint256,bytes32) (contracts/HashingTest.sol#14-41) uses literals with too many digits:
	- methodName = 0x636865636b706f696e7400000000000000000000000000000000000000000000 (contracts/HashingTest.sol#21)
HashingTest.ConcatHash(address[],uint256[],uint256,bytes32) (contracts/HashingTest.sol#43-61) uses literals with too many digits:
	- methodName = 0x636865636b706f696e7400000000000000000000000000000000000000000000 (contracts/HashingTest.sol#50)
HashingTest.ConcatHash2(address[],uint256[],uint256,bytes32) (contracts/HashingTest.sol#63-77) uses literals with too many digits:
	- methodName = 0x636865636b706f696e7400000000000000000000000000000000000000000000 (contracts/HashingTest.sol#70)
TestERC20A.constructor() (contracts/TestERC20A.sol#6-16) uses literals with too many digits:
	- _mint(0xBf660843528035a5A4921534E156a27e64B231fE,100000000000000000000000000) (contracts/TestERC20A.sol#15)
TestERC20B.constructor() (contracts/TestERC20B.sol#6-16) uses literals with too many digits:
	- _mint(0xBf660843528035a5A4921534E156a27e64B231fE,100000000000000000000000000) (contracts/TestERC20B.sol#15)
TestERC20C.constructor() (contracts/TestERC20C.sol#6-16) uses literals with too many digits:
	- _mint(0xBf660843528035a5A4921534E156a27e64B231fE,100000000000000000000000000) (contracts/TestERC20C.sol#15)
console.slitherConstructorConstantVariables() (node_modules/hardhat/console.sol#4-1532) uses literals with too many digits:
	- CONSOLE_ADDRESS = address(0x000000000000000000636F6e736F6c652e6c6f67) (node_modules/hardhat/console.sol#5)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#too-many-digits

CosmosERC20.MAX_UINT (contracts/CosmosToken.sol#5) should be constant
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#state-variables-that-could-be-declared-constant

owner() should be declared external:
	- Ownable.owner() (node_modules/@openzeppelin/contracts/access/Ownable.sol#35-37)
renounceOwnership() should be declared external:
	- Ownable.renounceOwnership() (node_modules/@openzeppelin/contracts/access/Ownable.sol#54-57)
transferOwnership(address) should be declared external:
	- Ownable.transferOwnership(address) (node_modules/@openzeppelin/contracts/access/Ownable.sol#63-67)
name() should be declared external:
	- ERC20.name() (node_modules/@openzeppelin/contracts/token/ERC20/ERC20.sol#66-68)
symbol() should be declared external:
	- ERC20.symbol() (node_modules/@openzeppelin/contracts/token/ERC20/ERC20.sol#74-76)
decimals() should be declared external:
	- ERC20.decimals() (node_modules/@openzeppelin/contracts/token/ERC20/ERC20.sol#91-93)
totalSupply() should be declared external:
	- ERC20.totalSupply() (node_modules/@openzeppelin/contracts/token/ERC20/ERC20.sol#98-100)
balanceOf(address) should be declared external:
	- ERC20.balanceOf(address) (node_modules/@openzeppelin/contracts/token/ERC20/ERC20.sol#105-107)
transfer(address,uint256) should be declared external:
	- ERC20.transfer(address,uint256) (node_modules/@openzeppelin/contracts/token/ERC20/ERC20.sol#117-120)
allowance(address,address) should be declared external:
	- ERC20.allowance(address,address) (node_modules/@openzeppelin/contracts/token/ERC20/ERC20.sol#125-127)
approve(address,uint256) should be declared external:
	- ERC20.approve(address,uint256) (node_modules/@openzeppelin/contracts/token/ERC20/ERC20.sol#136-139)
transferFrom(address,address,uint256) should be declared external:
	- ERC20.transferFrom(address,address,uint256) (node_modules/@openzeppelin/contracts/token/ERC20/ERC20.sol#153-157)
increaseAllowance(address,uint256) should be declared external:
	- ERC20.increaseAllowance(address,uint256) (node_modules/@openzeppelin/contracts/token/ERC20/ERC20.sol#171-174)
decreaseAllowance(address,uint256) should be declared external:
	- ERC20.decreaseAllowance(address,uint256) (node_modules/@openzeppelin/contracts/token/ERC20/ERC20.sol#190-193)
testMakeCheckpoint(address[],uint256[],uint256,bytes32) should be declared external:
	- Gravity.testMakeCheckpoint(address[],uint256[],uint256,bytes32) (contracts/Gravity.sol#88-95)
testCheckValidatorSignatures(address[],uint256[],uint8[],bytes32[],bytes32[],bytes32,uint256) should be declared external:
	- Gravity.testCheckValidatorSignatures(address[],uint256[],uint8[],bytes32[],bytes32[],bytes32,uint256) (contracts/Gravity.sol#97-115)
lastBatchNonce(address) should be declared external:
	- Gravity.lastBatchNonce(address) (contracts/Gravity.sol#119-121)
lastLogicCallNonce(bytes32) should be declared external:
	- Gravity.lastLogicCallNonce(bytes32) (contracts/Gravity.sol#123-125)
updateValset(address[],uint256[],uint256,address[],uint256[],uint256,uint8[],bytes32[],bytes32[]) should be declared external:
	- Gravity.updateValset(address[],uint256[],uint256,address[],uint256[],uint256,uint8[],bytes32[],bytes32[]) (contracts/Gravity.sol#210-281)
submitBatch(address[],uint256[],uint256,uint8[],bytes32[],bytes32[],uint256[],address[],uint256[],uint256,address,uint256) should be declared external:
	- Gravity.submitBatch(address[],uint256[],uint256,uint8[],bytes32[],bytes32[],uint256[],address[],uint256[],uint256,address,uint256) (contracts/Gravity.sol#287-393)
submitLogicCall(address[],uint256[],uint256,uint8[],bytes32[],bytes32[],LogicCallArgs) should be declared external:
	- Gravity.submitLogicCall(address[],uint256[],uint256,uint8[],bytes32[],bytes32[],LogicCallArgs) (contracts/Gravity.sol#404-522)
sendToCosmos(address,bytes32,uint256) should be declared external:
	- Gravity.sendToCosmos(address,bytes32,uint256) (contracts/Gravity.sol#524-538)
deployERC20(string,string,string,uint8) should be declared external:
	- Gravity.deployERC20(string,string,string,uint8) (contracts/Gravity.sol#540-559)
IterativeHash(address[],uint256[],uint256,bytes32) should be declared external:
	- HashingTest.IterativeHash(address[],uint256[],uint256,bytes32) (contracts/HashingTest.sol#14-41)
ConcatHash(address[],uint256[],uint256,bytes32) should be declared external:
	- HashingTest.ConcatHash(address[],uint256[],uint256,bytes32) (contracts/HashingTest.sol#43-61)
ConcatHash2(address[],uint256[],uint256,bytes32) should be declared external:
	- HashingTest.ConcatHash2(address[],uint256[],uint256,bytes32) (contracts/HashingTest.sol#63-77)
JustSaveEverything(address[],uint256[],uint256) should be declared external:
	- HashingTest.JustSaveEverything(address[],uint256[],uint256) (contracts/HashingTest.sol#79-87)
JustSaveEverythingAgain(address[],uint256[],uint256) should be declared external:
	- HashingTest.JustSaveEverythingAgain(address[],uint256[],uint256) (contracts/HashingTest.sol#89-97)
transfer(address,uint256) should be declared external:
	- ReentrantERC20.transfer(address,uint256) (contracts/ReentrantERC20.sol#15-47)
checkSignature(address,bytes32,uint8,bytes32,bytes32) should be declared external:
	- SigningTest.checkSignature(address,bytes32,uint8,bytes32,bytes32) (contracts/SigningTest.sol#6-31)
logicBatch(uint256[],bytes[],address,address) should be declared external:
	- SimpleLogicBatchMiddleware.logicBatch(uint256[],bytes[],address,address) (contracts/SimpleLogicBatch.sol#27-42)
transferTokens(address,uint256,uint256) should be declared external:
	- TestLogicContract.transferTokens(address,uint256,uint256) (contracts/TestLogicContract.sol#16-23)
submitBatch(uint256[],address[],address) should be declared external:
	- TestTokenBatchMiddleware.submitBatch(uint256[],address[],address) (contracts/TestTokenBatchMiddleware copy.sol#10-19)
redeemLiquidityETH(address,uint256,uint256,uint256,address,uint256) should be declared external:
	- TestUniswapLiquidity.redeemLiquidityETH(address,uint256,uint256,uint256,address,uint256) (contracts/TestUniswapLiquidity.sol#16-40)
redeemLiquidity(address,address,uint256,uint256,uint256,address,uint256) should be declared external:
	- TestUniswapLiquidity.redeemLiquidity(address,address,uint256,uint256,uint256,address,uint256) (contracts/TestUniswapLiquidity.sol#42-60)
transferTokens(address,uint256,uint256,address) should be declared external:
	- TestUniswapLiquidity.transferTokens(address,uint256,uint256,address) (contracts/TestUniswapLiquidity.sol#62-69)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#public-function-that-could-be-declared-external
. analyzed (25 contracts with 75 detectors), 228 result(s) found

atoulme avatar Oct 31 '21 00:10 atoulme