diff --git a/reports/adhoc-sol-files-highs-only-report.json b/reports/adhoc-sol-files-highs-only-report.json index a8acf42cc..24ef21eca 100644 --- a/reports/adhoc-sol-files-highs-only-report.json +++ b/reports/adhoc-sol-files-highs-only-report.json @@ -182,7 +182,6 @@ "yul-return", "state-variable-shadowing", "unchecked-send", - "misused-boolean", "send-ether-no-checks", "delegate-call-unchecked-address", "tautological-compare", @@ -195,10 +194,7 @@ "weak-randomness", "pre-declared-local-variable-usage", "delete-nested-mapping", -<<<<<<< HEAD - "boolean-equality" -======= + "boolean-equality", "contract-locks-ether" ->>>>>>> dev ] } \ No newline at end of file diff --git a/reports/report.json b/reports/report.json index dd4dade08..e9b33dfac 100644 --- a/reports/report.json +++ b/reports/report.json @@ -1,12 +1,7 @@ { "files_summary": { -<<<<<<< HEAD - "total_source_units": 68, - "total_sloc": 1931 -======= - "total_source_units": 75, - "total_sloc": 2128 ->>>>>>> dev + "total_source_units": 76, + "total_sloc": 2155 }, "files_details": { "files_details": [ @@ -317,13 +312,8 @@ ] }, "issue_count": { -<<<<<<< HEAD - "high": 30, - "low": 23 -======= "high": 34, - "low": 25 ->>>>>>> dev + "low": 26 }, "high_issues": { "issues": [ @@ -1457,73 +1447,6 @@ } ] }, - { - "title": "Misused boolean with logical operators", - "description": "The patterns `if (… || true)` and `if (.. && false)` will always evaluate to true and false respectively.", - "detector_name": "misused-boolean", - "instances": [ - { - "contract_path": "src/MisusedBoolean.sol", - "line_no": 12, - "src": "257:19", - "src_char": "257:19" - }, - { - "contract_path": "src/MisusedBoolean.sol", - "line_no": 19, - "src": "419:20", - "src_char": "419:20" - }, - { - "contract_path": "src/MisusedBoolean.sol", - "line_no": 26, - "src": "582:20", - "src_char": "582:20" - }, - { - "contract_path": "src/MisusedBoolean.sol", - "line_no": 33, - "src": "745:19", - "src_char": "745:19" - }, - { - "contract_path": "src/MisusedBoolean.sol", - "line_no": 40, - "src": "908:51", - "src_char": "908:51" - }, - { - "contract_path": "src/MisusedBoolean.sol", - "line_no": 47, - "src": "1060:52", - "src_char": "1060:52" - }, - { - "contract_path": "src/MisusedBoolean.sol", - "line_no": 54, - "src": "1213:53", - "src_char": "1213:53" - }, - { - "contract_path": "src/MisusedBoolean.sol", - "line_no": 61, - "src": "1366:21", - "src_char": "1366:21" - }, - { - "contract_path": "src/MisusedBoolean.sol", - "line_no": 68, - "src": "1530:17", - "src_char": "1530:17" - }, - { - "contract_path": "src/MisusedBoolean.sol", - "line_no": 75, - "src": "1691:18", - "src_char": "1691:18" - } - ] - }, { "title": "Sending native Eth is not protected from these functions.", "description": "Introduce checks for `msg.sender` in the function", @@ -1861,7 +1784,6 @@ ] }, { -<<<<<<< HEAD "title": "Boolean equality is not required.", "description": "If `x` is a boolean, there is no need to do `if(x == true)` or `if(x == false)`. Just use `if(x)` and `if(!x)` respectively.", "detector_name": "boolean-equality", @@ -1889,7 +1811,10 @@ "line_no": 26, "src": "614:16", "src_char": "614:16" -======= + } + ] + }, + { "title": "Contract locks Ether without a withdraw function.", "description": "It appears that the contract includes a payable function to accept Ether but lacks a corresponding function to withdraw it, which leads to the Ether being locked in the contract. To resolve this issue, please implement a public or external function that allows for the withdrawal of Ether from the contract.", "detector_name": "contract-locks-ether", @@ -1923,7 +1848,6 @@ "line_no": 58, "src": "4547:15", "src_char": "3059:15" ->>>>>>> dev } ] } @@ -3910,6 +3834,73 @@ } ] }, + { + "title": "Misused boolean with logical operators", + "description": "The patterns `if (… || true)` and `if (.. && false)` will always evaluate to true and false respectively.", + "detector_name": "misused-boolean", + "instances": [ + { + "contract_path": "src/MisusedBoolean.sol", + "line_no": 12, + "src": "257:19", + "src_char": "257:19" + }, + { + "contract_path": "src/MisusedBoolean.sol", + "line_no": 19, + "src": "419:20", + "src_char": "419:20" + }, + { + "contract_path": "src/MisusedBoolean.sol", + "line_no": 26, + "src": "582:20", + "src_char": "582:20" + }, + { + "contract_path": "src/MisusedBoolean.sol", + "line_no": 33, + "src": "745:19", + "src_char": "745:19" + }, + { + "contract_path": "src/MisusedBoolean.sol", + "line_no": 40, + "src": "908:51", + "src_char": "908:51" + }, + { + "contract_path": "src/MisusedBoolean.sol", + "line_no": 47, + "src": "1060:52", + "src_char": "1060:52" + }, + { + "contract_path": "src/MisusedBoolean.sol", + "line_no": 54, + "src": "1213:53", + "src_char": "1213:53" + }, + { + "contract_path": "src/MisusedBoolean.sol", + "line_no": 61, + "src": "1366:21", + "src_char": "1366:21" + }, + { + "contract_path": "src/MisusedBoolean.sol", + "line_no": 68, + "src": "1530:17", + "src_char": "1530:17" + }, + { + "contract_path": "src/MisusedBoolean.sol", + "line_no": 75, + "src": "1691:18", + "src_char": "1691:18" + } + ] + }, { "title": "Redundant statements have no effect.", "description": "Remove the redundant statements because no code will be generated and it just congests the codebase.", @@ -4045,10 +4036,7 @@ "weak-randomness", "pre-declared-local-variable-usage", "delete-nested-mapping", -<<<<<<< HEAD - "boolean-equality" -======= + "boolean-equality", "contract-locks-ether" ->>>>>>> dev ] } \ No newline at end of file diff --git a/reports/report.md b/reports/report.md index 5be01f352..2d48ddc76 100644 --- a/reports/report.md +++ b/reports/report.md @@ -26,37 +26,22 @@ This report was generated by [Aderyn](https://github.com/Cyfrin/aderyn), a stati - [H-16: Uninitialized State Variables](#h-16-uninitialized-state-variables) - [H-17: Incorrect use of caret operator on a non hexadcimal constant](#h-17-incorrect-use-of-caret-operator-on-a-non-hexadcimal-constant) - [H-18: Yul block contains `return` function call.](#h-18-yul-block-contains-return-function-call) -<<<<<<< HEAD - - [H-19: High Issue Title](#h-19-high-issue-title) - - [H-20: Misused boolean with logical operators](#h-20-misused-boolean-with-logical-operators) + - [H-19: Shadowed State Variables in Inheritance Hierarchy](#h-19-shadowed-state-variables-in-inheritance-hierarchy) + - [H-20: Unchecked `bool success` value for send call.](#h-20-unchecked-bool-success-value-for-send-call) - [H-21: Sending native Eth is not protected from these functions.](#h-21-sending-native-eth-is-not-protected-from-these-functions) - [H-22: Delegatecall made by the function without checks on any adress.](#h-22-delegatecall-made-by-the-function-without-checks-on-any-adress) - [H-23: Tautological comparison.](#h-23-tautological-comparison) - [H-24: RTLO character detected in file. \u{202e}](#h-24-rtlo-character-detected-in-file-u202e) - [H-25: Return value of the function call is not checked.](#h-25-return-value-of-the-function-call-is-not-checked) - [H-26: Dangerous unary operator found in assignment.](#h-26-dangerous-unary-operator-found-in-assignment) - - [H-27: Weak Randomness](#h-27-weak-randomness) - - [H-28: Usage of variable before declaration.](#h-28-usage-of-variable-before-declaration) - - [H-29: Deletion from a nested mappping.](#h-29-deletion-from-a-nested-mappping) - - [H-30: Boolean equality is not required.](#h-30-boolean-equality-is-not-required) -======= - - [H-19: Shadowed State Variables in Inheritance Hierarchy](#h-19-shadowed-state-variables-in-inheritance-hierarchy) - - [H-20: Unchecked `bool success` value for send call.](#h-20-unchecked-bool-success-value-for-send-call) - - [H-21: Misused boolean with logical operators](#h-21-misused-boolean-with-logical-operators) - - [H-22: Sending native Eth is not protected from these functions.](#h-22-sending-native-eth-is-not-protected-from-these-functions) - - [H-23: Delegatecall made by the function without checks on any adress.](#h-23-delegatecall-made-by-the-function-without-checks-on-any-adress) - - [H-24: Tautological comparison.](#h-24-tautological-comparison) - - [H-25: RTLO character detected in file. \u{202e}](#h-25-rtlo-character-detected-in-file-u202e) - - [H-26: Return value of the function call is not checked.](#h-26-return-value-of-the-function-call-is-not-checked) - - [H-27: Dangerous unary operator found in assignment.](#h-27-dangerous-unary-operator-found-in-assignment) - - [H-28: Tautology or Contradiction in comparison.](#h-28-tautology-or-contradiction-in-comparison) - - [H-29: Dangerous strict equality checks on contract balances.](#h-29-dangerous-strict-equality-checks-on-contract-balances) - - [H-30: Compiler Bug: Signed array in storage detected for compiler version `<0.5.10`](#h-30-compiler-bug-signed-array-in-storage-detected-for-compiler-version-0510) - - [H-31: Weak Randomness](#h-31-weak-randomness) - - [H-32: Usage of variable before declaration.](#h-32-usage-of-variable-before-declaration) - - [H-33: Deletion from a nested mappping.](#h-33-deletion-from-a-nested-mappping) + - [H-27: Tautology or Contradiction in comparison.](#h-27-tautology-or-contradiction-in-comparison) + - [H-28: Dangerous strict equality checks on contract balances.](#h-28-dangerous-strict-equality-checks-on-contract-balances) + - [H-29: Compiler Bug: Signed array in storage detected for compiler version `<0.5.10`](#h-29-compiler-bug-signed-array-in-storage-detected-for-compiler-version-0510) + - [H-30: Weak Randomness](#h-30-weak-randomness) + - [H-31: Usage of variable before declaration.](#h-31-usage-of-variable-before-declaration) + - [H-32: Deletion from a nested mappping.](#h-32-deletion-from-a-nested-mappping) + - [H-33: Boolean equality is not required.](#h-33-boolean-equality-is-not-required) - [H-34: Contract locks Ether without a withdraw function.](#h-34-contract-locks-ether-without-a-withdraw-function) ->>>>>>> dev - [Low Issues](#low-issues) - [L-1: Centralization Risk for trusted owners](#l-1-centralization-risk-for-trusted-owners) - [L-2: Solmate's SafeTransferLib does not check for token contract's existence](#l-2-solmates-safetransferlib-does-not-check-for-token-contracts-existence) @@ -81,8 +66,9 @@ This report was generated by [Aderyn](https://github.com/Cyfrin/aderyn), a stati - [L-21: Unused Custom Error](#l-21-unused-custom-error) - [L-22: Loop contains `require`/`revert` statements](#l-22-loop-contains-requirerevert-statements) - [L-23: Incorrect Order of Division and Multiplication](#l-23-incorrect-order-of-division-and-multiplication) - - [L-24: Redundant statements have no effect.](#l-24-redundant-statements-have-no-effect) - - [L-25: Public variables of a contract read in an external context (using `this`).](#l-25-public-variables-of-a-contract-read-in-an-external-context-using-this) + - [L-24: Misused boolean with logical operators](#l-24-misused-boolean-with-logical-operators) + - [L-25: Redundant statements have no effect.](#l-25-redundant-statements-have-no-effect) + - [L-26: Public variables of a contract read in an external context (using `this`).](#l-26-public-variables-of-a-contract-read-in-an-external-context-using-this) # Summary @@ -91,13 +77,8 @@ This report was generated by [Aderyn](https://github.com/Cyfrin/aderyn), a stati | Key | Value | | --- | --- | -<<<<<<< HEAD -| .sol Files | 68 | -| Total nSLOC | 1931 | -======= -| .sol Files | 75 | -| Total nSLOC | 2128 | ->>>>>>> dev +| .sol Files | 76 | +| Total nSLOC | 2155 | ## Files Details @@ -180,24 +161,15 @@ This report was generated by [Aderyn](https://github.com/Cyfrin/aderyn), a stati | src/reused_contract_name/ContractB.sol | 7 | | src/uniswap/UniswapV2Swapper.sol | 50 | | src/uniswap/UniswapV3Swapper.sol | 150 | -<<<<<<< HEAD -| **Total** | **1931** | -======= -| **Total** | **2128** | ->>>>>>> dev +| **Total** | **2155** | ## Issue Summary | Category | No. of Issues | | --- | --- | -<<<<<<< HEAD -| High | 30 | -| Low | 23 | -======= | High | 34 | -| Low | 25 | ->>>>>>> dev +| Low | 26 | # High Issues @@ -1414,78 +1386,7 @@ The transaction `address(payable?).send(address)` may fail because of reasons li -## H-21: Misused boolean with logical operators - -The patterns `if (… || true)` and `if (.. && false)` will always evaluate to true and false respectively. - -
10 Found Instances - - -- Found in src/MisusedBoolean.sol [Line: 12](../tests/contract-playground/src/MisusedBoolean.sol#L12) - - ```solidity - if (isEven(num) || true) { - ``` - -- Found in src/MisusedBoolean.sol [Line: 19](../tests/contract-playground/src/MisusedBoolean.sol#L19) - - ```solidity - if (isEven(num) && false) { - ``` - -- Found in src/MisusedBoolean.sol [Line: 26](../tests/contract-playground/src/MisusedBoolean.sol#L26) - - ```solidity - if (false && isEven(num)) { - ``` - -- Found in src/MisusedBoolean.sol [Line: 33](../tests/contract-playground/src/MisusedBoolean.sol#L33) - - ```solidity - if (true || isEven(num)) { - ``` - -- Found in src/MisusedBoolean.sol [Line: 40](../tests/contract-playground/src/MisusedBoolean.sol#L40) - - ```solidity - if (true) { - ``` - -- Found in src/MisusedBoolean.sol [Line: 47](../tests/contract-playground/src/MisusedBoolean.sol#L47) - - ```solidity - if (false) { - ``` - -- Found in src/MisusedBoolean.sol [Line: 54](../tests/contract-playground/src/MisusedBoolean.sol#L54) - - ```solidity - if (!false) { - ``` - -- Found in src/MisusedBoolean.sol [Line: 61](../tests/contract-playground/src/MisusedBoolean.sol#L61) - - ```solidity - if (isEven(num) && !false) { - ``` - -- Found in src/MisusedBoolean.sol [Line: 68](../tests/contract-playground/src/MisusedBoolean.sol#L68) - - ```solidity - if (isEven(num) && NO) { - ``` - -- Found in src/MisusedBoolean.sol [Line: 75](../tests/contract-playground/src/MisusedBoolean.sol#L75) - - ```solidity - if (isEven(num) && !NO) { - ``` - -
- - - -## H-22: Sending native Eth is not protected from these functions. +## H-21: Sending native Eth is not protected from these functions. Introduce checks for `msg.sender` in the function @@ -1574,7 +1475,7 @@ Introduce checks for `msg.sender` in the function -## H-23: Delegatecall made by the function without checks on any adress. +## H-22: Delegatecall made by the function without checks on any adress. Introduce checks on the address @@ -1603,7 +1504,7 @@ Introduce checks on the address -## H-24: Tautological comparison. +## H-23: Tautological comparison. The left hand side and the right hand side of the binary operation has the same value. This makes the condition always true or always false. @@ -1638,7 +1539,7 @@ The left hand side and the right hand side of the binary operation has the same -## H-25: RTLO character detected in file. \u{202e} +## H-24: RTLO character detected in file. \u{202e} Right to left override character may be misledaing and cause potential attacks by visually misordering method arguments! @@ -1655,7 +1556,7 @@ Right to left override character may be misledaing and cause potential attacks b -## H-26: Return value of the function call is not checked. +## H-25: Return value of the function call is not checked. Function returns a value but it is ignored. @@ -1678,7 +1579,7 @@ Function returns a value but it is ignored. -## H-27: Dangerous unary operator found in assignment. +## H-26: Dangerous unary operator found in assignment. Potentially mistakened `=+` for `+=` or `=-` for `-=`. Please include a space in between. @@ -1701,7 +1602,7 @@ Potentially mistakened `=+` for `+=` or `=-` for `-=`. Please include a space in -## H-28: Tautology or Contradiction in comparison. +## H-27: Tautology or Contradiction in comparison. The condition has been determined to be either always true or always false due to the integer range in which we're operating. @@ -1724,7 +1625,7 @@ The condition has been determined to be either always true or always false due t -## H-29: Dangerous strict equality checks on contract balances. +## H-28: Dangerous strict equality checks on contract balances. A contract's balance can be forcibly manipulated by another selfdestructing contract. Therefore, it's recommended to use >, <, >= or <= instead of strict equality. @@ -1753,7 +1654,7 @@ A contract's balance can be forcibly manipulated by another selfdestructing cont -## H-30: Compiler Bug: Signed array in storage detected for compiler version `<0.5.10` +## H-29: Compiler Bug: Signed array in storage detected for compiler version `<0.5.10` If you want to leverage signed arrays in storage by assigning a literal array with at least one negative number, then you mus use solidity version 0.5.10 or above. This is because of a bug in older compilers. @@ -1770,7 +1671,7 @@ If you want to leverage signed arrays in storage by assigning a literal array wi -## H-31: Weak Randomness +## H-30: Weak Randomness The use of keccak256 hash functions on predictable values like block.timestamp, block.number, or similar data, including modulo operations on these values, should be avoided for generating randomness, as they are easily predictable and manipulable. The `PREVRANDAO` opcode also should not be used as a source of randomness. Instead, utilize Chainlink VRF for cryptographically secure and provably random values to ensure protocol integrity. @@ -1835,7 +1736,7 @@ The use of keccak256 hash functions on predictable values like block.timestamp, -## H-32: Usage of variable before declaration. +## H-31: Usage of variable before declaration. This is a bad practice that may lead to unintended consequences. Please declare the variable before using it. @@ -1852,7 +1753,7 @@ This is a bad practice that may lead to unintended consequences. Please declare -## H-33: Deletion from a nested mappping. +## H-32: Deletion from a nested mappping. A deletion in a structure containing a mapping will not delete the mapping. The remaining data may be used to compromise the contract. @@ -1869,8 +1770,7 @@ A deletion in a structure containing a mapping will not delete the mapping. The -<<<<<<< HEAD -## H-30: Boolean equality is not required. +## H-33: Boolean equality is not required. If `x` is a boolean, there is no need to do `if(x == true)` or `if(x == false)`. Just use `if(x)` and `if(!x)` respectively. @@ -1899,7 +1799,12 @@ If `x` is a boolean, there is no need to do `if(x == true)` or `if(x == false)`. ```solidity if (isEven == !false) { -======= + ``` + + + + + ## H-34: Contract locks Ether without a withdraw function. It appears that the contract includes a payable function to accept Ether but lacks a corresponding function to withdraw it, which leads to the Ether being locked in the contract. To resolve this issue, please implement a public or external function that allows for the withdrawal of Ether from the contract. @@ -1935,7 +1840,6 @@ It appears that the contract includes a payable function to accept Ether but lac ```solidity contract DepositContract is IDepositContract, ERC165 { ->>>>>>> dev ``` @@ -2549,11 +2453,7 @@ Instead of marking a function as `public`, consider marking it as `external` if If the same constant literal value is used multiple times, create a constant state variable and reference it throughout the contract. -<<<<<<< HEAD -
40 Found Instances -======= -
38 Found Instances ->>>>>>> dev +
44 Found Instances - Found in src/BooleanEquality.sol [Line: 6](../tests/contract-playground/src/BooleanEquality.sol#L6) @@ -4010,7 +3910,78 @@ Division operations followed directly by multiplication operations can lead to p -## L-24: Redundant statements have no effect. +## L-24: Misused boolean with logical operators + +The patterns `if (… || true)` and `if (.. && false)` will always evaluate to true and false respectively. + +
10 Found Instances + + +- Found in src/MisusedBoolean.sol [Line: 12](../tests/contract-playground/src/MisusedBoolean.sol#L12) + + ```solidity + if (isEven(num) || true) { + ``` + +- Found in src/MisusedBoolean.sol [Line: 19](../tests/contract-playground/src/MisusedBoolean.sol#L19) + + ```solidity + if (isEven(num) && false) { + ``` + +- Found in src/MisusedBoolean.sol [Line: 26](../tests/contract-playground/src/MisusedBoolean.sol#L26) + + ```solidity + if (false && isEven(num)) { + ``` + +- Found in src/MisusedBoolean.sol [Line: 33](../tests/contract-playground/src/MisusedBoolean.sol#L33) + + ```solidity + if (true || isEven(num)) { + ``` + +- Found in src/MisusedBoolean.sol [Line: 40](../tests/contract-playground/src/MisusedBoolean.sol#L40) + + ```solidity + if (true) { + ``` + +- Found in src/MisusedBoolean.sol [Line: 47](../tests/contract-playground/src/MisusedBoolean.sol#L47) + + ```solidity + if (false) { + ``` + +- Found in src/MisusedBoolean.sol [Line: 54](../tests/contract-playground/src/MisusedBoolean.sol#L54) + + ```solidity + if (!false) { + ``` + +- Found in src/MisusedBoolean.sol [Line: 61](../tests/contract-playground/src/MisusedBoolean.sol#L61) + + ```solidity + if (isEven(num) && !false) { + ``` + +- Found in src/MisusedBoolean.sol [Line: 68](../tests/contract-playground/src/MisusedBoolean.sol#L68) + + ```solidity + if (isEven(num) && NO) { + ``` + +- Found in src/MisusedBoolean.sol [Line: 75](../tests/contract-playground/src/MisusedBoolean.sol#L75) + + ```solidity + if (isEven(num) && !NO) { + ``` + +
+ + + +## L-25: Redundant statements have no effect. Remove the redundant statements because no code will be generated and it just congests the codebase. @@ -4057,7 +4028,7 @@ Remove the redundant statements because no code will be generated and it just co -## L-25: Public variables of a contract read in an external context (using `this`). +## L-26: Public variables of a contract read in an external context (using `this`). The contract reads it's own variable using `this` which adds an unnecessary STATICCALL. Remove `this` and access the variable like storage. diff --git a/reports/report.sarif b/reports/report.sarif index c0544402c..92771258c 100644 --- a/reports/report.sarif +++ b/reports/report.sarif @@ -1999,125 +1999,6 @@ }, "ruleId": "unchecked-send" }, - { - "level": "warning", - "locations": [ - { - "physicalLocation": { - "artifactLocation": { - "uri": "src/MisusedBoolean.sol" - }, - "region": { - "byteLength": 19, - "byteOffset": 257 - } - } - }, - { - "physicalLocation": { - "artifactLocation": { - "uri": "src/MisusedBoolean.sol" - }, - "region": { - "byteLength": 20, - "byteOffset": 419 - } - } - }, - { - "physicalLocation": { - "artifactLocation": { - "uri": "src/MisusedBoolean.sol" - }, - "region": { - "byteLength": 20, - "byteOffset": 582 - } - } - }, - { - "physicalLocation": { - "artifactLocation": { - "uri": "src/MisusedBoolean.sol" - }, - "region": { - "byteLength": 19, - "byteOffset": 745 - } - } - }, - { - "physicalLocation": { - "artifactLocation": { - "uri": "src/MisusedBoolean.sol" - }, - "region": { - "byteLength": 51, - "byteOffset": 908 - } - } - }, - { - "physicalLocation": { - "artifactLocation": { - "uri": "src/MisusedBoolean.sol" - }, - "region": { - "byteLength": 52, - "byteOffset": 1060 - } - } - }, - { - "physicalLocation": { - "artifactLocation": { - "uri": "src/MisusedBoolean.sol" - }, - "region": { - "byteLength": 53, - "byteOffset": 1213 - } - } - }, - { - "physicalLocation": { - "artifactLocation": { - "uri": "src/MisusedBoolean.sol" - }, - "region": { - "byteLength": 21, - "byteOffset": 1366 - } - } - }, - { - "physicalLocation": { - "artifactLocation": { - "uri": "src/MisusedBoolean.sol" - }, - "region": { - "byteLength": 17, - "byteOffset": 1530 - } - } - }, - { - "physicalLocation": { - "artifactLocation": { - "uri": "src/MisusedBoolean.sol" - }, - "region": { - "byteLength": 18, - "byteOffset": 1691 - } - } - } - ], - "message": { - "text": "The patterns `if (… || true)` and `if (.. && false)` will always evaluate to true and false respectively." - }, - "ruleId": "misused-boolean" - }, { "level": "warning", "locations": [ @@ -2694,26 +2575,17 @@ { "physicalLocation": { "artifactLocation": { -<<<<<<< HEAD "uri": "src/BooleanEquality.sol" }, "region": { "byteLength": 14, "byteOffset": 133 -======= - "uri": "src/ContractLocksEther.sol" - }, - "region": { - "byteLength": 10, - "byteOffset": 73 ->>>>>>> dev } } }, { "physicalLocation": { "artifactLocation": { -<<<<<<< HEAD "uri": "src/BooleanEquality.sol" }, "region": { @@ -2741,7 +2613,32 @@ "region": { "byteLength": 16, "byteOffset": 614 -======= + } + } + } + ], + "message": { + "text": "If `x` is a boolean, there is no need to do `if(x == true)` or `if(x == false)`. Just use `if(x)` and `if(!x)` respectively." + }, + "ruleId": "boolean-equality" + }, + { + "level": "warning", + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/ContractLocksEther.sol" + }, + "region": { + "byteLength": 10, + "byteOffset": 73 + } + } + }, + { + "physicalLocation": { + "artifactLocation": { "uri": "src/ContractLocksEther.sol" }, "region": { @@ -2780,21 +2677,14 @@ "region": { "byteLength": 15, "byteOffset": 4547 ->>>>>>> dev } } } ], "message": { -<<<<<<< HEAD - "text": "If `x` is a boolean, there is no need to do `if(x == true)` or `if(x == false)`. Just use `if(x)` and `if(!x)` respectively." - }, - "ruleId": "boolean-equality" -======= "text": "It appears that the contract includes a payable function to accept Ether but lacks a corresponding function to withdraw it, which leads to the Ether being locked in the contract. To resolve this issue, please implement a public or external function that allows for the withdrawal of Ether from the contract." }, "ruleId": "contract-locks-ether" ->>>>>>> dev }, { "level": "note", @@ -6336,6 +6226,125 @@ }, "ruleId": "division-before-multiplication" }, + { + "level": "note", + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/MisusedBoolean.sol" + }, + "region": { + "byteLength": 19, + "byteOffset": 257 + } + } + }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/MisusedBoolean.sol" + }, + "region": { + "byteLength": 20, + "byteOffset": 419 + } + } + }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/MisusedBoolean.sol" + }, + "region": { + "byteLength": 20, + "byteOffset": 582 + } + } + }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/MisusedBoolean.sol" + }, + "region": { + "byteLength": 19, + "byteOffset": 745 + } + } + }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/MisusedBoolean.sol" + }, + "region": { + "byteLength": 51, + "byteOffset": 908 + } + } + }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/MisusedBoolean.sol" + }, + "region": { + "byteLength": 52, + "byteOffset": 1060 + } + } + }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/MisusedBoolean.sol" + }, + "region": { + "byteLength": 53, + "byteOffset": 1213 + } + } + }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/MisusedBoolean.sol" + }, + "region": { + "byteLength": 21, + "byteOffset": 1366 + } + } + }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/MisusedBoolean.sol" + }, + "region": { + "byteLength": 17, + "byteOffset": 1530 + } + } + }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/MisusedBoolean.sol" + }, + "region": { + "byteLength": 18, + "byteOffset": 1691 + } + } + } + ], + "message": { + "text": "The patterns `if (… || true)` and `if (.. && false)` will always evaluate to true and false respectively." + }, + "ruleId": "misused-boolean" + }, { "level": "note", "locations": [ diff --git a/reports/templegold-report.md b/reports/templegold-report.md index 9271e6bed..9b24fa7f6 100644 --- a/reports/templegold-report.md +++ b/reports/templegold-report.md @@ -13,18 +13,12 @@ This report was generated by [Aderyn](https://github.com/Cyfrin/aderyn), a stati - [H-3: Unsafe Casting](#h-3-unsafe-casting) - [H-4: Contract Name Reused in Different Files](#h-4-contract-name-reused-in-different-files) - [H-5: Uninitialized State Variables](#h-5-uninitialized-state-variables) -<<<<<<< HEAD - - [H-6: Return value of the function call is not checked.](#h-6-return-value-of-the-function-call-is-not-checked) - - [H-7: Weak Randomness](#h-7-weak-randomness) - - [H-8: Deletion from a nested mappping.](#h-8-deletion-from-a-nested-mappping) - - [H-9: Boolean equality is not required.](#h-9-boolean-equality-is-not-required) -======= - [H-6: Sending native Eth is not protected from these functions.](#h-6-sending-native-eth-is-not-protected-from-these-functions) - [H-7: Return value of the function call is not checked.](#h-7-return-value-of-the-function-call-is-not-checked) - [H-8: Weak Randomness](#h-8-weak-randomness) - [H-9: Deletion from a nested mappping.](#h-9-deletion-from-a-nested-mappping) - - [H-10: Contract locks Ether without a withdraw function.](#h-10-contract-locks-ether-without-a-withdraw-function) ->>>>>>> dev + - [H-10: Boolean equality is not required.](#h-10-boolean-equality-is-not-required) + - [H-11: Contract locks Ether without a withdraw function.](#h-11-contract-locks-ether-without-a-withdraw-function) - [Low Issues](#low-issues) - [L-1: Centralization Risk for trusted owners](#l-1-centralization-risk-for-trusted-owners) - [L-2: `ecrecover` is susceptible to signature malleability](#l-2-ecrecover-is-susceptible-to-signature-malleability) @@ -197,13 +191,8 @@ This report was generated by [Aderyn](https://github.com/Cyfrin/aderyn), a stati | Category | No. of Issues | | --- | --- | -<<<<<<< HEAD -| High | 9 | -| Low | 18 | -======= -| High | 10 | +| High | 11 | | Low | 19 | ->>>>>>> dev # High Issues @@ -565,8 +554,7 @@ A deletion in a structure containing a mapping will not delete the mapping. The -<<<<<<< HEAD -## H-9: Boolean equality is not required. +## H-10: Boolean equality is not required. If `x` is a boolean, there is no need to do `if(x == true)` or `if(x == false)`. Just use `if(x)` and `if(!x)` respectively. @@ -583,8 +571,13 @@ If `x` is a boolean, there is no need to do `if(x == true)` or `if(x == false)`. ```solidity require(canManageFaith[msg.sender] == true, "Faith: caller cannot manage faith"); -======= -## H-10: Contract locks Ether without a withdraw function. + ``` + +
+ + + +## H-11: Contract locks Ether without a withdraw function. It appears that the contract includes a payable function to accept Ether but lacks a corresponding function to withdraw it, which leads to the Ether being locked in the contract. To resolve this issue, please implement a public or external function that allows for the withdrawal of Ether from the contract. @@ -613,7 +606,6 @@ It appears that the contract includes a payable function to accept Ether but lac ```solidity contract TempleTeleporter is ITempleTeleporter, OApp { ->>>>>>> dev ```