From 28ade641d195f063a8546c1c219fd1a332666482 Mon Sep 17 00:00:00 2001 From: TilakMaddy Date: Fri, 2 Aug 2024 13:46:39 +0530 Subject: [PATCH 1/7] detector --- aderyn_core/src/detect/detector.rs | 5 + aderyn_core/src/detect/low/mod.rs | 2 + .../src/detect/low/unused_state_variable.rs | 102 ++++++++++++++++++ .../src/UnusedStateVariables.sol | 18 ++++ 4 files changed, 127 insertions(+) create mode 100644 aderyn_core/src/detect/low/unused_state_variable.rs create mode 100644 tests/contract-playground/src/UnusedStateVariables.sol diff --git a/aderyn_core/src/detect/detector.rs b/aderyn_core/src/detect/detector.rs index a8c366c9d..9b17a243d 100644 --- a/aderyn_core/src/detect/detector.rs +++ b/aderyn_core/src/detect/detector.rs @@ -73,6 +73,7 @@ pub fn get_all_issue_detectors() -> Vec> { Box::::default(), Box::::default(), Box::::default(), + Box::::default(), ] } @@ -142,6 +143,7 @@ pub(crate) enum IssueDetectorNamePool { WeakRandomness, PreDeclaredLocalVariableUsage, DeleteNestedMapping, + UnusedStateVariable, // NOTE: `Undecided` will be the default name (for new bots). // If it's accepted, a new variant will be added to this enum before normalizing it in aderyn Undecided, @@ -151,6 +153,9 @@ pub fn request_issue_detector_by_name(detector_name: &str) -> Option { + Some(Box::::default()) + } IssueDetectorNamePool::DelegateCallInLoop => { Some(Box::::default()) } diff --git a/aderyn_core/src/detect/low/mod.rs b/aderyn_core/src/detect/low/mod.rs index aeef32d20..f85efbb12 100644 --- a/aderyn_core/src/detect/low/mod.rs +++ b/aderyn_core/src/detect/low/mod.rs @@ -18,6 +18,7 @@ pub(crate) mod unindexed_events; pub(crate) mod unsafe_erc20_functions; pub(crate) mod unsafe_oz_erc721_mint; pub(crate) mod unspecific_solidity_pragma; +pub(crate) mod unused_state_variable; pub(crate) mod useless_error; pub(crate) mod useless_internal_function; pub(crate) mod useless_modifier; @@ -44,6 +45,7 @@ pub use unindexed_events::UnindexedEventsDetector; pub use unsafe_erc20_functions::UnsafeERC20FunctionsDetector; pub use unsafe_oz_erc721_mint::UnsafeERC721MintDetector; pub use unspecific_solidity_pragma::UnspecificSolidityPragmaDetector; +pub use unused_state_variable::UnusedStateVariablesDetector; pub use useless_error::UselessErrorDetector; pub use useless_internal_function::UselessInternalFunctionDetector; pub use useless_modifier::UselessModifierDetector; diff --git a/aderyn_core/src/detect/low/unused_state_variable.rs b/aderyn_core/src/detect/low/unused_state_variable.rs new file mode 100644 index 000000000..400f8537a --- /dev/null +++ b/aderyn_core/src/detect/low/unused_state_variable.rs @@ -0,0 +1,102 @@ +use std::collections::{BTreeMap, BTreeSet}; +use std::error::Error; + +use crate::ast::NodeID; + +use crate::capture; +use crate::context::browser::{ExtractReferencedDeclarations, ExtractVariableDeclarations}; +use crate::detect::detector::IssueDetectorNamePool; +use crate::{ + context::workspace_context::WorkspaceContext, + detect::detector::{IssueDetector, IssueSeverity}, +}; +use eyre::Result; + +#[derive(Default)] +pub struct UnusedStateVariablesDetector { + // Keys are: [0] source file name, [1] line number, [2] character location of node. + // Do not add items manually, use `capture!` to add nodes to this BTreeMap. + found_instances: BTreeMap<(String, usize, String), NodeID>, +} + +impl IssueDetector for UnusedStateVariablesDetector { + fn detect(&mut self, context: &WorkspaceContext) -> Result> { + // Collect all referencedDeclaration IDs adn StateVariableDeclarationIDs + let mut all_referenced_declarations = BTreeSet::new(); + let mut all_state_variable_declarations = BTreeSet::new(); + + for source_unit in context.source_units() { + let referenced_declarations = + ExtractReferencedDeclarations::from(source_unit).extracted; + all_referenced_declarations.extend(referenced_declarations); + let variable_declarations = ExtractVariableDeclarations::from(source_unit).extracted; + all_state_variable_declarations.extend( + variable_declarations + .into_iter() + .filter(|v| v.state_variable) + .map(|v| v.id), + ) + } + + // Now, retain only the ones that have not been referenced + all_state_variable_declarations.retain(|v| !all_referenced_declarations.contains(v)); + + for unused_state_var_id in all_state_variable_declarations { + if let Some(node) = context.nodes.get(&unused_state_var_id) { + capture!(self, context, node); + } + } + + Ok(!self.found_instances.is_empty()) + } + + fn severity(&self) -> IssueSeverity { + IssueSeverity::Low + } + + fn title(&self) -> String { + String::from("Potentially unused state variables found.") + } + + fn description(&self) -> String { + String::from("State variable appears to be unused. No analysis has been performed to see if any inilne assembly \ + references it. So if that's not the case, consider removing this unused variable.") + } + + fn instances(&self) -> BTreeMap<(String, usize, String), NodeID> { + self.found_instances.clone() + } + + fn name(&self) -> String { + format!("{}", IssueDetectorNamePool::UnusedStateVariable) + } +} + +#[cfg(test)] +mod unused_detector_tests { + use serial_test::serial; + + use crate::detect::{ + detector::IssueDetector, low::unused_state_variable::UnusedStateVariablesDetector, + }; + + #[test] + #[serial] + fn test_unused_state_variables() { + let context = crate::detect::test_utils::load_solidity_source_unit( + "../tests/contract-playground/src/UnusedStateVariables.sol", + ); + + let mut detector = UnusedStateVariablesDetector::default(); + let found = detector.detect(&context).unwrap(); + // assert that the detector found an issue + assert!(found); + // assert that the detector found the correct number of instances + assert_eq!(detector.instances().len(), 5); + // assert the severity is low + assert_eq!( + detector.severity(), + crate::detect::detector::IssueSeverity::Low + ); + } +} diff --git a/tests/contract-playground/src/UnusedStateVariables.sol b/tests/contract-playground/src/UnusedStateVariables.sol new file mode 100644 index 000000000..319ae747e --- /dev/null +++ b/tests/contract-playground/src/UnusedStateVariables.sol @@ -0,0 +1,18 @@ +// SPDX-License-Identifier: MIT +pragma solidity ^0.8.20; + +contract UnusedStateVariables { + // Unused state variables (BAD) + uint256 public unusedUint256; + address public unusedAddress; + bool public unusedBool; + string public unusedString; + bytes32 public unusedBytes32; + + // Used state variable (GOOD) + uint256 public usedUint256; + + function setValue(uint256 v) external { + usedUint256 = v; + } +} From d6c8c09be096bdd5720688af20d6dc85c1d9357e Mon Sep 17 00:00:00 2001 From: TilakMaddy Date: Fri, 2 Aug 2024 13:49:39 +0530 Subject: [PATCH 2/7] cli/reportgen --- reports/adhoc-sol-files-report.md | 212 +++++++- reports/ccip-functions-report.md | 74 ++- reports/report.json | 470 ++++++++++++++++- reports/report.md | 477 ++++++++++++++++- reports/report.sarif | 834 ++++++++++++++++++++++++++++++ reports/templegold-report.md | 122 ++++- 6 files changed, 2175 insertions(+), 14 deletions(-) diff --git a/reports/adhoc-sol-files-report.md b/reports/adhoc-sol-files-report.md index 17dbae04d..577d1fe9b 100644 --- a/reports/adhoc-sol-files-report.md +++ b/reports/adhoc-sol-files-report.md @@ -28,6 +28,7 @@ This report was generated by [Aderyn](https://github.com/Cyfrin/aderyn), a stati - [L-14: Contract still has TODOs](#l-14-contract-still-has-todos) - [L-15: Inconsistency in declaring uint256/uint (or) int256/int variables within a contract. Use explicit size declarations (uint256 or int256).](#l-15-inconsistency-in-declaring-uint256uint-or-int256int-variables-within-a-contract-use-explicit-size-declarations-uint256-or-int256) - [L-16: Unused Custom Error](#l-16-unused-custom-error) + - [L-17: Potentially unused state variables found.](#l-17-potentially-unused-state-variables-found) # Summary @@ -72,7 +73,7 @@ This report was generated by [Aderyn](https://github.com/Cyfrin/aderyn), a stati | Category | No. of Issues | | --- | --- | | High | 3 | -| Low | 16 | +| Low | 17 | # High Issues @@ -690,3 +691,212 @@ it is recommended that the definition be removed when custom error is unused +## L-17: Potentially unused state variables found. + +State variable appears to be unused. No analysis has been performed to see if any inilne assembly references it. So if that's not the case, consider removing this unused variable. + +
33 Found Instances + + +- Found in InconsistentUints.sol [Line: 7](../tests/adhoc-sol-files/InconsistentUints.sol#L7) + + ```solidity + int public intVariable; // 1 + ``` + +- Found in InconsistentUints.sol [Line: 8](../tests/adhoc-sol-files/InconsistentUints.sol#L8) + + ```solidity + int256 public int256Variable; // 1 + ``` + +- Found in InconsistentUints.sol [Line: 15](../tests/adhoc-sol-files/InconsistentUints.sol#L15) + + ```solidity + uint[] public uintArray; // 4 + ``` + +- Found in InconsistentUints.sol [Line: 16](../tests/adhoc-sol-files/InconsistentUints.sol#L16) + + ```solidity + mapping(uint256 => uint other) u2uMapping; // 5 3 + ``` + +- Found in StateVariables.sol [Line: 8](../tests/adhoc-sol-files/StateVariables.sol#L8) + + ```solidity + uint256 private staticPrivateNumber; + ``` + +- Found in StateVariables.sol [Line: 9](../tests/adhoc-sol-files/StateVariables.sol#L9) + + ```solidity + uint256 internal staticInternalNumber; + ``` + +- Found in StateVariables.sol [Line: 10](../tests/adhoc-sol-files/StateVariables.sol#L10) + + ```solidity + uint256 public staticPublicNumber; + ``` + +- Found in StateVariables.sol [Line: 13](../tests/adhoc-sol-files/StateVariables.sol#L13) + + ```solidity + uint256 private staticNonEmptyPrivateNumber = 1; + ``` + +- Found in StateVariables.sol [Line: 14](../tests/adhoc-sol-files/StateVariables.sol#L14) + + ```solidity + uint256 internal staticNonEmptyInternalNumber = 2; + ``` + +- Found in StateVariables.sol [Line: 15](../tests/adhoc-sol-files/StateVariables.sol#L15) + + ```solidity + uint256 public staticNonEmptyPublicNumber = 3; + ``` + +- Found in StateVariables.sol [Line: 28](../tests/adhoc-sol-files/StateVariables.sol#L28) + + ```solidity + uint256 private constant PRIVATE_CONSTANT = 1; + ``` + +- Found in StateVariables.sol [Line: 29](../tests/adhoc-sol-files/StateVariables.sol#L29) + + ```solidity + uint256 internal constant INTERNAL_CONSTANT = 2; + ``` + +- Found in StateVariables.sol [Line: 30](../tests/adhoc-sol-files/StateVariables.sol#L30) + + ```solidity + uint256 public constant PUBLIC_CONSTANT = 3; + ``` + +- Found in multiple-versions/0.4/A.sol [Line: 5](../tests/adhoc-sol-files/multiple-versions/0.4/A.sol#L5) + + ```solidity + address public constant MY_ADDRESS = address(0); + ``` + +- Found in multiple-versions/0.4/A.sol [Line: 6](../tests/adhoc-sol-files/multiple-versions/0.4/A.sol#L6) + + ```solidity + uint256 public constant MY_UINT = 134131; + ``` + +- Found in multiple-versions/0.4/B.sol [Line: 5](../tests/adhoc-sol-files/multiple-versions/0.4/B.sol#L5) + + ```solidity + address public MY_ADDRESS = address(0); + ``` + +- Found in multiple-versions/0.4/B.sol [Line: 6](../tests/adhoc-sol-files/multiple-versions/0.4/B.sol#L6) + + ```solidity + uint256 public MY_UINT = 134131; + ``` + +- Found in multiple-versions/0.5/A.sol [Line: 5](../tests/adhoc-sol-files/multiple-versions/0.5/A.sol#L5) + + ```solidity + address public constant MY_ADDRESS = address(0); + ``` + +- Found in multiple-versions/0.5/A.sol [Line: 6](../tests/adhoc-sol-files/multiple-versions/0.5/A.sol#L6) + + ```solidity + uint256 public constant MY_UINT = 134131; + ``` + +- Found in multiple-versions/0.5/B.sol [Line: 5](../tests/adhoc-sol-files/multiple-versions/0.5/B.sol#L5) + + ```solidity + address public MY_ADDRESS = address(0); + ``` + +- Found in multiple-versions/0.5/B.sol [Line: 6](../tests/adhoc-sol-files/multiple-versions/0.5/B.sol#L6) + + ```solidity + uint256 public MY_UINT = 134131; + ``` + +- Found in multiple-versions/0.6/A.sol [Line: 5](../tests/adhoc-sol-files/multiple-versions/0.6/A.sol#L5) + + ```solidity + address public constant MY_ADDRESS = address(0); + ``` + +- Found in multiple-versions/0.6/A.sol [Line: 6](../tests/adhoc-sol-files/multiple-versions/0.6/A.sol#L6) + + ```solidity + uint256 public constant MY_UINT = 134131; + ``` + +- Found in multiple-versions/0.6/B.sol [Line: 5](../tests/adhoc-sol-files/multiple-versions/0.6/B.sol#L5) + + ```solidity + address public MY_ADDRESS = address(0); + ``` + +- Found in multiple-versions/0.6/B.sol [Line: 6](../tests/adhoc-sol-files/multiple-versions/0.6/B.sol#L6) + + ```solidity + uint256 public MY_UINT = 134131; + ``` + +- Found in multiple-versions/0.7/A.sol [Line: 5](../tests/adhoc-sol-files/multiple-versions/0.7/A.sol#L5) + + ```solidity + address public constant MY_ADDRESS = address(0); + ``` + +- Found in multiple-versions/0.7/A.sol [Line: 6](../tests/adhoc-sol-files/multiple-versions/0.7/A.sol#L6) + + ```solidity + uint256 public constant MY_UINT = 134131; + ``` + +- Found in multiple-versions/0.7/B.sol [Line: 5](../tests/adhoc-sol-files/multiple-versions/0.7/B.sol#L5) + + ```solidity + address public MY_ADDRESS = address(0); + ``` + +- Found in multiple-versions/0.7/B.sol [Line: 6](../tests/adhoc-sol-files/multiple-versions/0.7/B.sol#L6) + + ```solidity + uint256 public MY_UINT = 134131; + ``` + +- Found in multiple-versions/0.8/A.sol [Line: 5](../tests/adhoc-sol-files/multiple-versions/0.8/A.sol#L5) + + ```solidity + address public constant MY_ADDRESS = address(0); + ``` + +- Found in multiple-versions/0.8/A.sol [Line: 6](../tests/adhoc-sol-files/multiple-versions/0.8/A.sol#L6) + + ```solidity + uint256 public constant MY_UINT = 134131; + ``` + +- Found in multiple-versions/0.8/B.sol [Line: 5](../tests/adhoc-sol-files/multiple-versions/0.8/B.sol#L5) + + ```solidity + address public MY_ADDRESS = address(0); + ``` + +- Found in multiple-versions/0.8/B.sol [Line: 6](../tests/adhoc-sol-files/multiple-versions/0.8/B.sol#L6) + + ```solidity + uint256 public MY_UINT = 134131; + ``` + +
+ + + diff --git a/reports/ccip-functions-report.md b/reports/ccip-functions-report.md index b6e995435..4ab184b60 100644 --- a/reports/ccip-functions-report.md +++ b/reports/ccip-functions-report.md @@ -25,6 +25,7 @@ This report was generated by [Aderyn](https://github.com/Cyfrin/aderyn), a stati - [L-11: Contract still has TODOs](#l-11-contract-still-has-todos) - [L-12: Unused Custom Error](#l-12-unused-custom-error) - [L-13: Loop contains `require`/`revert` statements](#l-13-loop-contains-requirerevert-statements) + - [L-14: Potentially unused state variables found.](#l-14-potentially-unused-state-variables-found) # Summary @@ -101,7 +102,7 @@ This report was generated by [Aderyn](https://github.com/Cyfrin/aderyn), a stati | Category | No. of Issues | | --- | --- | | High | 3 | -| Low | 13 | +| Low | 14 | # High Issues @@ -2450,3 +2451,74 @@ Avoid `require` / `revert` statements in a loop because a single bad item can ca +## L-14: Potentially unused state variables found. + +State variable appears to be unused. No analysis has been performed to see if any inilne assembly references it. So if that's not the case, consider removing this unused variable. + +
10 Found Instances + + +- Found in src/v0.8/functions/dev/v1_X/FunctionsCoordinator.sol [Line: 19](../tests/ccip-contracts/contracts/src/v0.8/functions/dev/v1_X/FunctionsCoordinator.sol#L19) + + ```solidity + string public constant override typeAndVersion = "Functions Coordinator v1.3.0"; + ``` + +- Found in src/v0.8/functions/dev/v1_X/FunctionsRouter.sol [Line: 21](../tests/ccip-contracts/contracts/src/v0.8/functions/dev/v1_X/FunctionsRouter.sol#L21) + + ```solidity + string public constant override typeAndVersion = "Functions Router v2.0.0"; + ``` + +- Found in src/v0.8/functions/dev/v1_X/accessControl/TermsOfServiceAllowList.sol [Line: 19](../tests/ccip-contracts/contracts/src/v0.8/functions/dev/v1_X/accessControl/TermsOfServiceAllowList.sol#L19) + + ```solidity + string public constant override typeAndVersion = "Functions Terms of Service Allow List v1.1.0"; + ``` + +- Found in src/v0.8/functions/v1_0_0/FunctionsCoordinator.sol [Line: 19](../tests/ccip-contracts/contracts/src/v0.8/functions/v1_0_0/FunctionsCoordinator.sol#L19) + + ```solidity + string public constant override typeAndVersion = "Functions Coordinator v1.0.0"; + ``` + +- Found in src/v0.8/functions/v1_0_0/FunctionsRouter.sol [Line: 21](../tests/ccip-contracts/contracts/src/v0.8/functions/v1_0_0/FunctionsRouter.sol#L21) + + ```solidity + string public constant override typeAndVersion = "Functions Router v1.0.0"; + ``` + +- Found in src/v0.8/functions/v1_0_0/accessControl/TermsOfServiceAllowList.sol [Line: 19](../tests/ccip-contracts/contracts/src/v0.8/functions/v1_0_0/accessControl/TermsOfServiceAllowList.sol#L19) + + ```solidity + string public constant override typeAndVersion = "Functions Terms of Service Allow List v1.0.0"; + ``` + +- Found in src/v0.8/functions/v1_0_0/ocr/OCR2Base.sol [Line: 22](../tests/ccip-contracts/contracts/src/v0.8/functions/v1_0_0/ocr/OCR2Base.sol#L22) + + ```solidity + uint256 private constant maxUint32 = (1 << 32) - 1; + ``` + +- Found in src/v0.8/functions/v1_1_0/FunctionsCoordinator.sol [Line: 19](../tests/ccip-contracts/contracts/src/v0.8/functions/v1_1_0/FunctionsCoordinator.sol#L19) + + ```solidity + string public constant override typeAndVersion = "Functions Coordinator v1.1.0"; + ``` + +- Found in src/v0.8/functions/v1_3_0/FunctionsCoordinator.sol [Line: 20](../tests/ccip-contracts/contracts/src/v0.8/functions/v1_3_0/FunctionsCoordinator.sol#L20) + + ```solidity + string public constant override typeAndVersion = "Functions Coordinator v1.3.0"; + ``` + +- Found in src/v0.8/functions/v1_3_0/accessControl/TermsOfServiceAllowList.sol [Line: 20](../tests/ccip-contracts/contracts/src/v0.8/functions/v1_3_0/accessControl/TermsOfServiceAllowList.sol#L20) + + ```solidity + string public constant override typeAndVersion = "Functions Terms of Service Allow List v1.1.0"; + ``` + +
+ + + diff --git a/reports/report.json b/reports/report.json index 3380ece53..4fb516026 100644 --- a/reports/report.json +++ b/reports/report.json @@ -1,7 +1,7 @@ { "files_summary": { - "total_source_units": 73, - "total_sloc": 1996 + "total_source_units": 74, + "total_sloc": 2008 }, "files_details": { "files_details": [ @@ -205,6 +205,10 @@ "file_path": "src/UnusedError.sol", "n_sloc": 19 }, + { + "file_path": "src/UnusedStateVariables.sol", + "n_sloc": 12 + }, { "file_path": "src/UsingSelfdestruct.sol", "n_sloc": 6 @@ -301,7 +305,7 @@ }, "issue_count": { "high": 32, - "low": 25 + "low": 26 }, "high_issues": { "issues": [ @@ -1333,6 +1337,36 @@ "src": "529:11", "src_char": "529:11" }, + { + "contract_path": "src/UnusedStateVariables.sol", + "line_no": 6, + "src": "145:13", + "src_char": "145:13" + }, + { + "contract_path": "src/UnusedStateVariables.sol", + "line_no": 7, + "src": "179:13", + "src_char": "179:13" + }, + { + "contract_path": "src/UnusedStateVariables.sol", + "line_no": 8, + "src": "210:10", + "src_char": "210:10" + }, + { + "contract_path": "src/UnusedStateVariables.sol", + "line_no": 9, + "src": "240:12", + "src_char": "240:12" + }, + { + "contract_path": "src/UnusedStateVariables.sol", + "line_no": 10, + "src": "273:13", + "src_char": "273:13" + }, { "contract_path": "src/WrongOrderOfLayout.sol", "line_no": 11, @@ -2067,6 +2101,12 @@ "src": "32:23", "src_char": "32:23" }, + { + "contract_path": "src/UnusedStateVariables.sol", + "line_no": 2, + "src": "32:24", + "src_char": "32:24" + }, { "contract_path": "src/UsingSelfdestruct.sol", "line_no": 2, @@ -2831,6 +2871,12 @@ "src": "32:23", "src_char": "32:23" }, + { + "contract_path": "src/UnusedStateVariables.sol", + "line_no": 2, + "src": "32:24", + "src_char": "32:24" + }, { "contract_path": "src/WeakRandomness.sol", "line_no": 2, @@ -3665,6 +3711,421 @@ "src_char": "1175:14" } ] + }, + { + "title": "Potentially unused state variables found.", + "description": "State variable appears to be unused. No analysis has been performed to see if any inilne assembly references it. So if that's not the case, consider removing this unused variable.", + "detector_name": "unused-state-variable", + "instances": [ + { + "contract_path": "src/AssemblyExample.sol", + "line_no": 5, + "src": "97:1", + "src_char": "97:1" + }, + { + "contract_path": "src/HugeConstants.sol", + "line_no": 6, + "src": "166:13", + "src_char": "166:13" + }, + { + "contract_path": "src/HugeConstants.sol", + "line_no": 7, + "src": "236:13", + "src_char": "236:13" + }, + { + "contract_path": "src/HugeConstants.sol", + "line_no": 8, + "src": "305:13", + "src_char": "305:13" + }, + { + "contract_path": "src/HugeConstants.sol", + "line_no": 9, + "src": "373:13", + "src_char": "373:13" + }, + { + "contract_path": "src/HugeConstants.sol", + "line_no": 10, + "src": "440:13", + "src_char": "440:13" + }, + { + "contract_path": "src/HugeConstants.sol", + "line_no": 11, + "src": "506:13", + "src_char": "506:13" + }, + { + "contract_path": "src/HugeConstants.sol", + "line_no": 12, + "src": "571:13", + "src_char": "571:13" + }, + { + "contract_path": "src/HugeConstants.sol", + "line_no": 13, + "src": "635:13", + "src_char": "635:13" + }, + { + "contract_path": "src/HugeConstants.sol", + "line_no": 14, + "src": "698:13", + "src_char": "698:13" + }, + { + "contract_path": "src/HugeConstants.sol", + "line_no": 15, + "src": "760:14", + "src_char": "760:14" + }, + { + "contract_path": "src/HugeConstants.sol", + "line_no": 16, + "src": "822:14", + "src_char": "822:14" + }, + { + "contract_path": "src/HugeConstants.sol", + "line_no": 17, + "src": "883:14", + "src_char": "883:14" + }, + { + "contract_path": "src/HugeConstants.sol", + "line_no": 18, + "src": "943:14", + "src_char": "943:14" + }, + { + "contract_path": "src/HugeConstants.sol", + "line_no": 19, + "src": "1002:14", + "src_char": "1002:14" + }, + { + "contract_path": "src/HugeConstants.sol", + "line_no": 20, + "src": "1060:14", + "src_char": "1060:14" + }, + { + "contract_path": "src/HugeConstants.sol", + "line_no": 21, + "src": "1117:14", + "src_char": "1117:14" + }, + { + "contract_path": "src/HugeConstants.sol", + "line_no": 22, + "src": "1173:14", + "src_char": "1173:14" + }, + { + "contract_path": "src/HugeConstants.sol", + "line_no": 23, + "src": "1228:14", + "src_char": "1228:14" + }, + { + "contract_path": "src/HugeConstants.sol", + "line_no": 24, + "src": "1282:14", + "src_char": "1282:14" + }, + { + "contract_path": "src/HugeConstants.sol", + "line_no": 25, + "src": "1335:14", + "src_char": "1335:14" + }, + { + "contract_path": "src/HugeConstants.sol", + "line_no": 27, + "src": "1388:19", + "src_char": "1388:19" + }, + { + "contract_path": "src/HugeConstants.sol", + "line_no": 28, + "src": "1444:19", + "src_char": "1444:19" + }, + { + "contract_path": "src/HugeConstants.sol", + "line_no": 29, + "src": "1499:19", + "src_char": "1499:19" + }, + { + "contract_path": "src/HugeConstants.sol", + "line_no": 31, + "src": "1556:26", + "src_char": "1556:26" + }, + { + "contract_path": "src/HugeConstants.sol", + "line_no": 32, + "src": "1644:26", + "src_char": "1644:26" + }, + { + "contract_path": "src/HugeConstants.sol", + "line_no": 33, + "src": "1709:31", + "src_char": "1709:31" + }, + { + "contract_path": "src/HugeConstants.sol", + "line_no": 35, + "src": "1779:23", + "src_char": "1779:23" + }, + { + "contract_path": "src/HugeConstants.sol", + "line_no": 36, + "src": "1859:23", + "src_char": "1859:23" + }, + { + "contract_path": "src/HugeConstants.sol", + "line_no": 37, + "src": "1922:23", + "src_char": "1922:23" + }, + { + "contract_path": "src/HugeConstants.sol", + "line_no": 38, + "src": "1984:23", + "src_char": "1984:23" + }, + { + "contract_path": "src/HugeConstants.sol", + "line_no": 39, + "src": "2071:23", + "src_char": "2071:23" + }, + { + "contract_path": "src/HugeConstants.sol", + "line_no": 40, + "src": "2135:23", + "src_char": "2135:23" + }, + { + "contract_path": "src/HugeConstants.sol", + "line_no": 42, + "src": "2199:18", + "src_char": "2199:18" + }, + { + "contract_path": "src/InconsistentUints.sol", + "line_no": 7, + "src": "197:11", + "src_char": "197:11" + }, + { + "contract_path": "src/InconsistentUints.sol", + "line_no": 8, + "src": "233:14", + "src_char": "233:14" + }, + { + "contract_path": "src/InconsistentUints.sol", + "line_no": 15, + "src": "383:9", + "src_char": "383:9" + }, + { + "contract_path": "src/InconsistentUints.sol", + "line_no": 16, + "src": "434:10", + "src_char": "434:10" + }, + { + "contract_path": "src/StateVariables.sol", + "line_no": 8, + "src": "199:19", + "src_char": "199:19" + }, + { + "contract_path": "src/StateVariables.sol", + "line_no": 9, + "src": "241:20", + "src_char": "241:20" + }, + { + "contract_path": "src/StateVariables.sol", + "line_no": 10, + "src": "282:18", + "src_char": "282:18" + }, + { + "contract_path": "src/StateVariables.sol", + "line_no": 13, + "src": "383:27", + "src_char": "383:27" + }, + { + "contract_path": "src/StateVariables.sol", + "line_no": 14, + "src": "437:28", + "src_char": "437:28" + }, + { + "contract_path": "src/StateVariables.sol", + "line_no": 15, + "src": "490:26", + "src_char": "490:26" + }, + { + "contract_path": "src/StateVariables.sol", + "line_no": 28, + "src": "1056:16", + "src_char": "1056:16" + }, + { + "contract_path": "src/StateVariables.sol", + "line_no": 29, + "src": "1108:17", + "src_char": "1108:17" + }, + { + "contract_path": "src/StateVariables.sol", + "line_no": 30, + "src": "1159:15", + "src_char": "1159:15" + }, + { + "contract_path": "src/TestERC20.sol", + "line_no": 6, + "src": "111:8", + "src_char": "111:8" + }, + { + "contract_path": "src/UninitializedStateVariable.sol", + "line_no": 12, + "src": "448:3", + "src_char": "448:3" + }, + { + "contract_path": "src/UninitializedStateVariable.sol", + "line_no": 13, + "src": "503:3", + "src_char": "503:3" + }, + { + "contract_path": "src/UnusedStateVariables.sol", + "line_no": 6, + "src": "145:13", + "src_char": "145:13" + }, + { + "contract_path": "src/UnusedStateVariables.sol", + "line_no": 7, + "src": "179:13", + "src_char": "179:13" + }, + { + "contract_path": "src/UnusedStateVariables.sol", + "line_no": 8, + "src": "210:10", + "src_char": "210:10" + }, + { + "contract_path": "src/UnusedStateVariables.sol", + "line_no": 9, + "src": "240:12", + "src_char": "240:12" + }, + { + "contract_path": "src/UnusedStateVariables.sol", + "line_no": 10, + "src": "273:13", + "src_char": "273:13" + }, + { + "contract_path": "src/WrongOrderOfLayout.sol", + "line_no": 11, + "src": "257:10", + "src_char": "257:10" + }, + { + "contract_path": "src/cloc/AnotherHeavilyCommentedContract.sol", + "line_no": 14, + "src": "151:3", + "src_char": "151:3" + }, + { + "contract_path": "src/cloc/AnotherHeavilyCommentedContract.sol", + "line_no": 16, + "src": "190:3", + "src_char": "190:3" + }, + { + "contract_path": "src/cloc/AnotherHeavilyCommentedContract.sol", + "line_no": 19, + "src": "261:3", + "src_char": "261:3" + }, + { + "contract_path": "src/cloc/AnotherHeavilyCommentedContract.sol", + "line_no": 22, + "src": "367:3", + "src_char": "367:3" + }, + { + "contract_path": "src/cloc/AnotherHeavilyCommentedContract.sol", + "line_no": 29, + "src": "477:3", + "src_char": "477:3" + }, + { + "contract_path": "src/cloc/HeavilyCommentedContract.sol", + "line_no": 14, + "src": "160:3", + "src_char": "160:3" + }, + { + "contract_path": "src/cloc/HeavilyCommentedContract.sol", + "line_no": 16, + "src": "199:3", + "src_char": "199:3" + }, + { + "contract_path": "src/cloc/HeavilyCommentedContract.sol", + "line_no": 19, + "src": "270:3", + "src_char": "270:3" + }, + { + "contract_path": "src/cloc/HeavilyCommentedContract.sol", + "line_no": 22, + "src": "376:3", + "src_char": "376:3" + }, + { + "contract_path": "src/cloc/HeavilyCommentedContract.sol", + "line_no": 29, + "src": "486:3", + "src_char": "486:3" + }, + { + "contract_path": "src/nested_mappings/LaterVersion.sol", + "line_no": 17, + "src": "416:20", + "src_char": "416:20" + }, + { + "contract_path": "src/nested_mappings/NestedMappings.sol", + "line_no": 17, + "src": "367:58", + "src_char": "367:58" + } + ] } ] }, @@ -3725,6 +4186,7 @@ "public-variable-read-in-external-context", "weak-randomness", "pre-declared-local-variable-usage", - "delete-nested-mapping" + "delete-nested-mapping", + "unused-state-variable" ] } \ No newline at end of file diff --git a/reports/report.md b/reports/report.md index d6af919d3..3ffbd861e 100644 --- a/reports/report.md +++ b/reports/report.md @@ -66,6 +66,7 @@ This report was generated by [Aderyn](https://github.com/Cyfrin/aderyn), a stati - [L-23: Incorrect Order of Division and Multiplication](#l-23-incorrect-order-of-division-and-multiplication) - [L-24: Redundant statements have no effect.](#l-24-redundant-statements-have-no-effect) - [L-25: Public variables of a contract read in an external context (using `this`).](#l-25-public-variables-of-a-contract-read-in-an-external-context-using-this) + - [L-26: Potentially unused state variables found.](#l-26-potentially-unused-state-variables-found) # Summary @@ -74,8 +75,8 @@ This report was generated by [Aderyn](https://github.com/Cyfrin/aderyn), a stati | Key | Value | | --- | --- | -| .sol Files | 73 | -| Total nSLOC | 1996 | +| .sol Files | 74 | +| Total nSLOC | 2008 | ## Files Details @@ -132,6 +133,7 @@ This report was generated by [Aderyn](https://github.com/Cyfrin/aderyn), a stati | src/UnprotectedInitialize.sol | 25 | | src/UnsafeERC721Mint.sol | 18 | | src/UnusedError.sol | 19 | +| src/UnusedStateVariables.sol | 12 | | src/UsingSelfdestruct.sol | 6 | | src/WeakRandomness.sol | 59 | | src/WrongOrderOfLayout.sol | 13 | @@ -155,7 +157,7 @@ This report was generated by [Aderyn](https://github.com/Cyfrin/aderyn), a stati | src/reused_contract_name/ContractB.sol | 7 | | src/uniswap/UniswapV2Swapper.sol | 50 | | src/uniswap/UniswapV3Swapper.sol | 150 | -| **Total** | **1996** | +| **Total** | **2008** | ## Issue Summary @@ -163,7 +165,7 @@ This report was generated by [Aderyn](https://github.com/Cyfrin/aderyn), a stati | Category | No. of Issues | | --- | --- | | High | 32 | -| Low | 25 | +| Low | 26 | # High Issues @@ -1185,7 +1187,7 @@ If the length of a dynamic array (storage variable) directly assigned to, it may Solidity does initialize variables by default when you declare them, however it's good practice to explicitly declare an initial value. For example, if you transfer money to an address we must make sure that the address has been initialized. -
14 Found Instances +
19 Found Instances - Found in src/AssemblyExample.sol [Line: 5](../tests/contract-playground/src/AssemblyExample.sol#L5) @@ -1260,6 +1262,36 @@ Solidity does initialize variables by default when you declare them, however it' address destination; // BAD ``` +- Found in src/UnusedStateVariables.sol [Line: 6](../tests/contract-playground/src/UnusedStateVariables.sol#L6) + + ```solidity + uint256 public unusedUint256; + ``` + +- Found in src/UnusedStateVariables.sol [Line: 7](../tests/contract-playground/src/UnusedStateVariables.sol#L7) + + ```solidity + address public unusedAddress; + ``` + +- Found in src/UnusedStateVariables.sol [Line: 8](../tests/contract-playground/src/UnusedStateVariables.sol#L8) + + ```solidity + bool public unusedBool; + ``` + +- Found in src/UnusedStateVariables.sol [Line: 9](../tests/contract-playground/src/UnusedStateVariables.sol#L9) + + ```solidity + string public unusedString; + ``` + +- Found in src/UnusedStateVariables.sol [Line: 10](../tests/contract-playground/src/UnusedStateVariables.sol#L10) + + ```solidity + bytes32 public unusedBytes32; + ``` + - Found in src/WrongOrderOfLayout.sol [Line: 11](../tests/contract-playground/src/WrongOrderOfLayout.sol#L11) ```solidity @@ -2008,7 +2040,7 @@ ERC20 functions may not behave as expected. For example: return values are not a Consider using a specific version of Solidity in your contracts instead of a wide version. For example, instead of `pragma solidity ^0.8.0;`, use `pragma solidity 0.8.0;` -
19 Found Instances +
20 Found Instances - Found in src/CompilerBugStorageSignedIntegerArray.sol [Line: 2](../tests/contract-playground/src/CompilerBugStorageSignedIntegerArray.sol#L2) @@ -2083,6 +2115,12 @@ Consider using a specific version of Solidity in your contracts instead of a wid pragma solidity ^0.7.0; ``` +- Found in src/UnusedStateVariables.sol [Line: 2](../tests/contract-playground/src/UnusedStateVariables.sol#L2) + + ```solidity + pragma solidity ^0.8.20; + ``` + - Found in src/UsingSelfdestruct.sol [Line: 2](../tests/contract-playground/src/UsingSelfdestruct.sol#L2) ```solidity @@ -2774,7 +2812,7 @@ Using `ERC721::_mint()` can mint ERC721 tokens to addresses which don't support Solc compiler version 0.8.20 switches the default target EVM version to Shanghai, which means that the generated bytecode will include PUSH0 opcodes. Be sure to select the appropriate EVM version in case you intend to deploy on a chain other than mainnet like L2 chains that may not support PUSH0, otherwise deployment of your contracts will fail. -
28 Found Instances +
29 Found Instances - Found in src/AdminContract.sol [Line: 2](../tests/contract-playground/src/AdminContract.sol#L2) @@ -2867,6 +2905,12 @@ Solc compiler version 0.8.20 switches the default target EVM version to Shanghai pragma solidity 0.8.20; ``` +- Found in src/UnusedStateVariables.sol [Line: 2](../tests/contract-playground/src/UnusedStateVariables.sol#L2) + + ```solidity + pragma solidity ^0.8.20; + ``` + - Found in src/WeakRandomness.sol [Line: 2](../tests/contract-playground/src/WeakRandomness.sol#L2) ```solidity @@ -3748,3 +3792,422 @@ The contract reads it's own variable using `this` which adds an unnecessary STAT +## L-26: Potentially unused state variables found. + +State variable appears to be unused. No analysis has been performed to see if any inilne assembly references it. So if that's not the case, consider removing this unused variable. + +
68 Found Instances + + +- Found in src/AssemblyExample.sol [Line: 5](../tests/contract-playground/src/AssemblyExample.sol#L5) + + ```solidity + uint b; + ``` + +- Found in src/HugeConstants.sol [Line: 6](../tests/contract-playground/src/HugeConstants.sol#L6) + + ```solidity + uint256 constant public HUGE_NUMBER_1 = 100000000000000000000000; + ``` + +- Found in src/HugeConstants.sol [Line: 7](../tests/contract-playground/src/HugeConstants.sol#L7) + + ```solidity + uint256 constant public HUGE_NUMBER_2 = 10000000000000000000000; + ``` + +- Found in src/HugeConstants.sol [Line: 8](../tests/contract-playground/src/HugeConstants.sol#L8) + + ```solidity + uint256 constant public HUGE_NUMBER_3 = 1000000000000000000000; + ``` + +- Found in src/HugeConstants.sol [Line: 9](../tests/contract-playground/src/HugeConstants.sol#L9) + + ```solidity + uint256 constant public HUGE_NUMBER_4 = 100000000000000000000; + ``` + +- Found in src/HugeConstants.sol [Line: 10](../tests/contract-playground/src/HugeConstants.sol#L10) + + ```solidity + uint256 constant public HUGE_NUMBER_5 = 10000000000000000000; + ``` + +- Found in src/HugeConstants.sol [Line: 11](../tests/contract-playground/src/HugeConstants.sol#L11) + + ```solidity + uint256 constant public HUGE_NUMBER_6 = 1000000000000000000; + ``` + +- Found in src/HugeConstants.sol [Line: 12](../tests/contract-playground/src/HugeConstants.sol#L12) + + ```solidity + uint256 constant public HUGE_NUMBER_7 = 100000000000000000; + ``` + +- Found in src/HugeConstants.sol [Line: 13](../tests/contract-playground/src/HugeConstants.sol#L13) + + ```solidity + uint256 constant public HUGE_NUMBER_8 = 10000000000000000; + ``` + +- Found in src/HugeConstants.sol [Line: 14](../tests/contract-playground/src/HugeConstants.sol#L14) + + ```solidity + uint256 constant public HUGE_NUMBER_9 = 1000000000000000; + ``` + +- Found in src/HugeConstants.sol [Line: 15](../tests/contract-playground/src/HugeConstants.sol#L15) + + ```solidity + uint256 constant public HUGE_NUMBER_10 = 100000000000000; + ``` + +- Found in src/HugeConstants.sol [Line: 16](../tests/contract-playground/src/HugeConstants.sol#L16) + + ```solidity + uint256 constant public HUGE_NUMBER_11 = 10000000000000; + ``` + +- Found in src/HugeConstants.sol [Line: 17](../tests/contract-playground/src/HugeConstants.sol#L17) + + ```solidity + uint256 constant public HUGE_NUMBER_12 = 1000000000000; + ``` + +- Found in src/HugeConstants.sol [Line: 18](../tests/contract-playground/src/HugeConstants.sol#L18) + + ```solidity + uint256 constant public HUGE_NUMBER_13 = 100000000000; + ``` + +- Found in src/HugeConstants.sol [Line: 19](../tests/contract-playground/src/HugeConstants.sol#L19) + + ```solidity + uint256 constant public HUGE_NUMBER_14 = 10000000000; + ``` + +- Found in src/HugeConstants.sol [Line: 20](../tests/contract-playground/src/HugeConstants.sol#L20) + + ```solidity + uint256 constant public HUGE_NUMBER_15 = 1000000000; + ``` + +- Found in src/HugeConstants.sol [Line: 21](../tests/contract-playground/src/HugeConstants.sol#L21) + + ```solidity + uint256 constant public HUGE_NUMBER_16 = 100000000; + ``` + +- Found in src/HugeConstants.sol [Line: 22](../tests/contract-playground/src/HugeConstants.sol#L22) + + ```solidity + uint256 constant public HUGE_NUMBER_17 = 10000000; + ``` + +- Found in src/HugeConstants.sol [Line: 23](../tests/contract-playground/src/HugeConstants.sol#L23) + + ```solidity + uint256 constant public HUGE_NUMBER_18 = 1000000; + ``` + +- Found in src/HugeConstants.sol [Line: 24](../tests/contract-playground/src/HugeConstants.sol#L24) + + ```solidity + uint256 constant public HUGE_NUMBER_19 = 100000; + ``` + +- Found in src/HugeConstants.sol [Line: 25](../tests/contract-playground/src/HugeConstants.sol#L25) + + ```solidity + uint256 constant public HUGE_NUMBER_20 = 10000; + ``` + +- Found in src/HugeConstants.sol [Line: 27](../tests/contract-playground/src/HugeConstants.sol#L27) + + ```solidity + uint256 constant public HUGE_NUMBER_21_GOOD = 1000; + ``` + +- Found in src/HugeConstants.sol [Line: 28](../tests/contract-playground/src/HugeConstants.sol#L28) + + ```solidity + uint256 constant public HUGE_NUMBER_22_GOOD = 100; + ``` + +- Found in src/HugeConstants.sol [Line: 29](../tests/contract-playground/src/HugeConstants.sol#L29) + + ```solidity + uint256 constant public HUGE_NUMBER_23_GOOD = 1e20; + ``` + +- Found in src/HugeConstants.sol [Line: 31](../tests/contract-playground/src/HugeConstants.sol#L31) + + ```solidity + uint256 constant public HUGE_NUMBER_24_UNDERSCORES = 1_000_000_000_000_000_000_000; + ``` + +- Found in src/HugeConstants.sol [Line: 32](../tests/contract-playground/src/HugeConstants.sol#L32) + + ```solidity + uint256 constant public HUGE_NUMBER_25_UNDERSCORES = 10_000; + ``` + +- Found in src/HugeConstants.sol [Line: 33](../tests/contract-playground/src/HugeConstants.sol#L33) + + ```solidity + uint256 constant public HUGE_NUMBER_26_UNDERSCORES_GOOD = 1_000; + ``` + +- Found in src/HugeConstants.sol [Line: 35](../tests/contract-playground/src/HugeConstants.sol#L35) + + ```solidity + uint256 constant public HUGE_NUMBER_27_HEX_GOOD = 0x1000000000000000000000; + ``` + +- Found in src/HugeConstants.sol [Line: 36](../tests/contract-playground/src/HugeConstants.sol#L36) + + ```solidity + uint256 constant public HUGE_NUMBER_28_HEX_GOOD = 0x10000; + ``` + +- Found in src/HugeConstants.sol [Line: 37](../tests/contract-playground/src/HugeConstants.sol#L37) + + ```solidity + uint256 constant public HUGE_NUMBER_29_HEX_GOOD = 0x1000; + ``` + +- Found in src/HugeConstants.sol [Line: 38](../tests/contract-playground/src/HugeConstants.sol#L38) + + ```solidity + uint256 constant public HUGE_NUMBER_30_HEX_GOOD = 0x1_000_000_000_000_000_000_000; + ``` + +- Found in src/HugeConstants.sol [Line: 39](../tests/contract-playground/src/HugeConstants.sol#L39) + + ```solidity + uint256 constant public HUGE_NUMBER_31_HEX_GOOD = 0x10_000; + ``` + +- Found in src/HugeConstants.sol [Line: 40](../tests/contract-playground/src/HugeConstants.sol#L40) + + ```solidity + uint256 constant public HUGE_NUMBER_32_HEX_GOOD = 0x100_0; + ``` + +- Found in src/HugeConstants.sol [Line: 42](../tests/contract-playground/src/HugeConstants.sol#L42) + + ```solidity + uint256 constant public HUGE_NUMBER_33_HEX = 1e0000; + ``` + +- Found in src/InconsistentUints.sol [Line: 7](../tests/contract-playground/src/InconsistentUints.sol#L7) + + ```solidity + int public intVariable; // 1 + ``` + +- Found in src/InconsistentUints.sol [Line: 8](../tests/contract-playground/src/InconsistentUints.sol#L8) + + ```solidity + int256 public int256Variable; // 1 + ``` + +- Found in src/InconsistentUints.sol [Line: 15](../tests/contract-playground/src/InconsistentUints.sol#L15) + + ```solidity + uint[] public uintArray; // 4 + ``` + +- Found in src/InconsistentUints.sol [Line: 16](../tests/contract-playground/src/InconsistentUints.sol#L16) + + ```solidity + mapping(uint256 => uint other) u2uMapping; // 5 3 + ``` + +- Found in src/StateVariables.sol [Line: 8](../tests/contract-playground/src/StateVariables.sol#L8) + + ```solidity + uint256 private staticPrivateNumber; + ``` + +- Found in src/StateVariables.sol [Line: 9](../tests/contract-playground/src/StateVariables.sol#L9) + + ```solidity + uint256 internal staticInternalNumber; + ``` + +- Found in src/StateVariables.sol [Line: 10](../tests/contract-playground/src/StateVariables.sol#L10) + + ```solidity + uint256 public staticPublicNumber; + ``` + +- Found in src/StateVariables.sol [Line: 13](../tests/contract-playground/src/StateVariables.sol#L13) + + ```solidity + uint256 private staticNonEmptyPrivateNumber = 1; + ``` + +- Found in src/StateVariables.sol [Line: 14](../tests/contract-playground/src/StateVariables.sol#L14) + + ```solidity + uint256 internal staticNonEmptyInternalNumber = 2; + ``` + +- Found in src/StateVariables.sol [Line: 15](../tests/contract-playground/src/StateVariables.sol#L15) + + ```solidity + uint256 public staticNonEmptyPublicNumber = 3; + ``` + +- Found in src/StateVariables.sol [Line: 28](../tests/contract-playground/src/StateVariables.sol#L28) + + ```solidity + uint256 private constant PRIVATE_CONSTANT = 1; + ``` + +- Found in src/StateVariables.sol [Line: 29](../tests/contract-playground/src/StateVariables.sol#L29) + + ```solidity + uint256 internal constant INTERNAL_CONSTANT = 2; + ``` + +- Found in src/StateVariables.sol [Line: 30](../tests/contract-playground/src/StateVariables.sol#L30) + + ```solidity + uint256 public constant PUBLIC_CONSTANT = 3; + ``` + +- Found in src/TestERC20.sol [Line: 6](../tests/contract-playground/src/TestERC20.sol#L6) + + ```solidity + uint256 public constant decimals = 18; + ``` + +- Found in src/UninitializedStateVariable.sol [Line: 12](../tests/contract-playground/src/UninitializedStateVariable.sol#L12) + + ```solidity + uint256[] public arr; // GOOD + ``` + +- Found in src/UninitializedStateVariable.sol [Line: 13](../tests/contract-playground/src/UninitializedStateVariable.sol#L13) + + ```solidity + mapping(uint256 => uint256[]) private map; // GOOD + ``` + +- Found in src/UnusedStateVariables.sol [Line: 6](../tests/contract-playground/src/UnusedStateVariables.sol#L6) + + ```solidity + uint256 public unusedUint256; + ``` + +- Found in src/UnusedStateVariables.sol [Line: 7](../tests/contract-playground/src/UnusedStateVariables.sol#L7) + + ```solidity + address public unusedAddress; + ``` + +- Found in src/UnusedStateVariables.sol [Line: 8](../tests/contract-playground/src/UnusedStateVariables.sol#L8) + + ```solidity + bool public unusedBool; + ``` + +- Found in src/UnusedStateVariables.sol [Line: 9](../tests/contract-playground/src/UnusedStateVariables.sol#L9) + + ```solidity + string public unusedString; + ``` + +- Found in src/UnusedStateVariables.sol [Line: 10](../tests/contract-playground/src/UnusedStateVariables.sol#L10) + + ```solidity + bytes32 public unusedBytes32; + ``` + +- Found in src/WrongOrderOfLayout.sol [Line: 11](../tests/contract-playground/src/WrongOrderOfLayout.sol#L11) + + ```solidity + uint256 public multiplier; + ``` + +- Found in src/cloc/AnotherHeavilyCommentedContract.sol [Line: 14](../tests/contract-playground/src/cloc/AnotherHeavilyCommentedContract.sol#L14) + + ```solidity + uint256 s_1 = 0; + ``` + +- Found in src/cloc/AnotherHeavilyCommentedContract.sol [Line: 16](../tests/contract-playground/src/cloc/AnotherHeavilyCommentedContract.sol#L16) + + ```solidity + uint256 s_2 = 0; + ``` + +- Found in src/cloc/AnotherHeavilyCommentedContract.sol [Line: 19](../tests/contract-playground/src/cloc/AnotherHeavilyCommentedContract.sol#L19) + + ```solidity + uint256 s_3 = 0; // this is a side comment + ``` + +- Found in src/cloc/AnotherHeavilyCommentedContract.sol [Line: 22](../tests/contract-playground/src/cloc/AnotherHeavilyCommentedContract.sol#L22) + + ```solidity + uint256 s_4 = 0; // scc-dblah + ``` + +- Found in src/cloc/AnotherHeavilyCommentedContract.sol [Line: 29](../tests/contract-playground/src/cloc/AnotherHeavilyCommentedContract.sol#L29) + + ```solidity + this is longer comment */ uint256 s_5 = 0; + ``` + +- Found in src/cloc/HeavilyCommentedContract.sol [Line: 14](../tests/contract-playground/src/cloc/HeavilyCommentedContract.sol#L14) + + ```solidity + uint256 s_1 = 0; + ``` + +- Found in src/cloc/HeavilyCommentedContract.sol [Line: 16](../tests/contract-playground/src/cloc/HeavilyCommentedContract.sol#L16) + + ```solidity + uint256 s_2 = 0; + ``` + +- Found in src/cloc/HeavilyCommentedContract.sol [Line: 19](../tests/contract-playground/src/cloc/HeavilyCommentedContract.sol#L19) + + ```solidity + uint256 s_3 = 0; // this is a side comment + ``` + +- Found in src/cloc/HeavilyCommentedContract.sol [Line: 22](../tests/contract-playground/src/cloc/HeavilyCommentedContract.sol#L22) + + ```solidity + uint256 s_4 = 0; // scc-dblah + ``` + +- Found in src/cloc/HeavilyCommentedContract.sol [Line: 29](../tests/contract-playground/src/cloc/HeavilyCommentedContract.sol#L29) + + ```solidity + this is longer comment */ uint256 s_5 = 0; + ``` + +- Found in src/nested_mappings/LaterVersion.sol [Line: 17](../tests/contract-playground/src/nested_mappings/LaterVersion.sol#L17) + + ```solidity + mapping(uint256 => structMain) public s_mapOfNestedStructs; + ``` + +- Found in src/nested_mappings/NestedMappings.sol [Line: 17](../tests/contract-playground/src/nested_mappings/NestedMappings.sol#L17) + + ```solidity + mapping(uint256 => structMain) public s_mapOfNestedStructs; + ``` + +
+ + + diff --git a/reports/report.sarif b/reports/report.sarif index c60ae1436..c57ab0623 100644 --- a/reports/report.sarif +++ b/reports/report.sarif @@ -1825,6 +1825,61 @@ } } }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/UnusedStateVariables.sol" + }, + "region": { + "byteLength": 13, + "byteOffset": 145 + } + } + }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/UnusedStateVariables.sol" + }, + "region": { + "byteLength": 13, + "byteOffset": 179 + } + } + }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/UnusedStateVariables.sol" + }, + "region": { + "byteLength": 10, + "byteOffset": 210 + } + } + }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/UnusedStateVariables.sol" + }, + "region": { + "byteLength": 12, + "byteOffset": 240 + } + } + }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/UnusedStateVariables.sol" + }, + "region": { + "byteLength": 13, + "byteOffset": 273 + } + } + }, { "physicalLocation": { "artifactLocation": { @@ -3079,6 +3134,17 @@ } } }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/UnusedStateVariables.sol" + }, + "region": { + "byteLength": 24, + "byteOffset": 32 + } + } + }, { "physicalLocation": { "artifactLocation": { @@ -4449,6 +4515,17 @@ } } }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/UnusedStateVariables.sol" + }, + "region": { + "byteLength": 24, + "byteOffset": 32 + } + } + }, { "physicalLocation": { "artifactLocation": { @@ -5939,6 +6016,763 @@ "text": "The contract reads it's own variable using `this` which adds an unnecessary STATICCALL. Remove `this` and access the variable like storage." }, "ruleId": "public-variable-read-in-external-context" + }, + { + "level": "note", + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/AssemblyExample.sol" + }, + "region": { + "byteLength": 1, + "byteOffset": 97 + } + } + }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/HugeConstants.sol" + }, + "region": { + "byteLength": 13, + "byteOffset": 166 + } + } + }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/HugeConstants.sol" + }, + "region": { + "byteLength": 13, + "byteOffset": 236 + } + } + }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/HugeConstants.sol" + }, + "region": { + "byteLength": 13, + "byteOffset": 305 + } + } + }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/HugeConstants.sol" + }, + "region": { + "byteLength": 13, + "byteOffset": 373 + } + } + }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/HugeConstants.sol" + }, + "region": { + "byteLength": 13, + "byteOffset": 440 + } + } + }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/HugeConstants.sol" + }, + "region": { + "byteLength": 13, + "byteOffset": 506 + } + } + }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/HugeConstants.sol" + }, + "region": { + "byteLength": 13, + "byteOffset": 571 + } + } + }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/HugeConstants.sol" + }, + "region": { + "byteLength": 13, + "byteOffset": 635 + } + } + }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/HugeConstants.sol" + }, + "region": { + "byteLength": 13, + "byteOffset": 698 + } + } + }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/HugeConstants.sol" + }, + "region": { + "byteLength": 14, + "byteOffset": 760 + } + } + }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/HugeConstants.sol" + }, + "region": { + "byteLength": 14, + "byteOffset": 822 + } + } + }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/HugeConstants.sol" + }, + "region": { + "byteLength": 14, + "byteOffset": 883 + } + } + }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/HugeConstants.sol" + }, + "region": { + "byteLength": 14, + "byteOffset": 943 + } + } + }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/HugeConstants.sol" + }, + "region": { + "byteLength": 14, + "byteOffset": 1002 + } + } + }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/HugeConstants.sol" + }, + "region": { + "byteLength": 14, + "byteOffset": 1060 + } + } + }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/HugeConstants.sol" + }, + "region": { + "byteLength": 14, + "byteOffset": 1117 + } + } + }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/HugeConstants.sol" + }, + "region": { + "byteLength": 14, + "byteOffset": 1173 + } + } + }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/HugeConstants.sol" + }, + "region": { + "byteLength": 14, + "byteOffset": 1228 + } + } + }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/HugeConstants.sol" + }, + "region": { + "byteLength": 14, + "byteOffset": 1282 + } + } + }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/HugeConstants.sol" + }, + "region": { + "byteLength": 14, + "byteOffset": 1335 + } + } + }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/HugeConstants.sol" + }, + "region": { + "byteLength": 19, + "byteOffset": 1388 + } + } + }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/HugeConstants.sol" + }, + "region": { + "byteLength": 19, + "byteOffset": 1444 + } + } + }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/HugeConstants.sol" + }, + "region": { + "byteLength": 19, + "byteOffset": 1499 + } + } + }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/HugeConstants.sol" + }, + "region": { + "byteLength": 26, + "byteOffset": 1556 + } + } + }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/HugeConstants.sol" + }, + "region": { + "byteLength": 26, + "byteOffset": 1644 + } + } + }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/HugeConstants.sol" + }, + "region": { + "byteLength": 31, + "byteOffset": 1709 + } + } + }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/HugeConstants.sol" + }, + "region": { + "byteLength": 23, + "byteOffset": 1779 + } + } + }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/HugeConstants.sol" + }, + "region": { + "byteLength": 23, + "byteOffset": 1859 + } + } + }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/HugeConstants.sol" + }, + "region": { + "byteLength": 23, + "byteOffset": 1922 + } + } + }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/HugeConstants.sol" + }, + "region": { + "byteLength": 23, + "byteOffset": 1984 + } + } + }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/HugeConstants.sol" + }, + "region": { + "byteLength": 23, + "byteOffset": 2071 + } + } + }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/HugeConstants.sol" + }, + "region": { + "byteLength": 23, + "byteOffset": 2135 + } + } + }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/HugeConstants.sol" + }, + "region": { + "byteLength": 18, + "byteOffset": 2199 + } + } + }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/InconsistentUints.sol" + }, + "region": { + "byteLength": 11, + "byteOffset": 197 + } + } + }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/InconsistentUints.sol" + }, + "region": { + "byteLength": 14, + "byteOffset": 233 + } + } + }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/InconsistentUints.sol" + }, + "region": { + "byteLength": 9, + "byteOffset": 383 + } + } + }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/InconsistentUints.sol" + }, + "region": { + "byteLength": 10, + "byteOffset": 434 + } + } + }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/StateVariables.sol" + }, + "region": { + "byteLength": 19, + "byteOffset": 199 + } + } + }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/StateVariables.sol" + }, + "region": { + "byteLength": 20, + "byteOffset": 241 + } + } + }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/StateVariables.sol" + }, + "region": { + "byteLength": 18, + "byteOffset": 282 + } + } + }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/StateVariables.sol" + }, + "region": { + "byteLength": 27, + "byteOffset": 383 + } + } + }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/StateVariables.sol" + }, + "region": { + "byteLength": 28, + "byteOffset": 437 + } + } + }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/StateVariables.sol" + }, + "region": { + "byteLength": 26, + "byteOffset": 490 + } + } + }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/StateVariables.sol" + }, + "region": { + "byteLength": 16, + "byteOffset": 1056 + } + } + }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/StateVariables.sol" + }, + "region": { + "byteLength": 17, + "byteOffset": 1108 + } + } + }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/StateVariables.sol" + }, + "region": { + "byteLength": 15, + "byteOffset": 1159 + } + } + }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/TestERC20.sol" + }, + "region": { + "byteLength": 8, + "byteOffset": 111 + } + } + }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/UninitializedStateVariable.sol" + }, + "region": { + "byteLength": 3, + "byteOffset": 448 + } + } + }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/UninitializedStateVariable.sol" + }, + "region": { + "byteLength": 3, + "byteOffset": 503 + } + } + }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/UnusedStateVariables.sol" + }, + "region": { + "byteLength": 13, + "byteOffset": 145 + } + } + }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/UnusedStateVariables.sol" + }, + "region": { + "byteLength": 13, + "byteOffset": 179 + } + } + }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/UnusedStateVariables.sol" + }, + "region": { + "byteLength": 10, + "byteOffset": 210 + } + } + }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/UnusedStateVariables.sol" + }, + "region": { + "byteLength": 12, + "byteOffset": 240 + } + } + }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/UnusedStateVariables.sol" + }, + "region": { + "byteLength": 13, + "byteOffset": 273 + } + } + }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/WrongOrderOfLayout.sol" + }, + "region": { + "byteLength": 10, + "byteOffset": 257 + } + } + }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/cloc/AnotherHeavilyCommentedContract.sol" + }, + "region": { + "byteLength": 3, + "byteOffset": 151 + } + } + }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/cloc/AnotherHeavilyCommentedContract.sol" + }, + "region": { + "byteLength": 3, + "byteOffset": 190 + } + } + }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/cloc/AnotherHeavilyCommentedContract.sol" + }, + "region": { + "byteLength": 3, + "byteOffset": 261 + } + } + }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/cloc/AnotherHeavilyCommentedContract.sol" + }, + "region": { + "byteLength": 3, + "byteOffset": 367 + } + } + }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/cloc/AnotherHeavilyCommentedContract.sol" + }, + "region": { + "byteLength": 3, + "byteOffset": 477 + } + } + }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/cloc/HeavilyCommentedContract.sol" + }, + "region": { + "byteLength": 3, + "byteOffset": 160 + } + } + }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/cloc/HeavilyCommentedContract.sol" + }, + "region": { + "byteLength": 3, + "byteOffset": 199 + } + } + }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/cloc/HeavilyCommentedContract.sol" + }, + "region": { + "byteLength": 3, + "byteOffset": 270 + } + } + }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/cloc/HeavilyCommentedContract.sol" + }, + "region": { + "byteLength": 3, + "byteOffset": 376 + } + } + }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/cloc/HeavilyCommentedContract.sol" + }, + "region": { + "byteLength": 3, + "byteOffset": 486 + } + } + }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/nested_mappings/LaterVersion.sol" + }, + "region": { + "byteLength": 20, + "byteOffset": 416 + } + } + }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/nested_mappings/NestedMappings.sol" + }, + "region": { + "byteLength": 58, + "byteOffset": 367 + } + } + } + ], + "message": { + "text": "State variable appears to be unused. No analysis has been performed to see if any inilne assembly references it. So if that's not the case, consider removing this unused variable." + }, + "ruleId": "unused-state-variable" } ], "tool": { diff --git a/reports/templegold-report.md b/reports/templegold-report.md index e6f22785c..92d40d793 100644 --- a/reports/templegold-report.md +++ b/reports/templegold-report.md @@ -36,6 +36,7 @@ This report was generated by [Aderyn](https://github.com/Cyfrin/aderyn), a stati - [L-17: Loop contains `require`/`revert` statements](#l-17-loop-contains-requirerevert-statements) - [L-18: Incorrect Order of Division and Multiplication](#l-18-incorrect-order-of-division-and-multiplication) - [L-19: Redundant statements have no effect.](#l-19-redundant-statements-have-no-effect) + - [L-20: Potentially unused state variables found.](#l-20-potentially-unused-state-variables-found) # Summary @@ -189,7 +190,7 @@ This report was generated by [Aderyn](https://github.com/Cyfrin/aderyn), a stati | Category | No. of Issues | | --- | --- | | High | 8 | -| Low | 19 | +| Low | 20 | # High Issues @@ -8587,3 +8588,122 @@ Remove the redundant statements because no code will be generated and it just co +## L-20: Potentially unused state variables found. + +State variable appears to be unused. No analysis has been performed to see if any inilne assembly references it. So if that's not the case, consider removing this unused variable. + +
18 Found Instances + + +- Found in contracts/amm/TempleUniswapV2Pair.sol [Line: 29](../tests/2024-07-templegold/protocol/contracts/amm/TempleUniswapV2Pair.sol#L29) + + ```solidity + uint public kLast; // reserve0 * reserve1, as of immediately after the most recent liquidity event + ``` + +- Found in contracts/fakes/templegold/TempleGoldMock.sol [Line: 32](../tests/2024-07-templegold/protocol/contracts/fakes/templegold/TempleGoldMock.sol#L32) + + ```solidity + uint256 public constant DISTRIBUTION_MULTIPLIER = 100 ether; + ``` + +- Found in contracts/fakes/templegold/TempleGoldMock.sol [Line: 34](../tests/2024-07-templegold/protocol/contracts/fakes/templegold/TempleGoldMock.sol#L34) + + ```solidity + uint256 public constant MINIMUM_DISTRIBUTION_SHARE = 1 ether; + ``` + +- Found in contracts/fakes/templegold/TempleGoldMock.sol [Line: 36](../tests/2024-07-templegold/protocol/contracts/fakes/templegold/TempleGoldMock.sol#L36) + + ```solidity + uint256 public constant MAX_SUPPLY = 1_000_000_000 ether; // 1B + ``` + +- Found in contracts/fakes/templegold/TempleGoldMock.sol [Line: 38](../tests/2024-07-templegold/protocol/contracts/fakes/templegold/TempleGoldMock.sol#L38) + + ```solidity + uint256 public constant MINIMUM_MINT = 1_000; + ``` + +- Found in contracts/fakes/templegold/TempleGoldStakingMock.sol [Line: 39](../tests/2024-07-templegold/protocol/contracts/fakes/templegold/TempleGoldStakingMock.sol#L39) + + ```solidity + uint256 public rewardPerTokenStored; + ``` + +- Found in contracts/fakes/templegold/TempleGoldStakingMock.sol [Line: 47](../tests/2024-07-templegold/protocol/contracts/fakes/templegold/TempleGoldStakingMock.sol#L47) + + ```solidity + uint256 public periodFinish; + ``` + +- Found in contracts/fakes/templegold/TempleGoldStakingMock.sol [Line: 48](../tests/2024-07-templegold/protocol/contracts/fakes/templegold/TempleGoldStakingMock.sol#L48) + + ```solidity + uint256 public lastUpdateTime; + ``` + +- Found in contracts/fakes/templegold/TempleGoldStakingMock.sol [Line: 71](../tests/2024-07-templegold/protocol/contracts/fakes/templegold/TempleGoldStakingMock.sol#L71) + + ```solidity + mapping(address delegate => uint256 balance) private _delegateBalances; + ``` + +- Found in contracts/fakes/templegold/TempleGoldStakingMock.sol [Line: 79](../tests/2024-07-templegold/protocol/contracts/fakes/templegold/TempleGoldStakingMock.sol#L79) + + ```solidity + mapping(address account => EnumerableSet.UintSet indexes) private _accountStakes; + ``` + +- Found in contracts/templegold/AuctionBase.sol [Line: 13](../tests/2024-07-templegold/protocol/contracts/templegold/AuctionBase.sol#L13) + + ```solidity + uint256 internal _currentEpochId; + ``` + +- Found in contracts/templegold/AuctionBase.sol [Line: 17](../tests/2024-07-templegold/protocol/contracts/templegold/AuctionBase.sol#L17) + + ```solidity + mapping(address depositor => mapping(uint256 epochId => uint256 amount)) public override depositors; + ``` + +- Found in contracts/templegold/TempleGoldStaking.sol [Line: 40](../tests/2024-07-templegold/protocol/contracts/templegold/TempleGoldStaking.sol#L40) + + ```solidity + uint256 public override rewardPerTokenStored; + ``` + +- Found in contracts/templegold/TempleGoldStaking.sol [Line: 45](../tests/2024-07-templegold/protocol/contracts/templegold/TempleGoldStaking.sol#L45) + + ```solidity + uint256 public override periodFinish; + ``` + +- Found in contracts/templegold/TempleGoldStaking.sol [Line: 47](../tests/2024-07-templegold/protocol/contracts/templegold/TempleGoldStaking.sol#L47) + + ```solidity + uint256 public override lastUpdateTime; + ``` + +- Found in contracts/v2/TempleDebtToken.sol [Line: 95](../tests/2024-07-templegold/protocol/contracts/v2/TempleDebtToken.sol#L95) + + ```solidity + uint8 public constant override decimals = 18; + ``` + +- Found in contracts/v2/TreasuryPriceIndexOracle.sol [Line: 21](../tests/2024-07-templegold/protocol/contracts/v2/TreasuryPriceIndexOracle.sol#L21) + + ```solidity + uint256 public constant override TPI_DECIMALS = 18; + ``` + +- Found in contracts/v2/safeGuards/ThresholdSafeGuard.sol [Line: 27](../tests/2024-07-templegold/protocol/contracts/v2/safeGuards/ThresholdSafeGuard.sol#L27) + + ```solidity + string public constant VERSION = "1.0.0"; + ``` + +
+ + + From 306ec62b52ef315251cd2198b5d346d0e266bcbd Mon Sep 17 00:00:00 2001 From: TilakMaddy Date: Fri, 2 Aug 2024 13:58:53 +0530 Subject: [PATCH 3/7] detector fix: restrict to private and internal state variables --- aderyn_core/src/detect/low/unused_state_variable.rs | 12 ++++++++---- .../contract-playground/src/UnusedStateVariables.sol | 12 ++++++------ 2 files changed, 14 insertions(+), 10 deletions(-) diff --git a/aderyn_core/src/detect/low/unused_state_variable.rs b/aderyn_core/src/detect/low/unused_state_variable.rs index 400f8537a..caa4aa51c 100644 --- a/aderyn_core/src/detect/low/unused_state_variable.rs +++ b/aderyn_core/src/detect/low/unused_state_variable.rs @@ -1,7 +1,7 @@ use std::collections::{BTreeMap, BTreeSet}; use std::error::Error; -use crate::ast::NodeID; +use crate::ast::{NodeID, Visibility}; use crate::capture; use crate::context::browser::{ExtractReferencedDeclarations, ExtractVariableDeclarations}; @@ -33,7 +33,11 @@ impl IssueDetector for UnusedStateVariablesDetector { all_state_variable_declarations.extend( variable_declarations .into_iter() - .filter(|v| v.state_variable) + .filter(|v| { + v.state_variable + && (v.visibility == Visibility::Private + || v.visibility == Visibility::Internal) + }) .map(|v| v.id), ) } @@ -55,7 +59,7 @@ impl IssueDetector for UnusedStateVariablesDetector { } fn title(&self) -> String { - String::from("Potentially unused state variables found.") + String::from("Potentially unused `private` / `internal` state variables found.") } fn description(&self) -> String { @@ -92,7 +96,7 @@ mod unused_detector_tests { // assert that the detector found an issue assert!(found); // assert that the detector found the correct number of instances - assert_eq!(detector.instances().len(), 5); + assert_eq!(detector.instances().len(), 4); // assert the severity is low assert_eq!( detector.severity(), diff --git a/tests/contract-playground/src/UnusedStateVariables.sol b/tests/contract-playground/src/UnusedStateVariables.sol index 319ae747e..50a2387fb 100644 --- a/tests/contract-playground/src/UnusedStateVariables.sol +++ b/tests/contract-playground/src/UnusedStateVariables.sol @@ -3,14 +3,14 @@ pragma solidity ^0.8.20; contract UnusedStateVariables { // Unused state variables (BAD) - uint256 public unusedUint256; - address public unusedAddress; - bool public unusedBool; - string public unusedString; - bytes32 public unusedBytes32; + uint256 internal unusedUint256; + address internal unusedAddress; + bool private unusedBool; + string private unusedString; // Used state variable (GOOD) - uint256 public usedUint256; + bytes32 public usedBytes32; // External contracts may want to interact with it by calling it as a function + uint256 internal usedUint256; function setValue(uint256 v) external { usedUint256 = v; From a6d7a1bdde4a16f669ba22a10020c25870a354a2 Mon Sep 17 00:00:00 2001 From: TilakMaddy Date: Fri, 2 Aug 2024 13:59:24 +0530 Subject: [PATCH 4/7] cli/reportgen --- reports/adhoc-sol-files-report.md | 162 +--------- reports/ccip-functions-report.md | 60 +--- reports/report.json | 310 ++---------------- reports/report.md | 296 +---------------- reports/report.sarif | 515 +----------------------------- reports/templegold-report.md | 96 +----- 6 files changed, 52 insertions(+), 1387 deletions(-) diff --git a/reports/adhoc-sol-files-report.md b/reports/adhoc-sol-files-report.md index 577d1fe9b..9cc7850bf 100644 --- a/reports/adhoc-sol-files-report.md +++ b/reports/adhoc-sol-files-report.md @@ -28,7 +28,7 @@ This report was generated by [Aderyn](https://github.com/Cyfrin/aderyn), a stati - [L-14: Contract still has TODOs](#l-14-contract-still-has-todos) - [L-15: Inconsistency in declaring uint256/uint (or) int256/int variables within a contract. Use explicit size declarations (uint256 or int256).](#l-15-inconsistency-in-declaring-uint256uint-or-int256int-variables-within-a-contract-use-explicit-size-declarations-uint256-or-int256) - [L-16: Unused Custom Error](#l-16-unused-custom-error) - - [L-17: Potentially unused state variables found.](#l-17-potentially-unused-state-variables-found) + - [L-17: Potentially unused `private` / `internal` state variables found.](#l-17-potentially-unused-private--internal-state-variables-found) # Summary @@ -691,30 +691,12 @@ it is recommended that the definition be removed when custom error is unused -## L-17: Potentially unused state variables found. +## L-17: Potentially unused `private` / `internal` state variables found. State variable appears to be unused. No analysis has been performed to see if any inilne assembly references it. So if that's not the case, consider removing this unused variable. -
33 Found Instances - - -- Found in InconsistentUints.sol [Line: 7](../tests/adhoc-sol-files/InconsistentUints.sol#L7) - - ```solidity - int public intVariable; // 1 - ``` - -- Found in InconsistentUints.sol [Line: 8](../tests/adhoc-sol-files/InconsistentUints.sol#L8) - - ```solidity - int256 public int256Variable; // 1 - ``` - -- Found in InconsistentUints.sol [Line: 15](../tests/adhoc-sol-files/InconsistentUints.sol#L15) +
7 Found Instances - ```solidity - uint[] public uintArray; // 4 - ``` - Found in InconsistentUints.sol [Line: 16](../tests/adhoc-sol-files/InconsistentUints.sol#L16) @@ -734,12 +716,6 @@ State variable appears to be unused. No analysis has been performed to see if an uint256 internal staticInternalNumber; ``` -- Found in StateVariables.sol [Line: 10](../tests/adhoc-sol-files/StateVariables.sol#L10) - - ```solidity - uint256 public staticPublicNumber; - ``` - - Found in StateVariables.sol [Line: 13](../tests/adhoc-sol-files/StateVariables.sol#L13) ```solidity @@ -752,12 +728,6 @@ State variable appears to be unused. No analysis has been performed to see if an uint256 internal staticNonEmptyInternalNumber = 2; ``` -- Found in StateVariables.sol [Line: 15](../tests/adhoc-sol-files/StateVariables.sol#L15) - - ```solidity - uint256 public staticNonEmptyPublicNumber = 3; - ``` - - Found in StateVariables.sol [Line: 28](../tests/adhoc-sol-files/StateVariables.sol#L28) ```solidity @@ -770,132 +740,6 @@ State variable appears to be unused. No analysis has been performed to see if an uint256 internal constant INTERNAL_CONSTANT = 2; ``` -- Found in StateVariables.sol [Line: 30](../tests/adhoc-sol-files/StateVariables.sol#L30) - - ```solidity - uint256 public constant PUBLIC_CONSTANT = 3; - ``` - -- Found in multiple-versions/0.4/A.sol [Line: 5](../tests/adhoc-sol-files/multiple-versions/0.4/A.sol#L5) - - ```solidity - address public constant MY_ADDRESS = address(0); - ``` - -- Found in multiple-versions/0.4/A.sol [Line: 6](../tests/adhoc-sol-files/multiple-versions/0.4/A.sol#L6) - - ```solidity - uint256 public constant MY_UINT = 134131; - ``` - -- Found in multiple-versions/0.4/B.sol [Line: 5](../tests/adhoc-sol-files/multiple-versions/0.4/B.sol#L5) - - ```solidity - address public MY_ADDRESS = address(0); - ``` - -- Found in multiple-versions/0.4/B.sol [Line: 6](../tests/adhoc-sol-files/multiple-versions/0.4/B.sol#L6) - - ```solidity - uint256 public MY_UINT = 134131; - ``` - -- Found in multiple-versions/0.5/A.sol [Line: 5](../tests/adhoc-sol-files/multiple-versions/0.5/A.sol#L5) - - ```solidity - address public constant MY_ADDRESS = address(0); - ``` - -- Found in multiple-versions/0.5/A.sol [Line: 6](../tests/adhoc-sol-files/multiple-versions/0.5/A.sol#L6) - - ```solidity - uint256 public constant MY_UINT = 134131; - ``` - -- Found in multiple-versions/0.5/B.sol [Line: 5](../tests/adhoc-sol-files/multiple-versions/0.5/B.sol#L5) - - ```solidity - address public MY_ADDRESS = address(0); - ``` - -- Found in multiple-versions/0.5/B.sol [Line: 6](../tests/adhoc-sol-files/multiple-versions/0.5/B.sol#L6) - - ```solidity - uint256 public MY_UINT = 134131; - ``` - -- Found in multiple-versions/0.6/A.sol [Line: 5](../tests/adhoc-sol-files/multiple-versions/0.6/A.sol#L5) - - ```solidity - address public constant MY_ADDRESS = address(0); - ``` - -- Found in multiple-versions/0.6/A.sol [Line: 6](../tests/adhoc-sol-files/multiple-versions/0.6/A.sol#L6) - - ```solidity - uint256 public constant MY_UINT = 134131; - ``` - -- Found in multiple-versions/0.6/B.sol [Line: 5](../tests/adhoc-sol-files/multiple-versions/0.6/B.sol#L5) - - ```solidity - address public MY_ADDRESS = address(0); - ``` - -- Found in multiple-versions/0.6/B.sol [Line: 6](../tests/adhoc-sol-files/multiple-versions/0.6/B.sol#L6) - - ```solidity - uint256 public MY_UINT = 134131; - ``` - -- Found in multiple-versions/0.7/A.sol [Line: 5](../tests/adhoc-sol-files/multiple-versions/0.7/A.sol#L5) - - ```solidity - address public constant MY_ADDRESS = address(0); - ``` - -- Found in multiple-versions/0.7/A.sol [Line: 6](../tests/adhoc-sol-files/multiple-versions/0.7/A.sol#L6) - - ```solidity - uint256 public constant MY_UINT = 134131; - ``` - -- Found in multiple-versions/0.7/B.sol [Line: 5](../tests/adhoc-sol-files/multiple-versions/0.7/B.sol#L5) - - ```solidity - address public MY_ADDRESS = address(0); - ``` - -- Found in multiple-versions/0.7/B.sol [Line: 6](../tests/adhoc-sol-files/multiple-versions/0.7/B.sol#L6) - - ```solidity - uint256 public MY_UINT = 134131; - ``` - -- Found in multiple-versions/0.8/A.sol [Line: 5](../tests/adhoc-sol-files/multiple-versions/0.8/A.sol#L5) - - ```solidity - address public constant MY_ADDRESS = address(0); - ``` - -- Found in multiple-versions/0.8/A.sol [Line: 6](../tests/adhoc-sol-files/multiple-versions/0.8/A.sol#L6) - - ```solidity - uint256 public constant MY_UINT = 134131; - ``` - -- Found in multiple-versions/0.8/B.sol [Line: 5](../tests/adhoc-sol-files/multiple-versions/0.8/B.sol#L5) - - ```solidity - address public MY_ADDRESS = address(0); - ``` - -- Found in multiple-versions/0.8/B.sol [Line: 6](../tests/adhoc-sol-files/multiple-versions/0.8/B.sol#L6) - - ```solidity - uint256 public MY_UINT = 134131; - ``` -
diff --git a/reports/ccip-functions-report.md b/reports/ccip-functions-report.md index 4ab184b60..3367cdd7a 100644 --- a/reports/ccip-functions-report.md +++ b/reports/ccip-functions-report.md @@ -25,7 +25,7 @@ This report was generated by [Aderyn](https://github.com/Cyfrin/aderyn), a stati - [L-11: Contract still has TODOs](#l-11-contract-still-has-todos) - [L-12: Unused Custom Error](#l-12-unused-custom-error) - [L-13: Loop contains `require`/`revert` statements](#l-13-loop-contains-requirerevert-statements) - - [L-14: Potentially unused state variables found.](#l-14-potentially-unused-state-variables-found) + - [L-14: Potentially unused `private` / `internal` state variables found.](#l-14-potentially-unused-private--internal-state-variables-found) # Summary @@ -2451,48 +2451,12 @@ Avoid `require` / `revert` statements in a loop because a single bad item can ca -## L-14: Potentially unused state variables found. +## L-14: Potentially unused `private` / `internal` state variables found. State variable appears to be unused. No analysis has been performed to see if any inilne assembly references it. So if that's not the case, consider removing this unused variable. -
10 Found Instances - - -- Found in src/v0.8/functions/dev/v1_X/FunctionsCoordinator.sol [Line: 19](../tests/ccip-contracts/contracts/src/v0.8/functions/dev/v1_X/FunctionsCoordinator.sol#L19) - - ```solidity - string public constant override typeAndVersion = "Functions Coordinator v1.3.0"; - ``` - -- Found in src/v0.8/functions/dev/v1_X/FunctionsRouter.sol [Line: 21](../tests/ccip-contracts/contracts/src/v0.8/functions/dev/v1_X/FunctionsRouter.sol#L21) - - ```solidity - string public constant override typeAndVersion = "Functions Router v2.0.0"; - ``` +
1 Found Instances -- Found in src/v0.8/functions/dev/v1_X/accessControl/TermsOfServiceAllowList.sol [Line: 19](../tests/ccip-contracts/contracts/src/v0.8/functions/dev/v1_X/accessControl/TermsOfServiceAllowList.sol#L19) - - ```solidity - string public constant override typeAndVersion = "Functions Terms of Service Allow List v1.1.0"; - ``` - -- Found in src/v0.8/functions/v1_0_0/FunctionsCoordinator.sol [Line: 19](../tests/ccip-contracts/contracts/src/v0.8/functions/v1_0_0/FunctionsCoordinator.sol#L19) - - ```solidity - string public constant override typeAndVersion = "Functions Coordinator v1.0.0"; - ``` - -- Found in src/v0.8/functions/v1_0_0/FunctionsRouter.sol [Line: 21](../tests/ccip-contracts/contracts/src/v0.8/functions/v1_0_0/FunctionsRouter.sol#L21) - - ```solidity - string public constant override typeAndVersion = "Functions Router v1.0.0"; - ``` - -- Found in src/v0.8/functions/v1_0_0/accessControl/TermsOfServiceAllowList.sol [Line: 19](../tests/ccip-contracts/contracts/src/v0.8/functions/v1_0_0/accessControl/TermsOfServiceAllowList.sol#L19) - - ```solidity - string public constant override typeAndVersion = "Functions Terms of Service Allow List v1.0.0"; - ``` - Found in src/v0.8/functions/v1_0_0/ocr/OCR2Base.sol [Line: 22](../tests/ccip-contracts/contracts/src/v0.8/functions/v1_0_0/ocr/OCR2Base.sol#L22) @@ -2500,24 +2464,6 @@ State variable appears to be unused. No analysis has been performed to see if an uint256 private constant maxUint32 = (1 << 32) - 1; ``` -- Found in src/v0.8/functions/v1_1_0/FunctionsCoordinator.sol [Line: 19](../tests/ccip-contracts/contracts/src/v0.8/functions/v1_1_0/FunctionsCoordinator.sol#L19) - - ```solidity - string public constant override typeAndVersion = "Functions Coordinator v1.1.0"; - ``` - -- Found in src/v0.8/functions/v1_3_0/FunctionsCoordinator.sol [Line: 20](../tests/ccip-contracts/contracts/src/v0.8/functions/v1_3_0/FunctionsCoordinator.sol#L20) - - ```solidity - string public constant override typeAndVersion = "Functions Coordinator v1.3.0"; - ``` - -- Found in src/v0.8/functions/v1_3_0/accessControl/TermsOfServiceAllowList.sol [Line: 20](../tests/ccip-contracts/contracts/src/v0.8/functions/v1_3_0/accessControl/TermsOfServiceAllowList.sol#L20) - - ```solidity - string public constant override typeAndVersion = "Functions Terms of Service Allow List v1.1.0"; - ``` -
diff --git a/reports/report.json b/reports/report.json index 4fb516026..1ca0405a6 100644 --- a/reports/report.json +++ b/reports/report.json @@ -1340,32 +1340,32 @@ { "contract_path": "src/UnusedStateVariables.sol", "line_no": 6, - "src": "145:13", - "src_char": "145:13" + "src": "147:13", + "src_char": "147:13" }, { "contract_path": "src/UnusedStateVariables.sol", "line_no": 7, - "src": "179:13", - "src_char": "179:13" + "src": "183:13", + "src_char": "183:13" }, { "contract_path": "src/UnusedStateVariables.sol", "line_no": 8, - "src": "210:10", - "src_char": "210:10" + "src": "215:10", + "src_char": "215:10" }, { "contract_path": "src/UnusedStateVariables.sol", "line_no": 9, - "src": "240:12", - "src_char": "240:12" + "src": "246:12", + "src_char": "246:12" }, { "contract_path": "src/UnusedStateVariables.sol", - "line_no": 10, - "src": "273:13", - "src_char": "273:13" + "line_no": 12, + "src": "314:11", + "src_char": "314:11" }, { "contract_path": "src/WrongOrderOfLayout.sol", @@ -3713,7 +3713,7 @@ ] }, { - "title": "Potentially unused state variables found.", + "title": "Potentially unused `private` / `internal` state variables found.", "description": "State variable appears to be unused. No analysis has been performed to see if any inilne assembly references it. So if that's not the case, consider removing this unused variable.", "detector_name": "unused-state-variable", "instances": [ @@ -3723,222 +3723,6 @@ "src": "97:1", "src_char": "97:1" }, - { - "contract_path": "src/HugeConstants.sol", - "line_no": 6, - "src": "166:13", - "src_char": "166:13" - }, - { - "contract_path": "src/HugeConstants.sol", - "line_no": 7, - "src": "236:13", - "src_char": "236:13" - }, - { - "contract_path": "src/HugeConstants.sol", - "line_no": 8, - "src": "305:13", - "src_char": "305:13" - }, - { - "contract_path": "src/HugeConstants.sol", - "line_no": 9, - "src": "373:13", - "src_char": "373:13" - }, - { - "contract_path": "src/HugeConstants.sol", - "line_no": 10, - "src": "440:13", - "src_char": "440:13" - }, - { - "contract_path": "src/HugeConstants.sol", - "line_no": 11, - "src": "506:13", - "src_char": "506:13" - }, - { - "contract_path": "src/HugeConstants.sol", - "line_no": 12, - "src": "571:13", - "src_char": "571:13" - }, - { - "contract_path": "src/HugeConstants.sol", - "line_no": 13, - "src": "635:13", - "src_char": "635:13" - }, - { - "contract_path": "src/HugeConstants.sol", - "line_no": 14, - "src": "698:13", - "src_char": "698:13" - }, - { - "contract_path": "src/HugeConstants.sol", - "line_no": 15, - "src": "760:14", - "src_char": "760:14" - }, - { - "contract_path": "src/HugeConstants.sol", - "line_no": 16, - "src": "822:14", - "src_char": "822:14" - }, - { - "contract_path": "src/HugeConstants.sol", - "line_no": 17, - "src": "883:14", - "src_char": "883:14" - }, - { - "contract_path": "src/HugeConstants.sol", - "line_no": 18, - "src": "943:14", - "src_char": "943:14" - }, - { - "contract_path": "src/HugeConstants.sol", - "line_no": 19, - "src": "1002:14", - "src_char": "1002:14" - }, - { - "contract_path": "src/HugeConstants.sol", - "line_no": 20, - "src": "1060:14", - "src_char": "1060:14" - }, - { - "contract_path": "src/HugeConstants.sol", - "line_no": 21, - "src": "1117:14", - "src_char": "1117:14" - }, - { - "contract_path": "src/HugeConstants.sol", - "line_no": 22, - "src": "1173:14", - "src_char": "1173:14" - }, - { - "contract_path": "src/HugeConstants.sol", - "line_no": 23, - "src": "1228:14", - "src_char": "1228:14" - }, - { - "contract_path": "src/HugeConstants.sol", - "line_no": 24, - "src": "1282:14", - "src_char": "1282:14" - }, - { - "contract_path": "src/HugeConstants.sol", - "line_no": 25, - "src": "1335:14", - "src_char": "1335:14" - }, - { - "contract_path": "src/HugeConstants.sol", - "line_no": 27, - "src": "1388:19", - "src_char": "1388:19" - }, - { - "contract_path": "src/HugeConstants.sol", - "line_no": 28, - "src": "1444:19", - "src_char": "1444:19" - }, - { - "contract_path": "src/HugeConstants.sol", - "line_no": 29, - "src": "1499:19", - "src_char": "1499:19" - }, - { - "contract_path": "src/HugeConstants.sol", - "line_no": 31, - "src": "1556:26", - "src_char": "1556:26" - }, - { - "contract_path": "src/HugeConstants.sol", - "line_no": 32, - "src": "1644:26", - "src_char": "1644:26" - }, - { - "contract_path": "src/HugeConstants.sol", - "line_no": 33, - "src": "1709:31", - "src_char": "1709:31" - }, - { - "contract_path": "src/HugeConstants.sol", - "line_no": 35, - "src": "1779:23", - "src_char": "1779:23" - }, - { - "contract_path": "src/HugeConstants.sol", - "line_no": 36, - "src": "1859:23", - "src_char": "1859:23" - }, - { - "contract_path": "src/HugeConstants.sol", - "line_no": 37, - "src": "1922:23", - "src_char": "1922:23" - }, - { - "contract_path": "src/HugeConstants.sol", - "line_no": 38, - "src": "1984:23", - "src_char": "1984:23" - }, - { - "contract_path": "src/HugeConstants.sol", - "line_no": 39, - "src": "2071:23", - "src_char": "2071:23" - }, - { - "contract_path": "src/HugeConstants.sol", - "line_no": 40, - "src": "2135:23", - "src_char": "2135:23" - }, - { - "contract_path": "src/HugeConstants.sol", - "line_no": 42, - "src": "2199:18", - "src_char": "2199:18" - }, - { - "contract_path": "src/InconsistentUints.sol", - "line_no": 7, - "src": "197:11", - "src_char": "197:11" - }, - { - "contract_path": "src/InconsistentUints.sol", - "line_no": 8, - "src": "233:14", - "src_char": "233:14" - }, - { - "contract_path": "src/InconsistentUints.sol", - "line_no": 15, - "src": "383:9", - "src_char": "383:9" - }, { "contract_path": "src/InconsistentUints.sol", "line_no": 16, @@ -3957,12 +3741,6 @@ "src": "241:20", "src_char": "241:20" }, - { - "contract_path": "src/StateVariables.sol", - "line_no": 10, - "src": "282:18", - "src_char": "282:18" - }, { "contract_path": "src/StateVariables.sol", "line_no": 13, @@ -3975,12 +3753,6 @@ "src": "437:28", "src_char": "437:28" }, - { - "contract_path": "src/StateVariables.sol", - "line_no": 15, - "src": "490:26", - "src_char": "490:26" - }, { "contract_path": "src/StateVariables.sol", "line_no": 28, @@ -3993,24 +3765,6 @@ "src": "1108:17", "src_char": "1108:17" }, - { - "contract_path": "src/StateVariables.sol", - "line_no": 30, - "src": "1159:15", - "src_char": "1159:15" - }, - { - "contract_path": "src/TestERC20.sol", - "line_no": 6, - "src": "111:8", - "src_char": "111:8" - }, - { - "contract_path": "src/UninitializedStateVariable.sol", - "line_no": 12, - "src": "448:3", - "src_char": "448:3" - }, { "contract_path": "src/UninitializedStateVariable.sol", "line_no": 13, @@ -4020,38 +3774,26 @@ { "contract_path": "src/UnusedStateVariables.sol", "line_no": 6, - "src": "145:13", - "src_char": "145:13" + "src": "147:13", + "src_char": "147:13" }, { "contract_path": "src/UnusedStateVariables.sol", "line_no": 7, - "src": "179:13", - "src_char": "179:13" + "src": "183:13", + "src_char": "183:13" }, { "contract_path": "src/UnusedStateVariables.sol", "line_no": 8, - "src": "210:10", - "src_char": "210:10" + "src": "215:10", + "src_char": "215:10" }, { "contract_path": "src/UnusedStateVariables.sol", "line_no": 9, - "src": "240:12", - "src_char": "240:12" - }, - { - "contract_path": "src/UnusedStateVariables.sol", - "line_no": 10, - "src": "273:13", - "src_char": "273:13" - }, - { - "contract_path": "src/WrongOrderOfLayout.sol", - "line_no": 11, - "src": "257:10", - "src_char": "257:10" + "src": "246:12", + "src_char": "246:12" }, { "contract_path": "src/cloc/AnotherHeavilyCommentedContract.sol", @@ -4112,18 +3854,6 @@ "line_no": 29, "src": "486:3", "src_char": "486:3" - }, - { - "contract_path": "src/nested_mappings/LaterVersion.sol", - "line_no": 17, - "src": "416:20", - "src_char": "416:20" - }, - { - "contract_path": "src/nested_mappings/NestedMappings.sol", - "line_no": 17, - "src": "367:58", - "src_char": "367:58" } ] } diff --git a/reports/report.md b/reports/report.md index 3ffbd861e..33351f73f 100644 --- a/reports/report.md +++ b/reports/report.md @@ -66,7 +66,7 @@ This report was generated by [Aderyn](https://github.com/Cyfrin/aderyn), a stati - [L-23: Incorrect Order of Division and Multiplication](#l-23-incorrect-order-of-division-and-multiplication) - [L-24: Redundant statements have no effect.](#l-24-redundant-statements-have-no-effect) - [L-25: Public variables of a contract read in an external context (using `this`).](#l-25-public-variables-of-a-contract-read-in-an-external-context-using-this) - - [L-26: Potentially unused state variables found.](#l-26-potentially-unused-state-variables-found) + - [L-26: Potentially unused `private` / `internal` state variables found.](#l-26-potentially-unused-private--internal-state-variables-found) # Summary @@ -1265,31 +1265,31 @@ Solidity does initialize variables by default when you declare them, however it' - Found in src/UnusedStateVariables.sol [Line: 6](../tests/contract-playground/src/UnusedStateVariables.sol#L6) ```solidity - uint256 public unusedUint256; + uint256 internal unusedUint256; ``` - Found in src/UnusedStateVariables.sol [Line: 7](../tests/contract-playground/src/UnusedStateVariables.sol#L7) ```solidity - address public unusedAddress; + address internal unusedAddress; ``` - Found in src/UnusedStateVariables.sol [Line: 8](../tests/contract-playground/src/UnusedStateVariables.sol#L8) ```solidity - bool public unusedBool; + bool private unusedBool; ``` - Found in src/UnusedStateVariables.sol [Line: 9](../tests/contract-playground/src/UnusedStateVariables.sol#L9) ```solidity - string public unusedString; + string private unusedString; ``` -- Found in src/UnusedStateVariables.sol [Line: 10](../tests/contract-playground/src/UnusedStateVariables.sol#L10) +- Found in src/UnusedStateVariables.sol [Line: 12](../tests/contract-playground/src/UnusedStateVariables.sol#L12) ```solidity - bytes32 public unusedBytes32; + bytes32 public usedBytes32; // External contracts may want to interact with it by calling it as a function ``` - Found in src/WrongOrderOfLayout.sol [Line: 11](../tests/contract-playground/src/WrongOrderOfLayout.sol#L11) @@ -3792,11 +3792,11 @@ The contract reads it's own variable using `this` which adds an unnecessary STAT -## L-26: Potentially unused state variables found. +## L-26: Potentially unused `private` / `internal` state variables found. State variable appears to be unused. No analysis has been performed to see if any inilne assembly references it. So if that's not the case, consider removing this unused variable. -
68 Found Instances +
23 Found Instances - Found in src/AssemblyExample.sol [Line: 5](../tests/contract-playground/src/AssemblyExample.sol#L5) @@ -3805,222 +3805,6 @@ State variable appears to be unused. No analysis has been performed to see if an uint b; ``` -- Found in src/HugeConstants.sol [Line: 6](../tests/contract-playground/src/HugeConstants.sol#L6) - - ```solidity - uint256 constant public HUGE_NUMBER_1 = 100000000000000000000000; - ``` - -- Found in src/HugeConstants.sol [Line: 7](../tests/contract-playground/src/HugeConstants.sol#L7) - - ```solidity - uint256 constant public HUGE_NUMBER_2 = 10000000000000000000000; - ``` - -- Found in src/HugeConstants.sol [Line: 8](../tests/contract-playground/src/HugeConstants.sol#L8) - - ```solidity - uint256 constant public HUGE_NUMBER_3 = 1000000000000000000000; - ``` - -- Found in src/HugeConstants.sol [Line: 9](../tests/contract-playground/src/HugeConstants.sol#L9) - - ```solidity - uint256 constant public HUGE_NUMBER_4 = 100000000000000000000; - ``` - -- Found in src/HugeConstants.sol [Line: 10](../tests/contract-playground/src/HugeConstants.sol#L10) - - ```solidity - uint256 constant public HUGE_NUMBER_5 = 10000000000000000000; - ``` - -- Found in src/HugeConstants.sol [Line: 11](../tests/contract-playground/src/HugeConstants.sol#L11) - - ```solidity - uint256 constant public HUGE_NUMBER_6 = 1000000000000000000; - ``` - -- Found in src/HugeConstants.sol [Line: 12](../tests/contract-playground/src/HugeConstants.sol#L12) - - ```solidity - uint256 constant public HUGE_NUMBER_7 = 100000000000000000; - ``` - -- Found in src/HugeConstants.sol [Line: 13](../tests/contract-playground/src/HugeConstants.sol#L13) - - ```solidity - uint256 constant public HUGE_NUMBER_8 = 10000000000000000; - ``` - -- Found in src/HugeConstants.sol [Line: 14](../tests/contract-playground/src/HugeConstants.sol#L14) - - ```solidity - uint256 constant public HUGE_NUMBER_9 = 1000000000000000; - ``` - -- Found in src/HugeConstants.sol [Line: 15](../tests/contract-playground/src/HugeConstants.sol#L15) - - ```solidity - uint256 constant public HUGE_NUMBER_10 = 100000000000000; - ``` - -- Found in src/HugeConstants.sol [Line: 16](../tests/contract-playground/src/HugeConstants.sol#L16) - - ```solidity - uint256 constant public HUGE_NUMBER_11 = 10000000000000; - ``` - -- Found in src/HugeConstants.sol [Line: 17](../tests/contract-playground/src/HugeConstants.sol#L17) - - ```solidity - uint256 constant public HUGE_NUMBER_12 = 1000000000000; - ``` - -- Found in src/HugeConstants.sol [Line: 18](../tests/contract-playground/src/HugeConstants.sol#L18) - - ```solidity - uint256 constant public HUGE_NUMBER_13 = 100000000000; - ``` - -- Found in src/HugeConstants.sol [Line: 19](../tests/contract-playground/src/HugeConstants.sol#L19) - - ```solidity - uint256 constant public HUGE_NUMBER_14 = 10000000000; - ``` - -- Found in src/HugeConstants.sol [Line: 20](../tests/contract-playground/src/HugeConstants.sol#L20) - - ```solidity - uint256 constant public HUGE_NUMBER_15 = 1000000000; - ``` - -- Found in src/HugeConstants.sol [Line: 21](../tests/contract-playground/src/HugeConstants.sol#L21) - - ```solidity - uint256 constant public HUGE_NUMBER_16 = 100000000; - ``` - -- Found in src/HugeConstants.sol [Line: 22](../tests/contract-playground/src/HugeConstants.sol#L22) - - ```solidity - uint256 constant public HUGE_NUMBER_17 = 10000000; - ``` - -- Found in src/HugeConstants.sol [Line: 23](../tests/contract-playground/src/HugeConstants.sol#L23) - - ```solidity - uint256 constant public HUGE_NUMBER_18 = 1000000; - ``` - -- Found in src/HugeConstants.sol [Line: 24](../tests/contract-playground/src/HugeConstants.sol#L24) - - ```solidity - uint256 constant public HUGE_NUMBER_19 = 100000; - ``` - -- Found in src/HugeConstants.sol [Line: 25](../tests/contract-playground/src/HugeConstants.sol#L25) - - ```solidity - uint256 constant public HUGE_NUMBER_20 = 10000; - ``` - -- Found in src/HugeConstants.sol [Line: 27](../tests/contract-playground/src/HugeConstants.sol#L27) - - ```solidity - uint256 constant public HUGE_NUMBER_21_GOOD = 1000; - ``` - -- Found in src/HugeConstants.sol [Line: 28](../tests/contract-playground/src/HugeConstants.sol#L28) - - ```solidity - uint256 constant public HUGE_NUMBER_22_GOOD = 100; - ``` - -- Found in src/HugeConstants.sol [Line: 29](../tests/contract-playground/src/HugeConstants.sol#L29) - - ```solidity - uint256 constant public HUGE_NUMBER_23_GOOD = 1e20; - ``` - -- Found in src/HugeConstants.sol [Line: 31](../tests/contract-playground/src/HugeConstants.sol#L31) - - ```solidity - uint256 constant public HUGE_NUMBER_24_UNDERSCORES = 1_000_000_000_000_000_000_000; - ``` - -- Found in src/HugeConstants.sol [Line: 32](../tests/contract-playground/src/HugeConstants.sol#L32) - - ```solidity - uint256 constant public HUGE_NUMBER_25_UNDERSCORES = 10_000; - ``` - -- Found in src/HugeConstants.sol [Line: 33](../tests/contract-playground/src/HugeConstants.sol#L33) - - ```solidity - uint256 constant public HUGE_NUMBER_26_UNDERSCORES_GOOD = 1_000; - ``` - -- Found in src/HugeConstants.sol [Line: 35](../tests/contract-playground/src/HugeConstants.sol#L35) - - ```solidity - uint256 constant public HUGE_NUMBER_27_HEX_GOOD = 0x1000000000000000000000; - ``` - -- Found in src/HugeConstants.sol [Line: 36](../tests/contract-playground/src/HugeConstants.sol#L36) - - ```solidity - uint256 constant public HUGE_NUMBER_28_HEX_GOOD = 0x10000; - ``` - -- Found in src/HugeConstants.sol [Line: 37](../tests/contract-playground/src/HugeConstants.sol#L37) - - ```solidity - uint256 constant public HUGE_NUMBER_29_HEX_GOOD = 0x1000; - ``` - -- Found in src/HugeConstants.sol [Line: 38](../tests/contract-playground/src/HugeConstants.sol#L38) - - ```solidity - uint256 constant public HUGE_NUMBER_30_HEX_GOOD = 0x1_000_000_000_000_000_000_000; - ``` - -- Found in src/HugeConstants.sol [Line: 39](../tests/contract-playground/src/HugeConstants.sol#L39) - - ```solidity - uint256 constant public HUGE_NUMBER_31_HEX_GOOD = 0x10_000; - ``` - -- Found in src/HugeConstants.sol [Line: 40](../tests/contract-playground/src/HugeConstants.sol#L40) - - ```solidity - uint256 constant public HUGE_NUMBER_32_HEX_GOOD = 0x100_0; - ``` - -- Found in src/HugeConstants.sol [Line: 42](../tests/contract-playground/src/HugeConstants.sol#L42) - - ```solidity - uint256 constant public HUGE_NUMBER_33_HEX = 1e0000; - ``` - -- Found in src/InconsistentUints.sol [Line: 7](../tests/contract-playground/src/InconsistentUints.sol#L7) - - ```solidity - int public intVariable; // 1 - ``` - -- Found in src/InconsistentUints.sol [Line: 8](../tests/contract-playground/src/InconsistentUints.sol#L8) - - ```solidity - int256 public int256Variable; // 1 - ``` - -- Found in src/InconsistentUints.sol [Line: 15](../tests/contract-playground/src/InconsistentUints.sol#L15) - - ```solidity - uint[] public uintArray; // 4 - ``` - - Found in src/InconsistentUints.sol [Line: 16](../tests/contract-playground/src/InconsistentUints.sol#L16) ```solidity @@ -4039,12 +3823,6 @@ State variable appears to be unused. No analysis has been performed to see if an uint256 internal staticInternalNumber; ``` -- Found in src/StateVariables.sol [Line: 10](../tests/contract-playground/src/StateVariables.sol#L10) - - ```solidity - uint256 public staticPublicNumber; - ``` - - Found in src/StateVariables.sol [Line: 13](../tests/contract-playground/src/StateVariables.sol#L13) ```solidity @@ -4057,12 +3835,6 @@ State variable appears to be unused. No analysis has been performed to see if an uint256 internal staticNonEmptyInternalNumber = 2; ``` -- Found in src/StateVariables.sol [Line: 15](../tests/contract-playground/src/StateVariables.sol#L15) - - ```solidity - uint256 public staticNonEmptyPublicNumber = 3; - ``` - - Found in src/StateVariables.sol [Line: 28](../tests/contract-playground/src/StateVariables.sol#L28) ```solidity @@ -4075,24 +3847,6 @@ State variable appears to be unused. No analysis has been performed to see if an uint256 internal constant INTERNAL_CONSTANT = 2; ``` -- Found in src/StateVariables.sol [Line: 30](../tests/contract-playground/src/StateVariables.sol#L30) - - ```solidity - uint256 public constant PUBLIC_CONSTANT = 3; - ``` - -- Found in src/TestERC20.sol [Line: 6](../tests/contract-playground/src/TestERC20.sol#L6) - - ```solidity - uint256 public constant decimals = 18; - ``` - -- Found in src/UninitializedStateVariable.sol [Line: 12](../tests/contract-playground/src/UninitializedStateVariable.sol#L12) - - ```solidity - uint256[] public arr; // GOOD - ``` - - Found in src/UninitializedStateVariable.sol [Line: 13](../tests/contract-playground/src/UninitializedStateVariable.sol#L13) ```solidity @@ -4102,37 +3856,25 @@ State variable appears to be unused. No analysis has been performed to see if an - Found in src/UnusedStateVariables.sol [Line: 6](../tests/contract-playground/src/UnusedStateVariables.sol#L6) ```solidity - uint256 public unusedUint256; + uint256 internal unusedUint256; ``` - Found in src/UnusedStateVariables.sol [Line: 7](../tests/contract-playground/src/UnusedStateVariables.sol#L7) ```solidity - address public unusedAddress; + address internal unusedAddress; ``` - Found in src/UnusedStateVariables.sol [Line: 8](../tests/contract-playground/src/UnusedStateVariables.sol#L8) ```solidity - bool public unusedBool; + bool private unusedBool; ``` - Found in src/UnusedStateVariables.sol [Line: 9](../tests/contract-playground/src/UnusedStateVariables.sol#L9) ```solidity - string public unusedString; - ``` - -- Found in src/UnusedStateVariables.sol [Line: 10](../tests/contract-playground/src/UnusedStateVariables.sol#L10) - - ```solidity - bytes32 public unusedBytes32; - ``` - -- Found in src/WrongOrderOfLayout.sol [Line: 11](../tests/contract-playground/src/WrongOrderOfLayout.sol#L11) - - ```solidity - uint256 public multiplier; + string private unusedString; ``` - Found in src/cloc/AnotherHeavilyCommentedContract.sol [Line: 14](../tests/contract-playground/src/cloc/AnotherHeavilyCommentedContract.sol#L14) @@ -4195,18 +3937,6 @@ State variable appears to be unused. No analysis has been performed to see if an this is longer comment */ uint256 s_5 = 0; ``` -- Found in src/nested_mappings/LaterVersion.sol [Line: 17](../tests/contract-playground/src/nested_mappings/LaterVersion.sol#L17) - - ```solidity - mapping(uint256 => structMain) public s_mapOfNestedStructs; - ``` - -- Found in src/nested_mappings/NestedMappings.sol [Line: 17](../tests/contract-playground/src/nested_mappings/NestedMappings.sol#L17) - - ```solidity - mapping(uint256 => structMain) public s_mapOfNestedStructs; - ``` -
diff --git a/reports/report.sarif b/reports/report.sarif index c57ab0623..42a1fd89c 100644 --- a/reports/report.sarif +++ b/reports/report.sarif @@ -1832,7 +1832,7 @@ }, "region": { "byteLength": 13, - "byteOffset": 145 + "byteOffset": 147 } } }, @@ -1843,7 +1843,7 @@ }, "region": { "byteLength": 13, - "byteOffset": 179 + "byteOffset": 183 } } }, @@ -1854,7 +1854,7 @@ }, "region": { "byteLength": 10, - "byteOffset": 210 + "byteOffset": 215 } } }, @@ -1865,7 +1865,7 @@ }, "region": { "byteLength": 12, - "byteOffset": 240 + "byteOffset": 246 } } }, @@ -1875,8 +1875,8 @@ "uri": "src/UnusedStateVariables.sol" }, "region": { - "byteLength": 13, - "byteOffset": 273 + "byteLength": 11, + "byteOffset": 314 } } }, @@ -6031,402 +6031,6 @@ } } }, - { - "physicalLocation": { - "artifactLocation": { - "uri": "src/HugeConstants.sol" - }, - "region": { - "byteLength": 13, - "byteOffset": 166 - } - } - }, - { - "physicalLocation": { - "artifactLocation": { - "uri": "src/HugeConstants.sol" - }, - "region": { - "byteLength": 13, - "byteOffset": 236 - } - } - }, - { - "physicalLocation": { - "artifactLocation": { - "uri": "src/HugeConstants.sol" - }, - "region": { - "byteLength": 13, - "byteOffset": 305 - } - } - }, - { - "physicalLocation": { - "artifactLocation": { - "uri": "src/HugeConstants.sol" - }, - "region": { - "byteLength": 13, - "byteOffset": 373 - } - } - }, - { - "physicalLocation": { - "artifactLocation": { - "uri": "src/HugeConstants.sol" - }, - "region": { - "byteLength": 13, - "byteOffset": 440 - } - } - }, - { - "physicalLocation": { - "artifactLocation": { - "uri": "src/HugeConstants.sol" - }, - "region": { - "byteLength": 13, - "byteOffset": 506 - } - } - }, - { - "physicalLocation": { - "artifactLocation": { - "uri": "src/HugeConstants.sol" - }, - "region": { - "byteLength": 13, - "byteOffset": 571 - } - } - }, - { - "physicalLocation": { - "artifactLocation": { - "uri": "src/HugeConstants.sol" - }, - "region": { - "byteLength": 13, - "byteOffset": 635 - } - } - }, - { - "physicalLocation": { - "artifactLocation": { - "uri": "src/HugeConstants.sol" - }, - "region": { - "byteLength": 13, - "byteOffset": 698 - } - } - }, - { - "physicalLocation": { - "artifactLocation": { - "uri": "src/HugeConstants.sol" - }, - "region": { - "byteLength": 14, - "byteOffset": 760 - } - } - }, - { - "physicalLocation": { - "artifactLocation": { - "uri": "src/HugeConstants.sol" - }, - "region": { - "byteLength": 14, - "byteOffset": 822 - } - } - }, - { - "physicalLocation": { - "artifactLocation": { - "uri": "src/HugeConstants.sol" - }, - "region": { - "byteLength": 14, - "byteOffset": 883 - } - } - }, - { - "physicalLocation": { - "artifactLocation": { - "uri": "src/HugeConstants.sol" - }, - "region": { - "byteLength": 14, - "byteOffset": 943 - } - } - }, - { - "physicalLocation": { - "artifactLocation": { - "uri": "src/HugeConstants.sol" - }, - "region": { - "byteLength": 14, - "byteOffset": 1002 - } - } - }, - { - "physicalLocation": { - "artifactLocation": { - "uri": "src/HugeConstants.sol" - }, - "region": { - "byteLength": 14, - "byteOffset": 1060 - } - } - }, - { - "physicalLocation": { - "artifactLocation": { - "uri": "src/HugeConstants.sol" - }, - "region": { - "byteLength": 14, - "byteOffset": 1117 - } - } - }, - { - "physicalLocation": { - "artifactLocation": { - "uri": "src/HugeConstants.sol" - }, - "region": { - "byteLength": 14, - "byteOffset": 1173 - } - } - }, - { - "physicalLocation": { - "artifactLocation": { - "uri": "src/HugeConstants.sol" - }, - "region": { - "byteLength": 14, - "byteOffset": 1228 - } - } - }, - { - "physicalLocation": { - "artifactLocation": { - "uri": "src/HugeConstants.sol" - }, - "region": { - "byteLength": 14, - "byteOffset": 1282 - } - } - }, - { - "physicalLocation": { - "artifactLocation": { - "uri": "src/HugeConstants.sol" - }, - "region": { - "byteLength": 14, - "byteOffset": 1335 - } - } - }, - { - "physicalLocation": { - "artifactLocation": { - "uri": "src/HugeConstants.sol" - }, - "region": { - "byteLength": 19, - "byteOffset": 1388 - } - } - }, - { - "physicalLocation": { - "artifactLocation": { - "uri": "src/HugeConstants.sol" - }, - "region": { - "byteLength": 19, - "byteOffset": 1444 - } - } - }, - { - "physicalLocation": { - "artifactLocation": { - "uri": "src/HugeConstants.sol" - }, - "region": { - "byteLength": 19, - "byteOffset": 1499 - } - } - }, - { - "physicalLocation": { - "artifactLocation": { - "uri": "src/HugeConstants.sol" - }, - "region": { - "byteLength": 26, - "byteOffset": 1556 - } - } - }, - { - "physicalLocation": { - "artifactLocation": { - "uri": "src/HugeConstants.sol" - }, - "region": { - "byteLength": 26, - "byteOffset": 1644 - } - } - }, - { - "physicalLocation": { - "artifactLocation": { - "uri": "src/HugeConstants.sol" - }, - "region": { - "byteLength": 31, - "byteOffset": 1709 - } - } - }, - { - "physicalLocation": { - "artifactLocation": { - "uri": "src/HugeConstants.sol" - }, - "region": { - "byteLength": 23, - "byteOffset": 1779 - } - } - }, - { - "physicalLocation": { - "artifactLocation": { - "uri": "src/HugeConstants.sol" - }, - "region": { - "byteLength": 23, - "byteOffset": 1859 - } - } - }, - { - "physicalLocation": { - "artifactLocation": { - "uri": "src/HugeConstants.sol" - }, - "region": { - "byteLength": 23, - "byteOffset": 1922 - } - } - }, - { - "physicalLocation": { - "artifactLocation": { - "uri": "src/HugeConstants.sol" - }, - "region": { - "byteLength": 23, - "byteOffset": 1984 - } - } - }, - { - "physicalLocation": { - "artifactLocation": { - "uri": "src/HugeConstants.sol" - }, - "region": { - "byteLength": 23, - "byteOffset": 2071 - } - } - }, - { - "physicalLocation": { - "artifactLocation": { - "uri": "src/HugeConstants.sol" - }, - "region": { - "byteLength": 23, - "byteOffset": 2135 - } - } - }, - { - "physicalLocation": { - "artifactLocation": { - "uri": "src/HugeConstants.sol" - }, - "region": { - "byteLength": 18, - "byteOffset": 2199 - } - } - }, - { - "physicalLocation": { - "artifactLocation": { - "uri": "src/InconsistentUints.sol" - }, - "region": { - "byteLength": 11, - "byteOffset": 197 - } - } - }, - { - "physicalLocation": { - "artifactLocation": { - "uri": "src/InconsistentUints.sol" - }, - "region": { - "byteLength": 14, - "byteOffset": 233 - } - } - }, - { - "physicalLocation": { - "artifactLocation": { - "uri": "src/InconsistentUints.sol" - }, - "region": { - "byteLength": 9, - "byteOffset": 383 - } - } - }, { "physicalLocation": { "artifactLocation": { @@ -6460,17 +6064,6 @@ } } }, - { - "physicalLocation": { - "artifactLocation": { - "uri": "src/StateVariables.sol" - }, - "region": { - "byteLength": 18, - "byteOffset": 282 - } - } - }, { "physicalLocation": { "artifactLocation": { @@ -6493,17 +6086,6 @@ } } }, - { - "physicalLocation": { - "artifactLocation": { - "uri": "src/StateVariables.sol" - }, - "region": { - "byteLength": 26, - "byteOffset": 490 - } - } - }, { "physicalLocation": { "artifactLocation": { @@ -6526,39 +6108,6 @@ } } }, - { - "physicalLocation": { - "artifactLocation": { - "uri": "src/StateVariables.sol" - }, - "region": { - "byteLength": 15, - "byteOffset": 1159 - } - } - }, - { - "physicalLocation": { - "artifactLocation": { - "uri": "src/TestERC20.sol" - }, - "region": { - "byteLength": 8, - "byteOffset": 111 - } - } - }, - { - "physicalLocation": { - "artifactLocation": { - "uri": "src/UninitializedStateVariable.sol" - }, - "region": { - "byteLength": 3, - "byteOffset": 448 - } - } - }, { "physicalLocation": { "artifactLocation": { @@ -6577,7 +6126,7 @@ }, "region": { "byteLength": 13, - "byteOffset": 145 + "byteOffset": 147 } } }, @@ -6588,7 +6137,7 @@ }, "region": { "byteLength": 13, - "byteOffset": 179 + "byteOffset": 183 } } }, @@ -6599,7 +6148,7 @@ }, "region": { "byteLength": 10, - "byteOffset": 210 + "byteOffset": 215 } } }, @@ -6610,29 +6159,7 @@ }, "region": { "byteLength": 12, - "byteOffset": 240 - } - } - }, - { - "physicalLocation": { - "artifactLocation": { - "uri": "src/UnusedStateVariables.sol" - }, - "region": { - "byteLength": 13, - "byteOffset": 273 - } - } - }, - { - "physicalLocation": { - "artifactLocation": { - "uri": "src/WrongOrderOfLayout.sol" - }, - "region": { - "byteLength": 10, - "byteOffset": 257 + "byteOffset": 246 } } }, @@ -6745,28 +6272,6 @@ "byteOffset": 486 } } - }, - { - "physicalLocation": { - "artifactLocation": { - "uri": "src/nested_mappings/LaterVersion.sol" - }, - "region": { - "byteLength": 20, - "byteOffset": 416 - } - } - }, - { - "physicalLocation": { - "artifactLocation": { - "uri": "src/nested_mappings/NestedMappings.sol" - }, - "region": { - "byteLength": 58, - "byteOffset": 367 - } - } } ], "message": { diff --git a/reports/templegold-report.md b/reports/templegold-report.md index 92d40d793..8dfaf3989 100644 --- a/reports/templegold-report.md +++ b/reports/templegold-report.md @@ -36,7 +36,7 @@ This report was generated by [Aderyn](https://github.com/Cyfrin/aderyn), a stati - [L-17: Loop contains `require`/`revert` statements](#l-17-loop-contains-requirerevert-statements) - [L-18: Incorrect Order of Division and Multiplication](#l-18-incorrect-order-of-division-and-multiplication) - [L-19: Redundant statements have no effect.](#l-19-redundant-statements-have-no-effect) - - [L-20: Potentially unused state variables found.](#l-20-potentially-unused-state-variables-found) + - [L-20: Potentially unused `private` / `internal` state variables found.](#l-20-potentially-unused-private--internal-state-variables-found) # Summary @@ -8588,61 +8588,13 @@ Remove the redundant statements because no code will be generated and it just co -## L-20: Potentially unused state variables found. +## L-20: Potentially unused `private` / `internal` state variables found. State variable appears to be unused. No analysis has been performed to see if any inilne assembly references it. So if that's not the case, consider removing this unused variable. -
18 Found Instances +
3 Found Instances -- Found in contracts/amm/TempleUniswapV2Pair.sol [Line: 29](../tests/2024-07-templegold/protocol/contracts/amm/TempleUniswapV2Pair.sol#L29) - - ```solidity - uint public kLast; // reserve0 * reserve1, as of immediately after the most recent liquidity event - ``` - -- Found in contracts/fakes/templegold/TempleGoldMock.sol [Line: 32](../tests/2024-07-templegold/protocol/contracts/fakes/templegold/TempleGoldMock.sol#L32) - - ```solidity - uint256 public constant DISTRIBUTION_MULTIPLIER = 100 ether; - ``` - -- Found in contracts/fakes/templegold/TempleGoldMock.sol [Line: 34](../tests/2024-07-templegold/protocol/contracts/fakes/templegold/TempleGoldMock.sol#L34) - - ```solidity - uint256 public constant MINIMUM_DISTRIBUTION_SHARE = 1 ether; - ``` - -- Found in contracts/fakes/templegold/TempleGoldMock.sol [Line: 36](../tests/2024-07-templegold/protocol/contracts/fakes/templegold/TempleGoldMock.sol#L36) - - ```solidity - uint256 public constant MAX_SUPPLY = 1_000_000_000 ether; // 1B - ``` - -- Found in contracts/fakes/templegold/TempleGoldMock.sol [Line: 38](../tests/2024-07-templegold/protocol/contracts/fakes/templegold/TempleGoldMock.sol#L38) - - ```solidity - uint256 public constant MINIMUM_MINT = 1_000; - ``` - -- Found in contracts/fakes/templegold/TempleGoldStakingMock.sol [Line: 39](../tests/2024-07-templegold/protocol/contracts/fakes/templegold/TempleGoldStakingMock.sol#L39) - - ```solidity - uint256 public rewardPerTokenStored; - ``` - -- Found in contracts/fakes/templegold/TempleGoldStakingMock.sol [Line: 47](../tests/2024-07-templegold/protocol/contracts/fakes/templegold/TempleGoldStakingMock.sol#L47) - - ```solidity - uint256 public periodFinish; - ``` - -- Found in contracts/fakes/templegold/TempleGoldStakingMock.sol [Line: 48](../tests/2024-07-templegold/protocol/contracts/fakes/templegold/TempleGoldStakingMock.sol#L48) - - ```solidity - uint256 public lastUpdateTime; - ``` - - Found in contracts/fakes/templegold/TempleGoldStakingMock.sol [Line: 71](../tests/2024-07-templegold/protocol/contracts/fakes/templegold/TempleGoldStakingMock.sol#L71) ```solidity @@ -8661,48 +8613,6 @@ State variable appears to be unused. No analysis has been performed to see if an uint256 internal _currentEpochId; ``` -- Found in contracts/templegold/AuctionBase.sol [Line: 17](../tests/2024-07-templegold/protocol/contracts/templegold/AuctionBase.sol#L17) - - ```solidity - mapping(address depositor => mapping(uint256 epochId => uint256 amount)) public override depositors; - ``` - -- Found in contracts/templegold/TempleGoldStaking.sol [Line: 40](../tests/2024-07-templegold/protocol/contracts/templegold/TempleGoldStaking.sol#L40) - - ```solidity - uint256 public override rewardPerTokenStored; - ``` - -- Found in contracts/templegold/TempleGoldStaking.sol [Line: 45](../tests/2024-07-templegold/protocol/contracts/templegold/TempleGoldStaking.sol#L45) - - ```solidity - uint256 public override periodFinish; - ``` - -- Found in contracts/templegold/TempleGoldStaking.sol [Line: 47](../tests/2024-07-templegold/protocol/contracts/templegold/TempleGoldStaking.sol#L47) - - ```solidity - uint256 public override lastUpdateTime; - ``` - -- Found in contracts/v2/TempleDebtToken.sol [Line: 95](../tests/2024-07-templegold/protocol/contracts/v2/TempleDebtToken.sol#L95) - - ```solidity - uint8 public constant override decimals = 18; - ``` - -- Found in contracts/v2/TreasuryPriceIndexOracle.sol [Line: 21](../tests/2024-07-templegold/protocol/contracts/v2/TreasuryPriceIndexOracle.sol#L21) - - ```solidity - uint256 public constant override TPI_DECIMALS = 18; - ``` - -- Found in contracts/v2/safeGuards/ThresholdSafeGuard.sol [Line: 27](../tests/2024-07-templegold/protocol/contracts/v2/safeGuards/ThresholdSafeGuard.sol#L27) - - ```solidity - string public constant VERSION = "1.0.0"; - ``` -
From be7eb5cc1fa2ff6c27ea98a3931c88095bb69e13 Mon Sep 17 00:00:00 2001 From: TilakMaddy Date: Fri, 2 Aug 2024 22:06:32 +0530 Subject: [PATCH 5/7] cli/reportgen --- reports/report.json | 33 +++++++++++----------- reports/report.md | 54 +++++++++++++----------------------- reports/report.sarif | 22 +++++++++++++++ reports/templegold-report.md | 7 +---- 4 files changed, 59 insertions(+), 57 deletions(-) diff --git a/reports/report.json b/reports/report.json index 2e7200b2f..4e81f3ac6 100644 --- a/reports/report.json +++ b/reports/report.json @@ -1,12 +1,7 @@ { "files_summary": { -<<<<<<< HEAD - "total_source_units": 74, - "total_sloc": 2008 -======= - "total_source_units": 77, - "total_sloc": 2225 ->>>>>>> dev + "total_source_units": 78, + "total_sloc": 2237 }, "files_details": { "files_details": [ @@ -325,13 +320,8 @@ ] }, "issue_count": { -<<<<<<< HEAD - "high": 32, - "low": 26 -======= "high": 36, - "low": 25 ->>>>>>> dev + "low": 26 }, "high_issues": { "issues": [ @@ -4149,6 +4139,18 @@ "src": "1108:17", "src_char": "1108:17" }, + { + "contract_path": "src/TautologyOrContradiction.sol", + "line_no": 6, + "src": "133:6", + "src_char": "133:6" + }, + { + "contract_path": "src/TautologyOrContradiction.sol", + "line_no": 7, + "src": "145:9", + "src_char": "145:9" + }, { "contract_path": "src/UninitializedStateVariable.sol", "line_no": 13, @@ -4302,12 +4304,9 @@ "weak-randomness", "pre-declared-local-variable-usage", "delete-nested-mapping", -<<<<<<< HEAD - "unused-state-variable" -======= + "unused-state-variable", "tx-origin-used-for-auth", "msg-value-in-loop", "contract-locks-ether" ->>>>>>> dev ] } \ No newline at end of file diff --git a/reports/report.md b/reports/report.md index 030d5f1a0..78bfad316 100644 --- a/reports/report.md +++ b/reports/report.md @@ -79,13 +79,8 @@ This report was generated by [Aderyn](https://github.com/Cyfrin/aderyn), a stati | Key | Value | | --- | --- | -<<<<<<< HEAD -| .sol Files | 74 | -| Total nSLOC | 2008 | -======= -| .sol Files | 77 | -| Total nSLOC | 2225 | ->>>>>>> dev +| .sol Files | 78 | +| Total nSLOC | 2237 | ## Files Details @@ -170,24 +165,15 @@ This report was generated by [Aderyn](https://github.com/Cyfrin/aderyn), a stati | src/reused_contract_name/ContractB.sol | 7 | | src/uniswap/UniswapV2Swapper.sol | 50 | | src/uniswap/UniswapV3Swapper.sol | 150 | -<<<<<<< HEAD -| **Total** | **2008** | -======= -| **Total** | **2225** | ->>>>>>> dev +| **Total** | **2237** | ## Issue Summary | Category | No. of Issues | | --- | --- | -<<<<<<< HEAD -| High | 32 | -| Low | 26 | -======= | High | 36 | -| Low | 25 | ->>>>>>> dev +| Low | 26 | # High Issues @@ -1209,11 +1195,7 @@ If the length of a dynamic array (storage variable) directly assigned to, it may Solidity does initialize variables by default when you declare them, however it's good practice to explicitly declare an initial value. For example, if you transfer money to an address we must make sure that the address has been initialized. -<<<<<<< HEAD -
19 Found Instances -======= -
16 Found Instances ->>>>>>> dev +
21 Found Instances - Found in src/AssemblyExample.sol [Line: 5](../tests/contract-playground/src/AssemblyExample.sol#L5) @@ -2266,11 +2248,7 @@ ERC20 functions may not behave as expected. For example: return values are not a Consider using a specific version of Solidity in your contracts instead of a wide version. For example, instead of `pragma solidity ^0.8.0;`, use `pragma solidity 0.8.0;` -<<<<<<< HEAD -
20 Found Instances -======= -
23 Found Instances ->>>>>>> dev +
24 Found Instances - Found in src/CompilerBugStorageSignedIntegerArray.sol [Line: 2](../tests/contract-playground/src/CompilerBugStorageSignedIntegerArray.sol#L2) @@ -3168,11 +3146,7 @@ Using `ERC721::_mint()` can mint ERC721 tokens to addresses which don't support Solc compiler version 0.8.20 switches the default target EVM version to Shanghai, which means that the generated bytecode will include PUSH0 opcodes. Be sure to select the appropriate EVM version in case you intend to deploy on a chain other than mainnet like L2 chains that may not support PUSH0, otherwise deployment of your contracts will fail. -<<<<<<< HEAD -
29 Found Instances -======= -
31 Found Instances ->>>>>>> dev +
32 Found Instances - Found in src/AdminContract.sol [Line: 2](../tests/contract-playground/src/AdminContract.sol#L2) @@ -4204,7 +4178,7 @@ The contract reads it's own variable using `this` which adds an unnecessary STAT State variable appears to be unused. No analysis has been performed to see if any inilne assembly references it. So if that's not the case, consider removing this unused variable. -
23 Found Instances +
25 Found Instances - Found in src/AssemblyExample.sol [Line: 5](../tests/contract-playground/src/AssemblyExample.sol#L5) @@ -4255,6 +4229,18 @@ State variable appears to be unused. No analysis has been performed to see if an uint256 internal constant INTERNAL_CONSTANT = 2; ``` +- Found in src/TautologyOrContradiction.sol [Line: 6](../tests/contract-playground/src/TautologyOrContradiction.sol#L6) + + ```solidity + uint x; + ``` + +- Found in src/TautologyOrContradiction.sol [Line: 7](../tests/contract-playground/src/TautologyOrContradiction.sol#L7) + + ```solidity + uint256 y; + ``` + - Found in src/UninitializedStateVariable.sol [Line: 13](../tests/contract-playground/src/UninitializedStateVariable.sol#L13) ```solidity diff --git a/reports/report.sarif b/reports/report.sarif index 16601e51a..f207e7582 100644 --- a/reports/report.sarif +++ b/reports/report.sarif @@ -6749,6 +6749,28 @@ } } }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/TautologyOrContradiction.sol" + }, + "region": { + "byteLength": 6, + "byteOffset": 133 + } + } + }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/TautologyOrContradiction.sol" + }, + "region": { + "byteLength": 9, + "byteOffset": 145 + } + } + }, { "physicalLocation": { "artifactLocation": { diff --git a/reports/templegold-report.md b/reports/templegold-report.md index d9165fefb..a2c188454 100644 --- a/reports/templegold-report.md +++ b/reports/templegold-report.md @@ -191,13 +191,8 @@ This report was generated by [Aderyn](https://github.com/Cyfrin/aderyn), a stati | Category | No. of Issues | | --- | --- | -<<<<<<< HEAD -| High | 8 | -| Low | 20 | -======= | High | 10 | -| Low | 19 | ->>>>>>> dev +| Low | 20 | # High Issues From 7f550ea24073f09d01d7f411c19359d2791ea4a4 Mon Sep 17 00:00:00 2001 From: TilakMaddy Date: Fri, 2 Aug 2024 22:10:34 +0530 Subject: [PATCH 6/7] fix --- .../src/detect/low/unused_state_variable.rs | 21 ++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/aderyn_core/src/detect/low/unused_state_variable.rs b/aderyn_core/src/detect/low/unused_state_variable.rs index caa4aa51c..e780f56c8 100644 --- a/aderyn_core/src/detect/low/unused_state_variable.rs +++ b/aderyn_core/src/detect/low/unused_state_variable.rs @@ -1,10 +1,13 @@ use std::collections::{BTreeMap, BTreeSet}; +use std::convert::identity; use std::error::Error; -use crate::ast::{NodeID, Visibility}; +use crate::ast::{ASTNode, ContractKind, NodeID, NodeType, Visibility}; use crate::capture; -use crate::context::browser::{ExtractReferencedDeclarations, ExtractVariableDeclarations}; +use crate::context::browser::{ + ExtractReferencedDeclarations, ExtractVariableDeclarations, GetClosestAncestorOfTypeX, +}; use crate::detect::detector::IssueDetectorNamePool; use crate::{ context::workspace_context::WorkspaceContext, @@ -47,7 +50,19 @@ impl IssueDetector for UnusedStateVariablesDetector { for unused_state_var_id in all_state_variable_declarations { if let Some(node) = context.nodes.get(&unused_state_var_id) { - capture!(self, context, node); + if let Some(ASTNode::ContractDefinition(contract)) = + node.closest_ancestor_of_type(context, NodeType::ContractDefinition) + { + // If this variable is defined inside a contract, make sure it's not an abstract contract before capturing it + if !contract.is_abstract.is_some_and(identity) + && contract.kind == ContractKind::Contract + { + capture!(self, context, node); + } + } else { + // Otherwise, just capture it ! + capture!(self, context, node); + } } } From 7a97cfadb870adca1d52bcd3793faebf2864f786 Mon Sep 17 00:00:00 2001 From: TilakMaddy Date: Fri, 2 Aug 2024 22:11:12 +0530 Subject: [PATCH 7/7] cli/reportgen --- reports/ccip-functions-report.md | 20 +------------------- reports/templegold-report.md | 8 +------- 2 files changed, 2 insertions(+), 26 deletions(-) diff --git a/reports/ccip-functions-report.md b/reports/ccip-functions-report.md index 3367cdd7a..b6e995435 100644 --- a/reports/ccip-functions-report.md +++ b/reports/ccip-functions-report.md @@ -25,7 +25,6 @@ This report was generated by [Aderyn](https://github.com/Cyfrin/aderyn), a stati - [L-11: Contract still has TODOs](#l-11-contract-still-has-todos) - [L-12: Unused Custom Error](#l-12-unused-custom-error) - [L-13: Loop contains `require`/`revert` statements](#l-13-loop-contains-requirerevert-statements) - - [L-14: Potentially unused `private` / `internal` state variables found.](#l-14-potentially-unused-private--internal-state-variables-found) # Summary @@ -102,7 +101,7 @@ This report was generated by [Aderyn](https://github.com/Cyfrin/aderyn), a stati | Category | No. of Issues | | --- | --- | | High | 3 | -| Low | 14 | +| Low | 13 | # High Issues @@ -2451,20 +2450,3 @@ Avoid `require` / `revert` statements in a loop because a single bad item can ca -## L-14: Potentially unused `private` / `internal` state variables found. - -State variable appears to be unused. No analysis has been performed to see if any inilne assembly references it. So if that's not the case, consider removing this unused variable. - -
1 Found Instances - - -- Found in src/v0.8/functions/v1_0_0/ocr/OCR2Base.sol [Line: 22](../tests/ccip-contracts/contracts/src/v0.8/functions/v1_0_0/ocr/OCR2Base.sol#L22) - - ```solidity - uint256 private constant maxUint32 = (1 << 32) - 1; - ``` - -
- - - diff --git a/reports/templegold-report.md b/reports/templegold-report.md index a2c188454..d95396fe6 100644 --- a/reports/templegold-report.md +++ b/reports/templegold-report.md @@ -8658,7 +8658,7 @@ Remove the redundant statements because no code will be generated and it just co State variable appears to be unused. No analysis has been performed to see if any inilne assembly references it. So if that's not the case, consider removing this unused variable. -
3 Found Instances +
2 Found Instances - Found in contracts/fakes/templegold/TempleGoldStakingMock.sol [Line: 71](../tests/2024-07-templegold/protocol/contracts/fakes/templegold/TempleGoldStakingMock.sol#L71) @@ -8673,12 +8673,6 @@ State variable appears to be unused. No analysis has been performed to see if an mapping(address account => EnumerableSet.UintSet indexes) private _accountStakes; ``` -- Found in contracts/templegold/AuctionBase.sol [Line: 13](../tests/2024-07-templegold/protocol/contracts/templegold/AuctionBase.sol#L13) - - ```solidity - uint256 internal _currentEpochId; - ``` -