Summary
- arbitrary-send-erc20 (1 results) (High)
- reentrancy-eth (2 results) (High)
- divide-before-multiply (9 results) (Medium)
- reentrancy-no-eth (3 results) (Medium)
- unchecked-lowlevel (5 results) (Medium)
- uninitialized-local (7 results) (Medium)
- unused-return (12 results) (Medium)
- constable-states (2 results) (Optimization)
Impact: High Confidence: High
- ID-0 SwapProxy.fillBuyOrder(OrderLib.BuyOrder,bytes,uint256,uint256) uses arbitrary from in transferFrom: SafeERC20.safeTransferFrom(IERC20(buyerOrder.paymentToken),buyerOrder.signerAddress,address(this),reservedPrice)
contracts/SwapProxy.sol#L39-L107
Impact: High Confidence: Medium
- ID-1 Reentrancy in AbstractSilicaV2_1.proxyDeposit(address,uint256): External calls: - mintAmount = _deposit(msg.sender,_to,totalSupply(),amountSpecified) - returndata = address(token).functionCall(data,SafeERC20: low-level call failed) - SafeERC20.safeTransferFrom(IERC20(paymentToken),from,to,amount) - (success,returndata) = target.call{value: value}(data) External calls sending eth: - mintAmount = _deposit(msg.sender,_to,totalSupply(),amountSpecified) - (success,returndata) = target.call{value: value}(data) State variables written after the call(s): - _mint(_to,mintAmount) - _totalSupply += amount ERC20._totalSupply can be used in cross function reentrancies: - ERC20._burn(address,uint256) - ERC20._mint(address,uint256) - ERC20.totalSupply()
contracts/AbstractSilicaV2_1.sol#L480-L486
- ID-2 Reentrancy in AbstractSilicaV2_1.deposit(uint256): External calls: - mintAmount = _deposit(msg.sender,msg.sender,totalSupply(),amountSpecified) - returndata = address(token).functionCall(data,SafeERC20: low-level call failed) - SafeERC20.safeTransferFrom(IERC20(paymentToken),from,to,amount) - (success,returndata) = target.call{value: value}(data) External calls sending eth: - mintAmount = _deposit(msg.sender,msg.sender,totalSupply(),amountSpecified) - (success,returndata) = target.call{value: value}(data) State variables written after the call(s): - _mint(msg.sender,mintAmount) - _totalSupply += amount ERC20._totalSupply can be used in cross function reentrancies: - ERC20._burn(address,uint256) - ERC20._mint(address,uint256) - ERC20.totalSupply()
contracts/AbstractSilicaV2_1.sol#L468-L473
Impact: Medium Confidence: Medium
- ID-3 Math.mulDiv(uint256,uint256,uint256) performs a multiplication on the result of a division: - denominator = denominator / twos - inverse *= 2 - denominator * inverse
node_modules/@openzeppelin/contracts/utils/math/Math.sol#L55-L134
- ID-4 Math.mulDiv(uint256,uint256,uint256) performs a multiplication on the result of a division: - prod0 = prod0 / twos - result = prod0 * inverse
node_modules/@openzeppelin/contracts/utils/math/Math.sol#L55-L134
- ID-5 Math.mulDiv(uint256,uint256,uint256) performs a multiplication on the result of a division: - denominator = denominator / twos - inverse *= 2 - denominator * inverse
node_modules/@openzeppelin/contracts/utils/math/Math.sol#L55-L134
- ID-6 Math.mulDiv(uint256,uint256,uint256) performs a multiplication on the result of a division: - denominator = denominator / twos - inverse *= 2 - denominator * inverse
node_modules/@openzeppelin/contracts/utils/math/Math.sol#L55-L134
- ID-7 PayoutMath._getHaircut(uint256,uint256) performs a multiplication on the result of a division: - multiplier = ((_numDepositsCompleted ** 3) * FIXED_POINT_SCALE_VALUE) / (contractNumberOfDepositsCubed) - result = (HAIRCUT_BASE_PCT * multiplier) / (100 * FIXED_POINT_BASE)
contracts/libraries/math/PayoutMath.sol#L20-L25
- ID-8 Math.mulDiv(uint256,uint256,uint256) performs a multiplication on the result of a division: - denominator = denominator / twos - inverse *= 2 - denominator * inverse
node_modules/@openzeppelin/contracts/utils/math/Math.sol#L55-L134
- ID-9 Math.mulDiv(uint256,uint256,uint256) performs a multiplication on the result of a division: - denominator = denominator / twos - inverse *= 2 - denominator * inverse
node_modules/@openzeppelin/contracts/utils/math/Math.sol#L55-L134
- ID-10 Math.mulDiv(uint256,uint256,uint256) performs a multiplication on the result of a division: - denominator = denominator / twos - inverse *= 2 - denominator * inverse
node_modules/@openzeppelin/contracts/utils/math/Math.sol#L55-L134
- ID-11 Math.mulDiv(uint256,uint256,uint256) performs a multiplication on the result of a division: - denominator = denominator / twos - inverse = (3 * denominator) ^ 2
node_modules/@openzeppelin/contracts/utils/math/Math.sol#L55-L134
Impact: Medium Confidence: Medium
- ID-12 Reentrancy in SwapProxy.fillSellOrder(OrderLib.SellOrder,bytes,uint256): External calls: - silicaAddress = ISilicaFactory(silicaFactory).proxyCreateEthStakingSilicaV2_1(sellerOrder.rewardToken,sellerOrder.paymentToken,sellerOrder.resourceAmount,sellerOrder.endDay,sellerOrder.unitPrice,sellerOrder.signerAddress,sellerOrder.additionalCollateralPercent) - silicaAddress = ISilicaFactory(silicaFactory).proxyCreateSilicaV2_1(sellerOrder.rewardToken,sellerOrder.paymentToken,sellerOrder.resourceAmount,sellerOrder.endDay,sellerOrder.unitPrice,sellerOrder.signerAddress,sellerOrder.additionalCollateralPercent) State variables written after the call(s): - sellOrderToSilica[sellerOrderDigest] = silicaAddress SwapProxy.sellOrderToSilica can be used in cross function reentrancies: - SwapProxy.fillSellOrder(OrderLib.SellOrder,bytes,uint256) - SwapProxy.getSilicaAddressFromSellOrderHash(bytes32) - SwapProxy.routeBuy(OrderLib.SellOrder,bytes,uint256) - SwapProxy.sellOrderToSilica
contracts/SwapProxy.sol#L169-L227
- ID-13 Reentrancy in SwapProxy.routeBuy(OrderLib.SellOrder,bytes,uint256): External calls: - silicaAddress = ISilicaFactory(silicaFactory).proxyCreateEthStakingSilicaV2_1(sellerOrder.rewardToken,sellerOrder.paymentToken,sellerOrder.resourceAmount,sellerOrder.endDay,sellerOrder.unitPrice,sellerOrder.signerAddress,sellerOrder.additionalCollateralPercent) - silicaAddress = ISilicaFactory(silicaFactory).proxyCreateSilicaV2_1(sellerOrder.rewardToken,sellerOrder.paymentToken,sellerOrder.resourceAmount,sellerOrder.endDay,sellerOrder.unitPrice,sellerOrder.signerAddress,sellerOrder.additionalCollateralPercent) State variables written after the call(s): - sellOrderToSilica[sellerOrderDigest] = silicaAddress SwapProxy.sellOrderToSilica can be used in cross function reentrancies: - SwapProxy.fillSellOrder(OrderLib.SellOrder,bytes,uint256) - SwapProxy.getSilicaAddressFromSellOrderHash(bytes32) - SwapProxy.routeBuy(OrderLib.SellOrder,bytes,uint256) - SwapProxy.sellOrderToSilica
contracts/SwapProxy.sol#L109-L167
- ID-14 Reentrancy in SwapProxy.fillBuyOrder(OrderLib.BuyOrder,bytes,uint256,uint256): External calls: - silicaAddress = ISilicaFactory(silicaFactory).proxyCreateEthStakingSilicaV2_1(buyerOrder.rewardToken,buyerOrder.paymentToken,purchaseAmount,buyerOrder.endDay,buyerOrder.unitPrice,sellerAddress,additionalCollateralPercent) - silicaAddress = ISilicaFactory(silicaFactory).proxyCreateSilicaV2_1(buyerOrder.rewardToken,buyerOrder.paymentToken,purchaseAmount,buyerOrder.endDay,buyerOrder.unitPrice,sellerAddress,additionalCollateralPercent) State variables written after the call(s): - buyOrderToConsumedBudget[buyerOrderDigest] += purchaseAmount SwapProxy.buyOrderToConsumedBudget can be used in cross function reentrancies: - SwapProxy.buyOrderToConsumedBudget - SwapProxy.fillBuyOrder(OrderLib.BuyOrder,bytes,uint256,uint256) - SwapProxy.getBudgetConsumedFromOrderHash(bytes32)
contracts/SwapProxy.sol#L39-L107
Impact: Medium Confidence: Medium
- ID-15 Test.deal(address,address,uint256,bool) ignores return value by (balData) = token.call(abi.encodeWithSelector(0x70a08231,to))
lib/forge-std/src/Test.sol#L141-L169
- ID-16 Test.deal(address,address,uint256,bool) ignores return value by (totSupData) = token.call(abi.encodeWithSelector(0x18160ddd))
lib/forge-std/src/Test.sol#L141-L169
- ID-17 stdStorage.find(StdStorage) ignores return value by (rdat) = who.staticcall(cald)
lib/forge-std/src/Test.sol#L564-L659
- ID-18 Address.sendValue(address,uint256) ignores return value by (success) = recipient.call{value: amount}()
node_modules/@openzeppelin/contracts/utils/Address.sol#L64-L69
- ID-19 stdStorage.checked_write(StdStorage,bytes32) ignores return value by (rdat) = who.staticcall(cald)
lib/forge-std/src/Test.sol#L734-L766
Impact: Medium Confidence: Medium
- ID-20 SilicaFactory._createSilicaV2_1(address,address,uint256,uint256,uint256,address,uint256).initializeData is a local variable never initialized
contracts/SilicaFactory.sol#L236
- ID-21 SilicaFactory._getOracleData(address).oracleData is a local variable never initialized
contracts/SilicaFactory.sol#L122
- ID-22 AbstractSilicaV2_1.getRewardDueNextOracleUpdate().balanceNeeded is a local variable never initialized
contracts/AbstractSilicaV2_1.sol#L441
- ID-23 SwapProxy.fillBuyOrder(OrderLib.BuyOrder,bytes,uint256,uint256).silicaAddress is a local variable never initialized
contracts/SwapProxy.sol#L58
- ID-24 SilicaFactory._createEthStakingSilicaV2_1(address,address,uint256,uint256,uint256,address,uint256).initializeData is a local variable never initialized
contracts/SilicaFactory.sol#L331
- ID-25 SilicaFactory._getOracleEthStakingData(address).oracleData is a local variable never initialized
contracts/SilicaFactory.sol#L134
- ID-26 SwapProxy.fillSellOrder(OrderLib.SellOrder,bytes,uint256).silicaAddress is a local variable never initialized
contracts/SwapProxy.sol#L186
Impact: Medium Confidence: Medium
- ID-27 SwapProxy.fillBuyOrder(OrderLib.BuyOrder,bytes,uint256,uint256) ignores return value by IERC20(buyerOrder.paymentToken).approve(silicaAddress,reservedPrice)
contracts/SwapProxy.sol#L39-L107
- ID-28 SwapProxy.fillSellOrder(OrderLib.SellOrder,bytes,uint256) ignores return value by IERC20(sellerOrder.paymentToken).approve(silicaAddress,reservedPrice)
contracts/SwapProxy.sol#L169-L227
- ID-29 SilicaFactory._getOracleEthStakingData(address) ignores return value by (baseRewardPerIncrementPerDay) = oracleEthStaking.get(lastIndexedDay)
contracts/SilicaFactory.sol#L133-L144
- ID-30 stdStorage.find(StdStorage) ignores return value by (reads) = vm_std_store.accesses(address(who))
lib/forge-std/src/Test.sol#L564-L659
- ID-31 SilicaEthStaking._getRewardDueOnDay(uint256) ignores return value by (baseRewardPerIncrementPerDay) = oracleEthStaking.get(_day)
contracts/SilicaEthStaking.sol#L33-L40
- ID-32 SilicaV2_1._getRewardDueOnDay(uint256) ignores return value by (networkHashrate,networkReward) = oracle.get(_day)
contracts/SilicaV2_1.sol#L31-L36
- ID-33 SwapProxy.fillBuyOrder(OrderLib.BuyOrder,bytes,uint256,uint256) ignores return value by ISilicaVault(buyerOrder.vaultAddress).purchaseSilica(silicaAddress,reservedPrice)
contracts/SwapProxy.sol#L39-L107
- ID-34 SwapProxy.fillBuyOrder(OrderLib.BuyOrder,bytes,uint256,uint256) ignores return value by ISilicaV2_1(silicaAddress).proxyDeposit(buyerOrder.signerAddress,reservedPrice)
contracts/SwapProxy.sol#L39-L107
- ID-35 SilicaFactory._getOracleData(address) ignores return value by (networkHashrate,networkReward) = oracle.get(lastIndexedDay)
contracts/SilicaFactory.sol#L121-L130
- ID-36 SwapProxy.routeBuy(OrderLib.SellOrder,bytes,uint256) ignores return value by IERC20(sellerOrder.paymentToken).approve(silicaAddress,reservedPrice)
contracts/SwapProxy.sol#L109-L167
- ID-37 SwapProxy.fillSellOrder(OrderLib.SellOrder,bytes,uint256) ignores return value by ISilicaV2_1(silicaAddress).proxyDeposit(buyerAddress,reservedPrice)
contracts/SwapProxy.sol#L169-L227
- ID-38 SwapProxy.routeBuy(OrderLib.SellOrder,bytes,uint256) ignores return value by ISilicaV2_1(silicaAddress).proxyDeposit(buyerAddress,reservedPrice)
contracts/SwapProxy.sol#L109-L167
Impact: Optimization Confidence: High
- ID-39 SilicaV2_1Storage.silicaFactory should be constant
contracts/storage/SilicaV2_1Storage.sol#L12