feat: 14 day cooldown withdraw, deposit min #16
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
THIS CHECKLIST IS NOT COMPLETE. Use
--show-ignored-findings
to show all the results.Summary
unchecked-transfer
Impact: High
Confidence: Medium
FoldCaptiveStakingV2.claimInsurance(uint128) ignores return value by token1.transfer(owner,amount1)
src/FOLD_StakingV2.sol#L366-L400
FoldCaptiveStakingV2.collectFees() ignores return value by token1.transfer(msg.sender,fee1Owed)
src/FOLD_StakingV2.sol#L267-L282
FoldCaptiveStakingV2.deposit(uint256,uint256,uint256) ignores return value by token0.transferFrom(msg.sender,address(this),amount0)
src/FOLD_StakingV2.sol#L193-L231
FoldCaptiveStaking.claimInsurance(uint128) ignores return value by token1.transfer(owner,amount1)
src/FoldCaptiveStaking.sol#L358-L392
FoldCaptiveStaking.claimInsurance(uint128) ignores return value by token0.transfer(owner,amount0)
src/FoldCaptiveStaking.sol#L358-L392
FoldCaptiveStakingV2.deposit(uint256,uint256,uint256) ignores return value by token0.transfer(msg.sender,amount0 - actualAmount0)
src/FOLD_StakingV2.sol#L193-L231
FoldCaptiveStaking.withdraw(uint128) ignores return value by token0.transfer(msg.sender,amount0)
src/FoldCaptiveStaking.sol#L290-L327
FoldCaptiveStaking.deposit(uint256,uint256,uint256) ignores return value by token0.transfer(msg.sender,amount0 - actualAmount0)
src/FoldCaptiveStaking.sol#L185-L223
FoldCaptiveStaking.collectRewards() ignores return value by WETH9.transfer(msg.sender,rewardsOwed)
src/FoldCaptiveStaking.sol#L277-L286
FoldCaptiveStakingV2.deposit(uint256,uint256,uint256) ignores return value by token1.transfer(msg.sender,amount1 - actualAmount1)
src/FOLD_StakingV2.sol#L193-L231
FoldCaptiveStakingV2.compound() ignores return value by token1.transfer(msg.sender,fee1Owed - actualAmount1)
src/FOLD_StakingV2.sol#L234-L264
FoldCaptiveStaking.compound() ignores return value by token0.transfer(msg.sender,fee0Owed - actualAmount0)
src/FoldCaptiveStaking.sol#L226-L256
FoldCaptiveStaking.collectFees() ignores return value by token0.transfer(msg.sender,fee0Owed)
src/FoldCaptiveStaking.sol#L259-L274
FoldCaptiveStaking.withdraw(uint128) ignores return value by token1.transfer(msg.sender,amount1)
src/FoldCaptiveStaking.sol#L290-L327
FoldCaptiveStakingV2.collectFees() ignores return value by token0.transfer(msg.sender,fee0Owed)
src/FOLD_StakingV2.sol#L267-L282
FoldCaptiveStakingV2.withdraw(uint128) ignores return value by token0.transfer(msg.sender,amount0)
src/FOLD_StakingV2.sol#L298-L335
FoldCaptiveStakingV2.claimInsurance(uint128) ignores return value by token0.transfer(owner,amount0)
src/FOLD_StakingV2.sol#L366-L400
FoldCaptiveStaking.deposit(uint256,uint256,uint256) ignores return value by token1.transfer(msg.sender,amount1 - actualAmount1)
src/FoldCaptiveStaking.sol#L185-L223
FoldCaptiveStaking.deposit(uint256,uint256,uint256) ignores return value by token0.transferFrom(msg.sender,address(this),amount0)
src/FoldCaptiveStaking.sol#L185-L223
FoldCaptiveStakingV2.withdraw(uint128) ignores return value by token1.transfer(msg.sender,amount1)
src/FOLD_StakingV2.sol#L298-L335
FoldCaptiveStaking.compound() ignores return value by token1.transfer(msg.sender,fee1Owed - actualAmount1)
src/FoldCaptiveStaking.sol#L226-L256
FoldCaptiveStakingV2.compound() ignores return value by token0.transfer(msg.sender,fee0Owed - actualAmount0)
src/FOLD_StakingV2.sol#L234-L264
FoldCaptiveStaking.collectFees() ignores return value by token1.transfer(msg.sender,fee1Owed)
src/FoldCaptiveStaking.sol#L259-L274
FoldCaptiveStakingV2.deposit(uint256,uint256,uint256) ignores return value by token1.transferFrom(msg.sender,address(this),amount1)
src/FOLD_StakingV2.sol#L193-L231
FoldCaptiveStakingV2.collectRewards() ignores return value by WETH9.transfer(msg.sender,rewardsOwed)
src/FOLD_StakingV2.sol#L285-L294
FoldCaptiveStaking.deposit(uint256,uint256,uint256) ignores return value by token1.transferFrom(msg.sender,address(this),amount1)
src/FoldCaptiveStaking.sol#L185-L223
divide-before-multiply
Impact: Medium
Confidence: Medium
TickMath.maxUsableTick(int24) performs a multiplication on the result of a division:
src/libraries/TickMath.sol#L32-L36
TickMath.getSqrtPriceAtTick(int24) performs a multiplication on the result of a division:
src/libraries/TickMath.sol#L50-L109
TickMath.getSqrtPriceAtTick(int24) performs a multiplication on the result of a division:
src/libraries/TickMath.sol#L50-L109
TickMath.getSqrtPriceAtTick(int24) performs a multiplication on the result of a division:
src/libraries/TickMath.sol#L50-L109
TickMath.getSqrtPriceAtTick(int24) performs a multiplication on the result of a division:
src/libraries/TickMath.sol#L50-L109
TickMath.getSqrtPriceAtTick(int24) performs a multiplication on the result of a division:
src/libraries/TickMath.sol#L50-L109
TickMath.getSqrtPriceAtTick(int24) performs a multiplication on the result of a division:
src/libraries/TickMath.sol#L50-L109
TickMath.minUsableTick(int24) performs a multiplication on the result of a division:
src/libraries/TickMath.sol#L39-L43
TickMath.getSqrtPriceAtTick(int24) performs a multiplication on the result of a division:
src/libraries/TickMath.sol#L50-L109
TickMath.getSqrtPriceAtTick(int24) performs a multiplication on the result of a division:
src/libraries/TickMath.sol#L50-L109
TickMath.getSqrtPriceAtTick(int24) performs a multiplication on the result of a division:
src/libraries/TickMath.sol#L50-L109
TickMath.getSqrtPriceAtTick(int24) performs a multiplication on the result of a division:
src/libraries/TickMath.sol#L50-L109
TickMath.getSqrtPriceAtTick(int24) performs a multiplication on the result of a division:
src/libraries/TickMath.sol#L50-L109
TickMath.getSqrtPriceAtTick(int24) performs a multiplication on the result of a division:
src/libraries/TickMath.sol#L50-L109
TickMath.getSqrtPriceAtTick(int24) performs a multiplication on the result of a division:
src/libraries/TickMath.sol#L50-L109
TickMath.getSqrtPriceAtTick(int24) performs a multiplication on the result of a division:
src/libraries/TickMath.sol#L50-L109
TickMath.getSqrtPriceAtTick(int24) performs a multiplication on the result of a division:
src/libraries/TickMath.sol#L50-L109
TickMath.getSqrtPriceAtTick(int24) performs a multiplication on the result of a division:
src/libraries/TickMath.sol#L50-L109
TickMath.getSqrtPriceAtTick(int24) performs a multiplication on the result of a division:
src/libraries/TickMath.sol#L50-L109
TickMath.getSqrtPriceAtTick(int24) performs a multiplication on the result of a division:
src/libraries/TickMath.sol#L50-L109
TickMath.getSqrtPriceAtTick(int24) performs a multiplication on the result of a division:
src/libraries/TickMath.sol#L50-L109
incorrect-equality
Impact: Medium
Confidence: High
FoldCaptiveStaking.initialize() uses a dangerous strict equality:
src/FoldCaptiveStaking.sol#L69-L103
FoldCaptiveStakingV2.initialize() uses a dangerous strict equality:
src/FOLD_StakingV2.sol#L77-L111
reentrancy-no-eth
Impact: Medium
Confidence: Medium
Reentrancy in FoldCaptiveStaking.withdraw(uint128):
External calls:
State variables written after the call(s):
FoldCaptiveStaking.balances can be used in cross function reentrancies:
FoldCaptiveStaking.balances can be used in cross function reentrancies:
FoldCaptiveStaking.liquidityUnderManagement can be used in cross function reentrancies:
src/FoldCaptiveStaking.sol#L290-L327
Reentrancy in FoldCaptiveStaking.compound():
External calls:
State variables written after the call(s):
FoldCaptiveStaking.balances can be used in cross function reentrancies:
FoldCaptiveStaking.balances can be used in cross function reentrancies:
FoldCaptiveStaking.balances can be used in cross function reentrancies:
FoldCaptiveStaking.liquidityUnderManagement can be used in cross function reentrancies:
src/FoldCaptiveStaking.sol#L226-L256
Reentrancy in FoldCaptiveStakingV2.initialize():
External calls:
State variables written after the call(s):
FoldCaptiveStakingV2.initialized can be used in cross function reentrancies:
src/FOLD_StakingV2.sol#L77-L111
Reentrancy in FoldCaptiveStaking.deposit(uint256,uint256,uint256):
External calls:
State variables written after the call(s):
FoldCaptiveStaking.balances can be used in cross function reentrancies:
src/FoldCaptiveStaking.sol#L185-L223
Reentrancy in FoldCaptiveStakingV2.collectRewards():
External calls:
State variables written after the call(s):
FoldCaptiveStakingV2.balances can be used in cross function reentrancies:
src/FOLD_StakingV2.sol#L285-L294
Reentrancy in FoldCaptiveStakingV2.withdraw(uint128):
External calls:
State variables written after the call(s):
FoldCaptiveStakingV2.balances can be used in cross function reentrancies:
FoldCaptiveStakingV2.balances can be used in cross function reentrancies:
FoldCaptiveStakingV2.liquidityUnderManagement can be used in cross function reentrancies:
src/FOLD_StakingV2.sol#L298-L335
Reentrancy in FoldCaptiveStaking.deposit(uint256,uint256,uint256):
External calls:
State variables written after the call(s):
FoldCaptiveStaking.balances can be used in cross function reentrancies:
FoldCaptiveStaking.liquidityUnderManagement can be used in cross function reentrancies:
src/FoldCaptiveStaking.sol#L185-L223
Reentrancy in FoldCaptiveStakingV2.deposit(uint256,uint256,uint256):
External calls:
State variables written after the call(s):
FoldCaptiveStakingV2.balances can be used in cross function reentrancies:
src/FOLD_StakingV2.sol#L193-L231
Reentrancy in FoldCaptiveStaking.initialize():
External calls:
State variables written after the call(s):
FoldCaptiveStaking.initialized can be used in cross function reentrancies:
src/FoldCaptiveStaking.sol#L69-L103
Reentrancy in FoldCaptiveStaking.collectRewards():
External calls:
State variables written after the call(s):
FoldCaptiveStaking.balances can be used in cross function reentrancies:
src/FoldCaptiveStaking.sol#L277-L286
Reentrancy in FoldCaptiveStakingV2.claimInsurance(uint128):
External calls:
State variables written after the call(s):
FoldCaptiveStakingV2.liquidityUnderManagement can be used in cross function reentrancies:
src/FOLD_StakingV2.sol#L366-L400
Reentrancy in FoldCaptiveStakingV2.collectFees():
External calls:
State variables written after the call(s):
FoldCaptiveStakingV2.balances can be used in cross function reentrancies:
FoldCaptiveStakingV2.balances can be used in cross function reentrancies:
src/FOLD_StakingV2.sol#L267-L282
Reentrancy in FoldCaptiveStaking.collectFees():
External calls:
State variables written after the call(s):
FoldCaptiveStaking.balances can be used in cross function reentrancies:
FoldCaptiveStaking.balances can be used in cross function reentrancies:
src/FoldCaptiveStaking.sol#L259-L274
Reentrancy in FoldCaptiveStakingV2.compound():
External calls:
State variables written after the call(s):
FoldCaptiveStakingV2.balances can be used in cross function reentrancies:
FoldCaptiveStakingV2.balances can be used in cross function reentrancies:
FoldCaptiveStakingV2.balances can be used in cross function reentrancies:
FoldCaptiveStakingV2.liquidityUnderManagement can be used in cross function reentrancies:
src/FOLD_StakingV2.sol#L234-L264
Reentrancy in FoldCaptiveStakingV2.deposit(uint256,uint256,uint256):
External calls:
State variables written after the call(s):
FoldCaptiveStakingV2.balances can be used in cross function reentrancies:
FoldCaptiveStakingV2.liquidityUnderManagement can be used in cross function reentrancies:
src/FOLD_StakingV2.sol#L193-L231
Reentrancy in FoldCaptiveStaking.claimInsurance(uint128):
External calls:
State variables written after the call(s):
FoldCaptiveStaking.liquidityUnderManagement can be used in cross function reentrancies:
src/FoldCaptiveStaking.sol#L358-L392
unused-return
Impact: Medium
Confidence: Medium
FoldCaptiveStakingV2.initialize() ignores return value by token1.approve(address(positionManager),type()(uint256).max)
src/FOLD_StakingV2.sol#L77-L111
FoldCaptiveStakingV2.initialize() ignores return value by token0.approve(address(positionManager),type()(uint256).max)
src/FOLD_StakingV2.sol#L77-L111
FoldCaptiveStakingV2.initialize() ignores return value by (TOKEN_ID,liquidity,None,None) = positionManager.mint(params)
src/FOLD_StakingV2.sol#L77-L111
FoldCaptiveStaking.initialize() ignores return value by token1.approve(address(positionManager),type()(uint256).max)
src/FoldCaptiveStaking.sol#L69-L103
FoldCaptiveStaking.initialize() ignores return value by token0.approve(address(positionManager),type()(uint256).max)
src/FoldCaptiveStaking.sol#L69-L103
FoldCaptiveStaking.initialize() ignores return value by (TOKEN_ID,liquidity,None,None) = positionManager.mint(params)
src/FoldCaptiveStaking.sol#L69-L103
pess-dubious-typecast
Impact: Medium
Confidence: High
Dubious typecast in FoldCaptiveStaking.claimInsurance(uint128):
uint256 => uint128 casting occurs in collectParams = INonfungiblePositionManager.CollectParams({tokenId:TOKEN_ID,recipient:address(this),amount0Max:uint128(amount0),amount1Max:uint128(amount1)})
uint256 => uint128 casting occurs in collectParams = INonfungiblePositionManager.CollectParams({tokenId:TOKEN_ID,recipient:address(this),amount0Max:uint128(amount0),amount1Max:uint128(amount1)})
src/FoldCaptiveStaking.sol#L358-L392
Dubious typecast in FoldCaptiveStakingV2.claimInsurance(uint128):
uint256 => uint128 casting occurs in collectParams = INonfungiblePositionManager.CollectParams({tokenId:TOKEN_ID,recipient:address(this),amount0Max:uint128(amount0),amount1Max:uint128(amount1)})
uint256 => uint128 casting occurs in collectParams = INonfungiblePositionManager.CollectParams({tokenId:TOKEN_ID,recipient:address(this),amount0Max:uint128(amount0),amount1Max:uint128(amount1)})
src/FOLD_StakingV2.sol#L366-L400
Dubious typecast in TickMath.getTickAtSqrtPrice(uint160):
uint256 => int256 casting occurs in log_2 = (int256(msb) - 128) << 64
int256 => int24 casting occurs in tickLow = int24((log_sqrt10001 - 3402992956809132418596140100660247210) >> 128)
int256 => int24 casting occurs in tickHi = int24((log_sqrt10001 + 291339464771989622907027621153398088495) >> 128)
src/libraries/TickMath.sol#L116-L271
Dubious typecast in FoldCaptiveStakingV2.collectRewards():
uint256 => uint128 casting occurs in balances[msg.sender].rewardDebt = uint128(rewardsPerLiquidity)
src/FOLD_StakingV2.sol#L285-L294
Dubious typecast in FoldCaptiveStaking.compound():
uint256 => uint128 casting occurs in balances[msg.sender].token0FeeDebt = uint128(token0FeesPerLiquidity)
uint256 => uint128 casting occurs in balances[msg.sender].token1FeeDebt = uint128(token1FeesPerLiquidity)
src/FoldCaptiveStaking.sol#L226-L256
Dubious typecast in FoldCaptiveStakingV2.compound():
uint256 => uint128 casting occurs in balances[msg.sender].token0FeeDebt = uint128(token0FeesPerLiquidity)
uint256 => uint128 casting occurs in balances[msg.sender].token1FeeDebt = uint128(token1FeesPerLiquidity)
src/FOLD_StakingV2.sol#L234-L264
Dubious typecast in FoldCaptiveStakingV2.withdraw(uint128):
uint256 => uint128 casting occurs in collectParams = INonfungiblePositionManager.CollectParams({tokenId:TOKEN_ID,recipient:address(this),amount0Max:uint128(amount0),amount1Max:uint128(amount1)})
uint256 => uint128 casting occurs in collectParams = INonfungiblePositionManager.CollectParams({tokenId:TOKEN_ID,recipient:address(this),amount0Max:uint128(amount0),amount1Max:uint128(amount1)})
src/FOLD_StakingV2.sol#L298-L335
Dubious typecast in TickMath.getSqrtPriceAtTick(int24):
int256 => uint256 casting occurs in mask_getSqrtPriceAtTick_asm_0 = tick >>' 255
uint256 => int256 casting occurs in tick >' 0
src/libraries/TickMath.sol#L50-L109
Dubious typecast in FoldCaptiveStaking.withdraw(uint128):
uint256 => uint128 casting occurs in collectParams = INonfungiblePositionManager.CollectParams({tokenId:TOKEN_ID,recipient:address(this),amount0Max:uint128(amount0),amount1Max:uint128(amount1)})
uint256 => uint128 casting occurs in collectParams = INonfungiblePositionManager.CollectParams({tokenId:TOKEN_ID,recipient:address(this),amount0Max:uint128(amount0),amount1Max:uint128(amount1)})
src/FoldCaptiveStaking.sol#L290-L327
Dubious typecast in FoldCaptiveStaking.collectFees():
uint256 => uint128 casting occurs in balances[msg.sender].token0FeeDebt = uint128(token0FeesPerLiquidity)
uint256 => uint128 casting occurs in balances[msg.sender].token1FeeDebt = uint128(token1FeesPerLiquidity)
src/FoldCaptiveStaking.sol#L259-L274
Dubious typecast in FoldCaptiveStaking.collectRewards():
uint256 => uint128 casting occurs in balances[msg.sender].rewardDebt = uint128(rewardsPerLiquidity)
src/FoldCaptiveStaking.sol#L277-L286
Dubious typecast in FoldCaptiveStakingV2.collectFees():
uint256 => uint128 casting occurs in balances[msg.sender].token0FeeDebt = uint128(token0FeesPerLiquidity)
uint256 => uint128 casting occurs in balances[msg.sender].token1FeeDebt = uint128(token1FeesPerLiquidity)
src/FOLD_StakingV2.sol#L267-L282