Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix all high slither errors #103

Merged
merged 9 commits into from
May 15, 2024
Merged

fix all high slither errors #103

merged 9 commits into from
May 15, 2024

Conversation

YouStillAlive
Copy link
Member

closes #102

@YouStillAlive YouStillAlive marked this pull request as draft May 10, 2024 09:24
Copy link

github-actions bot commented May 10, 2024

Slither report

THIS CHECKLIST IS NOT COMPLETE. Use --show-ignored-findings to show all the results.
Summary

events-access

Impact: Low
Confidence: Medium

function setupNewWhitelist(address _whiteListAddress) external firewallProtected onlyOwnerOrGov {
whiteListAddress = _whiteListAddress;
whiteListId = IWhiteList(_whiteListAddress).CreateManualWhiteList(type(uint256).max, address(this));
}

missing-zero-check

Impact: Low
Confidence: Medium

function setFee(address _token, uint _amount) external firewallProtected onlyOwnerOrGov {

function setupNewWhitelist(address _whiteListAddress) external firewallProtected onlyOwnerOrGov {

function withdrawFee(address _token, address _to) external firewallProtected onlyOwnerOrGov {

function setGovernorContract(address _address) external firewallProtected onlyOwnerOrGov {

pragma

Impact: Informational
Confidence: High

  • ID-5
    4 different versions of Solidity are used:
    • Version constraint ^0.8 is used by:
      • node_modules/@ironblocks/firewall-consumer/contracts/FirewallConsumer.sol#4
      • node_modules/@ironblocks/firewall-consumer/contracts/FirewallConsumerBase.sol#4
      • node_modules/@ironblocks/firewall-consumer/contracts/interfaces/IFirewall.sol#4
      • node_modules/@ironblocks/firewall-consumer/contracts/interfaces/IFirewallConsumer.sol#4
    • Version constraint ^0.8.20 is used by:
      • node_modules/@openzeppelin/contracts/access/Ownable.sol#4
      • node_modules/@openzeppelin/contracts/interfaces/IERC165.sol#4
      • node_modules/@openzeppelin/contracts/interfaces/IERC2981.sol#4
      • node_modules/@openzeppelin/contracts/interfaces/IERC4906.sol#4
      • node_modules/@openzeppelin/contracts/interfaces/IERC721.sol#4
      • node_modules/@openzeppelin/contracts/interfaces/draft-IERC6093.sol#3
      • node_modules/@openzeppelin/contracts/token/ERC20/ERC20.sol#4
      • node_modules/@openzeppelin/contracts/token/ERC20/IERC20.sol#4
      • node_modules/@openzeppelin/contracts/token/ERC20/extensions/IERC20Metadata.sol#4
      • node_modules/@openzeppelin/contracts/token/ERC20/extensions/IERC20Permit.sol#4
      • node_modules/@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol#4
      • node_modules/@openzeppelin/contracts/token/ERC721/ERC721.sol#4
      • node_modules/@openzeppelin/contracts/token/ERC721/IERC721.sol#4
      • node_modules/@openzeppelin/contracts/token/ERC721/IERC721Receiver.sol#4
      • node_modules/@openzeppelin/contracts/token/ERC721/extensions/ERC721URIStorage.sol#4
      • node_modules/@openzeppelin/contracts/token/ERC721/extensions/IERC721Enumerable.sol#4
      • node_modules/@openzeppelin/contracts/token/ERC721/extensions/IERC721Metadata.sol#4
      • node_modules/@openzeppelin/contracts/token/ERC721/utils/ERC721Holder.sol#4
      • node_modules/@openzeppelin/contracts/utils/Address.sol#4
      • node_modules/@openzeppelin/contracts/utils/Context.sol#4
      • node_modules/@openzeppelin/contracts/utils/Pausable.sol#4
      • node_modules/@openzeppelin/contracts/utils/Strings.sol#4
      • node_modules/@openzeppelin/contracts/utils/introspection/ERC165.sol#4
      • node_modules/@openzeppelin/contracts/utils/introspection/IERC165.sol#4
      • node_modules/@openzeppelin/contracts/utils/math/Math.sol#4
      • node_modules/@openzeppelin/contracts/utils/math/SignedMath.sol#4
    • Version constraint ^0.8.0 is used by:
      • contracts/Array.sol#3
      • contracts/CalcUtils.sol#2
      • contracts/ERC20Helper.sol#3
      • contracts/ERC721Helper.sol#3
      • contracts/ETHHelper.sol#2
      • contracts/Fee/FeeBaseHelper.sol#2
      • contracts/Fee/WhiteListHelper.sol#2
      • contracts/GovManager.sol#3
      • contracts/Nameable.sol#2
      • contracts/PozBenefit.sol#3
      • contracts/interfaces/IBeforeTransfer.sol#2
      • contracts/interfaces/IInnerWithdraw.sol#2
      • contracts/interfaces/ILockDealNFT.sol#2
      • contracts/interfaces/ILockedDeal.sol#2
      • contracts/interfaces/ILockedDealV2.sol#2
      • contracts/interfaces/IPozBenefit.sol#3
      • contracts/interfaces/IProvider.sol#2
      • contracts/interfaces/ISimpleProvider.sol#2
      • contracts/interfaces/IVaultManager.sol#2
      • contracts/interfaces/IWhiteList.sol#3
      • contracts/mocks/ArraysMock.sol#2
      • contracts/mocks/CalcUtilsMock.sol#2
      • contracts/mocks/ERC20HelperMock.sol#2
      • contracts/mocks/ERC721HelperMock.sol#2
      • contracts/mocks/ETHHelperMock.sol#2
      • contracts/mocks/FeeHelper.sol#2
      • contracts/mocks/NameableMock.sol#2
      • contracts/mocks/WhiteListMock.sol#2
      • contracts/token/ERC20Token.sol#2
      • contracts/token/ERC721Token.sol#3
    • Version constraint ^0.8.4 is used by:
      • contracts/PausableHelper.sol#3

low-level-calls

Impact: Informational
Confidence: High

function withdrawFee(address _token, address _to) external firewallProtected onlyOwnerOrGov {
if (feeReserve[_token] == 0) revert FeeAmountIsZero();
uint256 amount = feeReserve[_token];
feeReserve[_token] = 0;
if (_token == address(0)) {
(bool success, ) = _to.call{value: amount}("");
if (!success) revert TransferFailed();
} else {
transferToken(IERC20(_token), _to, amount);
}
}

naming-convention

Impact: Informational
Confidence: High

uint256[] calldata _FinishTime,

function setGovernorContract(address _address) external firewallProtected onlyOwnerOrGov {

function ChangeCreator(uint256 _Id, address _NewCreator) external;

function setupNewWhitelist(address _whiteListAddress) external firewallProtected onlyOwnerOrGov {

uint256 _FinishTime, //Until what time the pool will end

function LastRoundRegister(address _Subject,uint256 _Id) external;

function CreateNewPool(
address _Token,
uint64 _FinishTime,
uint256 _StartAmount,
address _Owner
) external returns (uint256);

function RemoveAddress(uint256 _Id, address[] calldata _Users) external;

function FreeTest() public {
_mint(msg.sender, 5_000_00 * 10 ** 18);
}

function Index() external returns (uint256);

function LastRoundRegister(address _Subject,uint256 _Id) external;

function KeepNElementsInArray(uint256[] memory _arr, uint256 _n)

uint256 _StartTime, //Until what time the pool will start

function KeepNElementsInArray(address[] memory _arr, uint256 _n)

function GetMyPoolsId(
address _UserAddress
) external view returns (uint256[] memory);

function addIfNotExsist(address[] storage _arr, address _elem) internal {

function SplitPoolAmountFrom(
uint256 _LDpoolId,
uint256 _Amount,
address _Address
) external returns(uint256 poolId);

function IsPOZHolder(address _Subject) external view returns (bool);

uint256 _CliffTime, //Before CliffTime can't withdraw tokens

function addIfNotExsist(address[] storage _arr, address _elem) internal {

function Allowance(
uint256 _poolId,
address _user
) external view returns(uint256 amount);

address _Token, //token to lock address

function KeepNElementsInArray(address[] memory _arr, uint256 _n)
internal
pure
returns (address[] memory newArray)
{
if (_arr.length == _n) return _arr;
if (_arr.length <= _n) revert InvalidArrayLength(_arr.length, _n);
newArray = new address[](_n);
for (uint256 i = 0; i < _n; ++i) {
newArray[i] = _arr[i];
}
return newArray;
}

function setFee(address _token, uint _amount) external firewallProtected onlyOwnerOrGov {

function withdrawFee(address _token, address _to) external firewallProtected onlyOwnerOrGov {

function ChangeCreator(uint256 _Id, address _NewCreator) external;

function AddAddress(uint256 _Id, address[] calldata _Users, uint256[] calldata _Amount) external;

uint256[] calldata _StartAmount,

function RemoveAddress(uint256 _Id, address[] calldata _Users) external;

function CreateManualWhiteList(uint256 _ChangeUntil, address _Contract) external payable returns(uint256 Id);

function WithdrawToken(uint256 _PoolId) external returns (bool);

function RemoveAddress(uint256 _Id, address[] calldata _Users) external;

function setFee(address _token, uint _amount) external firewallProtected onlyOwnerOrGov {

function GetMyPoolsIdByToken(
address _UserAddress,
address[] memory _Tokens
) external view returns (uint256[] memory);

function Register(address _Subject,uint256 _Id,uint256 _Amount) external;

function AddAddress(uint256 _Id, address[] calldata _Users, uint256[] calldata _Amount) external;

function Check(address _Subject, uint256 _Id) external view returns(uint);

function AddAddress(uint256 _Id, address[] calldata _Users, uint256[] calldata _Amount) external;

function AllPoolz(uint256 _LDpoolId) external view returns (

uint256 _StartAmount, //Total amount of the tokens to sell in the pool

function KeepNElementsInArray(uint256[] memory _arr, uint256 _n)
internal
pure
returns (uint256[] memory newArray)
{
if (_arr.length == _n) return _arr;
if (_arr.length <= _n) revert InvalidArrayLength(_arr.length, _n);
newArray = new uint256[](_n);
for (uint256 i = 0; i < _n; ++i) {
newArray[i] = _arr[i];
}
return newArray;
}

function setPozTimer(uint256 _pozTimer) public onlyOwnerOrGov percentCheckOk(_pozTimer) {

function CreateManualWhiteList(uint256 _ChangeUntil, address _Contract) external payable returns(uint256 Id);

address[] calldata _Owner

function Register(address _Subject,uint256 _Id,uint256 _Amount) external;

uint256[] calldata _CliffTime,

address[] memory _Tokens

function Register(address _Subject,uint256 _Id,uint256 _Amount) external;

function AllPoolz(uint256 _LDpoolId) external view returns (
uint256 StartTime,
uint256 CliffTime,
uint256 FinishTime,
uint256 StartAmount,
uint256 DebitedAmount,
address Owner,
address Token
);

function KeepNElementsInArray(address[] memory _arr, uint256 _n)

function isInArray(address[] memory _arr, address _elem)

function WithdrawToken(
uint256 _PoolId
) external returns (uint256 withdrawnAmount);

function KeepNElementsInArray(uint256[] memory _arr, uint256 _n)

function AddAddress(uint256 _Id, address[] calldata _Users, uint256[] calldata _Amount) external;

function withdrawFee(address _token, address _to) external firewallProtected onlyOwnerOrGov {

function getArraySum(uint256[] memory _array)

function transferETH(address payable receiver, uint256 _amount) internal firewallProtectedSig(0xfd69c215) {

function ChangeCreator(uint256 _Id, address _NewCreator) external;

uint256[] calldata _StartTime,

function Check(address _Subject, uint256 _Id) external view returns(uint);

function LastRoundRegister(address _Subject,uint256 _Id) external;

function Register(address _Subject,uint256 _Id,uint256 _Amount) external;

function isArrayOrdered(uint256[] memory _arr)

address _Owner // Who the tokens belong to

function Check(address _Subject, uint256 _Id) external view returns(uint);

function CreateNewPool(
address _Token, //token to lock address
uint256 _StartTime, //Until what time the pool will start
uint256 _CliffTime, //Before CliffTime can't withdraw tokens
uint256 _FinishTime, //Until what time the pool will end
uint256 _StartAmount, //Total amount of the tokens to sell in the pool
address _Owner // Who the tokens belong to
) external payable;

function WithdrawToken(uint256 _PoolId) external returns (bool);

function isInArray(address[] memory _arr, address _elem)

function IsPOZHolder(address _Subject) external view returns (bool);

function CreateManualWhiteList(uint256 _ChangeUntil, address _Contract) external payable returns(uint256 Id);

function CreatePoolsWrtTime(
address _Token,
uint256[] calldata _StartTime,
uint256[] calldata _CliffTime,
uint256[] calldata _FinishTime,
uint256[] calldata _StartAmount,
address[] calldata _Owner
) external payable;

unused-import

Impact: Informational
Confidence: High

  • ID-89
    The following unused import(s) in @openzeppelin/contracts/interfaces/IERC165.sol should be removed:
    -import {IERC165} from "../utils/introspection/IERC165.sol"; (node_modules/@openzeppelin/contracts/interfaces/IERC165.sol#6)

  • ID-90
    The following unused import(s) in @openzeppelin/contracts/token/ERC721/extensions/ERC721URIStorage.sol should be removed:
    -import {IERC165} from "../../../interfaces/IERC165.sol"; (node_modules/@openzeppelin/contracts/token/ERC721/extensions/ERC721URIStorage.sol#9)

  • ID-91
    The following unused import(s) in @openzeppelin/contracts/interfaces/IERC4906.sol should be removed:
    -import {IERC165} from "./IERC165.sol"; (node_modules/@openzeppelin/contracts/interfaces/IERC4906.sol#6)
    -import {IERC721} from "./IERC721.sol"; (node_modules/@openzeppelin/contracts/interfaces/IERC4906.sol#7)

  • ID-92
    The following unused import(s) in @openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol should be removed:
    -import {IERC20Permit} from "../extensions/IERC20Permit.sol"; (node_modules/@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol#7)

  • ID-93
    The following unused import(s) in @openzeppelin/contracts/interfaces/IERC721.sol should be removed:
    -import {IERC721} from "../token/ERC721/IERC721.sol"; (node_modules/@openzeppelin/contracts/interfaces/IERC721.sol#6)

Copy link

codecov bot commented May 10, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 99.05%. Comparing base (9e0bfdc) to head (d3f869d).

Additional details and impacted files
@@            Coverage Diff             @@
##           master     #103      +/-   ##
==========================================
- Coverage   99.06%   99.05%   -0.01%     
==========================================
  Files          20       20              
  Lines         214      212       -2     
  Branches       48       48              
==========================================
- Hits          212      210       -2     
  Misses          2        2              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@YouStillAlive
Copy link
Member Author

This introduces breaking changes, as does the OpenZeppelin update #101

Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud

@YouStillAlive YouStillAlive marked this pull request as ready for review May 15, 2024 14:37
@Lomet Lomet merged commit f7685f0 into master May 15, 2024
8 checks passed
@Lomet Lomet deleted the slither branch May 15, 2024 15:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

add the Slither helper tool to Poolz-Helper
2 participants