Platform: Code4rena
Start Date: 12/07/2023
Pot Size: $80,000 USDC
Total HM: 11
Participants: 47
Period: 9 days
Judge: berndartmueller
Total Solo HM: 1
Id: 260
League: ETH
Rank: 32/47
Findings: 2
Award: $62.61
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: immeas
Also found by: Bauchibred, DavidGiladi, Emmanuel, Jeiwan, MohammedRizwan, MrPotatoMagic, Rolezn, Sathish9098, T1MOH, Udsen, banpaleo5, hals, matrix_0wl, naman1778
43.3267 USDC - $43.33
| Title | Issue | Instances |
|---|---|---|
| [L-1] Array out of bounds accesses | Array out of bounds accesses | 1 |
| [L-2] Missing contract-existence checks before low-level calls | Missing contract-existence checks before low-level calls | 16 |
| [L-3] Local variable shadowing | Local variable shadowing | 12 |
| [L-4] Contracts that lock Ether | Contracts that lock Ether | 1 |
| [L-5] Missing gap Storage Variable in Upgradeable Contract | Missing gap Storage Variable in Upgradeable Contract | 4 |
| [L-6] Unbounded gas for external call | Unbounded gas for external call | 17 |
| [L-7] Avoid Usage of Ownable and Prefer Ownable2Step | Avoid Usage of Ownable and Prefer Ownable2Step | 3 |
| [L-8] Use 'abi.encodeCall()' Instead of 'abi.encodeSignature()'/abi.encodeSelector() | Use 'abi.encodeCall()' Instead of 'abi.encodeSignature()'/abi.encodeSelector() | 16 |
| Total: 8 issues |
| Title | Issue | Instances |
|---|---|---|
| [N-1] Cast to bytes or bytes32 for clearer semantic meaning | Cast to bytes or bytes32 for clearer semantic meaning | 4 |
| [N-2] Control structures do not follow the Solidity Style Guide | Control structures do not follow the Solidity Style Guide | 36 |
| [N-3] Custom error has no error details | Custom error has no error details | 67 |
| [N-4] Cyclomatic complexity | Cyclomatic complexity | 1 |
| [N-5] Dead-code | Dead-code | 5 |
| [N-6] Token contract should have a blacklist function or modifier | Token contract should have a blacklist function or modifier | 2 |
| [N-7] Missing inheritance | Missing inheritance | 2 |
| [N-8] Name reused | Name reused | 2 |
| [N-9] Consider Disable Ownership Renouncement in Ownable Contracts | Consider Disable Ownership Renouncement in Ownable Contracts | 4 |
| [N-10] Event Emission Preceding External Calls: A Best Practice | Event Emission Preceding External Calls: A Best Practice | 28 |
| [N-11] Variable names too similar | Variable names too similar | 2 |
| [N-12] Too many digits | Too many digits | 3 |
| [N-13] Unused Custom Error definition | Unused Custom Error definition | 7 |
| [N-14] Unused imports | Unused imports | 12 |
| [N-15] Contracts containing only utility functions should be made into libraries | Contracts containing only utility functions should be made into libraries | 3 |
Total: 15 issues
If the lengths of arrays are not checked before they're accessed, user operations may not be executed properly due to the potential issue of accessing an array out of its bounds. In Solidity, accessing an array beyond its boundaries can cause a runtime error known as an out-of-bounds exception. This error arises when attempting to read or write to an element of an array that does not exist. Therefore, it is critical to avoid out-of-bounds exceptions while accessing arrays in Solidity code to prevent unexpected halts and possible loss of funds.
<details> <summary> There are 1 instances of this issue: </summary>Line: 559 address[] memory implementaions
is accessed on File: contracts/its/interchain-token-service/InterchainTokenService.sol
Line: 564 implementation = implementaions[uint256(tokenManagerType)]
index that might be out-of-bounds
contracts/its/interchain-token-service/InterchainTokenService.sol#L559
</details>Low-level calls return success if there is no code present at the specified address. In addition to the zero-address checks, add a check to verify that <address>.code.length > 0 or use the extcodesize assembly operation to verify the presence of contract code at the specified address. Both these methods ensure the existence of a contract before making a low-level call.
Line: 294 (bool success, ) = newImplementation.delegatecall(abi.encodeWithSelector(IAxelarGateway.setup.selector, setupParams))
contracts/cgp/AxelarGateway.sol#L294
Line: 374 (bool success, ) = address(this).call(abi.encodeWithSelector(commandSelector, params[i], commandId))
contracts/cgp/AxelarGateway.sol#L374
Line: 18 (bool success, ) = target.call{ value: nativeValue }(callData)
contracts/cgp/util/Caller.sol#L18
Line: 49 (bool success, ) = newImplementation.delegatecall(abi.encodeWithSelector(this.setup.selector, params))
contracts/cgp/util/Upgradable.sol#L49
Line: 50 (bool success, ) = deployedAddress_.call(init)
contracts/gmp-sdk/deploy/ConstAddressDeployer.sol#L50
Line: 57 (bool success, ) = deployedAddress_.call(init)
contracts/gmp-sdk/deploy/Create3Deployer.sol#L57
Line: 81 (bool success, ) = finalImplementation_.delegatecall(abi.encodeWithSelector(BaseProxy.setup.selector, setupParams))
contracts/gmp-sdk/upgradable/FinalProxy.sol#L81
Line: 58 (bool success, ) = implementationAddress.delegatecall(abi.encodeWithSelector(IUpgradable.setup.selector, params))
contracts/gmp-sdk/upgradable/InitProxy.sol#L58
Line: 41 (bool success, ) = implementationAddress.delegatecall(abi.encodeWithSelector(IUpgradable.setup.selector, setupParams))
contracts/gmp-sdk/upgradable/Proxy.sol#L41
Line: 61 (bool success, ) = newImplementation.delegatecall(abi.encodeWithSelector(this.setup.selector, params))
contracts/gmp-sdk/upgradable/Upgradable.sol#L61
Line: 76 (bool success, bytes memory result) = call.target.call{ value: call.value }(call.callData)
contracts/interchain-governance-executor/InterchainProposalExecutor.sol#L76
Line: 813 (bool success, ) = tokenManagerDeployer.delegatecall( abi.encodeWithSelector(ITokenManagerDeployer.deployTokenManager.selector, tokenId, tokenManagerType, params) )
contracts/its/interchain-token-service/InterchainTokenService.sol#L813-L815
Line: 853 (bool success, ) = standardizedTokenDeployer.delegatecall( abi.encodeWithSelector( IStandardizedTokenDeployer.deployStandardizedToken.selector, salt, tokenManagerAddress, distributor, name, symbol, decimals, mintAmount, mintTo ) )
contracts/its/interchain-token-service/InterchainTokenService.sol#L853-L865
Line: 24 (bool success, ) = implementationAddress.delegatecall(abi.encodeWithSelector(IStandardizedToken.setup.selector, params))
contracts/its/proxies/StandardizedTokenProxy.sol#L24
Line: 36 (bool success, ) = impl.delegatecall(abi.encodeWithSelector(TokenManagerProxy.setup.selector, params))
contracts/its/proxies/TokenManagerProxy.sol#L36
Line: 25 (bool success, bytes memory result) = address(this).delegatecall(data[i])
contracts/its/utils/Multicall.sol#L25
</details>Contract with a payable function, but without a withdrawal capacity.
Line: 15 contract TokenManagerDeployer is ITokenManagerDeployer
has payable functions: - File: contracts/its/interfaces/ITokenManagerDeployer.sol
Line: 26 function deployTokenManager( bytes32 tokenId, uint256 implementationType, bytes calldata params ) external payable;
- File: contracts/its/utils/TokenManagerDeployer.sol
Line: 33 function deployTokenManager( bytes32 tokenId, uint256 implementationType, bytes calldata params ) external payable
But does not have a function to withdraw the ether
contracts/its/utils/TokenManagerDeployer.sol#L15-L43
</details>Detection of shadowing using local variables.
<details> <summary> There are 12 instances of this issue: </summary>Line: 35 string memory governanceChain
shadows: - File: contracts/cgp/governance/InterchainGovernance.sol
Line: 21 string public governanceChain
(state variable) - File: contracts/cgp/interfaces/IInterchainGovernance.sol
Line: 26 function governanceChain() external view returns (string memory);
(function)
contracts/cgp/governance/AxelarServiceGovernance.sol#L35
Line: 36 string memory governanceAddress
shadows: - File: contracts/cgp/governance/InterchainGovernance.sol
Line: 22 string public governanceAddress
(state variable) - File: contracts/cgp/interfaces/IInterchainGovernance.sol
Line: 32 function governanceAddress() external view returns (string memory);
(function)
contracts/cgp/governance/AxelarServiceGovernance.sol#L36
Line: 241 bytes memory operator
shadows: - File: contracts/its/utils/Operatable.sol
Line: 29 function operator() public view returns (address operator_)
(function) - File: contracts/its/interfaces/IOperatable.sol
Line: 14 function operator() external view returns (address operator_);
(function)
contracts/its/interchain-token-service/InterchainTokenService.sol#L241
Line: 251 bytes memory operator
shadows: - File: contracts/its/utils/Operatable.sol
Line: 29 function operator() public view returns (address operator_)
(function) - File: contracts/its/interfaces/IOperatable.sol
Line: 14 function operator() external view returns (address operator_);
(function)
contracts/its/interchain-token-service/InterchainTokenService.sol#L251
Line: 263 bytes memory operator
shadows: - File: contracts/its/utils/Operatable.sol
Line: 29 function operator() public view returns (address operator_)
(function) - File: contracts/its/interfaces/IOperatable.sol
Line: 14 function operator() external view returns (address operator_);
(function)
contracts/its/interchain-token-service/InterchainTokenService.sol#L263
Line: 423 bytes memory operator
shadows: - File: contracts/its/utils/Operatable.sol
Line: 29 function operator() public view returns (address operator_)
(function) - File: contracts/its/interfaces/IOperatable.sol
Line: 14 function operator() external view returns (address operator_);
(function)
contracts/its/interchain-token-service/InterchainTokenService.sol#L423
Line: 562 address implementation
shadows: - File: contracts/gmp-sdk/upgradable/Upgradable.sol
Line: 39 function implementation() public view returns (address implementation_)
(function) - File: contracts/gmp-sdk/interfaces/IUpgradable.sol
Line: 16 function implementation() external view returns (address);
(function)
contracts/its/interchain-token-service/InterchainTokenService.sol#L562
Line: 776 bytes memory operator
shadows: - File: contracts/its/utils/Operatable.sol
Line: 29 function operator() public view returns (address operator_)
(function) - File: contracts/its/interfaces/IOperatable.sol
Line: 14 function operator() external view returns (address operator_);
(function)
contracts/its/interchain-token-service/InterchainTokenService.sol#L776
Line: 14 address distributor
shadows: - File: contracts/its/interfaces/IDistributable.sol
Line: 14 function distributor() external view returns (address distributor);
(function)
contracts/its/interfaces/IDistributable.sol#L14
Line: 21 address distributor
shadows: - File: contracts/its/interfaces/IDistributable.sol
Line: 14 function distributor() external view returns (address distributor);
(function)
contracts/its/interfaces/IDistributable.sol#L21
Line: 34 address tokenAddress
shadows: - File: contracts/its/token-manager/implementations/TokenManagerAddressStorage.sol
Line: 28 function tokenAddress() public view override returns (address tokenAddress_)
(function) - File: contracts/its/token-manager/TokenManager.sol
Line: 53 function tokenAddress() public view virtual returns (address);
(function) - File: contracts/its/interfaces/ITokenManager.sol
Line: 26 function tokenAddress() external view returns (address);
(function)
contracts/its/token-manager/implementations/TokenManagerLockUnlock.sol#L34
Line: 35 address tokenAddress
shadows: - File: contracts/its/token-manager/implementations/TokenManagerAddressStorage.sol
Line: 28 function tokenAddress() public view override returns (address tokenAddress_)
(function) - File: contracts/its/token-manager/TokenManager.sol
Line: 53 function tokenAddress() public view virtual returns (address);
(function) - File: contracts/its/interfaces/ITokenManager.sol
Line: 26 function tokenAddress() external view returns (address);
(function)
contracts/its/token-manager/implementations/TokenManagerMintBurn.sol#L35
</details>There is no limit specified on the amount of gas used, so the recipient can use up all of the transaction's gas, causing it to revert. Use addr.call{gas: <amount>}() or this library instead.
Line: 294 (bool success, ) = newImplementation.delegatecall(abi.encodeWithSelector(IAxelarGateway.setup.selector, setupParams))
contracts/cgp/AxelarGateway.sol#L294
Line: 374 (bool success, ) = address(this).call(abi.encodeWithSelector(commandSelector, params[i], commandId))
contracts/cgp/AxelarGateway.sol#L374
Line: 398 (bool success, bytes memory data) = TOKEN_DEPLOYER_IMPLEMENTATION.delegatecall( abi.encodeWithSelector(ITokenDeployer.deployToken.selector, name, symbol, decimals, cap, salt) )
contracts/cgp/AxelarGateway.sol#L398-L400
Line: 18 (bool success, ) = target.call{ value: nativeValue }(callData)
contracts/cgp/util/Caller.sol#L18
Line: 49 (bool success, ) = newImplementation.delegatecall(abi.encodeWithSelector(this.setup.selector, params))
contracts/cgp/util/Upgradable.sol#L49
Line: 50 (bool success, ) = deployedAddress_.call(init)
contracts/gmp-sdk/deploy/ConstAddressDeployer.sol#L50
Line: 57 (bool success, ) = deployedAddress_.call(init)
contracts/gmp-sdk/deploy/Create3Deployer.sol#L57
Line: 81 (bool success, ) = finalImplementation_.delegatecall(abi.encodeWithSelector(BaseProxy.setup.selector, setupParams))
contracts/gmp-sdk/upgradable/FinalProxy.sol#L81
Line: 58 (bool success, ) = implementationAddress.delegatecall(abi.encodeWithSelector(IUpgradable.setup.selector, params))
contracts/gmp-sdk/upgradable/InitProxy.sol#L58
Line: 41 (bool success, ) = implementationAddress.delegatecall(abi.encodeWithSelector(IUpgradable.setup.selector, setupParams))
contracts/gmp-sdk/upgradable/Proxy.sol#L41
Line: 61 (bool success, ) = newImplementation.delegatecall(abi.encodeWithSelector(this.setup.selector, params))
contracts/gmp-sdk/upgradable/Upgradable.sol#L61
Line: 76 (bool success, bytes memory result) = call.target.call{ value: call.value }(call.callData)
contracts/interchain-governance-executor/InterchainProposalExecutor.sol#L76
Line: 813 (bool success, ) = tokenManagerDeployer.delegatecall( abi.encodeWithSelector(ITokenManagerDeployer.deployTokenManager.selector, tokenId, tokenManagerType, params) )
contracts/its/interchain-token-service/InterchainTokenService.sol#L813-L815
Line: 853 (bool success, ) = standardizedTokenDeployer.delegatecall( abi.encodeWithSelector( IStandardizedTokenDeployer.deployStandardizedToken.selector, salt, tokenManagerAddress, distributor, name, symbol, decimals, mintAmount, mintTo ) )
contracts/its/interchain-token-service/InterchainTokenService.sol#L853-L865
Line: 24 (bool success, ) = implementationAddress.delegatecall(abi.encodeWithSelector(IStandardizedToken.setup.selector, params))
contracts/its/proxies/StandardizedTokenProxy.sol#L24
Line: 36 (bool success, ) = impl.delegatecall(abi.encodeWithSelector(TokenManagerProxy.setup.selector, params))
contracts/its/proxies/TokenManagerProxy.sol#L36
Line: 25 (bool success, bytes memory result) = address(this).delegatecall(data[i])
contracts/its/utils/Multicall.sol#L25
</details>abi.encodeCall() has compiler type safety, whereas the other two functions do not.
<details> <summary> There are 16 instances of this issue: </summary>Line: 294 abi.encodeWithSelector(IAxelarGateway.setup.selector, setupParams)
use abi.encodeCall()
contracts/cgp/AxelarGateway.sol#L294
Line: 374 abi.encodeWithSelector(commandSelector, params[i], commandId)
use abi.encodeCall()
contracts/cgp/AxelarGateway.sol#L374
Line: 399 abi.encodeWithSelector(ITokenDeployer.deployToken.selector, name, symbol, decimals, cap, salt)
use abi.encodeCall()
contracts/cgp/AxelarGateway.sol#L399
Line: 443 abi.encodeWithSelector(IERC20.transfer.selector, address(this), IERC20(tokenAddress).balanceOf(address(depositHandler)))
use abi.encodeCall()
contracts/cgp/AxelarGateway.sol#L443
Line: 545 abi.encodeWithSelector(IBurnableMintableCappedERC20.burnFrom.selector, sender, amount)
use abi.encodeCall()
contracts/cgp/AxelarGateway.sol#L545
Line: 49 abi.encodeWithSelector(this.setup.selector, params)
use abi.encodeCall()
contracts/cgp/util/Upgradable.sol#L49
Line: 81 abi.encodeWithSelector(BaseProxy.setup.selector, setupParams)
use abi.encodeCall()
contracts/gmp-sdk/upgradable/FinalProxy.sol#L81
Line: 58 abi.encodeWithSelector(IUpgradable.setup.selector, params)
use abi.encodeCall()
contracts/gmp-sdk/upgradable/InitProxy.sol#L58
Line: 41 abi.encodeWithSelector(IUpgradable.setup.selector, setupParams)
use abi.encodeCall()
contracts/gmp-sdk/upgradable/Proxy.sol#L41
Line: 61 abi.encodeWithSelector(this.setup.selector, params)
use abi.encodeCall()
contracts/gmp-sdk/upgradable/Upgradable.sol#L61
Line: 814 abi.encodeWithSelector(ITokenManagerDeployer.deployTokenManager.selector, tokenId, tokenManagerType, params)
use abi.encodeCall()
contracts/its/interchain-token-service/InterchainTokenService.sol#L814
Line: 854 abi.encodeWithSelector( IStandardizedTokenDeployer.deployStandardizedToken.selector, salt, tokenManagerAddress, distributor, name, symbol, decimals, mintAmount, mintTo )
use abi.encodeCall()
contracts/its/interchain-token-service/InterchainTokenService.sol#L854-L864
Line: 24 abi.encodeWithSelector(IStandardizedToken.setup.selector, params)
use abi.encodeCall()
contracts/its/proxies/StandardizedTokenProxy.sol#L24
Line: 36 abi.encodeWithSelector(TokenManagerProxy.setup.selector, params)
use abi.encodeCall()
contracts/its/proxies/TokenManagerProxy.sol#L36
Line: 48 abi.encodeWithSelector(IERC20BurnableMintable.burn.selector, from, amount)
use abi.encodeCall()
contracts/its/token-manager/implementations/TokenManagerMintBurn.sol#L48
Line: 62 abi.encodeWithSelector(IERC20BurnableMintable.mint.selector, to, amount)
use abi.encodeCall()
contracts/its/token-manager/implementations/TokenManagerMintBurn.sol#L62
</details>I reported only on contracts that was missing in the wining bot
upgradeable contracts that are missing a '__gap' storage variable. In upgradeable contracts, it is important to reserve storage slots for future versions to introduce new storage variables. The '__gap' storage variable acts as a placeholder, allowing for seamless upgrades without affecting existing storage layout.When a contract is not designed with a '__gap' storage variable, adding new storage variables in subsequent versions becomes problematic. It can lead to storage collisions or layout incompatibilities, making it difficult to upgrade the contract without requiring costly data migrations or redeployments.
<details> <summary> There are 4 instances of this issue: </summary>Line: 6 interface IUpgradable
missing __gap storage variable
contracts/cgp/interfaces/IUpgradable.sol#L6-L31
Line: 7 abstract contract Upgradable is IUpgradable
missing __gap storage variable
contracts/cgp/util/Upgradable.sol#L7-L69
Line: 8 interface IUpgradable is IOwnable
missing __gap storage variable
contracts/gmp-sdk/interfaces/IUpgradable.sol#L8-L27
Line: 12 abstract contract Upgradable is Ownable, IUpgradable
missing __gap storage variable
contracts/gmp-sdk/upgradable/Upgradable.sol#L12-L88
</details>I reported only on contracts that was missing in the wining bot
The 'Ownable'/'OwnableUpgradeable' contracts provides a basic ownership mechanism, but it lacks an additional step for secure ownership transfer, which is crucial for certain scenarios, such as upgrading contracts or handling complex ownership transitions.
By utilizing the 'Ownable2Step'/'Ownable2StepUpgradeable' contract, which extends the functionality of 'Ownable'/'OwnableUpgradeable' with a two-step ownership transfer process, developers can enhance the security and flexibility of their contracts. The two-step process involves the current owner initiating a transfer request, which requires confirmation from the new owner before the ownership is transferred.
Using 'Ownable2Step'/'Ownable2StepUpgradeable' mitigates risks associated with accidental or unauthorized ownership transfers, ensuring that ownership transitions are intentional and verified. It provides an extra layer of protection, particularly in situations where contract upgrades or complex ownership management are involved.
By leveraging 'Ownable2Step'/'Ownable2StepUpgradeable', developers can enhance the security and integrity of their contracts, promoting trust and reducing the potential for ownership-related vulnerabilities.
<details> <summary> There are 3 instances of this issue: </summary>Line: 12 abstract contract Upgradable is Ownable, IUpgradable
contracts/gmp-sdk/upgradable/Upgradable.sol#L12-L88
Line: 37 contract InterchainTokenService is IInterchainTokenService, AxelarExecutable, Upgradable, Operatable, ExpressCallHandler, Pausable, Multicall
contracts/its/interchain-token-service/InterchainTokenService.sol#L37-L896
Line: 12 contract RemoteAddressValidator is IRemoteAddressValidator, Upgradable
contracts/its/remote-address-validator/RemoteAddressValidator.sol#L12-L139
</details>Using a cast on a single argument, rather than abi.encodePacked() makes the intended operation more clear, leading to less reviewer confusion.
<details> <summary> There are 4 instances of this issue: </summary>Line: 350 abi.encodePacked(commands[i])
contracts/cgp/AxelarGateway.sol#L350
Line: 396 abi.encodePacked(symbol)
contracts/cgp/AxelarGateway.sol#L396
Line: 435 abi.encodePacked(type(DepositHandler).creationCode)
contracts/cgp/AxelarGateway.sol#L435
Line: 23 abi.encodePacked(operator)
contracts/its/proxies/InterchainTokenServiceProxy.sol#L23
</details>Control structures should follow the One True Brace OTB style. This means: 1. Opening braces should be on the same line as the declaration. 2. Closing braces should be on their own line, at the same indentation level as the beginning of the declaration. 3. The opening brace should be preceded by a single space.
<details> <summary> There are 36 instances of this issue: </summary>Line: 427 function burnToken(bytes calldata params, bytes32) external onlySelf
These control structures in the function burnToken should follow the One True Brace (OTB) style:
- Line: 439: DepositHandler depositHandler = new DepositHandler{ salt: salt }();
contracts/cgp/AxelarGateway.sol#L427-L453
Line: 33 constructor( address gateway, string memory governanceChain, string memory governanceAddress, uint256 minimumTimeDelay, address[] memory cosigners, uint256 threshold ) InterchainGovernance(gateway, governanceChain, governanceAddress, minimumTimeDelay) MultisigBase(cosigners, threshold)
These control structures in the function constructor should follow the One True Brace (OTB) style:
- Line: 40: ) InterchainGovernance(gateway, governanceChain, governanceAddress, minimumTimeDelay) MultisigBase(cosigners, threshold) {}
contracts/cgp/governance/AxelarServiceGovernance.sol#L33-L40
Line: 168 receive() external payable
These control structures in the function receive should follow the One True Brace (OTB) style:
- Line: 168: receive() external payable {}
contracts/cgp/governance/InterchainGovernance.sol#L168
Line: 20 constructor(address[] memory accounts, uint256 threshold) MultisigBase(accounts, threshold)
These control structures in the function constructor should follow the One True Brace (OTB) style:
- Line: 20: constructor(address[] memory accounts, uint256 threshold) MultisigBase(accounts, threshold) {}
contracts/cgp/governance/Multisig.sol#L20
Line: 41 receive() external payable
These control structures in the function receive should follow the One True Brace (OTB) style:
- Line: 41: receive() external payable {}
contracts/cgp/governance/Multisig.sol#L41
Line: 11 function _call( address target, bytes calldata callData, uint256 nativeValue ) internal
These control structures in the function _call should follow the One True Brace (OTB) style:
- Line: 18: (bool success, ) = target.call{ value: nativeValue }(callData);
contracts/cgp/util/Caller.sol#L11-L22
Line: 68 function _setup(bytes calldata data) internal virtual
These control structures in the function _setup should follow the One True Brace (OTB) style:
- Line: 68: function _setup(bytes calldata data) internal virtual {}
contracts/cgp/util/Upgradable.sol#L68
Line: 51 function deploy(bytes32 salt, bytes memory bytecode) internal returns (address deployed)
These control structures in the function deploy should follow the One True Brace (OTB) style:
- Line: 58: CreateDeployer deployer = new CreateDeployer{ salt: salt }();
contracts/gmp-sdk/deploy/Create3.sol#L51-L63
Line: 32 function setup(bytes calldata params) external
These control structures in the function setup should follow the One True Brace (OTB) style:
- Line: 32: function setup(bytes calldata params) external {}
contracts/gmp-sdk/upgradable/BaseProxy.sol#L32
Line: 67 receive() external payable virtual
These control structures in the function receive should follow the One True Brace (OTB) style:
- Line: 67: receive() external payable virtual {}
contracts/gmp-sdk/upgradable/BaseProxy.sol#L67
Line: 26 constructor( address implementationAddress, address owner, bytes memory setupParams ) Proxy(implementationAddress, owner, setupParams)
These control structures in the function constructor should follow the One True Brace (OTB) style:
- Line: 30: ) Proxy(implementationAddress, owner, setupParams) {}
contracts/gmp-sdk/upgradable/FinalProxy.sol#L26-L30
Line: 31 function setup(bytes calldata setupParams) external
These control structures in the function setup should follow the One True Brace (OTB) style:
- Line: 31: function setup(bytes calldata setupParams) external {}
contracts/gmp-sdk/upgradable/FixedProxy.sol#L31
Line: 59 receive() external payable virtual
These control structures in the function receive should follow the One True Brace (OTB) style:
- Line: 59: receive() external payable virtual {}
contracts/gmp-sdk/upgradable/FixedProxy.sol#L59
Line: 87 function _setup(bytes calldata data) internal virtual
These control structures in the function _setup should follow the One True Brace (OTB) style:
- Line: 87: function _setup(bytes calldata data) internal virtual {}
contracts/gmp-sdk/upgradable/Upgradable.sol#L87
Line: 73 function _executeProposal(InterchainCalls.Call[] memory calls) internal
These control structures in the function _executeProposal should follow the One True Brace (OTB) style:
- Line: 76: (bool success, bytes memory result) = call.target.call{ value: call.value }(call.callData);
contracts/interchain-governance-executor/InterchainProposalExecutor.sol#L73-L84
Line: 156 function _onTargetExecutionFailed( InterchainCalls.Call memory, /* call */ bytes memory result ) internal virtual
These control structures in the function _onTargetExecutionFailed should follow the One True Brace (OTB) style:
- Line: 165: }
contracts/interchain-governance-executor/InterchainProposalExecutor.sol#L156-L170
Line: 88 function _sendProposal(InterchainCalls.InterchainCall memory interchainCall) internal
These control structures in the function _sendProposal should follow the One True Brace (OTB) style:
- Line: 92: gasService.payNativeGasForContractCall{ value: interchainCall.gas }(
contracts/interchain-governance-executor/InterchainProposalSender.sol#L88-L102
Line: 559 function _sanitizeTokenManagerImplementation(address[] memory implementaions, TokenManagerType tokenManagerType) internal pure returns (address implementation)
These control structures in the function _sanitizeTokenManagerImplementation should follow the One True Brace (OTB) style:
- Line: 563: {
contracts/its/interchain-token-service/InterchainTokenService.sol#L559-L567
Line: 622 function _processSendTokenWithDataPayload(string calldata sourceChain, bytes calldata payload) internal
These control structures in the function _processSendTokenWithDataPayload should follow the One True Brace (OTB) style:
- Line: 633: { - Line: 642: {
contracts/its/interchain-token-service/InterchainTokenService.sol#L622-L660
Line: 707 function _callContract( string calldata destinationChain, bytes memory payload, uint256 gasValue, address refundTo ) internal
These control structures in the function _callContract should follow the One True Brace (OTB) style:
- Line: 715: gasService.payNativeGasForContractCall{ value: gasValue }(
contracts/its/interchain-token-service/InterchainTokenService.sol#L707-L724
Line: 726 function _validateToken(address tokenAddress) internal returns ( string memory name, string memory symbol, uint8 decimals )
These control structures in the function _validateToken should follow the One True Brace (OTB) style:
- Line: 733: {
contracts/its/interchain-token-service/InterchainTokenService.sol#L726-L738
Line: 43 function interchainTransfer( string calldata destinationChain, bytes calldata recipient, uint256 amount, bytes calldata metadata ) external payable
These control structures in the function interchainTransfer should follow the One True Brace (OTB) style:
- Line: 66: tokenManager.transmitInterchainTransfer{ value: msg.value }(sender, destinationChain, recipient, amount, metadata);
contracts/its/interchain-token/InterchainToken.sol#L43-L67
Line: 79 function interchainTransferFrom( address sender, string calldata destinationChain, bytes calldata recipient, uint256 amount, bytes calldata metadata ) external payable
These control structures in the function interchainTransferFrom should follow the One True Brace (OTB) style:
- Line: 104: tokenManager.transmitInterchainTransfer{ value: msg.value }(sender, destinationChain, recipient, amount, metadata);
contracts/its/interchain-token/InterchainToken.sol#L79-L105
Line: 19 constructor( address implementationAddress, address owner, address operator ) FinalProxy(implementationAddress, owner, abi.encodePacked(operator))
These control structures in the function constructor should follow the One True Brace (OTB) style:
- Line: 23: ) FinalProxy(implementationAddress, owner, abi.encodePacked(operator)) {}
contracts/its/proxies/InterchainTokenServiceProxy.sol#L19-L23
Line: 20 constructor( address implementationAddress, address owner, bytes memory params ) Proxy(implementationAddress, owner, params)
These control structures in the function constructor should follow the One True Brace (OTB) style:
- Line: 24: ) Proxy(implementationAddress, owner, params) {}
contracts/its/proxies/RemoteAddressValidatorProxy.sol#L20-L24
Line: 54 function _getImplementation(IInterchainTokenService interchainTokenServiceAddress_, uint256 implementationType_) internal view returns (address impl)
These control structures in the function _getImplementation should follow the One True Brace (OTB) style:
- Line: 58: {
contracts/its/proxies/TokenManagerProxy.sol#L54-L60
Line: 66 function setup(bytes calldata setupParams) external
These control structures in the function setup should follow the One True Brace (OTB) style:
- Line: 66: function setup(bytes calldata setupParams) external {}
contracts/its/proxies/TokenManagerProxy.sol#L66
Line: 94 receive() external payable virtual
These control structures in the function receive should follow the One True Brace (OTB) style:
- Line: 94: receive() external payable virtual {}
contracts/its/proxies/TokenManagerProxy.sol#L94
Line: 49 function setup(bytes calldata params) external override onlyProxy
These control structures in the function setup should follow the One True Brace (OTB) style:
- Line: 50: { - Line: 60: {
contracts/its/token-implementations/StandardizedToken.sol#L49-L68
Line: 83 function sendToken( string calldata destinationChain, bytes calldata destinationAddress, uint256 amount, bytes calldata metadata ) external payable virtual
These control structures in the function sendToken should follow the One True Brace (OTB) style:
- Line: 92: interchainTokenService.transmitSendToken{ value: msg.value }(
contracts/its/token-manager/TokenManager.sol#L83-L100
Line: 109 function callContractWithInterchainToken( string calldata destinationChain, bytes calldata destinationAddress, uint256 amount, bytes calldata data ) external payable virtual
These control structures in the function callContractWithInterchainToken should follow the One True Brace (OTB) style:
- Line: 119: interchainTokenService.transmitSendToken{ value: msg.value }(
contracts/its/token-manager/TokenManager.sol#L109-L127
Line: 136 function transmitInterchainTransfer( address sender, string calldata destinationChain, bytes calldata destinationAddress, uint256 amount, bytes calldata metadata ) external payable virtual onlyToken
These control structures in the function transmitInterchainTransfer should follow the One True Brace (OTB) style:
- Line: 145: interchainTokenService.transmitSendToken{ value: msg.value }(
contracts/its/token-manager/TokenManager.sol#L136-L153
Line: 19 constructor(address interchainTokenService_) TokenManager(interchainTokenService_)
These control structures in the function constructor should follow the One True Brace (OTB) style:
- Line: 19: constructor(address interchainTokenService_) TokenManager(interchainTokenService_) {}
contracts/its/token-manager/implementations/TokenManagerAddressStorage.sol#L19
Line: 26 constructor(address interchainTokenService_) TokenManagerAddressStorage(interchainTokenService_)
These control structures in the function constructor should follow the One True Brace (OTB) style:
- Line: 26: constructor(address interchainTokenService_) TokenManagerAddressStorage(interchainTokenService_) {}
contracts/its/token-manager/implementations/TokenManagerLiquidityPool.sol#L26
Line: 22 constructor(address interchainTokenService_) TokenManagerAddressStorage(interchainTokenService_)
These control structures in the function constructor should follow the One True Brace (OTB) style:
- Line: 22: constructor(address interchainTokenService_) TokenManagerAddressStorage(interchainTokenService_) {}
contracts/its/token-manager/implementations/TokenManagerLockUnlock.sol#L22
Line: 23 constructor(address interchainTokenService_) TokenManagerAddressStorage(interchainTokenService_)
These control structures in the function constructor should follow the One True Brace (OTB) style:
- Line: 23: constructor(address interchainTokenService_) TokenManagerAddressStorage(interchainTokenService_) {}
contracts/its/token-manager/implementations/TokenManagerMintBurn.sol#L23
</details>Consider adding parameters to the error to indicate which user or values caused the failure.
<details> <summary> There are 67 instances of this issue: </summary>Line: 22 error InvalidImplementation();
contracts/cgp/AxelarGateway.sol#L22
Line: 13 error NotApproved();
contracts/cgp/interfaces/IAxelarServiceGovernance.sol#L13
Line: 6 error InsufficientBalance();
contracts/cgp/interfaces/ICaller.sol#L6
Line: 7 error ExecutionFailed();
contracts/cgp/interfaces/ICaller.sol#L7
Line: 13 error NotGovernance();
contracts/cgp/interfaces/IInterchainGovernance.sol#L13
Line: 14 error InvalidCommand();
contracts/cgp/interfaces/IInterchainGovernance.sol#L14
Line: 15 error InvalidTarget();
contracts/cgp/interfaces/IInterchainGovernance.sol#L15
Line: 16 error TokenNotSupported();
contracts/cgp/interfaces/IInterchainGovernance.sol#L16
Line: 10 error NotSigner();
contracts/cgp/interfaces/IMultisigBase.sol#L10
Line: 11 error AlreadyVoted();
contracts/cgp/interfaces/IMultisigBase.sol#L11
Line: 12 error InvalidSigners();
contracts/cgp/interfaces/IMultisigBase.sol#L12
Line: 13 error InvalidSignerThreshold();
contracts/cgp/interfaces/IMultisigBase.sol#L13
Line: 7 error NotOwner();
contracts/cgp/interfaces/IUpgradable.sol#L7
Line: 8 error InvalidOwner();
contracts/cgp/interfaces/IUpgradable.sol#L8
Line: 9 error InvalidCodeHash();
contracts/cgp/interfaces/IUpgradable.sol#L9
Line: 10 error InvalidImplementation();
contracts/cgp/interfaces/IUpgradable.sol#L10
Line: 11 error SetupFailed();
contracts/cgp/interfaces/IUpgradable.sol#L11
Line: 12 error NotProxy();
contracts/cgp/interfaces/IUpgradable.sol#L12
Line: 6 error EmptyBytecode();
contracts/gmp-sdk/deploy/ConstAddressDeployer.sol#L6
Line: 7 error FailedDeploy();
contracts/gmp-sdk/deploy/ConstAddressDeployer.sol#L7
Line: 8 error FailedInit();
contracts/gmp-sdk/deploy/ConstAddressDeployer.sol#L8
Line: 13 error FailedInit();
contracts/gmp-sdk/deploy/Create3Deployer.sol#L13
Line: 7 error InvalidOwner();
contracts/gmp-sdk/interfaces/IProxy.sol#L7
Line: 8 error InvalidImplementation();
contracts/gmp-sdk/interfaces/IProxy.sol#L8
Line: 9 error SetupFailed();
contracts/gmp-sdk/interfaces/IProxy.sol#L9
Line: 10 error NotOwner();
contracts/gmp-sdk/interfaces/IProxy.sol#L10
Line: 11 error AlreadyInitialized();
contracts/gmp-sdk/interfaces/IProxy.sol#L11
Line: 10 error InvalidTimeLockHash();
contracts/gmp-sdk/interfaces/ITimeLock.sol#L10
Line: 11 error TimeLockAlreadyScheduled();
contracts/gmp-sdk/interfaces/ITimeLock.sol#L11
Line: 12 error TimeLockNotReady();
contracts/gmp-sdk/interfaces/ITimeLock.sol#L12
Line: 9 error InvalidCodeHash();
contracts/gmp-sdk/interfaces/IUpgradable.sol#L9
Line: 10 error InvalidImplementation();
contracts/gmp-sdk/interfaces/IUpgradable.sol#L10
Line: 11 error SetupFailed();
contracts/gmp-sdk/interfaces/IUpgradable.sol#L11
Line: 12 error NotProxy();
contracts/gmp-sdk/interfaces/IUpgradable.sol#L12
Line: 15 error ProposalExecuteFailed();
contracts/interchain-governance-executor/interfaces/IInterchainProposalExecutor.sol#L15
Line: 18 error NotWhitelistedCaller();
contracts/interchain-governance-executor/interfaces/IInterchainProposalExecutor.sol#L18
Line: 21 error NotWhitelistedSourceAddress();
contracts/interchain-governance-executor/interfaces/IInterchainProposalExecutor.sol#L21
Line: 9 error InvalidFee();
contracts/interchain-governance-executor/interfaces/IInterchainProposalSender.sol#L9
Line: 6 error NotDistributor();
contracts/its/interfaces/IDistributable.sol#L6
Line: 6 error AlreadyExpressCalled();
contracts/its/interfaces/IExpressCallHandler.sol#L6
Line: 7 error SameDestinationAsCaller();
contracts/its/interfaces/IExpressCallHandler.sol#L7
Line: 6 error FlowLimitExceeded();
contracts/its/interfaces/IFlowLimit.sol#L6
Line: 6 error NotProxy();
contracts/its/interfaces/IImplementation.sol#L6
Line: 16 error ZeroAddress();
contracts/its/interfaces/IInterchainTokenService.sol#L16
Line: 17 error LengthMismatch();
contracts/its/interfaces/IInterchainTokenService.sol#L17
Line: 18 error InvalidTokenManagerImplementation();
contracts/its/interfaces/IInterchainTokenService.sol#L18
Line: 19 error NotRemoteService();
contracts/its/interfaces/IInterchainTokenService.sol#L19
Line: 21 error NotTokenManager();
contracts/its/interfaces/IInterchainTokenService.sol#L21
Line: 23 error NotCanonicalTokenManager();
contracts/its/interfaces/IInterchainTokenService.sol#L23
Line: 24 error GatewayToken();
contracts/its/interfaces/IInterchainTokenService.sol#L24
Line: 25 error TokenManagerDeploymentFailed();
contracts/its/interfaces/IInterchainTokenService.sol#L25
Line: 26 error StandardizedTokenDeploymentFailed();
contracts/its/interfaces/IInterchainTokenService.sol#L26
Line: 28 error SelectorUnknown();
contracts/its/interfaces/IInterchainTokenService.sol#L28
Line: 6 error NotOperator();
contracts/its/interfaces/IOperatable.sol#L6
Line: 13 error Paused();
contracts/its/interfaces/IPausable.sol#L13
Line: 10 error ZeroAddress();
contracts/its/interfaces/IRemoteAddressValidator.sol#L10
Line: 11 error LengthMismatch();
contracts/its/interfaces/IRemoteAddressValidator.sol#L11
Line: 12 error ZeroStringLength();
contracts/its/interfaces/IRemoteAddressValidator.sol#L12
Line: 15 error TokenLinkerZeroAddress();
contracts/its/interfaces/ITokenManager.sol#L15
Line: 16 error NotService();
contracts/its/interfaces/ITokenManager.sol#L16
Line: 17 error TakeTokenFailed();
contracts/its/interfaces/ITokenManager.sol#L17
Line: 18 error GiveTokenFailed();
contracts/its/interfaces/ITokenManager.sol#L18
Line: 19 error NotToken();
contracts/its/interfaces/ITokenManager.sol#L19
Line: 12 error AddressZero();
contracts/its/interfaces/ITokenManagerDeployer.sol#L12
Line: 13 error TokenManagerDeploymentFailed();
contracts/its/interfaces/ITokenManagerDeployer.sol#L13
Line: 11 error ImplementationLookupFailed();
contracts/its/interfaces/ITokenManagerProxy.sol#L11
Line: 12 error SetupFailed();
contracts/its/interfaces/ITokenManagerProxy.sol#L12
</details>Functions that are not sued.
<details> <summary> There are 5 instances of this issue: </summary>Line: 126 function _beforeProposalExecuted( string calldata sourceChain, string calldata sourceAddress, bytes calldata payload ) internal virtual
is never used and should be removed
contracts/interchain-governance-executor/InterchainProposalExecutor.sol#L126-L132
Line: 178 function _onTargetExecuted(InterchainCalls.Call memory call, bytes memory result) internal virtual
is never used and should be removed
contracts/interchain-governance-executor/InterchainProposalExecutor.sol#L178-L180
Line: 156 function _onTargetExecutionFailed( InterchainCalls.Call memory, /* call */ bytes memory result ) internal virtual
is never used and should be removed
contracts/interchain-governance-executor/InterchainProposalExecutor.sol#L156-L170
Line: 29 function contractId() internal pure override returns (bytes32)
is never used and should be removed
contracts/its/proxies/InterchainTokenServiceProxy.sol#L29-L31
Line: 30 function contractId() internal pure override returns (bytes32)
is never used and should be removed
contracts/its/proxies/RemoteAddressValidatorProxy.sol#L30-L32
</details>If a codebase has two contracts the similar names, the compilation artifacts will not contain one of the contracts with the duplicate name.
<details> <summary> There are 2 instances of this issue: </summary>Line: 6 interface IUpgradable
- File: contracts/gmp-sdk/interfaces/IUpgradable.sol
Line: 8 interface IUpgradable is IOwnable
contracts/cgp/interfaces/IUpgradable.sol#L6-L31
Line: 7 abstract contract Upgradable is IUpgradable
- File: contracts/gmp-sdk/upgradable/Upgradable.sol
Line: 12 abstract contract Upgradable is Ownable, IUpgradable
contracts/cgp/util/Upgradable.sol#L7-L69
</details>Ownership renouncement is a feature provided by the Ownable contract in various smart contract frameworks, such as OpenZeppelin. It allows the contract owner to transfer ownership to another address, relinquishing their control over the contract. However, in certain cases, it may be undesirable or unnecessary to allow ownership renouncement.
It is important to carefully consider the implications of allowing ownership renouncement. Disabling renouncement can provide additional security and prevent potential risks associated with unintended ownership transfers.
<details> <summary> There are 4 instances of this issue: </summary>Line: 12 abstract contract Upgradable is Ownable, IUpgradable
contracts/gmp-sdk/upgradable/Upgradable.sol#L12-L88
Line: 22 contract InterchainProposalExecutor is IInterchainProposalExecutor, AxelarExecutable, Ownable
contracts/interchain-governance-executor/InterchainProposalExecutor.sol#L22-L181
Line: 37 contract InterchainTokenService is IInterchainTokenService, AxelarExecutable, Upgradable, Operatable, ExpressCallHandler, Pausable, Multicall
contracts/its/interchain-token-service/InterchainTokenService.sol#L37-L896
Line: 12 contract RemoteAddressValidator is IRemoteAddressValidator, Upgradable
contracts/its/remote-address-validator/RemoteAddressValidator.sol#L12-L139
</details>Ensure that events follow the best practice of check-effects-interaction, and are emitted before external calls
<details> <summary> There are 28 instances of this issue: </summary>Line: 385 function deployToken(bytes calldata params, bytes32) external onlySelf
: External calls: - File: contracts/cgp/AxelarGateway.sol
Line: 398 (bool success, bytes memory data) = TOKEN_DEPLOYER_IMPLEMENTATION.delegatecall( abi.encodeWithSelector(ITokenDeployer.deployToken.selector, name, symbol, decimals, cap, salt) )
Event emitted after the call(s): - File: contracts/cgp/AxelarGateway.sol
Line: 418 emit TokenDeployed(symbol, tokenAddress)
- File: contracts/cgp/AxelarGateway.sol
Line: 630 emit TokenMintLimitUpdated(symbol, limit)
- File: contracts/cgp/AxelarGateway.sol
Line: 416 _setTokenMintLimit(symbol, mintLimit)
contracts/cgp/AxelarGateway.sol#L385-L419
Line: 323 function execute(bytes calldata input) external override
: External calls: - File: contracts/cgp/AxelarGateway.sol
Line: 329 bool allowOperatorshipTransfer = IAxelarAuth(AUTH_MODULE).validateProof(messageHash, proof)
- File: contracts/cgp/AxelarGateway.sol
Line: 374 (bool success, ) = address(this).call(abi.encodeWithSelector(commandSelector, params[i], commandId))
Event emitted after the call(s): - File: contracts/cgp/AxelarGateway.sol
Line: 376 emit Executed(commandId)
contracts/cgp/AxelarGateway.sol#L323-L379
Line: 307 function setup(bytes calldata params) external override
: External calls: - File: contracts/cgp/AxelarGateway.sol
Line: 317 IAxelarAuth(AUTH_MODULE).transferOperatorship(newOperatorsData)
Event emitted after the call(s): - File: contracts/cgp/AxelarGateway.sol
Line: 319 emit OperatorshipTransferred(newOperatorsData)
contracts/cgp/AxelarGateway.sol#L307-L321
Line: 495 function transferOperatorship(bytes calldata newOperatorsData, bytes32) external onlySelf
: External calls: - File: contracts/cgp/AxelarGateway.sol
Line: 496 IAxelarAuth(AUTH_MODULE).transferOperatorship(newOperatorsData)
Event emitted after the call(s): - File: contracts/cgp/AxelarGateway.sol
Line: 498 emit OperatorshipTransferred(newOperatorsData)
contracts/cgp/AxelarGateway.sol#L495-L499
Line: 48 function executeMultisigProposal( address target, bytes calldata callData, uint256 nativeValue ) external payable onlySigners
: External calls: - File: contracts/cgp/governance/AxelarServiceGovernance.sol
Line: 59 _call(target, callData, nativeValue)
- File: contracts/cgp/util/Caller.sol
Line: 18 (bool success, ) = target.call{ value: nativeValue }(callData)
Event emitted after the call(s): - File: contracts/cgp/governance/AxelarServiceGovernance.sol
Line: 61 emit MultisigExecuted(proposalHash, target, callData, nativeValue)
contracts/cgp/governance/AxelarServiceGovernance.sol#L48-L62
Line: 68 function executeProposal( address target, bytes calldata callData, uint256 nativeValue ) external payable
: External calls: - File: contracts/cgp/governance/InterchainGovernance.sol
Line: 76 _call(target, callData, nativeValue)
- File: contracts/cgp/util/Caller.sol
Line: 18 (bool success, ) = target.call{ value: nativeValue }(callData)
Event emitted after the call(s): - File: contracts/cgp/governance/InterchainGovernance.sol
Line: 78 emit ProposalExecuted(proposalHash, target, callData, nativeValue, block.timestamp)
contracts/cgp/governance/InterchainGovernance.sol#L68-L79
Line: 40 function upgrade( address newImplementation, bytes32 newImplementationCodeHash, bytes calldata params ) external override onlyOwner
: External calls: - File: contracts/cgp/util/Upgradable.sol
Line: 49 (bool success, ) = newImplementation.delegatecall(abi.encodeWithSelector(this.setup.selector, params))
Event emitted after the call(s): - File: contracts/cgp/util/Upgradable.sol
Line: 54 emit Upgraded(newImplementation)
contracts/cgp/util/Upgradable.sol#L40-L59
Line: 29 function deploy(bytes calldata bytecode, bytes32 salt) external returns (address deployedAddress_)
: External calls: - File: contracts/gmp-sdk/deploy/Create3Deployer.sol
Line: 31 deployedAddress_ = Create3.deploy(deploySalt, bytecode)
Event emitted after the call(s): - File: contracts/gmp-sdk/deploy/Create3Deployer.sol
Line: 33 emit Deployed(keccak256(bytecode), salt, deployedAddress_)
contracts/gmp-sdk/deploy/Create3Deployer.sol#L29-L34
Line: 49 function deployAndInit( bytes memory bytecode, bytes32 salt, bytes calldata init ) external returns (address deployedAddress_)
: External calls: - File: contracts/gmp-sdk/deploy/Create3Deployer.sol
Line: 55 deployedAddress_ = Create3.deploy(deploySalt, bytecode)
- File: contracts/gmp-sdk/deploy/Create3Deployer.sol
Line: 57 (bool success, ) = deployedAddress_.call(init)
Event emitted after the call(s): - File: contracts/gmp-sdk/deploy/Create3Deployer.sol
Line: 60 emit Deployed(keccak256(bytecode), salt, deployedAddress_)
contracts/gmp-sdk/deploy/Create3Deployer.sol#L49-L61
Line: 52 function upgrade( address newImplementation, bytes32 newImplementationCodeHash, bytes calldata params ) external override onlyOwner
: External calls: - File: contracts/gmp-sdk/upgradable/Upgradable.sol
Line: 61 (bool success, ) = newImplementation.delegatecall(abi.encodeWithSelector(this.setup.selector, params))
Event emitted after the call(s): - File: contracts/gmp-sdk/upgradable/Upgradable.sol
Line: 66 emit Upgraded(newImplementation)
contracts/gmp-sdk/upgradable/Upgradable.sol#L52-L71
Line: 41 function _execute( string calldata sourceChain, string calldata sourceAddress, bytes calldata payload ) internal override
: External calls: - File: contracts/interchain-governance-executor/InterchainProposalExecutor.sol
Line: 62 _executeProposal(calls)
- File: contracts/interchain-governance-executor/InterchainProposalExecutor.sol
Line: 76 (bool success, bytes memory result) = call.target.call{ value: call.value }(call.callData)
Event emitted after the call(s): - File: contracts/interchain-governance-executor/InterchainProposalExecutor.sol
Line: 66 emit ProposalExecuted(keccak256(abi.encode(sourceChain, sourceAddress, interchainProposalCaller, payload)))
contracts/interchain-governance-executor/InterchainProposalExecutor.sol#L41-L67
Line: 770 function _deployRemoteStandardizedToken( bytes32 tokenId, string memory name, string memory symbol, uint8 decimals, bytes memory distributor, bytes memory operator, string calldata destinationChain, uint256 gasValue ) internal
: External calls: - File: contracts/its/interchain-token-service/InterchainTokenService.sol
Line: 789 _callContract(destinationChain, payload, gasValue, msg.sender)
- File: contracts/its/interchain-token-service/InterchainTokenService.sol
Line: 715 gasService.payNativeGasForContractCall{ value: gasValue }( address(this), destinationChain, destinationAddress, payload, refundTo )
- File: contracts/its/interchain-token-service/InterchainTokenService.sol
Line: 723 gateway.callContract(destinationChain, destinationAddress, payload)
External calls sending eth: - File: contracts/its/interchain-token-service/InterchainTokenService.sol
Line: 789 _callContract(destinationChain, payload, gasValue, msg.sender)
- File: contracts/its/interchain-token-service/InterchainTokenService.sol
Line: 715 gasService.payNativeGasForContractCall{ value: gasValue }( address(this), destinationChain, destinationAddress, payload, refundTo )
Event emitted after the call(s): - File: contracts/its/interchain-token-service/InterchainTokenService.sol
Line: 790 emit RemoteStandardizedTokenAndManagerDeploymentInitialized( tokenId, name, symbol, decimals, distributor, operator, destinationChain, gasValue )
contracts/its/interchain-token-service/InterchainTokenService.sol#L770-L800
Line: 748 function _deployRemoteTokenManager( bytes32 tokenId, string calldata destinationChain, uint256 gasValue, TokenManagerType tokenManagerType, bytes memory params ) internal
: External calls: - File: contracts/its/interchain-token-service/InterchainTokenService.sol
Line: 756 _callContract(destinationChain, payload, gasValue, msg.sender)
- File: contracts/its/interchain-token-service/InterchainTokenService.sol
Line: 715 gasService.payNativeGasForContractCall{ value: gasValue }( address(this), destinationChain, destinationAddress, payload, refundTo )
- File: contracts/its/interchain-token-service/InterchainTokenService.sol
Line: 723 gateway.callContract(destinationChain, destinationAddress, payload)
External calls sending eth: - File: contracts/its/interchain-token-service/InterchainTokenService.sol
Line: 756 _callContract(destinationChain, payload, gasValue, msg.sender)
- File: contracts/its/interchain-token-service/InterchainTokenService.sol
Line: 715 gasService.payNativeGasForContractCall{ value: gasValue }( address(this), destinationChain, destinationAddress, payload, refundTo )
Event emitted after the call(s): - File: contracts/its/interchain-token-service/InterchainTokenService.sol
Line: 757 emit RemoteTokenManagerDeploymentInitialized(tokenId, destinationChain, gasValue, tokenManagerType, params)
contracts/its/interchain-token-service/InterchainTokenService.sol#L748-L758
Line: 841 function _deployStandardizedToken( bytes32 tokenId, address distributor, string memory name, string memory symbol, uint8 decimals, uint256 mintAmount, address mintTo ) internal
: External calls: - File: contracts/its/interchain-token-service/InterchainTokenService.sol
Line: 853 (bool success, ) = standardizedTokenDeployer.delegatecall( abi.encodeWithSelector( IStandardizedTokenDeployer.deployStandardizedToken.selector, salt, tokenManagerAddress, distributor, name, symbol, decimals, mintAmount, mintTo ) )
Event emitted after the call(s): - File: contracts/its/interchain-token-service/InterchainTokenService.sol
Line: 869 emit StandardizedTokenDeployed(tokenId, name, symbol, decimals, mintAmount, mintTo)
contracts/its/interchain-token-service/InterchainTokenService.sol#L841-L870
Line: 808 function _deployTokenManager( bytes32 tokenId, TokenManagerType tokenManagerType, bytes memory params ) internal
: External calls: - File: contracts/its/interchain-token-service/InterchainTokenService.sol
Line: 813 (bool success, ) = tokenManagerDeployer.delegatecall( abi.encodeWithSelector(ITokenManagerDeployer.deployTokenManager.selector, tokenId, tokenManagerType, params) )
Event emitted after the call(s): - File: contracts/its/interchain-token-service/InterchainTokenService.sol
Line: 819 emit TokenManagerDeployed(tokenId, tokenManagerType, params)
contracts/its/interchain-token-service/InterchainTokenService.sol#L808-L820
Line: 678 function _processDeployStandardizedTokenAndManagerPayload(bytes calldata payload) internal
: External calls: - File: contracts/its/interchain-token-service/InterchainTokenService.sol
Line: 691 _deployStandardizedToken(tokenId, distributor, name, symbol, decimals, 0, distributor)
- File: contracts/its/interchain-token-service/InterchainTokenService.sol
Line: 853 (bool success, ) = standardizedTokenDeployer.delegatecall( abi.encodeWithSelector( IStandardizedTokenDeployer.deployStandardizedToken.selector, salt, tokenManagerAddress, distributor, name, symbol, decimals, mintAmount, mintTo ) )
- File: contracts/its/interchain-token-service/InterchainTokenService.sol
Line: 693 _deployTokenManager( tokenId, tokenManagerType, abi.encode(operatorBytes.length == 0 ? address(this).toBytes() : operatorBytes, tokenAddress) )
- File: contracts/its/interchain-token-service/InterchainTokenService.sol
Line: 813 (bool success, ) = tokenManagerDeployer.delegatecall( abi.encodeWithSelector(ITokenManagerDeployer.deployTokenManager.selector, tokenId, tokenManagerType, params) )
Event emitted after the call(s): - File: contracts/its/interchain-token-service/InterchainTokenService.sol
Line: 819 emit TokenManagerDeployed(tokenId, tokenManagerType, params)
- File: contracts/its/interchain-token-service/InterchainTokenService.sol
Line: 693 _deployTokenManager( tokenId, tokenManagerType, abi.encode(operatorBytes.length == 0 ? address(this).toBytes() : operatorBytes, tokenAddress) )
contracts/its/interchain-token-service/InterchainTokenService.sol#L678-L698
Line: 678 function _processDeployStandardizedTokenAndManagerPayload(bytes calldata payload) internal
: External calls: - File: contracts/its/interchain-token-service/InterchainTokenService.sol
Line: 691 _deployStandardizedToken(tokenId, distributor, name, symbol, decimals, 0, distributor)
- File: contracts/its/interchain-token-service/InterchainTokenService.sol
Line: 853 (bool success, ) = standardizedTokenDeployer.delegatecall( abi.encodeWithSelector( IStandardizedTokenDeployer.deployStandardizedToken.selector, salt, tokenManagerAddress, distributor, name, symbol, decimals, mintAmount, mintTo ) )
- File: contracts/its/interchain-token-service/InterchainTokenService.sol
Line: 693 _deployTokenManager( tokenId, tokenManagerType, abi.encode(operatorBytes.length == 0 ? address(this).toBytes() : operatorBytes, tokenAddress) )
- File: contracts/its/interchain-token-service/InterchainTokenService.sol
Line: 813 (bool success, ) = tokenManagerDeployer.delegatecall( abi.encodeWithSelector(ITokenManagerDeployer.deployTokenManager.selector, tokenId, tokenManagerType, params) )
Event emitted after the call(s): - File: contracts/its/interchain-token-service/InterchainTokenService.sol
Line: 819 emit TokenManagerDeployed(tokenId, tokenManagerType, params)
- File: contracts/its/interchain-token-service/InterchainTokenService.sol
Line: 693 _deployTokenManager( tokenId, tokenManagerType, abi.encode(operatorBytes.length == 0 ? address(this).toBytes() : operatorBytes, tokenAddress) )
contracts/its/interchain-token-service/InterchainTokenService.sol#L678-L698
Line: 599 function _processSendTokenPayload(string calldata sourceChain, bytes calldata payload) internal
: External calls: - File: contracts/its/interchain-token-service/InterchainTokenService.sol
Line: 610 amount = tokenManager.giveToken(destinationAddress, amount)
Event emitted after the call(s): - File: contracts/its/interchain-token-service/InterchainTokenService.sol
Line: 611 emit TokenReceived(tokenId, sourceChain, destinationAddress, amount)
contracts/its/interchain-token-service/InterchainTokenService.sol#L599-L615
Line: 622 function _processSendTokenWithDataPayload(string calldata sourceChain, bytes calldata payload) internal
: External calls: - File: contracts/its/interchain-token-service/InterchainTokenService.sol
Line: 657 amount = tokenManager.giveToken(destinationAddress, amount)
- File: contracts/its/interchain-token-service/InterchainTokenService.sol
Line: 658 IInterchainTokenExpressExecutable(destinationAddress).executeWithInterchainToken(sourceChain, sourceAddress, data, tokenId, amount)
Event emitted after the call(s): - File: contracts/its/interchain-token-service/InterchainTokenService.sol
Line: 659 emit TokenReceivedWithData(tokenId, sourceChain, destinationAddress, amount, sourceAddress, data)
contracts/its/interchain-token-service/InterchainTokenService.sol#L622-L660
Line: 388 function deployAndRegisterStandardizedToken( bytes32 salt, string calldata name, string calldata symbol, uint8 decimals, uint256 mintAmount, address distributor ) external payable notPaused
: External calls: - File: contracts/its/interchain-token-service/InterchainTokenService.sol
Line: 397 _deployStandardizedToken(tokenId, distributor, name, symbol, decimals, mintAmount, msg.sender)
- File: contracts/its/interchain-token-service/InterchainTokenService.sol
Line: 853 (bool success, ) = standardizedTokenDeployer.delegatecall( abi.encodeWithSelector( IStandardizedTokenDeployer.deployStandardizedToken.selector, salt, tokenManagerAddress, distributor, name, symbol, decimals, mintAmount, mintTo ) )
- File: contracts/its/interchain-token-service/InterchainTokenService.sol
Line: 401 _deployTokenManager(tokenId, tokenManagerType, abi.encode(msg.sender.toBytes(), tokenAddress))
- File: contracts/its/interchain-token-service/InterchainTokenService.sol
Line: 813 (bool success, ) = tokenManagerDeployer.delegatecall( abi.encodeWithSelector(ITokenManagerDeployer.deployTokenManager.selector, tokenId, tokenManagerType, params) )
Event emitted after the call(s): - File: contracts/its/interchain-token-service/InterchainTokenService.sol
Line: 819 emit TokenManagerDeployed(tokenId, tokenManagerType, params)
- File: contracts/its/interchain-token-service/InterchainTokenService.sol
Line: 401 _deployTokenManager(tokenId, tokenManagerType, abi.encode(msg.sender.toBytes(), tokenAddress))
contracts/its/interchain-token-service/InterchainTokenService.sol#L388-L402
Line: 343 function deployCustomTokenManager( bytes32 salt, TokenManagerType tokenManagerType, bytes memory params ) public payable notPaused returns (bytes32 tokenId)
: External calls: - File: contracts/its/interchain-token-service/InterchainTokenService.sol
Line: 350 _deployTokenManager(tokenId, tokenManagerType, params)
- File: contracts/its/interchain-token-service/InterchainTokenService.sol
Line: 813 (bool success, ) = tokenManagerDeployer.delegatecall( abi.encodeWithSelector(ITokenManagerDeployer.deployTokenManager.selector, tokenId, tokenManagerType, params) )
Event emitted after the call(s): - File: contracts/its/interchain-token-service/InterchainTokenService.sol
Line: 351 emit CustomTokenIdClaimed(tokenId, deployer_, salt)
contracts/its/interchain-token-service/InterchainTokenService.sol#L343-L352
Line: 325 function deployRemoteCanonicalToken( bytes32 tokenId, string calldata destinationChain, uint256 gasValue ) public payable notPaused
: External calls: - File: contracts/its/interchain-token-service/InterchainTokenService.sol
Line: 333 (string memory tokenName, string memory tokenSymbol, uint8 tokenDecimals) = _validateToken(tokenAddress)
- File: contracts/its/interchain-token-service/InterchainTokenService.sol
Line: 735 name = token.name()
- File: contracts/its/interchain-token-service/InterchainTokenService.sol
Line: 736 symbol = token.symbol()
- File: contracts/its/interchain-token-service/InterchainTokenService.sol
Line: 737 decimals = token.decimals()
- File: contracts/its/interchain-token-service/InterchainTokenService.sol
Line: 334 _deployRemoteStandardizedToken(tokenId, tokenName, tokenSymbol, tokenDecimals, '', '', destinationChain, gasValue)
- File: contracts/its/interchain-token-service/InterchainTokenService.sol
Line: 715 gasService.payNativeGasForContractCall{ value: gasValue }( address(this), destinationChain, destinationAddress, payload, refundTo )
- File: contracts/its/interchain-token-service/InterchainTokenService.sol
Line: 723 gateway.callContract(destinationChain, destinationAddress, payload)
External calls sending eth: - File: contracts/its/interchain-token-service/InterchainTokenService.sol
Line: 334 _deployRemoteStandardizedToken(tokenId, tokenName, tokenSymbol, tokenDecimals, '', '', destinationChain, gasValue)
- File: contracts/its/interchain-token-service/InterchainTokenService.sol
Line: 715 gasService.payNativeGasForContractCall{ value: gasValue }( address(this), destinationChain, destinationAddress, payload, refundTo )
Event emitted after the call(s): - File: contracts/its/interchain-token-service/InterchainTokenService.sol
Line: 790 emit RemoteStandardizedTokenAndManagerDeploymentInitialized( tokenId, name, symbol, decimals, distributor, operator, destinationChain, gasValue )
- File: contracts/its/interchain-token-service/InterchainTokenService.sol
Line: 334 _deployRemoteStandardizedToken(tokenId, tokenName, tokenSymbol, tokenDecimals, '', '', destinationChain, gasValue)
contracts/its/interchain-token-service/InterchainTokenService.sol#L325-L335
Line: 365 function deployRemoteCustomTokenManager( bytes32 salt, string calldata destinationChain, TokenManagerType tokenManagerType, bytes calldata params, uint256 gasValue ) external payable notPaused returns (bytes32 tokenId)
: External calls: - File: contracts/its/interchain-token-service/InterchainTokenService.sol
Line: 374 _deployRemoteTokenManager(tokenId, destinationChain, gasValue, tokenManagerType, params)
- File: contracts/its/interchain-token-service/InterchainTokenService.sol
Line: 715 gasService.payNativeGasForContractCall{ value: gasValue }( address(this), destinationChain, destinationAddress, payload, refundTo )
- File: contracts/its/interchain-token-service/InterchainTokenService.sol
Line: 723 gateway.callContract(destinationChain, destinationAddress, payload)
External calls sending eth: - File: contracts/its/interchain-token-service/InterchainTokenService.sol
Line: 374 _deployRemoteTokenManager(tokenId, destinationChain, gasValue, tokenManagerType, params)
- File: contracts/its/interchain-token-service/InterchainTokenService.sol
Line: 715 gasService.payNativeGasForContractCall{ value: gasValue }( address(this), destinationChain, destinationAddress, payload, refundTo )
Event emitted after the call(s): - File: contracts/its/interchain-token-service/InterchainTokenService.sol
Line: 375 emit CustomTokenIdClaimed(tokenId, deployer_, salt)
contracts/its/interchain-token-service/InterchainTokenService.sol#L365-L376
Line: 439 function expressReceiveToken( bytes32 tokenId, address destinationAddress, uint256 amount, bytes32 commandId ) external
: External calls: - File: contracts/its/interchain-token-service/InterchainTokenService.sol
Line: 451 SafeTokenTransferFrom.safeTransferFrom(token, caller, destinationAddress, amount)
Event emitted after the call(s): - File: contracts/its/utils/ExpressCallHandler.sol
Line: 95 emit ExpressReceive(tokenId, destinationAddress, amount, commandId, expressCaller)
- File: contracts/its/interchain-token-service/InterchainTokenService.sol
Line: 453 _setExpressReceiveToken(tokenId, destinationAddress, amount, commandId, caller)
contracts/its/interchain-token-service/InterchainTokenService.sol#L439-L454
Line: 467 function expressReceiveTokenWithData( bytes32 tokenId, string memory sourceChain, bytes memory sourceAddress, address destinationAddress, uint256 amount, bytes calldata data, bytes32 commandId ) external
: External calls: - File: contracts/its/interchain-token-service/InterchainTokenService.sol
Line: 482 SafeTokenTransferFrom.safeTransferFrom(token, caller, destinationAddress, amount)
- File: contracts/its/interchain-token-service/InterchainTokenService.sol
Line: 484 _expressExecuteWithInterchainTokenToken(tokenId, destinationAddress, sourceChain, sourceAddress, data, amount)
- File: contracts/its/interchain-token-service/InterchainTokenService.sol
Line: 888 IInterchainTokenExpressExecutable(destinationAddress).expressExecuteWithInterchainToken( sourceChain, sourceAddress, data, tokenId, amount )
Event emitted after the call(s): - File: contracts/its/utils/ExpressCallHandler.sol
Line: 137 emit ExpressReceiveWithData(tokenId, sourceChain, sourceAddress, destinationAddress, amount, data, commandId, expressCaller)
- File: contracts/its/interchain-token-service/InterchainTokenService.sol
Line: 486 _setExpressReceiveTokenWithData(tokenId, sourceChain, sourceAddress, destinationAddress, amount, data, commandId, caller)
contracts/its/interchain-token-service/InterchainTokenService.sol#L467-L487
Line: 309 function registerCanonicalToken(address tokenAddress) external payable notPaused returns (bytes32 tokenId)
: External calls: - File: contracts/its/interchain-token-service/InterchainTokenService.sol
Line: 310 (, string memory tokenSymbol, ) = _validateToken(tokenAddress)
- File: contracts/its/interchain-token-service/InterchainTokenService.sol
Line: 735 name = token.name()
- File: contracts/its/interchain-token-service/InterchainTokenService.sol
Line: 736 symbol = token.symbol()
- File: contracts/its/interchain-token-service/InterchainTokenService.sol
Line: 737 decimals = token.decimals()
- File: contracts/its/interchain-token-service/InterchainTokenService.sol
Line: 313 _deployTokenManager(tokenId, TokenManagerType.LOCK_UNLOCK, abi.encode(address(this).toBytes(), tokenAddress))
- File: contracts/its/interchain-token-service/InterchainTokenService.sol
Line: 813 (bool success, ) = tokenManagerDeployer.delegatecall( abi.encodeWithSelector(ITokenManagerDeployer.deployTokenManager.selector, tokenId, tokenManagerType, params) )
Event emitted after the call(s): - File: contracts/its/interchain-token-service/InterchainTokenService.sol
Line: 819 emit TokenManagerDeployed(tokenId, tokenManagerType, params)
- File: contracts/its/interchain-token-service/InterchainTokenService.sol
Line: 313 _deployTokenManager(tokenId, TokenManagerType.LOCK_UNLOCK, abi.encode(address(this).toBytes(), tokenAddress))
contracts/its/interchain-token-service/InterchainTokenService.sol#L309-L314
Line: 502 function transmitSendToken( bytes32 tokenId, address sourceAddress, string calldata destinationChain, bytes memory destinationAddress, uint256 amount, bytes calldata metadata ) external payable onlyTokenManager(tokenId) notPaused
: External calls: - File: contracts/its/interchain-token-service/InterchainTokenService.sol
Line: 513 _callContract(destinationChain, payload, msg.value, sourceAddress)
- File: contracts/its/interchain-token-service/InterchainTokenService.sol
Line: 715 gasService.payNativeGasForContractCall{ value: gasValue }( address(this), destinationChain, destinationAddress, payload, refundTo )
- File: contracts/its/interchain-token-service/InterchainTokenService.sol
Line: 723 gateway.callContract(destinationChain, destinationAddress, payload)
External calls sending eth: - File: contracts/its/interchain-token-service/InterchainTokenService.sol
Line: 513 _callContract(destinationChain, payload, msg.value, sourceAddress)
- File: contracts/its/interchain-token-service/InterchainTokenService.sol
Line: 715 gasService.payNativeGasForContractCall{ value: gasValue }( address(this), destinationChain, destinationAddress, payload, refundTo )
Event emitted after the call(s): - File: contracts/its/interchain-token-service/InterchainTokenService.sol
Line: 514 emit TokenSent(tokenId, destinationChain, destinationAddress, amount)
contracts/its/interchain-token-service/InterchainTokenService.sol#L502-L523
Line: 502 function transmitSendToken( bytes32 tokenId, address sourceAddress, string calldata destinationChain, bytes memory destinationAddress, uint256 amount, bytes calldata metadata ) external payable onlyTokenManager(tokenId) notPaused
: External calls: - File: contracts/its/interchain-token-service/InterchainTokenService.sol
Line: 521 _callContract(destinationChain, payload, msg.value, sourceAddress)
- File: contracts/its/interchain-token-service/InterchainTokenService.sol
Line: 715 gasService.payNativeGasForContractCall{ value: gasValue }( address(this), destinationChain, destinationAddress, payload, refundTo )
- File: contracts/its/interchain-token-service/InterchainTokenService.sol
Line: 723 gateway.callContract(destinationChain, destinationAddress, payload)
External calls sending eth: - File: contracts/its/interchain-token-service/InterchainTokenService.sol
Line: 521 _callContract(destinationChain, payload, msg.value, sourceAddress)
- File: contracts/its/interchain-token-service/InterchainTokenService.sol
Line: 715 gasService.payNativeGasForContractCall{ value: gasValue }( address(this), destinationChain, destinationAddress, payload, refundTo )
Event emitted after the call(s): - File: contracts/its/interchain-token-service/InterchainTokenService.sol
Line: 522 emit TokenSentWithData(tokenId, destinationChain, destinationAddress, amount, sourceAddress, metadata)
contracts/its/interchain-token-service/InterchainTokenService.sol#L502-L523
</details>Detect variables with names that are too similar.
<details> <summary> There are 2 instances of this issue: </summary>Line: 60 address internal immutable AUTH_MODULE
is too similar to File: contracts/cgp/AxelarGateway.sol
Line: 64 address authModule_
contracts/cgp/AxelarGateway.sol#L60
Line: 559 address[] memory implementaions
is too similar to File: contracts/its/interchain-token-service/InterchainTokenService.sol
Line: 562 address implementation
contracts/its/interchain-token-service/InterchainTokenService.sol#L559
</details>Identify unused imports in source files that can be safely removed. Please note that this detector does not support files with cyclic imports or files that use 'import {...} from' directives.
<details> <summary> There are 12 instances of this issue: </summary>Unused imports found in /Users/noam/Documents/Code4rena/2023-07-axelar/contracts/cgp/AxelarGateway.sol. Consider removing the following imports:
Line: 15 import { AdminMultisigBase } from './AdminMultisigBase.sol';
contracts/gmp-sdk/interfaces/IERC20.sol contracts/gmp-sdk/interfaces/IERC20.sol
contracts/cgp/AxelarGateway.sol#L15
Unused imports found in /Users/noam/Documents/Code4rena/2023-07-axelar/contracts/gmp-sdk/upgradable/FinalProxy.sol. Consider removing the following imports:
Line: 9 import { Proxy } from './Proxy.sol';
contracts/gmp-sdk/interfaces/IProxy.sol - File: contracts/gmp-sdk/upgradable/FinalProxy.sol
Line: 9 import { Proxy } from './Proxy.sol';
contracts/gmp-sdk/upgradable/BaseProxy.sol contracts/gmp-sdk/upgradable/BaseProxy.sol
contracts/gmp-sdk/upgradable/FinalProxy.sol#L9
Unused imports found in /Users/noam/Documents/Code4rena/2023-07-axelar/contracts/gmp-sdk/upgradable/Proxy.sol. Consider removing the following imports:
Line: 7 import { BaseProxy } from './BaseProxy.sol';
contracts/gmp-sdk/interfaces/IUpgradable.sol - File: contracts/gmp-sdk/upgradable/Proxy.sol
Line: 7 import { BaseProxy } from './BaseProxy.sol';
contracts/gmp-sdk/interfaces/IProxy.sol - File: contracts/gmp-sdk/upgradable/Proxy.sol
Line: 7 import { BaseProxy } from './BaseProxy.sol';
contracts/gmp-sdk/upgradable/BaseProxy.sol and adding the following:
- File: contracts/gmp-sdk/upgradable/Proxy.sol
Line: 7 import { BaseProxy } from './BaseProxy.sol';
/Users/noam/Documents/Code4rena/2023-07-axelar/contracts/its/proxies/InterchainTokenServiceProxy.sol - File: contracts/gmp-sdk/upgradable/Proxy.sol
Line: 7 import { BaseProxy } from './BaseProxy.sol';
/Users/noam/Documents/Code4rena/2023-07-axelar/contracts/gmp-sdk/test/ProxyTest.sol - File: contracts/gmp-sdk/upgradable/Proxy.sol
Line: 7 import { BaseProxy } from './BaseProxy.sol';
/Users/noam/Documents/Code4rena/2023-07-axelar/contracts/gmp-sdk/test/proxy/TestProxy.sol - File: contracts/gmp-sdk/upgradable/Proxy.sol
Line: 7 import { BaseProxy } from './BaseProxy.sol';
/Users/noam/Documents/Code4rena/2023-07-axelar/contracts/its/proxies/RemoteAddressValidatorProxy.sol /Users/noam/Documents/Code4rena/2023-07-axelar/contracts/its/proxies/RemoteAddressValidatorProxy.sol
contracts/gmp-sdk/upgradable/Proxy.sol#L7
Unused imports found in /Users/noam/Documents/Code4rena/2023-07-axelar/contracts/interchain-governance-executor/InterchainProposalSender.sol. Consider removing the following imports:
Line: 8 import { InterchainCalls } from './lib/InterchainCalls.sol';
contracts/interchain-governance-executor/lib/InterchainCalls.sol contracts/interchain-governance-executor/lib/InterchainCalls.sol
contracts/interchain-governance-executor/InterchainProposalSender.sol#L8
Unused imports found in /Users/noam/Documents/Code4rena/2023-07-axelar/contracts/its/interchain-token-service/InterchainTokenService.sol. Consider removing the following imports:
Line: 29 import { Multicall } from '../utils/Multicall.sol';
contracts/gmp-sdk/interfaces/IAxelarGateway.sol - File: contracts/its/interchain-token-service/InterchainTokenService.sol
Line: 29 import { Multicall } from '../utils/Multicall.sol';
contracts/its/interfaces/ITokenManagerDeployer.sol - File: contracts/its/interchain-token-service/InterchainTokenService.sol
Line: 29 import { Multicall } from '../utils/Multicall.sol';
contracts/gmp-sdk/deploy/Create3Deployer.sol - File: contracts/its/interchain-token-service/InterchainTokenService.sol
Line: 29 import { Multicall } from '../utils/Multicall.sol';
contracts/gmp-sdk/interfaces/IERC20.sol contracts/gmp-sdk/interfaces/IERC20.sol
contracts/its/interchain-token-service/InterchainTokenService.sol#L29
Unused imports found in /Users/noam/Documents/Code4rena/2023-07-axelar/contracts/its/interfaces/IInterchainTokenService.sol. Consider removing the following imports:
Line: 12 import { IMulticall } from './IMulticall.sol';
contracts/gmp-sdk/interfaces/IAxelarGateway.sol - File: contracts/its/interfaces/IInterchainTokenService.sol
Line: 12 import { IMulticall } from './IMulticall.sol';
contracts/its/interfaces/ITokenManagerDeployer.sol contracts/its/interfaces/ITokenManagerDeployer.sol
contracts/its/interfaces/IInterchainTokenService.sol#L12
Unused imports found in /Users/noam/Documents/Code4rena/2023-07-axelar/contracts/its/token-implementations/StandardizedToken.sol. Consider removing the following imports:
Line: 12 import { Distributable } from '../utils/Distributable.sol';
contracts/its/interfaces/ITokenManager.sol - File: contracts/its/token-implementations/StandardizedToken.sol
Line: 12 import { Distributable } from '../utils/Distributable.sol';
contracts/its/interfaces/IERC20BurnableMintable.sol contracts/its/interfaces/IERC20BurnableMintable.sol
contracts/its/token-implementations/StandardizedToken.sol#L12
Unused imports found in /Users/noam/Documents/Code4rena/2023-07-axelar/contracts/its/token-manager/implementations/TokenManagerAddressStorage.sol. Consider removing the following imports:
Line: 7 import { IAxelarGateway } from '../../../gmp-sdk/interfaces/IAxelarGateway.sol';
contracts/gmp-sdk/interfaces/IAxelarGateway.sol - File: contracts/its/token-manager/implementations/TokenManagerAddressStorage.sol
Line: 7 import { IAxelarGateway } from '../../../gmp-sdk/interfaces/IAxelarGateway.sol';
contracts/gmp-sdk/interfaces/IERC20.sol contracts/gmp-sdk/interfaces/IERC20.sol
contracts/its/token-manager/implementations/TokenManagerAddressStorage.sol#L7
Unused imports found in /Users/noam/Documents/Code4rena/2023-07-axelar/contracts/its/token-manager/implementations/TokenManagerLiquidityPool.sol. Consider removing the following imports:
Line: 8 import { SafeTokenTransferFrom } from '../../../gmp-sdk/util/SafeTransfer.sol';
contracts/gmp-sdk/interfaces/IERC20.sol contracts/gmp-sdk/interfaces/IERC20.sol
contracts/its/token-manager/implementations/TokenManagerLiquidityPool.sol#L8
Unused imports found in /Users/noam/Documents/Code4rena/2023-07-axelar/contracts/its/token-manager/implementations/TokenManagerLockUnlock.sol. Consider removing the following imports:
Line: 8 import { SafeTokenTransferFrom, SafeTokenTransfer } from '../../../gmp-sdk/util/SafeTransfer.sol';
contracts/gmp-sdk/interfaces/IERC20.sol contracts/gmp-sdk/interfaces/IERC20.sol
contracts/its/token-manager/implementations/TokenManagerLockUnlock.sol#L8
Unused imports found in /Users/noam/Documents/Code4rena/2023-07-axelar/contracts/its/token-manager/implementations/TokenManagerMintBurn.sol. Consider removing the following imports:
Line: 9 import { SafeTokenCall } from '../../../gmp-sdk/util/SafeTransfer.sol';
contracts/gmp-sdk/interfaces/IERC20.sol contracts/gmp-sdk/interfaces/IERC20.sol
contracts/its/token-manager/implementations/TokenManagerMintBurn.sol#L9
Unused imports found in /Users/noam/Documents/Code4rena/2023-07-axelar/contracts/its/utils/TokenManagerDeployer.sol. Consider removing the following imports:
Line: 9 import { TokenManagerProxy } from '../proxies/TokenManagerProxy.sol';
contracts/gmp-sdk/deploy/Create3Deployer.sol - File: contracts/its/utils/TokenManagerDeployer.sol
Line: 9 import { TokenManagerProxy } from '../proxies/TokenManagerProxy.sol';
contracts/its/interfaces/ITokenManagerDeployer.sol contracts/its/interfaces/ITokenManagerDeployer.sol
contracts/its/utils/TokenManagerDeployer.sol#L9
</details>There may be cases where a custom error superficially appears to be used, but this is only because there are multiple definitions of the custom error in different files. In such cases, the custom error definition should be moved into a separate file.
<details> <summary> There are 7 instances of this issue: </summary>Line: 7 error SameDestinationAsCaller();
The custom error SameDestinationAsCaller is defined but never used:
contracts/its/interfaces/IExpressCallHandler.sol#L7
Line: 22 error ExecuteWithInterchainTokenFailed(address contractAddress);
The custom error ExecuteWithInterchainTokenFailed is defined but never used:
contracts/its/interfaces/IInterchainTokenService.sol#L22
Line: 27 error DoesNotAcceptExpressExecute(address contractAddress);
The custom error DoesNotAcceptExpressExecute is defined but never used:
contracts/its/interfaces/IInterchainTokenService.sol#L27
Line: 17 error TakeTokenFailed();
The custom error TakeTokenFailed is defined but never used:
contracts/its/interfaces/ITokenManager.sol#L17
Line: 18 error GiveTokenFailed();
The custom error GiveTokenFailed is defined but never used:
contracts/its/interfaces/ITokenManager.sol#L18
Line: 11 error ImplementationLookupFailed();
The custom error ImplementationLookupFailed is defined but never used:
contracts/its/interfaces/ITokenManagerProxy.sol#L11
Line: 13 error MulticallFailed(bytes err);
The custom error MulticallFailed is defined but never used:
contracts/its/utils/Multicall.sol#L13
</details>Detects functions with high (> 11) cyclomatic complexity.
<details> <summary> There are 1 instances of this issue: </summary>Line: 323 function execute(bytes calldata input) external override
has a high cyclomatic complexity (13).
contracts/cgp/AxelarGateway.sol#L323-L379
</details>NFT thefts have increased recently, so with the addition of stolen NFTs to the platform, NFTs can be converted into liquidity. To prevent this, we recommend adding a blacklist function.
<details> <summary> There are 2 instances of this issue: </summary>Line: 7 contract StandardizedTokenLockUnlock is StandardizedToken
Token contract does not contain a blacklist. Consider adding one for increased security. contracts/its/token-implementations/StandardizedTokenLockUnlock.sol#L7-L11
Line: 7 contract StandardizedTokenMintBurn is StandardizedToken
Token contract does not contain a blacklist. Consider adding one for increased security. contracts/its/token-implementations/StandardizedTokenMintBurn.sol#L7-L11
</details>This detector identifies instances where a contract defines functions that match an interface's signature, but does not explicitly inherit from the interface. Explicitly declaring inheritance relationships can improve code readability and maintainability, and ensures that the contract adheres to the defined interface.
<details> <summary> There are 2 instances of this issue: </summary>Line: 17 contract AxelarGateway is IAxelarGateway, IGovernable, AdminMultisigBase
should inherit from File: contracts/its/interfaces/IStandardizedTokenProxy.sol
Line: 9 interface IStandardizedTokenProxy
contracts/cgp/AxelarGateway.sol#L17-L692
Line: 13 contract TokenManagerProxy is ITokenManagerProxy
should inherit from File: contracts/gmp-sdk/interfaces/IProxy.sol
Line: 6 interface IProxy
contracts/its/proxies/TokenManagerProxy.sol#L13-L95
</details>Literals with many digits are difficult to read and review.
<details> <summary> There are 3 instances of this issue: </summary>Line: 427 function burnToken(bytes calldata params, bytes32) external onlySelf
uses literals with too many digits: - File: contracts/cgp/AxelarGateway.sol
Line: 435 address depositHandlerAddress = _getCreate2Address(salt, keccak256(abi.encodePacked(type(DepositHandler).creationCode)))
contracts/cgp/AxelarGateway.sol#L427-L453
Line: 38 library Create3
uses literals with too many digits: - File: contracts/gmp-sdk/deploy/Create3.sol
Line: 41 bytes32 internal constant DEPLOYER_BYTECODE_HASH = keccak256(type(CreateDeployer).creationCode)
contracts/gmp-sdk/deploy/Create3.sol#L38-L76
Line: 33 function deployTokenManager( bytes32 tokenId, uint256 implementationType, bytes calldata params ) external payable
uses literals with too many digits: - File: contracts/its/utils/TokenManagerDeployer.sol
Line: 39 bytes memory bytecode = abi.encodePacked(type(TokenManagerProxy).creationCode, args)
contracts/its/utils/TokenManagerDeployer.sol#L33-L42
</details>Contracts that only contain utility functions can be converted into libraries. This enhances modularity and reusability of the code.
<details> <summary> There are 3 instances of this issue: </summary>Line: 5 contract ConstAddressDeployer
contracts/gmp-sdk/deploy/ConstAddressDeployer.sol#L5-L92
Line: 16 contract CreateDeployer
contracts/gmp-sdk/deploy/Create3.sol#L16-L31
</details>Line: 12 contract Create3Deployer
#0 - c4-judge
2023-09-08T11:20:21Z
berndartmueller marked the issue as grade-b
🌟 Selected for report: Sathish9098
Also found by: 0x11singh99, 0xAnah, 0xn006e7, Arz, DavidGiladi, K42, Raihan, ReyAdmirado, Rolezn, SAQ, SM3_SS, SY_S, Walter, dharma09, flutter_developer, hunter_w3b, matrix_0wl, naman1778, petrichor, ybansal2403
19.2767 USDC - $19.28
| Title | Issue | Instances | Total Gas Saved |
|---|---|---|---|
| [G-1] Inefficient use of abi.encode() | Inefficient use of abi.encode() | 14 | 1400 |
| [G-2] Use assembly to emit events | Use assembly to emit events | 43 | 1634 |
| [G-3] Potential Optimization by Combining Multiple Mappings into a Struct | Potential Optimization by Combining Multiple Mappings into a Struct | 2 | 1000 |
| [G-4] Avoid duplicate keccak256 calls | Avoid duplicate keccak256 calls | 3 | 126 |
| [G-5] Cache External Calls in Loops | Cache External Calls in Loops | 1 | 100 |
| [G-6] Functions Guaranteed to Revert When Called by Normal Users Should Be Marked Payable | Functions Guaranteed to Revert When Called by Normal Users Should Be Marked Payable | 33 | 693 |
| [G-7] Identical Deployments Should be Replaced with Clone | Identical Deployments Should be Replaced with Clone | 1 | - |
| [G-8] Inefficient Parameter Storage | Inefficient Parameter Storage | 10 | 500 |
| [G-9] Optimal State Variable Order | Optimal State Variable Order | 1 | 5000 |
| [G-10] Superfluous event fields | Superfluous event fields | 1 | - |
| [G-11] Unnecessary Casting of Variables | Unnecessary Casting of Variables | 11 | - |
| [G-12] External calls that could skip contract existence check | External calls that could skip contract existence check | 47 | - |
| [G-13] Unused Named Return Variables | Unused Named Return Variables | 2 | - |
| [G-14] Usage of Custom Errors for Gas Efficiency | Usage of Custom Errors for Gas Efficiency | 1 | 276 |
Total: 14 issues
The abi.encode() function is less gas efficient than abi.encodePacked(), especially when encoding only static types. This detector identifies instances where abi.encode() is used and all arguments are static, suggesting that abi.encodePacked() could potentially be used instead for better gas efficiency. Note: abi.encodePacked() should not be used if any of the arguments are dynamic types, as it could lead to hash collisions.
Line: 25 deployedAddress_ = _deploy(bytecode, keccak256(abi.encode(msg.sender, salt)))
use abi.encodepacked() instead.
contracts/gmp-sdk/deploy/ConstAddressDeployer.sol#L25
Line: 47 deployedAddress_ = _deploy(bytecode, keccak256(abi.encode(msg.sender, salt)))
use abi.encodepacked() instead.
contracts/gmp-sdk/deploy/ConstAddressDeployer.sol#L47
Line: 63 bytes32 newSalt = keccak256(abi.encode(sender, salt))
use abi.encodepacked() instead.
contracts/gmp-sdk/deploy/ConstAddressDeployer.sol#L63
Line: 30 bytes32 deploySalt = keccak256(abi.encode(msg.sender, salt))
use abi.encodepacked() instead.
contracts/gmp-sdk/deploy/Create3Deployer.sol#L30
Line: 54 bytes32 deploySalt = keccak256(abi.encode(msg.sender, salt))
use abi.encodepacked() instead.
contracts/gmp-sdk/deploy/Create3Deployer.sol#L54
Line: 68 bytes32 deploySalt = keccak256(abi.encode(sender, salt))
use abi.encodepacked() instead.
contracts/gmp-sdk/deploy/Create3Deployer.sol#L68
Line: 203 tokenId = keccak256(abi.encode(PREFIX_STANDARDIZED_TOKEN_ID, chainNameHash, tokenAddress))
use abi.encodepacked() instead.
contracts/its/interchain-token-service/InterchainTokenService.sol#L203
Line: 214 tokenId = keccak256(abi.encode(PREFIX_CUSTOM_TOKEN_ID, sender, salt))
use abi.encodepacked() instead.
contracts/its/interchain-token-service/InterchainTokenService.sol#L214
Line: 313 _deployTokenManager(tokenId, TokenManagerType.LOCK_UNLOCK, abi.encode(address(this).toBytes(), tokenAddress))
use abi.encodepacked() instead.
contracts/its/interchain-token-service/InterchainTokenService.sol#L313
Line: 693 _deployTokenManager( tokenId, tokenManagerType, abi.encode(operatorBytes.length == 0 ? address(this).toBytes() : operatorBytes, tokenAddress) )
use abi.encodepacked() instead.
contracts/its/interchain-token-service/InterchainTokenService.sol#L693-L697
Line: 828 return keccak256(abi.encode(PREFIX_STANDARDIZED_TOKEN_SALT, tokenId))
use abi.encodepacked() instead.
contracts/its/interchain-token-service/InterchainTokenService.sol#L828
Line: 32 slot = uint256(keccak256(abi.encode(PREFIX_EXPRESS_RECEIVE_TOKEN, tokenId, destinationAddress, amount, commandId)))
use abi.encodepacked() instead.
contracts/its/utils/ExpressCallHandler.sol#L32
Line: 47 slot = uint256(keccak256(abi.encode(PREFIX_FLOW_OUT_AMOUNT, epoch)))
use abi.encodepacked() instead.
contracts/its/utils/FlowLimit.sol#L47
Line: 56 slot = uint256(keccak256(abi.encode(PREFIX_FLOW_IN_AMOUNT, epoch)))
use abi.encodepacked() instead.
contracts/its/utils/FlowLimit.sol#L56
</details>This detector checks for instances where a contract uses assembly code to emit events. While it's technically possible to emit events using inline assembly in Solidity, it's generally discouraged due to readability concerns and potential for errors. Events should usually be emitted using higher-level Solidity constructs.
<details> <summary> There are 43 instances of this issue: </summary>Line: 104 emit TokenSent(msg.sender, destinationChain, destinationAddress, symbol, amount)
contracts/cgp/AxelarGateway.sol#L104
Line: 112 emit ContractCall(msg.sender, destinationChain, destinationContractAddress, keccak256(payload), payload)
contracts/cgp/AxelarGateway.sol#L112
Line: 123 emit ContractCallWithToken(msg.sender, destinationChain, destinationContractAddress, keccak256(payload), payload, symbol, amount)
contracts/cgp/AxelarGateway.sol#L123
Line: 682 emit GovernanceTransferred(getAddress(KEY_GOVERNANCE), newGovernance)
contracts/cgp/AxelarGateway.sol#L682
Line: 688 emit MintLimiterTransferred(getAddress(KEY_MINT_LIMITER), newMintLimiter)
contracts/cgp/AxelarGateway.sol#L688
Line: 630 emit TokenMintLimitUpdated(symbol, limit)
contracts/cgp/AxelarGateway.sol#L630
Line: 289 emit Upgraded(newImplementation)
contracts/cgp/AxelarGateway.sol#L289
Line: 319 emit OperatorshipTransferred(newOperatorsData)
contracts/cgp/AxelarGateway.sol#L319
Line: 376 emit Executed(commandId)
contracts/cgp/AxelarGateway.sol#L376
Line: 418 emit TokenDeployed(symbol, tokenAddress)
contracts/cgp/AxelarGateway.sol#L418
Line: 466 emit ContractCallApproved(commandId, sourceChain, sourceAddress, contractAddress, payloadHash, sourceTxHash, sourceEventIndex)
contracts/cgp/AxelarGateway.sol#L466
Line: 482 emit ContractCallApprovedWithMint( commandId, sourceChain, sourceAddress, contractAddress, payloadHash, symbol, amount, sourceTxHash, sourceEventIndex )
contracts/cgp/AxelarGateway.sol#L482-L492
Line: 498 emit OperatorshipTransferred(newOperatorsData)
contracts/cgp/AxelarGateway.sol#L498
Line: 178 emit SignersRotated(newAccounts, newThreshold)
contracts/cgp/auth/MultisigBase.sol#L178
Line: 74 emit MultisigOperationExecuted(topic)
contracts/cgp/auth/MultisigBase.sol#L74
Line: 61 emit MultisigExecuted(proposalHash, target, callData, nativeValue)
contracts/cgp/governance/AxelarServiceGovernance.sol#L61
Line: 99 emit MultisigApproved(proposalHash, target, callData, nativeValue)
contracts/cgp/governance/AxelarServiceGovernance.sol#L99
Line: 89 emit ProposalScheduled(proposalHash, target, callData, nativeValue, eta)
contracts/cgp/governance/AxelarServiceGovernance.sol#L89
Line: 104 emit MultisigCancelled(proposalHash, target, callData, nativeValue)
contracts/cgp/governance/AxelarServiceGovernance.sol#L104
Line: 94 emit ProposalCancelled(proposalHash, target, callData, nativeValue, eta)
contracts/cgp/governance/AxelarServiceGovernance.sol#L94
Line: 78 emit ProposalExecuted(proposalHash, target, callData, nativeValue, block.timestamp)
contracts/cgp/governance/InterchainGovernance.sol#L78
Line: 135 emit ProposalCancelled(proposalHash, target, callData, nativeValue, eta)
contracts/cgp/governance/InterchainGovernance.sol#L135
Line: 130 emit ProposalScheduled(proposalHash, target, callData, nativeValue, eta)
contracts/cgp/governance/InterchainGovernance.sol#L130
Line: 27 emit OwnershipTransferred(newOwner)
contracts/cgp/util/Upgradable.sol#L27
Line: 54 emit Upgraded(newImplementation)
contracts/cgp/util/Upgradable.sol#L54
Line: 33 emit Deployed(keccak256(bytecode), salt, deployedAddress_)
contracts/gmp-sdk/deploy/Create3Deployer.sol#L33
Line: 60 emit Deployed(keccak256(bytecode), salt, deployedAddress_)
contracts/gmp-sdk/deploy/Create3Deployer.sol#L60
Line: 66 emit Upgraded(newImplementation)
contracts/gmp-sdk/upgradable/Upgradable.sol#L66
Line: 66 emit ProposalExecuted(keccak256(abi.encode(sourceChain, sourceAddress, interchainProposalCaller, payload)))
contracts/interchain-governance-executor/InterchainProposalExecutor.sol#L66
Line: 98 emit WhitelistedProposalCallerSet(sourceChain, sourceCaller, whitelisted)
contracts/interchain-governance-executor/InterchainProposalExecutor.sol#L98
Line: 113 emit WhitelistedProposalSenderSet(sourceChain, sourceSender, whitelisted)
contracts/interchain-governance-executor/InterchainProposalExecutor.sol#L113
Line: 819 emit TokenManagerDeployed(tokenId, tokenManagerType, params)
contracts/its/interchain-token-service/InterchainTokenService.sol#L819
Line: 790 emit RemoteStandardizedTokenAndManagerDeploymentInitialized( tokenId, name, symbol, decimals, distributor, operator, destinationChain, gasValue )
contracts/its/interchain-token-service/InterchainTokenService.sol#L790-L799
Line: 351 emit CustomTokenIdClaimed(tokenId, deployer_, salt)
contracts/its/interchain-token-service/InterchainTokenService.sol#L351
Line: 375 emit CustomTokenIdClaimed(tokenId, deployer_, salt)
contracts/its/interchain-token-service/InterchainTokenService.sol#L375
Line: 757 emit RemoteTokenManagerDeploymentInitialized(tokenId, destinationChain, gasValue, tokenManagerType, params)
contracts/its/interchain-token-service/InterchainTokenService.sol#L757
Line: 869 emit StandardizedTokenDeployed(tokenId, name, symbol, decimals, mintAmount, mintTo)
contracts/its/interchain-token-service/InterchainTokenService.sol#L869
Line: 514 emit TokenSent(tokenId, destinationChain, destinationAddress, amount)
contracts/its/interchain-token-service/InterchainTokenService.sol#L514
Line: 522 emit TokenSentWithData(tokenId, destinationChain, destinationAddress, amount, sourceAddress, metadata)
contracts/its/interchain-token-service/InterchainTokenService.sol#L522
Line: 88 emit TrustedAddressAdded(chain, addr)
contracts/its/remote-address-validator/RemoteAddressValidator.sol#L88
Line: 99 emit TrustedAddressRemoved(chain)
contracts/its/remote-address-validator/RemoteAddressValidator.sol#L99
Line: 111 emit GatewaySupportedChainAdded(chainName)
contracts/its/remote-address-validator/RemoteAddressValidator.sol#L111
Line: 124 emit GatewaySupportedChainRemoved(chainName)
contracts/its/remote-address-validator/RemoteAddressValidator.sol#L124
</details>This detector identifies instances where multiple mappings of an address or ID could be combined into a single mapping to a struct. This optimisation not only saves a storage slot for each mapping that is combined, but also makes the contract more efficient in terms of gas usage. Depending on the circumstances and sizes of types, it can avoid a 20000 gas cost (Gsset) per combined mapping. Also, it can make reads and subsequent writes cheaper when a function requires both values and they both fit in the same storage slot. Lastly, if both fields are accessed in the same function, it can save approximately 42 gas per access due to not having to recalculate the key's keccak256 hash and its associated stack operations.
<details> <summary> There are 2 instances of this issue: </summary>Line: 24 mapping(string => mapping(address => bool)) public whitelistedCallers
Consider to combine with <br>- Line: 27 mapping(string => mapping(address => bool)) public whitelistedSenders<br><br><br>
contracts/interchain-governance-executor/InterchainProposalExecutor.sol#L24
Line: 15 mapping(string => bytes32) public remoteAddressHashes
Consider to combine with <br>- Line: 16 mapping(string => string) public remoteAddresses<br>- Line: 19 mapping(string => bool) public supportedByGateway<br><br><br>
contracts/its/remote-address-validator/RemoteAddressValidator.sol#L15
Detects instances where the same contract is deployed multiple times. Such cases might benefit from the clone factory pattern (EIP-1167), which can significantly reduce deployment gas costs.
<details> <summary> There are 1 instances of this issue: </summary>- CreateDeployer is deployed in multiple functions:
File: contracts/gmp-sdk/deploy/Create3.sol
Line: 58 CreateDeployer deployer = new CreateDeployer{ salt: salt }()
File: contracts/gmp-sdk/deploy/Create3.sol
Line: 58 CreateDeployer deployer = new CreateDeployer{ salt: salt }()
File: contracts/gmp-sdk/deploy/Create3.sol
Line: 58 CreateDeployer deployer = new CreateDeployer{ salt: salt }()
File: contracts/gmp-sdk/deploy/Create3.sol
Line: 58 CreateDeployer deployer = new CreateDeployer{ salt: salt }()
contracts/gmp-sdk/deploy/Create3.sol#L58
</details>This detector identifies functions that are guaranteed to revert when called by normal users. Such functions should be marked as payable, given that they will never succeed in processing Ether transactions.
<details> <summary> There are 33 instances of this issue: </summary>Line: 254 function transferGovernance(address newGovernance) external override onlyGovernance
transferGovernance is guaranteed to revert and should be marked payable
contracts/cgp/AxelarGateway.sol#L254-L258
Line: 260 function transferMintLimiter(address newMintLimiter) external override onlyMintLimiter
transferMintLimiter is guaranteed to revert and should be marked payable
contracts/cgp/AxelarGateway.sol#L260-L264
Line: 266 function setTokenMintLimits(string[] calldata symbols, uint256[] calldata limits) external override onlyMintLimiter
setTokenMintLimits is guaranteed to revert and should be marked payable
contracts/cgp/AxelarGateway.sol#L266-L278
Line: 280 function upgrade( address newImplementation, bytes32 newImplementationCodeHash, bytes calldata setupParams ) external override onlyGovernance
upgrade is guaranteed to revert and should be marked payable
contracts/cgp/AxelarGateway.sol#L280-L300
Line: 385 function deployToken(bytes calldata params, bytes32) external onlySelf
deployToken is guaranteed to revert and should be marked payable
contracts/cgp/AxelarGateway.sol#L385-L419
Line: 421 function mintToken(bytes calldata params, bytes32) external onlySelf
mintToken is guaranteed to revert and should be marked payable
contracts/cgp/AxelarGateway.sol#L421-L425
Line: 427 function burnToken(bytes calldata params, bytes32) external onlySelf
burnToken is guaranteed to revert and should be marked payable
contracts/cgp/AxelarGateway.sol#L427-L453
Line: 455 function approveContractCall(bytes calldata params, bytes32 commandId) external onlySelf
approveContractCall is guaranteed to revert and should be marked payable
contracts/cgp/AxelarGateway.sol#L455-L467
Line: 469 function approveContractCallWithMint(bytes calldata params, bytes32 commandId) external onlySelf
approveContractCallWithMint is guaranteed to revert and should be marked payable
contracts/cgp/AxelarGateway.sol#L469-L493
Line: 495 function transferOperatorship(bytes calldata newOperatorsData, bytes32) external onlySelf
transferOperatorship is guaranteed to revert and should be marked payable
contracts/cgp/AxelarGateway.sol#L495-L499
Line: 142 function rotateSigners(address[] memory newAccounts, uint256 newThreshold) external virtual onlySigners
rotateSigners is guaranteed to revert and should be marked payable
contracts/cgp/auth/MultisigBase.sol#L142-L144
Line: 24 function transferOwnership(address newOwner) external virtual onlyOwner
transferOwnership is guaranteed to revert and should be marked payable
contracts/cgp/util/Upgradable.sol#L24-L32
Line: 40 function upgrade( address newImplementation, bytes32 newImplementationCodeHash, bytes calldata params ) external override onlyOwner
upgrade is guaranteed to revert and should be marked payable
contracts/cgp/util/Upgradable.sol#L40-L59
Line: 52 function upgrade( address newImplementation, bytes32 newImplementationCodeHash, bytes calldata params ) external override onlyOwner
upgrade is guaranteed to revert and should be marked payable
contracts/gmp-sdk/upgradable/Upgradable.sol#L52-L71
Line: 78 function setup(bytes calldata data) external override onlyProxy
setup is guaranteed to revert and should be marked payable
contracts/gmp-sdk/upgradable/Upgradable.sol#L78-L80
Line: 92 function setWhitelistedProposalCaller( string calldata sourceChain, address sourceCaller, bool whitelisted ) external override onlyOwner
setWhitelistedProposalCaller is guaranteed to revert and should be marked payable
contracts/interchain-governance-executor/InterchainProposalExecutor.sol#L92-L99
Line: 107 function setWhitelistedProposalSender( string calldata sourceChain, address sourceSender, bool whitelisted ) external override onlyOwner
setWhitelistedProposalSender is guaranteed to revert and should be marked payable
contracts/interchain-governance-executor/InterchainProposalExecutor.sol#L107-L114
Line: 534 function setFlowLimit(bytes32[] calldata tokenIds, uint256[] calldata flowLimits) external onlyOperator
setFlowLimit is guaranteed to revert and should be marked payable
contracts/its/interchain-token-service/InterchainTokenService.sol#L534-L541
Line: 547 function setPaused(bool paused) external onlyOwner
setPaused is guaranteed to revert and should be marked payable
contracts/its/interchain-token-service/InterchainTokenService.sol#L547-L549
Line: 575 function _execute( string calldata sourceChain, string calldata sourceAddress, bytes calldata payload ) internal override onlyRemoteService(sourceChain, sourceAddress) notPaused
_execute is guaranteed to revert and should be marked payable
contracts/its/interchain-token-service/InterchainTokenService.sol#L575-L592
Line: 83 function addTrustedAddress(string memory chain, string memory addr) public onlyOwner
addTrustedAddress is guaranteed to revert and should be marked payable
contracts/its/remote-address-validator/RemoteAddressValidator.sol#L83-L89
Line: 95 function removeTrustedAddress(string calldata chain) external onlyOwner
removeTrustedAddress is guaranteed to revert and should be marked payable
contracts/its/remote-address-validator/RemoteAddressValidator.sol#L95-L100
Line: 106 function addGatewaySupportedChains(string[] calldata chainNames) external onlyOwner
addGatewaySupportedChains is guaranteed to revert and should be marked payable
contracts/its/remote-address-validator/RemoteAddressValidator.sol#L106-L113
Line: 119 function removeGatewaySupportedChains(string[] calldata chainNames) external onlyOwner
removeGatewaySupportedChains is guaranteed to revert and should be marked payable
contracts/its/remote-address-validator/RemoteAddressValidator.sol#L119-L126
Line: 49 function setup(bytes calldata params) external override onlyProxy
setup is guaranteed to revert and should be marked payable
contracts/its/token-implementations/StandardizedToken.sol#L49-L68
Line: 76 function mint(address account, uint256 amount) external onlyDistributor
mint is guaranteed to revert and should be marked payable
contracts/its/token-implementations/StandardizedToken.sol#L76-L78
Line: 86 function burn(address account, uint256 amount) external onlyDistributor
burn is guaranteed to revert and should be marked payable
contracts/its/token-implementations/StandardizedToken.sol#L86-L88
Line: 61 function setup(bytes calldata params) external override onlyProxy
setup is guaranteed to revert and should be marked payable
contracts/its/token-manager/TokenManager.sol#L61-L75
Line: 161 function giveToken(address destinationAddress, uint256 amount) external onlyService returns (uint256)
giveToken is guaranteed to revert and should be marked payable
contracts/its/token-manager/TokenManager.sol#L161-L165
Line: 171 function setFlowLimit(uint256 flowLimit) external onlyOperator
setFlowLimit is guaranteed to revert and should be marked payable
contracts/its/token-manager/TokenManager.sol#L171-L173
Line: 67 function setLiquidityPool(address newLiquidityPool) external onlyOperator
setLiquidityPool is guaranteed to revert and should be marked payable
contracts/its/token-manager/implementations/TokenManagerLiquidityPool.sol#L67-L69
Line: 51 function setDistributor(address distr) external onlyDistributor
setDistributor is guaranteed to revert and should be marked payable
contracts/its/utils/Distributable.sol#L51-L53
Line: 51 function setOperator(address operator_) external onlyOperator
setOperator is guaranteed to revert and should be marked payable
contracts/its/utils/Operatable.sol#L51-L53
Block.timestamp and block.number are added to event information by default so adding them manually wastes gas.
<details> <summary> There are 1 instances of this issue: </summary>Line: 20 event ProposalExecuted(bytes32 indexed proposalHash, address indexed target, bytes callData, uint256 value, uint256 indexed timestamp);
The event ProposalExecuted in the contract IInterchainGovernance includes the field timestamp which is superfluous:
contracts/cgp/interfaces/IInterchainGovernance.sol#L20
Detects optimal variable order in contract storage layouts to decrease the number of storage slots used. Each storage slot used can cost at least 5,000 gas for each write operation, and potentially up to 20,000 gas if you're turning a zero value into a non-zero value. Hence, optimizing storage usage can result in significant gas savings. The real-world savings could vary depending on your contract's specific logic and the state of the Ethereum network.
<details> <summary> There are 1 instances of this issue: </summary>Line: 19 abstract contract StandardizedToken is InterchainToken, ERC20Permit, Implementation, Distributable
original variable order (count: 5 slots)
optimized variable order (count: 4 slots)
Recomended optimizations will use 2 less slots.
contracts/its/token-implementations/StandardizedToken.sol#L19-L89
</details>When passing function parameters, using the calldata area instead of memory can improve gas efficiency. Calldata is a read-only area where function arguments and external function calls' parameters are stored.
By using calldata for function parameters, you avoid unnecessary gas costs associated with copying data from calldata to memory. This is particularly beneficial when the parameter is read-only and doesn't require modification within the contract.
Using calldata for function parameters can help optimize gas usage, especially when making external function calls or when the parameter values are provided externally and don't need to be stored persistently within the contract.
Line: 35 address[] memory accounts
should be declared as calldata instead
contracts/cgp/auth/MultisigBase.sol#L35
Line: 142 address[] memory newAccounts
should be declared as calldata instead
contracts/cgp/auth/MultisigBase.sol#L142
Line: 149 address[] memory newAccounts
should be declared as calldata instead
contracts/cgp/auth/MultisigBase.sol#L149
Line: 73 address[] memory newAccounts
should be declared as calldata instead
contracts/cgp/interfaces/IMultisigBase.sol#L73
Line: 73 InterchainCalls.Call[] memory calls
should be declared as calldata instead
contracts/interchain-governance-executor/InterchainProposalExecutor.sol#L73
Line: 157 InterchainCalls.Call memory
should be declared as calldata instead
contracts/interchain-governance-executor/InterchainProposalExecutor.sol#L157
Line: 88 InterchainCalls.InterchainCall memory interchainCall
should be declared as calldata instead
contracts/interchain-governance-executor/InterchainProposalSender.sol#L88
Line: 15 InterchainCalls.InterchainCall[] memory calls
should be declared as calldata instead
contracts/interchain-governance-executor/interfaces/IInterchainProposalSender.sol#L15
Line: 89 address[] memory tokenManagerImplementations
should be declared as calldata instead
contracts/its/interchain-token-service/InterchainTokenService.sol#L89
Line: 559 address[] memory implementaions
should be declared as calldata instead
contracts/its/interchain-token-service/InterchainTokenService.sol#L559
</details>This detector flags functions that use revert()/require() strings, which are less gas efficient than custom errors. Custom errors, available from Solidity version 0.8.4, save approximately 50 gas each time they're used by avoiding the need to allocate and store the revert string.
<details> <summary> There are 1 instances of this issue: </summary>Line: 28 revert(string(result))
use custom error instead
contracts/its/utils/Multicall.sol#L28
</details>Named return variables allow for clear and explicit naming of values to be returned from a function. However, when these variables are unused, it can lead to confusion and make the code less maintainable.
<details> <summary> There are 2 instances of this issue: </summary>Line: 223 function getImplementation(uint256 tokenManagerType) external view returns (address tokenManagerAddress)
there is not use of this variables: @ tokenManagerAddress
contracts/its/interchain-token-service/InterchainTokenService.sol#L223-L233
Line: 827 function _getStandardizedTokenSalt(bytes32 tokenId) internal pure returns (bytes32 salt)
there is not use of this variables: @ salt
contracts/its/interchain-token-service/InterchainTokenService.sol#L827-L829
</details>Detects instances where keccak256 is being called on the same string literal multiple times. It should be called once and the result should be saved to an immutable variable. If the hash is being used as a part of a function selector, the cast to bytes4 should also only be done once.
<details> <summary> There are 3 instances of this issue: </summary>Line: 71 bytes32 private constant CONTRACT_ID = keccak256('interchain-token-service')
File: contracts/its/proxies/InterchainTokenServiceProxy.sol
Line: 12 bytes32 private constant CONTRACT_ID = keccak256('interchain-token-service')
contracts/its/interchain-token-service/InterchainTokenService.sol#L71
Line: 12 bytes32 private constant CONTRACT_ID = keccak256('remote-address-validator')
File: contracts/its/remote-address-validator/RemoteAddressValidator.sol
Line: 21 bytes32 private constant CONTRACT_ID = keccak256('remote-address-validator')
contracts/its/proxies/RemoteAddressValidatorProxy.sol#L12
Line: 14 bytes32 private constant CONTRACT_ID = keccak256('standardized-token')
File: contracts/its/token-implementations/StandardizedToken.sol
Line: 27 bytes32 private constant CONTRACT_ID = keccak256('standardized-token')
contracts/its/proxies/StandardizedTokenProxy.sol#L14
</details>This detector identifies instances of repeated external calls within loops. By moving the first external call outside of the loop and using low-level calls inside the loop, it is possible to save gas by avoiding repeated EXTCODESIZE opcodes, as there is no need to check again if the contract exists.
Note: This detector only triggers if the function call does not return any value.
Prior to 0.8.10, the compiler inserted extra code, including EXTCODESIZE (100 gas), to check for contract existence for external function calls. In more recent Solidity versions the compiler will not insert these checks if the external call has a return value. Similar behavior can be achieved in earlier versions by using low-level calls, since low-level calls never check for contract existence.
<details> <summary> There are 1 instances of this issue: </summary>Line: 539 tokenManager.setFlowLimit(flowLimits[i])
contracts/its/interchain-token-service/InterchainTokenService.sol#L539
</details>This detector scans for instances where a variable is casted to its own type. This is unnecessary and can be safely removed to improve code readability.
<details> <summary> There are 11 instances of this issue: </summary>Line: 409 tokenAddress.code.length == uint256(0)
Unnecessary cast: uint256(0) it cast to the same type.<br>
contracts/cgp/AxelarGateway.sol#L409
Line: 446 !success || (returnData.length != uint256(0) && !abi.decode(returnData, (bool)))
Unnecessary cast: uint256(0) it cast to the same type.<br>
contracts/cgp/AxelarGateway.sol#L446
Line: 79 commandId > uint256(type(ServiceGovernanceCommand).max)
Unnecessary cast: uint256(type(ServiceGovernanceCommand).max) it cast to the same type.<br>
contracts/cgp/governance/AxelarServiceGovernance.sol#L79
Line: 120 commandId > uint256(type(GovernanceCommand).max)
Unnecessary cast: uint256(type(GovernanceCommand).max) it cast to the same type.<br>
contracts/cgp/governance/InterchainGovernance.sol#L120
Line: 104 tokenManagerImplementations.length != uint256(type(TokenManagerType).max) + 1
Unnecessary cast: uint256(type(TokenManagerType).max) it cast to the same type.<br>
contracts/its/interchain-token-service/InterchainTokenService.sol#L104
Line: 85 return IERC20(token).balanceOf(liquidityPool_) - balance
Unnecessary cast: IERC20(token) it cast to the same type.<br>
contracts/its/token-manager/implementations/TokenManagerLiquidityPool.sol#L85
Line: 96 uint256 balance = IERC20(token).balanceOf(to)
Unnecessary cast: IERC20(token) it cast to the same type.<br>
contracts/its/token-manager/implementations/TokenManagerLiquidityPool.sol#L96
Line: 100 return IERC20(token).balanceOf(to) - balance
Unnecessary cast: IERC20(token) it cast to the same type.<br>
contracts/its/token-manager/implementations/TokenManagerLiquidityPool.sol#L100
Line: 51 return IERC20(token).balanceOf(address(this)) - balance
Unnecessary cast: IERC20(token) it cast to the same type.<br>
contracts/its/token-manager/implementations/TokenManagerLockUnlock.sol#L51
Line: 62 uint256 balance = IERC20(token).balanceOf(to)
Unnecessary cast: IERC20(token) it cast to the same type.<br>
contracts/its/token-manager/implementations/TokenManagerLockUnlock.sol#L62
Line: 66 return IERC20(token).balanceOf(to) - balance
Unnecessary cast: IERC20(token) it cast to the same type.<br>
contracts/its/token-manager/implementations/TokenManagerLockUnlock.sol#L66
External calls that return data should be replaced with low-level calls, to skip the unnecessary contract existence check and save gas. Saves at least 103 gas by skipping the EXTCODESIZE and ISZERO opcodes.
Line: 547 IBurnableMintableCappedERC20(tokenAddress).depositAddress(bytes32(0))
should use a low-level call
contracts/cgp/AxelarGateway.sol#L547
Line: 287 AxelarGateway(newImplementation).contractId()
should use a low-level call
contracts/cgp/AxelarGateway.sol#L287
Line: 329 IAxelarAuth(AUTH_MODULE).validateProof(messageHash, proof)
should use a low-level call
contracts/cgp/AxelarGateway.sol#L329
Line: 443 IERC20(tokenAddress).balanceOf(address(depositHandler))
should use a low-level call
contracts/cgp/AxelarGateway.sol#L443
Line: 441 depositHandler.execute( tokenAddress, abi.encodeWithSelector(IERC20.transfer.selector, address(this), IERC20(tokenAddress).balanceOf(address(depositHandler))) )
should use a low-level call
contracts/cgp/AxelarGateway.sol#L441-L444
Line: 45 IUpgradable(newImplementation).contractId()
should use a low-level call
contracts/cgp/util/Upgradable.sol#L45
Line: 45 IUpgradable(this).contractId()
should use a low-level call
contracts/cgp/util/Upgradable.sol#L45
Line: 50 IUpgradable(implementationAddress).contractId()
should use a low-level call
contracts/gmp-sdk/upgradable/InitProxy.sol#L50
Line: 33 IUpgradable(implementationAddress).contractId()
should use a low-level call
contracts/gmp-sdk/upgradable/Proxy.sol#L33
Line: 57 IUpgradable(this).contractId()
should use a low-level call
contracts/gmp-sdk/upgradable/Upgradable.sol#L57
Line: 57 IUpgradable(newImplementation).contractId()
should use a low-level call
contracts/gmp-sdk/upgradable/Upgradable.sol#L57
Line: 566 ITokenManager(implementation).implementationType()
should use a low-level call
contracts/its/interchain-token-service/InterchainTokenService.sol#L566
Line: 102 ITokenManagerDeployer(tokenManagerDeployer_).deployer()
should use a low-level call
contracts/its/interchain-token-service/InterchainTokenService.sol#L102
Line: 162 deployer.deployedAddress(address(this), tokenId)
should use a low-level call
contracts/its/interchain-token-service/InterchainTokenService.sol#L162
Line: 172 ITokenManagerProxy(tokenManagerAddress).tokenId()
should use a low-level call
contracts/its/interchain-token-service/InterchainTokenService.sol#L172
Line: 182 ITokenManager(tokenManagerAddress).tokenAddress()
should use a low-level call
contracts/its/interchain-token-service/InterchainTokenService.sol#L182
Line: 193 deployer.deployedAddress(address(this), tokenId)
should use a low-level call
contracts/its/interchain-token-service/InterchainTokenService.sol#L193
Line: 277 tokenManager.getFlowLimit()
should use a low-level call
contracts/its/interchain-token-service/InterchainTokenService.sol#L277
Line: 287 tokenManager.getFlowOutAmount()
should use a low-level call
contracts/its/interchain-token-service/InterchainTokenService.sol#L287
Line: 297 tokenManager.getFlowInAmount()
should use a low-level call
contracts/its/interchain-token-service/InterchainTokenService.sol#L297
Line: 736 token.symbol()
should use a low-level call
contracts/its/interchain-token-service/InterchainTokenService.sol#L736
Line: 311 gateway.tokenAddresses(tokenSymbol)
should use a low-level call
contracts/its/interchain-token-service/InterchainTokenService.sol#L311
Line: 737 token.decimals()
should use a low-level call
contracts/its/interchain-token-service/InterchainTokenService.sol#L737
Line: 735 token.name()
should use a low-level call
contracts/its/interchain-token-service/InterchainTokenService.sol#L735
Line: 713 remoteAddressValidator.getRemoteAddress(destinationChain)
should use a low-level call
contracts/its/interchain-token-service/InterchainTokenService.sol#L713
Line: 331 ITokenManager(tokenAddress).tokenAddress()
should use a low-level call
contracts/its/interchain-token-service/InterchainTokenService.sol#L331
Line: 445 gateway.isCommandExecuted(commandId)
should use a low-level call
contracts/its/interchain-token-service/InterchainTokenService.sol#L445
Line: 449 tokenManager.tokenAddress()
should use a low-level call
contracts/its/interchain-token-service/InterchainTokenService.sol#L449
Line: 480 tokenManager.tokenAddress()
should use a low-level call
contracts/its/interchain-token-service/InterchainTokenService.sol#L480
Line: 476 gateway.isCommandExecuted(commandId)
should use a low-level call
contracts/its/interchain-token-service/InterchainTokenService.sol#L476
Line: 610 tokenManager.giveToken(destinationAddress, amount)
should use a low-level call
contracts/its/interchain-token-service/InterchainTokenService.sol#L610
Line: 124 remoteAddressValidator.validateSender(sourceChain, sourceAddress)
should use a low-level call
contracts/its/interchain-token-service/InterchainTokenService.sol#L124
Line: 653 tokenManager.giveToken(expressCaller, amount)
should use a low-level call
contracts/its/interchain-token-service/InterchainTokenService.sol#L653
Line: 613 tokenManager.giveToken(expressCaller, amount)
should use a low-level call
contracts/its/interchain-token-service/InterchainTokenService.sol#L613
Line: 657 tokenManager.giveToken(destinationAddress, amount)
should use a low-level call
contracts/its/interchain-token-service/InterchainTokenService.sol#L657
Line: 22 IStandardizedToken(implementationAddress).contractId()
should use a low-level call
contracts/its/proxies/StandardizedTokenProxy.sol#L22
Line: 59 interchainTokenServiceAddress_.getImplementation(implementationType_)
should use a low-level call
contracts/its/proxies/TokenManagerProxy.sol#L59
Line: 205 ITokenManagerProxy(address(this)).tokenId()
should use a low-level call
contracts/its/token-manager/TokenManager.sol#L205
Line: 80 token.balanceOf(liquidityPool_)
should use a low-level call
contracts/its/token-manager/implementations/TokenManagerLiquidityPool.sol#L80
Line: 85 IERC20(token).balanceOf(liquidityPool_)
should use a low-level call
contracts/its/token-manager/implementations/TokenManagerLiquidityPool.sol#L85
Line: 96 IERC20(token).balanceOf(to)
should use a low-level call
contracts/its/token-manager/implementations/TokenManagerLiquidityPool.sol#L96
Line: 100 IERC20(token).balanceOf(to)
should use a low-level call
contracts/its/token-manager/implementations/TokenManagerLiquidityPool.sol#L100
Line: 46 token.balanceOf(address(this))
should use a low-level call
contracts/its/token-manager/implementations/TokenManagerLockUnlock.sol#L46
Line: 51 IERC20(token).balanceOf(address(this))
should use a low-level call
contracts/its/token-manager/implementations/TokenManagerLockUnlock.sol#L51
Line: 62 IERC20(token).balanceOf(to)
should use a low-level call
contracts/its/token-manager/implementations/TokenManagerLockUnlock.sol#L62
Line: 66 IERC20(token).balanceOf(to)
should use a low-level call
contracts/its/token-manager/implementations/TokenManagerLockUnlock.sol#L66
Line: 40 deployer.deploy(bytecode, tokenId)
should use a low-level call
</details>#0 - c4-judge
2023-09-04T19:33:35Z
berndartmueller marked the issue as grade-b