This report was generated by Aderyn, a static analysis tool built by Cyfrin, a blockchain security company. This report is not a substitute for manual audit or security review. It should not be relied upon for any purpose other than to assist in the identification of potential security vulnerabilities.
- Summary
- Low Issues
- L-1: Centralization Risk for trusted owners
- L-2: Unsafe ERC20 Operations should not be used
- L-3:
publicfunctions not used internally could be markedexternal - L-4: Define and use
constantvariables instead of using literals - L-5: Event is missing
indexedfields - L-6: Large literal values multiples of 10000 can be replaced with scientific notation
| Key | Value |
|---|---|
| .sol Files | 1 |
| Total nSLOC | 313 |
| Filepath | nSLOC |
|---|---|
| src/AMM.sol | 313 |
| Total | 313 |
| Category | No. of Issues |
|---|---|
| High | 0 |
| Low | 6 |
Contracts have owners with privileged rights to perform admin tasks and need to be trusted to not perform malicious updates or drain funds.
6 Found Instances
-
Found in src/AMM.sol Line: 15
```solidity contract AMM is ReentrancyGuard, Pausable, Ownable { ``` -
Found in src/AMM.sol Line: 106
```solidity function setSwapFee(uint256 _swapFee) external onlyOwner { ``` -
Found in src/AMM.sol Line: 157
```solidity function getAccumulatedFees() external view onlyOwner returns (uint256) { ``` -
Found in src/AMM.sol Line: 161
```solidity function withdrawFees() external onlyOwner { ``` -
Found in src/AMM.sol Line: 399
```solidity function pause() external onlyOwner { ``` -
Found in src/AMM.sol Line: 403
```solidity function unpause() external onlyOwner { ```
ERC20 functions may not behave as expected. For example: return values are not always meaningful. It is recommended to use OpenZeppelin's SafeERC20 library.
3 Found Instances
-
Found in src/AMM.sol Line: 114
```solidity bool success = weth.transfer(msg.sender, msg.value); ``` -
Found in src/AMM.sol Line: 119
```solidity require(weth.transferFrom(msg.sender, address(this), amount), "Transfer failed"); ``` -
Found in src/AMM.sol Line: 121
```solidity payable(msg.sender).transfer(amount); ```
Instead of marking a function as public, consider marking it as external if it is not used internally.
6 Found Instances
-
Found in src/AMM.sol Line: 87
```solidity function increaseAllowance(address spender, uint256 addedValue) public returns (bool) { ``` -
Found in src/AMM.sol Line: 92
```solidity function decreaseAllowance(address spender, uint256 subtractedValue) public returns (bool) { ``` -
Found in src/AMM.sol Line: 152
```solidity function getBalance(uint256 _pairId, address _account) public view returns (uint256) { ``` -
Found in src/AMM.sol Line: 217
```solidity function getReserve0(uint256 pairId) public view returns (uint256) { ``` -
Found in src/AMM.sol Line: 221
```solidity function getReserve1(uint256 pairId) public view returns (uint256) { ``` -
Found in src/AMM.sol Line: 225
```solidity function getTotalSupply(uint256 pairId) public view returns (uint256) { ```
If the same constant literal value is used multiple times, create a constant state variable and reference it throughout the contract.
4 Found Instances
-
Found in src/AMM.sol Line: 347
```solidity protocolFee: (_amountIn * swapFee) / 10000 ``` -
Found in src/AMM.sol Line: 352
```solidity uint256 numerator = swapInfo.amountIn * (10000 - swapInfo.protocolFee) * swapInfo.reserveOut; ``` -
Found in src/AMM.sol Line: 353
```solidity uint256 denominator = (swapInfo.reserveIn * 10000) + (swapInfo.amountIn * (10000 - swapInfo.protocolFee)); ```
Index event fields make the field more quickly accessible to off-chain tools that parse events. However, note that each index field costs extra gas during emission, so it's not necessarily best to index the maximum allowed per event (three fields). Each event should use three indexed fields if there are three or more fields, and gas usage is not particularly of concern for the events in question. If there are fewer than three fields, all of the fields should be indexed.
7 Found Instances
-
Found in src/AMM.sol Line: 68
```solidity event PairCreated(address indexed token0, address indexed token1, uint256 pairId); ``` -
Found in src/AMM.sol Line: 69
```solidity event LiquidityAdded(uint256 indexed pairId, address indexed provider, uint256 amount0, uint256 amount1, uint256 shares); ``` -
Found in src/AMM.sol Line: 70
```solidity event LiquidityRemoved(uint256 indexed pairId, address indexed provider, uint256 amount0, uint256 amount1, uint256 shares); ``` -
Found in src/AMM.sol Line: 71
```solidity event Swap(uint256 indexed pairId, address indexed user, address tokenIn, uint256 amountIn, uint256 amountOut); ``` -
Found in src/AMM.sol Line: 72
```solidity event FeesWithdrawn(address indexed owner, uint256 amount); ``` -
Found in src/AMM.sol Line: 73
```solidity event SwapFeeUpdated(uint256 newFee); ``` -
Found in src/AMM.sol Line: 74
```solidity event Approval(address indexed owner, address indexed spender, uint256 value); ```
Use e notation, for example: 1e18, instead of its full numeric value.
4 Found Instances
-
Found in src/AMM.sol Line: 347
```solidity protocolFee: (_amountIn * swapFee) / 10000 ``` -
Found in src/AMM.sol Line: 352
```solidity uint256 numerator = swapInfo.amountIn * (10000 - swapInfo.protocolFee) * swapInfo.reserveOut; ``` -
Found in src/AMM.sol Line: 353
```solidity uint256 denominator = (swapInfo.reserveIn * 10000) + (swapInfo.amountIn * (10000 - swapInfo.protocolFee)); ```