-
Notifications
You must be signed in to change notification settings - Fork 18
tmp slither post audit
slither ./ --checklist --markdown-root ./ --exclude-dependencies
'npx hardhat compile --force' running Generating typings for: 73 artifacts in dir: src/types for target: ethers-v5 Successfully generated 200 typings! Compiled 69 Solidity files successfully
Solidity 0.8.13 is not fully supported yet. You can still use Hardhat, but some features, like stack traces, might not work correctly.
Summary
- arbitrary-send (1 results) (High)
- controlled-delegatecall (2 results) (High)
- name-reused (3 results) (High)
- shadowing-state (1 results) (High)
- divide-before-multiply (8 results) (Medium)
- incorrect-equality (4 results) (Medium)
- locked-ether (2 results) (Medium)
- reentrancy-no-eth (1 results) (Medium)
- uninitialized-local (1 results) (Medium)
- unused-return (1 results) (Medium)
- shadowing-local (1 results) (Low)
- missing-zero-check (11 results) (Low)
- calls-loop (5 results) (Low)
- variable-scope (1 results) (Low)
- reentrancy-benign (4 results) (Low)
- reentrancy-events (9 results) (Low)
- timestamp (9 results) (Low)
- assembly (27 results) (Informational)
- pragma (1 results) (Informational)
- solc-version (70 results) (Informational)
- low-level-calls (13 results) (Informational)
- missing-inheritance (1 results) (Informational)
- naming-convention (65 results) (Informational)
- redundant-statements (2 results) (Informational)
- reentrancy-unlimited-gas (2 results) (Informational)
- too-many-digits (7 results) (Informational)
- unimplemented-functions (2 results) (Informational)
- unused-state (14 results) (Informational)
- constable-states (8 results) (Optimization)
- external-function (43 results) (Optimization)
Impact: High Confidence: Medium
- ID-0 GnosisSafe.handlePayment(uint256,uint256,uint256,address,address) sends eth to arbitrary user Dangerous calls:
./node_modules/@gnosis.pm/safe-contracts/contracts/GnosisSafe.sol#L196-L213
Impact: High Confidence: Medium
- ID-1 TestAvatar.execTransactionFromModule(address,uint256,bytes,uint8) uses delegatecall to a input-controlled function id
./contracts/mock/TestAvatar.sol#L32-L41
- ID-2 TestAvatar.execTransactionFromModuleReturnData(address,uint256,bytes,uint8) uses delegatecall to a input-controlled function id
./contracts/mock/TestAvatar.sol#L43-L52
Impact: High Confidence: High
./node_modules/@gnosis.pm/safe-contracts/contracts/interfaces/IERC165.sol#L5-L15
- ID-4 Initializable is re-used:
./node_modules/@openzeppelin/contracts-upgradeable/proxy/utils/Initializable.sol#L57-L138
./node_modules/@openzeppelin/contracts/token/ERC20/IERC20.sol#L9-L82
Impact: High Confidence: High
- ID-6 BaalVotes._nonces shadows:
./contracts/utils/BaalVotes.sol#L31
Impact: Medium Confidence: Medium
- ID-7 Math.mulDiv(uint256,uint256,uint256) performs a multiplication on the result of a division: -denominator = denominator / twos -inverse = (3 * denominator) ^ 2
./node_modules/@openzeppelin/contracts/utils/math/Math.sol#L55-L135
- ID-8 Math.mulDiv(uint256,uint256,uint256) performs a multiplication on the result of a division: -denominator = denominator / twos -inverse *= 2 - denominator * inverse
./node_modules/@openzeppelin/contracts/utils/math/Math.sol#L55-L135
- ID-9 Math.mulDiv(uint256,uint256,uint256) performs a multiplication on the result of a division: -denominator = denominator / twos -inverse *= 2 - denominator * inverse
./node_modules/@openzeppelin/contracts/utils/math/Math.sol#L55-L135
- ID-10 Math.mulDiv(uint256,uint256,uint256) performs a multiplication on the result of a division: -denominator = denominator / twos -inverse *= 2 - denominator * inverse
./node_modules/@openzeppelin/contracts/utils/math/Math.sol#L55-L135
- ID-11 Math.mulDiv(uint256,uint256,uint256) performs a multiplication on the result of a division: -denominator = denominator / twos -inverse *= 2 - denominator * inverse
./node_modules/@openzeppelin/contracts/utils/math/Math.sol#L55-L135
- ID-12 Math.mulDiv(uint256,uint256,uint256) performs a multiplication on the result of a division: -denominator = denominator / twos -inverse *= 2 - denominator * inverse
./node_modules/@openzeppelin/contracts/utils/math/Math.sol#L55-L135
- ID-13 Math.mulDiv(uint256,uint256,uint256) performs a multiplication on the result of a division: -denominator = denominator / twos -inverse *= 2 - denominator * inverse
./node_modules/@openzeppelin/contracts/utils/math/Math.sol#L55-L135
- ID-14 Math.mulDiv(uint256,uint256,uint256) performs a multiplication on the result of a division: -prod0 = prod0 / twos -result = prod0 * inverse
./node_modules/@openzeppelin/contracts/utils/math/Math.sol#L55-L135
Impact: Medium Confidence: High
- ID-15 BaalVotes._writeCheckpoint(address,uint256,uint256,uint256) uses a dangerous strict equality:
./contracts/utils/BaalVotes.sol#L163-L188
- ID-16 Baal.state(uint32) uses a dangerous strict equality:
./contracts/Baal.sol#L858-L892
- ID-17 Baal._safeTransfer(address,address,uint256) uses a dangerous strict equality:
./contracts/Baal.sol#L977-L992
- ID-18 Baal.state(uint32) uses a dangerous strict equality:
./contracts/Baal.sol#L858-L892
Impact: Medium Confidence: High
- ID-19
Contract locking ether found:
Contract MultiSend has payable functions:
- MultiSend.multiSend(bytes) But does not have a function to withdraw the ether
./node_modules/@gnosis.pm/safe-contracts/contracts/libraries/MultiSend.sol#L9-L66
- ID-20
Contract locking ether found:
Contract GnosisSafeProxy has payable functions:
- GnosisSafeProxy.fallback() But does not have a function to withdraw the ether
./node_modules/@gnosis.pm/safe-contracts/contracts/proxies/GnosisSafeProxy.sol#L13-L44
Impact: Medium Confidence: Medium
- ID-21 Reentrancy in Baal.processProposal(uint32,bytes): External calls:
./contracts/Baal.sol#L489-L547
Impact: Medium Confidence: Medium
- ID-22 Baal._ragequit(address,uint256,uint256,address[]).i is a local variable never initialized
./contracts/Baal.sol#L643
Impact: Medium Confidence: Medium
- ID-23 TributeMinion.submitTributeProposal(Baal,address,uint256,uint256,uint256,uint32,string) ignores return value by baal.submitProposal(encodedProposal,expiration,0,details)
./contracts/tools/TributeMinion.sol#L96-L123
Impact: Low Confidence: High
- ID-24
ERC20Permit.constructor(string).name shadows:
- ERC20.name() (function)
- IERC20Metadata.name() (function)
./node_modules/@openzeppelin/contracts/token/ERC20/extensions/draft-ERC20Permit.sol#L44
Impact: Low Confidence: Medium
- ID-25 TestAvatar.execTransactionFromModule(address,uint256,bytes,uint8).to lacks a zero-check on : - (success,None) = to.delegatecall(data) - (success,None) = to.call{value: value}(data)
./contracts/mock/TestAvatar.sol#L33
- ID-26 TestAvatar.execTransactionFromModuleReturnData(address,uint256,bytes,uint8).to lacks a zero-check on : - (success,None) = to.delegatecall(data) - (success,returnData) = to.call{value: value}(data)
./contracts/mock/TestAvatar.sol#L44
- ID-27 TestAvatar.enableModule(address)._module lacks a zero-check on : - module = _module
./contracts/mock/TestAvatar.sol#L16
- ID-28 Baal.setUp(bytes)._multisendLibrary lacks a zero-check on : - multisendLibrary = _multisendLibrary
./contracts/Baal.sol#L251
- ID-29 BaalSummoner.constructor(address,address,address,address,address,address,address,address)._gnosisMultisendLibrary lacks a zero-check on : - gnosisMultisendLibrary = _gnosisMultisendLibrary
./contracts/BaalSummoner.sol#L44
- ID-30 Baal.setUp(bytes)._avatar lacks a zero-check on : - avatar = _avatar - target = _avatar
./contracts/Baal.sol#L252
- ID-31 Module.setAvatar(address)._avatar lacks a zero-check on : - avatar = _avatar
./node_modules/@gnosis.pm/zodiac/contracts/core/Module.sol#L23
- ID-32 Module.setTarget(address)._target lacks a zero-check on : - target = _target
./node_modules/@gnosis.pm/zodiac/contracts/core/Module.sol#L31
- ID-33 Baal.executeAsBaal(address,uint256,bytes)._to lacks a zero-check on : - (success) = _to.call{value: _value}(_data)
./contracts/Baal.sol#L588
- ID-34 BaalSummoner.constructor(address,address,address,address,address,address,address,address)._template lacks a zero-check on : - template = _template
./contracts/BaalSummoner.sol#L41
- ID-35 BaalSummoner.constructor(address,address,address,address,address,address,address,address)._gnosisFallbackLibrary lacks a zero-check on : - gnosisFallbackLibrary = _gnosisFallbackLibrary
./contracts/BaalSummoner.sol#L43
Impact: Low Confidence: Medium
- ID-36 Baal._burnLoot(address,uint256) has external calls inside a loop: lootToken.burn(from,loot)
./contracts/Baal.sol#L814-L816
- ID-37 Baal._mintLoot(address,uint256) has external calls inside a loop: lootToken.mint(to,loot)
./contracts/Baal.sol#L794-L796
- ID-38 GnosisSafe.checkNSignatures(bytes32,bytes,bytes,uint256) has external calls inside a loop: require(bool,string)(ISignatureValidator(currentOwner).isValidSignature(data,contractSignature) == EIP1271_MAGIC_VALUE,GS024)
./node_modules/@gnosis.pm/safe-contracts/contracts/GnosisSafe.sol#L240-L304
- ID-39 Baal._mintShares(address,uint256) has external calls inside a loop: sharesToken.mint(to,shares)
./contracts/Baal.sol#L754-L756
- ID-40 Baal._burnShares(address,uint256) has external calls inside a loop: sharesToken.burn(from,shares)
./contracts/Baal.sol#L774-L776
Impact: Low Confidence: High
- ID-41 Variable 'ECDSA.tryRecover(bytes32,bytes).r' in ECDSA.tryRecover(bytes32,bytes) potentially used before declaration: r = mload(uint256)(signature + 0x20)
./node_modules/@openzeppelin/contracts/utils/cryptography/ECDSA.sol#L62
Impact: Low Confidence: Medium
- ID-42 Reentrancy in Baal.setUp(bytes): External calls:
./contracts/Baal.sol#L241-L310
- ID-43
Reentrancy in Baal.submitProposal(bytes,uint32,uint256,string):
External calls:
- (_success) = target.call{value: msg.value}() State variables written after the call(s):
- latestSponsoredProposalId = proposalCount
- proposalCount ++
- proposals[proposalCount] = Proposal(proposalCount,latestSponsoredProposalId,uint32(block.timestamp),uint32(block.timestamp) + votingPeriod,uint32(block.timestamp) + votingPeriod + gracePeriod,expiration,baalGas,0,0,0,(false,false,false,false),msg.sender,proposalDataHash,details)
- proposals[proposalCount] = Proposal(proposalCount,0,0,0,0,expiration,baalGas,0,0,0,(false,false,false,false),address(0),proposalDataHash,details)
./contracts/Baal.sol#L319-L381
- ID-44
Reentrancy in Baal.setUp(bytes):
External calls:
- lootToken.setUp(string(abi.encodePacked(_name, LOOT)),string(abi.encodePacked(_symbol,-LOOT)))
- sharesToken.setUp(_name,_symbol) State variables written after the call(s):
- multisendLibrary = _multisendLibrary
./contracts/Baal.sol#L241-L310
- ID-45
Reentrancy in Baal.setUp(bytes):
External calls:
- lootToken.setUp(string(abi.encodePacked(_name, LOOT)),string(abi.encodePacked(_symbol,-LOOT))) State variables written after the call(s):
- sharesToken = IBaalToken(Clones.clone(_sharesSingleton))
./contracts/Baal.sol#L241-L310
Impact: Low Confidence: Medium
- ID-46 Reentrancy in BaalSummoner.summonBaal(bytes,bytes[],uint256): External calls:
./contracts/BaalSummoner.sol#L87-L128
- ID-47
Reentrancy in TributeMinion.submitTributeProposal(Baal,address,uint256,uint256,uint256,uint32,string):
External calls:
- baal.submitProposal(encodedProposal,expiration,0,details) Event emitted after the call(s):
- TributeProposal(address(baal),token,amount,msg.sender,proposalId)
./contracts/tools/TributeMinion.sol#L96-L123
- ID-48
Reentrancy in Baal.setUp(bytes):
External calls:
- lootToken.setUp(string(abi.encodePacked(_name, LOOT)),string(abi.encodePacked(_symbol,-LOOT)))
- sharesToken.setUp(_name,_symbol)
- require(bool,string)(exec(multisendLibrary,0,_initializationMultisendData,Enum.Operation.DelegateCall),call failure)
- SetupComplete(lootPaused,sharesPaused,gracePeriod,votingPeriod,proposalOffering,quorumPercent,sponsorThreshold,minRetentionPercent,_name,_symbol,totalShares(),totalLoot())
./contracts/Baal.sol#L241-L310
- ID-49
Reentrancy in ModuleProxyFactory.deployModule(address,bytes,uint256):
External calls:
- (success) = proxy.call(initializer) Event emitted after the call(s):
- ModuleProxyCreation(proxy,masterCopy)
./node_modules/@gnosis.pm/zodiac/contracts/factory/ModuleProxyFactory.sol#L36-L49
- ID-50 Reentrancy in BaalSummoner.summonBaalAndSafe(bytes,bytes[],uint256): External calls:
./contracts/BaalSummoner.sol#L180-L223
- ID-51
Reentrancy in GnosisSafe.execTransaction(address,uint256,bytes,Enum.Operation,uint256,uint256,uint256,address,address,bytes):
External calls:
- Guard(guard).checkTransaction(to,value,data,operation,safeTxGas,baseGas,gasPrice,gasToken,refundReceiver,signatures,msg.sender) External calls sending eth:
-
payment = handlePayment(gasUsed,baseGas,gasPrice,gasToken,refundReceiver)
- require(bool,string)(receiver.send(payment),GS011) Event emitted after the call(s):
- ExecutionFailure(txHash,payment)
- ExecutionSuccess(txHash,payment)
./node_modules/@gnosis.pm/safe-contracts/contracts/GnosisSafe.sol#L111-L194
- ID-52 Reentrancy in Baal.submitProposal(bytes,uint32,uint256,string): External calls:
./contracts/Baal.sol#L319-L381
- ID-53 Reentrancy in Baal._ragequit(address,uint256,uint256,address[]): External calls:
./contracts/Baal.sol#L625-L663
- ID-54 Reentrancy in Baal.processProposal(uint32,bytes): External calls:
./contracts/Baal.sol#L489-L547
Impact: Low Confidence: Medium
- ID-55 ERC20Permit.permit(address,address,uint256,uint256,uint8,bytes32,bytes32) uses timestamp for comparisons Dangerous comparisons:
./node_modules/@openzeppelin/contracts/token/ERC20/extensions/draft-ERC20Permit.sol#L49-L68
- ID-56 BaalVotes.delegateBySig(address,uint256,uint256,bytes) uses timestamp for comparisons Dangerous comparisons:
./contracts/utils/BaalVotes.sol#L76-L107
- ID-57 Baal.state(uint32) uses timestamp for comparisons Dangerous comparisons:
./contracts/Baal.sol#L858-L892
- ID-58 Baal.cancelProposal(uint32) uses timestamp for comparisons Dangerous comparisons:
./contracts/Baal.sol#L567-L579
- ID-59 BaalVotes.getPriorVotes(address,uint256) uses timestamp for comparisons Dangerous comparisons:
./contracts/utils/BaalVotes.sol#L194-L223
- ID-60 BaalVotes._writeCheckpoint(address,uint256,uint256,uint256) uses timestamp for comparisons Dangerous comparisons:
./contracts/utils/BaalVotes.sol#L163-L188
- ID-61 Baal.processProposal(uint32,bytes) uses timestamp for comparisons Dangerous comparisons:
./contracts/Baal.sol#L489-L547
- ID-62 Baal.submitProposal(bytes,uint32,uint256,string) uses timestamp for comparisons Dangerous comparisons:
./contracts/Baal.sol#L319-L381
- ID-63 Baal.sponsorProposal(uint32) uses timestamp for comparisons Dangerous comparisons:
./contracts/Baal.sol#L385-L411
Impact: Informational Confidence: High
- ID-64 StorageAccessible.simulateAndRevert(address,bytes) uses assembly
./node_modules/@gnosis.pm/safe-contracts/contracts/common/StorageAccessible.sol#L36-L46
- ID-65 GuardManager.setGuard(address) uses assembly
./node_modules/@gnosis.pm/safe-contracts/contracts/base/GuardManager.sol#L34-L41
- ID-66 MultiSend.multiSend(bytes) uses assembly
./node_modules/@gnosis.pm/safe-contracts/contracts/libraries/MultiSend.sol#L26-L65
- ID-67 ECDSA.tryRecover(bytes32,bytes) uses assembly
./node_modules/@openzeppelin/contracts/utils/cryptography/ECDSA.sol#L57-L88
- ID-68 CompatibilityFallbackHandler.simulate(address,bytes) uses assembly
./node_modules/@gnosis.pm/safe-contracts/contracts/handler/CompatibilityFallbackHandler.sol#L87-L143
- ID-69 Address.verifyCallResult(bool,bytes,string) uses assembly
./node_modules/@openzeppelin/contracts/utils/Address.sol#L201-L221
- ID-70 Clones.predictDeterministicAddress(address,bytes32,address) uses assembly
./node_modules/@openzeppelin/contracts/proxy/Clones.sol#L59-L75
- ID-71 GnosisSafeProxyFactory.createProxy(address,bytes) uses assembly
./node_modules/@gnosis.pm/safe-contracts/contracts/proxies/GnosisSafeProxyFactory.sol#L15-L25
- ID-72 Executor.execute(address,uint256,bytes,Enum.Operation,uint256) uses assembly
./node_modules/@gnosis.pm/safe-contracts/contracts/base/Executor.sol#L8-L26
- ID-73 GnosisSafeProxy.fallback() uses assembly
./node_modules/@gnosis.pm/safe-contracts/contracts/proxies/GnosisSafeProxy.sol#L26-L43
- ID-74 SecuredTokenTransfer.transferToken(address,address,uint256) uses assembly
./node_modules/@gnosis.pm/safe-contracts/contracts/common/SecuredTokenTransfer.sol#L11-L34
- ID-75 Math.mulDiv(uint256,uint256,uint256) uses assembly
./node_modules/@openzeppelin/contracts/utils/math/Math.sol#L55-L135
- ID-76 FallbackManager.fallback() uses assembly
./node_modules/@gnosis.pm/safe-contracts/contracts/base/FallbackManager.sol#L32-L52
- ID-77 GnosisSafe.checkNSignatures(bytes32,bytes,bytes,uint256) uses assembly
./node_modules/@gnosis.pm/safe-contracts/contracts/GnosisSafe.sol#L240-L304
- ID-78 Clones.cloneDeterministic(address,bytes32) uses assembly
./node_modules/@openzeppelin/contracts/proxy/Clones.sol#L44-L54
- ID-79 GnosisSafeProxyFactory.createProxyWithNonce(address,bytes,uint256) uses assembly
./node_modules/@gnosis.pm/safe-contracts/contracts/proxies/GnosisSafeProxyFactory.sol#L61-L75
- ID-80 ModuleManager.execTransactionFromModuleReturnData(address,uint256,bytes,Enum.Operation) uses assembly
./node_modules/@gnosis.pm/safe-contracts/contracts/base/ModuleManager.sol#L80-L101
- ID-81 ModuleManager.getModulesPaginated(address,uint256) uses assembly
./node_modules/@gnosis.pm/safe-contracts/contracts/base/ModuleManager.sol#L114-L132
- ID-82 GnosisSafe.getChainId() uses assembly
./node_modules/@gnosis.pm/safe-contracts/contracts/GnosisSafe.sol#L340-L347
- ID-83 ModuleProxyFactory.createProxy(address,bytes32) uses assembly
./node_modules/@gnosis.pm/zodiac/contracts/factory/ModuleProxyFactory.sol#L19-L34
- ID-84 Clones.clone(address) uses assembly
./node_modules/@openzeppelin/contracts/proxy/Clones.sol#L25-L35
- ID-85 StorageAccessible.getStorageAt(uint256,uint256) uses assembly
./node_modules/@gnosis.pm/safe-contracts/contracts/common/StorageAccessible.sol#L13-L23
- ID-86 AddressUpgradeable.verifyCallResult(bool,bytes,string) uses assembly
./node_modules/@openzeppelin/contracts-upgradeable/utils/AddressUpgradeable.sol#L174-L194
- ID-87 GuardManager.getGuard() uses assembly
./node_modules/@gnosis.pm/safe-contracts/contracts/base/GuardManager.sol#L43-L49
- ID-88 GnosisSafeProxyFactory.deployProxyWithNonce(address,bytes,uint256) uses assembly
./node_modules/@gnosis.pm/safe-contracts/contracts/proxies/GnosisSafeProxyFactory.sol#L42-L55
- ID-89 SignatureDecoder.signatureSplit(bytes,uint256) uses assembly
./node_modules/@gnosis.pm/safe-contracts/contracts/common/SignatureDecoder.sol#L11-L35
- ID-90 FallbackManager.internalSetFallbackHandler(address) uses assembly
./node_modules/@gnosis.pm/safe-contracts/contracts/base/FallbackManager.sol#L14-L20
Impact: Informational Confidence: High
- ID-91
Different versions of Solidity are used:
- Version used: ['0.8.13', '>=0.7.0<0.9.0', '>=0.8.0', '^0.8.0', '^0.8.1', '^0.8.2']
- >=0.7.0<0.9.0
- >=0.7.0<0.9.0
- >=0.7.0<0.9.0
- >=0.7.0<0.9.0
- >=0.7.0<0.9.0
- >=0.7.0<0.9.0
- >=0.7.0<0.9.0
- >=0.7.0<0.9.0
- >=0.7.0<0.9.0
- >=0.7.0<0.9.0
- >=0.7.0<0.9.0
- >=0.7.0<0.9.0
- >=0.7.0<0.9.0
- >=0.7.0<0.9.0
- >=0.7.0<0.9.0
- >=0.7.0<0.9.0
- >=0.7.0<0.9.0
- >=0.7.0<0.9.0
- >=0.7.0<0.9.0
- >=0.7.0<0.9.0
- >=0.7.0<0.9.0
- >=0.7.0<0.9.0
- >=0.7.0<0.9.0
- >=0.7.0<0.9.0
- >=0.7.0<0.9.0
- >=0.7.0<0.9.0
- >=0.7.0<0.9.0
- >=0.7.0<0.9.0
- >=0.7.0<0.9.0
- >=0.8.0
- >=0.7.0<0.9.0
- >=0.7.0<0.9.0
- >=0.7.0<0.9.0
- >=0.7.0<0.9.0
- ^0.8.0
- ^0.8.2
- ^0.8.1
- ^0.8.0
- ^0.8.0
- ^0.8.0
- ^0.8.2
- ^0.8.0
- ^0.8.0
- ^0.8.0
- ^0.8.0
- ^0.8.0
- ^0.8.0
- ^0.8.1
- ^0.8.0
- ^0.8.0
- ^0.8.0
- ^0.8.0
- ^0.8.0
- ^0.8.0
- ^0.8.0
- ^0.8.0
- 0.8.13
- 0.8.13
- 0.8.13
- 0.8.13
- 0.8.13
- 0.8.13
- 0.8.13
- 0.8.13
- 0.8.13
- 0.8.13
./node_modules/@gnosis.pm/safe-contracts/contracts/GnosisSafe.sol#L2
Impact: Informational Confidence: High
-
ID-92 solc-0.8.13 is not recommended for deployment
-
ID-93 Pragma version0.8.13 necessitates a version too recent to be trusted. Consider deploying with 0.6.12/0.7.6/0.8.7
./contracts/utils/Poster.sol#L14
- ID-94 Pragma version0.8.13 necessitates a version too recent to be trusted. Consider deploying with 0.6.12/0.7.6/0.8.7
./contracts/mock/TestERC20.sol#L2
- ID-95 Pragma version0.8.13 necessitates a version too recent to be trusted. Consider deploying with 0.6.12/0.7.6/0.8.7
./contracts/mock/TestAvatar.sol#L2
- ID-96 Pragma version>=0.7.0<0.9.0 is too complex
./node_modules/@gnosis.pm/safe-contracts/contracts/common/SelfAuthorized.sol#L2
- ID-97 Pragma version0.8.13 necessitates a version too recent to be trusted. Consider deploying with 0.6.12/0.7.6/0.8.7
./contracts/mock/MockBaal.sol#L2
- ID-98 Pragma version^0.8.0 allows old versions
./node_modules/@openzeppelin/contracts/utils/cryptography/ECDSA.sol#L4
- ID-99 Pragma version^0.8.0 allows old versions
./node_modules/@openzeppelin/contracts/token/ERC20/extensions/IERC20Metadata.sol#L4
- ID-100 Pragma version>=0.7.0<0.9.0 is too complex
./node_modules/@gnosis.pm/zodiac/contracts/factory/FactoryFriendly.sol#L4
- ID-101 Pragma version^0.8.0 allows old versions
./node_modules/@openzeppelin/contracts/token/ERC20/extensions/draft-IERC20Permit.sol#L4
- ID-102 Pragma version0.8.13 necessitates a version too recent to be trusted. Consider deploying with 0.6.12/0.7.6/0.8.7
./contracts/SharesERC20.sol#L1
- ID-103 Pragma version0.8.13 necessitates a version too recent to be trusted. Consider deploying with 0.6.12/0.7.6/0.8.7
./contracts/fixtures/GnosisImports.sol#L2
- ID-104 Pragma version>=0.7.0<0.9.0 is too complex
./node_modules/@gnosis.pm/zodiac/contracts/core/Module.sol#L4
- ID-105 Pragma version^0.8.0 allows old versions
./node_modules/@openzeppelin/contracts/utils/Arrays.sol#L4
- ID-106 Pragma version^0.8.0 allows old versions
./node_modules/@openzeppelin/contracts/proxy/Clones.sol#L4
- ID-107 Pragma version>=0.7.0<0.9.0 is too complex
./node_modules/@gnosis.pm/safe-contracts/contracts/interfaces/ERC721TokenReceiver.sol#L2
- ID-108 Pragma version^0.8.0 allows old versions
./node_modules/@openzeppelin/contracts/utils/math/Math.sol#L4
- ID-109 Pragma version>=0.7.0<0.9.0 is too complex
./node_modules/@gnosis.pm/safe-contracts/contracts/common/Singleton.sol#L2
- ID-110 Pragma version>=0.7.0<0.9.0 is too complex
./node_modules/@gnosis.pm/safe-contracts/contracts/external/GnosisSafeMath.sol#L2
- ID-111 Pragma version>=0.7.0<0.9.0 is too complex
./node_modules/@gnosis.pm/safe-contracts/contracts/libraries/MultiSend.sol#L2
- ID-112 Pragma version>=0.7.0<0.9.0 is too complex
./node_modules/@gnosis.pm/safe-contracts/contracts/common/Enum.sol#L2
- ID-113 Pragma version^0.8.0 allows old versions
./node_modules/@openzeppelin/contracts/utils/Context.sol#L4
- ID-114 Pragma version>=0.7.0<0.9.0 is too complex
./node_modules/@gnosis.pm/safe-contracts/contracts/interfaces/ERC1155TokenReceiver.sol#L2
- ID-115 Pragma version^0.8.2 allows old versions
./node_modules/@openzeppelin/contracts/proxy/utils/Initializable.sol#L4
- ID-116 Pragma version0.8.13 necessitates a version too recent to be trusted. Consider deploying with 0.6.12/0.7.6/0.8.7
./contracts/LootERC20.sol#L2
- ID-117 Pragma version^0.8.0 allows old versions
./node_modules/@openzeppelin/contracts/utils/Strings.sol#L4
- ID-118 Pragma version>=0.7.0<0.9.0 is too complex
./node_modules/@gnosis.pm/safe-contracts/contracts/common/StorageAccessible.sol#L2
- ID-119 Pragma version>=0.7.0<0.9.0 is too complex
./node_modules/@gnosis.pm/safe-contracts/contracts/base/GuardManager.sol#L2
- ID-120 Pragma version>=0.7.0<0.9.0 is too complex
./node_modules/@gnosis.pm/safe-contracts/contracts/base/FallbackManager.sol#L2
- ID-121 Pragma version>=0.7.0<0.9.0 is too complex
./node_modules/@gnosis.pm/safe-contracts/contracts/base/ModuleManager.sol#L2
- ID-122 Pragma version>=0.7.0<0.9.0 is too complex
./node_modules/@gnosis.pm/safe-contracts/contracts/GnosisSafe.sol#L2
- ID-123 Pragma version^0.8.0 allows old versions
./node_modules/@openzeppelin/contracts/token/ERC20/extensions/draft-ERC20Permit.sol#L4
- ID-124 Pragma version0.8.13 necessitates a version too recent to be trusted. Consider deploying with 0.6.12/0.7.6/0.8.7
./contracts/BaalSummoner.sol#L2
- ID-125 Pragma version^0.8.1 allows old versions
./node_modules/@openzeppelin/contracts/utils/Address.sol#L4
- ID-126 Pragma version0.8.13 necessitates a version too recent to be trusted. Consider deploying with 0.6.12/0.7.6/0.8.7
./contracts/tools/TributeMinion.sol#L2
- ID-127 Pragma version>=0.8.0 allows old versions
./node_modules/@gnosis.pm/zodiac/contracts/factory/ModuleProxyFactory.sol#L2
- ID-128 Pragma version^0.8.0 allows old versions
./node_modules/@openzeppelin/contracts-upgradeable/utils/ContextUpgradeable.sol#L4
- ID-129 Pragma version0.8.13 necessitates a version too recent to be trusted. Consider deploying with 0.6.12/0.7.6/0.8.7
./contracts/utils/BaalVotes.sol#L2
- ID-130 Pragma version>=0.7.0<0.9.0 is too complex
./node_modules/@gnosis.pm/safe-contracts/contracts/interfaces/ERC777TokensRecipient.sol#L2
- ID-131 Pragma version0.8.13 necessitates a version too recent to be trusted. Consider deploying with 0.6.12/0.7.6/0.8.7
./contracts/interfaces/IBaal.sol#L2
- ID-132 Pragma version>=0.7.0<0.9.0 is too complex
./node_modules/@gnosis.pm/safe-contracts/contracts/examples/libraries/SignMessage.sol#L2
- ID-133 Pragma version>=0.7.0<0.9.0 is too complex
./node_modules/@gnosis.pm/safe-contracts/contracts/proxies/IProxyCreationCallback.sol#L2
- ID-134 Pragma version>=0.7.0<0.9.0 is too complex
./node_modules/@gnosis.pm/zodiac/contracts/interfaces/IGuard.sol#L2
- ID-135 Pragma version^0.8.0 allows old versions
./node_modules/@openzeppelin/contracts/utils/Counters.sol#L4
- ID-136 Pragma version>=0.7.0<0.9.0 is too complex
./node_modules/@gnosis.pm/safe-contracts/contracts/common/SecuredTokenTransfer.sol#L2
- ID-137 Pragma version^0.8.0 allows old versions
./node_modules/@openzeppelin/contracts/token/ERC20/IERC20.sol#L4
- ID-138 Pragma version>=0.7.0<0.9.0 is too complex
./node_modules/@gnosis.pm/zodiac/contracts/guard/Guardable.sol#L2
- ID-139 Pragma version^0.8.0 allows old versions
./node_modules/@openzeppelin/contracts/utils/cryptography/draft-EIP712.sol#L4
- ID-140 Pragma version>=0.7.0<0.9.0 is too complex
./node_modules/@gnosis.pm/safe-contracts/contracts/handler/CompatibilityFallbackHandler.sol#L2
- ID-141 Pragma version>=0.7.0<0.9.0 is too complex
./node_modules/@gnosis.pm/safe-contracts/contracts/proxies/GnosisSafeProxyFactory.sol#L2
- ID-142 Pragma version^0.8.0 allows old versions
./node_modules/@openzeppelin/contracts/token/ERC20/ERC20.sol#L4
- ID-143 Pragma version>=0.7.0<0.9.0 is too complex
./node_modules/@gnosis.pm/safe-contracts/contracts/handler/DefaultCallbackHandler.sol#L2
- ID-144 Pragma version>=0.7.0<0.9.0 is too complex
./node_modules/@gnosis.pm/safe-contracts/contracts/base/Executor.sol#L2
- ID-145 Pragma version0.8.13 necessitates a version too recent to be trusted. Consider deploying with 0.6.12/0.7.6/0.8.7
./contracts/interfaces/IBaalToken.sol#L2
- ID-146 Pragma version0.8.13 necessitates a version too recent to be trusted. Consider deploying with 0.6.12/0.7.6/0.8.7
./contracts/Baal.sol#L10
- ID-147 Pragma version>=0.7.0<0.9.0 is too complex
./node_modules/@gnosis.pm/safe-contracts/contracts/common/SignatureDecoder.sol#L2
- ID-148 Pragma version>=0.7.0<0.9.0 is too complex
./node_modules/@gnosis.pm/zodiac/contracts/interfaces/IAvatar.sol#L4
- ID-149 Pragma version^0.8.0 allows old versions
./node_modules/@openzeppelin/contracts/access/Ownable.sol#L4
- ID-150 Pragma version>=0.7.0<0.9.0 is too complex
./node_modules/@gnosis.pm/safe-contracts/contracts/proxies/GnosisSafeProxy.sol#L2
- ID-151 Pragma version>=0.7.0<0.9.0 is too complex
./node_modules/@gnosis.pm/safe-contracts/contracts/interfaces/IERC165.sol#L2
- ID-152 Pragma version^0.8.2 allows old versions
./node_modules/@openzeppelin/contracts-upgradeable/proxy/utils/Initializable.sol#L4
- ID-153 Pragma version>=0.7.0<0.9.0 is too complex
./node_modules/@gnosis.pm/zodiac/contracts/guard/BaseGuard.sol#L2
- ID-154 Pragma version^0.8.0 allows old versions
./node_modules/@openzeppelin/contracts/utils/introspection/IERC165.sol#L4
- ID-155 Pragma version^0.8.1 allows old versions
./node_modules/@openzeppelin/contracts-upgradeable/utils/AddressUpgradeable.sol#L4
- ID-156 Pragma version>=0.7.0<0.9.0 is too complex
./node_modules/@gnosis.pm/safe-contracts/contracts/common/EtherPaymentFallback.sol#L2
- ID-157 Pragma version>=0.7.0<0.9.0 is too complex
./node_modules/@gnosis.pm/safe-contracts/contracts/examples/libraries/GnosisSafeStorage.sol#L2
- ID-158 Pragma version^0.8.0 allows old versions
./node_modules/@openzeppelin/contracts-upgradeable/access/OwnableUpgradeable.sol#L4
- ID-159 Pragma version^0.8.0 allows old versions
./node_modules/@openzeppelin/contracts/token/ERC20/extensions/ERC20Snapshot.sol#L4
- ID-160 Pragma version>=0.7.0<0.9.0 is too complex
./node_modules/@gnosis.pm/safe-contracts/contracts/base/OwnerManager.sol#L2
- ID-161 Pragma version>=0.7.0<0.9.0 is too complex
./node_modules/@gnosis.pm/safe-contracts/contracts/interfaces/ISignatureValidator.sol#L2
Impact: Informational Confidence: High
- ID-162 Low level call in TestAvatar.execTransactionFromModule(address,uint256,bytes,uint8):
./contracts/mock/TestAvatar.sol#L32-L41
- ID-163 Low level call in TestAvatar.execTransactionFromModuleReturnData(address,uint256,bytes,uint8):
./contracts/mock/TestAvatar.sol#L43-L52
- ID-164 Low level call in AddressUpgradeable.functionCallWithValue(address,bytes,uint256,string):
./node_modules/@openzeppelin/contracts-upgradeable/utils/AddressUpgradeable.sol#L128-L139
- ID-165 Low level call in ModuleProxyFactory.deployModule(address,bytes,uint256):
./node_modules/@gnosis.pm/zodiac/contracts/factory/ModuleProxyFactory.sol#L36-L49
- ID-166 Low level call in AddressUpgradeable.sendValue(address,uint256):
./node_modules/@openzeppelin/contracts-upgradeable/utils/AddressUpgradeable.sol#L60-L65
- ID-167 Low level call in AddressUpgradeable.functionStaticCall(address,bytes,string):
./node_modules/@openzeppelin/contracts-upgradeable/utils/AddressUpgradeable.sol#L157-L166
- ID-168 Low level call in Baal.executeAsBaal(address,uint256,bytes):
./contracts/Baal.sol#L587-L594
- ID-169 Low level call in Baal._ragequit(address,uint256,uint256,address[]):
./contracts/Baal.sol#L625-L663
- ID-170 Low level call in Baal.submitProposal(bytes,uint32,uint256,string):
./contracts/Baal.sol#L319-L381
- ID-171 Low level call in Address.sendValue(address,uint256):
./node_modules/@openzeppelin/contracts/utils/Address.sol#L60-L65
- ID-172 Low level call in Address.functionCallWithValue(address,bytes,uint256,string):
./node_modules/@openzeppelin/contracts/utils/Address.sol#L128-L139
- ID-173 Low level call in Address.functionStaticCall(address,bytes,string):
./node_modules/@openzeppelin/contracts/utils/Address.sol#L157-L166
- ID-174 Low level call in Address.functionDelegateCall(address,bytes,string):
./node_modules/@openzeppelin/contracts/utils/Address.sol#L184-L193
Impact: Informational Confidence: High
./node_modules/@gnosis.pm/zodiac/contracts/guard/BaseGuard.sol#L8-L38
Impact: Informational Confidence: High
- ID-176 Parameter TestAvatar.isModuleEnabled(address)._module is not in mixedCase
./contracts/mock/TestAvatar.sol#L24
- ID-177 Parameter TestAvatar.enableModule(address)._module is not in mixedCase
./contracts/mock/TestAvatar.sol#L16
- ID-178 Parameter TributeMinion.releaseEscrow(address,uint32)._proposalId is not in mixedCase
./contracts/tools/TributeMinion.sol#L125
- ID-179 Parameter Baal.executeAsBaal(address,uint256,bytes)._data is not in mixedCase
./contracts/Baal.sol#L590
- ID-180 Parameter Baal.executeAsBaal(address,uint256,bytes)._value is not in mixedCase
./contracts/Baal.sol#L589
- ID-181 Parameter BaalSummoner.encodeMultisend(bytes[],address)._calls is not in mixedCase
./contracts/BaalSummoner.sol#L65
- ID-182 Parameter GnosisSafe.setup(address[],uint256,address,bytes,address,address,uint256,address)._owners is not in mixedCase
./node_modules/@gnosis.pm/safe-contracts/contracts/GnosisSafe.sol#L76
- ID-183 Parameter Baal.hashOperation(bytes)._transactions is not in mixedCase
./contracts/Baal.sol#L954
- ID-184 Parameter GnosisSafeProxyFactory.calculateCreateProxyWithNonceAddress(address,bytes,uint256)._singleton is not in mixedCase
./node_modules/@gnosis.pm/safe-contracts/contracts/proxies/GnosisSafeProxyFactory.sol#L100
- ID-185 Parameter Baal.encodeMultisend(bytes[],address)._calls is not in mixedCase
./contracts/Baal.sol#L217
- ID-186 Parameter Guardable.setGuard(address)._guard is not in mixedCase
./node_modules/@gnosis.pm/zodiac/contracts/guard/Guardable.sol#L19
- ID-187 Parameter BaalSummoner.deployAndSetupSafe(address,uint256)._moduleAddr is not in mixedCase
./contracts/BaalSummoner.sol#L130
- ID-188 Parameter CompatibilityFallbackHandler.isValidSignature(bytes32,bytes)._signature is not in mixedCase
./node_modules/@gnosis.pm/safe-contracts/contracts/handler/CompatibilityFallbackHandler.sol#L66
- ID-189 Variable Shares.__symbol is not in mixedCase
./contracts/SharesERC20.sol#L17
- ID-190 Parameter MockBaal.mintLoot(address,uint256)._amount is not in mixedCase
./contracts/mock/MockBaal.sol#L26
- ID-191 Parameter Baal.encodeMultisend(bytes[],address)._target is not in mixedCase
./contracts/Baal.sol#L217
- ID-192 Variable ContextUpgradeable.__gap is not in mixedCase
./node_modules/@openzeppelin/contracts-upgradeable/utils/ContextUpgradeable.sol#L36
- ID-193 Parameter OwnerManager.setupOwners(address[],uint256)._threshold is not in mixedCase
./node_modules/@gnosis.pm/safe-contracts/contracts/base/OwnerManager.sol#L22
- ID-194 Parameter BaalSummoner.summonBaalAndSafe(bytes,bytes[],uint256)._saltNonce is not in mixedCase
./contracts/BaalSummoner.sol#L183
- ID-195 Parameter GnosisSafe.setup(address[],uint256,address,bytes,address,address,uint256,address)._threshold is not in mixedCase
./node_modules/@gnosis.pm/safe-contracts/contracts/GnosisSafe.sol#L77
- ID-196 Parameter Module.setTarget(address)._target is not in mixedCase
./node_modules/@gnosis.pm/zodiac/contracts/core/Module.sol#L31
- ID-197 Parameter OwnerManager.changeThreshold(uint256)._threshold is not in mixedCase
./node_modules/@gnosis.pm/safe-contracts/contracts/base/OwnerManager.sol#L117
- ID-198 Function OwnableUpgradeable.__Ownable_init() is not in mixedCase
./node_modules/@openzeppelin/contracts-upgradeable/access/OwnableUpgradeable.sol#L29-L31
- ID-199 Parameter GnosisSafeProxyFactory.createProxyWithCallback(address,bytes,uint256,IProxyCreationCallback)._singleton is not in mixedCase
./node_modules/@gnosis.pm/safe-contracts/contracts/proxies/GnosisSafeProxyFactory.sol#L83
- ID-200 Parameter MockBaal.mintLoot(address,uint256)._to is not in mixedCase
./contracts/mock/MockBaal.sol#L26
- ID-201 Parameter OwnerManager.addOwnerWithThreshold(address,uint256)._threshold is not in mixedCase
./node_modules/@gnosis.pm/safe-contracts/contracts/base/OwnerManager.sol#L51
- ID-202 Variable OwnableUpgradeable.__gap is not in mixedCase
./node_modules/@openzeppelin/contracts-upgradeable/access/OwnableUpgradeable.sol#L94
- ID-203 Parameter OwnerManager.removeOwner(address,address,uint256)._threshold is not in mixedCase
./node_modules/@gnosis.pm/safe-contracts/contracts/base/OwnerManager.sol#L73
- ID-204 Variable EIP712._TYPE_HASH is not in mixedCase
./node_modules/@openzeppelin/contracts/utils/cryptography/draft-EIP712.sol#L37
- ID-205 Variable Shares.__name is not in mixedCase
./contracts/SharesERC20.sol#L16
- ID-206 Parameter GnosisSafe.encodeTransactionData(address,uint256,bytes,Enum.Operation,uint256,uint256,uint256,address,address,uint256)._nonce is not in mixedCase
./node_modules/@gnosis.pm/safe-contracts/contracts/GnosisSafe.sol#L375
- ID-207 Parameter Baal.executeAsBaal(address,uint256,bytes)._to is not in mixedCase
./contracts/Baal.sol#L588
- ID-208 Parameter GnosisSafeProxyFactory.deployProxyWithNonce(address,bytes,uint256)._singleton is not in mixedCase
./node_modules/@gnosis.pm/safe-contracts/contracts/proxies/GnosisSafeProxyFactory.sol#L43
- ID-209 Parameter BaalSummoner.deployAndSetupSafe(address,uint256)._saltNonce is not in mixedCase
./contracts/BaalSummoner.sol#L130
- ID-210 Function ContextUpgradeable.__Context_init_unchained() is not in mixedCase
./node_modules/@openzeppelin/contracts-upgradeable/utils/ContextUpgradeable.sol#L21-L22
- ID-211 Variable EIP712._CACHED_THIS is not in mixedCase
./node_modules/@openzeppelin/contracts/utils/cryptography/draft-EIP712.sol#L33
- ID-212 Parameter Baal.setShamans(address[],uint256[])._permissions is not in mixedCase
./contracts/Baal.sol#L673
- ID-213 Variable ERC20Permit._PERMIT_TYPEHASH_DEPRECATED_SLOT is not in mixedCase
./node_modules/@openzeppelin/contracts/token/ERC20/extensions/draft-ERC20Permit.sol#L37
- ID-214 Function IERC20Permit.DOMAIN_SEPARATOR() is not in mixedCase
./node_modules/@openzeppelin/contracts/token/ERC20/extensions/draft-IERC20Permit.sol#L59
- ID-215 Parameter OwnerManager.setupOwners(address[],uint256)._owners is not in mixedCase
./node_modules/@gnosis.pm/safe-contracts/contracts/base/OwnerManager.sol#L22
- ID-216 Parameter TributeMinion.releaseEscrow(address,uint32)._baal is not in mixedCase
./contracts/tools/TributeMinion.sol#L125
- ID-217 Parameter BaalSummoner.summonBaal(bytes,bytes[],uint256)._saltNonce is not in mixedCase
./contracts/BaalSummoner.sol#L90
- ID-218 Parameter Baal.setGovernanceConfig(bytes)._governanceConfig is not in mixedCase
./contracts/Baal.sol#L820
- ID-219 Parameter CompatibilityFallbackHandler.isValidSignature(bytes32,bytes)._dataHash is not in mixedCase
./node_modules/@gnosis.pm/safe-contracts/contracts/handler/CompatibilityFallbackHandler.sol#L66
- ID-220 Variable EIP712._CACHED_CHAIN_ID is not in mixedCase
./node_modules/@openzeppelin/contracts/utils/cryptography/draft-EIP712.sol#L32
- ID-221 Function ERC20Permit.DOMAIN_SEPARATOR() is not in mixedCase
./node_modules/@openzeppelin/contracts/token/ERC20/extensions/draft-ERC20Permit.sol#L81-L83
- ID-222 Parameter GnosisSafe.getTransactionHash(address,uint256,bytes,Enum.Operation,uint256,uint256,uint256,address,address,uint256)._nonce is not in mixedCase
./node_modules/@gnosis.pm/safe-contracts/contracts/GnosisSafe.sol#L418
- ID-223 Parameter Module.setAvatar(address)._avatar is not in mixedCase
./node_modules/@gnosis.pm/zodiac/contracts/core/Module.sol#L23
- ID-224 Parameter CompatibilityFallbackHandler.isValidSignature(bytes,bytes)._signature is not in mixedCase
./node_modules/@gnosis.pm/safe-contracts/contracts/handler/CompatibilityFallbackHandler.sol#L28
- ID-225 Function OwnableUpgradeable.__Ownable_init_unchained() is not in mixedCase
./node_modules/@openzeppelin/contracts-upgradeable/access/OwnableUpgradeable.sol#L33-L35
- ID-226 Parameter SignMessageLib.signMessage(bytes)._data is not in mixedCase
./node_modules/@gnosis.pm/safe-contracts/contracts/examples/libraries/SignMessage.sol#L20
- ID-227 Parameter BaalSummoner.encodeMultisend(bytes[],address)._target is not in mixedCase
./contracts/BaalSummoner.sol#L65
- ID-228 Parameter Baal.setShamans(address[],uint256[])._shamans is not in mixedCase
./contracts/Baal.sol#L672
- ID-229 Parameter Baal.setUp(bytes)._initializationParams is not in mixedCase
./contracts/Baal.sol#L241
- ID-230 Variable EIP712._HASHED_NAME is not in mixedCase
./node_modules/@openzeppelin/contracts/utils/cryptography/draft-EIP712.sol#L35
- ID-231 Parameter CompatibilityFallbackHandler.isValidSignature(bytes,bytes)._data is not in mixedCase
./node_modules/@gnosis.pm/safe-contracts/contracts/handler/CompatibilityFallbackHandler.sol#L28
- ID-232 Variable Loot.__symbol is not in mixedCase
./contracts/LootERC20.sol#L14
- ID-233 Parameter MockBaal.burnLoot(address,uint256)._from is not in mixedCase
./contracts/mock/MockBaal.sol#L30
- ID-234 Variable BaalVotes._nonces is not in mixedCase
./contracts/utils/BaalVotes.sol#L31
- ID-235 Function ContextUpgradeable.__Context_init() is not in mixedCase
./node_modules/@openzeppelin/contracts-upgradeable/utils/ContextUpgradeable.sol#L18-L19
- ID-236 Variable Loot.__name is not in mixedCase
./contracts/LootERC20.sol#L13
- ID-237 Parameter MockBaal.burnLoot(address,uint256)._amount is not in mixedCase
./contracts/mock/MockBaal.sol#L30
- ID-238 Variable EIP712._CACHED_DOMAIN_SEPARATOR is not in mixedCase
./node_modules/@openzeppelin/contracts/utils/cryptography/draft-EIP712.sol#L31
- ID-239 Parameter GnosisSafeProxyFactory.createProxyWithNonce(address,bytes,uint256)._singleton is not in mixedCase
./node_modules/@gnosis.pm/safe-contracts/contracts/proxies/GnosisSafeProxyFactory.sol#L62
- ID-240 Variable EIP712._HASHED_VERSION is not in mixedCase
./node_modules/@openzeppelin/contracts/utils/cryptography/draft-EIP712.sol#L36
Impact: Informational Confidence: High
- ID-241 Redundant expression "calldataPayload" inCompatibilityFallbackHandler
./node_modules/@gnosis.pm/safe-contracts/contracts/handler/CompatibilityFallbackHandler.sol#L92
- ID-242 Redundant expression "targetContract" inCompatibilityFallbackHandler
./node_modules/@gnosis.pm/safe-contracts/contracts/handler/CompatibilityFallbackHandler.sol#L91
Impact: Informational Confidence: Medium
- ID-243 Reentrancy in GnosisSafe.execTransaction(address,uint256,bytes,Enum.Operation,uint256,uint256,uint256,address,address,bytes): External calls:
./node_modules/@gnosis.pm/safe-contracts/contracts/GnosisSafe.sol#L111-L194
- ID-244 Reentrancy in GnosisSafe.setup(address[],uint256,address,bytes,address,address,uint256,address): External calls:
./node_modules/@gnosis.pm/safe-contracts/contracts/GnosisSafe.sol#L75-L97
Impact: Informational Confidence: Medium
- ID-245 Clones.predictDeterministicAddress(address,bytes32,address) uses literals with too many digits:
./node_modules/@openzeppelin/contracts/proxy/Clones.sol#L59-L75
- ID-246 Clones.cloneDeterministic(address,bytes32) uses literals with too many digits:
./node_modules/@openzeppelin/contracts/proxy/Clones.sol#L44-L54
- ID-247 GnosisSafeProxy.fallback() uses literals with too many digits:
./node_modules/@gnosis.pm/safe-contracts/contracts/proxies/GnosisSafeProxy.sol#L26-L43
- ID-248 Clones.clone(address) uses literals with too many digits:
./node_modules/@openzeppelin/contracts/proxy/Clones.sol#L25-L35
- ID-249 Clones.cloneDeterministic(address,bytes32) uses literals with too many digits:
./node_modules/@openzeppelin/contracts/proxy/Clones.sol#L44-L54
- ID-250 Clones.clone(address) uses literals with too many digits:
./node_modules/@openzeppelin/contracts/proxy/Clones.sol#L25-L35
- ID-251 Clones.predictDeterministicAddress(address,bytes32,address) uses literals with too many digits:
./node_modules/@openzeppelin/contracts/proxy/Clones.sol#L59-L75
Impact: Informational Confidence: High
- ID-252
CompatibilityFallbackHandler does not implement functions:
- DefaultCallbackHandler.onERC1155BatchReceived(address,address,uint256[],uint256[],bytes)
- DefaultCallbackHandler.onERC1155Received(address,address,uint256,uint256,bytes)
- DefaultCallbackHandler.onERC721Received(address,address,uint256,bytes)
- DefaultCallbackHandler.supportsInterface(bytes4)
- DefaultCallbackHandler.tokensReceived(address,address,address,uint256,bytes,bytes)
./node_modules/@gnosis.pm/safe-contracts/contracts/handler/CompatibilityFallbackHandler.sol#L10-L144
- ID-253 BaseGuard does not implement functions:
./node_modules/@gnosis.pm/zodiac/contracts/guard/BaseGuard.sol#L8-L38
Impact: Informational Confidence: High
- ID-254 OwnableUpgradeable.__gap is never used in Baal
./node_modules/@openzeppelin/contracts-upgradeable/access/OwnableUpgradeable.sol#L94
- ID-255 GnosisSafeStorage.domainSeparator is never used in SignMessageLib
./node_modules/@gnosis.pm/safe-contracts/contracts/examples/libraries/GnosisSafeStorage.sol#L18
- ID-256 GnosisSafeStorage.nonce is never used in SignMessageLib
./node_modules/@gnosis.pm/safe-contracts/contracts/examples/libraries/GnosisSafeStorage.sol#L17
- ID-257 ERC20Permit._PERMIT_TYPEHASH_DEPRECATED_SLOT is never used in Loot
./node_modules/@openzeppelin/contracts/token/ERC20/extensions/draft-ERC20Permit.sol#L37
- ID-258 GnosisSafeStorage.owners is never used in SignMessageLib
./node_modules/@gnosis.pm/safe-contracts/contracts/examples/libraries/GnosisSafeStorage.sol#L12
- ID-259 GnosisSafeStorage.ownerCount is never used in SignMessageLib
./node_modules/@gnosis.pm/safe-contracts/contracts/examples/libraries/GnosisSafeStorage.sol#L13
- ID-260 Singleton.singleton is never used in GnosisSafe
./node_modules/@gnosis.pm/safe-contracts/contracts/common/Singleton.sol#L10
- ID-261 GnosisSafeStorage.approvedHashes is never used in SignMessageLib
./node_modules/@gnosis.pm/safe-contracts/contracts/examples/libraries/GnosisSafeStorage.sol#L20
- ID-262 GnosisSafe._deprecatedDomainSeparator is never used in GnosisSafe
./node_modules/@gnosis.pm/safe-contracts/contracts/GnosisSafe.sol#L52
- ID-263 GnosisSafeStorage.modules is never used in SignMessageLib
./node_modules/@gnosis.pm/safe-contracts/contracts/examples/libraries/GnosisSafeStorage.sol#L10
- ID-264 GnosisSafeStorage.threshold is never used in SignMessageLib
./node_modules/@gnosis.pm/safe-contracts/contracts/examples/libraries/GnosisSafeStorage.sol#L14
- ID-265 GnosisSafeStorage.singleton is never used in SignMessageLib
./node_modules/@gnosis.pm/safe-contracts/contracts/examples/libraries/GnosisSafeStorage.sol#L8
- ID-266 CompatibilityFallbackHandler.SIMULATE_SELECTOR is never used in CompatibilityFallbackHandler
./node_modules/@gnosis.pm/safe-contracts/contracts/handler/CompatibilityFallbackHandler.sol#L16
- ID-267 ERC20Permit._PERMIT_TYPEHASH_DEPRECATED_SLOT is never used in Shares
./node_modules/@openzeppelin/contracts/token/ERC20/extensions/draft-ERC20Permit.sol#L37
Impact: Optimization Confidence: High
- ID-268 GnosisSafeStorage.ownerCount should be constant
./node_modules/@gnosis.pm/safe-contracts/contracts/examples/libraries/GnosisSafeStorage.sol#L13
- ID-269 GnosisSafeStorage.threshold should be constant
./node_modules/@gnosis.pm/safe-contracts/contracts/examples/libraries/GnosisSafeStorage.sol#L14
- ID-270 Singleton.singleton should be constant
./node_modules/@gnosis.pm/safe-contracts/contracts/common/Singleton.sol#L10
- ID-271 GnosisSafeStorage.singleton should be constant
./node_modules/@gnosis.pm/safe-contracts/contracts/examples/libraries/GnosisSafeStorage.sol#L8
- ID-272 GnosisSafeStorage.nonce should be constant
./node_modules/@gnosis.pm/safe-contracts/contracts/examples/libraries/GnosisSafeStorage.sol#L17
- ID-273 GnosisSafe._deprecatedDomainSeparator should be constant
./node_modules/@gnosis.pm/safe-contracts/contracts/GnosisSafe.sol#L52
- ID-274 GnosisSafeStorage.domainSeparator should be constant
./node_modules/@gnosis.pm/safe-contracts/contracts/examples/libraries/GnosisSafeStorage.sol#L18
- ID-275 ERC20Permit._PERMIT_TYPEHASH_DEPRECATED_SLOT should be constant
./node_modules/@openzeppelin/contracts/token/ERC20/extensions/draft-ERC20Permit.sol#L37
Impact: Optimization Confidence: High
- ID-276 multiSend(bytes) should be declared external:
./node_modules/@gnosis.pm/safe-contracts/contracts/libraries/MultiSend.sol#L26-L65
- ID-277 removeOwner(address,address,uint256) should be declared external:
./node_modules/@gnosis.pm/safe-contracts/contracts/base/OwnerManager.sol#L70-L86
- ID-278 getOwners() should be declared external:
./node_modules/@gnosis.pm/safe-contracts/contracts/base/OwnerManager.sol#L136-L148
- ID-279 transferFrom(address,address,uint256) should be declared external:
./node_modules/@openzeppelin/contracts/token/ERC20/ERC20.sol#L158-L167
- ID-280 getStorageAt(uint256,uint256) should be declared external:
./node_modules/@gnosis.pm/safe-contracts/contracts/common/StorageAccessible.sol#L13-L23
- ID-281 execTransaction(address,uint256,bytes,Enum.Operation,uint256,uint256,uint256,address,address,bytes) should be declared external:
./node_modules/@gnosis.pm/safe-contracts/contracts/GnosisSafe.sol#L111-L194
- ID-282 renounceOwnership() should be declared external:
./node_modules/@openzeppelin/contracts/access/Ownable.sol#L61-L63
- ID-283 disableModule(address,address) should be declared external:
./node_modules/@gnosis.pm/safe-contracts/contracts/base/ModuleManager.sol#L47-L54
- ID-284 permit(address,address,uint256,uint256,uint8,bytes32,bytes32) should be declared external:
./node_modules/@openzeppelin/contracts/token/ERC20/extensions/draft-ERC20Permit.sol#L49-L68
- ID-285 swapOwner(address,address,address) should be declared external:
./node_modules/@gnosis.pm/safe-contracts/contracts/base/OwnerManager.sol#L94-L111
- ID-286 decimals() should be declared external:
./node_modules/@openzeppelin/contracts/token/ERC20/ERC20.sol#L87-L89
- ID-287 getCurrentVotes(address) should be declared external:
./contracts/utils/BaalVotes.sol#L228-L240
- ID-288 delegateBySig(address,uint256,uint256,bytes) should be declared external:
./contracts/utils/BaalVotes.sol#L76-L107
- ID-289 setUp(bytes) should be declared external:
./contracts/Baal.sol#L241-L310
- ID-290 getTransactionHash(address,uint256,bytes,Enum.Operation,uint256,uint256,uint256,address,address,uint256) should be declared external:
./node_modules/@gnosis.pm/safe-contracts/contracts/GnosisSafe.sol#L408-L421
- ID-291 delegate(address) should be declared external:
./contracts/utils/BaalVotes.sol#L67-L69
- ID-292 getMessageHash(bytes) should be declared external:
./node_modules/@gnosis.pm/safe-contracts/contracts/handler/CompatibilityFallbackHandler.sol#L43-L45
- ID-293 decreaseAllowance(address,uint256) should be declared external:
./node_modules/@openzeppelin/contracts/token/ERC20/ERC20.sol#L201-L210
- ID-294 transfer(address,uint256) should be declared external:
./node_modules/@openzeppelin/contracts/token/ERC20/ERC20.sol#L113-L117
- ID-295 increaseAllowance(address,uint256) should be declared external:
./node_modules/@openzeppelin/contracts/token/ERC20/ERC20.sol#L181-L185
- ID-296 isModuleEnabled(address) should be declared external:
./node_modules/@gnosis.pm/safe-contracts/contracts/base/ModuleManager.sol#L105-L107
- ID-297 balanceOfAt(address,uint256) should be declared external:
./node_modules/@openzeppelin/contracts/token/ERC20/extensions/ERC20Snapshot.sol#L106-L110
- ID-298 proxyRuntimeCode() should be declared external:
./node_modules/@gnosis.pm/safe-contracts/contracts/proxies/GnosisSafeProxyFactory.sol#L28-L30
- ID-299 isOwner(address) should be declared external:
./node_modules/@gnosis.pm/safe-contracts/contracts/base/OwnerManager.sol#L130-L132
- ID-300 setTarget(address) should be declared external:
./node_modules/@gnosis.pm/zodiac/contracts/core/Module.sol#L31-L35
- ID-301 proxyCreationCode() should be declared external:
./node_modules/@gnosis.pm/safe-contracts/contracts/proxies/GnosisSafeProxyFactory.sol#L33-L35
- ID-302 setFallbackHandler(address) should be declared external:
./node_modules/@gnosis.pm/safe-contracts/contracts/base/FallbackManager.sol#L26-L29
- ID-303 transferOwnership(address) should be declared external:
./node_modules/@openzeppelin/contracts/access/Ownable.sol#L69-L72
- ID-304 totalSupplyAt(uint256) should be declared external:
./node_modules/@openzeppelin/contracts/token/ERC20/extensions/ERC20Snapshot.sol#L115-L119
- ID-305 nonces(address) should be declared external:
./node_modules/@openzeppelin/contracts/token/ERC20/extensions/draft-ERC20Permit.sol#L73-L75
- ID-306 getPriorVotes(address,uint256) should be declared external:
./contracts/utils/BaalVotes.sol#L194-L223
- ID-307 addOwnerWithThreshold(address,uint256) should be declared external:
./node_modules/@gnosis.pm/safe-contracts/contracts/base/OwnerManager.sol#L51-L62
- ID-308 renounceOwnership() should be declared external:
./node_modules/@openzeppelin/contracts-upgradeable/access/OwnableUpgradeable.sol#L66-L68
- ID-309 execTransactionFromModuleReturnData(address,uint256,bytes,Enum.Operation) should be declared external:
./node_modules/@gnosis.pm/safe-contracts/contracts/base/ModuleManager.sol#L80-L101
- ID-310 enableModule(address) should be declared external:
./node_modules/@gnosis.pm/safe-contracts/contracts/base/ModuleManager.sol#L32-L40
- ID-311 approve(address,uint256) should be declared external:
./node_modules/@openzeppelin/contracts/token/ERC20/ERC20.sol#L136-L140
- ID-312 createProxyWithCallback(address,bytes,uint256,IProxyCreationCallback) should be declared external:
./node_modules/@gnosis.pm/safe-contracts/contracts/proxies/GnosisSafeProxyFactory.sol#L82-L91
- ID-313 getThreshold() should be declared external:
./node_modules/@gnosis.pm/safe-contracts/contracts/base/OwnerManager.sol#L126-L128
- ID-314 symbol() should be declared external:
./node_modules/@openzeppelin/contracts/token/ERC20/ERC20.sol#L70-L72
- ID-315 createProxy(address,bytes) should be declared external:
./node_modules/@gnosis.pm/safe-contracts/contracts/proxies/GnosisSafeProxyFactory.sol#L15-L25
- ID-316 isValidSignature(bytes,bytes) should be declared external:
./node_modules/@gnosis.pm/safe-contracts/contracts/handler/CompatibilityFallbackHandler.sol#L28-L38
- ID-317 deployModule(address,bytes,uint256) should be declared external:
./node_modules/@gnosis.pm/zodiac/contracts/factory/ModuleProxyFactory.sol#L36-L49
- ID-318 setAvatar(address) should be declared external:
./node_modules/@gnosis.pm/zodiac/contracts/core/Module.sol#L23-L27
./ analyzed (73 contracts with 78 detectors), 319 result(s) found