This report was generated by Aderyn, a static analysis tool built by Cyfrin, a blockchain security company. This report is not a substitute for manual audit or security review. It should not be relied upon for any purpose other than to assist in the identification of potential security vulnerabilities.
- Summary
- Low Issues
- L-1: Centralization Risk for trusted owners
- L-2:
publicfunctions not used internally could be markedexternal - L-3: Define and use
constantvariables instead of using literals - L-4: Modifiers invoked only once can be shoe-horned into the function
- L-5: Contract still has TODOs
- L-6: Unused Custom Error
- L-7: Loop contains
require/revertstatements - L-8: Uninitialized local variables.
- L-9: Loop condition contains
state_variable.lengththat could be cached outside. - L-10: Costly operations inside loops.
- L-11: Unused Imports
- L-12: State variable changes but no event is emitted.
- L-13: State variable could be declared immutable
| Key | Value |
|---|---|
| .sol Files | 5 |
| Total nSLOC | 283 |
| Filepath | nSLOC |
|---|---|
| src/Stable.sol | 62 |
| src/Utils.sol | 47 |
| src/mocks/MockOracle.sol | 6 |
| src/modules/StableLending.sol | 157 |
| src/tokens/StableUSD.sol | 11 |
| Total | 283 |
| Category | No. of Issues |
|---|---|
| High | 0 |
| Low | 13 |
Contracts have owners with privileged rights to perform admin tasks and need to be trusted to not perform malicious updates or drain funds.
3 Found Instances
-
Found in src/Stable.sol Line: 88
function whitelistTokens(address _token) external onlyOwner {
-
Found in src/tokens/StableUSD.sol Line: 10
contract StableUSD is ERC20, ERC20Burnable, Ownable, ERC20Permit {
-
Found in src/tokens/StableUSD.sol Line: 13
function mint(address to, uint256 amount) public onlyOwner {
Instead of marking a function as public, consider marking it as external if it is not used internally.
1 Found Instances
-
Found in src/tokens/StableUSD.sol Line: 13
function mint(address to, uint256 amount) public onlyOwner {
If the same constant literal value is used multiple times, create a constant state variable and reference it throughout the contract.
2 Found Instances
1 Found Instances
-
Found in src/Utils.sol Line: 37
modifier onlyOwner() {
Contract contains comments with TODOS
1 Found Instances
-
Found in src/modules/StableLending.sol Line: 22
abstract contract StableLending is Utils {
it is recommended that the definition be removed when custom error is unused
1 Found Instances
-
Found in src/Stable.sol Line: 23
error StopDoingWeirdStuff();
Avoid require / revert statements in a loop because a single bad item can cause the whole transaction to fail. It's better to forgive on fail and return failed elements post processing of the loop
5 Found Instances
-
Found in src/modules/StableLending.sol Line: 75
for (uint256 i; i < _colleteral.length; i++) {
-
Found in src/modules/StableLending.sol Line: 152
for (uint256 i; i < s_depositedColleteralsByUser[_user].length; i++) {
-
Found in src/modules/StableLending.sol Line: 198
for (uint256 i; i < allowlist.length; i++) {
-
Found in src/modules/StableLending.sol Line: 214
for (uint256 i; i < s_depositedColleteralsByUser[_user].length; i++) {
-
Found in src/modules/StableLending.sol Line: 225
for (uint256 i = 0; i < _colleteral.length; i++) {
Initialize all the variables. If a variable is meant to be initialized to zero, explicitly set it to zero to improve code readability.
3 Found Instances
-
Found in src/modules/StableLending.sol Line: 75
for (uint256 i; i < _colleteral.length; i++) {
-
Found in src/modules/StableLending.sol Line: 198
for (uint256 i; i < allowlist.length; i++) {
-
Found in src/modules/StableLending.sol Line: 214
for (uint256 i; i < s_depositedColleteralsByUser[_user].length; i++) {
Cache the lengths of storage arrays if they are used and not modified in for loops.
1 Found Instances
-
Found in src/modules/StableLending.sol Line: 198
for (uint256 i; i < allowlist.length; i++) {
Invoking SSTOREoperations in loops may lead to Out-of-gas errors. Use a local variable to hold the loop computation result.
2 Found Instances
Redundant import statement. Consider removing it.
1 Found Instances
-
Found in src/Stable.sol Line: 9
import {SafeCast} from "@openzeppelin/contracts/utils/math/SafeCast.sol";
State variable changes in this function but no event is emitted.
7 Found Instances
-
Found in src/Stable.sol Line: 39
function deposit(address _asset, uint256 _amount) external payable {
-
Found in src/Stable.sol Line: 62
function withdraw(address _asset, uint256 _amount) external nonReentrant {
-
Found in src/Stable.sol Line: 88
function whitelistTokens(address _token) external onlyOwner {
-
Found in src/modules/StableLending.sol Line: 71
function mintStable(uint256 _amountToMint, uint256[] calldata _amountColleteral, address[] calldata _colleteral)
-
Found in src/modules/StableLending.sol Line: 97
function repayStable(uint256 _amount) external {
-
Found in src/modules/StableLending.sol Line: 116
function unlockColleteral(address _asset, uint256 _amount) external nonReentrant {
-
Found in src/modules/StableLending.sol Line: 145
function liquidatePosition(address _user) external nonReentrant {
State variables that are should be declared immutable to save gas. Add the immutable attribute to state variables that are only changed in the constructor
1 Found Instances
-
Found in src/Utils.sol Line: 26
address owner;