Last active
December 8, 2022 05:35
-
-
Save 0xdd04/6bfb222bedde4e27fd6233d4b744fd88 to your computer and use it in GitHub Desktop.
slither-gnosis-https://github.com/gnosis/pm-contracts/tree/master/contracts 095d7bdd4ed1eb6809dfc9e3990410499b0aec82
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 'npx [email protected] compile --all' running (use --truffle-version [email protected] to use specific version) | |
| No local truffle config found. Using all defaults... | |
| Compiling your contracts... | |
| =========================== | |
| > Compiling ./contracts/Events/CategoricalEvent.sol | |
| > Compiling ./contracts/Events/Event.sol | |
| > Compiling ./contracts/Events/EventFactory.sol | |
| > Compiling ./contracts/Events/ScalarEvent.sol | |
| > Compiling ./contracts/MarketMakers/LMSRMarketMaker.sol | |
| > Compiling ./contracts/MarketMakers/MarketMaker.sol | |
| > Compiling ./contracts/Markets/Campaign.sol | |
| > Compiling ./contracts/Markets/CampaignFactory.sol | |
| > Compiling ./contracts/Markets/Market.sol | |
| > Compiling ./contracts/Markets/StandardMarket.sol | |
| > Compiling ./contracts/Markets/StandardMarketFactory.sol | |
| > Compiling ./contracts/Markets/StandardMarketWithPriceLogger.sol | |
| > Compiling ./contracts/Markets/StandardMarketWithPriceLoggerFactory.sol | |
| > Compiling ./contracts/Migrations.sol | |
| > Compiling ./contracts/Oracles/CentralizedOracle.sol | |
| > Compiling ./contracts/Oracles/CentralizedOracleFactory.sol | |
| > Compiling ./contracts/Oracles/DifficultyOracle.sol | |
| > Compiling ./contracts/Oracles/DifficultyOracleFactory.sol | |
| > Compiling ./contracts/Oracles/FutarchyOracle.sol | |
| > Compiling ./contracts/Oracles/FutarchyOracleFactory.sol | |
| > Compiling ./contracts/Oracles/MajorityOracle.sol | |
| > Compiling ./contracts/Oracles/MajorityOracleFactory.sol | |
| > Compiling ./contracts/Oracles/Oracle.sol | |
| > Compiling ./contracts/Oracles/SignedMessageOracle.sol | |
| > Compiling ./contracts/Oracles/SignedMessageOracleFactory.sol | |
| > Compiling ./contracts/Oracles/UltimateOracle.sol | |
| > Compiling ./contracts/Oracles/UltimateOracleFactory.sol | |
| > Compiling ./contracts/Tokens/OutcomeToken.sol | |
| > Compiling @gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol | |
| > Compiling @gnosis.pm/util-contracts/contracts/Proxy.sol | |
| > Compiling canonical-weth/contracts/WETH9.sol | |
| > Compiling openzeppelin-solidity/contracts/drafts/SignedSafeMath.sol | |
| > Compiling openzeppelin-solidity/contracts/math/SafeMath.sol | |
| > Compiling openzeppelin-solidity/contracts/token/ERC20/ERC20.sol | |
| > Compiling openzeppelin-solidity/contracts/token/ERC20/ERC20Detailed.sol | |
| > Compiling openzeppelin-solidity/contracts/token/ERC20/IERC20.sol | |
| > Artifacts written to /tmp/contracts/pm-contracts/build/contracts | |
| > Compiled successfully using: | |
| - solc: 0.5.6+commit.b259423e.Emscripten.clang | |
| - Fetching solc version list from solc-bin. Attempt #1 | |
| - Fetching solc version list from solc-bin. Attempt #1 | |
| - Downloading compiler. Attempt #1 | |
| FutarchyOracle.fund(uint256) (Oracles/FutarchyOracle.sol#104-120) uses arbitrary from in transferFrom: require(bool)(categoricalEvent.collateralToken().transferFrom(creator,address(this),funding) && categoricalEvent.collateralToken().approve(address(categoricalEvent),funding)) (Oracles/FutarchyOracle.sol#109-110) | |
| Reference: https://github.com/trailofbits/slither/wiki/Detector-Documentation#arbitrary-send-erc20 | |
| Contract StandardMarketProxy (Markets/StandardMarket.sol#16-31) | |
| - Function StandardMarketProxy.constructor(address,address,Event,MarketMaker,uint24) (Markets/StandardMarket.sol#17-30) | |
| - netOutcomeTokensSold = new int256[](eventContract.getOutcomeCount()) (Markets/StandardMarket.sol#26) has a storage signed integer array assignment | |
| Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#storage-signed-integer-array | |
| SignedMessageOracleData.descriptionHash (Oracles/SignedMessageOracle.sol#18) is never initialized. It is used in: | |
| - SignedMessageOracle.replaceSigner(address,uint256,uint8,bytes32,bytes32) (Oracles/SignedMessageOracle.sol#62-73) | |
| - SignedMessageOracle.setOutcome(int256,uint8,bytes32,bytes32) (Oracles/SignedMessageOracle.sol#80-89) | |
| EventData.collateralToken (Events/Event.sol#22) is never initialized. It is used in: | |
| - Event.buyAllOutcomes(uint256) (Events/Event.sol#38-47) | |
| - Event.sellAllOutcomes(uint256) (Events/Event.sol#51-60) | |
| - ScalarEvent.redeemWinnings() (Events/ScalarEvent.sol#68-96) | |
| - ScalarEvent.getEventHash() (Events/ScalarEvent.sol#100-106) | |
| EventData.oracle (Events/Event.sol#23) is never initialized. It is used in: | |
| - Event.setOutcome() (Events/Event.sol#63-72) | |
| - ScalarEvent.getEventHash() (Events/ScalarEvent.sol#100-106) | |
| EventData.outcomeTokens (Events/Event.sol#26) is never initialized. It is used in: | |
| - Event.buyAllOutcomes(uint256) (Events/Event.sol#38-47) | |
| - Event.sellAllOutcomes(uint256) (Events/Event.sol#51-60) | |
| - Event.getOutcomeCount() (Events/Event.sol#76-82) | |
| - Event.getOutcomeTokens() (Events/Event.sol#86-92) | |
| - Event.getOutcomeTokenDistribution(address) (Events/Event.sol#96-104) | |
| - ScalarEvent.redeemWinnings() (Events/ScalarEvent.sol#68-96) | |
| ScalarEventData.lowerBound (Events/ScalarEvent.sol#18) is never initialized. It is used in: | |
| - ScalarEvent.redeemWinnings() (Events/ScalarEvent.sol#68-96) | |
| - ScalarEvent.getEventHash() (Events/ScalarEvent.sol#100-106) | |
| ScalarEventData.upperBound (Events/ScalarEvent.sol#19) is never initialized. It is used in: | |
| - ScalarEvent.redeemWinnings() (Events/ScalarEvent.sol#68-96) | |
| - ScalarEvent.getEventHash() (Events/ScalarEvent.sol#100-106) | |
| OutcomeToken.eventContract (Tokens/OutcomeToken.sol#44) is never initialized. It is used in: | |
| MarketData.creator (Markets/Market.sol#22) is never initialized. It is used in: | |
| - StandardMarket.close() (Markets/StandardMarket.sol#74-84) | |
| - StandardMarket.withdrawFees() (Markets/StandardMarket.sol#88-97) | |
| MarketData.eventContract (Markets/Market.sol#24) is never initialized. It is used in: | |
| - StandardMarket.fund(uint256) (Markets/StandardMarket.sol#59-71) | |
| - StandardMarket.close() (Markets/StandardMarket.sol#74-84) | |
| - StandardMarket.withdrawFees() (Markets/StandardMarket.sol#88-97) | |
| - StandardMarket.buy(uint8,uint256,uint256) (Markets/StandardMarket.sol#104-118) | |
| - StandardMarket.sell(uint8,uint256,uint256) (Markets/StandardMarket.sol#125-139) | |
| - StandardMarket.shortSell(uint8,uint256,uint256) (Markets/StandardMarket.sol#147-167) | |
| - StandardMarket.trade(int256[],int256) (Markets/StandardMarket.sol#173-186) | |
| - StandardMarket.tradeImpl(uint8,int256[],int256) (Markets/StandardMarket.sol#188-237) | |
| MarketData.marketMaker (Markets/Market.sol#25) is never initialized. It is used in: | |
| - StandardMarket.tradeImpl(uint8,int256[],int256) (Markets/StandardMarket.sol#188-237) | |
| - StandardMarketWithPriceLogger.logPriceAfter() (Markets/StandardMarketWithPriceLogger.sol#145-152) | |
| MarketData.fee (Markets/Market.sol#26) is never initialized. It is used in: | |
| - StandardMarket.calcMarketFee(uint256) (Markets/StandardMarket.sol#242-248) | |
| StandardMarketWithPriceLoggerData.startDate (Markets/StandardMarketWithPriceLogger.sol#15) is never initialized. It is used in: | |
| - StandardMarketWithPriceLogger.getAvgPrice() (Markets/StandardMarketWithPriceLogger.sol#121-129) | |
| - StandardMarketWithPriceLogger.logPriceBefore() (Markets/StandardMarketWithPriceLogger.sol#135-142) | |
| MajorityOracleData.oracles (Oracles/MajorityOracle.sol#11) is never initialized. It is used in: | |
| - MajorityOracle.getStatusAndOutcome() (Oracles/MajorityOracle.sol#41-75) | |
| CampaignData.eventContract (Markets/Campaign.sol#27) is never initialized. It is used in: | |
| - Campaign.fund(uint256) (Markets/Campaign.sol#109-124) | |
| - Campaign.refund() (Markets/Campaign.sol#128-139) | |
| - Campaign.createMarket() (Markets/Campaign.sol#143-155) | |
| - Campaign.closeMarket() (Markets/Campaign.sol#159-171) | |
| - Campaign.withdrawFees() (Markets/Campaign.sol#175-185) | |
| CampaignData.marketFactory (Markets/Campaign.sol#28) is never initialized. It is used in: | |
| - Campaign.createMarket() (Markets/Campaign.sol#143-155) | |
| CampaignData.marketMaker (Markets/Campaign.sol#29) is never initialized. It is used in: | |
| - Campaign.createMarket() (Markets/Campaign.sol#143-155) | |
| CampaignData.fee (Markets/Campaign.sol#31) is never initialized. It is used in: | |
| - Campaign.createMarket() (Markets/Campaign.sol#143-155) | |
| CampaignData.funding (Markets/Campaign.sol#32) is never initialized. It is used in: | |
| - Campaign.fund(uint256) (Markets/Campaign.sol#109-124) | |
| - Campaign.createMarket() (Markets/Campaign.sol#143-155) | |
| - Campaign.withdrawFees() (Markets/Campaign.sol#175-185) | |
| CampaignData.deadline (Markets/Campaign.sol#33) is never initialized. It is used in: | |
| UltimateOracleData.forwardedOracle (Oracles/UltimateOracle.sol#22) is never initialized. It is used in: | |
| - UltimateOracle.setForwardedOutcome() (Oracles/UltimateOracle.sol#86-96) | |
| UltimateOracleData.collateralToken (Oracles/UltimateOracle.sol#23) is never initialized. It is used in: | |
| - UltimateOracle.challengeOutcome(int256) (Oracles/UltimateOracle.sol#100-113) | |
| - UltimateOracle.voteForOutcome(int256,uint256) (Oracles/UltimateOracle.sol#118-143) | |
| - UltimateOracle.withdraw() (Oracles/UltimateOracle.sol#147-158) | |
| UltimateOracleData.spreadMultiplier (Oracles/UltimateOracle.sol#24) is never initialized. It is used in: | |
| - UltimateOracle.voteForOutcome(int256,uint256) (Oracles/UltimateOracle.sol#118-143) | |
| UltimateOracleData.challengePeriod (Oracles/UltimateOracle.sol#25) is never initialized. It is used in: | |
| - UltimateOracle.isChallengePeriodOver() (Oracles/UltimateOracle.sol#162-168) | |
| UltimateOracleData.challengeAmount (Oracles/UltimateOracle.sol#26) is never initialized. It is used in: | |
| - UltimateOracle.challengeOutcome(int256) (Oracles/UltimateOracle.sol#100-113) | |
| UltimateOracleData.frontRunnerPeriod (Oracles/UltimateOracle.sol#27) is never initialized. It is used in: | |
| - UltimateOracle.isFrontRunnerPeriodOver() (Oracles/UltimateOracle.sol#172-178) | |
| EventData.collateralToken (Events/Event.sol#22) is never initialized. It is used in: | |
| - Event.buyAllOutcomes(uint256) (Events/Event.sol#38-47) | |
| - Event.sellAllOutcomes(uint256) (Events/Event.sol#51-60) | |
| - CategoricalEvent.redeemWinnings() (Events/CategoricalEvent.sol#38-51) | |
| - CategoricalEvent.getEventHash() (Events/CategoricalEvent.sol#55-61) | |
| EventData.oracle (Events/Event.sol#23) is never initialized. It is used in: | |
| - Event.setOutcome() (Events/Event.sol#63-72) | |
| - CategoricalEvent.getEventHash() (Events/CategoricalEvent.sol#55-61) | |
| EventData.outcomeTokens (Events/Event.sol#26) is never initialized. It is used in: | |
| - Event.buyAllOutcomes(uint256) (Events/Event.sol#38-47) | |
| - Event.sellAllOutcomes(uint256) (Events/Event.sol#51-60) | |
| - Event.getOutcomeCount() (Events/Event.sol#76-82) | |
| - Event.getOutcomeTokens() (Events/Event.sol#86-92) | |
| - Event.getOutcomeTokenDistribution(address) (Events/Event.sol#96-104) | |
| - CategoricalEvent.redeemWinnings() (Events/CategoricalEvent.sol#38-51) | |
| - CategoricalEvent.getEventHash() (Events/CategoricalEvent.sol#55-61) | |
| FutarchyOracleData.creator (Oracles/FutarchyOracle.sol#25) is never initialized. It is used in: | |
| - FutarchyOracle.fund(uint256) (Oracles/FutarchyOracle.sol#104-120) | |
| - FutarchyOracle.close() (Oracles/FutarchyOracle.sol#123-138) | |
| FutarchyOracleData.markets (Oracles/FutarchyOracle.sol#26) is never initialized. It is used in: | |
| - FutarchyOracle.fund(uint256) (Oracles/FutarchyOracle.sol#104-120) | |
| - FutarchyOracle.close() (Oracles/FutarchyOracle.sol#123-138) | |
| - FutarchyOracle.setOutcome() (Oracles/FutarchyOracle.sol#141-159) | |
| FutarchyOracleData.categoricalEvent (Oracles/FutarchyOracle.sol#27) is never initialized. It is used in: | |
| - FutarchyOracle.fund(uint256) (Oracles/FutarchyOracle.sol#104-120) | |
| - FutarchyOracle.close() (Oracles/FutarchyOracle.sol#123-138) | |
| FutarchyOracleData.tradingPeriod (Oracles/FutarchyOracle.sol#28) is never initialized. It is used in: | |
| - FutarchyOracle.setOutcome() (Oracles/FutarchyOracle.sol#141-159) | |
| Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#uninitialized-state-variables | |
| LMSRMarketMaker.calcNetCost(Market,int256[]) (MarketMakers/LMSRMarketMaker.sol#27-58) performs a multiplication on the result of a division: | |
| - netCost <= 0 || netCost / int256(ONE) * int256(ONE) == netCost (MarketMakers/LMSRMarketMaker.sol#53) | |
| LMSRMarketMaker.calcCost(Market,uint8,uint256) (MarketMakers/LMSRMarketMaker.sol#65-94) performs a multiplication on the result of a division: | |
| - cost / ONE * ONE == cost (MarketMakers/LMSRMarketMaker.sol#86) | |
| LMSRMarketMaker.calcCostLevel(int256,int256[],uint256,Fixed192x64Math.EstimationMode) (MarketMakers/LMSRMarketMaker.sol#153-165) performs a multiplication on the result of a division: | |
| - costLevel = (costLevel.mul(int256(ONE)) / logN).mul(int256(funding)) (MarketMakers/LMSRMarketMaker.sol#164) | |
| Fixed192x64Math.pow2Bounds(int256) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#71-164) performs a multiplication on the result of a division: | |
| - shift = x / int256(ONE) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#90) | |
| - z = x - (int256(ONE) * shift) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#95) | |
| Fixed192x64Math.pow2Bounds(int256) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#71-164) performs a multiplication on the result of a division: | |
| - zpow = zpow * z / int256(ONE) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#109) | |
| - result += 0xf5fdeffc162c7543 * zpow >> (66 - 64) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#110) | |
| Fixed192x64Math.pow2Bounds(int256) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#71-164) performs a multiplication on the result of a division: | |
| - zpow = zpow * z / int256(ONE) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#109) | |
| - zpow = zpow * z / int256(ONE) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#111) | |
| Fixed192x64Math.pow2Bounds(int256) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#71-164) performs a multiplication on the result of a division: | |
| - zpow = zpow * z / int256(ONE) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#111) | |
| - result += 0xe35846b82505fc59 * zpow >> (68 - 64) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#112) | |
| Fixed192x64Math.pow2Bounds(int256) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#71-164) performs a multiplication on the result of a division: | |
| - zpow = zpow * z / int256(ONE) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#111) | |
| - zpow = zpow * z / int256(ONE) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#113) | |
| Fixed192x64Math.pow2Bounds(int256) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#71-164) performs a multiplication on the result of a division: | |
| - zpow = zpow * z / int256(ONE) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#113) | |
| - result += 0x9d955b7dd273b94e * zpow >> (70 - 64) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#114) | |
| Fixed192x64Math.pow2Bounds(int256) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#71-164) performs a multiplication on the result of a division: | |
| - zpow = zpow * z / int256(ONE) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#113) | |
| - zpow = zpow * z / int256(ONE) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#115) | |
| Fixed192x64Math.pow2Bounds(int256) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#71-164) performs a multiplication on the result of a division: | |
| - zpow = zpow * z / int256(ONE) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#115) | |
| - result += 0xaec3ff3c53398883 * zpow >> (73 - 64) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#116) | |
| Fixed192x64Math.pow2Bounds(int256) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#71-164) performs a multiplication on the result of a division: | |
| - zpow = zpow * z / int256(ONE) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#115) | |
| - zpow = zpow * z / int256(ONE) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#117) | |
| Fixed192x64Math.pow2Bounds(int256) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#71-164) performs a multiplication on the result of a division: | |
| - zpow = zpow * z / int256(ONE) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#117) | |
| - result += 0xa184897c363c3b7a * zpow >> (76 - 64) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#118) | |
| Fixed192x64Math.pow2Bounds(int256) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#71-164) performs a multiplication on the result of a division: | |
| - zpow = zpow * z / int256(ONE) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#117) | |
| - zpow = zpow * z / int256(ONE) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#119) | |
| Fixed192x64Math.pow2Bounds(int256) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#71-164) performs a multiplication on the result of a division: | |
| - zpow = zpow * z / int256(ONE) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#119) | |
| - result += 0xffe5fe2c45863435 * zpow >> (80 - 64) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#120) | |
| Fixed192x64Math.pow2Bounds(int256) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#71-164) performs a multiplication on the result of a division: | |
| - zpow = zpow * z / int256(ONE) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#119) | |
| - zpow = zpow * z / int256(ONE) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#121) | |
| Fixed192x64Math.pow2Bounds(int256) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#71-164) performs a multiplication on the result of a division: | |
| - zpow = zpow * z / int256(ONE) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#121) | |
| - result += 0xb160111d2e411fec * zpow >> (83 - 64) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#122) | |
| Fixed192x64Math.pow2Bounds(int256) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#71-164) performs a multiplication on the result of a division: | |
| - zpow = zpow * z / int256(ONE) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#121) | |
| - zpow = zpow * z / int256(ONE) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#123) | |
| Fixed192x64Math.pow2Bounds(int256) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#71-164) performs a multiplication on the result of a division: | |
| - zpow = zpow * z / int256(ONE) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#123) | |
| - result += 0xda929e9caf3e1ed2 * zpow >> (87 - 64) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#124) | |
| Fixed192x64Math.pow2Bounds(int256) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#71-164) performs a multiplication on the result of a division: | |
| - zpow = zpow * z / int256(ONE) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#123) | |
| - zpow = zpow * z / int256(ONE) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#125) | |
| Fixed192x64Math.pow2Bounds(int256) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#71-164) performs a multiplication on the result of a division: | |
| - zpow = zpow * z / int256(ONE) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#125) | |
| - result += 0xf267a8ac5c764fb7 * zpow >> (91 - 64) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#126) | |
| Fixed192x64Math.pow2Bounds(int256) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#71-164) performs a multiplication on the result of a division: | |
| - zpow = zpow * z / int256(ONE) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#125) | |
| - zpow = zpow * z / int256(ONE) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#127) | |
| Fixed192x64Math.pow2Bounds(int256) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#71-164) performs a multiplication on the result of a division: | |
| - zpow = zpow * z / int256(ONE) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#127) | |
| - result += 0xf465639a8dd92607 * zpow >> (95 - 64) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#128) | |
| Fixed192x64Math.pow2Bounds(int256) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#71-164) performs a multiplication on the result of a division: | |
| - zpow = zpow * z / int256(ONE) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#127) | |
| - zpow = zpow * z / int256(ONE) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#129) | |
| Fixed192x64Math.pow2Bounds(int256) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#71-164) performs a multiplication on the result of a division: | |
| - zpow = zpow * z / int256(ONE) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#129) | |
| - result += 0xe1deb287e14c2f15 * zpow >> (99 - 64) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#130) | |
| Fixed192x64Math.pow2Bounds(int256) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#71-164) performs a multiplication on the result of a division: | |
| - zpow = zpow * z / int256(ONE) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#129) | |
| - zpow = zpow * z / int256(ONE) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#131) | |
| Fixed192x64Math.pow2Bounds(int256) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#71-164) performs a multiplication on the result of a division: | |
| - zpow = zpow * z / int256(ONE) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#131) | |
| - result += 0xc0b0c98b3687cb14 * zpow >> (103 - 64) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#132) | |
| Fixed192x64Math.pow2Bounds(int256) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#71-164) performs a multiplication on the result of a division: | |
| - zpow = zpow * z / int256(ONE) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#131) | |
| - zpow = zpow * z / int256(ONE) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#133) | |
| Fixed192x64Math.pow2Bounds(int256) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#71-164) performs a multiplication on the result of a division: | |
| - zpow = zpow * z / int256(ONE) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#133) | |
| - result += 0x98a4b26ac3c54b9f * zpow >> (107 - 64) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#134) | |
| Fixed192x64Math.pow2Bounds(int256) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#71-164) performs a multiplication on the result of a division: | |
| - zpow = zpow * z / int256(ONE) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#133) | |
| - zpow = zpow * z / int256(ONE) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#135) | |
| Fixed192x64Math.pow2Bounds(int256) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#71-164) performs a multiplication on the result of a division: | |
| - zpow = zpow * z / int256(ONE) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#135) | |
| - result += 0xe1b7421d82010f33 * zpow >> (112 - 64) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#136) | |
| Fixed192x64Math.pow2Bounds(int256) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#71-164) performs a multiplication on the result of a division: | |
| - zpow = zpow * z / int256(ONE) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#135) | |
| - zpow = zpow * z / int256(ONE) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#137) | |
| Fixed192x64Math.pow2Bounds(int256) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#71-164) performs a multiplication on the result of a division: | |
| - zpow = zpow * z / int256(ONE) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#137) | |
| - result += 0x9c744d73cfc59c91 * zpow >> (116 - 64) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#138) | |
| Fixed192x64Math.pow2Bounds(int256) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#71-164) performs a multiplication on the result of a division: | |
| - zpow = zpow * z / int256(ONE) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#137) | |
| - zpow = zpow * z / int256(ONE) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#139) | |
| Fixed192x64Math.pow2Bounds(int256) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#71-164) performs a multiplication on the result of a division: | |
| - zpow = zpow * z / int256(ONE) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#139) | |
| - result += 0xcc2225a0e12d3eab * zpow >> (121 - 64) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#140) | |
| Fixed192x64Math.pow2Bounds(int256) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#71-164) performs a multiplication on the result of a division: | |
| - zpow = zpow * z / int256(ONE) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#139) | |
| - zpow = zpow * z / int256(ONE) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#141) | |
| Fixed192x64Math.pow2Bounds(int256) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#71-164) performs a multiplication on the result of a division: | |
| - zpow = zpow * z / int256(ONE) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#141) | |
| - zpow = 0xfb8bb5eda1b4aeb9 * zpow >> (126 - 64) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#142) | |
| Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#divide-before-multiply | |
| Campaign.fund(uint256) (Markets/Campaign.sol#109-124) uses a dangerous strict equality: | |
| - amount == maxAmount (Markets/Campaign.sol#121) | |
| Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dangerous-strict-equalities | |
| Contract locking ether found: | |
| Contract SignedMessageOracleProxy (Oracles/SignedMessageOracle.sol#33-47) has payable functions: | |
| - Proxy.fallback() (@gnosis.pm/util-contracts/contracts/Proxy.sol#22-35) | |
| But does not have a function to withdraw the ether | |
| Contract locking ether found: | |
| Contract ScalarEventProxy (Events/ScalarEvent.sol#22-56) has payable functions: | |
| - Proxy.fallback() (@gnosis.pm/util-contracts/contracts/Proxy.sol#22-35) | |
| But does not have a function to withdraw the ether | |
| Contract locking ether found: | |
| Contract CentralizedOracleProxy (Oracles/CentralizedOracle.sol#32-45) has payable functions: | |
| - Proxy.fallback() (@gnosis.pm/util-contracts/contracts/Proxy.sol#22-35) | |
| But does not have a function to withdraw the ether | |
| Contract locking ether found: | |
| Contract OutcomeTokenProxy (Tokens/OutcomeToken.sol#6-28) has payable functions: | |
| - Proxy.fallback() (@gnosis.pm/util-contracts/contracts/Proxy.sol#22-35) | |
| But does not have a function to withdraw the ether | |
| Contract locking ether found: | |
| Contract StandardMarketWithPriceLoggerProxy (Markets/StandardMarketWithPriceLogger.sol#22-48) has payable functions: | |
| - Proxy.fallback() (@gnosis.pm/util-contracts/contracts/Proxy.sol#22-35) | |
| But does not have a function to withdraw the ether | |
| Contract locking ether found: | |
| Contract MajorityOracleProxy (Oracles/MajorityOracle.sol#14-29) has payable functions: | |
| - Proxy.fallback() (@gnosis.pm/util-contracts/contracts/Proxy.sol#22-35) | |
| But does not have a function to withdraw the ether | |
| Contract locking ether found: | |
| Contract CampaignProxy (Markets/Campaign.sol#62-96) has payable functions: | |
| - Proxy.fallback() (@gnosis.pm/util-contracts/contracts/Proxy.sol#22-35) | |
| But does not have a function to withdraw the ether | |
| Contract locking ether found: | |
| Contract UltimateOracleProxy (Oracles/UltimateOracle.sol#39-74) has payable functions: | |
| - Proxy.fallback() (@gnosis.pm/util-contracts/contracts/Proxy.sol#22-35) | |
| But does not have a function to withdraw the ether | |
| Contract locking ether found: | |
| Contract CategoricalEventProxy (Events/CategoricalEvent.sol#6-27) has payable functions: | |
| - Proxy.fallback() (@gnosis.pm/util-contracts/contracts/Proxy.sol#22-35) | |
| But does not have a function to withdraw the ether | |
| Contract locking ether found: | |
| Contract FutarchyOracleProxy (Oracles/FutarchyOracle.sol#42-92) has payable functions: | |
| - Proxy.fallback() (@gnosis.pm/util-contracts/contracts/Proxy.sol#22-35) | |
| But does not have a function to withdraw the ether | |
| Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#contracts-that-lock-ether | |
| Reentrancy in StandardMarketWithPriceLogger.buy(uint8,uint256,uint256) (Markets/StandardMarketWithPriceLogger.sol#59-66): | |
| External calls: | |
| - cost = super.buy(outcomeTokenIndex,outcomeTokenCount,maxCost) (Markets/StandardMarketWithPriceLogger.sol#64) | |
| - require(bool)(eventContract.collateralToken().transferFrom(msg.sender,address(this),uint256(netCost)) && eventContract.collateralToken().approve(address(eventContract),uint256(outcomeTokenNetCost))) (Markets/StandardMarket.sol#208-211) | |
| - eventContract.buyAllOutcomes(uint256(outcomeTokenNetCost)) (Markets/StandardMarket.sol#213) | |
| - require(bool)(eventContract.outcomeTokens(i).transferFrom(msg.sender,address(this),uint256(- outcomeTokenAmounts[i]))) (Markets/StandardMarket.sol#219) | |
| - require(bool)(eventContract.outcomeTokens(i).transfer(msg.sender,uint256(outcomeTokenAmounts[i]))) (Markets/StandardMarket.sol#221) | |
| - eventContract.sellAllOutcomes(uint256(- outcomeTokenNetCost)) (Markets/StandardMarket.sol#232) | |
| - require(bool)(eventContract.collateralToken().transfer(msg.sender,uint256(- netCost))) (Markets/StandardMarket.sol#234) | |
| State variables written after the call(s): | |
| - logPriceAfter() (Markets/StandardMarketWithPriceLogger.sol#65) | |
| - lastTradeDate = now (Markets/StandardMarketWithPriceLogger.sol#151) | |
| - logPriceAfter() (Markets/StandardMarketWithPriceLogger.sol#65) | |
| - lastTradePrice = marketMaker.calcMarginalPrice(this,LONG) (Markets/StandardMarketWithPriceLogger.sol#150) | |
| Reentrancy in UltimateOracle.challengeOutcome(int256) (Oracles/UltimateOracle.sol#100-113): | |
| External calls: | |
| - require(bool)(! isChallenged() && ! isChallengePeriodOver() && collateralToken.transferFrom(msg.sender,address(this),challengeAmount)) (Oracles/UltimateOracle.sol#104-106) | |
| State variables written after the call(s): | |
| - frontRunnerSetTimestamp = now (Oracles/UltimateOracle.sol#111) | |
| Reentrancy in Campaign.closeMarket() (Markets/Campaign.sol#159-171): | |
| External calls: | |
| - market.close() (Markets/Campaign.sol#165) | |
| - market.withdrawFees() (Markets/Campaign.sol#166) | |
| - eventContract.redeemWinnings() (Markets/Campaign.sol#167) | |
| State variables written after the call(s): | |
| - stage = Stages.MarketClosed (Markets/Campaign.sol#169) | |
| Reentrancy in Campaign.createMarket() (Markets/Campaign.sol#143-155): | |
| External calls: | |
| - market = marketFactory.createMarket(eventContract,marketMaker,fee) (Markets/Campaign.sol#149) | |
| - require(bool)(eventContract.collateralToken().approve(address(market),funding)) (Markets/Campaign.sol#150) | |
| - market.fund(funding) (Markets/Campaign.sol#151) | |
| State variables written after the call(s): | |
| - stage = Stages.MarketCreated (Markets/Campaign.sol#152) | |
| Reentrancy in StandardMarket.fund(uint256) (Markets/StandardMarket.sol#59-71): | |
| External calls: | |
| - require(bool)(eventContract.collateralToken().transferFrom(msg.sender,address(this),_funding) && eventContract.collateralToken().approve(address(eventContract),_funding)) (Markets/StandardMarket.sol#65-66) | |
| - eventContract.buyAllOutcomes(_funding) (Markets/StandardMarket.sol#67) | |
| State variables written after the call(s): | |
| - stage = Stages.MarketFunded (Markets/StandardMarket.sol#69) | |
| Reentrancy in Campaign.fund(uint256) (Markets/Campaign.sol#109-124): | |
| External calls: | |
| - require(bool)(eventContract.collateralToken().transferFrom(msg.sender,address(this),amount)) (Markets/Campaign.sol#119) | |
| State variables written after the call(s): | |
| - stage = Stages.AuctionSuccessful (Markets/Campaign.sol#122) | |
| Reentrancy in StandardMarketWithPriceLogger.sell(uint8,uint256,uint256) (Markets/StandardMarketWithPriceLogger.sol#73-80): | |
| External calls: | |
| - profit = super.sell(outcomeTokenIndex,outcomeTokenCount,minProfit) (Markets/StandardMarketWithPriceLogger.sol#78) | |
| - require(bool)(eventContract.collateralToken().transferFrom(msg.sender,address(this),uint256(netCost)) && eventContract.collateralToken().approve(address(eventContract),uint256(outcomeTokenNetCost))) (Markets/StandardMarket.sol#208-211) | |
| - eventContract.buyAllOutcomes(uint256(outcomeTokenNetCost)) (Markets/StandardMarket.sol#213) | |
| - require(bool)(eventContract.outcomeTokens(i).transferFrom(msg.sender,address(this),uint256(- outcomeTokenAmounts[i]))) (Markets/StandardMarket.sol#219) | |
| - require(bool)(eventContract.outcomeTokens(i).transfer(msg.sender,uint256(outcomeTokenAmounts[i]))) (Markets/StandardMarket.sol#221) | |
| - eventContract.sellAllOutcomes(uint256(- outcomeTokenNetCost)) (Markets/StandardMarket.sol#232) | |
| - require(bool)(eventContract.collateralToken().transfer(msg.sender,uint256(- netCost))) (Markets/StandardMarket.sol#234) | |
| State variables written after the call(s): | |
| - logPriceAfter() (Markets/StandardMarketWithPriceLogger.sol#79) | |
| - lastTradeDate = now (Markets/StandardMarketWithPriceLogger.sol#151) | |
| - logPriceAfter() (Markets/StandardMarketWithPriceLogger.sol#79) | |
| - lastTradePrice = marketMaker.calcMarginalPrice(this,LONG) (Markets/StandardMarketWithPriceLogger.sol#150) | |
| Reentrancy in StandardMarketWithPriceLogger.shortSell(uint8,uint256,uint256) (Markets/StandardMarketWithPriceLogger.sol#88-95): | |
| External calls: | |
| - cost = super.shortSell(outcomeTokenIndex,outcomeTokenCount,minProfit) (Markets/StandardMarketWithPriceLogger.sol#93) | |
| - require(bool)(eventContract.collateralToken().transferFrom(msg.sender,address(this),outcomeTokenCount) && eventContract.collateralToken().approve(address(eventContract),outcomeTokenCount)) (Markets/StandardMarket.sol#152-153) | |
| - eventContract.buyAllOutcomes(outcomeTokenCount) (Markets/StandardMarket.sol#154) | |
| - eventContract.outcomeTokens(outcomeTokenIndex).approve(address(this),outcomeTokenCount) (Markets/StandardMarket.sol#156) | |
| - profit = this.sell(outcomeTokenIndex,outcomeTokenCount,minProfit) (Markets/StandardMarket.sol#157) | |
| - require(bool)(eventContract.outcomeTokens(i).transfer(msg.sender,outcomeTokenCount)) (Markets/StandardMarket.sol#163) | |
| - require(bool)(eventContract.collateralToken().transfer(msg.sender,profit)) (Markets/StandardMarket.sol#165) | |
| State variables written after the call(s): | |
| - logPriceAfter() (Markets/StandardMarketWithPriceLogger.sol#94) | |
| - lastTradeDate = now (Markets/StandardMarketWithPriceLogger.sol#151) | |
| - logPriceAfter() (Markets/StandardMarketWithPriceLogger.sol#94) | |
| - lastTradePrice = marketMaker.calcMarginalPrice(this,LONG) (Markets/StandardMarketWithPriceLogger.sol#150) | |
| Reentrancy in StandardMarketWithPriceLogger.trade(int256[],int256) (Markets/StandardMarketWithPriceLogger.sol#101-108): | |
| External calls: | |
| - netCost = super.trade(outcomeTokenAmounts,collateralLimit) (Markets/StandardMarketWithPriceLogger.sol#106) | |
| - require(bool)(eventContract.collateralToken().transferFrom(msg.sender,address(this),uint256(netCost)) && eventContract.collateralToken().approve(address(eventContract),uint256(outcomeTokenNetCost))) (Markets/StandardMarket.sol#208-211) | |
| - eventContract.buyAllOutcomes(uint256(outcomeTokenNetCost)) (Markets/StandardMarket.sol#213) | |
| - require(bool)(eventContract.outcomeTokens(i).transferFrom(msg.sender,address(this),uint256(- outcomeTokenAmounts[i]))) (Markets/StandardMarket.sol#219) | |
| - require(bool)(eventContract.outcomeTokens(i).transfer(msg.sender,uint256(outcomeTokenAmounts[i]))) (Markets/StandardMarket.sol#221) | |
| - eventContract.sellAllOutcomes(uint256(- outcomeTokenNetCost)) (Markets/StandardMarket.sol#232) | |
| - require(bool)(eventContract.collateralToken().transfer(msg.sender,uint256(- netCost))) (Markets/StandardMarket.sol#234) | |
| State variables written after the call(s): | |
| - logPriceAfter() (Markets/StandardMarketWithPriceLogger.sol#107) | |
| - lastTradeDate = now (Markets/StandardMarketWithPriceLogger.sol#151) | |
| - logPriceAfter() (Markets/StandardMarketWithPriceLogger.sol#107) | |
| - lastTradePrice = marketMaker.calcMarginalPrice(this,LONG) (Markets/StandardMarketWithPriceLogger.sol#150) | |
| Reentrancy in UltimateOracle.voteForOutcome(int256,uint256) (Oracles/UltimateOracle.sol#118-143): | |
| External calls: | |
| - require(bool)(isChallenged() && ! isFrontRunnerPeriodOver() && collateralToken.transferFrom(msg.sender,address(this),amount)) (Oracles/UltimateOracle.sol#131-133) | |
| State variables written after the call(s): | |
| - frontRunnerSetTimestamp = now (Oracles/UltimateOracle.sol#140) | |
| - totalAmount = totalAmount.add(amount) (Oracles/UltimateOracle.sol#136) | |
| - totalOutcomeAmounts[_outcome] = totalOutcomeAmounts[_outcome].add(amount) (Oracles/UltimateOracle.sol#135) | |
| Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-1 | |
| StandardMarket.buy(uint8,uint256,uint256) (Markets/StandardMarket.sol#104-118) contains a tautology or contradiction: | |
| - require(bool)(outcomeTokenIndex >= 0 && outcomeTokenIndex < outcomeCount) (Markets/StandardMarket.sol#111) | |
| StandardMarket.sell(uint8,uint256,uint256) (Markets/StandardMarket.sol#125-139) contains a tautology or contradiction: | |
| - require(bool)(outcomeTokenIndex >= 0 && outcomeTokenIndex < outcomeCount) (Markets/StandardMarket.sol#132) | |
| Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#tautology-or-contradiction | |
| StandardMarket.shortSell(uint8,uint256,uint256) (Markets/StandardMarket.sol#147-167) ignores return value by eventContract.outcomeTokens(outcomeTokenIndex).approve(address(this),outcomeTokenCount) (Markets/StandardMarket.sol#156) | |
| Campaign.closeMarket() (Markets/Campaign.sol#159-171) ignores return value by market.withdrawFees() (Markets/Campaign.sol#166) | |
| Campaign.closeMarket() (Markets/Campaign.sol#159-171) ignores return value by eventContract.redeemWinnings() (Markets/Campaign.sol#167) | |
| FutarchyOracle.close() (Oracles/FutarchyOracle.sol#123-138) ignores return value by market.eventContract().redeemWinnings() (Oracles/FutarchyOracle.sol#132) | |
| FutarchyOracle.close() (Oracles/FutarchyOracle.sol#123-138) ignores return value by market.withdrawFees() (Oracles/FutarchyOracle.sol#133) | |
| FutarchyOracle.close() (Oracles/FutarchyOracle.sol#123-138) ignores return value by categoricalEvent.redeemWinnings() (Oracles/FutarchyOracle.sol#135) | |
| Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unused-return | |
| ERC20Detailed.constructor(string,string,uint8).name (openzeppelin-solidity/contracts/token/ERC20/ERC20Detailed.sol#18) shadows: | |
| - ERC20Detailed.name() (openzeppelin-solidity/contracts/token/ERC20/ERC20Detailed.sol#27-29) (function) | |
| ERC20Detailed.constructor(string,string,uint8).symbol (openzeppelin-solidity/contracts/token/ERC20/ERC20Detailed.sol#18) shadows: | |
| - ERC20Detailed.symbol() (openzeppelin-solidity/contracts/token/ERC20/ERC20Detailed.sol#35-37) (function) | |
| ERC20Detailed.constructor(string,string,uint8).decimals (openzeppelin-solidity/contracts/token/ERC20/ERC20Detailed.sol#18) shadows: | |
| - ERC20Detailed.decimals() (openzeppelin-solidity/contracts/token/ERC20/ERC20Detailed.sol#51-53) (function) | |
| Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#local-variable-shadowing | |
| CentralizedOracleProxy.constructor(address,address,bytes)._owner (Oracles/CentralizedOracle.sol#36) lacks a zero-check on : | |
| - owner = _owner (Oracles/CentralizedOracle.sol#42) | |
| CentralizedOracle.replaceOwner(address).newOwner (Oracles/CentralizedOracle.sol#56) lacks a zero-check on : | |
| - owner = newOwner (Oracles/CentralizedOracle.sol#62) | |
| StandardMarketProxy.constructor(address,address,Event,MarketMaker,uint24)._creator (Markets/StandardMarket.sol#17) lacks a zero-check on : | |
| - creator = _creator (Markets/StandardMarket.sol#23) | |
| FutarchyOracleProxy.constructor(address,address,EventFactory,ERC20,Oracle,uint8,int256,int256,StandardMarketWithPriceLoggerFactory,MarketMaker,uint24,uint256,uint256)._creator (Oracles/FutarchyOracle.sol#59) lacks a zero-check on : | |
| - creator = _creator (Oracles/FutarchyOracle.sol#89) | |
| Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-zero-address-validation | |
| Modifier Migrations.restricted() (Migrations.sol#9-11) does not always execute _; or revertReference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-modifier | |
| Event.buyAllOutcomes(uint256) (Events/Event.sol#38-47) has external calls inside a loop: outcomeTokens[i].issue(msg.sender,collateralTokenCount) (Events/Event.sol#45) | |
| Event.sellAllOutcomes(uint256) (Events/Event.sol#51-60) has external calls inside a loop: outcomeTokens[i].revoke(msg.sender,outcomeTokenCount) (Events/Event.sol#56) | |
| Event.getOutcomeTokenDistribution(address) (Events/Event.sol#96-104) has external calls inside a loop: outcomeTokenDistribution[i] = outcomeTokens[i].balanceOf(owner) (Events/Event.sol#103) | |
| MajorityOracle.getStatusAndOutcome() (Oracles/MajorityOracle.sol#41-75) has external calls inside a loop: oracles[i].isOutcomeSet() (Oracles/MajorityOracle.sol#50) | |
| MajorityOracle.getStatusAndOutcome() (Oracles/MajorityOracle.sol#41-75) has external calls inside a loop: _outcome = oracles[i].getOutcome() (Oracles/MajorityOracle.sol#51) | |
| FutarchyOracleProxy.constructor(address,address,EventFactory,ERC20,Oracle,uint8,int256,int256,StandardMarketWithPriceLoggerFactory,MarketMaker,uint24,uint256,uint256) (Oracles/FutarchyOracle.sol#57-91) has external calls inside a loop: i < categoricalEvent.getOutcomeCount() (Oracles/FutarchyOracle.sol#80) | |
| FutarchyOracleProxy.constructor(address,address,EventFactory,ERC20,Oracle,uint8,int256,int256,StandardMarketWithPriceLoggerFactory,MarketMaker,uint24,uint256,uint256) (Oracles/FutarchyOracle.sol#57-91) has external calls inside a loop: scalarEvent = eventFactory.createScalarEvent(categoricalEvent.outcomeTokens(i),oracle,lowerBound,upperBound) (Oracles/FutarchyOracle.sol#81-86) | |
| FutarchyOracleProxy.constructor(address,address,EventFactory,ERC20,Oracle,uint8,int256,int256,StandardMarketWithPriceLoggerFactory,MarketMaker,uint24,uint256,uint256) (Oracles/FutarchyOracle.sol#57-91) has external calls inside a loop: markets.push(marketFactory.createMarket(scalarEvent,marketMaker,fee,startDate)) (Oracles/FutarchyOracle.sol#87) | |
| FutarchyOracle.fund(uint256) (Oracles/FutarchyOracle.sol#104-120) has external calls inside a loop: require(bool)(market.eventContract().collateralToken().approve(address(market),funding)) (Oracles/FutarchyOracle.sol#116) | |
| FutarchyOracle.fund(uint256) (Oracles/FutarchyOracle.sol#104-120) has external calls inside a loop: market.fund(funding) (Oracles/FutarchyOracle.sol#117) | |
| FutarchyOracle.setOutcome() (Oracles/FutarchyOracle.sol#141-159) has external calls inside a loop: avgPrice = markets[i].getAvgPrice() (Oracles/FutarchyOracle.sol#150) | |
| Reference: https://github.com/crytic/slither/wiki/Detector-Documentation/#calls-inside-a-loop | |
| Reentrancy in UltimateOracle.challengeOutcome(int256) (Oracles/UltimateOracle.sol#100-113): | |
| External calls: | |
| - require(bool)(! isChallenged() && ! isChallengePeriodOver() && collateralToken.transferFrom(msg.sender,address(this),challengeAmount)) (Oracles/UltimateOracle.sol#104-106) | |
| State variables written after the call(s): | |
| - frontRunner = _outcome (Oracles/UltimateOracle.sol#110) | |
| - outcomeAmounts[msg.sender][_outcome] = challengeAmount (Oracles/UltimateOracle.sol#107) | |
| - totalAmount = challengeAmount (Oracles/UltimateOracle.sol#109) | |
| - totalOutcomeAmounts[_outcome] = challengeAmount (Oracles/UltimateOracle.sol#108) | |
| Reentrancy in Campaign.closeMarket() (Markets/Campaign.sol#159-171): | |
| External calls: | |
| - market.close() (Markets/Campaign.sol#165) | |
| - market.withdrawFees() (Markets/Campaign.sol#166) | |
| - eventContract.redeemWinnings() (Markets/Campaign.sol#167) | |
| State variables written after the call(s): | |
| - finalBalance = eventContract.collateralToken().balanceOf(address(this)) (Markets/Campaign.sol#168) | |
| Reentrancy in StandardMarket.fund(uint256) (Markets/StandardMarket.sol#59-71): | |
| External calls: | |
| - require(bool)(eventContract.collateralToken().transferFrom(msg.sender,address(this),_funding) && eventContract.collateralToken().approve(address(eventContract),_funding)) (Markets/StandardMarket.sol#65-66) | |
| - eventContract.buyAllOutcomes(_funding) (Markets/StandardMarket.sol#67) | |
| State variables written after the call(s): | |
| - funding = _funding (Markets/StandardMarket.sol#68) | |
| Reentrancy in Campaign.fund(uint256) (Markets/Campaign.sol#109-124): | |
| External calls: | |
| - require(bool)(eventContract.collateralToken().transferFrom(msg.sender,address(this),amount)) (Markets/Campaign.sol#119) | |
| State variables written after the call(s): | |
| - contributions[msg.sender] = contributions[msg.sender].add(amount) (Markets/Campaign.sol#120) | |
| Reentrancy in StandardMarket.tradeImpl(uint8,int256[],int256) (Markets/StandardMarket.sol#188-237): | |
| External calls: | |
| - require(bool)(eventContract.collateralToken().transferFrom(msg.sender,address(this),uint256(netCost)) && eventContract.collateralToken().approve(address(eventContract),uint256(outcomeTokenNetCost))) (Markets/StandardMarket.sol#208-211) | |
| - eventContract.buyAllOutcomes(uint256(outcomeTokenNetCost)) (Markets/StandardMarket.sol#213) | |
| - require(bool)(eventContract.outcomeTokens(i).transferFrom(msg.sender,address(this),uint256(- outcomeTokenAmounts[i]))) (Markets/StandardMarket.sol#219) | |
| - require(bool)(eventContract.outcomeTokens(i).transfer(msg.sender,uint256(outcomeTokenAmounts[i]))) (Markets/StandardMarket.sol#221) | |
| State variables written after the call(s): | |
| - netOutcomeTokensSold[i] = netOutcomeTokensSold[i].add(outcomeTokenAmounts[i]) (Markets/StandardMarket.sol#224) | |
| Reentrancy in UltimateOracle.voteForOutcome(int256,uint256) (Oracles/UltimateOracle.sol#118-143): | |
| External calls: | |
| - require(bool)(isChallenged() && ! isFrontRunnerPeriodOver() && collateralToken.transferFrom(msg.sender,address(this),amount)) (Oracles/UltimateOracle.sol#131-133) | |
| State variables written after the call(s): | |
| - frontRunner = _outcome (Oracles/UltimateOracle.sol#139) | |
| - outcomeAmounts[msg.sender][_outcome] = outcomeAmounts[msg.sender][_outcome].add(amount) (Oracles/UltimateOracle.sol#134) | |
| Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-2 | |
| Reentrancy in StandardMarket.buy(uint8,uint256,uint256) (Markets/StandardMarket.sol#104-118): | |
| External calls: | |
| - (netCost,outcomeTokenNetCost,fees) = tradeImpl(outcomeCount,outcomeTokenAmounts,int256(maxCost)) (Markets/StandardMarket.sol#114) | |
| - require(bool)(eventContract.collateralToken().transferFrom(msg.sender,address(this),uint256(netCost)) && eventContract.collateralToken().approve(address(eventContract),uint256(outcomeTokenNetCost))) (Markets/StandardMarket.sol#208-211) | |
| - eventContract.buyAllOutcomes(uint256(outcomeTokenNetCost)) (Markets/StandardMarket.sol#213) | |
| - require(bool)(eventContract.outcomeTokens(i).transferFrom(msg.sender,address(this),uint256(- outcomeTokenAmounts[i]))) (Markets/StandardMarket.sol#219) | |
| - require(bool)(eventContract.outcomeTokens(i).transfer(msg.sender,uint256(outcomeTokenAmounts[i]))) (Markets/StandardMarket.sol#221) | |
| - eventContract.sellAllOutcomes(uint256(- outcomeTokenNetCost)) (Markets/StandardMarket.sol#232) | |
| - require(bool)(eventContract.collateralToken().transfer(msg.sender,uint256(- netCost))) (Markets/StandardMarket.sol#234) | |
| Event emitted after the call(s): | |
| - OutcomeTokenPurchase(msg.sender,outcomeTokenIndex,outcomeTokenCount,uint256(outcomeTokenNetCost),fees) (Markets/StandardMarket.sol#117) | |
| Reentrancy in Event.buyAllOutcomes(uint256) (Events/Event.sol#38-47): | |
| External calls: | |
| - require(bool)(collateralToken.transferFrom(msg.sender,address(this),collateralTokenCount)) (Events/Event.sol#42) | |
| Event emitted after the call(s): | |
| - OutcomeTokenSetIssuance(msg.sender,collateralTokenCount) (Events/Event.sol#46) | |
| Reentrancy in UltimateOracle.challengeOutcome(int256) (Oracles/UltimateOracle.sol#100-113): | |
| External calls: | |
| - require(bool)(! isChallenged() && ! isChallengePeriodOver() && collateralToken.transferFrom(msg.sender,address(this),challengeAmount)) (Oracles/UltimateOracle.sol#104-106) | |
| Event emitted after the call(s): | |
| - OutcomeChallenge(msg.sender,_outcome) (Oracles/UltimateOracle.sol#112) | |
| Reentrancy in FutarchyOracle.close() (Oracles/FutarchyOracle.sol#123-138): | |
| External calls: | |
| - market.close() (Oracles/FutarchyOracle.sol#131) | |
| - market.eventContract().redeemWinnings() (Oracles/FutarchyOracle.sol#132) | |
| - market.withdrawFees() (Oracles/FutarchyOracle.sol#133) | |
| - categoricalEvent.redeemWinnings() (Oracles/FutarchyOracle.sol#135) | |
| - require(bool)(categoricalEvent.collateralToken().transfer(creator,categoricalEvent.collateralToken().balanceOf(address(this)))) (Oracles/FutarchyOracle.sol#136) | |
| Event emitted after the call(s): | |
| - FutarchyClosing() (Oracles/FutarchyOracle.sol#137) | |
| Reentrancy in Campaign.closeMarket() (Markets/Campaign.sol#159-171): | |
| External calls: | |
| - market.close() (Markets/Campaign.sol#165) | |
| - market.withdrawFees() (Markets/Campaign.sol#166) | |
| - eventContract.redeemWinnings() (Markets/Campaign.sol#167) | |
| Event emitted after the call(s): | |
| - MarketClosing() (Markets/Campaign.sol#170) | |
| Reentrancy in FutarchyOracleFactory.createFutarchyOracle(ERC20,Oracle,uint8,int256,int256,MarketMaker,uint24,uint256,uint256) (Oracles/FutarchyOracleFactory.sol#59-101): | |
| External calls: | |
| - futarchyOracle = FutarchyOracle(address(new FutarchyOracleProxy(address(futarchyOracleMasterCopy),msg.sender,eventFactory,collateralToken,oracle,outcomeCount,lowerBound,upperBound,marketFactory,marketMaker,fee,tradingPeriod,startDate))) (Oracles/FutarchyOracleFactory.sol#73-87) | |
| Event emitted after the call(s): | |
| - FutarchyOracleCreation(msg.sender,futarchyOracle,collateralToken,oracle,outcomeCount,lowerBound,upperBound,marketMaker,fee,tradingPeriod,startDate) (Oracles/FutarchyOracleFactory.sol#88-100) | |
| Reentrancy in Campaign.createMarket() (Markets/Campaign.sol#143-155): | |
| External calls: | |
| - market = marketFactory.createMarket(eventContract,marketMaker,fee) (Markets/Campaign.sol#149) | |
| - require(bool)(eventContract.collateralToken().approve(address(market),funding)) (Markets/Campaign.sol#150) | |
| - market.fund(funding) (Markets/Campaign.sol#151) | |
| Event emitted after the call(s): | |
| - MarketCreation(market) (Markets/Campaign.sol#153) | |
| Reentrancy in StandardMarket.fund(uint256) (Markets/StandardMarket.sol#59-71): | |
| External calls: | |
| - require(bool)(eventContract.collateralToken().transferFrom(msg.sender,address(this),_funding) && eventContract.collateralToken().approve(address(eventContract),_funding)) (Markets/StandardMarket.sol#65-66) | |
| - eventContract.buyAllOutcomes(_funding) (Markets/StandardMarket.sol#67) | |
| Event emitted after the call(s): | |
| - MarketFunding(funding) (Markets/StandardMarket.sol#70) | |
| Reentrancy in Campaign.fund(uint256) (Markets/Campaign.sol#109-124): | |
| External calls: | |
| - require(bool)(eventContract.collateralToken().transferFrom(msg.sender,address(this),amount)) (Markets/Campaign.sol#119) | |
| Event emitted after the call(s): | |
| - CampaignFunding(msg.sender,amount) (Markets/Campaign.sol#123) | |
| Reentrancy in FutarchyOracle.fund(uint256) (Oracles/FutarchyOracle.sol#104-120): | |
| External calls: | |
| - require(bool)(categoricalEvent.collateralToken().transferFrom(creator,address(this),funding) && categoricalEvent.collateralToken().approve(address(categoricalEvent),funding)) (Oracles/FutarchyOracle.sol#109-110) | |
| - categoricalEvent.buyAllOutcomes(funding) (Oracles/FutarchyOracle.sol#111) | |
| Event emitted after the call(s): | |
| - FutarchyFunding(funding) (Oracles/FutarchyOracle.sol#119) | |
| Reentrancy in ScalarEvent.redeemWinnings() (Events/ScalarEvent.sol#68-96): | |
| External calls: | |
| - outcomeTokens[SHORT].revoke(msg.sender,shortOutcomeTokenCount) (Events/ScalarEvent.sol#91) | |
| - outcomeTokens[LONG].revoke(msg.sender,longOutcomeTokenCount) (Events/ScalarEvent.sol#92) | |
| - require(bool)(collateralToken.transfer(msg.sender,winnings)) (Events/ScalarEvent.sol#94) | |
| Event emitted after the call(s): | |
| - WinningsRedemption(msg.sender,winnings) (Events/ScalarEvent.sol#95) | |
| Reentrancy in CategoricalEvent.redeemWinnings() (Events/CategoricalEvent.sol#38-51): | |
| External calls: | |
| - outcomeTokens[uint256(outcome)].revoke(msg.sender,winnings) (Events/CategoricalEvent.sol#47) | |
| - require(bool)(collateralToken.transfer(msg.sender,winnings)) (Events/CategoricalEvent.sol#49) | |
| Event emitted after the call(s): | |
| - WinningsRedemption(msg.sender,winnings) (Events/CategoricalEvent.sol#50) | |
| Reentrancy in Campaign.refund() (Markets/Campaign.sol#128-139): | |
| External calls: | |
| - require(bool)(eventContract.collateralToken().transfer(msg.sender,refundAmount)) (Markets/Campaign.sol#137) | |
| Event emitted after the call(s): | |
| - CampaignRefund(msg.sender,refundAmount) (Markets/Campaign.sol#138) | |
| Reentrancy in StandardMarket.sell(uint8,uint256,uint256) (Markets/StandardMarket.sol#125-139): | |
| External calls: | |
| - (netCost,outcomeTokenNetCost,fees) = tradeImpl(outcomeCount,outcomeTokenAmounts,- int256(minProfit)) (Markets/StandardMarket.sol#135) | |
| - require(bool)(eventContract.collateralToken().transferFrom(msg.sender,address(this),uint256(netCost)) && eventContract.collateralToken().approve(address(eventContract),uint256(outcomeTokenNetCost))) (Markets/StandardMarket.sol#208-211) | |
| - eventContract.buyAllOutcomes(uint256(outcomeTokenNetCost)) (Markets/StandardMarket.sol#213) | |
| - require(bool)(eventContract.outcomeTokens(i).transferFrom(msg.sender,address(this),uint256(- outcomeTokenAmounts[i]))) (Markets/StandardMarket.sol#219) | |
| - require(bool)(eventContract.outcomeTokens(i).transfer(msg.sender,uint256(outcomeTokenAmounts[i]))) (Markets/StandardMarket.sol#221) | |
| - eventContract.sellAllOutcomes(uint256(- outcomeTokenNetCost)) (Markets/StandardMarket.sol#232) | |
| - require(bool)(eventContract.collateralToken().transfer(msg.sender,uint256(- netCost))) (Markets/StandardMarket.sol#234) | |
| Event emitted after the call(s): | |
| - OutcomeTokenSale(msg.sender,outcomeTokenIndex,outcomeTokenCount,uint256(- outcomeTokenNetCost),fees) (Markets/StandardMarket.sol#138) | |
| Reentrancy in Event.sellAllOutcomes(uint256) (Events/Event.sol#51-60): | |
| External calls: | |
| - require(bool)(collateralToken.transfer(msg.sender,outcomeTokenCount)) (Events/Event.sol#58) | |
| Event emitted after the call(s): | |
| - OutcomeTokenSetRevocation(msg.sender,outcomeTokenCount) (Events/Event.sol#59) | |
| Reentrancy in StandardMarket.shortSell(uint8,uint256,uint256) (Markets/StandardMarket.sol#147-167): | |
| External calls: | |
| - require(bool)(eventContract.collateralToken().transferFrom(msg.sender,address(this),outcomeTokenCount) && eventContract.collateralToken().approve(address(eventContract),outcomeTokenCount)) (Markets/StandardMarket.sol#152-153) | |
| - eventContract.buyAllOutcomes(outcomeTokenCount) (Markets/StandardMarket.sol#154) | |
| - eventContract.outcomeTokens(outcomeTokenIndex).approve(address(this),outcomeTokenCount) (Markets/StandardMarket.sol#156) | |
| - profit = this.sell(outcomeTokenIndex,outcomeTokenCount,minProfit) (Markets/StandardMarket.sol#157) | |
| - require(bool)(eventContract.collateralToken().transfer(msg.sender,profit)) (Markets/StandardMarket.sol#165) | |
| Event emitted after the call(s): | |
| - OutcomeTokenShortSale(msg.sender,outcomeTokenIndex,outcomeTokenCount,cost) (Markets/StandardMarket.sol#166) | |
| Reentrancy in StandardMarket.trade(int256[],int256) (Markets/StandardMarket.sol#173-186): | |
| External calls: | |
| - (netCost,outcomeTokenNetCost,fees) = tradeImpl(outcomeCount,outcomeTokenAmounts,collateralLimit) (Markets/StandardMarket.sol#183) | |
| - require(bool)(eventContract.collateralToken().transferFrom(msg.sender,address(this),uint256(netCost)) && eventContract.collateralToken().approve(address(eventContract),uint256(outcomeTokenNetCost))) (Markets/StandardMarket.sol#208-211) | |
| - eventContract.buyAllOutcomes(uint256(outcomeTokenNetCost)) (Markets/StandardMarket.sol#213) | |
| - require(bool)(eventContract.outcomeTokens(i).transferFrom(msg.sender,address(this),uint256(- outcomeTokenAmounts[i]))) (Markets/StandardMarket.sol#219) | |
| - require(bool)(eventContract.outcomeTokens(i).transfer(msg.sender,uint256(outcomeTokenAmounts[i]))) (Markets/StandardMarket.sol#221) | |
| - eventContract.sellAllOutcomes(uint256(- outcomeTokenNetCost)) (Markets/StandardMarket.sol#232) | |
| - require(bool)(eventContract.collateralToken().transfer(msg.sender,uint256(- netCost))) (Markets/StandardMarket.sol#234) | |
| Event emitted after the call(s): | |
| - OutcomeTokenTrade(msg.sender,outcomeTokenAmounts,outcomeTokenNetCost,fees) (Markets/StandardMarket.sol#185) | |
| Reentrancy in UltimateOracle.voteForOutcome(int256,uint256) (Oracles/UltimateOracle.sol#118-143): | |
| External calls: | |
| - require(bool)(isChallenged() && ! isFrontRunnerPeriodOver() && collateralToken.transferFrom(msg.sender,address(this),amount)) (Oracles/UltimateOracle.sol#131-133) | |
| Event emitted after the call(s): | |
| - OutcomeVote(msg.sender,_outcome,amount) (Oracles/UltimateOracle.sol#142) | |
| Reentrancy in UltimateOracle.withdraw() (Oracles/UltimateOracle.sol#147-158): | |
| External calls: | |
| - require(bool)(collateralToken.transfer(msg.sender,amount)) (Oracles/UltimateOracle.sol#156) | |
| Event emitted after the call(s): | |
| - Withdrawal(msg.sender,amount) (Oracles/UltimateOracle.sol#157) | |
| Reentrancy in StandardMarket.withdrawFees() (Markets/StandardMarket.sol#88-97): | |
| External calls: | |
| - require(bool)(eventContract.collateralToken().transfer(creator,fees)) (Markets/StandardMarket.sol#95) | |
| Event emitted after the call(s): | |
| - FeeWithdrawal(fees) (Markets/StandardMarket.sol#96) | |
| Reentrancy in Campaign.withdrawFees() (Markets/Campaign.sol#175-185): | |
| External calls: | |
| - require(bool)(eventContract.collateralToken().transfer(msg.sender,fees)) (Markets/Campaign.sol#183) | |
| Event emitted after the call(s): | |
| - FeeWithdrawal(msg.sender,fees) (Markets/Campaign.sol#184) | |
| Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-3 | |
| StandardMarketWithPriceLoggerProxy.constructor(address,address,Event,MarketMaker,uint24,uint256) (Markets/StandardMarketWithPriceLogger.sol#30-47) uses timestamp for comparisons | |
| Dangerous comparisons: | |
| - require(bool)(_startDate >= now) (Markets/StandardMarketWithPriceLogger.sol#40) | |
| StandardMarketWithPriceLogger.getAvgPrice() (Markets/StandardMarketWithPriceLogger.sol#121-129) uses timestamp for comparisons | |
| Dangerous comparisons: | |
| - endDate > 0 (Markets/StandardMarketWithPriceLogger.sol#126) | |
| StandardMarketWithPriceLogger.logPriceBefore() (Markets/StandardMarketWithPriceLogger.sol#135-142) uses timestamp for comparisons | |
| Dangerous comparisons: | |
| - now >= startDate (Markets/StandardMarketWithPriceLogger.sol#138) | |
| CampaignProxy.constructor(address,Event,StandardMarketFactory,MarketMaker,uint24,uint256,uint256) (Markets/Campaign.sol#70-95) uses timestamp for comparisons | |
| Dangerous comparisons: | |
| - require(bool)(address(_eventContract) != address(0) && address(_marketFactory) != address(0) && address(_marketMaker) != address(0) && _fee < FEE_RANGE && _funding > 0 && now < _deadline) (Markets/Campaign.sol#83-88) | |
| UltimateOracle.setForwardedOutcome() (Oracles/UltimateOracle.sol#86-96) uses timestamp for comparisons | |
| Dangerous comparisons: | |
| - require(bool)(! isChallenged() && forwardedOutcomeSetTimestamp == 0 && forwardedOracle.isOutcomeSet()) (Oracles/UltimateOracle.sol#90-92) | |
| UltimateOracle.challengeOutcome(int256) (Oracles/UltimateOracle.sol#100-113) uses timestamp for comparisons | |
| Dangerous comparisons: | |
| - require(bool)(! isChallenged() && ! isChallengePeriodOver() && collateralToken.transferFrom(msg.sender,address(this),challengeAmount)) (Oracles/UltimateOracle.sol#104-106) | |
| UltimateOracle.voteForOutcome(int256,uint256) (Oracles/UltimateOracle.sol#118-143) uses timestamp for comparisons | |
| Dangerous comparisons: | |
| - require(bool)(isChallenged() && ! isFrontRunnerPeriodOver() && collateralToken.transferFrom(msg.sender,address(this),amount)) (Oracles/UltimateOracle.sol#131-133) | |
| UltimateOracle.isChallengePeriodOver() (Oracles/UltimateOracle.sol#162-168) uses timestamp for comparisons | |
| Dangerous comparisons: | |
| - forwardedOutcomeSetTimestamp != 0 && now.sub(forwardedOutcomeSetTimestamp) > challengePeriod (Oracles/UltimateOracle.sol#167) | |
| UltimateOracle.isFrontRunnerPeriodOver() (Oracles/UltimateOracle.sol#172-178) uses timestamp for comparisons | |
| Dangerous comparisons: | |
| - frontRunnerSetTimestamp != 0 && now.sub(frontRunnerSetTimestamp) > frontRunnerPeriod (Oracles/UltimateOracle.sol#177) | |
| UltimateOracle.isChallenged() (Oracles/UltimateOracle.sol#182-188) uses timestamp for comparisons | |
| Dangerous comparisons: | |
| - frontRunnerSetTimestamp != 0 (Oracles/UltimateOracle.sol#187) | |
| UltimateOracle.isOutcomeSet() (Oracles/UltimateOracle.sol#192-199) uses timestamp for comparisons | |
| Dangerous comparisons: | |
| - isChallengePeriodOver() && ! isChallenged() || isFrontRunnerPeriodOver() (Oracles/UltimateOracle.sol#197-198) | |
| FutarchyOracle.setOutcome() (Oracles/FutarchyOracle.sol#141-159) uses timestamp for comparisons | |
| Dangerous comparisons: | |
| - require(bool)(! isSet && markets[0].startDate() + tradingPeriod < now) (Oracles/FutarchyOracle.sol#145) | |
| Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#block-timestamp | |
| Proxy.fallback() (@gnosis.pm/util-contracts/contracts/Proxy.sol#22-35) uses assembly | |
| - INLINE ASM (@gnosis.pm/util-contracts/contracts/Proxy.sol#27-35) | |
| Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage | |
| Different versions of Solidity are used: | |
| - Version used: ['>=0.4.22<0.6', '>=0.4.24^0.5.1', '^0.5.0'] | |
| - ^0.5.0 (Markets/StandardMarketWithPriceLoggerFactory.sol#1) | |
| - ^0.5.0 (openzeppelin-solidity/contracts/token/ERC20/ERC20Detailed.sol#1) | |
| - ^0.5.0 (Markets/Market.sol#1) | |
| - ^0.5.0 (MarketMakers/LMSRMarketMaker.sol#1) | |
| - ^0.5.0 (Markets/StandardMarket.sol#1) | |
| - ^0.5.0 (Events/Event.sol#1) | |
| - ^0.5.0 (openzeppelin-solidity/contracts/token/ERC20/ERC20.sol#1) | |
| - ^0.5.0 (Oracles/DifficultyOracle.sol#1) | |
| - ^0.5.0 (Oracles/SignedMessageOracle.sol#1) | |
| - ^0.5.0 (Oracles/MajorityOracleFactory.sol#1) | |
| - ^0.5.0 (Events/ScalarEvent.sol#1) | |
| - ^0.5.0 (Markets/CampaignFactory.sol#1) | |
| - ^0.5.0 (Oracles/CentralizedOracle.sol#1) | |
| - ^0.5.0 (Tokens/OutcomeToken.sol#1) | |
| - ^0.5.0 (openzeppelin-solidity/contracts/math/SafeMath.sol#1) | |
| - ^0.5.0 (Markets/StandardMarketWithPriceLogger.sol#1) | |
| - ^0.5.0 (Oracles/MajorityOracle.sol#1) | |
| - ^0.5.0 (openzeppelin-solidity/contracts/token/ERC20/IERC20.sol#1) | |
| - ^0.5.0 (Markets/Campaign.sol#1) | |
| - ^0.5.0 (Oracles/DifficultyOracleFactory.sol#1) | |
| - ^0.5.0 (Oracles/UltimateOracle.sol#1) | |
| - ^0.5.0 (Events/CategoricalEvent.sol#1) | |
| - >=0.4.22<0.6 (canonical-weth/contracts/WETH9.sol#16) | |
| - ^0.5.0 (Oracles/CentralizedOracleFactory.sol#1) | |
| - ^0.5.0 (Markets/StandardMarketFactory.sol#1) | |
| - ^0.5.0 (Oracles/UltimateOracleFactory.sol#1) | |
| - >=0.4.24^0.5.1 (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#1) | |
| - ^0.5.0 (Oracles/FutarchyOracle.sol#1) | |
| - ^0.5.0 (Migrations.sol#1) | |
| - ^0.5.0 (MarketMakers/MarketMaker.sol#1) | |
| - ^0.5.0 (Oracles/FutarchyOracleFactory.sol#1) | |
| - ^0.5.0 (Events/EventFactory.sol#1) | |
| - ^0.5.0 (Oracles/SignedMessageOracleFactory.sol#1) | |
| - >=0.4.24^0.5.1 (@gnosis.pm/util-contracts/contracts/Proxy.sol#1) | |
| - ^0.5.0 (Oracles/Oracle.sol#1) | |
| - ^0.5.0 (openzeppelin-solidity/contracts/drafts/SignedSafeMath.sol#1) | |
| Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#different-pragma-directives-are-used | |
| Pragma version^0.5.0 (Markets/StandardMarketWithPriceLoggerFactory.sol#1) allows old versions | |
| Pragma version^0.5.0 (openzeppelin-solidity/contracts/token/ERC20/ERC20Detailed.sol#1) allows old versions | |
| Pragma version^0.5.0 (Markets/Market.sol#1) allows old versions | |
| Pragma version^0.5.0 (MarketMakers/LMSRMarketMaker.sol#1) allows old versions | |
| Pragma version^0.5.0 (Markets/StandardMarket.sol#1) allows old versions | |
| Pragma version^0.5.0 (Events/Event.sol#1) allows old versions | |
| Pragma version^0.5.0 (openzeppelin-solidity/contracts/token/ERC20/ERC20.sol#1) allows old versions | |
| Pragma version^0.5.0 (Oracles/DifficultyOracle.sol#1) allows old versions | |
| Pragma version^0.5.0 (Oracles/SignedMessageOracle.sol#1) allows old versions | |
| Pragma version^0.5.0 (Oracles/MajorityOracleFactory.sol#1) allows old versions | |
| Pragma version^0.5.0 (Events/ScalarEvent.sol#1) allows old versions | |
| Pragma version^0.5.0 (Markets/CampaignFactory.sol#1) allows old versions | |
| Pragma version^0.5.0 (Oracles/CentralizedOracle.sol#1) allows old versions | |
| Pragma version^0.5.0 (Tokens/OutcomeToken.sol#1) allows old versions | |
| Pragma version^0.5.0 (openzeppelin-solidity/contracts/math/SafeMath.sol#1) allows old versions | |
| Pragma version^0.5.0 (Markets/StandardMarketWithPriceLogger.sol#1) allows old versions | |
| Pragma version^0.5.0 (Oracles/MajorityOracle.sol#1) allows old versions | |
| Pragma version^0.5.0 (openzeppelin-solidity/contracts/token/ERC20/IERC20.sol#1) allows old versions | |
| Pragma version^0.5.0 (Markets/Campaign.sol#1) allows old versions | |
| Pragma version^0.5.0 (Oracles/DifficultyOracleFactory.sol#1) allows old versions | |
| Pragma version^0.5.0 (Oracles/UltimateOracle.sol#1) allows old versions | |
| Pragma version^0.5.0 (Events/CategoricalEvent.sol#1) allows old versions | |
| Pragma version>=0.4.22<0.6 (canonical-weth/contracts/WETH9.sol#16) is known to contain severe issues (https://solidity.readthedocs.io/en/latest/bugs.html) | |
| Pragma version^0.5.0 (Oracles/CentralizedOracleFactory.sol#1) allows old versions | |
| Pragma version^0.5.0 (Markets/StandardMarketFactory.sol#1) allows old versions | |
| Pragma version^0.5.0 (Oracles/UltimateOracleFactory.sol#1) allows old versions | |
| Pragma version>=0.4.24^0.5.1 (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#1) is too complex | |
| Pragma version^0.5.0 (Oracles/FutarchyOracle.sol#1) allows old versions | |
| Pragma version^0.5.0 (Migrations.sol#1) allows old versions | |
| Pragma version^0.5.0 (MarketMakers/MarketMaker.sol#1) allows old versions | |
| Pragma version^0.5.0 (Oracles/FutarchyOracleFactory.sol#1) allows old versions | |
| Pragma version^0.5.0 (Events/EventFactory.sol#1) allows old versions | |
| Pragma version^0.5.0 (Oracles/SignedMessageOracleFactory.sol#1) allows old versions | |
| Pragma version>=0.4.24^0.5.1 (@gnosis.pm/util-contracts/contracts/Proxy.sol#1) is too complex | |
| Pragma version^0.5.0 (Oracles/Oracle.sol#1) allows old versions | |
| Pragma version^0.5.0 (openzeppelin-solidity/contracts/drafts/SignedSafeMath.sol#1) allows old versions | |
| solc-0.5.6 is known to contain severe issues (https://solidity.readthedocs.io/en/latest/bugs.html)Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-versions-of-solidity | |
| Parameter StandardMarket.fund(uint256)._funding (Markets/StandardMarket.sol#59) is not in mixedCase | |
| Parameter SignedMessageOracle.replaceSigner(address,uint256,uint8,bytes32,bytes32)._nonce (Oracles/SignedMessageOracle.sol#62) is not in mixedCase | |
| Parameter SignedMessageOracle.setOutcome(int256,uint8,bytes32,bytes32)._outcome (Oracles/SignedMessageOracle.sol#80) is not in mixedCase | |
| Parameter CentralizedOracle.setOutcome(int256)._outcome (Oracles/CentralizedOracle.sol#68) is not in mixedCase | |
| Parameter OutcomeToken.issue(address,uint256)._for (Tokens/OutcomeToken.sol#61) is not in mixedCase | |
| Parameter OutcomeToken.revoke(address,uint256)._for (Tokens/OutcomeToken.sol#72) is not in mixedCase | |
| Parameter UltimateOracle.challengeOutcome(int256)._outcome (Oracles/UltimateOracle.sol#100) is not in mixedCase | |
| Parameter UltimateOracle.voteForOutcome(int256,uint256)._outcome (Oracles/UltimateOracle.sol#118) is not in mixedCase | |
| Parameter Migrations.upgrade(address).new_address (Migrations.sol#21) is not in mixedCase | |
| Variable Migrations.last_completed_migration (Migrations.sol#7) is not in mixedCase | |
| Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions | |
| Reentrancy in WETH9.withdraw(uint256) (canonical-weth/contracts/WETH9.sol#38-43): | |
| External calls: | |
| - msg.sender.transfer(wad) (canonical-weth/contracts/WETH9.sol#41) | |
| Event emitted after the call(s): | |
| - Withdrawal(msg.sender,wad) (canonical-weth/contracts/WETH9.sol#42) | |
| Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-4 | |
| LMSRMarketMaker.slitherConstructorConstantVariables() (MarketMakers/LMSRMarketMaker.sol#10-223) uses literals with too many digits: | |
| - ONE = 0x10000000000000000 (MarketMakers/LMSRMarketMaker.sol#17) | |
| ScalarEventProxy.slitherConstructorConstantVariables() (Events/ScalarEvent.sol#22-56) uses literals with too many digits: | |
| - OUTCOME_RANGE = 1000000 (Events/ScalarEvent.sol#13) | |
| ScalarEvent.slitherConstructorConstantVariables() (Events/ScalarEvent.sol#60-107) uses literals with too many digits: | |
| - OUTCOME_RANGE = 1000000 (Events/ScalarEvent.sol#13) | |
| StandardMarketWithPriceLoggerProxy.slitherConstructorConstantVariables() (Markets/StandardMarketWithPriceLogger.sol#22-48) uses literals with too many digits: | |
| - FEE_RANGE = 1000000 (Markets/StandardMarket.sol#13) | |
| StandardMarketWithPriceLoggerProxy.slitherConstructorConstantVariables() (Markets/StandardMarketWithPriceLogger.sol#22-48) uses literals with too many digits: | |
| - ONE = 0x10000000000000000 (Markets/StandardMarketWithPriceLogger.sol#9) | |
| StandardMarketWithPriceLogger.slitherConstructorConstantVariables() (Markets/StandardMarketWithPriceLogger.sol#50-153) uses literals with too many digits: | |
| - FEE_RANGE = 1000000 (Markets/StandardMarket.sol#13) | |
| StandardMarketWithPriceLogger.slitherConstructorConstantVariables() (Markets/StandardMarketWithPriceLogger.sol#50-153) uses literals with too many digits: | |
| - ONE = 0x10000000000000000 (Markets/StandardMarketWithPriceLogger.sol#9) | |
| CampaignProxy.slitherConstructorConstantVariables() (Markets/Campaign.sol#62-96) uses literals with too many digits: | |
| - FEE_RANGE = 1000000 (Markets/Campaign.sol#22) | |
| Campaign.slitherConstructorConstantVariables() (Markets/Campaign.sol#100-186) uses literals with too many digits: | |
| - FEE_RANGE = 1000000 (Markets/Campaign.sol#22) | |
| Fixed192x64Math.slitherConstructorConstantVariables() (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#7-275) uses literals with too many digits: | |
| - ONE = 0x10000000000000000 (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#15) | |
| Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#too-many-digits | |
| ERC20Detailed (openzeppelin-solidity/contracts/token/ERC20/ERC20Detailed.sol#8-54) does not implement functions: | |
| - IERC20.allowance(address,address) (openzeppelin-solidity/contracts/token/ERC20/IERC20.sol#34) | |
| - IERC20.approve(address,uint256) (openzeppelin-solidity/contracts/token/ERC20/IERC20.sol#50) | |
| - IERC20.balanceOf(address) (openzeppelin-solidity/contracts/token/ERC20/IERC20.sol#16) | |
| - IERC20.totalSupply() (openzeppelin-solidity/contracts/token/ERC20/IERC20.sol#11) | |
| - IERC20.transfer(address,uint256) (openzeppelin-solidity/contracts/token/ERC20/IERC20.sol#25) | |
| - IERC20.transferFrom(address,address,uint256) (openzeppelin-solidity/contracts/token/ERC20/IERC20.sol#61) | |
| Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unimplemented-functions | |
| SignedMessageOracleData.nonce (Oracles/SignedMessageOracle.sol#19) is never used in SignedMessageOracleProxy (Oracles/SignedMessageOracle.sol#33-47) | |
| OutcomeTokenProxy.balances (Tokens/OutcomeToken.sol#12) is never used in OutcomeTokenProxy (Tokens/OutcomeToken.sol#6-28) | |
| OutcomeTokenProxy.totalSupply_ (Tokens/OutcomeToken.sol#13) is never used in OutcomeTokenProxy (Tokens/OutcomeToken.sol#6-28) | |
| OutcomeTokenProxy.allowed (Tokens/OutcomeToken.sol#14) is never used in OutcomeTokenProxy (Tokens/OutcomeToken.sol#6-28) | |
| StandardMarketWithPriceLoggerData.ONE (Markets/StandardMarketWithPriceLogger.sol#9) is never used in StandardMarketWithPriceLogger (Markets/StandardMarketWithPriceLogger.sol#50-153) | |
| Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unused-state-variable | |
| OutcomeToken.eventContract (Tokens/OutcomeToken.sol#44) should be constant | |
| OutcomeTokenProxy.totalSupply_ (Tokens/OutcomeToken.sol#13) should be constant | |
| WETH9.decimals (canonical-weth/contracts/WETH9.sol#21) should be constant | |
| WETH9.name (canonical-weth/contracts/WETH9.sol#19) should be constant | |
| WETH9.symbol (canonical-weth/contracts/WETH9.sol#20) should be constant | |
| Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#state-variables-that-could-be-declared-constant | |
| calcNetCost(Market,int256[]) should be declared external: | |
| - LMSRMarketMaker.calcNetCost(Market,int256[]) (MarketMakers/LMSRMarketMaker.sol#27-58) | |
| Moreover, the following function parameters should change its data location: | |
| outcomeTokenAmounts location should be calldata | |
| - MarketMaker.calcNetCost(Market,int256[]) (MarketMakers/MarketMaker.sol#13) | |
| createMajorityOracle(Oracle[]) should be declared external: | |
| - MajorityOracleFactory.createMajorityOracle(Oracle[]) (Oracles/MajorityOracleFactory.sol#31-37) | |
| Moreover, the following function parameters should change its data location: | |
| oracles location should be calldata | |
| createCentralizedOracle(bytes) should be declared external: | |
| - CentralizedOracleFactory.createCentralizedOracle(bytes) (Oracles/CentralizedOracleFactory.sol#31-37) | |
| Moreover, the following function parameters should change its data location: | |
| ipfsHash location should be calldata | |
| max(int256[]) should be declared external: | |
| - Fixed192x64Math.max(int256[]) (@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#264-274) | |
| Moreover, the following function parameters should change its data location: | |
| nums location should be calldata | |
| Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#public-function-that-could-be-declared-external |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Summary
arbitrary-send-erc20
Impact: High
Confidence: High
FutarchyOracle.fund(uint256) uses arbitrary from in transferFrom: require(bool)(categoricalEvent.collateralToken().transferFrom(creator,address(this),funding) && categoricalEvent.collateralToken().approve(address(categoricalEvent),funding))
contracts/Oracles/FutarchyOracle.sol#L104-L120
storage-array
Impact: High
Confidence: Medium
Contract StandardMarketProxy
contracts/Markets/StandardMarket.sol#L16-L31
uninitialized-state
Impact: High
Confidence: High
OutcomeToken.eventContract is never initialized. It is used in:
contracts/Tokens/OutcomeToken.sol#L44
UltimateOracleData.frontRunnerPeriod is never initialized. It is used in:
contracts/Oracles/UltimateOracle.sol#L27
EventData.outcomeTokens is never initialized. It is used in:
contracts/Events/Event.sol#L26
EventData.oracle is never initialized. It is used in:
contracts/Events/Event.sol#L23
EventData.collateralToken is never initialized. It is used in:
contracts/Events/Event.sol#L22
UltimateOracleData.spreadMultiplier is never initialized. It is used in:
contracts/Oracles/UltimateOracle.sol#L24
EventData.outcomeTokens is never initialized. It is used in:
contracts/Events/Event.sol#L26
UltimateOracleData.challengeAmount is never initialized. It is used in:
contracts/Oracles/UltimateOracle.sol#L26
FutarchyOracleData.categoricalEvent is never initialized. It is used in:
contracts/Oracles/FutarchyOracle.sol#L27
EventData.oracle is never initialized. It is used in:
contracts/Events/Event.sol#L23
FutarchyOracleData.tradingPeriod is never initialized. It is used in:
contracts/Oracles/FutarchyOracle.sol#L28
SignedMessageOracleData.descriptionHash is never initialized. It is used in:
contracts/Oracles/SignedMessageOracle.sol#L18
CampaignData.marketMaker is never initialized. It is used in:
contracts/Markets/Campaign.sol#L29
ScalarEventData.upperBound is never initialized. It is used in:
contracts/Events/ScalarEvent.sol#L19
FutarchyOracleData.markets is never initialized. It is used in:
contracts/Oracles/FutarchyOracle.sol#L26
EventData.collateralToken is never initialized. It is used in:
contracts/Events/Event.sol#L22
CampaignData.marketFactory is never initialized. It is used in:
contracts/Markets/Campaign.sol#L28
ScalarEventData.lowerBound is never initialized. It is used in:
contracts/Events/ScalarEvent.sol#L18
CampaignData.eventContract is never initialized. It is used in:
contracts/Markets/Campaign.sol#L27
StandardMarketWithPriceLoggerData.startDate is never initialized. It is used in:
contracts/Markets/StandardMarketWithPriceLogger.sol#L15
FutarchyOracleData.creator is never initialized. It is used in:
contracts/Oracles/FutarchyOracle.sol#L25
UltimateOracleData.collateralToken is never initialized. It is used in:
contracts/Oracles/UltimateOracle.sol#L23
CampaignData.deadline is never initialized. It is used in:
contracts/Markets/Campaign.sol#L33
UltimateOracleData.challengePeriod is never initialized. It is used in:
contracts/Oracles/UltimateOracle.sol#L25
MarketData.fee is never initialized. It is used in:
contracts/Markets/Market.sol#L26
CampaignData.funding is never initialized. It is used in:
contracts/Markets/Campaign.sol#L32
MarketData.creator is never initialized. It is used in:
contracts/Markets/Market.sol#L22
UltimateOracleData.forwardedOracle is never initialized. It is used in:
contracts/Oracles/UltimateOracle.sol#L22
CampaignData.fee is never initialized. It is used in:
contracts/Markets/Campaign.sol#L31
MajorityOracleData.oracles is never initialized. It is used in:
contracts/Oracles/MajorityOracle.sol#L11
MarketData.marketMaker is never initialized. It is used in:
contracts/Markets/Market.sol#L25
MarketData.eventContract is never initialized. It is used in:
contracts/Markets/Market.sol#L24
divide-before-multiply
Impact: Medium
Confidence: Medium
Fixed192x64Math.pow2Bounds(int256) performs a multiplication on the result of a division:
node_modules/@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#L71-L164
Fixed192x64Math.pow2Bounds(int256) performs a multiplication on the result of a division:
node_modules/@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#L71-L164
Fixed192x64Math.pow2Bounds(int256) performs a multiplication on the result of a division:
node_modules/@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#L71-L164
Fixed192x64Math.pow2Bounds(int256) performs a multiplication on the result of a division:
node_modules/@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#L71-L164
Fixed192x64Math.pow2Bounds(int256) performs a multiplication on the result of a division:
node_modules/@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#L71-L164
LMSRMarketMaker.calcCost(Market,uint8,uint256) performs a multiplication on the result of a division:
contracts/MarketMakers/LMSRMarketMaker.sol#L65-L94
Fixed192x64Math.pow2Bounds(int256) performs a multiplication on the result of a division:
node_modules/@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#L71-L164
Fixed192x64Math.pow2Bounds(int256) performs a multiplication on the result of a division:
node_modules/@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#L71-L164
LMSRMarketMaker.calcCostLevel(int256,int256[],uint256,Fixed192x64Math.EstimationMode) performs a multiplication on the result of a division:
contracts/MarketMakers/LMSRMarketMaker.sol#L153-L165
Fixed192x64Math.pow2Bounds(int256) performs a multiplication on the result of a division:
node_modules/@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#L71-L164
Fixed192x64Math.pow2Bounds(int256) performs a multiplication on the result of a division:
node_modules/@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#L71-L164
Fixed192x64Math.pow2Bounds(int256) performs a multiplication on the result of a division:
node_modules/@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#L71-L164
Fixed192x64Math.pow2Bounds(int256) performs a multiplication on the result of a division:
node_modules/@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#L71-L164
Fixed192x64Math.pow2Bounds(int256) performs a multiplication on the result of a division:
node_modules/@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#L71-L164
Fixed192x64Math.pow2Bounds(int256) performs a multiplication on the result of a division:
node_modules/@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#L71-L164
Fixed192x64Math.pow2Bounds(int256) performs a multiplication on the result of a division:
node_modules/@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#L71-L164
Fixed192x64Math.pow2Bounds(int256) performs a multiplication on the result of a division:
node_modules/@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#L71-L164
Fixed192x64Math.pow2Bounds(int256) performs a multiplication on the result of a division:
node_modules/@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#L71-L164
Fixed192x64Math.pow2Bounds(int256) performs a multiplication on the result of a division:
node_modules/@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#L71-L164
Fixed192x64Math.pow2Bounds(int256) performs a multiplication on the result of a division:
node_modules/@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#L71-L164
Fixed192x64Math.pow2Bounds(int256) performs a multiplication on the result of a division:
node_modules/@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#L71-L164
Fixed192x64Math.pow2Bounds(int256) performs a multiplication on the result of a division:
node_modules/@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#L71-L164
Fixed192x64Math.pow2Bounds(int256) performs a multiplication on the result of a division:
node_modules/@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#L71-L164
Fixed192x64Math.pow2Bounds(int256) performs a multiplication on the result of a division:
node_modules/@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#L71-L164
Fixed192x64Math.pow2Bounds(int256) performs a multiplication on the result of a division:
node_modules/@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#L71-L164
Fixed192x64Math.pow2Bounds(int256) performs a multiplication on the result of a division:
node_modules/@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#L71-L164
Fixed192x64Math.pow2Bounds(int256) performs a multiplication on the result of a division:
node_modules/@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#L71-L164
Fixed192x64Math.pow2Bounds(int256) performs a multiplication on the result of a division:
node_modules/@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#L71-L164
Fixed192x64Math.pow2Bounds(int256) performs a multiplication on the result of a division:
node_modules/@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#L71-L164
Fixed192x64Math.pow2Bounds(int256) performs a multiplication on the result of a division:
node_modules/@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#L71-L164
Fixed192x64Math.pow2Bounds(int256) performs a multiplication on the result of a division:
node_modules/@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#L71-L164
Fixed192x64Math.pow2Bounds(int256) performs a multiplication on the result of a division:
node_modules/@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#L71-L164
Fixed192x64Math.pow2Bounds(int256) performs a multiplication on the result of a division:
node_modules/@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#L71-L164
Fixed192x64Math.pow2Bounds(int256) performs a multiplication on the result of a division:
node_modules/@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#L71-L164
LMSRMarketMaker.calcNetCost(Market,int256[]) performs a multiplication on the result of a division:
contracts/MarketMakers/LMSRMarketMaker.sol#L27-L58
Fixed192x64Math.pow2Bounds(int256) performs a multiplication on the result of a division:
node_modules/@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#L71-L164
Fixed192x64Math.pow2Bounds(int256) performs a multiplication on the result of a division:
node_modules/@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#L71-L164
incorrect-equality
Impact: Medium
Confidence: High
Campaign.fund(uint256) uses a dangerous strict equality:
contracts/Markets/Campaign.sol#L109-L124
locked-ether
Impact: Medium
Confidence: High
Contract locking ether found:
Contract FutarchyOracleProxy has payable functions:
But does not have a function to withdraw the ether
contracts/Oracles/FutarchyOracle.sol#L42-L92
Contract locking ether found:
Contract CentralizedOracleProxy has payable functions:
But does not have a function to withdraw the ether
contracts/Oracles/CentralizedOracle.sol#L32-L45
Contract locking ether found:
Contract ScalarEventProxy has payable functions:
But does not have a function to withdraw the ether
contracts/Events/ScalarEvent.sol#L22-L56
Contract locking ether found:
Contract CategoricalEventProxy has payable functions:
But does not have a function to withdraw the ether
contracts/Events/CategoricalEvent.sol#L6-L27
Contract locking ether found:
Contract StandardMarketWithPriceLoggerProxy has payable functions:
But does not have a function to withdraw the ether
contracts/Markets/StandardMarketWithPriceLogger.sol#L22-L48
Contract locking ether found:
Contract MajorityOracleProxy has payable functions:
But does not have a function to withdraw the ether
contracts/Oracles/MajorityOracle.sol#L14-L29
Contract locking ether found:
Contract CampaignProxy has payable functions:
But does not have a function to withdraw the ether
contracts/Markets/Campaign.sol#L62-L96
Contract locking ether found:
Contract OutcomeTokenProxy has payable functions:
But does not have a function to withdraw the ether
contracts/Tokens/OutcomeToken.sol#L6-L28
Contract locking ether found:
Contract UltimateOracleProxy has payable functions:
But does not have a function to withdraw the ether
contracts/Oracles/UltimateOracle.sol#L39-L74
Contract locking ether found:
Contract SignedMessageOracleProxy has payable functions:
But does not have a function to withdraw the ether
contracts/Oracles/SignedMessageOracle.sol#L33-L47
reentrancy-no-eth
Impact: Medium
Confidence: Medium
Reentrancy in StandardMarketWithPriceLogger.buy(uint8,uint256,uint256):
External calls:
State variables written after the call(s):
contracts/Markets/StandardMarketWithPriceLogger.sol#L59-L66
Reentrancy in StandardMarketWithPriceLogger.shortSell(uint8,uint256,uint256):
External calls:
State variables written after the call(s):
contracts/Markets/StandardMarketWithPriceLogger.sol#L88-L95
Reentrancy in UltimateOracle.voteForOutcome(int256,uint256):
External calls:
State variables written after the call(s):
contracts/Oracles/UltimateOracle.sol#L118-L143
Reentrancy in Campaign.closeMarket():
External calls:
State variables written after the call(s):
contracts/Markets/Campaign.sol#L159-L171
Reentrancy in UltimateOracle.challengeOutcome(int256):
External calls:
State variables written after the call(s):
contracts/Oracles/UltimateOracle.sol#L100-L113
Reentrancy in StandardMarket.fund(uint256):
External calls:
State variables written after the call(s):
contracts/Markets/StandardMarket.sol#L59-L71
Reentrancy in Campaign.createMarket():
External calls:
State variables written after the call(s):
contracts/Markets/Campaign.sol#L143-L155
Reentrancy in Campaign.fund(uint256):
External calls:
State variables written after the call(s):
contracts/Markets/Campaign.sol#L109-L124
Reentrancy in StandardMarketWithPriceLogger.trade(int256[],int256):
External calls:
State variables written after the call(s):
contracts/Markets/StandardMarketWithPriceLogger.sol#L101-L108
Reentrancy in StandardMarketWithPriceLogger.sell(uint8,uint256,uint256):
External calls:
State variables written after the call(s):
contracts/Markets/StandardMarketWithPriceLogger.sol#L73-L80
tautology
Impact: Medium
Confidence: High
StandardMarket.buy(uint8,uint256,uint256) contains a tautology or contradiction:
contracts/Markets/StandardMarket.sol#L104-L118
StandardMarket.sell(uint8,uint256,uint256) contains a tautology or contradiction:
contracts/Markets/StandardMarket.sol#L125-L139
unused-return
Impact: Medium
Confidence: Medium
Campaign.closeMarket() ignores return value by market.withdrawFees()
contracts/Markets/Campaign.sol#L159-L171
FutarchyOracle.close() ignores return value by categoricalEvent.redeemWinnings()
contracts/Oracles/FutarchyOracle.sol#L123-L138
FutarchyOracle.close() ignores return value by market.withdrawFees()
contracts/Oracles/FutarchyOracle.sol#L123-L138
StandardMarket.shortSell(uint8,uint256,uint256) ignores return value by eventContract.outcomeTokens(outcomeTokenIndex).approve(address(this),outcomeTokenCount)
contracts/Markets/StandardMarket.sol#L147-L167
FutarchyOracle.close() ignores return value by market.eventContract().redeemWinnings()
contracts/Oracles/FutarchyOracle.sol#L123-L138
Campaign.closeMarket() ignores return value by eventContract.redeemWinnings()
contracts/Markets/Campaign.sol#L159-L171
shadowing-local
Impact: Low
Confidence: High
ERC20Detailed.constructor(string,string,uint8).symbol shadows:
node_modules/openzeppelin-solidity/contracts/token/ERC20/ERC20Detailed.sol#L18
ERC20Detailed.constructor(string,string,uint8).decimals shadows:
node_modules/openzeppelin-solidity/contracts/token/ERC20/ERC20Detailed.sol#L18
ERC20Detailed.constructor(string,string,uint8).name shadows:
node_modules/openzeppelin-solidity/contracts/token/ERC20/ERC20Detailed.sol#L18
missing-zero-check
Impact: Low
Confidence: Medium
CentralizedOracle.replaceOwner(address).newOwner lacks a zero-check on :
- owner = newOwner
contracts/Oracles/CentralizedOracle.sol#L56
FutarchyOracleProxy.constructor(address,address,EventFactory,ERC20,Oracle,uint8,int256,int256,StandardMarketWithPriceLoggerFactory,MarketMaker,uint24,uint256,uint256)._creator lacks a zero-check on :
- creator = _creator
contracts/Oracles/FutarchyOracle.sol#L59
CentralizedOracleProxy.constructor(address,address,bytes)._owner lacks a zero-check on :
- owner = _owner
contracts/Oracles/CentralizedOracle.sol#L36
StandardMarketProxy.constructor(address,address,Event,MarketMaker,uint24)._creator lacks a zero-check on :
- creator = _creator
contracts/Markets/StandardMarket.sol#L17
incorrect-modifier
Impact: Low
Confidence: High
Modifier Migrations.restricted() does not always execute _; or revert
contracts/Migrations.sol#L9-L11
calls-loop
Impact: Low
Confidence: Medium
Event.buyAllOutcomes(uint256) has external calls inside a loop: outcomeTokens[i].issue(msg.sender,collateralTokenCount)
contracts/Events/Event.sol#L38-L47
FutarchyOracleProxy.constructor(address,address,EventFactory,ERC20,Oracle,uint8,int256,int256,StandardMarketWithPriceLoggerFactory,MarketMaker,uint24,uint256,uint256) has external calls inside a loop: scalarEvent = eventFactory.createScalarEvent(categoricalEvent.outcomeTokens(i),oracle,lowerBound,upperBound)
contracts/Oracles/FutarchyOracle.sol#L57-L91
FutarchyOracleProxy.constructor(address,address,EventFactory,ERC20,Oracle,uint8,int256,int256,StandardMarketWithPriceLoggerFactory,MarketMaker,uint24,uint256,uint256) has external calls inside a loop: markets.push(marketFactory.createMarket(scalarEvent,marketMaker,fee,startDate))
contracts/Oracles/FutarchyOracle.sol#L57-L91
FutarchyOracle.fund(uint256) has external calls inside a loop: market.fund(funding)
contracts/Oracles/FutarchyOracle.sol#L104-L120
FutarchyOracleProxy.constructor(address,address,EventFactory,ERC20,Oracle,uint8,int256,int256,StandardMarketWithPriceLoggerFactory,MarketMaker,uint24,uint256,uint256) has external calls inside a loop: i < categoricalEvent.getOutcomeCount()
contracts/Oracles/FutarchyOracle.sol#L57-L91
Event.sellAllOutcomes(uint256) has external calls inside a loop: outcomeTokens[i].revoke(msg.sender,outcomeTokenCount)
contracts/Events/Event.sol#L51-L60
MajorityOracle.getStatusAndOutcome() has external calls inside a loop: _outcome = oracles[i].getOutcome()
contracts/Oracles/MajorityOracle.sol#L41-L75
FutarchyOracle.setOutcome() has external calls inside a loop: avgPrice = markets[i].getAvgPrice()
contracts/Oracles/FutarchyOracle.sol#L141-L159
MajorityOracle.getStatusAndOutcome() has external calls inside a loop: oracles[i].isOutcomeSet()
contracts/Oracles/MajorityOracle.sol#L41-L75
FutarchyOracle.fund(uint256) has external calls inside a loop: require(bool)(market.eventContract().collateralToken().approve(address(market),funding))
contracts/Oracles/FutarchyOracle.sol#L104-L120
Event.getOutcomeTokenDistribution(address) has external calls inside a loop: outcomeTokenDistribution[i] = outcomeTokens[i].balanceOf(owner)
contracts/Events/Event.sol#L96-L104
reentrancy-benign
Impact: Low
Confidence: Medium
Reentrancy in Campaign.closeMarket():
External calls:
State variables written after the call(s):
contracts/Markets/Campaign.sol#L159-L171
Reentrancy in StandardMarket.fund(uint256):
External calls:
State variables written after the call(s):
contracts/Markets/StandardMarket.sol#L59-L71
Reentrancy in StandardMarket.tradeImpl(uint8,int256[],int256):
External calls:
State variables written after the call(s):
contracts/Markets/StandardMarket.sol#L188-L237
Reentrancy in UltimateOracle.challengeOutcome(int256):
External calls:
State variables written after the call(s):
contracts/Oracles/UltimateOracle.sol#L100-L113
Reentrancy in Campaign.fund(uint256):
External calls:
State variables written after the call(s):
contracts/Markets/Campaign.sol#L109-L124
Reentrancy in UltimateOracle.voteForOutcome(int256,uint256):
External calls:
State variables written after the call(s):
contracts/Oracles/UltimateOracle.sol#L118-L143
reentrancy-events
Impact: Low
Confidence: Medium
Reentrancy in FutarchyOracle.close():
External calls:
Event emitted after the call(s):
contracts/Oracles/FutarchyOracle.sol#L123-L138
Reentrancy in UltimateOracle.withdraw():
External calls:
Event emitted after the call(s):
contracts/Oracles/UltimateOracle.sol#L147-L158
Reentrancy in Campaign.createMarket():
External calls:
Event emitted after the call(s):
contracts/Markets/Campaign.sol#L143-L155
Reentrancy in Event.buyAllOutcomes(uint256):
External calls:
Event emitted after the call(s):
contracts/Events/Event.sol#L38-L47
Reentrancy in Event.sellAllOutcomes(uint256):
External calls:
Event emitted after the call(s):
contracts/Events/Event.sol#L51-L60
Reentrancy in StandardMarket.buy(uint8,uint256,uint256):
External calls:
Event emitted after the call(s):
contracts/Markets/StandardMarket.sol#L104-L118
Reentrancy in FutarchyOracle.fund(uint256):
External calls:
Event emitted after the call(s):
contracts/Oracles/FutarchyOracle.sol#L104-L120
Reentrancy in Campaign.fund(uint256):
External calls:
Event emitted after the call(s):
contracts/Markets/Campaign.sol#L109-L124
Reentrancy in Campaign.closeMarket():
External calls:
Event emitted after the call(s):
contracts/Markets/Campaign.sol#L159-L171
Reentrancy in StandardMarket.withdrawFees():
External calls:
Event emitted after the call(s):
contracts/Markets/StandardMarket.sol#L88-L97
Reentrancy in Campaign.refund():
External calls:
Event emitted after the call(s):
contracts/Markets/Campaign.sol#L128-L139
Reentrancy in StandardMarket.fund(uint256):
External calls:
Event emitted after the call(s):
contracts/Markets/StandardMarket.sol#L59-L71
Reentrancy in UltimateOracle.challengeOutcome(int256):
External calls:
Event emitted after the call(s):
contracts/Oracles/UltimateOracle.sol#L100-L113
Reentrancy in FutarchyOracleFactory.createFutarchyOracle(ERC20,Oracle,uint8,int256,int256,MarketMaker,uint24,uint256,uint256):
External calls:
Event emitted after the call(s):
contracts/Oracles/FutarchyOracleFactory.sol#L59-L101
Reentrancy in StandardMarket.trade(int256[],int256):
External calls:
Event emitted after the call(s):
contracts/Markets/StandardMarket.sol#L173-L186
Reentrancy in ScalarEvent.redeemWinnings():
External calls:
Event emitted after the call(s):
contracts/Events/ScalarEvent.sol#L68-L96
Reentrancy in StandardMarket.sell(uint8,uint256,uint256):
External calls:
Event emitted after the call(s):
contracts/Markets/StandardMarket.sol#L125-L139
Reentrancy in StandardMarket.shortSell(uint8,uint256,uint256):
External calls:
Event emitted after the call(s):
contracts/Markets/StandardMarket.sol#L147-L167
Reentrancy in Campaign.withdrawFees():
External calls:
Event emitted after the call(s):
contracts/Markets/Campaign.sol#L175-L185
Reentrancy in CategoricalEvent.redeemWinnings():
External calls:
Event emitted after the call(s):
contracts/Events/CategoricalEvent.sol#L38-L51
Reentrancy in UltimateOracle.voteForOutcome(int256,uint256):
External calls:
Event emitted after the call(s):
contracts/Oracles/UltimateOracle.sol#L118-L143
timestamp
Impact: Low
Confidence: Medium
UltimateOracle.challengeOutcome(int256) uses timestamp for comparisons
Dangerous comparisons:
contracts/Oracles/UltimateOracle.sol#L100-L113
StandardMarketWithPriceLogger.logPriceBefore() uses timestamp for comparisons
Dangerous comparisons:
contracts/Markets/StandardMarketWithPriceLogger.sol#L135-L142
UltimateOracle.voteForOutcome(int256,uint256) uses timestamp for comparisons
Dangerous comparisons:
contracts/Oracles/UltimateOracle.sol#L118-L143
FutarchyOracle.setOutcome() uses timestamp for comparisons
Dangerous comparisons:
contracts/Oracles/FutarchyOracle.sol#L141-L159
UltimateOracle.isChallengePeriodOver() uses timestamp for comparisons
Dangerous comparisons:
contracts/Oracles/UltimateOracle.sol#L162-L168
UltimateOracle.isFrontRunnerPeriodOver() uses timestamp for comparisons
Dangerous comparisons:
contracts/Oracles/UltimateOracle.sol#L172-L178
CampaignProxy.constructor(address,Event,StandardMarketFactory,MarketMaker,uint24,uint256,uint256) uses timestamp for comparisons
Dangerous comparisons:
contracts/Markets/Campaign.sol#L70-L95
UltimateOracle.setForwardedOutcome() uses timestamp for comparisons
Dangerous comparisons:
contracts/Oracles/UltimateOracle.sol#L86-L96
StandardMarketWithPriceLoggerProxy.constructor(address,address,Event,MarketMaker,uint24,uint256) uses timestamp for comparisons
Dangerous comparisons:
contracts/Markets/StandardMarketWithPriceLogger.sol#L30-L47
UltimateOracle.isChallenged() uses timestamp for comparisons
Dangerous comparisons:
contracts/Oracles/UltimateOracle.sol#L182-L188
StandardMarketWithPriceLogger.getAvgPrice() uses timestamp for comparisons
Dangerous comparisons:
contracts/Markets/StandardMarketWithPriceLogger.sol#L121-L129
UltimateOracle.isOutcomeSet() uses timestamp for comparisons
Dangerous comparisons:
contracts/Oracles/UltimateOracle.sol#L192-L199
assembly
Impact: Informational
Confidence: High
Proxy.fallback() uses assembly
node_modules/@gnosis.pm/util-contracts/contracts/Proxy.sol#L22-L35
pragma
Impact: Informational
Confidence: High
Different versions of Solidity are used:
contracts/Markets/StandardMarketWithPriceLoggerFactory.sol#L1
solc-version
Impact: Informational
Confidence: High
Pragma version^0.5.0 allows old versions
contracts/Markets/StandardMarketWithPriceLoggerFactory.sol#L1
Pragma version^0.5.0 allows old versions
contracts/Oracles/UltimateOracleFactory.sol#L1
Pragma version^0.5.0 allows old versions
contracts/Oracles/CentralizedOracleFactory.sol#L1
Pragma version^0.5.0 allows old versions
contracts/Oracles/DifficultyOracleFactory.sol#L1
Pragma version^0.5.0 allows old versions
node_modules/openzeppelin-solidity/contracts/token/ERC20/IERC20.sol#L1
Pragma version^0.5.0 allows old versions
contracts/Markets/StandardMarketWithPriceLogger.sol#L1
Pragma version^0.5.0 allows old versions
contracts/Migrations.sol#L1
Pragma version^0.5.0 allows old versions
contracts/Oracles/CentralizedOracle.sol#L1
Pragma version>=0.4.22<0.6 is known to contain severe issues (https://solidity.readthedocs.io/en/latest/bugs.html)
node_modules/canonical-weth/contracts/WETH9.sol#L16
Pragma version>=0.4.24^0.5.1 is too complex
node_modules/@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#L1
Pragma version^0.5.0 allows old versions
contracts/Oracles/SignedMessageOracleFactory.sol#L1
solc-0.5.6 is known to contain severe issues (https://solidity.readthedocs.io/en/latest/bugs.html)
Pragma version^0.5.0 allows old versions
contracts/Markets/CampaignFactory.sol#L1
Pragma version^0.5.0 allows old versions
contracts/Oracles/FutarchyOracle.sol#L1
Pragma version^0.5.0 allows old versions
contracts/Oracles/MajorityOracle.sol#L1
Pragma version^0.5.0 allows old versions
node_modules/openzeppelin-solidity/contracts/token/ERC20/ERC20.sol#L1
Pragma version^0.5.0 allows old versions
contracts/Events/Event.sol#L1
Pragma version^0.5.0 allows old versions
contracts/MarketMakers/LMSRMarketMaker.sol#L1
Pragma version^0.5.0 allows old versions
contracts/Tokens/OutcomeToken.sol#L1
Pragma version^0.5.0 allows old versions
contracts/Oracles/MajorityOracleFactory.sol#L1
Pragma version>=0.4.24^0.5.1 is too complex
node_modules/@gnosis.pm/util-contracts/contracts/Proxy.sol#L1
Pragma version^0.5.0 allows old versions
contracts/Markets/Campaign.sol#L1
Pragma version^0.5.0 allows old versions
contracts/Events/CategoricalEvent.sol#L1
Pragma version^0.5.0 allows old versions
contracts/Markets/Market.sol#L1
Pragma version^0.5.0 allows old versions
contracts/MarketMakers/MarketMaker.sol#L1
Pragma version^0.5.0 allows old versions
contracts/Markets/StandardMarket.sol#L1
Pragma version^0.5.0 allows old versions
contracts/Markets/StandardMarketFactory.sol#L1
Pragma version^0.5.0 allows old versions
node_modules/openzeppelin-solidity/contracts/drafts/SignedSafeMath.sol#L1
Pragma version^0.5.0 allows old versions
node_modules/openzeppelin-solidity/contracts/token/ERC20/ERC20Detailed.sol#L1
Pragma version^0.5.0 allows old versions
node_modules/openzeppelin-solidity/contracts/math/SafeMath.sol#L1
Pragma version^0.5.0 allows old versions
contracts/Oracles/Oracle.sol#L1
Pragma version^0.5.0 allows old versions
contracts/Events/ScalarEvent.sol#L1
Pragma version^0.5.0 allows old versions
contracts/Oracles/SignedMessageOracle.sol#L1
Pragma version^0.5.0 allows old versions
contracts/Oracles/UltimateOracle.sol#L1
Pragma version^0.5.0 allows old versions
contracts/Oracles/DifficultyOracle.sol#L1
Pragma version^0.5.0 allows old versions
contracts/Events/EventFactory.sol#L1
Pragma version^0.5.0 allows old versions
contracts/Oracles/FutarchyOracleFactory.sol#L1
naming-convention
Impact: Informational
Confidence: High
Variable Migrations.last_completed_migration is not in mixedCase
contracts/Migrations.sol#L7
Parameter StandardMarket.fund(uint256)._funding is not in mixedCase
contracts/Markets/StandardMarket.sol#L59
Parameter UltimateOracle.challengeOutcome(int256)._outcome is not in mixedCase
contracts/Oracles/UltimateOracle.sol#L100
Parameter CentralizedOracle.setOutcome(int256)._outcome is not in mixedCase
contracts/Oracles/CentralizedOracle.sol#L68
Parameter Migrations.upgrade(address).new_address is not in mixedCase
contracts/Migrations.sol#L21
Parameter OutcomeToken.revoke(address,uint256)._for is not in mixedCase
contracts/Tokens/OutcomeToken.sol#L72
Parameter SignedMessageOracle.setOutcome(int256,uint8,bytes32,bytes32)._outcome is not in mixedCase
contracts/Oracles/SignedMessageOracle.sol#L80
Parameter SignedMessageOracle.replaceSigner(address,uint256,uint8,bytes32,bytes32)._nonce is not in mixedCase
contracts/Oracles/SignedMessageOracle.sol#L62
Parameter OutcomeToken.issue(address,uint256)._for is not in mixedCase
contracts/Tokens/OutcomeToken.sol#L61
Parameter UltimateOracle.voteForOutcome(int256,uint256)._outcome is not in mixedCase
contracts/Oracles/UltimateOracle.sol#L118
reentrancy-unlimited-gas
Impact: Informational
Confidence: Medium
Reentrancy in WETH9.withdraw(uint256):
External calls:
Event emitted after the call(s):
node_modules/canonical-weth/contracts/WETH9.sol#L38-L43
too-many-digits
Impact: Informational
Confidence: Medium
LMSRMarketMaker.slitherConstructorConstantVariables() uses literals with too many digits:
contracts/MarketMakers/LMSRMarketMaker.sol#L10-L223
CampaignProxy.slitherConstructorConstantVariables() uses literals with too many digits:
contracts/Markets/Campaign.sol#L62-L96
Campaign.slitherConstructorConstantVariables() uses literals with too many digits:
contracts/Markets/Campaign.sol#L100-L186
Fixed192x64Math.slitherConstructorConstantVariables() uses literals with too many digits:
node_modules/@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#L7-L275
StandardMarketWithPriceLoggerProxy.slitherConstructorConstantVariables() uses literals with too many digits:
contracts/Markets/StandardMarketWithPriceLogger.sol#L22-L48
StandardMarketWithPriceLogger.slitherConstructorConstantVariables() uses literals with too many digits:
contracts/Markets/StandardMarketWithPriceLogger.sol#L50-L153
ScalarEvent.slitherConstructorConstantVariables() uses literals with too many digits:
contracts/Events/ScalarEvent.sol#L60-L107
StandardMarketWithPriceLoggerProxy.slitherConstructorConstantVariables() uses literals with too many digits:
contracts/Markets/StandardMarketWithPriceLogger.sol#L22-L48
ScalarEventProxy.slitherConstructorConstantVariables() uses literals with too many digits:
contracts/Events/ScalarEvent.sol#L22-L56
StandardMarketWithPriceLogger.slitherConstructorConstantVariables() uses literals with too many digits:
contracts/Markets/StandardMarketWithPriceLogger.sol#L50-L153
unimplemented-functions
Impact: Informational
Confidence: High
ERC20Detailed does not implement functions:
node_modules/openzeppelin-solidity/contracts/token/ERC20/ERC20Detailed.sol#L8-L54
unused-state
Impact: Informational
Confidence: High
SignedMessageOracleData.nonce is never used in SignedMessageOracleProxy
contracts/Oracles/SignedMessageOracle.sol#L19
StandardMarketWithPriceLoggerData.ONE is never used in StandardMarketWithPriceLogger
contracts/Markets/StandardMarketWithPriceLogger.sol#L9
OutcomeTokenProxy.allowed is never used in OutcomeTokenProxy
contracts/Tokens/OutcomeToken.sol#L14
OutcomeTokenProxy.balances is never used in OutcomeTokenProxy
contracts/Tokens/OutcomeToken.sol#L12
OutcomeTokenProxy.totalSupply_ is never used in OutcomeTokenProxy
contracts/Tokens/OutcomeToken.sol#L13
constable-states
Impact: Optimization
Confidence: High
WETH9.decimals should be constant
node_modules/canonical-weth/contracts/WETH9.sol#L21
WETH9.symbol should be constant
node_modules/canonical-weth/contracts/WETH9.sol#L20
WETH9.name should be constant
node_modules/canonical-weth/contracts/WETH9.sol#L19
OutcomeToken.eventContract should be constant
contracts/Tokens/OutcomeToken.sol#L44
OutcomeTokenProxy.totalSupply_ should be constant
contracts/Tokens/OutcomeToken.sol#L13
external-function
Impact: Optimization
Confidence: High
createMajorityOracle(Oracle[]) should be declared external:
Moreover, the following function parameters should change its data location:
oracles location should be calldata
contracts/Oracles/MajorityOracleFactory.sol#L31-L37
calcNetCost(Market,int256[]) should be declared external:
Moreover, the following function parameters should change its data location:
outcomeTokenAmounts location should be calldata
contracts/MarketMakers/LMSRMarketMaker.sol#L27-L58
createCentralizedOracle(bytes) should be declared external:
Moreover, the following function parameters should change its data location:
ipfsHash location should be calldata
contracts/Oracles/CentralizedOracleFactory.sol#L31-L37
max(int256[]) should be declared external:
Moreover, the following function parameters should change its data location:
nums location should be calldata
node_modules/@gnosis.pm/util-contracts/contracts/Fixed192x64Math.sol#L264-L274