# Winning bot race submission This is the top-ranked automated findings report, from vuln-detector bot. All findings in this report will be considered known issues for the purposes of your C4 audit. ## Summary | |Issue|Instances| Gas Savings |-|:-|:-:|:-:| | [[M-01](#m-01)] | `block.number` means different things on different L2s | 10| 0| | [[L-01](#l-01)] | Missing checks for `address(0)` when assigning values to address state variables | 8| 0| | [[L-02](#l-02)] | Array lengths not checked | 2| 0| | [[L-03](#l-03)] | For loops in public or external functions should be avoided due to high gas costs and possible DOS | 29| 0| | [[L-04](#l-04)] | External call `recipient` may consume all transaction gas (gas griefing) | 5| 0| | [[L-05](#l-05)] | Missing checks in constructor | 3| 0| | [[L-06](#l-06)] | Division before multiplication can lead to precision errors | 4| 0| | [[L-07](#l-07)] | Double type casts create complexity within the code | 10| 0| | [[L-08](#l-08)] | `external` calls in an un-bounded loop may result in a DOS | 12| 0| | [[L-09](#l-09)] | Constant decimal values | 5| 0| | [[L-10](#l-10)] | `image_data` should be used for raw svg | 1| 0| | [[L-11](#l-11)] | Initialization can be front-run | 1| 0| | [[L-12](#l-12)] | `internal` Function calls within for loops | 8| 0| | [[L-13](#l-13)] | Loss of precision | 11| 0| | [[L-14](#l-14)] | Missing contract-existence checks before low-level calls | 4| 0| | [[L-15](#l-15)] | NFT doesn't handle hard forks | 1| 0| | [[L-16](#l-16)] | Consider using OpenZeppelin’s SafeCast library to prevent unexpected overflows when casting from various type int/uint values | 70| 0| | [[L-17](#l-17)] | Setters should have initial value check | 2| 0| | [[L-18](#l-18)] | Int casting `block.timestamp` can reduce the lifespan of a contract | 9| 0| | [[L-19](#l-19)] | Unsafe downcast | 46| 0| | [[L-20](#l-20)] | Unsafe conversion from unsigned to signed values | 1| 0| | [[L-21](#l-21)] | Consider implementing two-step procedure for updating protocol addresses | 21| 0| | [[L-22](#l-22)] | Consider using descriptive `constant`s when passing zero as a function argument | 2| 0| | [[L-23](#l-23)] | Functions calling contracts/addresses with transfer hooks are missing reentrancy guards | 5| 0| | [[L-24](#l-24)] | Code does not follow the best practice of check-effects-interaction | 8| 0| | [[L-25](#l-25)] | prevent re-setting a state variable with the same value | 11| 0| | [[L-26](#l-26)] | Missing contract-existence checks before yul `call()` | 1| 0| | [[G-01](#g-01)] | State variable read in a loop | 9| 0| | [[G-02](#g-02)] | Multiple accesses of a mapping/array should use a local variable cache | 141| 5922| | [[G-03](#g-03)] | Use assembly to calculate hashes to save gas | 6| 480| | [[G-04](#g-04)] | Use assembly to check for `address(0)` | 91| 546| | [[G-05](#g-05)] | Use assembly in place of `abi.decode` to extract `calldata` values more efficiently | 1| 0| | [[G-06](#g-06)] | Optimize Address Storage Value Management with `assembly` | 36| 0| | [[G-07](#g-07)] | Use assembly to emit events | 82| 3116| | [[G-08](#g-08)] | Avoid contract existence checks by using low level calls | 57| 5700| | [[G-09](#g-09)] | Using bools for storage incurs overhead | 6| 600| | [[G-10](#g-10)] | Use byte32 in place of string | 1| 0| | [[G-11](#g-11)] | Cache array length outside of loop | 16| 1552| | [[G-12](#g-12)] | State variables should be cached in stack variables rather than re-reading them from storage | 3| 291| | [[G-13](#g-13)] | Use calldata instead of memory for function arguments that do not get mutated | 20| 0| | [[G-14](#g-14)] | With assembly, `.call (bool success)` transfer can be done gas-optimized | 4| 0| | [[G-15](#g-15)] | Add `unchecked {}` for subtractions where the operands cannot underflow because of a previous `require()` or `if`-statement | 3| 255| | [[G-16](#g-16)] | Divisions which do not divide by -X cannot overflow or overflow so such operations can be unchecked to save gas | 34| 0| | [[G-17](#g-17)] | Do not calculate constants | 4| 0| | [[G-18](#g-18)] | Stack variable cost less while used in emiting event | 6| 600| | [[G-19](#g-19)] | Superfluous event fields | 2| 0| | [[G-20](#g-20)] | Events should be emitted outside of loops | 3| 1125| | [[G-21](#g-21)] | Empty blocks should be removed or emit something | 1| 0| | [[G-22](#g-22)] | Use `ERC721A` instead `ERC721` | 1| 0| | [[G-23](#g-23)] | `internal` functions only called once can be inlined to save gas | 10| 200| | [[G-24](#g-24)] | Consider merging sequential for loops | 8| 0| | [[G-25](#g-25)] | Reduce gas usage by moving to Solidity 0.8.19 or later | 27| 0| | [[G-26](#g-26)] | Multiple `address`/ID mappings can be combined into a single `mapping` of an `address`/ID to a `struct`, where appropriate | 7| 0| | [[G-27](#g-27)] | Optimize names to save gas | 39| 858| | [[G-28](#g-28)] | Not using the named return variables anywhere in the function is confusing | 3| 0| | [[G-29](#g-29)] | Constructors can be marked `payable` | 23| 483| | [[G-30](#g-30)] | Using `private` rather than `public` for constants, saves gas | 33| 0| | [[G-31](#g-31)] | Remove or replace unused state variables | 3| 0| | [[G-32](#g-32)] | Avoid updating storage when the value hasn't changed to save gas | 11| 8800| | [[G-33](#g-33)] | Use shift Right instead of division if possible to save gas | 1| 20| | [[G-34](#g-34)] | Use shift Left instead of multiplication if possible to save gas | 2| 0| | [[G-35](#g-35)] | Usage of `uints`/`ints` smaller than 32 bytes (256 bits) incurs overhead | 45| 0| | [[G-36](#g-36)] | The use of a logical AND in place of double if is slightly less gas efficient in instances where there isn't a corresponding else statement for the given if statement | 11| 165| | [[G-37](#g-37)] | State variables only set in the constructor should be declared `immutable` | 2| 4194| | [[G-38](#g-38)] | Stack variable used as a cheaper cache for a state variable is only used once | 3| 9| | [[G-39](#g-39)] | Cache state variables outside of loop to avoid reading storage on every iteration | 9| 0| | [[G-40](#g-40)] | Using `storage` instead of `memory` for structs/arrays saves gas | 3| 12600| | [[G-41](#g-41)] | `>=`/`<=` costs less gas than `>`/`<` | 135| 405| | [[G-42](#g-42)] | Ternary unnecessary | 1| 0| | [[G-43](#g-43)] | Use assembly to validate `msg.sender` | 59| 708| | [[G-44](#g-44)] | Can make the variable outside the loop to save gas | 60| 0| | [[G-45](#g-45)] | Consider activating via-ir for deploying | 1| 250| | [[G-46](#g-46)] | `++i` costs less gas than `i++`, especially when it's used in `for`-loops (`--i`/`i--` too) | 5| 0| | [[G-47](#g-47)] | Unnecessary casting as variable is already of the same type | 1| 22| | [[G-48](#g-48)] | Using mappings instead of arrays to avoid length checks save gas | 3| 0| | [[G-49](#g-49)] | Use `do while` loops instead of `for` loops | 51| 6171| | [[G-50](#g-50)] | Avoid transferring amounts of zero in order to save gas | 1| 0| | [[G-51](#g-51)] | Simple checks for zero `uint` can be done using assembly to save gas | 30| 180| | [[G-52](#g-52)] | `++i`/`i++` should be `unchecked{++i}`/`unchecked{i++}` when it is not possible for them to overflow, as is the case when used in `for`- and `while`-loops | 48| 0| | [[G-53](#g-53)] | Do not cache constants to save gas | 1| 0| | [[G-54](#g-54)] | Using `private` for constants saves gas | 55| 0| | [[G-55](#g-55)] | Use `s.x = s.x + y` instead of `s.x += y` for memory structs | 9| 900| | [[G-56](#g-56)] | Redundant state variable getters | 1| 0| | [[G-57](#g-57)] | Using `constant`s instead of `enum` can save gas | 5| 0| | [[G-58](#g-58)] | Gas savings can be achieved by changing the model for assigning value to the structure ***123 gas*** | 5| 615| | [[G-59](#g-59)] | address(this) should be cached | 8| 0| | [[G-60](#g-60)] | Use `solady` library where possible to save gas | 3| 0| | [[N-01](#n-01)] | State variables declarations should have NatSpec descriptions | 145| 0| | [[N-02](#n-02)] | Large or complicated code bases should implement invariant tests | 1| 0| | [[N-03](#n-03)] | Assembly blocks should have extensive comments | 10| 0| | [[N-04](#n-04)] | Contract declarations should have NatSpec `@author` annotations | 22| 0| | [[N-05](#n-05)] | Avoid the use of sensitive terms | 45| 0| | [[N-06](#n-06)] | Common functions should be refactored to a common base contract | 1| 0| | [[N-07](#n-07)] | Overly complicated arithmetic | 1| 0| | [[N-08](#n-08)] | Constant redefined elsewhere | 13| 0| | [[N-09](#n-09)] | Constants in comparisons should appear on the left side | 131| 0| | [[N-10](#n-10)] | `const` Variable names don\'t follow the Solidity style guide | 7| 0| | [[N-11](#n-11)] | NatSpec documentation for `contract` is missing | 6| 0| | [[N-12](#n-12)] | Contract does not follow the Solidity style guide's suggested layout ordering | 17| 0| | [[N-13](#n-13)] | Contracts containing only utility functions should be made into libraries | 1| 0| | [[N-14](#n-14)] | Control structures do not follow the Solidity Style Guide | 22| 0| | [[N-15](#n-15)] | Custom error has no error details | 36| 0| | [[N-16](#n-16)] | Consider using `delete` rather than assigning `zero` to clear values | 14| 0| | [[N-17](#n-17)] | Dependence on external protocols | 1| 0| | [[N-18](#n-18)] | `else`-block not required | 2| 0| | [[N-19](#n-19)] | Empty Function Body - Consider commenting why | 1| 0| | [[N-20](#n-20)] | Empty bytes check is missing | 23| 0| | [[N-21](#n-21)] | Events are missing sender information | 67| 0| | [[N-22](#n-22)] | Events may be emitted out of order due to reentrancy | 8| 0| | [[N-23](#n-23)] | Defining All External/Public Functions in Contract Interfaces | 78| 0| | [[N-24](#n-24)] | Fixed Compiler Version Required for Non-Library/Interface Files | 27| 0| | [[N-25](#n-25)] | Floating pragma should be avoided | 27| 0| | [[N-26](#n-26)] | NatSpec documentation for `function` is missing | 13| 0| | [[N-27](#n-27)] | Function ordering does not follow the Solidity style guide | 11| 0| | [[N-28](#n-28)] | `address`s shouldn't be hard-coded | 1| 0| | [[N-29](#n-29)] | Array indicies should be referenced via `enum`s rather than via numeric literals | 40| 0| | [[N-30](#n-30)] | Some if-statement can be converted to a ternary | 39| 0| | [[N-31](#n-31)] | Imports could be organized more systematically | 6| 0| | [[N-32](#n-32)] | Import declarations should import specific identifiers, rather than the whole file | 34| 0| | [[N-33](#n-33)] | Interfaces should be defined in separate files from their usage | 5| 0| | [[N-34](#n-34)] | Large numeric literals should use underscores for readability | 8| 0| | [[N-35](#n-35)] | Long functions should be refactored into multiple, smaller, functions | 27| 0| | [[N-36](#n-36)] | Long lines of code | 121| 0| | [[N-37](#n-37)] | Missing event and or timelock for critical parameter change | 5| 0| | [[N-38](#n-38)] | File is missing NatSpec | 1| 0| | [[N-39](#n-39)] | Mixed usage of `int`/`uint` with `int256`/`uint256` | 2| 0| | [[N-40](#n-40)] | Consider using named mappings | 24| 0| | [[N-41](#n-41)] | Consider using later versions of solidity for more cappabilities | 12| 0| | [[N-42](#n-42)] | Events that mark critical parameter changes should contain both the old and the new value | 48| 0| | [[N-43](#n-43)] | `override` function arguments that are unused should have the variable name removed or commented out to avoid compiler warnings | 7| 0| | [[N-44](#n-44)] | Use of `override` is unnecessary | 15| 0| | [[N-45](#n-45)] | NatSpec `@param` is missing | 21| 0| | [[N-46](#n-46)] | Functions which are either private or internal should have a preceding _ in their name | 1| 0| | [[N-47](#n-47)] | `public` functions not called by the contract should be declared `external` instead | 3| 0| | [[N-48](#n-48)] | Adding a `return` statement when the function defines a named return variable, is redundant | 1| 0| | [[N-49](#n-49)] | Redundant inheritance specifier | 2| 0| | [[N-50](#n-50)] | Setters should prevent re-setting of the same value | 31| 0| | [[N-51](#n-51)] | NatSpec `@return` argument is missing | 19| 0| | [[N-52](#n-52)] | Consider using `SafeTransferLib.safeTransferETH()` or `Address.sendValue()` for clearer semantic meaning | 5| 0| | [[N-53](#n-53)] | Polymorphic functions make security audits more time-consuming and error-prone | 20| 0| | [[N-54](#n-54)] | State variables should have `Natspec` comments | 145| 0| | [[N-55](#n-55)] | Numeric values having to do with time should use time units for readability | 5| 0| | [[N-56](#n-56)] | Contract declarations should have NatSpec `@title` annotations | 21| 0| | [[N-57](#n-57)] | Top level pragma declarations should be separated by two blank lines | 22| 0| | [[N-58](#n-58)] | uint variables should have the bit size defined explicitly | 1| 0| | [[N-59](#n-59)] | Uncommented fields in a struct | 5| 0| | [[N-60](#n-60)] | Event is missing `indexed` fields | 29| 0| | [[N-61](#n-61)] | Unused `error` definition | 15| 0| | [[N-62](#n-62)] | Unused `event` definition | 1| 0| | [[N-63](#n-63)] | Unused Import | 1| 0| | [[N-64](#n-64)] | Missing upgradability functionality | 1| 0| | [[N-65](#n-65)] | Use `abi.encodeCall()` instead of `abi.encodeSignature()`/`abi.encodeSelector()` | 1| 0| | [[N-66](#n-66)] | Use `string.concat()` on strings instead of `abi.encodePacked()` for clearer semantic meaning | 1| 0| | [[N-67](#n-67)] | Constants should be defined rather than using magic numbers | 103| 0| | [[N-68](#n-68)] | Use the latest solidity (prior to 0.8.20 if on L2s) for deployment | 30| 0| | [[N-69](#n-69)] | Use a single file for system wide constants | 15| 0| | [[N-70](#n-70)] | Consider using SMTChecker | 41| 0| | [[N-71](#n-71)] | Variable name must be in mixedCase | 1| 0| | [[N-72](#n-72)] | Whitespace in Expressions | 16| 0| | [[N-73](#n-73)] | Complex function controle flow | 15| 0| | [[N-74](#n-74)] | Consider bounding input array length | 18| 0| | [[N-75](#n-75)] | A function which defines named returns in it's declaration doesn't need to use return | 3| 0| | [[N-76](#n-76)] | Contract declarations should have NatSpec `@dev` annotations | 29| 0| | [[N-77](#n-77)] | Contract should expose an `interface` | 78| 0| | [[N-78](#n-78)] | Named imports of parent contracts are missing | 1| 0| | [[N-79](#n-79)] | Contract declarations should have NatSpec `@notice` annotations | 46| 0| | [[N-80](#n-80)] | Do not use UNDERSCORE in `struct` elements names | 3| 0| | [[N-81](#n-81)] | `contract` names should use CamelCase | 2| 0| | [[N-82](#n-82)] | `event` declarations should have NatSpec descriptions | 75| 0| | [[N-83](#n-83)] | Events should use parameters to convey information | 3| 0| | [[N-84](#n-84)] | `function` names should use lowerCamelCase | 28| 0| | [[N-85](#n-85)] | Expressions for constant values should use `immutable` rather than `constant` | 10| 0| | [[N-86](#n-86)] | Consider splitting long calculations | 3| 0| | [[N-87](#n-87)] | Consider using `AccessControlDefaultAdminRules` rather than `AccessControl` | 1| 0| | [[N-88](#n-88)] | `immutable` variable names don\'t follow the Solidity style guide | 22| 0| | [[N-89](#n-89)] | `private`/`public` function name should start with underscore | 1| 0| | [[N-90](#n-90)] | Assembly block creates dirty bits | 5| 0| | [[N-91](#n-91)] | Add inline comments for unnamed parameters | 11| 0| | [[N-92](#n-92)] | Function state mutability can be restricted to pure | 2| 0| | [[N-93](#n-93)] | Use the latest Solidity version for better security | 35| 0| | [[N-94](#n-94)] | Consider adding formal verification proofs | 1| 0| | [[N-95](#n-95)] | Missing zero address check in functions with address parameters | 68| 0| | [[N-96](#n-96)] | Use a struct to encapsulate multiple function parameters | 5| 0| | [[N-97](#n-97)] | Do not cache `constants` | 1| 0| | [[N-98](#n-98)] | Function state mutability can be restricted to `view` | 1| 0| | [[N-99](#n-99)] | Do not cache `immutable` | 1| 0| | [[N-100](#n-100)] | Missing NatSpec `@dev` from event declaration | 75| 0| | [[N-101](#n-101)] | Missing NatSpec `@notice` from event declaration | 75| 0| | [[N-102](#n-102)] | Missing NatSpec `@notice` from function declaration | 240| 0| | [[N-103](#n-103)] | Missing NatSpec `@dev` from function declaration | 13| 0| | [[N-104](#n-104)] | Use `@inheritdoc` for overridden functions | 29| 0| | [[N-105](#n-105)] | Multiple mappings with same keys can be combined into a single struct mapping for readability | 7| 0| | [[N-106](#n-106)] | constructor should emit an event | 24| 0| | [[N-107](#n-107)] | Use `ERC1155Holder` over `ERC1155Receiver` | 2| 0| | [[N-108](#n-108)] | Use a `struct` instead of returning multiple values | 3| 0| | [[N-109](#n-109)] | [Solidity]: Bug in Legacy Code Generation When Accessing the .selector Member on Expressions with Side Effects | 35| 0| | [[N-110](#n-110)] | [Solidity]: All `verbatim` blocks are considered identical by deduplicator and can incorrectly be unified | 37| 0| ### Medium Risk Issues ### [M-01] `block.number` means different things on different L2s On Optimism, `block.number` is the L2 block number, but on Arbitrum, it's the L1 block number, and `ArbSys(address(100)).arbBlockNumber()` must be used. Furthermore, L2 block numbers often occur much more frequently than L1 block numbers (any may even occur on a per-transaction basis), so using block numbers for timing results in inconsistencies, especially when voting is involved across multiple chains. As of version 4.9, OpenZeppelin has [modified](https://blog.openzeppelin.com/introducing-openzeppelin-contracts-v4.9#governor) their governor code to use a clock rather than block numbers, to avoid these sorts of issues, but this still requires that the project [implement](https://docs.openzeppelin.com/contracts/4.x/governance#token_2) a [clock](https://eips.ethereum.org/EIPS/eip-6372) for each L2. *There are 10 instance(s) of this issue:* ```solidity File: governance/contracts/veOLAS.sol 139: mapSupplyPoints[0] = PointVoting(0, 0, uint64(block.timestamp), uint64(block.number), 0); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L139-L139 ```solidity File: governance/contracts/veOLAS.sol 215: lastPoint = PointVoting(0, 0, uint64(block.timestamp), uint64(block.number), 0); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L215-L215 ```solidity File: governance/contracts/veOLAS.sol 225: block_slope = (1e18 * uint256(block.number - lastPoint.blockNumber)) / uint256(block.timestamp - lastPoint.ts); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L225-L225 ```solidity File: governance/contracts/veOLAS.sol 266: lastPoint.blockNumber = uint64(block.number); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L266-L266 ```solidity File: governance/contracts/veOLAS.sol 313: uNew.blockNumber = uint64(block.number); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L313-L313 ```solidity File: governance/contracts/veOLAS.sol 645: if (blockNumber > block.number) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L645-L645 ```solidity File: governance/contracts/veOLAS.sol 646: revert WrongBlockNumber(blockNumber, block.number); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L646-L646 ```solidity File: governance/contracts/veOLAS.sol 659: dBlock = block.number - point.blockNumber; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L659-L659 ```solidity File: tokenomics/contracts/Tokenomics.sol 824: lastDonationBlockNumber = uint32(block.number); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L824-L824 ```solidity File: tokenomics/contracts/Tokenomics.sol 892: if (lastDonationBlockNumber == block.number) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L892-L892### Low Risk Issues ### [L-01] Missing checks for `address(0)` when assigning values to address state variables *There are 8 instance(s) of this issue:* ```solidity File: governance/contracts/veOLAS.sol 134: token = _token; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L134-L134 ```solidity File: registries/contracts/AgentRegistry.sol 25: componentRegistry = _componentRegistry; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/AgentRegistry.sol#L25-L25 ```solidity File: registries/contracts/RegistriesManager.sol 16: componentRegistry = _componentRegistry; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/RegistriesManager.sol#L16-L16 ```solidity File: registries/contracts/RegistriesManager.sol 17: agentRegistry = _agentRegistry; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/RegistriesManager.sol#L17-L17 ```solidity File: registries/contracts/multisigs/GnosisSafeMultisig.sol 38: gnosisSafe = _gnosisSafe; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeMultisig.sol#L38-L38 ```solidity File: registries/contracts/multisigs/GnosisSafeMultisig.sol 39: gnosisSafeProxyFactory = _gnosisSafeProxyFactory; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeMultisig.sol#L39-L39 ```solidity File: tokenomics/contracts/Tokenomics.sol 315: donatorBlacklist = _donatorBlacklist; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L315-L315 ```solidity File: tokenomics/contracts/Tokenomics.sol 480: donatorBlacklist = _donatorBlacklist; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L480-L480 ### [L-02] Array lengths not checked If the length of the arrays are not required to be of the same length, user operations may not be fully executed due to a mismatch in the number of items iterated over, versus the number of items provided in the second array *There are 2 instance(s) of this issue:* ```solidity File: governance/contracts/GovernorOLAS.sol //@audit , targets, values, calldatas length are not checked 45: function propose( 46: address[] memory targets, 47: uint256[] memory values, 48: bytes[] memory calldatas, 49: string memory description 50: ) public override(IGovernor, Governor, GovernorCompatibilityBravo) returns (uint256) 51: { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/GovernorOLAS.sol#L45-L51 ```solidity File: governance/contracts/Timelock.sol //@audit , proposers, executors length are not checked 10: constructor(uint256 minDelay, address[] memory proposers, address[] memory executors) 11: TimelockController(minDelay, proposers, executors, msg.sender) 12: {} ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/Timelock.sol#L10-L12 ### [L-03] For loops in public or external functions should be avoided due to high gas costs and possible DOS In Solidity, for loops can potentially cause Denial of Service (DoS) attacks if not handled carefully. DoS attacks can occur when an attacker intentionally exploits the gas cost of a function, causing it to run out of gas or making it too expensive for other users to call. Below are some scenarios where for loops can lead to DoS attacks: Nested for loops can become exceptionally gas expensive and should be used sparingly *There are 29 instance(s) of this issue:* ```solidity File: governance/contracts/OLAS.sol 098: function inflationRemainder() public view returns (uint256 remainder) { 099: uint256 _totalSupply = totalSupply; 100: // Current year 101: uint256 numYears = (block.timestamp - timeLaunch) / oneYear; 102: // Calculate maximum mint amount to date 103: uint256 supplyCap = tenYearSupplyCap; 104: // After 10 years, adjust supplyCap according to the yearly inflation % set in maxMintCapFraction 105: if (numYears > 9) { 106: // Number of years after ten years have passed (including ongoing ones) 107: numYears -= 9; 108: for (uint256 i = 0; i < numYears; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L98-L108 ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol 107: function processMessageFromRoot(uint256 stateId, address rootMessageSender, bytes memory data) external override { 108: // Check for the Fx Child address 109: if(msg.sender != fxChild) { 110: revert FxChildOnly(msg.sender, fxChild); 111: } 112: 113: // Check for the Root Governor address 114: if(rootMessageSender != rootGovernor) { 115: revert RootGovernorOnly(rootMessageSender, rootGovernor); 116: } 117: 118: // Check for the correct data length 119: uint256 dataLength = data.length; 120: if (dataLength < DEFAULT_DATA_LENGTH) { 121: revert IncorrectDataLength(DEFAULT_DATA_LENGTH, data.length); 122: } 123: 124: // Unpack and process the data 125: for (uint256 i = 0; i < dataLength;) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L107-L125 ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol 107: function processMessageFromRoot(uint256 stateId, address rootMessageSender, bytes memory data) external override { 108: // Check for the Fx Child address 109: if(msg.sender != fxChild) { 110: revert FxChildOnly(msg.sender, fxChild); 111: } 112: 113: // Check for the Root Governor address 114: if(rootMessageSender != rootGovernor) { 115: revert RootGovernorOnly(rootMessageSender, rootGovernor); 116: } 117: 118: // Check for the correct data length 119: uint256 dataLength = data.length; 120: if (dataLength < DEFAULT_DATA_LENGTH) { 121: revert IncorrectDataLength(DEFAULT_DATA_LENGTH, data.length); 122: } 123: 124: // Unpack and process the data 125: for (uint256 i = 0; i < dataLength;) { 126: address target; 127: uint96 value; 128: uint32 payloadLength; 129: // solhint-disable-next-line no-inline-assembly 130: assembly { 131: // First 20 bytes is the address (160 bits) 132: i := add(i, 20) 133: target := mload(add(data, i)) 134: // Offset the data by 12 bytes of value (96 bits) 135: i := add(i, 12) 136: value := mload(add(data, i)) 137: // Offset the data by 4 bytes of payload length (32 bits) 138: i := add(i, 4) 139: payloadLength := mload(add(data, i)) 140: } 141: 142: // Check for the zero address 143: if (target == address(0)) { 144: revert ZeroAddress(); 145: } 146: // Check for the value compared to the contract's balance 147: if (value > address(this).balance) { 148: revert InsufficientBalance(value, address(this).balance); 149: } 150: 151: // Get the payload 152: bytes memory payload = new bytes(payloadLength); 153: for (uint256 j = 0; j < payloadLength; ++j) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L107-L153 ```solidity File: governance/contracts/bridges/HomeMediator.sol 105: function processMessageFromForeign(bytes memory data) external { 106: // Check for the AMB Contract Proxy (Home) address 107: if (msg.sender != AMBContractProxyHome) { 108: revert AMBContractProxyHomeOnly(msg.sender, AMBContractProxyHome); 109: } 110: 111: // Check for the Foreign Governor address 112: address governor = foreignGovernor; 113: address bridgeGovernor = IAMB(AMBContractProxyHome).messageSender(); 114: if (bridgeGovernor != governor) { 115: revert ForeignGovernorOnly(bridgeGovernor, governor); 116: } 117: 118: // Check for the correct data length 119: uint256 dataLength = data.length; 120: if (dataLength < DEFAULT_DATA_LENGTH) { 121: revert IncorrectDataLength(DEFAULT_DATA_LENGTH, data.length); 122: } 123: 124: // Unpack and process the data 125: for (uint256 i = 0; i < dataLength;) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L105-L125 ```solidity File: governance/contracts/bridges/HomeMediator.sol 105: function processMessageFromForeign(bytes memory data) external { 106: // Check for the AMB Contract Proxy (Home) address 107: if (msg.sender != AMBContractProxyHome) { 108: revert AMBContractProxyHomeOnly(msg.sender, AMBContractProxyHome); 109: } 110: 111: // Check for the Foreign Governor address 112: address governor = foreignGovernor; 113: address bridgeGovernor = IAMB(AMBContractProxyHome).messageSender(); 114: if (bridgeGovernor != governor) { 115: revert ForeignGovernorOnly(bridgeGovernor, governor); 116: } 117: 118: // Check for the correct data length 119: uint256 dataLength = data.length; 120: if (dataLength < DEFAULT_DATA_LENGTH) { 121: revert IncorrectDataLength(DEFAULT_DATA_LENGTH, data.length); 122: } 123: 124: // Unpack and process the data 125: for (uint256 i = 0; i < dataLength;) { 126: address target; 127: uint96 value; 128: uint32 payloadLength; 129: // solhint-disable-next-line no-inline-assembly 130: assembly { 131: // First 20 bytes is the address (160 bits) 132: i := add(i, 20) 133: target := mload(add(data, i)) 134: // Offset the data by 12 bytes of value (96 bits) 135: i := add(i, 12) 136: value := mload(add(data, i)) 137: // Offset the data by 4 bytes of payload length (32 bits) 138: i := add(i, 4) 139: payloadLength := mload(add(data, i)) 140: } 141: 142: // Check for the zero address 143: if (target == address(0)) { 144: revert ZeroAddress(); 145: } 146: // Check for the value compared to the contract's balance 147: if (value > address(this).balance) { 148: revert InsufficientBalance(value, address(this).balance); 149: } 150: 151: // Get the payload 152: bytes memory payload = new bytes(payloadLength); 153: for (uint256 j = 0; j < payloadLength; ++j) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L105-L153 ```solidity File: governance/contracts/multisigs/GuardCM.sol 441: function setTargetSelectorChainIds( 442: address[] memory targets, 443: bytes4[] memory selectors, 444: uint256[] memory chainIds, 445: bool[] memory statuses 446: ) external { 447: // Check for the ownership 448: if (msg.sender != owner) { 449: revert OwnerOnly(msg.sender, owner); 450: } 451: 452: // Check array length 453: if (targets.length != selectors.length || targets.length != statuses.length || targets.length != chainIds.length) { 454: revert WrongArrayLength(targets.length, selectors.length, statuses.length, chainIds.length); 455: } 456: 457: // Traverse all the targets and selectors to build their paired values 458: for (uint256 i = 0; i < targets.length; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L441-L458 ```solidity File: governance/contracts/multisigs/GuardCM.sol 495: function setBridgeMediatorChainIds( 496: address[] memory bridgeMediatorL1s, 497: address[] memory bridgeMediatorL2s, 498: uint256[] memory chainIds 499: ) external { 500: // Check for the ownership 501: if (msg.sender != owner) { 502: revert OwnerOnly(msg.sender, owner); 503: } 504: 505: // Check for array correctness 506: if (bridgeMediatorL1s.length != bridgeMediatorL2s.length || bridgeMediatorL1s.length != chainIds.length) { 507: revert WrongArrayLength(bridgeMediatorL1s.length, bridgeMediatorL2s.length, chainIds.length, chainIds.length); 508: } 509: 510: // Link L1 and L2 bridge mediators, set L2 chain Ids 511: for (uint256 i = 0; i < chainIds.length; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L495-L511 ```solidity File: registries/contracts/UnitRegistry.sol 49: function create(address unitOwner, bytes32 unitHash, uint32[] memory dependencies) 50: external virtual returns (uint256 unitId) 51: { 52: // Reentrancy guard 53: if (_locked > 1) { 54: revert ReentrancyGuard(); 55: } 56: _locked = 2; 57: 58: // Check for the manager privilege for a unit creation 59: if (manager != msg.sender) { 60: revert ManagerOnly(msg.sender, manager); 61: } 62: 63: // Checks for a non-zero owner address 64: if(unitOwner == address(0)) { 65: revert ZeroAddress(); 66: } 67: 68: // Check for the non-zero hash value 69: if (unitHash == 0) { 70: revert ZeroValue(); 71: } 72: 73: // Check for dependencies validity: must be already allocated, must not repeat 74: unitId = totalSupply; 75: _checkDependencies(dependencies, uint32(unitId)); 76: 77: // Unit with Id = 0 is left empty not to do additional checks for the index zero 78: unitId++; 79: 80: // Initialize the unit and mint its token 81: Unit storage unit = mapUnits[unitId]; 82: unit.unitHash = unitHash; 83: unit.dependencies = dependencies; 84: 85: // Update the map of subcomponents with calculated subcomponents for the new unit Id 86: // In order to get the correct set of subcomponents, we need to differentiate between the callers of this function 87: // Self contract (unit registry) can only call subcomponents calculation from the component level 88: uint32[] memory subComponentIds = _calculateSubComponents(UnitType.Component, dependencies); 89: // We need to add a current component Id to the set of subcomponents if the unit is a component 90: // For example, if component 3 (c3) has dependencies of [c1, c2], then the subcomponents will return [c1, c2]. 91: // The resulting set will be [c1, c2, c3]. So we write into the map of component subcomponents: c3=>[c1, c2, c3]. 92: // This is done such that the subcomponents start getting explored, and when the agent calls its subcomponents, 93: // it would have [c1, c2, c3] right away instead of adding c3 manually and then (for services) checking 94: // if another agent also has c3 as a component dependency. The latter will consume additional computation. 95: if (unitType == UnitType.Component) { 96: uint256 numSubComponents = subComponentIds.length; 97: uint32[] memory addSubComponentIds = new uint32[](numSubComponents + 1); 98: for (uint256 i = 0; i < numSubComponents; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L49-L98 ```solidity File: registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol 085: function create( 086: address[] memory owners, 087: uint256 threshold, 088: bytes memory data 089: ) external returns (address multisig) 090: { 091: // Check for the correct data length 092: uint256 dataLength = data.length; 093: if (dataLength < DEFAULT_DATA_LENGTH) { 094: revert IncorrectDataLength(DEFAULT_DATA_LENGTH, data.length); 095: } 096: 097: // Read the proxy multisig address (20 bytes) and the multisig-related data 098: assembly { 099: multisig := mload(add(data, DEFAULT_DATA_LENGTH)) 100: } 101: 102: // Check that the multisig address corresponds to the authorized multisig proxy bytecode hash 103: bytes32 multisigProxyHash = keccak256(multisig.code); 104: if (proxyHash != multisigProxyHash) { 105: revert UnauthorizedMultisig(multisig); 106: } 107: 108: // If provided, read the payload that is going to change the multisig ownership and threshold 109: // The payload is expected to be the `execTransaction()` function call with all its arguments and signature(s) 110: if (dataLength > DEFAULT_DATA_LENGTH) { 111: uint256 payloadLength = dataLength - DEFAULT_DATA_LENGTH; 112: bytes memory payload = new bytes(payloadLength); 113: for (uint256 i = 0; i < payloadLength; ++i) { 114: payload[i] = data[i + DEFAULT_DATA_LENGTH]; 115: } 116: 117: // Call the multisig with the provided payload 118: (bool success, ) = multisig.call(payload); 119: if (!success) { 120: revert MultisigExecFailed(multisig); 121: } 122: } 123: 124: // Get the provided proxy multisig owners and threshold 125: address[] memory checkOwners = IGnosisSafe(multisig).getOwners(); 126: uint256 checkThreshold = IGnosisSafe(multisig).getThreshold(); 127: 128: // Verify updated multisig proxy for provided owners and threshold 129: if (threshold != checkThreshold) { 130: revert WrongThreshold(checkThreshold, threshold); 131: } 132: uint256 numOwners = owners.length; 133: if (numOwners != checkOwners.length) { 134: revert WrongNumOwners(checkOwners.length, numOwners); 135: } 136: // The owners' addresses in the multisig itself are stored in reverse order compared to how they were added: 137: // https://etherscan.io/address/0xd9db270c1b5e3bd161e8c8503c55ceabee709552#code#F6#L56 138: // Thus, the check must be carried out accordingly. 139: for (uint256 i = 0; i < numOwners; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol#L85-L139 ```solidity File: registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol 085: function create( 086: address[] memory owners, 087: uint256 threshold, 088: bytes memory data 089: ) external returns (address multisig) 090: { 091: // Check for the correct data length 092: uint256 dataLength = data.length; 093: if (dataLength < DEFAULT_DATA_LENGTH) { 094: revert IncorrectDataLength(DEFAULT_DATA_LENGTH, data.length); 095: } 096: 097: // Read the proxy multisig address (20 bytes) and the multisig-related data 098: assembly { 099: multisig := mload(add(data, DEFAULT_DATA_LENGTH)) 100: } 101: 102: // Check that the multisig address corresponds to the authorized multisig proxy bytecode hash 103: bytes32 multisigProxyHash = keccak256(multisig.code); 104: if (proxyHash != multisigProxyHash) { 105: revert UnauthorizedMultisig(multisig); 106: } 107: 108: // If provided, read the payload that is going to change the multisig ownership and threshold 109: // The payload is expected to be the `execTransaction()` function call with all its arguments and signature(s) 110: if (dataLength > DEFAULT_DATA_LENGTH) { 111: uint256 payloadLength = dataLength - DEFAULT_DATA_LENGTH; 112: bytes memory payload = new bytes(payloadLength); 113: for (uint256 i = 0; i < payloadLength; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol#L85-L113 ```solidity File: tokenomics/contracts/Depository.sol 244: function close(uint256[] memory productIds) external returns (uint256[] memory closedProductIds) { 245: // Check for the contract ownership 246: if (msg.sender != owner) { 247: revert OwnerOnly(msg.sender, owner); 248: } 249: 250: // Calculate the number of closed products 251: uint256 numProducts = productIds.length; 252: uint256[] memory ids = new uint256[](numProducts); 253: uint256 numClosedProducts; 254: // Traverse to close all possible products 255: for (uint256 i = 0; i < numProducts; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L244-L255 ```solidity File: tokenomics/contracts/Depository.sol 244: function close(uint256[] memory productIds) external returns (uint256[] memory closedProductIds) { 245: // Check for the contract ownership 246: if (msg.sender != owner) { 247: revert OwnerOnly(msg.sender, owner); 248: } 249: 250: // Calculate the number of closed products 251: uint256 numProducts = productIds.length; 252: uint256[] memory ids = new uint256[](numProducts); 253: uint256 numClosedProducts; 254: // Traverse to close all possible products 255: for (uint256 i = 0; i < numProducts; ++i) { 256: uint256 productId = productIds[i]; 257: // Check if the product is still open by getting its supply amount 258: uint256 supply = mapBondProducts[productId].supply; 259: // The supply is greater than zero only if the product is active, otherwise it is already closed 260: if (supply > 0) { 261: // Refund unused OLAS supply from the product if it was not used by the product completely 262: ITokenomics(tokenomics).refundFromBondProgram(supply); 263: address token = mapBondProducts[productId].token; 264: delete mapBondProducts[productId]; 265: 266: ids[numClosedProducts] = productIds[i]; 267: ++numClosedProducts; 268: emit CloseProduct(token, productId, supply); 269: } 270: } 271: 272: // Get the correct array size of closed product Ids 273: closedProductIds = new uint256[](numClosedProducts); 274: for (uint256 i = 0; i < numClosedProducts; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L244-L274 ```solidity File: tokenomics/contracts/Depository.sol 356: function redeem(uint256[] memory bondIds) external returns (uint256 payout) { 357: for (uint256 i = 0; i < bondIds.length; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L356-L357 ```solidity File: tokenomics/contracts/Depository.sol 396: function getProducts(bool active) external view returns (uint256[] memory productIds) { 397: // Calculate the number of existing products 398: uint256 numProducts = productCounter; 399: bool[] memory positions = new bool[](numProducts); 400: uint256 numSelectedProducts; 401: // Traverse to find requested products 402: for (uint256 i = 0; i < numProducts; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L396-L402 ```solidity File: tokenomics/contracts/Depository.sol 396: function getProducts(bool active) external view returns (uint256[] memory productIds) { 397: // Calculate the number of existing products 398: uint256 numProducts = productCounter; 399: bool[] memory positions = new bool[](numProducts); 400: uint256 numSelectedProducts; 401: // Traverse to find requested products 402: for (uint256 i = 0; i < numProducts; ++i) { 403: // Product is always active if its supply is not zero, and inactive otherwise 404: if ((active && mapBondProducts[i].supply > 0) || (!active && mapBondProducts[i].supply == 0)) { 405: positions[i] = true; 406: ++numSelectedProducts; 407: } 408: } 409: 410: // Form active or inactive products index array 411: productIds = new uint256[](numSelectedProducts); 412: uint256 numPos; 413: for (uint256 i = 0; i < numProducts; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L396-L413 ```solidity File: tokenomics/contracts/Depository.sol 435: function getBonds(address account, bool matured) external view 436: returns (uint256[] memory bondIds, uint256 payout) 437: { 438: // Check the address 439: if (account == address(0)) { 440: revert ZeroAddress(); 441: } 442: 443: uint256 numAccountBonds; 444: // Calculate the number of pending bonds 445: uint256 numBonds = bondCounter; 446: bool[] memory positions = new bool[](numBonds); 447: // Record the bond number if it belongs to the account address and was not yet redeemed 448: for (uint256 i = 0; i < numBonds; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L435-L448 ```solidity File: tokenomics/contracts/Depository.sol 435: function getBonds(address account, bool matured) external view 436: returns (uint256[] memory bondIds, uint256 payout) 437: { 438: // Check the address 439: if (account == address(0)) { 440: revert ZeroAddress(); 441: } 442: 443: uint256 numAccountBonds; 444: // Calculate the number of pending bonds 445: uint256 numBonds = bondCounter; 446: bool[] memory positions = new bool[](numBonds); 447: // Record the bond number if it belongs to the account address and was not yet redeemed 448: for (uint256 i = 0; i < numBonds; ++i) { 449: // Check if the bond belongs to the account 450: // If not and the address is zero, the bond was redeemed or never existed 451: if (mapUserBonds[i].account == account) { 452: // Check if requested bond is not matured but owned by the account address 453: if (!matured || 454: // Or if the requested bond is matured, i.e., the bond maturity timestamp passed 455: block.timestamp >= mapUserBonds[i].maturity) 456: { 457: positions[i] = true; 458: ++numAccountBonds; 459: // The payout is always bigger than zero if the bond exists 460: payout += mapUserBonds[i].payout; 461: } 462: } 463: } 464: 465: // Form pending bonds index array 466: bondIds = new uint256[](numAccountBonds); 467: uint256 numPos; 468: for (uint256 i = 0; i < numBonds; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L435-L468 ```solidity File: tokenomics/contracts/DonatorBlacklist.sol 56: function setDonatorsStatuses(address[] memory accounts, bool[] memory statuses) external returns (bool success) { 57: // Check for the contract ownership 58: if (msg.sender != owner) { 59: revert OwnerOnly(msg.sender, owner); 60: } 61: 62: // Check for the array length 63: if (accounts.length != statuses.length) { 64: revert WrongArrayLength(accounts.length, statuses.length); 65: } 66: 67: for (uint256 i = 0; i < accounts.length; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/DonatorBlacklist.sol#L56-L67 ```solidity File: tokenomics/contracts/Tokenomics.sol 788: function trackServiceDonations( 789: address donator, 790: uint256[] memory serviceIds, 791: uint256[] memory amounts, 792: uint256 donationETH 793: ) external { 794: // Check for the treasury access 795: if (treasury != msg.sender) { 796: revert ManagerOnly(msg.sender, treasury); 797: } 798: 799: // Check if the donator blacklist is enabled, and the status of the donator address 800: address bList = donatorBlacklist; 801: if (bList != address(0) && IDonatorBlacklist(bList).isDonatorBlacklisted(donator)) { 802: revert DonatorBlacklisted(donator); 803: } 804: 805: // Get the number of services 806: uint256 numServices = serviceIds.length; 807: // Loop over service Ids, accumulate donation value and check for the service existence 808: for (uint256 i = 0; i < numServices; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L788-L808 ```solidity File: tokenomics/contracts/Tokenomics.sol 880: function checkpoint() external returns (bool) { 881: // Get the implementation address that was written to the proxy contract 882: address implementation; 883: assembly { 884: implementation := sload(PROXY_TOKENOMICS) 885: } 886: // Check if there is any address in the PROXY_TOKENOMICS address slot 887: if (implementation == address(0)) { 888: revert DelegatecallOnly(); 889: } 890: 891: // Check the last donation block number to avoid the possibility of a flash loan attack 892: if (lastDonationBlockNumber == block.number) { 893: revert SameBlockNumberViolation(); 894: } 895: 896: // New point can be calculated only if we passed the number of blocks equal to the epoch length 897: uint256 prevEpochTime = mapEpochTokenomics[epochCounter - 1].epochPoint.endTime; 898: uint256 diffNumSeconds = block.timestamp - prevEpochTime; 899: uint256 curEpochLen = epochLen; 900: // Check if the time passed since the last epoch end time is bigger than the specified epoch length, 901: // but not bigger than a year in seconds 902: if (diffNumSeconds < curEpochLen || diffNumSeconds > ONE_YEAR) { 903: return false; 904: } 905: 906: uint256 eCounter = epochCounter; 907: TokenomicsPoint storage tp = mapEpochTokenomics[eCounter]; 908: 909: // 0: total incentives funded with donations in ETH, that are split between: 910: // 1: treasuryRewards, 2: componentRewards, 3: agentRewards 911: // OLAS inflation is split between: 912: // 4: maxBond, 5: component ownerTopUps, 6: agent ownerTopUps 913: uint256[] memory incentives = new uint256[](7); 914: incentives[0] = tp.epochPoint.totalDonationsETH; 915: incentives[1] = (incentives[0] * tp.epochPoint.rewardTreasuryFraction) / 100; 916: // 0 stands for components and 1 for agents 917: incentives[2] = (incentives[0] * tp.unitPoints[0].rewardUnitFraction) / 100; 918: incentives[3] = (incentives[0] * tp.unitPoints[1].rewardUnitFraction) / 100; 919: 920: // The actual inflation per epoch considering that it is settled not in the exact epochLen time, but a bit later 921: uint256 inflationPerEpoch; 922: // Record the current inflation per second 923: uint256 curInflationPerSecond = inflationPerSecond; 924: // Current year 925: uint256 numYears = (block.timestamp - timeLaunch) / ONE_YEAR; 926: // Amounts for the yearly inflation change from year to year, so if the year changes in the middle 927: // of the epoch, it is necessary to adjust epoch inflation numbers to account for the year change 928: if (numYears > currentYear) { 929: // Calculate remainder of inflation for the passing year 930: // End of the year timestamp 931: uint256 yearEndTime = timeLaunch + numYears * ONE_YEAR; 932: // Initial inflation per epoch during the end of the year minus previous epoch timestamp 933: inflationPerEpoch = (yearEndTime - prevEpochTime) * curInflationPerSecond; 934: // Recalculate the inflation per second based on the new inflation for the current year 935: curInflationPerSecond = getInflationForYear(numYears) / ONE_YEAR; 936: // Add the remainder of inflation amount for this epoch based on a new inflation per second ratio 937: inflationPerEpoch += (block.timestamp - yearEndTime) * curInflationPerSecond; 938: // Updating state variables 939: inflationPerSecond = uint96(curInflationPerSecond); 940: currentYear = uint8(numYears); 941: // Set the tokenomics parameters flag such that the maxBond is correctly updated below (3rd bit is set to one) 942: tokenomicsParametersUpdated = tokenomicsParametersUpdated | 0x04; 943: } else { 944: // Inflation per epoch is equal to the inflation per second multiplied by the actual time of the epoch 945: inflationPerEpoch = curInflationPerSecond * diffNumSeconds; 946: } 947: 948: // Bonding and top-ups in OLAS are recalculated based on the inflation schedule per epoch 949: // Actual maxBond of the epoch 950: tp.epochPoint.totalTopUpsOLAS = uint96(inflationPerEpoch); 951: incentives[4] = (inflationPerEpoch * tp.epochPoint.maxBondFraction) / 100; 952: 953: // Get the maxBond that was credited to effectiveBond during this settled epoch 954: // If the year changes, the maxBond for the next epoch is updated in the condition below and will be used 955: // later when the effectiveBond is updated for the next epoch 956: uint256 curMaxBond = maxBond; 957: 958: // Effective bond accumulates bonding leftovers from previous epochs (with the last max bond value set) 959: // It is given the value of the maxBond for the next epoch as a credit 960: // The difference between recalculated max bond per epoch and maxBond value must be reflected in effectiveBond, 961: // since the epoch checkpoint delay was not accounted for initially 962: // This has to be always true, or incentives[4] == curMaxBond if the epoch is settled exactly at the epochLen time 963: if (incentives[4] > curMaxBond) { 964: // Adjust the effectiveBond 965: incentives[4] = effectiveBond + incentives[4] - curMaxBond; 966: effectiveBond = uint96(incentives[4]); 967: } 968: 969: // Get the tokenomics point of the next epoch 970: TokenomicsPoint storage nextEpochPoint = mapEpochTokenomics[eCounter + 1]; 971: // Update incentive fractions for the next epoch if they were requested by the changeIncentiveFractions() function 972: // Check if the second bit is set to one 973: if (tokenomicsParametersUpdated & 0x02 == 0x02) { 974: // Confirm the change of incentive fractions 975: emit IncentiveFractionsUpdated(eCounter + 1); 976: } else { 977: // Copy current tokenomics point into the next one such that it has necessary tokenomics parameters 978: for (uint256 i = 0; i < 2; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L880-L978 ```solidity File: tokenomics/contracts/Tokenomics.sol 1085: function accountOwnerIncentives(address account, uint256[] memory unitTypes, uint256[] memory unitIds) external 1086: returns (uint256 reward, uint256 topUp) 1087: { 1088: // Check for the dispenser access 1089: if (dispenser != msg.sender) { 1090: revert ManagerOnly(msg.sender, dispenser); 1091: } 1092: 1093: // Check array lengths 1094: if (unitTypes.length != unitIds.length) { 1095: revert WrongArrayLength(unitTypes.length, unitIds.length); 1096: } 1097: 1098: // Component / agent registry addresses 1099: address[] memory registries = new address[](2); 1100: (registries[0], registries[1]) = (componentRegistry, agentRegistry); 1101: 1102: // Component / agent total supply 1103: uint256[] memory registriesSupply = new uint256[](2); 1104: for (uint256 i = 0; i < 2; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1085-L1104 ```solidity File: tokenomics/contracts/Tokenomics.sol 1085: function accountOwnerIncentives(address account, uint256[] memory unitTypes, uint256[] memory unitIds) external 1086: returns (uint256 reward, uint256 topUp) 1087: { 1088: // Check for the dispenser access 1089: if (dispenser != msg.sender) { 1090: revert ManagerOnly(msg.sender, dispenser); 1091: } 1092: 1093: // Check array lengths 1094: if (unitTypes.length != unitIds.length) { 1095: revert WrongArrayLength(unitTypes.length, unitIds.length); 1096: } 1097: 1098: // Component / agent registry addresses 1099: address[] memory registries = new address[](2); 1100: (registries[0], registries[1]) = (componentRegistry, agentRegistry); 1101: 1102: // Component / agent total supply 1103: uint256[] memory registriesSupply = new uint256[](2); 1104: for (uint256 i = 0; i < 2; ++i) { 1105: registriesSupply[i] = IToken(registries[i]).totalSupply(); 1106: } 1107: 1108: // Check the input data 1109: uint256[] memory lastIds = new uint256[](2); 1110: for (uint256 i = 0; i < unitIds.length; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1085-L1110 ```solidity File: tokenomics/contracts/Tokenomics.sol 1085: function accountOwnerIncentives(address account, uint256[] memory unitTypes, uint256[] memory unitIds) external 1086: returns (uint256 reward, uint256 topUp) 1087: { 1088: // Check for the dispenser access 1089: if (dispenser != msg.sender) { 1090: revert ManagerOnly(msg.sender, dispenser); 1091: } 1092: 1093: // Check array lengths 1094: if (unitTypes.length != unitIds.length) { 1095: revert WrongArrayLength(unitTypes.length, unitIds.length); 1096: } 1097: 1098: // Component / agent registry addresses 1099: address[] memory registries = new address[](2); 1100: (registries[0], registries[1]) = (componentRegistry, agentRegistry); 1101: 1102: // Component / agent total supply 1103: uint256[] memory registriesSupply = new uint256[](2); 1104: for (uint256 i = 0; i < 2; ++i) { 1105: registriesSupply[i] = IToken(registries[i]).totalSupply(); 1106: } 1107: 1108: // Check the input data 1109: uint256[] memory lastIds = new uint256[](2); 1110: for (uint256 i = 0; i < unitIds.length; ++i) { 1111: // Check for the unit type to be component / agent only 1112: if (unitTypes[i] > 1) { 1113: revert Overflow(unitTypes[i], 1); 1114: } 1115: 1116: // Check that the unit Ids are in ascending order, not repeating, and no bigger than registries total supply 1117: if (unitIds[i] <= lastIds[unitTypes[i]] || unitIds[i] > registriesSupply[unitTypes[i]]) { 1118: revert WrongUnitId(unitIds[i], unitTypes[i]); 1119: } 1120: lastIds[unitTypes[i]] = unitIds[i]; 1121: 1122: // Check the component / agent Id ownership 1123: address unitOwner = IToken(registries[unitTypes[i]]).ownerOf(unitIds[i]); 1124: if (unitOwner != account) { 1125: revert OwnerOnly(unitOwner, account); 1126: } 1127: } 1128: 1129: // Get the current epoch counter 1130: uint256 curEpoch = epochCounter; 1131: 1132: for (uint256 i = 0; i < unitIds.length; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1085-L1132 ```solidity File: tokenomics/contracts/Tokenomics.sol 1160: function getOwnerIncentives(address account, uint256[] memory unitTypes, uint256[] memory unitIds) external view 1161: returns (uint256 reward, uint256 topUp) 1162: { 1163: // Check array lengths 1164: if (unitTypes.length != unitIds.length) { 1165: revert WrongArrayLength(unitTypes.length, unitIds.length); 1166: } 1167: 1168: // Component / agent registry addresses 1169: address[] memory registries = new address[](2); 1170: (registries[0], registries[1]) = (componentRegistry, agentRegistry); 1171: 1172: // Component / agent total supply 1173: uint256[] memory registriesSupply = new uint256[](2); 1174: for (uint256 i = 0; i < 2; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1160-L1174 ```solidity File: tokenomics/contracts/Tokenomics.sol 1160: function getOwnerIncentives(address account, uint256[] memory unitTypes, uint256[] memory unitIds) external view 1161: returns (uint256 reward, uint256 topUp) 1162: { 1163: // Check array lengths 1164: if (unitTypes.length != unitIds.length) { 1165: revert WrongArrayLength(unitTypes.length, unitIds.length); 1166: } 1167: 1168: // Component / agent registry addresses 1169: address[] memory registries = new address[](2); 1170: (registries[0], registries[1]) = (componentRegistry, agentRegistry); 1171: 1172: // Component / agent total supply 1173: uint256[] memory registriesSupply = new uint256[](2); 1174: for (uint256 i = 0; i < 2; ++i) { 1175: registriesSupply[i] = IToken(registries[i]).totalSupply(); 1176: } 1177: 1178: // Check the input data 1179: uint256[] memory lastIds = new uint256[](2); 1180: for (uint256 i = 0; i < unitIds.length; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1160-L1180 ```solidity File: tokenomics/contracts/Tokenomics.sol 1160: function getOwnerIncentives(address account, uint256[] memory unitTypes, uint256[] memory unitIds) external view 1161: returns (uint256 reward, uint256 topUp) 1162: { 1163: // Check array lengths 1164: if (unitTypes.length != unitIds.length) { 1165: revert WrongArrayLength(unitTypes.length, unitIds.length); 1166: } 1167: 1168: // Component / agent registry addresses 1169: address[] memory registries = new address[](2); 1170: (registries[0], registries[1]) = (componentRegistry, agentRegistry); 1171: 1172: // Component / agent total supply 1173: uint256[] memory registriesSupply = new uint256[](2); 1174: for (uint256 i = 0; i < 2; ++i) { 1175: registriesSupply[i] = IToken(registries[i]).totalSupply(); 1176: } 1177: 1178: // Check the input data 1179: uint256[] memory lastIds = new uint256[](2); 1180: for (uint256 i = 0; i < unitIds.length; ++i) { 1181: // Check for the unit type to be component / agent only 1182: if (unitTypes[i] > 1) { 1183: revert Overflow(unitTypes[i], 1); 1184: } 1185: 1186: // Check that the unit Ids are in ascending order, not repeating, and no bigger than registries total supply 1187: if (unitIds[i] <= lastIds[unitTypes[i]] || unitIds[i] > registriesSupply[unitTypes[i]]) { 1188: revert WrongUnitId(unitIds[i], unitTypes[i]); 1189: } 1190: lastIds[unitTypes[i]] = unitIds[i]; 1191: 1192: // Check the component / agent Id ownership 1193: address unitOwner = IToken(registries[unitTypes[i]]).ownerOf(unitIds[i]); 1194: if (unitOwner != account) { 1195: revert OwnerOnly(unitOwner, account); 1196: } 1197: } 1198: 1199: // Get the current epoch counter 1200: uint256 curEpoch = epochCounter; 1201: 1202: for (uint256 i = 0; i < unitIds.length; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1160-L1202 ```solidity File: tokenomics/contracts/TokenomicsConstants.sol 30: function getSupplyCapForYear(uint256 numYears) public pure returns (uint256 supplyCap) { 31: // For the first 10 years the supply caps are pre-defined 32: if (numYears < 10) { 33: uint96[10] memory supplyCaps = [ 34: 529_659_000_00e16, 35: 569_913_084_00e16, 36: 641_152_219_50e16, 37: 708_500_141_72e16, 38: 771_039_876_00e16, 39: 828_233_282_97e16, 40: 879_860_040_11e16, 41: 925_948_139_65e16, 42: 966_706_331_40e16, 43: 1_000_000_000e18 44: ]; 45: supplyCap = supplyCaps[numYears]; 46: } else { 47: // Number of years after ten years have passed (including ongoing ones) 48: numYears -= 9; 49: // Max cap for the first 10 years 50: supplyCap = 1_000_000_000e18; 51: // After that the inflation is 2% per year as defined by the OLAS contract 52: uint256 maxMintCapFraction = 2; 53: 54: // Get the supply cap until the current year 55: for (uint256 i = 0; i < numYears; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsConstants.sol#L30-L55 ```solidity File: tokenomics/contracts/TokenomicsConstants.sol 66: function getInflationForYear(uint256 numYears) public pure returns (uint256 inflationAmount) { 67: // For the first 10 years the inflation caps are pre-defined as differences between next year cap and current year one 68: if (numYears < 10) { 69: // Initial OLAS allocation is 526_500_000_0e17 70: uint88[10] memory inflationAmounts = [ 71: 3_159_000_00e16, 72: 40_254_084_00e16, 73: 71_239_135_50e16, 74: 67_347_922_22e16, 75: 62_539_734_28e16, 76: 57_193_406_97e16, 77: 51_626_757_14e16, 78: 46_088_099_54e16, 79: 40_758_191_75e16, 80: 33_293_668_60e16 81: ]; 82: inflationAmount = inflationAmounts[numYears]; 83: } else { 84: // Number of years after ten years have passed (including ongoing ones) 85: numYears -= 9; 86: // Max cap for the first 10 years 87: uint256 supplyCap = 1_000_000_000e18; 88: // After that the inflation is 2% per year as defined by the OLAS contract 89: uint256 maxMintCapFraction = 2; 90: 91: // Get the supply cap until the year before the current year 92: for (uint256 i = 1; i < numYears; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsConstants.sol#L66-L92 ```solidity File: tokenomics/contracts/Treasury.sol 257: function depositServiceDonationsETH(uint256[] memory serviceIds, uint256[] memory amounts) external payable { 258: // Reentrancy guard 259: if (_locked > 1) { 260: revert ReentrancyGuard(); 261: } 262: _locked = 2; 263: 264: // Check that the amount donated has at least a practical minimal value 265: if (msg.value < minAcceptedETH) { 266: revert LowerThan(msg.value, minAcceptedETH); 267: } 268: 269: // Check for the same length of arrays 270: uint256 numServices = serviceIds.length; 271: if (amounts.length != numServices) { 272: revert WrongArrayLength(numServices, amounts.length); 273: } 274: 275: uint256 totalAmount; 276: for (uint256 i = 0; i < numServices; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L257-L276 ### [L-04] External call `recipient` may consume all transaction gas (gas griefing) There is no limit specified on the amount of gas used, so the recipient can use up all of the transaction's gas, causing it to revert. Use `addr.call{ gas: }("")` or [this](https://github.com/nomad-xyz/ExcessivelySafeCall) library instead. *There are 5 instance(s) of this issue:* ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol 160: (bool success, ) = target.call{value: value}(payload); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L160-L160 ```solidity File: governance/contracts/bridges/HomeMediator.sol 160: (bool success, ) = target.call{value: value}(payload); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L160-L160 ```solidity File: registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol 118: (bool success, ) = multisig.call(payload); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol#L118-L118 ```solidity File: tokenomics/contracts/Treasury.sol 339: (success, ) = to.call{value: tokenAmount}(""); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L339-L339 ```solidity File: tokenomics/contracts/Treasury.sol 406: (success, ) = account.call{value: accountRewards}(""); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L406-L406 ### [L-05] Missing checks in constructor There are some missing checks in these functions, and this could lead to unexpected scenarios. Consider always adding a sanity check for state variables. *There are 3 instance(s) of this issue:* ```solidity File: governance/contracts/veOLAS.sol //@audit _name, _symbol, are not checked 132: constructor(address _token, string memory _name, string memory _symbol) 133: { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L132-L133 ```solidity File: registries/contracts/AgentRegistry.sol //@audit _baseURI, are not checked 20: constructor(string memory _name, string memory _symbol, string memory _baseURI, address _componentRegistry) 21: UnitRegistry(UnitType.Agent) 22: ERC721(_name, _symbol) 23: { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/AgentRegistry.sol#L20-L23 ```solidity File: registries/contracts/ComponentRegistry.sol //@audit _baseURI, are not checked 16: constructor(string memory _name, string memory _symbol, string memory _baseURI) 17: UnitRegistry(UnitType.Component) 18: ERC721(_name, _symbol) 19: { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/ComponentRegistry.sol#L16-L19 ### [L-06] Division before multiplication can lead to precision errors Because Solidity integer division may truncate, it is often preferable to do multiplication before division to prevent precision loss. *There are 4 instance(s) of this issue:* ```solidity File: governance/contracts/veOLAS.sol 231: uint64 tStep = (lastCheckpoint / WEEK) * WEEK; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L231-L231 ```solidity File: governance/contracts/veOLAS.sol 433: unlockTime = ((block.timestamp + unlockTime) / WEEK) * WEEK; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L433-L433 ```solidity File: governance/contracts/veOLAS.sol 487: unlockTime = ((block.timestamp + unlockTime) / WEEK) * WEEK; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L487-L487 ```solidity File: governance/contracts/veOLAS.sol 692: uint64 tStep = (lastPoint.ts / WEEK) * WEEK; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L692-L692 ### [L-07] Double type casts create complexity within the code Double type casting should be avoided in Solidity contracts to prevent unintended consequences and ensure accurate data representation. Performing multiple type casts in succession can lead to unexpected truncation, rounding errors, or loss of precision, potentially compromising the contract's functionality and reliability. Furthermore, double type casting can make the code less readable and harder to maintain, increasing the likelihood of errors and misunderstandings during development and debugging. To ensure precise and consistent data handling, developers should use appropriate data types and avoid unnecessary or excessive type casting, promoting a more robust and dependable contract execution. *There are 10 instance(s) of this issue:* ```solidity File: governance/contracts/multisigs/GuardCM.sol 194: targetSelectorChainId |= uint256(uint32(bytes4(data))) << 160; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L194-L194 ```solidity File: governance/contracts/multisigs/GuardCM.sol 478: targetSelectorChainId |= uint256(uint32(selectors[i])) << 160; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L478-L478 ```solidity File: governance/contracts/multisigs/GuardCM.sol 586: targetSelectorChainId |= uint256(uint32(selector)) << 160; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L586-L586 ```solidity File: governance/contracts/veOLAS.sol 190: uOld.bias = uOld.slope * int128(uint128(oldLocked.endTime - uint64(block.timestamp))); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L190-L190 ```solidity File: governance/contracts/veOLAS.sol 194: uNew.bias = uNew.slope * int128(uint128(newLocked.endTime - uint64(block.timestamp))); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L194-L194 ```solidity File: governance/contracts/veOLAS.sol 245: lastPoint.bias -= lastPoint.slope * int128(int64(tStep - lastCheckpoint)); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L245-L245 ```solidity File: governance/contracts/veOLAS.sol 599: vBalance = uint256(int256(uPoint.bias)); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L599-L599 ```solidity File: governance/contracts/veOLAS.sol 680: uPoint.bias -= uPoint.slope * int128(int64(uint64(blockTime)) - int64(uPoint.ts)); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L680-L680 ```solidity File: governance/contracts/veOLAS.sol 682: balance = uint256(uint128(uPoint.bias)); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L682-L682 ```solidity File: governance/contracts/veOLAS.sol 713: vSupply = uint256(uint128(lastPoint.bias)); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L713-L713 ### [L-08] `external` calls in an un-bounded loop may result in a DOS Consider limiting the number of iterations in loops that make external calls *There are 12 instance(s) of this issue:* ```solidity File: tokenomics/contracts/Depository.sol 262: ITokenomics(tokenomics).refundFromBondProgram(supply); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L262-L262 ```solidity File: tokenomics/contracts/Tokenomics.sol 708: address serviceOwner = IToken(serviceRegistry).ownerOf(serviceIds[i]); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L708-L708 ```solidity File: tokenomics/contracts/Tokenomics.sol 709: topUpEligible = (IVotingEscrow(ve).getVotes(serviceOwner) >= veOLASThreshold || ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L709-L709 ```solidity File: tokenomics/contracts/Tokenomics.sol 710: IVotingEscrow(ve).getVotes(donator) >= veOLASThreshold) ? true : false; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L710-L710 ```solidity File: tokenomics/contracts/Tokenomics.sol 716: (uint256 numServiceUnits, uint32[] memory serviceUnitIds) = IServiceRegistry(serviceRegistry). ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L716-L716 ```solidity File: tokenomics/contracts/Tokenomics.sol 717: getUnitIdsOfService(IServiceRegistry.UnitType(unitType), serviceIds[i]); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L717-L717 ```solidity File: tokenomics/contracts/Tokenomics.sol 765: address unitOwner = IToken(registries[unitType]).ownerOf(serviceUnitIds[j]); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L765-L765 ```solidity File: tokenomics/contracts/Tokenomics.sol 810: if (!IServiceRegistry(serviceRegistry).exists(serviceIds[i])) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L810-L810 ```solidity File: tokenomics/contracts/Tokenomics.sol 1105: registriesSupply[i] = IToken(registries[i]).totalSupply(); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1105-L1105 ```solidity File: tokenomics/contracts/Tokenomics.sol 1123: address unitOwner = IToken(registries[unitTypes[i]]).ownerOf(unitIds[i]); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1123-L1123 ```solidity File: tokenomics/contracts/Tokenomics.sol 1175: registriesSupply[i] = IToken(registries[i]).totalSupply(); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1175-L1175 ```solidity File: tokenomics/contracts/Tokenomics.sol 1193: address unitOwner = IToken(registries[unitTypes[i]]).ownerOf(unitIds[i]); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1193-L1193 ### [L-09] Constant decimal values The use of fixed decimal values such as 1e18 or 1e8 in Solidity contracts can lead to inaccuracies, bugs, and vulnerabilities, particularly when interacting with tokens having different decimal configurations.Not all ERC20 tokens follow the standard 18 decimal places, and assumptions about decimal places can lead to miscalculations. Always retrieve and use the `decimals()` function from the token contract itself when performing calculations involving token amounts.This ensures that your contract correctly handles tokens with any number of decimal places, mitigating the risk of numerical errors or under / overflows that could jeopardize contract integrity and user funds. *There are 5 instance(s) of this issue:* ```solidity File: governance/contracts/veOLAS.sol 225: block_slope = (1e18 * uint256(block.number - lastPoint.blockNumber)) / uint256(block.timestamp - lastPoint.ts); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L225-L225 ```solidity File: governance/contracts/veOLAS.sol 225: block_slope = (1e18 * uint256(block.number - lastPoint.blockNumber)) / uint256(block.timestamp - lastPoint.ts); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L225-L225 ```solidity File: governance/contracts/veOLAS.sol 258: lastPoint.blockNumber = initialPoint.blockNumber + uint64((block_slope * uint256(tStep - initialPoint.ts)) / 1e18); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L258-L258 ```solidity File: tokenomics/contracts/GenericBondCalculator.sol 89: priceLP = (reserve1 * 1e18) / totalSupply; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/GenericBondCalculator.sol#L89-L89 ```solidity File: tokenomics/contracts/GenericBondCalculator.sol 89: priceLP = (reserve1 * 1e18) / totalSupply; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/GenericBondCalculator.sol#L89-L89 ### [L-10] `image_data` should be used for raw svg The metadata `image` field is for [urls](https://docs.opensea.io/docs/metadata-standards#metadata-structure). See [this](https://opensea.io/collection/neotokyo-outer-citizens) NFT project which properly uses the `image_data` key, and renders nicely on OpenSea. *There are 1 instance(s) of this issue:* ```solidity File: registries/contracts/GenericRegistry.sol 135: function tokenURI(uint256 unitId) public view virtual override returns (string memory) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L135-L135 ### [L-11] Initialization can be front-run The `initialize()` functions are not protected by a modifier, which allow attackers to call this function once the contract is deployed through the proxy. Consider adding modifiers to protect this function or create a contract that both deploy the project and initialize it on the same transaction. *There are 1 instance(s) of this issue:* ```solidity File: tokenomics/contracts/Tokenomics.sol 264: function initializeTokenomics( ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L264-L264 ### [L-12] `internal` Function calls within for loops Making function calls or external calls within loops in Solidity can lead to inefficient gas usage, potential bottlenecks, and increased vulnerability to attacks. Each function call or external call consumes gas, and when executed within a loop, the gas cost multiplies, potentially causing the transaction to run out of gas or exceed block gas limits. This can result in transaction failure or unpredictable behavior. *There are 8 instance(s) of this issue:* ```solidity File: governance/contracts/multisigs/GuardCM.sol 244: _verifyData(target, payload, chainId); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L244-L244 ```solidity File: governance/contracts/multisigs/GuardCM.sol 373: _processBridgeData(callDatas[i], bridgeMediatorL2, chainId); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L373-L373 ```solidity File: governance/contracts/multisigs/GuardCM.sol 376: _verifyData(targets[i], callDatas[i], block.chainid); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L376-L376 ```solidity File: registries/contracts/UnitRegistry.sol 213: components[i] = _getSubComponents(subcomponentsFromType, unitIds[i]); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L213-L213 ```solidity File: tokenomics/contracts/Tokenomics.sol 739: _finalizeIncentivesForUnitId(lastEpoch, unitType, serviceUnitIds[j]); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L739-L739 ```solidity File: tokenomics/contracts/Tokenomics.sol 739: _finalizeIncentivesForUnitId(lastEpoch, unitType, serviceUnitIds[j]); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L739-L739 ```solidity File: tokenomics/contracts/Tokenomics.sol 739: _finalizeIncentivesForUnitId(lastEpoch, unitType, serviceUnitIds[j]); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L739-L739 ```solidity File: tokenomics/contracts/Tokenomics.sol 1139: _finalizeIncentivesForUnitId(lastEpoch, unitTypes[i], unitIds[i]); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1139-L1139 ### [L-13] Loss of precision Division by large numbers may result in the result being zero, due to solidity not supporting fractions. Consider requiring a minimum amount for the numerator to ensure that it is always larger than the denominator *There are 11 instance(s) of this issue:* ```solidity File: governance/contracts/OLAS.sol 101: uint256 numYears = (block.timestamp - timeLaunch) / oneYear; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L101-L101 ```solidity File: governance/contracts/veOLAS.sol 189: uOld.slope = int128(oldLocked.amount) / IMAXTIME; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L189-L189 ```solidity File: governance/contracts/veOLAS.sol 193: uNew.slope = int128(newLocked.amount) / IMAXTIME; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L193-L193 ```solidity File: governance/contracts/veOLAS.sol 225: block_slope = (1e18 * uint256(block.number - lastPoint.blockNumber)) / uint256(block.timestamp - lastPoint.ts); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L225-L225 ```solidity File: governance/contracts/veOLAS.sol 231: uint64 tStep = (lastCheckpoint / WEEK) * WEEK; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L231-L231 ```solidity File: governance/contracts/veOLAS.sol 433: unlockTime = ((block.timestamp + unlockTime) / WEEK) * WEEK; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L433-L433 ```solidity File: governance/contracts/veOLAS.sol 487: unlockTime = ((block.timestamp + unlockTime) / WEEK) * WEEK; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L487-L487 ```solidity File: governance/contracts/veOLAS.sol 692: uint64 tStep = (lastPoint.ts / WEEK) * WEEK; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L692-L692 ```solidity File: tokenomics/contracts/Tokenomics.sol 329: uint256 _inflationPerSecond = getInflationForYear(0) / zeroYearSecondsLeft; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L329-L329 ```solidity File: tokenomics/contracts/Tokenomics.sol 675: totalIncentives = mapUnitIncentives[unitType][unitId].topUp + totalIncentives / sumUnitIncentives; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L675-L675 ```solidity File: tokenomics/contracts/Tokenomics.sol 1224: topUp += totalIncentives / sumUnitIncentives; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1224-L1224 ### [L-14] Missing contract-existence checks before low-level calls Low-level calls return success if there is no code present at the specified address. In addition to the zero-address checks, add a check to verify that `.code.length > 0` *There are 4 instance(s) of this issue:* ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol 160: (bool success, ) = target.call{value: value}(payload); 161: if (!success) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L160-L161 ```solidity File: governance/contracts/bridges/HomeMediator.sol 160: (bool success, ) = target.call{value: value}(payload); 161: if (!success) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L160-L161 ```solidity File: registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol 118: (bool success, ) = multisig.call(payload); 119: if (!success) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol#L118-L119 ```solidity File: tokenomics/contracts/TokenomicsProxy.sol 48: (bool success, ) = tokenomics.delegatecall(tokenomicsData); 49: if (!success) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsProxy.sol#L48-L49 ### [L-15] NFT doesn't handle hard forks When there are hard forks, users often have to go through [many hoops](https://twitter.com/elerium115/status/1558471934924431363) to ensure that they control ownership on every fork. Consider adding `require(1 == chain.chainId)`, or the chain ID of whichever chain you prefer, to the functions below, or at least include the chain ID in the URI, so that there is no confusion about which chain is the owner of the NFT. *There are 1 instance(s) of this issue:* ```solidity File: registries/contracts/GenericRegistry.sol 135: function tokenURI(uint256 unitId) public view virtual override returns (string memory) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L135-L135 ### [L-16] Consider using OpenZeppelin’s SafeCast library to prevent unexpected overflows when casting from various type int/uint values *There are 70 instance(s) of this issue:* ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit `bridgeMediatorL2ChainId` is getting converted from `uint256` to `uint160` 364: address bridgeMediatorL2 = address(uint160(bridgeMediatorL2ChainId)); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L364-L364 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit `bridgeMediatorL2ChainId` is getting converted from `uint256` to `uint160` 603: bridgeMediatorL2 = address(uint160(bridgeMediatorL2ChainId)); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L603-L603 ```solidity File: governance/contracts/veOLAS.sol //@audit `supply` is getting converted from `uint256` to `uint128` 321: _checkpoint(address(0), LockedBalance(0, 0), LockedBalance(0, 0), uint128(supply)); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L321-L321 ```solidity File: governance/contracts/veOLAS.sol //@audit `amount` is getting converted from `uint256` to `uint128` 350: lockedBalance.amount += uint128(amount); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L350-L350 ```solidity File: governance/contracts/veOLAS.sol //@audit `unlockTime` is getting converted from `uint256` to `uint64` 353: lockedBalance.endTime = uint64(unlockTime); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L353-L353 ```solidity File: governance/contracts/veOLAS.sol //@audit `supplyAfter` is getting converted from `uint256` to `uint128` 361: _checkpoint(account, oldLocked, lockedBalance, uint128(supplyAfter)); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L361-L361 ```solidity File: governance/contracts/veOLAS.sol //@audit `supplyAfter` is getting converted from `uint256` to `uint128` 528: _checkpoint(msg.sender, lockedBalance, LockedBalance(0, 0), uint128(supplyAfter)); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L528-L528 ```solidity File: governance/contracts/veOLAS.sol //@audit `ts` is getting converted from `uint64` to `int64` 597: uPoint.bias -= uPoint.slope * int128(int64(ts) - int64(uPoint.ts)); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L597-L597 ```solidity File: governance/contracts/veOLAS.sol //@audit `blockTime` is getting converted from `uint256` to `uint64` 680: uPoint.bias -= uPoint.slope * int128(int64(uint64(blockTime)) - int64(uPoint.ts)); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L680-L680 ```solidity File: governance/contracts/veOLAS.sol //@audit `tStep` is getting converted from `uint64` to `int64` 704: lastPoint.bias -= lastPoint.slope * int128(int64(tStep) - int64(lastPoint.ts)); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L704-L704 ```solidity File: governance/contracts/veOLAS.sol //@audit `ts` is getting converted from `uint256` to `uint64` 740: return _supplyLockedAt(lastPoint, uint64(ts)); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L740-L740 ```solidity File: governance/contracts/veOLAS.sol //@audit `blockTime` is getting converted from `uint256` to `uint64` 755: return _supplyLockedAt(sPoint, uint64(blockTime)); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L755-L755 ```solidity File: registries/contracts/AgentRegistry.sol //@audit `unitId` is getting converted from `uint32` to `uint256` 60: (subComponentIds, ) = IRegistry(componentRegistry).getLocalSubComponents(uint256(unitId)); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/AgentRegistry.sol#L60-L60 ```solidity File: registries/contracts/AgentRegistry.sol //@audit `unitId` is getting converted from `uint32` to `uint256` 62: subComponentIds = mapSubComponents[uint256(unitId)]; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/AgentRegistry.sol#L62-L62 ```solidity File: registries/contracts/ComponentRegistry.sol //@audit `componentId` is getting converted from `uint32` to `uint256` 44: subComponentIds = mapSubComponents[uint256(componentId)]; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/ComponentRegistry.sol#L44-L44 ```solidity File: registries/contracts/UnitRegistry.sol //@audit `unitId` is getting converted from `uint256` to `uint32` 75: _checkDependencies(dependencies, uint32(unitId)); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L75-L75 ```solidity File: registries/contracts/UnitRegistry.sol //@audit `unitId` is getting converted from `uint256` to `uint32` 102: addSubComponentIds[numSubComponents] = uint32(unitId); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L102-L102 ```solidity File: registries/contracts/UnitRegistry.sol //@audit `unitId` is getting converted from `uint256` to `uint256` 185: subComponentIds = mapSubComponents[uint256(unitId)]; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L185-L185 ```solidity File: tokenomics/contracts/Depository.sol //@audit `priceLP` is getting converted from `uint256` to `uint160` 232: mapBondProducts[productId] = Product(uint160(priceLP), uint32(vesting), token, uint96(supply)); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L232-L232 ```solidity File: tokenomics/contracts/Depository.sol //@audit `vesting` is getting converted from `uint256` to `uint32` 232: mapBondProducts[productId] = Product(uint160(priceLP), uint32(vesting), token, uint96(supply)); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L232-L232 ```solidity File: tokenomics/contracts/Depository.sol //@audit `supply` is getting converted from `uint256` to `uint96` 232: mapBondProducts[productId] = Product(uint160(priceLP), uint32(vesting), token, uint96(supply)); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L232-L232 ```solidity File: tokenomics/contracts/Depository.sol //@audit `supply` is getting converted from `uint256` to `uint96` 329: product.supply = uint96(supply); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L329-L329 ```solidity File: tokenomics/contracts/Depository.sol //@audit `payout` is getting converted from `uint256` to `uint96` 333: mapUserBonds[bondId] = Bond(msg.sender, uint96(payout), uint32(maturity), uint32(productId)); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L333-L333 ```solidity File: tokenomics/contracts/Depository.sol //@audit `maturity` is getting converted from `uint256` to `uint32` 333: mapUserBonds[bondId] = Bond(msg.sender, uint96(payout), uint32(maturity), uint32(productId)); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L333-L333 ```solidity File: tokenomics/contracts/Depository.sol //@audit `productId` is getting converted from `uint256` to `uint32` 333: mapUserBonds[bondId] = Bond(msg.sender, uint96(payout), uint32(maturity), uint32(productId)); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L333-L333 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `_epochLen` is getting converted from `uint256` to `uint32` 296: if (uint32(_epochLen) < MIN_EPOCH_LENGTH) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L296-L296 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `_epochLen` is getting converted from `uint256` to `uint32` 301: if (uint32(_epochLen) > ONE_YEAR) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L301-L301 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `_epochLen` is getting converted from `uint256` to `uint32` 311: epochLen = uint32(_epochLen); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L311-L311 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `_inflationPerSecond` is getting converted from `uint256` to `uint96` 330: inflationPerSecond = uint96(_inflationPerSecond); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L330-L330 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `_timeLaunch` is getting converted from `uint256` to `uint32` 331: timeLaunch = uint32(_timeLaunch); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L331-L331 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `_maxBondFraction` is getting converted from `uint256` to `uint8` 361: tp.epochPoint.maxBondFraction = uint8(_maxBondFraction); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L361-L361 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `_maxBond` is getting converted from `uint256` to `uint96` 368: maxBond = uint96(_maxBond); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L368-L368 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `_maxBond` is getting converted from `uint256` to `uint96` 369: effectiveBond = uint96(_maxBond); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L369-L369 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `_devsPerCapital` is getting converted from `uint256` to `uint72` 511: if (uint72(_devsPerCapital) > MIN_PARAM_VALUE) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L511-L511 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `_devsPerCapital` is getting converted from `uint256` to `uint72` 512: devsPerCapital = uint72(_devsPerCapital); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L512-L512 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `_codePerDev` is getting converted from `uint256` to `uint72` 519: if (uint72(_codePerDev) > MIN_PARAM_VALUE) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L519-L519 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `_codePerDev` is getting converted from `uint256` to `uint72` 520: codePerDev = uint72(_codePerDev); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L520-L520 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `_epsilonRate` is getting converted from `uint256` to `uint64` 530: epsilonRate = uint64(_epsilonRate); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L530-L530 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `_epochLen` is getting converted from `uint256` to `uint32` 536: if (uint32(_epochLen) >= MIN_EPOCH_LENGTH && uint32(_epochLen) <= ONE_YEAR) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L536-L536 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `_epochLen` is getting converted from `uint256` to `uint32` 536: if (uint32(_epochLen) >= MIN_EPOCH_LENGTH && uint32(_epochLen) <= ONE_YEAR) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L536-L536 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `_epochLen` is getting converted from `uint256` to `uint32` 537: nextEpochLen = uint32(_epochLen); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L537-L537 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `_veOLASThreshold` is getting converted from `uint256` to `uint96` 543: if (uint96(_veOLASThreshold) > 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L543-L543 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `_veOLASThreshold` is getting converted from `uint256` to `uint96` 544: nextVeOLASThreshold = uint96(_veOLASThreshold); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L544-L544 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `_rewardComponentFraction` is getting converted from `uint256` to `uint8` 589: tp.unitPoints[0].rewardUnitFraction = uint8(_rewardComponentFraction); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L589-L589 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `_rewardAgentFraction` is getting converted from `uint256` to `uint8` 590: tp.unitPoints[1].rewardUnitFraction = uint8(_rewardAgentFraction); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L590-L590 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `_maxBondFraction` is getting converted from `uint256` to `uint8` 594: tp.epochPoint.maxBondFraction = uint8(_maxBondFraction); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L594-L594 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `_topUpComponentFraction` is getting converted from `uint256` to `uint8` 595: tp.unitPoints[0].topUpUnitFraction = uint8(_topUpComponentFraction); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L595-L595 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `_topUpAgentFraction` is getting converted from `uint256` to `uint8` 596: tp.unitPoints[1].topUpUnitFraction = uint8(_topUpAgentFraction); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L596-L596 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `eBond` is getting converted from `uint256` to `uint96` 621: effectiveBond = uint96(eBond); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L621-L621 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `eBond` is getting converted from `uint256` to `uint96` 642: effectiveBond = uint96(eBond); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L642-L642 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `totalIncentives` is getting converted from `uint256` to `uint96` 660: mapUnitIncentives[unitType][unitId].reward = uint96(totalIncentives); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L660-L660 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `totalIncentives` is getting converted from `uint256` to `uint96` 676: mapUnitIncentives[unitType][unitId].topUp = uint96(totalIncentives); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L676-L676 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `curEpoch` is getting converted from `uint256` to `uint32` 733: mapUnitIncentives[unitType][serviceUnitIds[j]].lastEpoch = uint32(curEpoch); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L733-L733 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `curEpoch` is getting converted from `uint256` to `uint32` 741: mapUnitIncentives[unitType][serviceUnitIds[j]].lastEpoch = uint32(curEpoch); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L741-L741 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `donationETH` is getting converted from `uint256` to `uint96` 818: mapEpochTokenomics[curEpoch].epochPoint.totalDonationsETH = uint96(donationETH); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L818-L818 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `curInflationPerSecond` is getting converted from `uint256` to `uint96` 939: inflationPerSecond = uint96(curInflationPerSecond); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L939-L939 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `numYears` is getting converted from `uint256` to `uint8` 940: currentYear = uint8(numYears); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L940-L940 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `inflationPerEpoch` is getting converted from `uint256` to `uint96` 950: tp.epochPoint.totalTopUpsOLAS = uint96(inflationPerEpoch); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L950-L950 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `curEpochLen` is getting converted from `uint256` to `uint32` 991: epochLen = uint32(curEpochLen); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L991-L991 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `curMaxBond` is getting converted from `uint256` to `uint96` 1025: maxBond = uint96(curMaxBond); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1025-L1025 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `curMaxBond` is getting converted from `uint256` to `uint96` 1032: maxBond = uint96(curMaxBond); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1032-L1032 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `curMaxBond` is getting converted from `uint256` to `uint96` 1038: effectiveBond = uint96(curMaxBond); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1038-L1038 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `idf` is getting converted from `uint256` to `uint64` 1044: nextEpochPoint.epochPoint.idf = uint64(idf); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1044-L1044 ```solidity File: tokenomics/contracts/Treasury.sol //@audit `amount` is getting converted from `uint256` to `uint96` 131: ETHOwned = uint96(amount); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L131-L131 ```solidity File: tokenomics/contracts/Treasury.sol //@audit `_minAcceptedETH` is getting converted from `uint256` to `uint96` 198: minAcceptedETH = uint96(_minAcceptedETH); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L198-L198 ```solidity File: tokenomics/contracts/Treasury.sol //@audit `donationETH` is getting converted from `uint256` to `uint96` 294: ETHFromServices = uint96(donationETH); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L294-L294 ```solidity File: tokenomics/contracts/Treasury.sol //@audit `amountOwned` is getting converted from `uint256` to `uint96` 336: ETHOwned = uint96(amountOwned); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L336-L336 ```solidity File: tokenomics/contracts/Treasury.sol //@audit `amountETHFromServices` is getting converted from `uint256` to `uint96` 404: ETHFromServices = uint96(amountETHFromServices); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L404-L404 ```solidity File: tokenomics/contracts/Treasury.sol //@audit `amountETHOwned` is getting converted from `uint256` to `uint96` 450: ETHOwned = uint96(amountETHOwned); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L450-L450 ```solidity File: tokenomics/contracts/Treasury.sol //@audit `amountETHFromServices` is getting converted from `uint256` to `uint96` 451: ETHFromServices = uint96(amountETHFromServices); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L451-L451 ### [L-17] Setters should have initial value check Setters should have initial value check to prevent assigning wrong value to the variable. Assginment of wrong value can lead to unexpected behavior of the contract. *There are 2 instance(s) of this issue:* ```solidity File: governance/contracts/wveOLAS.sol 170: function mapSlopeChanges(uint64 ts) external view returns (int128 slopeChange) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L170-L170 ```solidity File: registries/contracts/UnitRegistry.sol 171: function getUpdatedHashes(uint256 unitId) external view virtual ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L171-L171 ### [L-18] Int casting `block.timestamp` can reduce the lifespan of a contract Consider removing casting to ensure future functionality. *There are 9 instance(s) of this issue:* ```solidity File: governance/contracts/veOLAS.sol 139: mapSupplyPoints[0] = PointVoting(0, 0, uint64(block.timestamp), uint64(block.number), 0); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L139-L139 ```solidity File: governance/contracts/veOLAS.sol 190: uOld.bias = uOld.slope * int128(uint128(oldLocked.endTime - uint64(block.timestamp))); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L190-L190 ```solidity File: governance/contracts/veOLAS.sol 194: uNew.bias = uNew.slope * int128(uint128(newLocked.endTime - uint64(block.timestamp))); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L194-L194 ```solidity File: governance/contracts/veOLAS.sol 215: lastPoint = PointVoting(0, 0, uint64(block.timestamp), uint64(block.number), 0); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L215-L215 ```solidity File: governance/contracts/veOLAS.sol 241: tStep = uint64(block.timestamp); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L241-L241 ```solidity File: governance/contracts/veOLAS.sol 312: uNew.ts = uint64(block.timestamp); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L312-L312 ```solidity File: governance/contracts/veOLAS.sol 634: return _balanceOfLocked(account, uint64(block.timestamp)); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L634-L634 ```solidity File: tokenomics/contracts/Tokenomics.sol 334: mapEpochTokenomics[0].epochPoint.endTime = uint32(block.timestamp); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L334-L334 ```solidity File: tokenomics/contracts/Tokenomics.sol 1005: tp.epochPoint.endTime = uint32(block.timestamp); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1005-L1005 ### [L-19] Unsafe downcast When a type is downcast to a smaller type, the higher order bits are truncated, effectively applying a modulo to the original value. Without any other checks, this wrapping will lead to unexpected behavior and bugs *There are 46 instance(s) of this issue:* ```solidity File: governance/contracts/veOLAS.sol //@audit converting from `uint256` to `uint64` 139: mapSupplyPoints[0] = PointVoting(0, 0, uint64(block.timestamp), uint64(block.number), 0); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L139-L139 ```solidity File: governance/contracts/veOLAS.sol //@audit converting from `uint256` to `uint64` 215: lastPoint = PointVoting(0, 0, uint64(block.timestamp), uint64(block.number), 0); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L215-L215 ```solidity File: governance/contracts/veOLAS.sol //@audit converting from `uint256` to `uint64` 266: lastPoint.blockNumber = uint64(block.number); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L266-L266 ```solidity File: governance/contracts/veOLAS.sol //@audit converting from `uint256` to `uint64` 313: uNew.blockNumber = uint64(block.number); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L313-L313 ```solidity File: governance/contracts/veOLAS.sol //@audit `supply` is getting converted from `uint256` to `uint128` 321: _checkpoint(address(0), LockedBalance(0, 0), LockedBalance(0, 0), uint128(supply)); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L321-L321 ```solidity File: governance/contracts/veOLAS.sol //@audit `supplyAfter` is getting converted from `uint256` to `uint128` 361: _checkpoint(account, oldLocked, lockedBalance, uint128(supplyAfter)); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L361-L361 ```solidity File: governance/contracts/veOLAS.sol //@audit `supplyAfter` is getting converted from `uint256` to `uint128` 528: _checkpoint(msg.sender, lockedBalance, LockedBalance(0, 0), uint128(supplyAfter)); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L528-L528 ```solidity File: governance/contracts/veOLAS.sol //@audit `blockTime` is getting converted from `uint256` to `uint64` 680: uPoint.bias -= uPoint.slope * int128(int64(uint64(blockTime)) - int64(uPoint.ts)); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L680-L680 ```solidity File: governance/contracts/veOLAS.sol //@audit `ts` is getting converted from `uint256` to `uint64` 740: return _supplyLockedAt(lastPoint, uint64(ts)); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L740-L740 ```solidity File: governance/contracts/veOLAS.sol //@audit `blockTime` is getting converted from `uint256` to `uint64` 755: return _supplyLockedAt(sPoint, uint64(blockTime)); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L755-L755 ```solidity File: registries/contracts/UnitRegistry.sol //@audit `unitId` is getting converted from `uint256` to `uint32` 75: _checkDependencies(dependencies, uint32(unitId)); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L75-L75 ```solidity File: registries/contracts/UnitRegistry.sol //@audit `unitId` is getting converted from `uint256` to `uint32` 102: addSubComponentIds[numSubComponents] = uint32(unitId); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L102-L102 ```solidity File: registries/contracts/UnitRegistry.sol //@audit converting from `uint256` to `uint32` 203: uint32 numUnits = uint32(unitIds.length); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L203-L203 ```solidity File: registries/contracts/UnitRegistry.sol //@audit converting from `uint256` to `uint32` 214: numComponents[i] = uint32(components[i].length); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L214-L214 ```solidity File: tokenomics/contracts/Depository.sol //@audit `productId` is getting converted from `uint256` to `uint32` 333: mapUserBonds[bondId] = Bond(msg.sender, uint96(payout), uint32(maturity), uint32(productId)); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L333-L333 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `_epochLen` is getting converted from `uint256` to `uint32` 296: if (uint32(_epochLen) < MIN_EPOCH_LENGTH) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L296-L296 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `_epochLen` is getting converted from `uint256` to `uint32` 301: if (uint32(_epochLen) > ONE_YEAR) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L301-L301 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `_epochLen` is getting converted from `uint256` to `uint32` 311: epochLen = uint32(_epochLen); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L311-L311 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `_inflationPerSecond` is getting converted from `uint256` to `uint96` 330: inflationPerSecond = uint96(_inflationPerSecond); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L330-L330 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `_timeLaunch` is getting converted from `uint256` to `uint32` 331: timeLaunch = uint32(_timeLaunch); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L331-L331 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `_maxBondFraction` is getting converted from `uint256` to `uint8` 361: tp.epochPoint.maxBondFraction = uint8(_maxBondFraction); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L361-L361 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `_maxBond` is getting converted from `uint256` to `uint96` 368: maxBond = uint96(_maxBond); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L368-L368 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `_maxBond` is getting converted from `uint256` to `uint96` 369: effectiveBond = uint96(_maxBond); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L369-L369 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `_devsPerCapital` is getting converted from `uint256` to `uint72` 511: if (uint72(_devsPerCapital) > MIN_PARAM_VALUE) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L511-L511 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `_devsPerCapital` is getting converted from `uint256` to `uint72` 512: devsPerCapital = uint72(_devsPerCapital); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L512-L512 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `_codePerDev` is getting converted from `uint256` to `uint72` 519: if (uint72(_codePerDev) > MIN_PARAM_VALUE) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L519-L519 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `_codePerDev` is getting converted from `uint256` to `uint72` 520: codePerDev = uint72(_codePerDev); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L520-L520 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `_epochLen` is getting converted from `uint256` to `uint32` 536: if (uint32(_epochLen) >= MIN_EPOCH_LENGTH && uint32(_epochLen) <= ONE_YEAR) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L536-L536 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `_epochLen` is getting converted from `uint256` to `uint32` 536: if (uint32(_epochLen) >= MIN_EPOCH_LENGTH && uint32(_epochLen) <= ONE_YEAR) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L536-L536 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `_epochLen` is getting converted from `uint256` to `uint32` 537: nextEpochLen = uint32(_epochLen); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L537-L537 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `_veOLASThreshold` is getting converted from `uint256` to `uint96` 543: if (uint96(_veOLASThreshold) > 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L543-L543 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `_veOLASThreshold` is getting converted from `uint256` to `uint96` 544: nextVeOLASThreshold = uint96(_veOLASThreshold); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L544-L544 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `_rewardComponentFraction` is getting converted from `uint256` to `uint8` 589: tp.unitPoints[0].rewardUnitFraction = uint8(_rewardComponentFraction); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L589-L589 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `_rewardAgentFraction` is getting converted from `uint256` to `uint8` 590: tp.unitPoints[1].rewardUnitFraction = uint8(_rewardAgentFraction); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L590-L590 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `_maxBondFraction` is getting converted from `uint256` to `uint8` 594: tp.epochPoint.maxBondFraction = uint8(_maxBondFraction); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L594-L594 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `_topUpComponentFraction` is getting converted from `uint256` to `uint8` 595: tp.unitPoints[0].topUpUnitFraction = uint8(_topUpComponentFraction); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L595-L595 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `_topUpAgentFraction` is getting converted from `uint256` to `uint8` 596: tp.unitPoints[1].topUpUnitFraction = uint8(_topUpAgentFraction); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L596-L596 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `donationETH` is getting converted from `uint256` to `uint96` 818: mapEpochTokenomics[curEpoch].epochPoint.totalDonationsETH = uint96(donationETH); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L818-L818 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit converting from `uint256` to `uint32` 824: lastDonationBlockNumber = uint32(block.number); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L824-L824 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `curInflationPerSecond` is getting converted from `uint256` to `uint96` 939: inflationPerSecond = uint96(curInflationPerSecond); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L939-L939 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `inflationPerEpoch` is getting converted from `uint256` to `uint96` 950: tp.epochPoint.totalTopUpsOLAS = uint96(inflationPerEpoch); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L950-L950 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `idf` is getting converted from `uint256` to `uint64` 1044: nextEpochPoint.epochPoint.idf = uint64(idf); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1044-L1044 ```solidity File: tokenomics/contracts/Treasury.sol //@audit converting from `uint256` to `uint96` 112: ETHOwned = uint96(address(this).balance); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L112-L112 ```solidity File: tokenomics/contracts/Treasury.sol //@audit `amount` is getting converted from `uint256` to `uint96` 131: ETHOwned = uint96(amount); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L131-L131 ```solidity File: tokenomics/contracts/Treasury.sol //@audit `donationETH` is getting converted from `uint256` to `uint96` 294: ETHFromServices = uint96(donationETH); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L294-L294 ```solidity File: tokenomics/contracts/Treasury.sol //@audit `amountETHOwned` is getting converted from `uint256` to `uint96` 450: ETHOwned = uint96(amountETHOwned); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L450-L450 ### [L-20] Unsafe conversion from unsigned to signed values Solidity follows [two's complement](https://en.wikipedia.org/wiki/Two%27s_complement) rules for its integers, meaning that the most significant bit for signed integers is used to denote the sign, and converting between the two requires inverting all of the bits and adding one. Because of this, casting an unsigned integer to a signed one may result in a change of the sign and or magnitude of the value. For example, `int8(type(uint8).max)` is not equal to `type(int8).max`, but is equal to `-1`. `type(uint8).max` in binary is `11111111`, which if cast to a signed value, means the first binary `1` indicates a negative value, and the binary `1`s, invert to all zeroes, and when one is added, it becomes one, but negative, and therefore the decimal value of binary `11111111` is `-1`. *There are 1 instance(s) of this issue:* ```solidity File: governance/contracts/veOLAS.sol //@audit `ts` is getting converted from `uint64` to `int64` 597: uPoint.bias -= uPoint.slope * int128(int64(ts) - int64(uPoint.ts)); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L597-L597 ### [L-21] Consider implementing two-step procedure for updating protocol addresses A copy-paste error or a typo may end up bricking protocol functionality, or sending tokens to an address with no known private key. Consider implementing a two-step procedure for updating protocol addresses, where the recipient is set as pending, and must 'accept' the assignment by making an affirmative call. A straight forward way of doing this would be to have the target contracts implement [EIP-165](https://eips.ethereum.org/EIPS/eip-165), and to have the 'set' functions ensure that the recipient is of the right interface type. *There are 21 instance(s) of this issue:* ```solidity File: governance/contracts/OLAS.sol 43: function changeOwner(address newOwner) external { 44: if (msg.sender != owner) { 45: revert ManagerOnly(msg.sender, owner); 46: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L43-L46 ```solidity File: governance/contracts/OLAS.sol 58: function changeMinter(address newMinter) external { 59: if (msg.sender != owner) { 60: revert ManagerOnly(msg.sender, owner); 61: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L58-L61 ```solidity File: governance/contracts/bridges/BridgedERC20.sol 30: function changeOwner(address newOwner) external { 31: // Only the contract owner is allowed to change the owner 32: if (msg.sender != owner) { 33: revert OwnerOnly(msg.sender, owner); 34: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/BridgedERC20.sol#L30-L34 ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol 81: function changeRootGovernor(address newRootGovernor) external { 82: // Check if the change is authorized by the previous governor itself 83: // This is possible only if all the checks in the message process function pass and the contract calls itself 84: if (msg.sender != address(this)) { 85: revert SelfCallOnly(msg.sender, address(this)); 86: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L81-L86 ```solidity File: governance/contracts/bridges/HomeMediator.sol 81: function changeForeignGovernor(address newForeignGovernor) external { 82: // Check if the change is authorized by the previous governor itself 83: // This is possible only if all the checks in the message process function pass and the contract calls itself 84: if (msg.sender != address(this)) { 85: revert SelfCallOnly(msg.sender, address(this)); 86: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L81-L86 ```solidity File: governance/contracts/multisigs/GuardCM.sol 154: function changeGovernor(address newGovernor) external { 155: if (msg.sender != owner) { 156: revert OwnerOnly(msg.sender, owner); 157: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L154-L157 ```solidity File: registries/contracts/GenericManager.sol 20: function changeOwner(address newOwner) external virtual { 21: // Check for the ownership 22: if (msg.sender != owner) { 23: revert OwnerOnly(msg.sender, owner); 24: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericManager.sol#L20-L24 ```solidity File: registries/contracts/GenericRegistry.sol 37: function changeOwner(address newOwner) external virtual { 38: // Check for the ownership 39: if (msg.sender != owner) { 40: revert OwnerOnly(msg.sender, owner); 41: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L37-L41 ```solidity File: registries/contracts/GenericRegistry.sol 54: function changeManager(address newManager) external virtual { 55: if (msg.sender != owner) { 56: revert OwnerOnly(msg.sender, owner); 57: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L54-L57 ```solidity File: tokenomics/contracts/Depository.sol 123: function changeOwner(address newOwner) external { 124: // Check for the contract ownership 125: if (msg.sender != owner) { 126: revert OwnerOnly(msg.sender, owner); 127: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L123-L127 ```solidity File: tokenomics/contracts/Depository.sol 143: function changeManagers(address _tokenomics, address _treasury) external { 144: // Check for the contract ownership 145: if (msg.sender != owner) { 146: revert OwnerOnly(msg.sender, owner); 147: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L143-L147 ```solidity File: tokenomics/contracts/Depository.sol 163: function changeBondCalculator(address _bondCalculator) external { 164: // Check for the contract ownership 165: if (msg.sender != owner) { 166: revert OwnerOnly(msg.sender, owner); 167: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L163-L167 ```solidity File: tokenomics/contracts/Dispenser.sol 46: function changeOwner(address newOwner) external { 47: // Check for the contract ownership 48: if (msg.sender != owner) { 49: revert OwnerOnly(msg.sender, owner); 50: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Dispenser.sol#L46-L50 ```solidity File: tokenomics/contracts/Dispenser.sol 64: function changeManagers(address _tokenomics, address _treasury) external { 65: // Check for the contract ownership 66: if (msg.sender != owner) { 67: revert OwnerOnly(msg.sender, owner); 68: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Dispenser.sol#L64-L68 ```solidity File: tokenomics/contracts/DonatorBlacklist.sol 36: function changeOwner(address newOwner) external { 37: // Check for the contract ownership 38: if (msg.sender != owner) { 39: revert OwnerOnly(msg.sender, owner); 40: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/DonatorBlacklist.sol#L36-L40 ```solidity File: tokenomics/contracts/Tokenomics.sol 404: function changeOwner(address newOwner) external { 405: // Check for the contract ownership 406: if (msg.sender != owner) { 407: revert OwnerOnly(msg.sender, owner); 408: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L404-L408 ```solidity File: tokenomics/contracts/Tokenomics.sol 423: function changeManagers(address _treasury, address _depository, address _dispenser) external { 424: // Check for the contract ownership 425: if (msg.sender != owner) { 426: revert OwnerOnly(msg.sender, owner); 427: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L423-L427 ```solidity File: tokenomics/contracts/Tokenomics.sol 450: function changeRegistries(address _componentRegistry, address _agentRegistry, address _serviceRegistry) external { 451: // Check for the contract ownership 452: if (msg.sender != owner) { 453: revert OwnerOnly(msg.sender, owner); 454: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L450-L454 ```solidity File: tokenomics/contracts/Tokenomics.sol 474: function changeDonatorBlacklist(address _donatorBlacklist) external { 475: // Check for the contract ownership 476: if (msg.sender != owner) { 477: revert OwnerOnly(msg.sender, owner); 478: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L474-L478 ```solidity File: tokenomics/contracts/Treasury.sol 137: function changeOwner(address newOwner) external { 138: // Check for the contract ownership 139: if (msg.sender != owner) { 140: revert OwnerOnly(msg.sender, owner); 141: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L137-L141 ```solidity File: tokenomics/contracts/Treasury.sol 156: function changeManagers(address _tokenomics, address _depository, address _dispenser) external { 157: // Check for the contract ownership 158: if (msg.sender != owner) { 159: revert OwnerOnly(msg.sender, owner); 160: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L156-L160 ### [L-22] Consider using descriptive `constant`s when passing zero as a function argument Passing zero as a function argument can sometimes result in a security issue (e.g. passing zero as the slippage parameter). Consider using a `constant` variable with a descriptive name, so it's clear that the argument is intentionally being used, and for the right reasons. *There are 2 instance(s) of this issue:* ```solidity File: governance/contracts/wveOLAS.sol //@audit parameter number 2 starting from left 213: PointVoting memory uPoint = getUserPoint(account, 0); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L213-L213 ```solidity File: governance/contracts/wveOLAS.sol //@audit parameter number 2 starting from left 233: PointVoting memory uPoint = getUserPoint(account, 0); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L233-L233 ### [L-23] Functions calling contracts/addresses with transfer hooks are missing reentrancy guards Even if the function follows the best practice of check-effects-interaction, not using a reentrancy guard when there may be transfer hooks will open the users of this protocol up to [read-only reentrancies](https://chainsecurity.com/curve-lp-oracle-manipulation-post-mortem/) with no way to protect against it, except by block-listing the whole protocol. *There are 5 instance(s) of this issue:* ```solidity File: governance/contracts/bridges/FxERC20ChildTunnel.sol //@audit function `_processMessageFromRoot()` is not protected against reentrancy 79: bool success = IERC20(childToken).transfer(to, amount); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20ChildTunnel.sol#L79-L79 ```solidity File: governance/contracts/bridges/FxERC20ChildTunnel.sol //@audit function `_deposit()` is not protected against reentrancy 102: bool success = IERC20(childToken).transferFrom(msg.sender, address(this), amount); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20ChildTunnel.sol#L102-L102 ```solidity File: governance/contracts/bridges/FxERC20RootTunnel.sol //@audit function `_withdraw()` is not protected against reentrancy 98: bool success = IERC20(rootToken).transferFrom(msg.sender, address(this), amount); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20RootTunnel.sol#L98-L98 ```solidity File: governance/contracts/veOLAS.sol //@audit function `_depositFor()` is not protected against reentrancy 364: IERC20(token).transferFrom(msg.sender, address(this), amount); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L364-L364 ```solidity File: governance/contracts/veOLAS.sol //@audit function `withdraw()` is not protected against reentrancy 534: IERC20(token).transfer(msg.sender, amount); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L534-L534 ### [L-24] Code does not follow the best practice of check-effects-interaction Code should follow the best-practice of [check-effects-interaction](https://blockchain-academy.hs-mittweida.de/courses/solidity-coding-beginners-to-intermediate/lessons/solidity-11-coding-patterns/topic/checks-effects-interactions/), where state variables are updated before any external calls are made. Doing so prevents a large class of reentrancy bugs. *There are 8 instance(s) of this issue:* ```solidity File: governance/contracts/veOLAS.sol //@audit the function `push()` is called before the following assignment 270: mapSupplyPoints[curNumPoint] = lastPoint; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L270-L270 ```solidity File: governance/contracts/veOLAS.sol //@audit the function `push()` is called before the following assignment 303: mapSlopeChanges[oldLocked.endTime] = oldDSlope; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L303-L303 ```solidity File: governance/contracts/veOLAS.sol //@audit the function `push()` is called before the following assignment 308: mapSlopeChanges[newLocked.endTime] = newDSlope; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L308-L308 ```solidity File: governance/contracts/veOLAS.sol //@audit the function `transfer()` is called before the following assignment 523: supply = supplyAfter; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L523-L523 ```solidity File: tokenomics/contracts/Depository.sol //@audit the function `refundFromBondProgram()` is called before the following assignment 264: delete mapBondProducts[productId]; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L264-L264 ```solidity File: tokenomics/contracts/Depository.sol //@audit the function `depositTokenForOLAS()` is called before the following assignment 341: delete mapBondProducts[productId]; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L341-L341 ```solidity File: tokenomics/contracts/Depository.sol //@audit the function `transfer()` is called before the following assignment 379: delete mapUserBonds[bondIds[i]]; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L379-L379 ```solidity File: tokenomics/contracts/Treasury.sol //@audit the function `trackServiceDonations()` is called before the following assignment 300: _locked = 1; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L300-L300 ### [L-25] prevent re-setting a state variable with the same value Not only is wasteful in terms of gas, but this is especially problematic when an event is emitted and the old and new values set are the same, as listeners might not expect this kind of scenario. *There are 11 instance(s) of this issue:* ```solidity File: governance/contracts/wveOLAS.sol 170: function mapSlopeChanges(uint64 ts) external view returns (int128 slopeChange) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L170-L170 ```solidity File: registries/contracts/UnitRegistry.sol 171: function getUpdatedHashes(uint256 unitId) external view virtual ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L171-L171 ```solidity File: tokenomics/contracts/Depository.sol 143: function changeManagers(address _tokenomics, address _treasury) external { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L143-L143 ```solidity File: tokenomics/contracts/Depository.sol 163: function changeBondCalculator(address _bondCalculator) external { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L163-L163 ```solidity File: tokenomics/contracts/Dispenser.sol 64: function changeManagers(address _tokenomics, address _treasury) external { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Dispenser.sol#L64-L64 ```solidity File: tokenomics/contracts/Tokenomics.sol 423: function changeManagers(address _treasury, address _depository, address _dispenser) external { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L423-L423 ```solidity File: tokenomics/contracts/Tokenomics.sol 450: function changeRegistries(address _componentRegistry, address _agentRegistry, address _serviceRegistry) external { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L450-L450 ```solidity File: tokenomics/contracts/Tokenomics.sol 474: function changeDonatorBlacklist(address _donatorBlacklist) external { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L474-L474 ```solidity File: tokenomics/contracts/Tokenomics.sol 497: function changeTokenomicsParameters( ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L497-L497 ```solidity File: tokenomics/contracts/Tokenomics.sol 562: function changeIncentiveFractions( ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L562-L562 ```solidity File: tokenomics/contracts/Treasury.sol 156: function changeManagers(address _tokenomics, address _depository, address _dispenser) external { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L156-L156 ### [L-26] Missing contract-existence checks before yul `call()` Low-level calls return success if there is no code present at the specified address. In addition to the zero-address checks, add a check to verify that `extcodesize()` is non-zero. *There are 1 instance(s) of this issue:* ```solidity File: tokenomics/contracts/TokenomicsProxy.sol 56: assembly { 57: let tokenomics := sload(PROXY_TOKENOMICS) 58: // Otherwise continue with the delegatecall to the tokenomics implementation ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsProxy.sol#L56-L58### Gas Risk Issues ### [G-01] State variable read in a loop The state variable should be cached in a local variable rather than reading it on every iteration of the for-loop, which will replace each Gwarmaccess (**100 gas**) with a much cheaper stack read. *There are 9 instance(s) of this issue:* ```solidity File: tokenomics/contracts/Depository.sol //@audit `tokenomics` is read in this loop 255: for (uint256 i = 0; i < numProducts; ++i) { 256: uint256 productId = productIds[i]; 257: // Check if the product is still open by getting its supply amount 258: uint256 supply = mapBondProducts[productId].supply; 259: // The supply is greater than zero only if the product is active, otherwise it is already closed 260: if (supply > 0) { 261: // Refund unused OLAS supply from the product if it was not used by the product completely 262: ITokenomics(tokenomics).refundFromBondProgram(supply); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L255-L262 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `serviceRegistry` is read in this loop 702: for (uint256 i = 0; i < numServices; ++i) { 703: // Check if the service owner or donator stakes enough OLAS for its components / agents to get a top-up 704: // If both component and agent owner top-up fractions are zero, there is no need to call external contract 705: // functions to check each service owner veOLAS balance 706: bool topUpEligible; 707: if (incentiveFlags[2] || incentiveFlags[3]) { 708: address serviceOwner = IToken(serviceRegistry).ownerOf(serviceIds[i]); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L702-L708 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `serviceRegistry` is read in this loop 702: for (uint256 i = 0; i < numServices; ++i) { 703: // Check if the service owner or donator stakes enough OLAS for its components / agents to get a top-up 704: // If both component and agent owner top-up fractions are zero, there is no need to call external contract 705: // functions to check each service owner veOLAS balance 706: bool topUpEligible; 707: if (incentiveFlags[2] || incentiveFlags[3]) { 708: address serviceOwner = IToken(serviceRegistry).ownerOf(serviceIds[i]); 709: topUpEligible = (IVotingEscrow(ve).getVotes(serviceOwner) >= veOLASThreshold || 710: IVotingEscrow(ve).getVotes(donator) >= veOLASThreshold) ? true : false; 711: } 712: 713: // Loop over component and agent Ids 714: for (uint256 unitType = 0; unitType < 2; ++unitType) { 715: // Get the number and set of units in the service 716: (uint256 numServiceUnits, uint32[] memory serviceUnitIds) = IServiceRegistry(serviceRegistry). ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L702-L716 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `veOLASThreshold` is read in this loop 702: for (uint256 i = 0; i < numServices; ++i) { 703: // Check if the service owner or donator stakes enough OLAS for its components / agents to get a top-up 704: // If both component and agent owner top-up fractions are zero, there is no need to call external contract 705: // functions to check each service owner veOLAS balance 706: bool topUpEligible; 707: if (incentiveFlags[2] || incentiveFlags[3]) { 708: address serviceOwner = IToken(serviceRegistry).ownerOf(serviceIds[i]); 709: topUpEligible = (IVotingEscrow(ve).getVotes(serviceOwner) >= veOLASThreshold || ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L702-L709 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `veOLASThreshold` is read in this loop 702: for (uint256 i = 0; i < numServices; ++i) { 703: // Check if the service owner or donator stakes enough OLAS for its components / agents to get a top-up 704: // If both component and agent owner top-up fractions are zero, there is no need to call external contract 705: // functions to check each service owner veOLAS balance 706: bool topUpEligible; 707: if (incentiveFlags[2] || incentiveFlags[3]) { 708: address serviceOwner = IToken(serviceRegistry).ownerOf(serviceIds[i]); 709: topUpEligible = (IVotingEscrow(ve).getVotes(serviceOwner) >= veOLASThreshold || 710: IVotingEscrow(ve).getVotes(donator) >= veOLASThreshold) ? true : false; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L702-L710 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `ve` is read in this loop 702: for (uint256 i = 0; i < numServices; ++i) { 703: // Check if the service owner or donator stakes enough OLAS for its components / agents to get a top-up 704: // If both component and agent owner top-up fractions are zero, there is no need to call external contract 705: // functions to check each service owner veOLAS balance 706: bool topUpEligible; 707: if (incentiveFlags[2] || incentiveFlags[3]) { 708: address serviceOwner = IToken(serviceRegistry).ownerOf(serviceIds[i]); 709: topUpEligible = (IVotingEscrow(ve).getVotes(serviceOwner) >= veOLASThreshold || ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L702-L709 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `ve` is read in this loop 702: for (uint256 i = 0; i < numServices; ++i) { 703: // Check if the service owner or donator stakes enough OLAS for its components / agents to get a top-up 704: // If both component and agent owner top-up fractions are zero, there is no need to call external contract 705: // functions to check each service owner veOLAS balance 706: bool topUpEligible; 707: if (incentiveFlags[2] || incentiveFlags[3]) { 708: address serviceOwner = IToken(serviceRegistry).ownerOf(serviceIds[i]); 709: topUpEligible = (IVotingEscrow(ve).getVotes(serviceOwner) >= veOLASThreshold || 710: IVotingEscrow(ve).getVotes(donator) >= veOLASThreshold) ? true : false; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L702-L710 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `serviceRegistry` is read in this loop 714: for (uint256 unitType = 0; unitType < 2; ++unitType) { 715: // Get the number and set of units in the service 716: (uint256 numServiceUnits, uint32[] memory serviceUnitIds) = IServiceRegistry(serviceRegistry). ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L714-L716 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `serviceRegistry` is read in this loop 808: for (uint256 i = 0; i < numServices; ++i) { 809: // Check for the service Id existence 810: if (!IServiceRegistry(serviceRegistry).exists(serviceIds[i])) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L808-L810 ### [G-02] Multiple accesses of a mapping/array should use a local variable cache The instances below point to the second+ access of a value inside a mapping/array, within a function. Caching a mapping's value in a local `storage` or `calldata` variable when the value is accessed [multiple times](https://gist.github.com/IllIllI000/ec23a57daa30a8f8ca8b9681c8ccefb0), saves **~42 gas per access** due to not having to recalculate the key's keccak256 hash (Gkeccak256 - **30 gas**) and that calculation's associated stack operations. Caching an array's struct avoids recalculating the array offsets into memory/calldata *There are 141 instance(s) of this issue:* ```solidity File: governance/contracts/multisigs/GuardCM.sol 319: payload[i] = data[i + SELECTOR_DATA_LENGTH]; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L319-L319 ```solidity File: governance/contracts/multisigs/GuardCM.sol 373: _processBridgeData(callDatas[i], bridgeMediatorL2, chainId); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L373-L373 ```solidity File: governance/contracts/multisigs/GuardCM.sol 376: _verifyData(targets[i], callDatas[i], block.chainid); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L376-L376 ```solidity File: governance/contracts/multisigs/GuardCM.sol 476: uint256 targetSelectorChainId = uint256(uint160(targets[i])); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L476-L476 ```solidity File: governance/contracts/multisigs/GuardCM.sol 478: targetSelectorChainId |= uint256(uint32(selectors[i])) << 160; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L478-L478 ```solidity File: governance/contracts/multisigs/GuardCM.sol 480: targetSelectorChainId |= chainIds[i] << 192; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L480-L480 ```solidity File: governance/contracts/multisigs/GuardCM.sol 525: uint256 bridgeMediatorL2ChainId = uint256(uint160(bridgeMediatorL2s[i])); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L525-L525 ```solidity File: governance/contracts/multisigs/GuardCM.sol 528: mapBridgeMediatorL1L2ChainIds[bridgeMediatorL1s[i]] = bridgeMediatorL2ChainId; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L528-L528 ```solidity File: governance/contracts/veOLAS.sol 148: pv = mapUserPoints[account][lastPointNumber - 1]; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L148-L148 ```solidity File: governance/contracts/veOLAS.sol 212: lastPoint = mapSupplyPoints[curNumPoint]; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L212-L212 ```solidity File: governance/contracts/veOLAS.sol 270: mapSupplyPoints[curNumPoint] = lastPoint; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L270-L270 ```solidity File: governance/contracts/veOLAS.sol 571: point = mapUserPoints[account][mid]; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L571-L571 ```solidity File: governance/contracts/veOLAS.sol 585: point = mapUserPoints[account][minPointNumber]; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L585-L585 ```solidity File: governance/contracts/veOLAS.sol 596: PointVoting memory uPoint = mapUserPoints[account][pointNumber - 1]; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L596-L596 ```solidity File: registries/contracts/AgentRegistry.sol 41: if (dependencies[iDep] < (lastId + 1) || dependencies[iDep] > componentTotalSupply) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/AgentRegistry.sol#L41-L41 ```solidity File: registries/contracts/AgentRegistry.sol 41: if (dependencies[iDep] < (lastId + 1) || dependencies[iDep] > componentTotalSupply) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/AgentRegistry.sol#L41-L41 ```solidity File: registries/contracts/AgentRegistry.sol 42: revert ComponentNotFound(dependencies[iDep]); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/AgentRegistry.sol#L42-L42 ```solidity File: registries/contracts/ComponentRegistry.sol 30: if (dependencies[iDep] < (lastId + 1) || dependencies[iDep] > maxComponentId) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/ComponentRegistry.sol#L30-L30 ```solidity File: registries/contracts/ComponentRegistry.sol 30: if (dependencies[iDep] < (lastId + 1) || dependencies[iDep] > maxComponentId) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/ComponentRegistry.sol#L30-L30 ```solidity File: registries/contracts/ComponentRegistry.sol 31: revert ComponentNotFound(dependencies[iDep]); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/ComponentRegistry.sol#L31-L31 ```solidity File: registries/contracts/UnitRegistry.sol 214: numComponents[i] = uint32(components[i].length); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L214-L214 ```solidity File: registries/contracts/UnitRegistry.sol 215: maxNumComponents += numComponents[i]; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L215-L215 ```solidity File: registries/contracts/UnitRegistry.sol 236: for (; processedComponents[i] < numComponents[i]; ++processedComponents[i]) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L236-L236 ```solidity File: registries/contracts/UnitRegistry.sol 236: for (; processedComponents[i] < numComponents[i]; ++processedComponents[i]) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L236-L236 ```solidity File: registries/contracts/UnitRegistry.sol 237: if (minComponent < components[i][processedComponents[i]]) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L237-L237 ```solidity File: registries/contracts/UnitRegistry.sol 237: if (minComponent < components[i][processedComponents[i]]) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L237-L237 ```solidity File: registries/contracts/UnitRegistry.sol 239: if (components[i][processedComponents[i]] < tryMinComponent) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L239-L239 ```solidity File: registries/contracts/UnitRegistry.sol 239: if (components[i][processedComponents[i]] < tryMinComponent) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L239-L239 ```solidity File: registries/contracts/UnitRegistry.sol 240: tryMinComponent = components[i][processedComponents[i]]; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L240-L240 ```solidity File: registries/contracts/UnitRegistry.sol 240: tryMinComponent = components[i][processedComponents[i]]; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L240-L240 ```solidity File: registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol 141: revert WrongOwner(owners[i]); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol#L141-L141 ```solidity File: tokenomics/contracts/Depository.sol 263: address token = mapBondProducts[productId].token; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L263-L263 ```solidity File: tokenomics/contracts/Depository.sol 264: delete mapBondProducts[productId]; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L264-L264 ```solidity File: tokenomics/contracts/Depository.sol 266: ids[numClosedProducts] = productIds[i]; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L266-L266 ```solidity File: tokenomics/contracts/Depository.sol 341: delete mapBondProducts[productId]; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L341-L341 ```solidity File: tokenomics/contracts/Depository.sol 359: uint256 pay = mapUserBonds[bondIds[i]].payout; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L359-L359 ```solidity File: tokenomics/contracts/Depository.sol 360: bool matured = block.timestamp >= mapUserBonds[bondIds[i]].maturity; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L360-L360 ```solidity File: tokenomics/contracts/Depository.sol 364: revert BondNotRedeemable(bondIds[i]); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L364-L364 ```solidity File: tokenomics/contracts/Depository.sol 368: if (mapUserBonds[bondIds[i]].account != msg.sender) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L368-L368 ```solidity File: tokenomics/contracts/Depository.sol 369: revert OwnerOnly(msg.sender, mapUserBonds[bondIds[i]].account); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L369-L369 ```solidity File: tokenomics/contracts/Depository.sol 376: uint256 productId = mapUserBonds[bondIds[i]].productId; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L376-L376 ```solidity File: tokenomics/contracts/Depository.sol 379: delete mapUserBonds[bondIds[i]]; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L379-L379 ```solidity File: tokenomics/contracts/Depository.sol 404: if ((active && mapBondProducts[i].supply > 0) || (!active && mapBondProducts[i].supply == 0)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L404-L404 ```solidity File: tokenomics/contracts/Depository.sol 405: positions[i] = true; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L405-L405 ```solidity File: tokenomics/contracts/Depository.sol 455: block.timestamp >= mapUserBonds[i].maturity) ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L455-L455 ```solidity File: tokenomics/contracts/Depository.sol 457: positions[i] = true; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L457-L457 ```solidity File: tokenomics/contracts/Depository.sol 460: payout += mapUserBonds[i].payout; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L460-L460 ```solidity File: tokenomics/contracts/Depository.sol 484: matured = block.timestamp >= mapUserBonds[bondId].maturity; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L484-L484 ```solidity File: tokenomics/contracts/DonatorBlacklist.sol 73: mapBlacklistedDonators[accounts[i]] = statuses[i]; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/DonatorBlacklist.sol#L73-L73 ```solidity File: tokenomics/contracts/DonatorBlacklist.sol 74: emit DonatorBlacklistStatus(accounts[i], statuses[i]); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/DonatorBlacklist.sol#L74-L74 ```solidity File: tokenomics/contracts/DonatorBlacklist.sol 74: emit DonatorBlacklistStatus(accounts[i], statuses[i]); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/DonatorBlacklist.sol#L74-L74 ```solidity File: tokenomics/contracts/Tokenomics.sol 657: totalIncentives *= mapEpochTokenomics[epochNum].unitPoints[unitType].rewardUnitFraction; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L657-L657 ```solidity File: tokenomics/contracts/Tokenomics.sol 659: totalIncentives = mapUnitIncentives[unitType][unitId].reward + totalIncentives / 100; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L659-L659 ```solidity File: tokenomics/contracts/Tokenomics.sol 660: mapUnitIncentives[unitType][unitId].reward = uint96(totalIncentives); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L660-L660 ```solidity File: tokenomics/contracts/Tokenomics.sol 662: mapUnitIncentives[unitType][unitId].pendingRelativeReward = 0; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L662-L662 ```solidity File: tokenomics/contracts/Tokenomics.sol 666: totalIncentives = mapUnitIncentives[unitType][unitId].pendingRelativeTopUp; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L666-L666 ```solidity File: tokenomics/contracts/Tokenomics.sol 673: totalIncentives *= mapEpochTokenomics[epochNum].unitPoints[unitType].topUpUnitFraction; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L673-L673 ```solidity File: tokenomics/contracts/Tokenomics.sol 674: uint256 sumUnitIncentives = uint256(mapEpochTokenomics[epochNum].unitPoints[unitType].sumUnitTopUpsOLAS) * 100; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L674-L674 ```solidity File: tokenomics/contracts/Tokenomics.sol 675: totalIncentives = mapUnitIncentives[unitType][unitId].topUp + totalIncentives / sumUnitIncentives; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L675-L675 ```solidity File: tokenomics/contracts/Tokenomics.sol 676: mapUnitIncentives[unitType][unitId].topUp = uint96(totalIncentives); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L676-L676 ```solidity File: tokenomics/contracts/Tokenomics.sol 678: mapUnitIncentives[unitType][unitId].pendingRelativeTopUp = 0; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L678-L678 ```solidity File: tokenomics/contracts/Tokenomics.sol 695: incentiveFlags[1] = (mapEpochTokenomics[curEpoch].unitPoints[1].rewardUnitFraction > 0); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L695-L695 ```solidity File: tokenomics/contracts/Tokenomics.sol 696: incentiveFlags[2] = (mapEpochTokenomics[curEpoch].unitPoints[0].topUpUnitFraction > 0); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L696-L696 ```solidity File: tokenomics/contracts/Tokenomics.sol 697: incentiveFlags[3] = (mapEpochTokenomics[curEpoch].unitPoints[1].topUpUnitFraction > 0); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L697-L697 ```solidity File: tokenomics/contracts/Tokenomics.sol 717: getUnitIdsOfService(IServiceRegistry.UnitType(unitType), serviceIds[i]); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L717-L717 ```solidity File: tokenomics/contracts/Tokenomics.sol 721: revert ServiceNeverDeployed(serviceIds[i]); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L721-L721 ```solidity File: tokenomics/contracts/Tokenomics.sol 730: uint256 lastEpoch = mapUnitIncentives[unitType][serviceUnitIds[j]].lastEpoch; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L730-L730 ```solidity File: tokenomics/contracts/Tokenomics.sol 733: mapUnitIncentives[unitType][serviceUnitIds[j]].lastEpoch = uint32(curEpoch); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L733-L733 ```solidity File: tokenomics/contracts/Tokenomics.sol 733: mapUnitIncentives[unitType][serviceUnitIds[j]].lastEpoch = uint32(curEpoch); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L733-L733 ```solidity File: tokenomics/contracts/Tokenomics.sol 739: _finalizeIncentivesForUnitId(lastEpoch, unitType, serviceUnitIds[j]); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L739-L739 ```solidity File: tokenomics/contracts/Tokenomics.sol 741: mapUnitIncentives[unitType][serviceUnitIds[j]].lastEpoch = uint32(curEpoch); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L741-L741 ```solidity File: tokenomics/contracts/Tokenomics.sol 741: mapUnitIncentives[unitType][serviceUnitIds[j]].lastEpoch = uint32(curEpoch); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L741-L741 ```solidity File: tokenomics/contracts/Tokenomics.sol 744: if (incentiveFlags[unitType]) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L744-L744 ```solidity File: tokenomics/contracts/Tokenomics.sol 745: mapUnitIncentives[unitType][serviceUnitIds[j]].pendingRelativeReward += amount; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L745-L745 ```solidity File: tokenomics/contracts/Tokenomics.sol 745: mapUnitIncentives[unitType][serviceUnitIds[j]].pendingRelativeReward += amount; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L745-L745 ```solidity File: tokenomics/contracts/Tokenomics.sol 751: mapUnitIncentives[unitType][serviceUnitIds[j]].pendingRelativeTopUp += amount; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L751-L751 ```solidity File: tokenomics/contracts/Tokenomics.sol 751: mapUnitIncentives[unitType][serviceUnitIds[j]].pendingRelativeTopUp += amount; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L751-L751 ```solidity File: tokenomics/contracts/Tokenomics.sol 752: mapEpochTokenomics[curEpoch].unitPoints[unitType].sumUnitTopUpsOLAS += amount; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L752-L752 ```solidity File: tokenomics/contracts/Tokenomics.sol 761: mapNewUnits[unitType][serviceUnitIds[j]] = true; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L761-L761 ```solidity File: tokenomics/contracts/Tokenomics.sol 761: mapNewUnits[unitType][serviceUnitIds[j]] = true; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L761-L761 ```solidity File: tokenomics/contracts/Tokenomics.sol 762: mapEpochTokenomics[curEpoch].unitPoints[unitType].numNewUnits++; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L762-L762 ```solidity File: tokenomics/contracts/Tokenomics.sol 765: address unitOwner = IToken(registries[unitType]).ownerOf(serviceUnitIds[j]); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L765-L765 ```solidity File: tokenomics/contracts/Tokenomics.sol 767: mapNewOwners[unitOwner] = true; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L767-L767 ```solidity File: tokenomics/contracts/Tokenomics.sol 768: mapEpochTokenomics[curEpoch].epochPoint.numNewOwners++; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L768-L768 ```solidity File: tokenomics/contracts/Tokenomics.sol 811: revert ServiceDoesNotExist(serviceIds[i]); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L811-L811 ```solidity File: tokenomics/contracts/Tokenomics.sol 818: mapEpochTokenomics[curEpoch].epochPoint.totalDonationsETH = uint96(donationETH); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L818-L818 ```solidity File: tokenomics/contracts/Tokenomics.sol 1113: revert Overflow(unitTypes[i], 1); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1113-L1113 ```solidity File: tokenomics/contracts/Tokenomics.sol 1117: if (unitIds[i] <= lastIds[unitTypes[i]] || unitIds[i] > registriesSupply[unitTypes[i]]) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1117-L1117 ```solidity File: tokenomics/contracts/Tokenomics.sol 1117: if (unitIds[i] <= lastIds[unitTypes[i]] || unitIds[i] > registriesSupply[unitTypes[i]]) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1117-L1117 ```solidity File: tokenomics/contracts/Tokenomics.sol 1117: if (unitIds[i] <= lastIds[unitTypes[i]] || unitIds[i] > registriesSupply[unitTypes[i]]) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1117-L1117 ```solidity File: tokenomics/contracts/Tokenomics.sol 1117: if (unitIds[i] <= lastIds[unitTypes[i]] || unitIds[i] > registriesSupply[unitTypes[i]]) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1117-L1117 ```solidity File: tokenomics/contracts/Tokenomics.sol 1118: revert WrongUnitId(unitIds[i], unitTypes[i]); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1118-L1118 ```solidity File: tokenomics/contracts/Tokenomics.sol 1118: revert WrongUnitId(unitIds[i], unitTypes[i]); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1118-L1118 ```solidity File: tokenomics/contracts/Tokenomics.sol 1120: lastIds[unitTypes[i]] = unitIds[i]; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1120-L1120 ```solidity File: tokenomics/contracts/Tokenomics.sol 1123: address unitOwner = IToken(registries[unitTypes[i]]).ownerOf(unitIds[i]); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1123-L1123 ```solidity File: tokenomics/contracts/Tokenomics.sol 1123: address unitOwner = IToken(registries[unitTypes[i]]).ownerOf(unitIds[i]); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1123-L1123 ```solidity File: tokenomics/contracts/Tokenomics.sol 1134: uint256 lastEpoch = mapUnitIncentives[unitTypes[i]][unitIds[i]].lastEpoch; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1134-L1134 ```solidity File: tokenomics/contracts/Tokenomics.sol 1134: uint256 lastEpoch = mapUnitIncentives[unitTypes[i]][unitIds[i]].lastEpoch; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1134-L1134 ```solidity File: tokenomics/contracts/Tokenomics.sol 1139: _finalizeIncentivesForUnitId(lastEpoch, unitTypes[i], unitIds[i]); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1139-L1139 ```solidity File: tokenomics/contracts/Tokenomics.sol 1139: _finalizeIncentivesForUnitId(lastEpoch, unitTypes[i], unitIds[i]); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1139-L1139 ```solidity File: tokenomics/contracts/Tokenomics.sol 1141: mapUnitIncentives[unitTypes[i]][unitIds[i]].lastEpoch = 0; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1141-L1141 ```solidity File: tokenomics/contracts/Tokenomics.sol 1141: mapUnitIncentives[unitTypes[i]][unitIds[i]].lastEpoch = 0; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1141-L1141 ```solidity File: tokenomics/contracts/Tokenomics.sol 1145: reward += mapUnitIncentives[unitTypes[i]][unitIds[i]].reward; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1145-L1145 ```solidity File: tokenomics/contracts/Tokenomics.sol 1145: reward += mapUnitIncentives[unitTypes[i]][unitIds[i]].reward; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1145-L1145 ```solidity File: tokenomics/contracts/Tokenomics.sol 1146: mapUnitIncentives[unitTypes[i]][unitIds[i]].reward = 0; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1146-L1146 ```solidity File: tokenomics/contracts/Tokenomics.sol 1146: mapUnitIncentives[unitTypes[i]][unitIds[i]].reward = 0; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1146-L1146 ```solidity File: tokenomics/contracts/Tokenomics.sol 1148: topUp += mapUnitIncentives[unitTypes[i]][unitIds[i]].topUp; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1148-L1148 ```solidity File: tokenomics/contracts/Tokenomics.sol 1148: topUp += mapUnitIncentives[unitTypes[i]][unitIds[i]].topUp; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1148-L1148 ```solidity File: tokenomics/contracts/Tokenomics.sol 1149: mapUnitIncentives[unitTypes[i]][unitIds[i]].topUp = 0; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1149-L1149 ```solidity File: tokenomics/contracts/Tokenomics.sol 1149: mapUnitIncentives[unitTypes[i]][unitIds[i]].topUp = 0; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1149-L1149 ```solidity File: tokenomics/contracts/Tokenomics.sol 1183: revert Overflow(unitTypes[i], 1); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1183-L1183 ```solidity File: tokenomics/contracts/Tokenomics.sol 1187: if (unitIds[i] <= lastIds[unitTypes[i]] || unitIds[i] > registriesSupply[unitTypes[i]]) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1187-L1187 ```solidity File: tokenomics/contracts/Tokenomics.sol 1187: if (unitIds[i] <= lastIds[unitTypes[i]] || unitIds[i] > registriesSupply[unitTypes[i]]) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1187-L1187 ```solidity File: tokenomics/contracts/Tokenomics.sol 1187: if (unitIds[i] <= lastIds[unitTypes[i]] || unitIds[i] > registriesSupply[unitTypes[i]]) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1187-L1187 ```solidity File: tokenomics/contracts/Tokenomics.sol 1187: if (unitIds[i] <= lastIds[unitTypes[i]] || unitIds[i] > registriesSupply[unitTypes[i]]) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1187-L1187 ```solidity File: tokenomics/contracts/Tokenomics.sol 1188: revert WrongUnitId(unitIds[i], unitTypes[i]); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1188-L1188 ```solidity File: tokenomics/contracts/Tokenomics.sol 1188: revert WrongUnitId(unitIds[i], unitTypes[i]); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1188-L1188 ```solidity File: tokenomics/contracts/Tokenomics.sol 1190: lastIds[unitTypes[i]] = unitIds[i]; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1190-L1190 ```solidity File: tokenomics/contracts/Tokenomics.sol 1193: address unitOwner = IToken(registries[unitTypes[i]]).ownerOf(unitIds[i]); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1193-L1193 ```solidity File: tokenomics/contracts/Tokenomics.sol 1193: address unitOwner = IToken(registries[unitTypes[i]]).ownerOf(unitIds[i]); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1193-L1193 ```solidity File: tokenomics/contracts/Tokenomics.sol 1204: uint256 lastEpoch = mapUnitIncentives[unitTypes[i]][unitIds[i]].lastEpoch; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1204-L1204 ```solidity File: tokenomics/contracts/Tokenomics.sol 1204: uint256 lastEpoch = mapUnitIncentives[unitTypes[i]][unitIds[i]].lastEpoch; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1204-L1204 ```solidity File: tokenomics/contracts/Tokenomics.sol 1209: uint256 totalIncentives = mapUnitIncentives[unitTypes[i]][unitIds[i]].pendingRelativeReward; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1209-L1209 ```solidity File: tokenomics/contracts/Tokenomics.sol 1209: uint256 totalIncentives = mapUnitIncentives[unitTypes[i]][unitIds[i]].pendingRelativeReward; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1209-L1209 ```solidity File: tokenomics/contracts/Tokenomics.sol 1211: totalIncentives *= mapEpochTokenomics[lastEpoch].unitPoints[unitTypes[i]].rewardUnitFraction; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1211-L1211 ```solidity File: tokenomics/contracts/Tokenomics.sol 1211: totalIncentives *= mapEpochTokenomics[lastEpoch].unitPoints[unitTypes[i]].rewardUnitFraction; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1211-L1211 ```solidity File: tokenomics/contracts/Tokenomics.sol 1216: totalIncentives = mapUnitIncentives[unitTypes[i]][unitIds[i]].pendingRelativeTopUp; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1216-L1216 ```solidity File: tokenomics/contracts/Tokenomics.sol 1216: totalIncentives = mapUnitIncentives[unitTypes[i]][unitIds[i]].pendingRelativeTopUp; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1216-L1216 ```solidity File: tokenomics/contracts/Tokenomics.sol 1221: totalIncentives *= mapEpochTokenomics[lastEpoch].unitPoints[unitTypes[i]].topUpUnitFraction; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1221-L1221 ```solidity File: tokenomics/contracts/Tokenomics.sol 1221: totalIncentives *= mapEpochTokenomics[lastEpoch].unitPoints[unitTypes[i]].topUpUnitFraction; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1221-L1221 ```solidity File: tokenomics/contracts/Tokenomics.sol 1222: uint256 sumUnitIncentives = uint256(mapEpochTokenomics[lastEpoch].unitPoints[unitTypes[i]].sumUnitTopUpsOLAS) * 100; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1222-L1222 ```solidity File: tokenomics/contracts/Tokenomics.sol 1222: uint256 sumUnitIncentives = uint256(mapEpochTokenomics[lastEpoch].unitPoints[unitTypes[i]].sumUnitTopUpsOLAS) * 100; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1222-L1222 ```solidity File: tokenomics/contracts/Tokenomics.sol 1229: reward += mapUnitIncentives[unitTypes[i]][unitIds[i]].reward; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1229-L1229 ```solidity File: tokenomics/contracts/Tokenomics.sol 1229: reward += mapUnitIncentives[unitTypes[i]][unitIds[i]].reward; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1229-L1229 ```solidity File: tokenomics/contracts/Tokenomics.sol 1231: topUp += mapUnitIncentives[unitTypes[i]][unitIds[i]].topUp; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1231-L1231 ```solidity File: tokenomics/contracts/Tokenomics.sol 1231: topUp += mapUnitIncentives[unitTypes[i]][unitIds[i]].topUp; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1231-L1231 ```solidity File: tokenomics/contracts/Treasury.sol 225: mapTokenReserves[token] = reserves; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L225-L225 ```solidity File: tokenomics/contracts/Treasury.sol 280: totalAmount += amounts[i]; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L280-L280 ```solidity File: tokenomics/contracts/Treasury.sol 356: mapTokenReserves[token] = reserves; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L356-L356 ```solidity File: tokenomics/contracts/Treasury.sol 500: mapEnabledTokens[token] = true; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L500-L500 ```solidity File: tokenomics/contracts/Treasury.sol 518: mapEnabledTokens[token] = false; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L518-L518 ### [G-03] Use assembly to calculate hashes to save gas Using assembly to calculate hashes can save *** 80 gas *** per instance *There are 6 instance(s) of this issue:* ```solidity File: governance/contracts/multisigs/GuardCM.sol 97: bytes4 public constant SCHEDULE = bytes4(keccak256(bytes("schedule(address,uint256,bytes,bytes32,bytes32,uint256)"))); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L97-L97 ```solidity File: governance/contracts/multisigs/GuardCM.sol 99: bytes4 public constant SCHEDULE_BATCH = bytes4(keccak256(bytes("scheduleBatch(address[],uint256[],bytes[],bytes32,bytes32,uint256)"))); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L99-L99 ```solidity File: governance/contracts/multisigs/GuardCM.sol 101: bytes4 public constant REQUIRE_TO_PASS_MESSAGE = bytes4(keccak256(bytes("requireToPassMessage(address,bytes,uint256)"))); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L101-L101 ```solidity File: governance/contracts/multisigs/GuardCM.sol 103: bytes4 public constant PROCESS_MESSAGE_FROM_FOREIGN = bytes4(keccak256(bytes("processMessageFromForeign(bytes)"))); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L103-L103 ```solidity File: governance/contracts/multisigs/GuardCM.sol 105: bytes4 public constant SEND_MESSAGE_TO_CHILD = bytes4(keccak256(bytes("sendMessageToChild(address,bytes)"))); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L105-L105 ```solidity File: registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol 103: bytes32 multisigProxyHash = keccak256(multisig.code); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol#L103-L103 ### [G-04] Use assembly to check for `address(0)` *Saves 6 gas per instance* *There are 91 instance(s) of this issue:* ```solidity File: governance/contracts/OLAS.sol 48: if (newOwner == address(0)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L48-L48 ```solidity File: governance/contracts/OLAS.sol 63: if (newMinter == address(0)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L63-L63 ```solidity File: governance/contracts/bridges/BridgedERC20.sol 37: if (newOwner == address(0)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/BridgedERC20.sol#L37-L37 ```solidity File: governance/contracts/bridges/FxERC20ChildTunnel.sol 39: if (_fxChild == address(0) || _childToken == address(0) || _rootToken == address(0)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20ChildTunnel.sol#L39-L39 ```solidity File: governance/contracts/bridges/FxERC20ChildTunnel.sol 39: if (_fxChild == address(0) || _childToken == address(0) || _rootToken == address(0)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20ChildTunnel.sol#L39-L39 ```solidity File: governance/contracts/bridges/FxERC20ChildTunnel.sol 39: if (_fxChild == address(0) || _childToken == address(0) || _rootToken == address(0)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20ChildTunnel.sol#L39-L39 ```solidity File: governance/contracts/bridges/FxERC20ChildTunnel.sol 59: if (to == address(0)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20ChildTunnel.sol#L59-L59 ```solidity File: governance/contracts/bridges/FxERC20RootTunnel.sol 42: if (_checkpointManager == address(0) || _fxRoot == address(0) || _childToken == address(0) || ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20RootTunnel.sol#L42-L42 ```solidity File: governance/contracts/bridges/FxERC20RootTunnel.sol 42: if (_checkpointManager == address(0) || _fxRoot == address(0) || _childToken == address(0) || ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20RootTunnel.sol#L42-L42 ```solidity File: governance/contracts/bridges/FxERC20RootTunnel.sol 42: if (_checkpointManager == address(0) || _fxRoot == address(0) || _childToken == address(0) || ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20RootTunnel.sol#L42-L42 ```solidity File: governance/contracts/bridges/FxERC20RootTunnel.sol 43: _rootToken == address(0)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20RootTunnel.sol#L43-L43 ```solidity File: governance/contracts/bridges/FxERC20RootTunnel.sol 63: if (to == address(0)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20RootTunnel.sol#L63-L63 ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol 64: if (_fxChild == address(0) || _rootGovernor == address(0)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L64-L64 ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol 64: if (_fxChild == address(0) || _rootGovernor == address(0)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L64-L64 ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol 89: if (newRootGovernor == address(0)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L89-L89 ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol 143: if (target == address(0)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L143-L143 ```solidity File: governance/contracts/bridges/HomeMediator.sol 64: if (_AMBContractProxyHome == address(0) || _foreignGovernor == address(0)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L64-L64 ```solidity File: governance/contracts/bridges/HomeMediator.sol 64: if (_AMBContractProxyHome == address(0) || _foreignGovernor == address(0)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L64-L64 ```solidity File: governance/contracts/bridges/HomeMediator.sol 89: if (newForeignGovernor == address(0)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L89-L89 ```solidity File: governance/contracts/bridges/HomeMediator.sol 143: if (target == address(0)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L143-L143 ```solidity File: governance/contracts/multisigs/GuardCM.sol 144: if (_timelock == address(0) || _multisig == address(0) || _governor == address(0)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L144-L144 ```solidity File: governance/contracts/multisigs/GuardCM.sol 144: if (_timelock == address(0) || _multisig == address(0) || _governor == address(0)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L144-L144 ```solidity File: governance/contracts/multisigs/GuardCM.sol 144: if (_timelock == address(0) || _multisig == address(0) || _governor == address(0)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L144-L144 ```solidity File: governance/contracts/multisigs/GuardCM.sol 160: if (newGovernor == address(0)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L160-L160 ```solidity File: governance/contracts/multisigs/GuardCM.sol 226: if (target == address(0)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L226-L226 ```solidity File: governance/contracts/multisigs/GuardCM.sol 367: if (bridgeMediatorL2 != address(0)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L367-L367 ```solidity File: governance/contracts/multisigs/GuardCM.sol 460: if (targets[i] == address(0)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L460-L460 ```solidity File: governance/contracts/multisigs/GuardCM.sol 465: if (selectors[i] == bytes4(0)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L465-L465 ```solidity File: governance/contracts/multisigs/GuardCM.sol 513: if (bridgeMediatorL1s[i] == address(0) || bridgeMediatorL2s[i] == address(0)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L513-L513 ```solidity File: governance/contracts/multisigs/GuardCM.sol 513: if (bridgeMediatorL1s[i] == address(0) || bridgeMediatorL2s[i] == address(0)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L513-L513 ```solidity File: governance/contracts/veOLAS.sol 185: if (account != address(0)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L185-L185 ```solidity File: governance/contracts/veOLAS.sol 278: if (account != address(0)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L278-L278 ```solidity File: governance/contracts/veOLAS.sol 293: if (account != address(0)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L293-L293 ```solidity File: governance/contracts/veOLAS.sol 413: if (account == address(0)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L413-L413 ```solidity File: governance/contracts/veOLAS.sol 547: if (account == address(0)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L547-L547 ```solidity File: governance/contracts/veOLAS.sol 568: if (account == address(0)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L568-L568 ```solidity File: governance/contracts/veOLAS.sol 582: if (account == address(0)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L582-L582 ```solidity File: governance/contracts/wveOLAS.sol 147: if (_ve == address(0) || _token == address(0)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L147-L147 ```solidity File: governance/contracts/wveOLAS.sol 147: if (_ve == address(0) || _token == address(0)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L147-L147 ```solidity File: registries/contracts/GenericManager.sol 27: if (newOwner == address(0)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericManager.sol#L27-L27 ```solidity File: registries/contracts/GenericRegistry.sol 44: if (newOwner == address(0)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L44-L44 ```solidity File: registries/contracts/GenericRegistry.sol 60: if (newManager == address(0)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L60-L60 ```solidity File: registries/contracts/UnitRegistry.sol 64: if(unitOwner == address(0)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L64-L64 ```solidity File: registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol 61: if (_proxyHash == bytes32(0)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol#L61-L61 ```solidity File: tokenomics/contracts/Depository.sol 111: if (_olas == address(0) || _tokenomics == address(0) || _treasury == address(0) || _bondCalculator == address(0)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L111-L111 ```solidity File: tokenomics/contracts/Depository.sol 111: if (_olas == address(0) || _tokenomics == address(0) || _treasury == address(0) || _bondCalculator == address(0)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L111-L111 ```solidity File: tokenomics/contracts/Depository.sol 111: if (_olas == address(0) || _tokenomics == address(0) || _treasury == address(0) || _bondCalculator == address(0)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L111-L111 ```solidity File: tokenomics/contracts/Depository.sol 111: if (_olas == address(0) || _tokenomics == address(0) || _treasury == address(0) || _bondCalculator == address(0)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L111-L111 ```solidity File: tokenomics/contracts/Depository.sol 130: if (newOwner == address(0)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L130-L130 ```solidity File: tokenomics/contracts/Depository.sol 150: if (_tokenomics != address(0)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L150-L150 ```solidity File: tokenomics/contracts/Depository.sol 155: if (_treasury != address(0)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L155-L155 ```solidity File: tokenomics/contracts/Depository.sol 169: if (_bondCalculator != address(0)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L169-L169 ```solidity File: tokenomics/contracts/Depository.sol 439: if (account == address(0)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L439-L439 ```solidity File: tokenomics/contracts/Dispenser.sol 36: if (_tokenomics == address(0) || _treasury == address(0)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Dispenser.sol#L36-L36 ```solidity File: tokenomics/contracts/Dispenser.sol 36: if (_tokenomics == address(0) || _treasury == address(0)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Dispenser.sol#L36-L36 ```solidity File: tokenomics/contracts/Dispenser.sol 53: if (newOwner == address(0)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Dispenser.sol#L53-L53 ```solidity File: tokenomics/contracts/Dispenser.sol 71: if (_tokenomics != address(0)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Dispenser.sol#L71-L71 ```solidity File: tokenomics/contracts/Dispenser.sol 76: if (_treasury != address(0)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Dispenser.sol#L76-L76 ```solidity File: tokenomics/contracts/DonatorBlacklist.sol 43: if (newOwner == address(0)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/DonatorBlacklist.sol#L43-L43 ```solidity File: tokenomics/contracts/DonatorBlacklist.sol 69: if (accounts[i] == address(0)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/DonatorBlacklist.sol#L69-L69 ```solidity File: tokenomics/contracts/GenericBondCalculator.sol 31: if (_olas == address(0) || _tokenomics == address(0)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/GenericBondCalculator.sol#L31-L31 ```solidity File: tokenomics/contracts/GenericBondCalculator.sol 31: if (_olas == address(0) || _tokenomics == address(0)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/GenericBondCalculator.sol#L31-L31 ```solidity File: tokenomics/contracts/Tokenomics.sol 278: if (owner != address(0)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L278-L278 ```solidity File: tokenomics/contracts/Tokenomics.sol 283: if (_olas == address(0) || _treasury == address(0) || _depository == address(0) || _dispenser == address(0) || ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L283-L283 ```solidity File: tokenomics/contracts/Tokenomics.sol 283: if (_olas == address(0) || _treasury == address(0) || _depository == address(0) || _dispenser == address(0) || ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L283-L283 ```solidity File: tokenomics/contracts/Tokenomics.sol 283: if (_olas == address(0) || _treasury == address(0) || _depository == address(0) || _dispenser == address(0) || ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L283-L283 ```solidity File: tokenomics/contracts/Tokenomics.sol 283: if (_olas == address(0) || _treasury == address(0) || _depository == address(0) || _dispenser == address(0) || ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L283-L283 ```solidity File: tokenomics/contracts/Tokenomics.sol 284: _ve == address(0) || _componentRegistry == address(0) || _agentRegistry == address(0) || ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L284-L284 ```solidity File: tokenomics/contracts/Tokenomics.sol 284: _ve == address(0) || _componentRegistry == address(0) || _agentRegistry == address(0) || ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L284-L284 ```solidity File: tokenomics/contracts/Tokenomics.sol 284: _ve == address(0) || _componentRegistry == address(0) || _agentRegistry == address(0) || ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L284-L284 ```solidity File: tokenomics/contracts/Tokenomics.sol 285: _serviceRegistry == address(0)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L285-L285 ```solidity File: tokenomics/contracts/Tokenomics.sol 391: if (implementation == address(0)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L391-L391 ```solidity File: tokenomics/contracts/Tokenomics.sol 411: if (newOwner == address(0)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L411-L411 ```solidity File: tokenomics/contracts/Tokenomics.sol 430: if (_treasury != address(0)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L430-L430 ```solidity File: tokenomics/contracts/Tokenomics.sol 435: if (_depository != address(0)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L435-L435 ```solidity File: tokenomics/contracts/Tokenomics.sol 440: if (_dispenser != address(0)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L440-L440 ```solidity File: tokenomics/contracts/Tokenomics.sol 457: if (_componentRegistry != address(0)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L457-L457 ```solidity File: tokenomics/contracts/Tokenomics.sol 461: if (_agentRegistry != address(0)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L461-L461 ```solidity File: tokenomics/contracts/Tokenomics.sol 465: if (_serviceRegistry != address(0)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L465-L465 ```solidity File: tokenomics/contracts/Tokenomics.sol 801: if (bList != address(0) && IDonatorBlacklist(bList).isDonatorBlacklisted(donator)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L801-L801 ```solidity File: tokenomics/contracts/Tokenomics.sol 887: if (implementation == address(0)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L887-L887 ```solidity File: tokenomics/contracts/TokenomicsProxy.sol 35: if (tokenomics == address(0)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsProxy.sol#L35-L35 ```solidity File: tokenomics/contracts/Treasury.sol 100: if (_olas == address(0) || _tokenomics == address(0) || _depository == address(0) || _dispenser == address(0)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L100-L100 ```solidity File: tokenomics/contracts/Treasury.sol 100: if (_olas == address(0) || _tokenomics == address(0) || _depository == address(0) || _dispenser == address(0)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L100-L100 ```solidity File: tokenomics/contracts/Treasury.sol 100: if (_olas == address(0) || _tokenomics == address(0) || _depository == address(0) || _dispenser == address(0)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L100-L100 ```solidity File: tokenomics/contracts/Treasury.sol 100: if (_olas == address(0) || _tokenomics == address(0) || _depository == address(0) || _dispenser == address(0)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L100-L100 ```solidity File: tokenomics/contracts/Treasury.sol 144: if (newOwner == address(0)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L144-L144 ```solidity File: tokenomics/contracts/Treasury.sol 163: if (_tokenomics != address(0)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L163-L163 ```solidity File: tokenomics/contracts/Treasury.sol 168: if (_depository != address(0)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L168-L168 ```solidity File: tokenomics/contracts/Treasury.sol 173: if (_dispenser != address(0)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L173-L173 ```solidity File: tokenomics/contracts/Treasury.sol 494: if (token == address(0)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L494-L494 ### [G-05] Use assembly in place of `abi.decode` to extract `calldata` values more efficiently Instead of using abi.decode, we can use assembly to decode our desired calldata values directly. This will allow us to avoid decoding calldata values that we will not use. For more details on how to implement this, check the following [report](https://code4rena.com/reports/2023-05-juicebox#g-04-use-assembly-in-place-of-abidecode-to-extract-calldata-values-more-efficiently) *There are 1 instance(s) of this issue:* ```solidity File: governance/contracts/multisigs/GuardCM.sol 278: (address homeMediator, bytes memory mediatorPayload, ) = abi.decode(payload, (address, bytes, uint256)); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L278-L278 ### [G-06] Optimize Address Storage Value Management with `assembly` *There are 36 instance(s) of this issue:* ```solidity File: governance/contracts/OLAS.sol 36: owner = msg.sender; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L36-L36 ```solidity File: governance/contracts/OLAS.sol 37: minter = msg.sender; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L37-L37 ```solidity File: governance/contracts/OLAS.sol 52: owner = newOwner; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L52-L52 ```solidity File: governance/contracts/OLAS.sol 67: minter = newMinter; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L67-L67 ```solidity File: governance/contracts/bridges/BridgedERC20.sol 25: owner = msg.sender; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/BridgedERC20.sol#L25-L25 ```solidity File: governance/contracts/bridges/BridgedERC20.sol 41: owner = newOwner; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/BridgedERC20.sol#L41-L41 ```solidity File: governance/contracts/bridges/FxERC20ChildTunnel.sol 43: childToken = _childToken; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20ChildTunnel.sol#L43-L43 ```solidity File: governance/contracts/bridges/FxERC20ChildTunnel.sol 44: rootToken = _rootToken; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20ChildTunnel.sol#L44-L44 ```solidity File: governance/contracts/bridges/FxERC20RootTunnel.sol 47: childToken = _childToken; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20RootTunnel.sol#L47-L47 ```solidity File: governance/contracts/bridges/FxERC20RootTunnel.sol 48: rootToken = _rootToken; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20RootTunnel.sol#L48-L48 ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol 68: fxChild = _fxChild; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L68-L68 ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol 69: rootGovernor = _rootGovernor; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L69-L69 ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol 93: rootGovernor = newRootGovernor; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L93-L93 ```solidity File: governance/contracts/bridges/HomeMediator.sol 68: AMBContractProxyHome = _AMBContractProxyHome; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L68-L68 ```solidity File: governance/contracts/bridges/HomeMediator.sol 69: foreignGovernor = _foreignGovernor; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L69-L69 ```solidity File: governance/contracts/bridges/HomeMediator.sol 93: foreignGovernor = newForeignGovernor; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L93-L93 ```solidity File: governance/contracts/multisigs/GuardCM.sol 147: owner = _timelock; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L147-L147 ```solidity File: governance/contracts/multisigs/GuardCM.sol 148: multisig = _multisig; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L148-L148 ```solidity File: governance/contracts/wveOLAS.sol 150: ve = _ve; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L150-L150 ```solidity File: governance/contracts/wveOLAS.sol 151: token = _token; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L151-L151 ```solidity File: registries/contracts/AgentRegistry.sol 25: componentRegistry = _componentRegistry; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/AgentRegistry.sol#L25-L25 ```solidity File: registries/contracts/GenericRegistry.sol 48: owner = newOwner; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L48-L48 ```solidity File: registries/contracts/GenericRegistry.sol 64: manager = newManager; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L64-L64 ```solidity File: registries/contracts/RegistriesManager.sol 16: componentRegistry = _componentRegistry; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/RegistriesManager.sol#L16-L16 ```solidity File: registries/contracts/RegistriesManager.sol 17: agentRegistry = _agentRegistry; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/RegistriesManager.sol#L17-L17 ```solidity File: registries/contracts/multisigs/GnosisSafeMultisig.sol 38: gnosisSafe = _gnosisSafe; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeMultisig.sol#L38-L38 ```solidity File: tokenomics/contracts/Depository.sol 114: olas = _olas; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L114-L114 ```solidity File: tokenomics/contracts/Depository.sol 115: tokenomics = _tokenomics; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L115-L115 ```solidity File: tokenomics/contracts/Depository.sol 116: treasury = _treasury; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L116-L116 ```solidity File: tokenomics/contracts/Depository.sol 151: tokenomics = _tokenomics; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L151-L151 ```solidity File: tokenomics/contracts/Depository.sol 156: treasury = _treasury; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L156-L156 ```solidity File: tokenomics/contracts/Dispenser.sol 40: tokenomics = _tokenomics; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Dispenser.sol#L40-L40 ```solidity File: tokenomics/contracts/Dispenser.sol 41: treasury = _treasury; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Dispenser.sol#L41-L41 ```solidity File: tokenomics/contracts/Dispenser.sol 72: tokenomics = _tokenomics; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Dispenser.sol#L72-L72 ```solidity File: tokenomics/contracts/Dispenser.sol 77: treasury = _treasury; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Dispenser.sol#L77-L77 ```solidity File: tokenomics/contracts/GenericBondCalculator.sol 35: olas = _olas; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/GenericBondCalculator.sol#L35-L35 ### [G-07] Use assembly to emit events We can use assembly to emit events efficiently by utilizing `scratch space` and the `free memory pointer`. This will allow us to potentially avoid memory expansion costs. Note: In order to do this optimization safely, we will need to cache and restore the free memory pointer. *There are 82 instance(s) of this issue:* ```solidity File: governance/contracts/OLAS.sol 53: emit OwnerUpdated(newOwner); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L53-L53 ```solidity File: governance/contracts/OLAS.sol 68: emit MinterUpdated(newMinter); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L68-L68 ```solidity File: governance/contracts/OLAS.sol 134: emit Approval(msg.sender, spender, spenderAllowance); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L134-L134 ```solidity File: governance/contracts/OLAS.sol 150: emit Approval(msg.sender, spender, spenderAllowance); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L150-L150 ```solidity File: governance/contracts/bridges/BridgedERC20.sol 42: emit OwnerUpdated(newOwner); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/BridgedERC20.sol#L42-L42 ```solidity File: governance/contracts/bridges/FxERC20ChildTunnel.sol 84: emit FxWithdrawERC20(rootToken, childToken, from, to, amount); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20ChildTunnel.sol#L84-L84 ```solidity File: governance/contracts/bridges/FxERC20ChildTunnel.sol 107: emit FxDepositERC20(childToken, rootToken, msg.sender, to, amount); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20ChildTunnel.sol#L107-L107 ```solidity File: governance/contracts/bridges/FxERC20RootTunnel.sol 79: emit FxDepositERC20(childToken, rootToken, from, to, amount); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20RootTunnel.sol#L79-L79 ```solidity File: governance/contracts/bridges/FxERC20RootTunnel.sol 106: emit FxWithdrawERC20(rootToken, childToken, msg.sender, to, amount); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20RootTunnel.sol#L106-L106 ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol 74: emit FundsReceived(msg.sender, msg.value); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L74-L74 ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol 94: emit RootGovernorUpdated(newRootGovernor); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L94-L94 ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol 167: emit MessageReceived(stateId, rootMessageSender, data); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L167-L167 ```solidity File: governance/contracts/bridges/HomeMediator.sol 74: emit FundsReceived(msg.sender, msg.value); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L74-L74 ```solidity File: governance/contracts/bridges/HomeMediator.sol 94: emit ForeignGovernorUpdated(newForeignGovernor); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L94-L94 ```solidity File: governance/contracts/bridges/HomeMediator.sol 167: emit MessageReceived(governor, data); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L167-L167 ```solidity File: governance/contracts/multisigs/GuardCM.sol 165: emit GovernorUpdated(newGovernor); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L165-L165 ```solidity File: governance/contracts/multisigs/GuardCM.sol 181: emit GovernorCheckProposalIdChanged(proposalId); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L181-L181 ```solidity File: governance/contracts/multisigs/GuardCM.sol 486: emit SetTargetSelectors(targets, selectors, chainIds, statuses); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L486-L486 ```solidity File: governance/contracts/multisigs/GuardCM.sol 531: emit SetBridgeMediators(bridgeMediatorL1s, bridgeMediatorL2s, chainIds); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L531-L531 ```solidity File: governance/contracts/multisigs/GuardCM.sol 556: emit GuardPaused(msg.sender); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L556-L556 ```solidity File: governance/contracts/multisigs/GuardCM.sol 568: emit GuardUnpaused(); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L568-L568 ```solidity File: governance/contracts/veOLAS.sol 367: emit Deposit(account, amount, lockedBalance.endTime, depositType, block.timestamp); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L367-L367 ```solidity File: governance/contracts/veOLAS.sol 368: emit Supply(supplyBefore, supplyAfter); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L368-L368 ```solidity File: governance/contracts/veOLAS.sol 530: emit Withdraw(msg.sender, amount, block.timestamp); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L530-L530 ```solidity File: governance/contracts/veOLAS.sol 531: emit Supply(supplyBefore, supplyAfter); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L531-L531 ```solidity File: registries/contracts/GenericManager.sol 32: emit OwnerUpdated(newOwner); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericManager.sol#L32-L32 ```solidity File: registries/contracts/GenericManager.sol 43: emit Pause(msg.sender); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericManager.sol#L43-L43 ```solidity File: registries/contracts/GenericManager.sol 54: emit Unpause(msg.sender); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericManager.sol#L54-L54 ```solidity File: registries/contracts/GenericRegistry.sol 49: emit OwnerUpdated(newOwner); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L49-L49 ```solidity File: registries/contracts/GenericRegistry.sol 65: emit ManagerUpdated(newManager); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L65-L65 ```solidity File: registries/contracts/GenericRegistry.sol 90: emit BaseURIChanged(bURI); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L90-L90 ```solidity File: registries/contracts/UnitRegistry.sol 112: emit CreateUnit(unitId, unitType, unitHash); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L112-L112 ```solidity File: registries/contracts/UnitRegistry.sol 146: emit UpdateUnitHash(unitId, unitType, unitHash); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L146-L146 ```solidity File: tokenomics/contracts/Depository.sol 135: emit OwnerUpdated(newOwner); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L135-L135 ```solidity File: tokenomics/contracts/Depository.sol 152: emit TokenomicsUpdated(_tokenomics); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L152-L152 ```solidity File: tokenomics/contracts/Depository.sol 157: emit TreasuryUpdated(_treasury); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L157-L157 ```solidity File: tokenomics/contracts/Depository.sol 171: emit BondCalculatorUpdated(_bondCalculator); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L171-L171 ```solidity File: tokenomics/contracts/Depository.sol 235: emit CreateProduct(token, productId, supply, priceLP, vesting); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L235-L235 ```solidity File: tokenomics/contracts/Depository.sol 268: emit CloseProduct(token, productId, supply); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L268-L268 ```solidity File: tokenomics/contracts/Depository.sol 342: emit CloseProduct(token, productId, supply); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L342-L342 ```solidity File: tokenomics/contracts/Depository.sol 345: emit CreateBond(token, productId, msg.sender, bondId, payout, tokenAmount, maturity); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L345-L345 ```solidity File: tokenomics/contracts/Depository.sol 380: emit RedeemBond(productId, msg.sender, bondIds[i]); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L380-L380 ```solidity File: tokenomics/contracts/Dispenser.sol 58: emit OwnerUpdated(newOwner); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Dispenser.sol#L58-L58 ```solidity File: tokenomics/contracts/Dispenser.sol 73: emit TokenomicsUpdated(_tokenomics); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Dispenser.sol#L73-L73 ```solidity File: tokenomics/contracts/Dispenser.sol 78: emit TreasuryUpdated(_treasury); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Dispenser.sol#L78-L78 ```solidity File: tokenomics/contracts/Dispenser.sol 112: emit IncentivesClaimed(msg.sender, reward, topUp); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Dispenser.sol#L112-L112 ```solidity File: tokenomics/contracts/DonatorBlacklist.sol 48: emit OwnerUpdated(newOwner); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/DonatorBlacklist.sol#L48-L48 ```solidity File: tokenomics/contracts/DonatorBlacklist.sol 74: emit DonatorBlacklistStatus(accounts[i], statuses[i]); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/DonatorBlacklist.sol#L74-L74 ```solidity File: tokenomics/contracts/Tokenomics.sol 399: emit TokenomicsImplementationUpdated(implementation); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L399-L399 ```solidity File: tokenomics/contracts/Tokenomics.sol 416: emit OwnerUpdated(newOwner); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L416-L416 ```solidity File: tokenomics/contracts/Tokenomics.sol 432: emit TreasuryUpdated(_treasury); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L432-L432 ```solidity File: tokenomics/contracts/Tokenomics.sol 437: emit DepositoryUpdated(_depository); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L437-L437 ```solidity File: tokenomics/contracts/Tokenomics.sol 442: emit DispenserUpdated(_dispenser); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L442-L442 ```solidity File: tokenomics/contracts/Tokenomics.sol 459: emit ComponentRegistryUpdated(_componentRegistry); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L459-L459 ```solidity File: tokenomics/contracts/Tokenomics.sol 463: emit AgentRegistryUpdated(_agentRegistry); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L463-L463 ```solidity File: tokenomics/contracts/Tokenomics.sol 467: emit ServiceRegistryUpdated(_serviceRegistry); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L467-L467 ```solidity File: tokenomics/contracts/Tokenomics.sol 481: emit DonatorBlacklistUpdated(_donatorBlacklist); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L481-L481 ```solidity File: tokenomics/contracts/Tokenomics.sol 551: emit TokenomicsParametersUpdateRequested(epochCounter + 1, _devsPerCapital, _codePerDev, _epsilonRate, _epochLen, ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L551-L551 ```solidity File: tokenomics/contracts/Tokenomics.sol 600: emit IncentiveFractionsUpdateRequested(eCounter, _rewardComponentFraction, _rewardAgentFraction, ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L600-L600 ```solidity File: tokenomics/contracts/Tokenomics.sol 623: emit EffectiveBondUpdated(eBond); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L623-L623 ```solidity File: tokenomics/contracts/Tokenomics.sol 643: emit EffectiveBondUpdated(eBond); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L643-L643 ```solidity File: tokenomics/contracts/Tokenomics.sol 975: emit IncentiveFractionsUpdated(eCounter + 1); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L975-L975 ```solidity File: tokenomics/contracts/Tokenomics.sol 1002: emit TokenomicsParametersUpdated(eCounter + 1); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1002-L1002 ```solidity File: tokenomics/contracts/Tokenomics.sol 1045: emit IDFUpdated(idf); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1045-L1045 ```solidity File: tokenomics/contracts/Tokenomics.sol 1065: emit EpochSettled(eCounter, incentives[1], accountRewards, accountTopUps); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1065-L1065 ```solidity File: tokenomics/contracts/Treasury.sol 132: emit ReceiveETH(msg.sender, msg.value); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L132-L132 ```solidity File: tokenomics/contracts/Treasury.sol 149: emit OwnerUpdated(newOwner); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L149-L149 ```solidity File: tokenomics/contracts/Treasury.sol 165: emit TokenomicsUpdated(_tokenomics); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L165-L165 ```solidity File: tokenomics/contracts/Treasury.sol 170: emit DepositoryUpdated(_depository); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L170-L170 ```solidity File: tokenomics/contracts/Treasury.sol 175: emit DispenserUpdated(_dispenser); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L175-L175 ```solidity File: tokenomics/contracts/Treasury.sol 199: emit MinAcceptedETHUpdated(_minAcceptedETH); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L199-L199 ```solidity File: tokenomics/contracts/Treasury.sol 244: emit DepositTokenFromAccount(account, token, tokenAmount, olasMintAmount); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L244-L244 ```solidity File: tokenomics/contracts/Treasury.sol 295: emit DonateToServicesETH(msg.sender, serviceIds, amounts, msg.value); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L295-L295 ```solidity File: tokenomics/contracts/Treasury.sol 337: emit Withdraw(ETH_TOKEN_ADDRESS, to, tokenAmount); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L337-L337 ```solidity File: tokenomics/contracts/Treasury.sol 358: emit Withdraw(token, to, tokenAmount); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L358-L358 ```solidity File: tokenomics/contracts/Treasury.sol 405: emit Withdraw(ETH_TOKEN_ADDRESS, account, accountRewards); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L405-L405 ```solidity File: tokenomics/contracts/Treasury.sol 418: emit Withdraw(olas, account, accountTopUps); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L418-L418 ```solidity File: tokenomics/contracts/Treasury.sol 452: emit UpdateTreasuryBalances(amountETHOwned, amountETHFromServices); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L452-L452 ```solidity File: tokenomics/contracts/Treasury.sol 501: emit EnableToken(token); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L501-L501 ```solidity File: tokenomics/contracts/Treasury.sol 519: emit DisableToken(token); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L519-L519 ```solidity File: tokenomics/contracts/Treasury.sol 538: emit PauseTreasury(); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L538-L538 ```solidity File: tokenomics/contracts/Treasury.sol 549: emit UnpauseTreasury(); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L549-L549 ### [G-08] Avoid contract existence checks by using low level calls Prior to 0.8.10 the compiler inserted extra code, including `EXTCODESIZE` (100 gas), to check for contract existence for external function calls. In more recent solidity versions, the compiler will not insert these checks if the external call has a return value. Similar behavior can be achieved in earlier versions by using low-level calls, since low level calls never check for contract existence *There are 57 instance(s) of this issue:* ```solidity File: governance/contracts/bridges/FxERC20ChildTunnel.sol //@audit transfer() 79: bool success = IERC20(childToken).transfer(to, amount); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20ChildTunnel.sol#L79-L79 ```solidity File: governance/contracts/bridges/FxERC20ChildTunnel.sol //@audit transferFrom() 102: bool success = IERC20(childToken).transferFrom(msg.sender, address(this), amount); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20ChildTunnel.sol#L102-L102 ```solidity File: governance/contracts/bridges/FxERC20RootTunnel.sol //@audit mint() 77: IERC20(rootToken).mint(to, amount); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20RootTunnel.sol#L77-L77 ```solidity File: governance/contracts/bridges/FxERC20RootTunnel.sol //@audit transferFrom() 98: bool success = IERC20(rootToken).transferFrom(msg.sender, address(this), amount); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20RootTunnel.sol#L98-L98 ```solidity File: governance/contracts/bridges/FxERC20RootTunnel.sol //@audit burn() 104: IERC20(rootToken).burn(amount); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20RootTunnel.sol#L104-L104 ```solidity File: governance/contracts/bridges/HomeMediator.sol //@audit messageSender() 113: address bridgeGovernor = IAMB(AMBContractProxyHome).messageSender(); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L113-L113 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit state() 545: ProposalState state = IGovernor(governor).state(governorCheckProposalId); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L545-L545 ```solidity File: governance/contracts/veOLAS.sol //@audit transferFrom() 364: IERC20(token).transferFrom(msg.sender, address(this), amount); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L364-L364 ```solidity File: governance/contracts/veOLAS.sol //@audit transfer() 534: IERC20(token).transfer(msg.sender, amount); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L534-L534 ```solidity File: governance/contracts/wveOLAS.sol //@audit totalNumPoints() 157: numPoints = IVEOLAS(ve).totalNumPoints(); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L157-L157 ```solidity File: governance/contracts/wveOLAS.sol //@audit mapSupplyPoints() 164: sPoint = IVEOLAS(ve).mapSupplyPoints(idx); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L164-L164 ```solidity File: governance/contracts/wveOLAS.sol //@audit mapSlopeChanges() 171: slopeChange = IVEOLAS(ve).mapSlopeChanges(ts); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L171-L171 ```solidity File: governance/contracts/wveOLAS.sol //@audit getLastUserPoint() 178: pv = IVEOLAS(ve).getLastUserPoint(account); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L178-L178 ```solidity File: governance/contracts/wveOLAS.sol //@audit getNumUserPoints() 185: userNumPoints = IVEOLAS(ve).getNumUserPoints(account); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L185-L185 ```solidity File: governance/contracts/wveOLAS.sol //@audit getNumUserPoints() 195: uint256 userNumPoints = IVEOLAS(ve).getNumUserPoints(account); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L195-L195 ```solidity File: governance/contracts/wveOLAS.sol //@audit getUserPoint() 197: uPoint = IVEOLAS(ve).getUserPoint(account, idx); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L197-L197 ```solidity File: governance/contracts/wveOLAS.sol //@audit getVotes() 204: balance = IVEOLAS(ve).getVotes(account); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L204-L204 ```solidity File: governance/contracts/wveOLAS.sol //@audit getPastVotes() 216: balance = IVEOLAS(ve).getPastVotes(account, blockNumber); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L216-L216 ```solidity File: governance/contracts/wveOLAS.sol //@audit balanceOf() 224: balance = IVEOLAS(ve).balanceOf(account); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L224-L224 ```solidity File: governance/contracts/wveOLAS.sol //@audit balanceOfAt() 236: balance = IVEOLAS(ve).balanceOfAt(account, blockNumber); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L236-L236 ```solidity File: governance/contracts/wveOLAS.sol //@audit lockedEnd() 244: unlockTime = IVEOLAS(ve).lockedEnd(account); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L244-L244 ```solidity File: governance/contracts/wveOLAS.sol //@audit totalSupply() 250: supply = IVEOLAS(ve).totalSupply(); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L250-L250 ```solidity File: governance/contracts/wveOLAS.sol //@audit totalSupplyAt() 257: supplyAt = IVEOLAS(ve).totalSupplyAt(blockNumber); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L257-L257 ```solidity File: governance/contracts/wveOLAS.sol //@audit totalNumPoints() 265: uint256 numPoints = IVEOLAS(ve).totalNumPoints(); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L265-L265 ```solidity File: governance/contracts/wveOLAS.sol //@audit mapSupplyPoints() 266: PointVoting memory sPoint = IVEOLAS(ve).mapSupplyPoints(numPoints); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L266-L266 ```solidity File: governance/contracts/wveOLAS.sol //@audit totalSupplyLockedAtT() 269: vPower = IVEOLAS(ve).totalSupplyLockedAtT(ts); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L269-L269 ```solidity File: governance/contracts/wveOLAS.sol //@audit totalSupplyLocked() 278: vPower = IVEOLAS(ve).totalSupplyLocked(); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L278-L278 ```solidity File: governance/contracts/wveOLAS.sol //@audit getPastTotalSupply() 286: vPower = IVEOLAS(ve).getPastTotalSupply(blockNumber); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L286-L286 ```solidity File: governance/contracts/wveOLAS.sol //@audit supportsInterface() 293: return IVEOLAS(ve).supportsInterface(interfaceId); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L293-L293 ```solidity File: registries/contracts/AgentRegistry.sol //@audit totalSupply() 38: uint32 componentTotalSupply = uint32(IRegistry(componentRegistry).totalSupply()); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/AgentRegistry.sol#L38-L38 ```solidity File: registries/contracts/AgentRegistry.sol //@audit getLocalSubComponents() 60: (subComponentIds, ) = IRegistry(componentRegistry).getLocalSubComponents(uint256(unitId)); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/AgentRegistry.sol#L60-L60 ```solidity File: registries/contracts/RegistriesManager.sol //@audit create() 39: unitId = IRegistry(componentRegistry).create(unitOwner, unitHash, dependencies); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/RegistriesManager.sol#L39-L39 ```solidity File: registries/contracts/RegistriesManager.sol //@audit create() 41: unitId = IRegistry(agentRegistry).create(unitOwner, unitHash, dependencies); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/RegistriesManager.sol#L41-L41 ```solidity File: registries/contracts/RegistriesManager.sol //@audit updateHash() 52: success = IRegistry(componentRegistry).updateHash(msg.sender, unitId, unitHash); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/RegistriesManager.sol#L52-L52 ```solidity File: registries/contracts/RegistriesManager.sol //@audit updateHash() 54: success = IRegistry(agentRegistry).updateHash(msg.sender, unitId, unitHash); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/RegistriesManager.sol#L54-L54 ```solidity File: registries/contracts/multisigs/GnosisSafeMultisig.sol //@audit createProxyWithNonce() 106: multisig = IGnosisSafeProxyFactory(gnosisSafeProxyFactory).createProxyWithNonce(gnosisSafe, safeParams, nonce); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeMultisig.sol#L106-L106 ```solidity File: tokenomics/contracts/Depository.sol //@audit isEnabled() 221: if (!ITreasury(treasury).isEnabled(token)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L221-L221 ```solidity File: tokenomics/contracts/Depository.sol //@audit reserveAmountForBondProgram() 226: if (!ITokenomics(tokenomics).reserveAmountForBondProgram(supply)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L226-L226 ```solidity File: tokenomics/contracts/Depository.sol //@audit effectiveBond() 227: revert LowerThan(ITokenomics(tokenomics).effectiveBond(), supply); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L227-L227 ```solidity File: tokenomics/contracts/Depository.sol //@audit refundFromBondProgram() 262: ITokenomics(tokenomics).refundFromBondProgram(supply); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L262-L262 ```solidity File: tokenomics/contracts/Depository.sol //@audit calculatePayoutOLAS() 320: payout = IGenericBondCalculator(bondCalculator).calculatePayoutOLAS(tokenAmount, product.priceLP); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L320-L320 ```solidity File: tokenomics/contracts/Depository.sol //@audit depositTokenForOLAS() 337: ITreasury(treasury).depositTokenForOLAS(msg.sender, tokenAmount, token, payout); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L337-L337 ```solidity File: tokenomics/contracts/Depository.sol //@audit transfer() 390: IToken(olas).transfer(msg.sender, payout); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L390-L390 ```solidity File: tokenomics/contracts/Depository.sol //@audit getCurrentPriceLP() 492: return IGenericBondCalculator(bondCalculator).getCurrentPriceLP(token); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L492-L492 ```solidity File: tokenomics/contracts/Dispenser.sol //@audit accountOwnerIncentives() 99: (reward, topUp) = ITokenomics(tokenomics).accountOwnerIncentives(msg.sender, unitTypes, unitIds); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Dispenser.sol#L99-L99 ```solidity File: tokenomics/contracts/Dispenser.sol //@audit withdrawToAccount() 104: success = ITreasury(treasury).withdrawToAccount(msg.sender, reward, topUp); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Dispenser.sol#L104-L104 ```solidity File: tokenomics/contracts/GenericBondCalculator.sol //@audit getLastIDF() 64: amountOLAS = ITokenomics(tokenomics).getLastIDF() * totalTokenValue / 1e36; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/GenericBondCalculator.sol#L64-L64 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit ownerOf() 708: address serviceOwner = IToken(serviceRegistry).ownerOf(serviceIds[i]); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L708-L708 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit getVotes() 709: topUpEligible = (IVotingEscrow(ve).getVotes(serviceOwner) >= veOLASThreshold || ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L709-L709 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit getVotes() 710: IVotingEscrow(ve).getVotes(donator) >= veOLASThreshold) ? true : false; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L710-L710 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit getUnitIdsOfService() 716: (uint256 numServiceUnits, uint32[] memory serviceUnitIds) = IServiceRegistry(serviceRegistry). ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L716-L716 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit exists() 810: if (!IServiceRegistry(serviceRegistry).exists(serviceIds[i])) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L810-L810 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit rebalanceTreasury() 1063: if (incentives[1] == 0 || ITreasury(treasury).rebalanceTreasury(incentives[1])) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1063-L1063 ```solidity File: tokenomics/contracts/Treasury.sol //@audit mint() 242: IOLAS(olas).mint(msg.sender, olasMintAmount); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L242-L242 ```solidity File: tokenomics/contracts/Treasury.sol //@audit trackServiceDonations() 298: ITokenomics(tokenomics).trackServiceDonations(msg.sender, serviceIds, amounts, msg.value); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L298-L298 ```solidity File: tokenomics/contracts/Treasury.sol //@audit mint() 416: IOLAS(olas).mint(account, accountTopUps); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L416-L416 ```solidity File: tokenomics/contracts/Treasury.sol //@audit serviceRegistry() 473: address serviceRegistry = ITokenomics(tokenomics).serviceRegistry(); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L473-L473 ### [G-09] Using bools for storage incurs overhead Use uint256(1) and uint256(2) for true/false to avoid a Gwarmaccess (100 gas), and to avoid Gsset (20000 gas) when changing from 'false' to 'true', after having been 'true' in the past. See [source](https://github.com/OpenZeppelin/openzeppelin-contracts/blob/58f635312aa21f947cae5f8578638a85aa2519f5/contracts/security/ReentrancyGuard.sol#L23-L27). *There are 6 instance(s) of this issue:* ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit avoid using `bool` type for mapping values 130: mapping(uint256 => bool) public mapAllowedTargetSelectorChainIds; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L130-L130 ```solidity File: registries/contracts/GenericManager.sol //@audit avoid using `bool` type for paused 16: bool public paused; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericManager.sol#L16-L16 ```solidity File: tokenomics/contracts/DonatorBlacklist.sol //@audit avoid using `bool` type for mapping values 27: mapping(address => bool) public mapBlacklistedDonators; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/DonatorBlacklist.sol#L27-L27 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit avoid using `bool` type for mapping values 225: mapping(uint256 => mapping(uint256 => bool)) public mapNewUnits; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L225-L225 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit avoid using `bool` type for mapping values 227: mapping(address => bool) public mapNewOwners; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L227-L227 ```solidity File: tokenomics/contracts/Treasury.sol //@audit avoid using `bool` type for mapping values 88: mapping(address => bool) public mapEnabledTokens; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L88-L88 ### [G-10] Use byte32 in place of string For strings of 32 char strings and below you can use bytes32 instead as it's more gas efficient *There are 1 instance(s) of this issue:* ```solidity File: registries/contracts/GenericRegistry.sol 139: return string(abi.encodePacked(baseURI, CID_PREFIX, _toHex16(bytes16(unitHash)), 140: _toHex16(bytes16(unitHash << 128)))); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L139-L140 ### [G-11] Cache array length outside of loop If not cached, the solidity compiler will always read the length of the array during each iteration. That is, if it is a storage array, this is an extra sload operation (100 additional extra gas for each iteration except for the first) and if it is a memory array, this is an extra mload operation (3 additional gas for each iteration except for the first). *There are 16 instance(s) of this issue:* ```solidity File: governance/contracts/multisigs/GuardCM.sol 212: for (uint256 i = 0; i < data.length;) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L212-L212 ```solidity File: governance/contracts/multisigs/GuardCM.sol 273: for (uint256 i = 0; i < payload.length; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L273-L273 ```solidity File: governance/contracts/multisigs/GuardCM.sol 292: for (uint256 i = 0; i < bridgePayload.length; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L292-L292 ```solidity File: governance/contracts/multisigs/GuardCM.sol 318: for (uint256 i = 0; i < payload.length; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L318-L318 ```solidity File: governance/contracts/multisigs/GuardCM.sol 340: for (uint256 i = 0; i < payload.length; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L340-L340 ```solidity File: governance/contracts/multisigs/GuardCM.sol 360: for (uint i = 0; i < targets.length; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L360-L360 ```solidity File: governance/contracts/multisigs/GuardCM.sol 458: for (uint256 i = 0; i < targets.length; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L458-L458 ```solidity File: governance/contracts/multisigs/GuardCM.sol 511: for (uint256 i = 0; i < chainIds.length; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L511-L511 ```solidity File: registries/contracts/AgentRegistry.sol 40: for (uint256 iDep = 0; iDep < dependencies.length; ++iDep) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/AgentRegistry.sol#L40-L40 ```solidity File: registries/contracts/ComponentRegistry.sol 29: for (uint256 iDep = 0; iDep < dependencies.length; ++iDep) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/ComponentRegistry.sol#L29-L29 ```solidity File: tokenomics/contracts/Depository.sol 357: for (uint256 i = 0; i < bondIds.length; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L357-L357 ```solidity File: tokenomics/contracts/DonatorBlacklist.sol 67: for (uint256 i = 0; i < accounts.length; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/DonatorBlacklist.sol#L67-L67 ```solidity File: tokenomics/contracts/Tokenomics.sol 1110: for (uint256 i = 0; i < unitIds.length; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1110-L1110 ```solidity File: tokenomics/contracts/Tokenomics.sol 1132: for (uint256 i = 0; i < unitIds.length; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1132-L1132 ```solidity File: tokenomics/contracts/Tokenomics.sol 1180: for (uint256 i = 0; i < unitIds.length; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1180-L1180 ```solidity File: tokenomics/contracts/Tokenomics.sol 1202: for (uint256 i = 0; i < unitIds.length; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1202-L1202 ### [G-12] State variables should be cached in stack variables rather than re-reading them from storage The instances below point to the second+ access of a state variable within a function. Caching of a state variable replaces each Gwarmaccess (100 gas) with a much cheaper stack read. Other less obvious fixes/optimizations include having local memory caches of state variable structs, or having local caches of state variable contracts/addresses. *Saves 100 gas per instance* *There are 3 instance(s) of this issue:* ```solidity File: governance/contracts/multisigs/GuardCM.sol 549: revert NotDefeated(governorCheckProposalId, state); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L549-L549 ```solidity File: tokenomics/contracts/Tokenomics.sol 710: IVotingEscrow(ve).getVotes(donator) >= veOLASThreshold) ? true : false; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L710-L710 ```solidity File: tokenomics/contracts/Treasury.sol 418: emit Withdraw(olas, account, accountTopUps); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L418-L418 ### [G-13] Use calldata instead of memory for function arguments that do not get mutated Mark data types as `calldata` instead of `memory` where possible. This makes it so that the data is not automatically loaded into memory. If the data passed into the function does not need to be changed (like updating values in an array), it can be passed in as `calldata`. The one exception to this is if the argument must later be passed into another function that takes an argument that specifies `memory` storage. *There are 20 instance(s) of this issue:* ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol //@audit Make `data` as a calldata 6: function processMessageFromRoot(uint256 stateId, address rootMessageSender, bytes memory data) external; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L6-L6 ```solidity File: registries/contracts/interfaces/IRegistry.sol //@audit Make `dependencies` as a calldata 19: uint32[] memory dependencies ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/interfaces/IRegistry.sol#L19-L19 ```solidity File: registries/contracts/interfaces/IRegistry.sol //@audit Make `unitIds` as a calldata 38: function calculateSubComponents(uint32[] memory unitIds) external view returns (uint32[] memory subComponentIds); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/interfaces/IRegistry.sol#L38-L38 ```solidity File: registries/contracts/multisigs/GnosisSafeMultisig.sol //@audit Make `initializer` as a calldata 12: bytes memory initializer, ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeMultisig.sol#L12-L12 ```solidity File: registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol //@audit Make `owners` as a calldata 86: address[] memory owners, ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol#L86-L86 ```solidity File: registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol //@audit Make `data` as a calldata 88: bytes memory data ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol#L88-L88 ```solidity File: tokenomics/contracts/Depository.sol //@audit Make `productIds` as a calldata 244: function close(uint256[] memory productIds) external returns (uint256[] memory closedProductIds) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L244-L244 ```solidity File: tokenomics/contracts/Depository.sol //@audit Make `bondIds` as a calldata 356: function redeem(uint256[] memory bondIds) external returns (uint256 payout) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L356-L356 ```solidity File: tokenomics/contracts/DonatorBlacklist.sol //@audit Make `accounts` as a calldata 56: function setDonatorsStatuses(address[] memory accounts, bool[] memory statuses) external returns (bool success) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/DonatorBlacklist.sol#L56-L56 ```solidity File: tokenomics/contracts/DonatorBlacklist.sol //@audit Make `statuses` as a calldata 56: function setDonatorsStatuses(address[] memory accounts, bool[] memory statuses) external returns (bool success) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/DonatorBlacklist.sol#L56-L56 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit Make `unitTypes` as a calldata 1085: function accountOwnerIncentives(address account, uint256[] memory unitTypes, uint256[] memory unitIds) external ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1085-L1085 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit Make `unitIds` as a calldata 1085: function accountOwnerIncentives(address account, uint256[] memory unitTypes, uint256[] memory unitIds) external ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1085-L1085 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit Make `unitTypes` as a calldata 1160: function getOwnerIncentives(address account, uint256[] memory unitTypes, uint256[] memory unitIds) external view ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1160-L1160 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit Make `unitIds` as a calldata 1160: function getOwnerIncentives(address account, uint256[] memory unitTypes, uint256[] memory unitIds) external view ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1160-L1160 ```solidity File: tokenomics/contracts/interfaces/ITokenomics.sol //@audit Make `serviceIds` as a calldata 21: uint256[] memory serviceIds, ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/ITokenomics.sol#L21-L21 ```solidity File: tokenomics/contracts/interfaces/ITokenomics.sol //@audit Make `amounts` as a calldata 22: uint256[] memory amounts, ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/ITokenomics.sol#L22-L22 ```solidity File: tokenomics/contracts/interfaces/ITokenomics.sol //@audit Make `unitTypes` as a calldata 42: function accountOwnerIncentives(address account, uint256[] memory unitTypes, uint256[] memory unitIds) external ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/ITokenomics.sol#L42-L42 ```solidity File: tokenomics/contracts/interfaces/ITokenomics.sol //@audit Make `unitIds` as a calldata 42: function accountOwnerIncentives(address account, uint256[] memory unitTypes, uint256[] memory unitIds) external ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/ITokenomics.sol#L42-L42 ```solidity File: tokenomics/contracts/interfaces/ITreasury.sol //@audit Make `serviceIds` as a calldata 16: function depositServiceDonationsETH(uint256[] memory serviceIds, uint256[] memory amounts) external payable; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/ITreasury.sol#L16-L16 ```solidity File: tokenomics/contracts/interfaces/ITreasury.sol //@audit Make `amounts` as a calldata 16: function depositServiceDonationsETH(uint256[] memory serviceIds, uint256[] memory amounts) external payable; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/ITreasury.sol#L16-L16 ### [G-14] With assembly, `.call (bool success)` transfer can be done gas-optimized `return` data `(bool success,)` has to be stored due to EVM architecture, but in a usage like below, `out` and `outsize` values are given (0,0), this storage disappears and gas optimization is provided. *There are 4 instance(s) of this issue:* ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol 160: (bool success, ) = target.call{value: value}(payload); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L160-L160 ```solidity File: governance/contracts/bridges/HomeMediator.sol 160: (bool success, ) = target.call{value: value}(payload); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L160-L160 ```solidity File: tokenomics/contracts/Treasury.sol 339: (success, ) = to.call{value: tokenAmount}(""); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L339-L339 ```solidity File: tokenomics/contracts/Treasury.sol 406: (success, ) = account.call{value: accountRewards}(""); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L406-L406 ### [G-15] Add `unchecked {}` for subtractions where the operands cannot underflow because of a previous `require()` or `if`-statement `require(a <= b); x = b - a` => `require(a <= b); unchecked { x = b - a }` *There are 3 instance(s) of this issue:* ```solidity File: registries/contracts/multisigs/GnosisSafeMultisig.sol 77: uint256 payloadLength = dataLength - DEFAULT_DATA_LENGTH; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeMultisig.sol#L77-L77 ```solidity File: registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol 111: uint256 payloadLength = dataLength - DEFAULT_DATA_LENGTH; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol#L111-L111 ```solidity File: registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol 140: if (owners[i] != checkOwners[numOwners - i - 1]) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol#L140-L140 ### [G-16] Divisions which do not divide by -X cannot overflow or overflow so such operations can be unchecked to save gas Make such found divisions are unchecked when ensured it is safe to do so *There are 34 instance(s) of this issue:* ```solidity File: governance/contracts/OLAS.sol 101: uint256 numYears = (block.timestamp - timeLaunch) / oneYear; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L101-L101 ```solidity File: governance/contracts/OLAS.sol 109: supplyCap += (supplyCap * maxMintCapFraction) / 100; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L109-L109 ```solidity File: governance/contracts/veOLAS.sol 225: block_slope = (1e18 * uint256(block.number - lastPoint.blockNumber)) / uint256(block.timestamp - lastPoint.ts); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L225-L225 ```solidity File: governance/contracts/veOLAS.sol 231: uint64 tStep = (lastCheckpoint / WEEK) * WEEK; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L231-L231 ```solidity File: governance/contracts/veOLAS.sol 258: lastPoint.blockNumber = initialPoint.blockNumber + uint64((block_slope * uint256(tStep - initialPoint.ts)) / 1e18); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L258-L258 ```solidity File: governance/contracts/veOLAS.sol 433: unlockTime = ((block.timestamp + unlockTime) / WEEK) * WEEK; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L433-L433 ```solidity File: governance/contracts/veOLAS.sol 487: unlockTime = ((block.timestamp + unlockTime) / WEEK) * WEEK; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L487-L487 ```solidity File: governance/contracts/veOLAS.sol 565: uint256 mid = (minPointNumber + maxPointNumber + 1) / 2; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L565-L565 ```solidity File: governance/contracts/veOLAS.sol 664: blockTime += (dt * (blockNumber - point.blockNumber)) / dBlock; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L664-L664 ```solidity File: governance/contracts/veOLAS.sol 692: uint64 tStep = (lastPoint.ts / WEEK) * WEEK; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L692-L692 ```solidity File: tokenomics/contracts/GenericBondCalculator.sol 64: amountOLAS = ITokenomics(tokenomics).getLastIDF() * totalTokenValue / 1e36; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/GenericBondCalculator.sol#L64-L64 ```solidity File: tokenomics/contracts/GenericBondCalculator.sol 89: priceLP = (reserve1 * 1e18) / totalSupply; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/GenericBondCalculator.sol#L89-L89 ```solidity File: tokenomics/contracts/Tokenomics.sol 329: uint256 _inflationPerSecond = getInflationForYear(0) / zeroYearSecondsLeft; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L329-L329 ```solidity File: tokenomics/contracts/Tokenomics.sol 367: uint256 _maxBond = (_inflationPerSecond * _epochLen * _maxBondFraction) / 100; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L367-L367 ```solidity File: tokenomics/contracts/Tokenomics.sol 659: totalIncentives = mapUnitIncentives[unitType][unitId].reward + totalIncentives / 100; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L659-L659 ```solidity File: tokenomics/contracts/Tokenomics.sol 675: totalIncentives = mapUnitIncentives[unitType][unitId].topUp + totalIncentives / sumUnitIncentives; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L675-L675 ```solidity File: tokenomics/contracts/Tokenomics.sol 726: uint96 amount = uint96(amounts[i] / numServiceUnits); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L726-L726 ```solidity File: tokenomics/contracts/Tokenomics.sol 915: incentives[1] = (incentives[0] * tp.epochPoint.rewardTreasuryFraction) / 100; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L915-L915 ```solidity File: tokenomics/contracts/Tokenomics.sol 917: incentives[2] = (incentives[0] * tp.unitPoints[0].rewardUnitFraction) / 100; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L917-L917 ```solidity File: tokenomics/contracts/Tokenomics.sol 918: incentives[3] = (incentives[0] * tp.unitPoints[1].rewardUnitFraction) / 100; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L918-L918 ```solidity File: tokenomics/contracts/Tokenomics.sol 925: uint256 numYears = (block.timestamp - timeLaunch) / ONE_YEAR; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L925-L925 ```solidity File: tokenomics/contracts/Tokenomics.sol 935: curInflationPerSecond = getInflationForYear(numYears) / ONE_YEAR; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L935-L935 ```solidity File: tokenomics/contracts/Tokenomics.sol 951: incentives[4] = (inflationPerEpoch * tp.epochPoint.maxBondFraction) / 100; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L951-L951 ```solidity File: tokenomics/contracts/Tokenomics.sol 1010: numYears = (block.timestamp + curEpochLen - timeLaunch) / ONE_YEAR; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1010-L1010 ```solidity File: tokenomics/contracts/Tokenomics.sol 1019: curInflationPerSecond = getInflationForYear(numYears) / ONE_YEAR; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1019-L1019 ```solidity File: tokenomics/contracts/Tokenomics.sol 1023: curMaxBond = (inflationPerEpoch * nextEpochPoint.epochPoint.maxBondFraction) / 100; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1023-L1023 ```solidity File: tokenomics/contracts/Tokenomics.sol 1030: curMaxBond = (curEpochLen * curInflationPerSecond * nextEpochPoint.epochPoint.maxBondFraction) / 100; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1030-L1030 ```solidity File: tokenomics/contracts/Tokenomics.sol 1054: incentives[5] = (inflationPerEpoch * tp.unitPoints[0].topUpUnitFraction) / 100; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1054-L1054 ```solidity File: tokenomics/contracts/Tokenomics.sol 1056: incentives[6] = (inflationPerEpoch * tp.unitPoints[1].topUpUnitFraction) / 100; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1056-L1056 ```solidity File: tokenomics/contracts/Tokenomics.sol 1213: reward += totalIncentives / 100; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1213-L1213 ```solidity File: tokenomics/contracts/Tokenomics.sol 1224: topUp += totalIncentives / sumUnitIncentives; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1224-L1224 ```solidity File: tokenomics/contracts/TokenomicsConstants.sol 56: supplyCap += (supplyCap * maxMintCapFraction) / 100; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsConstants.sol#L56-L56 ```solidity File: tokenomics/contracts/TokenomicsConstants.sol 93: supplyCap += (supplyCap * maxMintCapFraction) / 100; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsConstants.sol#L93-L93 ```solidity File: tokenomics/contracts/TokenomicsConstants.sol 97: inflationAmount = (supplyCap * maxMintCapFraction) / 100; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsConstants.sol#L97-L97 ### [G-17] Do not calculate constants Due to how constant variables are implemented (replacements at compile-time), an expression assigned to a constant variable is recomputed each time that the variable is used, which wastes some gas. *There are 4 instance(s) of this issue:* ```solidity File: governance/contracts/OLAS.sol 22: uint256 public constant oneYear = 1 days * 365; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L22-L22 ```solidity File: governance/contracts/veOLAS.sol 101: uint256 internal constant MAXTIME = 4 * 365 * 86400; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L101-L101 ```solidity File: governance/contracts/veOLAS.sol 103: int128 internal constant IMAXTIME = 4 * 365 * 86400; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L103-L103 ```solidity File: tokenomics/contracts/TokenomicsConstants.sol 16: uint256 public constant ONE_YEAR = 1 days * 365; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsConstants.sol#L16-L16 ### [G-18] Stack variable cost less while used in emiting event Even if the variable is going to be used only one time, caching a state variable and use its cache in an emit would help you reduce the cost by at least ***9 gas*** *There are 6 instance(s) of this issue:* ```solidity File: governance/contracts/bridges/HomeMediator.sol // @audit `governor` is a state variable 167: emit MessageReceived(governor, data); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L167-L167 ```solidity File: tokenomics/contracts/Depository.sol // @audit `supply` is a state variable 235: emit CreateProduct(token, productId, supply, priceLP, vesting); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L235-L235 ```solidity File: tokenomics/contracts/Depository.sol // @audit `supply` is a state variable 268: emit CloseProduct(token, productId, supply); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L268-L268 ```solidity File: tokenomics/contracts/Depository.sol // @audit `supply` is a state variable 342: emit CloseProduct(token, productId, supply); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L342-L342 ```solidity File: tokenomics/contracts/Tokenomics.sol // @audit `epochCounter` is a state variable 551: emit TokenomicsParametersUpdateRequested(epochCounter + 1, _devsPerCapital, _codePerDev, _epsilonRate, _epochLen, 552: _veOLASThreshold); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L551-L552 ```solidity File: tokenomics/contracts/Treasury.sol // @audit `olas` is a state variable 418: emit Withdraw(olas, account, accountTopUps); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L418-L418 ### [G-19] Superfluous event fields `block.timestamp` and `block.number` are added to event information by default so adding them manually wastes gas *There are 2 instance(s) of this issue:* ```solidity File: governance/contracts/veOLAS.sol 367: emit Deposit(account, amount, lockedBalance.endTime, depositType, block.timestamp); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L367-L367 ```solidity File: governance/contracts/veOLAS.sol 530: emit Withdraw(msg.sender, amount, block.timestamp); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L530-L530 ### [G-20] Events should be emitted outside of loops Emitting an event has an overhead of **375 gas**, which will be incurred on every iteration of the loop. It is cheaper to `emit` only [once](https://github.com/ethereum/EIPs/blob/adad5968fd6de29902174e0cb51c8fc3dceb9ab5/EIPS/eip-1155.md?plain=1#L68) after the loop has finished. *There are 3 instance(s) of this issue:* ```solidity File: tokenomics/contracts/Depository.sol //@audit CloseProduct is emited inside this loop 255: for (uint256 i = 0; i < numProducts; ++i) { 256: uint256 productId = productIds[i]; 257: // Check if the product is still open by getting its supply amount 258: uint256 supply = mapBondProducts[productId].supply; 259: // The supply is greater than zero only if the product is active, otherwise it is already closed 260: if (supply > 0) { 261: // Refund unused OLAS supply from the product if it was not used by the product completely 262: ITokenomics(tokenomics).refundFromBondProgram(supply); 263: address token = mapBondProducts[productId].token; 264: delete mapBondProducts[productId]; 265: 266: ids[numClosedProducts] = productIds[i]; 267: ++numClosedProducts; 268: emit CloseProduct(token, productId, supply); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L255-L268 ```solidity File: tokenomics/contracts/Depository.sol //@audit RedeemBond is emited inside this loop 357: for (uint256 i = 0; i < bondIds.length; ++i) { 358: // Get the amount to pay and the maturity status 359: uint256 pay = mapUserBonds[bondIds[i]].payout; 360: bool matured = block.timestamp >= mapUserBonds[bondIds[i]].maturity; 361: 362: // Revert if the bond does not exist or is not matured yet 363: if (pay == 0 || !matured) { 364: revert BondNotRedeemable(bondIds[i]); 365: } 366: 367: // Check that the msg.sender is the owner of the bond 368: if (mapUserBonds[bondIds[i]].account != msg.sender) { 369: revert OwnerOnly(msg.sender, mapUserBonds[bondIds[i]].account); 370: } 371: 372: // Increase the payout 373: payout += pay; 374: 375: // Get the productId 376: uint256 productId = mapUserBonds[bondIds[i]].productId; 377: 378: // Delete the Bond struct and release the gas 379: delete mapUserBonds[bondIds[i]]; 380: emit RedeemBond(productId, msg.sender, bondIds[i]); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L357-L380 ```solidity File: tokenomics/contracts/DonatorBlacklist.sol //@audit DonatorBlacklistStatus is emited inside this loop 67: for (uint256 i = 0; i < accounts.length; ++i) { 68: // Check for the zero address 69: if (accounts[i] == address(0)) { 70: revert ZeroAddress(); 71: } 72: // Set the account blacklisting status 73: mapBlacklistedDonators[accounts[i]] = statuses[i]; 74: emit DonatorBlacklistStatus(accounts[i], statuses[i]); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/DonatorBlacklist.sol#L67-L74 ### [G-21] Empty blocks should be removed or emit something The code should be refactored such that they no longer exist, or the block should do something useful, such as emitting an event or reverting. If the contract is meant to be extended, the contract should be `abstract` and the function signatures be added without any default implementation. If the block is an empty `if`-statement block to avoid doing subsequent checks in the else-if/else conditions, the else-if/else conditions should be nested under the negation of the if-statement, because they involve different classes of checks, which may lead to the introduction of errors when the code is later modified (`if (x) {...} else if (y) {...} else {...}` => `if (!x) { if (y) {...} else {...} }`). Empty `receive()`/`fallback() payable` functions that are not used, can be removed to save deployment gas. *There are 1 instance(s) of this issue:* ```solidity File: governance/contracts/multisigs/GuardCM.sol 572: function checkAfterExecution(bytes32, bool) external {} ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L572-L572 ### [G-22] Use `ERC721A` instead `ERC721` `ERC721A` is an improvement standard for `ERC721` tokens. It was proposed by the Azuki team and used for developing their NFT collection. Compared with `ERC721`, `ERC721A` is a more gas-efficient standard to mint a lot of of NFTs simultaneously. It allows developers to mint multiple NFTs at the same gas price. This has been a great improvement due to Ethereum’s sky-rocketing gas fee. Reference: https://nextrope.com/erc721-vs-erc721a-2/. *There are 1 instance(s) of this issue:* ```solidity File: registries/contracts/GenericRegistry.sol 4: import "../lib/solmate/src/tokens/ERC721.sol"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L4-L4 ### [G-23] `internal` functions only called once can be inlined to save gas Not inlining costs 20 to 40 gas because of two extra JUMP instructions and additional stack operations needed for function calls. *There are 10 instance(s) of this issue:* ```solidity File: governance/contracts/multisigs/GuardCM.sol 252: function _processBridgeData( 253: bytes memory data, 254: address bridgeMediatorL2, 255: uint256 chainId 256: ) internal 257: { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L252-L257 ```solidity File: governance/contracts/multisigs/GuardCM.sol 337: function _verifySchedule(bytes memory data, bytes4 selector) internal { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L337-L337 ```solidity File: governance/contracts/veOLAS.sol 593: function _balanceOfLocked(address account, uint64 ts) internal view returns (uint256 vBalance) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L593-L593 ```solidity File: registries/contracts/GenericRegistry.sol 129: function _getUnitHash(uint256 unitId) internal view virtual returns (bytes32); 130: 131: /// @dev Returns unit token URI. 132: /// @notice Expected multicodec: dag-pb; hashing function: sha2-256, with base16 encoding and leading CID_PREFIX removed. 133: /// @param unitId Unit Id. 134: /// @return Unit token URI string. 135: function tokenURI(uint256 unitId) public view virtual override returns (string memory) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L129-L135 ```solidity File: registries/contracts/UnitRegistry.sol 42: function _checkDependencies(uint32[] memory dependencies, uint32 maxUnitId) internal virtual; 43: 44: /// @dev Creates unit. 45: /// @param unitOwner Owner of the unit. 46: /// @param unitHash IPFS CID hash of the unit. 47: /// @param dependencies Set of unit dependencies in a sorted ascending order (unit Ids). 48: /// @return unitId The id of a minted unit. 49: function create(address unitOwner, bytes32 unitHash, uint32[] memory dependencies) 50: external virtual returns (uint256 unitId) 51: { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L42-L51 ```solidity File: registries/contracts/UnitRegistry.sol 193: function _getSubComponents(UnitType subcomponentsFromType, uint32 unitId) internal view virtual 194: returns (uint32[] memory subComponentIds); 195: 196: /// @dev Calculates the set of subcomponent Ids. 197: /// @param subcomponentsFromType Type of the unit: component or agent. 198: /// @param unitIds Unit Ids. 199: /// @return subComponentIds Subcomponent Ids. 200: function _calculateSubComponents(UnitType subcomponentsFromType, uint32[] memory unitIds) internal view virtual 201: returns (uint32[] memory subComponentIds) 202: { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L193-L202 ```solidity File: registries/contracts/UnitRegistry.sol 200: function _calculateSubComponents(UnitType subcomponentsFromType, uint32[] memory unitIds) internal view virtual 201: returns (uint32[] memory subComponentIds) 202: { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L200-L202 ```solidity File: registries/contracts/multisigs/GnosisSafeMultisig.sol 45: function _parseData(bytes memory data) internal pure 46: returns (address to, address fallbackHandler, address paymentToken, address payable paymentReceiver, 47: uint256 payment, uint256 nonce, bytes memory payload) 48: { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeMultisig.sol#L45-L48 ```solidity File: tokenomics/contracts/Tokenomics.sol 687: function _trackServiceDonations(address donator, uint256[] memory serviceIds, uint256[] memory amounts, uint256 curEpoch) internal { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L687-L687 ```solidity File: tokenomics/contracts/Tokenomics.sol 831: function _calculateIDF( 832: uint256 treasuryRewards, 833: uint256 numNewOwners 834: ) internal view returns (uint256 idf) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L831-L834 ### [G-24] Consider merging sequential for loops Merging multiple `for` loops within a function in Solidity can enhance efficiency and reduce gas costs, especially when they share a common iterating variable or perform related operations. By minimizing redundant iterations over the same data set, execution becomes more cost-effective. However, while merging can optimize gas usage and simplify logic, it may also increase code complexity. Therefore, careful balance between optimization and maintainability is essential, along with thorough testing to ensure the refactored code behaves as expected. *There are 8 instance(s) of this issue:* ```solidity File: governance/contracts/multisigs/GuardCM.sol 273: for (uint256 i = 0; i < payload.length; ++i) { 274: payload[i] = data[i + 4]; 275: } 276: 277: // Decode the requireToPassMessage payload: homeMediator (L2), mediatorPayload (need decoding), requestGasLimit 278: (address homeMediator, bytes memory mediatorPayload, ) = abi.decode(payload, (address, bytes, uint256)); 279: // Check that the home mediator matches the L2 bridge mediator address 280: if (homeMediator != bridgeMediatorL2) { 281: revert WrongL2BridgeMediator(homeMediator, bridgeMediatorL2); 282: } 283: 284: // Check the L2 initial selector 285: functionSig = bytes4(mediatorPayload); 286: if (functionSig != PROCESS_MESSAGE_FROM_FOREIGN) { 287: revert WrongSelector(functionSig, chainId); 288: } 289: 290: // Copy the data without a selector 291: bytes memory bridgePayload = new bytes(mediatorPayload.length - SELECTOR_DATA_LENGTH); 292: for (uint256 i = 0; i < bridgePayload.length; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L273-L292 ```solidity File: governance/contracts/multisigs/GuardCM.sol 340: for (uint256 i = 0; i < payload.length; ++i) { 341: payload[i] = data[i + 4]; 342: } 343: 344: // Prepare the decoding data sets 345: address[] memory targets; 346: bytes[] memory callDatas; 347: if (selector == SCHEDULE) { 348: targets = new address[](1); 349: callDatas = new bytes[](1); 350: // Decode the data in the schedule function 351: (targets[0], , callDatas[0], , , ) = 352: abi.decode(payload, (address, uint256, bytes, bytes32, bytes32, uint256)); 353: } else { 354: // Decode the data in the scheduleBatch function 355: (targets, , callDatas, , , ) = 356: abi.decode(payload, (address[], uint256[], bytes[], bytes32, bytes32, uint256)); 357: } 358: 359: // Traverse all the schedule targets and selectors extracted from calldatas 360: for (uint i = 0; i < targets.length; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L340-L360 ```solidity File: registries/contracts/UnitRegistry.sol 211: for (uint32 i = 0; i < numUnits; ++i) { 212: // Get subcomponents for each unit Id based on the subcomponentsFromType 213: components[i] = _getSubComponents(subcomponentsFromType, unitIds[i]); 214: numComponents[i] = uint32(components[i].length); 215: maxNumComponents += numComponents[i]; 216: } 217: 218: // Lists of components are sorted, take unique values in ascending order 219: uint32[] memory allComponents = new uint32[](maxNumComponents); 220: // Processed component counter 221: uint32[] memory processedComponents = new uint32[](numUnits); 222: // Minimal component Id 223: uint32 minComponent; 224: // Overall component counter 225: uint32 counter; 226: // Iterate until we process all components, at the maximum of the sum of all the components in all units 227: for (counter = 0; counter < maxNumComponents; ++counter) { 228: // Index of a minimal component 229: uint32 minIdxComponent; 230: // Amount of components identified as the next minimal component number 231: uint32 numComponentsCheck; 232: uint32 tryMinComponent = type(uint32).max; 233: // Assemble an array of all first components from each component array 234: for (uint32 i = 0; i < numUnits; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L211-L234 ```solidity File: tokenomics/contracts/Depository.sol 402: for (uint256 i = 0; i < numProducts; ++i) { 403: // Product is always active if its supply is not zero, and inactive otherwise 404: if ((active && mapBondProducts[i].supply > 0) || (!active && mapBondProducts[i].supply == 0)) { 405: positions[i] = true; 406: ++numSelectedProducts; 407: } 408: } 409: 410: // Form active or inactive products index array 411: productIds = new uint256[](numSelectedProducts); 412: uint256 numPos; 413: for (uint256 i = 0; i < numProducts; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L402-L413 ```solidity File: tokenomics/contracts/Depository.sol 448: for (uint256 i = 0; i < numBonds; ++i) { 449: // Check if the bond belongs to the account 450: // If not and the address is zero, the bond was redeemed or never existed 451: if (mapUserBonds[i].account == account) { 452: // Check if requested bond is not matured but owned by the account address 453: if (!matured || 454: // Or if the requested bond is matured, i.e., the bond maturity timestamp passed 455: block.timestamp >= mapUserBonds[i].maturity) 456: { 457: positions[i] = true; 458: ++numAccountBonds; 459: // The payout is always bigger than zero if the bond exists 460: payout += mapUserBonds[i].payout; 461: } 462: } 463: } 464: 465: // Form pending bonds index array 466: bondIds = new uint256[](numAccountBonds); 467: uint256 numPos; 468: for (uint256 i = 0; i < numBonds; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L448-L468 ```solidity File: tokenomics/contracts/Tokenomics.sol ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L758-L728 ```solidity File: tokenomics/contracts/Tokenomics.sol 1104: for (uint256 i = 0; i < 2; ++i) { 1105: registriesSupply[i] = IToken(registries[i]).totalSupply(); 1106: } 1107: 1108: // Check the input data 1109: uint256[] memory lastIds = new uint256[](2); 1110: for (uint256 i = 0; i < unitIds.length; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1104-L1110 ```solidity File: tokenomics/contracts/Tokenomics.sol 1174: for (uint256 i = 0; i < 2; ++i) { 1175: registriesSupply[i] = IToken(registries[i]).totalSupply(); 1176: } 1177: 1178: // Check the input data 1179: uint256[] memory lastIds = new uint256[](2); 1180: for (uint256 i = 0; i < unitIds.length; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1174-L1180 ### [G-25] Reduce gas usage by moving to Solidity 0.8.19 or later See [this](https://blog.soliditylang.org/2023/02/22/solidity-0.8.19-release-announcement/#preventing-dead-code-in-runtime-bytecode) link for the full details *There are 27 instance(s) of this issue:* ```solidity File: governance/contracts/OLAS.sol 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L2-L2 ```solidity File: governance/contracts/interfaces/IErrors.sol 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/interfaces/IErrors.sol#L2-L2 ```solidity File: governance/contracts/veOLAS.sol 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L2-L2 ```solidity File: registries/contracts/AgentRegistry.sol 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/AgentRegistry.sol#L2-L2 ```solidity File: registries/contracts/ComponentRegistry.sol 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/ComponentRegistry.sol#L2-L2 ```solidity File: registries/contracts/GenericManager.sol 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericManager.sol#L2-L2 ```solidity File: registries/contracts/GenericRegistry.sol 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L2-L2 ```solidity File: registries/contracts/RegistriesManager.sol 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/RegistriesManager.sol#L2-L2 ```solidity File: registries/contracts/UnitRegistry.sol 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L2-L2 ```solidity File: registries/contracts/interfaces/IErrorsRegistries.sol 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/interfaces/IErrorsRegistries.sol#L2-L2 ```solidity File: registries/contracts/interfaces/IRegistry.sol 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/interfaces/IRegistry.sol#L2-L2 ```solidity File: registries/contracts/multisigs/GnosisSafeMultisig.sol 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeMultisig.sol#L2-L2 ```solidity File: tokenomics/contracts/Dispenser.sol 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Dispenser.sol#L2-L2 ```solidity File: tokenomics/contracts/DonatorBlacklist.sol 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/DonatorBlacklist.sol#L2-L2 ```solidity File: tokenomics/contracts/GenericBondCalculator.sol 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/GenericBondCalculator.sol#L2-L2 ```solidity File: tokenomics/contracts/TokenomicsProxy.sol 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsProxy.sol#L2-L2 ```solidity File: tokenomics/contracts/Treasury.sol 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L2-L2 ```solidity File: tokenomics/contracts/interfaces/IDonatorBlacklist.sol 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IDonatorBlacklist.sol#L2-L2 ```solidity File: tokenomics/contracts/interfaces/IErrorsTokenomics.sol 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IErrorsTokenomics.sol#L2-L2 ```solidity File: tokenomics/contracts/interfaces/IGenericBondCalculator.sol 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IGenericBondCalculator.sol#L2-L2 ```solidity File: tokenomics/contracts/interfaces/IOLAS.sol 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IOLAS.sol#L2-L2 ```solidity File: tokenomics/contracts/interfaces/IServiceRegistry.sol 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IServiceRegistry.sol#L2-L2 ```solidity File: tokenomics/contracts/interfaces/IToken.sol 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IToken.sol#L2-L2 ```solidity File: tokenomics/contracts/interfaces/ITokenomics.sol 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/ITokenomics.sol#L2-L2 ```solidity File: tokenomics/contracts/interfaces/ITreasury.sol 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/ITreasury.sol#L2-L2 ```solidity File: tokenomics/contracts/interfaces/IUniswapV2Pair.sol 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IUniswapV2Pair.sol#L2-L2 ```solidity File: tokenomics/contracts/interfaces/IVotingEscrow.sol 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IVotingEscrow.sol#L2-L2 ### [G-26] Multiple `address`/ID mappings can be combined into a single `mapping` of an `address`/ID to a `struct`, where appropriate Saves a storage slot for the mapping. Depending on the circumstances and sizes of types, can avoid a Gsset (**20000 gas**) per mapping combined. Reads and subsequent writes can also be cheaper when a function requires both values and they both fit in the same storage slot. Finally, if both fields are accessed in the same function, can save **~42 gas per access** due to [not having to recalculate the key's keccak256 hash](https://gist.github.com/IllIllI000/ec23a57daa30a8f8ca8b9681c8ccefb0) (Gkeccak256 - 30 gas) and that calculation's associated stack operations. *There are 7 instance(s) of this issue:* ```solidity File: governance/contracts/veOLAS.sol 112: mapping(address => LockedBalance) public mapLockedBalances; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L112-L112 ```solidity File: governance/contracts/veOLAS.sol 119: mapping(address => PointVoting[]) public mapUserPoints; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L119-L119 ```solidity File: tokenomics/contracts/Tokenomics.sol 219: mapping(address => uint256) public mapOwnerRewards; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L219-L219 ```solidity File: tokenomics/contracts/Tokenomics.sol 221: mapping(address => uint256) public mapOwnerTopUps; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L221-L221 ```solidity File: tokenomics/contracts/Tokenomics.sol 227: mapping(address => bool) public mapNewOwners; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L227-L227 ```solidity File: tokenomics/contracts/Treasury.sol 86: mapping(address => uint256) public mapTokenReserves; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L86-L86 ```solidity File: tokenomics/contracts/Treasury.sol 88: mapping(address => bool) public mapEnabledTokens; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L88-L88 ### [G-27] Optimize names to save gas `public`/`external` function names and `public` member variable names can be optimized to save gas. See [this](https://gist.github.com/IllIllI000/a5d8b486a8259f9f77891a919febd1a9) link for an example of how it works. Below are the interfaces/abstract contracts that can be optimized so that the most frequently-called functions use the least amount of gas possible during method lookup. Method IDs that have two leading zero bytes can save **128 gas** each during deployment, and renaming functions to have lower method IDs will save **22 gas** per call, [per sorted position shifted](https://medium.com/joyso/solidity-how-does-function-name-affect-gas-consumption-in-smart-contract-47d270d8ac92) *There are 39 instance(s) of this issue:* ```solidity File: governance/contracts/OLAS.sol // @audit changeOwner(address) ==> changeOwner_I6k(address),00008de0 // @audit changeMinter(address) ==> changeMinter_fs5(address),0000f941 // @audit mint(address,uint256) ==> mint_Qgo(address,uint256),00001784 // @audit inflationRemainder() ==> inflationRemainder_Ox(),00000011 // @audit burn(uint256) ==> burn_HH(uint256),0000fd45 // @audit decreaseAllowance(address,uint256) ==> decreaseAllowance_A2G(address,uint256),0000153c // @audit increaseAllowance(address,uint256) ==> increaseAllowance_Hi1(address,uint256),000074de 17: contract OLAS is ERC20 { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L17-L17 ```solidity File: governance/contracts/bridges/BridgedERC20.sol // @audit changeOwner(address) ==> changeOwner_I6k(address),00008de0 // @audit mint(address,uint256) ==> mint_Qgo(address,uint256),00001784 // @audit burn(uint256) ==> burn_HH(uint256),0000fd45 18: contract BridgedERC20 is ERC20 { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/BridgedERC20.sol#L18-L18 ```solidity File: governance/contracts/bridges/FxERC20ChildTunnel.sol // @audit deposit(uint256) ==> deposit_z3l(uint256),0000a5e2 // @audit depositTo(address,uint256) ==> depositTo_Lfv(address,uint256),00003ec5 24: contract FxERC20ChildTunnel is FxBaseChildTunnel { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20ChildTunnel.sol#L24-L24 ```solidity File: governance/contracts/bridges/FxERC20RootTunnel.sol // @audit withdraw(uint256) ==> withdraw_6BK(uint256),0000b293 // @audit withdrawTo(address,uint256) ==> withdrawTo_X4p(address,uint256),0000b994 24: contract FxERC20RootTunnel is FxBaseRootTunnel { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20RootTunnel.sol#L24-L24 ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol // @audit processMessageFromRoot(uint256,address,bytes) ==> processMessageFromRoot_Q1C(uint256,address,bytes),0000b5ca 5: interface IFxMessageProcessor { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L5-L5 ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol // @audit changeRootGovernor(address) ==> changeRootGovernor_r7d(address),0000349c 46: contract FxGovernorTunnel is IFxMessageProcessor { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L46-L46 ```solidity File: governance/contracts/bridges/HomeMediator.sol // @audit messageSender() ==> messageSender_Q7v(),0000e628 5: interface IAMB { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L5-L5 ```solidity File: governance/contracts/bridges/HomeMediator.sol // @audit changeForeignGovernor(address) ==> changeForeignGovernor_Bc1W(address),00005dbc // @audit processMessageFromForeign(bytes) ==> processMessageFromForeign_6gl(bytes),00003cf2 46: contract HomeMediator { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L46-L46 ```solidity File: governance/contracts/interfaces/IERC20.sol // @audit balanceOf(address) ==> balanceOf_qzn(address),000030d8 // @audit totalSupply() ==> totalSupply_B6A(),00005a30 // @audit allowance(address,address) ==> allowance_IRG(address,address),00004b51 // @audit approve(address,uint256) ==> approve_v2d(address,uint256),00004a01 // @audit transfer(address,uint256) ==> transfer_z1l(address,uint256),0000c956 // @audit transferFrom(address,address,uint256) ==> transferFrom_78S(address,address,uint256),00008711 // @audit mint(address,uint256) ==> mint_Qgo(address,uint256),00001784 // @audit burn(uint256) ==> burn_HH(uint256),0000fd45 5: interface IERC20 { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/interfaces/IERC20.sol#L5-L5 ```solidity File: governance/contracts/multisigs/GuardCM.sol // @audit state(uint256) ==> state_L1N(uint256),000099af 6: interface IGovernor { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L6-L6 ```solidity File: governance/contracts/multisigs/GuardCM.sol // @audit changeGovernorCheckProposalId(uint256) ==> changeGovernorCheckProposalId_0A5(uint256),000048b1 // @audit setTargetSelectorChainIds(address[],bytes4[],uint256[],bool[]) ==> setTargetSelectorChainIds_gCC(address[],bytes4[],uint256[],bool[]),0000fe7d // @audit setBridgeMediatorChainIds(address[],address[],uint256[]) ==> setBridgeMediatorChainIds_Od3(address[],address[],uint256[]),00005444 // @audit pause() ==> pause_yiS(),00002a4b // @audit unpause() ==> unpause_88B(),000051b7 // @audit checkAfterExecution(bytes32,bool) ==> checkAfterExecution_9m9(bytes32,bool),000073e2 // @audit getTargetSelectorChainId(address,bytes4,uint256) ==> getTargetSelectorChainId_ydL(address,bytes4,uint256),00000943 // @audit getBridgeMediatorChainId(address) ==> getBridgeMediatorChainId_0jg(address),00001aa9 88: contract GuardCM { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L88-L88 ```solidity File: governance/contracts/veOLAS.sol // @audit getLastUserPoint(address) ==> getLastUserPoint_FaO(address),00001367 // @audit getNumUserPoints(address) ==> getNumUserPoints_x1J(address),000010c8 // @audit getUserPoint(address,uint256) ==> getUserPoint_Ko9(address,uint256),0000d010 // @audit checkpoint() ==> checkpoint_w89(),00005475 // @audit depositFor(address,uint256) ==> depositFor_2tO(address,uint256),0000dc17 // @audit createLock(uint256,uint256) ==> createLock_N4f(uint256,uint256),0000d4ad // @audit createLockFor(address,uint256,uint256) ==> createLockFor_Q7s(address,uint256,uint256),0000b720 // @audit increaseAmount(uint256) ==> increaseAmount_j3x(uint256),0000841c // @audit increaseUnlockTime(uint256) ==> increaseUnlockTime_IbM(uint256),00000fe0 // @audit withdraw() ==> withdraw_wdp(),0000af32 // @audit lockedEnd(address) ==> lockedEnd_a5V(address),0000cd71 // @audit balanceOfAt(address,uint256) ==> balanceOfAt_Kph(address,uint256),00008aaa // @audit totalSupplyAt(uint256) ==> totalSupplyAt_n5S(uint256),00000e4e // @audit totalSupplyLockedAtT(uint256) ==> totalSupplyLockedAtT_q47(uint256),0000ceb8 // @audit totalSupplyLocked() ==> totalSupplyLocked_qK1(),000066cd 86: contract veOLAS is IErrors, IVotes, IERC20, IERC165 { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L86-L86 ```solidity File: governance/contracts/wveOLAS.sol // @audit totalNumPoints() ==> totalNumPoints_J9f(),0000702f // @audit mapSupplyPoints(uint256) ==> mapSupplyPoints_G6D(uint256),00000e2a // @audit mapSlopeChanges(uint64) ==> mapSlopeChanges_y4a(uint64),00000dcf // @audit getLastUserPoint(address) ==> getLastUserPoint_FaO(address),00001367 // @audit getNumUserPoints(address) ==> getNumUserPoints_x1J(address),000010c8 // @audit getUserPoint(address,uint256) ==> getUserPoint_Ko9(address,uint256),0000d010 // @audit getPastVotes(address,uint256) ==> getPastVotes_LaF(address,uint256),00004234 // @audit balanceOf(address) ==> balanceOf_qzn(address),000030d8 // @audit balanceOfAt(address,uint256) ==> balanceOfAt_Kph(address,uint256),00008aaa // @audit lockedEnd(address) ==> lockedEnd_a5V(address),0000cd71 // @audit getVotes(address) ==> getVotes_o6o(address),0000ac88 // @audit totalSupply() ==> totalSupply_B6A(),00005a30 // @audit totalSupplyAt(uint256) ==> totalSupplyAt_n5S(uint256),00000e4e // @audit totalSupplyLockedAtT(uint256) ==> totalSupplyLockedAtT_q47(uint256),0000ceb8 // @audit totalSupplyLocked() ==> totalSupplyLocked_qK1(),000066cd // @audit getPastTotalSupply(uint256) ==> getPastTotalSupply_5Nt(uint256),0000e587 // @audit supportsInterface(bytes4) ==> supportsInterface_l2D(bytes4),0000709f // @audit allowance(address,address) ==> allowance_IRG(address,address),00004b51 // @audit delegates(address) ==> delegates_c7I(address),0000fd4a 13: interface IVEOLAS { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L13-L13 ```solidity File: governance/contracts/wveOLAS.sol // @audit totalNumPoints() ==> totalNumPoints_J9f(),0000702f // @audit mapSupplyPoints(uint256) ==> mapSupplyPoints_G6D(uint256),00000e2a // @audit mapSlopeChanges(uint64) ==> mapSlopeChanges_y4a(uint64),00000dcf // @audit getLastUserPoint(address) ==> getLastUserPoint_FaO(address),00001367 // @audit getNumUserPoints(address) ==> getNumUserPoints_x1J(address),000010c8 // @audit getUserPoint(address,uint256) ==> getUserPoint_Ko9(address,uint256),0000d010 // @audit getVotes(address) ==> getVotes_o6o(address),0000ac88 // @audit getPastVotes(address,uint256) ==> getPastVotes_LaF(address,uint256),00004234 // @audit balanceOf(address) ==> balanceOf_qzn(address),000030d8 // @audit balanceOfAt(address,uint256) ==> balanceOfAt_Kph(address,uint256),00008aaa // @audit lockedEnd(address) ==> lockedEnd_a5V(address),0000cd71 // @audit totalSupply() ==> totalSupply_B6A(),00005a30 // @audit totalSupplyAt(uint256) ==> totalSupplyAt_n5S(uint256),00000e4e // @audit totalSupplyLockedAtT(uint256) ==> totalSupplyLockedAtT_q47(uint256),0000ceb8 // @audit totalSupplyLocked() ==> totalSupplyLocked_qK1(),000066cd // @audit getPastTotalSupply(uint256) ==> getPastTotalSupply_5Nt(uint256),0000e587 // @audit supportsInterface(bytes4) ==> supportsInterface_l2D(bytes4),0000709f // @audit transfer(address,uint256) ==> transfer_z1l(address,uint256),0000c956 // @audit approve(address,uint256) ==> approve_v2d(address,uint256),00004a01 // @audit transferFrom(address,address,uint256) ==> transferFrom_78S(address,address,uint256),00008711 // @audit allowance(address,address) ==> allowance_IRG(address,address),00004b51 // @audit delegates(address) ==> delegates_c7I(address),0000fd4a // @audit delegate(address) ==> delegate_l8r(address),00006e08 // @audit delegateBySig(address,uint256,uint256,uint8,bytes32,bytes32) ==> delegateBySig_Z7z(address,uint256,uint256,uint8,bytes32,bytes32),000082e1 130: contract wveOLAS { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L130-L130 ```solidity File: registries/contracts/AgentRegistry.sol // @audit calculateSubComponents(uint32[]) ==> calculateSubComponents_Sl2(uint32[]),0000df2e 9: contract AgentRegistry is UnitRegistry { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/AgentRegistry.sol#L9-L9 ```solidity File: registries/contracts/GenericManager.sol // @audit changeOwner(address) ==> changeOwner_I6k(address),00008de0 // @audit pause() ==> pause_yiS(),00002a4b // @audit unpause() ==> unpause_88B(),000051b7 8: abstract contract GenericManager is IErrorsRegistries { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericManager.sol#L8-L8 ```solidity File: registries/contracts/GenericRegistry.sol // @audit changeOwner(address) ==> changeOwner_I6k(address),00008de0 // @audit changeManager(address) ==> changeManager_HUx(address),0000a41e // @audit exists(uint256) ==> exists_r1M(uint256),0000e2c6 // @audit setBaseURI(string) ==> setBaseURI_7bZ(string),00008326 // @audit tokenByIndex(uint256) ==> tokenByIndex_1fT(uint256),0000fbfa 9: abstract contract GenericRegistry is IErrorsRegistries, ERC721 { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L9-L9 ```solidity File: registries/contracts/UnitRegistry.sol // @audit create(address,bytes32,uint32[]) ==> create_okH(address,bytes32,uint32[]),00008d31 // @audit updateHash(address,uint256,bytes32) ==> updateHash_E13(address,uint256,bytes32),0000d8e6 // @audit getUnit(uint256) ==> getUnit_RUE(uint256),0000f97b // @audit getDependencies(uint256) ==> getDependencies_0vC(uint256),0000e511 // @audit getUpdatedHashes(uint256) ==> getUpdatedHashes_uAP(uint256),0000c6a5 // @audit getLocalSubComponents(uint256) ==> getLocalSubComponents_c7a(uint256),0000b0da 8: abstract contract UnitRegistry is GenericRegistry { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L8-L8 ```solidity File: registries/contracts/interfaces/IRegistry.sol // @audit create(address,bytes32,uint32[]) ==> create_okH(address,bytes32,uint32[]),00008d31 // @audit updateHash(address,uint256,bytes32) ==> updateHash_E13(address,uint256,bytes32),0000d8e6 // @audit getLocalSubComponents(uint256) ==> getLocalSubComponents_c7a(uint256),0000b0da // @audit calculateSubComponents(uint32[]) ==> calculateSubComponents_Sl2(uint32[]),0000df2e // @audit getUpdatedHashes(uint256) ==> getUpdatedHashes_uAP(uint256),0000c6a5 // @audit totalSupply() ==> totalSupply_B6A(),00005a30 5: interface IRegistry { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/interfaces/IRegistry.sol#L5-L5 ```solidity File: registries/contracts/multisigs/GnosisSafeMultisig.sol // @audit createProxyWithNonce(address,bytes,uint256) ==> createProxyWithNonce_41C(address,bytes,uint256),0000c109 5: interface IGnosisSafeProxyFactory { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeMultisig.sol#L5-L5 ```solidity File: registries/contracts/multisigs/GnosisSafeMultisig.sol // @audit create(address[],uint256,bytes) ==> create_Uf12(address[],uint256,bytes),0000443d 24: contract GnosisSafeMultisig { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeMultisig.sol#L24-L24 ```solidity File: registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol // @audit getOwners() ==> getOwners_Rlw(),00007f89 // @audit getThreshold() ==> getThreshold_C5i(),00003889 5: interface IGnosisSafe { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol#L5-L5 ```solidity File: registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol // @audit create(address[],uint256,bytes) ==> create_Uf12(address[],uint256,bytes),0000443d 50: contract GnosisSafeSameAddressMultisig { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol#L50-L50 ```solidity File: tokenomics/contracts/Depository.sol // @audit changeOwner(address) ==> changeOwner_I6k(address),00008de0 // @audit changeManagers(address,address) ==> changeManagers_FKK(address,address),000067db // @audit changeBondCalculator(address) ==> changeBondCalculator_XiO(address),0000d742 // @audit create(address,uint256,uint256,uint256) ==> create_83f(address,uint256,uint256,uint256),00008118 // @audit close(uint256[]) ==> close_anB(uint256[]),00001790 // @audit deposit(uint256,uint256) ==> deposit_K8s(uint256,uint256),0000a5f4 // @audit redeem(uint256[]) ==> redeem_H2K(uint256[]),0000038e // @audit getProducts(bool) ==> getProducts_ZiH(bool),0000be0f // @audit isActiveProduct(uint256) ==> isActiveProduct_t1f(uint256),000089c9 // @audit getBonds(address,bool) ==> getBonds_f3Q(address,bool),0000781b // @audit getBondStatus(uint256) ==> getBondStatus_F44(uint256),00004876 // @audit getCurrentPriceLP(address) ==> getCurrentPriceLP_4lN(address),0000aad2 62: contract Depository is IErrorsTokenomics { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L62-L62 ```solidity File: tokenomics/contracts/Dispenser.sol // @audit changeOwner(address) ==> changeOwner_I6k(address),00008de0 // @audit changeManagers(address,address) ==> changeManagers_FKK(address,address),000067db // @audit claimOwnerIncentives(uint256[],uint256[]) ==> claimOwnerIncentives_XrZ(uint256[],uint256[]),00000601 11: contract Dispenser is IErrorsTokenomics { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Dispenser.sol#L11-L11 ```solidity File: tokenomics/contracts/DonatorBlacklist.sol // @audit changeOwner(address) ==> changeOwner_I6k(address),00008de0 // @audit setDonatorsStatuses(address[],bool[]) ==> setDonatorsStatuses_y1V(address[],bool[]),00009feb // @audit isDonatorBlacklisted(address) ==> isDonatorBlacklisted_TuV(address),000070cb 20: contract DonatorBlacklist { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/DonatorBlacklist.sol#L20-L20 ```solidity File: tokenomics/contracts/GenericBondCalculator.sol // @audit calculatePayoutOLAS(uint256,uint256) ==> calculatePayoutOLAS_7dW(uint256,uint256),0000d360 // @audit getCurrentPriceLP(address) ==> getCurrentPriceLP_4lN(address),0000aad2 20: contract GenericBondCalculator { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/GenericBondCalculator.sol#L20-L20 ```solidity File: tokenomics/contracts/Tokenomics.sol // @audit initializeTokenomics(address,address,address,address,address,uint256,address,address,address,address) ==> initializeTokenomics_hg(address,address,address,address,address,uint256,address,address,address,address),0000a686 // @audit tokenomicsImplementation() ==> tokenomicsImplementation_I6E(),0000554c // @audit changeTokenomicsImplementation(address) ==> changeTokenomicsImplementation_8ig(address),000094fd // @audit changeOwner(address) ==> changeOwner_I6k(address),00008de0 // @audit changeManagers(address,address,address) ==> changeManagers_9rh(address,address,address),00000915 // @audit changeRegistries(address,address,address) ==> changeRegistries_reM(address,address,address),00009b19 // @audit changeDonatorBlacklist(address) ==> changeDonatorBlacklist_22x(address),0000b8d2 // @audit changeTokenomicsParameters(uint256,uint256,uint256,uint256,uint256) ==> changeTokenomicsParameters_kai(uint256,uint256,uint256,uint256,uint256),0000c7fe // @audit changeIncentiveFractions(uint256,uint256,uint256,uint256,uint256) ==> changeIncentiveFractions_69r(uint256,uint256,uint256,uint256,uint256),000056da // @audit reserveAmountForBondProgram(uint256) ==> reserveAmountForBondProgram_y6U(uint256),0000d62c // @audit refundFromBondProgram(uint256) ==> refundFromBondProgram_ffT(uint256),0000485f // @audit trackServiceDonations(address,uint256[],uint256[],uint256) ==> trackServiceDonations_4n1V(address,uint256[],uint256[],uint256),0000cecd // @audit checkpoint() ==> checkpoint_w89(),00005475 // @audit accountOwnerIncentives(address,uint256[],uint256[]) ==> accountOwnerIncentives_nr4(address,uint256[],uint256[]),0000e8ee // @audit getOwnerIncentives(address,uint256[],uint256[]) ==> getOwnerIncentives_7ep(address,uint256[],uint256[]),0000a5ee // @audit getInflationPerEpoch() ==> getInflationPerEpoch_FeQ(),000041ae // @audit getUnitPoint(uint256,uint256) ==> getUnitPoint_1dt(uint256,uint256),0000fda3 // @audit getIDF(uint256) ==> getIDF_bfx(uint256),000082ab // @audit getLastIDF() ==> getLastIDF_B6N(),0000b7ab 118: contract Tokenomics is TokenomicsConstants, IErrorsTokenomics { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L118-L118 ```solidity File: tokenomics/contracts/TokenomicsConstants.sol // @audit getSupplyCapForYear(uint256) ==> getSupplyCapForYear_VbN(uint256),00009e9b // @audit getInflationForYear(uint256) ==> getInflationForYear_zge(uint256),000083d1 9: abstract contract TokenomicsConstants { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsConstants.sol#L9-L9 ```solidity File: tokenomics/contracts/Treasury.sol // @audit changeOwner(address) ==> changeOwner_I6k(address),00008de0 // @audit changeManagers(address,address,address) ==> changeManagers_9rh(address,address,address),00000915 // @audit changeMinAcceptedETH(uint256) ==> changeMinAcceptedETH_Ufj(uint256),00009d77 // @audit depositServiceDonationsETH(uint256[],uint256[]) ==> depositServiceDonationsETH_H3c(uint256[],uint256[]),0000c8d2 // @audit withdraw(address,uint256,address) ==> withdraw_o4t(address,uint256,address),00006350 // @audit withdrawToAccount(address,uint256,uint256) ==> withdrawToAccount_8tB(address,uint256,uint256),00007d13 // @audit rebalanceTreasury(uint256) ==> rebalanceTreasury_d4Q(uint256),0000af72 // @audit drainServiceSlashedFunds() ==> drainServiceSlashedFunds_M3G(),0000bcdf // @audit enableToken(address) ==> enableToken_GeX(address),00007237 // @audit disableToken(address) ==> disableToken_A2v(address),000029ec // @audit isEnabled(address) ==> isEnabled_NzM(address),000088e1 // @audit pause() ==> pause_yiS(),00002a4b // @audit unpause() ==> unpause_88B(),000051b7 39: contract Treasury is IErrorsTokenomics { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L39-L39 ```solidity File: tokenomics/contracts/interfaces/IDonatorBlacklist.sol // @audit isDonatorBlacklisted(address) ==> isDonatorBlacklisted_TuV(address),000070cb 5: interface IDonatorBlacklist { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IDonatorBlacklist.sol#L5-L5 ```solidity File: tokenomics/contracts/interfaces/IGenericBondCalculator.sol // @audit calculatePayoutOLAS(uint256,uint256) ==> calculatePayoutOLAS_7dW(uint256,uint256),0000d360 // @audit getCurrentPriceLP(address) ==> getCurrentPriceLP_4lN(address),0000aad2 5: interface IGenericBondCalculator { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IGenericBondCalculator.sol#L5-L5 ```solidity File: tokenomics/contracts/interfaces/IOLAS.sol // @audit mint(address,uint256) ==> mint_Qgo(address,uint256),00001784 // @audit timeLaunch() ==> timeLaunch_HgX(),00004d54 4: interface IOLAS { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IOLAS.sol#L4-L4 ```solidity File: tokenomics/contracts/interfaces/IServiceRegistry.sol // @audit exists(uint256) ==> exists_r1M(uint256),0000e2c6 // @audit slashedFunds() ==> slashedFunds_Vib(),0000621d // @audit drain() ==> drain_ZaQ(),00000402 5: interface IServiceRegistry { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IServiceRegistry.sol#L5-L5 ```solidity File: tokenomics/contracts/interfaces/IToken.sol // @audit balanceOf(address) ==> balanceOf_qzn(address),000030d8 // @audit ownerOf(uint256) ==> ownerOf_skz(uint256),0000686c // @audit totalSupply() ==> totalSupply_B6A(),00005a30 // @audit transfer(address,uint256) ==> transfer_z1l(address,uint256),0000c956 // @audit allowance(address,address) ==> allowance_IRG(address,address),00004b51 // @audit approve(address,uint256) ==> approve_v2d(address,uint256),00004a01 // @audit transferFrom(address,address,uint256) ==> transferFrom_78S(address,address,uint256),00008711 5: interface IToken { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IToken.sol#L5-L5 ```solidity File: tokenomics/contracts/interfaces/ITokenomics.sol // @audit effectiveBond() ==> effectiveBond_Cnw(),00001759 // @audit checkpoint() ==> checkpoint_w89(),00005475 // @audit trackServiceDonations(address,uint256[],uint256[],uint256) ==> trackServiceDonations_4n1V(address,uint256[],uint256[],uint256),0000cecd // @audit reserveAmountForBondProgram(uint256) ==> reserveAmountForBondProgram_y6U(uint256),0000d62c // @audit refundFromBondProgram(uint256) ==> refundFromBondProgram_ffT(uint256),0000485f // @audit accountOwnerIncentives(address,uint256[],uint256[]) ==> accountOwnerIncentives_nr4(address,uint256[],uint256[]),0000e8ee // @audit getLastIDF() ==> getLastIDF_B6N(),0000b7ab // @audit serviceRegistry() ==> serviceRegistry_VN(),0000f310 5: interface ITokenomics { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/ITokenomics.sol#L5-L5 ```solidity File: tokenomics/contracts/interfaces/ITreasury.sol // @audit depositServiceDonationsETH(uint256[],uint256[]) ==> depositServiceDonationsETH_H3c(uint256[],uint256[]),0000c8d2 // @audit isEnabled(address) ==> isEnabled_NzM(address),000088e1 // @audit withdrawToAccount(address,uint256,uint256) ==> withdrawToAccount_8tB(address,uint256,uint256),00007d13 // @audit rebalanceTreasury(uint256) ==> rebalanceTreasury_d4Q(uint256),0000af72 5: interface ITreasury { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/ITreasury.sol#L5-L5 ```solidity File: tokenomics/contracts/interfaces/IUniswapV2Pair.sol // @audit totalSupply() ==> totalSupply_B6A(),00005a30 // @audit token0() ==> token0_Jme(),00009d31 // @audit token1() ==> token1_h7i(),00001e7d // @audit getReserves() ==> getReserves_j97(),00006651 5: interface IUniswapV2Pair { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IUniswapV2Pair.sol#L5-L5 ```solidity File: tokenomics/contracts/interfaces/IVotingEscrow.sol // @audit getVotes(address) ==> getVotes_o6o(address),0000ac88 5: interface IVotingEscrow { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IVotingEscrow.sol#L5-L5 ### [G-28] Not using the named return variables anywhere in the function is confusing Consider changing the variable to be an unnamed one, since the variable is never assigned, nor is it returned by name. If the optimizer is not turned on, leaving the code as it is will also waste gas for the stack variable. *There are 3 instance(s) of this issue:* ```solidity File: registries/contracts/UnitRegistry.sol // @audit numDependencies // @audit dependencies 160: function getDependencies(uint256 unitId) external view virtual ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L160-L160 ```solidity File: registries/contracts/UnitRegistry.sol // @audit numHashes 171: function getUpdatedHashes(uint256 unitId) external view virtual ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L171-L171 ```solidity File: tokenomics/contracts/Depository.sol // @audit priceLP 491: function getCurrentPriceLP(address token) external view returns (uint256 priceLP) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L491-L491 ### [G-29] Constructors can be marked `payable` Payable functions cost less gas to execute, since the compiler does not have to add extra checks to ensure that a payment wasn't provided.A constructor can safely be marked as payable, since only the deployer would be able to pass funds, and the project itself would not pass any funds. *There are 23 instance(s) of this issue:* ```solidity File: governance/contracts/GovernorOLAS.sol 16: constructor( 17: IVotes governanceToken, 18: TimelockController timelock, 19: uint256 initialVotingDelay, 20: uint256 initialVotingPeriod, 21: uint256 initialProposalThreshold, 22: uint256 quorumFraction 23: ) 24: Governor("Governor OLAS") 25: GovernorSettings(initialVotingDelay, initialVotingPeriod, initialProposalThreshold) 26: GovernorVotes(governanceToken) 27: GovernorVotesQuorumFraction(quorumFraction) 28: GovernorTimelockControl(timelock) 29: {} ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/GovernorOLAS.sol#L16-L29 ```solidity File: governance/contracts/OLAS.sol 35: constructor() ERC20("Autonolas", "OLAS", 18) { 36: owner = msg.sender; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L35-L36 ```solidity File: governance/contracts/Timelock.sol 10: constructor(uint256 minDelay, address[] memory proposers, address[] memory executors) 11: TimelockController(minDelay, proposers, executors, msg.sender) 12: {} ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/Timelock.sol#L10-L12 ```solidity File: governance/contracts/bridges/BridgedERC20.sol 24: constructor(string memory _name, string memory _symbol, uint8 _decimals) ERC20(_name, _symbol, _decimals) { 25: owner = msg.sender; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/BridgedERC20.sol#L24-L25 ```solidity File: governance/contracts/bridges/FxERC20ChildTunnel.sol 37: constructor(address _fxChild, address _childToken, address _rootToken) FxBaseChildTunnel(_fxChild) { 38: // Check for zero addresses ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20ChildTunnel.sol#L37-L38 ```solidity File: governance/contracts/bridges/FxERC20RootTunnel.sol 38: constructor(address _checkpointManager, address _fxRoot, address _childToken, address _rootToken) 39: FxBaseRootTunnel(_checkpointManager, _fxRoot) 40: { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20RootTunnel.sol#L38-L40 ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol 62: constructor(address _fxChild, address _rootGovernor) { 63: // Check fo zero addresses ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L62-L63 ```solidity File: governance/contracts/bridges/HomeMediator.sol 62: constructor(address _AMBContractProxyHome, address _foreignGovernor) { 63: // Check fo zero addresses ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L62-L63 ```solidity File: governance/contracts/multisigs/GuardCM.sol 138: constructor( 139: address _timelock, 140: address _multisig, 141: address _governor 142: ) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L138-L142 ```solidity File: governance/contracts/veOLAS.sol 132: constructor(address _token, string memory _name, string memory _symbol) 133: { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L132-L133 ```solidity File: governance/contracts/wveOLAS.sol 145: constructor(address _ve, address _token) { 146: // Check for the zero address ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L145-L146 ```solidity File: registries/contracts/AgentRegistry.sol 20: constructor(string memory _name, string memory _symbol, string memory _baseURI, address _componentRegistry) 21: UnitRegistry(UnitType.Agent) 22: ERC721(_name, _symbol) 23: { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/AgentRegistry.sol#L20-L23 ```solidity File: registries/contracts/ComponentRegistry.sol 16: constructor(string memory _name, string memory _symbol, string memory _baseURI) 17: UnitRegistry(UnitType.Component) 18: ERC721(_name, _symbol) 19: { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/ComponentRegistry.sol#L16-L19 ```solidity File: registries/contracts/RegistriesManager.sol 15: constructor(address _componentRegistry, address _agentRegistry) { 16: componentRegistry = _componentRegistry; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/RegistriesManager.sol#L15-L16 ```solidity File: registries/contracts/UnitRegistry.sol 35: constructor(UnitType _unitType) { 36: unitType = _unitType; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L35-L36 ```solidity File: registries/contracts/multisigs/GnosisSafeMultisig.sol 37: constructor (address payable _gnosisSafe, address _gnosisSafeProxyFactory) { 38: gnosisSafe = _gnosisSafe; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeMultisig.sol#L37-L38 ```solidity File: registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol 60: constructor(bytes32 _proxyHash) { 61: if (_proxyHash == bytes32(0)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol#L60-L61 ```solidity File: tokenomics/contracts/Depository.sol 106: constructor(address _olas, address _tokenomics, address _treasury, address _bondCalculator) 107: { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L106-L107 ```solidity File: tokenomics/contracts/Dispenser.sol 30: constructor(address _tokenomics, address _treasury) 31: { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Dispenser.sol#L30-L31 ```solidity File: tokenomics/contracts/DonatorBlacklist.sol 30: constructor() { 31: owner = msg.sender; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/DonatorBlacklist.sol#L30-L31 ```solidity File: tokenomics/contracts/GenericBondCalculator.sol 29: constructor(address _olas, address _tokenomics) { 30: // Check for at least one zero contract address ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/GenericBondCalculator.sol#L29-L30 ```solidity File: tokenomics/contracts/Tokenomics.sol 232: constructor() 233: TokenomicsConstants() 234: {} ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L232-L234 ```solidity File: tokenomics/contracts/TokenomicsProxy.sol 33: constructor(address tokenomics, bytes memory tokenomicsData) { 34: // Check for the zero address, since the delegatecall works even with the zero one ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsProxy.sol#L33-L34 ### [G-30] Using `private` rather than `public` for constants, saves gas If needed, the values can be read from the verified contract source code, or if there are multiple values there can be a single getter function that [returns a tuple](https://github.com/code-423n4/2022-08-frax/blob/90f55a9ce4e25bceed3a74290b854341d8de6afa/src/contracts/FraxlendPair.sol#L156-L178) of the values of all currently-public constants. Saves **3406-3606 gas** in deployment gas due to the compiler not having to create non-payable getter functions for deployment calldata, not having to store the bytes of the value outside of where it's used, and not adding another entry to the method ID table *There are 33 instance(s) of this issue:* ```solidity File: governance/contracts/OLAS.sol 22: uint256 public constant oneYear = 1 days * 365; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L22-L22 ```solidity File: governance/contracts/OLAS.sol 24: uint256 public constant tenYearSupplyCap = 1_000_000_000e18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L24-L24 ```solidity File: governance/contracts/OLAS.sol 26: uint256 public constant maxMintCapFraction = 2; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L26-L26 ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol 53: uint256 public constant DEFAULT_DATA_LENGTH = 36; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L53-L53 ```solidity File: governance/contracts/bridges/HomeMediator.sol 53: uint256 public constant DEFAULT_DATA_LENGTH = 36; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L53-L53 ```solidity File: governance/contracts/multisigs/GuardCM.sol 97: bytes4 public constant SCHEDULE = bytes4(keccak256(bytes("schedule(address,uint256,bytes,bytes32,bytes32,uint256)"))); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L97-L97 ```solidity File: governance/contracts/multisigs/GuardCM.sol 99: bytes4 public constant SCHEDULE_BATCH = bytes4(keccak256(bytes("scheduleBatch(address[],uint256[],bytes[],bytes32,bytes32,uint256)"))); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L99-L99 ```solidity File: governance/contracts/multisigs/GuardCM.sol 101: bytes4 public constant REQUIRE_TO_PASS_MESSAGE = bytes4(keccak256(bytes("requireToPassMessage(address,bytes,uint256)"))); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L101-L101 ```solidity File: governance/contracts/multisigs/GuardCM.sol 103: bytes4 public constant PROCESS_MESSAGE_FROM_FOREIGN = bytes4(keccak256(bytes("processMessageFromForeign(bytes)"))); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L103-L103 ```solidity File: governance/contracts/multisigs/GuardCM.sol 105: bytes4 public constant SEND_MESSAGE_TO_CHILD = bytes4(keccak256(bytes("sendMessageToChild(address,bytes)"))); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L105-L105 ```solidity File: governance/contracts/multisigs/GuardCM.sol 111: uint256 public constant MIN_SCHEDULE_DATA_LENGTH = 260; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L111-L111 ```solidity File: governance/contracts/multisigs/GuardCM.sol 113: uint256 public constant SELECTOR_DATA_LENGTH = 4; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L113-L113 ```solidity File: governance/contracts/multisigs/GuardCM.sol 115: uint256 public constant MIN_GNOSIS_PAYLOAD_LENGTH = 292; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L115-L115 ```solidity File: governance/contracts/multisigs/GuardCM.sol 117: uint256 public constant MIN_POLYGON_PAYLOAD_LENGTH = 164; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L117-L117 ```solidity File: governance/contracts/veOLAS.sol 105: uint8 public constant decimals = 18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L105-L105 ```solidity File: governance/contracts/wveOLAS.sol 136: string public constant name = "Voting Escrow OLAS"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L136-L136 ```solidity File: governance/contracts/wveOLAS.sol 138: string public constant symbol = "veOLAS"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L138-L138 ```solidity File: governance/contracts/wveOLAS.sol 140: uint8 public constant decimals = 18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L140-L140 ```solidity File: registries/contracts/AgentRegistry.sol 13: string public constant VERSION = "1.0.0"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/AgentRegistry.sol#L13-L13 ```solidity File: registries/contracts/ComponentRegistry.sol 10: string public constant VERSION = "1.0.0"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/ComponentRegistry.sol#L10-L10 ```solidity File: registries/contracts/GenericRegistry.sol 33: string public constant CID_PREFIX = "f01701220"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L33-L33 ```solidity File: registries/contracts/multisigs/GnosisSafeMultisig.sol 26: bytes4 public constant GNOSIS_SAFE_SETUP_SELECTOR = 0xb63e800d; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeMultisig.sol#L26-L26 ```solidity File: registries/contracts/multisigs/GnosisSafeMultisig.sol 28: uint256 public constant DEFAULT_DATA_LENGTH = 144; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeMultisig.sol#L28-L28 ```solidity File: registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol 53: uint256 public constant DEFAULT_DATA_LENGTH = 20; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol#L53-L53 ```solidity File: tokenomics/contracts/Depository.sol 75: uint256 public constant MIN_VESTING = 1 days; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L75-L75 ```solidity File: tokenomics/contracts/Depository.sol 77: string public constant VERSION = "1.0.1"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L77-L77 ```solidity File: tokenomics/contracts/TokenomicsConstants.sol 11: string public constant VERSION = "1.0.1"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsConstants.sol#L11-L11 ```solidity File: tokenomics/contracts/TokenomicsConstants.sol 14: bytes32 public constant PROXY_TOKENOMICS = 0xbd5523e7c3b6a94aa0e3b24d1120addc2f95c7029e097b466b2bedc8d4b4362f; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsConstants.sol#L14-L14 ```solidity File: tokenomics/contracts/TokenomicsConstants.sol 16: uint256 public constant ONE_YEAR = 1 days * 365; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsConstants.sol#L16-L16 ```solidity File: tokenomics/contracts/TokenomicsConstants.sol 18: uint256 public constant MIN_EPOCH_LENGTH = 1 weeks; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsConstants.sol#L18-L18 ```solidity File: tokenomics/contracts/TokenomicsConstants.sol 20: uint256 public constant MIN_PARAM_VALUE = 1e14; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsConstants.sol#L20-L20 ```solidity File: tokenomics/contracts/TokenomicsProxy.sol 28: bytes32 public constant PROXY_TOKENOMICS = 0xbd5523e7c3b6a94aa0e3b24d1120addc2f95c7029e097b466b2bedc8d4b4362f; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsProxy.sol#L28-L28 ```solidity File: tokenomics/contracts/Treasury.sol 56: address public constant ETH_TOKEN_ADDRESS = address(0xEeeeeEeeeEeEeeEeEeEeeEEEeeeeEeeeeeeeEEeE); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L56-L56 ### [G-31] Remove or replace unused state variables Saves a storage slot. If the variable is assigned a non-zero value, saves Gsset (**20000 gas**). If it's assigned a zero value, saves Gsreset (**2900 gas**). If the variable remains unassigned, there is no gas savings unless the variable is `public`, in which case the compiler-generated non-payable getter deployment cost is saved. If the state variable is overriding an interface's public function, mark the variable as `constant` or `immutable` so that it does not use a storage slot *There are 3 instance(s) of this issue:* ```solidity File: tokenomics/contracts/Tokenomics.sol 217: mapping(uint256 => uint256) public mapServiceAmounts; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L217-L217 ```solidity File: tokenomics/contracts/Tokenomics.sol 219: mapping(address => uint256) public mapOwnerRewards; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L219-L219 ```solidity File: tokenomics/contracts/Tokenomics.sol 221: mapping(address => uint256) public mapOwnerTopUps; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L221-L221 ### [G-32] Avoid updating storage when the value hasn't changed to save gas If the old value is equal to the new value, not re-storing the value will avoid a Gsreset (**2900 gas**), potentially at the expense of a Gcoldsload (**2100 gas**) or a Gwarmaccess (**100 gas**) *There are 11 instance(s) of this issue:* ```solidity File: governance/contracts/wveOLAS.sol 170: function mapSlopeChanges(uint64 ts) external view returns (int128 slopeChange) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L170-L170 ```solidity File: registries/contracts/UnitRegistry.sol 171: function getUpdatedHashes(uint256 unitId) external view virtual ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L171-L171 ```solidity File: tokenomics/contracts/Depository.sol 143: function changeManagers(address _tokenomics, address _treasury) external { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L143-L143 ```solidity File: tokenomics/contracts/Depository.sol 163: function changeBondCalculator(address _bondCalculator) external { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L163-L163 ```solidity File: tokenomics/contracts/Dispenser.sol 64: function changeManagers(address _tokenomics, address _treasury) external { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Dispenser.sol#L64-L64 ```solidity File: tokenomics/contracts/Tokenomics.sol 423: function changeManagers(address _treasury, address _depository, address _dispenser) external { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L423-L423 ```solidity File: tokenomics/contracts/Tokenomics.sol 450: function changeRegistries(address _componentRegistry, address _agentRegistry, address _serviceRegistry) external { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L450-L450 ```solidity File: tokenomics/contracts/Tokenomics.sol 474: function changeDonatorBlacklist(address _donatorBlacklist) external { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L474-L474 ```solidity File: tokenomics/contracts/Tokenomics.sol 497: function changeTokenomicsParameters( ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L497-L497 ```solidity File: tokenomics/contracts/Tokenomics.sol 562: function changeIncentiveFractions( ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L562-L562 ```solidity File: tokenomics/contracts/Treasury.sol 156: function changeManagers(address _tokenomics, address _depository, address _dispenser) external { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L156-L156 ### [G-33] Use shift Right instead of division if possible to save gas *There are 1 instance(s) of this issue:* ```solidity File: governance/contracts/veOLAS.sol 565: uint256 mid = (minPointNumber + maxPointNumber + 1) / 2; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L565-L565 ### [G-34] Use shift Left instead of multiplication if possible to save gas *There are 2 instance(s) of this issue:* ```solidity File: governance/contracts/veOLAS.sol 101: uint256 internal constant MAXTIME = 4 * 365 * 86400; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L101-L101 ```solidity File: governance/contracts/veOLAS.sol 103: int128 internal constant IMAXTIME = 4 * 365 * 86400; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L103-L103 ### [G-35] Usage of `uints`/`ints` smaller than 32 bytes (256 bits) incurs overhead > When using elements that are smaller than 32 bytes, your contract's gas usage may be higher. This is because the EVM operates on 32 bytes at a time. Therefore, if the element is smaller than that, the EVM must use more operations in order to reduce the size of the element from 32 bytes to the desired size. https://docs.soliditylang.org/en/v0.8.11/internals/layout_in_storage.html Each operation involving a `uint8` costs an extra [** 22 - 28 gas **](https://gist.github.com/IllIllI000/9388d20c70f9a4632eb3ca7836f54977) (depending on whether the other operand is also a variable of type `uint8`) as compared to ones involving `uint256`, due to the compiler having to clear the higher bits of the memory word before operating on the `uint8`, as well as the associated stack operations of doing so. Use a larger size then downcast where needed *There are 45 instance(s) of this issue:* ```solidity File: governance/contracts/bridges/BridgedERC20.sol //@audit `_decimals` is `uint8` 24: constructor(string memory _name, string memory _symbol, uint8 _decimals) ERC20(_name, _symbol, _decimals) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/BridgedERC20.sol#L24-L24 ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol //@audit `value` is `uint96` 127: uint96 value; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L127-L127 ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol //@audit `payloadLength` is `uint32` 128: uint32 payloadLength; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L128-L128 ```solidity File: governance/contracts/bridges/HomeMediator.sol //@audit `value` is `uint96` 127: uint96 value; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L127-L127 ```solidity File: governance/contracts/bridges/HomeMediator.sol //@audit `payloadLength` is `uint32` 128: uint32 payloadLength; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L128-L128 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit `payloadLength` is `uint32` 214: uint32 payloadLength; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L214-L214 ```solidity File: governance/contracts/veOLAS.sol //@audit `curSupply` is `uint128` 177: uint128 curSupply ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L177-L177 ```solidity File: governance/contracts/veOLAS.sol //@audit `oldDSlope` is `int128` 181: int128 oldDSlope; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L181-L181 ```solidity File: governance/contracts/veOLAS.sol //@audit `newDSlope` is `int128` 182: int128 newDSlope; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L182-L182 ```solidity File: governance/contracts/veOLAS.sol //@audit `lastCheckpoint` is `uint64` 217: uint64 lastCheckpoint = lastPoint.ts; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L217-L217 ```solidity File: governance/contracts/veOLAS.sol //@audit `tStep` is `uint64` 231: uint64 tStep = (lastCheckpoint / WEEK) * WEEK; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L231-L231 ```solidity File: governance/contracts/veOLAS.sol //@audit `dSlope` is `int128` 239: int128 dSlope; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L239-L239 ```solidity File: governance/contracts/veOLAS.sol //@audit `ts` is `uint64` 593: function _balanceOfLocked(address account, uint64 ts) internal view returns (uint256 vBalance) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L593-L593 ```solidity File: governance/contracts/veOLAS.sol //@audit `ts` is `uint64` 690: function _supplyLockedAt(PointVoting memory lastPoint, uint64 ts) internal view returns (uint256 vSupply) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L690-L690 ```solidity File: governance/contracts/veOLAS.sol //@audit `tStep` is `uint64` 692: uint64 tStep = (lastPoint.ts / WEEK) * WEEK; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L692-L692 ```solidity File: governance/contracts/veOLAS.sol //@audit `dSlope` is `int128` 698: int128 dSlope; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L698-L698 ```solidity File: governance/contracts/veOLAS.sol //@audit `v` is `uint8` 800: function delegateBySig(address delegatee, uint256 nonce, uint256 expiry, uint8 v, bytes32 r, bytes32 s) ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L800-L800 ```solidity File: governance/contracts/wveOLAS.sol //@audit `ts` is `uint64` 26: function mapSlopeChanges(uint64 ts) external view returns (int128 slopeChange); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L26-L26 ```solidity File: governance/contracts/wveOLAS.sol //@audit `slopeChange` is `int128` 26: function mapSlopeChanges(uint64 ts) external view returns (int128 slopeChange); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L26-L26 ```solidity File: governance/contracts/wveOLAS.sol //@audit `ts` is `uint64` 170: function mapSlopeChanges(uint64 ts) external view returns (int128 slopeChange) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L170-L170 ```solidity File: governance/contracts/wveOLAS.sol //@audit `slopeChange` is `int128` 170: function mapSlopeChanges(uint64 ts) external view returns (int128 slopeChange) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L170-L170 ```solidity File: governance/contracts/wveOLAS.sol //@audit `` is `uint8` 328: function delegateBySig(address, uint256, uint256, uint8, bytes32, bytes32) external ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L328-L328 ```solidity File: registries/contracts/AgentRegistry.sol //@audit `` is `uint32` 31: function _checkDependencies(uint32[] memory dependencies, uint32) internal virtual override { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/AgentRegistry.sol#L31-L31 ```solidity File: registries/contracts/AgentRegistry.sol //@audit `componentTotalSupply` is `uint32` 38: uint32 componentTotalSupply = uint32(IRegistry(componentRegistry).totalSupply()); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/AgentRegistry.sol#L38-L38 ```solidity File: registries/contracts/AgentRegistry.sol //@audit `lastId` is `uint32` 39: uint32 lastId; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/AgentRegistry.sol#L39-L39 ```solidity File: registries/contracts/AgentRegistry.sol //@audit `unitId` is `uint32` 54: function _getSubComponents(UnitType subcomponentsFromType, uint32 unitId) internal view virtual override ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/AgentRegistry.sol#L54-L54 ```solidity File: registries/contracts/ComponentRegistry.sol //@audit `maxComponentId` is `uint32` 27: function _checkDependencies(uint32[] memory dependencies, uint32 maxComponentId) internal virtual override { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/ComponentRegistry.sol#L27-L27 ```solidity File: registries/contracts/ComponentRegistry.sol //@audit `lastId` is `uint32` 28: uint32 lastId; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/ComponentRegistry.sol#L28-L28 ```solidity File: registries/contracts/ComponentRegistry.sol //@audit `componentId` is `uint32` 41: function _getSubComponents(UnitType, uint32 componentId) internal view virtual override ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/ComponentRegistry.sol#L41-L41 ```solidity File: registries/contracts/UnitRegistry.sol //@audit `maxUnitId` is `uint32` 42: function _checkDependencies(uint32[] memory dependencies, uint32 maxUnitId) internal virtual; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L42-L42 ```solidity File: registries/contracts/UnitRegistry.sol //@audit `unitId` is `uint32` 193: function _getSubComponents(UnitType subcomponentsFromType, uint32 unitId) internal view virtual ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L193-L193 ```solidity File: registries/contracts/UnitRegistry.sol //@audit `numUnits` is `uint32` 203: uint32 numUnits = uint32(unitIds.length); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L203-L203 ```solidity File: registries/contracts/UnitRegistry.sol //@audit `maxNumComponents` is `uint32` 210: uint32 maxNumComponents; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L210-L210 ```solidity File: registries/contracts/UnitRegistry.sol //@audit `i` is `uint32` 211: for (uint32 i = 0; i < numUnits; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L211-L211 ```solidity File: registries/contracts/UnitRegistry.sol //@audit `minComponent` is `uint32` 223: uint32 minComponent; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L223-L223 ```solidity File: registries/contracts/UnitRegistry.sol //@audit `counter` is `uint32` 225: uint32 counter; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L225-L225 ```solidity File: registries/contracts/UnitRegistry.sol //@audit `minIdxComponent` is `uint32` 229: uint32 minIdxComponent; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L229-L229 ```solidity File: registries/contracts/UnitRegistry.sol //@audit `numComponentsCheck` is `uint32` 231: uint32 numComponentsCheck; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L231-L231 ```solidity File: registries/contracts/UnitRegistry.sol //@audit `tryMinComponent` is `uint32` 232: uint32 tryMinComponent = type(uint32).max; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L232-L232 ```solidity File: registries/contracts/UnitRegistry.sol //@audit `i` is `uint32` 234: for (uint32 i = 0; i < numUnits; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L234-L234 ```solidity File: registries/contracts/UnitRegistry.sol //@audit `i` is `uint32` 262: for (uint32 i = 0; i < counter; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L262-L262 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `amount` is `uint96` 726: uint96 amount = uint96(amounts[i] / numServiceUnits); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L726-L726 ```solidity File: tokenomics/contracts/interfaces/IUniswapV2Pair.sol //@audit `reserve0` is `uint112` 9: function getReserves() external view returns (uint112 reserve0, uint112 reserve1, uint32 blockTimestampLast); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IUniswapV2Pair.sol#L9-L9 ```solidity File: tokenomics/contracts/interfaces/IUniswapV2Pair.sol //@audit `reserve1` is `uint112` 9: function getReserves() external view returns (uint112 reserve0, uint112 reserve1, uint32 blockTimestampLast); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IUniswapV2Pair.sol#L9-L9 ```solidity File: tokenomics/contracts/interfaces/IUniswapV2Pair.sol //@audit `blockTimestampLast` is `uint32` 9: function getReserves() external view returns (uint112 reserve0, uint112 reserve1, uint32 blockTimestampLast); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IUniswapV2Pair.sol#L9-L9 ### [G-36] The use of a logical AND in place of double if is slightly less gas efficient in instances where there isn't a corresponding else statement for the given if statement Using a double if statement instead of logical AND (&&) can provide similar short-circuiting behavior whereas double if is slightly more efficient. *There are 11 instance(s) of this issue:* ```solidity File: governance/contracts/multisigs/GuardCM.sol 519: if (chainId != 100 && chainId != 137 && chainId != 10200 && chainId != 80001) { 520: revert L2ChainIdNotSupported(chainId); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L519-L520 ```solidity File: governance/contracts/veOLAS.sol 188: if (oldLocked.endTime > block.timestamp && oldLocked.amount > 0) { 189: uOld.slope = int128(oldLocked.amount) / IMAXTIME; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L188-L189 ```solidity File: governance/contracts/veOLAS.sol 192: if (newLocked.endTime > block.timestamp && newLocked.amount > 0) { 193: uNew.slope = int128(newLocked.amount) / IMAXTIME; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L192-L193 ```solidity File: governance/contracts/veOLAS.sol 306: if (newLocked.endTime > block.timestamp && newLocked.endTime > oldLocked.endTime) { 307: newDSlope -= uNew.slope; // old slope disappeared at this point ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L306-L307 ```solidity File: governance/contracts/wveOLAS.sol 215: if (uPoint.blockNumber > 0 && blockNumber >= uPoint.blockNumber) { 216: balance = IVEOLAS(ve).getPastVotes(account, blockNumber); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L215-L216 ```solidity File: governance/contracts/wveOLAS.sol 235: if (uPoint.blockNumber > 0 && blockNumber >= uPoint.blockNumber) { 236: balance = IVEOLAS(ve).balanceOfAt(account, blockNumber); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L235-L236 ```solidity File: tokenomics/contracts/Tokenomics.sol 750: if (topUpEligible && incentiveFlags[unitType + 2]) { 751: mapUnitIncentives[unitType][serviceUnitIds[j]].pendingRelativeTopUp += amount; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L750-L751 ```solidity File: tokenomics/contracts/Tokenomics.sol 801: if (bList != address(0) && IDonatorBlacklist(bList).isDonatorBlacklisted(donator)) { 802: revert DonatorBlacklisted(donator); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L801-L802 ```solidity File: tokenomics/contracts/Tokenomics.sol 1138: if (lastEpoch > 0 && lastEpoch < curEpoch) { 1139: _finalizeIncentivesForUnitId(lastEpoch, unitTypes[i], unitIds[i]); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1138-L1139 ```solidity File: tokenomics/contracts/Tokenomics.sol 1206: if (lastEpoch > 0 && lastEpoch < curEpoch) { 1207: // Get the overall amount of unit rewards for the component's last epoch 1208: // reward = (pendingRelativeReward * rewardUnitFraction) / 100 1209: uint256 totalIncentives = mapUnitIncentives[unitTypes[i]][unitIds[i]].pendingRelativeReward; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1206-L1209 ```solidity File: tokenomics/contracts/Treasury.sol 402: if (accountRewards > 0 && amountETHFromServices >= accountRewards) { 403: amountETHFromServices -= accountRewards; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L402-L403 ### [G-37] State variables only set in the constructor should be declared `immutable` Avoids a Gsset(** 20000 gas**) in the constructor, and replaces the first access in each transaction(Gcoldsload - ** 2100 gas **) and each access thereafter(Gwarmacces - ** 100 gas **) with a`PUSH32`(** 3 gas **). While`string`s are not value types, and therefore cannot be`immutable` / `constant` if not hard - coded outside of the constructor, the same behavior can be achieved by making the current contract `abstract` with `virtual` functions for the`string` accessors, and having a child contract override the functions with the hard - coded implementation - specific values. *There are 2 instance(s) of this issue:* ```solidity File: governance/contracts/veOLAS.sol 135: name = _name; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L135-L135 ```solidity File: governance/contracts/veOLAS.sol 136: symbol = _symbol; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L136-L136 ### [G-38] Stack variable used as a cheaper cache for a state variable is only used once If the variable is only accessed once, it's cheaper to use the state variable directly that one time, and save the **3 gas** the extra stack assignment would spend. However, if it used as a parameter in an event emit, then caching it will help reduce gas by at least ***10 gas*** *There are 3 instance(s) of this issue:* ```solidity File: governance/contracts/veOLAS.sol 739: PointVoting memory lastPoint = mapSupplyPoints[totalNumPoints]; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L739-L739 ```solidity File: tokenomics/contracts/Tokenomics.sol 1130: uint256 curEpoch = epochCounter; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1130-L1130 ```solidity File: tokenomics/contracts/Tokenomics.sol 1200: uint256 curEpoch = epochCounter; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1200-L1200 ### [G-39] Cache state variables outside of loop to avoid reading storage on every iteration Reading from storage should always try to be avoided within loops.In the following instances, we are able to cache state variables outside of the loop to save a Gwarmaccess(100 gas) per loop iteration. Note: Due to stack too deep errors, we will not be able to cache all the state variables read within the loops. *There are 9 instance(s) of this issue:* ```solidity File: tokenomics/contracts/Depository.sol //@audit `tokenomics` is a state variable, try to cache it outside the loop 262: ITokenomics(tokenomics).refundFromBondProgram(supply); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L262-L262 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `serviceRegistry` is a state variable, try to cache it outside the loop 708: address serviceOwner = IToken(serviceRegistry).ownerOf(serviceIds[i]); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L708-L708 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `veOLASThreshold` is a state variable, try to cache it outside the loop 709: topUpEligible = (IVotingEscrow(ve).getVotes(serviceOwner) >= veOLASThreshold || ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L709-L709 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `ve` is a state variable, try to cache it outside the loop 709: topUpEligible = (IVotingEscrow(ve).getVotes(serviceOwner) >= veOLASThreshold || ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L709-L709 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `veOLASThreshold` is a state variable, try to cache it outside the loop 710: IVotingEscrow(ve).getVotes(donator) >= veOLASThreshold) ? true : false; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L710-L710 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `ve` is a state variable, try to cache it outside the loop 710: IVotingEscrow(ve).getVotes(donator) >= veOLASThreshold) ? true : false; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L710-L710 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `serviceRegistry` is a state variable, try to cache it outside the loop 716: (uint256 numServiceUnits, uint32[] memory serviceUnitIds) = IServiceRegistry(serviceRegistry). ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L716-L716 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `serviceRegistry` is a state variable, try to cache it outside the loop 716: (uint256 numServiceUnits, uint32[] memory serviceUnitIds) = IServiceRegistry(serviceRegistry). ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L716-L716 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `serviceRegistry` is a state variable, try to cache it outside the loop 810: if (!IServiceRegistry(serviceRegistry).exists(serviceIds[i])) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L810-L810 ### [G-40] Using `storage` instead of `memory` for structs/arrays saves gas When fetching data from a storage location, assigning the data to a `memory` variable causes all fields of the struct/array to be read from storage, which incurs a Gcoldsload (**2100 gas**) for *each* field of the struct/array. If the fields are read from the new memory variable, they incur an additional `MLOAD` rather than a cheap stack read. Instead of declearing the variable with the `memory` keyword, declaring the variable with the `storage` keyword and caching any fields that need to be re-read in stack variables, will be much cheaper, only incuring the Gcoldsload for the fields actually read. The only time it makes sense to read the whole struct/array into a `memory` variable, is if the full struct/array is being returned by the function, is being passed to a function that requires `memory`, or if the array/struct is being read from another `memory` array/struct *There are 3 instance(s) of this issue:* ```solidity File: governance/contracts/veOLAS.sol 655: PointVoting memory pointNext = mapSupplyPoints[minPointNumber + 1]; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L655-L655 ```solidity File: tokenomics/contracts/TokenomicsConstants.sol 33: uint96[10] memory supplyCaps = [ ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsConstants.sol#L33-L33 ```solidity File: tokenomics/contracts/TokenomicsConstants.sol 70: uint88[10] memory inflationAmounts = [ ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsConstants.sol#L70-L70 ### [G-41] `>=`/`<=` costs less gas than `>`/`<` The compiler uses opcodes `GT` and `ISZERO` for solidity code that uses `>`, but only requires `LT` for `>=`, [which saves **3 gas**](https://gist.github.com/IllIllI000/3dc79d25acccfa16dee4e83ffdc6ffde) *There are 135 instance(s) of this issue:* ```solidity File: governance/contracts/OLAS.sol 105: if (numYears > 9) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L105-L105 ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol 120: if (dataLength < DEFAULT_DATA_LENGTH) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L120-L120 ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol 147: if (value > address(this).balance) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L147-L147 ```solidity File: governance/contracts/bridges/HomeMediator.sol 120: if (dataLength < DEFAULT_DATA_LENGTH) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L120-L120 ```solidity File: governance/contracts/bridges/HomeMediator.sol 147: if (value > address(this).balance) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L147-L147 ```solidity File: governance/contracts/multisigs/GuardCM.sol 231: if (payloadLength < SELECTOR_DATA_LENGTH) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L231-L231 ```solidity File: governance/contracts/multisigs/GuardCM.sol 267: if (data.length < MIN_GNOSIS_PAYLOAD_LENGTH) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L267-L267 ```solidity File: governance/contracts/multisigs/GuardCM.sol 312: if (data.length < MIN_POLYGON_PAYLOAD_LENGTH) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L312-L312 ```solidity File: governance/contracts/multisigs/GuardCM.sol 410: if (data.length < SELECTOR_DATA_LENGTH) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L410-L410 ```solidity File: governance/contracts/multisigs/GuardCM.sol 421: if (data.length < MIN_SCHEDULE_DATA_LENGTH) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L421-L421 ```solidity File: governance/contracts/veOLAS.sol 147: if (lastPointNumber > 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L147-L147 ```solidity File: governance/contracts/veOLAS.sol 188: if (oldLocked.endTime > block.timestamp && oldLocked.amount > 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L188-L188 ```solidity File: governance/contracts/veOLAS.sol 188: if (oldLocked.endTime > block.timestamp && oldLocked.amount > 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L188-L188 ```solidity File: governance/contracts/veOLAS.sol 192: if (newLocked.endTime > block.timestamp && newLocked.amount > 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L192-L192 ```solidity File: governance/contracts/veOLAS.sol 192: if (newLocked.endTime > block.timestamp && newLocked.amount > 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L192-L192 ```solidity File: governance/contracts/veOLAS.sol 201: if (newLocked.endTime > 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L201-L201 ```solidity File: governance/contracts/veOLAS.sol 211: if (curNumPoint > 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L211-L211 ```solidity File: governance/contracts/veOLAS.sol 222: if (block.timestamp > lastPoint.ts) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L222-L222 ```solidity File: governance/contracts/veOLAS.sol 240: if (tStep > block.timestamp) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L240-L240 ```solidity File: governance/contracts/veOLAS.sol 247: if (lastPoint.bias < 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L247-L247 ```solidity File: governance/contracts/veOLAS.sol 251: if (lastPoint.slope < 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L251-L251 ```solidity File: governance/contracts/veOLAS.sol 282: if (lastPoint.slope < 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L282-L282 ```solidity File: governance/contracts/veOLAS.sol 285: if (lastPoint.bias < 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L285-L285 ```solidity File: governance/contracts/veOLAS.sol 297: if (oldLocked.endTime > block.timestamp) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L297-L297 ```solidity File: governance/contracts/veOLAS.sol 306: if (newLocked.endTime > block.timestamp && newLocked.endTime > oldLocked.endTime) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L306-L306 ```solidity File: governance/contracts/veOLAS.sol 306: if (newLocked.endTime > block.timestamp && newLocked.endTime > oldLocked.endTime) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L306-L306 ```solidity File: governance/contracts/veOLAS.sol 352: if (unlockTime > 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L352-L352 ```solidity File: governance/contracts/veOLAS.sol 362: if (amount > 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L362-L362 ```solidity File: governance/contracts/veOLAS.sol 387: if (lockedBalance.endTime < (block.timestamp + 1)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L387-L387 ```solidity File: governance/contracts/veOLAS.sol 392: if (amount > type(uint96).max) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L392-L392 ```solidity File: governance/contracts/veOLAS.sol 437: if (lockedBalance.amount > 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L437-L437 ```solidity File: governance/contracts/veOLAS.sol 441: if (unlockTime < (block.timestamp + 1)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L441-L441 ```solidity File: governance/contracts/veOLAS.sol 445: if (unlockTime > block.timestamp + MAXTIME) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L445-L445 ```solidity File: governance/contracts/veOLAS.sol 449: if (amount > type(uint96).max) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L449-L449 ```solidity File: governance/contracts/veOLAS.sol 469: if (lockedBalance.endTime < (block.timestamp + 1)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L469-L469 ```solidity File: governance/contracts/veOLAS.sol 474: if (amount > type(uint96).max) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L474-L474 ```solidity File: governance/contracts/veOLAS.sol 494: if (lockedBalance.endTime < (block.timestamp + 1)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L494-L494 ```solidity File: governance/contracts/veOLAS.sol 498: if (unlockTime < (lockedBalance.endTime + 1)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L498-L498 ```solidity File: governance/contracts/veOLAS.sol 502: if (unlockTime > block.timestamp + MAXTIME) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L502-L502 ```solidity File: governance/contracts/veOLAS.sol 512: if (lockedBalance.endTime > block.timestamp) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L512-L512 ```solidity File: governance/contracts/veOLAS.sol 562: if ((minPointNumber + 1) > maxPointNumber) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L562-L562 ```solidity File: governance/contracts/veOLAS.sol 574: if (point.blockNumber < (blockNumber + 1)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L574-L574 ```solidity File: governance/contracts/veOLAS.sol 595: if (pointNumber > 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L595-L595 ```solidity File: governance/contracts/veOLAS.sol 598: if (uPoint.bias > 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L598-L598 ```solidity File: governance/contracts/veOLAS.sol 626: if (uPoint.blockNumber < (blockNumber + 1)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L626-L626 ```solidity File: governance/contracts/veOLAS.sol 645: if (blockNumber > block.number) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L645-L645 ```solidity File: governance/contracts/veOLAS.sol 654: if (minPointNumber < totalNumPoints) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L654-L654 ```solidity File: governance/contracts/veOLAS.sol 663: if (dBlock > 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L663-L663 ```solidity File: governance/contracts/veOLAS.sol 681: if (uPoint.bias > 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L681-L681 ```solidity File: governance/contracts/veOLAS.sol 699: if (tStep > ts) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L699-L699 ```solidity File: governance/contracts/veOLAS.sol 712: if (lastPoint.bias > 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L712-L712 ```solidity File: governance/contracts/veOLAS.sol 730: if (sPoint.blockNumber < (blockNumber + 1)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L730-L730 ```solidity File: governance/contracts/wveOLAS.sol 196: if (userNumPoints > 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L196-L196 ```solidity File: governance/contracts/wveOLAS.sol 215: if (uPoint.blockNumber > 0 && blockNumber >= uPoint.blockNumber) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L215-L215 ```solidity File: governance/contracts/wveOLAS.sol 235: if (uPoint.blockNumber > 0 && blockNumber >= uPoint.blockNumber) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L235-L235 ```solidity File: registries/contracts/AgentRegistry.sol 41: if (dependencies[iDep] < (lastId + 1) || dependencies[iDep] > componentTotalSupply) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/AgentRegistry.sol#L41-L41 ```solidity File: registries/contracts/AgentRegistry.sol 41: if (dependencies[iDep] < (lastId + 1) || dependencies[iDep] > componentTotalSupply) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/AgentRegistry.sol#L41-L41 ```solidity File: registries/contracts/ComponentRegistry.sol 30: if (dependencies[iDep] < (lastId + 1) || dependencies[iDep] > maxComponentId) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/ComponentRegistry.sol#L30-L30 ```solidity File: registries/contracts/ComponentRegistry.sol 30: if (dependencies[iDep] < (lastId + 1) || dependencies[iDep] > maxComponentId) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/ComponentRegistry.sol#L30-L30 ```solidity File: registries/contracts/GenericRegistry.sol 73: return unitId > 0 && unitId < (totalSupply + 1); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L73-L73 ```solidity File: registries/contracts/GenericRegistry.sol 73: return unitId > 0 && unitId < (totalSupply + 1); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L73-L73 ```solidity File: registries/contracts/GenericRegistry.sol 99: if (unitId > totalSupply) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L99-L99 ```solidity File: registries/contracts/UnitRegistry.sol 53: if (_locked > 1) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L53-L53 ```solidity File: registries/contracts/UnitRegistry.sol 237: if (minComponent < components[i][processedComponents[i]]) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L237-L237 ```solidity File: registries/contracts/UnitRegistry.sol 239: if (components[i][processedComponents[i]] < tryMinComponent) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L239-L239 ```solidity File: registries/contracts/UnitRegistry.sol 252: if (numComponentsCheck > 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L252-L252 ```solidity File: registries/contracts/multisigs/GnosisSafeMultisig.sol 50: if (dataLength > 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeMultisig.sol#L50-L50 ```solidity File: registries/contracts/multisigs/GnosisSafeMultisig.sol 52: if (dataLength < DEFAULT_DATA_LENGTH) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeMultisig.sol#L52-L52 ```solidity File: registries/contracts/multisigs/GnosisSafeMultisig.sol 76: if (dataLength > DEFAULT_DATA_LENGTH) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeMultisig.sol#L76-L76 ```solidity File: registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol 93: if (dataLength < DEFAULT_DATA_LENGTH) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol#L93-L93 ```solidity File: registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol 110: if (dataLength > DEFAULT_DATA_LENGTH) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol#L110-L110 ```solidity File: tokenomics/contracts/Depository.sol 195: if (priceLP > type(uint160).max) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L195-L195 ```solidity File: tokenomics/contracts/Depository.sol 205: if (supply > type(uint96).max) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L205-L205 ```solidity File: tokenomics/contracts/Depository.sol 210: if (vesting < MIN_VESTING) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L210-L210 ```solidity File: tokenomics/contracts/Depository.sol 216: if (maturity > type(uint32).max) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L216-L216 ```solidity File: tokenomics/contracts/Depository.sol 260: if (supply > 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L260-L260 ```solidity File: tokenomics/contracts/Depository.sol 311: if (maturity > type(uint32).max) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L311-L311 ```solidity File: tokenomics/contracts/Depository.sol 323: if (payout > supply) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L323-L323 ```solidity File: tokenomics/contracts/Depository.sol 404: if ((active && mapBondProducts[i].supply > 0) || (!active && mapBondProducts[i].supply == 0)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L404-L404 ```solidity File: tokenomics/contracts/Depository.sol 425: status = (mapBondProducts[productId].supply > 0); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L425-L425 ```solidity File: tokenomics/contracts/Depository.sol 483: if (payout > 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L483-L483 ```solidity File: tokenomics/contracts/Dispenser.sol 93: if (_locked > 1) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Dispenser.sol#L93-L93 ```solidity File: tokenomics/contracts/Dispenser.sol 103: if ((reward + topUp) > 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Dispenser.sol#L103-L103 ```solidity File: tokenomics/contracts/GenericBondCalculator.sol 59: if (totalTokenValue > type(uint192).max) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/GenericBondCalculator.sol#L59-L59 ```solidity File: tokenomics/contracts/GenericBondCalculator.sol 74: if (totalSupply > 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/GenericBondCalculator.sol#L74-L74 ```solidity File: tokenomics/contracts/Tokenomics.sol 296: if (uint32(_epochLen) < MIN_EPOCH_LENGTH) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L296-L296 ```solidity File: tokenomics/contracts/Tokenomics.sol 301: if (uint32(_epochLen) > ONE_YEAR) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L301-L301 ```solidity File: tokenomics/contracts/Tokenomics.sol 511: if (uint72(_devsPerCapital) > MIN_PARAM_VALUE) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L511-L511 ```solidity File: tokenomics/contracts/Tokenomics.sol 519: if (uint72(_codePerDev) > MIN_PARAM_VALUE) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L519-L519 ```solidity File: tokenomics/contracts/Tokenomics.sol 529: if (_epsilonRate > 0 && _epsilonRate <= 17e18) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L529-L529 ```solidity File: tokenomics/contracts/Tokenomics.sol 543: if (uint96(_veOLASThreshold) > 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L543-L543 ```solidity File: tokenomics/contracts/Tokenomics.sol 576: if (_rewardComponentFraction + _rewardAgentFraction > 100) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L576-L576 ```solidity File: tokenomics/contracts/Tokenomics.sol 581: if (_maxBondFraction + _topUpComponentFraction + _topUpAgentFraction > 100) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L581-L581 ```solidity File: tokenomics/contracts/Tokenomics.sol 639: if (eBond > type(uint96).max) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L639-L639 ```solidity File: tokenomics/contracts/Tokenomics.sol 656: if (totalIncentives > 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L656-L656 ```solidity File: tokenomics/contracts/Tokenomics.sol 669: if (totalIncentives > 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L669-L669 ```solidity File: tokenomics/contracts/Tokenomics.sol 694: incentiveFlags[0] = (mapEpochTokenomics[curEpoch].unitPoints[0].rewardUnitFraction > 0); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L694-L694 ```solidity File: tokenomics/contracts/Tokenomics.sol 695: incentiveFlags[1] = (mapEpochTokenomics[curEpoch].unitPoints[1].rewardUnitFraction > 0); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L695-L695 ```solidity File: tokenomics/contracts/Tokenomics.sol 696: incentiveFlags[2] = (mapEpochTokenomics[curEpoch].unitPoints[0].topUpUnitFraction > 0); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L696-L696 ```solidity File: tokenomics/contracts/Tokenomics.sol 697: incentiveFlags[3] = (mapEpochTokenomics[curEpoch].unitPoints[1].topUpUnitFraction > 0); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L697-L697 ```solidity File: tokenomics/contracts/Tokenomics.sol 734: } else if (lastEpoch < curEpoch) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L734-L734 ```solidity File: tokenomics/contracts/Tokenomics.sol 857: if (fKD > epsilonRate) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L857-L857 ```solidity File: tokenomics/contracts/Tokenomics.sol 902: if (diffNumSeconds < curEpochLen || diffNumSeconds > ONE_YEAR) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L902-L902 ```solidity File: tokenomics/contracts/Tokenomics.sol 902: if (diffNumSeconds < curEpochLen || diffNumSeconds > ONE_YEAR) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L902-L902 ```solidity File: tokenomics/contracts/Tokenomics.sol 928: if (numYears > currentYear) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L928-L928 ```solidity File: tokenomics/contracts/Tokenomics.sol 963: if (incentives[4] > curMaxBond) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L963-L963 ```solidity File: tokenomics/contracts/Tokenomics.sol 989: if (nextEpochLen > 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L989-L989 ```solidity File: tokenomics/contracts/Tokenomics.sol 996: if (nextVeOLASThreshold > 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L996-L996 ```solidity File: tokenomics/contracts/Tokenomics.sol 1012: if (numYears > currentYear) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1012-L1012 ```solidity File: tokenomics/contracts/Tokenomics.sol 1028: } else if (tokenomicsParametersUpdated > 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1028-L1028 ```solidity File: tokenomics/contracts/Tokenomics.sol 1041: if (incentives[0] > 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1041-L1041 ```solidity File: tokenomics/contracts/Tokenomics.sol 1112: if (unitTypes[i] > 1) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1112-L1112 ```solidity File: tokenomics/contracts/Tokenomics.sol 1117: if (unitIds[i] <= lastIds[unitTypes[i]] || unitIds[i] > registriesSupply[unitTypes[i]]) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1117-L1117 ```solidity File: tokenomics/contracts/Tokenomics.sol 1138: if (lastEpoch > 0 && lastEpoch < curEpoch) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1138-L1138 ```solidity File: tokenomics/contracts/Tokenomics.sol 1138: if (lastEpoch > 0 && lastEpoch < curEpoch) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1138-L1138 ```solidity File: tokenomics/contracts/Tokenomics.sol 1182: if (unitTypes[i] > 1) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1182-L1182 ```solidity File: tokenomics/contracts/Tokenomics.sol 1187: if (unitIds[i] <= lastIds[unitTypes[i]] || unitIds[i] > registriesSupply[unitTypes[i]]) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1187-L1187 ```solidity File: tokenomics/contracts/Tokenomics.sol 1206: if (lastEpoch > 0 && lastEpoch < curEpoch) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1206-L1206 ```solidity File: tokenomics/contracts/Tokenomics.sol 1206: if (lastEpoch > 0 && lastEpoch < curEpoch) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1206-L1206 ```solidity File: tokenomics/contracts/Tokenomics.sol 1210: if (totalIncentives > 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1210-L1210 ```solidity File: tokenomics/contracts/Tokenomics.sol 1217: if (totalIncentives > 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1217-L1217 ```solidity File: tokenomics/contracts/TokenomicsConstants.sol 32: if (numYears < 10) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsConstants.sol#L32-L32 ```solidity File: tokenomics/contracts/TokenomicsConstants.sol 68: if (numYears < 10) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsConstants.sol#L68-L68 ```solidity File: tokenomics/contracts/Treasury.sol 121: if (msg.value < minAcceptedETH) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L121-L121 ```solidity File: tokenomics/contracts/Treasury.sol 128: if (amount + ETHFromServices > type(uint96).max) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L128-L128 ```solidity File: tokenomics/contracts/Treasury.sol 194: if (_minAcceptedETH > type(uint96).max) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L194-L194 ```solidity File: tokenomics/contracts/Treasury.sol 228: if (IToken(token).allowance(account, address(this)) < tokenAmount) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L228-L228 ```solidity File: tokenomics/contracts/Treasury.sol 259: if (_locked > 1) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L259-L259 ```solidity File: tokenomics/contracts/Treasury.sol 265: if (msg.value < minAcceptedETH) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L265-L265 ```solidity File: tokenomics/contracts/Treasury.sol 291: if (donationETH + ETHOwned > type(uint96).max) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L291-L291 ```solidity File: tokenomics/contracts/Treasury.sol 402: if (accountRewards > 0 && amountETHFromServices >= accountRewards) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L402-L402 ```solidity File: tokenomics/contracts/Treasury.sol 413: if (accountTopUps > 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L413-L413 ```solidity File: tokenomics/contracts/Treasury.sol 441: if (treasuryRewards > 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L441-L441 ```solidity File: tokenomics/contracts/Treasury.sol 477: if (slashedFunds < minAcceptedETH) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L477-L477 ```solidity File: tokenomics/contracts/Treasury.sol 515: if (mapTokenReserves[token] > 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L515-L515 ### [G-42] Ternary unnecessary `z = (x == y) ? true : false` => `z = (x == y)` *There are 1 instance(s) of this issue:* ```solidity File: tokenomics/contracts/Tokenomics.sol 709: topUpEligible = (IVotingEscrow(ve).getVotes(serviceOwner) >= veOLASThreshold || ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L709-L709 ### [G-43] Use assembly to validate `msg.sender` We can use assembly to efficiently validate msg.sender with the least amount of opcodes necessary. For more details check the following report [Here](https://code4rena.com/reports/2023-05-juicebox#g-06-use-assembly-to-validate-msgsender) *There are 59 instance(s) of this issue:* ```solidity File: governance/contracts/OLAS.sol 44: if (msg.sender != owner) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L44-L44 ```solidity File: governance/contracts/OLAS.sol 59: if (msg.sender != owner) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L59-L59 ```solidity File: governance/contracts/OLAS.sol 77: if (msg.sender != minter) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L77-L77 ```solidity File: governance/contracts/bridges/BridgedERC20.sol 32: if (msg.sender != owner) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/BridgedERC20.sol#L32-L32 ```solidity File: governance/contracts/bridges/BridgedERC20.sol 50: if (msg.sender != owner) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/BridgedERC20.sol#L50-L50 ```solidity File: governance/contracts/bridges/BridgedERC20.sol 61: if (msg.sender != owner) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/BridgedERC20.sol#L61-L61 ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol 84: if (msg.sender != address(this)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L84-L84 ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol 109: if(msg.sender != fxChild) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L109-L109 ```solidity File: governance/contracts/bridges/HomeMediator.sol 84: if (msg.sender != address(this)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L84-L84 ```solidity File: governance/contracts/bridges/HomeMediator.sol 107: if (msg.sender != AMBContractProxyHome) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L107-L107 ```solidity File: governance/contracts/multisigs/GuardCM.sol 155: if (msg.sender != owner) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L155-L155 ```solidity File: governance/contracts/multisigs/GuardCM.sol 171: if (msg.sender != owner) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L171-L171 ```solidity File: governance/contracts/multisigs/GuardCM.sol 448: if (msg.sender != owner) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L448-L448 ```solidity File: governance/contracts/multisigs/GuardCM.sol 501: if (msg.sender != owner) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L501-L501 ```solidity File: governance/contracts/multisigs/GuardCM.sol 540: if (msg.sender == owner) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L540-L540 ```solidity File: governance/contracts/multisigs/GuardCM.sol 543: } else if (msg.sender == multisig) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L543-L543 ```solidity File: governance/contracts/multisigs/GuardCM.sol 543: } else if (msg.sender == multisig) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L543-L543 ```solidity File: governance/contracts/multisigs/GuardCM.sol 562: if (msg.sender != owner) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L562-L562 ```solidity File: registries/contracts/GenericManager.sol 22: if (msg.sender != owner) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericManager.sol#L22-L22 ```solidity File: registries/contracts/GenericManager.sol 38: if (msg.sender != owner) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericManager.sol#L38-L38 ```solidity File: registries/contracts/GenericManager.sol 49: if (msg.sender != owner) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericManager.sol#L49-L49 ```solidity File: registries/contracts/GenericRegistry.sol 39: if (msg.sender != owner) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L39-L39 ```solidity File: registries/contracts/GenericRegistry.sol 55: if (msg.sender != owner) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L55-L55 ```solidity File: registries/contracts/GenericRegistry.sol 80: if (msg.sender != owner) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L80-L80 ```solidity File: registries/contracts/UnitRegistry.sol 59: if (manager != msg.sender) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L59-L59 ```solidity File: registries/contracts/UnitRegistry.sol 125: if (manager != msg.sender) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L125-L125 ```solidity File: tokenomics/contracts/Depository.sol 125: if (msg.sender != owner) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L125-L125 ```solidity File: tokenomics/contracts/Depository.sol 145: if (msg.sender != owner) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L145-L145 ```solidity File: tokenomics/contracts/Depository.sol 165: if (msg.sender != owner) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L165-L165 ```solidity File: tokenomics/contracts/Depository.sol 185: if (msg.sender != owner) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L185-L185 ```solidity File: tokenomics/contracts/Depository.sol 246: if (msg.sender != owner) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L246-L246 ```solidity File: tokenomics/contracts/Depository.sol 368: if (mapUserBonds[bondIds[i]].account != msg.sender) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L368-L368 ```solidity File: tokenomics/contracts/Dispenser.sol 48: if (msg.sender != owner) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Dispenser.sol#L48-L48 ```solidity File: tokenomics/contracts/Dispenser.sol 66: if (msg.sender != owner) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Dispenser.sol#L66-L66 ```solidity File: tokenomics/contracts/DonatorBlacklist.sol 38: if (msg.sender != owner) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/DonatorBlacklist.sol#L38-L38 ```solidity File: tokenomics/contracts/DonatorBlacklist.sol 58: if (msg.sender != owner) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/DonatorBlacklist.sol#L58-L58 ```solidity File: tokenomics/contracts/Tokenomics.sol 386: if (msg.sender != owner) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L386-L386 ```solidity File: tokenomics/contracts/Tokenomics.sol 406: if (msg.sender != owner) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L406-L406 ```solidity File: tokenomics/contracts/Tokenomics.sol 425: if (msg.sender != owner) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L425-L425 ```solidity File: tokenomics/contracts/Tokenomics.sol 452: if (msg.sender != owner) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L452-L452 ```solidity File: tokenomics/contracts/Tokenomics.sol 476: if (msg.sender != owner) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L476-L476 ```solidity File: tokenomics/contracts/Tokenomics.sol 506: if (msg.sender != owner) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L506-L506 ```solidity File: tokenomics/contracts/Tokenomics.sol 571: if (msg.sender != owner) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L571-L571 ```solidity File: tokenomics/contracts/Tokenomics.sol 611: if (depository != msg.sender) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L611-L611 ```solidity File: tokenomics/contracts/Tokenomics.sol 632: if (depository != msg.sender) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L632-L632 ```solidity File: tokenomics/contracts/Tokenomics.sol 795: if (treasury != msg.sender) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L795-L795 ```solidity File: tokenomics/contracts/Tokenomics.sol 1089: if (dispenser != msg.sender) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1089-L1089 ```solidity File: tokenomics/contracts/Treasury.sol 139: if (msg.sender != owner) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L139-L139 ```solidity File: tokenomics/contracts/Treasury.sol 158: if (msg.sender != owner) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L158-L158 ```solidity File: tokenomics/contracts/Treasury.sol 184: if (msg.sender != owner) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L184-L184 ```solidity File: tokenomics/contracts/Treasury.sol 214: if (depository != msg.sender) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L214-L214 ```solidity File: tokenomics/contracts/Treasury.sol 315: if (msg.sender != owner) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L315-L315 ```solidity File: tokenomics/contracts/Treasury.sol 396: if (dispenser != msg.sender) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L396-L396 ```solidity File: tokenomics/contracts/Treasury.sol 435: if (msg.sender != tokenomics) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L435-L435 ```solidity File: tokenomics/contracts/Treasury.sol 468: if (msg.sender != owner) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L468-L468 ```solidity File: tokenomics/contracts/Treasury.sol 489: if (msg.sender != owner) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L489-L489 ```solidity File: tokenomics/contracts/Treasury.sol 509: if (msg.sender != owner) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L509-L509 ```solidity File: tokenomics/contracts/Treasury.sol 533: if (msg.sender != owner) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L533-L533 ```solidity File: tokenomics/contracts/Treasury.sol 544: if (msg.sender != owner) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L544-L544 ### [G-44] Can make the variable outside the loop to save gas Creating variables inside the loop consum more gas compared to declaring them outside and just reaffecting values to them inside the loop. *There are 60 instance(s) of this issue:* ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol //@audit variable `target` is created inside a loop. 126: address target; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L126-L126 ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol //@audit variable `value` is created inside a loop. 127: uint96 value; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L127-L127 ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol //@audit variable `payloadLength` is created inside a loop. 128: uint32 payloadLength; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L128-L128 ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol //@audit variable `payload` is created inside a loop. 152: bytes memory payload = new bytes(payloadLength); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L152-L152 ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol //@audit variable `j` is created inside a loop. 153: for (uint256 j = 0; j < payloadLength; ++j) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L153-L153 ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol //@audit variable `success` is created inside a loop. 160: (bool success, ) = target.call{value: value}(payload); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L160-L160 ```solidity File: governance/contracts/bridges/HomeMediator.sol //@audit variable `target` is created inside a loop. 126: address target; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L126-L126 ```solidity File: governance/contracts/bridges/HomeMediator.sol //@audit variable `value` is created inside a loop. 127: uint96 value; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L127-L127 ```solidity File: governance/contracts/bridges/HomeMediator.sol //@audit variable `payloadLength` is created inside a loop. 128: uint32 payloadLength; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L128-L128 ```solidity File: governance/contracts/bridges/HomeMediator.sol //@audit variable `payload` is created inside a loop. 152: bytes memory payload = new bytes(payloadLength); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L152-L152 ```solidity File: governance/contracts/bridges/HomeMediator.sol //@audit variable `j` is created inside a loop. 153: for (uint256 j = 0; j < payloadLength; ++j) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L153-L153 ```solidity File: governance/contracts/bridges/HomeMediator.sol //@audit variable `success` is created inside a loop. 160: (bool success, ) = target.call{value: value}(payload); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L160-L160 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit variable `target` is created inside a loop. 213: address target; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L213-L213 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit variable `payloadLength` is created inside a loop. 214: uint32 payloadLength; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L214-L214 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit variable `payload` is created inside a loop. 236: bytes memory payload = new bytes(payloadLength); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L236-L236 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit variable `j` is created inside a loop. 237: for (uint256 j = 0; j < payloadLength; ++j) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L237-L237 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit variable `bridgeMediatorL2ChainId` is created inside a loop. 362: uint256 bridgeMediatorL2ChainId = mapBridgeMediatorL1L2ChainIds[targets[i]]; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L362-L362 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit variable `bridgeMediatorL2` is created inside a loop. 364: address bridgeMediatorL2 = address(uint160(bridgeMediatorL2ChainId)); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L364-L364 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit variable `chainId` is created inside a loop. 370: uint256 chainId = bridgeMediatorL2ChainId >> 160; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L370-L370 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit variable `targetSelectorChainId` is created inside a loop. 476: uint256 targetSelectorChainId = uint256(uint160(targets[i])); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L476-L476 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit variable `chainId` is created inside a loop. 518: uint256 chainId = chainIds[i]; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L518-L518 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit variable `bridgeMediatorL2ChainId` is created inside a loop. 525: uint256 bridgeMediatorL2ChainId = uint256(uint160(bridgeMediatorL2s[i])); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L525-L525 ```solidity File: governance/contracts/veOLAS.sol //@audit variable `dSlope` is created inside a loop. 239: int128 dSlope; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L239-L239 ```solidity File: governance/contracts/veOLAS.sol //@audit variable `mid` is created inside a loop. 565: uint256 mid = (minPointNumber + maxPointNumber + 1) / 2; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L565-L565 ```solidity File: governance/contracts/veOLAS.sol //@audit variable `dSlope` is created inside a loop. 698: int128 dSlope; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L698-L698 ```solidity File: registries/contracts/UnitRegistry.sol //@audit variable `minIdxComponent` is created inside a loop. 229: uint32 minIdxComponent; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L229-L229 ```solidity File: registries/contracts/UnitRegistry.sol //@audit variable `numComponentsCheck` is created inside a loop. 231: uint32 numComponentsCheck; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L231-L231 ```solidity File: registries/contracts/UnitRegistry.sol //@audit variable `tryMinComponent` is created inside a loop. 232: uint32 tryMinComponent = type(uint32).max; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L232-L232 ```solidity File: registries/contracts/UnitRegistry.sol //@audit variable `i` is created inside a loop. 234: for (uint32 i = 0; i < numUnits; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L234-L234 ```solidity File: tokenomics/contracts/Depository.sol //@audit variable `productId` is created inside a loop. 256: uint256 productId = productIds[i]; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L256-L256 ```solidity File: tokenomics/contracts/Depository.sol //@audit variable `supply` is created inside a loop. 258: uint256 supply = mapBondProducts[productId].supply; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L258-L258 ```solidity File: tokenomics/contracts/Depository.sol //@audit variable `token` is created inside a loop. 263: address token = mapBondProducts[productId].token; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L263-L263 ```solidity File: tokenomics/contracts/Depository.sol //@audit variable `pay` is created inside a loop. 359: uint256 pay = mapUserBonds[bondIds[i]].payout; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L359-L359 ```solidity File: tokenomics/contracts/Depository.sol //@audit variable `matured` is created inside a loop. 360: bool matured = block.timestamp >= mapUserBonds[bondIds[i]].maturity; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L360-L360 ```solidity File: tokenomics/contracts/Depository.sol //@audit variable `productId` is created inside a loop. 376: uint256 productId = mapUserBonds[bondIds[i]].productId; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L376-L376 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit variable `topUpEligible` is created inside a loop. 706: bool topUpEligible; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L706-L706 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit variable `serviceOwner` is created inside a loop. 708: address serviceOwner = IToken(serviceRegistry).ownerOf(serviceIds[i]); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L708-L708 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit variable `unitType` is created inside a loop. 714: for (uint256 unitType = 0; unitType < 2; ++unitType) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L714-L714 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit variable `numServiceUnits` is created inside a loop. 716: (uint256 numServiceUnits, uint32[] memory serviceUnitIds) = IServiceRegistry(serviceRegistry). ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L716-L716 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit variable `serviceUnitIds` is created inside a loop. 716: (uint256 numServiceUnits, uint32[] memory serviceUnitIds) = IServiceRegistry(serviceRegistry). ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L716-L716 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit variable `numServiceUnits` is created inside a loop. 716: (uint256 numServiceUnits, uint32[] memory serviceUnitIds) = IServiceRegistry(serviceRegistry). ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L716-L716 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit variable `serviceUnitIds` is created inside a loop. 716: (uint256 numServiceUnits, uint32[] memory serviceUnitIds) = IServiceRegistry(serviceRegistry). ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L716-L716 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit variable `amount` is created inside a loop. 726: uint96 amount = uint96(amounts[i] / numServiceUnits); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L726-L726 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit variable `amount` is created inside a loop. 726: uint96 amount = uint96(amounts[i] / numServiceUnits); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L726-L726 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit variable `j` is created inside a loop. 728: for (uint256 j = 0; j < numServiceUnits; ++j) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L728-L728 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit variable `j` is created inside a loop. 728: for (uint256 j = 0; j < numServiceUnits; ++j) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L728-L728 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit variable `lastEpoch` is created inside a loop. 730: uint256 lastEpoch = mapUnitIncentives[unitType][serviceUnitIds[j]].lastEpoch; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L730-L730 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit variable `lastEpoch` is created inside a loop. 730: uint256 lastEpoch = mapUnitIncentives[unitType][serviceUnitIds[j]].lastEpoch; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L730-L730 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit variable `lastEpoch` is created inside a loop. 730: uint256 lastEpoch = mapUnitIncentives[unitType][serviceUnitIds[j]].lastEpoch; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L730-L730 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit variable `j` is created inside a loop. 758: for (uint256 j = 0; j < numServiceUnits; ++j) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L758-L758 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit variable `j` is created inside a loop. 758: for (uint256 j = 0; j < numServiceUnits; ++j) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L758-L758 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit variable `unitOwner` is created inside a loop. 765: address unitOwner = IToken(registries[unitType]).ownerOf(serviceUnitIds[j]); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L765-L765 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit variable `unitOwner` is created inside a loop. 765: address unitOwner = IToken(registries[unitType]).ownerOf(serviceUnitIds[j]); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L765-L765 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit variable `unitOwner` is created inside a loop. 765: address unitOwner = IToken(registries[unitType]).ownerOf(serviceUnitIds[j]); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L765-L765 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit variable `unitOwner` is created inside a loop. 1123: address unitOwner = IToken(registries[unitTypes[i]]).ownerOf(unitIds[i]); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1123-L1123 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit variable `lastEpoch` is created inside a loop. 1134: uint256 lastEpoch = mapUnitIncentives[unitTypes[i]][unitIds[i]].lastEpoch; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1134-L1134 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit variable `unitOwner` is created inside a loop. 1193: address unitOwner = IToken(registries[unitTypes[i]]).ownerOf(unitIds[i]); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1193-L1193 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit variable `lastEpoch` is created inside a loop. 1204: uint256 lastEpoch = mapUnitIncentives[unitTypes[i]][unitIds[i]].lastEpoch; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1204-L1204 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit variable `totalIncentives` is created inside a loop. 1209: uint256 totalIncentives = mapUnitIncentives[unitTypes[i]][unitIds[i]].pendingRelativeReward; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1209-L1209 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit variable `sumUnitIncentives` is created inside a loop. 1222: uint256 sumUnitIncentives = uint256(mapEpochTokenomics[lastEpoch].unitPoints[unitTypes[i]].sumUnitTopUpsOLAS) * 100; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1222-L1222 ### [G-45] Consider activating via-ir for deploying The Solidity compiler's Intermediate Representation (IR) based code generator, which can be activated using --via-ir on the command line or {""viaIR"": true} in the options, serves a dual purpose. Firstly, it boosts the transparency and audibility of code generation, which enhances developers' comprehension and control over the contract's final bytecode. Secondly, it enables more sophisticated optimization passes that span multiple functions, thereby potentially leading to more efficient bytecode. It's important to note that using the IR- based code generator may lengthen compile times due to the extra optimization steps.Therefore, it's advised to test your contract with and without this option enabled to measure the performance and gas cost implications.If the IR- based code generator significantly enhances your contract's performance or reduces gas costs, consider using the --via-ir flag during deployment.This way, you can leverage more advanced compiler optimizations without hindering your development workflow. *There are 1 instance(s) of this issue:* ```solidity File: hardhat.config.ts //@audit /2023-12-autonolas/governance/lib/fx-portal/hardhat.config.ts 1: ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//hardhat.config.ts#L1-L1 ### [G-46] `++i` costs less gas than `i++`, especially when it's used in `for`-loops (`--i`/`i--` too) *Saves 5 gas per loop* *There are 5 instance(s) of this issue:* ```solidity File: registries/contracts/UnitRegistry.sol 78: unitId++; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L78-L78 ```solidity File: registries/contracts/UnitRegistry.sol 244: numComponentsCheck++; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L244-L244 ```solidity File: registries/contracts/UnitRegistry.sol 254: processedComponents[minIdxComponent]++; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L254-L254 ```solidity File: tokenomics/contracts/Tokenomics.sol 762: mapEpochTokenomics[curEpoch].unitPoints[unitType].numNewUnits++; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L762-L762 ```solidity File: tokenomics/contracts/Tokenomics.sol 768: mapEpochTokenomics[curEpoch].epochPoint.numNewOwners++; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L768-L768 ### [G-47] Unnecessary casting as variable is already of the same type *There are 1 instance(s) of this issue:* ```solidity File: registries/contracts/UnitRegistry.sol //@audit `unitId` is getting converted from `uint256` to `uint256` 185: subComponentIds = mapSubComponents[uint256(unitId)]; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L185-L185 ### [G-48] Using mappings instead of arrays to avoid length checks save gas Just by using a mapping, we get a gas saving of 2102 gas. When you read the value of an index of an array, solidity adds bytecode that checks that you are reading from a valid index (i.e an index strictly less than the length of the array) else it reverts with a panic error (Panic(0x32) to be precise). This prevents from reading unallocated or worse, allocated storage/memory locations. Due to the way mappings are(simply a key => value pair), no check like that exists and we are able to read from the a storage slot directly.It’s important to note that when using mappings in this manner, your code should ensure that you are not reading an out of bound index of your canonical array. *There are 3 instance(s) of this issue:* ```solidity File: governance/contracts/veOLAS.sol 119: mapping(address => PointVoting[]) public mapUserPoints; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L119-L119 ```solidity File: registries/contracts/UnitRegistry.sol 29: mapping(uint256 => bytes32[]) public mapUnitIdHashes; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L29-L29 ```solidity File: registries/contracts/UnitRegistry.sol 31: mapping(uint256 => uint32[]) public mapSubComponents; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L31-L31 ### [G-49] Use `do while` loops instead of `for` loops A `do while` loop will cost less gas since the condition is not being checked for the first iteration, Check my example on [github](https://github.com/he110-1/gasOptimization/blob/main/forToDoWhileOptimizationProof.sol). Actually, `do while` alwayse cast less gas compared to `For` check my second example [github](https://github.com/he110-1/gasOptimization/blob/main/forToDoWhileOptimizationProof2.sol) *There are 51 instance(s) of this issue:* ```solidity File: governance/contracts/OLAS.sol 108: for (uint256 i = 0; i < numYears; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L108-L108 ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol 125: for (uint256 i = 0; i < dataLength;) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L125-L125 ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol 153: for (uint256 j = 0; j < payloadLength; ++j) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L153-L153 ```solidity File: governance/contracts/bridges/HomeMediator.sol 125: for (uint256 i = 0; i < dataLength;) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L125-L125 ```solidity File: governance/contracts/bridges/HomeMediator.sol 153: for (uint256 j = 0; j < payloadLength; ++j) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L153-L153 ```solidity File: governance/contracts/multisigs/GuardCM.sol 212: for (uint256 i = 0; i < data.length;) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L212-L212 ```solidity File: governance/contracts/multisigs/GuardCM.sol 237: for (uint256 j = 0; j < payloadLength; ++j) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L237-L237 ```solidity File: governance/contracts/multisigs/GuardCM.sol 273: for (uint256 i = 0; i < payload.length; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L273-L273 ```solidity File: governance/contracts/multisigs/GuardCM.sol 292: for (uint256 i = 0; i < bridgePayload.length; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L292-L292 ```solidity File: governance/contracts/multisigs/GuardCM.sol 318: for (uint256 i = 0; i < payload.length; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L318-L318 ```solidity File: governance/contracts/multisigs/GuardCM.sol 340: for (uint256 i = 0; i < payload.length; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L340-L340 ```solidity File: governance/contracts/multisigs/GuardCM.sol 360: for (uint i = 0; i < targets.length; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L360-L360 ```solidity File: governance/contracts/multisigs/GuardCM.sol 458: for (uint256 i = 0; i < targets.length; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L458-L458 ```solidity File: governance/contracts/multisigs/GuardCM.sol 511: for (uint256 i = 0; i < chainIds.length; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L511-L511 ```solidity File: governance/contracts/veOLAS.sol 232: for (uint256 i = 0; i < 255; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L232-L232 ```solidity File: governance/contracts/veOLAS.sol 561: for (uint256 i = 0; i < 128; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L561-L561 ```solidity File: governance/contracts/veOLAS.sol 693: for (uint256 i = 0; i < 255; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L693-L693 ```solidity File: registries/contracts/AgentRegistry.sol 40: for (uint256 iDep = 0; iDep < dependencies.length; ++iDep) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/AgentRegistry.sol#L40-L40 ```solidity File: registries/contracts/ComponentRegistry.sol 29: for (uint256 iDep = 0; iDep < dependencies.length; ++iDep) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/ComponentRegistry.sol#L29-L29 ```solidity File: registries/contracts/UnitRegistry.sol 98: for (uint256 i = 0; i < numSubComponents; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L98-L98 ```solidity File: registries/contracts/UnitRegistry.sol 211: for (uint32 i = 0; i < numUnits; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L211-L211 ```solidity File: registries/contracts/UnitRegistry.sol 227: for (counter = 0; counter < maxNumComponents; ++counter) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L227-L227 ```solidity File: registries/contracts/UnitRegistry.sol 234: for (uint32 i = 0; i < numUnits; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L234-L234 ```solidity File: registries/contracts/UnitRegistry.sol 236: for (; processedComponents[i] < numComponents[i]; ++processedComponents[i]) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L236-L236 ```solidity File: registries/contracts/UnitRegistry.sol 262: for (uint32 i = 0; i < counter; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L262-L262 ```solidity File: registries/contracts/multisigs/GnosisSafeMultisig.sol 79: for (uint256 i = 0; i < payloadLength; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeMultisig.sol#L79-L79 ```solidity File: registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol 113: for (uint256 i = 0; i < payloadLength; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol#L113-L113 ```solidity File: registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol 139: for (uint256 i = 0; i < numOwners; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol#L139-L139 ```solidity File: tokenomics/contracts/Depository.sol 255: for (uint256 i = 0; i < numProducts; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L255-L255 ```solidity File: tokenomics/contracts/Depository.sol 274: for (uint256 i = 0; i < numClosedProducts; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L274-L274 ```solidity File: tokenomics/contracts/Depository.sol 357: for (uint256 i = 0; i < bondIds.length; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L357-L357 ```solidity File: tokenomics/contracts/Depository.sol 402: for (uint256 i = 0; i < numProducts; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L402-L402 ```solidity File: tokenomics/contracts/Depository.sol 413: for (uint256 i = 0; i < numProducts; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L413-L413 ```solidity File: tokenomics/contracts/Depository.sol 448: for (uint256 i = 0; i < numBonds; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L448-L448 ```solidity File: tokenomics/contracts/Depository.sol 468: for (uint256 i = 0; i < numBonds; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L468-L468 ```solidity File: tokenomics/contracts/DonatorBlacklist.sol 67: for (uint256 i = 0; i < accounts.length; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/DonatorBlacklist.sol#L67-L67 ```solidity File: tokenomics/contracts/Tokenomics.sol 702: for (uint256 i = 0; i < numServices; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L702-L702 ```solidity File: tokenomics/contracts/Tokenomics.sol 714: for (uint256 unitType = 0; unitType < 2; ++unitType) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L714-L714 ```solidity File: tokenomics/contracts/Tokenomics.sol 728: for (uint256 j = 0; j < numServiceUnits; ++j) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L728-L728 ```solidity File: tokenomics/contracts/Tokenomics.sol 758: for (uint256 j = 0; j < numServiceUnits; ++j) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L758-L758 ```solidity File: tokenomics/contracts/Tokenomics.sol 808: for (uint256 i = 0; i < numServices; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L808-L808 ```solidity File: tokenomics/contracts/Tokenomics.sol 978: for (uint256 i = 0; i < 2; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L978-L978 ```solidity File: tokenomics/contracts/Tokenomics.sol 1104: for (uint256 i = 0; i < 2; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1104-L1104 ```solidity File: tokenomics/contracts/Tokenomics.sol 1110: for (uint256 i = 0; i < unitIds.length; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1110-L1110 ```solidity File: tokenomics/contracts/Tokenomics.sol 1132: for (uint256 i = 0; i < unitIds.length; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1132-L1132 ```solidity File: tokenomics/contracts/Tokenomics.sol 1174: for (uint256 i = 0; i < 2; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1174-L1174 ```solidity File: tokenomics/contracts/Tokenomics.sol 1180: for (uint256 i = 0; i < unitIds.length; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1180-L1180 ```solidity File: tokenomics/contracts/Tokenomics.sol 1202: for (uint256 i = 0; i < unitIds.length; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1202-L1202 ```solidity File: tokenomics/contracts/TokenomicsConstants.sol 55: for (uint256 i = 0; i < numYears; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsConstants.sol#L55-L55 ```solidity File: tokenomics/contracts/TokenomicsConstants.sol 92: for (uint256 i = 1; i < numYears; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsConstants.sol#L92-L92 ```solidity File: tokenomics/contracts/Treasury.sol 276: for (uint256 i = 0; i < numServices; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L276-L276 ### [G-50] Avoid transferring amounts of zero in order to save gas Skipping the external call when nothing will be transferred, will save at least **100 gas** *There are 1 instance(s) of this issue:* ```solidity File: governance/contracts/bridges/FxERC20ChildTunnel.sol 79: bool success = IERC20(childToken).transfer(to, amount); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20ChildTunnel.sol#L79-L79 ### [G-51] Simple checks for zero `uint` can be done using assembly to save gas *There are 30 instance(s) of this issue:* ```solidity File: governance/contracts/bridges/FxERC20ChildTunnel.sol 92: if (amount == 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20ChildTunnel.sol#L92-L92 ```solidity File: governance/contracts/bridges/FxERC20RootTunnel.sol 88: if (amount == 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20RootTunnel.sol#L88-L88 ```solidity File: governance/contracts/multisigs/GuardCM.sol 176: if (proposalId == 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L176-L176 ```solidity File: governance/contracts/multisigs/GuardCM.sol 470: if (chainIds[i] == 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L470-L470 ```solidity File: governance/contracts/veOLAS.sol 379: if (amount == 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L379-L379 ```solidity File: governance/contracts/veOLAS.sol 383: if (lockedBalance.amount == 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L383-L383 ```solidity File: governance/contracts/veOLAS.sol 427: if (amount == 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L427-L427 ```solidity File: governance/contracts/veOLAS.sol 461: if (amount == 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L461-L461 ```solidity File: governance/contracts/veOLAS.sol 465: if (lockedBalance.amount == 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L465-L465 ```solidity File: governance/contracts/veOLAS.sol 490: if (lockedBalance.amount == 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L490-L490 ```solidity File: governance/contracts/veOLAS.sol 551: if (maxPointNumber == 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L551-L551 ```solidity File: registries/contracts/AgentRegistry.sol 33: if (dependencies.length == 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/AgentRegistry.sol#L33-L33 ```solidity File: registries/contracts/GenericRegistry.sol 85: if (bytes(bURI).length == 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L85-L85 ```solidity File: tokenomics/contracts/Depository.sol 190: if (priceLP == 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L190-L190 ```solidity File: tokenomics/contracts/Depository.sol 200: if (supply == 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L200-L200 ```solidity File: tokenomics/contracts/Depository.sol 295: if (tokenAmount == 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L295-L295 ```solidity File: tokenomics/contracts/Depository.sol 304: if (supply == 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L304-L304 ```solidity File: tokenomics/contracts/Depository.sol 340: if (supply == 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L340-L340 ```solidity File: tokenomics/contracts/Depository.sol 363: if (pay == 0 || !matured) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L363-L363 ```solidity File: tokenomics/contracts/Depository.sol 384: if (payout == 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L384-L384 ```solidity File: tokenomics/contracts/Depository.sol 404: if ((active && mapBondProducts[i].supply > 0) || (!active && mapBondProducts[i].supply == 0)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L404-L404 ```solidity File: tokenomics/contracts/Tokenomics.sol 720: if (numServiceUnits == 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L720-L720 ```solidity File: tokenomics/contracts/Tokenomics.sol 732: if (lastEpoch == 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L732-L732 ```solidity File: tokenomics/contracts/Tokenomics.sol 1063: if (incentives[1] == 0 || ITreasury(treasury).rebalanceTreasury(incentives[1])) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1063-L1063 ```solidity File: tokenomics/contracts/Tokenomics.sol 1255: if (idf == 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1255-L1255 ```solidity File: tokenomics/contracts/Tokenomics.sol 1265: if (idf == 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1265-L1265 ```solidity File: tokenomics/contracts/TokenomicsProxy.sol 40: if (tokenomicsData.length == 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsProxy.sol#L40-L40 ```solidity File: tokenomics/contracts/Treasury.sol 189: if (_minAcceptedETH == 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L189-L189 ```solidity File: tokenomics/contracts/Treasury.sol 277: if (amounts[i] == 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L277-L277 ```solidity File: tokenomics/contracts/Treasury.sol 325: if (tokenAmount == 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L325-L325 ### [G-52] `++i`/`i++` should be `unchecked{++i}`/`unchecked{i++}` when it is not possible for them to overflow, as is the case when used in `for`- and `while`-loops The `unchecked` keyword is new in solidity version 0.8.0, so this only applies to that version or higher, which these instances are. This saves **30-40 gas [per loop](https://gist.github.com/hrkrshnn/ee8fabd532058307229d65dcd5836ddc#the-increment-in-for-loop-post-condition-can-be-made-unchecked)** *There are 48 instance(s) of this issue:* ```solidity File: governance/contracts/OLAS.sol 108: for (uint256 i = 0; i < numYears; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L108-L108 ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol 153: for (uint256 j = 0; j < payloadLength; ++j) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L153-L153 ```solidity File: governance/contracts/bridges/HomeMediator.sol 153: for (uint256 j = 0; j < payloadLength; ++j) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L153-L153 ```solidity File: governance/contracts/multisigs/GuardCM.sol 237: for (uint256 j = 0; j < payloadLength; ++j) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L237-L237 ```solidity File: governance/contracts/multisigs/GuardCM.sol 273: for (uint256 i = 0; i < payload.length; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L273-L273 ```solidity File: governance/contracts/multisigs/GuardCM.sol 292: for (uint256 i = 0; i < bridgePayload.length; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L292-L292 ```solidity File: governance/contracts/multisigs/GuardCM.sol 318: for (uint256 i = 0; i < payload.length; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L318-L318 ```solidity File: governance/contracts/multisigs/GuardCM.sol 340: for (uint256 i = 0; i < payload.length; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L340-L340 ```solidity File: governance/contracts/multisigs/GuardCM.sol 360: for (uint i = 0; i < targets.length; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L360-L360 ```solidity File: governance/contracts/multisigs/GuardCM.sol 458: for (uint256 i = 0; i < targets.length; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L458-L458 ```solidity File: governance/contracts/multisigs/GuardCM.sol 511: for (uint256 i = 0; i < chainIds.length; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L511-L511 ```solidity File: governance/contracts/veOLAS.sol 232: for (uint256 i = 0; i < 255; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L232-L232 ```solidity File: governance/contracts/veOLAS.sol 561: for (uint256 i = 0; i < 128; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L561-L561 ```solidity File: governance/contracts/veOLAS.sol 693: for (uint256 i = 0; i < 255; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L693-L693 ```solidity File: registries/contracts/AgentRegistry.sol 40: for (uint256 iDep = 0; iDep < dependencies.length; ++iDep) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/AgentRegistry.sol#L40-L40 ```solidity File: registries/contracts/ComponentRegistry.sol 29: for (uint256 iDep = 0; iDep < dependencies.length; ++iDep) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/ComponentRegistry.sol#L29-L29 ```solidity File: registries/contracts/UnitRegistry.sol 98: for (uint256 i = 0; i < numSubComponents; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L98-L98 ```solidity File: registries/contracts/UnitRegistry.sol 211: for (uint32 i = 0; i < numUnits; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L211-L211 ```solidity File: registries/contracts/UnitRegistry.sol 227: for (counter = 0; counter < maxNumComponents; ++counter) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L227-L227 ```solidity File: registries/contracts/UnitRegistry.sol 234: for (uint32 i = 0; i < numUnits; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L234-L234 ```solidity File: registries/contracts/UnitRegistry.sol 236: for (; processedComponents[i] < numComponents[i]; ++processedComponents[i]) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L236-L236 ```solidity File: registries/contracts/UnitRegistry.sol 262: for (uint32 i = 0; i < counter; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L262-L262 ```solidity File: registries/contracts/multisigs/GnosisSafeMultisig.sol 79: for (uint256 i = 0; i < payloadLength; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeMultisig.sol#L79-L79 ```solidity File: registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol 113: for (uint256 i = 0; i < payloadLength; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol#L113-L113 ```solidity File: registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol 139: for (uint256 i = 0; i < numOwners; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol#L139-L139 ```solidity File: tokenomics/contracts/Depository.sol 255: for (uint256 i = 0; i < numProducts; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L255-L255 ```solidity File: tokenomics/contracts/Depository.sol 274: for (uint256 i = 0; i < numClosedProducts; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L274-L274 ```solidity File: tokenomics/contracts/Depository.sol 357: for (uint256 i = 0; i < bondIds.length; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L357-L357 ```solidity File: tokenomics/contracts/Depository.sol 402: for (uint256 i = 0; i < numProducts; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L402-L402 ```solidity File: tokenomics/contracts/Depository.sol 413: for (uint256 i = 0; i < numProducts; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L413-L413 ```solidity File: tokenomics/contracts/Depository.sol 448: for (uint256 i = 0; i < numBonds; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L448-L448 ```solidity File: tokenomics/contracts/Depository.sol 468: for (uint256 i = 0; i < numBonds; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L468-L468 ```solidity File: tokenomics/contracts/DonatorBlacklist.sol 67: for (uint256 i = 0; i < accounts.length; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/DonatorBlacklist.sol#L67-L67 ```solidity File: tokenomics/contracts/Tokenomics.sol 702: for (uint256 i = 0; i < numServices; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L702-L702 ```solidity File: tokenomics/contracts/Tokenomics.sol 714: for (uint256 unitType = 0; unitType < 2; ++unitType) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L714-L714 ```solidity File: tokenomics/contracts/Tokenomics.sol 728: for (uint256 j = 0; j < numServiceUnits; ++j) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L728-L728 ```solidity File: tokenomics/contracts/Tokenomics.sol 758: for (uint256 j = 0; j < numServiceUnits; ++j) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L758-L758 ```solidity File: tokenomics/contracts/Tokenomics.sol 808: for (uint256 i = 0; i < numServices; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L808-L808 ```solidity File: tokenomics/contracts/Tokenomics.sol 978: for (uint256 i = 0; i < 2; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L978-L978 ```solidity File: tokenomics/contracts/Tokenomics.sol 1104: for (uint256 i = 0; i < 2; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1104-L1104 ```solidity File: tokenomics/contracts/Tokenomics.sol 1110: for (uint256 i = 0; i < unitIds.length; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1110-L1110 ```solidity File: tokenomics/contracts/Tokenomics.sol 1132: for (uint256 i = 0; i < unitIds.length; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1132-L1132 ```solidity File: tokenomics/contracts/Tokenomics.sol 1174: for (uint256 i = 0; i < 2; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1174-L1174 ```solidity File: tokenomics/contracts/Tokenomics.sol 1180: for (uint256 i = 0; i < unitIds.length; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1180-L1180 ```solidity File: tokenomics/contracts/Tokenomics.sol 1202: for (uint256 i = 0; i < unitIds.length; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1202-L1202 ```solidity File: tokenomics/contracts/TokenomicsConstants.sol 55: for (uint256 i = 0; i < numYears; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsConstants.sol#L55-L55 ```solidity File: tokenomics/contracts/TokenomicsConstants.sol 92: for (uint256 i = 1; i < numYears; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsConstants.sol#L92-L92 ```solidity File: tokenomics/contracts/Treasury.sol 276: for (uint256 i = 0; i < numServices; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L276-L276 ### [G-53] Do not cache constants to save gas *There are 1 instance(s) of this issue:* ```solidity File: governance/contracts/OLAS.sol 103: uint256 supplyCap = tenYearSupplyCap; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L103-L103 ### [G-54] Using `private` for constants saves gas If needed, the values can be read from the verified contract source code, or if there are multiple values there can be a single getter function that [returns a tuple](https://github.com/code-423n4/2022-08-frax/blob/90f55a9ce4e25bceed3a74290b854341d8de6afa/src/contracts/FraxlendPair.sol#L156-L178) of the values of all currently-public constants. Saves **3406-3606 gas** in deployment gas due to the compiler not having to create non-payable getter functions for deployment calldata, not having to store the bytes of the value outside of where it's used, and not adding another entry to the method ID table *There are 55 instance(s) of this issue:* ```solidity File: governance/contracts/OLAS.sol 22: uint256 public constant oneYear = 1 days * 365; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L22-L22 ```solidity File: governance/contracts/OLAS.sol 24: uint256 public constant tenYearSupplyCap = 1_000_000_000e18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L24-L24 ```solidity File: governance/contracts/OLAS.sol 26: uint256 public constant maxMintCapFraction = 2; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L26-L26 ```solidity File: governance/contracts/OLAS.sol 28: uint256 public immutable timeLaunch; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L28-L28 ```solidity File: governance/contracts/bridges/FxERC20ChildTunnel.sol 29: address public immutable childToken; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20ChildTunnel.sol#L29-L29 ```solidity File: governance/contracts/bridges/FxERC20ChildTunnel.sol 31: address public immutable rootToken; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20ChildTunnel.sol#L31-L31 ```solidity File: governance/contracts/bridges/FxERC20RootTunnel.sol 29: address public immutable childToken; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20RootTunnel.sol#L29-L29 ```solidity File: governance/contracts/bridges/FxERC20RootTunnel.sol 31: address public immutable rootToken; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20RootTunnel.sol#L31-L31 ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol 53: uint256 public constant DEFAULT_DATA_LENGTH = 36; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L53-L53 ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol 55: address public immutable fxChild; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L55-L55 ```solidity File: governance/contracts/bridges/HomeMediator.sol 53: uint256 public constant DEFAULT_DATA_LENGTH = 36; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L53-L53 ```solidity File: governance/contracts/bridges/HomeMediator.sol 55: address public immutable AMBContractProxyHome; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L55-L55 ```solidity File: governance/contracts/multisigs/GuardCM.sol 97: bytes4 public constant SCHEDULE = bytes4(keccak256(bytes("schedule(address,uint256,bytes,bytes32,bytes32,uint256)"))); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L97-L97 ```solidity File: governance/contracts/multisigs/GuardCM.sol 99: bytes4 public constant SCHEDULE_BATCH = bytes4(keccak256(bytes("scheduleBatch(address[],uint256[],bytes[],bytes32,bytes32,uint256)"))); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L99-L99 ```solidity File: governance/contracts/multisigs/GuardCM.sol 101: bytes4 public constant REQUIRE_TO_PASS_MESSAGE = bytes4(keccak256(bytes("requireToPassMessage(address,bytes,uint256)"))); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L101-L101 ```solidity File: governance/contracts/multisigs/GuardCM.sol 103: bytes4 public constant PROCESS_MESSAGE_FROM_FOREIGN = bytes4(keccak256(bytes("processMessageFromForeign(bytes)"))); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L103-L103 ```solidity File: governance/contracts/multisigs/GuardCM.sol 105: bytes4 public constant SEND_MESSAGE_TO_CHILD = bytes4(keccak256(bytes("sendMessageToChild(address,bytes)"))); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L105-L105 ```solidity File: governance/contracts/multisigs/GuardCM.sol 111: uint256 public constant MIN_SCHEDULE_DATA_LENGTH = 260; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L111-L111 ```solidity File: governance/contracts/multisigs/GuardCM.sol 113: uint256 public constant SELECTOR_DATA_LENGTH = 4; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L113-L113 ```solidity File: governance/contracts/multisigs/GuardCM.sol 115: uint256 public constant MIN_GNOSIS_PAYLOAD_LENGTH = 292; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L115-L115 ```solidity File: governance/contracts/multisigs/GuardCM.sol 117: uint256 public constant MIN_POLYGON_PAYLOAD_LENGTH = 164; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L117-L117 ```solidity File: governance/contracts/multisigs/GuardCM.sol 120: address public immutable owner; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L120-L120 ```solidity File: governance/contracts/multisigs/GuardCM.sol 122: address public immutable multisig; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L122-L122 ```solidity File: governance/contracts/veOLAS.sol 105: uint8 public constant decimals = 18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L105-L105 ```solidity File: governance/contracts/veOLAS.sol 108: address public immutable token; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L108-L108 ```solidity File: governance/contracts/wveOLAS.sol 132: address public immutable ve; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L132-L132 ```solidity File: governance/contracts/wveOLAS.sol 134: address public immutable token; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L134-L134 ```solidity File: governance/contracts/wveOLAS.sol 136: string public constant name = "Voting Escrow OLAS"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L136-L136 ```solidity File: governance/contracts/wveOLAS.sol 138: string public constant symbol = "veOLAS"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L138-L138 ```solidity File: governance/contracts/wveOLAS.sol 140: uint8 public constant decimals = 18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L140-L140 ```solidity File: registries/contracts/AgentRegistry.sol 11: address public immutable componentRegistry; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/AgentRegistry.sol#L11-L11 ```solidity File: registries/contracts/AgentRegistry.sol 13: string public constant VERSION = "1.0.0"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/AgentRegistry.sol#L13-L13 ```solidity File: registries/contracts/ComponentRegistry.sol 10: string public constant VERSION = "1.0.0"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/ComponentRegistry.sol#L10-L10 ```solidity File: registries/contracts/GenericRegistry.sol 33: string public constant CID_PREFIX = "f01701220"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L33-L33 ```solidity File: registries/contracts/RegistriesManager.sol 11: address public immutable componentRegistry; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/RegistriesManager.sol#L11-L11 ```solidity File: registries/contracts/RegistriesManager.sol 13: address public immutable agentRegistry; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/RegistriesManager.sol#L13-L13 ```solidity File: registries/contracts/UnitRegistry.sol 27: UnitType public immutable unitType; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L27-L27 ```solidity File: registries/contracts/multisigs/GnosisSafeMultisig.sol 26: bytes4 public constant GNOSIS_SAFE_SETUP_SELECTOR = 0xb63e800d; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeMultisig.sol#L26-L26 ```solidity File: registries/contracts/multisigs/GnosisSafeMultisig.sol 28: uint256 public constant DEFAULT_DATA_LENGTH = 144; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeMultisig.sol#L28-L28 ```solidity File: registries/contracts/multisigs/GnosisSafeMultisig.sol 30: address payable public immutable gnosisSafe; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeMultisig.sol#L30-L30 ```solidity File: registries/contracts/multisigs/GnosisSafeMultisig.sol 32: address public immutable gnosisSafeProxyFactory; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeMultisig.sol#L32-L32 ```solidity File: registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol 53: uint256 public constant DEFAULT_DATA_LENGTH = 20; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol#L53-L53 ```solidity File: registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol 56: bytes32 public immutable proxyHash; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol#L56-L56 ```solidity File: tokenomics/contracts/Depository.sol 75: uint256 public constant MIN_VESTING = 1 days; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L75-L75 ```solidity File: tokenomics/contracts/Depository.sol 77: string public constant VERSION = "1.0.1"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L77-L77 ```solidity File: tokenomics/contracts/Depository.sol 89: address public immutable olas; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L89-L89 ```solidity File: tokenomics/contracts/GenericBondCalculator.sol 22: address public immutable olas; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/GenericBondCalculator.sol#L22-L22 ```solidity File: tokenomics/contracts/GenericBondCalculator.sol 24: address public immutable tokenomics; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/GenericBondCalculator.sol#L24-L24 ```solidity File: tokenomics/contracts/TokenomicsConstants.sol 11: string public constant VERSION = "1.0.1"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsConstants.sol#L11-L11 ```solidity File: tokenomics/contracts/TokenomicsConstants.sol 14: bytes32 public constant PROXY_TOKENOMICS = 0xbd5523e7c3b6a94aa0e3b24d1120addc2f95c7029e097b466b2bedc8d4b4362f; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsConstants.sol#L14-L14 ```solidity File: tokenomics/contracts/TokenomicsConstants.sol 16: uint256 public constant ONE_YEAR = 1 days * 365; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsConstants.sol#L16-L16 ```solidity File: tokenomics/contracts/TokenomicsConstants.sol 18: uint256 public constant MIN_EPOCH_LENGTH = 1 weeks; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsConstants.sol#L18-L18 ```solidity File: tokenomics/contracts/TokenomicsConstants.sol 20: uint256 public constant MIN_PARAM_VALUE = 1e14; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsConstants.sol#L20-L20 ```solidity File: tokenomics/contracts/TokenomicsProxy.sol 28: bytes32 public constant PROXY_TOKENOMICS = 0xbd5523e7c3b6a94aa0e3b24d1120addc2f95c7029e097b466b2bedc8d4b4362f; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsProxy.sol#L28-L28 ```solidity File: tokenomics/contracts/Treasury.sol 56: address public constant ETH_TOKEN_ADDRESS = address(0xEeeeeEeeeEeEeeEeEeEeeEEEeeeeEeeeeeeeEEeE); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L56-L56 ### [G-55] Use `s.x = s.x + y` instead of `s.x += y` for memory structs Using the `s.x = s.x + y` instead of `s.x += y` for memory structs can save **100 gas**. The same applies to `-=`, `*=`, etc. *There are 9 instance(s) of this issue:* ```solidity File: governance/contracts/veOLAS.sol 245: lastPoint.bias -= lastPoint.slope * int128(int64(tStep - lastCheckpoint)); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L245-L245 ```solidity File: governance/contracts/veOLAS.sol 246: lastPoint.slope += dSlope; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L246-L246 ```solidity File: governance/contracts/veOLAS.sol 280: lastPoint.slope += (uNew.slope - uOld.slope); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L280-L280 ```solidity File: governance/contracts/veOLAS.sol 281: lastPoint.bias += (uNew.bias - uOld.bias); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L281-L281 ```solidity File: governance/contracts/veOLAS.sol 350: lockedBalance.amount += uint128(amount); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L350-L350 ```solidity File: governance/contracts/veOLAS.sol 597: uPoint.bias -= uPoint.slope * int128(int64(ts) - int64(uPoint.ts)); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L597-L597 ```solidity File: governance/contracts/veOLAS.sol 680: uPoint.bias -= uPoint.slope * int128(int64(uint64(blockTime)) - int64(uPoint.ts)); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L680-L680 ```solidity File: governance/contracts/veOLAS.sol 704: lastPoint.bias -= lastPoint.slope * int128(int64(tStep) - int64(lastPoint.ts)); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L704-L704 ```solidity File: governance/contracts/veOLAS.sol 708: lastPoint.slope += dSlope; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L708-L708 ### [G-56] Redundant state variable getters Getters for public state variables are automatically generated so there is no need to code them manually and waste gas. *There are 1 instance(s) of this issue:* ```solidity File: governance/contracts/veOLAS.sol 719: function totalSupply() public view override returns (uint256) { 720: return supply; 721: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L719-L721 ### [G-57] Using `constant`s instead of `enum` can save gas `Enum` is expensive and it is [more efficient to use constants](https://www.codehawks.com/finding/clm84992q02j9w9ruebun36d9) instead. An illustrative example of this approach can be found in the [ReentrancyGuard.sol](https://github.com/OpenZeppelin/openzeppelin-contracts/blob/181d518609a9f006fcb97af63e6952e603cf100e/contracts/utils/ReentrancyGuard.sol#L34-L35). *There are 5 instance(s) of this issue:* ```solidity File: governance/contracts/multisigs/GuardCM.sol 11: enum ProposalState { 12: Pending, 13: Active, 14: Canceled, 15: Defeated, 16: Succeeded, 17: Queued, 18: Expired, 19: Executed 20: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L11-L20 ```solidity File: governance/contracts/veOLAS.sol 87: enum DepositType { 88: DEPOSIT_FOR_TYPE, 89: CREATE_LOCK_TYPE, 90: INCREASE_LOCK_AMOUNT, 91: INCREASE_UNLOCK_TIME 92: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L87-L92 ```solidity File: registries/contracts/UnitRegistry.sol 12: enum UnitType { 13: Component, 14: Agent 15: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L12-L15 ```solidity File: registries/contracts/interfaces/IRegistry.sol 6: enum UnitType { 7: Component, 8: Agent 9: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/interfaces/IRegistry.sol#L6-L9 ```solidity File: tokenomics/contracts/interfaces/IServiceRegistry.sol 6: enum UnitType { 7: Component, 8: Agent 9: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IServiceRegistry.sol#L6-L9 ### [G-58] Gas savings can be achieved by changing the model for assigning value to the structure ***123 gas*** Change this `structName a = structName({item1: val1,item2: val2}); ==> structName a; a.item1 = val1; a.item2 = val2;` *There are 5 instance(s) of this issue:* ```solidity File: governance/contracts/veOLAS.sol 139: mapSupplyPoints[0] = PointVoting(0, 0, uint64(block.timestamp), uint64(block.number), 0); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L139-L139 ```solidity File: governance/contracts/veOLAS.sol 215: lastPoint = PointVoting(0, 0, uint64(block.timestamp), uint64(block.number), 0); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L215-L215 ```solidity File: governance/contracts/veOLAS.sol 517: mapLockedBalances[msg.sender] = LockedBalance(0, 0); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L517-L517 ```solidity File: tokenomics/contracts/Depository.sol 232: mapBondProducts[productId] = Product(uint160(priceLP), uint32(vesting), token, uint96(supply)); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L232-L232 ```solidity File: tokenomics/contracts/Depository.sol 333: mapUserBonds[bondId] = Bond(msg.sender, uint96(payout), uint32(maturity), uint32(productId)); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L333-L333 ### [G-59] address(this) should be cached Cacheing saves gas when compared to repeating the calculation at each point it is used in the contract.The instance below represents the second+ time of calling address(this) in a specific function *There are 8 instance(s) of this issue:* ```solidity File: governance/contracts/bridges/FxERC20ChildTunnel.sol 104: revert TransferFailed(childToken, msg.sender, address(this), amount); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20ChildTunnel.sol#L104-L104 ```solidity File: governance/contracts/bridges/FxERC20RootTunnel.sol 100: revert TransferFailed(rootToken, msg.sender, address(this), amount); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20RootTunnel.sol#L100-L100 ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol 85: revert SelfCallOnly(msg.sender, address(this)); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L85-L85 ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol 148: revert InsufficientBalance(value, address(this).balance); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L148-L148 ```solidity File: governance/contracts/bridges/HomeMediator.sol 85: revert SelfCallOnly(msg.sender, address(this)); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L85-L85 ```solidity File: governance/contracts/bridges/HomeMediator.sol 148: revert InsufficientBalance(value, address(this).balance); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L148-L148 ```solidity File: tokenomics/contracts/Treasury.sol 228: if (IToken(token).allowance(account, address(this)) < tokenAmount) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L228-L228 ```solidity File: tokenomics/contracts/Treasury.sol 321: revert TransferFailed(token, address(this), to, tokenAmount); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L321-L321 ### [G-60] Use `solady` library where possible to save gas [Solady](https://github.com/Vectorized/solady) is a Solidity library inspired by [Solmate](https://github.com/rari-capital/solmate), optimized heavily for gas optimizations and battle tested by [hundreds of developers](https://www.alchemy.com/dapps/solady). Consider implementing solady contracts where possible to reduce runtime gas fees. *There are 3 instance(s) of this issue:* ```solidity File: governance/contracts/OLAS.sol 4: import "../lib/solmate/src/tokens/ERC20.sol"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L4-L4 ```solidity File: governance/contracts/bridges/BridgedERC20.sol 4: import {ERC20} from "../../lib/solmate/src/tokens/ERC20.sol"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/BridgedERC20.sol#L4-L4 ```solidity File: registries/contracts/GenericRegistry.sol 4: import "../lib/solmate/src/tokens/ERC721.sol"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L4-L4### NonCritical Risk Issues ### [N-01] State variables declarations should have NatSpec descriptions *There are 145 instance(s) of this issue:* ```solidity File: governance/contracts/OLAS.sol 22: uint256 public constant oneYear = 1 days * 365; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L22-L22 ```solidity File: governance/contracts/OLAS.sol 24: uint256 public constant tenYearSupplyCap = 1_000_000_000e18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L24-L24 ```solidity File: governance/contracts/OLAS.sol 26: uint256 public constant maxMintCapFraction = 2; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L26-L26 ```solidity File: governance/contracts/OLAS.sol 28: uint256 public immutable timeLaunch; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L28-L28 ```solidity File: governance/contracts/OLAS.sol 31: address public owner; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L31-L31 ```solidity File: governance/contracts/OLAS.sol 33: address public minter; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L33-L33 ```solidity File: governance/contracts/veOLAS.sol 99: uint64 internal constant WEEK = 1 weeks; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L99-L99 ```solidity File: governance/contracts/veOLAS.sol 101: uint256 internal constant MAXTIME = 4 * 365 * 86400; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L101-L101 ```solidity File: governance/contracts/veOLAS.sol 103: int128 internal constant IMAXTIME = 4 * 365 * 86400; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L103-L103 ```solidity File: governance/contracts/veOLAS.sol 105: uint8 public constant decimals = 18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L105-L105 ```solidity File: governance/contracts/veOLAS.sol 108: address public immutable token; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L108-L108 ```solidity File: governance/contracts/veOLAS.sol 110: uint256 public supply; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L110-L110 ```solidity File: governance/contracts/veOLAS.sol 112: mapping(address => LockedBalance) public mapLockedBalances; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L112-L112 ```solidity File: governance/contracts/veOLAS.sol 115: uint256 public totalNumPoints; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L115-L115 ```solidity File: governance/contracts/veOLAS.sol 117: mapping(uint256 => PointVoting) public mapSupplyPoints; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L117-L117 ```solidity File: governance/contracts/veOLAS.sol 119: mapping(address => PointVoting[]) public mapUserPoints; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L119-L119 ```solidity File: governance/contracts/veOLAS.sol 121: mapping(uint64 => int128) public mapSlopeChanges; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L121-L121 ```solidity File: governance/contracts/veOLAS.sol 124: string public name; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L124-L124 ```solidity File: governance/contracts/veOLAS.sol 126: string public symbol; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L126-L126 ```solidity File: governance/contracts/wveOLAS.sol 132: address public immutable ve; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L132-L132 ```solidity File: governance/contracts/wveOLAS.sol 134: address public immutable token; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L134-L134 ```solidity File: governance/contracts/wveOLAS.sol 136: string public constant name = "Voting Escrow OLAS"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L136-L136 ```solidity File: governance/contracts/wveOLAS.sol 138: string public constant symbol = "veOLAS"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L138-L138 ```solidity File: governance/contracts/wveOLAS.sol 140: uint8 public constant decimals = 18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L140-L140 ```solidity File: governance/contracts/multisigs/GuardCM.sol 97: bytes4 public constant SCHEDULE = bytes4(keccak256(bytes("schedule(address,uint256,bytes,bytes32,bytes32,uint256)"))); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L97-L97 ```solidity File: governance/contracts/multisigs/GuardCM.sol 99: bytes4 public constant SCHEDULE_BATCH = bytes4(keccak256(bytes("scheduleBatch(address[],uint256[],bytes[],bytes32,bytes32,uint256)"))); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L99-L99 ```solidity File: governance/contracts/multisigs/GuardCM.sol 101: bytes4 public constant REQUIRE_TO_PASS_MESSAGE = bytes4(keccak256(bytes("requireToPassMessage(address,bytes,uint256)"))); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L101-L101 ```solidity File: governance/contracts/multisigs/GuardCM.sol 103: bytes4 public constant PROCESS_MESSAGE_FROM_FOREIGN = bytes4(keccak256(bytes("processMessageFromForeign(bytes)"))); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L103-L103 ```solidity File: governance/contracts/multisigs/GuardCM.sol 105: bytes4 public constant SEND_MESSAGE_TO_CHILD = bytes4(keccak256(bytes("sendMessageToChild(address,bytes)"))); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L105-L105 ```solidity File: governance/contracts/multisigs/GuardCM.sol 108: uint256 public governorCheckProposalId = 88250008686885504216650933897987879122244685460173810624866685274624741477673; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L108-L108 ```solidity File: governance/contracts/multisigs/GuardCM.sol 111: uint256 public constant MIN_SCHEDULE_DATA_LENGTH = 260; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L111-L111 ```solidity File: governance/contracts/multisigs/GuardCM.sol 113: uint256 public constant SELECTOR_DATA_LENGTH = 4; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L113-L113 ```solidity File: governance/contracts/multisigs/GuardCM.sol 115: uint256 public constant MIN_GNOSIS_PAYLOAD_LENGTH = 292; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L115-L115 ```solidity File: governance/contracts/multisigs/GuardCM.sol 117: uint256 public constant MIN_POLYGON_PAYLOAD_LENGTH = 164; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L117-L117 ```solidity File: governance/contracts/multisigs/GuardCM.sol 120: address public immutable owner; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L120-L120 ```solidity File: governance/contracts/multisigs/GuardCM.sol 122: address public immutable multisig; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L122-L122 ```solidity File: governance/contracts/multisigs/GuardCM.sol 125: address public governor; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L125-L125 ```solidity File: governance/contracts/multisigs/GuardCM.sol 127: uint8 public paused = 1; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L127-L127 ```solidity File: governance/contracts/multisigs/GuardCM.sol 130: mapping(uint256 => bool) public mapAllowedTargetSelectorChainIds; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L130-L130 ```solidity File: governance/contracts/multisigs/GuardCM.sol 132: mapping(address => uint256) public mapBridgeMediatorL1L2ChainIds; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L132-L132 ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol 53: uint256 public constant DEFAULT_DATA_LENGTH = 36; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L53-L53 ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol 55: address public immutable fxChild; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L55-L55 ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol 57: address public rootGovernor; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L57-L57 ```solidity File: governance/contracts/bridges/HomeMediator.sol 53: uint256 public constant DEFAULT_DATA_LENGTH = 36; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L53-L53 ```solidity File: governance/contracts/bridges/HomeMediator.sol 55: address public immutable AMBContractProxyHome; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L55-L55 ```solidity File: governance/contracts/bridges/HomeMediator.sol 57: address public foreignGovernor; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L57-L57 ```solidity File: governance/contracts/bridges/BridgedERC20.sol 22: address public owner; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/BridgedERC20.sol#L22-L22 ```solidity File: governance/contracts/bridges/FxERC20ChildTunnel.sol 29: address public immutable childToken; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20ChildTunnel.sol#L29-L29 ```solidity File: governance/contracts/bridges/FxERC20ChildTunnel.sol 31: address public immutable rootToken; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20ChildTunnel.sol#L31-L31 ```solidity File: governance/contracts/bridges/FxERC20RootTunnel.sol 29: address public immutable childToken; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20RootTunnel.sol#L29-L29 ```solidity File: governance/contracts/bridges/FxERC20RootTunnel.sol 31: address public immutable rootToken; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20RootTunnel.sol#L31-L31 ```solidity File: registries/contracts/GenericRegistry.sol 15: address public owner; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L15-L15 ```solidity File: registries/contracts/GenericRegistry.sol 17: address public manager; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L17-L17 ```solidity File: registries/contracts/GenericRegistry.sol 19: string public baseURI; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L19-L19 ```solidity File: registries/contracts/GenericRegistry.sol 21: uint256 public totalSupply; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L21-L21 ```solidity File: registries/contracts/GenericRegistry.sol 23: uint256 internal _locked = 1; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L23-L23 ```solidity File: registries/contracts/GenericRegistry.sol 33: string public constant CID_PREFIX = "f01701220"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L33-L33 ```solidity File: registries/contracts/UnitRegistry.sol 27: UnitType public immutable unitType; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L27-L27 ```solidity File: registries/contracts/UnitRegistry.sol 29: mapping(uint256 => bytes32[]) public mapUnitIdHashes; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L29-L29 ```solidity File: registries/contracts/UnitRegistry.sol 31: mapping(uint256 => uint32[]) public mapSubComponents; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L31-L31 ```solidity File: registries/contracts/UnitRegistry.sol 33: mapping(uint256 => Unit) public mapUnits; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L33-L33 ```solidity File: registries/contracts/ComponentRegistry.sol 10: string public constant VERSION = "1.0.0"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/ComponentRegistry.sol#L10-L10 ```solidity File: registries/contracts/AgentRegistry.sol 11: address public immutable componentRegistry; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/AgentRegistry.sol#L11-L11 ```solidity File: registries/contracts/AgentRegistry.sol 13: string public constant VERSION = "1.0.0"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/AgentRegistry.sol#L13-L13 ```solidity File: registries/contracts/GenericManager.sol 14: address public owner; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericManager.sol#L14-L14 ```solidity File: registries/contracts/GenericManager.sol 16: bool public paused; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericManager.sol#L16-L16 ```solidity File: registries/contracts/RegistriesManager.sol 11: address public immutable componentRegistry; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/RegistriesManager.sol#L11-L11 ```solidity File: registries/contracts/RegistriesManager.sol 13: address public immutable agentRegistry; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/RegistriesManager.sol#L13-L13 ```solidity File: registries/contracts/multisigs/GnosisSafeMultisig.sol 26: bytes4 public constant GNOSIS_SAFE_SETUP_SELECTOR = 0xb63e800d; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeMultisig.sol#L26-L26 ```solidity File: registries/contracts/multisigs/GnosisSafeMultisig.sol 28: uint256 public constant DEFAULT_DATA_LENGTH = 144; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeMultisig.sol#L28-L28 ```solidity File: registries/contracts/multisigs/GnosisSafeMultisig.sol 30: address payable public immutable gnosisSafe; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeMultisig.sol#L30-L30 ```solidity File: registries/contracts/multisigs/GnosisSafeMultisig.sol 32: address public immutable gnosisSafeProxyFactory; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeMultisig.sol#L32-L32 ```solidity File: registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol 53: uint256 public constant DEFAULT_DATA_LENGTH = 20; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol#L53-L53 ```solidity File: registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol 56: bytes32 public immutable proxyHash; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol#L56-L56 ```solidity File: tokenomics/contracts/Depository.sol 75: uint256 public constant MIN_VESTING = 1 days; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L75-L75 ```solidity File: tokenomics/contracts/Depository.sol 77: string public constant VERSION = "1.0.1"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L77-L77 ```solidity File: tokenomics/contracts/Depository.sol 80: address public owner; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L80-L80 ```solidity File: tokenomics/contracts/Depository.sol 83: uint32 public bondCounter; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L83-L83 ```solidity File: tokenomics/contracts/Depository.sol 86: uint32 public productCounter; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L86-L86 ```solidity File: tokenomics/contracts/Depository.sol 89: address public immutable olas; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L89-L89 ```solidity File: tokenomics/contracts/Depository.sol 91: address public tokenomics; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L91-L91 ```solidity File: tokenomics/contracts/Depository.sol 93: address public treasury; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L93-L93 ```solidity File: tokenomics/contracts/Depository.sol 95: address public bondCalculator; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L95-L95 ```solidity File: tokenomics/contracts/Depository.sol 98: mapping(uint256 => Bond) public mapUserBonds; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L98-L98 ```solidity File: tokenomics/contracts/Depository.sol 100: mapping(uint256 => Product) public mapBondProducts; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L100-L100 ```solidity File: tokenomics/contracts/Dispenser.sol 18: address public owner; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Dispenser.sol#L18-L18 ```solidity File: tokenomics/contracts/Dispenser.sol 20: uint8 internal _locked; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Dispenser.sol#L20-L20 ```solidity File: tokenomics/contracts/Dispenser.sol 23: address public tokenomics; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Dispenser.sol#L23-L23 ```solidity File: tokenomics/contracts/Dispenser.sol 25: address public treasury; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Dispenser.sol#L25-L25 ```solidity File: tokenomics/contracts/DonatorBlacklist.sol 25: address public owner; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/DonatorBlacklist.sol#L25-L25 ```solidity File: tokenomics/contracts/DonatorBlacklist.sol 27: mapping(address => bool) public mapBlacklistedDonators; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/DonatorBlacklist.sol#L27-L27 ```solidity File: tokenomics/contracts/GenericBondCalculator.sol 22: address public immutable olas; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/GenericBondCalculator.sol#L22-L22 ```solidity File: tokenomics/contracts/GenericBondCalculator.sol 24: address public immutable tokenomics; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/GenericBondCalculator.sol#L24-L24 ```solidity File: tokenomics/contracts/Tokenomics.sol 140: address public owner; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L140-L140 ```solidity File: tokenomics/contracts/Tokenomics.sol 143: uint96 public maxBond; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L143-L143 ```solidity File: tokenomics/contracts/Tokenomics.sol 146: address public olas; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L146-L146 ```solidity File: tokenomics/contracts/Tokenomics.sol 148: uint96 public inflationPerSecond; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L148-L148 ```solidity File: tokenomics/contracts/Tokenomics.sol 151: address public treasury; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L151-L151 ```solidity File: tokenomics/contracts/Tokenomics.sol 154: uint96 public veOLASThreshold; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L154-L154 ```solidity File: tokenomics/contracts/Tokenomics.sol 157: address public depository; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L157-L157 ```solidity File: tokenomics/contracts/Tokenomics.sol 161: uint96 public effectiveBond; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L161-L161 ```solidity File: tokenomics/contracts/Tokenomics.sol 164: address public dispenser; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L164-L164 ```solidity File: tokenomics/contracts/Tokenomics.sol 167: uint72 public codePerDev; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L167-L167 ```solidity File: tokenomics/contracts/Tokenomics.sol 170: uint8 public currentYear; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L170-L170 ```solidity File: tokenomics/contracts/Tokenomics.sol 172: bytes1 public tokenomicsParametersUpdated; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L172-L172 ```solidity File: tokenomics/contracts/Tokenomics.sol 174: uint8 internal _locked; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L174-L174 ```solidity File: tokenomics/contracts/Tokenomics.sol 177: address public componentRegistry; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L177-L177 ```solidity File: tokenomics/contracts/Tokenomics.sol 181: uint64 public epsilonRate; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L181-L181 ```solidity File: tokenomics/contracts/Tokenomics.sol 184: uint32 public epochLen; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L184-L184 ```solidity File: tokenomics/contracts/Tokenomics.sol 187: address public agentRegistry; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L187-L187 ```solidity File: tokenomics/contracts/Tokenomics.sol 190: uint96 public nextVeOLASThreshold; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L190-L190 ```solidity File: tokenomics/contracts/Tokenomics.sol 193: address public serviceRegistry; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L193-L193 ```solidity File: tokenomics/contracts/Tokenomics.sol 196: uint32 public epochCounter; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L196-L196 ```solidity File: tokenomics/contracts/Tokenomics.sol 199: uint32 public timeLaunch; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L199-L199 ```solidity File: tokenomics/contracts/Tokenomics.sol 202: uint32 public nextEpochLen; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L202-L202 ```solidity File: tokenomics/contracts/Tokenomics.sol 205: address public ve; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L205-L205 ```solidity File: tokenomics/contracts/Tokenomics.sol 208: uint72 public devsPerCapital; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L208-L208 ```solidity File: tokenomics/contracts/Tokenomics.sol 211: address public donatorBlacklist; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L211-L211 ```solidity File: tokenomics/contracts/Tokenomics.sol 214: uint32 public lastDonationBlockNumber; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L214-L214 ```solidity File: tokenomics/contracts/Tokenomics.sol 217: mapping(uint256 => uint256) public mapServiceAmounts; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L217-L217 ```solidity File: tokenomics/contracts/Tokenomics.sol 219: mapping(address => uint256) public mapOwnerRewards; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L219-L219 ```solidity File: tokenomics/contracts/Tokenomics.sol 221: mapping(address => uint256) public mapOwnerTopUps; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L221-L221 ```solidity File: tokenomics/contracts/Tokenomics.sol 223: mapping(uint256 => TokenomicsPoint) public mapEpochTokenomics; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L223-L223 ```solidity File: tokenomics/contracts/Tokenomics.sol 225: mapping(uint256 => mapping(uint256 => bool)) public mapNewUnits; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L225-L225 ```solidity File: tokenomics/contracts/Tokenomics.sol 227: mapping(address => bool) public mapNewOwners; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L227-L227 ```solidity File: tokenomics/contracts/Tokenomics.sol 229: mapping(uint256 => mapping(uint256 => IncentiveBalances)) public mapUnitIncentives; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L229-L229 ```solidity File: tokenomics/contracts/TokenomicsConstants.sol 11: string public constant VERSION = "1.0.1"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsConstants.sol#L11-L11 ```solidity File: tokenomics/contracts/TokenomicsConstants.sol 14: bytes32 public constant PROXY_TOKENOMICS = 0xbd5523e7c3b6a94aa0e3b24d1120addc2f95c7029e097b466b2bedc8d4b4362f; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsConstants.sol#L14-L14 ```solidity File: tokenomics/contracts/TokenomicsConstants.sol 16: uint256 public constant ONE_YEAR = 1 days * 365; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsConstants.sol#L16-L16 ```solidity File: tokenomics/contracts/TokenomicsConstants.sol 18: uint256 public constant MIN_EPOCH_LENGTH = 1 weeks; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsConstants.sol#L18-L18 ```solidity File: tokenomics/contracts/TokenomicsConstants.sol 20: uint256 public constant MIN_PARAM_VALUE = 1e14; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsConstants.sol#L20-L20 ```solidity File: tokenomics/contracts/TokenomicsProxy.sol 28: bytes32 public constant PROXY_TOKENOMICS = 0xbd5523e7c3b6a94aa0e3b24d1120addc2f95c7029e097b466b2bedc8d4b4362f; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsProxy.sol#L28-L28 ```solidity File: tokenomics/contracts/Treasury.sol 56: address public constant ETH_TOKEN_ADDRESS = address(0xEeeeeEeeeEeEeeEeEeEeeEEEeeeeEeeeeeeeEEeE); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L56-L56 ```solidity File: tokenomics/contracts/Treasury.sol 59: address public owner; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L59-L59 ```solidity File: tokenomics/contracts/Treasury.sol 62: uint96 public ETHFromServices; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L62-L62 ```solidity File: tokenomics/contracts/Treasury.sol 65: address public olas; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L65-L65 ```solidity File: tokenomics/contracts/Treasury.sol 68: uint96 public ETHOwned; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L68-L68 ```solidity File: tokenomics/contracts/Treasury.sol 71: address public tokenomics; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L71-L71 ```solidity File: tokenomics/contracts/Treasury.sol 73: uint96 public minAcceptedETH = 0.065 ether; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L73-L73 ```solidity File: tokenomics/contracts/Treasury.sol 76: address public depository; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L76-L76 ```solidity File: tokenomics/contracts/Treasury.sol 78: uint8 public paused = 1; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L78-L78 ```solidity File: tokenomics/contracts/Treasury.sol 80: uint8 internal _locked; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L80-L80 ```solidity File: tokenomics/contracts/Treasury.sol 83: address public dispenser; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L83-L83 ```solidity File: tokenomics/contracts/Treasury.sol 86: mapping(address => uint256) public mapTokenReserves; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L86-L86 ```solidity File: tokenomics/contracts/Treasury.sol 88: mapping(address => bool) public mapEnabledTokens; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L88-L88 ### [N-02] Large or complicated code bases should implement invariant tests Large code bases, or code with lots of inline-assembly, complicated math, or complicated interactions between multiple contracts, should implement [invariant fuzzing tests](https://medium.com/coinmonks/smart-contract-fuzzing-d9b88e0b0a05). Invariant fuzzers such as Echidna require the test writer to come up with invariants which should not be violated under any circumstances, and the fuzzer tests various inputs and function calls to ensure that the invariants always hold. Even code with 100% code coverage can still have bugs due to the order of the operations a user performs, and invariant fuzzers, with properly and extensively-written invariants, can close this testing gap significantly. *There are 1 instance(s) of this issue:* ```solidity File: governance/contracts/GovernorOLAS.sol @audit Should implement invariant tests 1: ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/GovernorOLAS.sol#L1-L1 ### [N-03] Assembly blocks should have extensive comments Assembly blocks are taking a lot more time to audit than normal Solidity code, and often have gotchas and side-effects that the Solidity versions of the same code do not. Consider adding more comments explaining what is being done in every step of the assembly code *There are 10 instance(s) of this issue:* ```solidity File: governance/contracts/multisigs/GuardCM.sol 216: assembly { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L216-L216 ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol 130: assembly { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L130-L130 ```solidity File: governance/contracts/bridges/HomeMediator.sol 130: assembly { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L130-L130 ```solidity File: registries/contracts/multisigs/GnosisSafeMultisig.sol 57: assembly { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeMultisig.sol#L57-L57 ```solidity File: registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol 98: assembly { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol#L98-L98 ```solidity File: tokenomics/contracts/Tokenomics.sol 375: assembly { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L375-L375 ```solidity File: tokenomics/contracts/Tokenomics.sol 396: assembly { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L396-L396 ```solidity File: tokenomics/contracts/Tokenomics.sol 883: assembly { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L883-L883 ```solidity File: tokenomics/contracts/TokenomicsProxy.sol 44: assembly { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsProxy.sol#L44-L44 ```solidity File: tokenomics/contracts/TokenomicsProxy.sol 56: assembly { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsProxy.sol#L56-L56 ### [N-04] Contract declarations should have NatSpec `@author` annotations *There are 22 instance(s) of this issue:* ```solidity File: governance/contracts/veOLAS.sol 85: /// @notice This token supports the ERC20 interface specifications except for transfers and approvals. 86: contract veOLAS is IErrors, IVotes, IERC20, IERC165 { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L85-L86 ```solidity File: governance/contracts/wveOLAS.sol 13: interface IVEOLAS { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L13-L13 ```solidity File: governance/contracts/multisigs/GuardCM.sol 6: interface IGovernor { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L6-L6 ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol 4: /// @dev Interface to process message across the bridge. 5: interface IFxMessageProcessor { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L4-L5 ```solidity File: governance/contracts/bridges/HomeMediator.sol 4: /// @dev Interface to the AMB Contract Proxy. 5: interface IAMB { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L4-L5 ```solidity File: governance/contracts/bridges/BridgedERC20.sol 15: /// @title BridgedERC20 - Smart contract for bridged ERC20 token 16: /// @dev Bridged token contract is owned by the bridge mediator contract, and thus the token representation from 17: /// another chain must be minted and burned solely by the bridge mediator contract. 18: contract BridgedERC20 is ERC20 { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/BridgedERC20.sol#L15-L18 ```solidity File: governance/contracts/interfaces/IERC20.sol 4: /// @dev ERC20 token interface. 5: interface IERC20 { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/interfaces/IERC20.sol#L4-L5 ```solidity File: governance/contracts/interfaces/IErrors.sol 4: /// @dev Errors. 5: interface IErrors { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/interfaces/IErrors.sol#L4-L5 ```solidity File: registries/contracts/multisigs/GnosisSafeMultisig.sol 5: interface IGnosisSafeProxyFactory { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeMultisig.sol#L5-L5 ```solidity File: registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol 5: interface IGnosisSafe { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol#L5-L5 ```solidity File: registries/contracts/interfaces/IErrorsRegistries.sol 4: /// @dev Errors. 5: interface IErrorsRegistries { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/interfaces/IErrorsRegistries.sol#L4-L5 ```solidity File: registries/contracts/interfaces/IRegistry.sol 4: /// @dev Required interface for the component / agent manipulation. 5: interface IRegistry { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/interfaces/IRegistry.sol#L4-L5 ```solidity File: tokenomics/contracts/interfaces/IDonatorBlacklist.sol 4: /// @dev DonatorBlacklist interface. 5: interface IDonatorBlacklist { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IDonatorBlacklist.sol#L4-L5 ```solidity File: tokenomics/contracts/interfaces/IErrorsTokenomics.sol 4: /// @dev Errors. 5: interface IErrorsTokenomics { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IErrorsTokenomics.sol#L4-L5 ```solidity File: tokenomics/contracts/interfaces/IGenericBondCalculator.sol 4: /// @dev Interface for generic bond calculator. 5: interface IGenericBondCalculator { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IGenericBondCalculator.sol#L4-L5 ```solidity File: tokenomics/contracts/interfaces/IOLAS.sol 4: interface IOLAS { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IOLAS.sol#L4-L4 ```solidity File: tokenomics/contracts/interfaces/IServiceRegistry.sol 4: /// @dev Required interface for the service registry. 5: interface IServiceRegistry { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IServiceRegistry.sol#L4-L5 ```solidity File: tokenomics/contracts/interfaces/IToken.sol 4: /// @dev Generic token interface for IERC20 and IERC721 tokens. 5: interface IToken { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IToken.sol#L4-L5 ```solidity File: tokenomics/contracts/interfaces/ITokenomics.sol 4: /// @dev Interface for tokenomics management. 5: interface ITokenomics { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/ITokenomics.sol#L4-L5 ```solidity File: tokenomics/contracts/interfaces/ITreasury.sol 4: /// @dev Interface for treasury management. 5: interface ITreasury { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/ITreasury.sol#L4-L5 ```solidity File: tokenomics/contracts/interfaces/IUniswapV2Pair.sol 5: interface IUniswapV2Pair { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IUniswapV2Pair.sol#L5-L5 ```solidity File: tokenomics/contracts/interfaces/IVotingEscrow.sol 4: /// @dev Interface for voting escrow. 5: interface IVotingEscrow { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IVotingEscrow.sol#L4-L5 ### [N-05] Avoid the use of sensitive terms Use [alternative variants](https://www.zdnet.com/article/mysql-drops-master-slave-and-blacklist-whitelist-terminology/), e.g. allowlist/denylist instead of whitelist/blacklist *There are 45 instance(s) of this issue:* ```solidity File: registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol 21: /// @dev Multisig proxy bytecode is not whitelisted. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol#L21-L21 ```solidity File: registries/contracts/interfaces/IErrorsRegistries.sol 93: /// @dev Multisig is not whitelisted. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/interfaces/IErrorsRegistries.sol#L93-L93 ```solidity File: tokenomics/contracts/DonatorBlacklist.sol 17: /// @title DonatorBlacklist - Smart contract for donator address blacklisting ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/DonatorBlacklist.sol#L17-L17 ```solidity File: tokenomics/contracts/DonatorBlacklist.sol 20: contract DonatorBlacklist { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/DonatorBlacklist.sol#L20-L20 ```solidity File: tokenomics/contracts/DonatorBlacklist.sol 22: event DonatorBlacklistStatus(address indexed account, bool status); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/DonatorBlacklist.sol#L22-L22 ```solidity File: tokenomics/contracts/DonatorBlacklist.sol 26: // Mapping account address => blacklisting status ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/DonatorBlacklist.sol#L26-L26 ```solidity File: tokenomics/contracts/DonatorBlacklist.sol 27: mapping(address => bool) public mapBlacklistedDonators; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/DonatorBlacklist.sol#L27-L27 ```solidity File: tokenomics/contracts/DonatorBlacklist.sol 29: /// @dev DonatorBlacklist constructor. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/DonatorBlacklist.sol#L29-L29 ```solidity File: tokenomics/contracts/DonatorBlacklist.sol 51: /// @dev Controls donators blacklisting statuses. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/DonatorBlacklist.sol#L51-L51 ```solidity File: tokenomics/contracts/DonatorBlacklist.sol 52: /// @notice Donator is considered blacklisted if its status is set to true. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/DonatorBlacklist.sol#L52-L52 ```solidity File: tokenomics/contracts/DonatorBlacklist.sol 54: /// @param statuses Set blacklisting statuses. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/DonatorBlacklist.sol#L54-L54 ```solidity File: tokenomics/contracts/DonatorBlacklist.sol 72: // Set the account blacklisting status ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/DonatorBlacklist.sol#L72-L72 ```solidity File: tokenomics/contracts/DonatorBlacklist.sol 73: mapBlacklistedDonators[accounts[i]] = statuses[i]; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/DonatorBlacklist.sol#L73-L73 ```solidity File: tokenomics/contracts/DonatorBlacklist.sol 74: emit DonatorBlacklistStatus(accounts[i], statuses[i]); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/DonatorBlacklist.sol#L74-L74 ```solidity File: tokenomics/contracts/DonatorBlacklist.sol 79: /// @dev Gets account blacklisting status. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/DonatorBlacklist.sol#L79-L79 ```solidity File: tokenomics/contracts/DonatorBlacklist.sol 81: /// @return status Blacklisting status. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/DonatorBlacklist.sol#L81-L81 ```solidity File: tokenomics/contracts/DonatorBlacklist.sol 82: function isDonatorBlacklisted(address account) external view returns (bool status) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/DonatorBlacklist.sol#L82-L82 ```solidity File: tokenomics/contracts/DonatorBlacklist.sol 83: status = mapBlacklistedDonators[account]; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/DonatorBlacklist.sol#L83-L83 ```solidity File: tokenomics/contracts/Tokenomics.sol 5: import "./interfaces/IDonatorBlacklist.sol"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L5-L5 ```solidity File: tokenomics/contracts/Tokenomics.sol 135: event DonatorBlacklistUpdated(address indexed blacklist); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L135-L135 ```solidity File: tokenomics/contracts/Tokenomics.sol 210: // Blacklist contract address ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L210-L210 ```solidity File: tokenomics/contracts/Tokenomics.sol 211: address public donatorBlacklist; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L211-L211 ```solidity File: tokenomics/contracts/Tokenomics.sol 247: /// @param _donatorBlacklist DonatorBlacklist address. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L247-L247 ```solidity File: tokenomics/contracts/Tokenomics.sol 259: /// #if_succeeds {:msg "donatorBlacklist assignment"} donatorBlacklist == _donatorBlacklist; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L259-L259 ```solidity File: tokenomics/contracts/Tokenomics.sol 274: address _donatorBlacklist ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L274-L274 ```solidity File: tokenomics/contracts/Tokenomics.sol 315: donatorBlacklist = _donatorBlacklist; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L315-L315 ```solidity File: tokenomics/contracts/Tokenomics.sol 471: /// @dev Changes donator blacklist contract address. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L471-L471 ```solidity File: tokenomics/contracts/Tokenomics.sol 472: /// @notice DonatorBlacklist contract can be disabled by setting its address to zero. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L472-L472 ```solidity File: tokenomics/contracts/Tokenomics.sol 473: /// @param _donatorBlacklist DonatorBlacklist contract address. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L473-L473 ```solidity File: tokenomics/contracts/Tokenomics.sol 474: function changeDonatorBlacklist(address _donatorBlacklist) external { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L474-L474 ```solidity File: tokenomics/contracts/Tokenomics.sol 480: donatorBlacklist = _donatorBlacklist; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L480-L480 ```solidity File: tokenomics/contracts/Tokenomics.sol 481: emit DonatorBlacklistUpdated(_donatorBlacklist); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L481-L481 ```solidity File: tokenomics/contracts/Tokenomics.sol 799: // Check if the donator blacklist is enabled, and the status of the donator address ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L799-L799 ```solidity File: tokenomics/contracts/Tokenomics.sol 800: address bList = donatorBlacklist; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L800-L800 ```solidity File: tokenomics/contracts/Tokenomics.sol 801: if (bList != address(0) && IDonatorBlacklist(bList).isDonatorBlacklisted(donator)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L801-L801 ```solidity File: tokenomics/contracts/Tokenomics.sol 802: revert DonatorBlacklisted(donator); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L802-L802 ```solidity File: tokenomics/contracts/TokenomicsProxy.sol 7: /// @dev Zero master tokenomics address. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsProxy.sol#L7-L7 ```solidity File: tokenomics/contracts/interfaces/IDonatorBlacklist.sol 4: /// @dev DonatorBlacklist interface. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IDonatorBlacklist.sol#L4-L4 ```solidity File: tokenomics/contracts/interfaces/IDonatorBlacklist.sol 5: interface IDonatorBlacklist { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IDonatorBlacklist.sol#L5-L5 ```solidity File: tokenomics/contracts/interfaces/IDonatorBlacklist.sol 6: /// @dev Gets account blacklisting status. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IDonatorBlacklist.sol#L6-L6 ```solidity File: tokenomics/contracts/interfaces/IDonatorBlacklist.sol 8: /// @return status Blacklisting status. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IDonatorBlacklist.sol#L8-L8 ```solidity File: tokenomics/contracts/interfaces/IDonatorBlacklist.sol 9: function isDonatorBlacklisted(address account) external view returns (bool status); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IDonatorBlacklist.sol#L9-L9 ```solidity File: tokenomics/contracts/interfaces/IErrorsTokenomics.sol 43: /// @dev Token is disabled or not whitelisted. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IErrorsTokenomics.sol#L43-L43 ```solidity File: tokenomics/contracts/interfaces/IErrorsTokenomics.sol 114: /// @dev The donator address is blacklisted. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IErrorsTokenomics.sol#L114-L114 ```solidity File: tokenomics/contracts/interfaces/IErrorsTokenomics.sol 116: error DonatorBlacklisted(address account); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IErrorsTokenomics.sol#L116-L116 ### [N-06] Common functions should be refactored to a common base contract The functions below have the same implementation as is seen in other files. The functions should be refactored into functions of a common base contract *There are 1 instance(s) of this issue:* ```solidity File: tokenomics/contracts/Dispenser.sol //@audit this function is already seen in `tokenomics/contracts/Dispenser.sol` 64: function changeManagers(address _tokenomics, address _treasury) external { 65: // Check for the contract ownership 66: if (msg.sender != owner) { 67: revert OwnerOnly(msg.sender, owner); 68: } 69: 70: // Change Tokenomics contract address 71: if (_tokenomics != address(0)) { 72: tokenomics = _tokenomics; 73: emit TokenomicsUpdated(_tokenomics); 74: } 75: // Change Treasury contract address 76: if (_treasury != address(0)) { 77: treasury = _treasury; 78: emit TreasuryUpdated(_treasury); 79: } 80: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Dispenser.sol#L64-L80 ### [N-07] Overly complicated arithmetic To maintain readability in code, particularly in Solidity which can involve complex mathematical operations, it is often recommended to limit the number of arithmetic operations to a maximum of 2-3 per line. Too many operations in a single line can make the code difficult to read and understand, increase the likelihood of mistakes, and complicate the process of debugging and reviewing the code. Consider splitting such operations over more than one line, take special care when dealing with division however. Try to limit the number of arithmetic operations to a maximum of 3 per line. *There are 1 instance(s) of this issue:* ```solidity File: registries/contracts/GenericRegistry.sol 120: result = bytes32 (0x3030303030303030303030303030303030303030303030303030303030303030 + 121: uint256 (result) + 122: (uint256 (result) + 0x0606060606060606060606060606060606060606060606060606060606060606 >> 4 & 123: 0x0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F) * 39); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L120-L123 ### [N-08] Constant redefined elsewhere Consider defining in only one contract so that values cannot become out of sync when only one location is updated. A [cheap way](https://medium.com/coinmonks/gas-cost-of-solidity-library-functions-dbe0cedd4678) to store constants in a single location is to create an `internal constant` in a `library`. If the variable is a local cache of another contract's value, consider making the cache variable internal or private, which will require external users to query the contract with the source of truth, so that callers don't get out of sync. *There are 13 instance(s) of this issue:* ```solidity File: governance/contracts/wveOLAS.sol //@audit The same constant is already defined on file : governance/contracts/veOLAS.sol 134: address public immutable token; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L134-L134 ```solidity File: governance/contracts/wveOLAS.sol //@audit The same constant is already defined on file : governance/contracts/veOLAS.sol 140: uint8 public constant decimals = 18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L140-L140 ```solidity File: governance/contracts/bridges/HomeMediator.sol //@audit The same constant is already defined on file : governance/contracts/bridges/FxGovernorTunnel.sol 53: uint256 public constant DEFAULT_DATA_LENGTH = 36; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L53-L53 ```solidity File: governance/contracts/bridges/FxERC20RootTunnel.sol //@audit The same constant is already defined on file : governance/contracts/bridges/FxERC20ChildTunnel.sol 29: address public immutable childToken; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20RootTunnel.sol#L29-L29 ```solidity File: governance/contracts/bridges/FxERC20RootTunnel.sol //@audit The same constant is already defined on file : governance/contracts/bridges/FxERC20ChildTunnel.sol 31: address public immutable rootToken; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20RootTunnel.sol#L31-L31 ```solidity File: registries/contracts/AgentRegistry.sol //@audit The same constant is already defined on file : registries/contracts/ComponentRegistry.sol 13: string public constant VERSION = "1.0.0"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/AgentRegistry.sol#L13-L13 ```solidity File: registries/contracts/RegistriesManager.sol //@audit The same constant is already defined on file : registries/contracts/AgentRegistry.sol 11: address public immutable componentRegistry; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/RegistriesManager.sol#L11-L11 ```solidity File: registries/contracts/multisigs/GnosisSafeMultisig.sol //@audit The same constant is already defined on file : governance/contracts/bridges/FxGovernorTunnel.sol 28: uint256 public constant DEFAULT_DATA_LENGTH = 144; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeMultisig.sol#L28-L28 ```solidity File: registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol //@audit The same constant is already defined on file : governance/contracts/bridges/FxGovernorTunnel.sol 53: uint256 public constant DEFAULT_DATA_LENGTH = 20; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol#L53-L53 ```solidity File: tokenomics/contracts/Depository.sol //@audit The same constant is already defined on file : registries/contracts/ComponentRegistry.sol 77: string public constant VERSION = "1.0.1"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L77-L77 ```solidity File: tokenomics/contracts/GenericBondCalculator.sol //@audit The same constant is already defined on file : tokenomics/contracts/Depository.sol 22: address public immutable olas; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/GenericBondCalculator.sol#L22-L22 ```solidity File: tokenomics/contracts/TokenomicsConstants.sol //@audit The same constant is already defined on file : registries/contracts/ComponentRegistry.sol 11: string public constant VERSION = "1.0.1"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsConstants.sol#L11-L11 ```solidity File: tokenomics/contracts/TokenomicsProxy.sol //@audit The same constant is already defined on file : tokenomics/contracts/TokenomicsConstants.sol 28: bytes32 public constant PROXY_TOKENOMICS = 0xbd5523e7c3b6a94aa0e3b24d1120addc2f95c7029e097b466b2bedc8d4b4362f; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsProxy.sol#L28-L28 ### [N-09] Constants in comparisons should appear on the left side *There are 131 instance(s) of this issue:* ```solidity File: governance/contracts/OLAS.sol //@audit `9` 105: if (numYears > 9) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L105-L105 ```solidity File: governance/contracts/veOLAS.sol //@audit `0` 147: if (lastPointNumber > 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L147-L147 ```solidity File: governance/contracts/veOLAS.sol //@audit `0` 211: if (curNumPoint > 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L211-L211 ```solidity File: governance/contracts/veOLAS.sol //@audit `255` 232: for (uint256 i = 0; i < 255; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L232-L232 ```solidity File: governance/contracts/veOLAS.sol //@audit `0` 201: if (newLocked.endTime > 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L201-L201 ```solidity File: governance/contracts/veOLAS.sol //@audit `0` 282: if (lastPoint.slope < 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L282-L282 ```solidity File: governance/contracts/veOLAS.sol //@audit `0` 285: if (lastPoint.bias < 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L285-L285 ```solidity File: governance/contracts/veOLAS.sol //@audit `0` 188: if (oldLocked.endTime > block.timestamp && oldLocked.amount > 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L188-L188 ```solidity File: governance/contracts/veOLAS.sol //@audit `0` 192: if (newLocked.endTime > block.timestamp && newLocked.amount > 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L192-L192 ```solidity File: governance/contracts/veOLAS.sol //@audit `0` 247: if (lastPoint.bias < 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L247-L247 ```solidity File: governance/contracts/veOLAS.sol //@audit `0` 251: if (lastPoint.slope < 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L251-L251 ```solidity File: governance/contracts/veOLAS.sol //@audit `0` 352: if (unlockTime > 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L352-L352 ```solidity File: governance/contracts/veOLAS.sol //@audit `0` 362: if (amount > 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L362-L362 ```solidity File: governance/contracts/veOLAS.sol //@audit `0` 379: if (amount == 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L379-L379 ```solidity File: governance/contracts/veOLAS.sol //@audit `0` 383: if (lockedBalance.amount == 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L383-L383 ```solidity File: governance/contracts/veOLAS.sol //@audit `0` 427: if (amount == 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L427-L427 ```solidity File: governance/contracts/veOLAS.sol //@audit `0` 437: if (lockedBalance.amount > 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L437-L437 ```solidity File: governance/contracts/veOLAS.sol //@audit `0` 461: if (amount == 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L461-L461 ```solidity File: governance/contracts/veOLAS.sol //@audit `0` 465: if (lockedBalance.amount == 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L465-L465 ```solidity File: governance/contracts/veOLAS.sol //@audit `0` 490: if (lockedBalance.amount == 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L490-L490 ```solidity File: governance/contracts/veOLAS.sol //@audit `128` 561: for (uint256 i = 0; i < 128; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L561-L561 ```solidity File: governance/contracts/veOLAS.sol //@audit `0` 551: if (maxPointNumber == 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L551-L551 ```solidity File: governance/contracts/veOLAS.sol //@audit `0` 595: if (pointNumber > 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L595-L595 ```solidity File: governance/contracts/veOLAS.sol //@audit `0` 598: if (uPoint.bias > 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L598-L598 ```solidity File: governance/contracts/veOLAS.sol //@audit `0` 663: if (dBlock > 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L663-L663 ```solidity File: governance/contracts/veOLAS.sol //@audit `0` 681: if (uPoint.bias > 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L681-L681 ```solidity File: governance/contracts/veOLAS.sol //@audit `255` 693: for (uint256 i = 0; i < 255; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L693-L693 ```solidity File: governance/contracts/veOLAS.sol //@audit `0` 712: if (lastPoint.bias > 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L712-L712 ```solidity File: governance/contracts/wveOLAS.sol //@audit `0` 196: if (userNumPoints > 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L196-L196 ```solidity File: governance/contracts/wveOLAS.sol //@audit `0` 215: if (uPoint.blockNumber > 0 && blockNumber >= uPoint.blockNumber) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L215-L215 ```solidity File: governance/contracts/wveOLAS.sol //@audit `0` 235: if (uPoint.blockNumber > 0 && blockNumber >= uPoint.blockNumber) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L235-L235 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit `0` 176: if (proposalId == 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L176-L176 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit `SELECTOR_DATA_LENGTH` 231: if (payloadLength < SELECTOR_DATA_LENGTH) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L231-L231 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit `100` 259: if (chainId == 100 || chainId == 10200) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L259-L259 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit `10200` 259: if (chainId == 100 || chainId == 10200) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L259-L259 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit `137` 304: if (chainId == 137 || chainId == 80001) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L304-L304 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit `80001` 304: if (chainId == 137 || chainId == 80001) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L304-L304 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit `REQUIRE_TO_PASS_MESSAGE` 262: if (functionSig != REQUIRE_TO_PASS_MESSAGE) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L262-L262 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit `MIN_GNOSIS_PAYLOAD_LENGTH` 267: if (data.length < MIN_GNOSIS_PAYLOAD_LENGTH) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L267-L267 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit `PROCESS_MESSAGE_FROM_FOREIGN` 286: if (functionSig != PROCESS_MESSAGE_FROM_FOREIGN) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L286-L286 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit `SEND_MESSAGE_TO_CHILD` 307: if (functionSig != SEND_MESSAGE_TO_CHILD) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L307-L307 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit `MIN_POLYGON_PAYLOAD_LENGTH` 312: if (data.length < MIN_POLYGON_PAYLOAD_LENGTH) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L312-L312 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit `SCHEDULE` 347: if (selector == SCHEDULE) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L347-L347 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit `1` 401: if (paused == 1) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L401-L401 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit `SELECTOR_DATA_LENGTH` 410: if (data.length < SELECTOR_DATA_LENGTH) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L410-L410 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit `SCHEDULE` 418: if (functionSig == SCHEDULE || functionSig == SCHEDULE_BATCH) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L418-L418 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit `SCHEDULE_BATCH` 418: if (functionSig == SCHEDULE || functionSig == SCHEDULE_BATCH) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L418-L418 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit `MIN_SCHEDULE_DATA_LENGTH` 421: if (data.length < MIN_SCHEDULE_DATA_LENGTH) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L421-L421 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit `0` 470: if (chainIds[i] == 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L470-L470 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit `80001` 519: if (chainId != 100 && chainId != 137 && chainId != 10200 && chainId != 80001) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L519-L519 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit `10200` 519: if (chainId != 100 && chainId != 137 && chainId != 10200 && chainId != 80001) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L519-L519 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit `100` 519: if (chainId != 100 && chainId != 137 && chainId != 10200 && chainId != 80001) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L519-L519 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit `137` 519: if (chainId != 100 && chainId != 137 && chainId != 10200 && chainId != 80001) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L519-L519 ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol //@audit `DEFAULT_DATA_LENGTH` 120: if (dataLength < DEFAULT_DATA_LENGTH) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L120-L120 ```solidity File: governance/contracts/bridges/HomeMediator.sol //@audit `DEFAULT_DATA_LENGTH` 120: if (dataLength < DEFAULT_DATA_LENGTH) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L120-L120 ```solidity File: governance/contracts/bridges/FxERC20ChildTunnel.sol //@audit `0` 92: if (amount == 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20ChildTunnel.sol#L92-L92 ```solidity File: governance/contracts/bridges/FxERC20RootTunnel.sol //@audit `0` 88: if (amount == 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20RootTunnel.sol#L88-L88 ```solidity File: registries/contracts/GenericRegistry.sol //@audit `0` 73: return unitId > 0 && unitId < (totalSupply + 1); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L73-L73 ```solidity File: registries/contracts/GenericRegistry.sol //@audit `0` 85: if (bytes(bURI).length == 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L85-L85 ```solidity File: registries/contracts/UnitRegistry.sol //@audit `1` 53: if (_locked > 1) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L53-L53 ```solidity File: registries/contracts/UnitRegistry.sol //@audit `0` 69: if (unitHash == 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L69-L69 ```solidity File: registries/contracts/UnitRegistry.sol //@audit `0` 139: if (unitHash == 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L139-L139 ```solidity File: registries/contracts/UnitRegistry.sol //@audit `0` 252: if (numComponentsCheck > 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L252-L252 ```solidity File: registries/contracts/AgentRegistry.sol //@audit `0` 33: if (dependencies.length == 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/AgentRegistry.sol#L33-L33 ```solidity File: registries/contracts/multisigs/GnosisSafeMultisig.sol //@audit `0` 50: if (dataLength > 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeMultisig.sol#L50-L50 ```solidity File: registries/contracts/multisigs/GnosisSafeMultisig.sol //@audit `DEFAULT_DATA_LENGTH` 52: if (dataLength < DEFAULT_DATA_LENGTH) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeMultisig.sol#L52-L52 ```solidity File: registries/contracts/multisigs/GnosisSafeMultisig.sol //@audit `DEFAULT_DATA_LENGTH` 76: if (dataLength > DEFAULT_DATA_LENGTH) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeMultisig.sol#L76-L76 ```solidity File: registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol //@audit `DEFAULT_DATA_LENGTH` 93: if (dataLength < DEFAULT_DATA_LENGTH) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol#L93-L93 ```solidity File: registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol //@audit `DEFAULT_DATA_LENGTH` 110: if (dataLength > DEFAULT_DATA_LENGTH) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol#L110-L110 ```solidity File: tokenomics/contracts/Depository.sol //@audit `0` 190: if (priceLP == 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L190-L190 ```solidity File: tokenomics/contracts/Depository.sol //@audit `0` 200: if (supply == 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L200-L200 ```solidity File: tokenomics/contracts/Depository.sol //@audit `MIN_VESTING` 210: if (vesting < MIN_VESTING) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L210-L210 ```solidity File: tokenomics/contracts/Depository.sol //@audit `0` 260: if (supply > 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L260-L260 ```solidity File: tokenomics/contracts/Depository.sol //@audit `0` 295: if (tokenAmount == 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L295-L295 ```solidity File: tokenomics/contracts/Depository.sol //@audit `0` 304: if (supply == 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L304-L304 ```solidity File: tokenomics/contracts/Depository.sol //@audit `0` 340: if (supply == 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L340-L340 ```solidity File: tokenomics/contracts/Depository.sol //@audit `0` 384: if (payout == 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L384-L384 ```solidity File: tokenomics/contracts/Depository.sol //@audit `0` 363: if (pay == 0 || !matured) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L363-L363 ```solidity File: tokenomics/contracts/Depository.sol //@audit `0` 404: if ((active && mapBondProducts[i].supply > 0) || (!active && mapBondProducts[i].supply == 0)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L404-L404 ```solidity File: tokenomics/contracts/Depository.sol //@audit `0` 404: if ((active && mapBondProducts[i].supply > 0) || (!active && mapBondProducts[i].supply == 0)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L404-L404 ```solidity File: tokenomics/contracts/Depository.sol //@audit `0` 425: status = (mapBondProducts[productId].supply > 0); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L425-L425 ```solidity File: tokenomics/contracts/Depository.sol //@audit `0` 483: if (payout > 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L483-L483 ```solidity File: tokenomics/contracts/Dispenser.sol //@audit `1` 93: if (_locked > 1) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Dispenser.sol#L93-L93 ```solidity File: tokenomics/contracts/Dispenser.sol //@audit `0` 103: if ((reward + topUp) > 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Dispenser.sol#L103-L103 ```solidity File: tokenomics/contracts/GenericBondCalculator.sol //@audit `0` 74: if (totalSupply > 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/GenericBondCalculator.sol#L74-L74 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `0` 543: if (uint96(_veOLASThreshold) > 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L543-L543 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `0` 529: if (_epsilonRate > 0 && _epsilonRate <= 17e18) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L529-L529 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `17e18` 529: if (_epsilonRate > 0 && _epsilonRate <= 17e18) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L529-L529 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `100` 576: if (_rewardComponentFraction + _rewardAgentFraction > 100) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L576-L576 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `100` 581: if (_maxBondFraction + _topUpComponentFraction + _topUpAgentFraction > 100) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L581-L581 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `0` 656: if (totalIncentives > 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L656-L656 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `0` 669: if (totalIncentives > 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L669-L669 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `0` 694: incentiveFlags[0] = (mapEpochTokenomics[curEpoch].unitPoints[0].rewardUnitFraction > 0); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L694-L694 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `0` 695: incentiveFlags[1] = (mapEpochTokenomics[curEpoch].unitPoints[1].rewardUnitFraction > 0); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L695-L695 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `0` 696: incentiveFlags[2] = (mapEpochTokenomics[curEpoch].unitPoints[0].topUpUnitFraction > 0); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L696-L696 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `0` 697: incentiveFlags[3] = (mapEpochTokenomics[curEpoch].unitPoints[1].topUpUnitFraction > 0); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L697-L697 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `2` 714: for (uint256 unitType = 0; unitType < 2; ++unitType) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L714-L714 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `0` 720: if (numServiceUnits == 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L720-L720 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `0` 732: if (lastEpoch == 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L732-L732 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `0x02` 973: if (tokenomicsParametersUpdated & 0x02 == 0x02) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L973-L973 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `0x01` 987: if (tokenomicsParametersUpdated & 0x01 == 0x01) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L987-L987 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `0` 1041: if (incentives[0] > 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1041-L1041 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `0` 1028: } else if (tokenomicsParametersUpdated > 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1028-L1028 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `0` 1063: if (incentives[1] == 0 || ITreasury(treasury).rebalanceTreasury(incentives[1])) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1063-L1063 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `2` 978: for (uint256 i = 0; i < 2; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L978-L978 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `0` 989: if (nextEpochLen > 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L989-L989 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `0` 996: if (nextVeOLASThreshold > 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L996-L996 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `2` 1104: for (uint256 i = 0; i < 2; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1104-L1104 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `1` 1112: if (unitTypes[i] > 1) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1112-L1112 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `0` 1138: if (lastEpoch > 0 && lastEpoch < curEpoch) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1138-L1138 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `2` 1174: for (uint256 i = 0; i < 2; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1174-L1174 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `1` 1182: if (unitTypes[i] > 1) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1182-L1182 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `0` 1206: if (lastEpoch > 0 && lastEpoch < curEpoch) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1206-L1206 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `0` 1210: if (totalIncentives > 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1210-L1210 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `0` 1217: if (totalIncentives > 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1217-L1217 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `0` 1255: if (idf == 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1255-L1255 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `0` 1265: if (idf == 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1265-L1265 ```solidity File: tokenomics/contracts/TokenomicsConstants.sol //@audit `10` 32: if (numYears < 10) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsConstants.sol#L32-L32 ```solidity File: tokenomics/contracts/TokenomicsConstants.sol //@audit `10` 68: if (numYears < 10) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsConstants.sol#L68-L68 ```solidity File: tokenomics/contracts/TokenomicsProxy.sol //@audit `0` 40: if (tokenomicsData.length == 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsProxy.sol#L40-L40 ```solidity File: tokenomics/contracts/Treasury.sol //@audit `0` 189: if (_minAcceptedETH == 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L189-L189 ```solidity File: tokenomics/contracts/Treasury.sol //@audit `1` 259: if (_locked > 1) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L259-L259 ```solidity File: tokenomics/contracts/Treasury.sol //@audit `0` 277: if (amounts[i] == 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L277-L277 ```solidity File: tokenomics/contracts/Treasury.sol //@audit `0` 325: if (tokenAmount == 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L325-L325 ```solidity File: tokenomics/contracts/Treasury.sol //@audit `ETH_TOKEN_ADDRESS` 330: if (token == ETH_TOKEN_ADDRESS) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L330-L330 ```solidity File: tokenomics/contracts/Treasury.sol //@audit `2` 391: if (paused == 2) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L391-L391 ```solidity File: tokenomics/contracts/Treasury.sol //@audit `0` 413: if (accountTopUps > 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L413-L413 ```solidity File: tokenomics/contracts/Treasury.sol //@audit `0` 402: if (accountRewards > 0 && amountETHFromServices >= accountRewards) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L402-L402 ```solidity File: tokenomics/contracts/Treasury.sol //@audit `2` 430: if (paused == 2) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L430-L430 ```solidity File: tokenomics/contracts/Treasury.sol //@audit `0` 441: if (treasuryRewards > 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L441-L441 ```solidity File: tokenomics/contracts/Treasury.sol //@audit `0` 515: if (mapTokenReserves[token] > 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L515-L515 ### [N-10] `const` Variable names don\'t follow the Solidity style guide For `constant` variable names, each word should use all capital letters, with underscores separating each word (CONSTANT_CASE) *There are 7 instance(s) of this issue:* ```solidity File: governance/contracts/OLAS.sol 22: uint256 public constant oneYear = 1 days * 365; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L22-L22 ```solidity File: governance/contracts/OLAS.sol 24: uint256 public constant tenYearSupplyCap = 1_000_000_000e18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L24-L24 ```solidity File: governance/contracts/OLAS.sol 26: uint256 public constant maxMintCapFraction = 2; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L26-L26 ```solidity File: governance/contracts/veOLAS.sol 105: uint8 public constant decimals = 18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L105-L105 ```solidity File: governance/contracts/wveOLAS.sol 136: string public constant name = "Voting Escrow OLAS"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L136-L136 ```solidity File: governance/contracts/wveOLAS.sol 138: string public constant symbol = "veOLAS"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L138-L138 ```solidity File: governance/contracts/wveOLAS.sol 140: uint8 public constant decimals = 18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L140-L140 ### [N-11] NatSpec documentation for `contract` is missing It is recommended that Solidity contracts are fully annotated using NatSpec for all public interfaces (everything in the ABI). It is clearly stated in the Solidity official documentation. In complex projects such as Defi, the interpretation of all functions and their arguments and returns is important for code readability and auditability.[source](https://docs.soliditylang.org/en/v0.8.15/natspec-format.html) *There are 6 instance(s) of this issue:* ```solidity File: governance/contracts/wveOLAS.sol 13: interface IVEOLAS { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L13-L13 ```solidity File: governance/contracts/multisigs/GuardCM.sol 6: interface IGovernor { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L6-L6 ```solidity File: registries/contracts/multisigs/GnosisSafeMultisig.sol 5: interface IGnosisSafeProxyFactory { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeMultisig.sol#L5-L5 ```solidity File: registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol 5: interface IGnosisSafe { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol#L5-L5 ```solidity File: tokenomics/contracts/interfaces/IOLAS.sol 4: interface IOLAS { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IOLAS.sol#L4-L4 ```solidity File: tokenomics/contracts/interfaces/IUniswapV2Pair.sol 5: interface IUniswapV2Pair { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IUniswapV2Pair.sol#L5-L5 ### [N-12] Contract does not follow the Solidity style guide's suggested layout ordering The [style guide](https://docs.soliditylang.org/en/v0.8.16/style-guide.html#order-of-layout) says that, within a contract, the ordering should be 1) Type declarations, 2) State variables, 3) Events, 4) Modifiers, and 5) Functions, but the contract(s) below do not follow this ordering *There are 17 instance(s) of this issue:* ```solidity File: governance/contracts/OLAS.sol //@audit the variable definition is misplaced 22: uint256 public constant oneYear = 1 days * 365; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L22-L22 ```solidity File: governance/contracts/veOLAS.sol //@audit the variable definition is misplaced 99: uint64 internal constant WEEK = 1 weeks; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L99-L99 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit the variable definition is misplaced 97: bytes4 public constant SCHEDULE = bytes4(keccak256(bytes("schedule(address,uint256,bytes,bytes32,bytes32,uint256)"))); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L97-L97 ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol //@audit the variable definition is misplaced 53: uint256 public constant DEFAULT_DATA_LENGTH = 36; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L53-L53 ```solidity File: governance/contracts/bridges/HomeMediator.sol //@audit the variable definition is misplaced 53: uint256 public constant DEFAULT_DATA_LENGTH = 36; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L53-L53 ```solidity File: governance/contracts/bridges/BridgedERC20.sol //@audit the variable definition is misplaced 22: address public owner; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/BridgedERC20.sol#L22-L22 ```solidity File: governance/contracts/bridges/FxERC20ChildTunnel.sol //@audit the variable definition is misplaced 29: address public immutable childToken; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20ChildTunnel.sol#L29-L29 ```solidity File: governance/contracts/bridges/FxERC20RootTunnel.sol //@audit the variable definition is misplaced 29: address public immutable childToken; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20RootTunnel.sol#L29-L29 ```solidity File: registries/contracts/GenericRegistry.sol //@audit the variable definition is misplaced 15: address public owner; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L15-L15 ```solidity File: registries/contracts/UnitRegistry.sol //@audit the structure definition is misplaced 18: struct Unit { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L18-L18 ```solidity File: registries/contracts/UnitRegistry.sol //@audit the variable definition is misplaced 27: UnitType public immutable unitType; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L27-L27 ```solidity File: registries/contracts/GenericManager.sol //@audit the variable definition is misplaced 14: address public owner; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericManager.sol#L14-L14 ```solidity File: tokenomics/contracts/Depository.sol //@audit the variable definition is misplaced 75: uint256 public constant MIN_VESTING = 1 days; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L75-L75 ```solidity File: tokenomics/contracts/Dispenser.sol //@audit the variable definition is misplaced 18: address public owner; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Dispenser.sol#L18-L18 ```solidity File: tokenomics/contracts/DonatorBlacklist.sol //@audit the variable definition is misplaced 25: address public owner; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/DonatorBlacklist.sol#L25-L25 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit the variable definition is misplaced 140: address public owner; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L140-L140 ```solidity File: tokenomics/contracts/Treasury.sol //@audit the variable definition is misplaced 56: address public constant ETH_TOKEN_ADDRESS = address(0xEeeeeEeeeEeEeeEeEeEeeEEEeeeeEeeeeeeeEEeE); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L56-L56 ### [N-13] Contracts containing only utility functions should be made into libraries *There are 1 instance(s) of this issue:* ```solidity File: tokenomics/contracts/TokenomicsConstants.sol //@audit the contract `TokenomicsConstants` contain only utility functions, it should turn to a `library` 9: abstract contract TokenomicsConstants { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsConstants.sol#L9-L9 ### [N-14] Control structures do not follow the Solidity Style Guide See the [control structures](https://docs.soliditylang.org/en/latest/style-guide.html#control-structures) section of the Solidity Style Guide *There are 22 instance(s) of this issue:* ```solidity File: governance/contracts/GovernorOLAS.sol 45: function propose( ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/GovernorOLAS.sol#L45-L45 ```solidity File: governance/contracts/GovernorOLAS.sol 68: function _execute( ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/GovernorOLAS.sol#L68-L68 ```solidity File: governance/contracts/GovernorOLAS.sol 85: function _cancel( ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/GovernorOLAS.sol#L85-L85 ```solidity File: governance/contracts/veOLAS.sol 173: function _checkpoint( ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L173-L173 ```solidity File: governance/contracts/veOLAS.sol 330: function _depositFor( ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L330-L330 ```solidity File: governance/contracts/multisigs/GuardCM.sol 252: function _processBridgeData( ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L252-L252 ```solidity File: governance/contracts/multisigs/GuardCM.sol 387: function checkTransaction( ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L387-L387 ```solidity File: governance/contracts/multisigs/GuardCM.sol 441: function setTargetSelectorChainIds( ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L441-L441 ```solidity File: governance/contracts/multisigs/GuardCM.sol 495: function setBridgeMediatorChainIds( ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L495-L495 ```solidity File: governance/contracts/bridges/FxERC20ChildTunnel.sol 70: function _processMessageFromRoot( ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20ChildTunnel.sol#L70-L70 ```solidity File: registries/contracts/RegistriesManager.sol 27: function create( ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/RegistriesManager.sol#L27-L27 ```solidity File: registries/contracts/multisigs/GnosisSafeMultisig.sol 10: function createProxyWithNonce( ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeMultisig.sol#L10-L10 ```solidity File: registries/contracts/multisigs/GnosisSafeMultisig.sol 91: function create( ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeMultisig.sol#L91-L91 ```solidity File: registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol 85: function create( ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol#L85-L85 ```solidity File: registries/contracts/interfaces/IRegistry.sol 16: function create( ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/interfaces/IRegistry.sol#L16-L16 ```solidity File: tokenomics/contracts/Depository.sol 453: if (!matured || ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L453-L453 ```solidity File: tokenomics/contracts/Tokenomics.sol 264: function initializeTokenomics( ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L264-L264 ```solidity File: tokenomics/contracts/Tokenomics.sol 497: function changeTokenomicsParameters( ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L497-L497 ```solidity File: tokenomics/contracts/Tokenomics.sol 562: function changeIncentiveFractions( ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L562-L562 ```solidity File: tokenomics/contracts/Tokenomics.sol 788: function trackServiceDonations( ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L788-L788 ```solidity File: tokenomics/contracts/Tokenomics.sol 831: function _calculateIDF( ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L831-L831 ```solidity File: tokenomics/contracts/interfaces/ITokenomics.sol 19: function trackServiceDonations( ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/ITokenomics.sol#L19-L19 ### [N-15] Custom error has no error details Consider adding parameters to the error to indicate which user or values caused the failure *There are 36 instance(s) of this issue:* ```solidity File: governance/contracts/OLAS.sol 12: error ZeroAddress(); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L12-L12 ```solidity File: governance/contracts/wveOLAS.sol 108: error ZeroAddress(); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L108-L108 ```solidity File: governance/contracts/multisigs/GuardCM.sol 33: error ZeroAddress(); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L33-L33 ```solidity File: governance/contracts/multisigs/GuardCM.sol 36: error ZeroValue(); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L36-L36 ```solidity File: governance/contracts/multisigs/GuardCM.sol 55: error NoDelegateCall(); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L55-L55 ```solidity File: governance/contracts/multisigs/GuardCM.sol 58: error NoSelfCall(); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L58-L58 ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol 10: error ZeroAddress(); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L10-L10 ```solidity File: governance/contracts/bridges/HomeMediator.sol 10: error ZeroAddress(); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L10-L10 ```solidity File: governance/contracts/bridges/BridgedERC20.sol 12: error ZeroAddress(); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/BridgedERC20.sol#L12-L12 ```solidity File: governance/contracts/bridges/FxERC20ChildTunnel.sol 8: error ZeroAddress(); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20ChildTunnel.sol#L8-L8 ```solidity File: governance/contracts/bridges/FxERC20ChildTunnel.sol 11: error ZeroValue(); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20ChildTunnel.sol#L11-L11 ```solidity File: governance/contracts/bridges/FxERC20RootTunnel.sol 8: error ZeroAddress(); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20RootTunnel.sol#L8-L8 ```solidity File: governance/contracts/bridges/FxERC20RootTunnel.sol 11: error ZeroValue(); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20RootTunnel.sol#L11-L11 ```solidity File: governance/contracts/interfaces/IErrors.sol 12: error ZeroAddress(); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/interfaces/IErrors.sol#L12-L12 ```solidity File: governance/contracts/interfaces/IErrors.sol 15: error ZeroValue(); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/interfaces/IErrors.sol#L15-L15 ```solidity File: governance/contracts/interfaces/IErrors.sol 18: error NonZeroValue(); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/interfaces/IErrors.sol#L18-L18 ```solidity File: registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol 16: error ZeroValue(); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol#L16-L16 ```solidity File: registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol 19: error ZeroAddress(); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol#L19-L19 ```solidity File: registries/contracts/interfaces/IErrorsRegistries.sol 17: error HashExists(); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/interfaces/IErrorsRegistries.sol#L17-L17 ```solidity File: registries/contracts/interfaces/IErrorsRegistries.sol 20: error ZeroAddress(); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/interfaces/IErrorsRegistries.sol#L20-L20 ```solidity File: registries/contracts/interfaces/IErrorsRegistries.sol 64: error Paused(); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/interfaces/IErrorsRegistries.sol#L64-L64 ```solidity File: registries/contracts/interfaces/IErrorsRegistries.sol 67: error ZeroValue(); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/interfaces/IErrorsRegistries.sol#L67-L67 ```solidity File: registries/contracts/interfaces/IErrorsRegistries.sol 117: error ReentrancyGuard(); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/interfaces/IErrorsRegistries.sol#L117-L117 ```solidity File: tokenomics/contracts/DonatorBlacklist.sol 10: error ZeroAddress(); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/DonatorBlacklist.sol#L10-L10 ```solidity File: tokenomics/contracts/GenericBondCalculator.sol 14: error ZeroAddress(); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/GenericBondCalculator.sol#L14-L14 ```solidity File: tokenomics/contracts/TokenomicsProxy.sol 5: error InitializationFailed(); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsProxy.sol#L5-L5 ```solidity File: tokenomics/contracts/TokenomicsProxy.sol 8: error ZeroTokenomicsAddress(); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsProxy.sol#L8-L8 ```solidity File: tokenomics/contracts/TokenomicsProxy.sol 11: error ZeroTokenomicsData(); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsProxy.sol#L11-L11 ```solidity File: tokenomics/contracts/interfaces/IErrorsTokenomics.sol 17: error ZeroAddress(); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IErrorsTokenomics.sol#L17-L17 ```solidity File: tokenomics/contracts/interfaces/IErrorsTokenomics.sol 29: error ZeroValue(); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IErrorsTokenomics.sol#L29-L29 ```solidity File: tokenomics/contracts/interfaces/IErrorsTokenomics.sol 32: error NonZeroValue(); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IErrorsTokenomics.sol#L32-L32 ```solidity File: tokenomics/contracts/interfaces/IErrorsTokenomics.sol 103: error ReentrancyGuard(); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IErrorsTokenomics.sol#L103-L103 ```solidity File: tokenomics/contracts/interfaces/IErrorsTokenomics.sol 119: error AlreadyInitialized(); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IErrorsTokenomics.sol#L119-L119 ```solidity File: tokenomics/contracts/interfaces/IErrorsTokenomics.sol 122: error DelegatecallOnly(); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IErrorsTokenomics.sol#L122-L122 ```solidity File: tokenomics/contracts/interfaces/IErrorsTokenomics.sol 125: error Paused(); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IErrorsTokenomics.sol#L125-L125 ```solidity File: tokenomics/contracts/interfaces/IErrorsTokenomics.sol 128: error SameBlockNumberViolation(); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IErrorsTokenomics.sol#L128-L128 ### [N-16] Consider using `delete` rather than assigning `zero` to clear values The `delete` keyword more closely matches the semantics of what is being done, and draws more attention to the changing of state, which may lead to a more thorough audit of its associated logic *There are 14 instance(s) of this issue:* ```solidity File: governance/contracts/veOLAS.sol 283: lastPoint.slope = 0; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L283-L283 ```solidity File: governance/contracts/veOLAS.sol 286: lastPoint.bias = 0; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L286-L286 ```solidity File: governance/contracts/veOLAS.sol 249: lastPoint.bias = 0; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L249-L249 ```solidity File: governance/contracts/veOLAS.sol 253: lastPoint.slope = 0; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L253-L253 ```solidity File: registries/contracts/UnitRegistry.sol 227: for (counter = 0; counter < maxNumComponents; ++counter) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L227-L227 ```solidity File: tokenomics/contracts/Tokenomics.sol 662: mapUnitIncentives[unitType][unitId].pendingRelativeReward = 0; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L662-L662 ```solidity File: tokenomics/contracts/Tokenomics.sol 678: mapUnitIncentives[unitType][unitId].pendingRelativeTopUp = 0; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L678-L678 ```solidity File: tokenomics/contracts/Tokenomics.sol 1027: tokenomicsParametersUpdated = 0; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1027-L1027 ```solidity File: tokenomics/contracts/Tokenomics.sol 1146: mapUnitIncentives[unitTypes[i]][unitIds[i]].reward = 0; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1146-L1146 ```solidity File: tokenomics/contracts/Tokenomics.sol 1149: mapUnitIncentives[unitTypes[i]][unitIds[i]].topUp = 0; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1149-L1149 ```solidity File: tokenomics/contracts/Tokenomics.sol 1034: tokenomicsParametersUpdated = 0; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1034-L1034 ```solidity File: tokenomics/contracts/Tokenomics.sol 992: nextEpochLen = 0; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L992-L992 ```solidity File: tokenomics/contracts/Tokenomics.sol 998: nextVeOLASThreshold = 0; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L998-L998 ```solidity File: tokenomics/contracts/Tokenomics.sol 1141: mapUnitIncentives[unitTypes[i]][unitIds[i]].lastEpoch = 0; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1141-L1141 ### [N-17] Dependence on external protocols External protocols should be monitored as such dependencies may introduce vulnerabilities if a vulnerability is found /introduced in the external protocol *There are 1 instance(s) of this issue:* ```solidity File: tokenomics/contracts/GenericBondCalculator.sol 6: import "./interfaces/IUniswapV2Pair.sol"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/GenericBondCalculator.sol#L6-L6 ### [N-18] `else`-block not required One level of nesting can be removed by not having an `else` block when the `if`-block returns: *There are 2 instance(s) of this issue:* ```solidity File: governance/contracts/veOLAS.sol 547: if (account == address(0)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L547-L547 ```solidity File: tokenomics/contracts/TokenomicsConstants.sol 32: if (numYears < 10) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsConstants.sol#L32-L32 ### [N-19] Empty Function Body - Consider commenting why *There are 1 instance(s) of this issue:* ```solidity File: governance/contracts/multisigs/GuardCM.sol 572: function checkAfterExecution(bytes32, bool) external {} 573: ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L572-L573 ### [N-20] Empty bytes check is missing When developing smart contracts in Solidity, it's crucial to validate the inputs of your functions. This includes ensuring that the bytes parameters are not empty, especially when they represent crucial data such as addresses, identifiers, or raw data that the contract needs to process. Missing empty bytes checks can lead to unexpected behaviour in your contract.For instance, certain operations might fail, produce incorrect results, or consume unnecessary gas when performed with empty bytes.Moreover, missing input validation can potentially expose your contract to malicious activity, including exploitation of unhandled edge cases. To mitigate these issues, always validate that bytes parameters are not empty when the logic of your contract requires it. *There are 23 instance(s) of this issue:* ```solidity File: governance/contracts/GovernorOLAS.sol //@audit ,descriptionHash are not checked 68: function _execute( 69: uint256 proposalId, 70: address[] memory targets, 71: uint256[] memory values, 72: bytes[] memory calldatas, 73: bytes32 descriptionHash 74: ) internal override(Governor, GovernorTimelockControl) 75: { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/GovernorOLAS.sol#L68-L75 ```solidity File: governance/contracts/GovernorOLAS.sol //@audit ,descriptionHash are not checked 85: function _cancel( 86: address[] memory targets, 87: uint256[] memory values, 88: bytes[] memory calldatas, 89: bytes32 descriptionHash 90: ) internal override(Governor, GovernorTimelockControl) returns (uint256) 91: { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/GovernorOLAS.sol#L85-L91 ```solidity File: governance/contracts/GovernorOLAS.sol //@audit ,interfaceId are not checked 105: function supportsInterface(bytes4 interfaceId) public view override(IERC165, Governor, GovernorTimelockControl) 106: returns (bool) 107: { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/GovernorOLAS.sol#L105-L107 ```solidity File: governance/contracts/veOLAS.sol //@audit ,r ,s are not checked 800: function delegateBySig(address delegatee, uint256 nonce, uint256 expiry, uint8 v, bytes32 r, bytes32 s) 801: external virtual override 802: { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L800-L802 ```solidity File: governance/contracts/wveOLAS.sol //@audit ,interfaceId are not checked 098: function supportsInterface(bytes4 interfaceId) external view returns (bool); 099: 100: /// @dev Reverts the allowance of this token. 101: function allowance(address owner, address spender) external view returns (uint256); 102: 103: /// @dev Reverts delegates of this token. 104: function delegates(address account) external view returns (address); 105: } 106: 107: /// @dev Zero address. 108: error ZeroAddress(); 109: 110: /// @dev Provided wrong timestamp. 111: /// @param minTimeStamp Minimum timestamp. 112: /// @param providedTimeStamp Provided timestamp. 113: error WrongTimestamp(uint256 minTimeStamp, uint256 providedTimeStamp); 114: 115: /// @dev Called function is implemented in a specified veOLAS contract. 116: /// @param veToken Original veOLAS address. 117: error ImplementedIn(address veToken); 118: 119: /// @dev veOLAS token is non-transferable. 120: /// @param veToken veOLAS token address. 121: error NonTransferable(address veToken); 122: 123: /// @dev veOLAS token is non-delegatable. 124: /// @param veToken veOLAS token address. 125: error NonDelegatable(address veToken); 126: 127: /// @title wveOLAS - Wrapper smart contract for view functions of veOLAS contract 128: /// @author AL 129: /// @author Aleksandr Kuperman - 130: contract wveOLAS { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L98-L130 ```solidity File: governance/contracts/wveOLAS.sol //@audit ,interfaceId are not checked 292: function supportsInterface(bytes4 interfaceId) external view returns (bool) { 293: return IVEOLAS(ve).supportsInterface(interfaceId); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L292-L293 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit ,data are not checked 189: function _verifyData(address target, bytes memory data, uint256 chainId) internal { 190: // Push a pair of key defining variables into one key ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L189-L190 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit ,data are not checked 337: function _verifySchedule(bytes memory data, bytes4 selector) internal { 338: // Copy the data without the selector ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L337-L338 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit ,selector are not checked 579: function getTargetSelectorChainId(address target, bytes4 selector, uint256 chainId) external view 580: returns (bool status) 581: { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L579-L581 ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol //@audit ,data are not checked 06: function processMessageFromRoot(uint256 stateId, address rootMessageSender, bytes memory data) external; 07: } 08: 09: /// @dev Provided zero address. 10: error ZeroAddress(); 11: 12: /// @dev Only self contract is allowed to call the function. 13: /// @param sender Sender address. 14: /// @param instance Required contract instance address. 15: error SelfCallOnly(address sender, address instance); 16: 17: /// @dev Only `fxChild` is allowed to call the function. 18: /// @param sender Sender address. 19: /// @param fxChild Required Fx Child address. 20: error FxChildOnly(address sender, address fxChild); 21: 22: /// @dev Only on behalf of `rootGovernor` the function is allowed to process the data. 23: /// @param sender Sender address. 24: /// @param rootGovernor Required Root Governor address. 25: error RootGovernorOnly(address sender, address rootGovernor); 26: 27: /// @dev Provided incorrect data length. 28: /// @param expected Expected minimum data length. 29: /// @param provided Provided data length. 30: error IncorrectDataLength(uint256 expected, uint256 provided); 31: 32: /// @dev Provided value is bigger than the actual balance. 33: /// @param value Provided value. 34: /// @param balance Actual balance. 35: error InsufficientBalance(uint256 value, uint256 balance); 36: 37: /// @dev Target execution failed. 38: /// @param target Target address. 39: /// @param value Provided value. 40: /// @param payload Provided payload. 41: error TargetExecFailed(address target, uint256 value, bytes payload); 42: 43: /// @title FxGovernorTunnel - Smart contract for the governor child tunnel bridge implementation 44: /// @author Aleksandr Kuperman - 45: /// @author AL 46: contract FxGovernorTunnel is IFxMessageProcessor { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L6-L46 ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol //@audit ,data are not checked 107: function processMessageFromRoot(uint256 stateId, address rootMessageSender, bytes memory data) external override { 108: // Check for the Fx Child address ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L107-L108 ```solidity File: governance/contracts/bridges/HomeMediator.sol //@audit ,data are not checked 105: function processMessageFromForeign(bytes memory data) external { 106: // Check for the AMB Contract Proxy (Home) address ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L105-L106 ```solidity File: governance/contracts/bridges/FxERC20ChildTunnel.sol //@audit ,message are not checked 70: function _processMessageFromRoot( 71: uint256 /* stateId */, 72: address sender, 73: bytes memory message 74: ) internal override validateSender(sender) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20ChildTunnel.sol#L70-L74 ```solidity File: governance/contracts/bridges/FxERC20RootTunnel.sol //@audit ,message are not checked 72: function _processMessageFromChild(bytes memory message) internal override { 73: // Decode incoming message from child: (address, address, uint256) ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20RootTunnel.sol#L72-L73 ```solidity File: registries/contracts/GenericRegistry.sol //@audit ,data are not checked 109: function _toHex16(bytes16 data) internal pure returns (bytes32 result) { 110: result = bytes32 (data) & 0xFFFFFFFFFFFFFFFF000000000000000000000000000000000000000000000000 | ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L109-L110 ```solidity File: registries/contracts/RegistriesManager.sol //@audit ,unitHash are not checked 27: function create( 28: IRegistry.UnitType unitType, 29: address unitOwner, 30: bytes32 unitHash, 31: uint32[] memory dependencies 32: ) external returns (uint256 unitId) 33: { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/RegistriesManager.sol#L27-L33 ```solidity File: registries/contracts/RegistriesManager.sol //@audit ,unitHash are not checked 50: function updateHash(IRegistry.UnitType unitType, uint256 unitId, bytes32 unitHash) external returns (bool success) { 51: if (unitType == IRegistry.UnitType.Component) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/RegistriesManager.sol#L50-L51 ```solidity File: registries/contracts/multisigs/GnosisSafeMultisig.sol //@audit ,initializer are not checked 10: function createProxyWithNonce( 11: address _singleton, 12: bytes memory initializer, 13: uint256 saltNonce 14: ) external returns (address proxy); 15: } 16: 17: /// @dev Provided incorrect data length. 18: /// @param expected Expected minimum data length. 19: /// @param provided Provided data length. 20: error IncorrectDataLength(uint256 expected, uint256 provided); 21: 22: /// @title Gnosis Safe - Smart contract for Gnosis Safe multisig implementation of a generic multisig interface 23: /// @author Aleksandr Kuperman - 24: contract GnosisSafeMultisig { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeMultisig.sol#L10-L24 ```solidity File: registries/contracts/multisigs/GnosisSafeMultisig.sol //@audit ,data are not checked 45: function _parseData(bytes memory data) internal pure 46: returns (address to, address fallbackHandler, address paymentToken, address payable paymentReceiver, 47: uint256 payment, uint256 nonce, bytes memory payload) 48: { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeMultisig.sol#L45-L48 ```solidity File: registries/contracts/multisigs/GnosisSafeMultisig.sol //@audit ,data are not checked 91: function create( 92: address[] memory owners, 93: uint256 threshold, 94: bytes memory data 95: ) external returns (address multisig) 96: { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeMultisig.sol#L91-L96 ```solidity File: registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol //@audit ,data are not checked 85: function create( 86: address[] memory owners, 87: uint256 threshold, 88: bytes memory data 89: ) external returns (address multisig) 90: { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol#L85-L90 ```solidity File: registries/contracts/interfaces/IRegistry.sol //@audit ,unitHash are not checked 16: function create( 17: address unitOwner, 18: bytes32 unitHash, 19: uint32[] memory dependencies 20: ) external returns (uint256); 21: 22: /// @dev Updates the component / agent hash. 23: /// @param owner Owner of the component / agent. 24: /// @param unitId Unit Id. 25: /// @param unitHash Updated IPFS hash of the component / agent. 26: /// @return success True, if function executed successfully. 27: function updateHash(address owner, uint256 unitId, bytes32 unitHash) external returns (bool success); 28: 29: /// @dev Gets subcomponents of a provided unit Id from a local public map. 30: /// @param unitId Unit Id. 31: /// @return subComponentIds Set of subcomponents. 32: /// @return numSubComponents Number of subcomponents. 33: function getLocalSubComponents(uint256 unitId) external view returns (uint32[] memory subComponentIds, uint256 numSubComponents); 34: 35: /// @dev Calculates the set of subcomponent Ids. 36: /// @param unitIds Set of unit Ids. 37: /// @return subComponentIds Subcomponent Ids. 38: function calculateSubComponents(uint32[] memory unitIds) external view returns (uint32[] memory subComponentIds); 39: 40: /// @dev Gets updated component / agent hashes. 41: /// @param unitId Unit Id. 42: /// @return numHashes Number of hashes. 43: /// @return unitHashes The list of component / agent hashes. 44: function getUpdatedHashes(uint256 unitId) external view returns (uint256 numHashes, bytes32[] memory unitHashes); 45: 46: /// @dev Gets the total supply of components / agents. 47: /// @return Total supply. 48: function totalSupply() external view returns (uint256); 49: } 50: ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/interfaces/IRegistry.sol#L16-L50 ```solidity File: registries/contracts/interfaces/IRegistry.sol //@audit ,unitHash are not checked 27: function updateHash(address owner, uint256 unitId, bytes32 unitHash) external returns (bool success); 28: 29: /// @dev Gets subcomponents of a provided unit Id from a local public map. 30: /// @param unitId Unit Id. 31: /// @return subComponentIds Set of subcomponents. 32: /// @return numSubComponents Number of subcomponents. 33: function getLocalSubComponents(uint256 unitId) external view returns (uint32[] memory subComponentIds, uint256 numSubComponents); 34: 35: /// @dev Calculates the set of subcomponent Ids. 36: /// @param unitIds Set of unit Ids. 37: /// @return subComponentIds Subcomponent Ids. 38: function calculateSubComponents(uint32[] memory unitIds) external view returns (uint32[] memory subComponentIds); 39: 40: /// @dev Gets updated component / agent hashes. 41: /// @param unitId Unit Id. 42: /// @return numHashes Number of hashes. 43: /// @return unitHashes The list of component / agent hashes. 44: function getUpdatedHashes(uint256 unitId) external view returns (uint256 numHashes, bytes32[] memory unitHashes); 45: 46: /// @dev Gets the total supply of components / agents. 47: /// @return Total supply. 48: function totalSupply() external view returns (uint256); 49: } 50: ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/interfaces/IRegistry.sol#L27-L50 ### [N-21] Events are missing sender information When an action is triggered based on a user's action, not being able to filter based on who triggered the action makes event processing a lot more cumbersome. Including the `msg.sender` the events of these types of action will make events much more useful to end users, especially when `msg.sender` is not `tx.origin`. *There are 67 instance(s) of this issue:* ```solidity File: governance/contracts/OLAS.sol 53: emit OwnerUpdated(newOwner); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L53-L53 ```solidity File: governance/contracts/OLAS.sol 68: emit MinterUpdated(newMinter); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L68-L68 ```solidity File: governance/contracts/veOLAS.sol 367: emit Deposit(account, amount, lockedBalance.endTime, depositType, block.timestamp); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L367-L367 ```solidity File: governance/contracts/veOLAS.sol 368: emit Supply(supplyBefore, supplyAfter); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L368-L368 ```solidity File: governance/contracts/veOLAS.sol 531: emit Supply(supplyBefore, supplyAfter); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L531-L531 ```solidity File: governance/contracts/multisigs/GuardCM.sol 165: emit GovernorUpdated(newGovernor); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L165-L165 ```solidity File: governance/contracts/multisigs/GuardCM.sol 181: emit GovernorCheckProposalIdChanged(proposalId); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L181-L181 ```solidity File: governance/contracts/multisigs/GuardCM.sol 486: emit SetTargetSelectors(targets, selectors, chainIds, statuses); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L486-L486 ```solidity File: governance/contracts/multisigs/GuardCM.sol 531: emit SetBridgeMediators(bridgeMediatorL1s, bridgeMediatorL2s, chainIds); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L531-L531 ```solidity File: governance/contracts/multisigs/GuardCM.sol 568: emit GuardUnpaused(); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L568-L568 ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol 94: emit RootGovernorUpdated(newRootGovernor); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L94-L94 ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol 167: emit MessageReceived(stateId, rootMessageSender, data); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L167-L167 ```solidity File: governance/contracts/bridges/HomeMediator.sol 94: emit ForeignGovernorUpdated(newForeignGovernor); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L94-L94 ```solidity File: governance/contracts/bridges/HomeMediator.sol 167: emit MessageReceived(governor, data); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L167-L167 ```solidity File: governance/contracts/bridges/BridgedERC20.sol 42: emit OwnerUpdated(newOwner); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/BridgedERC20.sol#L42-L42 ```solidity File: governance/contracts/bridges/FxERC20ChildTunnel.sol 84: emit FxWithdrawERC20(rootToken, childToken, from, to, amount); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20ChildTunnel.sol#L84-L84 ```solidity File: governance/contracts/bridges/FxERC20RootTunnel.sol 79: emit FxDepositERC20(childToken, rootToken, from, to, amount); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20RootTunnel.sol#L79-L79 ```solidity File: registries/contracts/GenericRegistry.sol 49: emit OwnerUpdated(newOwner); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L49-L49 ```solidity File: registries/contracts/GenericRegistry.sol 65: emit ManagerUpdated(newManager); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L65-L65 ```solidity File: registries/contracts/GenericRegistry.sol 90: emit BaseURIChanged(bURI); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L90-L90 ```solidity File: registries/contracts/UnitRegistry.sol 112: emit CreateUnit(unitId, unitType, unitHash); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L112-L112 ```solidity File: registries/contracts/UnitRegistry.sol 146: emit UpdateUnitHash(unitId, unitType, unitHash); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L146-L146 ```solidity File: registries/contracts/GenericManager.sol 32: emit OwnerUpdated(newOwner); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericManager.sol#L32-L32 ```solidity File: tokenomics/contracts/Depository.sol 135: emit OwnerUpdated(newOwner); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L135-L135 ```solidity File: tokenomics/contracts/Depository.sol 152: emit TokenomicsUpdated(_tokenomics); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L152-L152 ```solidity File: tokenomics/contracts/Depository.sol 157: emit TreasuryUpdated(_treasury); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L157-L157 ```solidity File: tokenomics/contracts/Depository.sol 171: emit BondCalculatorUpdated(_bondCalculator); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L171-L171 ```solidity File: tokenomics/contracts/Depository.sol 235: emit CreateProduct(token, productId, supply, priceLP, vesting); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L235-L235 ```solidity File: tokenomics/contracts/Depository.sol 268: emit CloseProduct(token, productId, supply); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L268-L268 ```solidity File: tokenomics/contracts/Depository.sol 342: emit CloseProduct(token, productId, supply); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L342-L342 ```solidity File: tokenomics/contracts/Dispenser.sol 58: emit OwnerUpdated(newOwner); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Dispenser.sol#L58-L58 ```solidity File: tokenomics/contracts/Dispenser.sol 73: emit TokenomicsUpdated(_tokenomics); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Dispenser.sol#L73-L73 ```solidity File: tokenomics/contracts/Dispenser.sol 78: emit TreasuryUpdated(_treasury); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Dispenser.sol#L78-L78 ```solidity File: tokenomics/contracts/DonatorBlacklist.sol 48: emit OwnerUpdated(newOwner); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/DonatorBlacklist.sol#L48-L48 ```solidity File: tokenomics/contracts/DonatorBlacklist.sol 74: emit DonatorBlacklistStatus(accounts[i], statuses[i]); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/DonatorBlacklist.sol#L74-L74 ```solidity File: tokenomics/contracts/Tokenomics.sol 399: emit TokenomicsImplementationUpdated(implementation); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L399-L399 ```solidity File: tokenomics/contracts/Tokenomics.sol 416: emit OwnerUpdated(newOwner); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L416-L416 ```solidity File: tokenomics/contracts/Tokenomics.sol 432: emit TreasuryUpdated(_treasury); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L432-L432 ```solidity File: tokenomics/contracts/Tokenomics.sol 437: emit DepositoryUpdated(_depository); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L437-L437 ```solidity File: tokenomics/contracts/Tokenomics.sol 442: emit DispenserUpdated(_dispenser); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L442-L442 ```solidity File: tokenomics/contracts/Tokenomics.sol 459: emit ComponentRegistryUpdated(_componentRegistry); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L459-L459 ```solidity File: tokenomics/contracts/Tokenomics.sol 463: emit AgentRegistryUpdated(_agentRegistry); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L463-L463 ```solidity File: tokenomics/contracts/Tokenomics.sol 467: emit ServiceRegistryUpdated(_serviceRegistry); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L467-L467 ```solidity File: tokenomics/contracts/Tokenomics.sol 481: emit DonatorBlacklistUpdated(_donatorBlacklist); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L481-L481 ```solidity File: tokenomics/contracts/Tokenomics.sol 551: emit TokenomicsParametersUpdateRequested(epochCounter + 1, _devsPerCapital, _codePerDev, _epsilonRate, _epochLen, 552: _veOLASThreshold); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L551-L552 ```solidity File: tokenomics/contracts/Tokenomics.sol 600: emit IncentiveFractionsUpdateRequested(eCounter, _rewardComponentFraction, _rewardAgentFraction, 601: _maxBondFraction, _topUpComponentFraction, _topUpAgentFraction); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L600-L601 ```solidity File: tokenomics/contracts/Tokenomics.sol 623: emit EffectiveBondUpdated(eBond); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L623-L623 ```solidity File: tokenomics/contracts/Tokenomics.sol 643: emit EffectiveBondUpdated(eBond); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L643-L643 ```solidity File: tokenomics/contracts/Tokenomics.sol 975: emit IncentiveFractionsUpdated(eCounter + 1); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L975-L975 ```solidity File: tokenomics/contracts/Tokenomics.sol 1002: emit TokenomicsParametersUpdated(eCounter + 1); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1002-L1002 ```solidity File: tokenomics/contracts/Tokenomics.sol 1045: emit IDFUpdated(idf); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1045-L1045 ```solidity File: tokenomics/contracts/Tokenomics.sol 1065: emit EpochSettled(eCounter, incentives[1], accountRewards, accountTopUps); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1065-L1065 ```solidity File: tokenomics/contracts/Treasury.sol 149: emit OwnerUpdated(newOwner); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L149-L149 ```solidity File: tokenomics/contracts/Treasury.sol 165: emit TokenomicsUpdated(_tokenomics); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L165-L165 ```solidity File: tokenomics/contracts/Treasury.sol 170: emit DepositoryUpdated(_depository); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L170-L170 ```solidity File: tokenomics/contracts/Treasury.sol 175: emit DispenserUpdated(_dispenser); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L175-L175 ```solidity File: tokenomics/contracts/Treasury.sol 199: emit MinAcceptedETHUpdated(_minAcceptedETH); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L199-L199 ```solidity File: tokenomics/contracts/Treasury.sol 244: emit DepositTokenFromAccount(account, token, tokenAmount, olasMintAmount); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L244-L244 ```solidity File: tokenomics/contracts/Treasury.sol 358: emit Withdraw(token, to, tokenAmount); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L358-L358 ```solidity File: tokenomics/contracts/Treasury.sol 337: emit Withdraw(ETH_TOKEN_ADDRESS, to, tokenAmount); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L337-L337 ```solidity File: tokenomics/contracts/Treasury.sol 405: emit Withdraw(ETH_TOKEN_ADDRESS, account, accountRewards); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L405-L405 ```solidity File: tokenomics/contracts/Treasury.sol 418: emit Withdraw(olas, account, accountTopUps); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L418-L418 ```solidity File: tokenomics/contracts/Treasury.sol 452: emit UpdateTreasuryBalances(amountETHOwned, amountETHFromServices); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L452-L452 ```solidity File: tokenomics/contracts/Treasury.sol 501: emit EnableToken(token); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L501-L501 ```solidity File: tokenomics/contracts/Treasury.sol 519: emit DisableToken(token); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L519-L519 ```solidity File: tokenomics/contracts/Treasury.sol 538: emit PauseTreasury(); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L538-L538 ```solidity File: tokenomics/contracts/Treasury.sol 549: emit UnpauseTreasury(); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L549-L549 ### [N-22] Events may be emitted out of order due to reentrancy Ensure that events follow the best practice of check-effects-interaction, and are emitted before external calls *There are 8 instance(s) of this issue:* ```solidity File: governance/contracts/bridges/FxERC20RootTunnel.sol 79: emit FxDepositERC20(childToken, rootToken, from, to, amount); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20RootTunnel.sol#L79-L79 ```solidity File: governance/contracts/bridges/FxERC20RootTunnel.sol 106: emit FxWithdrawERC20(rootToken, childToken, msg.sender, to, amount); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20RootTunnel.sol#L106-L106 ```solidity File: registries/contracts/UnitRegistry.sol 146: emit UpdateUnitHash(unitId, unitType, unitHash); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L146-L146 ```solidity File: tokenomics/contracts/Depository.sol 268: emit CloseProduct(token, productId, supply); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L268-L268 ```solidity File: tokenomics/contracts/Depository.sol 345: emit CreateBond(token, productId, msg.sender, bondId, payout, tokenAmount, maturity); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L345-L345 ```solidity File: tokenomics/contracts/Dispenser.sol 112: emit IncentivesClaimed(msg.sender, reward, topUp); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Dispenser.sol#L112-L112 ```solidity File: tokenomics/contracts/Treasury.sol 244: emit DepositTokenFromAccount(account, token, tokenAmount, olasMintAmount); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L244-L244 ```solidity File: tokenomics/contracts/Treasury.sol 418: emit Withdraw(olas, account, accountTopUps); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L418-L418 ### [N-23] Defining All External/Public Functions in Contract Interfaces It is preferable to have all the external and public function in an interface to make using them easier by developers. This helps ensure the whole API is extracted in a interface. *There are 78 instance(s) of this issue:* ```solidity File: governance/contracts/OLAS.sol 43: function changeOwner(address newOwner) external { 44: if (msg.sender != owner) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L43-L44 ```solidity File: governance/contracts/OLAS.sol 58: function changeMinter(address newMinter) external { 59: if (msg.sender != owner) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L58-L59 ```solidity File: governance/contracts/OLAS.sol 91: function inflationControl(uint256 amount) public view returns (bool) { 92: uint256 remainder = inflationRemainder(); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L91-L92 ```solidity File: governance/contracts/OLAS.sol 98: function inflationRemainder() public view returns (uint256 remainder) { 99: uint256 _totalSupply = totalSupply; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L98-L99 ```solidity File: governance/contracts/OLAS.sol 128: function decreaseAllowance(address spender, uint256 amount) external returns (bool) { 129: uint256 spenderAllowance = allowance[msg.sender][spender]; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L128-L129 ```solidity File: governance/contracts/OLAS.sol 145: function increaseAllowance(address spender, uint256 amount) external returns (bool) { 146: uint256 spenderAllowance = allowance[msg.sender][spender]; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L145-L146 ```solidity File: governance/contracts/veOLAS.sol 376: function depositFor(address account, uint256 amount) external { 377: LockedBalance memory lockedBalance = mapLockedBalances[account]; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L376-L377 ```solidity File: governance/contracts/veOLAS.sol 402: function createLock(uint256 amount, uint256 unlockTime) external { 403: _createLockFor(msg.sender, amount, unlockTime); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L402-L403 ```solidity File: governance/contracts/veOLAS.sol 411: function createLockFor(address account, uint256 amount, uint256 unlockTime) external { 412: // Check if the account address is zero ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L411-L412 ```solidity File: governance/contracts/veOLAS.sol 458: function increaseAmount(uint256 amount) external { 459: LockedBalance memory lockedBalance = mapLockedBalances[msg.sender]; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L458-L459 ```solidity File: governance/contracts/veOLAS.sol 483: function increaseUnlockTime(uint256 unlockTime) external { 484: LockedBalance memory lockedBalance = mapLockedBalances[msg.sender]; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L483-L484 ```solidity File: governance/contracts/veOLAS.sol 510: function withdraw() external { 511: LockedBalance memory lockedBalance = mapLockedBalances[msg.sender]; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L510-L511 ```solidity File: governance/contracts/multisigs/GuardCM.sol 154: function changeGovernor(address newGovernor) external { 155: if (msg.sender != owner) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L154-L155 ```solidity File: governance/contracts/multisigs/GuardCM.sol 170: function changeGovernorCheckProposalId(uint256 proposalId) external { 171: if (msg.sender != owner) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L170-L171 ```solidity File: governance/contracts/multisigs/GuardCM.sol 387: function checkTransaction( 388: address to, 389: uint256, 390: bytes memory data, 391: Enum.Operation operation, 392: uint256, 393: uint256, 394: uint256, 395: address, 396: address payable, 397: bytes memory, 398: address 399: ) external { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L387-L399 ```solidity File: governance/contracts/multisigs/GuardCM.sol 441: function setTargetSelectorChainIds( 442: address[] memory targets, 443: bytes4[] memory selectors, 444: uint256[] memory chainIds, 445: bool[] memory statuses 446: ) external { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L441-L446 ```solidity File: governance/contracts/multisigs/GuardCM.sol 495: function setBridgeMediatorChainIds( 496: address[] memory bridgeMediatorL1s, 497: address[] memory bridgeMediatorL2s, 498: uint256[] memory chainIds 499: ) external { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L495-L499 ```solidity File: governance/contracts/multisigs/GuardCM.sol 539: function pause() external { 540: if (msg.sender == owner) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L539-L540 ```solidity File: governance/contracts/multisigs/GuardCM.sol 560: function unpause() external { 561: // Check for the ownership ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L560-L561 ```solidity File: governance/contracts/multisigs/GuardCM.sol 572: function checkAfterExecution(bytes32, bool) external {} 573: ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L572-L573 ```solidity File: governance/contracts/multisigs/GuardCM.sol 579: function getTargetSelectorChainId(address target, bytes4 selector, uint256 chainId) external view 580: returns (bool status) 581: { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L579-L581 ```solidity File: governance/contracts/multisigs/GuardCM.sol 597: function getBridgeMediatorChainId(address bridgeMediatorL1) external view 598: returns (address bridgeMediatorL2, uint256 chainId) 599: { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L597-L599 ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol 81: function changeRootGovernor(address newRootGovernor) external { 82: // Check if the change is authorized by the previous governor itself ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L81-L82 ```solidity File: governance/contracts/bridges/HomeMediator.sol 81: function changeForeignGovernor(address newForeignGovernor) external { 82: // Check if the change is authorized by the previous governor itself ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L81-L82 ```solidity File: governance/contracts/bridges/HomeMediator.sol 105: function processMessageFromForeign(bytes memory data) external { 106: // Check for the AMB Contract Proxy (Home) address ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L105-L106 ```solidity File: governance/contracts/bridges/BridgedERC20.sol 30: function changeOwner(address newOwner) external { 31: // Only the contract owner is allowed to change the owner ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/BridgedERC20.sol#L30-L31 ```solidity File: governance/contracts/bridges/FxERC20ChildTunnel.sol 50: function deposit(uint256 amount) external { 51: _deposit(msg.sender, amount); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20ChildTunnel.sol#L50-L51 ```solidity File: governance/contracts/bridges/FxERC20ChildTunnel.sol 57: function depositTo(address to, uint256 amount) external { 58: // Check for the address to deposit tokens to ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20ChildTunnel.sol#L57-L58 ```solidity File: governance/contracts/bridges/FxERC20RootTunnel.sol 54: function withdraw(uint256 amount) external { 55: _withdraw(msg.sender, amount); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20RootTunnel.sol#L54-L55 ```solidity File: governance/contracts/bridges/FxERC20RootTunnel.sol 61: function withdrawTo(address to, uint256 amount) external { 62: // Check for the address to withdraw tokens to ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20RootTunnel.sol#L61-L62 ```solidity File: registries/contracts/GenericRegistry.sol 37: function changeOwner(address newOwner) external virtual { 38: // Check for the ownership ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L37-L38 ```solidity File: registries/contracts/GenericRegistry.sol 54: function changeManager(address newManager) external virtual { 55: if (msg.sender != owner) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L54-L55 ```solidity File: registries/contracts/GenericRegistry.sol 78: function setBaseURI(string memory bURI) external virtual { 79: // Check for the ownership ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L78-L79 ```solidity File: registries/contracts/GenericRegistry.sol 97: function tokenByIndex(uint256 id) external view virtual returns (uint256 unitId) { 98: unitId = id + 1; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L97-L98 ```solidity File: registries/contracts/UnitRegistry.sol 152: function getUnit(uint256 unitId) external view virtual returns (Unit memory unit) { 153: unit = mapUnits[unitId]; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L152-L153 ```solidity File: registries/contracts/UnitRegistry.sol 160: function getDependencies(uint256 unitId) external view virtual 161: returns (uint256 numDependencies, uint32[] memory dependencies) 162: { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L160-L162 ```solidity File: registries/contracts/GenericManager.sol 20: function changeOwner(address newOwner) external virtual { 21: // Check for the ownership ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericManager.sol#L20-L21 ```solidity File: registries/contracts/GenericManager.sol 36: function pause() external virtual { 37: // Check for the ownership ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericManager.sol#L36-L37 ```solidity File: registries/contracts/GenericManager.sol 47: function unpause() external virtual { 48: // Check for the ownership ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericManager.sol#L47-L48 ```solidity File: tokenomics/contracts/Depository.sol 123: function changeOwner(address newOwner) external { 124: // Check for the contract ownership ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L123-L124 ```solidity File: tokenomics/contracts/Depository.sol 143: function changeManagers(address _tokenomics, address _treasury) external { 144: // Check for the contract ownership ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L143-L144 ```solidity File: tokenomics/contracts/Depository.sol 163: function changeBondCalculator(address _bondCalculator) external { 164: // Check for the contract ownership ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L163-L164 ```solidity File: tokenomics/contracts/Depository.sol 244: function close(uint256[] memory productIds) external returns (uint256[] memory closedProductIds) { 245: // Check for the contract ownership ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L244-L245 ```solidity File: tokenomics/contracts/Depository.sol 291: function deposit(uint256 productId, uint256 tokenAmount) external 292: returns (uint256 payout, uint256 maturity, uint256 bondId) 293: { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L291-L293 ```solidity File: tokenomics/contracts/Depository.sol 356: function redeem(uint256[] memory bondIds) external returns (uint256 payout) { 357: for (uint256 i = 0; i < bondIds.length; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L356-L357 ```solidity File: tokenomics/contracts/Depository.sol 396: function getProducts(bool active) external view returns (uint256[] memory productIds) { 397: // Calculate the number of existing products ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L396-L397 ```solidity File: tokenomics/contracts/Depository.sol 424: function isActiveProduct(uint256 productId) external view returns (bool status) { 425: status = (mapBondProducts[productId].supply > 0); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L424-L425 ```solidity File: tokenomics/contracts/Depository.sol 435: function getBonds(address account, bool matured) external view 436: returns (uint256[] memory bondIds, uint256 payout) 437: { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L435-L437 ```solidity File: tokenomics/contracts/Depository.sol 480: function getBondStatus(uint256 bondId) external view returns (uint256 payout, bool matured) { 481: payout = mapUserBonds[bondId].payout; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L480-L481 ```solidity File: tokenomics/contracts/Dispenser.sol 46: function changeOwner(address newOwner) external { 47: // Check for the contract ownership ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Dispenser.sol#L46-L47 ```solidity File: tokenomics/contracts/Dispenser.sol 64: function changeManagers(address _tokenomics, address _treasury) external { 65: // Check for the contract ownership ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Dispenser.sol#L64-L65 ```solidity File: tokenomics/contracts/Dispenser.sol 89: function claimOwnerIncentives(uint256[] memory unitTypes, uint256[] memory unitIds) external 90: returns (uint256 reward, uint256 topUp) 91: { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Dispenser.sol#L89-L91 ```solidity File: tokenomics/contracts/DonatorBlacklist.sol 36: function changeOwner(address newOwner) external { 37: // Check for the contract ownership ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/DonatorBlacklist.sol#L36-L37 ```solidity File: tokenomics/contracts/DonatorBlacklist.sol 56: function setDonatorsStatuses(address[] memory accounts, bool[] memory statuses) external returns (bool success) { 57: // Check for the contract ownership ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/DonatorBlacklist.sol#L56-L57 ```solidity File: tokenomics/contracts/Tokenomics.sol 264: function initializeTokenomics( 265: address _olas, 266: address _treasury, 267: address _depository, 268: address _dispenser, 269: address _ve, 270: uint256 _epochLen, 271: address _componentRegistry, 272: address _agentRegistry, 273: address _serviceRegistry, 274: address _donatorBlacklist 275: ) external 276: { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L264-L276 ```solidity File: tokenomics/contracts/Tokenomics.sol 374: function tokenomicsImplementation() external view returns (address implementation) { 375: assembly { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L374-L375 ```solidity File: tokenomics/contracts/Tokenomics.sol 384: function changeTokenomicsImplementation(address implementation) external { 385: // Check for the contract ownership ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L384-L385 ```solidity File: tokenomics/contracts/Tokenomics.sol 404: function changeOwner(address newOwner) external { 405: // Check for the contract ownership ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L404-L405 ```solidity File: tokenomics/contracts/Tokenomics.sol 423: function changeManagers(address _treasury, address _depository, address _dispenser) external { 424: // Check for the contract ownership ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L423-L424 ```solidity File: tokenomics/contracts/Tokenomics.sol 450: function changeRegistries(address _componentRegistry, address _agentRegistry, address _serviceRegistry) external { 451: // Check for the contract ownership ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L450-L451 ```solidity File: tokenomics/contracts/Tokenomics.sol 474: function changeDonatorBlacklist(address _donatorBlacklist) external { 475: // Check for the contract ownership ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L474-L475 ```solidity File: tokenomics/contracts/Tokenomics.sol 497: function changeTokenomicsParameters( 498: uint256 _devsPerCapital, 499: uint256 _codePerDev, 500: uint256 _epsilonRate, 501: uint256 _epochLen, 502: uint256 _veOLASThreshold 503: ) external 504: { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L497-L504 ```solidity File: tokenomics/contracts/Tokenomics.sol 562: function changeIncentiveFractions( 563: uint256 _rewardComponentFraction, 564: uint256 _rewardAgentFraction, 565: uint256 _maxBondFraction, 566: uint256 _topUpComponentFraction, 567: uint256 _topUpAgentFraction 568: ) external 569: { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L562-L569 ```solidity File: tokenomics/contracts/Tokenomics.sol 1160: function getOwnerIncentives(address account, uint256[] memory unitTypes, uint256[] memory unitIds) external view 1161: returns (uint256 reward, uint256 topUp) 1162: { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1160-L1162 ```solidity File: tokenomics/contracts/Tokenomics.sol 1237: function getInflationPerEpoch() external view returns (uint256 inflationPerEpoch) { 1238: inflationPerEpoch = inflationPerSecond * epochLen; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1237-L1238 ```solidity File: tokenomics/contracts/Tokenomics.sol 1245: function getUnitPoint(uint256 epoch, uint256 unitType) external view returns (UnitPoint memory up) { 1246: up = mapEpochTokenomics[epoch].unitPoints[unitType]; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1245-L1246 ```solidity File: tokenomics/contracts/Tokenomics.sol 1252: function getIDF(uint256 epoch) external view returns (uint256 idf) 1253: { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1252-L1253 ```solidity File: tokenomics/contracts/TokenomicsConstants.sol 30: function getSupplyCapForYear(uint256 numYears) public pure returns (uint256 supplyCap) { 31: // For the first 10 years the supply caps are pre-defined ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsConstants.sol#L30-L31 ```solidity File: tokenomics/contracts/TokenomicsConstants.sol 66: function getInflationForYear(uint256 numYears) public pure returns (uint256 inflationAmount) { 67: // For the first 10 years the inflation caps are pre-defined as differences between next year cap and current year one ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsConstants.sol#L66-L67 ```solidity File: tokenomics/contracts/Treasury.sol 137: function changeOwner(address newOwner) external { 138: // Check for the contract ownership ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L137-L138 ```solidity File: tokenomics/contracts/Treasury.sol 156: function changeManagers(address _tokenomics, address _depository, address _dispenser) external { 157: // Check for the contract ownership ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L156-L157 ```solidity File: tokenomics/contracts/Treasury.sol 182: function changeMinAcceptedETH(uint256 _minAcceptedETH) external { 183: // Check for the contract ownership ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L182-L183 ```solidity File: tokenomics/contracts/Treasury.sol 313: function withdraw(address to, uint256 tokenAmount, address token) external returns (bool success) { 314: // Check for the contract ownership ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L313-L314 ```solidity File: tokenomics/contracts/Treasury.sol 466: function drainServiceSlashedFunds() external returns (uint256 amount) { 467: // Check for the contract ownership ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L466-L467 ```solidity File: tokenomics/contracts/Treasury.sol 487: function enableToken(address token) external { 488: // Check for the contract ownership ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L487-L488 ```solidity File: tokenomics/contracts/Treasury.sol 507: function disableToken(address token) external { 508: // Check for the contract ownership ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L507-L508 ```solidity File: tokenomics/contracts/Treasury.sol 531: function pause() external { 532: // Check for the contract ownership ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L531-L532 ```solidity File: tokenomics/contracts/Treasury.sol 542: function unpause() external { 543: // Check for the contract ownership ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L542-L543 ### [N-24] Fixed Compiler Version Required for Non-Library/Interface Files *There are 27 instance(s) of this issue:* ```solidity File: governance/contracts/GovernorOLAS.sol //@audit `GovernorOLAS` 2: pragma solidity ^0.8.20; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/GovernorOLAS.sol#L2-L2 ```solidity File: governance/contracts/Timelock.sol //@audit `Timelock` 2: pragma solidity ^0.8.20; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/Timelock.sol#L2-L2 ```solidity File: governance/contracts/OLAS.sol //@audit `OLAS` 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L2-L2 ```solidity File: governance/contracts/veOLAS.sol //@audit `veOLAS` 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L2-L2 ```solidity File: governance/contracts/wveOLAS.sol //@audit `wveOLAS` 2: pragma solidity ^0.8.19; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L2-L2 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit `GuardCM` 2: pragma solidity ^0.8.23; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L2-L2 ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol //@audit `FxGovernorTunnel` 2: pragma solidity ^0.8.19; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L2-L2 ```solidity File: governance/contracts/bridges/HomeMediator.sol //@audit `HomeMediator` 2: pragma solidity ^0.8.19; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L2-L2 ```solidity File: governance/contracts/bridges/BridgedERC20.sol //@audit `BridgedERC20` 2: pragma solidity ^0.8.23; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/BridgedERC20.sol#L2-L2 ```solidity File: governance/contracts/bridges/FxERC20ChildTunnel.sol //@audit `FxERC20ChildTunnel` 2: pragma solidity ^0.8.23; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20ChildTunnel.sol#L2-L2 ```solidity File: governance/contracts/bridges/FxERC20RootTunnel.sol //@audit `FxERC20RootTunnel` 2: pragma solidity ^0.8.23; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20RootTunnel.sol#L2-L2 ```solidity File: registries/contracts/GenericRegistry.sol //@audit `GenericRegistry` 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L2-L2 ```solidity File: registries/contracts/UnitRegistry.sol //@audit `UnitRegistry` 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L2-L2 ```solidity File: registries/contracts/ComponentRegistry.sol //@audit `ComponentRegistry` 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/ComponentRegistry.sol#L2-L2 ```solidity File: registries/contracts/AgentRegistry.sol //@audit `AgentRegistry` 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/AgentRegistry.sol#L2-L2 ```solidity File: registries/contracts/GenericManager.sol //@audit `GenericManager` 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericManager.sol#L2-L2 ```solidity File: registries/contracts/RegistriesManager.sol //@audit `RegistriesManager` 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/RegistriesManager.sol#L2-L2 ```solidity File: registries/contracts/multisigs/GnosisSafeMultisig.sol //@audit `GnosisSafeMultisig` 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeMultisig.sol#L2-L2 ```solidity File: registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol //@audit `GnosisSafeSameAddressMultisig` 2: pragma solidity ^0.8.21; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol#L2-L2 ```solidity File: tokenomics/contracts/Depository.sol //@audit `Depository` 2: pragma solidity ^0.8.20; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L2-L2 ```solidity File: tokenomics/contracts/Dispenser.sol //@audit `Dispenser` 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Dispenser.sol#L2-L2 ```solidity File: tokenomics/contracts/DonatorBlacklist.sol //@audit `DonatorBlacklist` 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/DonatorBlacklist.sol#L2-L2 ```solidity File: tokenomics/contracts/GenericBondCalculator.sol //@audit `GenericBondCalculator` 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/GenericBondCalculator.sol#L2-L2 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `Tokenomics` 2: pragma solidity ^0.8.20; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L2-L2 ```solidity File: tokenomics/contracts/TokenomicsConstants.sol //@audit `TokenomicsConstants` 2: pragma solidity ^0.8.20; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsConstants.sol#L2-L2 ```solidity File: tokenomics/contracts/TokenomicsProxy.sol //@audit `TokenomicsProxy` 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsProxy.sol#L2-L2 ```solidity File: tokenomics/contracts/Treasury.sol //@audit `Treasury` 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L2-L2 ### [N-25] Floating pragma should be avoided If you leave a floating pragma in your code (pragma solidity 0.4>=0.6. 0. ), you won't know which version was deployed to compile your code, leading to unexpected behavior *There are 27 instance(s) of this issue:* ```solidity File: governance/contracts/GovernorOLAS.sol 2: pragma solidity ^0.8.20; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/GovernorOLAS.sol#L2-L2 ```solidity File: governance/contracts/Timelock.sol 2: pragma solidity ^0.8.20; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/Timelock.sol#L2-L2 ```solidity File: governance/contracts/OLAS.sol 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L2-L2 ```solidity File: governance/contracts/veOLAS.sol 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L2-L2 ```solidity File: governance/contracts/wveOLAS.sol 2: pragma solidity ^0.8.19; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L2-L2 ```solidity File: governance/contracts/multisigs/GuardCM.sol 2: pragma solidity ^0.8.23; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L2-L2 ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol 2: pragma solidity ^0.8.19; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L2-L2 ```solidity File: governance/contracts/bridges/HomeMediator.sol 2: pragma solidity ^0.8.19; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L2-L2 ```solidity File: governance/contracts/bridges/BridgedERC20.sol 2: pragma solidity ^0.8.23; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/BridgedERC20.sol#L2-L2 ```solidity File: governance/contracts/bridges/FxERC20ChildTunnel.sol 2: pragma solidity ^0.8.23; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20ChildTunnel.sol#L2-L2 ```solidity File: governance/contracts/bridges/FxERC20RootTunnel.sol 2: pragma solidity ^0.8.23; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20RootTunnel.sol#L2-L2 ```solidity File: registries/contracts/GenericRegistry.sol 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L2-L2 ```solidity File: registries/contracts/UnitRegistry.sol 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L2-L2 ```solidity File: registries/contracts/ComponentRegistry.sol 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/ComponentRegistry.sol#L2-L2 ```solidity File: registries/contracts/AgentRegistry.sol 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/AgentRegistry.sol#L2-L2 ```solidity File: registries/contracts/GenericManager.sol 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericManager.sol#L2-L2 ```solidity File: registries/contracts/RegistriesManager.sol 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/RegistriesManager.sol#L2-L2 ```solidity File: registries/contracts/multisigs/GnosisSafeMultisig.sol 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeMultisig.sol#L2-L2 ```solidity File: registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol 2: pragma solidity ^0.8.21; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol#L2-L2 ```solidity File: tokenomics/contracts/Depository.sol 2: pragma solidity ^0.8.20; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L2-L2 ```solidity File: tokenomics/contracts/Dispenser.sol 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Dispenser.sol#L2-L2 ```solidity File: tokenomics/contracts/DonatorBlacklist.sol 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/DonatorBlacklist.sol#L2-L2 ```solidity File: tokenomics/contracts/GenericBondCalculator.sol 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/GenericBondCalculator.sol#L2-L2 ```solidity File: tokenomics/contracts/Tokenomics.sol 2: pragma solidity ^0.8.20; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L2-L2 ```solidity File: tokenomics/contracts/TokenomicsConstants.sol 2: pragma solidity ^0.8.20; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsConstants.sol#L2-L2 ```solidity File: tokenomics/contracts/TokenomicsProxy.sol 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsProxy.sol#L2-L2 ```solidity File: tokenomics/contracts/Treasury.sol 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L2-L2 ### [N-26] NatSpec documentation for `function` is missing It is recommended that Solidity contracts are fully annotated using NatSpec for all public interfaces (everything in the ABI). It is clearly stated in the Solidity official documentation. In complex projects such as Defi, the interpretation of all functions and their arguments and returns is important for code readability and auditability.[source](https://docs.soliditylang.org/en/v0.8.15/natspec-format.html) *There are 13 instance(s) of this issue:* ```solidity File: governance/contracts/GovernorOLAS.sol 16: constructor( ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/GovernorOLAS.sol#L16-L16 ```solidity File: governance/contracts/Timelock.sol 10: constructor(uint256 minDelay, address[] memory proposers, address[] memory executors) ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/Timelock.sol#L10-L10 ```solidity File: governance/contracts/OLAS.sol 35: constructor() ERC20("Autonolas", "OLAS", 18) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L35-L35 ```solidity File: governance/contracts/multisigs/GuardCM.sol 7: function state(uint256 proposalId) external returns (ProposalState); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L7-L7 ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol 6: function processMessageFromRoot(uint256 stateId, address rootMessageSender, bytes memory data) external; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L6-L6 ```solidity File: governance/contracts/bridges/HomeMediator.sol 6: function messageSender() external view returns (address); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L6-L6 ```solidity File: governance/contracts/bridges/BridgedERC20.sol 24: constructor(string memory _name, string memory _symbol, uint8 _decimals) ERC20(_name, _symbol, _decimals) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/BridgedERC20.sol#L24-L24 ```solidity File: registries/contracts/UnitRegistry.sol 35: constructor(UnitType _unitType) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L35-L35 ```solidity File: registries/contracts/RegistriesManager.sol 15: constructor(address _componentRegistry, address _agentRegistry) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/RegistriesManager.sol#L15-L15 ```solidity File: tokenomics/contracts/interfaces/IUniswapV2Pair.sol 6: function totalSupply() external view returns (uint); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IUniswapV2Pair.sol#L6-L6 ```solidity File: tokenomics/contracts/interfaces/IUniswapV2Pair.sol 7: function token0() external view returns (address); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IUniswapV2Pair.sol#L7-L7 ```solidity File: tokenomics/contracts/interfaces/IUniswapV2Pair.sol 8: function token1() external view returns (address); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IUniswapV2Pair.sol#L8-L8 ```solidity File: tokenomics/contracts/interfaces/IUniswapV2Pair.sol 9: function getReserves() external view returns (uint112 reserve0, uint112 reserve1, uint32 blockTimestampLast); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IUniswapV2Pair.sol#L9-L9 ### [N-27] Function ordering does not follow the Solidity style guide According to the [Solidity style guide](https://docs.soliditylang.org/en/v0.8.17/style-guide.html#order-of-functions), functions should be laid out in the following order :`constructor()`, `receive()`, `fallback()`, `external`, `public`, `internal`, `private`, but the cases below do not follow this pattern *There are 11 instance(s) of this issue:* ```solidity File: governance/contracts/GovernorOLAS.sol 105: function supportsInterface(bytes4 interfaceId) public view override(IERC165, Governor, GovernorTimelockControl) ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/GovernorOLAS.sol#L105-L105 ```solidity File: governance/contracts/OLAS.sol 118: function burn(uint256 amount) external { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L118-L118 ```solidity File: governance/contracts/veOLAS.sol 320: function checkpoint() external { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L320-L320 ```solidity File: governance/contracts/wveOLAS.sol 203: function getVotes(address account) external view returns (uint256 balance) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L203-L203 ```solidity File: governance/contracts/multisigs/GuardCM.sol 7: function state(uint256 proposalId) external returns (ProposalState); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L7-L7 ```solidity File: governance/contracts/multisigs/GuardCM.sol 387: function checkTransaction( ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L387-L387 ```solidity File: registries/contracts/GenericRegistry.sol 135: function tokenURI(uint256 unitId) public view virtual override returns (string memory) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L135-L135 ```solidity File: registries/contracts/UnitRegistry.sol 49: function create(address unitOwner, bytes32 unitHash, uint32[] memory dependencies) ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L49-L49 ```solidity File: registries/contracts/AgentRegistry.sol 70: function calculateSubComponents(uint32[] memory unitIds) external view returns (uint32[] memory subComponentIds) ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/AgentRegistry.sol#L70-L70 ```solidity File: registries/contracts/multisigs/GnosisSafeMultisig.sol 91: function create( ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeMultisig.sol#L91-L91 ```solidity File: tokenomics/contracts/Tokenomics.sol 788: function trackServiceDonations( ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L788-L788 ### [N-28] `address`s shouldn't be hard-coded It is often better to declare `address`es as `immutable`, and assign them via constructor arguments. This allows the code to remain the same across deployments on different networks, and avoids recompilation when addresses need to change. *There are 1 instance(s) of this issue:* ```solidity File: tokenomics/contracts/Treasury.sol //@audit hardcoded address : 0xEeeeeEeeeEeEeeEeEeEeeEEEeeeeEeeeeeeeEEeE 56: address public constant ETH_TOKEN_ADDRESS = address(0xEeeeeEeeeEeEeeEeEeEeeEEEeeeeEeeeeeeeEEeE); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L56-L56 ### [N-29] Array indicies should be referenced via `enum`s rather than via numeric literals Consider using an enum instead of hardcoding an index access to make the code easier to understand. *There are 40 instance(s) of this issue:* ```solidity File: governance/contracts/veOLAS.sol //@audit `mapSupplyPoints` 139: mapSupplyPoints[0] = PointVoting(0, 0, uint64(block.timestamp), uint64(block.number), 0); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L139-L139 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit `targets` 351: (targets[0], , callDatas[0], , , ) = ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L351-L351 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit `callDatas` 351: (targets[0], , callDatas[0], , , ) = ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L351-L351 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `mapEpochTokenomics` 338: TokenomicsPoint storage tp = mapEpochTokenomics[1]; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L338-L338 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `incentiveFlags` 694: incentiveFlags[0] = (mapEpochTokenomics[curEpoch].unitPoints[0].rewardUnitFraction > 0); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L694-L694 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `incentiveFlags` 695: incentiveFlags[1] = (mapEpochTokenomics[curEpoch].unitPoints[1].rewardUnitFraction > 0); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L695-L695 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `incentiveFlags` 696: incentiveFlags[2] = (mapEpochTokenomics[curEpoch].unitPoints[0].topUpUnitFraction > 0); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L696-L696 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `incentiveFlags` 697: incentiveFlags[3] = (mapEpochTokenomics[curEpoch].unitPoints[1].topUpUnitFraction > 0); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L697-L697 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `incentives` 914: incentives[0] = tp.epochPoint.totalDonationsETH; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L914-L914 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `incentives` 915: incentives[1] = (incentives[0] * tp.epochPoint.rewardTreasuryFraction) / 100; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L915-L915 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `incentives` 917: incentives[2] = (incentives[0] * tp.unitPoints[0].rewardUnitFraction) / 100; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L917-L917 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `incentives` 918: incentives[3] = (incentives[0] * tp.unitPoints[1].rewardUnitFraction) / 100; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L918-L918 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `incentives` 951: incentives[4] = (inflationPerEpoch * tp.epochPoint.maxBondFraction) / 100; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L951-L951 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `incentives` 963: if (incentives[4] > curMaxBond) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L963-L963 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `incentives` 1041: if (incentives[0] > 0) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1041-L1041 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `incentives` 1052: uint256 accountRewards = incentives[2] + incentives[3]; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1052-L1052 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `incentives` 1052: uint256 accountRewards = incentives[2] + incentives[3]; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1052-L1052 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `incentives` 1054: incentives[5] = (inflationPerEpoch * tp.unitPoints[0].topUpUnitFraction) / 100; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1054-L1054 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `incentives` 1056: incentives[6] = (inflationPerEpoch * tp.unitPoints[1].topUpUnitFraction) / 100; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1056-L1056 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `incentives` 1060: uint256 accountTopUps = incentives[5] + incentives[6]; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1060-L1060 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `incentives` 1060: uint256 accountTopUps = incentives[5] + incentives[6]; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1060-L1060 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `registries` 690: (registries[0], registries[1]) = (componentRegistry, agentRegistry); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L690-L690 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `registries` 690: (registries[0], registries[1]) = (componentRegistry, agentRegistry); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L690-L690 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `incentives` 1063: if (incentives[1] == 0 || ITreasury(treasury).rebalanceTreasury(incentives[1])) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1063-L1063 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `incentives` 1063: if (incentives[1] == 0 || ITreasury(treasury).rebalanceTreasury(incentives[1])) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1063-L1063 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `registries` 1100: (registries[0], registries[1]) = (componentRegistry, agentRegistry); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1100-L1100 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `registries` 1100: (registries[0], registries[1]) = (componentRegistry, agentRegistry); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1100-L1100 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `registries` 1170: (registries[0], registries[1]) = (componentRegistry, agentRegistry); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1170-L1170 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `registries` 1170: (registries[0], registries[1]) = (componentRegistry, agentRegistry); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1170-L1170 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `mapEpochTokenomics` 334: mapEpochTokenomics[0].epochPoint.endTime = uint32(block.timestamp); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L334-L334 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `incentiveFlags` 707: if (incentiveFlags[2] || incentiveFlags[3]) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L707-L707 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `incentiveFlags` 707: if (incentiveFlags[2] || incentiveFlags[3]) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L707-L707 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `incentives` 965: incentives[4] = effectiveBond + incentives[4] - curMaxBond; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L965-L965 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `incentives` 1043: uint256 idf = _calculateIDF(incentives[1], tp.epochPoint.numNewOwners); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1043-L1043 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `incentives` 1065: emit EpochSettled(eCounter, incentives[1], accountRewards, accountTopUps); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1065-L1065 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `incentives` 915: incentives[1] = (incentives[0] * tp.epochPoint.rewardTreasuryFraction) / 100; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L915-L915 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `incentives` 917: incentives[2] = (incentives[0] * tp.unitPoints[0].rewardUnitFraction) / 100; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L917-L917 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `incentives` 918: incentives[3] = (incentives[0] * tp.unitPoints[1].rewardUnitFraction) / 100; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L918-L918 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `incentives` 966: effectiveBond = uint96(incentives[4]); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L966-L966 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `incentives` 965: incentives[4] = effectiveBond + incentives[4] - curMaxBond; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L965-L965 ### [N-30] Some if-statement can be converted to a ternary Improving code readability and compactness is an integral part of optimal programming practices. The use of ternary operators in place of if-else conditions is one such measure. Ternary operators allow us to write conditional statements in a more concise manner, thereby enhancing readability and simplicity. They follow the syntax `condition ? exprIfTrue : exprIfFalse`, which interprets as "if the condition is true, evaluate to `exprIfTrue`, else evaluate to `exprIfFalse`". By adopting this approach, we make our code more streamlined and intuitive, which could potentially aid in better understanding and maintenance of the codebase. *There are 39 instance(s) of this issue:* ```solidity File: governance/contracts/veOLAS.sol 147: if (lastPointNumber > 0) { 148: pv = mapUserPoints[account][lastPointNumber - 1]; 149: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L147-L149 ```solidity File: governance/contracts/veOLAS.sol 211: if (curNumPoint > 0) { 212: lastPoint = mapSupplyPoints[curNumPoint]; 213: } else { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L211-L213 ```solidity File: governance/contracts/veOLAS.sol 222: if (block.timestamp > lastPoint.ts) { 223: // This 1e18 multiplier is needed for the numerator to be bigger than the denominator 224: // We need to calculate this in > uint64 size (1e18 is > 2^59 multiplied by 2^64). 225: block_slope = (1e18 * uint256(block.number - lastPoint.blockNumber)) / uint256(block.timestamp - lastPoint.ts); 226: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L222-L226 ```solidity File: governance/contracts/veOLAS.sol 352: if (unlockTime > 0) { 353: lockedBalance.endTime = uint64(unlockTime); 354: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L352-L354 ```solidity File: governance/contracts/veOLAS.sol 582: if (account == address(0)) { 583: point = mapSupplyPoints[minPointNumber]; 584: } else { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L582-L584 ```solidity File: governance/contracts/veOLAS.sol 626: if (uPoint.blockNumber < (blockNumber + 1)) { 627: balance = uint256(uPoint.balance); 628: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L626-L628 ```solidity File: governance/contracts/veOLAS.sol 663: if (dBlock > 0) { 664: blockTime += (dt * (blockNumber - point.blockNumber)) / dBlock; 665: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L663-L665 ```solidity File: governance/contracts/veOLAS.sol 681: if (uPoint.bias > 0) { 682: balance = uint256(uint128(uPoint.bias)); 683: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L681-L683 ```solidity File: governance/contracts/veOLAS.sol 712: if (lastPoint.bias > 0) { 713: vSupply = uint256(uint128(lastPoint.bias)); 714: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L712-L714 ```solidity File: governance/contracts/veOLAS.sol 730: if (sPoint.blockNumber < (blockNumber + 1)) { 731: supplyAt = uint256(sPoint.balance); 732: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L730-L732 ```solidity File: governance/contracts/veOLAS.sol 282: if (lastPoint.slope < 0) { 283: lastPoint.slope = 0; 284: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L282-L284 ```solidity File: governance/contracts/veOLAS.sol 285: if (lastPoint.bias < 0) { 286: lastPoint.bias = 0; 287: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L285-L287 ```solidity File: governance/contracts/veOLAS.sol 568: if (account == address(0)) { 569: point = mapSupplyPoints[mid]; 570: } else { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L568-L570 ```solidity File: governance/contracts/veOLAS.sol 574: if (point.blockNumber < (blockNumber + 1)) { 575: minPointNumber = mid; 576: } else { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L574-L576 ```solidity File: governance/contracts/veOLAS.sol 598: if (uPoint.bias > 0) { 599: vBalance = uint256(int256(uPoint.bias)); 600: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L598-L600 ```solidity File: governance/contracts/veOLAS.sol 699: if (tStep > ts) { 700: tStep = ts; 701: } else { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L699-L701 ```solidity File: governance/contracts/veOLAS.sol 240: if (tStep > block.timestamp) { 241: tStep = uint64(block.timestamp); 242: } else { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L240-L242 ```solidity File: governance/contracts/veOLAS.sol 247: if (lastPoint.bias < 0) { 248: // This could potentially happen, but fuzzer didn't find available "real" combinations 249: lastPoint.bias = 0; 250: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L247-L250 ```solidity File: governance/contracts/veOLAS.sol 251: if (lastPoint.slope < 0) { 252: // This cannot happen - just in case. Again, fuzzer didn't reach this 253: lastPoint.slope = 0; 254: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L251-L254 ```solidity File: governance/contracts/veOLAS.sol 202: if (newLocked.endTime == oldLocked.endTime) { 203: newDSlope = oldDSlope; 204: } else { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L202-L204 ```solidity File: governance/contracts/veOLAS.sol 300: if (newLocked.endTime == oldLocked.endTime) { 301: oldDSlope -= uNew.slope; // It was a new deposit, not extension 302: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L300-L302 ```solidity File: governance/contracts/wveOLAS.sol 196: if (userNumPoints > 0) { 197: uPoint = IVEOLAS(ve).getUserPoint(account, idx); 198: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L196-L198 ```solidity File: governance/contracts/wveOLAS.sol 215: if (uPoint.blockNumber > 0 && blockNumber >= uPoint.blockNumber) { 216: balance = IVEOLAS(ve).getPastVotes(account, blockNumber); 217: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L215-L217 ```solidity File: governance/contracts/wveOLAS.sol 235: if (uPoint.blockNumber > 0 && blockNumber >= uPoint.blockNumber) { 236: balance = IVEOLAS(ve).balanceOfAt(account, blockNumber); 237: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L235-L237 ```solidity File: registries/contracts/AgentRegistry.sol 59: if (subcomponentsFromType == UnitType.Component) { 60: (subComponentIds, ) = IRegistry(componentRegistry).getLocalSubComponents(uint256(unitId)); 61: } else { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/AgentRegistry.sol#L59-L61 ```solidity File: registries/contracts/RegistriesManager.sol 38: if (unitType == IRegistry.UnitType.Component) { 39: unitId = IRegistry(componentRegistry).create(unitOwner, unitHash, dependencies); 40: } else { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/RegistriesManager.sol#L38-L40 ```solidity File: registries/contracts/RegistriesManager.sol 51: if (unitType == IRegistry.UnitType.Component) { 52: success = IRegistry(componentRegistry).updateHash(msg.sender, unitId, unitHash); 53: } else { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/RegistriesManager.sol#L51-L53 ```solidity File: tokenomics/contracts/Depository.sol 483: if (payout > 0) { 484: matured = block.timestamp >= mapUserBonds[bondId].maturity; 485: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L483-L485 ```solidity File: tokenomics/contracts/Dispenser.sol 103: if ((reward + topUp) > 0) { 104: success = ITreasury(treasury).withdrawToAccount(msg.sender, reward, topUp); 105: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Dispenser.sol#L103-L105 ```solidity File: tokenomics/contracts/GenericBondCalculator.sol 84: if (token0 == olas) { 85: reserve1 = reserve0; 86: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/GenericBondCalculator.sol#L84-L86 ```solidity File: tokenomics/contracts/Tokenomics.sol 511: if (uint72(_devsPerCapital) > MIN_PARAM_VALUE) { 512: devsPerCapital = uint72(_devsPerCapital); 513: } else { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L511-L513 ```solidity File: tokenomics/contracts/Tokenomics.sol 519: if (uint72(_codePerDev) > MIN_PARAM_VALUE) { 520: codePerDev = uint72(_codePerDev); 521: } else { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L519-L521 ```solidity File: tokenomics/contracts/Tokenomics.sol 529: if (_epsilonRate > 0 && _epsilonRate <= 17e18) { 530: epsilonRate = uint64(_epsilonRate); 531: } else { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L529-L531 ```solidity File: tokenomics/contracts/Tokenomics.sol 536: if (uint32(_epochLen) >= MIN_EPOCH_LENGTH && uint32(_epochLen) <= ONE_YEAR) { 537: nextEpochLen = uint32(_epochLen); 538: } else { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L536-L538 ```solidity File: tokenomics/contracts/Tokenomics.sol 543: if (uint96(_veOLASThreshold) > 0) { 544: nextVeOLASThreshold = uint96(_veOLASThreshold); 545: } else { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L543-L545 ```solidity File: tokenomics/contracts/Tokenomics.sol 857: if (fKD > epsilonRate) { 858: fKD = epsilonRate; 859: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L857-L859 ```solidity File: tokenomics/contracts/Tokenomics.sol 1255: if (idf == 0) { 1256: idf = 1e18; 1257: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1255-L1257 ```solidity File: tokenomics/contracts/Tokenomics.sol 1265: if (idf == 0) { 1266: idf = 1e18; 1267: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1265-L1267 ```solidity File: tokenomics/contracts/Tokenomics.sol 744: if (incentiveFlags[unitType]) { 745: mapUnitIncentives[unitType][serviceUnitIds[j]].pendingRelativeReward += amount; 746: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L744-L746 ### [N-31] Imports could be organized more systematically The contract used interfaces should be imported first, followed by all other files. The examples below do not follow this layout. *There are 6 instance(s) of this issue:* ```solidity File: governance/contracts/bridges/FxERC20ChildTunnel.sol 5: import {IERC20} from "../interfaces/IERC20.sol"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20ChildTunnel.sol#L5-L5 ```solidity File: governance/contracts/bridges/FxERC20RootTunnel.sol 5: import {IERC20} from "../interfaces/IERC20.sol"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20RootTunnel.sol#L5-L5 ```solidity File: registries/contracts/GenericRegistry.sol 5: import "./interfaces/IErrorsRegistries.sol"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L5-L5 ```solidity File: registries/contracts/AgentRegistry.sol 5: import "./interfaces/IRegistry.sol"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/AgentRegistry.sol#L5-L5 ```solidity File: registries/contracts/RegistriesManager.sol 5: import "./interfaces/IRegistry.sol"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/RegistriesManager.sol#L5-L5 ```solidity File: tokenomics/contracts/Tokenomics.sol 5: import "./interfaces/IDonatorBlacklist.sol"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L5-L5 ### [N-32] Import declarations should import specific identifiers, rather than the whole file Using import declarations of the form `import {} from "some/ file.sol"` avoids polluting the symbol namespace making flattened files smaller, and speeds up compilation *There are 34 instance(s) of this issue:* ```solidity File: governance/contracts/Timelock.sol 4: import "@openzeppelin/contracts/governance/TimelockController.sol"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/Timelock.sol#L4-L4 ```solidity File: governance/contracts/OLAS.sol 4: import "../lib/solmate/src/tokens/ERC20.sol"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L4-L4 ```solidity File: governance/contracts/veOLAS.sol 4: import "@openzeppelin/contracts/governance/utils/IVotes.sol"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L4-L4 ```solidity File: governance/contracts/veOLAS.sol 5: import "@openzeppelin/contracts/token/ERC20/IERC20.sol"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L5-L5 ```solidity File: governance/contracts/veOLAS.sol 6: import "@openzeppelin/contracts/utils/introspection/IERC165.sol"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L6-L6 ```solidity File: governance/contracts/veOLAS.sol 7: import "./interfaces/IErrors.sol"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L7-L7 ```solidity File: registries/contracts/GenericRegistry.sol 4: import "../lib/solmate/src/tokens/ERC721.sol"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L4-L4 ```solidity File: registries/contracts/GenericRegistry.sol 5: import "./interfaces/IErrorsRegistries.sol"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L5-L5 ```solidity File: registries/contracts/UnitRegistry.sol 4: import "./GenericRegistry.sol"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L4-L4 ```solidity File: registries/contracts/ComponentRegistry.sol 4: import "./UnitRegistry.sol"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/ComponentRegistry.sol#L4-L4 ```solidity File: registries/contracts/AgentRegistry.sol 4: import "./UnitRegistry.sol"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/AgentRegistry.sol#L4-L4 ```solidity File: registries/contracts/AgentRegistry.sol 5: import "./interfaces/IRegistry.sol"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/AgentRegistry.sol#L5-L5 ```solidity File: registries/contracts/GenericManager.sol 4: import "./interfaces/IErrorsRegistries.sol"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericManager.sol#L4-L4 ```solidity File: registries/contracts/RegistriesManager.sol 4: import "./GenericManager.sol"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/RegistriesManager.sol#L4-L4 ```solidity File: registries/contracts/RegistriesManager.sol 5: import "./interfaces/IRegistry.sol"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/RegistriesManager.sol#L5-L5 ```solidity File: tokenomics/contracts/Dispenser.sol 4: import "./interfaces/IErrorsTokenomics.sol"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Dispenser.sol#L4-L4 ```solidity File: tokenomics/contracts/Dispenser.sol 5: import "./interfaces/ITokenomics.sol"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Dispenser.sol#L5-L5 ```solidity File: tokenomics/contracts/Dispenser.sol 6: import "./interfaces/ITreasury.sol"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Dispenser.sol#L6-L6 ```solidity File: tokenomics/contracts/GenericBondCalculator.sol 5: import "./interfaces/ITokenomics.sol"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/GenericBondCalculator.sol#L5-L5 ```solidity File: tokenomics/contracts/GenericBondCalculator.sol 6: import "./interfaces/IUniswapV2Pair.sol"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/GenericBondCalculator.sol#L6-L6 ```solidity File: tokenomics/contracts/Tokenomics.sol 4: import "./TokenomicsConstants.sol"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L4-L4 ```solidity File: tokenomics/contracts/Tokenomics.sol 5: import "./interfaces/IDonatorBlacklist.sol"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L5-L5 ```solidity File: tokenomics/contracts/Tokenomics.sol 6: import "./interfaces/IErrorsTokenomics.sol"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L6-L6 ```solidity File: tokenomics/contracts/Tokenomics.sol 7: import "./interfaces/IOLAS.sol"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L7-L7 ```solidity File: tokenomics/contracts/Tokenomics.sol 8: import "./interfaces/IServiceRegistry.sol"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L8-L8 ```solidity File: tokenomics/contracts/Tokenomics.sol 9: import "./interfaces/IToken.sol"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L9-L9 ```solidity File: tokenomics/contracts/Tokenomics.sol 10: import "./interfaces/ITreasury.sol"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L10-L10 ```solidity File: tokenomics/contracts/Tokenomics.sol 11: import "./interfaces/IVotingEscrow.sol"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L11-L11 ```solidity File: tokenomics/contracts/TokenomicsConstants.sol 4: import "@prb/math/src/UD60x18.sol"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsConstants.sol#L4-L4 ```solidity File: tokenomics/contracts/Treasury.sol 4: import "./interfaces/IErrorsTokenomics.sol"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L4-L4 ```solidity File: tokenomics/contracts/Treasury.sol 5: import "./interfaces/IOLAS.sol"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L5-L5 ```solidity File: tokenomics/contracts/Treasury.sol 6: import "./interfaces/IToken.sol"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L6-L6 ```solidity File: tokenomics/contracts/Treasury.sol 7: import "./interfaces/IServiceRegistry.sol"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L7-L7 ```solidity File: tokenomics/contracts/Treasury.sol 8: import "./interfaces/ITokenomics.sol"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L8-L8 ### [N-33] Interfaces should be defined in separate files from their usage The interfaces below should be defined in separate files, so that it's easier for future projects to import them, and to avoid duplication later on if they need to be used elsewhere in the project *There are 5 instance(s) of this issue:* ```solidity File: governance/contracts/wveOLAS.sol //@audit the interface `IVEOLAS` is declared in this file and used in it here: 195: uint256 userNumPoints = IVEOLAS(ve).getNumUserPoints(account); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L195-L195 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit the interface `IGovernor` is declared in this file and used in it here: 545: ProposalState state = IGovernor(governor).state(governorCheckProposalId); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L545-L545 ```solidity File: governance/contracts/bridges/HomeMediator.sol //@audit the interface `IAMB` is declared in this file and used in it here: 113: address bridgeGovernor = IAMB(AMBContractProxyHome).messageSender(); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L113-L113 ```solidity File: registries/contracts/multisigs/GnosisSafeMultisig.sol //@audit the interface `IGnosisSafeProxyFactory` is declared in this file and used in it here: 106: multisig = IGnosisSafeProxyFactory(gnosisSafeProxyFactory).createProxyWithNonce(gnosisSafe, safeParams, nonce); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeMultisig.sol#L106-L106 ```solidity File: registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol //@audit the interface `IGnosisSafe` is declared in this file and used in it here: 125: address[] memory checkOwners = IGnosisSafe(multisig).getOwners(); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol#L125-L125 ### [N-34] Large numeric literals should use underscores for readability *There are 8 instance(s) of this issue:* ```solidity File: governance/contracts/veOLAS.sol 101: uint256 internal constant MAXTIME = 4 * 365 * 86400; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L101-L101 ```solidity File: governance/contracts/veOLAS.sol 103: int128 internal constant IMAXTIME = 4 * 365 * 86400; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L103-L103 ```solidity File: governance/contracts/multisigs/GuardCM.sol 108: uint256 public governorCheckProposalId = 88250008686885504216650933897987879122244685460173810624866685274624741477673; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L108-L108 ```solidity File: governance/contracts/multisigs/GuardCM.sol 259: if (chainId == 100 || chainId == 10200) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L259-L259 ```solidity File: governance/contracts/multisigs/GuardCM.sol 304: if (chainId == 137 || chainId == 80001) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L304-L304 ```solidity File: governance/contracts/multisigs/GuardCM.sol 519: if (chainId != 100 && chainId != 137 && chainId != 10200 && chainId != 80001) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L519-L519 ```solidity File: governance/contracts/multisigs/GuardCM.sol 519: if (chainId != 100 && chainId != 137 && chainId != 10200 && chainId != 80001) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L519-L519 ```solidity File: tokenomics/contracts/Treasury.sol 73: uint96 public minAcceptedETH = 0.065 ether; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L73-L73 ### [N-35] Long functions should be refactored into multiple, smaller, functions *There are 27 instance(s) of this issue:* ```solidity File: governance/contracts/veOLAS.sol 173: function _checkpoint( ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L173-L173 ```solidity File: governance/contracts/veOLAS.sol 330: function _depositFor( ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L330-L330 ```solidity File: governance/contracts/veOLAS.sol 542: function _findPointByBlock(uint256 blockNumber, address account) internal view ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L542-L542 ```solidity File: governance/contracts/multisigs/GuardCM.sol 252: function _processBridgeData( ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L252-L252 ```solidity File: governance/contracts/multisigs/GuardCM.sol 337: function _verifySchedule(bytes memory data, bytes4 selector) internal { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L337-L337 ```solidity File: governance/contracts/multisigs/GuardCM.sol 387: function checkTransaction( ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L387-L387 ```solidity File: governance/contracts/multisigs/GuardCM.sol 441: function setTargetSelectorChainIds( ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L441-L441 ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol 107: function processMessageFromRoot(uint256 stateId, address rootMessageSender, bytes memory data) external override { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L107-L107 ```solidity File: governance/contracts/bridges/HomeMediator.sol 105: function processMessageFromForeign(bytes memory data) external { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L105-L105 ```solidity File: registries/contracts/UnitRegistry.sol 49: function create(address unitOwner, bytes32 unitHash, uint32[] memory dependencies) ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L49-L49 ```solidity File: registries/contracts/UnitRegistry.sol 200: function _calculateSubComponents(UnitType subcomponentsFromType, uint32[] memory unitIds) internal view virtual ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L200-L200 ```solidity File: registries/contracts/multisigs/GnosisSafeMultisig.sol 45: function _parseData(bytes memory data) internal pure ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeMultisig.sol#L45-L45 ```solidity File: registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol 85: function create( ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol#L85-L85 ```solidity File: tokenomics/contracts/Depository.sol 183: function create(address token, uint256 priceLP, uint256 supply, uint256 vesting) external returns (uint256 productId) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L183-L183 ```solidity File: tokenomics/contracts/Depository.sol 244: function close(uint256[] memory productIds) external returns (uint256[] memory closedProductIds) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L244-L244 ```solidity File: tokenomics/contracts/Depository.sol 291: function deposit(uint256 productId, uint256 tokenAmount) external ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L291-L291 ```solidity File: tokenomics/contracts/Depository.sol 435: function getBonds(address account, bool matured) external view ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L435-L435 ```solidity File: tokenomics/contracts/Tokenomics.sol 264: function initializeTokenomics( ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L264-L264 ```solidity File: tokenomics/contracts/Tokenomics.sol 497: function changeTokenomicsParameters( ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L497-L497 ```solidity File: tokenomics/contracts/Tokenomics.sol 562: function changeIncentiveFractions( ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L562-L562 ```solidity File: tokenomics/contracts/Tokenomics.sol 687: function _trackServiceDonations(address donator, uint256[] memory serviceIds, uint256[] memory amounts, uint256 curEpoch) internal { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L687-L687 ```solidity File: tokenomics/contracts/Tokenomics.sol 831: function _calculateIDF( ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L831-L831 ```solidity File: tokenomics/contracts/Tokenomics.sol 880: function checkpoint() external returns (bool) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L880-L880 ```solidity File: tokenomics/contracts/Tokenomics.sol 1085: function accountOwnerIncentives(address account, uint256[] memory unitTypes, uint256[] memory unitIds) external ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1085-L1085 ```solidity File: tokenomics/contracts/Tokenomics.sol 1160: function getOwnerIncentives(address account, uint256[] memory unitTypes, uint256[] memory unitIds) external view ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1160-L1160 ```solidity File: tokenomics/contracts/Treasury.sol 257: function depositServiceDonationsETH(uint256[] memory serviceIds, uint256[] memory amounts) external payable { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L257-L257 ```solidity File: tokenomics/contracts/Treasury.sol 313: function withdraw(address to, uint256 tokenAmount, address token) external returns (bool success) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L313-L313 ### [N-36] Long lines of code Usually lines in source code are limited to [80](https://softwareengineering.stackexchange.com/questions/148677/why-is-80-characters-the-standard-limit-for-code-width) characters. Today's screens are much larger so it's reasonable to stretch this in some cases. The solidity style guide recommends a maximumum line length of [120 characters](https://docs.soliditylang.org/en/v0.8.17/style-guide.html#maximum-line-length), so the lines below should be split when they reach that length. *There are 121 instance(s) of this issue:* ```solidity File: governance/contracts/GovernorOLAS.sol 7: import {GovernorCompatibilityBravo} from "@openzeppelin/contracts/governance/compatibility/GovernorCompatibilityBravo.sol"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/GovernorOLAS.sol#L7-L7 ```solidity File: governance/contracts/GovernorOLAS.sol 9: import {GovernorVotesQuorumFraction} from "@openzeppelin/contracts/governance/extensions/GovernorVotesQuorumFraction.sol"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/GovernorOLAS.sol#L9-L9 ```solidity File: governance/contracts/GovernorOLAS.sol 10: import {GovernorTimelockControl, TimelockController} from "@openzeppelin/contracts/governance/extensions/GovernorTimelockControl.sol"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/GovernorOLAS.sol#L10-L10 ```solidity File: governance/contracts/GovernorOLAS.sol 15: contract GovernorOLAS is Governor, GovernorSettings, GovernorCompatibilityBravo, GovernorVotes, GovernorVotesQuorumFraction, GovernorTimelockControl { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/GovernorOLAS.sol#L15-L15 ```solidity File: governance/contracts/GovernorOLAS.sol 42: /// @param calldatas The ordered list of data to be passed to each individual function call during proposal execution. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/GovernorOLAS.sol#L42-L42 ```solidity File: governance/contracts/OLAS.sol 72: /// @notice If the inflation control does not pass, the revert does not take place, as well as no action is performed. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L72-L72 ```solidity File: governance/contracts/veOLAS.sol 225: block_slope = (1e18 * uint256(block.number - lastPoint.blockNumber)) / uint256(block.timestamp - lastPoint.ts); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L225-L225 ```solidity File: governance/contracts/veOLAS.sol 258: lastPoint.blockNumber = initialPoint.blockNumber + uint64((block_slope * uint256(tStep - initialPoint.ts)) / 1e18); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L258-L258 ```solidity File: governance/contracts/veOLAS.sol 279: // If last point was in this block, the slope change has been already applied. In such case we have 0 slope(s) ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L279-L279 ```solidity File: governance/contracts/multisigs/GuardCM.sol 90: event SetTargetSelectors(address[] indexed targets, bytes4[] indexed selectors, uint256[] chainIds, bool[] statuses); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L90-L90 ```solidity File: governance/contracts/multisigs/GuardCM.sol 91: event SetBridgeMediators(address[] indexed bridgeMediatorL1s, address[] indexed bridgeMediatorL2s, uint256[] chainIds); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L91-L91 ```solidity File: governance/contracts/multisigs/GuardCM.sol 97: bytes4 public constant SCHEDULE = bytes4(keccak256(bytes("schedule(address,uint256,bytes,bytes32,bytes32,uint256)"))); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L97-L97 ```solidity File: governance/contracts/multisigs/GuardCM.sol 99: bytes4 public constant SCHEDULE_BATCH = bytes4(keccak256(bytes("scheduleBatch(address[],uint256[],bytes[],bytes32,bytes32,uint256)"))); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L99-L99 ```solidity File: governance/contracts/multisigs/GuardCM.sol 101: bytes4 public constant REQUIRE_TO_PASS_MESSAGE = bytes4(keccak256(bytes("requireToPassMessage(address,bytes,uint256)"))); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L101-L101 ```solidity File: governance/contracts/multisigs/GuardCM.sol 108: uint256 public governorCheckProposalId = 88250008686885504216650933897987879122244685460173810624866685274624741477673; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L108-L108 ```solidity File: governance/contracts/multisigs/GuardCM.sol 277: // Decode the requireToPassMessage payload: homeMediator (L2), mediatorPayload (need decoding), requestGasLimit ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L277-L277 ```solidity File: governance/contracts/multisigs/GuardCM.sol 453: if (targets.length != selectors.length || targets.length != statuses.length || targets.length != chainIds.length) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L453-L453 ```solidity File: governance/contracts/multisigs/GuardCM.sol 507: revert WrongArrayLength(bridgeMediatorL1s.length, bridgeMediatorL2s.length, chainIds.length, chainIds.length); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L507-L507 ```solidity File: governance/contracts/bridges/FxERC20ChildTunnel.sol 25: event FxDepositERC20(address indexed childToken, address indexed rootToken, address from, address indexed to, uint256 amount); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20ChildTunnel.sol#L25-L25 ```solidity File: governance/contracts/bridges/FxERC20ChildTunnel.sol 26: event FxWithdrawERC20(address indexed rootToken, address indexed childToken, address from, address indexed to, uint256 amount); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20ChildTunnel.sol#L26-L26 ```solidity File: governance/contracts/bridges/FxERC20RootTunnel.sol 25: event FxDepositERC20(address indexed childToken, address indexed rootToken, address from, address indexed to, uint256 amount); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20RootTunnel.sol#L25-L25 ```solidity File: governance/contracts/bridges/FxERC20RootTunnel.sol 26: event FxWithdrawERC20(address indexed rootToken, address indexed childToken, address from, address indexed to, uint256 amount); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20RootTunnel.sol#L26-L26 ```solidity File: registries/contracts/GenericRegistry.sol 25: // CID = multibase_encoding() ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L25-L25 ```solidity File: registries/contracts/GenericRegistry.sol 26: // CID prefix = multibase_encoding() ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L26-L26 ```solidity File: registries/contracts/GenericRegistry.sol 132: /// @notice Expected multicodec: dag-pb; hashing function: sha2-256, with base16 encoding and leading CID_PREFIX removed. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L132-L132 ```solidity File: registries/contracts/UnitRegistry.sol 86: // In order to get the correct set of subcomponents, we need to differentiate between the callers of this function ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L86-L86 ```solidity File: registries/contracts/UnitRegistry.sol 91: // The resulting set will be [c1, c2, c3]. So we write into the map of component subcomponents: c3=>[c1, c2, c3]. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L91-L91 ```solidity File: registries/contracts/UnitRegistry.sol 243: // If we found a minimal component Id, we increase the counter and break to start the search again ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L243-L243 ```solidity File: registries/contracts/AgentRegistry.sol 49: /// @notice (0) For components this means getting the linearized map of components from the componentRegistry contract. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/AgentRegistry.sol#L49-L49 ```solidity File: registries/contracts/AgentRegistry.sol 67: /// @notice We assume that the external callers calculate subcomponents from the higher unit hierarchy level: agents. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/AgentRegistry.sol#L67-L67 ```solidity File: registries/contracts/multisigs/GnosisSafeMultisig.sol 4: // Gnosis Safe Proxy Factory interface extracted from the mainnet: https://etherscan.io/address/0xa6b71e26c5e0845f74c812102ca7114b6a896ab2#code#F2#L61 ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeMultisig.sol#L4-L4 ```solidity File: registries/contracts/multisigs/GnosisSafeMultisig.sol 9: /// @param saltNonce Nonce that will be used to generate the salt to calculate the address of the new proxy contract. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeMultisig.sol#L9-L9 ```solidity File: registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol 4: // Gnosis Safe Master Copy interface extracted from the mainnet: https://etherscan.io/address/0xd9db270c1b5e3bd161e8c8503c55ceabee709552#code#F6#L126 ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol#L4-L4 ```solidity File: registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol 48: /// @title Gnosis Safe Same Address - Smart contract for Gnosis Safe verification of an already existent multisig address. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol#L48-L48 ```solidity File: registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol 83: /// @param data Packed data containing address of an existent gnosis safe multisig and a payload to call the multisig with. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol#L83-L83 ```solidity File: registries/contracts/interfaces/IRegistry.sol 33: function getLocalSubComponents(uint256 unitId) external view returns (uint32[] memory subComponentIds, uint256 numSubComponents); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/interfaces/IRegistry.sol#L33-L33 ```solidity File: tokenomics/contracts/Depository.sol 111: if (_olas == address(0) || _tokenomics == address(0) || _treasury == address(0) || _bondCalculator == address(0)) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L111-L111 ```solidity File: tokenomics/contracts/Depository.sol 162: /// #if_succeeds {:msg "bondCalculator changed"} _bondCalculator != address(0) ==> bondCalculator == _bondCalculator; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L162-L162 ```solidity File: tokenomics/contracts/Depository.sol 182: /// #if_succeeds {:msg "isActive"} mapBondProducts[productId].supply > 0 && mapBondProducts[productId].vesting == vesting; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L182-L182 ```solidity File: tokenomics/contracts/Depository.sol 183: function create(address token, uint256 priceLP, uint256 supply, uint256 vesting) external returns (uint256 productId) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L183-L183 ```solidity File: tokenomics/contracts/Depository.sol 243: /// #if_succeeds {:msg "success closed"} forall (uint k in productIds) mapBondProducts[productIds[k]].vesting == 0 && mapBondProducts[productIds[k]].supply == 0; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L243-L243 ```solidity File: tokenomics/contracts/Depository.sol 286: /// #if_succeeds {:msg "input supply is non-zero"} old(mapBondProducts[productId].supply) > 0 && mapBondProducts[productId].supply <= type(uint96).max; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L286-L286 ```solidity File: tokenomics/contracts/Depository.sol 287: /// #if_succeeds {:msg "vesting is non-zero"} mapBondProducts[productId].vesting > 0 && mapBondProducts[productId].vesting + block.timestamp <= type(uint32).max; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L287-L287 ```solidity File: tokenomics/contracts/Depository.sol 289: /// #if_succeeds {:msg "payout"} old(mapBondProducts[productId].supply) == mapBondProducts[productId].supply + payout; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L289-L289 ```solidity File: tokenomics/contracts/Depository.sol 290: /// #if_succeeds {:msg "OLAS balances"} IToken(mapBondProducts[productId].token).balanceOf(treasury) == old(IToken(mapBondProducts[productId].token).balanceOf(treasury)) + tokenAmount; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L290-L290 ```solidity File: tokenomics/contracts/Depository.sol 352: /// #if_succeeds {:msg "msg.sender is the only owner"} old(forall (uint k in bondIds) mapUserBonds[bondIds[k]].account == msg.sender); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L352-L352 ```solidity File: tokenomics/contracts/Depository.sol 353: /// #if_succeeds {:msg "accounts deleted"} forall (uint k in bondIds) mapUserBonds[bondIds[k]].account == address(0); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L353-L353 ```solidity File: tokenomics/contracts/Dispenser.sol 83: /// @notice `msg.sender` must be the owner of components / agents they are passing, otherwise the function will revert. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Dispenser.sol#L83-L83 ```solidity File: tokenomics/contracts/Dispenser.sol 84: /// @notice If not all `unitIds` belonging to `msg.sender` were provided, they will be untouched and keep accumulating. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Dispenser.sol#L84-L84 ```solidity File: tokenomics/contracts/GenericBondCalculator.sol 51: // priceLP = 2 * r0/L * 10^18 = 2*r0*10^18/sqrt(r0*r1) ~= 61 + 96 - sqrt(96 * 112) ~= 53 bits (if LP is balanced) ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/GenericBondCalculator.sol#L51-L51 ```solidity File: tokenomics/contracts/GenericBondCalculator.sol 53: // tokenAmount is of the order of sqrt(r0*r1) ~ 104 bits (if balanced) or sqrt(96) ~ 10 bits (if max unbalanced); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/GenericBondCalculator.sol#L53-L53 ```solidity File: tokenomics/contracts/GenericBondCalculator.sol 54: // overall: 64 + 53 + 104 = 221 < 256 - regular case if LP is balanced, and 64 + 147 + 10 = 221 < 256 if unbalanced ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/GenericBondCalculator.sol#L54-L54 ```solidity File: tokenomics/contracts/GenericBondCalculator.sol 55: // mulDiv will correctly fit the total amount up to the value of max uint256, i.e., max of priceLP and max of tokenAmount, ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/GenericBondCalculator.sol#L55-L55 ```solidity File: tokenomics/contracts/GenericBondCalculator.sol 63: // At this point of time IDF is bound by the max of uint64, and totalTokenValue is no bigger than the max of uint192 ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/GenericBondCalculator.sol#L63-L63 ```solidity File: tokenomics/contracts/GenericBondCalculator.sol 88: // Inspired by: https://github.com/curvefi/curve-contract/blob/master/contracts/pool-templates/base/SwapTemplateBase.vy#L262 ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/GenericBondCalculator.sol#L88-L88 ```solidity File: tokenomics/contracts/Tokenomics.sol 115: /// @title Tokenomics - Smart contract for tokenomics logic with incentives for unit owners and discount factor regulations for bonds. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L115-L115 ```solidity File: tokenomics/contracts/Tokenomics.sol 130: uint256 rewardAgentFraction, uint256 maxBondFraction, uint256 topUpComponentFraction, uint256 topUpAgentFraction); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L130-L130 ```solidity File: tokenomics/contracts/Tokenomics.sol 136: event EpochSettled(uint256 indexed epochCounter, uint256 treasuryRewards, uint256 accountRewards, uint256 accountTopUps); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L136-L136 ```solidity File: tokenomics/contracts/Tokenomics.sol 166: // We assume this number will not be practically bigger than 4,722 of its integer-part (with 18 digits of fractional-part) ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L166-L166 ```solidity File: tokenomics/contracts/Tokenomics.sol 207: // We assume this number will not be practically bigger than 4,722 of its integer-part (with 18 digits of fractional-part) ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L207-L207 ```solidity File: tokenomics/contracts/Tokenomics.sol 237: /// @notice Tokenomics contract must be initialized no later than one year from the launch of the OLAS token contract. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L237-L237 ```solidity File: tokenomics/contracts/Tokenomics.sol 251: /// #if_succeeds {:msg "treasury must not be a zero address"} old(_treasury) != address(0) ==> treasury == _treasury; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L251-L251 ```solidity File: tokenomics/contracts/Tokenomics.sol 252: /// #if_succeeds {:msg "depository must not be a zero address"} old(_depository) != address(0) ==> depository == _depository; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L252-L252 ```solidity File: tokenomics/contracts/Tokenomics.sol 253: /// #if_succeeds {:msg "dispenser must not be a zero address"} old(_dispenser) != address(0) ==> dispenser == _dispenser; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L253-L253 ```solidity File: tokenomics/contracts/Tokenomics.sol 255: /// #if_succeeds {:msg "epochLen"} old(_epochLen > MIN_EPOCH_LENGTH && _epochLen <= type(uint32).max) ==> epochLen == _epochLen; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L255-L255 ```solidity File: tokenomics/contracts/Tokenomics.sol 256: /// #if_succeeds {:msg "componentRegistry must not be a zero address"} old(_componentRegistry) != address(0) ==> componentRegistry == _componentRegistry; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L256-L256 ```solidity File: tokenomics/contracts/Tokenomics.sol 257: /// #if_succeeds {:msg "agentRegistry must not be a zero address"} old(_agentRegistry) != address(0) ==> agentRegistry == _agentRegistry; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L257-L257 ```solidity File: tokenomics/contracts/Tokenomics.sol 258: /// #if_succeeds {:msg "serviceRegistry must not be a zero address"} old(_serviceRegistry) != address(0) ==> serviceRegistry == _serviceRegistry; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L258-L258 ```solidity File: tokenomics/contracts/Tokenomics.sol 260: /// #if_succeeds {:msg "inflationPerSecond must not be zero"} inflationPerSecond > 0 && inflationPerSecond <= getInflationForYear(0); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L260-L260 ```solidity File: tokenomics/contracts/Tokenomics.sol 262: /// #if_succeeds {:msg "maxBond"} old(_epochLen > MIN_EPOCH_LENGTH && _epochLen <= type(uint32).max && inflationPerSecond > 0 && inflationPerSecond <= getInflationForYear(0)) ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L262-L262 ```solidity File: tokenomics/contracts/Tokenomics.sol 324: // This value is necessary since it is different from a precise one year time, as the OLAS contract started earlier ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L324-L324 ```solidity File: tokenomics/contracts/Tokenomics.sol 326: // Calculating initial inflation per second: (mintable OLAS from getInflationForYear(0)) / (seconds left in a year) ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L326-L326 ```solidity File: tokenomics/contracts/Tokenomics.sol 327: // Note that we lose precision here dividing by the number of seconds right away, but to avoid complex calculations ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L327-L327 ```solidity File: tokenomics/contracts/Tokenomics.sol 328: // later we consider it less error-prone and sacrifice at most 6 insignificant digits (or 1e-12) of OLAS per year ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L328-L328 ```solidity File: tokenomics/contracts/Tokenomics.sol 354: // E.g. if we have 2 profitable components and 2 profitable agents, this means there are (2 x 2.0 + 2 x 1.0) / 3 = 2 ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L354-L354 ```solidity File: tokenomics/contracts/Tokenomics.sol 491: /// ==> mapEpochTokenomics[epochCounter - 1].epochPoint.endTime > mapEpochTokenomics[epochCounter - 2].epochPoint.endTime; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L491-L491 ```solidity File: tokenomics/contracts/Tokenomics.sol 492: /// #if_succeeds {:msg "epochLen"} old(_epochLen > MIN_EPOCH_LENGTH && _epochLen <= ONE_YEAR && epochLen != _epochLen) ==> nextEpochLen == _epochLen; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L492-L492 ```solidity File: tokenomics/contracts/Tokenomics.sol 493: /// #if_succeeds {:msg "devsPerCapital"} _devsPerCapital > MIN_PARAM_VALUE && _devsPerCapital <= type(uint72).max ==> devsPerCapital == _devsPerCapital; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L493-L493 ```solidity File: tokenomics/contracts/Tokenomics.sol 494: /// #if_succeeds {:msg "codePerDev"} _codePerDev > MIN_PARAM_VALUE && _codePerDev <= type(uint72).max ==> codePerDev == _codePerDev; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L494-L494 ```solidity File: tokenomics/contracts/Tokenomics.sol 496: /// #if_succeeds {:msg "veOLASThreshold"} _veOLASThreshold > 0 && _veOLASThreshold <= type(uint96).max ==> nextVeOLASThreshold == _veOLASThreshold; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L496-L496 ```solidity File: tokenomics/contracts/Tokenomics.sol 551: emit TokenomicsParametersUpdateRequested(epochCounter + 1, _devsPerCapital, _codePerDev, _epsilonRate, _epochLen, ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L551-L551 ```solidity File: tokenomics/contracts/Tokenomics.sol 561: /// #if_succeeds {:msg "maxBond"} mapEpochTokenomics[epochCounter + 1].epochPoint.maxBondFraction == _maxBondFraction; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L561-L561 ```solidity File: tokenomics/contracts/Tokenomics.sol 608: /// #if_succeeds {:msg "effectiveBond"} old(effectiveBond) > amount ==> effectiveBond == old(effectiveBond) - amount; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L608-L608 ```solidity File: tokenomics/contracts/Tokenomics.sol 629: /// #if_succeeds {:msg "effectiveBond"} old(effectiveBond + amount) <= type(uint96).max ==> effectiveBond == old(effectiveBond) + amount; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L629-L629 ```solidity File: tokenomics/contracts/Tokenomics.sol 674: uint256 sumUnitIncentives = uint256(mapEpochTokenomics[epochNum].unitPoints[unitType].sumUnitTopUpsOLAS) * 100; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L674-L674 ```solidity File: tokenomics/contracts/Tokenomics.sol 687: function _trackServiceDonations(address donator, uint256[] memory serviceIds, uint256[] memory amounts, uint256 curEpoch) internal { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L687-L687 ```solidity File: tokenomics/contracts/Tokenomics.sol 783: /// #if_succeeds {:msg "totalDonationsETH can only increase"} old(mapEpochTokenomics[epochCounter].epochPoint.totalDonationsETH) + donationETH <= type(uint96).max ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L783-L783 ```solidity File: tokenomics/contracts/Tokenomics.sol 784: /// ==> mapEpochTokenomics[epochCounter].epochPoint.totalDonationsETH == old(mapEpochTokenomics[epochCounter].epochPoint.totalDonationsETH) + donationETH; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L784-L784 ```solidity File: tokenomics/contracts/Tokenomics.sol 785: /// #if_succeeds {:msg "sumUnitTopUpsOLAS for components can only increase"} mapEpochTokenomics[epochCounter].unitPoints[0].sumUnitTopUpsOLAS >= old(mapEpochTokenomics[epochCounter].unitPoints[0].sumUnitTopUpsOLAS); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L785-L785 ```solidity File: tokenomics/contracts/Tokenomics.sol 786: /// #if_succeeds {:msg "sumUnitTopUpsOLAS for agents can only increase"} mapEpochTokenomics[epochCounter].unitPoints[1].sumUnitTopUpsOLAS >= old(mapEpochTokenomics[epochCounter].unitPoints[1].sumUnitTopUpsOLAS); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L786-L786 ```solidity File: tokenomics/contracts/Tokenomics.sol 787: /// #if_succeeds {:msg "numNewOwners can only increase"} mapEpochTokenomics[epochCounter].epochPoint.numNewOwners >= old(mapEpochTokenomics[epochCounter].epochPoint.numNewOwners); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L787-L787 ```solidity File: tokenomics/contracts/Tokenomics.sol 866: /// not valid not to call a checkpoint for longer than a year. Thus, the function will return false otherwise. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L866-L866 ```solidity File: tokenomics/contracts/Tokenomics.sol 870: /// #if_succeeds {:msg "two events will never happen at the same time"} $result == true && (block.timestamp - timeLaunch) / ONE_YEAR > old(currentYear) ==> currentYear == old(currentYear) + 1; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L870-L870 ```solidity File: tokenomics/contracts/Tokenomics.sol 871: /// #if_succeeds {:msg "previous epoch endTime must never be zero"} mapEpochTokenomics[epochCounter - 1].epochPoint.endTime > 0; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L871-L871 ```solidity File: tokenomics/contracts/Tokenomics.sol 872: /// #if_succeeds {:msg "when the year is the same, the adjusted maxBond (incentives[4]) will never be lower than the epoch maxBond"} ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L872-L872 ```solidity File: tokenomics/contracts/Tokenomics.sol 874: /// ==> old((inflationPerSecond * (block.timestamp - mapEpochTokenomics[epochCounter - 1].epochPoint.endTime) * mapEpochTokenomics[epochCounter].epochPoint.maxBondFraction) / 100) >= old(maxBond); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L874-L874 ```solidity File: tokenomics/contracts/Tokenomics.sol 875: /// #if_succeeds {:msg "idf check"} $result == true ==> mapEpochTokenomics[epochCounter].epochPoint.idf >= 1e18 && mapEpochTokenomics[epochCounter].epochPoint.idf <= 18e18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L875-L875 ```solidity File: tokenomics/contracts/Tokenomics.sol 879: /// ==> mapEpochTokenomics[epochCounter].unitPoints[0].rewardUnitFraction + mapEpochTokenomics[epochCounter].unitPoints[1].rewardUnitFraction + mapEpochTokenomics[epochCounter].epochPoint.rewardTreasuryFraction == 100; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L879-L879 ```solidity File: tokenomics/contracts/Tokenomics.sol 941: // Set the tokenomics parameters flag such that the maxBond is correctly updated below (3rd bit is set to one) ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L941-L941 ```solidity File: tokenomics/contracts/Tokenomics.sol 962: // This has to be always true, or incentives[4] == curMaxBond if the epoch is settled exactly at the epochLen time ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L962-L962 ```solidity File: tokenomics/contracts/Tokenomics.sol 971: // Update incentive fractions for the next epoch if they were requested by the changeIncentiveFractions() function ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L971-L971 ```solidity File: tokenomics/contracts/Tokenomics.sol 1222: uint256 sumUnitIncentives = uint256(mapEpochTokenomics[lastEpoch].unitPoints[unitTypes[i]].sumUnitTopUpsOLAS) * 100; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1222-L1222 ```solidity File: tokenomics/contracts/TokenomicsConstants.sol 67: // For the first 10 years the inflation caps are pre-defined as differences between next year cap and current year one ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsConstants.sol#L67-L67 ```solidity File: tokenomics/contracts/TokenomicsProxy.sol 27: // Code position in storage is keccak256("PROXY_TOKENOMICS") = "0xbd5523e7c3b6a94aa0e3b24d1120addc2f95c7029e097b466b2bedc8d4b4362f" ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsProxy.sol#L27-L27 ```solidity File: tokenomics/contracts/Treasury.sol 44: event DepositTokenFromAccount(address indexed account, address indexed token, uint256 tokenAmount, uint256 olasAmount); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L44-L44 ```solidity File: tokenomics/contracts/Treasury.sol 117: /// #if_succeeds {:msg "conservation law"} old(ETHOwned) + msg.value + old(ETHFromServices) <= type(uint96).max && ETHOwned == old(ETHOwned) + msg.value ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L117-L117 ```solidity File: tokenomics/contracts/Treasury.sol 210: /// #if_succeeds {:msg "OLAS balances"} IToken(olas).balanceOf(msg.sender) == old(IToken(olas).balanceOf(msg.sender)) + olasMintAmount; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L210-L210 ```solidity File: tokenomics/contracts/Treasury.sol 211: /// #if_succeeds {:msg "OLAS supply"} IToken(olas).totalSupply() == old(IToken(olas).totalSupply()) + olasMintAmount; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L211-L211 ```solidity File: tokenomics/contracts/Treasury.sol 227: // Uniswap allowance implementation does not revert with the accurate message, need to check before the transfer is engaged ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L227-L227 ```solidity File: tokenomics/contracts/Treasury.sol 248: /// @notice Each provided service Id must be deployed at least once, otherwise its components and agents are undefined. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L248-L248 ```solidity File: tokenomics/contracts/Treasury.sol 250: /// configuration component / agent owners until the service is re-deployed when new agent Ids are accounted for. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L250-L250 ```solidity File: tokenomics/contracts/Treasury.sol 254: /// #if_succeeds {:msg "updated ETHFromServices"} old(ETHFromServices) + msg.value + old(ETHOwned) <= type(uint96).max && ETHFromServices == old(ETHFromServices) + msg.value ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L254-L254 ```solidity File: tokenomics/contracts/Treasury.sol 290: // Check for the overflow values, specifically when fuzzing, since realistically these amounts are assumed to be not possible ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L290-L290 ```solidity File: tokenomics/contracts/Treasury.sol 310: /// #if_succeeds {:msg "ETH balance"} token == ETH_TOKEN_ADDRESS ==> address(this).balance == old(address(this).balance) - tokenAmount; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L310-L310 ```solidity File: tokenomics/contracts/Treasury.sol 311: /// #if_succeeds {:msg "updated token reserves"} token != ETH_TOKEN_ADDRESS ==> mapTokenReserves[token] == old(mapTokenReserves[token]) - tokenAmount; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L311-L311 ```solidity File: tokenomics/contracts/Treasury.sol 382: /// #if_succeeds {:msg "updated ETHFromServices"} accountRewards > 0 && ETHFromServices >= accountRewards ==> ETHFromServices == old(ETHFromServices) - accountRewards; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L382-L382 ```solidity File: tokenomics/contracts/Treasury.sol 383: /// #if_succeeds {:msg "ETH balance"} accountRewards > 0 && ETHFromServices >= accountRewards ==> address(this).balance == old(address(this).balance) - accountRewards; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L383-L383 ```solidity File: tokenomics/contracts/Treasury.sol 384: /// #if_succeeds {:msg "updated OLAS balances"} accountTopUps > 0 ==> IToken(olas).balanceOf(account) == old(IToken(olas).balanceOf(account)) + accountTopUps; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L384-L384 ```solidity File: tokenomics/contracts/Treasury.sol 462: /// #if_succeeds {:msg "correct update total eth balance"} address(this).balance == old(address(this).balance) + amount; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L462-L462 ```solidity File: tokenomics/contracts/Treasury.sol 464: ///if_succeeds {:msg "slashed funds check"} IServiceRegistry(ITokenomics(tokenomics).serviceRegistry()).slashedFunds() >= minAcceptedETH ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L464-L464 ```solidity File: tokenomics/contracts/interfaces/ITreasury.sol 31: function withdrawToAccount(address account, uint256 accountRewards, uint256 accountTopUps) external returns (bool success); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/ITreasury.sol#L31-L31 ### [N-37] Missing event and or timelock for critical parameter change Events help non-contract tools to track changes, and events prevent users from being surprised by changes *There are 5 instance(s) of this issue:* ```solidity File: governance/contracts/wveOLAS.sol 26: function mapSlopeChanges(uint64 ts) external view returns (int128 slopeChange); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L26-L26 ```solidity File: registries/contracts/UnitRegistry.sol 171: function getUpdatedHashes(uint256 unitId) external view virtual 172: returns (uint256 numHashes, bytes32[] memory unitHashes) 173: { 174: unitHashes = mapUnitIdHashes[unitId]; 175: return (unitHashes.length, unitHashes); 176: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L171-L176 ```solidity File: registries/contracts/interfaces/IRegistry.sol 27: function updateHash(address owner, uint256 unitId, bytes32 unitHash) external returns (bool success); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/interfaces/IRegistry.sol#L27-L27 ```solidity File: registries/contracts/interfaces/IRegistry.sol 44: function getUpdatedHashes(uint256 unitId) external view returns (uint256 numHashes, bytes32[] memory unitHashes); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/interfaces/IRegistry.sol#L44-L44 ```solidity File: tokenomics/contracts/interfaces/ITreasury.sol 16: function depositServiceDonationsETH(uint256[] memory serviceIds, uint256[] memory amounts) external payable; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/ITreasury.sol#L16-L16 ### [N-38] File is missing NatSpec *There are 1 instance(s) of this issue:* ```solidity File: tokenomics/contracts/interfaces/IUniswapV2Pair.sol 0: ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IUniswapV2Pair.sol#L0-L0 ### [N-39] Mixed usage of `int`/`uint` with `int256`/`uint256` `int256`/`uint256` are the preferred type names (they're what are used for function signatures), so they should be used consistently *There are 2 instance(s) of this issue:* ```solidity File: governance/contracts/multisigs/GuardCM.sol 360: for (uint i = 0; i < targets.length; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L360-L360 ```solidity File: tokenomics/contracts/interfaces/IUniswapV2Pair.sol 6: function totalSupply() external view returns (uint); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IUniswapV2Pair.sol#L6-L6 ### [N-40] Consider using named mappings Consider using [named mappings](https://ethereum.stackexchange.com/a/145555) to make it easier to understand the purpose of each mapping *There are 24 instance(s) of this issue:* ```solidity File: governance/contracts/veOLAS.sol 112: mapping(address => LockedBalance) public mapLockedBalances; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L112-L112 ```solidity File: governance/contracts/veOLAS.sol 117: mapping(uint256 => PointVoting) public mapSupplyPoints; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L117-L117 ```solidity File: governance/contracts/veOLAS.sol 119: mapping(address => PointVoting[]) public mapUserPoints; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L119-L119 ```solidity File: governance/contracts/veOLAS.sol 121: mapping(uint64 => int128) public mapSlopeChanges; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L121-L121 ```solidity File: governance/contracts/multisigs/GuardCM.sol 130: mapping(uint256 => bool) public mapAllowedTargetSelectorChainIds; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L130-L130 ```solidity File: governance/contracts/multisigs/GuardCM.sol 132: mapping(address => uint256) public mapBridgeMediatorL1L2ChainIds; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L132-L132 ```solidity File: registries/contracts/UnitRegistry.sol 29: mapping(uint256 => bytes32[]) public mapUnitIdHashes; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L29-L29 ```solidity File: registries/contracts/UnitRegistry.sol 31: mapping(uint256 => uint32[]) public mapSubComponents; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L31-L31 ```solidity File: registries/contracts/UnitRegistry.sol 33: mapping(uint256 => Unit) public mapUnits; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L33-L33 ```solidity File: tokenomics/contracts/Depository.sol 98: mapping(uint256 => Bond) public mapUserBonds; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L98-L98 ```solidity File: tokenomics/contracts/Depository.sol 100: mapping(uint256 => Product) public mapBondProducts; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L100-L100 ```solidity File: tokenomics/contracts/DonatorBlacklist.sol 27: mapping(address => bool) public mapBlacklistedDonators; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/DonatorBlacklist.sol#L27-L27 ```solidity File: tokenomics/contracts/Tokenomics.sol 93: mapping(uint256 => UnitPoint) unitPoints; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L93-L93 ```solidity File: tokenomics/contracts/Tokenomics.sol 217: mapping(uint256 => uint256) public mapServiceAmounts; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L217-L217 ```solidity File: tokenomics/contracts/Tokenomics.sol 219: mapping(address => uint256) public mapOwnerRewards; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L219-L219 ```solidity File: tokenomics/contracts/Tokenomics.sol 221: mapping(address => uint256) public mapOwnerTopUps; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L221-L221 ```solidity File: tokenomics/contracts/Tokenomics.sol 223: mapping(uint256 => TokenomicsPoint) public mapEpochTokenomics; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L223-L223 ```solidity File: tokenomics/contracts/Tokenomics.sol 225: mapping(uint256 => mapping(uint256 => bool)) public mapNewUnits; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L225-L225 ```solidity File: tokenomics/contracts/Tokenomics.sol 225: mapping(uint256 => mapping(uint256 => bool)) public mapNewUnits; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L225-L225 ```solidity File: tokenomics/contracts/Tokenomics.sol 227: mapping(address => bool) public mapNewOwners; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L227-L227 ```solidity File: tokenomics/contracts/Tokenomics.sol 229: mapping(uint256 => mapping(uint256 => IncentiveBalances)) public mapUnitIncentives; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L229-L229 ```solidity File: tokenomics/contracts/Tokenomics.sol 229: mapping(uint256 => mapping(uint256 => IncentiveBalances)) public mapUnitIncentives; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L229-L229 ```solidity File: tokenomics/contracts/Treasury.sol 86: mapping(address => uint256) public mapTokenReserves; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L86-L86 ```solidity File: tokenomics/contracts/Treasury.sol 88: mapping(address => bool) public mapEnabledTokens; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L88-L88 ### [N-41] Consider using later versions of solidity for more cappabilities Consider using solidity 0.8.18 or later to benefit from multiple things including the named mappings [named mappings](https://ethereum.stackexchange.com/a/145555) to make it easier to understand the purpose of each mapping *There are 12 instance(s) of this issue:* ```solidity File: governance/contracts/OLAS.sol 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L2-L2 ```solidity File: governance/contracts/veOLAS.sol 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L2-L2 ```solidity File: governance/contracts/interfaces/IErrors.sol 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/interfaces/IErrors.sol#L2-L2 ```solidity File: registries/contracts/GenericRegistry.sol 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L2-L2 ```solidity File: registries/contracts/UnitRegistry.sol 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L2-L2 ```solidity File: registries/contracts/ComponentRegistry.sol 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/ComponentRegistry.sol#L2-L2 ```solidity File: registries/contracts/AgentRegistry.sol 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/AgentRegistry.sol#L2-L2 ```solidity File: registries/contracts/GenericManager.sol 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericManager.sol#L2-L2 ```solidity File: registries/contracts/RegistriesManager.sol 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/RegistriesManager.sol#L2-L2 ```solidity File: registries/contracts/multisigs/GnosisSafeMultisig.sol 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeMultisig.sol#L2-L2 ```solidity File: registries/contracts/interfaces/IErrorsRegistries.sol 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/interfaces/IErrorsRegistries.sol#L2-L2 ```solidity File: registries/contracts/interfaces/IRegistry.sol 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/interfaces/IRegistry.sol#L2-L2 ### [N-42] Events that mark critical parameter changes should contain both the old and the new value This should especially be done if the new value is not required to be different from the old value *There are 48 instance(s) of this issue:* ```solidity File: governance/contracts/OLAS.sol 18: event MinterUpdated(address indexed minter); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L18-L18 ```solidity File: governance/contracts/OLAS.sol 19: event OwnerUpdated(address indexed owner); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L19-L19 ```solidity File: governance/contracts/multisigs/GuardCM.sol 89: event GovernorUpdated(address indexed governor); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L89-L89 ```solidity File: governance/contracts/multisigs/GuardCM.sol 90: event SetTargetSelectors(address[] indexed targets, bytes4[] indexed selectors, uint256[] chainIds, bool[] statuses); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L90-L90 ```solidity File: governance/contracts/multisigs/GuardCM.sol 91: event SetBridgeMediators(address[] indexed bridgeMediatorL1s, address[] indexed bridgeMediatorL2s, uint256[] chainIds); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L91-L91 ```solidity File: governance/contracts/multisigs/GuardCM.sol 92: event GovernorCheckProposalIdChanged(uint256 indexed proposalId); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L92-L92 ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol 48: event RootGovernorUpdated(address indexed rootMessageSender); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L48-L48 ```solidity File: governance/contracts/bridges/HomeMediator.sol 48: event ForeignGovernorUpdated(address indexed foreignMessageSender); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L48-L48 ```solidity File: governance/contracts/bridges/BridgedERC20.sol 19: event OwnerUpdated(address indexed owner); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/BridgedERC20.sol#L19-L19 ```solidity File: registries/contracts/GenericRegistry.sol 10: event OwnerUpdated(address indexed owner); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L10-L10 ```solidity File: registries/contracts/GenericRegistry.sol 11: event ManagerUpdated(address indexed manager); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L11-L11 ```solidity File: registries/contracts/GenericRegistry.sol 12: event BaseURIChanged(string baseURI); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L12-L12 ```solidity File: registries/contracts/UnitRegistry.sol 10: event UpdateUnitHash(uint256 unitId, UnitType uType, bytes32 unitHash); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L10-L10 ```solidity File: registries/contracts/GenericManager.sol 9: event OwnerUpdated(address indexed owner); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericManager.sol#L9-L9 ```solidity File: tokenomics/contracts/Depository.sol 63: event OwnerUpdated(address indexed owner); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L63-L63 ```solidity File: tokenomics/contracts/Depository.sol 64: event TokenomicsUpdated(address indexed tokenomics); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L64-L64 ```solidity File: tokenomics/contracts/Depository.sol 65: event TreasuryUpdated(address indexed treasury); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L65-L65 ```solidity File: tokenomics/contracts/Depository.sol 66: event BondCalculatorUpdated(address indexed bondCalculator); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L66-L66 ```solidity File: tokenomics/contracts/Dispenser.sol 12: event OwnerUpdated(address indexed owner); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Dispenser.sol#L12-L12 ```solidity File: tokenomics/contracts/Dispenser.sol 13: event TokenomicsUpdated(address indexed tokenomics); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Dispenser.sol#L13-L13 ```solidity File: tokenomics/contracts/Dispenser.sol 14: event TreasuryUpdated(address indexed treasury); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Dispenser.sol#L14-L14 ```solidity File: tokenomics/contracts/Dispenser.sol 15: event IncentivesClaimed(address indexed owner, uint256 reward, uint256 topUp); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Dispenser.sol#L15-L15 ```solidity File: tokenomics/contracts/DonatorBlacklist.sol 21: event OwnerUpdated(address indexed owner); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/DonatorBlacklist.sol#L21-L21 ```solidity File: tokenomics/contracts/Tokenomics.sol 119: event OwnerUpdated(address indexed owner); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L119-L119 ```solidity File: tokenomics/contracts/Tokenomics.sol 120: event TreasuryUpdated(address indexed treasury); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L120-L120 ```solidity File: tokenomics/contracts/Tokenomics.sol 121: event DepositoryUpdated(address indexed depository); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L121-L121 ```solidity File: tokenomics/contracts/Tokenomics.sol 122: event DispenserUpdated(address indexed dispenser); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L122-L122 ```solidity File: tokenomics/contracts/Tokenomics.sol 123: event EpochLengthUpdated(uint256 epochLen); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L123-L123 ```solidity File: tokenomics/contracts/Tokenomics.sol 124: event EffectiveBondUpdated(uint256 effectiveBond); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L124-L124 ```solidity File: tokenomics/contracts/Tokenomics.sol 125: event IDFUpdated(uint256 idf); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L125-L125 ```solidity File: tokenomics/contracts/Tokenomics.sol 128: event TokenomicsParametersUpdated(uint256 indexed epochNumber); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L128-L128 ```solidity File: tokenomics/contracts/Tokenomics.sol 129: event IncentiveFractionsUpdateRequested(uint256 indexed epochNumber, uint256 rewardComponentFraction, 130: uint256 rewardAgentFraction, uint256 maxBondFraction, uint256 topUpComponentFraction, uint256 topUpAgentFraction); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L129-L130 ```solidity File: tokenomics/contracts/Tokenomics.sol 131: event IncentiveFractionsUpdated(uint256 indexed epochNumber); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L131-L131 ```solidity File: tokenomics/contracts/Tokenomics.sol 132: event ComponentRegistryUpdated(address indexed componentRegistry); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L132-L132 ```solidity File: tokenomics/contracts/Tokenomics.sol 133: event AgentRegistryUpdated(address indexed agentRegistry); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L133-L133 ```solidity File: tokenomics/contracts/Tokenomics.sol 134: event ServiceRegistryUpdated(address indexed serviceRegistry); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L134-L134 ```solidity File: tokenomics/contracts/Tokenomics.sol 135: event DonatorBlacklistUpdated(address indexed blacklist); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L135-L135 ```solidity File: tokenomics/contracts/Tokenomics.sol 136: event EpochSettled(uint256 indexed epochCounter, uint256 treasuryRewards, uint256 accountRewards, uint256 accountTopUps); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L136-L136 ```solidity File: tokenomics/contracts/Tokenomics.sol 137: event TokenomicsImplementationUpdated(address indexed implementation); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L137-L137 ```solidity File: tokenomics/contracts/Treasury.sol 40: event OwnerUpdated(address indexed owner); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L40-L40 ```solidity File: tokenomics/contracts/Treasury.sol 41: event TokenomicsUpdated(address indexed tokenomics); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L41-L41 ```solidity File: tokenomics/contracts/Treasury.sol 42: event DepositoryUpdated(address indexed depository); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L42-L42 ```solidity File: tokenomics/contracts/Treasury.sol 43: event DispenserUpdated(address indexed dispenser); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L43-L43 ```solidity File: tokenomics/contracts/Treasury.sol 45: event DonateToServicesETH(address indexed sender, uint256[] serviceIds, uint256[] amounts, uint256 donation); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L45-L45 ```solidity File: tokenomics/contracts/Treasury.sol 50: event UpdateTreasuryBalances(uint256 ETHOwned, uint256 ETHFromServices); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L50-L50 ```solidity File: tokenomics/contracts/Treasury.sol 51: event PauseTreasury(); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L51-L51 ```solidity File: tokenomics/contracts/Treasury.sol 52: event UnpauseTreasury(); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L52-L52 ```solidity File: tokenomics/contracts/Treasury.sol 53: event MinAcceptedETHUpdated(uint256 amount); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L53-L53 ### [N-43] `override` function arguments that are unused should have the variable name removed or commented out to avoid compiler warnings *There are 7 instance(s) of this issue:* ```solidity File: governance/contracts/veOLAS.sol //@audit to is not used //@audit amount is not used 767: function transfer(address to, uint256 amount) external virtual override returns (bool) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L767-L767 ```solidity File: governance/contracts/veOLAS.sol //@audit spender is not used //@audit amount is not used 772: function approve(address spender, uint256 amount) external virtual override returns (bool) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L772-L772 ```solidity File: governance/contracts/veOLAS.sol //@audit from is not used //@audit to is not used //@audit amount is not used 777: function transferFrom(address from, address to, uint256 amount) external virtual override returns (bool) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L777-L777 ```solidity File: governance/contracts/veOLAS.sol //@audit owner is not used //@audit spender is not used 782: function allowance(address owner, address spender) external view virtual override returns (uint256) ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L782-L782 ```solidity File: governance/contracts/veOLAS.sol //@audit account is not used 788: function delegates(address account) external view virtual override returns (address) ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L788-L788 ```solidity File: governance/contracts/veOLAS.sol //@audit delegatee is not used 794: function delegate(address delegatee) external virtual override ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L794-L794 ```solidity File: governance/contracts/veOLAS.sol //@audit delegatee is not used //@audit nonce is not used //@audit expiry is not used //@audit v is not used //@audit r is not used //@audit s is not used 800: function delegateBySig(address delegatee, uint256 nonce, uint256 expiry, uint8 v, bytes32 r, bytes32 s) ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L800-L800 ### [N-44] Use of `override` is unnecessary Starting with Solidity version [0.8.8](https://docs.soliditylang.org/en/v0.8.20/contracts.html#function-overriding), using the `override` keyword when the function solely overrides an interface function, and the function doesn't exist in multiple base contracts, is unnecessary. *There are 15 instance(s) of this issue:* ```solidity File: governance/contracts/veOLAS.sol 633: function getVotes(address account) public view override returns (uint256) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L633-L633 ```solidity File: governance/contracts/veOLAS.sol 672: function getPastVotes(address account, uint256 blockNumber) public view override returns (uint256 balance) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L672-L672 ```solidity File: governance/contracts/veOLAS.sol 752: function getPastTotalSupply(uint256 blockNumber) public view override returns (uint256) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L752-L752 ```solidity File: governance/contracts/veOLAS.sol 761: function supportsInterface(bytes4 interfaceId) public view virtual override returns (bool) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L761-L761 ```solidity File: governance/contracts/veOLAS.sol 788: function delegates(address account) external view virtual override returns (address) ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L788-L788 ```solidity File: governance/contracts/veOLAS.sol 794: function delegate(address delegatee) external virtual override ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L794-L794 ```solidity File: governance/contracts/veOLAS.sol 800: function delegateBySig(address delegatee, uint256 nonce, uint256 expiry, uint8 v, bytes32 r, bytes32 s) 801: external virtual override ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L800-L801 ```solidity File: governance/contracts/bridges/FxERC20ChildTunnel.sol 70: function _processMessageFromRoot( 71: uint256 /* stateId */, 72: address sender, 73: bytes memory message 74: ) internal override validateSender(sender) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20ChildTunnel.sol#L70-L74 ```solidity File: governance/contracts/bridges/FxERC20RootTunnel.sol 72: function _processMessageFromChild(bytes memory message) internal override { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20RootTunnel.sol#L72-L72 ```solidity File: registries/contracts/GenericRegistry.sol 135: function tokenURI(uint256 unitId) public view virtual override returns (string memory) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L135-L135 ```solidity File: registries/contracts/UnitRegistry.sol 270: function _getUnitHash(uint256 unitId) internal view override returns (bytes32) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L270-L270 ```solidity File: registries/contracts/ComponentRegistry.sol 27: function _checkDependencies(uint32[] memory dependencies, uint32 maxComponentId) internal virtual override { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/ComponentRegistry.sol#L27-L27 ```solidity File: registries/contracts/ComponentRegistry.sol 41: function _getSubComponents(UnitType, uint32 componentId) internal view virtual override ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/ComponentRegistry.sol#L41-L41 ```solidity File: registries/contracts/AgentRegistry.sol 31: function _checkDependencies(uint32[] memory dependencies, uint32) internal virtual override { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/AgentRegistry.sol#L31-L31 ```solidity File: registries/contracts/AgentRegistry.sol 54: function _getSubComponents(UnitType subcomponentsFromType, uint32 unitId) internal view virtual override ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/AgentRegistry.sol#L54-L54 ### [N-45] NatSpec `@param` is missing *There are 21 instance(s) of this issue:* ```solidity File: governance/contracts/veOLAS.sol // @audit the @param to is missing // @audit the @param amount is missing @dev Reverts the transfer of this token. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L767-L1 ```solidity File: governance/contracts/veOLAS.sol // @audit the @param spender is missing // @audit the @param amount is missing @dev Reverts the approval of this token. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L772-L1 ```solidity File: governance/contracts/veOLAS.sol // @audit the @param from is missing // @audit the @param to is missing // @audit the @param amount is missing @dev Reverts the transferFrom of this token. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L777-L1 ```solidity File: governance/contracts/veOLAS.sol // @audit the @param owner is missing // @audit the @param spender is missing @dev Reverts the allowance of this token. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L782-L1 ```solidity File: governance/contracts/veOLAS.sol // @audit the @param account is missing @dev Reverts delegates of this token. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L788-L1 ```solidity File: governance/contracts/veOLAS.sol // @audit the @param delegatee is missing @dev Reverts delegate for this token. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L794-L1 ```solidity File: governance/contracts/veOLAS.sol // @audit the @param delegatee is missing // @audit the @param nonce is missing // @audit the @param expiry is missing // @audit the @param v is missing // @audit the @param r is missing // @audit the @param s is missing @dev Reverts delegateBySig for this token. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L800-L1 ```solidity File: governance/contracts/wveOLAS.sol // @audit the @param owner is missing // @audit the @param spender is missing @dev Reverts the allowance of this token. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L101-L1 ```solidity File: governance/contracts/wveOLAS.sol // @audit the @param account is missing @dev Reverts delegates of this token. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L104-L1 ```solidity File: governance/contracts/wveOLAS.sol // @audit the @param is missing // @audit the @param is missing @dev Reverts the transfer of this token. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L297-L1 ```solidity File: governance/contracts/wveOLAS.sol // @audit the @param is missing // @audit the @param is missing @dev Reverts the approval of this token. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L302-L1 ```solidity File: governance/contracts/wveOLAS.sol // @audit the @param is missing // @audit the @param is missing // @audit the @param is missing @dev Reverts the transferFrom of this token. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L307-L1 ```solidity File: governance/contracts/wveOLAS.sol // @audit the @param is missing // @audit the @param is missing @dev Reverts the allowance of this token. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L312-L1 ```solidity File: governance/contracts/wveOLAS.sol // @audit the @param is missing @dev Reverts delegates of this token. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L317-L1 ```solidity File: governance/contracts/wveOLAS.sol // @audit the @param is missing @dev Reverts delegate for this token. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L322-L1 ```solidity File: governance/contracts/wveOLAS.sol // @audit the @param is missing // @audit the @param is missing // @audit the @param is missing // @audit the @param is missing // @audit the @param is missing // @audit the @param is missing @dev Reverts delegateBySig for this token. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L328-L1 ```solidity File: governance/contracts/multisigs/GuardCM.sol // @audit the @param is missing // @audit the @param is missing @dev Guards the multisig call after its execution. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L572-L1 ```solidity File: tokenomics/contracts/Depository.sol // @audit the @param _bondCalculator is missing @dev Depository constructor. @param _olas OLAS token address. @param _treasury Treasury address. @param _tokenomics Tokenomics address. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L106-L1 ```solidity File: tokenomics/contracts/Depository.sol // @audit the @param _bondCalculator is missing @dev Changes Bond Calculator contract address #if_succeeds {:msg "bondCalculator changed"} _bondCalculator != address(0) ==> bondCalculator == _bondCalculator; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L163-L1 ```solidity File: tokenomics/contracts/Tokenomics.sol // @audit the @param _veOLASThreshold is missing @dev Changes tokenomics parameters. @notice Parameter values are not updated for those that are passed as zero or out of defined bounds. @param _devsPerCapital Number of valuable devs can be paid per units of capital per epoch. @param _codePerDev Number of units of useful code that can be built by a developer during one epoch. @param _epsilonRate Epsilon rate that contributes to the interest rate value. @param _epochLen New epoch length. #if_succeeds {:msg "ep is correct endTime"} epochCounter > 1 ==> mapEpochTokenomics[epochCounter - 1].epochPoint.endTime > mapEpochTokenomics[epochCounter - 2].epochPoint.endTime; #if_succeeds {:msg "epochLen"} old(_epochLen > MIN_EPOCH_LENGTH && _epochLen <= ONE_YEAR && epochLen != _epochLen) ==> nextEpochLen == _epochLen; #if_succeeds {:msg "devsPerCapital"} _devsPerCapital > MIN_PARAM_VALUE && _devsPerCapital <= type(uint72).max ==> devsPerCapital == _devsPerCapital; #if_succeeds {:msg "codePerDev"} _codePerDev > MIN_PARAM_VALUE && _codePerDev <= type(uint72).max ==> codePerDev == _codePerDev; #if_succeeds {:msg "epsilonRate"} _epsilonRate > 0 && _epsilonRate < 17e18 ==> epsilonRate == _epsilonRate; #if_succeeds {:msg "veOLASThreshold"} _veOLASThreshold > 0 && _veOLASThreshold <= type(uint96).max ==> nextVeOLASThreshold == _veOLASThreshold; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L497-L1 ```solidity File: tokenomics/contracts/interfaces/IServiceRegistry.sol // @audit the @param unitType is missing @dev Gets the full set of linearized components / canonical agent Ids for a specified service. @notice The service must be / have been deployed in order to get the actual data. @param serviceId Service Id. @return numUnitIds Number of component / agent Ids. @return unitIds Set of component / agent Ids. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IServiceRegistry.sol#L21-L1 ### [N-46] Functions which are either private or internal should have a preceding _ in their name Add a preceding underscore to the function name, take care to refactor where there functions are called *There are 1 instance(s) of this issue:* ```solidity File: registries/contracts/UnitRegistry.sol 35: constructor(UnitType _unitType) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L35-L35 ### [N-47] `public` functions not called by the contract should be declared `external` instead Contracts [are allowed](https://docs.soliditylang.org/en/latest/contracts.html#function-overriding) to override their parents' functions and change the visibility from `external` to `public`. *There are 3 instance(s) of this issue:* ```solidity File: governance/contracts/veOLAS.sol 745: function totalSupplyLocked() public view returns (uint256) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L745-L745 ```solidity File: tokenomics/contracts/TokenomicsConstants.sol 30: function getSupplyCapForYear(uint256 numYears) public pure returns (uint256 supplyCap) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsConstants.sol#L30-L30 ```solidity File: tokenomics/contracts/TokenomicsConstants.sol 66: function getInflationForYear(uint256 numYears) public pure returns (uint256 inflationAmount) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsConstants.sol#L66-L66 ### [N-48] Adding a `return` statement when the function defines a named return variable, is redundant Once the return variable has been assigned (or has its default value), there is no need to explicitly return it at the end of the function, since it's returned automatically. *There are 1 instance(s) of this issue:* ```solidity File: tokenomics/contracts/TokenomicsConstants.sol 59: return supplyCap; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsConstants.sol#L59-L59 ### [N-49] Redundant inheritance specifier The contracts below already extend the specified contract, so there is no need to list it in the inheritance list again *There are 2 instance(s) of this issue:* ```solidity File: governance/contracts/GovernorOLAS.sol //@audit `Governor` is already inherited by `GovernorSettings` 15: contract GovernorOLAS is Governor, GovernorSettings, GovernorCompatibilityBravo, GovernorVotes, GovernorVotesQuorumFraction, GovernorTimelockControl { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/GovernorOLAS.sol#L15-L15 ```solidity File: governance/contracts/GovernorOLAS.sol //@audit `GovernorVotes` is already inherited by `GovernorVotesQuorumFraction` 15: contract GovernorOLAS is Governor, GovernorSettings, GovernorCompatibilityBravo, GovernorVotes, GovernorVotesQuorumFraction, GovernorTimelockControl { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/GovernorOLAS.sol#L15-L15 ### [N-50] Setters should prevent re-setting of the same value This especially problematic when the setter also emits the same value, which may be confusing to offline parsers *There are 31 instance(s) of this issue:* ```solidity File: governance/contracts/OLAS.sol //@audit `owner` and `newOwner` are never checked for the same value setting 43: function changeOwner(address newOwner) external { 44: if (msg.sender != owner) { 45: revert ManagerOnly(msg.sender, owner); 46: } 47: 48: if (newOwner == address(0)) { 49: revert ZeroAddress(); 50: } 51: 52: owner = newOwner; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L43-L52 ```solidity File: governance/contracts/OLAS.sol //@audit `minter` and `newMinter` are never checked for the same value setting 58: function changeMinter(address newMinter) external { 59: if (msg.sender != owner) { 60: revert ManagerOnly(msg.sender, owner); 61: } 62: 63: if (newMinter == address(0)) { 64: revert ZeroAddress(); 65: } 66: 67: minter = newMinter; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L58-L67 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit `governor` and `newGovernor` are never checked for the same value setting 154: function changeGovernor(address newGovernor) external { 155: if (msg.sender != owner) { 156: revert OwnerOnly(msg.sender, owner); 157: } 158: 159: // Check for the zero address 160: if (newGovernor == address(0)) { 161: revert ZeroAddress(); 162: } 163: 164: governor = newGovernor; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L154-L164 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit `governorCheckProposalId` and `proposalId` are never checked for the same value setting 170: function changeGovernorCheckProposalId(uint256 proposalId) external { 171: if (msg.sender != owner) { 172: revert OwnerOnly(msg.sender, owner); 173: } 174: 175: // Check for the zero value 176: if (proposalId == 0) { 177: revert ZeroValue(); 178: } 179: 180: governorCheckProposalId = proposalId; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L170-L180 ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol //@audit `rootGovernor` and `newRootGovernor` are never checked for the same value setting 81: function changeRootGovernor(address newRootGovernor) external { 82: // Check if the change is authorized by the previous governor itself 83: // This is possible only if all the checks in the message process function pass and the contract calls itself 84: if (msg.sender != address(this)) { 85: revert SelfCallOnly(msg.sender, address(this)); 86: } 87: 88: // Check for the zero address 89: if (newRootGovernor == address(0)) { 90: revert ZeroAddress(); 91: } 92: 93: rootGovernor = newRootGovernor; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L81-L93 ```solidity File: governance/contracts/bridges/HomeMediator.sol //@audit `foreignGovernor` and `newForeignGovernor` are never checked for the same value setting 81: function changeForeignGovernor(address newForeignGovernor) external { 82: // Check if the change is authorized by the previous governor itself 83: // This is possible only if all the checks in the message process function pass and the contract calls itself 84: if (msg.sender != address(this)) { 85: revert SelfCallOnly(msg.sender, address(this)); 86: } 87: 88: // Check for the zero address 89: if (newForeignGovernor == address(0)) { 90: revert ZeroAddress(); 91: } 92: 93: foreignGovernor = newForeignGovernor; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L81-L93 ```solidity File: governance/contracts/bridges/BridgedERC20.sol //@audit `owner` and `newOwner` are never checked for the same value setting 30: function changeOwner(address newOwner) external { 31: // Only the contract owner is allowed to change the owner 32: if (msg.sender != owner) { 33: revert OwnerOnly(msg.sender, owner); 34: } 35: 36: // Zero address check 37: if (newOwner == address(0)) { 38: revert ZeroAddress(); 39: } 40: 41: owner = newOwner; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/BridgedERC20.sol#L30-L41 ```solidity File: registries/contracts/GenericRegistry.sol //@audit `owner` and `newOwner` are never checked for the same value setting 37: function changeOwner(address newOwner) external virtual { 38: // Check for the ownership 39: if (msg.sender != owner) { 40: revert OwnerOnly(msg.sender, owner); 41: } 42: 43: // Check for the zero address 44: if (newOwner == address(0)) { 45: revert ZeroAddress(); 46: } 47: 48: owner = newOwner; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L37-L48 ```solidity File: registries/contracts/GenericRegistry.sol //@audit `manager` and `newManager` are never checked for the same value setting 54: function changeManager(address newManager) external virtual { 55: if (msg.sender != owner) { 56: revert OwnerOnly(msg.sender, owner); 57: } 58: 59: // Check for the zero address 60: if (newManager == address(0)) { 61: revert ZeroAddress(); 62: } 63: 64: manager = newManager; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L54-L64 ```solidity File: registries/contracts/GenericRegistry.sol //@audit `baseURI` and `bURI` are never checked for the same value setting 78: function setBaseURI(string memory bURI) external virtual { 79: // Check for the ownership 80: if (msg.sender != owner) { 81: revert OwnerOnly(msg.sender, owner); 82: } 83: 84: // Check for the zero value 85: if (bytes(bURI).length == 0) { 86: revert ZeroValue(); 87: } 88: 89: baseURI = bURI; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L78-L89 ```solidity File: registries/contracts/GenericManager.sol //@audit `owner` and `newOwner` are never checked for the same value setting 20: function changeOwner(address newOwner) external virtual { 21: // Check for the ownership 22: if (msg.sender != owner) { 23: revert OwnerOnly(msg.sender, owner); 24: } 25: 26: // Check for the zero address 27: if (newOwner == address(0)) { 28: revert ZeroAddress(); 29: } 30: 31: owner = newOwner; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericManager.sol#L20-L31 ```solidity File: tokenomics/contracts/Depository.sol //@audit `owner` and `newOwner` are never checked for the same value setting 123: function changeOwner(address newOwner) external { 124: // Check for the contract ownership 125: if (msg.sender != owner) { 126: revert OwnerOnly(msg.sender, owner); 127: } 128: 129: // Check for the zero address 130: if (newOwner == address(0)) { 131: revert ZeroAddress(); 132: } 133: 134: owner = newOwner; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L123-L134 ```solidity File: tokenomics/contracts/Depository.sol //@audit `tokenomics` and `_tokenomics` are never checked for the same value setting 143: function changeManagers(address _tokenomics, address _treasury) external { 144: // Check for the contract ownership 145: if (msg.sender != owner) { 146: revert OwnerOnly(msg.sender, owner); 147: } 148: 149: // Change Tokenomics contract address 150: if (_tokenomics != address(0)) { 151: tokenomics = _tokenomics; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L143-L151 ```solidity File: tokenomics/contracts/Depository.sol //@audit `treasury` and `_treasury` are never checked for the same value setting 143: function changeManagers(address _tokenomics, address _treasury) external { 144: // Check for the contract ownership 145: if (msg.sender != owner) { 146: revert OwnerOnly(msg.sender, owner); 147: } 148: 149: // Change Tokenomics contract address 150: if (_tokenomics != address(0)) { 151: tokenomics = _tokenomics; 152: emit TokenomicsUpdated(_tokenomics); 153: } 154: // Change Treasury contract address 155: if (_treasury != address(0)) { 156: treasury = _treasury; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L143-L156 ```solidity File: tokenomics/contracts/Depository.sol //@audit `bondCalculator` and `_bondCalculator` are never checked for the same value setting 163: function changeBondCalculator(address _bondCalculator) external { 164: // Check for the contract ownership 165: if (msg.sender != owner) { 166: revert OwnerOnly(msg.sender, owner); 167: } 168: 169: if (_bondCalculator != address(0)) { 170: bondCalculator = _bondCalculator; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L163-L170 ```solidity File: tokenomics/contracts/Dispenser.sol //@audit `owner` and `newOwner` are never checked for the same value setting 46: function changeOwner(address newOwner) external { 47: // Check for the contract ownership 48: if (msg.sender != owner) { 49: revert OwnerOnly(msg.sender, owner); 50: } 51: 52: // Check for the zero address 53: if (newOwner == address(0)) { 54: revert ZeroAddress(); 55: } 56: 57: owner = newOwner; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Dispenser.sol#L46-L57 ```solidity File: tokenomics/contracts/Dispenser.sol //@audit `tokenomics` and `_tokenomics` are never checked for the same value setting 64: function changeManagers(address _tokenomics, address _treasury) external { 65: // Check for the contract ownership 66: if (msg.sender != owner) { 67: revert OwnerOnly(msg.sender, owner); 68: } 69: 70: // Change Tokenomics contract address 71: if (_tokenomics != address(0)) { 72: tokenomics = _tokenomics; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Dispenser.sol#L64-L72 ```solidity File: tokenomics/contracts/Dispenser.sol //@audit `treasury` and `_treasury` are never checked for the same value setting 64: function changeManagers(address _tokenomics, address _treasury) external { 65: // Check for the contract ownership 66: if (msg.sender != owner) { 67: revert OwnerOnly(msg.sender, owner); 68: } 69: 70: // Change Tokenomics contract address 71: if (_tokenomics != address(0)) { 72: tokenomics = _tokenomics; 73: emit TokenomicsUpdated(_tokenomics); 74: } 75: // Change Treasury contract address 76: if (_treasury != address(0)) { 77: treasury = _treasury; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Dispenser.sol#L64-L77 ```solidity File: tokenomics/contracts/DonatorBlacklist.sol //@audit `owner` and `newOwner` are never checked for the same value setting 36: function changeOwner(address newOwner) external { 37: // Check for the contract ownership 38: if (msg.sender != owner) { 39: revert OwnerOnly(msg.sender, owner); 40: } 41: 42: // Check for the zero address 43: if (newOwner == address(0)) { 44: revert ZeroAddress(); 45: } 46: 47: owner = newOwner; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/DonatorBlacklist.sol#L36-L47 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `owner` and `newOwner` are never checked for the same value setting 404: function changeOwner(address newOwner) external { 405: // Check for the contract ownership 406: if (msg.sender != owner) { 407: revert OwnerOnly(msg.sender, owner); 408: } 409: 410: // Check for the zero address 411: if (newOwner == address(0)) { 412: revert ZeroAddress(); 413: } 414: 415: owner = newOwner; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L404-L415 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `treasury` and `_treasury` are never checked for the same value setting 423: function changeManagers(address _treasury, address _depository, address _dispenser) external { 424: // Check for the contract ownership 425: if (msg.sender != owner) { 426: revert OwnerOnly(msg.sender, owner); 427: } 428: 429: // Change Treasury contract address 430: if (_treasury != address(0)) { 431: treasury = _treasury; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L423-L431 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `depository` and `_depository` are never checked for the same value setting 423: function changeManagers(address _treasury, address _depository, address _dispenser) external { 424: // Check for the contract ownership 425: if (msg.sender != owner) { 426: revert OwnerOnly(msg.sender, owner); 427: } 428: 429: // Change Treasury contract address 430: if (_treasury != address(0)) { 431: treasury = _treasury; 432: emit TreasuryUpdated(_treasury); 433: } 434: // Change Depository contract address 435: if (_depository != address(0)) { 436: depository = _depository; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L423-L436 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `dispenser` and `_dispenser` are never checked for the same value setting 423: function changeManagers(address _treasury, address _depository, address _dispenser) external { 424: // Check for the contract ownership 425: if (msg.sender != owner) { 426: revert OwnerOnly(msg.sender, owner); 427: } 428: 429: // Change Treasury contract address 430: if (_treasury != address(0)) { 431: treasury = _treasury; 432: emit TreasuryUpdated(_treasury); 433: } 434: // Change Depository contract address 435: if (_depository != address(0)) { 436: depository = _depository; 437: emit DepositoryUpdated(_depository); 438: } 439: // Change Dispenser contract address 440: if (_dispenser != address(0)) { 441: dispenser = _dispenser; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L423-L441 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `componentRegistry` and `_componentRegistry` are never checked for the same value setting 450: function changeRegistries(address _componentRegistry, address _agentRegistry, address _serviceRegistry) external { 451: // Check for the contract ownership 452: if (msg.sender != owner) { 453: revert OwnerOnly(msg.sender, owner); 454: } 455: 456: // Check for registries addresses 457: if (_componentRegistry != address(0)) { 458: componentRegistry = _componentRegistry; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L450-L458 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `agentRegistry` and `_agentRegistry` are never checked for the same value setting 450: function changeRegistries(address _componentRegistry, address _agentRegistry, address _serviceRegistry) external { 451: // Check for the contract ownership 452: if (msg.sender != owner) { 453: revert OwnerOnly(msg.sender, owner); 454: } 455: 456: // Check for registries addresses 457: if (_componentRegistry != address(0)) { 458: componentRegistry = _componentRegistry; 459: emit ComponentRegistryUpdated(_componentRegistry); 460: } 461: if (_agentRegistry != address(0)) { 462: agentRegistry = _agentRegistry; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L450-L462 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `serviceRegistry` and `_serviceRegistry` are never checked for the same value setting 450: function changeRegistries(address _componentRegistry, address _agentRegistry, address _serviceRegistry) external { 451: // Check for the contract ownership 452: if (msg.sender != owner) { 453: revert OwnerOnly(msg.sender, owner); 454: } 455: 456: // Check for registries addresses 457: if (_componentRegistry != address(0)) { 458: componentRegistry = _componentRegistry; 459: emit ComponentRegistryUpdated(_componentRegistry); 460: } 461: if (_agentRegistry != address(0)) { 462: agentRegistry = _agentRegistry; 463: emit AgentRegistryUpdated(_agentRegistry); 464: } 465: if (_serviceRegistry != address(0)) { 466: serviceRegistry = _serviceRegistry; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L450-L466 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `donatorBlacklist` and `_donatorBlacklist` are never checked for the same value setting 474: function changeDonatorBlacklist(address _donatorBlacklist) external { 475: // Check for the contract ownership 476: if (msg.sender != owner) { 477: revert OwnerOnly(msg.sender, owner); 478: } 479: 480: donatorBlacklist = _donatorBlacklist; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L474-L480 ```solidity File: tokenomics/contracts/Treasury.sol //@audit `owner` and `newOwner` are never checked for the same value setting 137: function changeOwner(address newOwner) external { 138: // Check for the contract ownership 139: if (msg.sender != owner) { 140: revert OwnerOnly(msg.sender, owner); 141: } 142: 143: // Check for the zero address 144: if (newOwner == address(0)) { 145: revert ZeroAddress(); 146: } 147: 148: owner = newOwner; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L137-L148 ```solidity File: tokenomics/contracts/Treasury.sol //@audit `tokenomics` and `_tokenomics` are never checked for the same value setting 156: function changeManagers(address _tokenomics, address _depository, address _dispenser) external { 157: // Check for the contract ownership 158: if (msg.sender != owner) { 159: revert OwnerOnly(msg.sender, owner); 160: } 161: 162: // Change Tokenomics contract address 163: if (_tokenomics != address(0)) { 164: tokenomics = _tokenomics; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L156-L164 ```solidity File: tokenomics/contracts/Treasury.sol //@audit `depository` and `_depository` are never checked for the same value setting 156: function changeManagers(address _tokenomics, address _depository, address _dispenser) external { 157: // Check for the contract ownership 158: if (msg.sender != owner) { 159: revert OwnerOnly(msg.sender, owner); 160: } 161: 162: // Change Tokenomics contract address 163: if (_tokenomics != address(0)) { 164: tokenomics = _tokenomics; 165: emit TokenomicsUpdated(_tokenomics); 166: } 167: // Change Depository contract address 168: if (_depository != address(0)) { 169: depository = _depository; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L156-L169 ```solidity File: tokenomics/contracts/Treasury.sol //@audit `dispenser` and `_dispenser` are never checked for the same value setting 156: function changeManagers(address _tokenomics, address _depository, address _dispenser) external { 157: // Check for the contract ownership 158: if (msg.sender != owner) { 159: revert OwnerOnly(msg.sender, owner); 160: } 161: 162: // Change Tokenomics contract address 163: if (_tokenomics != address(0)) { 164: tokenomics = _tokenomics; 165: emit TokenomicsUpdated(_tokenomics); 166: } 167: // Change Depository contract address 168: if (_depository != address(0)) { 169: depository = _depository; 170: emit DepositoryUpdated(_depository); 171: } 172: // Change Dispenser contract address 173: if (_dispenser != address(0)) { 174: dispenser = _dispenser; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L156-L174 ### [N-51] NatSpec `@return` argument is missing *There are 19 instance(s) of this issue:* ```solidity File: governance/contracts/GovernorOLAS.sol // @audit the @return is missing @dev Current state of a proposal, following Compoundb�s convention. @param proposalId Proposal Id. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/GovernorOLAS.sol#L33-L1 ```solidity File: governance/contracts/veOLAS.sol // @audit the @return is missing @dev Gets the voting power. @param account Account address. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L633-L1 ```solidity File: governance/contracts/veOLAS.sol // @audit the @return is missing @dev Reverts the transfer of this token. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L767-L1 ```solidity File: governance/contracts/veOLAS.sol // @audit the @return is missing @dev Reverts the approval of this token. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L772-L1 ```solidity File: governance/contracts/veOLAS.sol // @audit the @return is missing @dev Reverts the transferFrom of this token. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L777-L1 ```solidity File: governance/contracts/veOLAS.sol // @audit the @return is missing @dev Reverts the allowance of this token. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L782-L1 ```solidity File: governance/contracts/veOLAS.sol // @audit the @return is missing @dev Reverts delegates of this token. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L788-L1 ```solidity File: governance/contracts/wveOLAS.sol // @audit the @return is missing @dev Reverts the allowance of this token. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L101-L1 ```solidity File: governance/contracts/wveOLAS.sol // @audit the @return is missing @dev Reverts delegates of this token. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L104-L1 ```solidity File: governance/contracts/wveOLAS.sol // @audit the @return is missing @dev Gets the voting power. @param account Account address. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L203-L1 ```solidity File: governance/contracts/wveOLAS.sol // @audit the @return is missing @dev Reverts the transfer of this token. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L297-L1 ```solidity File: governance/contracts/wveOLAS.sol // @audit the @return is missing @dev Reverts the approval of this token. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L302-L1 ```solidity File: governance/contracts/wveOLAS.sol // @audit the @return is missing @dev Reverts the transferFrom of this token. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L307-L1 ```solidity File: governance/contracts/wveOLAS.sol // @audit the @return is missing @dev Reverts the allowance of this token. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L312-L1 ```solidity File: governance/contracts/wveOLAS.sol // @audit the @return is missing @dev Reverts delegates of this token. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L317-L1 ```solidity File: registries/contracts/multisigs/GnosisSafeMultisig.sol // @audit the @return is missing @dev Allows to create new proxy contact and execute a message call to the new proxy within one transaction. @param _singleton Address of singleton contract. @param initializer Payload for message call sent to new proxy contract. @param saltNonce Nonce that will be used to generate the salt to calculate the address of the new proxy contract. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeMultisig.sol#L10-L1 ```solidity File: registries/contracts/multisigs/GnosisSafeMultisig.sol // @audit the @return is missing @dev Parses (unpacks) the data to gnosis safe specific parameters. @notice If the provided data is not empty, its length must be at least 144 bytes to be parsed correctly. @param data Packed data related to the creation of a gnosis safe multisig. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeMultisig.sol#L45-L1 ```solidity File: tokenomics/contracts/interfaces/ITokenomics.sol // @audit the @return is missing @dev Record global data to the checkpoint ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/ITokenomics.sol#L11-L1 ```solidity File: tokenomics/contracts/interfaces/IVotingEscrow.sol // @audit the @return is missing @dev Gets the voting power. @param account Account address. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IVotingEscrow.sol#L8-L1 ### [N-52] Consider using `SafeTransferLib.safeTransferETH()` or `Address.sendValue()` for clearer semantic meaning These Functions indicate their purpose with their name more clearly than using low-level calls. *There are 5 instance(s) of this issue:* ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol 160: (bool success, ) = target.call{value: value}(payload); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L160-L160 ```solidity File: governance/contracts/bridges/HomeMediator.sol 160: (bool success, ) = target.call{value: value}(payload); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L160-L160 ```solidity File: registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol 118: (bool success, ) = multisig.call(payload); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol#L118-L118 ```solidity File: tokenomics/contracts/Treasury.sol 406: (success, ) = account.call{value: accountRewards}(""); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L406-L406 ```solidity File: tokenomics/contracts/Treasury.sol 339: (success, ) = to.call{value: tokenAmount}(""); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L339-L339 ### [N-53] Polymorphic functions make security audits more time-consuming and error-prone The instances below point to one of two functions with the same name. Consider naming each function differently, in order to make code navigation and analysis easier. *There are 20 instance(s) of this issue:* ```solidity File: governance/contracts/wveOLAS.sol 156: function totalNumPoints() external view returns (uint256 numPoints) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L156-L156 ```solidity File: governance/contracts/wveOLAS.sol 163: function mapSupplyPoints(uint256 idx) external view returns (PointVoting memory sPoint) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L163-L163 ```solidity File: governance/contracts/wveOLAS.sol 170: function mapSlopeChanges(uint64 ts) external view returns (int128 slopeChange) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L170-L170 ```solidity File: governance/contracts/wveOLAS.sol 177: function getLastUserPoint(address account) external view returns (PointVoting memory pv) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L177-L177 ```solidity File: governance/contracts/wveOLAS.sol 184: function getNumUserPoints(address account) external view returns (uint256 userNumPoints) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L184-L184 ```solidity File: governance/contracts/wveOLAS.sol 193: function getUserPoint(address account, uint256 idx) public view returns (PointVoting memory uPoint) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L193-L193 ```solidity File: governance/contracts/wveOLAS.sol 203: function getVotes(address account) external view returns (uint256 balance) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L203-L203 ```solidity File: governance/contracts/wveOLAS.sol 211: function getPastVotes(address account, uint256 blockNumber) external view returns (uint256 balance) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L211-L211 ```solidity File: governance/contracts/wveOLAS.sol 223: function balanceOf(address account) external view returns (uint256 balance) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L223-L223 ```solidity File: governance/contracts/wveOLAS.sol 231: function balanceOfAt(address account, uint256 blockNumber) external view returns (uint256 balance) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L231-L231 ```solidity File: governance/contracts/wveOLAS.sol 243: function lockedEnd(address account) external view returns (uint256 unlockTime) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L243-L243 ```solidity File: governance/contracts/wveOLAS.sol 249: function totalSupply() external view returns (uint256 supply) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L249-L249 ```solidity File: governance/contracts/wveOLAS.sol 256: function totalSupplyAt(uint256 blockNumber) external view returns (uint256 supplyAt) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L256-L256 ```solidity File: governance/contracts/wveOLAS.sol 263: function totalSupplyLockedAtT(uint256 ts) external view returns (uint256 vPower) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L263-L263 ```solidity File: governance/contracts/wveOLAS.sol 277: function totalSupplyLocked() external view returns (uint256 vPower) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L277-L277 ```solidity File: governance/contracts/wveOLAS.sol 285: function getPastTotalSupply(uint256 blockNumber) external view returns (uint256 vPower) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L285-L285 ```solidity File: governance/contracts/wveOLAS.sol 292: function supportsInterface(bytes4 interfaceId) external view returns (bool) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L292-L292 ```solidity File: governance/contracts/wveOLAS.sol 312: function allowance(address, address) external view returns (uint256) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L312-L312 ```solidity File: governance/contracts/wveOLAS.sol 317: function delegates(address) external view returns (address) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L317-L317 ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol 107: function processMessageFromRoot(uint256 stateId, address rootMessageSender, bytes memory data) external override { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L107-L107 ### [N-54] State variables should have `Natspec` comments Consider adding some `Natspec` comments on critical state variables to explain what they are supposed to do: this will help for future code reviews. *There are 145 instance(s) of this issue:* ```solidity File: governance/contracts/OLAS.sol //@audit oneYear need comments 22: uint256 public constant oneYear = 1 days * 365; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L22-L22 ```solidity File: governance/contracts/OLAS.sol //@audit tenYearSupplyCap need comments 24: uint256 public constant tenYearSupplyCap = 1_000_000_000e18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L24-L24 ```solidity File: governance/contracts/OLAS.sol //@audit maxMintCapFraction need comments 26: uint256 public constant maxMintCapFraction = 2; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L26-L26 ```solidity File: governance/contracts/OLAS.sol //@audit timeLaunch need comments 28: uint256 public immutable timeLaunch; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L28-L28 ```solidity File: governance/contracts/OLAS.sol //@audit owner need comments 31: address public owner; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L31-L31 ```solidity File: governance/contracts/OLAS.sol //@audit minter need comments 33: address public minter; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L33-L33 ```solidity File: governance/contracts/veOLAS.sol //@audit WEEK need comments 99: uint64 internal constant WEEK = 1 weeks; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L99-L99 ```solidity File: governance/contracts/veOLAS.sol //@audit MAXTIME need comments 101: uint256 internal constant MAXTIME = 4 * 365 * 86400; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L101-L101 ```solidity File: governance/contracts/veOLAS.sol //@audit IMAXTIME need comments 103: int128 internal constant IMAXTIME = 4 * 365 * 86400; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L103-L103 ```solidity File: governance/contracts/veOLAS.sol //@audit decimals need comments 105: uint8 public constant decimals = 18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L105-L105 ```solidity File: governance/contracts/veOLAS.sol //@audit token need comments 108: address public immutable token; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L108-L108 ```solidity File: governance/contracts/veOLAS.sol //@audit supply need comments 110: uint256 public supply; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L110-L110 ```solidity File: governance/contracts/veOLAS.sol //@audit mapLockedBalances need comments 112: mapping(address => LockedBalance) public mapLockedBalances; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L112-L112 ```solidity File: governance/contracts/veOLAS.sol //@audit totalNumPoints need comments 115: uint256 public totalNumPoints; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L115-L115 ```solidity File: governance/contracts/veOLAS.sol //@audit mapSupplyPoints need comments 117: mapping(uint256 => PointVoting) public mapSupplyPoints; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L117-L117 ```solidity File: governance/contracts/veOLAS.sol //@audit mapUserPoints need comments 119: mapping(address => PointVoting[]) public mapUserPoints; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L119-L119 ```solidity File: governance/contracts/veOLAS.sol //@audit mapSlopeChanges need comments 121: mapping(uint64 => int128) public mapSlopeChanges; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L121-L121 ```solidity File: governance/contracts/veOLAS.sol //@audit name need comments 124: string public name; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L124-L124 ```solidity File: governance/contracts/veOLAS.sol //@audit symbol need comments 126: string public symbol; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L126-L126 ```solidity File: governance/contracts/wveOLAS.sol //@audit ve need comments 132: address public immutable ve; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L132-L132 ```solidity File: governance/contracts/wveOLAS.sol //@audit token need comments 134: address public immutable token; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L134-L134 ```solidity File: governance/contracts/wveOLAS.sol //@audit name need comments 136: string public constant name = "Voting Escrow OLAS"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L136-L136 ```solidity File: governance/contracts/wveOLAS.sol //@audit symbol need comments 138: string public constant symbol = "veOLAS"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L138-L138 ```solidity File: governance/contracts/wveOLAS.sol //@audit decimals need comments 140: uint8 public constant decimals = 18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L140-L140 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit SCHEDULE need comments 97: bytes4 public constant SCHEDULE = bytes4(keccak256(bytes("schedule(address,uint256,bytes,bytes32,bytes32,uint256)"))); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L97-L97 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit SCHEDULE_BATCH need comments 99: bytes4 public constant SCHEDULE_BATCH = bytes4(keccak256(bytes("scheduleBatch(address[],uint256[],bytes[],bytes32,bytes32,uint256)"))); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L99-L99 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit REQUIRE_TO_PASS_MESSAGE need comments 101: bytes4 public constant REQUIRE_TO_PASS_MESSAGE = bytes4(keccak256(bytes("requireToPassMessage(address,bytes,uint256)"))); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L101-L101 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit PROCESS_MESSAGE_FROM_FOREIGN need comments 103: bytes4 public constant PROCESS_MESSAGE_FROM_FOREIGN = bytes4(keccak256(bytes("processMessageFromForeign(bytes)"))); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L103-L103 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit SEND_MESSAGE_TO_CHILD need comments 105: bytes4 public constant SEND_MESSAGE_TO_CHILD = bytes4(keccak256(bytes("sendMessageToChild(address,bytes)"))); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L105-L105 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit governorCheckProposalId need comments 108: uint256 public governorCheckProposalId = 88250008686885504216650933897987879122244685460173810624866685274624741477673; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L108-L108 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit MIN_SCHEDULE_DATA_LENGTH need comments 111: uint256 public constant MIN_SCHEDULE_DATA_LENGTH = 260; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L111-L111 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit SELECTOR_DATA_LENGTH need comments 113: uint256 public constant SELECTOR_DATA_LENGTH = 4; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L113-L113 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit MIN_GNOSIS_PAYLOAD_LENGTH need comments 115: uint256 public constant MIN_GNOSIS_PAYLOAD_LENGTH = 292; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L115-L115 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit MIN_POLYGON_PAYLOAD_LENGTH need comments 117: uint256 public constant MIN_POLYGON_PAYLOAD_LENGTH = 164; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L117-L117 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit owner need comments 120: address public immutable owner; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L120-L120 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit multisig need comments 122: address public immutable multisig; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L122-L122 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit governor need comments 125: address public governor; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L125-L125 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit paused need comments 127: uint8 public paused = 1; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L127-L127 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit mapAllowedTargetSelectorChainIds need comments 130: mapping(uint256 => bool) public mapAllowedTargetSelectorChainIds; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L130-L130 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit mapBridgeMediatorL1L2ChainIds need comments 132: mapping(address => uint256) public mapBridgeMediatorL1L2ChainIds; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L132-L132 ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol //@audit DEFAULT_DATA_LENGTH need comments 53: uint256 public constant DEFAULT_DATA_LENGTH = 36; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L53-L53 ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol //@audit fxChild need comments 55: address public immutable fxChild; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L55-L55 ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol //@audit rootGovernor need comments 57: address public rootGovernor; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L57-L57 ```solidity File: governance/contracts/bridges/HomeMediator.sol //@audit DEFAULT_DATA_LENGTH need comments 53: uint256 public constant DEFAULT_DATA_LENGTH = 36; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L53-L53 ```solidity File: governance/contracts/bridges/HomeMediator.sol //@audit AMBContractProxyHome need comments 55: address public immutable AMBContractProxyHome; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L55-L55 ```solidity File: governance/contracts/bridges/HomeMediator.sol //@audit foreignGovernor need comments 57: address public foreignGovernor; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L57-L57 ```solidity File: governance/contracts/bridges/BridgedERC20.sol //@audit owner need comments 22: address public owner; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/BridgedERC20.sol#L22-L22 ```solidity File: governance/contracts/bridges/FxERC20ChildTunnel.sol //@audit childToken need comments 29: address public immutable childToken; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20ChildTunnel.sol#L29-L29 ```solidity File: governance/contracts/bridges/FxERC20ChildTunnel.sol //@audit rootToken need comments 31: address public immutable rootToken; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20ChildTunnel.sol#L31-L31 ```solidity File: governance/contracts/bridges/FxERC20RootTunnel.sol //@audit childToken need comments 29: address public immutable childToken; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20RootTunnel.sol#L29-L29 ```solidity File: governance/contracts/bridges/FxERC20RootTunnel.sol //@audit rootToken need comments 31: address public immutable rootToken; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20RootTunnel.sol#L31-L31 ```solidity File: registries/contracts/GenericRegistry.sol //@audit owner need comments 15: address public owner; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L15-L15 ```solidity File: registries/contracts/GenericRegistry.sol //@audit manager need comments 17: address public manager; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L17-L17 ```solidity File: registries/contracts/GenericRegistry.sol //@audit baseURI need comments 19: string public baseURI; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L19-L19 ```solidity File: registries/contracts/GenericRegistry.sol //@audit totalSupply need comments 21: uint256 public totalSupply; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L21-L21 ```solidity File: registries/contracts/GenericRegistry.sol //@audit _locked need comments 23: uint256 internal _locked = 1; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L23-L23 ```solidity File: registries/contracts/GenericRegistry.sol //@audit CID_PREFIX need comments 33: string public constant CID_PREFIX = "f01701220"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L33-L33 ```solidity File: registries/contracts/UnitRegistry.sol //@audit unitType need comments 27: UnitType public immutable unitType; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L27-L27 ```solidity File: registries/contracts/UnitRegistry.sol //@audit mapUnitIdHashes need comments 29: mapping(uint256 => bytes32[]) public mapUnitIdHashes; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L29-L29 ```solidity File: registries/contracts/UnitRegistry.sol //@audit mapSubComponents need comments 31: mapping(uint256 => uint32[]) public mapSubComponents; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L31-L31 ```solidity File: registries/contracts/UnitRegistry.sol //@audit mapUnits need comments 33: mapping(uint256 => Unit) public mapUnits; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L33-L33 ```solidity File: registries/contracts/ComponentRegistry.sol //@audit VERSION need comments 10: string public constant VERSION = "1.0.0"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/ComponentRegistry.sol#L10-L10 ```solidity File: registries/contracts/AgentRegistry.sol //@audit componentRegistry need comments 11: address public immutable componentRegistry; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/AgentRegistry.sol#L11-L11 ```solidity File: registries/contracts/AgentRegistry.sol //@audit VERSION need comments 13: string public constant VERSION = "1.0.0"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/AgentRegistry.sol#L13-L13 ```solidity File: registries/contracts/GenericManager.sol //@audit owner need comments 14: address public owner; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericManager.sol#L14-L14 ```solidity File: registries/contracts/GenericManager.sol //@audit paused need comments 16: bool public paused; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericManager.sol#L16-L16 ```solidity File: registries/contracts/RegistriesManager.sol //@audit componentRegistry need comments 11: address public immutable componentRegistry; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/RegistriesManager.sol#L11-L11 ```solidity File: registries/contracts/RegistriesManager.sol //@audit agentRegistry need comments 13: address public immutable agentRegistry; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/RegistriesManager.sol#L13-L13 ```solidity File: registries/contracts/multisigs/GnosisSafeMultisig.sol //@audit GNOSIS_SAFE_SETUP_SELECTOR need comments 26: bytes4 public constant GNOSIS_SAFE_SETUP_SELECTOR = 0xb63e800d; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeMultisig.sol#L26-L26 ```solidity File: registries/contracts/multisigs/GnosisSafeMultisig.sol //@audit DEFAULT_DATA_LENGTH need comments 28: uint256 public constant DEFAULT_DATA_LENGTH = 144; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeMultisig.sol#L28-L28 ```solidity File: registries/contracts/multisigs/GnosisSafeMultisig.sol //@audit gnosisSafe need comments 30: address payable public immutable gnosisSafe; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeMultisig.sol#L30-L30 ```solidity File: registries/contracts/multisigs/GnosisSafeMultisig.sol //@audit gnosisSafeProxyFactory need comments 32: address public immutable gnosisSafeProxyFactory; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeMultisig.sol#L32-L32 ```solidity File: registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol //@audit DEFAULT_DATA_LENGTH need comments 53: uint256 public constant DEFAULT_DATA_LENGTH = 20; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol#L53-L53 ```solidity File: registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol //@audit proxyHash need comments 56: bytes32 public immutable proxyHash; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol#L56-L56 ```solidity File: tokenomics/contracts/Depository.sol //@audit MIN_VESTING need comments 75: uint256 public constant MIN_VESTING = 1 days; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L75-L75 ```solidity File: tokenomics/contracts/Depository.sol //@audit VERSION need comments 77: string public constant VERSION = "1.0.1"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L77-L77 ```solidity File: tokenomics/contracts/Depository.sol //@audit owner need comments 80: address public owner; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L80-L80 ```solidity File: tokenomics/contracts/Depository.sol //@audit bondCounter need comments 83: uint32 public bondCounter; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L83-L83 ```solidity File: tokenomics/contracts/Depository.sol //@audit productCounter need comments 86: uint32 public productCounter; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L86-L86 ```solidity File: tokenomics/contracts/Depository.sol //@audit olas need comments 89: address public immutable olas; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L89-L89 ```solidity File: tokenomics/contracts/Depository.sol //@audit tokenomics need comments 91: address public tokenomics; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L91-L91 ```solidity File: tokenomics/contracts/Depository.sol //@audit treasury need comments 93: address public treasury; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L93-L93 ```solidity File: tokenomics/contracts/Depository.sol //@audit bondCalculator need comments 95: address public bondCalculator; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L95-L95 ```solidity File: tokenomics/contracts/Depository.sol //@audit mapUserBonds need comments 98: mapping(uint256 => Bond) public mapUserBonds; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L98-L98 ```solidity File: tokenomics/contracts/Depository.sol //@audit mapBondProducts need comments 100: mapping(uint256 => Product) public mapBondProducts; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L100-L100 ```solidity File: tokenomics/contracts/Dispenser.sol //@audit owner need comments 18: address public owner; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Dispenser.sol#L18-L18 ```solidity File: tokenomics/contracts/Dispenser.sol //@audit _locked need comments 20: uint8 internal _locked; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Dispenser.sol#L20-L20 ```solidity File: tokenomics/contracts/Dispenser.sol //@audit tokenomics need comments 23: address public tokenomics; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Dispenser.sol#L23-L23 ```solidity File: tokenomics/contracts/Dispenser.sol //@audit treasury need comments 25: address public treasury; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Dispenser.sol#L25-L25 ```solidity File: tokenomics/contracts/DonatorBlacklist.sol //@audit owner need comments 25: address public owner; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/DonatorBlacklist.sol#L25-L25 ```solidity File: tokenomics/contracts/DonatorBlacklist.sol //@audit mapBlacklistedDonators need comments 27: mapping(address => bool) public mapBlacklistedDonators; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/DonatorBlacklist.sol#L27-L27 ```solidity File: tokenomics/contracts/GenericBondCalculator.sol //@audit olas need comments 22: address public immutable olas; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/GenericBondCalculator.sol#L22-L22 ```solidity File: tokenomics/contracts/GenericBondCalculator.sol //@audit tokenomics need comments 24: address public immutable tokenomics; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/GenericBondCalculator.sol#L24-L24 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit owner need comments 140: address public owner; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L140-L140 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit maxBond need comments 143: uint96 public maxBond; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L143-L143 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit olas need comments 146: address public olas; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L146-L146 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit inflationPerSecond need comments 148: uint96 public inflationPerSecond; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L148-L148 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit treasury need comments 151: address public treasury; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L151-L151 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit veOLASThreshold need comments 154: uint96 public veOLASThreshold; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L154-L154 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit depository need comments 157: address public depository; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L157-L157 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit effectiveBond need comments 161: uint96 public effectiveBond; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L161-L161 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit dispenser need comments 164: address public dispenser; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L164-L164 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit codePerDev need comments 167: uint72 public codePerDev; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L167-L167 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit currentYear need comments 170: uint8 public currentYear; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L170-L170 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit tokenomicsParametersUpdated need comments 172: bytes1 public tokenomicsParametersUpdated; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L172-L172 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit _locked need comments 174: uint8 internal _locked; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L174-L174 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit componentRegistry need comments 177: address public componentRegistry; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L177-L177 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit epsilonRate need comments 181: uint64 public epsilonRate; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L181-L181 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit epochLen need comments 184: uint32 public epochLen; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L184-L184 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit agentRegistry need comments 187: address public agentRegistry; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L187-L187 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit nextVeOLASThreshold need comments 190: uint96 public nextVeOLASThreshold; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L190-L190 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit serviceRegistry need comments 193: address public serviceRegistry; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L193-L193 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit epochCounter need comments 196: uint32 public epochCounter; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L196-L196 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit timeLaunch need comments 199: uint32 public timeLaunch; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L199-L199 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit nextEpochLen need comments 202: uint32 public nextEpochLen; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L202-L202 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit ve need comments 205: address public ve; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L205-L205 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit devsPerCapital need comments 208: uint72 public devsPerCapital; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L208-L208 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit donatorBlacklist need comments 211: address public donatorBlacklist; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L211-L211 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit lastDonationBlockNumber need comments 214: uint32 public lastDonationBlockNumber; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L214-L214 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit mapServiceAmounts need comments 217: mapping(uint256 => uint256) public mapServiceAmounts; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L217-L217 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit mapOwnerRewards need comments 219: mapping(address => uint256) public mapOwnerRewards; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L219-L219 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit mapOwnerTopUps need comments 221: mapping(address => uint256) public mapOwnerTopUps; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L221-L221 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit mapEpochTokenomics need comments 223: mapping(uint256 => TokenomicsPoint) public mapEpochTokenomics; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L223-L223 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit mapNewUnits need comments 225: mapping(uint256 => mapping(uint256 => bool)) public mapNewUnits; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L225-L225 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit mapNewOwners need comments 227: mapping(address => bool) public mapNewOwners; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L227-L227 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit mapUnitIncentives need comments 229: mapping(uint256 => mapping(uint256 => IncentiveBalances)) public mapUnitIncentives; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L229-L229 ```solidity File: tokenomics/contracts/TokenomicsConstants.sol //@audit VERSION need comments 11: string public constant VERSION = "1.0.1"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsConstants.sol#L11-L11 ```solidity File: tokenomics/contracts/TokenomicsConstants.sol //@audit PROXY_TOKENOMICS need comments 14: bytes32 public constant PROXY_TOKENOMICS = 0xbd5523e7c3b6a94aa0e3b24d1120addc2f95c7029e097b466b2bedc8d4b4362f; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsConstants.sol#L14-L14 ```solidity File: tokenomics/contracts/TokenomicsConstants.sol //@audit ONE_YEAR need comments 16: uint256 public constant ONE_YEAR = 1 days * 365; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsConstants.sol#L16-L16 ```solidity File: tokenomics/contracts/TokenomicsConstants.sol //@audit MIN_EPOCH_LENGTH need comments 18: uint256 public constant MIN_EPOCH_LENGTH = 1 weeks; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsConstants.sol#L18-L18 ```solidity File: tokenomics/contracts/TokenomicsConstants.sol //@audit MIN_PARAM_VALUE need comments 20: uint256 public constant MIN_PARAM_VALUE = 1e14; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsConstants.sol#L20-L20 ```solidity File: tokenomics/contracts/TokenomicsProxy.sol //@audit PROXY_TOKENOMICS need comments 28: bytes32 public constant PROXY_TOKENOMICS = 0xbd5523e7c3b6a94aa0e3b24d1120addc2f95c7029e097b466b2bedc8d4b4362f; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsProxy.sol#L28-L28 ```solidity File: tokenomics/contracts/Treasury.sol //@audit ETH_TOKEN_ADDRESS need comments 56: address public constant ETH_TOKEN_ADDRESS = address(0xEeeeeEeeeEeEeeEeEeEeeEEEeeeeEeeeeeeeEEeE); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L56-L56 ```solidity File: tokenomics/contracts/Treasury.sol //@audit owner need comments 59: address public owner; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L59-L59 ```solidity File: tokenomics/contracts/Treasury.sol //@audit ETHFromServices need comments 62: uint96 public ETHFromServices; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L62-L62 ```solidity File: tokenomics/contracts/Treasury.sol //@audit olas need comments 65: address public olas; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L65-L65 ```solidity File: tokenomics/contracts/Treasury.sol //@audit ETHOwned need comments 68: uint96 public ETHOwned; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L68-L68 ```solidity File: tokenomics/contracts/Treasury.sol //@audit tokenomics need comments 71: address public tokenomics; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L71-L71 ```solidity File: tokenomics/contracts/Treasury.sol //@audit minAcceptedETH need comments 73: uint96 public minAcceptedETH = 0.065 ether; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L73-L73 ```solidity File: tokenomics/contracts/Treasury.sol //@audit depository need comments 76: address public depository; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L76-L76 ```solidity File: tokenomics/contracts/Treasury.sol //@audit paused need comments 78: uint8 public paused = 1; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L78-L78 ```solidity File: tokenomics/contracts/Treasury.sol //@audit _locked need comments 80: uint8 internal _locked; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L80-L80 ```solidity File: tokenomics/contracts/Treasury.sol //@audit dispenser need comments 83: address public dispenser; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L83-L83 ```solidity File: tokenomics/contracts/Treasury.sol //@audit mapTokenReserves need comments 86: mapping(address => uint256) public mapTokenReserves; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L86-L86 ```solidity File: tokenomics/contracts/Treasury.sol //@audit mapEnabledTokens need comments 88: mapping(address => bool) public mapEnabledTokens; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L88-L88 ### [N-55] Numeric values having to do with time should use time units for readability There are [units](https://docs.soliditylang.org/en/latest/units-and-global-variables.html#time-units) for seconds, minutes, hours, days, and weeks, and since they're defined, they should be use *There are 5 instance(s) of this issue:* ```solidity File: governance/contracts/veOLAS.sol //@audit the value 86400,4,365, should use time units 101: uint256 internal constant MAXTIME = 4 * 365 * 86400; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L101-L101 ```solidity File: governance/contracts/veOLAS.sol //@audit the value 86400,4,365, should use time units 103: int128 internal constant IMAXTIME = 4 * 365 * 86400; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L103-L103 ```solidity File: governance/contracts/veOLAS.sol //@audit the value should use time units 433: unlockTime = ((block.timestamp + unlockTime) / WEEK) * WEEK; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L433-L433 ```solidity File: governance/contracts/veOLAS.sol //@audit the value should use time units 487: unlockTime = ((block.timestamp + unlockTime) / WEEK) * WEEK; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L487-L487 ```solidity File: governance/contracts/veOLAS.sol //@audit the value should use time units 664: blockTime += (dt * (blockNumber - point.blockNumber)) / dBlock; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L664-L664 ### [N-56] Contract declarations should have NatSpec `@title` annotations *There are 21 instance(s) of this issue:* ```solidity File: governance/contracts/veOLAS.sol 85: /// @notice This token supports the ERC20 interface specifications except for transfers and approvals. 86: contract veOLAS is IErrors, IVotes, IERC20, IERC165 { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L85-L86 ```solidity File: governance/contracts/wveOLAS.sol 13: interface IVEOLAS { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L13-L13 ```solidity File: governance/contracts/multisigs/GuardCM.sol 6: interface IGovernor { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L6-L6 ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol 4: /// @dev Interface to process message across the bridge. 5: interface IFxMessageProcessor { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L4-L5 ```solidity File: governance/contracts/bridges/HomeMediator.sol 4: /// @dev Interface to the AMB Contract Proxy. 5: interface IAMB { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L4-L5 ```solidity File: governance/contracts/interfaces/IERC20.sol 4: /// @dev ERC20 token interface. 5: interface IERC20 { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/interfaces/IERC20.sol#L4-L5 ```solidity File: governance/contracts/interfaces/IErrors.sol 4: /// @dev Errors. 5: interface IErrors { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/interfaces/IErrors.sol#L4-L5 ```solidity File: registries/contracts/multisigs/GnosisSafeMultisig.sol 5: interface IGnosisSafeProxyFactory { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeMultisig.sol#L5-L5 ```solidity File: registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol 5: interface IGnosisSafe { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol#L5-L5 ```solidity File: registries/contracts/interfaces/IErrorsRegistries.sol 4: /// @dev Errors. 5: interface IErrorsRegistries { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/interfaces/IErrorsRegistries.sol#L4-L5 ```solidity File: registries/contracts/interfaces/IRegistry.sol 4: /// @dev Required interface for the component / agent manipulation. 5: interface IRegistry { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/interfaces/IRegistry.sol#L4-L5 ```solidity File: tokenomics/contracts/interfaces/IDonatorBlacklist.sol 4: /// @dev DonatorBlacklist interface. 5: interface IDonatorBlacklist { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IDonatorBlacklist.sol#L4-L5 ```solidity File: tokenomics/contracts/interfaces/IErrorsTokenomics.sol 4: /// @dev Errors. 5: interface IErrorsTokenomics { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IErrorsTokenomics.sol#L4-L5 ```solidity File: tokenomics/contracts/interfaces/IGenericBondCalculator.sol 4: /// @dev Interface for generic bond calculator. 5: interface IGenericBondCalculator { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IGenericBondCalculator.sol#L4-L5 ```solidity File: tokenomics/contracts/interfaces/IOLAS.sol 4: interface IOLAS { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IOLAS.sol#L4-L4 ```solidity File: tokenomics/contracts/interfaces/IServiceRegistry.sol 4: /// @dev Required interface for the service registry. 5: interface IServiceRegistry { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IServiceRegistry.sol#L4-L5 ```solidity File: tokenomics/contracts/interfaces/IToken.sol 4: /// @dev Generic token interface for IERC20 and IERC721 tokens. 5: interface IToken { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IToken.sol#L4-L5 ```solidity File: tokenomics/contracts/interfaces/ITokenomics.sol 4: /// @dev Interface for tokenomics management. 5: interface ITokenomics { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/ITokenomics.sol#L4-L5 ```solidity File: tokenomics/contracts/interfaces/ITreasury.sol 4: /// @dev Interface for treasury management. 5: interface ITreasury { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/ITreasury.sol#L4-L5 ```solidity File: tokenomics/contracts/interfaces/IUniswapV2Pair.sol 5: interface IUniswapV2Pair { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IUniswapV2Pair.sol#L5-L5 ```solidity File: tokenomics/contracts/interfaces/IVotingEscrow.sol 4: /// @dev Interface for voting escrow. 5: interface IVotingEscrow { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IVotingEscrow.sol#L4-L5 ### [N-57] Top level pragma declarations should be separated by two blank lines *There are 22 instance(s) of this issue:* ```solidity File: governance/contracts/GovernorOLAS.sol 2: pragma solidity ^0.8.20; 3: 4: import {IERC165} from "@openzeppelin/contracts/utils/introspection/IERC165.sol"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/GovernorOLAS.sol#L2-L4 ```solidity File: governance/contracts/Timelock.sol 2: pragma solidity ^0.8.20; 3: 4: import "@openzeppelin/contracts/governance/TimelockController.sol"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/Timelock.sol#L2-L4 ```solidity File: governance/contracts/OLAS.sol 2: pragma solidity ^0.8.15; 3: 4: import "../lib/solmate/src/tokens/ERC20.sol"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L2-L4 ```solidity File: governance/contracts/veOLAS.sol 2: pragma solidity ^0.8.15; 3: 4: import "@openzeppelin/contracts/governance/utils/IVotes.sol"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L2-L4 ```solidity File: governance/contracts/multisigs/GuardCM.sol 2: pragma solidity ^0.8.23; 3: 4: import {Enum} from "@gnosis.pm/safe-contracts/contracts/common/Enum.sol"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L2-L4 ```solidity File: governance/contracts/multisigs/GuardCM.sol 4: import {Enum} from "@gnosis.pm/safe-contracts/contracts/common/Enum.sol"; 5: 6: interface IGovernor { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L4-L6 ```solidity File: governance/contracts/bridges/BridgedERC20.sol 2: pragma solidity ^0.8.23; 3: 4: import {ERC20} from "../../lib/solmate/src/tokens/ERC20.sol"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/BridgedERC20.sol#L2-L4 ```solidity File: governance/contracts/bridges/FxERC20ChildTunnel.sol 2: pragma solidity ^0.8.23; 3: 4: import {FxBaseChildTunnel} from "../../lib/fx-portal/contracts/tunnel/FxBaseChildTunnel.sol"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20ChildTunnel.sol#L2-L4 ```solidity File: governance/contracts/bridges/FxERC20RootTunnel.sol 2: pragma solidity ^0.8.23; 3: 4: import {FxBaseRootTunnel} from "../../lib/fx-portal/contracts/tunnel/FxBaseRootTunnel.sol"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20RootTunnel.sol#L2-L4 ```solidity File: registries/contracts/GenericRegistry.sol 2: pragma solidity ^0.8.15; 3: 4: import "../lib/solmate/src/tokens/ERC721.sol"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L2-L4 ```solidity File: registries/contracts/UnitRegistry.sol 2: pragma solidity ^0.8.15; 3: 4: import "./GenericRegistry.sol"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L2-L4 ```solidity File: registries/contracts/ComponentRegistry.sol 2: pragma solidity ^0.8.15; 3: 4: import "./UnitRegistry.sol"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/ComponentRegistry.sol#L2-L4 ```solidity File: registries/contracts/AgentRegistry.sol 2: pragma solidity ^0.8.15; 3: 4: import "./UnitRegistry.sol"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/AgentRegistry.sol#L2-L4 ```solidity File: registries/contracts/GenericManager.sol 2: pragma solidity ^0.8.15; 3: 4: import "./interfaces/IErrorsRegistries.sol"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericManager.sol#L2-L4 ```solidity File: registries/contracts/RegistriesManager.sol 2: pragma solidity ^0.8.15; 3: 4: import "./GenericManager.sol"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/RegistriesManager.sol#L2-L4 ```solidity File: tokenomics/contracts/Depository.sol 2: pragma solidity ^0.8.20; 3: 4: import {IErrorsTokenomics} from "./interfaces/IErrorsTokenomics.sol"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L2-L4 ```solidity File: tokenomics/contracts/Dispenser.sol 2: pragma solidity ^0.8.18; 3: 4: import "./interfaces/IErrorsTokenomics.sol"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Dispenser.sol#L2-L4 ```solidity File: tokenomics/contracts/GenericBondCalculator.sol 2: pragma solidity ^0.8.18; 3: 4: import {mulDiv} from "@prb/math/src/Common.sol"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/GenericBondCalculator.sol#L2-L4 ```solidity File: tokenomics/contracts/Tokenomics.sol 2: pragma solidity ^0.8.20; 3: 4: import "./TokenomicsConstants.sol"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L2-L4 ```solidity File: tokenomics/contracts/TokenomicsConstants.sol 2: pragma solidity ^0.8.20; 3: 4: import "@prb/math/src/UD60x18.sol"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsConstants.sol#L2-L4 ```solidity File: tokenomics/contracts/Treasury.sol 2: pragma solidity ^0.8.18; 3: 4: import "./interfaces/IErrorsTokenomics.sol"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L2-L4 ```solidity File: tokenomics/contracts/interfaces/IOLAS.sol 2: pragma solidity ^0.8.18; 3: 4: interface IOLAS { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IOLAS.sol#L2-L4 ### [N-58] uint variables should have the bit size defined explicitly Instead of using uint to declare uint258, explicitly define uint258 to ensure there is no confusion *There are 1 instance(s) of this issue:* ```solidity File: tokenomics/contracts/interfaces/IUniswapV2Pair.sol //@audit `` 6: function totalSupply() external view returns (uint); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IUniswapV2Pair.sol#L6-L6 ### [N-59] Uncommented fields in a struct Consider adding comments for all the fields in a struct to improve the readability of the codebase. *There are 5 instance(s) of this issue:* ```solidity File: governance/contracts/veOLAS.sol //@audit Add explanational comments to the following items `endTime`, 61: struct LockedBalance { 62: // Token amount. It will never practically be bigger. Initial OLAS cap is 1 bn tokens, or 1e27. 63: // After 10 years, the inflation rate is 2% per year. It would take 1340+ years to reach 2^128 - 1 64: uint128 amount; 65: // Unlock time. It will never practically be bigger 66: uint64 endTime; 67: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L61-L67 ```solidity File: governance/contracts/wveOLAS.sol //@audit Add explanational comments to the following items `bias`, 05: struct PointVoting { 06: int128 bias; 07: int128 slope; 08: uint64 ts; 09: uint64 blockNumber; 10: uint128 balance; 11: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L5-L11 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit Add explanational comments to the following items `numNewUnits`, `topUpUnitFraction`, 43: struct UnitPoint { 44: // Summation of all the relative OLAS top-ups accumulated by each component / agent in a service 45: // After 10 years, the OLAS inflation rate is 2% per year. It would take 220+ years to reach 2^96 - 1 46: uint96 sumUnitTopUpsOLAS; 47: // Number of new units 48: // This number cannot be practically bigger than the total number of supported units 49: uint32 numNewUnits; 50: // Reward component / agent fraction 51: // This number cannot be practically bigger than 100 as the summation with other fractions gives at most 100 (%) 52: uint8 rewardUnitFraction; 53: // Top-up component / agent fraction 54: // This number cannot be practically bigger than 100 as the summation with other fractions gives at most 100 (%) 55: uint8 topUpUnitFraction; 56: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L43-L56 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit Add explanational comments to the following items `totalTopUpsOLAS`, 60: struct EpochPoint { 61: // Total amount of ETH donations accrued by the protocol during one epoch 62: // Even if the ETH inflation rate is 5% per year, it would take 130+ years to reach 2^96 - 1 of ETH total supply 63: uint96 totalDonationsETH; 64: // Amount of OLAS intended to fund top-ups for the epoch based on the inflation schedule 65: // After 10 years, the OLAS inflation rate is 2% per year. It would take 220+ years to reach 2^96 - 1 66: uint96 totalTopUpsOLAS; 67: // Inverse of the discount factor 68: // IDF is bound by a factor of 18, since (2^64 - 1) / 10^18 > 18 69: // IDF uses a multiplier of 10^18 by default, since it is a rational number and must be accounted for divisions 70: // The IDF depends on the epsilonRate value, idf = 1 + epsilonRate, and epsilonRate is bound by 17 with 18 decimals 71: uint64 idf; 72: // Number of new owners 73: // Each unit has at most one owner, so this number cannot be practically bigger than numNewUnits 74: uint32 numNewOwners; 75: // Epoch end timestamp 76: // 2^32 - 1 gives 136+ years counted in seconds starting from the year 1970, which is safe until the year of 2106 77: uint32 endTime; 78: // Parameters for rewards and top-ups (in percentage) 79: // Each of these numbers cannot be practically bigger than 100 as they sum up to 100% 80: // treasuryFraction + rewardComponentFraction + rewardAgentFraction = 100% 81: // Treasury fraction 82: uint8 rewardTreasuryFraction; 83: // maxBondFraction + topUpComponentFraction + topUpAgentFraction <= 100% 84: // Amount of OLAS (in percentage of inflation) intended to fund bonding incentives during the epoch 85: uint8 maxBondFraction; 86: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L60-L86 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit Add explanational comments to the following items `pendingRelativeReward`, `pendingRelativeTopUp`, `lastEpoch`, 099: struct IncentiveBalances { 100: // Reward in ETH 101: // Even if the ETH inflation rate is 5% per year, it would take 130+ years to reach 2^96 - 1 of ETH total supply 102: uint96 reward; 103: // Pending relative reward in ETH 104: uint96 pendingRelativeReward; 105: // Top-up in OLAS 106: // After 10 years, the OLAS inflation rate is 2% per year. It would take 220+ years to reach 2^96 - 1 107: uint96 topUp; 108: // Pending relative top-up 109: uint96 pendingRelativeTopUp; 110: // Last epoch number the information was updated 111: // This number cannot be practically bigger than the number of blocks 112: uint32 lastEpoch; 113: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L99-L113 ### [N-60] Event is missing `indexed` fields Index event fields make the field more quickly accessible to off-chain tools that parse events. However, note that each index field costs extra gas during emission, so it's not necessarily best to index the maximum allowed per event (three fields). Each event should use three indexed fields if there are three or more fields, and gas usage is not particularly of concern for the events in question. If there are fewer than three fields, all of the fields should be indexed. *There are 29 instance(s) of this issue:* ```solidity File: governance/contracts/veOLAS.sol 94: event Deposit(address indexed account, uint256 amount, uint256 locktime, DepositType depositType, uint256 ts); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L94-L94 ```solidity File: governance/contracts/veOLAS.sol 95: event Withdraw(address indexed account, uint256 amount, uint256 ts); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L95-L95 ```solidity File: governance/contracts/veOLAS.sol 96: event Supply(uint256 previousSupply, uint256 currentSupply); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L96-L96 ```solidity File: governance/contracts/multisigs/GuardCM.sol 90: event SetTargetSelectors(address[] indexed targets, bytes4[] indexed selectors, uint256[] chainIds, bool[] statuses); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L90-L90 ```solidity File: governance/contracts/multisigs/GuardCM.sol 91: event SetBridgeMediators(address[] indexed bridgeMediatorL1s, address[] indexed bridgeMediatorL2s, uint256[] chainIds); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L91-L91 ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol 47: event FundsReceived(address indexed sender, uint256 value); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L47-L47 ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol 49: event MessageReceived(uint256 indexed stateId, address indexed rootMessageSender, bytes data); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L49-L49 ```solidity File: governance/contracts/bridges/HomeMediator.sol 47: event FundsReceived(address indexed sender, uint256 value); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L47-L47 ```solidity File: governance/contracts/bridges/HomeMediator.sol 49: event MessageReceived(address indexed foreignMessageSender, bytes data); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L49-L49 ```solidity File: registries/contracts/GenericRegistry.sol 12: event BaseURIChanged(string baseURI); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L12-L12 ```solidity File: registries/contracts/UnitRegistry.sol 9: event CreateUnit(uint256 unitId, UnitType uType, bytes32 unitHash); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L9-L9 ```solidity File: registries/contracts/UnitRegistry.sol 10: event UpdateUnitHash(uint256 unitId, UnitType uType, bytes32 unitHash); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L10-L10 ```solidity File: tokenomics/contracts/Depository.sol 69: event RedeemBond(uint256 indexed productId, address indexed owner, uint256 bondId); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L69-L69 ```solidity File: tokenomics/contracts/Depository.sol 70: event CreateProduct(address indexed token, uint256 indexed productId, uint256 supply, uint256 priceLP, ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L70-L70 ```solidity File: tokenomics/contracts/Depository.sol 72: event CloseProduct(address indexed token, uint256 indexed productId, uint256 supply); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L72-L72 ```solidity File: tokenomics/contracts/Dispenser.sol 15: event IncentivesClaimed(address indexed owner, uint256 reward, uint256 topUp); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Dispenser.sol#L15-L15 ```solidity File: tokenomics/contracts/DonatorBlacklist.sol 22: event DonatorBlacklistStatus(address indexed account, bool status); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/DonatorBlacklist.sol#L22-L22 ```solidity File: tokenomics/contracts/Tokenomics.sol 123: event EpochLengthUpdated(uint256 epochLen); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L123-L123 ```solidity File: tokenomics/contracts/Tokenomics.sol 124: event EffectiveBondUpdated(uint256 effectiveBond); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L124-L124 ```solidity File: tokenomics/contracts/Tokenomics.sol 125: event IDFUpdated(uint256 idf); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L125-L125 ```solidity File: tokenomics/contracts/Tokenomics.sol 126: event TokenomicsParametersUpdateRequested(uint256 indexed epochNumber, uint256 devsPerCapital, uint256 codePerDev, ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L126-L126 ```solidity File: tokenomics/contracts/Tokenomics.sol 129: event IncentiveFractionsUpdateRequested(uint256 indexed epochNumber, uint256 rewardComponentFraction, ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L129-L129 ```solidity File: tokenomics/contracts/Tokenomics.sol 136: event EpochSettled(uint256 indexed epochCounter, uint256 treasuryRewards, uint256 accountRewards, uint256 accountTopUps); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L136-L136 ```solidity File: tokenomics/contracts/Treasury.sol 44: event DepositTokenFromAccount(address indexed account, address indexed token, uint256 tokenAmount, uint256 olasAmount); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L44-L44 ```solidity File: tokenomics/contracts/Treasury.sol 45: event DonateToServicesETH(address indexed sender, uint256[] serviceIds, uint256[] amounts, uint256 donation); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L45-L45 ```solidity File: tokenomics/contracts/Treasury.sol 46: event Withdraw(address indexed token, address indexed to, uint256 tokenAmount); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L46-L46 ```solidity File: tokenomics/contracts/Treasury.sol 49: event ReceiveETH(address indexed sender, uint256 amount); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L49-L49 ```solidity File: tokenomics/contracts/Treasury.sol 50: event UpdateTreasuryBalances(uint256 ETHOwned, uint256 ETHFromServices); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L50-L50 ```solidity File: tokenomics/contracts/Treasury.sol 53: event MinAcceptedETHUpdated(uint256 amount); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L53-L53 ### [N-61] Unused `error` definition Note that there may be cases where an error superficially appears to be used, but this is only because there are multiple definitions of the error in different files. In such cases, the error definition should be moved into a separate file. The instances below are the unused definitions. *There are 15 instance(s) of this issue:* ```solidity File: governance/contracts/multisigs/GuardCM.sol 47: error BridgeMediatorNotUnique(address bridgeMediator); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L47-L47 ```solidity File: registries/contracts/interfaces/IErrorsRegistries.sol 17: error HashExists(); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/interfaces/IErrorsRegistries.sol#L17-L17 ```solidity File: registries/contracts/interfaces/IErrorsRegistries.sol 24: error WrongAgentId(uint256 agentId); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/interfaces/IErrorsRegistries.sol#L24-L24 ```solidity File: registries/contracts/interfaces/IErrorsRegistries.sol 47: error AgentInstanceRegistered(address operator); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/interfaces/IErrorsRegistries.sol#L47-L47 ```solidity File: registries/contracts/interfaces/IErrorsRegistries.sol 51: error WrongOperator(uint256 serviceId); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/interfaces/IErrorsRegistries.sol#L51-L51 ```solidity File: registries/contracts/interfaces/IErrorsRegistries.sol 56: error OperatorHasNoInstances(address operator, uint256 serviceId); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/interfaces/IErrorsRegistries.sol#L56-L56 ```solidity File: registries/contracts/interfaces/IErrorsRegistries.sol 61: error AgentNotInService(uint256 agentId, uint256 serviceId); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/interfaces/IErrorsRegistries.sol#L61-L61 ```solidity File: registries/contracts/interfaces/IErrorsRegistries.sol 76: error ServiceMustBeInactive(uint256 serviceId); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/interfaces/IErrorsRegistries.sol#L76-L76 ```solidity File: registries/contracts/interfaces/IErrorsRegistries.sol 80: error AgentInstancesSlotsFilled(uint256 serviceId); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/interfaces/IErrorsRegistries.sol#L80-L80 ```solidity File: registries/contracts/interfaces/IErrorsRegistries.sol 85: error WrongServiceState(uint256 state, uint256 serviceId); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/interfaces/IErrorsRegistries.sol#L85-L85 ```solidity File: registries/contracts/interfaces/IErrorsRegistries.sol 91: error OnlyOwnServiceMultisig(address provided, address expected, uint256 serviceId); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/interfaces/IErrorsRegistries.sol#L91-L91 ```solidity File: registries/contracts/interfaces/IErrorsRegistries.sol 101: error IncorrectRegistrationDepositValue(uint256 sent, uint256 expected, uint256 serviceId); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/interfaces/IErrorsRegistries.sol#L101-L101 ```solidity File: registries/contracts/interfaces/IErrorsRegistries.sol 107: error IncorrectAgentBondingValue(uint256 sent, uint256 expected, uint256 serviceId); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/interfaces/IErrorsRegistries.sol#L107-L107 ```solidity File: tokenomics/contracts/interfaces/IErrorsTokenomics.sol 50: error WrongTokenAddress(address provided, address expected); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IErrorsTokenomics.sol#L50-L50 ```solidity File: tokenomics/contracts/interfaces/IErrorsTokenomics.sol 61: error ProductExpired(address tokenAddress, uint256 productId, uint256 deadline, uint256 curTime); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IErrorsTokenomics.sol#L61-L61 ### [N-62] Unused `event` definition The following events are never used, consider to remove them. *There are 1 instance(s) of this issue:* ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit EpochLengthUpdated is never used 123: event EpochLengthUpdated(uint256 epochLen); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L123-L123 ### [N-63] Unused Import Some files/Items are imported but never used *There are 1 instance(s) of this issue:* ```solidity File: tokenomics/contracts/TokenomicsConstants.sol //@audit `UD60x18` is not used 4: import "@prb/math/src/UD60x18.sol"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsConstants.sol#L4-L4 ### [N-64] Missing upgradability functionality At the begining of a project, there is always the need to modify of add something to the source code especialy if any vulnerability is discovered. Therefore, having such system is crusial at least at the first stages of the project *There are 1 instance(s) of this issue:* ```solidity File: governance/contracts/GovernorOLAS.sol 1: // SPDX-License-Identifier: MIT ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/GovernorOLAS.sol#L1-L1 ### [N-65] Use `abi.encodeCall()` instead of `abi.encodeSignature()`/`abi.encodeSelector()` `abi.encodeCall()` has compiler [type safety](OpenZeppelin/openzeppelin-contracts#3693), whereas the other two functions do not *There are 1 instance(s) of this issue:* ```solidity File: registries/contracts/multisigs/GnosisSafeMultisig.sol 102: bytes memory safeParams = abi.encodeWithSelector(GNOSIS_SAFE_SETUP_SELECTOR, owners, threshold, ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeMultisig.sol#L102-L102 ### [N-66] Use `string.concat()` on strings instead of `abi.encodePacked()` for clearer semantic meaning Starting with version 0.8.12, Solidity has the `string.concat()` function, which allows one to concatenate a list of strings, without extra padding. Using this function rather than `abi.encodePacked()` makes the intended operation more clear, leading to less reviewer confusion. *There are 1 instance(s) of this issue:* ```solidity File: registries/contracts/GenericRegistry.sol 139: return string(abi.encodePacked(baseURI, CID_PREFIX, _toHex16(bytes16(unitHash)), ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L139-L139 ### [N-67] Constants should be defined rather than using magic numbers Even [assembly](https://github.com/code-423n4/2022-05-opensea-seaport/blob/9d7ce4d08bf3c3010304a0476a785c70c0e90ae7/contracts/lib/TokenTransferrer.sol#L35-L39) can benefit from using readable constants instead of hex/numeric literals *There are 103 instance(s) of this issue:* ```solidity File: governance/contracts/OLAS.sol //@audit Try to make a `constant` with `18` value 35: constructor() ERC20("Autonolas", "OLAS", 18) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L35-L35 ```solidity File: governance/contracts/OLAS.sol //@audit Try to make a `constant` with `9` value 105: if (numYears > 9) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L105-L105 ```solidity File: governance/contracts/OLAS.sol //@audit Try to make a `constant` with `9` value 107: numYears -= 9; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L107-L107 ```solidity File: governance/contracts/OLAS.sol //@audit Try to make a `constant` with `100` value 109: supplyCap += (supplyCap * maxMintCapFraction) / 100; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L109-L109 ```solidity File: governance/contracts/veOLAS.sol //@audit Try to make a `constant` with `255` value 232: for (uint256 i = 0; i < 255; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L232-L232 ```solidity File: governance/contracts/veOLAS.sol //@audit Try to make a `constant` with `128` value 561: for (uint256 i = 0; i < 128; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L561-L561 ```solidity File: governance/contracts/veOLAS.sol //@audit Try to make a `constant` with `255` value 693: for (uint256 i = 0; i < 255; ++i) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L693-L693 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit Try to make a `constant` with `160` value 194: targetSelectorChainId |= uint256(uint32(bytes4(data))) << 160; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L194-L194 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit Try to make a `constant` with `192` value 196: targetSelectorChainId |= chainId << 192; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L196-L196 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit Try to make a `constant` with `100` value 259: if (chainId == 100 || chainId == 10200) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L259-L259 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit Try to make a `constant` with `10200` value 259: if (chainId == 100 || chainId == 10200) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L259-L259 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit Try to make a `constant` with `137` value 304: if (chainId == 137 || chainId == 80001) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L304-L304 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit Try to make a `constant` with `80001` value 304: if (chainId == 137 || chainId == 80001) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L304-L304 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit Try to make a `constant` with `4` value 274: payload[i] = data[i + 4]; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L274-L274 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit Try to make a `constant` with `4` value 341: payload[i] = data[i + 4]; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L341-L341 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit Try to make a `constant` with `160` value 370: uint256 chainId = bridgeMediatorL2ChainId >> 160; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L370-L370 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit Try to make a `constant` with `160` value 478: targetSelectorChainId |= uint256(uint32(selectors[i])) << 160; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L478-L478 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit Try to make a `constant` with `192` value 480: targetSelectorChainId |= chainIds[i] << 192; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L480-L480 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit Try to make a `constant` with `80001` value 519: if (chainId != 100 && chainId != 137 && chainId != 10200 && chainId != 80001) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L519-L519 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit Try to make a `constant` with `160` value 527: bridgeMediatorL2ChainId |= chainId << 160; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L527-L527 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit Try to make a `constant` with `10200` value 519: if (chainId != 100 && chainId != 137 && chainId != 10200 && chainId != 80001) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L519-L519 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit Try to make a `constant` with `100` value 519: if (chainId != 100 && chainId != 137 && chainId != 10200 && chainId != 80001) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L519-L519 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit Try to make a `constant` with `137` value 519: if (chainId != 100 && chainId != 137 && chainId != 10200 && chainId != 80001) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L519-L519 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit Try to make a `constant` with `160` value 586: targetSelectorChainId |= uint256(uint32(selector)) << 160; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L586-L586 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit Try to make a `constant` with `192` value 588: targetSelectorChainId |= chainId << 192; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L588-L588 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit Try to make a `constant` with `160` value 605: chainId = bridgeMediatorL2ChainId >> 160; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L605-L605 ```solidity File: registries/contracts/GenericRegistry.sol //@audit Try to make a `constant` with `0xFFFFFFFFFFFFFFFF000000000000000000000000000000000000000000000000` value 110: result = bytes32 (data) & 0xFFFFFFFFFFFFFFFF000000000000000000000000000000000000000000000000 | ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L110-L110 ```solidity File: registries/contracts/GenericRegistry.sol //@audit Try to make a `constant` with `64` value 111: (bytes32 (data) & 0x0000000000000000FFFFFFFFFFFFFFFF00000000000000000000000000000000) >> 64; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L111-L111 ```solidity File: registries/contracts/GenericRegistry.sol //@audit Try to make a `constant` with `0xFFFFFFFF000000000000000000000000FFFFFFFF000000000000000000000000` value 112: result = result & 0xFFFFFFFF000000000000000000000000FFFFFFFF000000000000000000000000 | ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L112-L112 ```solidity File: registries/contracts/GenericRegistry.sol //@audit Try to make a `constant` with `32` value 113: (result & 0x00000000FFFFFFFF000000000000000000000000FFFFFFFF0000000000000000) >> 32; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L113-L113 ```solidity File: registries/contracts/GenericRegistry.sol //@audit Try to make a `constant` with `0xFFFF000000000000FFFF000000000000FFFF000000000000FFFF000000000000` value 114: result = result & 0xFFFF000000000000FFFF000000000000FFFF000000000000FFFF000000000000 | ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L114-L114 ```solidity File: registries/contracts/GenericRegistry.sol //@audit Try to make a `constant` with `16` value 115: (result & 0x0000FFFF000000000000FFFF000000000000FFFF000000000000FFFF00000000) >> 16; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L115-L115 ```solidity File: registries/contracts/GenericRegistry.sol //@audit Try to make a `constant` with `0xFF000000FF000000FF000000FF000000FF000000FF000000FF000000FF000000` value 116: result = result & 0xFF000000FF000000FF000000FF000000FF000000FF000000FF000000FF000000 | ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L116-L116 ```solidity File: registries/contracts/GenericRegistry.sol //@audit Try to make a `constant` with `8` value 117: (result & 0x00FF000000FF000000FF000000FF000000FF000000FF000000FF000000FF0000) >> 8; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L117-L117 ```solidity File: registries/contracts/GenericRegistry.sol //@audit Try to make a `constant` with `4` value 118: result = (result & 0xF000F000F000F000F000F000F000F000F000F000F000F000F000F000F000F000) >> 4 | ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L118-L118 ```solidity File: registries/contracts/GenericRegistry.sol //@audit Try to make a `constant` with `8` value 119: (result & 0x0F000F000F000F000F000F000F000F000F000F000F000F000F000F000F000F00) >> 8; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L119-L119 ```solidity File: registries/contracts/GenericRegistry.sol //@audit Try to make a `constant` with `0x3030303030303030303030303030303030303030303030303030303030303030` value 120: result = bytes32 (0x3030303030303030303030303030303030303030303030303030303030303030 + ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L120-L120 ```solidity File: registries/contracts/GenericRegistry.sol //@audit Try to make a `constant` with `39` value 123: 0x0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F) * 39); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L123-L123 ```solidity File: registries/contracts/GenericRegistry.sol //@audit Try to make a `constant` with `0x0000000000000000FFFFFFFFFFFFFFFF00000000000000000000000000000000` value 111: (bytes32 (data) & 0x0000000000000000FFFFFFFFFFFFFFFF00000000000000000000000000000000) >> 64; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L111-L111 ```solidity File: registries/contracts/GenericRegistry.sol //@audit Try to make a `constant` with `0x00000000FFFFFFFF000000000000000000000000FFFFFFFF0000000000000000` value 113: (result & 0x00000000FFFFFFFF000000000000000000000000FFFFFFFF0000000000000000) >> 32; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L113-L113 ```solidity File: registries/contracts/GenericRegistry.sol //@audit Try to make a `constant` with `0x0000FFFF000000000000FFFF000000000000FFFF000000000000FFFF00000000` value 115: (result & 0x0000FFFF000000000000FFFF000000000000FFFF000000000000FFFF00000000) >> 16; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L115-L115 ```solidity File: registries/contracts/GenericRegistry.sol //@audit Try to make a `constant` with `0x00FF000000FF000000FF000000FF000000FF000000FF000000FF000000FF0000` value 117: (result & 0x00FF000000FF000000FF000000FF000000FF000000FF000000FF000000FF0000) >> 8; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L117-L117 ```solidity File: registries/contracts/GenericRegistry.sol //@audit Try to make a `constant` with `0xF000F000F000F000F000F000F000F000F000F000F000F000F000F000F000F000` value 118: result = (result & 0xF000F000F000F000F000F000F000F000F000F000F000F000F000F000F000F000) >> 4 | ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L118-L118 ```solidity File: registries/contracts/GenericRegistry.sol //@audit Try to make a `constant` with `0x0F000F000F000F000F000F000F000F000F000F000F000F000F000F000F000F00` value 119: (result & 0x0F000F000F000F000F000F000F000F000F000F000F000F000F000F000F000F00) >> 8; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L119-L119 ```solidity File: registries/contracts/GenericRegistry.sol //@audit Try to make a `constant` with `0x0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F` value 123: 0x0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F) * 39); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L123-L123 ```solidity File: registries/contracts/GenericRegistry.sol //@audit Try to make a `constant` with `4` value 122: (uint256 (result) + 0x0606060606060606060606060606060606060606060606060606060606060606 >> 4 & ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L122-L122 ```solidity File: registries/contracts/GenericRegistry.sol //@audit Try to make a `constant` with `0x0606060606060606060606060606060606060606060606060606060606060606` value 122: (uint256 (result) + 0x0606060606060606060606060606060606060606060606060606060606060606 >> 4 & ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L122-L122 ```solidity File: registries/contracts/GenericRegistry.sol //@audit Try to make a `constant` with `128` value 140: _toHex16(bytes16(unitHash << 128)))); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L140-L140 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit Try to make a `constant` with `50` value 360: uint256 _maxBondFraction = 50; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L360-L360 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit Try to make a `constant` with `10_000e18` value 293: veOLASThreshold = 10_000e18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L293-L293 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit Try to make a `constant` with `83` value 348: tp.unitPoints[0].rewardUnitFraction = 83; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L348-L348 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit Try to make a `constant` with `17` value 349: tp.unitPoints[1].rewardUnitFraction = 17; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L349-L349 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit Try to make a `constant` with `41` value 362: tp.unitPoints[0].topUpUnitFraction = 41; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L362-L362 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit Try to make a `constant` with `9` value 363: tp.unitPoints[1].topUpUnitFraction = 9; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L363-L363 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit Try to make a `constant` with `100` value 367: uint256 _maxBond = (_inflationPerSecond * _epochLen * _maxBondFraction) / 100; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L367-L367 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit Try to make a `constant` with `17e18` value 529: if (_epsilonRate > 0 && _epsilonRate <= 17e18) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L529-L529 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit Try to make a `constant` with `100` value 576: if (_rewardComponentFraction + _rewardAgentFraction > 100) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L576-L576 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit Try to make a `constant` with `100` value 581: if (_maxBondFraction + _topUpComponentFraction + _topUpAgentFraction > 100) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L581-L581 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit Try to make a `constant` with `100` value 577: revert WrongAmount(_rewardComponentFraction + _rewardAgentFraction, 100); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L577-L577 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit Try to make a `constant` with `100` value 582: revert WrongAmount(_maxBondFraction + _topUpComponentFraction + _topUpAgentFraction, 100); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L582-L582 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit Try to make a `constant` with `100` value 592: tp.epochPoint.rewardTreasuryFraction = uint8(100 - _rewardComponentFraction - _rewardAgentFraction); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L592-L592 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit Try to make a `constant` with `100` value 674: uint256 sumUnitIncentives = uint256(mapEpochTokenomics[epochNum].unitPoints[unitType].sumUnitTopUpsOLAS) * 100; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L674-L674 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit Try to make a `constant` with `100` value 659: totalIncentives = mapUnitIncentives[unitType][unitId].reward + totalIncentives / 100; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L659-L659 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit Try to make a `constant` with `4` value 693: bool[] memory incentiveFlags = new bool[](4); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L693-L693 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit Try to make a `constant` with `100e18` value 852: fp = fp.div(UD60x18.wrap(100e18)); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L852-L852 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit Try to make a `constant` with `7` value 913: uint256[] memory incentives = new uint256[](7); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L913-L913 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit Try to make a `constant` with `100` value 915: incentives[1] = (incentives[0] * tp.epochPoint.rewardTreasuryFraction) / 100; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L915-L915 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit Try to make a `constant` with `100` value 917: incentives[2] = (incentives[0] * tp.unitPoints[0].rewardUnitFraction) / 100; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L917-L917 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit Try to make a `constant` with `100` value 918: incentives[3] = (incentives[0] * tp.unitPoints[1].rewardUnitFraction) / 100; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L918-L918 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit Try to make a `constant` with `100` value 951: incentives[4] = (inflationPerEpoch * tp.epochPoint.maxBondFraction) / 100; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L951-L951 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit Try to make a `constant` with `100` value 1054: incentives[5] = (inflationPerEpoch * tp.unitPoints[0].topUpUnitFraction) / 100; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1054-L1054 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit Try to make a `constant` with `100` value 1056: incentives[6] = (inflationPerEpoch * tp.unitPoints[1].topUpUnitFraction) / 100; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1056-L1056 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit Try to make a `constant` with `0x04` value 942: tokenomicsParametersUpdated = tokenomicsParametersUpdated | 0x04; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L942-L942 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit Try to make a `constant` with `100` value 1023: curMaxBond = (inflationPerEpoch * nextEpochPoint.epochPoint.maxBondFraction) / 100; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1023-L1023 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit Try to make a `constant` with `100` value 1030: curMaxBond = (curEpochLen * curInflationPerSecond * nextEpochPoint.epochPoint.maxBondFraction) / 100; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1030-L1030 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit Try to make a `constant` with `100` value 1222: uint256 sumUnitIncentives = uint256(mapEpochTokenomics[lastEpoch].unitPoints[unitTypes[i]].sumUnitTopUpsOLAS) * 100; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1222-L1222 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit Try to make a `constant` with `100` value 1213: reward += totalIncentives / 100; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1213-L1213 ```solidity File: tokenomics/contracts/TokenomicsConstants.sol //@audit Try to make a `constant` with `10` value 32: if (numYears < 10) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsConstants.sol#L32-L32 ```solidity File: tokenomics/contracts/TokenomicsConstants.sol //@audit Try to make a `constant` with `9` value 48: numYears -= 9; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsConstants.sol#L48-L48 ```solidity File: tokenomics/contracts/TokenomicsConstants.sol //@audit Try to make a `constant` with `529_659_000_00e16` value 34: 529_659_000_00e16, ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsConstants.sol#L34-L34 ```solidity File: tokenomics/contracts/TokenomicsConstants.sol //@audit Try to make a `constant` with `569_913_084_00e16` value 35: 569_913_084_00e16, ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsConstants.sol#L35-L35 ```solidity File: tokenomics/contracts/TokenomicsConstants.sol //@audit Try to make a `constant` with `641_152_219_50e16` value 36: 641_152_219_50e16, ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsConstants.sol#L36-L36 ```solidity File: tokenomics/contracts/TokenomicsConstants.sol //@audit Try to make a `constant` with `708_500_141_72e16` value 37: 708_500_141_72e16, ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsConstants.sol#L37-L37 ```solidity File: tokenomics/contracts/TokenomicsConstants.sol //@audit Try to make a `constant` with `771_039_876_00e16` value 38: 771_039_876_00e16, ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsConstants.sol#L38-L38 ```solidity File: tokenomics/contracts/TokenomicsConstants.sol //@audit Try to make a `constant` with `828_233_282_97e16` value 39: 828_233_282_97e16, ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsConstants.sol#L39-L39 ```solidity File: tokenomics/contracts/TokenomicsConstants.sol //@audit Try to make a `constant` with `879_860_040_11e16` value 40: 879_860_040_11e16, ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsConstants.sol#L40-L40 ```solidity File: tokenomics/contracts/TokenomicsConstants.sol //@audit Try to make a `constant` with `925_948_139_65e16` value 41: 925_948_139_65e16, ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsConstants.sol#L41-L41 ```solidity File: tokenomics/contracts/TokenomicsConstants.sol //@audit Try to make a `constant` with `966_706_331_40e16` value 42: 966_706_331_40e16, ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsConstants.sol#L42-L42 ```solidity File: tokenomics/contracts/TokenomicsConstants.sol //@audit Try to make a `constant` with `100` value 56: supplyCap += (supplyCap * maxMintCapFraction) / 100; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsConstants.sol#L56-L56 ```solidity File: tokenomics/contracts/TokenomicsConstants.sol //@audit Try to make a `constant` with `10` value 68: if (numYears < 10) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsConstants.sol#L68-L68 ```solidity File: tokenomics/contracts/TokenomicsConstants.sol //@audit Try to make a `constant` with `9` value 85: numYears -= 9; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsConstants.sol#L85-L85 ```solidity File: tokenomics/contracts/TokenomicsConstants.sol //@audit Try to make a `constant` with `3_159_000_00e16` value 71: 3_159_000_00e16, ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsConstants.sol#L71-L71 ```solidity File: tokenomics/contracts/TokenomicsConstants.sol //@audit Try to make a `constant` with `40_254_084_00e16` value 72: 40_254_084_00e16, ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsConstants.sol#L72-L72 ```solidity File: tokenomics/contracts/TokenomicsConstants.sol //@audit Try to make a `constant` with `71_239_135_50e16` value 73: 71_239_135_50e16, ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsConstants.sol#L73-L73 ```solidity File: tokenomics/contracts/TokenomicsConstants.sol //@audit Try to make a `constant` with `67_347_922_22e16` value 74: 67_347_922_22e16, ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsConstants.sol#L74-L74 ```solidity File: tokenomics/contracts/TokenomicsConstants.sol //@audit Try to make a `constant` with `62_539_734_28e16` value 75: 62_539_734_28e16, ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsConstants.sol#L75-L75 ```solidity File: tokenomics/contracts/TokenomicsConstants.sol //@audit Try to make a `constant` with `57_193_406_97e16` value 76: 57_193_406_97e16, ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsConstants.sol#L76-L76 ```solidity File: tokenomics/contracts/TokenomicsConstants.sol //@audit Try to make a `constant` with `51_626_757_14e16` value 77: 51_626_757_14e16, ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsConstants.sol#L77-L77 ```solidity File: tokenomics/contracts/TokenomicsConstants.sol //@audit Try to make a `constant` with `46_088_099_54e16` value 78: 46_088_099_54e16, ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsConstants.sol#L78-L78 ```solidity File: tokenomics/contracts/TokenomicsConstants.sol //@audit Try to make a `constant` with `40_758_191_75e16` value 79: 40_758_191_75e16, ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsConstants.sol#L79-L79 ```solidity File: tokenomics/contracts/TokenomicsConstants.sol //@audit Try to make a `constant` with `33_293_668_60e16` value 80: 33_293_668_60e16 ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsConstants.sol#L80-L80 ```solidity File: tokenomics/contracts/TokenomicsConstants.sol //@audit Try to make a `constant` with `100` value 97: inflationAmount = (supplyCap * maxMintCapFraction) / 100; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsConstants.sol#L97-L97 ```solidity File: tokenomics/contracts/TokenomicsConstants.sol //@audit Try to make a `constant` with `100` value 93: supplyCap += (supplyCap * maxMintCapFraction) / 100; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsConstants.sol#L93-L93 ### [N-68] Use the latest solidity (prior to 0.8.20 if on L2s) for deployment ``` When deploying contracts, you should use the latest released version of Solidity.Apart from exceptional cases, only the latest version receives security fixes. ``` https://docs.soliditylang.org/en/v0.8.20/ *There are 30 instance(s) of this issue:* ```solidity File: governance/contracts/OLAS.sol 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L2-L2 ```solidity File: governance/contracts/veOLAS.sol 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L2-L2 ```solidity File: governance/contracts/wveOLAS.sol 2: pragma solidity ^0.8.19; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L2-L2 ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol 2: pragma solidity ^0.8.19; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L2-L2 ```solidity File: governance/contracts/bridges/HomeMediator.sol 2: pragma solidity ^0.8.19; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L2-L2 ```solidity File: governance/contracts/interfaces/IErrors.sol 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/interfaces/IErrors.sol#L2-L2 ```solidity File: registries/contracts/GenericRegistry.sol 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L2-L2 ```solidity File: registries/contracts/UnitRegistry.sol 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L2-L2 ```solidity File: registries/contracts/ComponentRegistry.sol 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/ComponentRegistry.sol#L2-L2 ```solidity File: registries/contracts/AgentRegistry.sol 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/AgentRegistry.sol#L2-L2 ```solidity File: registries/contracts/GenericManager.sol 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericManager.sol#L2-L2 ```solidity File: registries/contracts/RegistriesManager.sol 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/RegistriesManager.sol#L2-L2 ```solidity File: registries/contracts/multisigs/GnosisSafeMultisig.sol 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeMultisig.sol#L2-L2 ```solidity File: registries/contracts/interfaces/IErrorsRegistries.sol 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/interfaces/IErrorsRegistries.sol#L2-L2 ```solidity File: registries/contracts/interfaces/IRegistry.sol 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/interfaces/IRegistry.sol#L2-L2 ```solidity File: tokenomics/contracts/Dispenser.sol 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Dispenser.sol#L2-L2 ```solidity File: tokenomics/contracts/DonatorBlacklist.sol 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/DonatorBlacklist.sol#L2-L2 ```solidity File: tokenomics/contracts/GenericBondCalculator.sol 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/GenericBondCalculator.sol#L2-L2 ```solidity File: tokenomics/contracts/TokenomicsProxy.sol 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsProxy.sol#L2-L2 ```solidity File: tokenomics/contracts/Treasury.sol 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L2-L2 ```solidity File: tokenomics/contracts/interfaces/IDonatorBlacklist.sol 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IDonatorBlacklist.sol#L2-L2 ```solidity File: tokenomics/contracts/interfaces/IErrorsTokenomics.sol 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IErrorsTokenomics.sol#L2-L2 ```solidity File: tokenomics/contracts/interfaces/IGenericBondCalculator.sol 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IGenericBondCalculator.sol#L2-L2 ```solidity File: tokenomics/contracts/interfaces/IOLAS.sol 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IOLAS.sol#L2-L2 ```solidity File: tokenomics/contracts/interfaces/IServiceRegistry.sol 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IServiceRegistry.sol#L2-L2 ```solidity File: tokenomics/contracts/interfaces/IToken.sol 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IToken.sol#L2-L2 ```solidity File: tokenomics/contracts/interfaces/ITokenomics.sol 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/ITokenomics.sol#L2-L2 ```solidity File: tokenomics/contracts/interfaces/ITreasury.sol 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/ITreasury.sol#L2-L2 ```solidity File: tokenomics/contracts/interfaces/IUniswapV2Pair.sol 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IUniswapV2Pair.sol#L2-L2 ```solidity File: tokenomics/contracts/interfaces/IVotingEscrow.sol 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IVotingEscrow.sol#L2-L2 ### [N-69] Use a single file for system wide constants Consider grouping all the system constants under a single file. This finding shows only the first constant for each file. *There are 15 instance(s) of this issue:* ```solidity File: governance/contracts/OLAS.sol 22: uint256 public constant oneYear = 1 days * 365; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L22-L22 ```solidity File: governance/contracts/veOLAS.sol 99: uint64 internal constant WEEK = 1 weeks; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L99-L99 ```solidity File: governance/contracts/wveOLAS.sol 136: string public constant name = "Voting Escrow OLAS"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L136-L136 ```solidity File: governance/contracts/multisigs/GuardCM.sol 97: bytes4 public constant SCHEDULE = bytes4(keccak256(bytes("schedule(address,uint256,bytes,bytes32,bytes32,uint256)"))); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L97-L97 ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol 53: uint256 public constant DEFAULT_DATA_LENGTH = 36; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L53-L53 ```solidity File: governance/contracts/bridges/HomeMediator.sol 53: uint256 public constant DEFAULT_DATA_LENGTH = 36; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L53-L53 ```solidity File: registries/contracts/GenericRegistry.sol 33: string public constant CID_PREFIX = "f01701220"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L33-L33 ```solidity File: registries/contracts/ComponentRegistry.sol 10: string public constant VERSION = "1.0.0"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/ComponentRegistry.sol#L10-L10 ```solidity File: registries/contracts/AgentRegistry.sol 13: string public constant VERSION = "1.0.0"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/AgentRegistry.sol#L13-L13 ```solidity File: registries/contracts/multisigs/GnosisSafeMultisig.sol 26: bytes4 public constant GNOSIS_SAFE_SETUP_SELECTOR = 0xb63e800d; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeMultisig.sol#L26-L26 ```solidity File: registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol 53: uint256 public constant DEFAULT_DATA_LENGTH = 20; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol#L53-L53 ```solidity File: tokenomics/contracts/Depository.sol 75: uint256 public constant MIN_VESTING = 1 days; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L75-L75 ```solidity File: tokenomics/contracts/TokenomicsConstants.sol 11: string public constant VERSION = "1.0.1"; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsConstants.sol#L11-L11 ```solidity File: tokenomics/contracts/TokenomicsProxy.sol 28: bytes32 public constant PROXY_TOKENOMICS = 0xbd5523e7c3b6a94aa0e3b24d1120addc2f95c7029e097b466b2bedc8d4b4362f; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsProxy.sol#L28-L28 ```solidity File: tokenomics/contracts/Treasury.sol 56: address public constant ETH_TOKEN_ADDRESS = address(0xEeeeeEeeeEeEeeEeEeEeeEEEeeeeEeeeeeeeEEeE); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L56-L56 ### [N-70] Consider using SMTChecker The SMTChecker is a valuable tool for Solidity developers as it helps detect potential vulnerabilities and logical errors in the contract's code. By utilizing Satisfiability Modulo Theories (SMT) solvers, it can reason about the potential states a contract can be in, and therefore, identify conditions that could lead to undesirable behavior. This automatic formal verification can catch issues that might otherwise be missed in manual code reviews or standard testing, enhancing the overall contract's security and reliability. *There are 41 instance(s) of this issue:* ```solidity File: governance/contracts/GovernorOLAS.sol 2: pragma solidity ^0.8.20; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/GovernorOLAS.sol#L2-L2 ```solidity File: governance/contracts/Timelock.sol 2: pragma solidity ^0.8.20; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/Timelock.sol#L2-L2 ```solidity File: governance/contracts/OLAS.sol 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L2-L2 ```solidity File: governance/contracts/veOLAS.sol 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L2-L2 ```solidity File: governance/contracts/wveOLAS.sol 2: pragma solidity ^0.8.19; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L2-L2 ```solidity File: governance/contracts/multisigs/GuardCM.sol 2: pragma solidity ^0.8.23; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L2-L2 ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol 2: pragma solidity ^0.8.19; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L2-L2 ```solidity File: governance/contracts/bridges/HomeMediator.sol 2: pragma solidity ^0.8.19; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L2-L2 ```solidity File: governance/contracts/bridges/BridgedERC20.sol 2: pragma solidity ^0.8.23; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/BridgedERC20.sol#L2-L2 ```solidity File: governance/contracts/bridges/FxERC20ChildTunnel.sol 2: pragma solidity ^0.8.23; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20ChildTunnel.sol#L2-L2 ```solidity File: governance/contracts/bridges/FxERC20RootTunnel.sol 2: pragma solidity ^0.8.23; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20RootTunnel.sol#L2-L2 ```solidity File: governance/contracts/interfaces/IERC20.sol 2: pragma solidity ^0.8.21; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/interfaces/IERC20.sol#L2-L2 ```solidity File: governance/contracts/interfaces/IErrors.sol 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/interfaces/IErrors.sol#L2-L2 ```solidity File: registries/contracts/GenericRegistry.sol 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L2-L2 ```solidity File: registries/contracts/UnitRegistry.sol 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L2-L2 ```solidity File: registries/contracts/ComponentRegistry.sol 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/ComponentRegistry.sol#L2-L2 ```solidity File: registries/contracts/AgentRegistry.sol 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/AgentRegistry.sol#L2-L2 ```solidity File: registries/contracts/GenericManager.sol 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericManager.sol#L2-L2 ```solidity File: registries/contracts/RegistriesManager.sol 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/RegistriesManager.sol#L2-L2 ```solidity File: registries/contracts/multisigs/GnosisSafeMultisig.sol 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeMultisig.sol#L2-L2 ```solidity File: registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol 2: pragma solidity ^0.8.21; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol#L2-L2 ```solidity File: registries/contracts/interfaces/IErrorsRegistries.sol 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/interfaces/IErrorsRegistries.sol#L2-L2 ```solidity File: registries/contracts/interfaces/IRegistry.sol 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/interfaces/IRegistry.sol#L2-L2 ```solidity File: tokenomics/contracts/Depository.sol 2: pragma solidity ^0.8.20; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L2-L2 ```solidity File: tokenomics/contracts/Dispenser.sol 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Dispenser.sol#L2-L2 ```solidity File: tokenomics/contracts/DonatorBlacklist.sol 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/DonatorBlacklist.sol#L2-L2 ```solidity File: tokenomics/contracts/GenericBondCalculator.sol 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/GenericBondCalculator.sol#L2-L2 ```solidity File: tokenomics/contracts/Tokenomics.sol 2: pragma solidity ^0.8.20; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L2-L2 ```solidity File: tokenomics/contracts/TokenomicsConstants.sol 2: pragma solidity ^0.8.20; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsConstants.sol#L2-L2 ```solidity File: tokenomics/contracts/TokenomicsProxy.sol 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsProxy.sol#L2-L2 ```solidity File: tokenomics/contracts/Treasury.sol 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L2-L2 ```solidity File: tokenomics/contracts/interfaces/IDonatorBlacklist.sol 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IDonatorBlacklist.sol#L2-L2 ```solidity File: tokenomics/contracts/interfaces/IErrorsTokenomics.sol 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IErrorsTokenomics.sol#L2-L2 ```solidity File: tokenomics/contracts/interfaces/IGenericBondCalculator.sol 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IGenericBondCalculator.sol#L2-L2 ```solidity File: tokenomics/contracts/interfaces/IOLAS.sol 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IOLAS.sol#L2-L2 ```solidity File: tokenomics/contracts/interfaces/IServiceRegistry.sol 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IServiceRegistry.sol#L2-L2 ```solidity File: tokenomics/contracts/interfaces/IToken.sol 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IToken.sol#L2-L2 ```solidity File: tokenomics/contracts/interfaces/ITokenomics.sol 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/ITokenomics.sol#L2-L2 ```solidity File: tokenomics/contracts/interfaces/ITreasury.sol 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/ITreasury.sol#L2-L2 ```solidity File: tokenomics/contracts/interfaces/IUniswapV2Pair.sol 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IUniswapV2Pair.sol#L2-L2 ```solidity File: tokenomics/contracts/interfaces/IVotingEscrow.sol 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IVotingEscrow.sol#L2-L2 ### [N-71] Variable name must be in mixedCase Avoid using underscore for variable Names or parameters *There are 1 instance(s) of this issue:* ```solidity File: governance/contracts/veOLAS.sol // @audit block_slope 221: uint256 block_slope; // dblock/dt ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L221-L221 ### [N-72] Whitespace in Expressions See the [Whitespace in Expressions](https://docs.soliditylang.org/en/latest/style-guide.html#whitespace-in-expressions) section of the Solidity Style Guide *There are 16 instance(s) of this issue:* ```solidity File: governance/contracts/veOLAS.sol //@audit remove the whiteSpace before the ')' char 624: (PointVoting memory uPoint, ) = _findPointByBlock(blockNumber, account); 625: // If the block number at the point index is bigger than the specified block number, the balance was zero ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L624-L625 ```solidity File: governance/contracts/veOLAS.sol //@audit remove the whiteSpace before the ')' char 674: (PointVoting memory uPoint, ) = _findPointByBlock(blockNumber, account); 675: ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L674-L675 ```solidity File: governance/contracts/veOLAS.sol //@audit remove the whiteSpace before the ')' char 728: (PointVoting memory sPoint, ) = _findPointByBlock(blockNumber, address(0)); 729: // If the block number at the point index is bigger than the specified block number, the balance was zero ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L728-L729 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit remove the whiteSpace before the ')' char 278: (address homeMediator, bytes memory mediatorPayload, ) = abi.decode(payload, (address, bytes, uint256)); 279: // Check that the home mediator matches the L2 bridge mediator address ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L278-L279 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit remove the whiteSpace before the ')' char 351: (targets[0], , callDatas[0], , , ) = 352: abi.decode(payload, (address, uint256, bytes, bytes32, bytes32, uint256)); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L351-L352 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit remove the whiteSpace before the ',' char 351: (targets[0], , callDatas[0], , , ) = 352: abi.decode(payload, (address, uint256, bytes, bytes32, bytes32, uint256)); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L351-L352 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit remove the whiteSpace before the ')' char 355: (targets, , callDatas, , , ) = 356: abi.decode(payload, (address[], uint256[], bytes[], bytes32, bytes32, uint256)); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L355-L356 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit remove the whiteSpace before the ',' char 355: (targets, , callDatas, , , ) = 356: abi.decode(payload, (address[], uint256[], bytes[], bytes32, bytes32, uint256)); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L355-L356 ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol //@audit remove the whiteSpace before the ')' char 160: (bool success, ) = target.call{value: value}(payload); 161: if (!success) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L160-L161 ```solidity File: governance/contracts/bridges/HomeMediator.sol //@audit remove the whiteSpace before the ')' char 160: (bool success, ) = target.call{value: value}(payload); 161: if (!success) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L160-L161 ```solidity File: registries/contracts/AgentRegistry.sol //@audit remove the whiteSpace before the ')' char 60: (subComponentIds, ) = IRegistry(componentRegistry).getLocalSubComponents(uint256(unitId)); 61: } else { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/AgentRegistry.sol#L60-L61 ```solidity File: registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol //@audit remove the whiteSpace before the ')' char 118: (bool success, ) = multisig.call(payload); 119: if (!success) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol#L118-L119 ```solidity File: tokenomics/contracts/GenericBondCalculator.sol //@audit remove the whiteSpace before the ')' char 80: (reserve0, reserve1, ) = pair.getReserves(); 81: // token0 != olas && token1 != olas, this should never happen ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/GenericBondCalculator.sol#L80-L81 ```solidity File: tokenomics/contracts/TokenomicsProxy.sol //@audit remove the whiteSpace before the ')' char 48: (bool success, ) = tokenomics.delegatecall(tokenomicsData); 49: if (!success) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsProxy.sol#L48-L49 ```solidity File: tokenomics/contracts/Treasury.sol //@audit remove the whiteSpace before the ')' char 339: (success, ) = to.call{value: tokenAmount}(""); 340: if (!success) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L339-L340 ```solidity File: tokenomics/contracts/Treasury.sol //@audit remove the whiteSpace before the ')' char 406: (success, ) = account.call{value: accountRewards}(""); 407: if (!success) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L406-L407 ### [N-73] Complex function controle flow Due to multiple if, loop and conditions the following functions has a very complex controle flow that could make auditing very difficult to cover all possible path Therefore, consider breaking down these blocks into more manageable units, by splitting things into utility functions, by reducing nesting, and by using early returns *There are 15 instance(s) of this issue:* ```solidity File: governance/contracts/veOLAS.sol 173: function _checkpoint( 174: address account, 175: LockedBalance memory oldLocked, 176: LockedBalance memory newLocked, 177: uint128 curSupply 178: ) internal { 179: PointVoting memory uOld; 180: PointVoting memory uNew; 181: int128 oldDSlope; 182: int128 newDSlope; 183: uint256 curNumPoint = totalNumPoints; 184: 185: if (account != address(0)) { 186: // Calculate slopes and biases 187: // Kept at zero when they have to 188: if (oldLocked.endTime > block.timestamp && oldLocked.amount > 0) { 189: uOld.slope = int128(oldLocked.amount) / IMAXTIME; 190: uOld.bias = uOld.slope * int128(uint128(oldLocked.endTime - uint64(block.timestamp))); 191: } 192: if (newLocked.endTime > block.timestamp && newLocked.amount > 0) { 193: uNew.slope = int128(newLocked.amount) / IMAXTIME; 194: uNew.bias = uNew.slope * int128(uint128(newLocked.endTime - uint64(block.timestamp))); 195: } 196: 197: // Reads values of scheduled changes in the slope 198: // oldLocked.endTime can be in the past and in the future 199: // newLocked.endTime can ONLY be in the FUTURE unless everything is expired: then zeros 200: oldDSlope = mapSlopeChanges[oldLocked.endTime]; 201: if (newLocked.endTime > 0) { 202: if (newLocked.endTime == oldLocked.endTime) { 203: newDSlope = oldDSlope; 204: } else { 205: newDSlope = mapSlopeChanges[newLocked.endTime]; 206: } 207: } 208: } 209: 210: PointVoting memory lastPoint; 211: if (curNumPoint > 0) { 212: lastPoint = mapSupplyPoints[curNumPoint]; 213: } else { 214: // If no point is created yet, we take the actual time and block parameters 215: lastPoint = PointVoting(0, 0, uint64(block.timestamp), uint64(block.number), 0); 216: } 217: uint64 lastCheckpoint = lastPoint.ts; 218: // initialPoint is used for extrapolation to calculate the block number and save them 219: // as we cannot figure that out in exact values from inside of the contract 220: PointVoting memory initialPoint = lastPoint; 221: uint256 block_slope; // dblock/dt 222: if (block.timestamp > lastPoint.ts) { 223: // This 1e18 multiplier is needed for the numerator to be bigger than the denominator 224: // We need to calculate this in > uint64 size (1e18 is > 2^59 multiplied by 2^64). 225: block_slope = (1e18 * uint256(block.number - lastPoint.blockNumber)) / uint256(block.timestamp - lastPoint.ts); 226: } 227: // If last point is already recorded in this block, slope == 0, but we know the block already in this case 228: // Go over weeks to fill in the history and (or) calculate what the current point is 229: { 230: // The timestamp is rounded by a week and < 2^64-1 231: uint64 tStep = (lastCheckpoint / WEEK) * WEEK; 232: for (uint256 i = 0; i < 255; ++i) { 233: // Hopefully it won't happen that this won't get used in 5 years! 234: // If it does, users will be able to withdraw but vote weight will be broken 235: // This is always practically < 2^64-1 236: unchecked { 237: tStep += WEEK; 238: } 239: int128 dSlope; 240: if (tStep > block.timestamp) { 241: tStep = uint64(block.timestamp); 242: } else { 243: dSlope = mapSlopeChanges[tStep]; 244: } 245: lastPoint.bias -= lastPoint.slope * int128(int64(tStep - lastCheckpoint)); 246: lastPoint.slope += dSlope; 247: if (lastPoint.bias < 0) { 248: // This could potentially happen, but fuzzer didn't find available "real" combinations 249: lastPoint.bias = 0; 250: } 251: if (lastPoint.slope < 0) { 252: // This cannot happen - just in case. Again, fuzzer didn't reach this 253: lastPoint.slope = 0; 254: } 255: lastCheckpoint = tStep; 256: lastPoint.ts = tStep; 257: // After division by 1e18 the uint64 size can be reclaimed 258: lastPoint.blockNumber = initialPoint.blockNumber + uint64((block_slope * uint256(tStep - initialPoint.ts)) / 1e18); 259: lastPoint.balance = initialPoint.balance; 260: // In order for the overflow of total number of economical checkpoints (starting from zero) 261: // The _checkpoint() call must happen n >(2^256 -1)/255 or n > ~1e77/255 > ~1e74 times 262: unchecked { 263: curNumPoint += 1; 264: } 265: if (tStep == block.timestamp) { 266: lastPoint.blockNumber = uint64(block.number); 267: lastPoint.balance = curSupply; 268: break; 269: } else { 270: mapSupplyPoints[curNumPoint] = lastPoint; 271: } 272: } 273: } 274: 275: totalNumPoints = curNumPoint; 276: 277: // Now mapSupplyPoints is filled until current time 278: if (account != address(0)) { 279: // If last point was in this block, the slope change has been already applied. In such case we have 0 slope(s) 280: lastPoint.slope += (uNew.slope - uOld.slope); 281: lastPoint.bias += (uNew.bias - uOld.bias); 282: if (lastPoint.slope < 0) { 283: lastPoint.slope = 0; 284: } 285: if (lastPoint.bias < 0) { 286: lastPoint.bias = 0; 287: } 288: } 289: 290: // Record the last updated point 291: mapSupplyPoints[curNumPoint] = lastPoint; 292: 293: if (account != address(0)) { 294: // Schedule the slope changes (slope is going down) 295: // We subtract new_user_slope from [newLocked.endTime] 296: // and add old_user_slope to [oldLocked.endTime] 297: if (oldLocked.endTime > block.timestamp) { 298: // oldDSlope was - uOld.slope, so we cancel that 299: oldDSlope += uOld.slope; 300: if (newLocked.endTime == oldLocked.endTime) { 301: oldDSlope -= uNew.slope; // It was a new deposit, not extension 302: } 303: mapSlopeChanges[oldLocked.endTime] = oldDSlope; 304: } 305: 306: if (newLocked.endTime > block.timestamp && newLocked.endTime > oldLocked.endTime) { 307: newDSlope -= uNew.slope; // old slope disappeared at this point 308: mapSlopeChanges[newLocked.endTime] = newDSlope; 309: // else: we recorded it already in oldDSlope 310: } 311: // Now handle user history 312: uNew.ts = uint64(block.timestamp); 313: uNew.blockNumber = uint64(block.number); 314: uNew.balance = newLocked.amount; 315: mapUserPoints[account].push(uNew); 316: } 317: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L173-L317 ```solidity File: governance/contracts/veOLAS.sol 542: function _findPointByBlock(uint256 blockNumber, address account) internal view 543: returns (PointVoting memory point, uint256 minPointNumber) 544: { 545: // Get the last available point number 546: uint256 maxPointNumber; 547: if (account == address(0)) { 548: maxPointNumber = totalNumPoints; 549: } else { 550: maxPointNumber = mapUserPoints[account].length; 551: if (maxPointNumber == 0) { 552: return (point, minPointNumber); 553: } 554: // Already checked for > 0 in this case 555: unchecked { 556: maxPointNumber -= 1; 557: } 558: } 559: 560: // Binary search that will be always enough for 128-bit numbers 561: for (uint256 i = 0; i < 128; ++i) { 562: if ((minPointNumber + 1) > maxPointNumber) { 563: break; 564: } 565: uint256 mid = (minPointNumber + maxPointNumber + 1) / 2; 566: 567: // Choose the source of points 568: if (account == address(0)) { 569: point = mapSupplyPoints[mid]; 570: } else { 571: point = mapUserPoints[account][mid]; 572: } 573: 574: if (point.blockNumber < (blockNumber + 1)) { 575: minPointNumber = mid; 576: } else { 577: maxPointNumber = mid - 1; 578: } 579: } 580: 581: // Get the found point 582: if (account == address(0)) { 583: point = mapSupplyPoints[minPointNumber]; 584: } else { 585: point = mapUserPoints[account][minPointNumber]; 586: } 587: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L542-L587 ```solidity File: governance/contracts/multisigs/GuardCM.sol 252: function _processBridgeData( 253: bytes memory data, 254: address bridgeMediatorL2, 255: uint256 chainId 256: ) internal 257: { 258: // Gnosis chains 259: if (chainId == 100 || chainId == 10200) { 260: // Check the L1 initial selector 261: bytes4 functionSig = bytes4(data); 262: if (functionSig != REQUIRE_TO_PASS_MESSAGE) { 263: revert WrongSelector(functionSig, chainId); 264: } 265: 266: // Check if the data length is less than a size of a selector plus the message minimum payload size 267: if (data.length < MIN_GNOSIS_PAYLOAD_LENGTH) { 268: revert IncorrectDataLength(data.length, MIN_GNOSIS_PAYLOAD_LENGTH); 269: } 270: 271: // Copy the data without the selector 272: bytes memory payload = new bytes(data.length - SELECTOR_DATA_LENGTH); 273: for (uint256 i = 0; i < payload.length; ++i) { 274: payload[i] = data[i + 4]; 275: } 276: 277: // Decode the requireToPassMessage payload: homeMediator (L2), mediatorPayload (need decoding), requestGasLimit 278: (address homeMediator, bytes memory mediatorPayload, ) = abi.decode(payload, (address, bytes, uint256)); 279: // Check that the home mediator matches the L2 bridge mediator address 280: if (homeMediator != bridgeMediatorL2) { 281: revert WrongL2BridgeMediator(homeMediator, bridgeMediatorL2); 282: } 283: 284: // Check the L2 initial selector 285: functionSig = bytes4(mediatorPayload); 286: if (functionSig != PROCESS_MESSAGE_FROM_FOREIGN) { 287: revert WrongSelector(functionSig, chainId); 288: } 289: 290: // Copy the data without a selector 291: bytes memory bridgePayload = new bytes(mediatorPayload.length - SELECTOR_DATA_LENGTH); 292: for (uint256 i = 0; i < bridgePayload.length; ++i) { 293: bridgePayload[i] = mediatorPayload[i + SELECTOR_DATA_LENGTH]; 294: } 295: 296: // Decode the processMessageFromForeign payload: l2Message (executed on L2) 297: (bytes memory l2Message) = abi.decode(bridgePayload, (bytes)); 298: 299: // Verify processMessageFromForeign payload 300: _verifyBridgedData(l2Message, chainId); 301: } 302: 303: // Polygon chains 304: if (chainId == 137 || chainId == 80001) { 305: // Check the L1 initial selector 306: bytes4 functionSig = bytes4(data); 307: if (functionSig != SEND_MESSAGE_TO_CHILD) { 308: revert WrongSelector(functionSig, chainId); 309: } 310: 311: // Check if the data length is less than a size of a selector plus the message minimum payload size 312: if (data.length < MIN_POLYGON_PAYLOAD_LENGTH) { 313: revert IncorrectDataLength(data.length, MIN_POLYGON_PAYLOAD_LENGTH); 314: } 315: 316: // Copy the data without the selector 317: bytes memory payload = new bytes(data.length - SELECTOR_DATA_LENGTH); 318: for (uint256 i = 0; i < payload.length; ++i) { 319: payload[i] = data[i + SELECTOR_DATA_LENGTH]; 320: } 321: 322: // Decode sendMessageToChild payload: fxGovernorTunnel (L2), l2Message (executed on L2) 323: (address fxGovernorTunnel, bytes memory l2Message) = abi.decode(payload, (address, bytes)); 324: // Check that the fxGovernorTunnel matches the L2 bridge mediator address 325: if (fxGovernorTunnel != bridgeMediatorL2) { 326: revert WrongL2BridgeMediator(fxGovernorTunnel, bridgeMediatorL2); 327: } 328: 329: // Verify sendMessageToChild payload 330: _verifyBridgedData(l2Message, chainId); 331: } 332: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L252-L332 ```solidity File: governance/contracts/multisigs/GuardCM.sol 387: function checkTransaction( 388: address to, 389: uint256, 390: bytes memory data, 391: Enum.Operation operation, 392: uint256, 393: uint256, 394: uint256, 395: address, 396: address payable, 397: bytes memory, 398: address 399: ) external { 400: // Just return if paused 401: if (paused == 1) { 402: // Call to the timelock 403: if (to == owner) { 404: // No delegatecall is allowed 405: if (operation == Enum.Operation.DelegateCall) { 406: revert NoDelegateCall(); 407: } 408: 409: // Data needs to have enough bytes at least to fit the selector 410: if (data.length < SELECTOR_DATA_LENGTH) { 411: revert IncorrectDataLength(data.length, SELECTOR_DATA_LENGTH); 412: } 413: 414: // Get the function signature 415: bytes4 functionSig = bytes4(data); 416: // Check the schedule or scheduleBatch function authorized parameters 417: // All other functions are not checked for 418: if (functionSig == SCHEDULE || functionSig == SCHEDULE_BATCH) { 419: // Data length is too short: need to have enough bytes for the schedule() function 420: // with one selector extracted from the payload 421: if (data.length < MIN_SCHEDULE_DATA_LENGTH) { 422: revert IncorrectDataLength(data.length, MIN_SCHEDULE_DATA_LENGTH); 423: } 424: 425: _verifySchedule(data, functionSig); 426: } 427: } else if (to == multisig) { 428: // No self multisig call is allowed 429: revert NoSelfCall(); 430: } 431: } 432: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L387-L432 ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol 107: function processMessageFromRoot(uint256 stateId, address rootMessageSender, bytes memory data) external override { 108: // Check for the Fx Child address 109: if(msg.sender != fxChild) { 110: revert FxChildOnly(msg.sender, fxChild); 111: } 112: 113: // Check for the Root Governor address 114: if(rootMessageSender != rootGovernor) { 115: revert RootGovernorOnly(rootMessageSender, rootGovernor); 116: } 117: 118: // Check for the correct data length 119: uint256 dataLength = data.length; 120: if (dataLength < DEFAULT_DATA_LENGTH) { 121: revert IncorrectDataLength(DEFAULT_DATA_LENGTH, data.length); 122: } 123: 124: // Unpack and process the data 125: for (uint256 i = 0; i < dataLength;) { 126: address target; 127: uint96 value; 128: uint32 payloadLength; 129: // solhint-disable-next-line no-inline-assembly 130: assembly { 131: // First 20 bytes is the address (160 bits) 132: i := add(i, 20) 133: target := mload(add(data, i)) 134: // Offset the data by 12 bytes of value (96 bits) 135: i := add(i, 12) 136: value := mload(add(data, i)) 137: // Offset the data by 4 bytes of payload length (32 bits) 138: i := add(i, 4) 139: payloadLength := mload(add(data, i)) 140: } 141: 142: // Check for the zero address 143: if (target == address(0)) { 144: revert ZeroAddress(); 145: } 146: // Check for the value compared to the contract's balance 147: if (value > address(this).balance) { 148: revert InsufficientBalance(value, address(this).balance); 149: } 150: 151: // Get the payload 152: bytes memory payload = new bytes(payloadLength); 153: for (uint256 j = 0; j < payloadLength; ++j) { 154: payload[j] = data[i + j]; 155: } 156: // Offset the data by the payload number of bytes 157: i += payloadLength; 158: 159: // Call the target with the provided payload 160: (bool success, ) = target.call{value: value}(payload); 161: if (!success) { 162: revert TargetExecFailed(target, value, payload); 163: } 164: } 165: 166: // Emit received message 167: emit MessageReceived(stateId, rootMessageSender, data); 168: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L107-L168 ```solidity File: governance/contracts/bridges/HomeMediator.sol 105: function processMessageFromForeign(bytes memory data) external { 106: // Check for the AMB Contract Proxy (Home) address 107: if (msg.sender != AMBContractProxyHome) { 108: revert AMBContractProxyHomeOnly(msg.sender, AMBContractProxyHome); 109: } 110: 111: // Check for the Foreign Governor address 112: address governor = foreignGovernor; 113: address bridgeGovernor = IAMB(AMBContractProxyHome).messageSender(); 114: if (bridgeGovernor != governor) { 115: revert ForeignGovernorOnly(bridgeGovernor, governor); 116: } 117: 118: // Check for the correct data length 119: uint256 dataLength = data.length; 120: if (dataLength < DEFAULT_DATA_LENGTH) { 121: revert IncorrectDataLength(DEFAULT_DATA_LENGTH, data.length); 122: } 123: 124: // Unpack and process the data 125: for (uint256 i = 0; i < dataLength;) { 126: address target; 127: uint96 value; 128: uint32 payloadLength; 129: // solhint-disable-next-line no-inline-assembly 130: assembly { 131: // First 20 bytes is the address (160 bits) 132: i := add(i, 20) 133: target := mload(add(data, i)) 134: // Offset the data by 12 bytes of value (96 bits) 135: i := add(i, 12) 136: value := mload(add(data, i)) 137: // Offset the data by 4 bytes of payload length (32 bits) 138: i := add(i, 4) 139: payloadLength := mload(add(data, i)) 140: } 141: 142: // Check for the zero address 143: if (target == address(0)) { 144: revert ZeroAddress(); 145: } 146: // Check for the value compared to the contract's balance 147: if (value > address(this).balance) { 148: revert InsufficientBalance(value, address(this).balance); 149: } 150: 151: // Get the payload 152: bytes memory payload = new bytes(payloadLength); 153: for (uint256 j = 0; j < payloadLength; ++j) { 154: payload[j] = data[i + j]; 155: } 156: // Offset the data by the payload number of bytes 157: i += payloadLength; 158: 159: // Call the target with the provided payload 160: (bool success, ) = target.call{value: value}(payload); 161: if (!success) { 162: revert TargetExecFailed(target, value, payload); 163: } 164: } 165: 166: // Emit received message 167: emit MessageReceived(governor, data); 168: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L105-L168 ```solidity File: registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol 085: function create( 086: address[] memory owners, 087: uint256 threshold, 088: bytes memory data 089: ) external returns (address multisig) 090: { 091: // Check for the correct data length 092: uint256 dataLength = data.length; 093: if (dataLength < DEFAULT_DATA_LENGTH) { 094: revert IncorrectDataLength(DEFAULT_DATA_LENGTH, data.length); 095: } 096: 097: // Read the proxy multisig address (20 bytes) and the multisig-related data 098: assembly { 099: multisig := mload(add(data, DEFAULT_DATA_LENGTH)) 100: } 101: 102: // Check that the multisig address corresponds to the authorized multisig proxy bytecode hash 103: bytes32 multisigProxyHash = keccak256(multisig.code); 104: if (proxyHash != multisigProxyHash) { 105: revert UnauthorizedMultisig(multisig); 106: } 107: 108: // If provided, read the payload that is going to change the multisig ownership and threshold 109: // The payload is expected to be the `execTransaction()` function call with all its arguments and signature(s) 110: if (dataLength > DEFAULT_DATA_LENGTH) { 111: uint256 payloadLength = dataLength - DEFAULT_DATA_LENGTH; 112: bytes memory payload = new bytes(payloadLength); 113: for (uint256 i = 0; i < payloadLength; ++i) { 114: payload[i] = data[i + DEFAULT_DATA_LENGTH]; 115: } 116: 117: // Call the multisig with the provided payload 118: (bool success, ) = multisig.call(payload); 119: if (!success) { 120: revert MultisigExecFailed(multisig); 121: } 122: } 123: 124: // Get the provided proxy multisig owners and threshold 125: address[] memory checkOwners = IGnosisSafe(multisig).getOwners(); 126: uint256 checkThreshold = IGnosisSafe(multisig).getThreshold(); 127: 128: // Verify updated multisig proxy for provided owners and threshold 129: if (threshold != checkThreshold) { 130: revert WrongThreshold(checkThreshold, threshold); 131: } 132: uint256 numOwners = owners.length; 133: if (numOwners != checkOwners.length) { 134: revert WrongNumOwners(checkOwners.length, numOwners); 135: } 136: // The owners' addresses in the multisig itself are stored in reverse order compared to how they were added: 137: // https://etherscan.io/address/0xd9db270c1b5e3bd161e8c8503c55ceabee709552#code#F6#L56 138: // Thus, the check must be carried out accordingly. 139: for (uint256 i = 0; i < numOwners; ++i) { 140: if (owners[i] != checkOwners[numOwners - i - 1]) { 141: revert WrongOwner(owners[i]); 142: } 143: } 144: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol#L85-L144 ```solidity File: tokenomics/contracts/Depository.sol 183: function create(address token, uint256 priceLP, uint256 supply, uint256 vesting) external returns (uint256 productId) { 184: // Check for the contract ownership 185: if (msg.sender != owner) { 186: revert OwnerOnly(msg.sender, owner); 187: } 188: 189: // Check for the pool liquidity as the LP price being greater than zero 190: if (priceLP == 0) { 191: revert ZeroValue(); 192: } 193: 194: // Check the priceLP limit value 195: if (priceLP > type(uint160).max) { 196: revert Overflow(priceLP, type(uint160).max); 197: } 198: 199: // Check that the supply is greater than zero 200: if (supply == 0) { 201: revert ZeroValue(); 202: } 203: 204: // Check the supply limit value 205: if (supply > type(uint96).max) { 206: revert Overflow(supply, type(uint96).max); 207: } 208: 209: // Check the vesting minimum limit value 210: if (vesting < MIN_VESTING) { 211: revert LowerThan(vesting, MIN_VESTING); 212: } 213: 214: // Check for the maturity time overflow for the current timestamp 215: uint256 maturity = block.timestamp + vesting; 216: if (maturity > type(uint32).max) { 217: revert Overflow(maturity, type(uint32).max); 218: } 219: 220: // Check if the LP token is enabled 221: if (!ITreasury(treasury).isEnabled(token)) { 222: revert UnauthorizedToken(token); 223: } 224: 225: // Check if the bond amount is beyond the limits 226: if (!ITokenomics(tokenomics).reserveAmountForBondProgram(supply)) { 227: revert LowerThan(ITokenomics(tokenomics).effectiveBond(), supply); 228: } 229: 230: // Push newly created bond product into the list of products 231: productId = productCounter; 232: mapBondProducts[productId] = Product(uint160(priceLP), uint32(vesting), token, uint96(supply)); 233: // Even if we create a bond product every second, 2^32 - 1 is enough for the next 136 years 234: productCounter = uint32(productId + 1); 235: emit CreateProduct(token, productId, supply, priceLP, vesting); 236: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L183-L236 ```solidity File: tokenomics/contracts/Tokenomics.sol 497: function changeTokenomicsParameters( 498: uint256 _devsPerCapital, 499: uint256 _codePerDev, 500: uint256 _epsilonRate, 501: uint256 _epochLen, 502: uint256 _veOLASThreshold 503: ) external 504: { 505: // Check for the contract ownership 506: if (msg.sender != owner) { 507: revert OwnerOnly(msg.sender, owner); 508: } 509: 510: // devsPerCapital is the part of the IDF calculation and thus its change will be accounted for in the next epoch 511: if (uint72(_devsPerCapital) > MIN_PARAM_VALUE) { 512: devsPerCapital = uint72(_devsPerCapital); 513: } else { 514: // This is done in order not to pass incorrect parameters into the event 515: _devsPerCapital = devsPerCapital; 516: } 517: 518: // devsPerCapital is the part of the IDF calculation and thus its change will be accounted for in the next epoch 519: if (uint72(_codePerDev) > MIN_PARAM_VALUE) { 520: codePerDev = uint72(_codePerDev); 521: } else { 522: // This is done in order not to pass incorrect parameters into the event 523: _codePerDev = codePerDev; 524: } 525: 526: // Check the epsilonRate value for idf to fit in its size 527: // 2^64 - 1 < 18.5e18, idf is equal at most 1 + epsilonRate < 18e18, which fits in the variable size 528: // epsilonRate is the part of the IDF calculation and thus its change will be accounted for in the next epoch 529: if (_epsilonRate > 0 && _epsilonRate <= 17e18) { 530: epsilonRate = uint64(_epsilonRate); 531: } else { 532: _epsilonRate = epsilonRate; 533: } 534: 535: // Check for the epochLen value to change 536: if (uint32(_epochLen) >= MIN_EPOCH_LENGTH && uint32(_epochLen) <= ONE_YEAR) { 537: nextEpochLen = uint32(_epochLen); 538: } else { 539: _epochLen = epochLen; 540: } 541: 542: // Adjust veOLAS threshold for the next epoch 543: if (uint96(_veOLASThreshold) > 0) { 544: nextVeOLASThreshold = uint96(_veOLASThreshold); 545: } else { 546: _veOLASThreshold = veOLASThreshold; 547: } 548: 549: // Set the flag that tokenomics parameters are requested to be updated (1st bit is set to one) 550: tokenomicsParametersUpdated = tokenomicsParametersUpdated | 0x01; 551: emit TokenomicsParametersUpdateRequested(epochCounter + 1, _devsPerCapital, _codePerDev, _epsilonRate, _epochLen, 552: _veOLASThreshold); 553: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L497-L553 ```solidity File: tokenomics/contracts/Tokenomics.sol 687: function _trackServiceDonations(address donator, uint256[] memory serviceIds, uint256[] memory amounts, uint256 curEpoch) internal { 688: // Component / agent registry addresses 689: address[] memory registries = new address[](2); 690: (registries[0], registries[1]) = (componentRegistry, agentRegistry); 691: 692: // Check all the unit fractions and identify those that need accounting of incentives 693: bool[] memory incentiveFlags = new bool[](4); 694: incentiveFlags[0] = (mapEpochTokenomics[curEpoch].unitPoints[0].rewardUnitFraction > 0); 695: incentiveFlags[1] = (mapEpochTokenomics[curEpoch].unitPoints[1].rewardUnitFraction > 0); 696: incentiveFlags[2] = (mapEpochTokenomics[curEpoch].unitPoints[0].topUpUnitFraction > 0); 697: incentiveFlags[3] = (mapEpochTokenomics[curEpoch].unitPoints[1].topUpUnitFraction > 0); 698: 699: // Get the number of services 700: uint256 numServices = serviceIds.length; 701: // Loop over service Ids to calculate their partial contributions 702: for (uint256 i = 0; i < numServices; ++i) { 703: // Check if the service owner or donator stakes enough OLAS for its components / agents to get a top-up 704: // If both component and agent owner top-up fractions are zero, there is no need to call external contract 705: // functions to check each service owner veOLAS balance 706: bool topUpEligible; 707: if (incentiveFlags[2] || incentiveFlags[3]) { 708: address serviceOwner = IToken(serviceRegistry).ownerOf(serviceIds[i]); 709: topUpEligible = (IVotingEscrow(ve).getVotes(serviceOwner) >= veOLASThreshold || 710: IVotingEscrow(ve).getVotes(donator) >= veOLASThreshold) ? true : false; 711: } 712: 713: // Loop over component and agent Ids 714: for (uint256 unitType = 0; unitType < 2; ++unitType) { 715: // Get the number and set of units in the service 716: (uint256 numServiceUnits, uint32[] memory serviceUnitIds) = IServiceRegistry(serviceRegistry). 717: getUnitIdsOfService(IServiceRegistry.UnitType(unitType), serviceIds[i]); 718: // Service has to be deployed at least once to be able to receive donations, 719: // otherwise its components and agents are undefined 720: if (numServiceUnits == 0) { 721: revert ServiceNeverDeployed(serviceIds[i]); 722: } 723: // Record amounts data only if at least one incentive unit fraction is not zero 724: if (incentiveFlags[unitType] || incentiveFlags[unitType + 2]) { 725: // The amount has to be adjusted for the number of units in the service 726: uint96 amount = uint96(amounts[i] / numServiceUnits); 727: // Accumulate amounts for each unit Id 728: for (uint256 j = 0; j < numServiceUnits; ++j) { 729: // Get the last epoch number the incentives were accumulated for 730: uint256 lastEpoch = mapUnitIncentives[unitType][serviceUnitIds[j]].lastEpoch; 731: // Check if there were no donations in previous epochs and set the current epoch 732: if (lastEpoch == 0) { 733: mapUnitIncentives[unitType][serviceUnitIds[j]].lastEpoch = uint32(curEpoch); 734: } else if (lastEpoch < curEpoch) { 735: // Finalize unit rewards and top-ups if there were pending ones from the previous epoch 736: // Pending incentives are getting finalized during the next epoch the component / agent 737: // receives donations. If this is not the case before claiming incentives, the finalization 738: // happens in the accountOwnerIncentives() where the incentives are issued 739: _finalizeIncentivesForUnitId(lastEpoch, unitType, serviceUnitIds[j]); 740: // Change the last epoch number 741: mapUnitIncentives[unitType][serviceUnitIds[j]].lastEpoch = uint32(curEpoch); 742: } 743: // Sum the relative amounts for the corresponding components / agents 744: if (incentiveFlags[unitType]) { 745: mapUnitIncentives[unitType][serviceUnitIds[j]].pendingRelativeReward += amount; 746: } 747: // If eligible, add relative top-up weights in the form of donation amounts. 748: // These weights will represent the fraction of top-ups for each component / agent relative 749: // to the overall amount of top-ups that must be allocated 750: if (topUpEligible && incentiveFlags[unitType + 2]) { 751: mapUnitIncentives[unitType][serviceUnitIds[j]].pendingRelativeTopUp += amount; 752: mapEpochTokenomics[curEpoch].unitPoints[unitType].sumUnitTopUpsOLAS += amount; 753: } 754: } 755: } 756: 757: // Record new units and new unit owners 758: for (uint256 j = 0; j < numServiceUnits; ++j) { 759: // Check if the component / agent is used for the first time 760: if (!mapNewUnits[unitType][serviceUnitIds[j]]) { 761: mapNewUnits[unitType][serviceUnitIds[j]] = true; 762: mapEpochTokenomics[curEpoch].unitPoints[unitType].numNewUnits++; 763: // Check if the owner has introduced component / agent for the first time 764: // This is done together with the new unit check, otherwise it could be just a new unit owner 765: address unitOwner = IToken(registries[unitType]).ownerOf(serviceUnitIds[j]); 766: if (!mapNewOwners[unitOwner]) { 767: mapNewOwners[unitOwner] = true; 768: mapEpochTokenomics[curEpoch].epochPoint.numNewOwners++; 769: } 770: } 771: } 772: } 773: } 774: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L687-L774 ```solidity File: tokenomics/contracts/Tokenomics.sol 0880: function checkpoint() external returns (bool) { 0881: // Get the implementation address that was written to the proxy contract 0882: address implementation; 0883: assembly { 0884: implementation := sload(PROXY_TOKENOMICS) 0885: } 0886: // Check if there is any address in the PROXY_TOKENOMICS address slot 0887: if (implementation == address(0)) { 0888: revert DelegatecallOnly(); 0889: } 0890: 0891: // Check the last donation block number to avoid the possibility of a flash loan attack 0892: if (lastDonationBlockNumber == block.number) { 0893: revert SameBlockNumberViolation(); 0894: } 0895: 0896: // New point can be calculated only if we passed the number of blocks equal to the epoch length 0897: uint256 prevEpochTime = mapEpochTokenomics[epochCounter - 1].epochPoint.endTime; 0898: uint256 diffNumSeconds = block.timestamp - prevEpochTime; 0899: uint256 curEpochLen = epochLen; 0900: // Check if the time passed since the last epoch end time is bigger than the specified epoch length, 0901: // but not bigger than a year in seconds 0902: if (diffNumSeconds < curEpochLen || diffNumSeconds > ONE_YEAR) { 0903: return false; 0904: } 0905: 0906: uint256 eCounter = epochCounter; 0907: TokenomicsPoint storage tp = mapEpochTokenomics[eCounter]; 0908: 0909: // 0: total incentives funded with donations in ETH, that are split between: 0910: // 1: treasuryRewards, 2: componentRewards, 3: agentRewards 0911: // OLAS inflation is split between: 0912: // 4: maxBond, 5: component ownerTopUps, 6: agent ownerTopUps 0913: uint256[] memory incentives = new uint256[](7); 0914: incentives[0] = tp.epochPoint.totalDonationsETH; 0915: incentives[1] = (incentives[0] * tp.epochPoint.rewardTreasuryFraction) / 100; 0916: // 0 stands for components and 1 for agents 0917: incentives[2] = (incentives[0] * tp.unitPoints[0].rewardUnitFraction) / 100; 0918: incentives[3] = (incentives[0] * tp.unitPoints[1].rewardUnitFraction) / 100; 0919: 0920: // The actual inflation per epoch considering that it is settled not in the exact epochLen time, but a bit later 0921: uint256 inflationPerEpoch; 0922: // Record the current inflation per second 0923: uint256 curInflationPerSecond = inflationPerSecond; 0924: // Current year 0925: uint256 numYears = (block.timestamp - timeLaunch) / ONE_YEAR; 0926: // Amounts for the yearly inflation change from year to year, so if the year changes in the middle 0927: // of the epoch, it is necessary to adjust epoch inflation numbers to account for the year change 0928: if (numYears > currentYear) { 0929: // Calculate remainder of inflation for the passing year 0930: // End of the year timestamp 0931: uint256 yearEndTime = timeLaunch + numYears * ONE_YEAR; 0932: // Initial inflation per epoch during the end of the year minus previous epoch timestamp 0933: inflationPerEpoch = (yearEndTime - prevEpochTime) * curInflationPerSecond; 0934: // Recalculate the inflation per second based on the new inflation for the current year 0935: curInflationPerSecond = getInflationForYear(numYears) / ONE_YEAR; 0936: // Add the remainder of inflation amount for this epoch based on a new inflation per second ratio 0937: inflationPerEpoch += (block.timestamp - yearEndTime) * curInflationPerSecond; 0938: // Updating state variables 0939: inflationPerSecond = uint96(curInflationPerSecond); 0940: currentYear = uint8(numYears); 0941: // Set the tokenomics parameters flag such that the maxBond is correctly updated below (3rd bit is set to one) 0942: tokenomicsParametersUpdated = tokenomicsParametersUpdated | 0x04; 0943: } else { 0944: // Inflation per epoch is equal to the inflation per second multiplied by the actual time of the epoch 0945: inflationPerEpoch = curInflationPerSecond * diffNumSeconds; 0946: } 0947: 0948: // Bonding and top-ups in OLAS are recalculated based on the inflation schedule per epoch 0949: // Actual maxBond of the epoch 0950: tp.epochPoint.totalTopUpsOLAS = uint96(inflationPerEpoch); 0951: incentives[4] = (inflationPerEpoch * tp.epochPoint.maxBondFraction) / 100; 0952: 0953: // Get the maxBond that was credited to effectiveBond during this settled epoch 0954: // If the year changes, the maxBond for the next epoch is updated in the condition below and will be used 0955: // later when the effectiveBond is updated for the next epoch 0956: uint256 curMaxBond = maxBond; 0957: 0958: // Effective bond accumulates bonding leftovers from previous epochs (with the last max bond value set) 0959: // It is given the value of the maxBond for the next epoch as a credit 0960: // The difference between recalculated max bond per epoch and maxBond value must be reflected in effectiveBond, 0961: // since the epoch checkpoint delay was not accounted for initially 0962: // This has to be always true, or incentives[4] == curMaxBond if the epoch is settled exactly at the epochLen time 0963: if (incentives[4] > curMaxBond) { 0964: // Adjust the effectiveBond 0965: incentives[4] = effectiveBond + incentives[4] - curMaxBond; 0966: effectiveBond = uint96(incentives[4]); 0967: } 0968: 0969: // Get the tokenomics point of the next epoch 0970: TokenomicsPoint storage nextEpochPoint = mapEpochTokenomics[eCounter + 1]; 0971: // Update incentive fractions for the next epoch if they were requested by the changeIncentiveFractions() function 0972: // Check if the second bit is set to one 0973: if (tokenomicsParametersUpdated & 0x02 == 0x02) { 0974: // Confirm the change of incentive fractions 0975: emit IncentiveFractionsUpdated(eCounter + 1); 0976: } else { 0977: // Copy current tokenomics point into the next one such that it has necessary tokenomics parameters 0978: for (uint256 i = 0; i < 2; ++i) { 0979: nextEpochPoint.unitPoints[i].topUpUnitFraction = tp.unitPoints[i].topUpUnitFraction; 0980: nextEpochPoint.unitPoints[i].rewardUnitFraction = tp.unitPoints[i].rewardUnitFraction; 0981: } 0982: nextEpochPoint.epochPoint.rewardTreasuryFraction = tp.epochPoint.rewardTreasuryFraction; 0983: nextEpochPoint.epochPoint.maxBondFraction = tp.epochPoint.maxBondFraction; 0984: } 0985: // Update parameters for the next epoch, if changes were requested by the changeTokenomicsParameters() function 0986: // Check if the second bit is set to one 0987: if (tokenomicsParametersUpdated & 0x01 == 0x01) { 0988: // Update epoch length and set the next value back to zero 0989: if (nextEpochLen > 0) { 0990: curEpochLen = nextEpochLen; 0991: epochLen = uint32(curEpochLen); 0992: nextEpochLen = 0; 0993: } 0994: 0995: // Update veOLAS threshold and set the next value back to zero 0996: if (nextVeOLASThreshold > 0) { 0997: veOLASThreshold = nextVeOLASThreshold; 0998: nextVeOLASThreshold = 0; 0999: } 1000: 1001: // Confirm the change of tokenomics parameters 1002: emit TokenomicsParametersUpdated(eCounter + 1); 1003: } 1004: // Record settled epoch timestamp 1005: tp.epochPoint.endTime = uint32(block.timestamp); 1006: 1007: // Adjust max bond value if the next epoch is going to be the year change epoch 1008: // Note that this computation happens before the epoch that is triggered in the next epoch (the code above) when 1009: // the actual year changes 1010: numYears = (block.timestamp + curEpochLen - timeLaunch) / ONE_YEAR; 1011: // Account for the year change to adjust the max bond 1012: if (numYears > currentYear) { 1013: // Calculate the inflation remainder for the passing year 1014: // End of the year timestamp 1015: uint256 yearEndTime = timeLaunch + numYears * ONE_YEAR; 1016: // Calculate the inflation per epoch value until the end of the year 1017: inflationPerEpoch = (yearEndTime - block.timestamp) * curInflationPerSecond; 1018: // Recalculate the inflation per second based on the new inflation for the current year 1019: curInflationPerSecond = getInflationForYear(numYears) / ONE_YEAR; 1020: // Add the remainder of the inflation for the next epoch based on a new inflation per second ratio 1021: inflationPerEpoch += (block.timestamp + curEpochLen - yearEndTime) * curInflationPerSecond; 1022: // Calculate the max bond value 1023: curMaxBond = (inflationPerEpoch * nextEpochPoint.epochPoint.maxBondFraction) / 100; 1024: // Update state maxBond value 1025: maxBond = uint96(curMaxBond); 1026: // Reset the tokenomics parameters update flag 1027: tokenomicsParametersUpdated = 0; 1028: } else if (tokenomicsParametersUpdated > 0) { 1029: // Since tokenomics parameters have been updated, maxBond has to be recalculated 1030: curMaxBond = (curEpochLen * curInflationPerSecond * nextEpochPoint.epochPoint.maxBondFraction) / 100; 1031: // Update state maxBond value 1032: maxBond = uint96(curMaxBond); 1033: // Reset the tokenomics parameters update flag 1034: tokenomicsParametersUpdated = 0; 1035: } 1036: // Update effectiveBond with the current or updated maxBond value 1037: curMaxBond += effectiveBond; 1038: effectiveBond = uint96(curMaxBond); 1039: 1040: // Update the IDF value for the next epoch or assign a default one if there are no ETH donations 1041: if (incentives[0] > 0) { 1042: // Calculate IDF based on the incoming donations 1043: uint256 idf = _calculateIDF(incentives[1], tp.epochPoint.numNewOwners); 1044: nextEpochPoint.epochPoint.idf = uint64(idf); 1045: emit IDFUpdated(idf); 1046: } else { 1047: // Assign a default IDF value 1048: nextEpochPoint.epochPoint.idf = 1e18; 1049: } 1050: 1051: // Cumulative incentives 1052: uint256 accountRewards = incentives[2] + incentives[3]; 1053: // Owner top-ups: epoch incentives for component owners funded with the inflation 1054: incentives[5] = (inflationPerEpoch * tp.unitPoints[0].topUpUnitFraction) / 100; 1055: // Owner top-ups: epoch incentives for agent owners funded with the inflation 1056: incentives[6] = (inflationPerEpoch * tp.unitPoints[1].topUpUnitFraction) / 100; 1057: // Even if there was no single donating service owner that had a sufficient veOLAS balance, 1058: // we still record the amount of OLAS allocated for component / agent owner top-ups from the inflation schedule. 1059: // This amount will appear in the EpochSettled event, and thus can be tracked historically 1060: uint256 accountTopUps = incentives[5] + incentives[6]; 1061: 1062: // Treasury contract rebalances ETH funds depending on the treasury rewards 1063: if (incentives[1] == 0 || ITreasury(treasury).rebalanceTreasury(incentives[1])) { 1064: // Emit settled epoch written to the last economics point 1065: emit EpochSettled(eCounter, incentives[1], accountRewards, accountTopUps); 1066: // Start new epoch 1067: epochCounter = uint32(eCounter + 1); 1068: } else { 1069: // If the treasury rebalance was not executed correctly, the new epoch does not start 1070: revert TreasuryRebalanceFailed(eCounter); 1071: } 1072: 1073: return true; 1074: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L880-L1074 ```solidity File: tokenomics/contracts/Tokenomics.sol 1085: function accountOwnerIncentives(address account, uint256[] memory unitTypes, uint256[] memory unitIds) external 1086: returns (uint256 reward, uint256 topUp) 1087: { 1088: // Check for the dispenser access 1089: if (dispenser != msg.sender) { 1090: revert ManagerOnly(msg.sender, dispenser); 1091: } 1092: 1093: // Check array lengths 1094: if (unitTypes.length != unitIds.length) { 1095: revert WrongArrayLength(unitTypes.length, unitIds.length); 1096: } 1097: 1098: // Component / agent registry addresses 1099: address[] memory registries = new address[](2); 1100: (registries[0], registries[1]) = (componentRegistry, agentRegistry); 1101: 1102: // Component / agent total supply 1103: uint256[] memory registriesSupply = new uint256[](2); 1104: for (uint256 i = 0; i < 2; ++i) { 1105: registriesSupply[i] = IToken(registries[i]).totalSupply(); 1106: } 1107: 1108: // Check the input data 1109: uint256[] memory lastIds = new uint256[](2); 1110: for (uint256 i = 0; i < unitIds.length; ++i) { 1111: // Check for the unit type to be component / agent only 1112: if (unitTypes[i] > 1) { 1113: revert Overflow(unitTypes[i], 1); 1114: } 1115: 1116: // Check that the unit Ids are in ascending order, not repeating, and no bigger than registries total supply 1117: if (unitIds[i] <= lastIds[unitTypes[i]] || unitIds[i] > registriesSupply[unitTypes[i]]) { 1118: revert WrongUnitId(unitIds[i], unitTypes[i]); 1119: } 1120: lastIds[unitTypes[i]] = unitIds[i]; 1121: 1122: // Check the component / agent Id ownership 1123: address unitOwner = IToken(registries[unitTypes[i]]).ownerOf(unitIds[i]); 1124: if (unitOwner != account) { 1125: revert OwnerOnly(unitOwner, account); 1126: } 1127: } 1128: 1129: // Get the current epoch counter 1130: uint256 curEpoch = epochCounter; 1131: 1132: for (uint256 i = 0; i < unitIds.length; ++i) { 1133: // Get the last epoch number the incentives were accumulated for 1134: uint256 lastEpoch = mapUnitIncentives[unitTypes[i]][unitIds[i]].lastEpoch; 1135: // Finalize unit rewards and top-ups if there were pending ones from the previous epoch 1136: // The finalization is needed when the trackServiceDonations() function did not take care of it 1137: // since between last epoch the donations were received and this current epoch there were no more donations 1138: if (lastEpoch > 0 && lastEpoch < curEpoch) { 1139: _finalizeIncentivesForUnitId(lastEpoch, unitTypes[i], unitIds[i]); 1140: // Change the last epoch number 1141: mapUnitIncentives[unitTypes[i]][unitIds[i]].lastEpoch = 0; 1142: } 1143: 1144: // Accumulate total rewards and clear their balances 1145: reward += mapUnitIncentives[unitTypes[i]][unitIds[i]].reward; 1146: mapUnitIncentives[unitTypes[i]][unitIds[i]].reward = 0; 1147: // Accumulate total top-ups and clear their balances 1148: topUp += mapUnitIncentives[unitTypes[i]][unitIds[i]].topUp; 1149: mapUnitIncentives[unitTypes[i]][unitIds[i]].topUp = 0; 1150: } 1151: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1085-L1151 ```solidity File: tokenomics/contracts/Tokenomics.sol 1160: function getOwnerIncentives(address account, uint256[] memory unitTypes, uint256[] memory unitIds) external view 1161: returns (uint256 reward, uint256 topUp) 1162: { 1163: // Check array lengths 1164: if (unitTypes.length != unitIds.length) { 1165: revert WrongArrayLength(unitTypes.length, unitIds.length); 1166: } 1167: 1168: // Component / agent registry addresses 1169: address[] memory registries = new address[](2); 1170: (registries[0], registries[1]) = (componentRegistry, agentRegistry); 1171: 1172: // Component / agent total supply 1173: uint256[] memory registriesSupply = new uint256[](2); 1174: for (uint256 i = 0; i < 2; ++i) { 1175: registriesSupply[i] = IToken(registries[i]).totalSupply(); 1176: } 1177: 1178: // Check the input data 1179: uint256[] memory lastIds = new uint256[](2); 1180: for (uint256 i = 0; i < unitIds.length; ++i) { 1181: // Check for the unit type to be component / agent only 1182: if (unitTypes[i] > 1) { 1183: revert Overflow(unitTypes[i], 1); 1184: } 1185: 1186: // Check that the unit Ids are in ascending order, not repeating, and no bigger than registries total supply 1187: if (unitIds[i] <= lastIds[unitTypes[i]] || unitIds[i] > registriesSupply[unitTypes[i]]) { 1188: revert WrongUnitId(unitIds[i], unitTypes[i]); 1189: } 1190: lastIds[unitTypes[i]] = unitIds[i]; 1191: 1192: // Check the component / agent Id ownership 1193: address unitOwner = IToken(registries[unitTypes[i]]).ownerOf(unitIds[i]); 1194: if (unitOwner != account) { 1195: revert OwnerOnly(unitOwner, account); 1196: } 1197: } 1198: 1199: // Get the current epoch counter 1200: uint256 curEpoch = epochCounter; 1201: 1202: for (uint256 i = 0; i < unitIds.length; ++i) { 1203: // Get the last epoch number the incentives were accumulated for 1204: uint256 lastEpoch = mapUnitIncentives[unitTypes[i]][unitIds[i]].lastEpoch; 1205: // Calculate rewards and top-ups if there were pending ones from the previous epoch 1206: if (lastEpoch > 0 && lastEpoch < curEpoch) { 1207: // Get the overall amount of unit rewards for the component's last epoch 1208: // reward = (pendingRelativeReward * rewardUnitFraction) / 100 1209: uint256 totalIncentives = mapUnitIncentives[unitTypes[i]][unitIds[i]].pendingRelativeReward; 1210: if (totalIncentives > 0) { 1211: totalIncentives *= mapEpochTokenomics[lastEpoch].unitPoints[unitTypes[i]].rewardUnitFraction; 1212: // Accumulate to the final reward for the last epoch 1213: reward += totalIncentives / 100; 1214: } 1215: // Add the final top-up for the last epoch 1216: totalIncentives = mapUnitIncentives[unitTypes[i]][unitIds[i]].pendingRelativeTopUp; 1217: if (totalIncentives > 0) { 1218: // Summation of all the unit top-ups and total amount of top-ups per epoch 1219: // topUp = (pendingRelativeTopUp * totalTopUpsOLAS * topUpUnitFraction) / (100 * sumUnitTopUpsOLAS) 1220: totalIncentives *= mapEpochTokenomics[lastEpoch].epochPoint.totalTopUpsOLAS; 1221: totalIncentives *= mapEpochTokenomics[lastEpoch].unitPoints[unitTypes[i]].topUpUnitFraction; 1222: uint256 sumUnitIncentives = uint256(mapEpochTokenomics[lastEpoch].unitPoints[unitTypes[i]].sumUnitTopUpsOLAS) * 100; 1223: // Accumulate to the final top-up for the last epoch 1224: topUp += totalIncentives / sumUnitIncentives; 1225: } 1226: } 1227: 1228: // Accumulate total rewards to finalized ones 1229: reward += mapUnitIncentives[unitTypes[i]][unitIds[i]].reward; 1230: // Accumulate total top-ups to finalized ones 1231: topUp += mapUnitIncentives[unitTypes[i]][unitIds[i]].topUp; 1232: } 1233: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1160-L1233 ```solidity File: tokenomics/contracts/Treasury.sol 257: function depositServiceDonationsETH(uint256[] memory serviceIds, uint256[] memory amounts) external payable { 258: // Reentrancy guard 259: if (_locked > 1) { 260: revert ReentrancyGuard(); 261: } 262: _locked = 2; 263: 264: // Check that the amount donated has at least a practical minimal value 265: if (msg.value < minAcceptedETH) { 266: revert LowerThan(msg.value, minAcceptedETH); 267: } 268: 269: // Check for the same length of arrays 270: uint256 numServices = serviceIds.length; 271: if (amounts.length != numServices) { 272: revert WrongArrayLength(numServices, amounts.length); 273: } 274: 275: uint256 totalAmount; 276: for (uint256 i = 0; i < numServices; ++i) { 277: if (amounts[i] == 0) { 278: revert ZeroValue(); 279: } 280: totalAmount += amounts[i]; 281: } 282: 283: // Check if the total transferred amount corresponds to the sum of amounts from services 284: if (msg.value != totalAmount) { 285: revert WrongAmount(msg.value, totalAmount); 286: } 287: 288: // Accumulate received donation from services 289: uint256 donationETH = ETHFromServices + msg.value; 290: // Check for the overflow values, specifically when fuzzing, since realistically these amounts are assumed to be not possible 291: if (donationETH + ETHOwned > type(uint96).max) { 292: revert Overflow(donationETH, type(uint96).max); 293: } 294: ETHFromServices = uint96(donationETH); 295: emit DonateToServicesETH(msg.sender, serviceIds, amounts, msg.value); 296: 297: // Track service donations on the Tokenomics side 298: ITokenomics(tokenomics).trackServiceDonations(msg.sender, serviceIds, amounts, msg.value); 299: 300: _locked = 1; 301: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L257-L301 ```solidity File: tokenomics/contracts/Treasury.sol 313: function withdraw(address to, uint256 tokenAmount, address token) external returns (bool success) { 314: // Check for the contract ownership 315: if (msg.sender != owner) { 316: revert OwnerOnly(msg.sender, owner); 317: } 318: 319: // Check that the withdraw address is not treasury itself 320: if (to == address(this)) { 321: revert TransferFailed(token, address(this), to, tokenAmount); 322: } 323: 324: // Check for the zero withdraw amount 325: if (tokenAmount == 0) { 326: revert ZeroValue(); 327: } 328: 329: // ETH address is taken separately, and all the LP tokens must be validated with corresponding token reserves 330: if (token == ETH_TOKEN_ADDRESS) { 331: uint256 amountOwned = ETHOwned; 332: // Check if treasury has enough amount of owned ETH 333: if (amountOwned >= tokenAmount) { 334: // This branch is used to transfer ETH to a specified address 335: amountOwned -= tokenAmount; 336: ETHOwned = uint96(amountOwned); 337: emit Withdraw(ETH_TOKEN_ADDRESS, to, tokenAmount); 338: // Send ETH to the specified address 339: (success, ) = to.call{value: tokenAmount}(""); 340: if (!success) { 341: revert TransferFailed(ETH_TOKEN_ADDRESS, address(this), to, tokenAmount); 342: } 343: } else { 344: // Insufficient amount of treasury owned ETH 345: revert LowerThan(tokenAmount, amountOwned); 346: } 347: } else { 348: // Only approved token reserves can be used for redemptions 349: if (!mapEnabledTokens[token]) { 350: revert UnauthorizedToken(token); 351: } 352: // Decrease the global LP token reserves record 353: uint256 reserves = mapTokenReserves[token]; 354: if (reserves >= tokenAmount) { 355: reserves -= tokenAmount; 356: mapTokenReserves[token] = reserves; 357: 358: emit Withdraw(token, to, tokenAmount); 359: // Transfer LP tokens 360: // We assume that LP tokens enabled in the protocol are safe by default 361: // UniswapV2ERC20 realization has a standard transfer() function 362: success = IToken(token).transfer(to, tokenAmount); 363: if (!success) { 364: revert TransferFailed(token, address(this), to, tokenAmount); 365: } 366: } else { 367: // Insufficient amount of LP tokens 368: revert LowerThan(tokenAmount, reserves); 369: } 370: } 371: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L313-L371 ### [N-74] Consider bounding input array length The functions below take in an unbounded array, and make function calls for entries in the array. While the function will revert if it eventually runs out of gas, it may be a nicer user experience to `require()` that the length of the array is below some reasonable maximum, so that the user doesn't have to use up a full transaction's gas only to see that the transaction reverts. *There are 18 instance(s) of this issue:* ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit array name targets 441: function setTargetSelectorChainIds( 442: address[] memory targets, 443: bytes4[] memory selectors, 444: uint256[] memory chainIds, 445: bool[] memory statuses 446: ) external { 447: // Check for the ownership 448: if (msg.sender != owner) { 449: revert OwnerOnly(msg.sender, owner); 450: } 451: 452: // Check array length 453: if (targets.length != selectors.length || targets.length != statuses.length || targets.length != chainIds.length) { 454: revert WrongArrayLength(targets.length, selectors.length, statuses.length, chainIds.length); 455: } 456: 457: // Traverse all the targets and selectors to build their paired values 458: for (uint256 i = 0; i < targets.length; ++i) { 459: // Check for zero address targets 460: if (targets[i] == address(0)) { 461: revert ZeroAddress(); 462: } 463: 464: // Check selector for zero selector value 465: if (selectors[i] == bytes4(0)) { 466: revert ZeroValue(); 467: } 468: 469: // Check chain Ids to be greater than zero 470: if (chainIds[i] == 0) { 471: revert ZeroValue(); 472: } 473: 474: // Push a pair of key defining variables into one key 475: // target occupies first 160 bits 476: uint256 targetSelectorChainId = uint256(uint160(targets[i])); 477: // selector occupies next 32 bits 478: targetSelectorChainId |= uint256(uint32(selectors[i])) << 160; 479: // chainId occupies next 64 bits 480: targetSelectorChainId |= chainIds[i] << 192; 481: 482: // Set the status of the target and selector combination 483: mapAllowedTargetSelectorChainIds[targetSelectorChainId] = statuses[i]; 484: } 485: 486: emit SetTargetSelectors(targets, selectors, chainIds, statuses); 487: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L441-L487 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit array name selectors 441: function setTargetSelectorChainIds( 442: address[] memory targets, 443: bytes4[] memory selectors, 444: uint256[] memory chainIds, 445: bool[] memory statuses 446: ) external { 447: // Check for the ownership 448: if (msg.sender != owner) { 449: revert OwnerOnly(msg.sender, owner); 450: } 451: 452: // Check array length 453: if (targets.length != selectors.length || targets.length != statuses.length || targets.length != chainIds.length) { 454: revert WrongArrayLength(targets.length, selectors.length, statuses.length, chainIds.length); 455: } 456: 457: // Traverse all the targets and selectors to build their paired values 458: for (uint256 i = 0; i < targets.length; ++i) { 459: // Check for zero address targets 460: if (targets[i] == address(0)) { 461: revert ZeroAddress(); 462: } 463: 464: // Check selector for zero selector value 465: if (selectors[i] == bytes4(0)) { 466: revert ZeroValue(); 467: } 468: 469: // Check chain Ids to be greater than zero 470: if (chainIds[i] == 0) { 471: revert ZeroValue(); 472: } 473: 474: // Push a pair of key defining variables into one key 475: // target occupies first 160 bits 476: uint256 targetSelectorChainId = uint256(uint160(targets[i])); 477: // selector occupies next 32 bits 478: targetSelectorChainId |= uint256(uint32(selectors[i])) << 160; 479: // chainId occupies next 64 bits 480: targetSelectorChainId |= chainIds[i] << 192; 481: 482: // Set the status of the target and selector combination 483: mapAllowedTargetSelectorChainIds[targetSelectorChainId] = statuses[i]; 484: } 485: 486: emit SetTargetSelectors(targets, selectors, chainIds, statuses); 487: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L441-L487 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit array name chainIds 441: function setTargetSelectorChainIds( 442: address[] memory targets, 443: bytes4[] memory selectors, 444: uint256[] memory chainIds, 445: bool[] memory statuses 446: ) external { 447: // Check for the ownership 448: if (msg.sender != owner) { 449: revert OwnerOnly(msg.sender, owner); 450: } 451: 452: // Check array length 453: if (targets.length != selectors.length || targets.length != statuses.length || targets.length != chainIds.length) { 454: revert WrongArrayLength(targets.length, selectors.length, statuses.length, chainIds.length); 455: } 456: 457: // Traverse all the targets and selectors to build their paired values 458: for (uint256 i = 0; i < targets.length; ++i) { 459: // Check for zero address targets 460: if (targets[i] == address(0)) { 461: revert ZeroAddress(); 462: } 463: 464: // Check selector for zero selector value 465: if (selectors[i] == bytes4(0)) { 466: revert ZeroValue(); 467: } 468: 469: // Check chain Ids to be greater than zero 470: if (chainIds[i] == 0) { 471: revert ZeroValue(); 472: } 473: 474: // Push a pair of key defining variables into one key 475: // target occupies first 160 bits 476: uint256 targetSelectorChainId = uint256(uint160(targets[i])); 477: // selector occupies next 32 bits 478: targetSelectorChainId |= uint256(uint32(selectors[i])) << 160; 479: // chainId occupies next 64 bits 480: targetSelectorChainId |= chainIds[i] << 192; 481: 482: // Set the status of the target and selector combination 483: mapAllowedTargetSelectorChainIds[targetSelectorChainId] = statuses[i]; 484: } 485: 486: emit SetTargetSelectors(targets, selectors, chainIds, statuses); 487: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L441-L487 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit array name statuses 441: function setTargetSelectorChainIds( 442: address[] memory targets, 443: bytes4[] memory selectors, 444: uint256[] memory chainIds, 445: bool[] memory statuses 446: ) external { 447: // Check for the ownership 448: if (msg.sender != owner) { 449: revert OwnerOnly(msg.sender, owner); 450: } 451: 452: // Check array length 453: if (targets.length != selectors.length || targets.length != statuses.length || targets.length != chainIds.length) { 454: revert WrongArrayLength(targets.length, selectors.length, statuses.length, chainIds.length); 455: } 456: 457: // Traverse all the targets and selectors to build their paired values 458: for (uint256 i = 0; i < targets.length; ++i) { 459: // Check for zero address targets 460: if (targets[i] == address(0)) { 461: revert ZeroAddress(); 462: } 463: 464: // Check selector for zero selector value 465: if (selectors[i] == bytes4(0)) { 466: revert ZeroValue(); 467: } 468: 469: // Check chain Ids to be greater than zero 470: if (chainIds[i] == 0) { 471: revert ZeroValue(); 472: } 473: 474: // Push a pair of key defining variables into one key 475: // target occupies first 160 bits 476: uint256 targetSelectorChainId = uint256(uint160(targets[i])); 477: // selector occupies next 32 bits 478: targetSelectorChainId |= uint256(uint32(selectors[i])) << 160; 479: // chainId occupies next 64 bits 480: targetSelectorChainId |= chainIds[i] << 192; 481: 482: // Set the status of the target and selector combination 483: mapAllowedTargetSelectorChainIds[targetSelectorChainId] = statuses[i]; 484: } 485: 486: emit SetTargetSelectors(targets, selectors, chainIds, statuses); 487: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L441-L487 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit array name bridgeMediatorL1s 495: function setBridgeMediatorChainIds( 496: address[] memory bridgeMediatorL1s, 497: address[] memory bridgeMediatorL2s, 498: uint256[] memory chainIds 499: ) external { 500: // Check for the ownership 501: if (msg.sender != owner) { 502: revert OwnerOnly(msg.sender, owner); 503: } 504: 505: // Check for array correctness 506: if (bridgeMediatorL1s.length != bridgeMediatorL2s.length || bridgeMediatorL1s.length != chainIds.length) { 507: revert WrongArrayLength(bridgeMediatorL1s.length, bridgeMediatorL2s.length, chainIds.length, chainIds.length); 508: } 509: 510: // Link L1 and L2 bridge mediators, set L2 chain Ids 511: for (uint256 i = 0; i < chainIds.length; ++i) { 512: // Check for zero addresses 513: if (bridgeMediatorL1s[i] == address(0) || bridgeMediatorL2s[i] == address(0)) { 514: revert ZeroAddress(); 515: } 516: 517: // Check supported chain Ids on L2 518: uint256 chainId = chainIds[i]; 519: if (chainId != 100 && chainId != 137 && chainId != 10200 && chainId != 80001) { 520: revert L2ChainIdNotSupported(chainId); 521: } 522: 523: // Push a pair of key defining variables into one key 524: // bridgeMediatorL2 occupies first 160 bits 525: uint256 bridgeMediatorL2ChainId = uint256(uint160(bridgeMediatorL2s[i])); 526: // L2 chain Id occupies next 64 bits 527: bridgeMediatorL2ChainId |= chainId << 160; 528: mapBridgeMediatorL1L2ChainIds[bridgeMediatorL1s[i]] = bridgeMediatorL2ChainId; 529: } 530: 531: emit SetBridgeMediators(bridgeMediatorL1s, bridgeMediatorL2s, chainIds); 532: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L495-L532 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit array name bridgeMediatorL2s 495: function setBridgeMediatorChainIds( 496: address[] memory bridgeMediatorL1s, 497: address[] memory bridgeMediatorL2s, 498: uint256[] memory chainIds 499: ) external { 500: // Check for the ownership 501: if (msg.sender != owner) { 502: revert OwnerOnly(msg.sender, owner); 503: } 504: 505: // Check for array correctness 506: if (bridgeMediatorL1s.length != bridgeMediatorL2s.length || bridgeMediatorL1s.length != chainIds.length) { 507: revert WrongArrayLength(bridgeMediatorL1s.length, bridgeMediatorL2s.length, chainIds.length, chainIds.length); 508: } 509: 510: // Link L1 and L2 bridge mediators, set L2 chain Ids 511: for (uint256 i = 0; i < chainIds.length; ++i) { 512: // Check for zero addresses 513: if (bridgeMediatorL1s[i] == address(0) || bridgeMediatorL2s[i] == address(0)) { 514: revert ZeroAddress(); 515: } 516: 517: // Check supported chain Ids on L2 518: uint256 chainId = chainIds[i]; 519: if (chainId != 100 && chainId != 137 && chainId != 10200 && chainId != 80001) { 520: revert L2ChainIdNotSupported(chainId); 521: } 522: 523: // Push a pair of key defining variables into one key 524: // bridgeMediatorL2 occupies first 160 bits 525: uint256 bridgeMediatorL2ChainId = uint256(uint160(bridgeMediatorL2s[i])); 526: // L2 chain Id occupies next 64 bits 527: bridgeMediatorL2ChainId |= chainId << 160; 528: mapBridgeMediatorL1L2ChainIds[bridgeMediatorL1s[i]] = bridgeMediatorL2ChainId; 529: } 530: 531: emit SetBridgeMediators(bridgeMediatorL1s, bridgeMediatorL2s, chainIds); 532: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L495-L532 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit array name chainIds 495: function setBridgeMediatorChainIds( 496: address[] memory bridgeMediatorL1s, 497: address[] memory bridgeMediatorL2s, 498: uint256[] memory chainIds 499: ) external { 500: // Check for the ownership 501: if (msg.sender != owner) { 502: revert OwnerOnly(msg.sender, owner); 503: } 504: 505: // Check for array correctness 506: if (bridgeMediatorL1s.length != bridgeMediatorL2s.length || bridgeMediatorL1s.length != chainIds.length) { 507: revert WrongArrayLength(bridgeMediatorL1s.length, bridgeMediatorL2s.length, chainIds.length, chainIds.length); 508: } 509: 510: // Link L1 and L2 bridge mediators, set L2 chain Ids 511: for (uint256 i = 0; i < chainIds.length; ++i) { 512: // Check for zero addresses 513: if (bridgeMediatorL1s[i] == address(0) || bridgeMediatorL2s[i] == address(0)) { 514: revert ZeroAddress(); 515: } 516: 517: // Check supported chain Ids on L2 518: uint256 chainId = chainIds[i]; 519: if (chainId != 100 && chainId != 137 && chainId != 10200 && chainId != 80001) { 520: revert L2ChainIdNotSupported(chainId); 521: } 522: 523: // Push a pair of key defining variables into one key 524: // bridgeMediatorL2 occupies first 160 bits 525: uint256 bridgeMediatorL2ChainId = uint256(uint160(bridgeMediatorL2s[i])); 526: // L2 chain Id occupies next 64 bits 527: bridgeMediatorL2ChainId |= chainId << 160; 528: mapBridgeMediatorL1L2ChainIds[bridgeMediatorL1s[i]] = bridgeMediatorL2ChainId; 529: } 530: 531: emit SetBridgeMediators(bridgeMediatorL1s, bridgeMediatorL2s, chainIds); 532: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L495-L532 ```solidity File: registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol //@audit array name owners 085: function create( 086: address[] memory owners, 087: uint256 threshold, 088: bytes memory data 089: ) external returns (address multisig) 090: { 091: // Check for the correct data length 092: uint256 dataLength = data.length; 093: if (dataLength < DEFAULT_DATA_LENGTH) { 094: revert IncorrectDataLength(DEFAULT_DATA_LENGTH, data.length); 095: } 096: 097: // Read the proxy multisig address (20 bytes) and the multisig-related data 098: assembly { 099: multisig := mload(add(data, DEFAULT_DATA_LENGTH)) 100: } 101: 102: // Check that the multisig address corresponds to the authorized multisig proxy bytecode hash 103: bytes32 multisigProxyHash = keccak256(multisig.code); 104: if (proxyHash != multisigProxyHash) { 105: revert UnauthorizedMultisig(multisig); 106: } 107: 108: // If provided, read the payload that is going to change the multisig ownership and threshold 109: // The payload is expected to be the `execTransaction()` function call with all its arguments and signature(s) 110: if (dataLength > DEFAULT_DATA_LENGTH) { 111: uint256 payloadLength = dataLength - DEFAULT_DATA_LENGTH; 112: bytes memory payload = new bytes(payloadLength); 113: for (uint256 i = 0; i < payloadLength; ++i) { 114: payload[i] = data[i + DEFAULT_DATA_LENGTH]; 115: } 116: 117: // Call the multisig with the provided payload 118: (bool success, ) = multisig.call(payload); 119: if (!success) { 120: revert MultisigExecFailed(multisig); 121: } 122: } 123: 124: // Get the provided proxy multisig owners and threshold 125: address[] memory checkOwners = IGnosisSafe(multisig).getOwners(); 126: uint256 checkThreshold = IGnosisSafe(multisig).getThreshold(); 127: 128: // Verify updated multisig proxy for provided owners and threshold 129: if (threshold != checkThreshold) { 130: revert WrongThreshold(checkThreshold, threshold); 131: } 132: uint256 numOwners = owners.length; 133: if (numOwners != checkOwners.length) { 134: revert WrongNumOwners(checkOwners.length, numOwners); 135: } 136: // The owners' addresses in the multisig itself are stored in reverse order compared to how they were added: 137: // https://etherscan.io/address/0xd9db270c1b5e3bd161e8c8503c55ceabee709552#code#F6#L56 138: // Thus, the check must be carried out accordingly. 139: for (uint256 i = 0; i < numOwners; ++i) { 140: if (owners[i] != checkOwners[numOwners - i - 1]) { 141: revert WrongOwner(owners[i]); 142: } 143: } 144: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol#L85-L144 ```solidity File: tokenomics/contracts/Depository.sol //@audit array name productIds 244: function close(uint256[] memory productIds) external returns (uint256[] memory closedProductIds) { 245: // Check for the contract ownership 246: if (msg.sender != owner) { 247: revert OwnerOnly(msg.sender, owner); 248: } 249: 250: // Calculate the number of closed products 251: uint256 numProducts = productIds.length; 252: uint256[] memory ids = new uint256[](numProducts); 253: uint256 numClosedProducts; 254: // Traverse to close all possible products 255: for (uint256 i = 0; i < numProducts; ++i) { 256: uint256 productId = productIds[i]; 257: // Check if the product is still open by getting its supply amount 258: uint256 supply = mapBondProducts[productId].supply; 259: // The supply is greater than zero only if the product is active, otherwise it is already closed 260: if (supply > 0) { 261: // Refund unused OLAS supply from the product if it was not used by the product completely 262: ITokenomics(tokenomics).refundFromBondProgram(supply); 263: address token = mapBondProducts[productId].token; 264: delete mapBondProducts[productId]; 265: 266: ids[numClosedProducts] = productIds[i]; 267: ++numClosedProducts; 268: emit CloseProduct(token, productId, supply); 269: } 270: } 271: 272: // Get the correct array size of closed product Ids 273: closedProductIds = new uint256[](numClosedProducts); 274: for (uint256 i = 0; i < numClosedProducts; ++i) { 275: closedProductIds[i] = ids[i]; 276: } 277: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L244-L277 ```solidity File: tokenomics/contracts/Depository.sol //@audit array name bondIds 356: function redeem(uint256[] memory bondIds) external returns (uint256 payout) { 357: for (uint256 i = 0; i < bondIds.length; ++i) { 358: // Get the amount to pay and the maturity status 359: uint256 pay = mapUserBonds[bondIds[i]].payout; 360: bool matured = block.timestamp >= mapUserBonds[bondIds[i]].maturity; 361: 362: // Revert if the bond does not exist or is not matured yet 363: if (pay == 0 || !matured) { 364: revert BondNotRedeemable(bondIds[i]); 365: } 366: 367: // Check that the msg.sender is the owner of the bond 368: if (mapUserBonds[bondIds[i]].account != msg.sender) { 369: revert OwnerOnly(msg.sender, mapUserBonds[bondIds[i]].account); 370: } 371: 372: // Increase the payout 373: payout += pay; 374: 375: // Get the productId 376: uint256 productId = mapUserBonds[bondIds[i]].productId; 377: 378: // Delete the Bond struct and release the gas 379: delete mapUserBonds[bondIds[i]]; 380: emit RedeemBond(productId, msg.sender, bondIds[i]); 381: } 382: 383: // Check for the non-zero payout 384: if (payout == 0) { 385: revert ZeroValue(); 386: } 387: 388: // No reentrancy risk here since it's the last operation, and originated from the OLAS token 389: // No need to check for the return value, since it either reverts or returns true, see the ERC20 implementation 390: IToken(olas).transfer(msg.sender, payout); 391: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L356-L391 ```solidity File: tokenomics/contracts/DonatorBlacklist.sol //@audit array name accounts 56: function setDonatorsStatuses(address[] memory accounts, bool[] memory statuses) external returns (bool success) { 57: // Check for the contract ownership 58: if (msg.sender != owner) { 59: revert OwnerOnly(msg.sender, owner); 60: } 61: 62: // Check for the array length 63: if (accounts.length != statuses.length) { 64: revert WrongArrayLength(accounts.length, statuses.length); 65: } 66: 67: for (uint256 i = 0; i < accounts.length; ++i) { 68: // Check for the zero address 69: if (accounts[i] == address(0)) { 70: revert ZeroAddress(); 71: } 72: // Set the account blacklisting status 73: mapBlacklistedDonators[accounts[i]] = statuses[i]; 74: emit DonatorBlacklistStatus(accounts[i], statuses[i]); 75: } 76: success = true; 77: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/DonatorBlacklist.sol#L56-L77 ```solidity File: tokenomics/contracts/DonatorBlacklist.sol //@audit array name statuses 56: function setDonatorsStatuses(address[] memory accounts, bool[] memory statuses) external returns (bool success) { 57: // Check for the contract ownership 58: if (msg.sender != owner) { 59: revert OwnerOnly(msg.sender, owner); 60: } 61: 62: // Check for the array length 63: if (accounts.length != statuses.length) { 64: revert WrongArrayLength(accounts.length, statuses.length); 65: } 66: 67: for (uint256 i = 0; i < accounts.length; ++i) { 68: // Check for the zero address 69: if (accounts[i] == address(0)) { 70: revert ZeroAddress(); 71: } 72: // Set the account blacklisting status 73: mapBlacklistedDonators[accounts[i]] = statuses[i]; 74: emit DonatorBlacklistStatus(accounts[i], statuses[i]); 75: } 76: success = true; 77: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/DonatorBlacklist.sol#L56-L77 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit array name serviceIds 788: function trackServiceDonations( 789: address donator, 790: uint256[] memory serviceIds, 791: uint256[] memory amounts, 792: uint256 donationETH 793: ) external { 794: // Check for the treasury access 795: if (treasury != msg.sender) { 796: revert ManagerOnly(msg.sender, treasury); 797: } 798: 799: // Check if the donator blacklist is enabled, and the status of the donator address 800: address bList = donatorBlacklist; 801: if (bList != address(0) && IDonatorBlacklist(bList).isDonatorBlacklisted(donator)) { 802: revert DonatorBlacklisted(donator); 803: } 804: 805: // Get the number of services 806: uint256 numServices = serviceIds.length; 807: // Loop over service Ids, accumulate donation value and check for the service existence 808: for (uint256 i = 0; i < numServices; ++i) { 809: // Check for the service Id existence 810: if (!IServiceRegistry(serviceRegistry).exists(serviceIds[i])) { 811: revert ServiceDoesNotExist(serviceIds[i]); 812: } 813: } 814: // Get the current epoch 815: uint256 curEpoch = epochCounter; 816: // Increase the total service donation balance per epoch 817: donationETH += mapEpochTokenomics[curEpoch].epochPoint.totalDonationsETH; 818: mapEpochTokenomics[curEpoch].epochPoint.totalDonationsETH = uint96(donationETH); 819: 820: // Track service donations 821: _trackServiceDonations(donator, serviceIds, amounts, curEpoch); 822: 823: // Set the current block number 824: lastDonationBlockNumber = uint32(block.number); 825: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L788-L825 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit array name unitTypes 1085: function accountOwnerIncentives(address account, uint256[] memory unitTypes, uint256[] memory unitIds) external 1086: returns (uint256 reward, uint256 topUp) 1087: { 1088: // Check for the dispenser access 1089: if (dispenser != msg.sender) { 1090: revert ManagerOnly(msg.sender, dispenser); 1091: } 1092: 1093: // Check array lengths 1094: if (unitTypes.length != unitIds.length) { 1095: revert WrongArrayLength(unitTypes.length, unitIds.length); 1096: } 1097: 1098: // Component / agent registry addresses 1099: address[] memory registries = new address[](2); 1100: (registries[0], registries[1]) = (componentRegistry, agentRegistry); 1101: 1102: // Component / agent total supply 1103: uint256[] memory registriesSupply = new uint256[](2); 1104: for (uint256 i = 0; i < 2; ++i) { 1105: registriesSupply[i] = IToken(registries[i]).totalSupply(); 1106: } 1107: 1108: // Check the input data 1109: uint256[] memory lastIds = new uint256[](2); 1110: for (uint256 i = 0; i < unitIds.length; ++i) { 1111: // Check for the unit type to be component / agent only 1112: if (unitTypes[i] > 1) { 1113: revert Overflow(unitTypes[i], 1); 1114: } 1115: 1116: // Check that the unit Ids are in ascending order, not repeating, and no bigger than registries total supply 1117: if (unitIds[i] <= lastIds[unitTypes[i]] || unitIds[i] > registriesSupply[unitTypes[i]]) { 1118: revert WrongUnitId(unitIds[i], unitTypes[i]); 1119: } 1120: lastIds[unitTypes[i]] = unitIds[i]; 1121: 1122: // Check the component / agent Id ownership 1123: address unitOwner = IToken(registries[unitTypes[i]]).ownerOf(unitIds[i]); 1124: if (unitOwner != account) { 1125: revert OwnerOnly(unitOwner, account); 1126: } 1127: } 1128: 1129: // Get the current epoch counter 1130: uint256 curEpoch = epochCounter; 1131: 1132: for (uint256 i = 0; i < unitIds.length; ++i) { 1133: // Get the last epoch number the incentives were accumulated for 1134: uint256 lastEpoch = mapUnitIncentives[unitTypes[i]][unitIds[i]].lastEpoch; 1135: // Finalize unit rewards and top-ups if there were pending ones from the previous epoch 1136: // The finalization is needed when the trackServiceDonations() function did not take care of it 1137: // since between last epoch the donations were received and this current epoch there were no more donations 1138: if (lastEpoch > 0 && lastEpoch < curEpoch) { 1139: _finalizeIncentivesForUnitId(lastEpoch, unitTypes[i], unitIds[i]); 1140: // Change the last epoch number 1141: mapUnitIncentives[unitTypes[i]][unitIds[i]].lastEpoch = 0; 1142: } 1143: 1144: // Accumulate total rewards and clear their balances 1145: reward += mapUnitIncentives[unitTypes[i]][unitIds[i]].reward; 1146: mapUnitIncentives[unitTypes[i]][unitIds[i]].reward = 0; 1147: // Accumulate total top-ups and clear their balances 1148: topUp += mapUnitIncentives[unitTypes[i]][unitIds[i]].topUp; 1149: mapUnitIncentives[unitTypes[i]][unitIds[i]].topUp = 0; 1150: } 1151: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1085-L1151 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit array name unitIds 1085: function accountOwnerIncentives(address account, uint256[] memory unitTypes, uint256[] memory unitIds) external 1086: returns (uint256 reward, uint256 topUp) 1087: { 1088: // Check for the dispenser access 1089: if (dispenser != msg.sender) { 1090: revert ManagerOnly(msg.sender, dispenser); 1091: } 1092: 1093: // Check array lengths 1094: if (unitTypes.length != unitIds.length) { 1095: revert WrongArrayLength(unitTypes.length, unitIds.length); 1096: } 1097: 1098: // Component / agent registry addresses 1099: address[] memory registries = new address[](2); 1100: (registries[0], registries[1]) = (componentRegistry, agentRegistry); 1101: 1102: // Component / agent total supply 1103: uint256[] memory registriesSupply = new uint256[](2); 1104: for (uint256 i = 0; i < 2; ++i) { 1105: registriesSupply[i] = IToken(registries[i]).totalSupply(); 1106: } 1107: 1108: // Check the input data 1109: uint256[] memory lastIds = new uint256[](2); 1110: for (uint256 i = 0; i < unitIds.length; ++i) { 1111: // Check for the unit type to be component / agent only 1112: if (unitTypes[i] > 1) { 1113: revert Overflow(unitTypes[i], 1); 1114: } 1115: 1116: // Check that the unit Ids are in ascending order, not repeating, and no bigger than registries total supply 1117: if (unitIds[i] <= lastIds[unitTypes[i]] || unitIds[i] > registriesSupply[unitTypes[i]]) { 1118: revert WrongUnitId(unitIds[i], unitTypes[i]); 1119: } 1120: lastIds[unitTypes[i]] = unitIds[i]; 1121: 1122: // Check the component / agent Id ownership 1123: address unitOwner = IToken(registries[unitTypes[i]]).ownerOf(unitIds[i]); 1124: if (unitOwner != account) { 1125: revert OwnerOnly(unitOwner, account); 1126: } 1127: } 1128: 1129: // Get the current epoch counter 1130: uint256 curEpoch = epochCounter; 1131: 1132: for (uint256 i = 0; i < unitIds.length; ++i) { 1133: // Get the last epoch number the incentives were accumulated for 1134: uint256 lastEpoch = mapUnitIncentives[unitTypes[i]][unitIds[i]].lastEpoch; 1135: // Finalize unit rewards and top-ups if there were pending ones from the previous epoch 1136: // The finalization is needed when the trackServiceDonations() function did not take care of it 1137: // since between last epoch the donations were received and this current epoch there were no more donations 1138: if (lastEpoch > 0 && lastEpoch < curEpoch) { 1139: _finalizeIncentivesForUnitId(lastEpoch, unitTypes[i], unitIds[i]); 1140: // Change the last epoch number 1141: mapUnitIncentives[unitTypes[i]][unitIds[i]].lastEpoch = 0; 1142: } 1143: 1144: // Accumulate total rewards and clear their balances 1145: reward += mapUnitIncentives[unitTypes[i]][unitIds[i]].reward; 1146: mapUnitIncentives[unitTypes[i]][unitIds[i]].reward = 0; 1147: // Accumulate total top-ups and clear their balances 1148: topUp += mapUnitIncentives[unitTypes[i]][unitIds[i]].topUp; 1149: mapUnitIncentives[unitTypes[i]][unitIds[i]].topUp = 0; 1150: } 1151: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1085-L1151 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit array name unitTypes 1160: function getOwnerIncentives(address account, uint256[] memory unitTypes, uint256[] memory unitIds) external view 1161: returns (uint256 reward, uint256 topUp) 1162: { 1163: // Check array lengths 1164: if (unitTypes.length != unitIds.length) { 1165: revert WrongArrayLength(unitTypes.length, unitIds.length); 1166: } 1167: 1168: // Component / agent registry addresses 1169: address[] memory registries = new address[](2); 1170: (registries[0], registries[1]) = (componentRegistry, agentRegistry); 1171: 1172: // Component / agent total supply 1173: uint256[] memory registriesSupply = new uint256[](2); 1174: for (uint256 i = 0; i < 2; ++i) { 1175: registriesSupply[i] = IToken(registries[i]).totalSupply(); 1176: } 1177: 1178: // Check the input data 1179: uint256[] memory lastIds = new uint256[](2); 1180: for (uint256 i = 0; i < unitIds.length; ++i) { 1181: // Check for the unit type to be component / agent only 1182: if (unitTypes[i] > 1) { 1183: revert Overflow(unitTypes[i], 1); 1184: } 1185: 1186: // Check that the unit Ids are in ascending order, not repeating, and no bigger than registries total supply 1187: if (unitIds[i] <= lastIds[unitTypes[i]] || unitIds[i] > registriesSupply[unitTypes[i]]) { 1188: revert WrongUnitId(unitIds[i], unitTypes[i]); 1189: } 1190: lastIds[unitTypes[i]] = unitIds[i]; 1191: 1192: // Check the component / agent Id ownership 1193: address unitOwner = IToken(registries[unitTypes[i]]).ownerOf(unitIds[i]); 1194: if (unitOwner != account) { 1195: revert OwnerOnly(unitOwner, account); 1196: } 1197: } 1198: 1199: // Get the current epoch counter 1200: uint256 curEpoch = epochCounter; 1201: 1202: for (uint256 i = 0; i < unitIds.length; ++i) { 1203: // Get the last epoch number the incentives were accumulated for 1204: uint256 lastEpoch = mapUnitIncentives[unitTypes[i]][unitIds[i]].lastEpoch; 1205: // Calculate rewards and top-ups if there were pending ones from the previous epoch 1206: if (lastEpoch > 0 && lastEpoch < curEpoch) { 1207: // Get the overall amount of unit rewards for the component's last epoch 1208: // reward = (pendingRelativeReward * rewardUnitFraction) / 100 1209: uint256 totalIncentives = mapUnitIncentives[unitTypes[i]][unitIds[i]].pendingRelativeReward; 1210: if (totalIncentives > 0) { 1211: totalIncentives *= mapEpochTokenomics[lastEpoch].unitPoints[unitTypes[i]].rewardUnitFraction; 1212: // Accumulate to the final reward for the last epoch 1213: reward += totalIncentives / 100; 1214: } 1215: // Add the final top-up for the last epoch 1216: totalIncentives = mapUnitIncentives[unitTypes[i]][unitIds[i]].pendingRelativeTopUp; 1217: if (totalIncentives > 0) { 1218: // Summation of all the unit top-ups and total amount of top-ups per epoch 1219: // topUp = (pendingRelativeTopUp * totalTopUpsOLAS * topUpUnitFraction) / (100 * sumUnitTopUpsOLAS) 1220: totalIncentives *= mapEpochTokenomics[lastEpoch].epochPoint.totalTopUpsOLAS; 1221: totalIncentives *= mapEpochTokenomics[lastEpoch].unitPoints[unitTypes[i]].topUpUnitFraction; 1222: uint256 sumUnitIncentives = uint256(mapEpochTokenomics[lastEpoch].unitPoints[unitTypes[i]].sumUnitTopUpsOLAS) * 100; 1223: // Accumulate to the final top-up for the last epoch 1224: topUp += totalIncentives / sumUnitIncentives; 1225: } 1226: } 1227: 1228: // Accumulate total rewards to finalized ones 1229: reward += mapUnitIncentives[unitTypes[i]][unitIds[i]].reward; 1230: // Accumulate total top-ups to finalized ones 1231: topUp += mapUnitIncentives[unitTypes[i]][unitIds[i]].topUp; 1232: } 1233: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1160-L1233 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit array name unitIds 1160: function getOwnerIncentives(address account, uint256[] memory unitTypes, uint256[] memory unitIds) external view 1161: returns (uint256 reward, uint256 topUp) 1162: { 1163: // Check array lengths 1164: if (unitTypes.length != unitIds.length) { 1165: revert WrongArrayLength(unitTypes.length, unitIds.length); 1166: } 1167: 1168: // Component / agent registry addresses 1169: address[] memory registries = new address[](2); 1170: (registries[0], registries[1]) = (componentRegistry, agentRegistry); 1171: 1172: // Component / agent total supply 1173: uint256[] memory registriesSupply = new uint256[](2); 1174: for (uint256 i = 0; i < 2; ++i) { 1175: registriesSupply[i] = IToken(registries[i]).totalSupply(); 1176: } 1177: 1178: // Check the input data 1179: uint256[] memory lastIds = new uint256[](2); 1180: for (uint256 i = 0; i < unitIds.length; ++i) { 1181: // Check for the unit type to be component / agent only 1182: if (unitTypes[i] > 1) { 1183: revert Overflow(unitTypes[i], 1); 1184: } 1185: 1186: // Check that the unit Ids are in ascending order, not repeating, and no bigger than registries total supply 1187: if (unitIds[i] <= lastIds[unitTypes[i]] || unitIds[i] > registriesSupply[unitTypes[i]]) { 1188: revert WrongUnitId(unitIds[i], unitTypes[i]); 1189: } 1190: lastIds[unitTypes[i]] = unitIds[i]; 1191: 1192: // Check the component / agent Id ownership 1193: address unitOwner = IToken(registries[unitTypes[i]]).ownerOf(unitIds[i]); 1194: if (unitOwner != account) { 1195: revert OwnerOnly(unitOwner, account); 1196: } 1197: } 1198: 1199: // Get the current epoch counter 1200: uint256 curEpoch = epochCounter; 1201: 1202: for (uint256 i = 0; i < unitIds.length; ++i) { 1203: // Get the last epoch number the incentives were accumulated for 1204: uint256 lastEpoch = mapUnitIncentives[unitTypes[i]][unitIds[i]].lastEpoch; 1205: // Calculate rewards and top-ups if there were pending ones from the previous epoch 1206: if (lastEpoch > 0 && lastEpoch < curEpoch) { 1207: // Get the overall amount of unit rewards for the component's last epoch 1208: // reward = (pendingRelativeReward * rewardUnitFraction) / 100 1209: uint256 totalIncentives = mapUnitIncentives[unitTypes[i]][unitIds[i]].pendingRelativeReward; 1210: if (totalIncentives > 0) { 1211: totalIncentives *= mapEpochTokenomics[lastEpoch].unitPoints[unitTypes[i]].rewardUnitFraction; 1212: // Accumulate to the final reward for the last epoch 1213: reward += totalIncentives / 100; 1214: } 1215: // Add the final top-up for the last epoch 1216: totalIncentives = mapUnitIncentives[unitTypes[i]][unitIds[i]].pendingRelativeTopUp; 1217: if (totalIncentives > 0) { 1218: // Summation of all the unit top-ups and total amount of top-ups per epoch 1219: // topUp = (pendingRelativeTopUp * totalTopUpsOLAS * topUpUnitFraction) / (100 * sumUnitTopUpsOLAS) 1220: totalIncentives *= mapEpochTokenomics[lastEpoch].epochPoint.totalTopUpsOLAS; 1221: totalIncentives *= mapEpochTokenomics[lastEpoch].unitPoints[unitTypes[i]].topUpUnitFraction; 1222: uint256 sumUnitIncentives = uint256(mapEpochTokenomics[lastEpoch].unitPoints[unitTypes[i]].sumUnitTopUpsOLAS) * 100; 1223: // Accumulate to the final top-up for the last epoch 1224: topUp += totalIncentives / sumUnitIncentives; 1225: } 1226: } 1227: 1228: // Accumulate total rewards to finalized ones 1229: reward += mapUnitIncentives[unitTypes[i]][unitIds[i]].reward; 1230: // Accumulate total top-ups to finalized ones 1231: topUp += mapUnitIncentives[unitTypes[i]][unitIds[i]].topUp; 1232: } 1233: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1160-L1233 ```solidity File: tokenomics/contracts/Treasury.sol //@audit array name amounts 257: function depositServiceDonationsETH(uint256[] memory serviceIds, uint256[] memory amounts) external payable { 258: // Reentrancy guard 259: if (_locked > 1) { 260: revert ReentrancyGuard(); 261: } 262: _locked = 2; 263: 264: // Check that the amount donated has at least a practical minimal value 265: if (msg.value < minAcceptedETH) { 266: revert LowerThan(msg.value, minAcceptedETH); 267: } 268: 269: // Check for the same length of arrays 270: uint256 numServices = serviceIds.length; 271: if (amounts.length != numServices) { 272: revert WrongArrayLength(numServices, amounts.length); 273: } 274: 275: uint256 totalAmount; 276: for (uint256 i = 0; i < numServices; ++i) { 277: if (amounts[i] == 0) { 278: revert ZeroValue(); 279: } 280: totalAmount += amounts[i]; 281: } 282: 283: // Check if the total transferred amount corresponds to the sum of amounts from services 284: if (msg.value != totalAmount) { 285: revert WrongAmount(msg.value, totalAmount); 286: } 287: 288: // Accumulate received donation from services 289: uint256 donationETH = ETHFromServices + msg.value; 290: // Check for the overflow values, specifically when fuzzing, since realistically these amounts are assumed to be not possible 291: if (donationETH + ETHOwned > type(uint96).max) { 292: revert Overflow(donationETH, type(uint96).max); 293: } 294: ETHFromServices = uint96(donationETH); 295: emit DonateToServicesETH(msg.sender, serviceIds, amounts, msg.value); 296: 297: // Track service donations on the Tokenomics side 298: ITokenomics(tokenomics).trackServiceDonations(msg.sender, serviceIds, amounts, msg.value); 299: 300: _locked = 1; 301: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L257-L301 ### [N-75] A function which defines named returns in it's declaration doesn't need to use return Remove the return statement once ensuring it is safe to do so *There are 3 instance(s) of this issue:* ```solidity File: registries/contracts/UnitRegistry.sol 160: function getDependencies(uint256 unitId) external view virtual 161: returns (uint256 numDependencies, uint32[] memory dependencies) 162: { 163: Unit memory unit = mapUnits[unitId]; 164: return (unit.dependencies.length, unit.dependencies); 165: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L160-L165 ```solidity File: registries/contracts/UnitRegistry.sol 171: function getUpdatedHashes(uint256 unitId) external view virtual 172: returns (uint256 numHashes, bytes32[] memory unitHashes) 173: { 174: unitHashes = mapUnitIdHashes[unitId]; 175: return (unitHashes.length, unitHashes); 176: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L171-L176 ```solidity File: tokenomics/contracts/Depository.sol 491: function getCurrentPriceLP(address token) external view returns (uint256 priceLP) { 492: return IGenericBondCalculator(bondCalculator).getCurrentPriceLP(token); 493: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L491-L493 ### [N-76] Contract declarations should have NatSpec `@dev` annotations *There are 29 instance(s) of this issue:* ```solidity File: governance/contracts/OLAS.sol 14: /// @title OLAS - Smart contract for the OLAS token. 15: /// @author AL 16: /// @author Aleksandr Kuperman - 17: contract OLAS is ERC20 { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L14-L17 ```solidity File: governance/contracts/veOLAS.sol 85: /// @notice This token supports the ERC20 interface specifications except for transfers and approvals. 86: contract veOLAS is IErrors, IVotes, IERC20, IERC165 { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L85-L86 ```solidity File: governance/contracts/wveOLAS.sol 13: interface IVEOLAS { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L13-L13 ```solidity File: governance/contracts/wveOLAS.sol 127: /// @title wveOLAS - Wrapper smart contract for view functions of veOLAS contract 128: /// @author AL 129: /// @author Aleksandr Kuperman - 130: contract wveOLAS { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L127-L130 ```solidity File: governance/contracts/multisigs/GuardCM.sol 6: interface IGovernor { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L6-L6 ```solidity File: governance/contracts/multisigs/GuardCM.sol 85: /// @title GuardCM - Smart contract for Gnosis Safe community multisig (CM) guard 86: /// @author Aleksandr Kuperman - 87: /// @author Andrey Lebedev - 88: contract GuardCM { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L85-L88 ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol 43: /// @title FxGovernorTunnel - Smart contract for the governor child tunnel bridge implementation 44: /// @author Aleksandr Kuperman - 45: /// @author AL 46: contract FxGovernorTunnel is IFxMessageProcessor { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L43-L46 ```solidity File: governance/contracts/bridges/HomeMediator.sol 43: /// @title HomeMediator - Smart contract for the governor home (gnosis chain) bridge implementation 44: /// @author Aleksandr Kuperman - 45: /// @author AL 46: contract HomeMediator { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L43-L46 ```solidity File: governance/contracts/bridges/FxERC20ChildTunnel.sol 20: /// @title FxERC20ChildTunnel - Smart contract for the L2 token management part 21: /// @author Aleksandr Kuperman - 22: /// @author Andrey Lebedev - 23: /// @author Mariapia Moscatiello - 24: contract FxERC20ChildTunnel is FxBaseChildTunnel { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20ChildTunnel.sol#L20-L24 ```solidity File: governance/contracts/bridges/FxERC20RootTunnel.sol 20: /// @title FxERC20RootTunnel - Smart contract for the L1 token management part 21: /// @author Aleksandr Kuperman - 22: /// @author Andrey Lebedev - 23: /// @author Mariapia Moscatiello - 24: contract FxERC20RootTunnel is FxBaseRootTunnel { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20RootTunnel.sol#L20-L24 ```solidity File: registries/contracts/GenericRegistry.sol 7: /// @title Generic Registry - Smart contract for generic registry template 8: /// @author Aleksandr Kuperman - 9: abstract contract GenericRegistry is IErrorsRegistries, ERC721 { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L7-L9 ```solidity File: registries/contracts/UnitRegistry.sol 6: /// @title Unit Registry - Smart contract for registering generalized units / units 7: /// @author Aleksandr Kuperman - 8: abstract contract UnitRegistry is GenericRegistry { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L6-L8 ```solidity File: registries/contracts/ComponentRegistry.sol 6: /// @title Component Registry - Smart contract for registering components 7: /// @author Aleksandr Kuperman - 8: contract ComponentRegistry is UnitRegistry { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/ComponentRegistry.sol#L6-L8 ```solidity File: registries/contracts/AgentRegistry.sol 7: /// @title Agent Registry - Smart contract for registering agents 8: /// @author Aleksandr Kuperman - 9: contract AgentRegistry is UnitRegistry { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/AgentRegistry.sol#L7-L9 ```solidity File: registries/contracts/GenericManager.sol 6: /// @title Generic Manager - Smart contract for generic registry manager template 7: /// @author Aleksandr Kuperman - 8: abstract contract GenericManager is IErrorsRegistries { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericManager.sol#L6-L8 ```solidity File: registries/contracts/RegistriesManager.sol 7: /// @title Registries Manager - Periphery smart contract for managing components and agents 8: /// @author Aleksandr Kuperman - 9: contract RegistriesManager is GenericManager { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/RegistriesManager.sol#L7-L9 ```solidity File: registries/contracts/multisigs/GnosisSafeMultisig.sol 5: interface IGnosisSafeProxyFactory { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeMultisig.sol#L5-L5 ```solidity File: registries/contracts/multisigs/GnosisSafeMultisig.sol 22: /// @title Gnosis Safe - Smart contract for Gnosis Safe multisig implementation of a generic multisig interface 23: /// @author Aleksandr Kuperman - 24: contract GnosisSafeMultisig { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeMultisig.sol#L22-L24 ```solidity File: registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol 5: interface IGnosisSafe { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol#L5-L5 ```solidity File: registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol 48: /// @title Gnosis Safe Same Address - Smart contract for Gnosis Safe verification of an already existent multisig address. 49: /// @author Aleksandr Kuperman - 50: contract GnosisSafeSameAddressMultisig { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol#L48-L50 ```solidity File: tokenomics/contracts/Depository.sol 59: /// @title Bond Depository - Smart contract for OLAS Bond Depository 60: /// @author AL 61: /// @author Aleksandr Kuperman - 62: contract Depository is IErrorsTokenomics { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L59-L62 ```solidity File: tokenomics/contracts/Dispenser.sol 08: /// @title Dispenser - Smart contract for distributing incentives 09: /// @author AL 10: /// @author Aleksandr Kuperman - 11: contract Dispenser is IErrorsTokenomics { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Dispenser.sol#L8-L11 ```solidity File: tokenomics/contracts/DonatorBlacklist.sol 17: /// @title DonatorBlacklist - Smart contract for donator address blacklisting 18: /// @author AL 19: /// @author Aleksandr Kuperman - 20: contract DonatorBlacklist { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/DonatorBlacklist.sol#L17-L20 ```solidity File: tokenomics/contracts/Tokenomics.sol 115: /// @title Tokenomics - Smart contract for tokenomics logic with incentives for unit owners and discount factor regulations for bonds. 116: /// @author AL 117: /// @author Aleksandr Kuperman - 118: contract Tokenomics is TokenomicsConstants, IErrorsTokenomics { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L115-L118 ```solidity File: tokenomics/contracts/TokenomicsConstants.sol 6: /// @title TokenomicsConstants - Smart contract with tokenomics constants 7: /// @author AL 8: /// @author Aleksandr Kuperman - 9: abstract contract TokenomicsConstants { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsConstants.sol#L6-L9 ```solidity File: tokenomics/contracts/TokenomicsProxy.sol 23: /// @title TokenomicsProxy - Smart contract for tokenomics proxy 24: /// @author AL 25: /// @author Aleksandr Kuperman - 26: contract TokenomicsProxy { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsProxy.sol#L23-L26 ```solidity File: tokenomics/contracts/Treasury.sol 33: /// @title Treasury - Smart contract for managing OLAS Treasury 34: /// @author AL 35: /// @author Aleksandr Kuperman - 36: /// Invariant does not support a failing call() function while transferring ETH when using the CEI pattern: 37: /// revert TransferFailed(address(0), address(this), to, tokenAmount); 38: /// invariant {:msg "broken conservation law"} address(this).balance == ETHFromServices + ETHOwned; 39: contract Treasury is IErrorsTokenomics { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L33-L39 ```solidity File: tokenomics/contracts/interfaces/IOLAS.sol 4: interface IOLAS { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IOLAS.sol#L4-L4 ```solidity File: tokenomics/contracts/interfaces/IUniswapV2Pair.sol 5: interface IUniswapV2Pair { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IUniswapV2Pair.sol#L5-L5 ### [N-77] Contract should expose an `interface` The `contract`s should expose an `interface` so that other projects can more easily integrate with it, without having to develop their own non-standard variants. *There are 78 instance(s) of this issue:* ```solidity File: governance/contracts/OLAS.sol 43: function changeOwner(address newOwner) external { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L43-L43 ```solidity File: governance/contracts/OLAS.sol 58: function changeMinter(address newMinter) external { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L58-L58 ```solidity File: governance/contracts/OLAS.sol 91: function inflationControl(uint256 amount) public view returns (bool) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L91-L91 ```solidity File: governance/contracts/OLAS.sol 98: function inflationRemainder() public view returns (uint256 remainder) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L98-L98 ```solidity File: governance/contracts/OLAS.sol 128: function decreaseAllowance(address spender, uint256 amount) external returns (bool) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L128-L128 ```solidity File: governance/contracts/OLAS.sol 145: function increaseAllowance(address spender, uint256 amount) external returns (bool) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L145-L145 ```solidity File: governance/contracts/veOLAS.sol 376: function depositFor(address account, uint256 amount) external { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L376-L376 ```solidity File: governance/contracts/veOLAS.sol 402: function createLock(uint256 amount, uint256 unlockTime) external { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L402-L402 ```solidity File: governance/contracts/veOLAS.sol 411: function createLockFor(address account, uint256 amount, uint256 unlockTime) external { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L411-L411 ```solidity File: governance/contracts/veOLAS.sol 458: function increaseAmount(uint256 amount) external { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L458-L458 ```solidity File: governance/contracts/veOLAS.sol 483: function increaseUnlockTime(uint256 unlockTime) external { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L483-L483 ```solidity File: governance/contracts/veOLAS.sol 510: function withdraw() external { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L510-L510 ```solidity File: governance/contracts/multisigs/GuardCM.sol 154: function changeGovernor(address newGovernor) external { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L154-L154 ```solidity File: governance/contracts/multisigs/GuardCM.sol 170: function changeGovernorCheckProposalId(uint256 proposalId) external { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L170-L170 ```solidity File: governance/contracts/multisigs/GuardCM.sol 387: function checkTransaction( ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L387-L387 ```solidity File: governance/contracts/multisigs/GuardCM.sol 441: function setTargetSelectorChainIds( ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L441-L441 ```solidity File: governance/contracts/multisigs/GuardCM.sol 495: function setBridgeMediatorChainIds( ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L495-L495 ```solidity File: governance/contracts/multisigs/GuardCM.sol 539: function pause() external { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L539-L539 ```solidity File: governance/contracts/multisigs/GuardCM.sol 560: function unpause() external { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L560-L560 ```solidity File: governance/contracts/multisigs/GuardCM.sol 572: function checkAfterExecution(bytes32, bool) external {} ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L572-L572 ```solidity File: governance/contracts/multisigs/GuardCM.sol 579: function getTargetSelectorChainId(address target, bytes4 selector, uint256 chainId) external view ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L579-L579 ```solidity File: governance/contracts/multisigs/GuardCM.sol 597: function getBridgeMediatorChainId(address bridgeMediatorL1) external view ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L597-L597 ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol 81: function changeRootGovernor(address newRootGovernor) external { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L81-L81 ```solidity File: governance/contracts/bridges/HomeMediator.sol 81: function changeForeignGovernor(address newForeignGovernor) external { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L81-L81 ```solidity File: governance/contracts/bridges/HomeMediator.sol 105: function processMessageFromForeign(bytes memory data) external { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L105-L105 ```solidity File: governance/contracts/bridges/BridgedERC20.sol 30: function changeOwner(address newOwner) external { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/BridgedERC20.sol#L30-L30 ```solidity File: governance/contracts/bridges/FxERC20ChildTunnel.sol 50: function deposit(uint256 amount) external { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20ChildTunnel.sol#L50-L50 ```solidity File: governance/contracts/bridges/FxERC20ChildTunnel.sol 57: function depositTo(address to, uint256 amount) external { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20ChildTunnel.sol#L57-L57 ```solidity File: governance/contracts/bridges/FxERC20RootTunnel.sol 54: function withdraw(uint256 amount) external { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20RootTunnel.sol#L54-L54 ```solidity File: governance/contracts/bridges/FxERC20RootTunnel.sol 61: function withdrawTo(address to, uint256 amount) external { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20RootTunnel.sol#L61-L61 ```solidity File: registries/contracts/GenericRegistry.sol 37: function changeOwner(address newOwner) external virtual { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L37-L37 ```solidity File: registries/contracts/GenericRegistry.sol 54: function changeManager(address newManager) external virtual { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L54-L54 ```solidity File: registries/contracts/GenericRegistry.sol 78: function setBaseURI(string memory bURI) external virtual { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L78-L78 ```solidity File: registries/contracts/GenericRegistry.sol 97: function tokenByIndex(uint256 id) external view virtual returns (uint256 unitId) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L97-L97 ```solidity File: registries/contracts/UnitRegistry.sol 152: function getUnit(uint256 unitId) external view virtual returns (Unit memory unit) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L152-L152 ```solidity File: registries/contracts/UnitRegistry.sol 160: function getDependencies(uint256 unitId) external view virtual ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L160-L160 ```solidity File: registries/contracts/GenericManager.sol 20: function changeOwner(address newOwner) external virtual { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericManager.sol#L20-L20 ```solidity File: registries/contracts/GenericManager.sol 36: function pause() external virtual { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericManager.sol#L36-L36 ```solidity File: registries/contracts/GenericManager.sol 47: function unpause() external virtual { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericManager.sol#L47-L47 ```solidity File: tokenomics/contracts/Depository.sol 123: function changeOwner(address newOwner) external { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L123-L123 ```solidity File: tokenomics/contracts/Depository.sol 143: function changeManagers(address _tokenomics, address _treasury) external { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L143-L143 ```solidity File: tokenomics/contracts/Depository.sol 163: function changeBondCalculator(address _bondCalculator) external { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L163-L163 ```solidity File: tokenomics/contracts/Depository.sol 244: function close(uint256[] memory productIds) external returns (uint256[] memory closedProductIds) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L244-L244 ```solidity File: tokenomics/contracts/Depository.sol 291: function deposit(uint256 productId, uint256 tokenAmount) external ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L291-L291 ```solidity File: tokenomics/contracts/Depository.sol 356: function redeem(uint256[] memory bondIds) external returns (uint256 payout) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L356-L356 ```solidity File: tokenomics/contracts/Depository.sol 396: function getProducts(bool active) external view returns (uint256[] memory productIds) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L396-L396 ```solidity File: tokenomics/contracts/Depository.sol 424: function isActiveProduct(uint256 productId) external view returns (bool status) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L424-L424 ```solidity File: tokenomics/contracts/Depository.sol 435: function getBonds(address account, bool matured) external view ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L435-L435 ```solidity File: tokenomics/contracts/Depository.sol 480: function getBondStatus(uint256 bondId) external view returns (uint256 payout, bool matured) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L480-L480 ```solidity File: tokenomics/contracts/Dispenser.sol 46: function changeOwner(address newOwner) external { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Dispenser.sol#L46-L46 ```solidity File: tokenomics/contracts/Dispenser.sol 64: function changeManagers(address _tokenomics, address _treasury) external { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Dispenser.sol#L64-L64 ```solidity File: tokenomics/contracts/Dispenser.sol 89: function claimOwnerIncentives(uint256[] memory unitTypes, uint256[] memory unitIds) external ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Dispenser.sol#L89-L89 ```solidity File: tokenomics/contracts/DonatorBlacklist.sol 36: function changeOwner(address newOwner) external { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/DonatorBlacklist.sol#L36-L36 ```solidity File: tokenomics/contracts/DonatorBlacklist.sol 56: function setDonatorsStatuses(address[] memory accounts, bool[] memory statuses) external returns (bool success) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/DonatorBlacklist.sol#L56-L56 ```solidity File: tokenomics/contracts/Tokenomics.sol 264: function initializeTokenomics( ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L264-L264 ```solidity File: tokenomics/contracts/Tokenomics.sol 374: function tokenomicsImplementation() external view returns (address implementation) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L374-L374 ```solidity File: tokenomics/contracts/Tokenomics.sol 384: function changeTokenomicsImplementation(address implementation) external { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L384-L384 ```solidity File: tokenomics/contracts/Tokenomics.sol 404: function changeOwner(address newOwner) external { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L404-L404 ```solidity File: tokenomics/contracts/Tokenomics.sol 423: function changeManagers(address _treasury, address _depository, address _dispenser) external { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L423-L423 ```solidity File: tokenomics/contracts/Tokenomics.sol 450: function changeRegistries(address _componentRegistry, address _agentRegistry, address _serviceRegistry) external { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L450-L450 ```solidity File: tokenomics/contracts/Tokenomics.sol 474: function changeDonatorBlacklist(address _donatorBlacklist) external { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L474-L474 ```solidity File: tokenomics/contracts/Tokenomics.sol 497: function changeTokenomicsParameters( ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L497-L497 ```solidity File: tokenomics/contracts/Tokenomics.sol 562: function changeIncentiveFractions( ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L562-L562 ```solidity File: tokenomics/contracts/Tokenomics.sol 1160: function getOwnerIncentives(address account, uint256[] memory unitTypes, uint256[] memory unitIds) external view ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1160-L1160 ```solidity File: tokenomics/contracts/Tokenomics.sol 1237: function getInflationPerEpoch() external view returns (uint256 inflationPerEpoch) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1237-L1237 ```solidity File: tokenomics/contracts/Tokenomics.sol 1245: function getUnitPoint(uint256 epoch, uint256 unitType) external view returns (UnitPoint memory up) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1245-L1245 ```solidity File: tokenomics/contracts/Tokenomics.sol 1252: function getIDF(uint256 epoch) external view returns (uint256 idf) ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1252-L1252 ```solidity File: tokenomics/contracts/TokenomicsConstants.sol 30: function getSupplyCapForYear(uint256 numYears) public pure returns (uint256 supplyCap) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsConstants.sol#L30-L30 ```solidity File: tokenomics/contracts/TokenomicsConstants.sol 66: function getInflationForYear(uint256 numYears) public pure returns (uint256 inflationAmount) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsConstants.sol#L66-L66 ```solidity File: tokenomics/contracts/Treasury.sol 137: function changeOwner(address newOwner) external { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L137-L137 ```solidity File: tokenomics/contracts/Treasury.sol 156: function changeManagers(address _tokenomics, address _depository, address _dispenser) external { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L156-L156 ```solidity File: tokenomics/contracts/Treasury.sol 182: function changeMinAcceptedETH(uint256 _minAcceptedETH) external { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L182-L182 ```solidity File: tokenomics/contracts/Treasury.sol 313: function withdraw(address to, uint256 tokenAmount, address token) external returns (bool success) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L313-L313 ```solidity File: tokenomics/contracts/Treasury.sol 466: function drainServiceSlashedFunds() external returns (uint256 amount) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L466-L466 ```solidity File: tokenomics/contracts/Treasury.sol 487: function enableToken(address token) external { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L487-L487 ```solidity File: tokenomics/contracts/Treasury.sol 507: function disableToken(address token) external { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L507-L507 ```solidity File: tokenomics/contracts/Treasury.sol 531: function pause() external { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L531-L531 ```solidity File: tokenomics/contracts/Treasury.sol 542: function unpause() external { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L542-L542 ### [N-78] Named imports of parent contracts are missing *There are 1 instance(s) of this issue:* ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol //@audit `IFxMessageProcessor` 46: contract FxGovernorTunnel is IFxMessageProcessor { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L46-L46 ### [N-79] Contract declarations should have NatSpec `@notice` annotations *There are 46 instance(s) of this issue:* ```solidity File: governance/contracts/GovernorOLAS.sol 12: /// @title Governor OLAS - Smart contract for Autonolas governance 13: /// @author Aleksandr Kuperman - 14: /// @dev The OpenZeppelin functions are used as is, version 4.8.3. 15: contract GovernorOLAS is Governor, GovernorSettings, GovernorCompatibilityBravo, GovernorVotes, GovernorVotesQuorumFraction, GovernorTimelockControl { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/GovernorOLAS.sol#L12-L15 ```solidity File: governance/contracts/Timelock.sol 6: /// @title Timelock - Smart contract for the timelock 7: /// @author Aleksandr Kuperman - 8: /// @dev The OpenZeppelin functions are used as is, version 4.8.3. 9: contract Timelock is TimelockController { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/Timelock.sol#L6-L9 ```solidity File: governance/contracts/OLAS.sol 14: /// @title OLAS - Smart contract for the OLAS token. 15: /// @author AL 16: /// @author Aleksandr Kuperman - 17: contract OLAS is ERC20 { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L14-L17 ```solidity File: governance/contracts/wveOLAS.sol 13: interface IVEOLAS { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L13-L13 ```solidity File: governance/contracts/wveOLAS.sol 127: /// @title wveOLAS - Wrapper smart contract for view functions of veOLAS contract 128: /// @author AL 129: /// @author Aleksandr Kuperman - 130: contract wveOLAS { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L127-L130 ```solidity File: governance/contracts/multisigs/GuardCM.sol 6: interface IGovernor { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L6-L6 ```solidity File: governance/contracts/multisigs/GuardCM.sol 85: /// @title GuardCM - Smart contract for Gnosis Safe community multisig (CM) guard 86: /// @author Aleksandr Kuperman - 87: /// @author Andrey Lebedev - 88: contract GuardCM { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L85-L88 ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol 4: /// @dev Interface to process message across the bridge. 5: interface IFxMessageProcessor { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L4-L5 ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol 43: /// @title FxGovernorTunnel - Smart contract for the governor child tunnel bridge implementation 44: /// @author Aleksandr Kuperman - 45: /// @author AL 46: contract FxGovernorTunnel is IFxMessageProcessor { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L43-L46 ```solidity File: governance/contracts/bridges/HomeMediator.sol 4: /// @dev Interface to the AMB Contract Proxy. 5: interface IAMB { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L4-L5 ```solidity File: governance/contracts/bridges/HomeMediator.sol 43: /// @title HomeMediator - Smart contract for the governor home (gnosis chain) bridge implementation 44: /// @author Aleksandr Kuperman - 45: /// @author AL 46: contract HomeMediator { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L43-L46 ```solidity File: governance/contracts/bridges/BridgedERC20.sol 15: /// @title BridgedERC20 - Smart contract for bridged ERC20 token 16: /// @dev Bridged token contract is owned by the bridge mediator contract, and thus the token representation from 17: /// another chain must be minted and burned solely by the bridge mediator contract. 18: contract BridgedERC20 is ERC20 { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/BridgedERC20.sol#L15-L18 ```solidity File: governance/contracts/bridges/FxERC20ChildTunnel.sol 20: /// @title FxERC20ChildTunnel - Smart contract for the L2 token management part 21: /// @author Aleksandr Kuperman - 22: /// @author Andrey Lebedev - 23: /// @author Mariapia Moscatiello - 24: contract FxERC20ChildTunnel is FxBaseChildTunnel { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20ChildTunnel.sol#L20-L24 ```solidity File: governance/contracts/bridges/FxERC20RootTunnel.sol 20: /// @title FxERC20RootTunnel - Smart contract for the L1 token management part 21: /// @author Aleksandr Kuperman - 22: /// @author Andrey Lebedev - 23: /// @author Mariapia Moscatiello - 24: contract FxERC20RootTunnel is FxBaseRootTunnel { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20RootTunnel.sol#L20-L24 ```solidity File: governance/contracts/interfaces/IERC20.sol 4: /// @dev ERC20 token interface. 5: interface IERC20 { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/interfaces/IERC20.sol#L4-L5 ```solidity File: governance/contracts/interfaces/IErrors.sol 4: /// @dev Errors. 5: interface IErrors { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/interfaces/IErrors.sol#L4-L5 ```solidity File: registries/contracts/GenericRegistry.sol 7: /// @title Generic Registry - Smart contract for generic registry template 8: /// @author Aleksandr Kuperman - 9: abstract contract GenericRegistry is IErrorsRegistries, ERC721 { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L7-L9 ```solidity File: registries/contracts/UnitRegistry.sol 6: /// @title Unit Registry - Smart contract for registering generalized units / units 7: /// @author Aleksandr Kuperman - 8: abstract contract UnitRegistry is GenericRegistry { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L6-L8 ```solidity File: registries/contracts/ComponentRegistry.sol 6: /// @title Component Registry - Smart contract for registering components 7: /// @author Aleksandr Kuperman - 8: contract ComponentRegistry is UnitRegistry { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/ComponentRegistry.sol#L6-L8 ```solidity File: registries/contracts/AgentRegistry.sol 7: /// @title Agent Registry - Smart contract for registering agents 8: /// @author Aleksandr Kuperman - 9: contract AgentRegistry is UnitRegistry { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/AgentRegistry.sol#L7-L9 ```solidity File: registries/contracts/GenericManager.sol 6: /// @title Generic Manager - Smart contract for generic registry manager template 7: /// @author Aleksandr Kuperman - 8: abstract contract GenericManager is IErrorsRegistries { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericManager.sol#L6-L8 ```solidity File: registries/contracts/RegistriesManager.sol 7: /// @title Registries Manager - Periphery smart contract for managing components and agents 8: /// @author Aleksandr Kuperman - 9: contract RegistriesManager is GenericManager { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/RegistriesManager.sol#L7-L9 ```solidity File: registries/contracts/multisigs/GnosisSafeMultisig.sol 5: interface IGnosisSafeProxyFactory { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeMultisig.sol#L5-L5 ```solidity File: registries/contracts/multisigs/GnosisSafeMultisig.sol 22: /// @title Gnosis Safe - Smart contract for Gnosis Safe multisig implementation of a generic multisig interface 23: /// @author Aleksandr Kuperman - 24: contract GnosisSafeMultisig { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeMultisig.sol#L22-L24 ```solidity File: registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol 5: interface IGnosisSafe { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol#L5-L5 ```solidity File: registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol 48: /// @title Gnosis Safe Same Address - Smart contract for Gnosis Safe verification of an already existent multisig address. 49: /// @author Aleksandr Kuperman - 50: contract GnosisSafeSameAddressMultisig { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol#L48-L50 ```solidity File: registries/contracts/interfaces/IErrorsRegistries.sol 4: /// @dev Errors. 5: interface IErrorsRegistries { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/interfaces/IErrorsRegistries.sol#L4-L5 ```solidity File: registries/contracts/interfaces/IRegistry.sol 4: /// @dev Required interface for the component / agent manipulation. 5: interface IRegistry { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/interfaces/IRegistry.sol#L4-L5 ```solidity File: tokenomics/contracts/Depository.sol 59: /// @title Bond Depository - Smart contract for OLAS Bond Depository 60: /// @author AL 61: /// @author Aleksandr Kuperman - 62: contract Depository is IErrorsTokenomics { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L59-L62 ```solidity File: tokenomics/contracts/Dispenser.sol 08: /// @title Dispenser - Smart contract for distributing incentives 09: /// @author AL 10: /// @author Aleksandr Kuperman - 11: contract Dispenser is IErrorsTokenomics { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Dispenser.sol#L8-L11 ```solidity File: tokenomics/contracts/DonatorBlacklist.sol 17: /// @title DonatorBlacklist - Smart contract for donator address blacklisting 18: /// @author AL 19: /// @author Aleksandr Kuperman - 20: contract DonatorBlacklist { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/DonatorBlacklist.sol#L17-L20 ```solidity File: tokenomics/contracts/GenericBondCalculator.sol 16: /// @title GenericBondSwap - Smart contract for generic bond calculation mechanisms in exchange for OLAS tokens. 17: /// @dev The bond calculation mechanism is based on the UniswapV2Pair contract. 18: /// @author AL 19: /// @author Aleksandr Kuperman - 20: contract GenericBondCalculator { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/GenericBondCalculator.sol#L16-L20 ```solidity File: tokenomics/contracts/Tokenomics.sol 115: /// @title Tokenomics - Smart contract for tokenomics logic with incentives for unit owners and discount factor regulations for bonds. 116: /// @author AL 117: /// @author Aleksandr Kuperman - 118: contract Tokenomics is TokenomicsConstants, IErrorsTokenomics { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L115-L118 ```solidity File: tokenomics/contracts/TokenomicsConstants.sol 6: /// @title TokenomicsConstants - Smart contract with tokenomics constants 7: /// @author AL 8: /// @author Aleksandr Kuperman - 9: abstract contract TokenomicsConstants { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsConstants.sol#L6-L9 ```solidity File: tokenomics/contracts/TokenomicsProxy.sol 23: /// @title TokenomicsProxy - Smart contract for tokenomics proxy 24: /// @author AL 25: /// @author Aleksandr Kuperman - 26: contract TokenomicsProxy { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsProxy.sol#L23-L26 ```solidity File: tokenomics/contracts/Treasury.sol 33: /// @title Treasury - Smart contract for managing OLAS Treasury 34: /// @author AL 35: /// @author Aleksandr Kuperman - 36: /// Invariant does not support a failing call() function while transferring ETH when using the CEI pattern: 37: /// revert TransferFailed(address(0), address(this), to, tokenAmount); 38: /// invariant {:msg "broken conservation law"} address(this).balance == ETHFromServices + ETHOwned; 39: contract Treasury is IErrorsTokenomics { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L33-L39 ```solidity File: tokenomics/contracts/interfaces/IDonatorBlacklist.sol 4: /// @dev DonatorBlacklist interface. 5: interface IDonatorBlacklist { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IDonatorBlacklist.sol#L4-L5 ```solidity File: tokenomics/contracts/interfaces/IErrorsTokenomics.sol 4: /// @dev Errors. 5: interface IErrorsTokenomics { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IErrorsTokenomics.sol#L4-L5 ```solidity File: tokenomics/contracts/interfaces/IGenericBondCalculator.sol 4: /// @dev Interface for generic bond calculator. 5: interface IGenericBondCalculator { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IGenericBondCalculator.sol#L4-L5 ```solidity File: tokenomics/contracts/interfaces/IOLAS.sol 4: interface IOLAS { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IOLAS.sol#L4-L4 ```solidity File: tokenomics/contracts/interfaces/IServiceRegistry.sol 4: /// @dev Required interface for the service registry. 5: interface IServiceRegistry { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IServiceRegistry.sol#L4-L5 ```solidity File: tokenomics/contracts/interfaces/IToken.sol 4: /// @dev Generic token interface for IERC20 and IERC721 tokens. 5: interface IToken { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IToken.sol#L4-L5 ```solidity File: tokenomics/contracts/interfaces/ITokenomics.sol 4: /// @dev Interface for tokenomics management. 5: interface ITokenomics { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/ITokenomics.sol#L4-L5 ```solidity File: tokenomics/contracts/interfaces/ITreasury.sol 4: /// @dev Interface for treasury management. 5: interface ITreasury { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/ITreasury.sol#L4-L5 ```solidity File: tokenomics/contracts/interfaces/IUniswapV2Pair.sol 5: interface IUniswapV2Pair { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IUniswapV2Pair.sol#L5-L5 ```solidity File: tokenomics/contracts/interfaces/IVotingEscrow.sol 4: /// @dev Interface for voting escrow. 5: interface IVotingEscrow { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IVotingEscrow.sol#L4-L5 ### [N-80] Do not use UNDERSCORE in `struct` elements names For better maintainability, please consider creating and using a constant for those strings instead of hardcoding *There are 3 instance(s) of this issue:* ```solidity File: registries/contracts/ComponentRegistry.sol //@audit `iDep` 29: for (uint256 iDep = 0; iDep < dependencies.length; ++iDep) { 30: if (dependencies[iDep] < (lastId + 1) || dependencies[iDep] > maxComponentId) { 31: revert ComponentNotFound(dependencies[iDep]); 32: } 33: lastId = dependencies[iDep]; 34: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/ComponentRegistry.sol#L29-L34 ```solidity File: registries/contracts/AgentRegistry.sol //@audit `iDep` 40: for (uint256 iDep = 0; iDep < dependencies.length; ++iDep) { 41: if (dependencies[iDep] < (lastId + 1) || dependencies[iDep] > componentTotalSupply) { 42: revert ComponentNotFound(dependencies[iDep]); 43: } 44: lastId = dependencies[iDep]; 45: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/AgentRegistry.sol#L40-L45 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `unitType` 714: for (uint256 unitType = 0; unitType < 2; ++unitType) { 715: // Get the number and set of units in the service 716: (uint256 numServiceUnits, uint32[] memory serviceUnitIds) = IServiceRegistry(serviceRegistry). 717: getUnitIdsOfService(IServiceRegistry.UnitType(unitType), serviceIds[i]); 718: // Service has to be deployed at least once to be able to receive donations, 719: // otherwise its components and agents are undefined 720: if (numServiceUnits == 0) { 721: revert ServiceNeverDeployed(serviceIds[i]); 722: } 723: // Record amounts data only if at least one incentive unit fraction is not zero 724: if (incentiveFlags[unitType] || incentiveFlags[unitType + 2]) { 725: // The amount has to be adjusted for the number of units in the service 726: uint96 amount = uint96(amounts[i] / numServiceUnits); 727: // Accumulate amounts for each unit Id 728: for (uint256 j = 0; j < numServiceUnits; ++j) { 729: // Get the last epoch number the incentives were accumulated for 730: uint256 lastEpoch = mapUnitIncentives[unitType][serviceUnitIds[j]].lastEpoch; 731: // Check if there were no donations in previous epochs and set the current epoch 732: if (lastEpoch == 0) { 733: mapUnitIncentives[unitType][serviceUnitIds[j]].lastEpoch = uint32(curEpoch); 734: } else if (lastEpoch < curEpoch) { 735: // Finalize unit rewards and top-ups if there were pending ones from the previous epoch 736: // Pending incentives are getting finalized during the next epoch the component / agent 737: // receives donations. If this is not the case before claiming incentives, the finalization 738: // happens in the accountOwnerIncentives() where the incentives are issued 739: _finalizeIncentivesForUnitId(lastEpoch, unitType, serviceUnitIds[j]); 740: // Change the last epoch number 741: mapUnitIncentives[unitType][serviceUnitIds[j]].lastEpoch = uint32(curEpoch); 742: } 743: // Sum the relative amounts for the corresponding components / agents 744: if (incentiveFlags[unitType]) { 745: mapUnitIncentives[unitType][serviceUnitIds[j]].pendingRelativeReward += amount; 746: } 747: // If eligible, add relative top-up weights in the form of donation amounts. 748: // These weights will represent the fraction of top-ups for each component / agent relative 749: // to the overall amount of top-ups that must be allocated 750: if (topUpEligible && incentiveFlags[unitType + 2]) { 751: mapUnitIncentives[unitType][serviceUnitIds[j]].pendingRelativeTopUp += amount; 752: mapEpochTokenomics[curEpoch].unitPoints[unitType].sumUnitTopUpsOLAS += amount; 753: } 754: } 755: } 756: 757: // Record new units and new unit owners 758: for (uint256 j = 0; j < numServiceUnits; ++j) { 759: // Check if the component / agent is used for the first time 760: if (!mapNewUnits[unitType][serviceUnitIds[j]]) { 761: mapNewUnits[unitType][serviceUnitIds[j]] = true; 762: mapEpochTokenomics[curEpoch].unitPoints[unitType].numNewUnits++; 763: // Check if the owner has introduced component / agent for the first time 764: // This is done together with the new unit check, otherwise it could be just a new unit owner 765: address unitOwner = IToken(registries[unitType]).ownerOf(serviceUnitIds[j]); 766: if (!mapNewOwners[unitOwner]) { 767: mapNewOwners[unitOwner] = true; 768: mapEpochTokenomics[curEpoch].epochPoint.numNewOwners++; 769: } 770: } 771: } 772: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L714-L772 ### [N-81] `contract` names should use CamelCase *There are 2 instance(s) of this issue:* ```solidity File: governance/contracts/veOLAS.sol //@audit `veOLAS` is not in CamelCase 86: contract veOLAS is IErrors, IVotes, IERC20, IERC165 { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L86-L86 ```solidity File: governance/contracts/wveOLAS.sol //@audit `wveOLAS` is not in CamelCase 130: contract wveOLAS { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L130-L130 ### [N-82] `event` declarations should have NatSpec descriptions *There are 75 instance(s) of this issue:* ```solidity File: governance/contracts/OLAS.sol 18: event MinterUpdated(address indexed minter); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L18-L18 ```solidity File: governance/contracts/OLAS.sol 19: event OwnerUpdated(address indexed owner); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L19-L19 ```solidity File: governance/contracts/veOLAS.sol 94: event Deposit(address indexed account, uint256 amount, uint256 locktime, DepositType depositType, uint256 ts); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L94-L94 ```solidity File: governance/contracts/veOLAS.sol 95: event Withdraw(address indexed account, uint256 amount, uint256 ts); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L95-L95 ```solidity File: governance/contracts/veOLAS.sol 96: event Supply(uint256 previousSupply, uint256 currentSupply); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L96-L96 ```solidity File: governance/contracts/multisigs/GuardCM.sol 89: event GovernorUpdated(address indexed governor); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L89-L89 ```solidity File: governance/contracts/multisigs/GuardCM.sol 90: event SetTargetSelectors(address[] indexed targets, bytes4[] indexed selectors, uint256[] chainIds, bool[] statuses); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L90-L90 ```solidity File: governance/contracts/multisigs/GuardCM.sol 91: event SetBridgeMediators(address[] indexed bridgeMediatorL1s, address[] indexed bridgeMediatorL2s, uint256[] chainIds); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L91-L91 ```solidity File: governance/contracts/multisigs/GuardCM.sol 92: event GovernorCheckProposalIdChanged(uint256 indexed proposalId); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L92-L92 ```solidity File: governance/contracts/multisigs/GuardCM.sol 93: event GuardPaused(address indexed account); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L93-L93 ```solidity File: governance/contracts/multisigs/GuardCM.sol 94: event GuardUnpaused(); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L94-L94 ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol 47: event FundsReceived(address indexed sender, uint256 value); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L47-L47 ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol 48: event RootGovernorUpdated(address indexed rootMessageSender); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L48-L48 ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol 49: event MessageReceived(uint256 indexed stateId, address indexed rootMessageSender, bytes data); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L49-L49 ```solidity File: governance/contracts/bridges/HomeMediator.sol 47: event FundsReceived(address indexed sender, uint256 value); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L47-L47 ```solidity File: governance/contracts/bridges/HomeMediator.sol 48: event ForeignGovernorUpdated(address indexed foreignMessageSender); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L48-L48 ```solidity File: governance/contracts/bridges/HomeMediator.sol 49: event MessageReceived(address indexed foreignMessageSender, bytes data); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L49-L49 ```solidity File: governance/contracts/bridges/BridgedERC20.sol 19: event OwnerUpdated(address indexed owner); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/BridgedERC20.sol#L19-L19 ```solidity File: governance/contracts/bridges/FxERC20ChildTunnel.sol 25: event FxDepositERC20(address indexed childToken, address indexed rootToken, address from, address indexed to, uint256 amount); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20ChildTunnel.sol#L25-L25 ```solidity File: governance/contracts/bridges/FxERC20ChildTunnel.sol 26: event FxWithdrawERC20(address indexed rootToken, address indexed childToken, address from, address indexed to, uint256 amount); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20ChildTunnel.sol#L26-L26 ```solidity File: governance/contracts/bridges/FxERC20RootTunnel.sol 25: event FxDepositERC20(address indexed childToken, address indexed rootToken, address from, address indexed to, uint256 amount); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20RootTunnel.sol#L25-L25 ```solidity File: governance/contracts/bridges/FxERC20RootTunnel.sol 26: event FxWithdrawERC20(address indexed rootToken, address indexed childToken, address from, address indexed to, uint256 amount); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20RootTunnel.sol#L26-L26 ```solidity File: registries/contracts/GenericRegistry.sol 10: event OwnerUpdated(address indexed owner); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L10-L10 ```solidity File: registries/contracts/GenericRegistry.sol 11: event ManagerUpdated(address indexed manager); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L11-L11 ```solidity File: registries/contracts/GenericRegistry.sol 12: event BaseURIChanged(string baseURI); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L12-L12 ```solidity File: registries/contracts/UnitRegistry.sol 9: event CreateUnit(uint256 unitId, UnitType uType, bytes32 unitHash); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L9-L9 ```solidity File: registries/contracts/UnitRegistry.sol 10: event UpdateUnitHash(uint256 unitId, UnitType uType, bytes32 unitHash); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L10-L10 ```solidity File: registries/contracts/GenericManager.sol 9: event OwnerUpdated(address indexed owner); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericManager.sol#L9-L9 ```solidity File: registries/contracts/GenericManager.sol 10: event Pause(address indexed owner); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericManager.sol#L10-L10 ```solidity File: registries/contracts/GenericManager.sol 11: event Unpause(address indexed owner); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericManager.sol#L11-L11 ```solidity File: tokenomics/contracts/Depository.sol 63: event OwnerUpdated(address indexed owner); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L63-L63 ```solidity File: tokenomics/contracts/Depository.sol 64: event TokenomicsUpdated(address indexed tokenomics); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L64-L64 ```solidity File: tokenomics/contracts/Depository.sol 65: event TreasuryUpdated(address indexed treasury); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L65-L65 ```solidity File: tokenomics/contracts/Depository.sol 66: event BondCalculatorUpdated(address indexed bondCalculator); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L66-L66 ```solidity File: tokenomics/contracts/Depository.sol 67: event CreateBond(address indexed token, uint256 indexed productId, address indexed owner, uint256 bondId, ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L67-L67 ```solidity File: tokenomics/contracts/Depository.sol 69: event RedeemBond(uint256 indexed productId, address indexed owner, uint256 bondId); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L69-L69 ```solidity File: tokenomics/contracts/Depository.sol 70: event CreateProduct(address indexed token, uint256 indexed productId, uint256 supply, uint256 priceLP, ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L70-L70 ```solidity File: tokenomics/contracts/Depository.sol 72: event CloseProduct(address indexed token, uint256 indexed productId, uint256 supply); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L72-L72 ```solidity File: tokenomics/contracts/Dispenser.sol 12: event OwnerUpdated(address indexed owner); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Dispenser.sol#L12-L12 ```solidity File: tokenomics/contracts/Dispenser.sol 13: event TokenomicsUpdated(address indexed tokenomics); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Dispenser.sol#L13-L13 ```solidity File: tokenomics/contracts/Dispenser.sol 14: event TreasuryUpdated(address indexed treasury); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Dispenser.sol#L14-L14 ```solidity File: tokenomics/contracts/Dispenser.sol 15: event IncentivesClaimed(address indexed owner, uint256 reward, uint256 topUp); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Dispenser.sol#L15-L15 ```solidity File: tokenomics/contracts/DonatorBlacklist.sol 21: event OwnerUpdated(address indexed owner); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/DonatorBlacklist.sol#L21-L21 ```solidity File: tokenomics/contracts/DonatorBlacklist.sol 22: event DonatorBlacklistStatus(address indexed account, bool status); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/DonatorBlacklist.sol#L22-L22 ```solidity File: tokenomics/contracts/Tokenomics.sol 119: event OwnerUpdated(address indexed owner); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L119-L119 ```solidity File: tokenomics/contracts/Tokenomics.sol 120: event TreasuryUpdated(address indexed treasury); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L120-L120 ```solidity File: tokenomics/contracts/Tokenomics.sol 121: event DepositoryUpdated(address indexed depository); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L121-L121 ```solidity File: tokenomics/contracts/Tokenomics.sol 122: event DispenserUpdated(address indexed dispenser); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L122-L122 ```solidity File: tokenomics/contracts/Tokenomics.sol 123: event EpochLengthUpdated(uint256 epochLen); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L123-L123 ```solidity File: tokenomics/contracts/Tokenomics.sol 124: event EffectiveBondUpdated(uint256 effectiveBond); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L124-L124 ```solidity File: tokenomics/contracts/Tokenomics.sol 125: event IDFUpdated(uint256 idf); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L125-L125 ```solidity File: tokenomics/contracts/Tokenomics.sol 126: event TokenomicsParametersUpdateRequested(uint256 indexed epochNumber, uint256 devsPerCapital, uint256 codePerDev, ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L126-L126 ```solidity File: tokenomics/contracts/Tokenomics.sol 128: event TokenomicsParametersUpdated(uint256 indexed epochNumber); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L128-L128 ```solidity File: tokenomics/contracts/Tokenomics.sol 129: event IncentiveFractionsUpdateRequested(uint256 indexed epochNumber, uint256 rewardComponentFraction, ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L129-L129 ```solidity File: tokenomics/contracts/Tokenomics.sol 131: event IncentiveFractionsUpdated(uint256 indexed epochNumber); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L131-L131 ```solidity File: tokenomics/contracts/Tokenomics.sol 132: event ComponentRegistryUpdated(address indexed componentRegistry); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L132-L132 ```solidity File: tokenomics/contracts/Tokenomics.sol 133: event AgentRegistryUpdated(address indexed agentRegistry); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L133-L133 ```solidity File: tokenomics/contracts/Tokenomics.sol 134: event ServiceRegistryUpdated(address indexed serviceRegistry); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L134-L134 ```solidity File: tokenomics/contracts/Tokenomics.sol 135: event DonatorBlacklistUpdated(address indexed blacklist); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L135-L135 ```solidity File: tokenomics/contracts/Tokenomics.sol 136: event EpochSettled(uint256 indexed epochCounter, uint256 treasuryRewards, uint256 accountRewards, uint256 accountTopUps); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L136-L136 ```solidity File: tokenomics/contracts/Tokenomics.sol 137: event TokenomicsImplementationUpdated(address indexed implementation); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L137-L137 ```solidity File: tokenomics/contracts/Treasury.sol 40: event OwnerUpdated(address indexed owner); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L40-L40 ```solidity File: tokenomics/contracts/Treasury.sol 41: event TokenomicsUpdated(address indexed tokenomics); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L41-L41 ```solidity File: tokenomics/contracts/Treasury.sol 42: event DepositoryUpdated(address indexed depository); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L42-L42 ```solidity File: tokenomics/contracts/Treasury.sol 43: event DispenserUpdated(address indexed dispenser); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L43-L43 ```solidity File: tokenomics/contracts/Treasury.sol 44: event DepositTokenFromAccount(address indexed account, address indexed token, uint256 tokenAmount, uint256 olasAmount); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L44-L44 ```solidity File: tokenomics/contracts/Treasury.sol 45: event DonateToServicesETH(address indexed sender, uint256[] serviceIds, uint256[] amounts, uint256 donation); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L45-L45 ```solidity File: tokenomics/contracts/Treasury.sol 46: event Withdraw(address indexed token, address indexed to, uint256 tokenAmount); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L46-L46 ```solidity File: tokenomics/contracts/Treasury.sol 47: event EnableToken(address indexed token); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L47-L47 ```solidity File: tokenomics/contracts/Treasury.sol 48: event DisableToken(address indexed token); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L48-L48 ```solidity File: tokenomics/contracts/Treasury.sol 49: event ReceiveETH(address indexed sender, uint256 amount); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L49-L49 ```solidity File: tokenomics/contracts/Treasury.sol 50: event UpdateTreasuryBalances(uint256 ETHOwned, uint256 ETHFromServices); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L50-L50 ```solidity File: tokenomics/contracts/Treasury.sol 51: event PauseTreasury(); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L51-L51 ```solidity File: tokenomics/contracts/Treasury.sol 52: event UnpauseTreasury(); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L52-L52 ```solidity File: tokenomics/contracts/Treasury.sol 53: event MinAcceptedETHUpdated(uint256 amount); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L53-L53 ### [N-83] Events should use parameters to convey information For example, rather than using `event Paused()` and `event Unpaused()`, use `event PauseState(address indexed whoChangedIt, bool wasPaused, bool isNowPaused)` *There are 3 instance(s) of this issue:* ```solidity File: governance/contracts/multisigs/GuardCM.sol 94: event GuardUnpaused(); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L94-L94 ```solidity File: tokenomics/contracts/Treasury.sol 51: event PauseTreasury(); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L51-L51 ```solidity File: tokenomics/contracts/Treasury.sol 52: event UnpauseTreasury(); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L52-L52 ### [N-84] `function` names should use lowerCamelCase Here is an example of camelCase/lowerCamelCase and other types: 'helloWorld' is a CamelCase 'HelloWorld' is Not CamelCase (PascalCase) 'hello_world' is Not CamelCase (snake_case) [For more details](https://khalilstemmler.com/blogs/camel-case-snake-case-pascal-case/) *There are 28 instance(s) of this issue:* ```solidity File: governance/contracts/GovernorOLAS.sol //@audit `` is not in CamelCase 16: constructor( ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/GovernorOLAS.sol#L16-L16 ```solidity File: governance/contracts/Timelock.sol //@audit `` is not in CamelCase 10: constructor(uint256 minDelay, address[] memory proposers, address[] memory executors) ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/Timelock.sol#L10-L10 ```solidity File: governance/contracts/OLAS.sol //@audit `` is not in CamelCase 35: constructor() ERC20("Autonolas", "OLAS", 18) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L35-L35 ```solidity File: governance/contracts/veOLAS.sol //@audit `` is not in CamelCase 132: constructor(address _token, string memory _name, string memory _symbol) ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L132-L132 ```solidity File: governance/contracts/wveOLAS.sol //@audit `` is not in CamelCase 145: constructor(address _ve, address _token) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L145-L145 ```solidity File: governance/contracts/wveOLAS.sol //@audit `` is not in CamelCase 334: fallback() external { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L334-L334 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit `` is not in CamelCase 138: constructor( ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L138-L138 ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol //@audit `` is not in CamelCase 62: constructor(address _fxChild, address _rootGovernor) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L62-L62 ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol //@audit `` is not in CamelCase 73: receive() external payable { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L73-L73 ```solidity File: governance/contracts/bridges/HomeMediator.sol //@audit `` is not in CamelCase 62: constructor(address _AMBContractProxyHome, address _foreignGovernor) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L62-L62 ```solidity File: governance/contracts/bridges/HomeMediator.sol //@audit `` is not in CamelCase 73: receive() external payable { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L73-L73 ```solidity File: governance/contracts/bridges/BridgedERC20.sol //@audit `` is not in CamelCase 24: constructor(string memory _name, string memory _symbol, uint8 _decimals) ERC20(_name, _symbol, _decimals) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/BridgedERC20.sol#L24-L24 ```solidity File: governance/contracts/bridges/FxERC20ChildTunnel.sol //@audit `` is not in CamelCase 37: constructor(address _fxChild, address _childToken, address _rootToken) FxBaseChildTunnel(_fxChild) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20ChildTunnel.sol#L37-L37 ```solidity File: governance/contracts/bridges/FxERC20RootTunnel.sol //@audit `` is not in CamelCase 38: constructor(address _checkpointManager, address _fxRoot, address _childToken, address _rootToken) ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20RootTunnel.sol#L38-L38 ```solidity File: registries/contracts/ComponentRegistry.sol //@audit `` is not in CamelCase 16: constructor(string memory _name, string memory _symbol, string memory _baseURI) ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/ComponentRegistry.sol#L16-L16 ```solidity File: registries/contracts/AgentRegistry.sol //@audit `` is not in CamelCase 20: constructor(string memory _name, string memory _symbol, string memory _baseURI, address _componentRegistry) ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/AgentRegistry.sol#L20-L20 ```solidity File: registries/contracts/RegistriesManager.sol //@audit `` is not in CamelCase 15: constructor(address _componentRegistry, address _agentRegistry) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/RegistriesManager.sol#L15-L15 ```solidity File: registries/contracts/multisigs/GnosisSafeMultisig.sol //@audit `` is not in CamelCase 37: constructor (address payable _gnosisSafe, address _gnosisSafeProxyFactory) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeMultisig.sol#L37-L37 ```solidity File: registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol //@audit `` is not in CamelCase 60: constructor(bytes32 _proxyHash) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol#L60-L60 ```solidity File: tokenomics/contracts/Depository.sol //@audit `` is not in CamelCase 106: constructor(address _olas, address _tokenomics, address _treasury, address _bondCalculator) ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L106-L106 ```solidity File: tokenomics/contracts/Dispenser.sol //@audit `` is not in CamelCase 30: constructor(address _tokenomics, address _treasury) ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Dispenser.sol#L30-L30 ```solidity File: tokenomics/contracts/DonatorBlacklist.sol //@audit `` is not in CamelCase 30: constructor() { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/DonatorBlacklist.sol#L30-L30 ```solidity File: tokenomics/contracts/GenericBondCalculator.sol //@audit `` is not in CamelCase 29: constructor(address _olas, address _tokenomics) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/GenericBondCalculator.sol#L29-L29 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit `` is not in CamelCase 232: constructor() ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L232-L232 ```solidity File: tokenomics/contracts/TokenomicsProxy.sol //@audit `` is not in CamelCase 33: constructor(address tokenomics, bytes memory tokenomicsData) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsProxy.sol#L33-L33 ```solidity File: tokenomics/contracts/TokenomicsProxy.sol //@audit `` is not in CamelCase 55: fallback() external { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsProxy.sol#L55-L55 ```solidity File: tokenomics/contracts/Treasury.sol //@audit `` is not in CamelCase 95: constructor(address _olas, address _tokenomics, address _depository, address _dispenser) payable { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L95-L95 ```solidity File: tokenomics/contracts/Treasury.sol //@audit `` is not in CamelCase 120: receive() external payable { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L120-L120 ### [N-85] Expressions for constant values should use `immutable` rather than `constant` While it does not save gas for some simple binary expressions because the compiler knows that developers often make this mistake, it's still best to use the right tool for the task at hand. There is a difference between `constant` variables and `immutable` variables, and they should each be used in their appropriate contexts. `constants` should be used for literal values written into the code, and `immutable` variables should be used for expressions, or values calculated in, or passed into the constructor. *There are 10 instance(s) of this issue:* ```solidity File: governance/contracts/OLAS.sol 22: uint256 public constant oneYear = 1 days * 365; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L22-L22 ```solidity File: governance/contracts/veOLAS.sol 101: uint256 internal constant MAXTIME = 4 * 365 * 86400; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L101-L101 ```solidity File: governance/contracts/veOLAS.sol 103: int128 internal constant IMAXTIME = 4 * 365 * 86400; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L103-L103 ```solidity File: governance/contracts/multisigs/GuardCM.sol 97: bytes4 public constant SCHEDULE = bytes4(keccak256(bytes("schedule(address,uint256,bytes,bytes32,bytes32,uint256)"))); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L97-L97 ```solidity File: governance/contracts/multisigs/GuardCM.sol 99: bytes4 public constant SCHEDULE_BATCH = bytes4(keccak256(bytes("scheduleBatch(address[],uint256[],bytes[],bytes32,bytes32,uint256)"))); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L99-L99 ```solidity File: governance/contracts/multisigs/GuardCM.sol 101: bytes4 public constant REQUIRE_TO_PASS_MESSAGE = bytes4(keccak256(bytes("requireToPassMessage(address,bytes,uint256)"))); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L101-L101 ```solidity File: governance/contracts/multisigs/GuardCM.sol 103: bytes4 public constant PROCESS_MESSAGE_FROM_FOREIGN = bytes4(keccak256(bytes("processMessageFromForeign(bytes)"))); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L103-L103 ```solidity File: governance/contracts/multisigs/GuardCM.sol 105: bytes4 public constant SEND_MESSAGE_TO_CHILD = bytes4(keccak256(bytes("sendMessageToChild(address,bytes)"))); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L105-L105 ```solidity File: tokenomics/contracts/TokenomicsConstants.sol 16: uint256 public constant ONE_YEAR = 1 days * 365; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsConstants.sol#L16-L16 ```solidity File: tokenomics/contracts/Treasury.sol 56: address public constant ETH_TOKEN_ADDRESS = address(0xEeeeeEeeeEeEeeEeEeEeeEEEeeeeEeeeeeeeEEeE); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L56-L56 ### [N-86] Consider splitting long calculations The longer a string of operations is, the harder it is to understand it. Consider splitting the full calculation into more steps, with more descriptive temporary variable names, and add extensive comments. *There are 3 instance(s) of this issue:* ```solidity File: governance/contracts/veOLAS.sol 225: block_slope = (1e18 * uint256(block.number - lastPoint.blockNumber)) / uint256(block.timestamp - lastPoint.ts); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L225-L225 ```solidity File: governance/contracts/veOLAS.sol 258: lastPoint.blockNumber = initialPoint.blockNumber + uint64((block_slope * uint256(tStep - initialPoint.ts)) / 1e18); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L258-L258 ```solidity File: registries/contracts/GenericRegistry.sol 120: result = bytes32 (0x3030303030303030303030303030303030303030303030303030303030303030 + 121: uint256 (result) + 122: (uint256 (result) + 0x0606060606060606060606060606060606060606060606060606060606060606 >> 4 & 123: 0x0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F) * 39); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L120-L123 ### [N-87] Consider using `AccessControlDefaultAdminRules` rather than `AccessControl` These contracts inherits from the OpenZeppelin's AccessControl library. However, this library does not follow some security best practices, for example, the DEFAULT_ADMIN_ROLE is also its own admin, meaning it has permissions to grant and revoke this role [ref](https://docs.openzeppelin.com/contracts/3.x/access-control). Consider following security best practices and OpenZeppelin's recommendations, and use the AccessControlDefaultAdminRules extension to enforce additional security measures over this role.[ref](https://docs.openzeppelin.com/contracts/5.x/api/access#AccessControlDefaultAdminRules) *There are 1 instance(s) of this issue:* ```solidity File: governance/contracts/Timelock.sol 9: contract Timelock is TimelockController { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/Timelock.sol#L9-L9 ### [N-88] `immutable` variable names don\'t follow the Solidity style guide For `immutable` variable names, each word should use all capital letters, with underscores separating each word (CONSTANT_CASE) *There are 22 instance(s) of this issue:* ```solidity File: governance/contracts/OLAS.sol 28: uint256 public immutable timeLaunch; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L28-L28 ```solidity File: governance/contracts/veOLAS.sol 108: address public immutable token; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L108-L108 ```solidity File: governance/contracts/wveOLAS.sol 132: address public immutable ve; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L132-L132 ```solidity File: governance/contracts/wveOLAS.sol 134: address public immutable token; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L134-L134 ```solidity File: governance/contracts/multisigs/GuardCM.sol 120: address public immutable owner; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L120-L120 ```solidity File: governance/contracts/multisigs/GuardCM.sol 122: address public immutable multisig; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L122-L122 ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol 55: address public immutable fxChild; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L55-L55 ```solidity File: governance/contracts/bridges/HomeMediator.sol 55: address public immutable AMBContractProxyHome; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L55-L55 ```solidity File: governance/contracts/bridges/FxERC20ChildTunnel.sol 29: address public immutable childToken; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20ChildTunnel.sol#L29-L29 ```solidity File: governance/contracts/bridges/FxERC20ChildTunnel.sol 31: address public immutable rootToken; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20ChildTunnel.sol#L31-L31 ```solidity File: governance/contracts/bridges/FxERC20RootTunnel.sol 29: address public immutable childToken; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20RootTunnel.sol#L29-L29 ```solidity File: governance/contracts/bridges/FxERC20RootTunnel.sol 31: address public immutable rootToken; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20RootTunnel.sol#L31-L31 ```solidity File: registries/contracts/UnitRegistry.sol 27: UnitType public immutable unitType; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L27-L27 ```solidity File: registries/contracts/AgentRegistry.sol 11: address public immutable componentRegistry; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/AgentRegistry.sol#L11-L11 ```solidity File: registries/contracts/RegistriesManager.sol 11: address public immutable componentRegistry; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/RegistriesManager.sol#L11-L11 ```solidity File: registries/contracts/RegistriesManager.sol 13: address public immutable agentRegistry; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/RegistriesManager.sol#L13-L13 ```solidity File: registries/contracts/multisigs/GnosisSafeMultisig.sol 30: address payable public immutable gnosisSafe; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeMultisig.sol#L30-L30 ```solidity File: registries/contracts/multisigs/GnosisSafeMultisig.sol 32: address public immutable gnosisSafeProxyFactory; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeMultisig.sol#L32-L32 ```solidity File: registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol 56: bytes32 public immutable proxyHash; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol#L56-L56 ```solidity File: tokenomics/contracts/Depository.sol 89: address public immutable olas; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L89-L89 ```solidity File: tokenomics/contracts/GenericBondCalculator.sol 22: address public immutable olas; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/GenericBondCalculator.sol#L22-L22 ```solidity File: tokenomics/contracts/GenericBondCalculator.sol 24: address public immutable tokenomics; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/GenericBondCalculator.sol#L24-L24 ### [N-89] `private`/`public` function name should start with underscore According to solidity style guide, Private or Public function name should start with underscore. *There are 1 instance(s) of this issue:* ```solidity File: registries/contracts/UnitRegistry.sol //@audit `` is not in CamelCase 35: constructor(UnitType _unitType) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L35-L35 ### [N-90] Assembly block creates dirty bits Writing data to the free memory pointer without later updating the free memory pointer will cause there to be dirty bits at that memory location. Not updating the free memory pointer will make it [harder](https://docs.soliditylang.org/en/latest/ir-breaking-changes.html#cleanup) for the optimizer to reason about whether the memory needs to be cleaned, which may lead to worse optimizations. Annotate the block with `assembly ("memory-safe") { ... }` if the memory's value can be discarded. If the memory needs to be saved, update the free memory pointer in addtion to using the annotation. See [this](https://docs.soliditylang.org/en/latest/assembly.html#memory-safety) link for other cases where the annotation can be used *There are 5 instance(s) of this issue:* ```solidity File: governance/contracts/multisigs/GuardCM.sol 216: assembly { 217: // First 20 bytes is the address (160 bits) 218: i := add(i, 20) 219: target := mload(add(data, i)) 220: // Offset the data by 12 bytes of value (96 bits) and by 4 bytes of payload length (32 bits) 221: i := add(i, 16) 222: payloadLength := mload(add(data, i)) 223: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L216-L223 ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol 130: assembly { 131: // First 20 bytes is the address (160 bits) 132: i := add(i, 20) 133: target := mload(add(data, i)) 134: // Offset the data by 12 bytes of value (96 bits) 135: i := add(i, 12) 136: value := mload(add(data, i)) 137: // Offset the data by 4 bytes of payload length (32 bits) 138: i := add(i, 4) 139: payloadLength := mload(add(data, i)) 140: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L130-L140 ```solidity File: governance/contracts/bridges/HomeMediator.sol 130: assembly { 131: // First 20 bytes is the address (160 bits) 132: i := add(i, 20) 133: target := mload(add(data, i)) 134: // Offset the data by 12 bytes of value (96 bits) 135: i := add(i, 12) 136: value := mload(add(data, i)) 137: // Offset the data by 4 bytes of payload length (32 bits) 138: i := add(i, 4) 139: payloadLength := mload(add(data, i)) 140: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L130-L140 ```solidity File: registries/contracts/multisigs/GnosisSafeMultisig.sol 57: assembly { 58: // Read all the addresses first (80 bytes) 59: let offset := 20 60: to := mload(add(data, offset)) 61: offset := add(offset, 20) 62: fallbackHandler := mload(add(data, offset)) 63: offset := add(offset, 20) 64: paymentToken := mload(add(data, offset)) 65: offset := add(offset, 20) 66: paymentReceiver := mload(add(data, offset)) 67: 68: // Read all the uints (64 more bytes, a total of 144 bytes) 69: offset := add(offset, 32) 70: payment := mload(add(data, offset)) 71: offset := add(offset, 32) 72: nonce := mload(add(data, offset)) 73: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeMultisig.sol#L57-L73 ```solidity File: registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol 098: assembly { 099: multisig := mload(add(data, DEFAULT_DATA_LENGTH)) 100: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol#L98-L100 ### [N-91] Add inline comments for unnamed parameters `function func(address a, address)` -> `function func(address a, address /* b */)` *There are 11 instance(s) of this issue:* ```solidity File: governance/contracts/wveOLAS.sol //@audit parameter number 0 starting from left need inline comment //@audit parameter number 1 starting from left need inline comment 297: function transfer(address, uint256) external returns (bool) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L297-L297 ```solidity File: governance/contracts/wveOLAS.sol //@audit parameter number 0 starting from left need inline comment //@audit parameter number 1 starting from left need inline comment 302: function approve(address, uint256) external returns (bool) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L302-L302 ```solidity File: governance/contracts/wveOLAS.sol //@audit parameter number 0 starting from left need inline comment //@audit parameter number 1 starting from left need inline comment //@audit parameter number 2 starting from left need inline comment 307: function transferFrom(address, address, uint256) external returns (bool) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L307-L307 ```solidity File: governance/contracts/wveOLAS.sol //@audit parameter number 0 starting from left need inline comment //@audit parameter number 1 starting from left need inline comment 312: function allowance(address, address) external view returns (uint256) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L312-L312 ```solidity File: governance/contracts/wveOLAS.sol //@audit parameter number 0 starting from left need inline comment 317: function delegates(address) external view returns (address) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L317-L317 ```solidity File: governance/contracts/wveOLAS.sol //@audit parameter number 0 starting from left need inline comment 322: function delegate(address) external ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L322-L322 ```solidity File: governance/contracts/wveOLAS.sol //@audit parameter number 0 starting from left need inline comment //@audit parameter number 1 starting from left need inline comment //@audit parameter number 2 starting from left need inline comment //@audit parameter number 3 starting from left need inline comment //@audit parameter number 4 starting from left need inline comment //@audit parameter number 5 starting from left need inline comment 328: function delegateBySig(address, uint256, uint256, uint8, bytes32, bytes32) external ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L328-L328 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit parameter number 1 starting from left need inline comment //@audit parameter number 4 starting from left need inline comment //@audit parameter number 5 starting from left need inline comment //@audit parameter number 6 starting from left need inline comment //@audit parameter number 7 starting from left need inline comment //@audit parameter number 8 starting from left need inline comment //@audit parameter number 9 starting from left need inline comment //@audit parameter number 10 starting from left need inline comment 387: function checkTransaction( ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L387-L387 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit parameter number 0 starting from left need inline comment //@audit parameter number 1 starting from left need inline comment 572: function checkAfterExecution(bytes32, bool) external {} ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L572-L572 ```solidity File: registries/contracts/ComponentRegistry.sol //@audit parameter number 0 starting from left need inline comment 41: function _getSubComponents(UnitType, uint32 componentId) internal view virtual override ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/ComponentRegistry.sol#L41-L41 ```solidity File: registries/contracts/AgentRegistry.sol //@audit parameter number 1 starting from left need inline comment 31: function _checkDependencies(uint32[] memory dependencies, uint32) internal virtual override { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/AgentRegistry.sol#L31-L31 ### [N-92] Function state mutability can be restricted to pure *There are 2 instance(s) of this issue:* ```solidity File: governance/contracts/multisigs/GuardCM.sol 572: function checkAfterExecution(bytes32, bool) external {} ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L572-L572 ```solidity File: tokenomics/contracts/Tokenomics.sol 374: function tokenomicsImplementation() external view returns (address implementation) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L374-L374 ### [N-93] Use the latest Solidity version for better security Using the latest solidity version will help avoid old compiler related vulnerabilities *There are 35 instance(s) of this issue:* ```solidity File: governance/contracts/GovernorOLAS.sol 2: pragma solidity ^0.8.20; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/GovernorOLAS.sol#L2-L2 ```solidity File: governance/contracts/Timelock.sol 2: pragma solidity ^0.8.20; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/Timelock.sol#L2-L2 ```solidity File: governance/contracts/OLAS.sol 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L2-L2 ```solidity File: governance/contracts/veOLAS.sol 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L2-L2 ```solidity File: governance/contracts/wveOLAS.sol 2: pragma solidity ^0.8.19; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L2-L2 ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol 2: pragma solidity ^0.8.19; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L2-L2 ```solidity File: governance/contracts/bridges/HomeMediator.sol 2: pragma solidity ^0.8.19; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L2-L2 ```solidity File: governance/contracts/interfaces/IErrors.sol 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/interfaces/IErrors.sol#L2-L2 ```solidity File: registries/contracts/GenericRegistry.sol 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L2-L2 ```solidity File: registries/contracts/UnitRegistry.sol 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L2-L2 ```solidity File: registries/contracts/ComponentRegistry.sol 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/ComponentRegistry.sol#L2-L2 ```solidity File: registries/contracts/AgentRegistry.sol 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/AgentRegistry.sol#L2-L2 ```solidity File: registries/contracts/GenericManager.sol 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericManager.sol#L2-L2 ```solidity File: registries/contracts/RegistriesManager.sol 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/RegistriesManager.sol#L2-L2 ```solidity File: registries/contracts/multisigs/GnosisSafeMultisig.sol 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeMultisig.sol#L2-L2 ```solidity File: registries/contracts/interfaces/IErrorsRegistries.sol 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/interfaces/IErrorsRegistries.sol#L2-L2 ```solidity File: registries/contracts/interfaces/IRegistry.sol 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/interfaces/IRegistry.sol#L2-L2 ```solidity File: tokenomics/contracts/Depository.sol 2: pragma solidity ^0.8.20; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L2-L2 ```solidity File: tokenomics/contracts/Dispenser.sol 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Dispenser.sol#L2-L2 ```solidity File: tokenomics/contracts/DonatorBlacklist.sol 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/DonatorBlacklist.sol#L2-L2 ```solidity File: tokenomics/contracts/GenericBondCalculator.sol 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/GenericBondCalculator.sol#L2-L2 ```solidity File: tokenomics/contracts/Tokenomics.sol 2: pragma solidity ^0.8.20; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L2-L2 ```solidity File: tokenomics/contracts/TokenomicsConstants.sol 2: pragma solidity ^0.8.20; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsConstants.sol#L2-L2 ```solidity File: tokenomics/contracts/TokenomicsProxy.sol 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsProxy.sol#L2-L2 ```solidity File: tokenomics/contracts/Treasury.sol 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L2-L2 ```solidity File: tokenomics/contracts/interfaces/IDonatorBlacklist.sol 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IDonatorBlacklist.sol#L2-L2 ```solidity File: tokenomics/contracts/interfaces/IErrorsTokenomics.sol 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IErrorsTokenomics.sol#L2-L2 ```solidity File: tokenomics/contracts/interfaces/IGenericBondCalculator.sol 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IGenericBondCalculator.sol#L2-L2 ```solidity File: tokenomics/contracts/interfaces/IOLAS.sol 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IOLAS.sol#L2-L2 ```solidity File: tokenomics/contracts/interfaces/IServiceRegistry.sol 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IServiceRegistry.sol#L2-L2 ```solidity File: tokenomics/contracts/interfaces/IToken.sol 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IToken.sol#L2-L2 ```solidity File: tokenomics/contracts/interfaces/ITokenomics.sol 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/ITokenomics.sol#L2-L2 ```solidity File: tokenomics/contracts/interfaces/ITreasury.sol 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/ITreasury.sol#L2-L2 ```solidity File: tokenomics/contracts/interfaces/IUniswapV2Pair.sol 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IUniswapV2Pair.sol#L2-L2 ```solidity File: tokenomics/contracts/interfaces/IVotingEscrow.sol 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IVotingEscrow.sol#L2-L2 ### [N-94] Consider adding formal verification proofs Consider using formal verification to mathematically prove that your code does what is intended, and does not have any edge cases with unexpected behavior. The solidity compiler itself has this functionality [built in](https://docs.soliditylang.org/en/latest/smtchecker.html#smtchecker-and-formal-verification) *There are 1 instance(s) of this issue:* ```solidity File: governance/contracts/GovernorOLAS.sol @audit Should implement invariant tests 1: ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/GovernorOLAS.sol#L1-L1 ### [N-95] Missing zero address check in functions with address parameters Adding a zero address check for each address type parameter can prevent errors. *There are 68 instance(s) of this issue:* ```solidity File: governance/contracts/OLAS.sol //@audit amount, are not checked 128: function decreaseAllowance(address spender, uint256 amount) external returns (bool) { 129: uint256 spenderAllowance = allowance[msg.sender][spender]; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L128-L129 ```solidity File: governance/contracts/OLAS.sol //@audit amount, are not checked 145: function increaseAllowance(address spender, uint256 amount) external returns (bool) { 146: uint256 spenderAllowance = allowance[msg.sender][spender]; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L145-L146 ```solidity File: governance/contracts/veOLAS.sol //@audit _name, _symbol, are not checked 132: constructor(address _token, string memory _name, string memory _symbol) 133: { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L132-L133 ```solidity File: governance/contracts/veOLAS.sol //@audit idx, are not checked 164: function getUserPoint(address account, uint256 idx) external view returns (PointVoting memory) { 165: return mapUserPoints[account][idx]; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L164-L165 ```solidity File: governance/contracts/veOLAS.sol //@audit curSupply, are not checked 173: function _checkpoint( 174: address account, 175: LockedBalance memory oldLocked, 176: LockedBalance memory newLocked, 177: uint128 curSupply 178: ) internal { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L173-L178 ```solidity File: governance/contracts/veOLAS.sol //@audit amount, are not checked 767: function transfer(address to, uint256 amount) external virtual override returns (bool) { 768: revert NonTransferable(address(this)); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L767-L768 ```solidity File: governance/contracts/veOLAS.sol //@audit amount, are not checked 772: function approve(address spender, uint256 amount) external virtual override returns (bool) { 773: revert NonTransferable(address(this)); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L772-L773 ```solidity File: governance/contracts/veOLAS.sol //@audit amount, are not checked 777: function transferFrom(address from, address to, uint256 amount) external virtual override returns (bool) { 778: revert NonTransferable(address(this)); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L777-L778 ```solidity File: governance/contracts/veOLAS.sol //@audit nonce, expiry, v, r, s, are not checked 800: function delegateBySig(address delegatee, uint256 nonce, uint256 expiry, uint8 v, bytes32 r, bytes32 s) 801: external virtual override 802: { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L800-L802 ```solidity File: governance/contracts/wveOLAS.sol //@audit idx, are not checked 021: function mapSupplyPoints(uint256 idx) external view returns (PointVoting memory sPoint); 022: 023: /// @dev Gets the slope change for a specific timestamp. 024: /// @param ts Timestamp. 025: /// @return slopeChange Signed slope change. 026: function mapSlopeChanges(uint64 ts) external view returns (int128 slopeChange); 027: 028: /// @dev Gets the most recently recorded user point for `account`. 029: /// @param account Account address. 030: /// @return pv Last checkpoint. 031: function getLastUserPoint(address account) external view returns (PointVoting memory pv); 032: 033: /// @dev Gets the number of user points. 034: /// @param account Account address. 035: /// @return userNumPoints Number of user points. 036: function getNumUserPoints(address account) external view returns (uint256 userNumPoints); 037: 038: /// @dev Gets the checkpoint structure at number `idx` for `account`. 039: /// @notice The out of bound condition is treated by the default code generation check. 040: /// @param account User wallet address. 041: /// @param idx User point number. 042: /// @return uPoint The requested user point. 043: function getUserPoint(address account, uint256 idx) external view returns (PointVoting memory uPoint); 044: 045: /// @dev Gets voting power at a specific block number. 046: /// @param account Account address. 047: /// @param blockNumber Block number. 048: /// @return balance Voting balance / power. 049: function getPastVotes(address account, uint256 blockNumber) external view returns (uint256 balance); 050: 051: /// @dev Gets the account balance in native token. 052: /// @param account Account address. 053: /// @return balance Account balance. 054: function balanceOf(address account) external view returns (uint256 balance); 055: 056: /// @dev Gets the account balance at a specific block number. 057: /// @param account Account address. 058: /// @param blockNumber Block number. 059: /// @return balance Account balance. 060: function balanceOfAt(address account, uint256 blockNumber) external view returns (uint256 balance); 061: 062: /// @dev Gets the `account`'s lock end time. 063: /// @param account Account address. 064: /// @return unlockTime Lock end time. 065: function lockedEnd(address account) external view returns (uint256 unlockTime); 066: 067: /// @dev Gets the voting power. 068: /// @param account Account address. 069: /// @return balance Account balance. 070: function getVotes(address account) external view returns (uint256 balance); 071: 072: /// @dev Gets total token supply. 073: /// @return supply Total token supply. 074: function totalSupply() external view returns (uint256 supply); 075: 076: /// @dev Gets total token supply at a specific block number. 077: /// @param blockNumber Block number. 078: /// @return supplyAt Supply at the specified block number. 079: function totalSupplyAt(uint256 blockNumber) external view returns (uint256 supplyAt); 080: 081: /// @dev Calculates total voting power at time `ts`. 082: /// @param ts Time to get total voting power at. 083: /// @return vPower Total voting power. 084: function totalSupplyLockedAtT(uint256 ts) external view returns (uint256 vPower); 085: 086: /// @dev Calculates current total voting power. 087: /// @return vPower Total voting power. 088: function totalSupplyLocked() external view returns (uint256 vPower); 089: 090: /// @dev Calculate total voting power at some point in the past. 091: /// @param blockNumber Block number to calculate the total voting power at. 092: /// @return vPower Total voting power. 093: function getPastTotalSupply(uint256 blockNumber) external view returns (uint256 vPower); 094: 095: /// @dev Gets information about the interface support. 096: /// @param interfaceId A specified interface Id. 097: /// @return True if this contract implements the interface defined by interfaceId. 098: function supportsInterface(bytes4 interfaceId) external view returns (bool); 099: 100: /// @dev Reverts the allowance of this token. 101: function allowance(address owner, address spender) external view returns (uint256); 102: 103: /// @dev Reverts delegates of this token. 104: function delegates(address account) external view returns (address); 105: } 106: 107: /// @dev Zero address. 108: error ZeroAddress(); 109: 110: /// @dev Provided wrong timestamp. 111: /// @param minTimeStamp Minimum timestamp. 112: /// @param providedTimeStamp Provided timestamp. 113: error WrongTimestamp(uint256 minTimeStamp, uint256 providedTimeStamp); 114: 115: /// @dev Called function is implemented in a specified veOLAS contract. 116: /// @param veToken Original veOLAS address. 117: error ImplementedIn(address veToken); 118: 119: /// @dev veOLAS token is non-transferable. 120: /// @param veToken veOLAS token address. 121: error NonTransferable(address veToken); 122: 123: /// @dev veOLAS token is non-delegatable. 124: /// @param veToken veOLAS token address. 125: error NonDelegatable(address veToken); 126: 127: /// @title wveOLAS - Wrapper smart contract for view functions of veOLAS contract 128: /// @author AL 129: /// @author Aleksandr Kuperman - 130: contract wveOLAS { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L21-L130 ```solidity File: governance/contracts/wveOLAS.sol //@audit ts, are not checked 026: function mapSlopeChanges(uint64 ts) external view returns (int128 slopeChange); 027: 028: /// @dev Gets the most recently recorded user point for `account`. 029: /// @param account Account address. 030: /// @return pv Last checkpoint. 031: function getLastUserPoint(address account) external view returns (PointVoting memory pv); 032: 033: /// @dev Gets the number of user points. 034: /// @param account Account address. 035: /// @return userNumPoints Number of user points. 036: function getNumUserPoints(address account) external view returns (uint256 userNumPoints); 037: 038: /// @dev Gets the checkpoint structure at number `idx` for `account`. 039: /// @notice The out of bound condition is treated by the default code generation check. 040: /// @param account User wallet address. 041: /// @param idx User point number. 042: /// @return uPoint The requested user point. 043: function getUserPoint(address account, uint256 idx) external view returns (PointVoting memory uPoint); 044: 045: /// @dev Gets voting power at a specific block number. 046: /// @param account Account address. 047: /// @param blockNumber Block number. 048: /// @return balance Voting balance / power. 049: function getPastVotes(address account, uint256 blockNumber) external view returns (uint256 balance); 050: 051: /// @dev Gets the account balance in native token. 052: /// @param account Account address. 053: /// @return balance Account balance. 054: function balanceOf(address account) external view returns (uint256 balance); 055: 056: /// @dev Gets the account balance at a specific block number. 057: /// @param account Account address. 058: /// @param blockNumber Block number. 059: /// @return balance Account balance. 060: function balanceOfAt(address account, uint256 blockNumber) external view returns (uint256 balance); 061: 062: /// @dev Gets the `account`'s lock end time. 063: /// @param account Account address. 064: /// @return unlockTime Lock end time. 065: function lockedEnd(address account) external view returns (uint256 unlockTime); 066: 067: /// @dev Gets the voting power. 068: /// @param account Account address. 069: /// @return balance Account balance. 070: function getVotes(address account) external view returns (uint256 balance); 071: 072: /// @dev Gets total token supply. 073: /// @return supply Total token supply. 074: function totalSupply() external view returns (uint256 supply); 075: 076: /// @dev Gets total token supply at a specific block number. 077: /// @param blockNumber Block number. 078: /// @return supplyAt Supply at the specified block number. 079: function totalSupplyAt(uint256 blockNumber) external view returns (uint256 supplyAt); 080: 081: /// @dev Calculates total voting power at time `ts`. 082: /// @param ts Time to get total voting power at. 083: /// @return vPower Total voting power. 084: function totalSupplyLockedAtT(uint256 ts) external view returns (uint256 vPower); 085: 086: /// @dev Calculates current total voting power. 087: /// @return vPower Total voting power. 088: function totalSupplyLocked() external view returns (uint256 vPower); 089: 090: /// @dev Calculate total voting power at some point in the past. 091: /// @param blockNumber Block number to calculate the total voting power at. 092: /// @return vPower Total voting power. 093: function getPastTotalSupply(uint256 blockNumber) external view returns (uint256 vPower); 094: 095: /// @dev Gets information about the interface support. 096: /// @param interfaceId A specified interface Id. 097: /// @return True if this contract implements the interface defined by interfaceId. 098: function supportsInterface(bytes4 interfaceId) external view returns (bool); 099: 100: /// @dev Reverts the allowance of this token. 101: function allowance(address owner, address spender) external view returns (uint256); 102: 103: /// @dev Reverts delegates of this token. 104: function delegates(address account) external view returns (address); 105: } 106: 107: /// @dev Zero address. 108: error ZeroAddress(); 109: 110: /// @dev Provided wrong timestamp. 111: /// @param minTimeStamp Minimum timestamp. 112: /// @param providedTimeStamp Provided timestamp. 113: error WrongTimestamp(uint256 minTimeStamp, uint256 providedTimeStamp); 114: 115: /// @dev Called function is implemented in a specified veOLAS contract. 116: /// @param veToken Original veOLAS address. 117: error ImplementedIn(address veToken); 118: 119: /// @dev veOLAS token is non-transferable. 120: /// @param veToken veOLAS token address. 121: error NonTransferable(address veToken); 122: 123: /// @dev veOLAS token is non-delegatable. 124: /// @param veToken veOLAS token address. 125: error NonDelegatable(address veToken); 126: 127: /// @title wveOLAS - Wrapper smart contract for view functions of veOLAS contract 128: /// @author AL 129: /// @author Aleksandr Kuperman - 130: contract wveOLAS { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L26-L130 ```solidity File: governance/contracts/wveOLAS.sol //@audit idx, are not checked 043: function getUserPoint(address account, uint256 idx) external view returns (PointVoting memory uPoint); 044: 045: /// @dev Gets voting power at a specific block number. 046: /// @param account Account address. 047: /// @param blockNumber Block number. 048: /// @return balance Voting balance / power. 049: function getPastVotes(address account, uint256 blockNumber) external view returns (uint256 balance); 050: 051: /// @dev Gets the account balance in native token. 052: /// @param account Account address. 053: /// @return balance Account balance. 054: function balanceOf(address account) external view returns (uint256 balance); 055: 056: /// @dev Gets the account balance at a specific block number. 057: /// @param account Account address. 058: /// @param blockNumber Block number. 059: /// @return balance Account balance. 060: function balanceOfAt(address account, uint256 blockNumber) external view returns (uint256 balance); 061: 062: /// @dev Gets the `account`'s lock end time. 063: /// @param account Account address. 064: /// @return unlockTime Lock end time. 065: function lockedEnd(address account) external view returns (uint256 unlockTime); 066: 067: /// @dev Gets the voting power. 068: /// @param account Account address. 069: /// @return balance Account balance. 070: function getVotes(address account) external view returns (uint256 balance); 071: 072: /// @dev Gets total token supply. 073: /// @return supply Total token supply. 074: function totalSupply() external view returns (uint256 supply); 075: 076: /// @dev Gets total token supply at a specific block number. 077: /// @param blockNumber Block number. 078: /// @return supplyAt Supply at the specified block number. 079: function totalSupplyAt(uint256 blockNumber) external view returns (uint256 supplyAt); 080: 081: /// @dev Calculates total voting power at time `ts`. 082: /// @param ts Time to get total voting power at. 083: /// @return vPower Total voting power. 084: function totalSupplyLockedAtT(uint256 ts) external view returns (uint256 vPower); 085: 086: /// @dev Calculates current total voting power. 087: /// @return vPower Total voting power. 088: function totalSupplyLocked() external view returns (uint256 vPower); 089: 090: /// @dev Calculate total voting power at some point in the past. 091: /// @param blockNumber Block number to calculate the total voting power at. 092: /// @return vPower Total voting power. 093: function getPastTotalSupply(uint256 blockNumber) external view returns (uint256 vPower); 094: 095: /// @dev Gets information about the interface support. 096: /// @param interfaceId A specified interface Id. 097: /// @return True if this contract implements the interface defined by interfaceId. 098: function supportsInterface(bytes4 interfaceId) external view returns (bool); 099: 100: /// @dev Reverts the allowance of this token. 101: function allowance(address owner, address spender) external view returns (uint256); 102: 103: /// @dev Reverts delegates of this token. 104: function delegates(address account) external view returns (address); 105: } 106: 107: /// @dev Zero address. 108: error ZeroAddress(); 109: 110: /// @dev Provided wrong timestamp. 111: /// @param minTimeStamp Minimum timestamp. 112: /// @param providedTimeStamp Provided timestamp. 113: error WrongTimestamp(uint256 minTimeStamp, uint256 providedTimeStamp); 114: 115: /// @dev Called function is implemented in a specified veOLAS contract. 116: /// @param veToken Original veOLAS address. 117: error ImplementedIn(address veToken); 118: 119: /// @dev veOLAS token is non-transferable. 120: /// @param veToken veOLAS token address. 121: error NonTransferable(address veToken); 122: 123: /// @dev veOLAS token is non-delegatable. 124: /// @param veToken veOLAS token address. 125: error NonDelegatable(address veToken); 126: 127: /// @title wveOLAS - Wrapper smart contract for view functions of veOLAS contract 128: /// @author AL 129: /// @author Aleksandr Kuperman - 130: contract wveOLAS { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L43-L130 ```solidity File: governance/contracts/wveOLAS.sol //@audit blockNumber, are not checked 049: function getPastVotes(address account, uint256 blockNumber) external view returns (uint256 balance); 050: 051: /// @dev Gets the account balance in native token. 052: /// @param account Account address. 053: /// @return balance Account balance. 054: function balanceOf(address account) external view returns (uint256 balance); 055: 056: /// @dev Gets the account balance at a specific block number. 057: /// @param account Account address. 058: /// @param blockNumber Block number. 059: /// @return balance Account balance. 060: function balanceOfAt(address account, uint256 blockNumber) external view returns (uint256 balance); 061: 062: /// @dev Gets the `account`'s lock end time. 063: /// @param account Account address. 064: /// @return unlockTime Lock end time. 065: function lockedEnd(address account) external view returns (uint256 unlockTime); 066: 067: /// @dev Gets the voting power. 068: /// @param account Account address. 069: /// @return balance Account balance. 070: function getVotes(address account) external view returns (uint256 balance); 071: 072: /// @dev Gets total token supply. 073: /// @return supply Total token supply. 074: function totalSupply() external view returns (uint256 supply); 075: 076: /// @dev Gets total token supply at a specific block number. 077: /// @param blockNumber Block number. 078: /// @return supplyAt Supply at the specified block number. 079: function totalSupplyAt(uint256 blockNumber) external view returns (uint256 supplyAt); 080: 081: /// @dev Calculates total voting power at time `ts`. 082: /// @param ts Time to get total voting power at. 083: /// @return vPower Total voting power. 084: function totalSupplyLockedAtT(uint256 ts) external view returns (uint256 vPower); 085: 086: /// @dev Calculates current total voting power. 087: /// @return vPower Total voting power. 088: function totalSupplyLocked() external view returns (uint256 vPower); 089: 090: /// @dev Calculate total voting power at some point in the past. 091: /// @param blockNumber Block number to calculate the total voting power at. 092: /// @return vPower Total voting power. 093: function getPastTotalSupply(uint256 blockNumber) external view returns (uint256 vPower); 094: 095: /// @dev Gets information about the interface support. 096: /// @param interfaceId A specified interface Id. 097: /// @return True if this contract implements the interface defined by interfaceId. 098: function supportsInterface(bytes4 interfaceId) external view returns (bool); 099: 100: /// @dev Reverts the allowance of this token. 101: function allowance(address owner, address spender) external view returns (uint256); 102: 103: /// @dev Reverts delegates of this token. 104: function delegates(address account) external view returns (address); 105: } 106: 107: /// @dev Zero address. 108: error ZeroAddress(); 109: 110: /// @dev Provided wrong timestamp. 111: /// @param minTimeStamp Minimum timestamp. 112: /// @param providedTimeStamp Provided timestamp. 113: error WrongTimestamp(uint256 minTimeStamp, uint256 providedTimeStamp); 114: 115: /// @dev Called function is implemented in a specified veOLAS contract. 116: /// @param veToken Original veOLAS address. 117: error ImplementedIn(address veToken); 118: 119: /// @dev veOLAS token is non-transferable. 120: /// @param veToken veOLAS token address. 121: error NonTransferable(address veToken); 122: 123: /// @dev veOLAS token is non-delegatable. 124: /// @param veToken veOLAS token address. 125: error NonDelegatable(address veToken); 126: 127: /// @title wveOLAS - Wrapper smart contract for view functions of veOLAS contract 128: /// @author AL 129: /// @author Aleksandr Kuperman - 130: contract wveOLAS { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L49-L130 ```solidity File: governance/contracts/wveOLAS.sol //@audit blockNumber, are not checked 060: function balanceOfAt(address account, uint256 blockNumber) external view returns (uint256 balance); 061: 062: /// @dev Gets the `account`'s lock end time. 063: /// @param account Account address. 064: /// @return unlockTime Lock end time. 065: function lockedEnd(address account) external view returns (uint256 unlockTime); 066: 067: /// @dev Gets the voting power. 068: /// @param account Account address. 069: /// @return balance Account balance. 070: function getVotes(address account) external view returns (uint256 balance); 071: 072: /// @dev Gets total token supply. 073: /// @return supply Total token supply. 074: function totalSupply() external view returns (uint256 supply); 075: 076: /// @dev Gets total token supply at a specific block number. 077: /// @param blockNumber Block number. 078: /// @return supplyAt Supply at the specified block number. 079: function totalSupplyAt(uint256 blockNumber) external view returns (uint256 supplyAt); 080: 081: /// @dev Calculates total voting power at time `ts`. 082: /// @param ts Time to get total voting power at. 083: /// @return vPower Total voting power. 084: function totalSupplyLockedAtT(uint256 ts) external view returns (uint256 vPower); 085: 086: /// @dev Calculates current total voting power. 087: /// @return vPower Total voting power. 088: function totalSupplyLocked() external view returns (uint256 vPower); 089: 090: /// @dev Calculate total voting power at some point in the past. 091: /// @param blockNumber Block number to calculate the total voting power at. 092: /// @return vPower Total voting power. 093: function getPastTotalSupply(uint256 blockNumber) external view returns (uint256 vPower); 094: 095: /// @dev Gets information about the interface support. 096: /// @param interfaceId A specified interface Id. 097: /// @return True if this contract implements the interface defined by interfaceId. 098: function supportsInterface(bytes4 interfaceId) external view returns (bool); 099: 100: /// @dev Reverts the allowance of this token. 101: function allowance(address owner, address spender) external view returns (uint256); 102: 103: /// @dev Reverts delegates of this token. 104: function delegates(address account) external view returns (address); 105: } 106: 107: /// @dev Zero address. 108: error ZeroAddress(); 109: 110: /// @dev Provided wrong timestamp. 111: /// @param minTimeStamp Minimum timestamp. 112: /// @param providedTimeStamp Provided timestamp. 113: error WrongTimestamp(uint256 minTimeStamp, uint256 providedTimeStamp); 114: 115: /// @dev Called function is implemented in a specified veOLAS contract. 116: /// @param veToken Original veOLAS address. 117: error ImplementedIn(address veToken); 118: 119: /// @dev veOLAS token is non-transferable. 120: /// @param veToken veOLAS token address. 121: error NonTransferable(address veToken); 122: 123: /// @dev veOLAS token is non-delegatable. 124: /// @param veToken veOLAS token address. 125: error NonDelegatable(address veToken); 126: 127: /// @title wveOLAS - Wrapper smart contract for view functions of veOLAS contract 128: /// @author AL 129: /// @author Aleksandr Kuperman - 130: contract wveOLAS { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L60-L130 ```solidity File: governance/contracts/wveOLAS.sol //@audit blockNumber, are not checked 079: function totalSupplyAt(uint256 blockNumber) external view returns (uint256 supplyAt); 080: 081: /// @dev Calculates total voting power at time `ts`. 082: /// @param ts Time to get total voting power at. 083: /// @return vPower Total voting power. 084: function totalSupplyLockedAtT(uint256 ts) external view returns (uint256 vPower); 085: 086: /// @dev Calculates current total voting power. 087: /// @return vPower Total voting power. 088: function totalSupplyLocked() external view returns (uint256 vPower); 089: 090: /// @dev Calculate total voting power at some point in the past. 091: /// @param blockNumber Block number to calculate the total voting power at. 092: /// @return vPower Total voting power. 093: function getPastTotalSupply(uint256 blockNumber) external view returns (uint256 vPower); 094: 095: /// @dev Gets information about the interface support. 096: /// @param interfaceId A specified interface Id. 097: /// @return True if this contract implements the interface defined by interfaceId. 098: function supportsInterface(bytes4 interfaceId) external view returns (bool); 099: 100: /// @dev Reverts the allowance of this token. 101: function allowance(address owner, address spender) external view returns (uint256); 102: 103: /// @dev Reverts delegates of this token. 104: function delegates(address account) external view returns (address); 105: } 106: 107: /// @dev Zero address. 108: error ZeroAddress(); 109: 110: /// @dev Provided wrong timestamp. 111: /// @param minTimeStamp Minimum timestamp. 112: /// @param providedTimeStamp Provided timestamp. 113: error WrongTimestamp(uint256 minTimeStamp, uint256 providedTimeStamp); 114: 115: /// @dev Called function is implemented in a specified veOLAS contract. 116: /// @param veToken Original veOLAS address. 117: error ImplementedIn(address veToken); 118: 119: /// @dev veOLAS token is non-transferable. 120: /// @param veToken veOLAS token address. 121: error NonTransferable(address veToken); 122: 123: /// @dev veOLAS token is non-delegatable. 124: /// @param veToken veOLAS token address. 125: error NonDelegatable(address veToken); 126: 127: /// @title wveOLAS - Wrapper smart contract for view functions of veOLAS contract 128: /// @author AL 129: /// @author Aleksandr Kuperman - 130: contract wveOLAS { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L79-L130 ```solidity File: governance/contracts/wveOLAS.sol //@audit ts, are not checked 084: function totalSupplyLockedAtT(uint256 ts) external view returns (uint256 vPower); 085: 086: /// @dev Calculates current total voting power. 087: /// @return vPower Total voting power. 088: function totalSupplyLocked() external view returns (uint256 vPower); 089: 090: /// @dev Calculate total voting power at some point in the past. 091: /// @param blockNumber Block number to calculate the total voting power at. 092: /// @return vPower Total voting power. 093: function getPastTotalSupply(uint256 blockNumber) external view returns (uint256 vPower); 094: 095: /// @dev Gets information about the interface support. 096: /// @param interfaceId A specified interface Id. 097: /// @return True if this contract implements the interface defined by interfaceId. 098: function supportsInterface(bytes4 interfaceId) external view returns (bool); 099: 100: /// @dev Reverts the allowance of this token. 101: function allowance(address owner, address spender) external view returns (uint256); 102: 103: /// @dev Reverts delegates of this token. 104: function delegates(address account) external view returns (address); 105: } 106: 107: /// @dev Zero address. 108: error ZeroAddress(); 109: 110: /// @dev Provided wrong timestamp. 111: /// @param minTimeStamp Minimum timestamp. 112: /// @param providedTimeStamp Provided timestamp. 113: error WrongTimestamp(uint256 minTimeStamp, uint256 providedTimeStamp); 114: 115: /// @dev Called function is implemented in a specified veOLAS contract. 116: /// @param veToken Original veOLAS address. 117: error ImplementedIn(address veToken); 118: 119: /// @dev veOLAS token is non-transferable. 120: /// @param veToken veOLAS token address. 121: error NonTransferable(address veToken); 122: 123: /// @dev veOLAS token is non-delegatable. 124: /// @param veToken veOLAS token address. 125: error NonDelegatable(address veToken); 126: 127: /// @title wveOLAS - Wrapper smart contract for view functions of veOLAS contract 128: /// @author AL 129: /// @author Aleksandr Kuperman - 130: contract wveOLAS { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L84-L130 ```solidity File: governance/contracts/wveOLAS.sol //@audit blockNumber, are not checked 093: function getPastTotalSupply(uint256 blockNumber) external view returns (uint256 vPower); 094: 095: /// @dev Gets information about the interface support. 096: /// @param interfaceId A specified interface Id. 097: /// @return True if this contract implements the interface defined by interfaceId. 098: function supportsInterface(bytes4 interfaceId) external view returns (bool); 099: 100: /// @dev Reverts the allowance of this token. 101: function allowance(address owner, address spender) external view returns (uint256); 102: 103: /// @dev Reverts delegates of this token. 104: function delegates(address account) external view returns (address); 105: } 106: 107: /// @dev Zero address. 108: error ZeroAddress(); 109: 110: /// @dev Provided wrong timestamp. 111: /// @param minTimeStamp Minimum timestamp. 112: /// @param providedTimeStamp Provided timestamp. 113: error WrongTimestamp(uint256 minTimeStamp, uint256 providedTimeStamp); 114: 115: /// @dev Called function is implemented in a specified veOLAS contract. 116: /// @param veToken Original veOLAS address. 117: error ImplementedIn(address veToken); 118: 119: /// @dev veOLAS token is non-transferable. 120: /// @param veToken veOLAS token address. 121: error NonTransferable(address veToken); 122: 123: /// @dev veOLAS token is non-delegatable. 124: /// @param veToken veOLAS token address. 125: error NonDelegatable(address veToken); 126: 127: /// @title wveOLAS - Wrapper smart contract for view functions of veOLAS contract 128: /// @author AL 129: /// @author Aleksandr Kuperman - 130: contract wveOLAS { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L93-L130 ```solidity File: governance/contracts/wveOLAS.sol //@audit interfaceId, are not checked 098: function supportsInterface(bytes4 interfaceId) external view returns (bool); 099: 100: /// @dev Reverts the allowance of this token. 101: function allowance(address owner, address spender) external view returns (uint256); 102: 103: /// @dev Reverts delegates of this token. 104: function delegates(address account) external view returns (address); 105: } 106: 107: /// @dev Zero address. 108: error ZeroAddress(); 109: 110: /// @dev Provided wrong timestamp. 111: /// @param minTimeStamp Minimum timestamp. 112: /// @param providedTimeStamp Provided timestamp. 113: error WrongTimestamp(uint256 minTimeStamp, uint256 providedTimeStamp); 114: 115: /// @dev Called function is implemented in a specified veOLAS contract. 116: /// @param veToken Original veOLAS address. 117: error ImplementedIn(address veToken); 118: 119: /// @dev veOLAS token is non-transferable. 120: /// @param veToken veOLAS token address. 121: error NonTransferable(address veToken); 122: 123: /// @dev veOLAS token is non-delegatable. 124: /// @param veToken veOLAS token address. 125: error NonDelegatable(address veToken); 126: 127: /// @title wveOLAS - Wrapper smart contract for view functions of veOLAS contract 128: /// @author AL 129: /// @author Aleksandr Kuperman - 130: contract wveOLAS { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L98-L130 ```solidity File: governance/contracts/wveOLAS.sol //@audit , are not checked 297: function transfer(address, uint256) external returns (bool) { 298: revert NonTransferable(ve); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L297-L298 ```solidity File: governance/contracts/wveOLAS.sol //@audit , are not checked 302: function approve(address, uint256) external returns (bool) { 303: revert NonTransferable(ve); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L302-L303 ```solidity File: governance/contracts/wveOLAS.sol //@audit , are not checked 307: function transferFrom(address, address, uint256) external returns (bool) { 308: revert NonTransferable(ve); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L307-L308 ```solidity File: governance/contracts/wveOLAS.sol //@audit , , , , , are not checked 328: function delegateBySig(address, uint256, uint256, uint8, bytes32, bytes32) external 329: { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L328-L329 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit proposalId, are not checked 07: function state(uint256 proposalId) external returns (ProposalState); 08: } 09: 10: // Governor proposal state 11: enum ProposalState { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L7-L11 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit , , , , , are not checked 387: function checkTransaction( 388: address to, 389: uint256, 390: bytes memory data, 391: Enum.Operation operation, 392: uint256, 393: uint256, 394: uint256, 395: address, 396: address payable, 397: bytes memory, 398: address 399: ) external { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L387-L399 ```solidity File: governance/contracts/multisigs/GuardCM.sol //@audit , , are not checked 572: function checkAfterExecution(bytes32, bool) external {} 573: ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L572-L573 ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol //@audit stateId, data, are not checked 06: function processMessageFromRoot(uint256 stateId, address rootMessageSender, bytes memory data) external; 07: } 08: 09: /// @dev Provided zero address. 10: error ZeroAddress(); 11: 12: /// @dev Only self contract is allowed to call the function. 13: /// @param sender Sender address. 14: /// @param instance Required contract instance address. 15: error SelfCallOnly(address sender, address instance); 16: 17: /// @dev Only `fxChild` is allowed to call the function. 18: /// @param sender Sender address. 19: /// @param fxChild Required Fx Child address. 20: error FxChildOnly(address sender, address fxChild); 21: 22: /// @dev Only on behalf of `rootGovernor` the function is allowed to process the data. 23: /// @param sender Sender address. 24: /// @param rootGovernor Required Root Governor address. 25: error RootGovernorOnly(address sender, address rootGovernor); 26: 27: /// @dev Provided incorrect data length. 28: /// @param expected Expected minimum data length. 29: /// @param provided Provided data length. 30: error IncorrectDataLength(uint256 expected, uint256 provided); 31: 32: /// @dev Provided value is bigger than the actual balance. 33: /// @param value Provided value. 34: /// @param balance Actual balance. 35: error InsufficientBalance(uint256 value, uint256 balance); 36: 37: /// @dev Target execution failed. 38: /// @param target Target address. 39: /// @param value Provided value. 40: /// @param payload Provided payload. 41: error TargetExecFailed(address target, uint256 value, bytes payload); 42: 43: /// @title FxGovernorTunnel - Smart contract for the governor child tunnel bridge implementation 44: /// @author Aleksandr Kuperman - 45: /// @author AL 46: contract FxGovernorTunnel is IFxMessageProcessor { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L6-L46 ```solidity File: governance/contracts/bridges/FxERC20ChildTunnel.sol //@audit , are not checked 70: function _processMessageFromRoot( 71: uint256 /* stateId */, 72: address sender, 73: bytes memory message 74: ) internal override validateSender(sender) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20ChildTunnel.sol#L70-L74 ```solidity File: governance/contracts/interfaces/IERC20.sol //@audit amount, are not checked 25: function approve(address spender, uint256 amount) external returns (bool); 26: 27: /// @dev Transfers the token amount. 28: /// @param to Address to transfer to. 29: /// @param amount The amount to transfer. 30: /// @return True if the function execution is successful. 31: function transfer(address to, uint256 amount) external returns (bool); 32: 33: /// @dev Transfers the token amount that was previously approved up until the maximum allowance. 34: /// @param from Account address to transfer from. 35: /// @param to Account address to transfer to. 36: /// @param amount Amount to transfer to. 37: /// @return True if the function execution is successful. 38: function transferFrom(address from, address to, uint256 amount) external returns (bool); 39: 40: /// @dev Mints tokens. 41: /// @param account Account address. 42: /// @param amount Token amount. 43: function mint(address account, uint256 amount) external; 44: 45: /// @dev Burns tokens. 46: /// @param amount Token amount to burn. 47: function burn(uint256 amount) external; 48: } 49: ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/interfaces/IERC20.sol#L25-L49 ```solidity File: governance/contracts/interfaces/IERC20.sol //@audit amount, are not checked 31: function transfer(address to, uint256 amount) external returns (bool); 32: 33: /// @dev Transfers the token amount that was previously approved up until the maximum allowance. 34: /// @param from Account address to transfer from. 35: /// @param to Account address to transfer to. 36: /// @param amount Amount to transfer to. 37: /// @return True if the function execution is successful. 38: function transferFrom(address from, address to, uint256 amount) external returns (bool); 39: 40: /// @dev Mints tokens. 41: /// @param account Account address. 42: /// @param amount Token amount. 43: function mint(address account, uint256 amount) external; 44: 45: /// @dev Burns tokens. 46: /// @param amount Token amount to burn. 47: function burn(uint256 amount) external; 48: } 49: ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/interfaces/IERC20.sol#L31-L49 ```solidity File: governance/contracts/interfaces/IERC20.sol //@audit amount, are not checked 38: function transferFrom(address from, address to, uint256 amount) external returns (bool); 39: 40: /// @dev Mints tokens. 41: /// @param account Account address. 42: /// @param amount Token amount. 43: function mint(address account, uint256 amount) external; 44: 45: /// @dev Burns tokens. 46: /// @param amount Token amount to burn. 47: function burn(uint256 amount) external; 48: } 49: ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/interfaces/IERC20.sol#L38-L49 ```solidity File: governance/contracts/interfaces/IERC20.sol //@audit amount, are not checked 43: function mint(address account, uint256 amount) external; 44: 45: /// @dev Burns tokens. 46: /// @param amount Token amount to burn. 47: function burn(uint256 amount) external; 48: } 49: ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/interfaces/IERC20.sol#L43-L49 ```solidity File: governance/contracts/interfaces/IERC20.sol //@audit amount, are not checked 47: function burn(uint256 amount) external; 48: } 49: ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/interfaces/IERC20.sol#L47-L49 ```solidity File: registries/contracts/GenericRegistry.sol //@audit unitId, are not checked 129: function _getUnitHash(uint256 unitId) internal view virtual returns (bytes32); 130: 131: /// @dev Returns unit token URI. 132: /// @notice Expected multicodec: dag-pb; hashing function: sha2-256, with base16 encoding and leading CID_PREFIX removed. 133: /// @param unitId Unit Id. 134: /// @return Unit token URI string. 135: function tokenURI(uint256 unitId) public view virtual override returns (string memory) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L129-L135 ```solidity File: registries/contracts/UnitRegistry.sol //@audit dependencies, maxUnitId, are not checked 42: function _checkDependencies(uint32[] memory dependencies, uint32 maxUnitId) internal virtual; 43: 44: /// @dev Creates unit. 45: /// @param unitOwner Owner of the unit. 46: /// @param unitHash IPFS CID hash of the unit. 47: /// @param dependencies Set of unit dependencies in a sorted ascending order (unit Ids). 48: /// @return unitId The id of a minted unit. 49: function create(address unitOwner, bytes32 unitHash, uint32[] memory dependencies) 50: external virtual returns (uint256 unitId) 51: { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L42-L51 ```solidity File: registries/contracts/UnitRegistry.sol //@audit unitId, are not checked 152: function getUnit(uint256 unitId) external view virtual returns (Unit memory unit) { 153: unit = mapUnits[unitId]; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L152-L153 ```solidity File: registries/contracts/UnitRegistry.sol //@audit unitId, are not checked 160: function getDependencies(uint256 unitId) external view virtual 161: returns (uint256 numDependencies, uint32[] memory dependencies) 162: { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L160-L162 ```solidity File: registries/contracts/UnitRegistry.sol //@audit unitId, are not checked 171: function getUpdatedHashes(uint256 unitId) external view virtual 172: returns (uint256 numHashes, bytes32[] memory unitHashes) 173: { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L171-L173 ```solidity File: registries/contracts/UnitRegistry.sol //@audit unitId, are not checked 193: function _getSubComponents(UnitType subcomponentsFromType, uint32 unitId) internal view virtual 194: returns (uint32[] memory subComponentIds); 195: 196: /// @dev Calculates the set of subcomponent Ids. 197: /// @param subcomponentsFromType Type of the unit: component or agent. 198: /// @param unitIds Unit Ids. 199: /// @return subComponentIds Subcomponent Ids. 200: function _calculateSubComponents(UnitType subcomponentsFromType, uint32[] memory unitIds) internal view virtual 201: returns (uint32[] memory subComponentIds) 202: { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L193-L202 ```solidity File: registries/contracts/UnitRegistry.sol //@audit unitId, are not checked 270: function _getUnitHash(uint256 unitId) internal view override returns (bytes32) { 271: return mapUnits[unitId].unitHash; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L270-L271 ```solidity File: registries/contracts/ComponentRegistry.sol //@audit _baseURI, are not checked 16: constructor(string memory _name, string memory _symbol, string memory _baseURI) 17: UnitRegistry(UnitType.Component) 18: ERC721(_name, _symbol) 19: { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/ComponentRegistry.sol#L16-L19 ```solidity File: registries/contracts/AgentRegistry.sol //@audit _baseURI, are not checked 20: constructor(string memory _name, string memory _symbol, string memory _baseURI, address _componentRegistry) 21: UnitRegistry(UnitType.Agent) 22: ERC721(_name, _symbol) 23: { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/AgentRegistry.sol#L20-L23 ```solidity File: registries/contracts/AgentRegistry.sol //@audit , are not checked 31: function _checkDependencies(uint32[] memory dependencies, uint32) internal virtual override { 32: // Check that the agent has at least one component ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/AgentRegistry.sol#L31-L32 ```solidity File: registries/contracts/multisigs/GnosisSafeMultisig.sol //@audit initializer, saltNonce, are not checked 10: function createProxyWithNonce( 11: address _singleton, 12: bytes memory initializer, 13: uint256 saltNonce 14: ) external returns (address proxy); 15: } 16: 17: /// @dev Provided incorrect data length. 18: /// @param expected Expected minimum data length. 19: /// @param provided Provided data length. 20: error IncorrectDataLength(uint256 expected, uint256 provided); 21: 22: /// @title Gnosis Safe - Smart contract for Gnosis Safe multisig implementation of a generic multisig interface 23: /// @author Aleksandr Kuperman - 24: contract GnosisSafeMultisig { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeMultisig.sol#L10-L24 ```solidity File: registries/contracts/multisigs/GnosisSafeMultisig.sol //@audit data, are not checked 45: function _parseData(bytes memory data) internal pure 46: returns (address to, address fallbackHandler, address paymentToken, address payable paymentReceiver, 47: uint256 payment, uint256 nonce, bytes memory payload) 48: { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeMultisig.sol#L45-L48 ```solidity File: registries/contracts/interfaces/IRegistry.sol //@audit unitHash, dependencies, are not checked 16: function create( 17: address unitOwner, 18: bytes32 unitHash, 19: uint32[] memory dependencies 20: ) external returns (uint256); 21: 22: /// @dev Updates the component / agent hash. 23: /// @param owner Owner of the component / agent. 24: /// @param unitId Unit Id. 25: /// @param unitHash Updated IPFS hash of the component / agent. 26: /// @return success True, if function executed successfully. 27: function updateHash(address owner, uint256 unitId, bytes32 unitHash) external returns (bool success); 28: 29: /// @dev Gets subcomponents of a provided unit Id from a local public map. 30: /// @param unitId Unit Id. 31: /// @return subComponentIds Set of subcomponents. 32: /// @return numSubComponents Number of subcomponents. 33: function getLocalSubComponents(uint256 unitId) external view returns (uint32[] memory subComponentIds, uint256 numSubComponents); 34: 35: /// @dev Calculates the set of subcomponent Ids. 36: /// @param unitIds Set of unit Ids. 37: /// @return subComponentIds Subcomponent Ids. 38: function calculateSubComponents(uint32[] memory unitIds) external view returns (uint32[] memory subComponentIds); 39: 40: /// @dev Gets updated component / agent hashes. 41: /// @param unitId Unit Id. 42: /// @return numHashes Number of hashes. 43: /// @return unitHashes The list of component / agent hashes. 44: function getUpdatedHashes(uint256 unitId) external view returns (uint256 numHashes, bytes32[] memory unitHashes); 45: 46: /// @dev Gets the total supply of components / agents. 47: /// @return Total supply. 48: function totalSupply() external view returns (uint256); 49: } 50: ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/interfaces/IRegistry.sol#L16-L50 ```solidity File: registries/contracts/interfaces/IRegistry.sol //@audit unitId, unitHash, are not checked 27: function updateHash(address owner, uint256 unitId, bytes32 unitHash) external returns (bool success); 28: 29: /// @dev Gets subcomponents of a provided unit Id from a local public map. 30: /// @param unitId Unit Id. 31: /// @return subComponentIds Set of subcomponents. 32: /// @return numSubComponents Number of subcomponents. 33: function getLocalSubComponents(uint256 unitId) external view returns (uint32[] memory subComponentIds, uint256 numSubComponents); 34: 35: /// @dev Calculates the set of subcomponent Ids. 36: /// @param unitIds Set of unit Ids. 37: /// @return subComponentIds Subcomponent Ids. 38: function calculateSubComponents(uint32[] memory unitIds) external view returns (uint32[] memory subComponentIds); 39: 40: /// @dev Gets updated component / agent hashes. 41: /// @param unitId Unit Id. 42: /// @return numHashes Number of hashes. 43: /// @return unitHashes The list of component / agent hashes. 44: function getUpdatedHashes(uint256 unitId) external view returns (uint256 numHashes, bytes32[] memory unitHashes); 45: 46: /// @dev Gets the total supply of components / agents. 47: /// @return Total supply. 48: function totalSupply() external view returns (uint256); 49: } 50: ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/interfaces/IRegistry.sol#L27-L50 ```solidity File: registries/contracts/interfaces/IRegistry.sol //@audit unitId, are not checked 33: function getLocalSubComponents(uint256 unitId) external view returns (uint32[] memory subComponentIds, uint256 numSubComponents); 34: 35: /// @dev Calculates the set of subcomponent Ids. 36: /// @param unitIds Set of unit Ids. 37: /// @return subComponentIds Subcomponent Ids. 38: function calculateSubComponents(uint32[] memory unitIds) external view returns (uint32[] memory subComponentIds); 39: 40: /// @dev Gets updated component / agent hashes. 41: /// @param unitId Unit Id. 42: /// @return numHashes Number of hashes. 43: /// @return unitHashes The list of component / agent hashes. 44: function getUpdatedHashes(uint256 unitId) external view returns (uint256 numHashes, bytes32[] memory unitHashes); 45: 46: /// @dev Gets the total supply of components / agents. 47: /// @return Total supply. 48: function totalSupply() external view returns (uint256); 49: } 50: ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/interfaces/IRegistry.sol#L33-L50 ```solidity File: registries/contracts/interfaces/IRegistry.sol //@audit unitIds, are not checked 38: function calculateSubComponents(uint32[] memory unitIds) external view returns (uint32[] memory subComponentIds); 39: 40: /// @dev Gets updated component / agent hashes. 41: /// @param unitId Unit Id. 42: /// @return numHashes Number of hashes. 43: /// @return unitHashes The list of component / agent hashes. 44: function getUpdatedHashes(uint256 unitId) external view returns (uint256 numHashes, bytes32[] memory unitHashes); 45: 46: /// @dev Gets the total supply of components / agents. 47: /// @return Total supply. 48: function totalSupply() external view returns (uint256); 49: } 50: ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/interfaces/IRegistry.sol#L38-L50 ```solidity File: registries/contracts/interfaces/IRegistry.sol //@audit unitId, are not checked 44: function getUpdatedHashes(uint256 unitId) external view returns (uint256 numHashes, bytes32[] memory unitHashes); 45: 46: /// @dev Gets the total supply of components / agents. 47: /// @return Total supply. 48: function totalSupply() external view returns (uint256); 49: } 50: ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/interfaces/IRegistry.sol#L44-L50 ```solidity File: tokenomics/contracts/Depository.sol //@audit productIds, are not checked 244: function close(uint256[] memory productIds) external returns (uint256[] memory closedProductIds) { 245: // Check for the contract ownership ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L244-L245 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit epoch, unitType, are not checked 1245: function getUnitPoint(uint256 epoch, uint256 unitType) external view returns (UnitPoint memory up) { 1246: up = mapEpochTokenomics[epoch].unitPoints[unitType]; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1245-L1246 ```solidity File: tokenomics/contracts/Tokenomics.sol //@audit epoch, are not checked 1252: function getIDF(uint256 epoch) external view returns (uint256 idf) 1253: { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1252-L1253 ```solidity File: tokenomics/contracts/interfaces/IGenericBondCalculator.sol //@audit tokenAmount, priceLP, are not checked 10: function calculatePayoutOLAS(uint256 tokenAmount, uint256 priceLP) external view 11: returns (uint256 amountOLAS); 12: 13: /// @dev Get reserveX/reserveY at the time of product creation. 14: /// @param token Token address. 15: /// @return priceLP Resulting reserve ratio. 16: function getCurrentPriceLP(address token) external view returns (uint256 priceLP); 17: } 18: ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IGenericBondCalculator.sol#L10-L18 ```solidity File: tokenomics/contracts/interfaces/IOLAS.sol //@audit amount, are not checked 08: function mint(address account, uint256 amount) external; 09: 10: /// @dev Provides OLA token time launch. 11: /// @return Time launch. 12: function timeLaunch() external view returns (uint256); 13: } 14: ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IOLAS.sol#L8-L14 ```solidity File: tokenomics/contracts/interfaces/IServiceRegistry.sol //@audit serviceId, are not checked 14: function exists(uint256 serviceId) external view returns (bool); 15: 16: /// @dev Gets the full set of linearized components / canonical agent Ids for a specified service. 17: /// @notice The service must be / have been deployed in order to get the actual data. 18: /// @param serviceId Service Id. 19: /// @return numUnitIds Number of component / agent Ids. 20: /// @return unitIds Set of component / agent Ids. 21: function getUnitIdsOfService(UnitType unitType, uint256 serviceId) external view 22: returns (uint256 numUnitIds, uint32[] memory unitIds); 23: 24: /// @dev Gets the value of slashed funds from the service registry. 25: /// @return amount Drained amount. 26: function slashedFunds() external view returns (uint256 amount); 27: 28: /// @dev Drains slashed funds. 29: /// @return amount Drained amount. 30: function drain() external returns (uint256 amount); 31: } 32: ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IServiceRegistry.sol#L14-L32 ```solidity File: tokenomics/contracts/interfaces/IServiceRegistry.sol //@audit serviceId, are not checked 21: function getUnitIdsOfService(UnitType unitType, uint256 serviceId) external view 22: returns (uint256 numUnitIds, uint32[] memory unitIds); 23: 24: /// @dev Gets the value of slashed funds from the service registry. 25: /// @return amount Drained amount. 26: function slashedFunds() external view returns (uint256 amount); 27: 28: /// @dev Drains slashed funds. 29: /// @return amount Drained amount. 30: function drain() external returns (uint256 amount); 31: } 32: ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IServiceRegistry.sol#L21-L32 ```solidity File: tokenomics/contracts/interfaces/IToken.sol //@audit tokenId, are not checked 14: function ownerOf(uint256 tokenId) external view returns (address); 15: 16: /// @dev Gets the total amount of tokens stored by the contract. 17: /// @return Amount of tokens. 18: function totalSupply() external view returns (uint256); 19: 20: /// @dev Transfers the token amount. 21: /// @param to Address to transfer to. 22: /// @param amount The amount to transfer. 23: /// @return True if the function execution is successful. 24: function transfer(address to, uint256 amount) external returns (bool); 25: 26: /// @dev Gets remaining number of tokens that the `spender` can transfer on behalf of `owner`. 27: /// @param owner Token owner. 28: /// @param spender Account address that is able to transfer tokens on behalf of the owner. 29: /// @return Token amount allowed to be transferred. 30: function allowance(address owner, address spender) external view returns (uint256); 31: 32: /// @dev Sets `amount` as the allowance of `spender` over the caller's tokens. 33: /// @param spender Account address that will be able to transfer tokens on behalf of the caller. 34: /// @param amount Token amount. 35: /// @return True if the function execution is successful. 36: function approve(address spender, uint256 amount) external returns (bool); 37: 38: /// @dev Transfers the token amount that was previously approved up until the maximum allowance. 39: /// @param from Account address to transfer from. 40: /// @param to Account address to transfer to. 41: /// @param amount Amount to transfer to. 42: /// @return True if the function execution is successful. 43: function transferFrom(address from, address to, uint256 amount) external returns (bool); 44: } 45: ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IToken.sol#L14-L45 ```solidity File: tokenomics/contracts/interfaces/IToken.sol //@audit amount, are not checked 24: function transfer(address to, uint256 amount) external returns (bool); 25: 26: /// @dev Gets remaining number of tokens that the `spender` can transfer on behalf of `owner`. 27: /// @param owner Token owner. 28: /// @param spender Account address that is able to transfer tokens on behalf of the owner. 29: /// @return Token amount allowed to be transferred. 30: function allowance(address owner, address spender) external view returns (uint256); 31: 32: /// @dev Sets `amount` as the allowance of `spender` over the caller's tokens. 33: /// @param spender Account address that will be able to transfer tokens on behalf of the caller. 34: /// @param amount Token amount. 35: /// @return True if the function execution is successful. 36: function approve(address spender, uint256 amount) external returns (bool); 37: 38: /// @dev Transfers the token amount that was previously approved up until the maximum allowance. 39: /// @param from Account address to transfer from. 40: /// @param to Account address to transfer to. 41: /// @param amount Amount to transfer to. 42: /// @return True if the function execution is successful. 43: function transferFrom(address from, address to, uint256 amount) external returns (bool); 44: } 45: ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IToken.sol#L24-L45 ```solidity File: tokenomics/contracts/interfaces/IToken.sol //@audit amount, are not checked 36: function approve(address spender, uint256 amount) external returns (bool); 37: 38: /// @dev Transfers the token amount that was previously approved up until the maximum allowance. 39: /// @param from Account address to transfer from. 40: /// @param to Account address to transfer to. 41: /// @param amount Amount to transfer to. 42: /// @return True if the function execution is successful. 43: function transferFrom(address from, address to, uint256 amount) external returns (bool); 44: } 45: ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IToken.sol#L36-L45 ```solidity File: tokenomics/contracts/interfaces/IToken.sol //@audit amount, are not checked 43: function transferFrom(address from, address to, uint256 amount) external returns (bool); 44: } 45: ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IToken.sol#L43-L45 ```solidity File: tokenomics/contracts/interfaces/ITokenomics.sol //@audit serviceIds, amounts, donationETH, are not checked 19: function trackServiceDonations( 20: address donator, 21: uint256[] memory serviceIds, 22: uint256[] memory amounts, 23: uint256 donationETH 24: ) external; 25: 26: /// @dev Reserves OLAS amount from the effective bond to be minted during a bond program. 27: /// @notice Programs exceeding the limit in the epoch are not allowed. 28: /// @param amount Requested amount for the bond program. 29: /// @return True if effective bond threshold is not reached. 30: function reserveAmountForBondProgram(uint256 amount) external returns(bool); 31: 32: /// @dev Refunds unused bond program amount. 33: /// @param amount Amount to be refunded from the bond program. 34: function refundFromBondProgram(uint256 amount) external; 35: 36: /// @dev Gets component / agent owner incentives and clears the balances. 37: /// @param account Account address. 38: /// @param unitTypes Set of unit types (component / agent). 39: /// @param unitIds Set of corresponding unit Ids where account is the owner. 40: /// @return reward Reward amount. 41: /// @return topUp Top-up amount. 42: function accountOwnerIncentives(address account, uint256[] memory unitTypes, uint256[] memory unitIds) external 43: returns (uint256 reward, uint256 topUp); 44: 45: /// @dev Gets inverse discount factor with the multiple of 1e18 of the last epoch. 46: /// @return idf Discount factor with the multiple of 1e18. 47: function getLastIDF() external view returns (uint256 idf); 48: 49: /// @dev Gets the service registry contract address 50: /// @return Service registry contract address; 51: function serviceRegistry() external view returns (address); 52: } 53: ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/ITokenomics.sol#L19-L53 ```solidity File: tokenomics/contracts/interfaces/ITokenomics.sol //@audit amount, are not checked 30: function reserveAmountForBondProgram(uint256 amount) external returns(bool); 31: 32: /// @dev Refunds unused bond program amount. 33: /// @param amount Amount to be refunded from the bond program. 34: function refundFromBondProgram(uint256 amount) external; 35: 36: /// @dev Gets component / agent owner incentives and clears the balances. 37: /// @param account Account address. 38: /// @param unitTypes Set of unit types (component / agent). 39: /// @param unitIds Set of corresponding unit Ids where account is the owner. 40: /// @return reward Reward amount. 41: /// @return topUp Top-up amount. 42: function accountOwnerIncentives(address account, uint256[] memory unitTypes, uint256[] memory unitIds) external 43: returns (uint256 reward, uint256 topUp); 44: 45: /// @dev Gets inverse discount factor with the multiple of 1e18 of the last epoch. 46: /// @return idf Discount factor with the multiple of 1e18. 47: function getLastIDF() external view returns (uint256 idf); 48: 49: /// @dev Gets the service registry contract address 50: /// @return Service registry contract address; 51: function serviceRegistry() external view returns (address); 52: } 53: ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/ITokenomics.sol#L30-L53 ```solidity File: tokenomics/contracts/interfaces/ITokenomics.sol //@audit amount, are not checked 34: function refundFromBondProgram(uint256 amount) external; 35: 36: /// @dev Gets component / agent owner incentives and clears the balances. 37: /// @param account Account address. 38: /// @param unitTypes Set of unit types (component / agent). 39: /// @param unitIds Set of corresponding unit Ids where account is the owner. 40: /// @return reward Reward amount. 41: /// @return topUp Top-up amount. 42: function accountOwnerIncentives(address account, uint256[] memory unitTypes, uint256[] memory unitIds) external 43: returns (uint256 reward, uint256 topUp); 44: 45: /// @dev Gets inverse discount factor with the multiple of 1e18 of the last epoch. 46: /// @return idf Discount factor with the multiple of 1e18. 47: function getLastIDF() external view returns (uint256 idf); 48: 49: /// @dev Gets the service registry contract address 50: /// @return Service registry contract address; 51: function serviceRegistry() external view returns (address); 52: } 53: ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/ITokenomics.sol#L34-L53 ```solidity File: tokenomics/contracts/interfaces/ITokenomics.sol //@audit unitTypes, unitIds, are not checked 42: function accountOwnerIncentives(address account, uint256[] memory unitTypes, uint256[] memory unitIds) external 43: returns (uint256 reward, uint256 topUp); 44: 45: /// @dev Gets inverse discount factor with the multiple of 1e18 of the last epoch. 46: /// @return idf Discount factor with the multiple of 1e18. 47: function getLastIDF() external view returns (uint256 idf); 48: 49: /// @dev Gets the service registry contract address 50: /// @return Service registry contract address; 51: function serviceRegistry() external view returns (address); 52: } 53: ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/ITokenomics.sol#L42-L53 ```solidity File: tokenomics/contracts/interfaces/ITreasury.sol //@audit tokenAmount, olaMintAmount, are not checked 11: function depositTokenForOLAS(address account, uint256 tokenAmount, address token, uint256 olaMintAmount) external; 12: 13: /// @dev Deposits service donations in ETH. 14: /// @param serviceIds Set of service Ids. 15: /// @param amounts Set of corresponding amounts deposited on behalf of each service Id. 16: function depositServiceDonationsETH(uint256[] memory serviceIds, uint256[] memory amounts) external payable; 17: 18: /// @dev Gets information about token being enabled. 19: /// @param token Token address. 20: /// @return enabled True is token is enabled. 21: function isEnabled(address token) external view returns (bool enabled); 22: 23: /// @dev Withdraws ETH and / or OLAS amounts to the requested account address. 24: /// @notice Only dispenser contract can call this function. 25: /// @notice Reentrancy guard is on a dispenser side. 26: /// @notice Zero account address is not possible, since the dispenser contract interacts with msg.sender. 27: /// @param account Account address. 28: /// @param accountRewards Amount of account rewards. 29: /// @param accountTopUps Amount of account top-ups. 30: /// @return success True if the function execution is successful. 31: function withdrawToAccount(address account, uint256 accountRewards, uint256 accountTopUps) external returns (bool success); 32: 33: /// @dev Re-balances treasury funds to account for the treasury reward for a specific epoch. 34: /// @param treasuryRewards Treasury rewards. 35: /// @return success True, if the function execution is successful. 36: function rebalanceTreasury(uint256 treasuryRewards) external returns (bool success); 37: } 38: ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/ITreasury.sol#L11-L38 ```solidity File: tokenomics/contracts/interfaces/ITreasury.sol //@audit serviceIds, amounts, are not checked 16: function depositServiceDonationsETH(uint256[] memory serviceIds, uint256[] memory amounts) external payable; 17: 18: /// @dev Gets information about token being enabled. 19: /// @param token Token address. 20: /// @return enabled True is token is enabled. 21: function isEnabled(address token) external view returns (bool enabled); 22: 23: /// @dev Withdraws ETH and / or OLAS amounts to the requested account address. 24: /// @notice Only dispenser contract can call this function. 25: /// @notice Reentrancy guard is on a dispenser side. 26: /// @notice Zero account address is not possible, since the dispenser contract interacts with msg.sender. 27: /// @param account Account address. 28: /// @param accountRewards Amount of account rewards. 29: /// @param accountTopUps Amount of account top-ups. 30: /// @return success True if the function execution is successful. 31: function withdrawToAccount(address account, uint256 accountRewards, uint256 accountTopUps) external returns (bool success); 32: 33: /// @dev Re-balances treasury funds to account for the treasury reward for a specific epoch. 34: /// @param treasuryRewards Treasury rewards. 35: /// @return success True, if the function execution is successful. 36: function rebalanceTreasury(uint256 treasuryRewards) external returns (bool success); 37: } 38: ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/ITreasury.sol#L16-L38 ```solidity File: tokenomics/contracts/interfaces/ITreasury.sol //@audit accountRewards, accountTopUps, are not checked 31: function withdrawToAccount(address account, uint256 accountRewards, uint256 accountTopUps) external returns (bool success); 32: 33: /// @dev Re-balances treasury funds to account for the treasury reward for a specific epoch. 34: /// @param treasuryRewards Treasury rewards. 35: /// @return success True, if the function execution is successful. 36: function rebalanceTreasury(uint256 treasuryRewards) external returns (bool success); 37: } 38: ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/ITreasury.sol#L31-L38 ```solidity File: tokenomics/contracts/interfaces/ITreasury.sol //@audit treasuryRewards, are not checked 36: function rebalanceTreasury(uint256 treasuryRewards) external returns (bool success); 37: } 38: ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/ITreasury.sol#L36-L38 ### [N-96] Use a struct to encapsulate multiple function parameters If a function has too many parameters, replacing them with a struct can improve code readability and maintainability, increase reusability, and reduce the likelihood of errors when passing the parameters. *There are 5 instance(s) of this issue:* ```solidity File: governance/contracts/GovernorOLAS.sol 16: constructor( 17: IVotes governanceToken, 18: TimelockController timelock, 19: uint256 initialVotingDelay, 20: uint256 initialVotingPeriod, 21: uint256 initialProposalThreshold, 22: uint256 quorumFraction 23: ) 24: Governor("Governor OLAS") 25: GovernorSettings(initialVotingDelay, initialVotingPeriod, initialProposalThreshold) 26: GovernorVotes(governanceToken) 27: GovernorVotesQuorumFraction(quorumFraction) 28: GovernorTimelockControl(timelock) 29: {} ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/GovernorOLAS.sol#L16-L29 ```solidity File: governance/contracts/veOLAS.sol 800: function delegateBySig(address delegatee, uint256 nonce, uint256 expiry, uint8 v, bytes32 r, bytes32 s) 801: external virtual override 802: { 803: revert NonDelegatable(address(this)); 804: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L800-L804 ```solidity File: governance/contracts/wveOLAS.sol 328: function delegateBySig(address, uint256, uint256, uint8, bytes32, bytes32) external 329: { 330: revert NonDelegatable(ve); 331: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L328-L331 ```solidity File: governance/contracts/multisigs/GuardCM.sol 387: function checkTransaction( 388: address to, 389: uint256, 390: bytes memory data, 391: Enum.Operation operation, 392: uint256, 393: uint256, 394: uint256, 395: address, 396: address payable, 397: bytes memory, 398: address 399: ) external { 400: // Just return if paused 401: if (paused == 1) { 402: // Call to the timelock 403: if (to == owner) { 404: // No delegatecall is allowed 405: if (operation == Enum.Operation.DelegateCall) { 406: revert NoDelegateCall(); 407: } 408: 409: // Data needs to have enough bytes at least to fit the selector 410: if (data.length < SELECTOR_DATA_LENGTH) { 411: revert IncorrectDataLength(data.length, SELECTOR_DATA_LENGTH); 412: } 413: 414: // Get the function signature 415: bytes4 functionSig = bytes4(data); 416: // Check the schedule or scheduleBatch function authorized parameters 417: // All other functions are not checked for 418: if (functionSig == SCHEDULE || functionSig == SCHEDULE_BATCH) { 419: // Data length is too short: need to have enough bytes for the schedule() function 420: // with one selector extracted from the payload 421: if (data.length < MIN_SCHEDULE_DATA_LENGTH) { 422: revert IncorrectDataLength(data.length, MIN_SCHEDULE_DATA_LENGTH); 423: } 424: 425: _verifySchedule(data, functionSig); 426: } 427: } else if (to == multisig) { 428: // No self multisig call is allowed 429: revert NoSelfCall(); 430: } 431: } 432: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L387-L432 ```solidity File: tokenomics/contracts/Tokenomics.sol 264: function initializeTokenomics( 265: address _olas, 266: address _treasury, 267: address _depository, 268: address _dispenser, 269: address _ve, 270: uint256 _epochLen, 271: address _componentRegistry, 272: address _agentRegistry, 273: address _serviceRegistry, 274: address _donatorBlacklist 275: ) external 276: { 277: // Check if the contract is already initialized 278: if (owner != address(0)) { 279: revert AlreadyInitialized(); 280: } 281: 282: // Check for at least one zero contract address 283: if (_olas == address(0) || _treasury == address(0) || _depository == address(0) || _dispenser == address(0) || 284: _ve == address(0) || _componentRegistry == address(0) || _agentRegistry == address(0) || 285: _serviceRegistry == address(0)) { 286: revert ZeroAddress(); 287: } 288: 289: // Initialize storage variables 290: owner = msg.sender; 291: _locked = 1; 292: epsilonRate = 1e17; 293: veOLASThreshold = 10_000e18; 294: 295: // Check that the epoch length has at least a practical minimal value 296: if (uint32(_epochLen) < MIN_EPOCH_LENGTH) { 297: revert LowerThan(_epochLen, MIN_EPOCH_LENGTH); 298: } 299: 300: // Check that the epoch length is not bigger than one year 301: if (uint32(_epochLen) > ONE_YEAR) { 302: revert Overflow(_epochLen, ONE_YEAR); 303: } 304: 305: // Assign other input variables 306: olas = _olas; 307: treasury = _treasury; 308: depository = _depository; 309: dispenser = _dispenser; 310: ve = _ve; 311: epochLen = uint32(_epochLen); 312: componentRegistry = _componentRegistry; 313: agentRegistry = _agentRegistry; 314: serviceRegistry = _serviceRegistry; 315: donatorBlacklist = _donatorBlacklist; 316: 317: // Time launch of the OLAS contract 318: uint256 _timeLaunch = IOLAS(_olas).timeLaunch(); 319: // Check that the tokenomics contract is initialized no later than one year after the OLAS token is deployed 320: if (block.timestamp >= (_timeLaunch + ONE_YEAR)) { 321: revert Overflow(_timeLaunch + ONE_YEAR, block.timestamp); 322: } 323: // Seconds left in the deployment year for the zero year inflation schedule 324: // This value is necessary since it is different from a precise one year time, as the OLAS contract started earlier 325: uint256 zeroYearSecondsLeft = uint32(_timeLaunch + ONE_YEAR - block.timestamp); 326: // Calculating initial inflation per second: (mintable OLAS from getInflationForYear(0)) / (seconds left in a year) 327: // Note that we lose precision here dividing by the number of seconds right away, but to avoid complex calculations 328: // later we consider it less error-prone and sacrifice at most 6 insignificant digits (or 1e-12) of OLAS per year 329: uint256 _inflationPerSecond = getInflationForYear(0) / zeroYearSecondsLeft; 330: inflationPerSecond = uint96(_inflationPerSecond); 331: timeLaunch = uint32(_timeLaunch); 332: 333: // The initial epoch start time is the end time of the zero epoch 334: mapEpochTokenomics[0].epochPoint.endTime = uint32(block.timestamp); 335: 336: // The epoch counter starts from 1 337: epochCounter = 1; 338: TokenomicsPoint storage tp = mapEpochTokenomics[1]; 339: 340: // Setting initial parameters and fractions 341: devsPerCapital = 1e18; 342: tp.epochPoint.idf = 1e18; 343: 344: // Reward fractions 345: // 0 stands for components and 1 for agents 346: // The initial target is to distribute around 2/3 of incentives reserved to fund owners of the code 347: // for components royalties and 1/3 for agents royalties 348: tp.unitPoints[0].rewardUnitFraction = 83; 349: tp.unitPoints[1].rewardUnitFraction = 17; 350: // tp.epochPoint.rewardTreasuryFraction is essentially equal to zero 351: 352: // We consider a unit of code as n agents or m components. 353: // Initially we consider 1 unit of code as either 2 agents or 1 component. 354: // E.g. if we have 2 profitable components and 2 profitable agents, this means there are (2 x 2.0 + 2 x 1.0) / 3 = 2 355: // units of code. 356: // We assume that during one epoch the developer can contribute with one piece of code (1 component or 2 agents) 357: codePerDev = 1e18; 358: 359: // Top-up fractions 360: uint256 _maxBondFraction = 50; 361: tp.epochPoint.maxBondFraction = uint8(_maxBondFraction); 362: tp.unitPoints[0].topUpUnitFraction = 41; 363: tp.unitPoints[1].topUpUnitFraction = 9; 364: 365: // Calculate initial effectiveBond based on the maxBond during the first epoch 366: // maxBond = inflationPerSecond * epochLen * maxBondFraction / 100 367: uint256 _maxBond = (_inflationPerSecond * _epochLen * _maxBondFraction) / 100; 368: maxBond = uint96(_maxBond); 369: effectiveBond = uint96(_maxBond); 370: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L264-L370 ### [N-97] Do not cache `constants` *There are 1 instance(s) of this issue:* ```solidity File: governance/contracts/OLAS.sol 103: uint256 supplyCap = tenYearSupplyCap; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L103-L103 ### [N-98] Function state mutability can be restricted to `view` *There are 1 instance(s) of this issue:* ```solidity File: governance/contracts/multisigs/GuardCM.sol 572: function checkAfterExecution(bytes32, bool) external {} ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L572-L572 ### [N-99] Do not cache `immutable` *There are 1 instance(s) of this issue:* ```solidity File: governance/contracts/OLAS.sol 103: uint256 supplyCap = tenYearSupplyCap; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L103-L103 ### [N-100] Missing NatSpec `@dev` from event declaration *There are 75 instance(s) of this issue:* ```solidity File: governance/contracts/OLAS.sol 18: event MinterUpdated(address indexed minter); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L18-L18 ```solidity File: governance/contracts/OLAS.sol 19: event OwnerUpdated(address indexed owner); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L19-L19 ```solidity File: governance/contracts/veOLAS.sol 94: event Deposit(address indexed account, uint256 amount, uint256 locktime, DepositType depositType, uint256 ts); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L94-L94 ```solidity File: governance/contracts/veOLAS.sol 95: event Withdraw(address indexed account, uint256 amount, uint256 ts); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L95-L95 ```solidity File: governance/contracts/veOLAS.sol 96: event Supply(uint256 previousSupply, uint256 currentSupply); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L96-L96 ```solidity File: governance/contracts/multisigs/GuardCM.sol 89: event GovernorUpdated(address indexed governor); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L89-L89 ```solidity File: governance/contracts/multisigs/GuardCM.sol 90: event SetTargetSelectors(address[] indexed targets, bytes4[] indexed selectors, uint256[] chainIds, bool[] statuses); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L90-L90 ```solidity File: governance/contracts/multisigs/GuardCM.sol 91: event SetBridgeMediators(address[] indexed bridgeMediatorL1s, address[] indexed bridgeMediatorL2s, uint256[] chainIds); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L91-L91 ```solidity File: governance/contracts/multisigs/GuardCM.sol 92: event GovernorCheckProposalIdChanged(uint256 indexed proposalId); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L92-L92 ```solidity File: governance/contracts/multisigs/GuardCM.sol 93: event GuardPaused(address indexed account); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L93-L93 ```solidity File: governance/contracts/multisigs/GuardCM.sol 94: event GuardUnpaused(); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L94-L94 ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol 47: event FundsReceived(address indexed sender, uint256 value); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L47-L47 ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol 48: event RootGovernorUpdated(address indexed rootMessageSender); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L48-L48 ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol 49: event MessageReceived(uint256 indexed stateId, address indexed rootMessageSender, bytes data); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L49-L49 ```solidity File: governance/contracts/bridges/HomeMediator.sol 47: event FundsReceived(address indexed sender, uint256 value); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L47-L47 ```solidity File: governance/contracts/bridges/HomeMediator.sol 48: event ForeignGovernorUpdated(address indexed foreignMessageSender); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L48-L48 ```solidity File: governance/contracts/bridges/HomeMediator.sol 49: event MessageReceived(address indexed foreignMessageSender, bytes data); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L49-L49 ```solidity File: governance/contracts/bridges/BridgedERC20.sol 19: event OwnerUpdated(address indexed owner); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/BridgedERC20.sol#L19-L19 ```solidity File: governance/contracts/bridges/FxERC20ChildTunnel.sol 25: event FxDepositERC20(address indexed childToken, address indexed rootToken, address from, address indexed to, uint256 amount); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20ChildTunnel.sol#L25-L25 ```solidity File: governance/contracts/bridges/FxERC20ChildTunnel.sol 26: event FxWithdrawERC20(address indexed rootToken, address indexed childToken, address from, address indexed to, uint256 amount); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20ChildTunnel.sol#L26-L26 ```solidity File: governance/contracts/bridges/FxERC20RootTunnel.sol 25: event FxDepositERC20(address indexed childToken, address indexed rootToken, address from, address indexed to, uint256 amount); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20RootTunnel.sol#L25-L25 ```solidity File: governance/contracts/bridges/FxERC20RootTunnel.sol 26: event FxWithdrawERC20(address indexed rootToken, address indexed childToken, address from, address indexed to, uint256 amount); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20RootTunnel.sol#L26-L26 ```solidity File: registries/contracts/GenericRegistry.sol 10: event OwnerUpdated(address indexed owner); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L10-L10 ```solidity File: registries/contracts/GenericRegistry.sol 11: event ManagerUpdated(address indexed manager); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L11-L11 ```solidity File: registries/contracts/GenericRegistry.sol 12: event BaseURIChanged(string baseURI); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L12-L12 ```solidity File: registries/contracts/UnitRegistry.sol 9: event CreateUnit(uint256 unitId, UnitType uType, bytes32 unitHash); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L9-L9 ```solidity File: registries/contracts/UnitRegistry.sol 10: event UpdateUnitHash(uint256 unitId, UnitType uType, bytes32 unitHash); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L10-L10 ```solidity File: registries/contracts/GenericManager.sol 9: event OwnerUpdated(address indexed owner); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericManager.sol#L9-L9 ```solidity File: registries/contracts/GenericManager.sol 10: event Pause(address indexed owner); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericManager.sol#L10-L10 ```solidity File: registries/contracts/GenericManager.sol 11: event Unpause(address indexed owner); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericManager.sol#L11-L11 ```solidity File: tokenomics/contracts/Depository.sol 63: event OwnerUpdated(address indexed owner); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L63-L63 ```solidity File: tokenomics/contracts/Depository.sol 64: event TokenomicsUpdated(address indexed tokenomics); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L64-L64 ```solidity File: tokenomics/contracts/Depository.sol 65: event TreasuryUpdated(address indexed treasury); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L65-L65 ```solidity File: tokenomics/contracts/Depository.sol 66: event BondCalculatorUpdated(address indexed bondCalculator); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L66-L66 ```solidity File: tokenomics/contracts/Depository.sol 67: event CreateBond(address indexed token, uint256 indexed productId, address indexed owner, uint256 bondId, ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L67-L67 ```solidity File: tokenomics/contracts/Depository.sol 69: event RedeemBond(uint256 indexed productId, address indexed owner, uint256 bondId); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L69-L69 ```solidity File: tokenomics/contracts/Depository.sol 70: event CreateProduct(address indexed token, uint256 indexed productId, uint256 supply, uint256 priceLP, ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L70-L70 ```solidity File: tokenomics/contracts/Depository.sol 72: event CloseProduct(address indexed token, uint256 indexed productId, uint256 supply); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L72-L72 ```solidity File: tokenomics/contracts/Dispenser.sol 12: event OwnerUpdated(address indexed owner); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Dispenser.sol#L12-L12 ```solidity File: tokenomics/contracts/Dispenser.sol 13: event TokenomicsUpdated(address indexed tokenomics); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Dispenser.sol#L13-L13 ```solidity File: tokenomics/contracts/Dispenser.sol 14: event TreasuryUpdated(address indexed treasury); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Dispenser.sol#L14-L14 ```solidity File: tokenomics/contracts/Dispenser.sol 15: event IncentivesClaimed(address indexed owner, uint256 reward, uint256 topUp); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Dispenser.sol#L15-L15 ```solidity File: tokenomics/contracts/DonatorBlacklist.sol 21: event OwnerUpdated(address indexed owner); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/DonatorBlacklist.sol#L21-L21 ```solidity File: tokenomics/contracts/DonatorBlacklist.sol 22: event DonatorBlacklistStatus(address indexed account, bool status); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/DonatorBlacklist.sol#L22-L22 ```solidity File: tokenomics/contracts/Tokenomics.sol 119: event OwnerUpdated(address indexed owner); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L119-L119 ```solidity File: tokenomics/contracts/Tokenomics.sol 120: event TreasuryUpdated(address indexed treasury); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L120-L120 ```solidity File: tokenomics/contracts/Tokenomics.sol 121: event DepositoryUpdated(address indexed depository); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L121-L121 ```solidity File: tokenomics/contracts/Tokenomics.sol 122: event DispenserUpdated(address indexed dispenser); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L122-L122 ```solidity File: tokenomics/contracts/Tokenomics.sol 123: event EpochLengthUpdated(uint256 epochLen); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L123-L123 ```solidity File: tokenomics/contracts/Tokenomics.sol 124: event EffectiveBondUpdated(uint256 effectiveBond); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L124-L124 ```solidity File: tokenomics/contracts/Tokenomics.sol 125: event IDFUpdated(uint256 idf); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L125-L125 ```solidity File: tokenomics/contracts/Tokenomics.sol 126: event TokenomicsParametersUpdateRequested(uint256 indexed epochNumber, uint256 devsPerCapital, uint256 codePerDev, ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L126-L126 ```solidity File: tokenomics/contracts/Tokenomics.sol 128: event TokenomicsParametersUpdated(uint256 indexed epochNumber); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L128-L128 ```solidity File: tokenomics/contracts/Tokenomics.sol 129: event IncentiveFractionsUpdateRequested(uint256 indexed epochNumber, uint256 rewardComponentFraction, ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L129-L129 ```solidity File: tokenomics/contracts/Tokenomics.sol 131: event IncentiveFractionsUpdated(uint256 indexed epochNumber); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L131-L131 ```solidity File: tokenomics/contracts/Tokenomics.sol 132: event ComponentRegistryUpdated(address indexed componentRegistry); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L132-L132 ```solidity File: tokenomics/contracts/Tokenomics.sol 133: event AgentRegistryUpdated(address indexed agentRegistry); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L133-L133 ```solidity File: tokenomics/contracts/Tokenomics.sol 134: event ServiceRegistryUpdated(address indexed serviceRegistry); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L134-L134 ```solidity File: tokenomics/contracts/Tokenomics.sol 135: event DonatorBlacklistUpdated(address indexed blacklist); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L135-L135 ```solidity File: tokenomics/contracts/Tokenomics.sol 136: event EpochSettled(uint256 indexed epochCounter, uint256 treasuryRewards, uint256 accountRewards, uint256 accountTopUps); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L136-L136 ```solidity File: tokenomics/contracts/Tokenomics.sol 137: event TokenomicsImplementationUpdated(address indexed implementation); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L137-L137 ```solidity File: tokenomics/contracts/Treasury.sol 40: event OwnerUpdated(address indexed owner); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L40-L40 ```solidity File: tokenomics/contracts/Treasury.sol 41: event TokenomicsUpdated(address indexed tokenomics); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L41-L41 ```solidity File: tokenomics/contracts/Treasury.sol 42: event DepositoryUpdated(address indexed depository); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L42-L42 ```solidity File: tokenomics/contracts/Treasury.sol 43: event DispenserUpdated(address indexed dispenser); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L43-L43 ```solidity File: tokenomics/contracts/Treasury.sol 44: event DepositTokenFromAccount(address indexed account, address indexed token, uint256 tokenAmount, uint256 olasAmount); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L44-L44 ```solidity File: tokenomics/contracts/Treasury.sol 45: event DonateToServicesETH(address indexed sender, uint256[] serviceIds, uint256[] amounts, uint256 donation); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L45-L45 ```solidity File: tokenomics/contracts/Treasury.sol 46: event Withdraw(address indexed token, address indexed to, uint256 tokenAmount); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L46-L46 ```solidity File: tokenomics/contracts/Treasury.sol 47: event EnableToken(address indexed token); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L47-L47 ```solidity File: tokenomics/contracts/Treasury.sol 48: event DisableToken(address indexed token); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L48-L48 ```solidity File: tokenomics/contracts/Treasury.sol 49: event ReceiveETH(address indexed sender, uint256 amount); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L49-L49 ```solidity File: tokenomics/contracts/Treasury.sol 50: event UpdateTreasuryBalances(uint256 ETHOwned, uint256 ETHFromServices); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L50-L50 ```solidity File: tokenomics/contracts/Treasury.sol 51: event PauseTreasury(); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L51-L51 ```solidity File: tokenomics/contracts/Treasury.sol 52: event UnpauseTreasury(); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L52-L52 ```solidity File: tokenomics/contracts/Treasury.sol 53: event MinAcceptedETHUpdated(uint256 amount); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L53-L53 ### [N-101] Missing NatSpec `@notice` from event declaration *There are 75 instance(s) of this issue:* ```solidity File: governance/contracts/OLAS.sol 18: event MinterUpdated(address indexed minter); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L18-L18 ```solidity File: governance/contracts/OLAS.sol 19: event OwnerUpdated(address indexed owner); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L19-L19 ```solidity File: governance/contracts/veOLAS.sol 94: event Deposit(address indexed account, uint256 amount, uint256 locktime, DepositType depositType, uint256 ts); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L94-L94 ```solidity File: governance/contracts/veOLAS.sol 95: event Withdraw(address indexed account, uint256 amount, uint256 ts); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L95-L95 ```solidity File: governance/contracts/veOLAS.sol 96: event Supply(uint256 previousSupply, uint256 currentSupply); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L96-L96 ```solidity File: governance/contracts/multisigs/GuardCM.sol 89: event GovernorUpdated(address indexed governor); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L89-L89 ```solidity File: governance/contracts/multisigs/GuardCM.sol 90: event SetTargetSelectors(address[] indexed targets, bytes4[] indexed selectors, uint256[] chainIds, bool[] statuses); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L90-L90 ```solidity File: governance/contracts/multisigs/GuardCM.sol 91: event SetBridgeMediators(address[] indexed bridgeMediatorL1s, address[] indexed bridgeMediatorL2s, uint256[] chainIds); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L91-L91 ```solidity File: governance/contracts/multisigs/GuardCM.sol 92: event GovernorCheckProposalIdChanged(uint256 indexed proposalId); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L92-L92 ```solidity File: governance/contracts/multisigs/GuardCM.sol 93: event GuardPaused(address indexed account); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L93-L93 ```solidity File: governance/contracts/multisigs/GuardCM.sol 94: event GuardUnpaused(); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L94-L94 ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol 47: event FundsReceived(address indexed sender, uint256 value); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L47-L47 ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol 48: event RootGovernorUpdated(address indexed rootMessageSender); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L48-L48 ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol 49: event MessageReceived(uint256 indexed stateId, address indexed rootMessageSender, bytes data); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L49-L49 ```solidity File: governance/contracts/bridges/HomeMediator.sol 47: event FundsReceived(address indexed sender, uint256 value); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L47-L47 ```solidity File: governance/contracts/bridges/HomeMediator.sol 48: event ForeignGovernorUpdated(address indexed foreignMessageSender); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L48-L48 ```solidity File: governance/contracts/bridges/HomeMediator.sol 49: event MessageReceived(address indexed foreignMessageSender, bytes data); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L49-L49 ```solidity File: governance/contracts/bridges/BridgedERC20.sol 19: event OwnerUpdated(address indexed owner); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/BridgedERC20.sol#L19-L19 ```solidity File: governance/contracts/bridges/FxERC20ChildTunnel.sol 25: event FxDepositERC20(address indexed childToken, address indexed rootToken, address from, address indexed to, uint256 amount); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20ChildTunnel.sol#L25-L25 ```solidity File: governance/contracts/bridges/FxERC20ChildTunnel.sol 26: event FxWithdrawERC20(address indexed rootToken, address indexed childToken, address from, address indexed to, uint256 amount); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20ChildTunnel.sol#L26-L26 ```solidity File: governance/contracts/bridges/FxERC20RootTunnel.sol 25: event FxDepositERC20(address indexed childToken, address indexed rootToken, address from, address indexed to, uint256 amount); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20RootTunnel.sol#L25-L25 ```solidity File: governance/contracts/bridges/FxERC20RootTunnel.sol 26: event FxWithdrawERC20(address indexed rootToken, address indexed childToken, address from, address indexed to, uint256 amount); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20RootTunnel.sol#L26-L26 ```solidity File: registries/contracts/GenericRegistry.sol 10: event OwnerUpdated(address indexed owner); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L10-L10 ```solidity File: registries/contracts/GenericRegistry.sol 11: event ManagerUpdated(address indexed manager); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L11-L11 ```solidity File: registries/contracts/GenericRegistry.sol 12: event BaseURIChanged(string baseURI); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L12-L12 ```solidity File: registries/contracts/UnitRegistry.sol 9: event CreateUnit(uint256 unitId, UnitType uType, bytes32 unitHash); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L9-L9 ```solidity File: registries/contracts/UnitRegistry.sol 10: event UpdateUnitHash(uint256 unitId, UnitType uType, bytes32 unitHash); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L10-L10 ```solidity File: registries/contracts/GenericManager.sol 9: event OwnerUpdated(address indexed owner); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericManager.sol#L9-L9 ```solidity File: registries/contracts/GenericManager.sol 10: event Pause(address indexed owner); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericManager.sol#L10-L10 ```solidity File: registries/contracts/GenericManager.sol 11: event Unpause(address indexed owner); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericManager.sol#L11-L11 ```solidity File: tokenomics/contracts/Depository.sol 63: event OwnerUpdated(address indexed owner); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L63-L63 ```solidity File: tokenomics/contracts/Depository.sol 64: event TokenomicsUpdated(address indexed tokenomics); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L64-L64 ```solidity File: tokenomics/contracts/Depository.sol 65: event TreasuryUpdated(address indexed treasury); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L65-L65 ```solidity File: tokenomics/contracts/Depository.sol 66: event BondCalculatorUpdated(address indexed bondCalculator); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L66-L66 ```solidity File: tokenomics/contracts/Depository.sol 67: event CreateBond(address indexed token, uint256 indexed productId, address indexed owner, uint256 bondId, ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L67-L67 ```solidity File: tokenomics/contracts/Depository.sol 69: event RedeemBond(uint256 indexed productId, address indexed owner, uint256 bondId); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L69-L69 ```solidity File: tokenomics/contracts/Depository.sol 70: event CreateProduct(address indexed token, uint256 indexed productId, uint256 supply, uint256 priceLP, ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L70-L70 ```solidity File: tokenomics/contracts/Depository.sol 72: event CloseProduct(address indexed token, uint256 indexed productId, uint256 supply); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L72-L72 ```solidity File: tokenomics/contracts/Dispenser.sol 12: event OwnerUpdated(address indexed owner); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Dispenser.sol#L12-L12 ```solidity File: tokenomics/contracts/Dispenser.sol 13: event TokenomicsUpdated(address indexed tokenomics); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Dispenser.sol#L13-L13 ```solidity File: tokenomics/contracts/Dispenser.sol 14: event TreasuryUpdated(address indexed treasury); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Dispenser.sol#L14-L14 ```solidity File: tokenomics/contracts/Dispenser.sol 15: event IncentivesClaimed(address indexed owner, uint256 reward, uint256 topUp); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Dispenser.sol#L15-L15 ```solidity File: tokenomics/contracts/DonatorBlacklist.sol 21: event OwnerUpdated(address indexed owner); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/DonatorBlacklist.sol#L21-L21 ```solidity File: tokenomics/contracts/DonatorBlacklist.sol 22: event DonatorBlacklistStatus(address indexed account, bool status); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/DonatorBlacklist.sol#L22-L22 ```solidity File: tokenomics/contracts/Tokenomics.sol 119: event OwnerUpdated(address indexed owner); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L119-L119 ```solidity File: tokenomics/contracts/Tokenomics.sol 120: event TreasuryUpdated(address indexed treasury); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L120-L120 ```solidity File: tokenomics/contracts/Tokenomics.sol 121: event DepositoryUpdated(address indexed depository); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L121-L121 ```solidity File: tokenomics/contracts/Tokenomics.sol 122: event DispenserUpdated(address indexed dispenser); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L122-L122 ```solidity File: tokenomics/contracts/Tokenomics.sol 123: event EpochLengthUpdated(uint256 epochLen); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L123-L123 ```solidity File: tokenomics/contracts/Tokenomics.sol 124: event EffectiveBondUpdated(uint256 effectiveBond); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L124-L124 ```solidity File: tokenomics/contracts/Tokenomics.sol 125: event IDFUpdated(uint256 idf); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L125-L125 ```solidity File: tokenomics/contracts/Tokenomics.sol 126: event TokenomicsParametersUpdateRequested(uint256 indexed epochNumber, uint256 devsPerCapital, uint256 codePerDev, ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L126-L126 ```solidity File: tokenomics/contracts/Tokenomics.sol 128: event TokenomicsParametersUpdated(uint256 indexed epochNumber); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L128-L128 ```solidity File: tokenomics/contracts/Tokenomics.sol 129: event IncentiveFractionsUpdateRequested(uint256 indexed epochNumber, uint256 rewardComponentFraction, ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L129-L129 ```solidity File: tokenomics/contracts/Tokenomics.sol 131: event IncentiveFractionsUpdated(uint256 indexed epochNumber); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L131-L131 ```solidity File: tokenomics/contracts/Tokenomics.sol 132: event ComponentRegistryUpdated(address indexed componentRegistry); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L132-L132 ```solidity File: tokenomics/contracts/Tokenomics.sol 133: event AgentRegistryUpdated(address indexed agentRegistry); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L133-L133 ```solidity File: tokenomics/contracts/Tokenomics.sol 134: event ServiceRegistryUpdated(address indexed serviceRegistry); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L134-L134 ```solidity File: tokenomics/contracts/Tokenomics.sol 135: event DonatorBlacklistUpdated(address indexed blacklist); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L135-L135 ```solidity File: tokenomics/contracts/Tokenomics.sol 136: event EpochSettled(uint256 indexed epochCounter, uint256 treasuryRewards, uint256 accountRewards, uint256 accountTopUps); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L136-L136 ```solidity File: tokenomics/contracts/Tokenomics.sol 137: event TokenomicsImplementationUpdated(address indexed implementation); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L137-L137 ```solidity File: tokenomics/contracts/Treasury.sol 40: event OwnerUpdated(address indexed owner); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L40-L40 ```solidity File: tokenomics/contracts/Treasury.sol 41: event TokenomicsUpdated(address indexed tokenomics); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L41-L41 ```solidity File: tokenomics/contracts/Treasury.sol 42: event DepositoryUpdated(address indexed depository); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L42-L42 ```solidity File: tokenomics/contracts/Treasury.sol 43: event DispenserUpdated(address indexed dispenser); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L43-L43 ```solidity File: tokenomics/contracts/Treasury.sol 44: event DepositTokenFromAccount(address indexed account, address indexed token, uint256 tokenAmount, uint256 olasAmount); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L44-L44 ```solidity File: tokenomics/contracts/Treasury.sol 45: event DonateToServicesETH(address indexed sender, uint256[] serviceIds, uint256[] amounts, uint256 donation); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L45-L45 ```solidity File: tokenomics/contracts/Treasury.sol 46: event Withdraw(address indexed token, address indexed to, uint256 tokenAmount); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L46-L46 ```solidity File: tokenomics/contracts/Treasury.sol 47: event EnableToken(address indexed token); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L47-L47 ```solidity File: tokenomics/contracts/Treasury.sol 48: event DisableToken(address indexed token); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L48-L48 ```solidity File: tokenomics/contracts/Treasury.sol 49: event ReceiveETH(address indexed sender, uint256 amount); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L49-L49 ```solidity File: tokenomics/contracts/Treasury.sol 50: event UpdateTreasuryBalances(uint256 ETHOwned, uint256 ETHFromServices); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L50-L50 ```solidity File: tokenomics/contracts/Treasury.sol 51: event PauseTreasury(); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L51-L51 ```solidity File: tokenomics/contracts/Treasury.sol 52: event UnpauseTreasury(); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L52-L52 ```solidity File: tokenomics/contracts/Treasury.sol 53: event MinAcceptedETHUpdated(uint256 amount); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L53-L53 ### [N-102] Missing NatSpec `@notice` from function declaration *There are 240 instance(s) of this issue:* ```solidity File: governance/contracts/GovernorOLAS.sol 16: constructor( ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/GovernorOLAS.sol#L16-L16 ```solidity File: governance/contracts/GovernorOLAS.sol 31: /// @dev Current state of a proposal, following Compoundb�s convention. 32: /// @param proposalId Proposal Id. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/GovernorOLAS.sol#L31-L32 ```solidity File: governance/contracts/GovernorOLAS.sol 39: /// @dev Create a new proposal to change the protocol / contract parameters. 40: /// @param targets The ordered list of target addresses for calls to be made during proposal execution. 41: /// @param values The ordered list of values to be passed to the calls made during proposal execution. 42: /// @param calldatas The ordered list of data to be passed to each individual function call during proposal execution. 43: /// @param description A human readable description of the proposal and the changes it will enact. 44: /// @return The Id of the newly created proposal. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/GovernorOLAS.sol#L39-L44 ```solidity File: governance/contracts/GovernorOLAS.sol 55: /// @dev Gets the voting power for the proposal threshold. 56: /// @return The voting power required in order for a voter to become a proposer. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/GovernorOLAS.sol#L55-L56 ```solidity File: governance/contracts/GovernorOLAS.sol 62: /// @dev Executes a proposal. 63: /// @param proposalId Proposal Id. 64: /// @param targets The ordered list of target addresses. 65: /// @param values The ordered list of values. 66: /// @param calldatas The ordered list of data to be passed to each individual function call. 67: /// @param descriptionHash Hashed description of the proposal. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/GovernorOLAS.sol#L62-L67 ```solidity File: governance/contracts/GovernorOLAS.sol 79: /// @dev Cancels a proposal. 80: /// @param targets The ordered list of target addresses. 81: /// @param values The ordered list of values. 82: /// @param calldatas The ordered list of data to be passed to each individual function call. 83: /// @param descriptionHash Hashed description of the proposal. 84: /// @return The Id of the newly created proposal. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/GovernorOLAS.sol#L79-L84 ```solidity File: governance/contracts/GovernorOLAS.sol 95: /// @dev Gets the executor address. 96: /// @return Executor address. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/GovernorOLAS.sol#L95-L96 ```solidity File: governance/contracts/GovernorOLAS.sol 102: /// @dev Gets information about the interface support. 103: /// @param interfaceId A specified interface Id. 104: /// @return True if this contract implements the interface defined by interfaceId. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/GovernorOLAS.sol#L102-L104 ```solidity File: governance/contracts/Timelock.sol 10: constructor(uint256 minDelay, address[] memory proposers, address[] memory executors) ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/Timelock.sol#L10-L10 ```solidity File: governance/contracts/OLAS.sol 35: constructor() ERC20("Autonolas", "OLAS", 18) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L35-L35 ```solidity File: governance/contracts/OLAS.sol 41: /// @dev Changes the owner address. 42: /// @param newOwner Address of a new owner. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L41-L42 ```solidity File: governance/contracts/OLAS.sol 56: /// @dev Changes the minter address. 57: /// @param newMinter Address of a new minter. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L56-L57 ```solidity File: governance/contracts/OLAS.sol 96: /// @dev Gets the reminder of OLAS possible for the mint. 97: /// @return remainder OLAS token remainder. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L96-L97 ```solidity File: governance/contracts/OLAS.sol 116: /// @dev Burns OLAS tokens. 117: /// @param amount OLAS token amount to burn. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L116-L117 ```solidity File: governance/contracts/veOLAS.sol 128: /// @dev Contract constructor 129: /// @param _token Token address. 130: /// @param _name Token name. 131: /// @param _symbol Token symbol. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L128-L131 ```solidity File: governance/contracts/veOLAS.sol 142: /// @dev Gets the most recently recorded user point for `account`. 143: /// @param account Account address. 144: /// @return pv Last checkpoint. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L142-L144 ```solidity File: governance/contracts/veOLAS.sol 152: /// @dev Gets the number of user points. 153: /// @param account Account address. 154: /// @return accountNumPoints Number of user points. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L152-L154 ```solidity File: governance/contracts/veOLAS.sol 168: /// @dev Record global and per-user data to checkpoint. 169: /// @param account Account address. User checkpoint is skipped if the address is zero. 170: /// @param oldLocked Previous locked amount / end lock time for the user. 171: /// @param newLocked New locked amount / end lock time for the user. 172: /// @param curSupply Current total supply (to avoid using a storage total supply variable) ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L168-L172 ```solidity File: governance/contracts/veOLAS.sol 319: /// @dev Record global data to checkpoint. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L319-L319 ```solidity File: governance/contracts/veOLAS.sol 324: /// @dev Deposits and locks tokens for a specified account. 325: /// @param account Target address for the locked amount. 326: /// @param amount Amount to deposit. 327: /// @param unlockTime New time when to unlock the tokens, or 0 if unchanged. 328: /// @param lockedBalance Previous locked amount / end time. 329: /// @param depositType Deposit type. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L324-L329 ```solidity File: governance/contracts/veOLAS.sol 371: /// @dev Deposits `amount` tokens for `account` and adds to the lock. 372: /// @dev Anyone (even a smart contract) can deposit for someone else, but 373: /// cannot extend their locktime and deposit for a brand new user. 374: /// @param account Account address. 375: /// @param amount Amount to add. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L371-L375 ```solidity File: governance/contracts/veOLAS.sol 399: /// @dev Deposits `amount` tokens for `msg.sender` and locks for `unlockTime`. 400: /// @param amount Amount to deposit. 401: /// @param unlockTime Time when tokens unlock, rounded down to a whole week. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L399-L401 ```solidity File: governance/contracts/veOLAS.sol 456: /// @dev Deposits `amount` additional tokens for `msg.sender` without modifying the unlock time. 457: /// @param amount Amount of tokens to deposit and add to the lock. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L456-L457 ```solidity File: governance/contracts/veOLAS.sol 481: /// @dev Extends the unlock time. 482: /// @param unlockTime New tokens unlock time. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L481-L482 ```solidity File: governance/contracts/veOLAS.sol 509: /// @dev Withdraws all tokens for `msg.sender`. Only possible if the lock has expired. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L509-L509 ```solidity File: governance/contracts/veOLAS.sol 537: /// @dev Finds a closest point that has a specified block number. 538: /// @param blockNumber Block to find. 539: /// @param account Account address for user points. 540: /// @return point Point with the approximate index number for the specified block. 541: /// @return minPointNumber Point number. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L537-L541 ```solidity File: governance/contracts/veOLAS.sol 589: /// @dev Gets the voting power for an `account` at time `ts`. 590: /// @param account Account address. 591: /// @param ts Time to get voting power at. 592: /// @return vBalance Account voting power. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L589-L592 ```solidity File: governance/contracts/veOLAS.sol 604: /// @dev Gets the account balance in native token. 605: /// @param account Account address. 606: /// @return balance Account balance. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L604-L606 ```solidity File: governance/contracts/veOLAS.sol 611: /// @dev Gets the `account`'s lock end time. 612: /// @param account Account address. 613: /// @return unlockTime Lock end time. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L611-L613 ```solidity File: governance/contracts/veOLAS.sol 618: /// @dev Gets the account balance at a specific block number. 619: /// @param account Account address. 620: /// @param blockNumber Block number. 621: /// @return balance Account balance. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L618-L621 ```solidity File: governance/contracts/veOLAS.sol 631: /// @dev Gets the voting power. 632: /// @param account Account address. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L631-L632 ```solidity File: governance/contracts/veOLAS.sol 668: /// @dev Gets voting power at a specific block number. 669: /// @param account Account address. 670: /// @param blockNumber Block number. 671: /// @return balance Voting balance / power. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L668-L671 ```solidity File: governance/contracts/veOLAS.sol 686: /// @dev Calculate total voting power at some point in the past. 687: /// @param lastPoint The point (bias/slope) to start the search from. 688: /// @param ts Time to calculate the total voting power at. 689: /// @return vSupply Total voting power at that time. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L686-L689 ```solidity File: governance/contracts/veOLAS.sol 717: /// @dev Gets total token supply. 718: /// @return Total token supply. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L717-L718 ```solidity File: governance/contracts/veOLAS.sol 723: /// @dev Gets total token supply at a specific block number. 724: /// @param blockNumber Block number. 725: /// @return supplyAt Supply at the specified block number. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L723-L725 ```solidity File: governance/contracts/veOLAS.sol 735: /// @dev Calculates total voting power at time `ts`. 736: /// @param ts Time to get total voting power at. 737: /// @return Total voting power. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L735-L737 ```solidity File: governance/contracts/veOLAS.sol 743: /// @dev Calculates current total voting power. 744: /// @return Total voting power. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L743-L744 ```solidity File: governance/contracts/veOLAS.sol 749: /// @dev Calculate total voting power at some point in the past. 750: /// @param blockNumber Block number to calculate the total voting power at. 751: /// @return Total voting power. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L749-L751 ```solidity File: governance/contracts/veOLAS.sol 758: /// @dev Gets information about the interface support. 759: /// @param interfaceId A specified interface Id. 760: /// @return True if this contract implements the interface defined by interfaceId. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L758-L760 ```solidity File: governance/contracts/veOLAS.sol 766: /// @dev Reverts the transfer of this token. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L766-L766 ```solidity File: governance/contracts/veOLAS.sol 771: /// @dev Reverts the approval of this token. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L771-L771 ```solidity File: governance/contracts/veOLAS.sol 776: /// @dev Reverts the transferFrom of this token. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L776-L776 ```solidity File: governance/contracts/veOLAS.sol 781: /// @dev Reverts the allowance of this token. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L781-L781 ```solidity File: governance/contracts/veOLAS.sol 787: /// @dev Reverts delegates of this token. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L787-L787 ```solidity File: governance/contracts/veOLAS.sol 793: /// @dev Reverts delegate for this token. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L793-L793 ```solidity File: governance/contracts/veOLAS.sol 799: /// @dev Reverts delegateBySig for this token. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L799-L799 ```solidity File: governance/contracts/wveOLAS.sol 14: /// @dev Gets the total number of supply points. 15: /// @return numPoints Number of supply points. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L14-L15 ```solidity File: governance/contracts/wveOLAS.sol 18: /// @dev Gets the supply point of a specified index. 19: /// @param idx Supply point number. 20: /// @return sPoint Supply point. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L18-L20 ```solidity File: governance/contracts/wveOLAS.sol 23: /// @dev Gets the slope change for a specific timestamp. 24: /// @param ts Timestamp. 25: /// @return slopeChange Signed slope change. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L23-L25 ```solidity File: governance/contracts/wveOLAS.sol 28: /// @dev Gets the most recently recorded user point for `account`. 29: /// @param account Account address. 30: /// @return pv Last checkpoint. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L28-L30 ```solidity File: governance/contracts/wveOLAS.sol 33: /// @dev Gets the number of user points. 34: /// @param account Account address. 35: /// @return userNumPoints Number of user points. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L33-L35 ```solidity File: governance/contracts/wveOLAS.sol 45: /// @dev Gets voting power at a specific block number. 46: /// @param account Account address. 47: /// @param blockNumber Block number. 48: /// @return balance Voting balance / power. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L45-L48 ```solidity File: governance/contracts/wveOLAS.sol 51: /// @dev Gets the account balance in native token. 52: /// @param account Account address. 53: /// @return balance Account balance. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L51-L53 ```solidity File: governance/contracts/wveOLAS.sol 56: /// @dev Gets the account balance at a specific block number. 57: /// @param account Account address. 58: /// @param blockNumber Block number. 59: /// @return balance Account balance. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L56-L59 ```solidity File: governance/contracts/wveOLAS.sol 62: /// @dev Gets the `account`'s lock end time. 63: /// @param account Account address. 64: /// @return unlockTime Lock end time. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L62-L64 ```solidity File: governance/contracts/wveOLAS.sol 67: /// @dev Gets the voting power. 68: /// @param account Account address. 69: /// @return balance Account balance. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L67-L69 ```solidity File: governance/contracts/wveOLAS.sol 72: /// @dev Gets total token supply. 73: /// @return supply Total token supply. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L72-L73 ```solidity File: governance/contracts/wveOLAS.sol 76: /// @dev Gets total token supply at a specific block number. 77: /// @param blockNumber Block number. 78: /// @return supplyAt Supply at the specified block number. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L76-L78 ```solidity File: governance/contracts/wveOLAS.sol 81: /// @dev Calculates total voting power at time `ts`. 82: /// @param ts Time to get total voting power at. 83: /// @return vPower Total voting power. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L81-L83 ```solidity File: governance/contracts/wveOLAS.sol 86: /// @dev Calculates current total voting power. 87: /// @return vPower Total voting power. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L86-L87 ```solidity File: governance/contracts/wveOLAS.sol 90: /// @dev Calculate total voting power at some point in the past. 91: /// @param blockNumber Block number to calculate the total voting power at. 92: /// @return vPower Total voting power. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L90-L92 ```solidity File: governance/contracts/wveOLAS.sol 95: /// @dev Gets information about the interface support. 96: /// @param interfaceId A specified interface Id. 97: /// @return True if this contract implements the interface defined by interfaceId. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L95-L97 ```solidity File: governance/contracts/wveOLAS.sol 100: /// @dev Reverts the allowance of this token. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L100-L100 ```solidity File: governance/contracts/wveOLAS.sol 103: /// @dev Reverts delegates of this token. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L103-L103 ```solidity File: governance/contracts/wveOLAS.sol 142: /// @dev TokenomicsProxy constructor. 143: /// @param _ve veOLAS address. 144: /// @param _token OLAS address. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L142-L144 ```solidity File: governance/contracts/wveOLAS.sol 154: /// @dev Gets the total number of supply points. 155: /// @return numPoints Number of supply points. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L154-L155 ```solidity File: governance/contracts/wveOLAS.sol 160: /// @dev Gets the supply point of a specified index. 161: /// @param idx Supply point number. 162: /// @return sPoint Supply point. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L160-L162 ```solidity File: governance/contracts/wveOLAS.sol 167: /// @dev Gets the slope change for a specific timestamp. 168: /// @param ts Timestamp. 169: /// @return slopeChange Signed slope change. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L167-L169 ```solidity File: governance/contracts/wveOLAS.sol 174: /// @dev Gets the most recently recorded user point for `account`. 175: /// @param account Account address. 176: /// @return pv Last checkpoint. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L174-L176 ```solidity File: governance/contracts/wveOLAS.sol 181: /// @dev Gets the number of user points. 182: /// @param account Account address. 183: /// @return userNumPoints Number of user points. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L181-L183 ```solidity File: governance/contracts/wveOLAS.sol 201: /// @dev Gets the voting power. 202: /// @param account Account address. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L201-L202 ```solidity File: governance/contracts/wveOLAS.sol 207: /// @dev Gets voting power at a specific block number. 208: /// @param account Account address. 209: /// @param blockNumber Block number. 210: /// @return balance Voting balance / power. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L207-L210 ```solidity File: governance/contracts/wveOLAS.sol 220: /// @dev Gets the account balance in native token. 221: /// @param account Account address. 222: /// @return balance Account balance. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L220-L222 ```solidity File: governance/contracts/wveOLAS.sol 227: /// @dev Gets the account balance at a specific block number. 228: /// @param account Account address. 229: /// @param blockNumber Block number. 230: /// @return balance Account balance. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L227-L230 ```solidity File: governance/contracts/wveOLAS.sol 240: /// @dev Gets the `account`'s lock end time. 241: /// @param account Account address. 242: /// @return unlockTime Lock end time. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L240-L242 ```solidity File: governance/contracts/wveOLAS.sol 247: /// @dev Gets total token supply. 248: /// @return supply Total token supply. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L247-L248 ```solidity File: governance/contracts/wveOLAS.sol 253: /// @dev Gets total token supply at a specific block number. 254: /// @param blockNumber Block number. 255: /// @return supplyAt Supply at the specified block number. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L253-L255 ```solidity File: governance/contracts/wveOLAS.sol 260: /// @dev Calculates total voting power at time `ts` that must be greater than the last supply point timestamp. 261: /// @param ts Time to get total voting power at. 262: /// @return vPower Total voting power. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L260-L262 ```solidity File: governance/contracts/wveOLAS.sol 275: /// @dev Calculates current total voting power. 276: /// @return vPower Total voting power. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L275-L276 ```solidity File: governance/contracts/wveOLAS.sol 289: /// @dev Gets information about the interface support. 290: /// @param interfaceId A specified interface Id. 291: /// @return True if this contract implements the interface defined by interfaceId. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L289-L291 ```solidity File: governance/contracts/wveOLAS.sol 296: /// @dev Reverts the transfer of this token. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L296-L296 ```solidity File: governance/contracts/wveOLAS.sol 301: /// @dev Reverts the approval of this token. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L301-L301 ```solidity File: governance/contracts/wveOLAS.sol 306: /// @dev Reverts the transferFrom of this token. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L306-L306 ```solidity File: governance/contracts/wveOLAS.sol 311: /// @dev Reverts the allowance of this token. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L311-L311 ```solidity File: governance/contracts/wveOLAS.sol 316: /// @dev Reverts delegates of this token. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L316-L316 ```solidity File: governance/contracts/wveOLAS.sol 321: /// @dev Reverts delegate for this token. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L321-L321 ```solidity File: governance/contracts/wveOLAS.sol 327: /// @dev Reverts delegateBySig for this token. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L327-L327 ```solidity File: governance/contracts/wveOLAS.sol 333: /// @dev Reverts other calls such that the original veOLAS is used. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L333-L333 ```solidity File: governance/contracts/multisigs/GuardCM.sol 7: function state(uint256 proposalId) external returns (ProposalState); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L7-L7 ```solidity File: governance/contracts/multisigs/GuardCM.sol 134: /// @dev GuardCM constructor. 135: /// @param _timelock Timelock address. 136: /// @param _multisig Community multisig address. 137: /// @param _governor Governor address. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L134-L137 ```solidity File: governance/contracts/multisigs/GuardCM.sol 152: /// @dev Changes the governor. 153: /// @param newGovernor Address of a new governor. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L152-L153 ```solidity File: governance/contracts/multisigs/GuardCM.sol 168: /// @dev Changes the governor check proposal Id. 169: /// @param proposalId Governor check proposal Id. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L168-L169 ```solidity File: governance/contracts/multisigs/GuardCM.sol 248: /// @dev Processes bridged data: checks the header and verifies the payload. 249: /// @param data Full data bytes with the header. 250: /// @param bridgeMediatorL2 Address of a bridged mediator on L2. 251: /// @param chainId L2 chain Id. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L248-L251 ```solidity File: governance/contracts/multisigs/GuardCM.sol 334: /// @dev Verifies authorized target and selector in the schedule or scheduleBatch function call. 335: /// @param data Data in bytes. 336: /// @param selector Schedule function selector. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L334-L336 ```solidity File: governance/contracts/multisigs/GuardCM.sol 559: /// @dev Unpauses the guard restricting the CM functionality back. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L559-L559 ```solidity File: governance/contracts/multisigs/GuardCM.sol 571: /// @dev Guards the multisig call after its execution. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L571-L571 ```solidity File: governance/contracts/multisigs/GuardCM.sol 574: /// @dev Gets the status of a target-selector-chainId combination. 575: /// @param target Target address. 576: /// @param selector Selector for a target. 577: /// @param chainId Corresponding chain Id. 578: /// @return status True, if the target-selector-chainId combination is authorized. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L574-L578 ```solidity File: governance/contracts/multisigs/GuardCM.sol 593: /// @dev Gets the address of a bridge mediator contract address on L2 and corresponding L2 chain Id. 594: /// @param bridgeMediatorL1 Bridge mediator contract addresses on L1. 595: /// @return bridgeMediatorL2 Corresponding bridge mediator contract addresses on L2. 596: /// @return chainId Corresponding L2 chain Ids. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L593-L596 ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol 6: function processMessageFromRoot(uint256 stateId, address rootMessageSender, bytes memory data) external; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L6-L6 ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol 59: /// @dev FxGovernorTunnel constructor. 60: /// @param _fxChild Fx Child address. 61: /// @param _rootGovernor Root Governor address. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L59-L61 ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol 72: /// @dev Receives native network token. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L72-L72 ```solidity File: governance/contracts/bridges/HomeMediator.sol 6: function messageSender() external view returns (address); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L6-L6 ```solidity File: governance/contracts/bridges/HomeMediator.sol 59: /// @dev HomeMediator constructor. 60: /// @param _AMBContractProxyHome AMB Contract Proxy (Home) address (Gnosis). 61: /// @param _foreignGovernor Foreign Governor address (ETH). ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L59-L61 ```solidity File: governance/contracts/bridges/HomeMediator.sol 72: /// @dev Receives native network token. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L72-L72 ```solidity File: governance/contracts/bridges/BridgedERC20.sol 24: constructor(string memory _name, string memory _symbol, uint8 _decimals) ERC20(_name, _symbol, _decimals) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/BridgedERC20.sol#L24-L24 ```solidity File: governance/contracts/bridges/BridgedERC20.sol 28: /// @dev Changes the owner address. 29: /// @param newOwner Address of a new owner. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/BridgedERC20.sol#L28-L29 ```solidity File: governance/contracts/bridges/BridgedERC20.sol 45: /// @dev Mints bridged tokens. 46: /// @param account Account address. 47: /// @param amount Bridged token amount. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/BridgedERC20.sol#L45-L47 ```solidity File: governance/contracts/bridges/BridgedERC20.sol 57: /// @dev Burns bridged tokens. 58: /// @param amount Bridged token amount to burn. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/BridgedERC20.sol#L57-L58 ```solidity File: governance/contracts/bridges/FxERC20ChildTunnel.sol 33: /// @dev FxERC20ChildTunnel constructor. 34: /// @param _fxChild Fx Child contract address. 35: /// @param _childToken L2 token address. 36: /// @param _rootToken Corresponding L1 token address. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20ChildTunnel.sol#L33-L36 ```solidity File: governance/contracts/bridges/FxERC20ChildTunnel.sol 54: /// @dev Deposits tokens on L2 in order to obtain their corresponding bridged version on L1 by a specified address. 55: /// @param to Destination address on L1. 56: /// @param amount Token amount to be deposited. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20ChildTunnel.sol#L54-L56 ```solidity File: governance/contracts/bridges/FxERC20ChildTunnel.sol 87: /// @dev Deposits tokens on L2 to get their representation on L1 by a specified address. 88: /// @param to Destination address on L1. 89: /// @param amount Token amount to be deposited. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20ChildTunnel.sol#L87-L89 ```solidity File: governance/contracts/bridges/FxERC20RootTunnel.sol 33: /// @dev FxERC20RootTunnel constructor. 34: /// @param _checkpointManager Checkpoint manager contract. 35: /// @param _fxRoot Fx Root contract address. 36: /// @param _childToken L2 token address. 37: /// @param _rootToken Corresponding L1 token address. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20RootTunnel.sol#L33-L37 ```solidity File: governance/contracts/bridges/FxERC20RootTunnel.sol 58: /// @dev Withdraws bridged tokens on L1 in order to obtain their original version on L2 by a specified address. 59: /// @param to Destination address on L2. 60: /// @param amount Token amount to be withdrawn. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20RootTunnel.sol#L58-L60 ```solidity File: governance/contracts/bridges/FxERC20RootTunnel.sol 70: /// @dev Receives the token message from L2 and transfers bridged tokens to a specified address. 71: /// @param message Incoming bridge message. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20RootTunnel.sol#L70-L71 ```solidity File: governance/contracts/interfaces/IERC20.sol 6: /// @dev Gets the amount of tokens owned by a specified account. 7: /// @param account Account address. 8: /// @return Amount of tokens owned. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/interfaces/IERC20.sol#L6-L8 ```solidity File: governance/contracts/interfaces/IERC20.sol 11: /// @dev Gets the total amount of tokens stored by the contract. 12: /// @return Amount of tokens. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/interfaces/IERC20.sol#L11-L12 ```solidity File: governance/contracts/interfaces/IERC20.sol 15: /// @dev Gets remaining number of tokens that the `spender` can transfer on behalf of `owner`. 16: /// @param owner Token owner. 17: /// @param spender Account address that is able to transfer tokens on behalf of the owner. 18: /// @return Token amount allowed to be transferred. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/interfaces/IERC20.sol#L15-L18 ```solidity File: governance/contracts/interfaces/IERC20.sol 21: /// @dev Sets `amount` as the allowance of `spender` over the caller's tokens. 22: /// @param spender Account address that will be able to transfer tokens on behalf of the caller. 23: /// @param amount Token amount. 24: /// @return True if the function execution is successful. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/interfaces/IERC20.sol#L21-L24 ```solidity File: governance/contracts/interfaces/IERC20.sol 27: /// @dev Transfers the token amount. 28: /// @param to Address to transfer to. 29: /// @param amount The amount to transfer. 30: /// @return True if the function execution is successful. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/interfaces/IERC20.sol#L27-L30 ```solidity File: governance/contracts/interfaces/IERC20.sol 33: /// @dev Transfers the token amount that was previously approved up until the maximum allowance. 34: /// @param from Account address to transfer from. 35: /// @param to Account address to transfer to. 36: /// @param amount Amount to transfer to. 37: /// @return True if the function execution is successful. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/interfaces/IERC20.sol#L33-L37 ```solidity File: governance/contracts/interfaces/IERC20.sol 40: /// @dev Mints tokens. 41: /// @param account Account address. 42: /// @param amount Token amount. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/interfaces/IERC20.sol#L40-L42 ```solidity File: governance/contracts/interfaces/IERC20.sol 45: /// @dev Burns tokens. 46: /// @param amount Token amount to burn. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/interfaces/IERC20.sol#L45-L46 ```solidity File: registries/contracts/GenericRegistry.sol 35: /// @dev Changes the owner address. 36: /// @param newOwner Address of a new owner. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L35-L36 ```solidity File: registries/contracts/GenericRegistry.sol 52: /// @dev Changes the unit manager. 53: /// @param newManager Address of a new unit manager. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L52-L53 ```solidity File: registries/contracts/GenericRegistry.sol 76: /// @dev Sets unit base URI. 77: /// @param bURI Base URI string. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L76-L77 ```solidity File: registries/contracts/GenericRegistry.sol 126: /// @dev Gets the hash of the unit. 127: /// @param unitId Unit Id. 128: /// @return Unit hash. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L126-L128 ```solidity File: registries/contracts/UnitRegistry.sol 35: constructor(UnitType _unitType) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L35-L35 ```solidity File: registries/contracts/UnitRegistry.sol 39: /// @dev Checks the provided component dependencies. 40: /// @param dependencies Set of component dependencies. 41: /// @param maxUnitId Maximum unit Id. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L39-L41 ```solidity File: registries/contracts/UnitRegistry.sol 44: /// @dev Creates unit. 45: /// @param unitOwner Owner of the unit. 46: /// @param unitHash IPFS CID hash of the unit. 47: /// @param dependencies Set of unit dependencies in a sorted ascending order (unit Ids). 48: /// @return unitId The id of a minted unit. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L44-L48 ```solidity File: registries/contracts/UnitRegistry.sol 116: /// @dev Updates the unit hash. 117: /// @param unitOwner Owner of the unit. 118: /// @param unitId Unit Id. 119: /// @param unitHash Updated IPFS hash of the unit. 120: /// @return success True, if function executed successfully. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L116-L120 ```solidity File: registries/contracts/UnitRegistry.sol 149: /// @dev Gets the unit instance. 150: /// @param unitId Unit Id. 151: /// @return unit Corresponding Unit struct. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L149-L151 ```solidity File: registries/contracts/UnitRegistry.sol 156: /// @dev Gets unit dependencies. 157: /// @param unitId Unit Id. 158: /// @return numDependencies The number of units in the dependency list. 159: /// @return dependencies The list of unit dependencies. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L156-L159 ```solidity File: registries/contracts/UnitRegistry.sol 167: /// @dev Gets updated unit hashes. 168: /// @param unitId Unit Id. 169: /// @return numHashes Number of hashes. 170: /// @return unitHashes The list of updated unit hashes (without the primary one). ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L167-L170 ```solidity File: registries/contracts/UnitRegistry.sol 178: /// @dev Gets the set of subcomponent Ids from a local map of subcomponent. 179: /// @param unitId Component Id. 180: /// @return subComponentIds Set of subcomponent Ids. 181: /// @return numSubComponents Number of subcomponents. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L178-L181 ```solidity File: registries/contracts/UnitRegistry.sol 189: /// @dev Gets subcomponents of a provided unit Id. 190: /// @param subcomponentsFromType Type of the unit: component or agent. 191: /// @param unitId Unit Id. 192: /// @return subComponentIds Set of subcomponents. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L189-L192 ```solidity File: registries/contracts/UnitRegistry.sol 196: /// @dev Calculates the set of subcomponent Ids. 197: /// @param subcomponentsFromType Type of the unit: component or agent. 198: /// @param unitIds Unit Ids. 199: /// @return subComponentIds Subcomponent Ids. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L196-L199 ```solidity File: registries/contracts/UnitRegistry.sol 267: /// @dev Gets the hash of the unit. 268: /// @param unitId Unit Id. 269: /// @return Unit hash. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L267-L269 ```solidity File: registries/contracts/ComponentRegistry.sol 12: /// @dev Component registry constructor. 13: /// @param _name Component registry contract name. 14: /// @param _symbol Component registry contract symbol. 15: /// @param _baseURI Component registry token base URI. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/ComponentRegistry.sol#L12-L15 ```solidity File: registries/contracts/ComponentRegistry.sol 24: /// @dev Checks provided component dependencies. 25: /// @param dependencies Set of component dependencies. 26: /// @param maxComponentId Maximum component Id. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/ComponentRegistry.sol#L24-L26 ```solidity File: registries/contracts/AgentRegistry.sol 15: /// @dev Agent registry constructor. 16: /// @param _name Agent registry contract name. 17: /// @param _symbol Agent registry contract symbol. 18: /// @param _baseURI Agent registry token base URI. 19: /// @param _componentRegistry Component registry address. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/AgentRegistry.sol#L15-L19 ```solidity File: registries/contracts/AgentRegistry.sol 29: /// @dev Checks provided component dependencies. 30: /// @param dependencies Set of component dependencies. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/AgentRegistry.sol#L29-L30 ```solidity File: registries/contracts/GenericManager.sol 18: /// @dev Changes the owner address. 19: /// @param newOwner Address of a new owner. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericManager.sol#L18-L19 ```solidity File: registries/contracts/GenericManager.sol 35: /// @dev Pauses the contract. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericManager.sol#L35-L35 ```solidity File: registries/contracts/GenericManager.sol 46: /// @dev Unpauses the contract. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericManager.sol#L46-L46 ```solidity File: registries/contracts/RegistriesManager.sol 15: constructor(address _componentRegistry, address _agentRegistry) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/RegistriesManager.sol#L15-L15 ```solidity File: registries/contracts/RegistriesManager.sol 21: /// @dev Creates component / agent. 22: /// @param unitType Unit type (component or agent). 23: /// @param unitOwner Owner of the component / agent. 24: /// @param unitHash IPFS hash of the component / agent. 25: /// @param dependencies Set of component dependencies in a sorted ascending order. 26: /// @return unitId The id of a created component / agent. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/RegistriesManager.sol#L21-L26 ```solidity File: registries/contracts/RegistriesManager.sol 45: /// @dev Updates the component / agent hash. 46: /// @param unitType Unit type (component or agent). 47: /// @param unitId Agent Id. 48: /// @param unitHash Updated IPFS hash of the component / agent. 49: /// @return success True, if function executed successfully. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/RegistriesManager.sol#L45-L49 ```solidity File: registries/contracts/multisigs/GnosisSafeMultisig.sol 6: /// @dev Allows to create new proxy contact and execute a message call to the new proxy within one transaction. 7: /// @param _singleton Address of singleton contract. 8: /// @param initializer Payload for message call sent to new proxy contract. 9: /// @param saltNonce Nonce that will be used to generate the salt to calculate the address of the new proxy contract. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeMultisig.sol#L6-L9 ```solidity File: registries/contracts/multisigs/GnosisSafeMultisig.sol 34: /// @dev GnosisSafeMultisig constructor. 35: /// @param _gnosisSafe Gnosis Safe address. 36: /// @param _gnosisSafeProxyFactory Gnosis Safe proxy factory address. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeMultisig.sol#L34-L36 ```solidity File: registries/contracts/multisigs/GnosisSafeMultisig.sol 86: /// @dev Creates a gnosis safe multisig. 87: /// @param owners Set of multisig owners. 88: /// @param threshold Number of required confirmations for a multisig transaction. 89: /// @param data Packed data related to the creation of a chosen multisig. 90: /// @return multisig Address of a created multisig. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeMultisig.sol#L86-L90 ```solidity File: registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol 6: /// @dev Gets set of owners. 7: /// @return Set of Safe owners. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol#L6-L7 ```solidity File: registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol 10: /// @dev Gets threshold. 11: /// @return Threshold ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol#L10-L11 ```solidity File: registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol 58: /// @dev GnosisSafeSameAddressMultisig constructor. 59: /// @param _proxyHash Approved multisig proxy hash. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol#L58-L59 ```solidity File: registries/contracts/interfaces/IRegistry.sol 11: /// @dev Creates component / agent. 12: /// @param unitOwner Owner of the component / agent. 13: /// @param unitHash IPFS hash of the component / agent. 14: /// @param dependencies Set of component dependencies in a sorted ascending order. 15: /// @return The id of a minted component / agent. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/interfaces/IRegistry.sol#L11-L15 ```solidity File: registries/contracts/interfaces/IRegistry.sol 22: /// @dev Updates the component / agent hash. 23: /// @param owner Owner of the component / agent. 24: /// @param unitId Unit Id. 25: /// @param unitHash Updated IPFS hash of the component / agent. 26: /// @return success True, if function executed successfully. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/interfaces/IRegistry.sol#L22-L26 ```solidity File: registries/contracts/interfaces/IRegistry.sol 29: /// @dev Gets subcomponents of a provided unit Id from a local public map. 30: /// @param unitId Unit Id. 31: /// @return subComponentIds Set of subcomponents. 32: /// @return numSubComponents Number of subcomponents. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/interfaces/IRegistry.sol#L29-L32 ```solidity File: registries/contracts/interfaces/IRegistry.sol 35: /// @dev Calculates the set of subcomponent Ids. 36: /// @param unitIds Set of unit Ids. 37: /// @return subComponentIds Subcomponent Ids. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/interfaces/IRegistry.sol#L35-L37 ```solidity File: registries/contracts/interfaces/IRegistry.sol 40: /// @dev Gets updated component / agent hashes. 41: /// @param unitId Unit Id. 42: /// @return numHashes Number of hashes. 43: /// @return unitHashes The list of component / agent hashes. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/interfaces/IRegistry.sol#L40-L43 ```solidity File: registries/contracts/interfaces/IRegistry.sol 46: /// @dev Gets the total supply of components / agents. 47: /// @return Total supply. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/interfaces/IRegistry.sol#L46-L47 ```solidity File: tokenomics/contracts/Depository.sol 102: /// @dev Depository constructor. 103: /// @param _olas OLAS token address. 104: /// @param _treasury Treasury address. 105: /// @param _tokenomics Tokenomics address. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L102-L105 ```solidity File: tokenomics/contracts/Depository.sol 120: /// @dev Changes the owner address. 121: /// @param newOwner Address of a new owner. 122: /// #if_succeeds {:msg "Changing owner"} old(owner) == msg.sender ==> owner == newOwner; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L120-L122 ```solidity File: tokenomics/contracts/Depository.sol 138: /// @dev Changes various managing contract addresses. 139: /// @param _tokenomics Tokenomics address. 140: /// @param _treasury Treasury address. 141: /// #if_succeeds {:msg "tokenomics changed"} _tokenomics != address(0) ==> tokenomics == _tokenomics; 142: /// #if_succeeds {:msg "treasury changed"} _treasury != address(0) ==> treasury == _treasury; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L138-L142 ```solidity File: tokenomics/contracts/Depository.sol 161: /// @dev Changes Bond Calculator contract address 162: /// #if_succeeds {:msg "bondCalculator changed"} _bondCalculator != address(0) ==> bondCalculator == _bondCalculator; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L161-L162 ```solidity File: tokenomics/contracts/Depository.sol 175: /// @dev Creates a new bond product. 176: /// @param token LP token to be deposited for pairs like OLAS-DAI, OLAS-ETH, etc. 177: /// @param priceLP LP token price with 18 additional decimals. 178: /// @param supply Supply in OLAS tokens. 179: /// @param vesting Vesting period (in seconds). 180: /// @return productId New bond product Id. 181: /// #if_succeeds {:msg "productCounter increases"} productCounter == old(productCounter) + 1; 182: /// #if_succeeds {:msg "isActive"} mapBondProducts[productId].supply > 0 && mapBondProducts[productId].vesting == vesting; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L175-L182 ```solidity File: tokenomics/contracts/Depository.sol 279: /// @dev Deposits tokens in exchange for a bond from a specified product. 280: /// @param productId Product Id. 281: /// @param tokenAmount Token amount to deposit for the bond. 282: /// @return payout The amount of OLAS tokens due. 283: /// @return maturity Timestamp for payout redemption. 284: /// @return bondId Id of a newly created bond. 285: /// #if_succeeds {:msg "token is valid"} mapBondProducts[productId].token != address(0); 286: /// #if_succeeds {:msg "input supply is non-zero"} old(mapBondProducts[productId].supply) > 0 && mapBondProducts[productId].supply <= type(uint96).max; 287: /// #if_succeeds {:msg "vesting is non-zero"} mapBondProducts[productId].vesting > 0 && mapBondProducts[productId].vesting + block.timestamp <= type(uint32).max; 288: /// #if_succeeds {:msg "bond Id"} bondCounter == old(bondCounter) + 1 && bondCounter <= type(uint32).max; 289: /// #if_succeeds {:msg "payout"} old(mapBondProducts[productId].supply) == mapBondProducts[productId].supply + payout; 290: /// #if_succeeds {:msg "OLAS balances"} IToken(mapBondProducts[productId].token).balanceOf(treasury) == old(IToken(mapBondProducts[productId].token).balanceOf(treasury)) + tokenAmount; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L279-L290 ```solidity File: tokenomics/contracts/Depository.sol 348: /// @dev Redeems account bonds. 349: /// @param bondIds Bond Ids to redeem. 350: /// @return payout Total payout sent in OLAS tokens. 351: /// #if_succeeds {:msg "payout > 0"} payout > 0; 352: /// #if_succeeds {:msg "msg.sender is the only owner"} old(forall (uint k in bondIds) mapUserBonds[bondIds[k]].account == msg.sender); 353: /// #if_succeeds {:msg "accounts deleted"} forall (uint k in bondIds) mapUserBonds[bondIds[k]].account == address(0); 354: /// #if_succeeds {:msg "payouts are zeroed"} forall (uint k in bondIds) mapUserBonds[bondIds[k]].payout == 0; 355: /// #if_succeeds {:msg "maturities are zeroed"} forall (uint k in bondIds) mapUserBonds[bondIds[k]].maturity == 0; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L348-L355 ```solidity File: tokenomics/contracts/Depository.sol 393: /// @dev Gets an array of active or inactive product Ids. 394: /// @param active Flag to select active or inactive products. 395: /// @return productIds Product Ids. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L393-L395 ```solidity File: tokenomics/contracts/Depository.sol 421: /// @dev Gets activity information about a given product. 422: /// @param productId Product Id. 423: /// @return status True if the product is active. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L421-L423 ```solidity File: tokenomics/contracts/Depository.sol 428: /// @dev Gets bond Ids for the account address. 429: /// @param account Account address to query bonds for. 430: /// @param matured Flag to get matured bonds only or all of them. 431: /// @return bondIds Bond Ids. 432: /// @return payout Cumulative expected OLAS payout. 433: /// #if_succeeds {:msg "matured bonds"} matured == true ==> forall (uint k in bondIds) 434: /// mapUserBonds[bondIds[k]].account == account && block.timestamp >= mapUserBonds[bondIds[k]].maturity; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L428-L434 ```solidity File: tokenomics/contracts/Depository.sol 476: /// @dev Calculates the maturity and payout to claim for a single bond. 477: /// @param bondId The account bond Id. 478: /// @return payout The payout amount in OLAS. 479: /// @return matured True if the payout can be redeemed. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L476-L479 ```solidity File: tokenomics/contracts/Depository.sol 488: /// @dev Gets current reserves of OLAS / totalSupply of LP tokens. 489: /// @param token Token address. 490: /// @return priceLP Resulting reserveX / totalSupply ratio with 18 decimals. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L488-L490 ```solidity File: tokenomics/contracts/Dispenser.sol 27: /// @dev Dispenser constructor. 28: /// @param _tokenomics Tokenomics address. 29: /// @param _treasury Treasury address. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Dispenser.sol#L27-L29 ```solidity File: tokenomics/contracts/Dispenser.sol 44: /// @dev Changes the owner address. 45: /// @param newOwner Address of a new owner. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Dispenser.sol#L44-L45 ```solidity File: tokenomics/contracts/Dispenser.sol 61: /// @dev Changes various managing contract addresses. 62: /// @param _tokenomics Tokenomics address. 63: /// @param _treasury Treasury address. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Dispenser.sol#L61-L63 ```solidity File: tokenomics/contracts/DonatorBlacklist.sol 29: /// @dev DonatorBlacklist constructor. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/DonatorBlacklist.sol#L29-L29 ```solidity File: tokenomics/contracts/DonatorBlacklist.sol 34: /// @dev Changes the owner address. 35: /// @param newOwner Address of a new owner. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/DonatorBlacklist.sol#L34-L35 ```solidity File: tokenomics/contracts/DonatorBlacklist.sol 79: /// @dev Gets account blacklisting status. 80: /// @param account Account address. 81: /// @return status Blacklisting status. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/DonatorBlacklist.sol#L79-L81 ```solidity File: tokenomics/contracts/GenericBondCalculator.sol 26: /// @dev Generic Bond Calcolator constructor 27: /// @param _olas OLAS contract address. 28: /// @param _tokenomics Tokenomics contract address. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/GenericBondCalculator.sol#L26-L28 ```solidity File: tokenomics/contracts/GenericBondCalculator.sol 67: /// @dev Gets current reserves of OLAS / totalSupply of LP tokens. 68: /// @param token Token address. 69: /// @return priceLP Resulting reserveX / totalSupply ratio with 18 decimals. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/GenericBondCalculator.sol#L67-L69 ```solidity File: tokenomics/contracts/Tokenomics.sol 231: /// @dev Tokenomics constructor. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L231-L231 ```solidity File: tokenomics/contracts/Tokenomics.sol 372: /// @dev Gets the tokenomics implementation contract address. 373: /// @return implementation Tokenomics implementation contract address. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L372-L373 ```solidity File: tokenomics/contracts/Tokenomics.sol 402: /// @dev Changes the owner address. 403: /// @param newOwner Address of a new owner. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L402-L403 ```solidity File: tokenomics/contracts/Tokenomics.sol 419: /// @dev Changes various managing contract addresses. 420: /// @param _treasury Treasury address. 421: /// @param _depository Depository address. 422: /// @param _dispenser Dispenser address. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L419-L422 ```solidity File: tokenomics/contracts/Tokenomics.sol 446: /// @dev Changes registries contract addresses. 447: /// @param _componentRegistry Component registry address. 448: /// @param _agentRegistry Agent registry address. 449: /// @param _serviceRegistry Service registry address. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L446-L449 ```solidity File: tokenomics/contracts/Tokenomics.sol 555: /// @dev Sets incentive parameter fractions. 556: /// @param _rewardComponentFraction Fraction for component owner rewards funded by ETH donations. 557: /// @param _rewardAgentFraction Fraction for agent owner rewards funded by ETH donations. 558: /// @param _maxBondFraction Fraction for the maxBond that depends on the OLAS inflation. 559: /// @param _topUpComponentFraction Fraction for component owners OLAS top-up. 560: /// @param _topUpAgentFraction Fraction for agent owners OLAS top-up. 561: /// #if_succeeds {:msg "maxBond"} mapEpochTokenomics[epochCounter + 1].epochPoint.maxBondFraction == _maxBondFraction; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L555-L561 ```solidity File: tokenomics/contracts/Tokenomics.sol 627: /// @dev Refunds unused bond program amount when the program is closed. 628: /// @param amount Amount to be refunded from the closed bond program. 629: /// #if_succeeds {:msg "effectiveBond"} old(effectiveBond + amount) <= type(uint96).max ==> effectiveBond == old(effectiveBond) + amount; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L627-L629 ```solidity File: tokenomics/contracts/Tokenomics.sol 646: /// @dev Finalizes epoch incentives for a specified component / agent Id. 647: /// @param epochNum Epoch number to finalize incentives for. 648: /// @param unitType Unit type (component / agent). 649: /// @param unitId Unit Id. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L646-L649 ```solidity File: tokenomics/contracts/Tokenomics.sol 682: /// @dev Records service donations into corresponding data structures. 683: /// @param donator Donator account address. 684: /// @param serviceIds Set of service Ids. 685: /// @param amounts Correspondent set of ETH amounts provided by services. 686: /// @param curEpoch Current epoch number. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L682-L686 ```solidity File: tokenomics/contracts/Tokenomics.sol 827: /// @dev Gets the inverse discount factor value. 828: /// @param treasuryRewards Treasury rewards. 829: /// @param numNewOwners Number of new owners of components / agents registered during the epoch. 830: /// @return idf IDF value. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L827-L830 ```solidity File: tokenomics/contracts/Tokenomics.sol 1235: /// @dev Gets inflation per last epoch. 1236: /// @return inflationPerEpoch Inflation value. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1235-L1236 ```solidity File: tokenomics/contracts/Tokenomics.sol 1241: /// @dev Gets component / agent point of a specified epoch number and a unit type. 1242: /// @param epoch Epoch number. 1243: /// @param unitType Component (0) or agent (1). 1244: /// @return up Unit point. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1241-L1244 ```solidity File: tokenomics/contracts/Tokenomics.sol 1249: /// @dev Gets inverse discount factor with the multiple of 1e18. 1250: /// @param epoch Epoch number. 1251: /// @return idf Discount factor with the multiple of 1e18. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1249-L1251 ```solidity File: tokenomics/contracts/Tokenomics.sol 1260: /// @dev Gets inverse discount factor with the multiple of 1e18 of the last epoch. 1261: /// @return idf Discount factor with the multiple of 1e18. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L1260-L1261 ```solidity File: tokenomics/contracts/TokenomicsConstants.sol 22: /// @dev Gets an inflation cap for a specific year. 23: /// @param numYears Number of years passed from the launch date. 24: /// @return supplyCap Supply cap. 25: /// supplyCap = 1e27 * (1.02)^(x-9) for x >= 10 26: /// if_succeeds {:msg "correct supplyCap"} (numYears >= 10) ==> (supplyCap > 1e27); 27: /// There is a bug in scribble tools, a broken instrumented version is as follows: 28: /// function getSupplyCapForYear(uint256 numYears) public returns (uint256 supplyCap) 29: /// And the test is waiting for a view / pure function, which would be correct ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsConstants.sol#L22-L29 ```solidity File: tokenomics/contracts/TokenomicsConstants.sol 63: /// @dev Gets an inflation amount for a specific year. 64: /// @param numYears Number of years passed from the launch date. 65: /// @return inflationAmount Inflation limit amount. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsConstants.sol#L63-L65 ```solidity File: tokenomics/contracts/TokenomicsProxy.sol 30: /// @dev TokenomicsProxy constructor. 31: /// @param tokenomics Tokenomics implementation address. 32: /// @param tokenomicsData Tokenomics initialization data. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsProxy.sol#L30-L32 ```solidity File: tokenomics/contracts/TokenomicsProxy.sol 54: /// @dev Delegatecall to all the incoming data. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsProxy.sol#L54-L54 ```solidity File: tokenomics/contracts/Treasury.sol 90: /// @dev Treasury constructor. 91: /// @param _olas OLAS token address. 92: /// @param _tokenomics Tokenomics address. 93: /// @param _depository Depository address. 94: /// @param _dispenser Dispenser address. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L90-L94 ```solidity File: tokenomics/contracts/Treasury.sol 115: /// @dev Receives ETH. 116: /// #if_succeeds {:msg "we do not touch the balance of developers" } old(ETHFromServices) == ETHFromServices; 117: /// #if_succeeds {:msg "conservation law"} old(ETHOwned) + msg.value + old(ETHFromServices) <= type(uint96).max && ETHOwned == old(ETHOwned) + msg.value 118: /// ==> address(this).balance == ETHFromServices + ETHOwned; 119: /// #if_succeeds {:msg "any paused"} paused == 1 || paused == 2; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L115-L119 ```solidity File: tokenomics/contracts/Treasury.sol 135: /// @dev Changes the owner address. 136: /// @param newOwner Address of a new owner. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L135-L136 ```solidity File: tokenomics/contracts/Treasury.sol 152: /// @dev Changes various managing contract addresses. 153: /// @param _tokenomics Tokenomics address. 154: /// @param _depository Depository address. 155: /// @param _dispenser Dispenser address. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L152-L155 ```solidity File: tokenomics/contracts/Treasury.sol 179: /// @dev Changes minimum accepted ETH amount by the Treasury. 180: /// @param _minAcceptedETH New minimum accepted ETH amount. 181: /// #if_succeeds {:msg "Min accepted ETH"} minAcceptedETH > 0 && minAcceptedETH <= type(uint96).max; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L179-L181 ```solidity File: tokenomics/contracts/Treasury.sol 303: /// @dev Allows owner to transfer tokens from treasury reserves to a specified address. 304: /// @param to Address to transfer funds to. 305: /// @param tokenAmount Token amount to get reserves from. 306: /// @param token Token or ETH address. 307: /// @return success True if the transfer is successful. 308: /// #if_succeeds {:msg "we do not touch the balance of developers"} old(ETHFromServices) == ETHFromServices; 309: /// #if_succeeds {:msg "updated ETHOwned"} token == ETH_TOKEN_ADDRESS ==> ETHOwned == old(ETHOwned) - tokenAmount; 310: /// #if_succeeds {:msg "ETH balance"} token == ETH_TOKEN_ADDRESS ==> address(this).balance == old(address(this).balance) - tokenAmount; 311: /// #if_succeeds {:msg "updated token reserves"} token != ETH_TOKEN_ADDRESS ==> mapTokenReserves[token] == old(mapTokenReserves[token]) - tokenAmount; 312: /// #if_succeeds {:msg "any paused"} paused == 1 || paused == 2; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L303-L312 ```solidity File: tokenomics/contracts/Treasury.sol 422: /// @dev Re-balances treasury funds to account for the treasury reward for a specific epoch. 423: /// @param treasuryRewards Treasury rewards. 424: /// @return success True, if the function execution is successful. 425: /// #if_succeeds {:msg "we do not touch the total eth balance"} old(address(this).balance) == address(this).balance; 426: /// #if_succeeds {:msg "conservation law"} old(ETHFromServices + ETHOwned) == ETHFromServices + ETHOwned; 427: /// #if_succeeds {:msg "unpaused"} paused == 1; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L422-L427 ```solidity File: tokenomics/contracts/Treasury.sol 460: /// @dev Drains slashed funds from the service registry. 461: /// @return amount Drained amount. 462: /// #if_succeeds {:msg "correct update total eth balance"} address(this).balance == old(address(this).balance) + amount; 463: /// #if_succeeds {:msg "conservation law"} ETHFromServices + ETHOwned == old(ETHFromServices + ETHOwned) + amount; 464: ///if_succeeds {:msg "slashed funds check"} IServiceRegistry(ITokenomics(tokenomics).serviceRegistry()).slashedFunds() >= minAcceptedETH 465: /// ==> old(IServiceRegistry(ITokenomics(tokenomics).serviceRegistry()).slashedFunds()) == amount; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L460-L465 ```solidity File: tokenomics/contracts/Treasury.sol 485: /// @dev Enables an LP token to be bonded for OLAS. 486: /// @param token Token address. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L485-L486 ```solidity File: tokenomics/contracts/Treasury.sol 505: /// @dev Disables an LP token from the ability to bond for OLAS. 506: /// @param token Token address. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L505-L506 ```solidity File: tokenomics/contracts/Treasury.sol 523: /// @dev Gets information about token being enabled for bonding. 524: /// @param token Token address. 525: /// @return enabled True if token is enabled. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L523-L525 ```solidity File: tokenomics/contracts/Treasury.sol 530: /// @dev Pauses the contract. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L530-L530 ```solidity File: tokenomics/contracts/Treasury.sol 541: /// @dev Unpauses the contract. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L541-L541 ```solidity File: tokenomics/contracts/interfaces/IDonatorBlacklist.sol 6: /// @dev Gets account blacklisting status. 7: /// @param account Account address. 8: /// @return status Blacklisting status. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IDonatorBlacklist.sol#L6-L8 ```solidity File: tokenomics/contracts/interfaces/IGenericBondCalculator.sol 6: /// @dev Calculates the amount of OLAS tokens based on the bonding calculator mechanism. 7: /// @param tokenAmount LP token amount. 8: /// @param priceLP LP token price. 9: /// @return amountOLAS Resulting amount of OLAS tokens. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IGenericBondCalculator.sol#L6-L9 ```solidity File: tokenomics/contracts/interfaces/IGenericBondCalculator.sol 13: /// @dev Get reserveX/reserveY at the time of product creation. 14: /// @param token Token address. 15: /// @return priceLP Resulting reserve ratio. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IGenericBondCalculator.sol#L13-L15 ```solidity File: tokenomics/contracts/interfaces/IOLAS.sol 5: /// @dev Mints OLA tokens. 6: /// @param account Account address. 7: /// @param amount OLA token amount. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IOLAS.sol#L5-L7 ```solidity File: tokenomics/contracts/interfaces/IOLAS.sol 10: /// @dev Provides OLA token time launch. 11: /// @return Time launch. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IOLAS.sol#L10-L11 ```solidity File: tokenomics/contracts/interfaces/IServiceRegistry.sol 11: /// @dev Checks if the service Id exists. 12: /// @param serviceId Service Id. 13: /// @return true if the service exists, false otherwise. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IServiceRegistry.sol#L11-L13 ```solidity File: tokenomics/contracts/interfaces/IServiceRegistry.sol 24: /// @dev Gets the value of slashed funds from the service registry. 25: /// @return amount Drained amount. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IServiceRegistry.sol#L24-L25 ```solidity File: tokenomics/contracts/interfaces/IServiceRegistry.sol 28: /// @dev Drains slashed funds. 29: /// @return amount Drained amount. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IServiceRegistry.sol#L28-L29 ```solidity File: tokenomics/contracts/interfaces/IToken.sol 6: /// @dev Gets the amount of tokens owned by a specified account. 7: /// @param account Account address. 8: /// @return Amount of tokens owned. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IToken.sol#L6-L8 ```solidity File: tokenomics/contracts/interfaces/IToken.sol 11: /// @dev Gets the owner of the token Id. 12: /// @param tokenId Token Id. 13: /// @return Token Id owner address. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IToken.sol#L11-L13 ```solidity File: tokenomics/contracts/interfaces/IToken.sol 16: /// @dev Gets the total amount of tokens stored by the contract. 17: /// @return Amount of tokens. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IToken.sol#L16-L17 ```solidity File: tokenomics/contracts/interfaces/IToken.sol 20: /// @dev Transfers the token amount. 21: /// @param to Address to transfer to. 22: /// @param amount The amount to transfer. 23: /// @return True if the function execution is successful. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IToken.sol#L20-L23 ```solidity File: tokenomics/contracts/interfaces/IToken.sol 26: /// @dev Gets remaining number of tokens that the `spender` can transfer on behalf of `owner`. 27: /// @param owner Token owner. 28: /// @param spender Account address that is able to transfer tokens on behalf of the owner. 29: /// @return Token amount allowed to be transferred. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IToken.sol#L26-L29 ```solidity File: tokenomics/contracts/interfaces/IToken.sol 32: /// @dev Sets `amount` as the allowance of `spender` over the caller's tokens. 33: /// @param spender Account address that will be able to transfer tokens on behalf of the caller. 34: /// @param amount Token amount. 35: /// @return True if the function execution is successful. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IToken.sol#L32-L35 ```solidity File: tokenomics/contracts/interfaces/IToken.sol 38: /// @dev Transfers the token amount that was previously approved up until the maximum allowance. 39: /// @param from Account address to transfer from. 40: /// @param to Account address to transfer to. 41: /// @param amount Amount to transfer to. 42: /// @return True if the function execution is successful. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IToken.sol#L38-L42 ```solidity File: tokenomics/contracts/interfaces/ITokenomics.sol 6: /// @dev Gets effective bond (bond left). 7: /// @return Effective bond. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/ITokenomics.sol#L6-L7 ```solidity File: tokenomics/contracts/interfaces/ITokenomics.sol 10: /// @dev Record global data to the checkpoint ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/ITokenomics.sol#L10-L10 ```solidity File: tokenomics/contracts/interfaces/ITokenomics.sol 32: /// @dev Refunds unused bond program amount. 33: /// @param amount Amount to be refunded from the bond program. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/ITokenomics.sol#L32-L33 ```solidity File: tokenomics/contracts/interfaces/ITokenomics.sol 36: /// @dev Gets component / agent owner incentives and clears the balances. 37: /// @param account Account address. 38: /// @param unitTypes Set of unit types (component / agent). 39: /// @param unitIds Set of corresponding unit Ids where account is the owner. 40: /// @return reward Reward amount. 41: /// @return topUp Top-up amount. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/ITokenomics.sol#L36-L41 ```solidity File: tokenomics/contracts/interfaces/ITokenomics.sol 45: /// @dev Gets inverse discount factor with the multiple of 1e18 of the last epoch. 46: /// @return idf Discount factor with the multiple of 1e18. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/ITokenomics.sol#L45-L46 ```solidity File: tokenomics/contracts/interfaces/ITokenomics.sol 49: /// @dev Gets the service registry contract address 50: /// @return Service registry contract address; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/ITokenomics.sol#L49-L50 ```solidity File: tokenomics/contracts/interfaces/ITreasury.sol 06: /// @dev Allows approved address to deposit an asset for OLAS. 07: /// @param account Account address making a deposit of LP tokens for OLAS. 08: /// @param tokenAmount Token amount to get OLAS for. 09: /// @param token Token address. 10: /// @param olaMintAmount Amount of OLAS token issued. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/ITreasury.sol#L6-L10 ```solidity File: tokenomics/contracts/interfaces/ITreasury.sol 13: /// @dev Deposits service donations in ETH. 14: /// @param serviceIds Set of service Ids. 15: /// @param amounts Set of corresponding amounts deposited on behalf of each service Id. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/ITreasury.sol#L13-L15 ```solidity File: tokenomics/contracts/interfaces/ITreasury.sol 18: /// @dev Gets information about token being enabled. 19: /// @param token Token address. 20: /// @return enabled True is token is enabled. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/ITreasury.sol#L18-L20 ```solidity File: tokenomics/contracts/interfaces/ITreasury.sol 33: /// @dev Re-balances treasury funds to account for the treasury reward for a specific epoch. 34: /// @param treasuryRewards Treasury rewards. 35: /// @return success True, if the function execution is successful. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/ITreasury.sol#L33-L35 ```solidity File: tokenomics/contracts/interfaces/IUniswapV2Pair.sol 6: function totalSupply() external view returns (uint); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IUniswapV2Pair.sol#L6-L6 ```solidity File: tokenomics/contracts/interfaces/IUniswapV2Pair.sol 7: function token0() external view returns (address); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IUniswapV2Pair.sol#L7-L7 ```solidity File: tokenomics/contracts/interfaces/IUniswapV2Pair.sol 8: function token1() external view returns (address); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IUniswapV2Pair.sol#L8-L8 ```solidity File: tokenomics/contracts/interfaces/IUniswapV2Pair.sol 9: function getReserves() external view returns (uint112 reserve0, uint112 reserve1, uint32 blockTimestampLast); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IUniswapV2Pair.sol#L9-L9 ```solidity File: tokenomics/contracts/interfaces/IVotingEscrow.sol 6: /// @dev Gets the voting power. 7: /// @param account Account address. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IVotingEscrow.sol#L6-L7 ### [N-103] Missing NatSpec `@dev` from function declaration *There are 13 instance(s) of this issue:* ```solidity File: governance/contracts/GovernorOLAS.sol 16: constructor( ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/GovernorOLAS.sol#L16-L16 ```solidity File: governance/contracts/Timelock.sol 10: constructor(uint256 minDelay, address[] memory proposers, address[] memory executors) ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/Timelock.sol#L10-L10 ```solidity File: governance/contracts/OLAS.sol 35: constructor() ERC20("Autonolas", "OLAS", 18) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L35-L35 ```solidity File: governance/contracts/multisigs/GuardCM.sol 7: function state(uint256 proposalId) external returns (ProposalState); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L7-L7 ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol 6: function processMessageFromRoot(uint256 stateId, address rootMessageSender, bytes memory data) external; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L6-L6 ```solidity File: governance/contracts/bridges/HomeMediator.sol 6: function messageSender() external view returns (address); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L6-L6 ```solidity File: governance/contracts/bridges/BridgedERC20.sol 24: constructor(string memory _name, string memory _symbol, uint8 _decimals) ERC20(_name, _symbol, _decimals) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/BridgedERC20.sol#L24-L24 ```solidity File: registries/contracts/UnitRegistry.sol 35: constructor(UnitType _unitType) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L35-L35 ```solidity File: registries/contracts/RegistriesManager.sol 15: constructor(address _componentRegistry, address _agentRegistry) { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/RegistriesManager.sol#L15-L15 ```solidity File: tokenomics/contracts/interfaces/IUniswapV2Pair.sol 6: function totalSupply() external view returns (uint); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IUniswapV2Pair.sol#L6-L6 ```solidity File: tokenomics/contracts/interfaces/IUniswapV2Pair.sol 7: function token0() external view returns (address); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IUniswapV2Pair.sol#L7-L7 ```solidity File: tokenomics/contracts/interfaces/IUniswapV2Pair.sol 8: function token1() external view returns (address); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IUniswapV2Pair.sol#L8-L8 ```solidity File: tokenomics/contracts/interfaces/IUniswapV2Pair.sol 9: function getReserves() external view returns (uint112 reserve0, uint112 reserve1, uint32 blockTimestampLast); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IUniswapV2Pair.sol#L9-L9 ### [N-104] Use `@inheritdoc` for overridden functions *There are 29 instance(s) of this issue:* ```solidity File: governance/contracts/GovernorOLAS.sol 31: /// @dev Current state of a proposal, following Compoundb�s convention. 32: /// @param proposalId Proposal Id. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/GovernorOLAS.sol#L31-L32 ```solidity File: governance/contracts/GovernorOLAS.sol 39: /// @dev Create a new proposal to change the protocol / contract parameters. 40: /// @param targets The ordered list of target addresses for calls to be made during proposal execution. 41: /// @param values The ordered list of values to be passed to the calls made during proposal execution. 42: /// @param calldatas The ordered list of data to be passed to each individual function call during proposal execution. 43: /// @param description A human readable description of the proposal and the changes it will enact. 44: /// @return The Id of the newly created proposal. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/GovernorOLAS.sol#L39-L44 ```solidity File: governance/contracts/GovernorOLAS.sol 55: /// @dev Gets the voting power for the proposal threshold. 56: /// @return The voting power required in order for a voter to become a proposer. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/GovernorOLAS.sol#L55-L56 ```solidity File: governance/contracts/GovernorOLAS.sol 62: /// @dev Executes a proposal. 63: /// @param proposalId Proposal Id. 64: /// @param targets The ordered list of target addresses. 65: /// @param values The ordered list of values. 66: /// @param calldatas The ordered list of data to be passed to each individual function call. 67: /// @param descriptionHash Hashed description of the proposal. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/GovernorOLAS.sol#L62-L67 ```solidity File: governance/contracts/GovernorOLAS.sol 79: /// @dev Cancels a proposal. 80: /// @param targets The ordered list of target addresses. 81: /// @param values The ordered list of values. 82: /// @param calldatas The ordered list of data to be passed to each individual function call. 83: /// @param descriptionHash Hashed description of the proposal. 84: /// @return The Id of the newly created proposal. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/GovernorOLAS.sol#L79-L84 ```solidity File: governance/contracts/GovernorOLAS.sol 95: /// @dev Gets the executor address. 96: /// @return Executor address. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/GovernorOLAS.sol#L95-L96 ```solidity File: governance/contracts/GovernorOLAS.sol 102: /// @dev Gets information about the interface support. 103: /// @param interfaceId A specified interface Id. 104: /// @return True if this contract implements the interface defined by interfaceId. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/GovernorOLAS.sol#L102-L104 ```solidity File: governance/contracts/veOLAS.sol 604: /// @dev Gets the account balance in native token. 605: /// @param account Account address. 606: /// @return balance Account balance. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L604-L606 ```solidity File: governance/contracts/veOLAS.sol 631: /// @dev Gets the voting power. 632: /// @param account Account address. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L631-L632 ```solidity File: governance/contracts/veOLAS.sol 668: /// @dev Gets voting power at a specific block number. 669: /// @param account Account address. 670: /// @param blockNumber Block number. 671: /// @return balance Voting balance / power. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L668-L671 ```solidity File: governance/contracts/veOLAS.sol 717: /// @dev Gets total token supply. 718: /// @return Total token supply. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L717-L718 ```solidity File: governance/contracts/veOLAS.sol 749: /// @dev Calculate total voting power at some point in the past. 750: /// @param blockNumber Block number to calculate the total voting power at. 751: /// @return Total voting power. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L749-L751 ```solidity File: governance/contracts/veOLAS.sol 758: /// @dev Gets information about the interface support. 759: /// @param interfaceId A specified interface Id. 760: /// @return True if this contract implements the interface defined by interfaceId. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L758-L760 ```solidity File: governance/contracts/veOLAS.sol 766: /// @dev Reverts the transfer of this token. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L766-L766 ```solidity File: governance/contracts/veOLAS.sol 771: /// @dev Reverts the approval of this token. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L771-L771 ```solidity File: governance/contracts/veOLAS.sol 776: /// @dev Reverts the transferFrom of this token. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L776-L776 ```solidity File: governance/contracts/veOLAS.sol 781: /// @dev Reverts the allowance of this token. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L781-L781 ```solidity File: governance/contracts/veOLAS.sol 787: /// @dev Reverts delegates of this token. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L787-L787 ```solidity File: governance/contracts/veOLAS.sol 793: /// @dev Reverts delegate for this token. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L793-L793 ```solidity File: governance/contracts/veOLAS.sol 799: /// @dev Reverts delegateBySig for this token. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L799-L799 ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol 097: /// @dev Process message received from the Root Tunnel. 098: /// @notice This is called by onStateReceive function. The sender must be the Root Governor address (Timelock). 099: /// @param stateId Unique state id. 100: /// @param rootMessageSender Root message sender. 101: /// @param data Bytes message sent from the Root Tunnel. The data must be encoded as a set of continuous 102: /// transactions packed into a single buffer, where each transaction is composed as follows: 103: /// - target address of 20 bytes (160 bits); 104: /// - value of 12 bytes (96 bits), as a limit for all of Autonolas ecosystem contracts; 105: /// - payload length of 4 bytes (32 bits), as 2^32 - 1 characters is more than enough to fill a whole block; 106: /// - payload as bytes, with the length equal to the specified payload length. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L97-L106 ```solidity File: governance/contracts/bridges/FxERC20ChildTunnel.sol 66: /// @dev Receives the token message from L1 and transfers L2 tokens to a specified address. 67: /// @notice Reentrancy is not possible as tokens are verified before the contract deployment. 68: /// @param sender FxERC20RootTunnel contract address from L1. 69: /// @param message Incoming bridge message. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20ChildTunnel.sol#L66-L69 ```solidity File: governance/contracts/bridges/FxERC20RootTunnel.sol 70: /// @dev Receives the token message from L2 and transfers bridged tokens to a specified address. 71: /// @param message Incoming bridge message. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20RootTunnel.sol#L70-L71 ```solidity File: registries/contracts/GenericRegistry.sol 131: /// @dev Returns unit token URI. 132: /// @notice Expected multicodec: dag-pb; hashing function: sha2-256, with base16 encoding and leading CID_PREFIX removed. 133: /// @param unitId Unit Id. 134: /// @return Unit token URI string. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L131-L134 ```solidity File: registries/contracts/UnitRegistry.sol 267: /// @dev Gets the hash of the unit. 268: /// @param unitId Unit Id. 269: /// @return Unit hash. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L267-L269 ```solidity File: registries/contracts/ComponentRegistry.sol 24: /// @dev Checks provided component dependencies. 25: /// @param dependencies Set of component dependencies. 26: /// @param maxComponentId Maximum component Id. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/ComponentRegistry.sol#L24-L26 ```solidity File: registries/contracts/ComponentRegistry.sol 37: /// @dev Gets subcomponents of a provided component Id. 38: /// @notice For components this means getting the linearized map of components from the local map of subcomponents. 39: /// @param componentId Component Id. 40: /// @return subComponentIds Set of subcomponents. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/ComponentRegistry.sol#L37-L40 ```solidity File: registries/contracts/AgentRegistry.sol 29: /// @dev Checks provided component dependencies. 30: /// @param dependencies Set of component dependencies. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/AgentRegistry.sol#L29-L30 ```solidity File: registries/contracts/AgentRegistry.sol 48: /// @dev Gets linearized set of subcomponents of a provided unit Id and a type of a component. 49: /// @notice (0) For components this means getting the linearized map of components from the componentRegistry contract. 50: /// @notice (1) For agents this means getting the linearized map of components from the local map of subcomponents. 51: /// @param subcomponentsFromType Type of the unit: component or agent. 52: /// @param unitId Component Id. 53: /// @return subComponentIds Set of subcomponents. ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/AgentRegistry.sol#L48-L53 ### [N-105] Multiple mappings with same keys can be combined into a single struct mapping for readability Well-organized data structures make code reviews easier, which may lead to fewer bugs. Consider combining related mappings into mappings to structs, so it's clear what data is related. *There are 7 instance(s) of this issue:* ```solidity File: governance/contracts/veOLAS.sol 112: mapping(address => LockedBalance) public mapLockedBalances; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L112-L112 ```solidity File: governance/contracts/veOLAS.sol 119: mapping(address => PointVoting[]) public mapUserPoints; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L119-L119 ```solidity File: tokenomics/contracts/Tokenomics.sol 219: mapping(address => uint256) public mapOwnerRewards; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L219-L219 ```solidity File: tokenomics/contracts/Tokenomics.sol 221: mapping(address => uint256) public mapOwnerTopUps; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L221-L221 ```solidity File: tokenomics/contracts/Tokenomics.sol 227: mapping(address => bool) public mapNewOwners; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L227-L227 ```solidity File: tokenomics/contracts/Treasury.sol 86: mapping(address => uint256) public mapTokenReserves; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L86-L86 ```solidity File: tokenomics/contracts/Treasury.sol 88: mapping(address => bool) public mapEnabledTokens; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L88-L88 ### [N-106] constructor should emit an event Use events to signal significant changes to off-chain monitoring tools. *There are 24 instance(s) of this issue:* ```solidity File: governance/contracts/GovernorOLAS.sol 16: constructor( 17: IVotes governanceToken, 18: TimelockController timelock, 19: uint256 initialVotingDelay, 20: uint256 initialVotingPeriod, 21: uint256 initialProposalThreshold, 22: uint256 quorumFraction 23: ) 24: Governor("Governor OLAS") 25: GovernorSettings(initialVotingDelay, initialVotingPeriod, initialProposalThreshold) 26: GovernorVotes(governanceToken) 27: GovernorVotesQuorumFraction(quorumFraction) 28: GovernorTimelockControl(timelock) 29: {} ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/GovernorOLAS.sol#L16-L29 ```solidity File: governance/contracts/Timelock.sol 10: constructor(uint256 minDelay, address[] memory proposers, address[] memory executors) 11: TimelockController(minDelay, proposers, executors, msg.sender) 12: {} ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/Timelock.sol#L10-L12 ```solidity File: governance/contracts/OLAS.sol 35: constructor() ERC20("Autonolas", "OLAS", 18) { 36: owner = msg.sender; 37: minter = msg.sender; 38: timeLaunch = block.timestamp; 39: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L35-L39 ```solidity File: governance/contracts/veOLAS.sol 132: constructor(address _token, string memory _name, string memory _symbol) 133: { 134: token = _token; 135: name = _name; 136: symbol = _symbol; 137: // Create initial point such that default timestamp and block number are not zero 138: // See cast specification in the PointVoting structure 139: mapSupplyPoints[0] = PointVoting(0, 0, uint64(block.timestamp), uint64(block.number), 0); 140: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L132-L140 ```solidity File: governance/contracts/wveOLAS.sol 145: constructor(address _ve, address _token) { 146: // Check for the zero address 147: if (_ve == address(0) || _token == address(0)) { 148: revert ZeroAddress(); 149: } 150: ve = _ve; 151: token = _token; 152: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L145-L152 ```solidity File: governance/contracts/multisigs/GuardCM.sol 138: constructor( 139: address _timelock, 140: address _multisig, 141: address _governor 142: ) { 143: // Check for zero addresses 144: if (_timelock == address(0) || _multisig == address(0) || _governor == address(0)) { 145: revert ZeroAddress(); 146: } 147: owner = _timelock; 148: multisig = _multisig; 149: governor = _governor; 150: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/multisigs/GuardCM.sol#L138-L150 ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol 62: constructor(address _fxChild, address _rootGovernor) { 63: // Check fo zero addresses 64: if (_fxChild == address(0) || _rootGovernor == address(0)) { 65: revert ZeroAddress(); 66: } 67: 68: fxChild = _fxChild; 69: rootGovernor = _rootGovernor; 70: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L62-L70 ```solidity File: governance/contracts/bridges/HomeMediator.sol 62: constructor(address _AMBContractProxyHome, address _foreignGovernor) { 63: // Check fo zero addresses 64: if (_AMBContractProxyHome == address(0) || _foreignGovernor == address(0)) { 65: revert ZeroAddress(); 66: } 67: 68: AMBContractProxyHome = _AMBContractProxyHome; 69: foreignGovernor = _foreignGovernor; 70: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L62-L70 ```solidity File: governance/contracts/bridges/BridgedERC20.sol 24: constructor(string memory _name, string memory _symbol, uint8 _decimals) ERC20(_name, _symbol, _decimals) { 25: owner = msg.sender; 26: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/BridgedERC20.sol#L24-L26 ```solidity File: governance/contracts/bridges/FxERC20ChildTunnel.sol 37: constructor(address _fxChild, address _childToken, address _rootToken) FxBaseChildTunnel(_fxChild) { 38: // Check for zero addresses 39: if (_fxChild == address(0) || _childToken == address(0) || _rootToken == address(0)) { 40: revert ZeroAddress(); 41: } 42: 43: childToken = _childToken; 44: rootToken = _rootToken; 45: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20ChildTunnel.sol#L37-L45 ```solidity File: governance/contracts/bridges/FxERC20RootTunnel.sol 38: constructor(address _checkpointManager, address _fxRoot, address _childToken, address _rootToken) 39: FxBaseRootTunnel(_checkpointManager, _fxRoot) 40: { 41: // Check for zero addresses 42: if (_checkpointManager == address(0) || _fxRoot == address(0) || _childToken == address(0) || 43: _rootToken == address(0)) { 44: revert ZeroAddress(); 45: } 46: 47: childToken = _childToken; 48: rootToken = _rootToken; 49: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxERC20RootTunnel.sol#L38-L49 ```solidity File: registries/contracts/UnitRegistry.sol 35: constructor(UnitType _unitType) { 36: unitType = _unitType; 37: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L35-L37 ```solidity File: registries/contracts/ComponentRegistry.sol 16: constructor(string memory _name, string memory _symbol, string memory _baseURI) 17: UnitRegistry(UnitType.Component) 18: ERC721(_name, _symbol) 19: { 20: baseURI = _baseURI; 21: owner = msg.sender; 22: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/ComponentRegistry.sol#L16-L22 ```solidity File: registries/contracts/AgentRegistry.sol 20: constructor(string memory _name, string memory _symbol, string memory _baseURI, address _componentRegistry) 21: UnitRegistry(UnitType.Agent) 22: ERC721(_name, _symbol) 23: { 24: baseURI = _baseURI; 25: componentRegistry = _componentRegistry; 26: owner = msg.sender; 27: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/AgentRegistry.sol#L20-L27 ```solidity File: registries/contracts/RegistriesManager.sol 15: constructor(address _componentRegistry, address _agentRegistry) { 16: componentRegistry = _componentRegistry; 17: agentRegistry = _agentRegistry; 18: owner = msg.sender; 19: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/RegistriesManager.sol#L15-L19 ```solidity File: registries/contracts/multisigs/GnosisSafeMultisig.sol 37: constructor (address payable _gnosisSafe, address _gnosisSafeProxyFactory) { 38: gnosisSafe = _gnosisSafe; 39: gnosisSafeProxyFactory = _gnosisSafeProxyFactory; 40: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeMultisig.sol#L37-L40 ```solidity File: registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol 60: constructor(bytes32 _proxyHash) { 61: if (_proxyHash == bytes32(0)) { 62: revert ZeroValue(); 63: } 64: 65: // Record provided multisig proxy bytecode hash 66: proxyHash = _proxyHash; 67: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol#L60-L67 ```solidity File: tokenomics/contracts/Depository.sol 106: constructor(address _olas, address _tokenomics, address _treasury, address _bondCalculator) 107: { 108: owner = msg.sender; 109: 110: // Check for at least one zero contract address 111: if (_olas == address(0) || _tokenomics == address(0) || _treasury == address(0) || _bondCalculator == address(0)) { 112: revert ZeroAddress(); 113: } 114: olas = _olas; 115: tokenomics = _tokenomics; 116: treasury = _treasury; 117: bondCalculator = _bondCalculator; 118: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L106-L118 ```solidity File: tokenomics/contracts/Dispenser.sol 30: constructor(address _tokenomics, address _treasury) 31: { 32: owner = msg.sender; 33: _locked = 1; 34: 35: // Check for at least one zero contract address 36: if (_tokenomics == address(0) || _treasury == address(0)) { 37: revert ZeroAddress(); 38: } 39: 40: tokenomics = _tokenomics; 41: treasury = _treasury; 42: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Dispenser.sol#L30-L42 ```solidity File: tokenomics/contracts/DonatorBlacklist.sol 30: constructor() { 31: owner = msg.sender; 32: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/DonatorBlacklist.sol#L30-L32 ```solidity File: tokenomics/contracts/GenericBondCalculator.sol 29: constructor(address _olas, address _tokenomics) { 30: // Check for at least one zero contract address 31: if (_olas == address(0) || _tokenomics == address(0)) { 32: revert ZeroAddress(); 33: } 34: 35: olas = _olas; 36: tokenomics = _tokenomics; 37: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/GenericBondCalculator.sol#L29-L37 ```solidity File: tokenomics/contracts/Tokenomics.sol 232: constructor() 233: TokenomicsConstants() 234: {} ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L232-L234 ```solidity File: tokenomics/contracts/TokenomicsProxy.sol 33: constructor(address tokenomics, bytes memory tokenomicsData) { 34: // Check for the zero address, since the delegatecall works even with the zero one 35: if (tokenomics == address(0)) { 36: revert ZeroTokenomicsAddress(); 37: } 38: 39: // Check for the zero data 40: if (tokenomicsData.length == 0) { 41: revert ZeroTokenomicsData(); 42: } 43: 44: assembly { 45: sstore(PROXY_TOKENOMICS, tokenomics) 46: } 47: // Initialize proxy tokenomics storage 48: (bool success, ) = tokenomics.delegatecall(tokenomicsData); 49: if (!success) { 50: revert InitializationFailed(); 51: } 52: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsProxy.sol#L33-L52 ```solidity File: tokenomics/contracts/Treasury.sol 095: constructor(address _olas, address _tokenomics, address _depository, address _dispenser) payable { 096: owner = msg.sender; 097: _locked = 1; 098: 099: // Check for at least one zero contract address 100: if (_olas == address(0) || _tokenomics == address(0) || _depository == address(0) || _dispenser == address(0)) { 101: revert ZeroAddress(); 102: } 103: 104: olas = _olas; 105: tokenomics = _tokenomics; 106: depository = _depository; 107: dispenser = _dispenser; 108: 109: // Assign an initial contract address ETH balance 110: // If msg.value is passed in the constructor, it is already accounted for in the address balance 111: // This way the balance also accounts for possible transfers before the contract was created 112: ETHOwned = uint96(address(this).balance); 113: } ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L95-L113 ### [N-107] Use `ERC1155Holder` over `ERC1155Receiver` View OpenZeppelin's v5.0 release candidate changes [here](https://github.com/OpenZeppelin/openzeppelin-contracts/releases/tag/v5.0.0-rc.0). *There are 2 instance(s) of this issue:* ```solidity File: governance/contracts/GovernorOLAS.sol 15: contract GovernorOLAS is Governor, GovernorSettings, GovernorCompatibilityBravo, GovernorVotes, GovernorVotesQuorumFraction, GovernorTimelockControl { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/GovernorOLAS.sol#L15-L15 ```solidity File: governance/contracts/Timelock.sol 9: contract Timelock is TimelockController { ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/Timelock.sol#L9-L9 ### [N-108] Use a `struct` instead of returning multiple values Functions that return many variables can become difficult to read and maintain. Using a struct to encapsulate these return values can improve code readability, increase reusability, and reduce the likelihood of errors. Consider refactoring functions that return more than three variables to use a struct instead. *There are 3 instance(s) of this issue:* ```solidity File: registries/contracts/multisigs/GnosisSafeMultisig.sol 45: function _parseData(bytes memory data) internal pure ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeMultisig.sol#L45-L45 ```solidity File: tokenomics/contracts/Depository.sol 291: function deposit(uint256 productId, uint256 tokenAmount) external ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L291-L291 ```solidity File: tokenomics/contracts/interfaces/IUniswapV2Pair.sol 9: function getReserves() external view returns (uint112 reserve0, uint112 reserve1, uint32 blockTimestampLast); ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IUniswapV2Pair.sol#L9-L9 ### [N-109] [Solidity]: Bug in Legacy Code Generation When Accessing the .selector Member on Expressions with Side Effects This version of solidity is vulnerable to a bug in the legacy code generation pipeline of the Solidity compiler that was found during investigation of a security report On June 26, 2023. For more details check the following [link](https://soliditylang.org/blog/2023/07/19/missing-side-effects-on-selector-access-bug/) *There are 35 instance(s) of this issue:* ```solidity File: governance/contracts/GovernorOLAS.sol 2: pragma solidity ^0.8.20; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/GovernorOLAS.sol#L2-L2 ```solidity File: governance/contracts/Timelock.sol 2: pragma solidity ^0.8.20; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/Timelock.sol#L2-L2 ```solidity File: governance/contracts/OLAS.sol 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L2-L2 ```solidity File: governance/contracts/veOLAS.sol 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L2-L2 ```solidity File: governance/contracts/wveOLAS.sol 2: pragma solidity ^0.8.19; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L2-L2 ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol 2: pragma solidity ^0.8.19; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L2-L2 ```solidity File: governance/contracts/bridges/HomeMediator.sol 2: pragma solidity ^0.8.19; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L2-L2 ```solidity File: governance/contracts/interfaces/IErrors.sol 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/interfaces/IErrors.sol#L2-L2 ```solidity File: registries/contracts/GenericRegistry.sol 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L2-L2 ```solidity File: registries/contracts/UnitRegistry.sol 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L2-L2 ```solidity File: registries/contracts/ComponentRegistry.sol 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/ComponentRegistry.sol#L2-L2 ```solidity File: registries/contracts/AgentRegistry.sol 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/AgentRegistry.sol#L2-L2 ```solidity File: registries/contracts/GenericManager.sol 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericManager.sol#L2-L2 ```solidity File: registries/contracts/RegistriesManager.sol 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/RegistriesManager.sol#L2-L2 ```solidity File: registries/contracts/multisigs/GnosisSafeMultisig.sol 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeMultisig.sol#L2-L2 ```solidity File: registries/contracts/interfaces/IErrorsRegistries.sol 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/interfaces/IErrorsRegistries.sol#L2-L2 ```solidity File: registries/contracts/interfaces/IRegistry.sol 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/interfaces/IRegistry.sol#L2-L2 ```solidity File: tokenomics/contracts/Depository.sol 2: pragma solidity ^0.8.20; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L2-L2 ```solidity File: tokenomics/contracts/Dispenser.sol 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Dispenser.sol#L2-L2 ```solidity File: tokenomics/contracts/DonatorBlacklist.sol 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/DonatorBlacklist.sol#L2-L2 ```solidity File: tokenomics/contracts/GenericBondCalculator.sol 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/GenericBondCalculator.sol#L2-L2 ```solidity File: tokenomics/contracts/Tokenomics.sol 2: pragma solidity ^0.8.20; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L2-L2 ```solidity File: tokenomics/contracts/TokenomicsConstants.sol 2: pragma solidity ^0.8.20; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsConstants.sol#L2-L2 ```solidity File: tokenomics/contracts/TokenomicsProxy.sol 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsProxy.sol#L2-L2 ```solidity File: tokenomics/contracts/Treasury.sol 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L2-L2 ```solidity File: tokenomics/contracts/interfaces/IDonatorBlacklist.sol 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IDonatorBlacklist.sol#L2-L2 ```solidity File: tokenomics/contracts/interfaces/IErrorsTokenomics.sol 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IErrorsTokenomics.sol#L2-L2 ```solidity File: tokenomics/contracts/interfaces/IGenericBondCalculator.sol 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IGenericBondCalculator.sol#L2-L2 ```solidity File: tokenomics/contracts/interfaces/IOLAS.sol 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IOLAS.sol#L2-L2 ```solidity File: tokenomics/contracts/interfaces/IServiceRegistry.sol 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IServiceRegistry.sol#L2-L2 ```solidity File: tokenomics/contracts/interfaces/IToken.sol 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IToken.sol#L2-L2 ```solidity File: tokenomics/contracts/interfaces/ITokenomics.sol 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/ITokenomics.sol#L2-L2 ```solidity File: tokenomics/contracts/interfaces/ITreasury.sol 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/ITreasury.sol#L2-L2 ```solidity File: tokenomics/contracts/interfaces/IUniswapV2Pair.sol 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IUniswapV2Pair.sol#L2-L2 ```solidity File: tokenomics/contracts/interfaces/IVotingEscrow.sol 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IVotingEscrow.sol#L2-L2 ### [N-110] [Solidity]: All `verbatim` blocks are considered identical by deduplicator and can incorrectly be unified The block deduplicator is a step of the opcode-based optimizer which identifies equivalent assembly blocks and merges them into a single one. However, when blocks contained `verbatim`, their comparison was performed incorrectly, leading to the collapse of assembly blocks which are identical except for the contents of the ``verbatim`` items. Since `verbatim` is only available in Yul, compilation of Solidity sources is not affected. For more details check the following [link](https://blog.soliditylang.org/2023/11/08/verbatim-invalid-deduplication-bug/) *There are 37 instance(s) of this issue:* ```solidity File: governance/contracts/GovernorOLAS.sol 2: pragma solidity ^0.8.20; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/GovernorOLAS.sol#L2-L2 ```solidity File: governance/contracts/Timelock.sol 2: pragma solidity ^0.8.20; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/Timelock.sol#L2-L2 ```solidity File: governance/contracts/OLAS.sol 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/OLAS.sol#L2-L2 ```solidity File: governance/contracts/veOLAS.sol 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/veOLAS.sol#L2-L2 ```solidity File: governance/contracts/wveOLAS.sol 2: pragma solidity ^0.8.19; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/wveOLAS.sol#L2-L2 ```solidity File: governance/contracts/bridges/FxGovernorTunnel.sol 2: pragma solidity ^0.8.19; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/FxGovernorTunnel.sol#L2-L2 ```solidity File: governance/contracts/bridges/HomeMediator.sol 2: pragma solidity ^0.8.19; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/bridges/HomeMediator.sol#L2-L2 ```solidity File: governance/contracts/interfaces/IERC20.sol 2: pragma solidity ^0.8.21; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/interfaces/IERC20.sol#L2-L2 ```solidity File: governance/contracts/interfaces/IErrors.sol 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//governance/contracts/interfaces/IErrors.sol#L2-L2 ```solidity File: registries/contracts/GenericRegistry.sol 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericRegistry.sol#L2-L2 ```solidity File: registries/contracts/UnitRegistry.sol 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/UnitRegistry.sol#L2-L2 ```solidity File: registries/contracts/ComponentRegistry.sol 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/ComponentRegistry.sol#L2-L2 ```solidity File: registries/contracts/AgentRegistry.sol 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/AgentRegistry.sol#L2-L2 ```solidity File: registries/contracts/GenericManager.sol 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/GenericManager.sol#L2-L2 ```solidity File: registries/contracts/RegistriesManager.sol 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/RegistriesManager.sol#L2-L2 ```solidity File: registries/contracts/multisigs/GnosisSafeMultisig.sol 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeMultisig.sol#L2-L2 ```solidity File: registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol 2: pragma solidity ^0.8.21; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/multisigs/GnosisSafeSameAddressMultisig.sol#L2-L2 ```solidity File: registries/contracts/interfaces/IErrorsRegistries.sol 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/interfaces/IErrorsRegistries.sol#L2-L2 ```solidity File: registries/contracts/interfaces/IRegistry.sol 2: pragma solidity ^0.8.15; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//registries/contracts/interfaces/IRegistry.sol#L2-L2 ```solidity File: tokenomics/contracts/Depository.sol 2: pragma solidity ^0.8.20; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Depository.sol#L2-L2 ```solidity File: tokenomics/contracts/Dispenser.sol 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Dispenser.sol#L2-L2 ```solidity File: tokenomics/contracts/DonatorBlacklist.sol 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/DonatorBlacklist.sol#L2-L2 ```solidity File: tokenomics/contracts/GenericBondCalculator.sol 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/GenericBondCalculator.sol#L2-L2 ```solidity File: tokenomics/contracts/Tokenomics.sol 2: pragma solidity ^0.8.20; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Tokenomics.sol#L2-L2 ```solidity File: tokenomics/contracts/TokenomicsConstants.sol 2: pragma solidity ^0.8.20; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsConstants.sol#L2-L2 ```solidity File: tokenomics/contracts/TokenomicsProxy.sol 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/TokenomicsProxy.sol#L2-L2 ```solidity File: tokenomics/contracts/Treasury.sol 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/Treasury.sol#L2-L2 ```solidity File: tokenomics/contracts/interfaces/IDonatorBlacklist.sol 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IDonatorBlacklist.sol#L2-L2 ```solidity File: tokenomics/contracts/interfaces/IErrorsTokenomics.sol 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IErrorsTokenomics.sol#L2-L2 ```solidity File: tokenomics/contracts/interfaces/IGenericBondCalculator.sol 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IGenericBondCalculator.sol#L2-L2 ```solidity File: tokenomics/contracts/interfaces/IOLAS.sol 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IOLAS.sol#L2-L2 ```solidity File: tokenomics/contracts/interfaces/IServiceRegistry.sol 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IServiceRegistry.sol#L2-L2 ```solidity File: tokenomics/contracts/interfaces/IToken.sol 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IToken.sol#L2-L2 ```solidity File: tokenomics/contracts/interfaces/ITokenomics.sol 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/ITokenomics.sol#L2-L2 ```solidity File: tokenomics/contracts/interfaces/ITreasury.sol 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/ITreasury.sol#L2-L2 ```solidity File: tokenomics/contracts/interfaces/IUniswapV2Pair.sol 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IUniswapV2Pair.sol#L2-L2 ```solidity File: tokenomics/contracts/interfaces/IVotingEscrow.sol 2: pragma solidity ^0.8.18; ``` *GitHub* : https://github.com/code-423n4/2023-12-autonolas/blob/main//tokenomics/contracts/interfaces/IVotingEscrow.sol#L2-L2