feat(contracts): ValueRouter #4814
15 new alerts including 2 critical severity security vulnerabilities
New alerts in code changed by this pull request
Security Alerts:
- 2 critical
- 4 medium
- 9 low
See annotations below for details.
Annotations
Check notice on line 70 in solidity/contracts/hooks/OPL2ToL1Hook.sol
Code scanning / Olympix Integrated Security
Local variables in test functions are not properly fuzzed, potentially reducing the effectiveness of property-based testing. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/unfuzzed-local-variables Low
Check notice on line 90 in solidity/contracts/hooks/OPL2ToL1Hook.sol
Code scanning / Olympix Integrated Security
Local variables in test functions are not properly fuzzed, potentially reducing the effectiveness of property-based testing. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/unfuzzed-local-variables Low
Check warning on line 94 in solidity/contracts/hooks/OPL2ToL1Hook.sol
Code scanning / Olympix Integrated Security
Calling a function without checking the return value may lead to silent failures. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/unused-return-function-call Medium
Check failure on line 41 in solidity/contracts/token/HypNative.sol
Code scanning / Olympix Integrated Security
The contract contains functions with inadequate validation of input parameters, potentially leading to unexpected behavior or vulnerabilities. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/insufficient-parameter-assertion Critical
Check notice on line 2 in solidity/contracts/token/HypNativeCollateral.sol
Code scanning / Olympix Integrated Security
Using an unbounded pragma for Solidity version may be unsafe if future versions introduce breaking changes. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/unbounded-pragma Low
Check failure on line 13 in solidity/contracts/token/HypNativeCollateral.sol
Code scanning / Olympix Integrated Security
Contracts that can receive ether but cannot send it may lock value permanently. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/locked-ether Critical
Check warning on line 19 in solidity/contracts/token/HypNativeCollateral.sol
Code scanning / Olympix Integrated Security
Test functions fail to assert the emission of expected events, potentially missing critical contract behaviors. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/missing-events-assertion Medium
Check notice on line 21 in solidity/contracts/token/HypNativeCollateral.sol
Code scanning / Olympix Integrated Security
Test functions fail to thoroughly test all aspects of contract constructors, potentially missing critical initialization issues. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/incomplete-constructor-tests Low
Check notice on line 21 in solidity/contracts/token/HypNativeCollateral.sol
Code scanning / Olympix Integrated Security
Parameters passed to a constructor that are not validated for correct values may lead to contract creation in an undesired state. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/no-parameter-validation-in-constructor Low
Check warning on line 46 in solidity/contracts/token/HypNativeCollateral.sol
Code scanning / Olympix Integrated Security
Test functions fail to verify specific revert reasons, potentially missing important contract behavior validation. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/missing-revert-reason-tests Medium
Check warning on line 62 in solidity/contracts/token/HypNativeCollateral.sol
Code scanning / Olympix Integrated Security
Test functions fail to verify specific revert reasons, potentially missing important contract behavior validation. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/missing-revert-reason-tests Medium
Check notice on line 104 in solidity/contracts/token/HypNativeCollateral.sol
Code scanning / Olympix Integrated Security
Using a payable fallback (including receive) with no access control may lead to inadvertently locked funds. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/no-access-control-payable-fallback Low
Check notice on line 16 in solidity/contracts/token/extensions/HypNativeCollateralScaled.sol
Code scanning / Olympix Integrated Security
Test functions fail to thoroughly test all aspects of contract constructors, potentially missing critical initialization issues. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/incomplete-constructor-tests Low
Check notice on line 17 in solidity/contracts/token/extensions/HypNativeCollateralScaled.sol
Code scanning / Olympix Integrated Security
Parameters passed to a constructor that are not validated for correct values may lead to contract creation in an undesired state. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/no-parameter-validation-in-constructor Low
Check notice on line 18 in solidity/contracts/token/extensions/HypNativeCollateralScaled.sol
Code scanning / Olympix Integrated Security
Parameters passed to a constructor that are not validated for correct values may lead to contract creation in an undesired state. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/no-parameter-validation-in-constructor Low