Summary

arbitrary-send-eth (4 results) (High)
incorrect-exp (1 results) (High)
divide-before-multiply (8 results) (Medium)
locked-ether (1 results) (Medium)
events-access (3 results) (Low)
missing-zero-check (10 results) (Low)
assembly (5 results) (Informational)
solc-version (14 results) (Informational)
low-level-calls (7 results) (Informational)
naming-convention (12 results) (Informational)
immutable-states (4 results) (Optimization)

arbitrary-send-eth

Impact: High Confidence: Medium

ID-0 BidderRegistry.withdrawProviderAmount(address) sends eth to arbitrary bidder Dangerous calls:
- (success) = provider.call{value: amount}()

contracts/BidderRegistry.sol#L186-L195

ID-1 ProviderRegistry.withdrawBidderAmount(address) sends eth to arbitrary bidder Dangerous calls:
- (success) = bidder.call{value: bidderAmount[bidder]}()

contracts/ProviderRegistry.sol#L191-L198

ID-2 ProviderRegistry.withdrawFeeRecipientAmount() sends eth to arbitrary bidder Dangerous calls:
- (successFee) = feeRecipient.call{value: feeRecipientAmount}()

contracts/ProviderRegistry.sol#L185-L189

ID-3 BidderRegistry.withdrawFeeRecipientAmount() sends eth to arbitrary bidder Dangerous calls:
- (successFee) = feeRecipient.call{value: amount}()

contracts/BidderRegistry.sol#L178-L184

incorrect-exp

Impact: High Confidence: Medium

ID-4 Math.mulDiv(uint256,uint256,uint256) has bitwise-xor operator ^ instead of the exponentiation operator **:
- inverse = (3 * denominator) ^ 2

lib/openzeppelin-contracts/contracts/utils/math/Math.sol#L123-L202

divide-before-multiply

Impact: Medium Confidence: Medium

ID-5 Math.mulDiv(uint256,uint256,uint256) performs a multiplication on the result of a division:
- denominator = denominator / twos
- inverse *= 2 - denominator * inverse

lib/openzeppelin-contracts/contracts/utils/math/Math.sol#L123-L202

ID-6 Math.mulDiv(uint256,uint256,uint256) performs a multiplication on the result of a division:
- denominator = denominator / twos
- inverse *= 2 - denominator * inverse

lib/openzeppelin-contracts/contracts/utils/math/Math.sol#L123-L202

ID-7 Math.mulDiv(uint256,uint256,uint256) performs a multiplication on the result of a division:
- denominator = denominator / twos
- inverse *= 2 - denominator * inverse

lib/openzeppelin-contracts/contracts/utils/math/Math.sol#L123-L202

ID-8 Math.mulDiv(uint256,uint256,uint256) performs a multiplication on the result of a division:
- denominator = denominator / twos
- inverse = (3 * denominator) ^ 2

lib/openzeppelin-contracts/contracts/utils/math/Math.sol#L123-L202

ID-9 Math.mulDiv(uint256,uint256,uint256) performs a multiplication on the result of a division:
- prod0 = prod0 / twos
- result = prod0 * inverse

lib/openzeppelin-contracts/contracts/utils/math/Math.sol#L123-L202

ID-10 Math.mulDiv(uint256,uint256,uint256) performs a multiplication on the result of a division:
- denominator = denominator / twos
- inverse *= 2 - denominator * inverse

lib/openzeppelin-contracts/contracts/utils/math/Math.sol#L123-L202

ID-11 Math.mulDiv(uint256,uint256,uint256) performs a multiplication on the result of a division:
- denominator = denominator / twos
- inverse *= 2 - denominator * inverse

lib/openzeppelin-contracts/contracts/utils/math/Math.sol#L123-L202

ID-12 Math.mulDiv(uint256,uint256,uint256) performs a multiplication on the result of a division:
- denominator = denominator / twos
- inverse *= 2 - denominator * inverse

lib/openzeppelin-contracts/contracts/utils/math/Math.sol#L123-L202

locked-ether

Impact: Medium Confidence: High

ID-13 Contract locking ether found: Contract PreConfCommitmentStore has payable functions:
- PreConfCommitmentStore.fallback()
- PreConfCommitmentStore.receive() But does not have a function to withdraw the ether

contracts/PreConfirmations.sol#L16-L448

events-access

Impact: Low Confidence: Medium

ID-14 PreConfCommitmentStore.updateOracle(address) should emit an event for:
- oracle = newOracle

contracts/PreConfirmations.sol#L393-L395

ID-15 BidderRegistry.setPreconfirmationsContract(address) should emit an event for:
- preConfirmationsContract = contractAddress

contracts/BidderRegistry.sol#L95-L103

ID-16 ProviderRegistry.setPreconfirmationsContract(address) should emit an event for:
- preConfirmationsContract = contractAddress

contracts/ProviderRegistry.sol#L99-L107

missing-zero-check

Impact: Low Confidence: Medium

ID-17 BidderRegistry.withdrawProviderAmount(address).provider lacks a zero-check on : - (success) = provider.call{value: amount}()

contracts/BidderRegistry.sol#L187

ID-18 ProviderRegistry.constructor(uint256,address,uint16)._feeRecipient lacks a zero-check on : - feeRecipient = _feeRecipient

contracts/ProviderRegistry.sol#L76

ID-19 BidderRegistry.constructor(uint256,address,uint16)._feeRecipient lacks a zero-check on : - feeRecipient = _feeRecipient

contracts/BidderRegistry.sol#L72

ID-20 BidderRegistry.setNewFeeRecipient(address).newFeeRecipient lacks a zero-check on : - feeRecipient = newFeeRecipient

contracts/BidderRegistry.sol#L165

ID-21 PreConfCommitmentStore.updateOracle(address).newOracle lacks a zero-check on : - oracle = newOracle

contracts/PreConfirmations.sol#L393

ID-22 BidderRegistry.setPreconfirmationsContract(address).contractAddress lacks a zero-check on : - preConfirmationsContract = contractAddress

contracts/BidderRegistry.sol#L96

ID-23 ProviderRegistry.setPreconfirmationsContract(address).contractAddress lacks a zero-check on : - preConfirmationsContract = contractAddress

contracts/ProviderRegistry.sol#L100

ID-24 ProviderRegistry.setNewFeeRecipient(address).newFeeRecipient lacks a zero-check on : - feeRecipient = newFeeRecipient

contracts/ProviderRegistry.sol#L172

ID-25 BidderRegistry.withdrawProtocolFee(address).bidder lacks a zero-check on : - (success) = bidder.call{value: _protocolFeeAmount}()

contracts/BidderRegistry.sol#L208

ID-26 PreConfCommitmentStore.constructor(address,address,address)._oracle lacks a zero-check on : - oracle = _oracle

contracts/PreConfirmations.sol#L127

assembly

Impact: Informational Confidence: High

ID-27 ECDSA.tryRecover(bytes32,bytes) uses assembly
- INLINE ASM

lib/openzeppelin-contracts/contracts/utils/cryptography/ECDSA.sol#L56-L73

ID-28 Strings.toString(uint256) uses assembly
- INLINE ASM
- INLINE ASM

lib/openzeppelin-contracts/contracts/utils/Strings.sol#L24-L44

ID-29 Math.mulDiv(uint256,uint256,uint256) uses assembly

lib/openzeppelin-contracts/contracts/utils/math/Math.sol#L123-L202

ID-30 MessageHashUtils.toEthSignedMessageHash(bytes32) uses assembly
- INLINE ASM

lib/openzeppelin-contracts/contracts/utils/cryptography/MessageHashUtils.sol#L30-L37

ID-31 MessageHashUtils.toTypedDataHash(bytes32,bytes32) uses assembly
- INLINE ASM

lib/openzeppelin-contracts/contracts/utils/cryptography/MessageHashUtils.sol#L76-L85

solc-version

Impact: Informational Confidence: High

ID-32 Pragma version^0.8.20 necessitates a version too recent to be trusted. Consider deploying with 0.8.18.

lib/openzeppelin-contracts/contracts/access/Ownable.sol#L4

ID-33 Pragma version^0.8.20 necessitates a version too recent to be trusted. Consider deploying with 0.8.18.

lib/openzeppelin-contracts/contracts/utils/math/Math.sol#L4

ID-34 Pragma version^0.8.20 necessitates a version too recent to be trusted. Consider deploying with 0.8.18.

lib/openzeppelin-contracts/contracts/utils/cryptography/MessageHashUtils.sol#L4

ID-35 Pragma version^0.8.20 necessitates a version too recent to be trusted. Consider deploying with 0.8.18.

lib/openzeppelin-contracts/contracts/utils/math/SignedMath.sol#L4

ID-36 solc-0.8.20 is not recommended for deployment
ID-37 Pragma version^0.8.20 necessitates a version too recent to be trusted. Consider deploying with 0.8.18.

contracts/ProviderRegistry.sol#L2

ID-38 Pragma version^0.8.20 necessitates a version too recent to be trusted. Consider deploying with 0.8.18.

contracts/BidderRegistry.sol#L2

ID-39 Pragma version^0.8.20 necessitates a version too recent to be trusted. Consider deploying with 0.8.18.

lib/openzeppelin-contracts/contracts/utils/cryptography/ECDSA.sol#L4

ID-40 Pragma version^0.8.20 necessitates a version too recent to be trusted. Consider deploying with 0.8.18.

lib/openzeppelin-contracts/contracts/utils/Context.sol#L4

ID-41 Pragma version^0.8.20 necessitates a version too recent to be trusted. Consider deploying with 0.8.18.

lib/openzeppelin-contracts/contracts/utils/ReentrancyGuard.sol#L4

ID-42 Pragma version^0.8.20 necessitates a version too recent to be trusted. Consider deploying with 0.8.18.

contracts/interfaces/IProviderRegistry.sol#L2

ID-43 Pragma version^0.8.20 necessitates a version too recent to be trusted. Consider deploying with 0.8.18.

contracts/PreConfirmations.sol#L2

ID-44 Pragma version^0.8.20 necessitates a version too recent to be trusted. Consider deploying with 0.8.18.

contracts/interfaces/IBidderRegistry.sol#L2

ID-45 Pragma version^0.8.20 necessitates a version too recent to be trusted. Consider deploying with 0.8.18.

lib/openzeppelin-contracts/contracts/utils/Strings.sol#L4

low-level-calls

Impact: Informational Confidence: High

ID-46 Low level call in ProviderRegistry.withdrawFeeRecipientAmount():
- (successFee) = feeRecipient.call{value: feeRecipientAmount}()

contracts/ProviderRegistry.sol#L185-L189

ID-47 Low level call in BidderRegistry.withdrawStakedAmount(address):
- (success) = bidder.call{value: stake}()

contracts/BidderRegistry.sol#L197-L205

ID-48 Low level call in BidderRegistry.withdrawProviderAmount(address):
- (success) = provider.call{value: amount}()

contracts/BidderRegistry.sol#L186-L195

ID-49 Low level call in BidderRegistry.withdrawProtocolFee(address):
- (success) = bidder.call{value: _protocolFeeAmount}()

contracts/BidderRegistry.sol#L207-L216

ID-50 Low level call in ProviderRegistry.withdrawStakedAmount(address):
- (success) = provider.call{value: stake}()

contracts/ProviderRegistry.sol#L200-L223

ID-51 Low level call in BidderRegistry.withdrawFeeRecipientAmount():
- (successFee) = feeRecipient.call{value: amount}()

contracts/BidderRegistry.sol#L178-L184

ID-52 Low level call in ProviderRegistry.withdrawBidderAmount(address):
- (success) = bidder.call{value: bidderAmount[bidder]}()

contracts/ProviderRegistry.sol#L191-L198

naming-convention

Impact: Informational Confidence: High

ID-53 Parameter PreConfCommitmentStore.getPreConfHash(string,uint64,uint64,bytes32,string)._txnHash is not in mixedCase

contracts/PreConfirmations.sol#L196

ID-54 Variable PreConfCommitmentStore.DOMAIN_SEPARATOR_BID is not in mixedCase

contracts/PreConfirmations.sol#L39

ID-55 Function PreConfCommitmentStore._bytesToHexString(bytes) is not in mixedCase

contracts/PreConfirmations.sol#L437-L447

ID-56 Parameter PreConfCommitmentStore.getPreConfHash(string,uint64,uint64,bytes32,string)._blockNumber is not in mixedCase

contracts/PreConfirmations.sol#L198

ID-57 Variable PreConfCommitmentStore.DOMAIN_SEPARATOR_PRECONF is not in mixedCase

contracts/PreConfirmations.sol#L36

ID-58 Parameter PreConfCommitmentStore.getPreConfHash(string,uint64,uint64,bytes32,string)._bid is not in mixedCase

contracts/PreConfirmations.sol#L197

ID-59 Parameter PreConfCommitmentStore.getBidHash(string,uint64,uint64)._txnHash is not in mixedCase

contracts/PreConfirmations.sol#L169

ID-60 Parameter PreConfCommitmentStore._bytesToHexString(bytes)._bytes is not in mixedCase

contracts/PreConfirmations.sol#L438

ID-61 Parameter PreConfCommitmentStore.getBidHash(string,uint64,uint64)._blockNumber is not in mixedCase

contracts/PreConfirmations.sol#L171

ID-62 Parameter PreConfCommitmentStore.getPreConfHash(string,uint64,uint64,bytes32,string)._bidHash is not in mixedCase

contracts/PreConfirmations.sol#L199

ID-63 Parameter PreConfCommitmentStore.getBidHash(string,uint64,uint64)._bid is not in mixedCase

contracts/PreConfirmations.sol#L170

ID-64 Parameter PreConfCommitmentStore.getPreConfHash(string,uint64,uint64,bytes32,string)._bidSignature is not in mixedCase

contracts/PreConfirmations.sol#L200

immutable-states

Impact: Optimization Confidence: High

ID-65 PreConfCommitmentStore.DOMAIN_SEPARATOR_BID should be immutable

contracts/PreConfirmations.sol#L39

ID-66 PreConfCommitmentStore.DOMAIN_SEPARATOR_PRECONF should be immutable

contracts/PreConfirmations.sol#L36

ID-67 BidderRegistry.minStake should be immutable

contracts/BidderRegistry.sol#L20

ID-68 ProviderRegistry.minStake should be immutable

contracts/ProviderRegistry.sol#L18

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

slither.md

slither.md

arbitrary-send-eth

incorrect-exp

divide-before-multiply

locked-ether

events-access

missing-zero-check

assembly

solc-version

low-level-calls

naming-convention

immutable-states

Files

slither.md

Latest commit

History

slither.md

File metadata and controls

arbitrary-send-eth

incorrect-exp

divide-before-multiply

locked-ether

events-access

missing-zero-check

assembly

solc-version

low-level-calls

naming-convention

immutable-states