Build software better, together

Check warning on line 2 in packages/contracts-rfq/contracts/Admin.sol

Code scanning / Slither

Different pragma directives are used Warning

3 different versions of Solidity are used:
- Version constraint ^0.8.20 is used by:
-^0.8.20
-^0.8.20
-^0.8.20
-^0.8.20
-^0.8.20
-^0.8.20
-^0.8.20
-^0.8.20
-^0.8.20
-^0.8.20
-^0.8.20
-^0.8.20
-^0.8.20
-^0.8.20
- Version constraint 0.8.20 is used by:
-0.8.20
- Version constraint ^0.8.4 is used by:
-^0.8.4
-^0.8.4
-^0.8.4
-^0.8.4
-^0.8.4

Check warning on line 2 in packages/contracts-rfq/contracts/Admin.sol

Code scanning / Slither

Different pragma directives are used Warning

3 different versions of Solidity are used:
- Version constraint ^0.8.20 is used by:
-^0.8.20
-^0.8.20
-^0.8.20
-^0.8.20
-^0.8.20
-^0.8.20
-^0.8.20
-^0.8.20
-^0.8.20
-^0.8.20
-^0.8.20
-^0.8.20
-^0.8.20
-^0.8.20
- Version constraint 0.8.24 is used by:
-0.8.24
- Version constraint ^0.8.4 is used by:
-^0.8.4
-^0.8.4
-^0.8.4
-^0.8.4
-^0.8.4
-^0.8.4
-^0.8.4
-^0.8.4
-^0.8.4

Check warning on line 2 in packages/contracts-rfq/contracts/Admin.sol

Code scanning / Slither

Incorrect versions of Solidity Warning

Version constraint ^0.8.20 contains known severe issues (https://solidity.readthedocs.io/en/latest/bugs.html)
- VerbatimInvalidDeduplication
- FullInlinerNonExpressionSplitArgumentEvaluationOrder
- MissingSideEffectsOnSelectorAccess.
It is used by:
- ^0.8.20
- ^0.8.20
- ^0.8.20
- ^0.8.20
- ^0.8.20
- ^0.8.20
- ^0.8.20
- ^0.8.20
- ^0.8.20
- ^0.8.20
- ^0.8.20
- ^0.8.20
- ^0.8.20
- ^0.8.20
- ^0.8.20

Check warning on line 2 in packages/contracts-rfq/contracts/Admin.sol

Code scanning / Slither

Incorrect versions of Solidity Warning

Version constraint ^0.8.20 contains known severe issues (https://solidity.readthedocs.io/en/latest/bugs.html)
- VerbatimInvalidDeduplication
- FullInlinerNonExpressionSplitArgumentEvaluationOrder
- MissingSideEffectsOnSelectorAccess.
It is used by:
- ^0.8.20
- ^0.8.20
- ^0.8.20
- ^0.8.20
- ^0.8.20
- ^0.8.20
- ^0.8.20
- ^0.8.20
- ^0.8.20
- ^0.8.20
- ^0.8.20
- ^0.8.20
- ^0.8.20
- ^0.8.20

Check warning on line 2 in packages/contracts-rfq/contracts/Admin.sol

Code scanning / Slither

Incorrect versions of Solidity Warning

Version constraint ^0.8.20 contains known severe issues (https://solidity.readthedocs.io/en/latest/bugs.html)
- VerbatimInvalidDeduplication
- FullInlinerNonExpressionSplitArgumentEvaluationOrder
- MissingSideEffectsOnSelectorAccess.
It is used by:
- ^0.8.20
- ^0.8.20
- ^0.8.20
- ^0.8.20
- ^0.8.20
- ^0.8.20
- ^0.8.20
- ^0.8.20
- ^0.8.20
- ^0.8.20
- ^0.8.20
- ^0.8.20
- ^0.8.20
- ^0.8.20
- ^0.8.20
- ^0.8.20
- ^0.8.20
- ^0.8.20
- ^0.8.20
- ^0.8.20
- ^0.8.20
- ^0.8.20
- ^0.8.20

Check notice on line 125 in packages/contracts-rfq/contracts/FastBridgeV2.sol

Code scanning / Slither

Reentrancy vulnerabilities Low

Reentrancy in FastBridgeV2.bridge(IFastBridge.BridgeParams):
External calls:
- originAmount = _pullToken(address(this),params.originToken,params.originAmount)
- returndata = address(token).functionCall(data)
- IERC20(token).safeTransferFrom(msg.sender,recipient,amount)
- (success,returndata) = target.call{value: value}(data)
- (success,None) = to.call{value: value}()
- token.universalTransfer(recipient,amount)
- IERC20(token).safeTransfer(to,value)
External calls sending eth:
- originAmount = _pullToken(address(this),params.originToken,params.originAmount)
- (success,returndata) = target.call{value: value}(data)
- (success,None) = to.call{value: value}()
State variables written after the call(s):
- bridgeTxDetails[transactionId].status = BridgeStatus.REQUESTED
- request = abi.encode(BridgeTransaction({originChainId:uint32(block.chainid),destChainId:params.dstChainId,originSender:params.sender,destRecipient:params.to,originToken:params.originToken,destToken:params.destToken,originAmount:originAmount,destAmount:params.destAmount,originFeeAmount:originFeeAmount,sendChainGas:params.sendChainGas,deadline:params.deadline,nonce:nonce ++}))

Check notice on line 125 in packages/contracts-rfq/contracts/FastBridgeV2.sol

Code scanning / Slither

Reentrancy vulnerabilities Low

Reentrancy in FastBridgeV2.bridge(IFastBridge.BridgeParams):
External calls:
- originAmount = _pullToken(address(this),params.originToken,params.originAmount)
- returndata = address(token).functionCall(data)
- IERC20(token).safeTransferFrom(msg.sender,recipient,amount)
- (success,returndata) = target.call{value: value}(data)
- (success,None) = to.call{value: value}()
- token.universalTransfer(recipient,amount)
- IERC20(token).safeTransfer(to,value)
External calls sending eth:
- originAmount = _pullToken(address(this),params.originToken,params.originAmount)
- (success,returndata) = target.call{value: value}(data)
- (success,None) = to.call{value: value}()
Event emitted after the call(s):
- BridgeRequested(transactionId,params.sender,request,params.dstChainId,params.originToken,params.destToken,originAmount,params.destAmount,params.sendChainGas)

Check notice on line 125 in packages/contracts-rfq/contracts/FastBridgeV2.sol

Code scanning / Slither

Block timestamp Low

FastBridgeV2.bridge(IFastBridge.BridgeParams) uses timestamp for comparisons
Dangerous comparisons:
- params.deadline < block.timestamp + MIN_DEADLINE_PERIOD

Check warning on line 90 in packages/contracts-rfq/contracts/FastBridgeV2.sol

Code scanning / Slither

Uninitialized local variables Medium

FastBridgeV2.bridge(IFastBridge.BridgeParams,IFastBridgeV2.BridgeParamsV2).originFeeAmount is a local variable never initialized

Check notice on line 175 in packages/contracts-rfq/contracts/FastBridgeV2.sol

Code scanning / Slither

Reentrancy vulnerabilities Low

Reentrancy in FastBridgeV2.relay(bytes,address):
External calls:
- _pullToken(to,token,amount)
- returndata = address(token).functionCall(data)
- IERC20(token).safeTransferFrom(msg.sender,recipient,amount)
- (success,returndata) = target.call{value: value}(data)
- (success,None) = to.call{value: value}()
- token.universalTransfer(recipient,amount)
- IERC20(token).safeTransfer(to,value)
- _pullToken(to,token,amount + rebate)
- returndata = address(token).functionCall(data)
- IERC20(token).safeTransferFrom(msg.sender,recipient,amount)
- (success,returndata) = target.call{value: value}(data)
- (success,None) = to.call{value: value}()
- token.universalTransfer(recipient,amount)
- IERC20(token).safeTransfer(to,value)
- _pullToken(to,token,amount)
- returndata = address(token).functionCall(data)
- IERC20(token).safeTransferFrom(msg.sender,recipient,amount)
- (success,returndata) = target.call{value: value}(data)
- (success,None) = to.call{value: value}()
- token.universalTransfer(recipient,amount)
- IERC20(token).safeTransfer(to,value)
- _pullToken(to,UniversalTokenLib.ETH_ADDRESS,rebate)
- returndata = address(token).functionCall(data)
- IERC20(token).safeTransferFrom(msg.sender,recipient,amount)
- (success,returndata) = target.call{value: value}(data)
- (success,None) = to.call{value: value}()
- token.universalTransfer(recipient,amount)
- IERC20(token).safeTransfer(to,value)
External calls sending eth:
- _pullToken(to,token,amount)
- (success,returndata) = target.call{value: value}(data)
- (success,None) = to.call{value: value}()
- _pullToken(to,token,amount + rebate)
- (success,returndata) = target.call{value: value}(data)
- [(success,None) = to.call{value:

Check notice on line 175 in packages/contracts-rfq/contracts/FastBridgeV2.sol

Code scanning / Slither

Block timestamp Low

FastBridgeV2.relay(bytes,address) uses timestamp for comparisons
Dangerous comparisons:
- block.timestamp > transaction.deadline

Check notice on line 211 in packages/contracts-rfq/contracts/FastBridgeV2.sol

Code scanning / Slither

Block timestamp Low

FastBridgeV2.canClaim(bytes32,address) uses timestamp for comparisons
Dangerous comparisons:
- proof.relayer != relayer
- _timeSince(proof) > DISPUTE_PERIOD

Check notice on line 248 in packages/contracts-rfq/contracts/FastBridgeV2.sol

Code scanning / Slither

Reentrancy vulnerabilities Low

Reentrancy in FastBridgeV2.claim(bytes,address):
External calls:
- Address.sendValue(address(to),amount)
- IERC20(token).safeTransfer(to,amount)
Event emitted after the call(s):
- BridgeDepositClaimed(transactionId,proofRelayer,to,transaction.originToken,transaction.originAmount)

Check notice on line 248 in packages/contracts-rfq/contracts/FastBridgeV2.sol

Code scanning / Slither

Block timestamp Low

FastBridgeV2.claim(bytes,address) uses timestamp for comparisons
Dangerous comparisons:
- _timeSince(proofBlockTimestamp) <= DISPUTE_PERIOD

Check notice on line 260 in packages/contracts-rfq/contracts/FastBridgeV2.sol

Code scanning / Slither

Block timestamp Low

FastBridgeV2.dispute(bytes32) uses timestamp for comparisons
Dangerous comparisons:
- _timeSince(bridgeProofs[transactionId]) > DISPUTE_PERIOD

Check notice on line 286 in packages/contracts-rfq/contracts/FastBridgeV2.sol

Code scanning / Slither

Reentrancy vulnerabilities Low

Reentrancy in FastBridgeV2.refund(bytes):
External calls:
- token.universalTransfer(to,amount)
Event emitted after the call(s):
- BridgeDepositRefunded(transactionId,to,token,amount)

Check notice on line 286 in packages/contracts-rfq/contracts/FastBridgeV2.sol

Code scanning / Slither

Block timestamp Low

FastBridgeV2.refund(bytes) uses timestamp for comparisons
Dangerous comparisons:
- block.timestamp <= transaction.deadline
- block.timestamp <= transaction.deadline + REFUND_DELAY

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

17 new alerts including 1 medium severity security vulnerability

New alerts in code changed by this pull request

Annotations

Re-running checks...

fix(promexporter): make spans better (#3164)

17 new alerts including 1 medium severity security vulnerability

New alerts in code changed by this pull request

Annotations

Re-running checks...