You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This report was generated by Aderyn, a static analysis tool built by Cyfrin, a blockchain security company. This report is not a substitute for manual audit or security review. It should not be relied upon for any purpose other than to assist in the identification of potential security vulnerabilities.
Downcasting int/uints in Solidity can be unsafe due to the potential for data loss and unintended behavior.When downcasting a larger integer type to a smaller one (e.g., uint256 to uint128), the value may exceed the range of the target type,leading to truncation and loss of significant digits. Use OpenZeppelin's SafeCast library to safely downcast integers.
1 Found Instances
Found in src/ronin/gateway/BridgeSlash.sol Line: 99
H-2: Uninitialized State Variables
Solidity does initialize variables by default when you declare them, however it's good practice to explicitly declare an initial value. For example, if you transfer money to an address we must make sure that the address has been initialized.
Remove this, as this causes execution to halt. Nothing after that call will execute, including code following the assembly block.
2 Found Instances
Found in src/extensions/TransparentUpgradeableProxyV2.sol Line: 27
Found in src/ronin/gateway/BridgeTracking.sol Line: 63
H-4: Functions send eth away from contract but performs no checks on any address.
Consider introducing checks for msg.sender to ensure the recipient of the money is as intended.
2 Found Instances
Found in src/extensions/WethUnwrapper.sol Line: 27
Found in src/extensions/WethUnwrapper.sol Line: 32
H-5: Return value of the function call is not checked.
Function returns a value but it is ignored.
15 Found Instances
Found in src/extensions/bridge-operator-governance/BridgeManager.sol Line: 84
Found in src/extensions/bridge-operator-governance/BridgeManager.sol Line: 217
Found in src/extensions/bridge-operator-governance/BridgeManager.sol Line: 224
Found in src/extensions/sequential-governance/governance-proposal/GovernanceProposal.sol Line: 19
Found in src/extensions/sequential-governance/governance-proposal/GovernanceProposal.sol Line: 54
Found in src/extensions/sequential-governance/governance-relay/GovernanceRelay.sol Line: 24
Found in src/mainchain/MainchainGatewayV3.sol Line: 96
Found in src/ronin/gateway/BridgeReward.sol Line: 196
Found in src/ronin/gateway/BridgeReward.sol Line: 235
Found in src/ronin/gateway/RoninBridgeManager.sol Line: 44
Found in src/ronin/gateway/RoninBridgeManager.sol Line: 102
Found in src/ronin/gateway/RoninBridgeManager.sol Line: 166
Found in src/ronin/gateway/RoninBridgeManager.sol Line: 212
Found in src/ronin/gateway/RoninGatewayV3.sol Line: 109
Found in src/ronin/gateway/RoninGatewayV3.sol Line: 439
H-6: Contract locks Ether without a withdraw function.
It appears that the contract includes a payable function to accept Ether but lacks a corresponding function to withdraw it, which leads to the Ether being locked in the contract. To resolve this issue, please implement a public or external function that allows for the withdrawal of Ether from the contract.
4 Found Instances
Found in src/extensions/TransparentUpgradeableProxyV2.sol Line: 6
Found in src/mainchain/MainchainGatewayV3.sol Line: 16
Found in src/ronin/gateway/BridgeSlash.sol Line: 20
Found in src/ronin/gateway/RoninGatewayV3.sol Line: 19
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
tringuyenskymavis
force-pushed
the
chore/aderyn-ci
branch
from
Description
Checklist