From efcbdf20c7c7b3b6717a4aaafe04873625887a39 Mon Sep 17 00:00:00 2001 From: Frontier <103474701+frontier159@users.noreply.github.com> Date: Tue, 21 Nov 2023 11:18:58 +1100 Subject: [PATCH] Nexus frontier (#907) * chore: update forge-std and fix CI * chore: update forge-std and fix CI * chore: update forge-std and fix CI * chore: update forge-std and fix CI * chore: update forge-std and fix CI * chore: update forge-std and fix CI --- .github/workflows/protocol-tests.yaml | 134 +++++- .github/workflows/slither.yaml | 47 -- protocol/foundry.toml | 2 +- protocol/slither.db.json | 591 ++++++++++++++++++++++++++ 4 files changed, 706 insertions(+), 68 deletions(-) delete mode 100644 .github/workflows/slither.yaml diff --git a/.github/workflows/protocol-tests.yaml b/.github/workflows/protocol-tests.yaml index 14f33cbba..8cf542bda 100644 --- a/.github/workflows/protocol-tests.yaml +++ b/.github/workflows/protocol-tests.yaml @@ -5,55 +5,149 @@ on: paths: - 'protocol/**' +concurrency: + group: ${{github.workflow}}-${{github.ref}} + cancel-in-progress: true + jobs: - e2eTest: + hardhatTests: name: Hardhat Tests - runs-on: ubuntu-latest + runs-on: ${{ matrix.os }} + permissions: + # required for all workflows + security-events: write + # only required for workflows in private repositories + actions: read + contents: read + strategy: + matrix: + os: + - ubuntu-latest + node_version: + - 18 + steps: - - uses: actions/checkout@v3 + - name: Checkout + uses: actions/checkout@v4 - - uses: actions/setup-node@v3 + - name: Use Node.js ${{ matrix.node_version }} + uses: actions/setup-node@v4 with: - node-version: '18.x' + node-version: ${{ matrix.node_version }} cache: 'yarn' cache-dependency-path: protocol/yarn.lock - - run: yarn install + - name: Install yarn project + run: yarn install working-directory: protocol - - run: yarn compile + - name: Hardhat Compile + run: yarn compile working-directory: protocol - - run: yarn test + - name: Hardhat Test + run: yarn test working-directory: protocol env: TESTS_MAINNET_RPC_URL: ${{ secrets.TESTS_MAINNET_RPC_URL }} - fuzzTest: + foundryTests: name: Foundry Tests - runs-on: ubuntu-latest + runs-on: ${{ matrix.os }} + permissions: + # required for all workflows + security-events: write + # only required for workflows in private repositories + actions: read + contents: read + strategy: + matrix: + os: + - ubuntu-latest + node_version: + - 18 + steps: - - uses: actions/checkout@v3 + - name: Checkout + uses: actions/checkout@v4 with: submodules: recursive - - uses: actions/setup-node@v3 + - name: Use Node.js ${{ matrix.node_version }} + uses: actions/setup-node@v4 with: - node-version: '18.x' + node-version: ${{ matrix.node_version }} cache: 'yarn' cache-dependency-path: protocol/yarn.lock - - run: yarn install + - name: Install yarn project + run: yarn install working-directory: protocol - name: Install Foundry - uses: foundry-rs/foundry-toolchain@v1.0.10 - #with: - # version: nightly-ca67d15f4abd46394b324c50e21e66f306a1162d + uses: foundry-rs/foundry-toolchain@v1 + with: + version: nightly + # version: nightly-ca67d15f4abd46394b324c50e21e66f306a1162d + cache: true - - run: forge --version + - name: Show the Foundry CI config + run: forge config + env: + FOUNDRY_PROFILE: ci + + - name: Show the Foundry version + run: forge --version working-directory: protocol - - name: Run tests - run: FOUNDRY_PROFILE=ci forge test --gas-report + - name: Foundry tests + run: forge test --gas-report + working-directory: protocol + env: + FOUNDRY_PROFILE: ci + MAINNET_RPC_URL: ${{ secrets.TESTS_MAINNET_RPC_URL }} + + slither: + name: Slither + runs-on: ${{ matrix.os }} + permissions: + # only required for workflows in private repositories + actions: read + contents: read + strategy: + matrix: + os: + - ubuntu-latest + node_version: + - 18 + + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + submodules: recursive + + - name: Use Node.js ${{ matrix.node_version }} + uses: actions/setup-node@v4 + with: + node-version: ${{ matrix.node_version }} + cache: 'yarn' + cache-dependency-path: protocol/yarn.lock + + - name: Install yarn project + run: yarn install working-directory: protocol + + - name: Install Foundry + uses: foundry-rs/foundry-toolchain@v1 + with: + version: nightly + # version: nightly-ca67d15f4abd46394b324c50e21e66f306a1162d + cache: false + + - name: install slither + run: cd protocol && pip install -r slither.requirements.txt + + # Can't output to SARIF for private repos without paying for Advanced Security + - name: run slither + run: cd protocol && yarn slither-check diff --git a/.github/workflows/slither.yaml b/.github/workflows/slither.yaml deleted file mode 100644 index 5289800b8..000000000 --- a/.github/workflows/slither.yaml +++ /dev/null @@ -1,47 +0,0 @@ -# We manually setup and run slither here, as the prebaked github action -# (at https://github.com/crytic/slither-action) -# fails with permission errors inside the docker container for this project - -name: Slither Analysis -on: - push: - paths: - - "protocol/**" - - ".github/workflows/slither.yaml" -jobs: - analyze: - # if: ${{ false }} # Slither has an issue with prb math, and is super slow... - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - with: - submodules: recursive - - - uses: actions/setup-node@v3 - with: - node-version: '18.x' - cache: 'yarn' - cache-dependency-path: protocol/yarn.lock - - - run: yarn install - working-directory: protocol - - - name: Install Foundry - uses: foundry-rs/foundry-toolchain@v1.0.10 - #with: - # version: nightly-ca67d15f4abd46394b324c50e21e66f306a1162d - - - run: forge --version - working-directory: protocol - - - uses: actions/setup-python@v4 - with: - python-version: 3.9 - cache: 'pip' - cache-dependency-path: protocol/slither.requirements.txt - - - name: install slither - run: cd protocol && pip install -r slither.requirements.txt - - - name: run slither - run: cd protocol && yarn slither-check diff --git a/protocol/foundry.toml b/protocol/foundry.toml index d67e97898..b30268efe 100644 --- a/protocol/foundry.toml +++ b/protocol/foundry.toml @@ -11,7 +11,7 @@ evm_version = "paris" # See https://www.evmdiff.com/features?name=PUSH0&kind=opcode [profile.ci] - fuzz = { runs = 5000 } + fuzz = { runs = 5000, seed = "0x4444" } invariant = { runs = 1000 } [profile.lite] diff --git a/protocol/slither.db.json b/protocol/slither.db.json index f14f960a4..74f901e8f 100644 --- a/protocol/slither.db.json +++ b/protocol/slither.db.json @@ -1,4 +1,595 @@ [ + { + "elements": [ + { + "type": "function", + "name": "borrowAndDeposit", + "source_mapping": { + "start": 7809, + "length": 246, + "filename_relative": "contracts/v2/strategies/DsrBaseStrategy.sol", + "filename_absolute": "/Users/frontier/git/temple/protocol/contracts/v2/strategies/DsrBaseStrategy.sol", + "filename_short": "contracts/v2/strategies/DsrBaseStrategy.sol", + "is_dependency": false, + "lines": [195, 196, 197, 198, 199], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "DsrBaseStrategy", + "source_mapping": { + "start": 1041, + "length": 11744, + "filename_relative": "contracts/v2/strategies/DsrBaseStrategy.sol", + "filename_absolute": "/Users/frontier/git/temple/protocol/contracts/v2/strategies/DsrBaseStrategy.sol", + "filename_short": "contracts/v2/strategies/DsrBaseStrategy.sol", + "is_dependency": false, + "lines": [ + 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, + 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, + 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, + 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, + 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, + 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, + 113, 114, 115, 116, 117, 118, 119, 120, 121, 122, 123, 124, 125, + 126, 127, 128, 129, 130, 131, 132, 133, 134, 135, 136, 137, 138, + 139, 140, 141, 142, 143, 144, 145, 146, 147, 148, 149, 150, 151, + 152, 153, 154, 155, 156, 157, 158, 159, 160, 161, 162, 163, 164, + 165, 166, 167, 168, 169, 170, 171, 172, 173, 174, 175, 176, 177, + 178, 179, 180, 181, 182, 183, 184, 185, 186, 187, 188, 189, 190, + 191, 192, 193, 194, 195, 196, 197, 198, 199, 200, 201, 202, 203, + 204, 205, 206, 207, 208, 209, 210, 211, 212, 213, 214, 215, 216, + 217, 218, 219, 220, 221, 222, 223, 224, 225, 226, 227, 228, 229, + 230, 231, 232, 233, 234, 235, 236, 237, 238, 239, 240, 241, 242, + 243, 244, 245, 246, 247, 248, 249, 250, 251, 252, 253, 254, 255, + 256, 257, 258, 259, 260, 261, 262, 263, 264, 265, 266, 267, 268, + 269, 270, 271, 272, 273, 274, 275, 276, 277, 278, 279, 280, 281, + 282, 283, 284, 285, 286, 287, 288, 289, 290, 291, 292, 293, 294, + 295, 296, 297, 298, 299, 300, 301, 302, 303, 304, 305, 306 + ], + "starting_column": 1, + "ending_column": 0 + } + }, + "signature": "borrowAndDeposit(uint256)" + } + }, + { + "type": "node", + "name": "treasuryReservesVault.borrow(daiToken,amount,address(this))", + "source_mapping": { + "start": 7958, + "length": 61, + "filename_relative": "contracts/v2/strategies/DsrBaseStrategy.sol", + "filename_absolute": "/Users/frontier/git/temple/protocol/contracts/v2/strategies/DsrBaseStrategy.sol", + "filename_short": "contracts/v2/strategies/DsrBaseStrategy.sol", + "is_dependency": false, + "lines": [197], + "starting_column": 9, + "ending_column": 70 + }, + "type_specific_fields": { + "parent": { + "type": "function", + "name": "borrowAndDeposit", + "source_mapping": { + "start": 7809, + "length": 246, + "filename_relative": "contracts/v2/strategies/DsrBaseStrategy.sol", + "filename_absolute": "/Users/frontier/git/temple/protocol/contracts/v2/strategies/DsrBaseStrategy.sol", + "filename_short": "contracts/v2/strategies/DsrBaseStrategy.sol", + "is_dependency": false, + "lines": [195, 196, 197, 198, 199], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "DsrBaseStrategy", + "source_mapping": { + "start": 1041, + "length": 11744, + "filename_relative": "contracts/v2/strategies/DsrBaseStrategy.sol", + "filename_absolute": "/Users/frontier/git/temple/protocol/contracts/v2/strategies/DsrBaseStrategy.sol", + "filename_short": "contracts/v2/strategies/DsrBaseStrategy.sol", + "is_dependency": false, + "lines": [ + 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, + 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, + 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, + 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, + 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, + 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, + 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, + 120, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, + 132, 133, 134, 135, 136, 137, 138, 139, 140, 141, 142, 143, + 144, 145, 146, 147, 148, 149, 150, 151, 152, 153, 154, 155, + 156, 157, 158, 159, 160, 161, 162, 163, 164, 165, 166, 167, + 168, 169, 170, 171, 172, 173, 174, 175, 176, 177, 178, 179, + 180, 181, 182, 183, 184, 185, 186, 187, 188, 189, 190, 191, + 192, 193, 194, 195, 196, 197, 198, 199, 200, 201, 202, 203, + 204, 205, 206, 207, 208, 209, 210, 211, 212, 213, 214, 215, + 216, 217, 218, 219, 220, 221, 222, 223, 224, 225, 226, 227, + 228, 229, 230, 231, 232, 233, 234, 235, 236, 237, 238, 239, + 240, 241, 242, 243, 244, 245, 246, 247, 248, 249, 250, 251, + 252, 253, 254, 255, 256, 257, 258, 259, 260, 261, 262, 263, + 264, 265, 266, 267, 268, 269, 270, 271, 272, 273, 274, 275, + 276, 277, 278, 279, 280, 281, 282, 283, 284, 285, 286, 287, + 288, 289, 290, 291, 292, 293, 294, 295, 296, 297, 298, 299, + 300, 301, 302, 303, 304, 305, 306 + ], + "starting_column": 1, + "ending_column": 0 + } + }, + "signature": "borrowAndDeposit(uint256)" + } + } + }, + "additional_fields": { "underlying_type": "external_calls" } + }, + { + "type": "node", + "name": "_dsrDeposit(amount)", + "source_mapping": { + "start": 8029, + "length": 19, + "filename_relative": "contracts/v2/strategies/DsrBaseStrategy.sol", + "filename_absolute": "/Users/frontier/git/temple/protocol/contracts/v2/strategies/DsrBaseStrategy.sol", + "filename_short": "contracts/v2/strategies/DsrBaseStrategy.sol", + "is_dependency": false, + "lines": [198], + "starting_column": 9, + "ending_column": 28 + }, + "type_specific_fields": { + "parent": { + "type": "function", + "name": "borrowAndDeposit", + "source_mapping": { + "start": 7809, + "length": 246, + "filename_relative": "contracts/v2/strategies/DsrBaseStrategy.sol", + "filename_absolute": "/Users/frontier/git/temple/protocol/contracts/v2/strategies/DsrBaseStrategy.sol", + "filename_short": "contracts/v2/strategies/DsrBaseStrategy.sol", + "is_dependency": false, + "lines": [195, 196, 197, 198, 199], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "DsrBaseStrategy", + "source_mapping": { + "start": 1041, + "length": 11744, + "filename_relative": "contracts/v2/strategies/DsrBaseStrategy.sol", + "filename_absolute": "/Users/frontier/git/temple/protocol/contracts/v2/strategies/DsrBaseStrategy.sol", + "filename_short": "contracts/v2/strategies/DsrBaseStrategy.sol", + "is_dependency": false, + "lines": [ + 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, + 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, + 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, + 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, + 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, + 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, + 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, + 120, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, + 132, 133, 134, 135, 136, 137, 138, 139, 140, 141, 142, 143, + 144, 145, 146, 147, 148, 149, 150, 151, 152, 153, 154, 155, + 156, 157, 158, 159, 160, 161, 162, 163, 164, 165, 166, 167, + 168, 169, 170, 171, 172, 173, 174, 175, 176, 177, 178, 179, + 180, 181, 182, 183, 184, 185, 186, 187, 188, 189, 190, 191, + 192, 193, 194, 195, 196, 197, 198, 199, 200, 201, 202, 203, + 204, 205, 206, 207, 208, 209, 210, 211, 212, 213, 214, 215, + 216, 217, 218, 219, 220, 221, 222, 223, 224, 225, 226, 227, + 228, 229, 230, 231, 232, 233, 234, 235, 236, 237, 238, 239, + 240, 241, 242, 243, 244, 245, 246, 247, 248, 249, 250, 251, + 252, 253, 254, 255, 256, 257, 258, 259, 260, 261, 262, 263, + 264, 265, 266, 267, 268, 269, 270, 271, 272, 273, 274, 275, + 276, 277, 278, 279, 280, 281, 282, 283, 284, 285, 286, 287, + 288, 289, 290, 291, 292, 293, 294, 295, 296, 297, 298, 299, + 300, 301, 302, 303, 304, 305, 306 + ], + "starting_column": 1, + "ending_column": 0 + } + }, + "signature": "borrowAndDeposit(uint256)" + } + } + }, + "additional_fields": { "underlying_type": "external_calls" } + }, + { + "type": "node", + "name": "daiJoin.join(address(this),amount)", + "source_mapping": { + "start": 8342, + "length": 35, + "filename_relative": "contracts/v2/strategies/DsrBaseStrategy.sol", + "filename_absolute": "/Users/frontier/git/temple/protocol/contracts/v2/strategies/DsrBaseStrategy.sol", + "filename_short": "contracts/v2/strategies/DsrBaseStrategy.sol", + "is_dependency": false, + "lines": [207], + "starting_column": 9, + "ending_column": 44 + }, + "type_specific_fields": { + "parent": { + "type": "function", + "name": "_dsrDeposit", + "source_mapping": { + "start": 8061, + "length": 349, + "filename_relative": "contracts/v2/strategies/DsrBaseStrategy.sol", + "filename_absolute": "/Users/frontier/git/temple/protocol/contracts/v2/strategies/DsrBaseStrategy.sol", + "filename_short": "contracts/v2/strategies/DsrBaseStrategy.sol", + "is_dependency": false, + "lines": [201, 202, 203, 204, 205, 206, 207, 208, 209], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "DsrBaseStrategy", + "source_mapping": { + "start": 1041, + "length": 11744, + "filename_relative": "contracts/v2/strategies/DsrBaseStrategy.sol", + "filename_absolute": "/Users/frontier/git/temple/protocol/contracts/v2/strategies/DsrBaseStrategy.sol", + "filename_short": "contracts/v2/strategies/DsrBaseStrategy.sol", + "is_dependency": false, + "lines": [ + 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, + 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, + 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, + 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, + 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, + 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, + 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, + 120, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, + 132, 133, 134, 135, 136, 137, 138, 139, 140, 141, 142, 143, + 144, 145, 146, 147, 148, 149, 150, 151, 152, 153, 154, 155, + 156, 157, 158, 159, 160, 161, 162, 163, 164, 165, 166, 167, + 168, 169, 170, 171, 172, 173, 174, 175, 176, 177, 178, 179, + 180, 181, 182, 183, 184, 185, 186, 187, 188, 189, 190, 191, + 192, 193, 194, 195, 196, 197, 198, 199, 200, 201, 202, 203, + 204, 205, 206, 207, 208, 209, 210, 211, 212, 213, 214, 215, + 216, 217, 218, 219, 220, 221, 222, 223, 224, 225, 226, 227, + 228, 229, 230, 231, 232, 233, 234, 235, 236, 237, 238, 239, + 240, 241, 242, 243, 244, 245, 246, 247, 248, 249, 250, 251, + 252, 253, 254, 255, 256, 257, 258, 259, 260, 261, 262, 263, + 264, 265, 266, 267, 268, 269, 270, 271, 272, 273, 274, 275, + 276, 277, 278, 279, 280, 281, 282, 283, 284, 285, 286, 287, + 288, 289, 290, 291, 292, 293, 294, 295, 296, 297, 298, 299, + 300, 301, 302, 303, 304, 305, 306 + ], + "starting_column": 1, + "ending_column": 0 + } + }, + "signature": "_dsrDeposit(uint256)" + } + } + }, + "additional_fields": { "underlying_type": "external_calls_sending_eth" } + }, + { + "type": "node", + "name": "chi = pot.drip()", + "source_mapping": { + "start": 5566, + "length": 60, + "filename_relative": "contracts/v2/strategies/DsrBaseStrategy.sol", + "filename_absolute": "/Users/frontier/git/temple/protocol/contracts/v2/strategies/DsrBaseStrategy.sol", + "filename_short": "contracts/v2/strategies/DsrBaseStrategy.sol", + "is_dependency": false, + "lines": [142], + "starting_column": 9, + "ending_column": 69 + }, + "type_specific_fields": { + "parent": { + "type": "function", + "name": "_checkpointChi", + "source_mapping": { + "start": 5445, + "length": 188, + "filename_relative": "contracts/v2/strategies/DsrBaseStrategy.sol", + "filename_absolute": "/Users/frontier/git/temple/protocol/contracts/v2/strategies/DsrBaseStrategy.sol", + "filename_short": "contracts/v2/strategies/DsrBaseStrategy.sol", + "is_dependency": false, + "lines": [140, 141, 142, 143], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "DsrBaseStrategy", + "source_mapping": { + "start": 1041, + "length": 11744, + "filename_relative": "contracts/v2/strategies/DsrBaseStrategy.sol", + "filename_absolute": "/Users/frontier/git/temple/protocol/contracts/v2/strategies/DsrBaseStrategy.sol", + "filename_short": "contracts/v2/strategies/DsrBaseStrategy.sol", + "is_dependency": false, + "lines": [ + 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, + 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, + 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, + 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, + 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, + 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, + 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, + 120, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, + 132, 133, 134, 135, 136, 137, 138, 139, 140, 141, 142, 143, + 144, 145, 146, 147, 148, 149, 150, 151, 152, 153, 154, 155, + 156, 157, 158, 159, 160, 161, 162, 163, 164, 165, 166, 167, + 168, 169, 170, 171, 172, 173, 174, 175, 176, 177, 178, 179, + 180, 181, 182, 183, 184, 185, 186, 187, 188, 189, 190, 191, + 192, 193, 194, 195, 196, 197, 198, 199, 200, 201, 202, 203, + 204, 205, 206, 207, 208, 209, 210, 211, 212, 213, 214, 215, + 216, 217, 218, 219, 220, 221, 222, 223, 224, 225, 226, 227, + 228, 229, 230, 231, 232, 233, 234, 235, 236, 237, 238, 239, + 240, 241, 242, 243, 244, 245, 246, 247, 248, 249, 250, 251, + 252, 253, 254, 255, 256, 257, 258, 259, 260, 261, 262, 263, + 264, 265, 266, 267, 268, 269, 270, 271, 272, 273, 274, 275, + 276, 277, 278, 279, 280, 281, 282, 283, 284, 285, 286, 287, + 288, 289, 290, 291, 292, 293, 294, 295, 296, 297, 298, 299, + 300, 301, 302, 303, 304, 305, 306 + ], + "starting_column": 1, + "ending_column": 0 + } + }, + "signature": "_checkpointChi()" + } + } + }, + "additional_fields": { "underlying_type": "external_calls_sending_eth" } + }, + { + "type": "node", + "name": "pot.join(shares)", + "source_mapping": { + "start": 8387, + "length": 16, + "filename_relative": "contracts/v2/strategies/DsrBaseStrategy.sol", + "filename_absolute": "/Users/frontier/git/temple/protocol/contracts/v2/strategies/DsrBaseStrategy.sol", + "filename_short": "contracts/v2/strategies/DsrBaseStrategy.sol", + "is_dependency": false, + "lines": [208], + "starting_column": 9, + "ending_column": 25 + }, + "type_specific_fields": { + "parent": { + "type": "function", + "name": "_dsrDeposit", + "source_mapping": { + "start": 8061, + "length": 349, + "filename_relative": "contracts/v2/strategies/DsrBaseStrategy.sol", + "filename_absolute": "/Users/frontier/git/temple/protocol/contracts/v2/strategies/DsrBaseStrategy.sol", + "filename_short": "contracts/v2/strategies/DsrBaseStrategy.sol", + "is_dependency": false, + "lines": [201, 202, 203, 204, 205, 206, 207, 208, 209], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "DsrBaseStrategy", + "source_mapping": { + "start": 1041, + "length": 11744, + "filename_relative": "contracts/v2/strategies/DsrBaseStrategy.sol", + "filename_absolute": "/Users/frontier/git/temple/protocol/contracts/v2/strategies/DsrBaseStrategy.sol", + "filename_short": "contracts/v2/strategies/DsrBaseStrategy.sol", + "is_dependency": false, + "lines": [ + 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, + 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, + 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, + 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, + 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, + 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, + 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, + 120, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, + 132, 133, 134, 135, 136, 137, 138, 139, 140, 141, 142, 143, + 144, 145, 146, 147, 148, 149, 150, 151, 152, 153, 154, 155, + 156, 157, 158, 159, 160, 161, 162, 163, 164, 165, 166, 167, + 168, 169, 170, 171, 172, 173, 174, 175, 176, 177, 178, 179, + 180, 181, 182, 183, 184, 185, 186, 187, 188, 189, 190, 191, + 192, 193, 194, 195, 196, 197, 198, 199, 200, 201, 202, 203, + 204, 205, 206, 207, 208, 209, 210, 211, 212, 213, 214, 215, + 216, 217, 218, 219, 220, 221, 222, 223, 224, 225, 226, 227, + 228, 229, 230, 231, 232, 233, 234, 235, 236, 237, 238, 239, + 240, 241, 242, 243, 244, 245, 246, 247, 248, 249, 250, 251, + 252, 253, 254, 255, 256, 257, 258, 259, 260, 261, 262, 263, + 264, 265, 266, 267, 268, 269, 270, 271, 272, 273, 274, 275, + 276, 277, 278, 279, 280, 281, 282, 283, 284, 285, 286, 287, + 288, 289, 290, 291, 292, 293, 294, 295, 296, 297, 298, 299, + 300, 301, 302, 303, 304, 305, 306 + ], + "starting_column": 1, + "ending_column": 0 + } + }, + "signature": "_dsrDeposit(uint256)" + } + } + }, + "additional_fields": { "underlying_type": "external_calls_sending_eth" } + }, + { + "type": "node", + "name": "DaiDeposited(amount)", + "source_mapping": { + "start": 8307, + "length": 25, + "filename_relative": "contracts/v2/strategies/DsrBaseStrategy.sol", + "filename_absolute": "/Users/frontier/git/temple/protocol/contracts/v2/strategies/DsrBaseStrategy.sol", + "filename_short": "contracts/v2/strategies/DsrBaseStrategy.sol", + "is_dependency": false, + "lines": [206], + "starting_column": 9, + "ending_column": 34 + }, + "type_specific_fields": { + "parent": { + "type": "function", + "name": "_dsrDeposit", + "source_mapping": { + "start": 8061, + "length": 349, + "filename_relative": "contracts/v2/strategies/DsrBaseStrategy.sol", + "filename_absolute": "/Users/frontier/git/temple/protocol/contracts/v2/strategies/DsrBaseStrategy.sol", + "filename_short": "contracts/v2/strategies/DsrBaseStrategy.sol", + "is_dependency": false, + "lines": [201, 202, 203, 204, 205, 206, 207, 208, 209], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "DsrBaseStrategy", + "source_mapping": { + "start": 1041, + "length": 11744, + "filename_relative": "contracts/v2/strategies/DsrBaseStrategy.sol", + "filename_absolute": "/Users/frontier/git/temple/protocol/contracts/v2/strategies/DsrBaseStrategy.sol", + "filename_short": "contracts/v2/strategies/DsrBaseStrategy.sol", + "is_dependency": false, + "lines": [ + 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, + 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, + 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, + 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, + 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, + 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, + 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, + 120, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, + 132, 133, 134, 135, 136, 137, 138, 139, 140, 141, 142, 143, + 144, 145, 146, 147, 148, 149, 150, 151, 152, 153, 154, 155, + 156, 157, 158, 159, 160, 161, 162, 163, 164, 165, 166, 167, + 168, 169, 170, 171, 172, 173, 174, 175, 176, 177, 178, 179, + 180, 181, 182, 183, 184, 185, 186, 187, 188, 189, 190, 191, + 192, 193, 194, 195, 196, 197, 198, 199, 200, 201, 202, 203, + 204, 205, 206, 207, 208, 209, 210, 211, 212, 213, 214, 215, + 216, 217, 218, 219, 220, 221, 222, 223, 224, 225, 226, 227, + 228, 229, 230, 231, 232, 233, 234, 235, 236, 237, 238, 239, + 240, 241, 242, 243, 244, 245, 246, 247, 248, 249, 250, 251, + 252, 253, 254, 255, 256, 257, 258, 259, 260, 261, 262, 263, + 264, 265, 266, 267, 268, 269, 270, 271, 272, 273, 274, 275, + 276, 277, 278, 279, 280, 281, 282, 283, 284, 285, 286, 287, + 288, 289, 290, 291, 292, 293, 294, 295, 296, 297, 298, 299, + 300, 301, 302, 303, 304, 305, 306 + ], + "starting_column": 1, + "ending_column": 0 + } + }, + "signature": "_dsrDeposit(uint256)" + } + } + }, + "additional_fields": { "underlying_type": "event" } + }, + { + "type": "node", + "name": "_dsrDeposit(amount)", + "source_mapping": { + "start": 8029, + "length": 19, + "filename_relative": "contracts/v2/strategies/DsrBaseStrategy.sol", + "filename_absolute": "/Users/frontier/git/temple/protocol/contracts/v2/strategies/DsrBaseStrategy.sol", + "filename_short": "contracts/v2/strategies/DsrBaseStrategy.sol", + "is_dependency": false, + "lines": [198], + "starting_column": 9, + "ending_column": 28 + }, + "type_specific_fields": { + "parent": { + "type": "function", + "name": "borrowAndDeposit", + "source_mapping": { + "start": 7809, + "length": 246, + "filename_relative": "contracts/v2/strategies/DsrBaseStrategy.sol", + "filename_absolute": "/Users/frontier/git/temple/protocol/contracts/v2/strategies/DsrBaseStrategy.sol", + "filename_short": "contracts/v2/strategies/DsrBaseStrategy.sol", + "is_dependency": false, + "lines": [195, 196, 197, 198, 199], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "DsrBaseStrategy", + "source_mapping": { + "start": 1041, + "length": 11744, + "filename_relative": "contracts/v2/strategies/DsrBaseStrategy.sol", + "filename_absolute": "/Users/frontier/git/temple/protocol/contracts/v2/strategies/DsrBaseStrategy.sol", + "filename_short": "contracts/v2/strategies/DsrBaseStrategy.sol", + "is_dependency": false, + "lines": [ + 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, + 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, + 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, + 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, + 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, + 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, + 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, + 120, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, + 132, 133, 134, 135, 136, 137, 138, 139, 140, 141, 142, 143, + 144, 145, 146, 147, 148, 149, 150, 151, 152, 153, 154, 155, + 156, 157, 158, 159, 160, 161, 162, 163, 164, 165, 166, 167, + 168, 169, 170, 171, 172, 173, 174, 175, 176, 177, 178, 179, + 180, 181, 182, 183, 184, 185, 186, 187, 188, 189, 190, 191, + 192, 193, 194, 195, 196, 197, 198, 199, 200, 201, 202, 203, + 204, 205, 206, 207, 208, 209, 210, 211, 212, 213, 214, 215, + 216, 217, 218, 219, 220, 221, 222, 223, 224, 225, 226, 227, + 228, 229, 230, 231, 232, 233, 234, 235, 236, 237, 238, 239, + 240, 241, 242, 243, 244, 245, 246, 247, 248, 249, 250, 251, + 252, 253, 254, 255, 256, 257, 258, 259, 260, 261, 262, 263, + 264, 265, 266, 267, 268, 269, 270, 271, 272, 273, 274, 275, + 276, 277, 278, 279, 280, 281, 282, 283, 284, 285, 286, 287, + 288, 289, 290, 291, 292, 293, 294, 295, 296, 297, 298, 299, + 300, 301, 302, 303, 304, 305, 306 + ], + "starting_column": 1, + "ending_column": 0 + } + }, + "signature": "borrowAndDeposit(uint256)" + } + } + }, + "additional_fields": { "underlying_type": "event" } + } + ], + "description": "Reentrancy in DsrBaseStrategy.borrowAndDeposit(uint256) (contracts/v2/strategies/DsrBaseStrategy.sol#195-199):\n\tExternal calls:\n\t- treasuryReservesVault.borrow(daiToken,amount,address(this)) (contracts/v2/strategies/DsrBaseStrategy.sol#197)\n\t- _dsrDeposit(amount) (contracts/v2/strategies/DsrBaseStrategy.sol#198)\n\t\t- daiJoin.join(address(this),amount) (contracts/v2/strategies/DsrBaseStrategy.sol#207)\n\t\t- chi = pot.drip() (contracts/v2/strategies/DsrBaseStrategy.sol#142)\n\t\t- pot.join(shares) (contracts/v2/strategies/DsrBaseStrategy.sol#208)\n\tEvent emitted after the call(s):\n\t- DaiDeposited(amount) (contracts/v2/strategies/DsrBaseStrategy.sol#206)\n\t\t- _dsrDeposit(amount) (contracts/v2/strategies/DsrBaseStrategy.sol#198)\n", + "markdown": "Reentrancy in [DsrBaseStrategy.borrowAndDeposit(uint256)](contracts/v2/strategies/DsrBaseStrategy.sol#L195-L199):\n\tExternal calls:\n\t- [treasuryReservesVault.borrow(daiToken,amount,address(this))](contracts/v2/strategies/DsrBaseStrategy.sol#L197)\n\t- [_dsrDeposit(amount)](contracts/v2/strategies/DsrBaseStrategy.sol#L198)\n\t\t- [daiJoin.join(address(this),amount)](contracts/v2/strategies/DsrBaseStrategy.sol#L207)\n\t\t- [chi = pot.drip()](contracts/v2/strategies/DsrBaseStrategy.sol#L142)\n\t\t- [pot.join(shares)](contracts/v2/strategies/DsrBaseStrategy.sol#L208)\n\tEvent emitted after the call(s):\n\t- [DaiDeposited(amount)](contracts/v2/strategies/DsrBaseStrategy.sol#L206)\n\t\t- [_dsrDeposit(amount)](contracts/v2/strategies/DsrBaseStrategy.sol#L198)\n", + "first_markdown_element": "contracts/v2/strategies/DsrBaseStrategy.sol#L195-L199", + "id": "6f150fd09fac2796a24b461a93dcda378e0b73d3d94cc538625af3f9b9d80747", + "check": "reentrancy-events", + "impact": "Low", + "confidence": "Medium" + }, { "elements": [ {