This report was generated by Aderyn, a static analysis tool built by Cyfrin, a blockchain security company. This report is not a substitute for manual audit or security review. It should not be relied upon for any purpose other than to assist in the identification of potential security vulnerabilities.
| Key | Value |
|---|---|
| .sol Files | 8 |
| Total nSLOC | 103 |
| Filepath | nSLOC |
|---|---|
| src/interfaces/IFlashLoanReceiver.sol | 13 |
| src/protocol/AssetToken.sol | 9 |
| src/interfaces/IThunderLoan.sol | 4 |
| src/interfaces/ITSwapPool.sol | 4 |
| src/protocol/ThunderLoan.sol | 23 |
| src/protocol/OracleUpgradeable.sol | 23 |
| src/upgradedProtocol/ThunderLoanUpgraded.sol | 23 |
| src/interfaces/IPoolFactory.sol | 4 |
| Total | 103 |
| Category | No. of Issues |
|---|---|
| Critical | 0 |
| High | 0 |
| Medium | 2 |
| Low | 0 |
| NC | 4 |
Contracts have owners with privileged rights to perform admin tasks and need to be trusted to not perform malicious updates or drain funds.
- Found in src/protocol/ThunderLoan.sol: Line: 239
- Found in src/protocol/ThunderLoan.sol: Line: 265
- Found in src/protocol/ThunderLoan.sol: Line: 292
- Found in src/upgradedProtocol/ThunderLoanUpgraded.sol: Line: 235
- Found in src/upgradedProtocol/ThunderLoanUpgraded.sol: Line: 261
- Found in src/upgradedProtocol/ThunderLoanUpgraded.sol: Line: 284
Using ERC721::_mint() can mint ERC721 tokens to addresses which don't support ERC721 tokens. Use _safeMint() instead of _mint() for ERC721.
- Found in src/protocol/AssetToken.sol: Line: 69
Assigning values to address state variables without checking for address(0).
- Found in src/protocol/OracleUpgradeable.sol: Line: 16
- Found in src/protocol/ThunderLoan.sol: Line: 280
- Found in src/upgradedProtocol/ThunderLoanUpgraded.sol: Line: 276
- Found in src/protocol/ThunderLoan.sol: Line: 272
- Found in src/upgradedProtocol/ThunderLoanUpgraded.sol: Line: 268
- Found in src/upgradedProtocol/ThunderLoanUpgraded.sol: Line: 272
- Found in src/protocol/ThunderLoan.sol: Line: 231
- Found in src/protocol/ThunderLoan.sol: Line: 276
- Found in src/upgradedProtocol/ThunderLoanUpgraded.sol: Line: 227
- Found in src/protocol/ThunderLoan.sol: Line: 144
- Found in src/protocol/ThunderLoan.sol: Line: 145
- Found in src/upgradedProtocol/ThunderLoanUpgraded.sol: Line: 144
Index event fields make the field more quickly accessible to off-chain tools that parse events. However, note that each index field costs extra gas during emission, so it's not necessarily best to index the maximum allowed per event (three fields). Each event should use three indexed fields if there are three or more fields, and gas usage is not particularly of concern for the events in question. If there are fewer than three fields, all of the fields should be indexed.
- Found in src/protocol/ThunderLoan.sol: Line: 106
- Found in src/protocol/ThunderLoan.sol: Line: 107
- Found in src/protocol/ThunderLoan.sol: Line: 110
- Found in src/protocol/AssetToken.sol: Line: 31
- Found in src/upgradedProtocol/ThunderLoanUpgraded.sol: Line: 105
- Found in src/upgradedProtocol/ThunderLoanUpgraded.sol: Line: 106
- Found in src/protocol/ThunderLoan.sol: Line: 105
- Found in src/upgradedProtocol/ThunderLoanUpgraded.sol: Line: 107
- Found in src/upgradedProtocol/ThunderLoanUpgraded.sol: Line: 110