Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: stVaults #874

Draft
wants to merge 786 commits into
base: develop
Choose a base branch
from
+20,656 βˆ’6,415

Merge branch 'develop' into feat/vaults

80d2e49
Select commit
Loading
Failed to load commit list.
Draft

feat: stVaults #874

Merge branch 'develop' into feat/vaults
80d2e49
Select commit
Loading
Failed to load commit list.
GitHub Advanced Security / Slither failed Feb 24, 2025 in 5s

11 new alerts including 1 high severity security vulnerability

New alerts in code changed by this pull request

Security Alerts:

  • 1 high
  • 10 medium

Alerts not introduced by this pull request might have been detected because the code changes were too large.

See annotations below for details.

View all branch alerts.

Annotations

Check warning on line 290 in contracts/0.8.25/Accounting.sol

See this annotation in the file changed.

Check warning on line 302 in contracts/0.8.25/Accounting.sol

See this annotation in the file changed.

Check warning on line 100 in contracts/0.8.25/vaults/Dashboard.sol

See this annotation in the file changed.

Code scanning / Slither

Unused return Medium

Dashboard.initialize(address,uint256) ignores return value by STETH.approve(address(WSTETH),type()(uint256).max)

Check failure on line 93 in contracts/0.8.25/vaults/Delegation.sol

See this annotation in the file changed.

Code scanning / Slither

Unprotected Initialize High

Function Delegation.initialize(address,uint256) is an unprotected initializer.

Check warning on line 173 in contracts/0.8.25/vaults/StakingVault.sol

See this annotation in the file changed.

Code scanning / Slither

Potential Arithmetic Overflow Medium

StakingVault.valuation() contains integer variables whose type is larger than the type of one of its intermediate expressions. Consider casting sub expressions explicitly as they might lead to unexpected overflow:
In [uint256(int256(int128($.report.valuation) + $.inOutDelta - $.report.inOutDelta))](contracts/0.8.25/vaults/StakingVault.sol#L178) intermidiate expressions returns type of lower order:
... + REF_1265 returns int128, but the type of the resulting expression is uint256.

Check warning on line 278 in contracts/0.8.25/vaults/VaultHub.sol

See this annotation in the file changed.

Check warning on line 402 in contracts/0.8.25/vaults/VaultHub.sol

See this annotation in the file changed.

Check warning on line 432 in contracts/0.8.25/vaults/VaultHub.sol

See this annotation in the file changed.

Check warning on line 262 in contracts/0.8.9/Burner.sol

See this annotation in the file changed.

Code scanning / Slither

Token Approve Warning Medium

Burner recoverERC721 parameter from is not related to msg.sender IERC721(_token).transferFrom(address(this),LOCATOR.treasury(),_tokenId)

Check warning on line 92 in contracts/openzeppelin/5.2/upgradeable/access/extensions/AccessControlEnumerableUpgradeable.sol

See this annotation in the file changed.

Code scanning / Slither

Unused return Medium

AccessControlEnumerableUpgradeable._grantRole(bytes32,address) ignores return value by $._roleMembers[role].add(account)

Check warning on line 104 in contracts/openzeppelin/5.2/upgradeable/access/extensions/AccessControlEnumerableUpgradeable.sol

See this annotation in the file changed.

Code scanning / Slither

Unused return Medium

AccessControlEnumerableUpgradeable._revokeRole(bytes32,address) ignores return value by $._roleMembers[role].remove(account)