Open mnaamani opened 1 month ago
I have reviewed Solidity bugs fixed after 0.8.20 and none of them apply to our contracts.
Regarding the full output:
ArgoBridgeV1.withdrawBridgeFees()
implements access control so we're good
1.2. Math.mulDiv(uint256,uint256,uint256)
is detected inside of openezeppelin math modules, I trust they know what they're doingjoystreamErc20.burnFrom
reentrancy - not applicable, standard ERC20 burnFrom
does not do any external calls. Even if it did allow reentrancy, the only issue this would produce is potentially requesting 2 transfers with the same ID, which wouldn't be a huge issue.
3.2. joystreamErc20.mint
reentrancy - like above, mint
does not do any external calls. Even if it did, it would not impact the logic in any way.
3.3. Reentrancy in ArgoBridgeV1.withdrawBridgeFees()
- not applicable, only an event is emitted after external call and this function is access controlled.So all looks good to me, no actions to be taken
I ran slither against the smart contracts. Not all issues are serious, but worth looking over. Perhaps one we can look into is regards to the version of solidity compiler that is being selected. We are targeting
^0.8.24;
but the versions of the openzepplin contracts maybe be slightly older and is forcing the build to use v0.8.20.Full output from analysis:
Red
Yellow
Green