Evert0x
commented
3 years ago Closed code423n4 closed 3 years ago
Evert0x
commented
3 years ago 
ghoul-sol
commented
3 years ago duplicate from the same warden, invalid
Handle
eriksal1217
Vulnerability details
Impact
Low Risk Vulnerability - This does not immediately affect transfers or funds of the user but can lead to misuse of functionality in the contract which can lead to improper implementation during development.
Proof of Concept
According to the Slither analyzer documentation (https://github.com/crytic/slither/wiki/Detector-Documentation#local-variable-shadowing), the misuse of variables is entirely possible in this case because the name of local variables are the same as the variables being imported from node_modules/@openzeppelin/contracts/token/ERC20/ERC20.sol, in this case.
They should be renamed in order to mitigate incorrect usage during development and implementation.
Code snippet:
contract NativeLock is ERC20, ILock, Ownable { IERC20 public override underlying;
constructor( string memory _name, ... } <---- Shadowing
(contracts/NativeLock.sol#17)
shadows:
(node_modules/@openzeppelin/contracts/token/ERC20/ERC20.sol#42)
contract NativeLock is ERC20, ILock, Ownable { IERC20 public override underlying;
constructor( string memory _name, string memory _symbol, ... } <---- Shadowing
(contracts/NativeLock.sol#18)
shadows:
(node_modules/@openzeppelin/contracts/token/ERC20/ERC20.sol#43)
Console Output (Slither Analyzer):
ForeignLock.constructor(string,string,IERC20,IERC20)._name (contracts/ForeignLock.sol#17) shadows:
ForeignLock.constructor(string,string,IERC20,IERC20)._symbol (contracts/ForeignLock.sol#18) shadows:
NativeLock.constructor(string,string,IERC20)._name (contracts/NativeLock.sol#17) shadows:
NativeLock.constructor(string,string,IERC20)._symbol (contracts/NativeLock.sol#18) shadows:
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#local-variable-shadowing
Tools Used
Sherlock Contracts Solidity (v 0.7.4) Slither Analyzer (v 0.8.0)
Recommended Mitigation Steps