return was used as comment but in actual code no return was used for _remote The address of the remote xApp Router on _domain. It can be added or it can be deleted since it was there.
Title : Avoid floating pragmas: the version should be locked
The pragma declared at DiamondInit.sol was used ^0.8.0. As the compiler can be use as 0.8.14 and consider locking at this version the same as another. It can be consider using locking the pragma version whenever possible and avoid using a floating pragma in the final deployment. Since it can be problematic, if there are publicly disclosed bugs and issues that affect the current compiler version used.
Tool Used
Manual Review
Change var name code for good readibility
In Executor.sol, since amnt for this was used for amount, it better to keep as it should be for good readibility and code instead. No exploit was happen but to keep it good as it should be. Since another amount was not be abbreviated. so it should be better that to keep it amount and not amnt.
/**
* @notice Return true if the given domain / router is the address of a remote xApp Router
* @param _domain The domain of the potential remote xApp Router
* @param _router The address of the potential remote xApp Router
*/
function _isRemoteRouter(uint32 _domain, bytes32 _router) internal view returns (bool) {
return s.remotes[_domain] == _router;
}
return was used as comment but in actual code no return was used for
_remote The address of the remote xApp Router on _domain. It can be added or it can be deleted since it was there.Tool Used
Manual Review
Recommended Mitigation
Add
returninside functionIn this line was used to be :
but in actual code was using and
OR:So it can be changed as it should be
POC
https://www.geeksforgeeks.org/solidity-operators/
Another Occurance
RelayerFeeRouter.sol Line.166
Optional: If you use SafeMath or a similar library, change x.add(y) to x + y, x.mul(y) to x * y etc.
POC
https://docs.soliditylang.org/en/v0.8.15/080-breaking-changes.html
1.) File : AmplificationUtils.sol Line.61
2.) File : AmplificationUtils.sol Line.61
3.) File : AmplificationUtils.sol Line.64
4.) File : AmplificationUtils.sol Line.89
5.) File : AmplificationUtils.sol Line.92
6.) File : AmplificationUtils.sol Line.92
The pragma declared at DiamondInit.sol was used ^0.8.0. As the compiler can be use as 0.8.14 and consider locking at this version the same as another. It can be consider using locking the pragma version whenever possible and avoid using a floating pragma in the final deployment. Since it can be problematic, if there are publicly disclosed bugs and issues that affect the current compiler version used.
Tool Used
Manual Review
In Executor.sol, since
amntfor this was used foramount, it better to keep as it should be for good readibility and code instead. No exploit was happen but to keep it good as it should be. Since anotheramountwas not be abbreviated. so it should be better that to keep itamountand notamnt.Tool used
Manual Review
Occurances
1)Executor.sol #L31 2)Executor.sol #L102 3)Executor.sol #L153 4)Executor.sol #L172
1.) File : BaseConnextFacet.sol Lines 109-116
adding
@return2.) File : BridgeFacet.sol Lines.477-524
adding
@params&@return3.) File : BridgeFacet.sol Lines.622-630
adding
@return4.) File : BridgeFacet.sol Lines.632-700
adding
@return5.) File : BridgeFacet.sol Lines.702-713
moving
// returninto@return6.) File : BridgeFacet.sol Lines.715-722
adding
@return7.) File : BridgeFacet.sol Lines.724-737
adding
@return8.) File : BridgeFacet.sol Lines.739-751
adding
@return9.) File : BridgeFacet.sol Lines.739-751
adding
@return10) File : BridgeFacet.sol Lines.815-880
adding
@return11) File : BridgeFacet.sol Lines.739-751
adding
@return12.) File : LPToken.sol Lines.14-26
adding
@return1.) File : contracts/core/connext/facets/StableSwapFacet.sol Line. 49
This comment was unnecessary so it can be deleted instead since this was unused and pass it into
modifierdirectly.2.) File : contracts/core/connext/helpers/SponsorVault.sol Line.27
This comment was unnecessary so it can be deleted instead since this was unused and pass it into
public storagedirectly.3.) Since this comment was used to be an dev commented for the code but it can be deleted instead for better code readibility since it was unnecesary.
4.) This
a lafrom function originsender() was unused and misslead so it can be changed or it can be deleted insteadanother occurances : Executor.sol Line 85 & Line 98
Tool Used
Manual Review
1.) File : BaseConnextFacet.sol Line 137
_potentialReplciainto_potentialReplica2.) File : BaseConnextFacet.sol Line 764
routers'intorouters3.) File : BaseConnextFacet.sol Line 982
amongstintoamongs4.) File : PortalFacet.sol Line 111
back loanintobackloan5.) File : PortalFacet.sol Line 188
back loanintobackloan6.) File : PortalFacet.sol Line.163
sournceintosource7.) File : StableSwapFacet.sol Line 377
users'intousers