New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump hardhat-deploy from 0.12.2 to 0.12.4 in /bridge #409

Open

dependabot wants to merge 1 commit into QA-Test from dependabot/npm_and_yarn/bridge/QA-Test/hardhat-deploy-0.12.4

+10,121 −10,078

Open

Bump hardhat-deploy from 0.12.2 to 0.12.4 in /bridge #409

Bump hardhat-deploy from 0.12.2 to 0.12.4 in /bridge

GitHub Advanced Security / Slither failed Jul 5, 2024 in 6s

31 new alerts including 6 high severity security vulnerabilities

New alerts in code changed by this pull request

Security Alerts:

6 high
2 medium
4 low

Other Alerts:

19 warnings

See annotations below for details.

View all branch alerts.

Annotations

Check warning on line 31 in bridge/contracts/zeppelin/upgradable/proxy/UpgradeableProxy.sol

Code scanning / Slither

Unused return Medium

UpgradeableProxy.constructor(address,bytes) ignores return value by Address.functionDelegateCall(_logic,_data)

Check warning on line 120 in bridge/contracts/zeppelin/upgradable/proxy/TransparentUpgradeableProxy.sol

Code scanning / Slither

Unused return Medium

TransparentUpgradeableProxy.upgradeToAndCall(address,bytes) ignores return value by Address.functionDelegateCall(newImplementation,data)

Check notice on line 20 in bridge/contracts/Proxies.sol

Code scanning / Slither

Local variable shadowing Low

FederationProxy.constructor(address,address,bytes)._admin shadows:
- TransparentUpgradeableProxy._admin() (function)

Check notice on line 15 in bridge/contracts/Proxies.sol

Code scanning / Slither

Local variable shadowing Low

AllowTokensProxy.constructor(address,address,bytes)._admin shadows:
- TransparentUpgradeableProxy._admin() (function)

Check notice on line 10 in bridge/contracts/Proxies.sol

Code scanning / Slither

Local variable shadowing Low

BridgeProxy.constructor(address,address,bytes)._admin shadows:
- TransparentUpgradeableProxy._admin() (function)

Check notice on line 60 in bridge/contracts/zeppelin/upgradable/proxy/TransparentUpgradeableProxy.sol

Code scanning / Slither

Incorrect modifier Low

Modifier TransparentUpgradeableProxy.ifAdmin() does not always execute _; or revert

Check warning on line 78 in bridge/contracts/zeppelin/upgradable/proxy/UpgradeableProxy.sol

Code scanning / Slither

Assembly usage Warning

UpgradeableProxy._setImplementation(address) uses assembly
- INLINE ASM

Check warning on line 143 in bridge/contracts/zeppelin/upgradable/proxy/TransparentUpgradeableProxy.sol

Code scanning / Slither

Assembly usage Warning

TransparentUpgradeableProxy._setAdmin(address) uses assembly
- INLINE ASM

Check warning on line 42 in bridge/contracts/zeppelin/upgradable/proxy/Proxy.sol

Code scanning / Slither

Assembly usage Warning

Proxy._delegate(address) uses assembly
- INLINE ASM

Check warning on line 131 in bridge/contracts/zeppelin/upgradable/proxy/TransparentUpgradeableProxy.sol

Code scanning / Slither

Assembly usage Warning

TransparentUpgradeableProxy._admin() uses assembly
- INLINE ASM

Check warning on line 189 in bridge/contracts/zeppelin/utils/Address.sol

Code scanning / Slither

Assembly usage Warning

Address._verifyCallResult(bool,bytes,string) uses assembly
- INLINE ASM

Check warning on line 54 in bridge/contracts/zeppelin/upgradable/proxy/UpgradeableProxy.sol

Code scanning / Slither

Assembly usage Warning

UpgradeableProxy._implementation() uses assembly
- INLINE ASM

Check warning on line 3 in bridge/contracts/Proxies.sol

Code scanning / Slither

Incorrect versions of Solidity Warning

Version constraint ^0.8.0 contains known severe issues (https://solidity.readthedocs.io/en/latest/bugs.html)
- FullInlinerNonExpressionSplitArgumentEvaluationOrder
- MissingSideEffectsOnSelectorAccess
- AbiReencodingHeadOverflowWithStaticArrayCleanup
- DirtyBytesArrayToStorage
- DataLocationChangeInInternalOverride
- NestedCalldataArrayAbiReencodingSizeValidation
- SignedImmutables
- ABIDecodeTwoDimensionalArrayMemory
- KeccakCaching.
It is used by:
- ^0.8.0
- ^0.8.0
- ^0.8.0
- ^0.8.0
- ^0.8.0

Check warning on line 170 in bridge/contracts/zeppelin/utils/Address.sol

Code scanning / Slither

Low-level calls Warning

Low level call in Address.functionDelegateCall(address,bytes,string):
- (success,returndata) = target.delegatecall(data)

Check warning on line 60 in bridge/contracts/zeppelin/utils/Address.sol

Code scanning / Slither

Low-level calls Warning

Low level call in Address.sendValue(address,uint256):
- (success,None) = recipient.call{value: amount}()

Check warning on line 122 in bridge/contracts/zeppelin/utils/Address.sol

Code scanning / Slither

Low-level calls Warning

Low level call in Address.functionCallWithValue(address,bytes,uint256,string):
- (success,returndata) = target.call{value: value}(data)

Check warning on line 146 in bridge/contracts/zeppelin/utils/Address.sol

Code scanning / Slither

Low-level calls Warning

Low level call in Address.functionStaticCall(address,bytes,string):
- (success,returndata) = target.staticcall(data)

Check warning on line 263 in bridge/contracts/MultiSigWallet.sol

Code scanning / Slither

Assembly usage Warning

MultiSigWallet.external_call(address,uint256,uint256,bytes) uses assembly
- INLINE ASM

Check warning on line 3 in bridge/contracts/MultiSigWallet.sol

Code scanning / Slither

Incorrect versions of Solidity Warning

Check warning on line 263 in bridge/contracts/MultiSigWallet.sol

Code scanning / Slither

Conformance to Solidity naming conventions Warning

Function MultiSigWallet.external_call(address,uint256,uint256,bytes) is not in mixedCase

Check warning on line 175 in bridge/contracts/MultiSigWallet.sol

Code scanning / Slither

Conformance to Solidity naming conventions Warning

Parameter MultiSigWallet.changeRequirement(uint256)._required is not in mixedCase

Check failure on line 120 in bridge/contracts/zeppelin/upgradable/proxy/TransparentUpgradeableProxy.sol

Code scanning / Slither

Incorrect return in assembly High

TransparentUpgradeableProxy.upgradeToAndCall(address,bytes) calls TransparentUpgradeableProxy.ifAdmin() which halt the execution return(uint256,uint256)(0,returndatasize()())

Check failure on line 86 in bridge/contracts/zeppelin/upgradable/proxy/TransparentUpgradeableProxy.sol

Code scanning / Slither

Incorrect return in assembly High

TransparentUpgradeableProxy.implementation() calls TransparentUpgradeableProxy.ifAdmin() which halt the execution return(uint256,uint256)(0,returndatasize()())

Check failure on line 108 in bridge/contracts/zeppelin/upgradable/proxy/TransparentUpgradeableProxy.sol

Code scanning / Slither

Incorrect return in assembly High

TransparentUpgradeableProxy.upgradeTo(address) calls TransparentUpgradeableProxy.ifAdmin() which halt the execution return(uint256,uint256)(0,returndatasize()())

Check failure on line 73 in bridge/contracts/zeppelin/upgradable/proxy/TransparentUpgradeableProxy.sol

Code scanning / Slither

Incorrect return in assembly High

TransparentUpgradeableProxy.admin() calls TransparentUpgradeableProxy.ifAdmin() which halt the execution return(uint256,uint256)(0,returndatasize()())

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump hardhat-deploy from 0.12.2 to 0.12.4 in /bridge #409

Bump hardhat-deploy from 0.12.2 to 0.12.4 in /bridge #409

31 new alerts including 6 high severity security vulnerabilities

New alerts in code changed by this pull request

Annotations

Re-running checks...

Bump hardhat-deploy from 0.12.2 to 0.12.4 in /bridge #409

Are you sure you want to change the base?