# Band Protocol MythX Summary ### `MedianAggregator.sol` - `aggregate()`: Inconsist the use of math opeartions. Recommend to use SafeMath to mimic the overflow issue. - `aggregate()`: Recommend to check the precondition `require( data.length == size, array length must be the same as size)` to avoid `ArrayIndexOutOfRange` error ### `MedianAggregator.sol` - `aggregate()`: Inconsist the use of math opeartions. Recommend to use SafeMath to mimic the overflow issue. - `aggregate()`: Recommend to check the precondition`require(data.length == size, array length must be the same as size)` to avoid `ArrayIndexOutOfRange` error ### `Equaltion.sol` - `solveMath()`: Recommend to check the precondition `require(self.length == nodeIdx, array length must be the same as size)` to avoid `ArrayIndexOutOfRange` error - `solveBool()`: Recommend to check the precondition `require(self.length == nodeIdx, array length must be the same as size)` to avoid `ArrayIndexOutOfRange` error ### SolLint ``` contracts/Parameters.sol - Functions should be in order: constructor, fallback, external, public, internal, private - Avoid using 'now' (alias to 'block.timestamp'). contracts/data/AggTCD.sol - In case of more than 3 parameters, drop each into its own line. - Avoid using low-level function 'call'. - Avoid using 'now' (alias to 'block.timestamp'). contracts/data/MultiSigTCD.sol - In case of more than 3 parameters, drop each into its own line. - Functions should be in order: constructor, fallback, external, public, internal, private - Avoid using 'now' (alias to 'block.timestamp'). - Functions should be in order: constructor, fallback, external, public, internal, private contracts/data/OffchainAggTCD.sol - Functions should be in order: constructor, fallback, external, public, internal, private - In case of more than 3 arguments, drop each into its own line. * `ecrecover()` * `DataUpdated()` - Avoid using 'now' (alias to 'block.timestamp'). contracts/data/TCDBase.sol - In case of more than 3 parameters, drop each into its own line. - Avoid using 'now' (alias to 'block.timestamp'). - In case of more than 3 arguments, drop each into its own line. * `WithdrawReceiptCreated` contracts/data/TCRBase.sol - Avoid using 'now' (alias to 'block.timestamp'). - In case of more than 3 arguments, drop each into its own line. * `ApplicationSubmitted()` * `ChallengeInitiated()` * `ChallengeVoteCommitted()` * `ChallengeFailed()` * `ChallengeSuccess()` contracts/exchange/BondingCurve.sol - Avoid using 'now' (alias to 'block.timestamp'). - In case of more than 3 parameters, drop each into its own line. contracts/mock/MultiSigWalletFactory.sol - Only use indent of 2 spaces. - There should be exactly a single space between the 'for' token and the parenthetic block representing the conditional. - In case of more than 3 parameters, drop each into its own line. - Function "ecrecover": in case of more than 3 arguments, drop each into its own line. - There should be exactly a single space between the 'if' token and the parenthetic block representing the conditional. - Consider using 'transfer' in place of 'call.value()'. - Functions should be in order: constructor, fallback, external, public, internal, private - Visibility modifier "public" should come before other modifiers. contracts/mock/TCDListMock.sol - In case of more than 3 parameters, drop each into its own line. - Only use indent of 2 spaces. contracts/token/ERC20Base.sol - In case of more than 3 parameters, drop each into its own line. - Avoid using low-level function 'call'. - contracts/token/VestingWallet.sol - Avoid using 'now' (alias to 'block.timestamp'). contracts/utils/Equation.sol - in case of more than 3 arguments, drop each into its own line. ``` 34 problems (1 error, 33 warnings) ### Errors | SWC | count | visual | | --- | --- | --- | | SWC-101 | 1 | X | ### Warnings | SWC | count | visual | | --- | --- | --- | | N/A | 14 | XXXXXXXXXXXXXX | | SWC-119 | 7 | XXXXXXX | | SWC-110 | 4 | XXXX | | SWC-103 | 8 | XXXXXXXX | ## Details ### /contracts/contracts/utils/Aggregator.sol - 5 problems (1 error, 4 warnings) | Type | Line | Description | SWC | | --- | --- | --- | --- | | ```Error``` | 22:22 | integer overflow An arithmetic operation led to an integer overflow. Since this is often not intended, make sure you take appropriate precautions when performing arithmetic operations. | [SWC-101](https://smartcontractsecurity.github.io/SWC-registry/docs/SWC-101) | | ```Warning``` | -1:0 | You are currently running MythX in Trial mode, which returns a maximum of three vulnerabilities. Sign up for a free account at https://mythx.io to run a complete report. | [N/A](https://smartcontractsecurity.github.io/SWC-registry/docs/N/A) | | ```Warning``` | 21:19 | assertion violation An assertion was violated. Make sure your program logic is correct (e.g., no division by zero) and that you add appropriate validation for inputs from both callers (e.g, passed arguments) and callees (e.g., return values). | [SWC-110](https://smartcontractsecurity.github.io/SWC-registry/docs/SWC-110) | | ```Warning``` | 42:23 | assertion violation An assertion was violated. Make sure your program logic is correct (e.g., no division by zero) and that you add appropriate validation for inputs from both callers (e.g, passed arguments) and callees (e.g., return values). | [SWC-110](https://smartcontractsecurity.github.io/SWC-registry/docs/SWC-110) | | ```Warning``` | 44:36 | assertion violation An assertion was violated. Make sure your program logic is correct (e.g., no division by zero) and that you add appropriate validation for inputs from both callers (e.g, passed arguments) and callees (e.g., return values). | [SWC-110](https://smartcontractsecurity.github.io/SWC-registry/docs/SWC-110) | ### /Users/connielam/Desktop/contracts/bancor/BancorPower.sol - 1 problem (0 errors, 1 warning) | Type | Line | Description | SWC | | --- | --- | --- | --- | | ```Warning``` | -1:0 | MythX API Trial Mode. You are currently running MythX in Trial mode, which returns a maximum of three vulnerabilities. Sign up for a free account at https://mythx.io to run a complete report. | [N/A](https://smartcontractsecurity.github.io/SWC-registry/docs/N/A) | ### /Users/connielam/Desktop/contracts/contracts/BandRegistry.sol - 1 problem (0 errors, 1 warning) | Type | Line | Description | SWC | | --- | --- | --- | --- | | ```Warning``` | -1:0 | MythX API Trial Mode. You are currently running MythX in Trial mode, which returns a maximum of three vulnerabilities. Sign up for a free account at https://mythx.io to run a complete report. | [N/A](https://smartcontractsecurity.github.io/SWC-registry/docs/N/A) | ### /Users/connielam/Desktop/contracts/contracts/BandToken.sol - 1 problem (0 errors, 1 warning) | Type | Line | Description | SWC | | --- | --- | --- | --- | | ```Warning``` | -1:0 | MythX API Trial Mode. You are currently running MythX in Trial mode, which returns a maximum of three vulnerabilities. Sign up for a free account at https://mythx.io to run a complete report. | [N/A](https://smartcontractsecurity.github.io/SWC-registry/docs/N/A) | ### /Users/connielam/Desktop/contracts/contracts/Parameters.sol - 1 problem (0 errors, 1 warning) | Type | Line | Description | SWC | | --- | --- | --- | --- | | ```Warning``` | -1:0 | MythX API Trial Mode. You are currently running MythX in Trial mode, which returns a maximum of three vulnerabilities. Sign up for a free account at https://mythx.io to run a complete report. | [N/A](https://smartcontractsecurity.github.io/SWC-registry/docs/N/A) | ### /Users/connielam/Desktop/contracts/contracts/data/WhiteListInterface.sol - 1 problem (0 errors, 1 warning) | Type | Line | Description | SWC | | --- | --- | --- | --- | | ```Warning``` | -1:0 | MythX API Trial Mode. You are currently running MythX in Trial mode, which returns a maximum of three vulnerabilities. Sign up for a free account at https://mythx.io to run a complete report. | [N/A](https://smartcontractsecurity.github.io/SWC-registry/docs/N/A) | ### /Users/connielam/Desktop/contracts/contracts/exchange/BandExchangeInterface.sol - 1 problem (0 errors, 1 warning) | Type | Line | Description | SWC | | --- | --- | --- | --- | | ```Warning``` | -1:0 | MythX API Trial Mode. You are currently running MythX in Trial mode, which returns a maximum of three vulnerabilities. Sign up for a free account at https://mythx.io to run a complete report. | [N/A](https://smartcontractsecurity.github.io/SWC-registry/docs/N/A) | ### /Users/connielam/Desktop/contracts/contracts/token/ERC20Acceptor.sol - 2 problems (0 errors, 2 warnings) | Type | Line | Description | SWC | | --- | --- | --- | --- | | ```Warning``` | -1:0 | MythX API Trial Mode. You are currently running MythX in Trial mode, which returns a maximum of three vulnerabilities. Sign up for a free account at https://mythx.io to run a complete report. | [N/A](https://smartcontractsecurity.github.io/SWC-registry/docs/N/A) | | ```Warning``` | 12:24 | Local variable shadows a state variable. The local variable "token" in contract "ERC20Acceptor" shadows the state variable with the same name "token" in contract "TCRBase". | [SWC-119](https://smartcontractsecurity.github.io/SWC-registry/docs/SWC-119) | ### /Users/connielam/Desktop/contracts/contracts/token/ERC20Base.sol - 1 problem (0 errors, 1 warning) | Type | Line | Description | SWC | | --- | --- | --- | --- | | ```Warning``` | -1:0 | MythX API Trial Mode. You are currently running MythX in Trial mode, which returns a maximum of three vulnerabilities. Sign up for a free account at https://mythx.io to run a complete report. | [N/A](https://smartcontractsecurity.github.io/SWC-registry/docs/N/A) | ### /Users/connielam/Desktop/contracts/contracts/token/ERC20Interface.sol - 1 problem (0 errors, 1 warning) | Type | Line | Description | SWC | | --- | --- | --- | --- | | ```Warning``` | -1:0 | MythX API Trial Mode. You are currently running MythX in Trial mode, which returns a maximum of three vulnerabilities. Sign up for a free account at https://mythx.io to run a complete report. | [N/A](https://smartcontractsecurity.github.io/SWC-registry/docs/N/A) | ### /Users/connielam/Desktop/contracts/contracts/utils/Equation.sol - 1 problem (0 errors, 1 warning) | Type | Line | Description | SWC | | --- | --- | --- | --- | | ```Warning``` | 201:26 | assertion violation An assertion was violated. Make sure your program logic is correct (e.g., no division by zero) and that you add appropriate validation for inputs from both callers (e.g, passed arguments) and callees (e.g., return values). | [SWC-110](https://smartcontractsecurity.github.io/SWC-registry/docs/SWC-110) | ### /Users/connielam/Desktop/contracts/contracts/utils/Fractional.sol - 1 problem (0 errors, 1 warning) | Type | Line | Description | SWC | | --- | --- | --- | --- | | ```Warning``` | -1:0 | MythX API Trial Mode. You are currently running MythX in Trial mode, which returns a maximum of three vulnerabilities. Sign up for a free account at https://mythx.io to run a complete report. | [N/A](https://smartcontractsecurity.github.io/SWC-registry/docs/N/A) | ### openzeppelin-solidity/contracts/access/Roles.sol - 1 problem (0 errors, 1 warning) | Type | Line | Description | SWC | | --- | --- | --- | --- | | ```Warning``` | 1:0 | A floating pragma is set. It is recommended to make a conscious choice on what version of Solidity is used for compilation. Currently multiple versions "^0.5.0" are allowed. | [SWC-103](https://smartcontractsecurity.github.io/SWC-registry/docs/SWC-103) | ### openzeppelin-solidity/contracts/access/roles/CapperRole.sol - 1 problem (0 errors, 1 warning) | Type | Line | Description | SWC | | --- | --- | --- | --- | | ```Warning``` | 1:0 | A floating pragma is set. It is recommended to make a conscious choice on what version of Solidity is used for compilation. Currently multiple versions "^0.5.0" are allowed. | [SWC-103](https://smartcontractsecurity.github.io/SWC-registry/docs/SWC-103) | ### openzeppelin-solidity/contracts/access/roles/MinterRole.sol - 1 problem (0 errors, 1 warning) | Type | Line | Description | SWC | | --- | --- | --- | --- | | ```Warning``` | 1:0 | A floating pragma is set. It is recommended to make a conscious choice on what version of Solidity is used for compilation. Currently multiple versions "^0.5.0" are allowed. | [SWC-103](https://smartcontractsecurity.github.io/SWC-registry/docs/SWC-103) | ### openzeppelin-solidity/contracts/math/Math.sol - 1 problem (0 errors, 1 warning) | Type | Line | Description | SWC | | --- | --- | --- | --- | | ```Warning``` | 1:0 | A floating pragma is set. It is recommended to make a conscious choice on what version of Solidity is used for compilation. Currently multiple versions "^0.5.0" are allowed. | [SWC-103](https://smartcontractsecurity.github.io/SWC-registry/docs/SWC-103) | ### openzeppelin-solidity/contracts/math/SafeMath.sol - 1 problem (0 errors, 1 warning) | Type | Line | Description | SWC | | --- | --- | --- | --- | | ```Warning``` | 1:0 | A floating pragma is set. It is recommended to make a conscious choice on what version of Solidity is used for compilation. Currently multiple versions "^0.5.0" are allowed. | [SWC-103](https://smartcontractsecurity.github.io/SWC-registry/docs/SWC-103) | ### openzeppelin-solidity/contracts/ownership/Ownable.sol - 1 problem (0 errors, 1 warning) | Type | Line | Description | SWC | | --- | --- | --- | --- | | ```Warning``` | 1:0 | A floating pragma is set. It is recommended to make a conscious choice on what version of Solidity is used for compilation. Currently multiple versions "^0.5.0" are allowed. | [SWC-103](https://smartcontractsecurity.github.io/SWC-registry/docs/SWC-103) | ### openzeppelin-solidity/contracts/token/ERC20/ERC20.sol - 1 problem (0 errors, 1 warning) | Type | Line | Description | SWC | | --- | --- | --- | --- | | ```Warning``` | 1:0 | A floating pragma is set. It is recommended to make a conscious choice on what version of Solidity is used for compilation. Currently multiple versions "^0.5.0" are allowed. | [SWC-103](https://smartcontractsecurity.github.io/SWC-registry/docs/SWC-103) | ### openzeppelin-solidity/contracts/token/ERC20/IERC20.sol - 1 problem (0 errors, 1 warning) | Type | Line | Description | SWC | | --- | --- | --- | --- | | ```Warning``` | 1:0 | A floating pragma is set. It is recommended to make a conscious choice on what version of Solidity is used for compilation. Currently multiple versions "^0.5.0" are allowed. | [SWC-103](https://smartcontractsecurity.github.io/SWC-registry/docs/SWC-103) | ### /Users/connielam/Desktop/contracts/contracts/mock/BondingCurveMock.sol - 2 problems (0 errors, 2 warnings) | Type | Line | Description | SWC | | --- | --- | --- | --- | | ```Warning``` | 16:4 | Local variable shadows a state variable. The local variable "collateralToken" in contract "BondingCurveMock" shadows the state variable with the same name "collateralToken" in contract "BondingCurve". | [SWC-119](https://smartcontractsecurity.github.io/SWC-registry/docs/SWC-119) | | ```Warning``` | 17:4 | Local variable shadows a state variable. The local variable "bondedToken" in contract "BondingCurveMock" shadows the state variable with the same name "bondedToken" in contract "BondingCurve". | [SWC-119](https://smartcontractsecurity.github.io/SWC-registry/docs/SWC-119) | ### /Users/connielam/Desktop/contracts/contracts/CommunityToken.sol - 3 problems (0 errors, 3 warnings) | Type | Line | Description | SWC | | --- | --- | --- | --- | | ```Warning``` | -1:0 | MythX API Trial Mode. You are currently running MythX in Trial mode, which returns a maximum of three vulnerabilities. Sign up for a free account at https://mythx.io to run a complete report. | [N/A](https://smartcontractsecurity.github.io/SWC-registry/docs/N/A) | | ```Warning``` | 10:14 | Local variable shadows a state variable. The local variable "name" in contract "CommunityToken" shadows the state variable with the same name "name" in contract "ERC20Base". | [SWC-119](https://smartcontractsecurity.github.io/SWC-registry/docs/SWC-119) | | ```Warning``` | 10:34 | Local variable shadows a state variable. The local variable "symbol" in contract "CommunityToken" shadows the state variable with the same name "symbol" in contract "ERC20Base". | [SWC-119](https://smartcontractsecurity.github.io/SWC-registry/docs/SWC-119) | ### /Users/connielam/Desktop/contracts/contracts/mock/MockDataSource.sol - 1 problem (0 errors, 1 warning) | Type | Line | Description | SWC | | --- | --- | --- | --- | | ```Warning``` | -1:0 | MythX API Trial Mode. You are currently running MythX in Trial mode, which returns a maximum of three vulnerabilities. Sign up for a free account at https://mythx.io to run a complete report. | [N/A](https://smartcontractsecurity.github.io/SWC-registry/docs/N/A) | ### /Users/connielam/Desktop/contracts/contracts/mock/MultiSigWalletFactory.sol - 3 problems (0 errors, 3 warnings) | Type | Line | Description | SWC | | --- | --- | --- | --- | | ```Warning``` | -1:0 | MythX API Trial Mode. You are currently running MythX in Trial mode, which returns a maximum of three vulnerabilities. Sign up for a free account at https://mythx.io to run a complete report. | [N/A](https://smartcontractsecurity.github.io/SWC-registry/docs/N/A) | | ```Warning``` | 98:22 | Local variable shadows a state variable. The local variable "_owner" in contract "MultiSigWallet" shadows the state variable with the same name "_owner" in contract "Ownable". | [SWC-119](https://smartcontractsecurity.github.io/SWC-registry/docs/SWC-119) | | ```Warning``` | 111:25 | Local variable shadows a state variable. The local variable "_owner" in contract "MultiSigWallet" shadows the state variable with the same name "_owner" in contract "Ownable". | [SWC-119](https://smartcontractsecurity.github.io/SWC-registry/docs/SWC-119) |