Solidity Scan

You are viewing this report in private mode, accessible only using an authenticated account.
This is not a public report.
Security Assessment
Contract v5
9 Jan 2024
This security assessment report was prepared by SolidityScan.com, a cloud-

based Smart Contract Scanner.
Table of Contents.
Project Summary
Audit Summary
Findings Summary
Vulnerability Details
CHEAPER INEQUALITIES IN IF()
CHEAPER INEQUALITIES IN REQUIRE()
CUSTOM ERRORS TO SAVE GAS
OPTIMIZING ADDRESS ID MAPPING
PUBLIC CONSTANTS CAN BE PRIVATE
SPLITTING REQUIRE STATEMENTS
SPLITTING REVERT STATEMENTS
STORAGE VARIABLE CACHING IN MEMORY
Scan History
Disclaimer
Project Summary
This report has been prepared for Contract v5 using SolidityScan to scan and
discover vulnerabilities and safe coding practices in their smart contract
including the libraries used by the contract that are not officially recognized. The
SolidityScan tool runs a comprehensive static analysis on the Solidity code and
finds vulnerabilities ranging from minor gas optimizations to major vulnerabilities
leading to the loss of funds. The coverage scope pays attention to all the
informational and critical vulnerabilities with over (150+) modules. The scanning
and auditing process covers the following areas:
Various common and uncommon attack vectors will be investigated to ensure

that the smart contracts are secure from malicious actors. The scanner modules
find and flag issues related to Gas optimizations that help in reducing the overall
Gas cost It scans and evaluates the codebase against industry best practices
and standards to ensure compliance It makes sure that the officially recognized
libraries used in the code are secure and up to date
The SolidityScan Team recommends running regular audit scans to identify any
vulnerabilities that are introduced after Contract v5 introduces new features or
refactors the code.
Audit Summary
Project Name
Contract v5
Contract Type
Smart Contract
Language
Solidity
Codebase
File Scan
Audit Methodology
Static Scanning
Findings Summary
Contract v5
File Scan
78.52
Security Score
Lines of Code
461
10
25
9
16
Critical 0
High 10
Medium 0
Low 9
Informational 16
Gas 25
ACTION TAKEN
Fixed False Positive

0 0
Won't Fix Pending Fix
0 55
Severity Bug Type
Gas CHEAPER INEQUALITIES IN IF()
Gas CHEAPER INEQUALITIES IN REQUIRE()
Gas CHEAPER INEQUALITIES IN REQUIRE()
Gas CUSTOM ERRORS TO SAVE GAS
Gas OPTIMIZING ADDRESS ID MAPPING
Gas PUBLIC CONSTANTS CAN BE PRIVATE
Gas PUBLIC CONSTANTS CAN BE PRIVATE

Gas SPLITTING REQUIRE STATEMENTS
Gas SPLITTING REVERT STATEMENTS
Gas STORAGE VARIABLE CACHING IN MEMORY

Critical Lorem Ipsum Dolor Sit Amet Pending Fix
Lorem Ipsum Dolor Sit Amet Pending Fix

Critical
Upgrade to use this feature
Upgrade to ourProplan or a Custom plan to use this feature and much
Critical Lorem Ipsum Dolor Sit Amet
more Pending Fix

Upgrade

Vulnerability Details
Bug ID
SSP_3784_20
Severity Confidence
Gas Firm
Line nos Action Taken
385-385 Pending Fix
Bug Type
CHEAPER INEQUALITIES IN IF()
File Location
/Contract v5.sol
Issue Description
The contract was found to be doing comparisons using inequalities inside the if stateme
nt.
When inside the if statements, non-strict inequalities (>=, <=) are usually cheaper t
han the strict equalities (>, <).
Issue Remediation
It is recommended to go through the code logic, and, if possible, modify the strict inequ
alities with the non-strict ones to save ~3 gas as long as the logic of the code is not aff
ected.
Bug ID
SSP_3784_22
Severity Confidence
Gas Firm
124-124 Pending Fix
Bug Type
File Location
/Contract v5.sol
Issue Description
The contract was found to be performing comparisons using inequalities inside the req
uire statement. When inside the require statements, non-strict inequalities (>=, <
=) are usually costlier than strict equalities (>, <) .
Issue Remediation
It is recommended to go through the code logic, and, if possible, modify the non-strict i
nequalities with the strict ones to save ~3 gas as long as the logic of the code is not aff
ected.
Bug ID
SSP_3784_23
Severity Confidence
Gas Firm
333-333 Pending Fix
Bug Type
File Location
/Contract v5.sol
Issue Description
The contract was found to be performing comparisons using inequalities inside the req
uire statement. When inside the require statements, non-strict inequalities (>=, <
=) are usually costlier than strict equalities (>, <) .
Issue Remediation
It is recommended to go through the code logic, and, if possible, modify the non-strict i
nequalities with the strict ones to save ~3 gas as long as the logic of the code is not aff
ected.
Bug ID
SSP_3784_21
Severity Confidence
Gas Certain
428-428 Pending Fix
Bug Type
CUSTOM ERRORS TO SAVE GAS
File Location
/Contract v5.sol
Issue Description
The contract was found to be using revert() statements. Since Solidity v0.8.4 , cust
om errors have been introduced which are a better alternative to the revert.
This allows the developers to pass custom errors with dynamic data while reverting the
transaction and also making the whole implementation a bit cheaper than using rever
t.
Issue Remediation
It is recommended to replace all the instances of revert() statements with error() t
o save gas.
Bug ID
SSP_3784_41
Severity Confidence
Gas Tentative
82-82 Pending Fix
Bug Type
File Location
/Contract v5.sol
Issue Description
Combining multiple address/ID mappings into a single mapping using a struct enhances
storage efficiency, simplifies code, and reduces gas costs, resulting in a more streamlin
ed and cost-effective smart contract design.
It saves storage slot for the mapping and depending on the circumstances and sizes of
types, it can avoid a Gsset (20000 gas) per mapping combined. Reads and subsequent
writes can also be cheaper when a function requires both values and they fit in the sam
e storage slot.
Issue Remediation
It is suggested to modify the code so that multiple mappings using the address->id para
meter are combined into a struct.
Bug ID
SSP_3784_42
Severity Confidence
Gas Tentative
85-85 Pending Fix
Bug Type
File Location
/Contract v5.sol
Issue Description
e storage slot.
Issue Remediation
Bug ID
SSP_3784_43
Severity Confidence
Gas Tentative
88-88 Pending Fix
Bug Type
File Location
/Contract v5.sol
Issue Description
e storage slot.
Issue Remediation
Bug ID
SSP_3784_44
Severity Confidence
Gas Tentative
89-89 Pending Fix
Bug Type
File Location
/Contract v5.sol
Issue Description
e storage slot.
Issue Remediation
Bug ID
SSP_3784_45
Severity Confidence
Gas Tentative
91-91 Pending Fix
Bug Type
File Location
/Contract v5.sol
Issue Description
e storage slot.
Issue Remediation
Bug ID
SSP_3784_46
Severity Confidence
Gas Tentative
92-92 Pending Fix
Bug Type
File Location
/Contract v5.sol
Issue Description
e storage slot.
Issue Remediation
Bug ID
SSP_3784_32
Severity Confidence
Gas Certain
76-76 Pending Fix
Bug Type
File Location
/Contract v5.sol
Issue Description
Public constant variables cost more gas because the EVM automatically creates getter f
unctions for them and adds entries to the method ID table. The values can be read from
the source code instead.
The following variable is affected: panicData
Issue Remediation
If reading the values for the constants are not necessary, consider changing the publi
c visibility to private .
Bug ID
SSP_3784_33
Severity Confidence
Gas Certain
95-95 Pending Fix
Bug Type
File Location
/Contract v5.sol
Issue Description
Public constant variables cost more gas because the EVM automatically creates getter f
unctions for them and adds entries to the method ID table. The values can be read from
the source code instead.
The following variable is affected: currentPosition
Issue Remediation
If reading the values for the constants are not necessary, consider changing the publi
c visibility to private .
Bug ID
SSP_3784_3
Severity Confidence
Gas Firm
122-126 Pending Fix
Bug Type
SPLITTING REQUIRE STATEMENTS
File Location
/Contract v5.sol
Issue Description
Require statements when combined using operators in a single statement usually lead t
o a larger deployment gas cost but with each runtime calls, the whole thing ends up bei
ng cheaper by some gas units.
Issue Remediation
It is recommended to separate the require statements with one statement/validation per
line.
Bug ID
SSP_3784_40
Severity Confidence
Gas Tentative
385-387 Pending Fix
Bug Type
SPLITTING REVERT STATEMENTS
File Location
/Contract v5.sol
Issue Description
The contract is using multiple conditions in a single if statement followed by a revert.
This costs some extra gas.
Issue Remediation
It is recommended to split the conditions into multiple if statements such that there’s
only one condition in each of them.
Bug ID
SSP_3784_50
Severity Confidence
Gas Tentative
82-82 Pending Fix
Bug Type
File Location
/Contract v5.sol
Issue Description
The contract MultiSigV3Proxy is using the state variable isAllowedPool multiple tim
es in the function .
SLOADs are expensive (100 gas after the 1st one) compared to MLOAD / MSTORE (3 gas e
ach).
Issue Remediation
Storage variables read multiple times inside a function should instead be cached in the
memory the first time (costing 1 SLOAD ) and then read from this cache to avoid multiple
SLOADs .
Bug ID
SSP_3784_51
Severity Confidence
Gas Tentative
85-85 Pending Fix
Bug Type
File Location
/Contract v5.sol
Issue Description
The contract MultiSigV3Proxy is using the state variable isAllowedToken multiple tim
ach).
Issue Remediation
SLOADs .
Bug ID
SSP_3784_52
Severity Confidence
Gas Tentative
86-86 Pending Fix
Bug Type
File Location
/Contract v5.sol
Issue Description
The contract MultiSigV3Proxy is using the state variable allowedTokens multiple tim
ach).
Issue Remediation
SLOADs .
Bug ID
SSP_3784_53
Severity Confidence
Gas Tentative
95-95 Pending Fix
Bug Type
File Location
/Contract v5.sol
Issue Description
The contract MultiSigV3Proxy is using the state variable currentPosition multiple ti
mes in the function resetPosition .
ach).
Issue Remediation
SLOADs .
Bug ID
SSP_3784_52
Severity Confidence
Gas Tentative
86-86 Pending Fix
Bug Type
File Location
/Contract v5.sol
Issue Description
es in the function getBalance .
ach).
Issue Remediation
SLOADs .
Bug ID
SSP_3784_53
Severity Confidence
Gas Tentative
95-95 Pending Fix
Bug Type
File Location
/Contract v5.sol
Issue Description
The contract MultiSigV3Proxy is using the state variable currentPosition multiple ti
mes in the function setPosition .
ach).
Issue Remediation
SLOADs .
Bug ID
SSP_3784_54
Severity Confidence
Gas Tentative
89-89 Pending Fix
Bug Type
File Location
/Contract v5.sol
Issue Description
The contract MultiSigV3Proxy is using the state variable withdrawRequested multiple
times in the function requestWithdraw .
ach).
Issue Remediation
SLOADs .
Bug ID
SSP_3784_54
Severity Confidence
Gas Tentative
89-89 Pending Fix
Bug Type
File Location
/Contract v5.sol
Issue Description
The contract MultiSigV3Proxy is using the state variable withdrawRequested multiple
times in the function cancelWithdrawRequest .
ach).
Issue Remediation
SLOADs .
Bug ID
SSP_3784_52
Severity Confidence
Gas
Tentative
86-86 Pending Fix
Bug Type
File Location
/Contract v5.sol
Issue Description
es in the function withdraw .
ach).
Issue Remediation
SLOADs .
Bug ID
SSP_3784_55
Severity Confidence
Gas Tentative
76-76 Pending Fix

Bug Type
File Location
/Contract v5.sol
Issue Description
The contract MultiSigV3Proxy is using the state variable panicData multiple times in
the function uniswapV3SwapCallback .
ach).
Issue Remediation
SLOADs .
Bug ID
SSP_3784_55
Severity Confidence
Gas Tentative
76-76 Pending Fix
Bug Type
File Location
/Contract v5.sol
Issue Description
The contract MultiSigV3Proxy is using the state variable panicData multiple times in
the function panic .
ach).
Issue Remediation
SLOADs .
Scan History
No Date Security Score
1. 2024-01-09 78.52
Disclaimer
The Reports neither endorse nor condemn any specific project or team, nor do
they guarantee the security of any specific project. The contents of this report do
not, and should not be interpreted as having any bearing on, the economics of
tokens, token sales, or any other goods, services, or assets.
The security audit is not meant to replace functional testing done before a
software release.
There is no warranty that all possible security issues of a particular smart

contract(s) will be found by the tool, i.e., It is not guaranteed that there will not be
any further findings based solely on the results of this evaluation.
Emerging technologies such as Smart Contracts and Solidity carry a high level of
technical risk and uncertainty. There is no warranty or representation made by this
report to any Third Party in regards to the quality of code, the business model or
the proprietors of any such business model, or the legal compliance of any
business.
In no way should a third party use these reports to make any decisions about
buying or selling a token, product, service, or any other asset. It should be noted
that this report is not investment advice, is not intended to be relied on as
investment advice, and has no endorsement of this project or team. It does not
serve as a guarantee as to the project's absolute security.
The assessment provided by SolidityScan is subject to dependencies and under

continuing development. You agree that your access and/or use, including but not
limited to any services, reports, and materials, will be at your sole risk on an as-is,
where-is, and as-available basis. SolidityScan owes no duty to any third party by
virtue of publishing these Reports.
As one audit-based assessment cannot be considered comprehensive, we always

recommend proceeding with several independent manual audits including manual
audit and a public bug bounty program to ensure the security of the smart
contracts.

Solidity Scan

Uploaded by

Copyright:

Available Formats

You might also like

Solidity Scan

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Solidity Scan

Uploaded by

Copyright:

Available Formats

You are viewing this report in private mode, accessible only using an authenticated account.

This is not a public report.

This security assessment report was prepared by SolidityScan.com, a cloud-

CHEAPER INEQUALITIES IN REQUIRE()

CUSTOM ERRORS TO SAVE GAS

OPTIMIZING ADDRESS ID MAPPING

PUBLIC CONSTANTS CAN BE PRIVATE

SPLITTING REQUIRE STATEMENTS

SPLITTING REVERT STATEMENTS

STORAGE VARIABLE CACHING IN MEMORY

Various common and uncommon attack vectors will be investigated to ensure

Fixed False Positive

Gas CHEAPER INEQUALITIES IN REQUIRE()

Gas CHEAPER INEQUALITIES IN REQUIRE()

Gas CUSTOM ERRORS TO SAVE GAS

Gas OPTIMIZING ADDRESS ID MAPPING

Gas OPTIMIZING ADDRESS ID MAPPING

Gas OPTIMIZING ADDRESS ID MAPPING

Gas OPTIMIZING ADDRESS ID MAPPING

Gas OPTIMIZING ADDRESS ID MAPPING

Gas OPTIMIZING ADDRESS ID MAPPING

Gas PUBLIC CONSTANTS CAN BE PRIVATE

Gas PUBLIC CONSTANTS CAN BE PRIVATE

Gas SPLITTING REVERT STATEMENTS

Gas STORAGE VARIABLE CACHING IN MEMORY

Gas STORAGE VARIABLE CACHING IN MEMORY

Gas STORAGE VARIABLE CACHING IN MEMORY

Gas STORAGE VARIABLE CACHING IN MEMORY

Gas STORAGE VARIABLE CACHING IN MEMORY

Gas STORAGE VARIABLE CACHING IN MEMORY

Gas STORAGE VARIABLE CACHING IN MEMORY

Gas STORAGE VARIABLE CACHING IN MEMORY

Gas STORAGE VARIABLE CACHING IN MEMORY

Gas STORAGE VARIABLE CACHING IN MEMORY

Gas STORAGE VARIABLE CACHING IN MEMORY

Critical Lorem Ipsum Dolor Sit Amet Pending Fix

Critical Lorem Ipsum Dolor Sit Amet Pending Fix

Critical Lorem Ipsum Dolor Sit Amet Pending Fix

Lorem Ipsum Dolor Sit Amet Pending Fix

Critical Lorem Ipsum Dolor Sit Amet Pending Fix

Critical Lorem Ipsum Dolor Sit Amet Pending Fix

Critical Lorem Ipsum Dolor Sit Amet Pending Fix

Critical Lorem Ipsum Dolor Sit Amet Pending Fix

385-385 Pending Fix

124-124 Pending Fix

333-333 Pending Fix

82-82 Pending Fix

85-85 Pending Fix

88-88 Pending Fix

89-89 Pending Fix

91-91 Pending Fix

92-92 Pending Fix

76-76 Pending Fix

95-95 Pending Fix

122-126 Pending Fix

385-387 Pending Fix

82-82 Pending Fix

85-85 Pending Fix

86-86 Pending Fix