Professional Documents
Culture Documents
Solidity Scan
Solidity Scan
Solidity Scan
Security Assessment
Contract v5
9 Jan 2024
Scan History
Disclaimer
Project Summary
This report has been prepared for Contract v5 using SolidityScan to scan and
discover vulnerabilities and safe coding practices in their smart contract
including the libraries used by the contract that are not officially recognized. The
SolidityScan tool runs a comprehensive static analysis on the Solidity code and
finds vulnerabilities ranging from minor gas optimizations to major vulnerabilities
leading to the loss of funds. The coverage scope pays attention to all the
informational and critical vulnerabilities with over (150+) modules. The scanning
and auditing process covers the following areas:
Audit Summary
Project Name
Contract v5
Contract Type
Smart Contract
Language
Solidity
Codebase
File Scan
Audit Methodology
Static Scanning
Findings Summary
Contract v5
File Scan
78.52
Security Score
Lines of Code
461
10
25
9
16
Critical 0
High 10
Medium 0
Low 9
Informational 16
Gas 25
ACTION TAKEN
Gas Firm
Line nos Action Taken
Bug Type
CHEAPER INEQUALITIES IN IF()
File Location
/Contract v5.sol
Issue Description
The contract was found to be doing comparisons using inequalities inside the if stateme
nt.
When inside the if statements, non-strict inequalities (>=, <=) are usually cheaper t
han the strict equalities (>, <).
Issue Remediation
It is recommended to go through the code logic, and, if possible, modify the strict inequ
alities with the non-strict ones to save ~3 gas as long as the logic of the code is not aff
ected.
Bug ID
SSP_3784_22
Severity Confidence
Gas Firm
Line nos Action Taken
Bug Type
CHEAPER INEQUALITIES IN REQUIRE()
File Location
/Contract v5.sol
Issue Description
The contract was found to be performing comparisons using inequalities inside the req
uire statement. When inside the require statements, non-strict inequalities (>=, <
=) are usually costlier than strict equalities (>, <) .
Issue Remediation
It is recommended to go through the code logic, and, if possible, modify the non-strict i
nequalities with the strict ones to save ~3 gas as long as the logic of the code is not aff
ected.
Bug ID
SSP_3784_23
Severity Confidence
Gas Firm
Line nos Action Taken
Bug Type
CHEAPER INEQUALITIES IN REQUIRE()
File Location
/Contract v5.sol
Issue Description
The contract was found to be performing comparisons using inequalities inside the req
uire statement. When inside the require statements, non-strict inequalities (>=, <
=) are usually costlier than strict equalities (>, <) .
Issue Remediation
It is recommended to go through the code logic, and, if possible, modify the non-strict i
nequalities with the strict ones to save ~3 gas as long as the logic of the code is not aff
ected.
Bug ID
SSP_3784_21
Severity Confidence
Gas Certain
Line nos Action Taken
428-428 Pending Fix
Bug Type
CUSTOM ERRORS TO SAVE GAS
File Location
/Contract v5.sol
Issue Description
The contract was found to be using revert() statements. Since Solidity v0.8.4 , cust
om errors have been introduced which are a better alternative to the revert.
This allows the developers to pass custom errors with dynamic data while reverting the
transaction and also making the whole implementation a bit cheaper than using rever
t.
Issue Remediation
It is recommended to replace all the instances of revert() statements with error() t
o save gas.
Bug ID
SSP_3784_41
Severity Confidence
Gas Tentative
Line nos Action Taken
Bug Type
OPTIMIZING ADDRESS ID MAPPING
File Location
/Contract v5.sol
Issue Description
Combining multiple address/ID mappings into a single mapping using a struct enhances
storage efficiency, simplifies code, and reduces gas costs, resulting in a more streamlin
ed and cost-effective smart contract design.
It saves storage slot for the mapping and depending on the circumstances and sizes of
types, it can avoid a Gsset (20000 gas) per mapping combined. Reads and subsequent
writes can also be cheaper when a function requires both values and they fit in the sam
e storage slot.
Issue Remediation
It is suggested to modify the code so that multiple mappings using the address->id para
meter are combined into a struct.
Bug ID
SSP_3784_42
Severity Confidence
Gas Tentative
Line nos Action Taken
Bug Type
OPTIMIZING ADDRESS ID MAPPING
File Location
/Contract v5.sol
Issue Description
Combining multiple address/ID mappings into a single mapping using a struct enhances
storage efficiency, simplifies code, and reduces gas costs, resulting in a more streamlin
ed and cost-effective smart contract design.
It saves storage slot for the mapping and depending on the circumstances and sizes of
types, it can avoid a Gsset (20000 gas) per mapping combined. Reads and subsequent
writes can also be cheaper when a function requires both values and they fit in the sam
e storage slot.
Issue Remediation
It is suggested to modify the code so that multiple mappings using the address->id para
meter are combined into a struct.
Bug ID
SSP_3784_43
Severity Confidence
Gas Tentative
Line nos Action Taken
Bug Type
OPTIMIZING ADDRESS ID MAPPING
File Location
/Contract v5.sol
Issue Description
Combining multiple address/ID mappings into a single mapping using a struct enhances
storage efficiency, simplifies code, and reduces gas costs, resulting in a more streamlin
ed and cost-effective smart contract design.
It saves storage slot for the mapping and depending on the circumstances and sizes of
types, it can avoid a Gsset (20000 gas) per mapping combined. Reads and subsequent
writes can also be cheaper when a function requires both values and they fit in the sam
e storage slot.
Issue Remediation
It is suggested to modify the code so that multiple mappings using the address->id para
meter are combined into a struct.
Bug ID
SSP_3784_44
Severity Confidence
Gas Tentative
Line nos Action Taken
Bug Type
OPTIMIZING ADDRESS ID MAPPING
File Location
/Contract v5.sol
Issue Description
Combining multiple address/ID mappings into a single mapping using a struct enhances
storage efficiency, simplifies code, and reduces gas costs, resulting in a more streamlin
ed and cost-effective smart contract design.
It saves storage slot for the mapping and depending on the circumstances and sizes of
types, it can avoid a Gsset (20000 gas) per mapping combined. Reads and subsequent
writes can also be cheaper when a function requires both values and they fit in the sam
e storage slot.
Issue Remediation
It is suggested to modify the code so that multiple mappings using the address->id para
meter are combined into a struct.
Bug ID
SSP_3784_45
Severity Confidence
Gas Tentative
Line nos Action Taken
Bug Type
OPTIMIZING ADDRESS ID MAPPING
File Location
/Contract v5.sol
Issue Description
Combining multiple address/ID mappings into a single mapping using a struct enhances
storage efficiency, simplifies code, and reduces gas costs, resulting in a more streamlin
ed and cost-effective smart contract design.
It saves storage slot for the mapping and depending on the circumstances and sizes of
types, it can avoid a Gsset (20000 gas) per mapping combined. Reads and subsequent
writes can also be cheaper when a function requires both values and they fit in the sam
e storage slot.
Issue Remediation
It is suggested to modify the code so that multiple mappings using the address->id para
meter are combined into a struct.
Bug ID
SSP_3784_46
Severity Confidence
Gas Tentative
Line nos Action Taken
Bug Type
OPTIMIZING ADDRESS ID MAPPING
File Location
/Contract v5.sol
Issue Description
Combining multiple address/ID mappings into a single mapping using a struct enhances
storage efficiency, simplifies code, and reduces gas costs, resulting in a more streamlin
ed and cost-effective smart contract design.
It saves storage slot for the mapping and depending on the circumstances and sizes of
types, it can avoid a Gsset (20000 gas) per mapping combined. Reads and subsequent
writes can also be cheaper when a function requires both values and they fit in the sam
e storage slot.
Issue Remediation
It is suggested to modify the code so that multiple mappings using the address->id para
meter are combined into a struct.
Bug ID
SSP_3784_32
Severity Confidence
Gas Certain
Line nos Action Taken
Bug Type
PUBLIC CONSTANTS CAN BE PRIVATE
File Location
/Contract v5.sol
Issue Description
Public constant variables cost more gas because the EVM automatically creates getter f
unctions for them and adds entries to the method ID table. The values can be read from
the source code instead.
The following variable is affected: panicData
Issue Remediation
If reading the values for the constants are not necessary, consider changing the publi
c visibility to private .
Bug ID
SSP_3784_33
Severity Confidence
Gas Certain
Line nos Action Taken
Bug Type
PUBLIC CONSTANTS CAN BE PRIVATE
File Location
/Contract v5.sol
Issue Description
Public constant variables cost more gas because the EVM automatically creates getter f
unctions for them and adds entries to the method ID table. The values can be read from
the source code instead.
The following variable is affected: currentPosition
Issue Remediation
If reading the values for the constants are not necessary, consider changing the publi
c visibility to private .
Bug ID
SSP_3784_3
Severity Confidence
Gas Firm
Line nos Action Taken
Bug Type
SPLITTING REQUIRE STATEMENTS
File Location
/Contract v5.sol
Issue Description
Require statements when combined using operators in a single statement usually lead t
o a larger deployment gas cost but with each runtime calls, the whole thing ends up bei
ng cheaper by some gas units.
Issue Remediation
It is recommended to separate the require statements with one statement/validation per
line.
Bug ID
SSP_3784_40
Severity Confidence
Gas Tentative
Line nos Action Taken
Bug Type
SPLITTING REVERT STATEMENTS
File Location
/Contract v5.sol
Issue Description
The contract is using multiple conditions in a single if statement followed by a revert.
This costs some extra gas.
Issue Remediation
It is recommended to split the conditions into multiple if statements such that there’s
only one condition in each of them.
Bug ID
SSP_3784_50
Severity Confidence
Gas Tentative
Line nos Action Taken
Bug Type
STORAGE VARIABLE CACHING IN MEMORY
File Location
/Contract v5.sol
Issue Description
The contract MultiSigV3Proxy is using the state variable isAllowedPool multiple tim
es in the function .
SLOADs are expensive (100 gas after the 1st one) compared to MLOAD / MSTORE (3 gas e
ach).
Issue Remediation
Storage variables read multiple times inside a function should instead be cached in the
memory the first time (costing 1 SLOAD ) and then read from this cache to avoid multiple
SLOADs .
Bug ID
SSP_3784_51
Severity Confidence
Gas Tentative
Line nos Action Taken
Bug Type
STORAGE VARIABLE CACHING IN MEMORY
File Location
/Contract v5.sol
Issue Description
The contract MultiSigV3Proxy is using the state variable isAllowedToken multiple tim
es in the function .
SLOADs are expensive (100 gas after the 1st one) compared to MLOAD / MSTORE (3 gas e
ach).
Issue Remediation
Storage variables read multiple times inside a function should instead be cached in the
memory the first time (costing 1 SLOAD ) and then read from this cache to avoid multiple
SLOADs .
Bug ID
SSP_3784_52
Severity Confidence
Gas Tentative
Line nos Action Taken
Bug Type
STORAGE VARIABLE CACHING IN MEMORY
File Location
/Contract v5.sol
Issue Description
The contract MultiSigV3Proxy is using the state variable allowedTokens multiple tim
es in the function .
SLOADs are expensive (100 gas after the 1st one) compared to MLOAD / MSTORE (3 gas e
ach).
Issue Remediation
Storage variables read multiple times inside a function should instead be cached in the
memory the first time (costing 1 SLOAD ) and then read from this cache to avoid multiple
SLOADs .
Bug ID
SSP_3784_53
Severity Confidence
Gas Tentative
Line nos Action Taken
Bug Type
STORAGE VARIABLE CACHING IN MEMORY
File Location
/Contract v5.sol
Issue Description
The contract MultiSigV3Proxy is using the state variable currentPosition multiple ti
mes in the function resetPosition .
SLOADs are expensive (100 gas after the 1st one) compared to MLOAD / MSTORE (3 gas e
ach).
Issue Remediation
Storage variables read multiple times inside a function should instead be cached in the
memory the first time (costing 1 SLOAD ) and then read from this cache to avoid multiple
SLOADs .
Bug ID
SSP_3784_52
Severity Confidence
Gas Tentative
Line nos Action Taken
Bug Type
STORAGE VARIABLE CACHING IN MEMORY
File Location
/Contract v5.sol
Issue Description
The contract MultiSigV3Proxy is using the state variable allowedTokens multiple tim
es in the function getBalance .
SLOADs are expensive (100 gas after the 1st one) compared to MLOAD / MSTORE (3 gas e
ach).
Issue Remediation
Storage variables read multiple times inside a function should instead be cached in the
memory the first time (costing 1 SLOAD ) and then read from this cache to avoid multiple
SLOADs .
Bug ID
SSP_3784_53
Severity Confidence
Gas Tentative
Line nos Action Taken
Bug Type
STORAGE VARIABLE CACHING IN MEMORY
File Location
/Contract v5.sol
Issue Description
The contract MultiSigV3Proxy is using the state variable currentPosition multiple ti
mes in the function setPosition .
SLOADs are expensive (100 gas after the 1st one) compared to MLOAD / MSTORE (3 gas e
ach).
Issue Remediation
Storage variables read multiple times inside a function should instead be cached in the
memory the first time (costing 1 SLOAD ) and then read from this cache to avoid multiple
SLOADs .
Bug ID
SSP_3784_54
Severity Confidence
Gas Tentative
Line nos Action Taken
Bug Type
STORAGE VARIABLE CACHING IN MEMORY
File Location
/Contract v5.sol
Issue Description
The contract MultiSigV3Proxy is using the state variable withdrawRequested multiple
times in the function requestWithdraw .
SLOADs are expensive (100 gas after the 1st one) compared to MLOAD / MSTORE (3 gas e
ach).
Issue Remediation
Storage variables read multiple times inside a function should instead be cached in the
memory the first time (costing 1 SLOAD ) and then read from this cache to avoid multiple
SLOADs .
Bug ID
SSP_3784_54
Severity Confidence
Gas Tentative
Line nos Action Taken
Bug Type
STORAGE VARIABLE CACHING IN MEMORY
File Location
/Contract v5.sol
Issue Description
The contract MultiSigV3Proxy is using the state variable withdrawRequested multiple
times in the function cancelWithdrawRequest .
SLOADs are expensive (100 gas after the 1st one) compared to MLOAD / MSTORE (3 gas e
ach).
Issue Remediation
Storage variables read multiple times inside a function should instead be cached in the
memory the first time (costing 1 SLOAD ) and then read from this cache to avoid multiple
SLOADs .
Bug ID
SSP_3784_52
Severity Confidence
Gas
Tentative
Line nos Action Taken
Bug Type
STORAGE VARIABLE CACHING IN MEMORY
File Location
/Contract v5.sol
Issue Description
The contract MultiSigV3Proxy is using the state variable allowedTokens multiple tim
es in the function withdraw .
SLOADs are expensive (100 gas after the 1st one) compared to MLOAD / MSTORE (3 gas e
ach).
Issue Remediation
Storage variables read multiple times inside a function should instead be cached in the
memory the first time (costing 1 SLOAD ) and then read from this cache to avoid multiple
SLOADs .
Bug ID
SSP_3784_55
Severity Confidence
Gas Tentative
Line nos Action Taken
File Location
/Contract v5.sol
Issue Description
The contract MultiSigV3Proxy is using the state variable panicData multiple times in
the function uniswapV3SwapCallback .
SLOADs are expensive (100 gas after the 1st one) compared to MLOAD / MSTORE (3 gas e
ach).
Issue Remediation
Storage variables read multiple times inside a function should instead be cached in the
memory the first time (costing 1 SLOAD ) and then read from this cache to avoid multiple
SLOADs .
Bug ID
SSP_3784_55
Severity Confidence
Gas Tentative
Line nos Action Taken
Bug Type
STORAGE VARIABLE CACHING IN MEMORY
File Location
/Contract v5.sol
Issue Description
The contract MultiSigV3Proxy is using the state variable panicData multiple times in
the function panic .
SLOADs are expensive (100 gas after the 1st one) compared to MLOAD / MSTORE (3 gas e
ach).
Issue Remediation
Storage variables read multiple times inside a function should instead be cached in the
memory the first time (costing 1 SLOAD ) and then read from this cache to avoid multiple
SLOADs .
Scan History
No Date Security Score
1. 2024-01-09 78.52
Disclaimer
The Reports neither endorse nor condemn any specific project or team, nor do
they guarantee the security of any specific project. The contents of this report do
not, and should not be interpreted as having any bearing on, the economics of
tokens, token sales, or any other goods, services, or assets.
The security audit is not meant to replace functional testing done before a
software release.
Emerging technologies such as Smart Contracts and Solidity carry a high level of
technical risk and uncertainty. There is no warranty or representation made by this
report to any Third Party in regards to the quality of code, the business model or
the proprietors of any such business model, or the legal compliance of any
business.
In no way should a third party use these reports to make any decisions about
buying or selling a token, product, service, or any other asset. It should be noted
that this report is not investment advice, is not intended to be relied on as
investment advice, and has no endorsement of this project or team. It does not
serve as a guarantee as to the project's absolute security.