Slither: add slither analyzer to github workflow

[roisindowling]

No description provided.

[codecov-commenter]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 98.71%. Comparing base (3cf83ad) to head (3bf8b14).

Additional details and impacted files

@@           Coverage Diff            @@
##             main      #12    +/-   ##
========================================
  Coverage   98.71%   98.71%            
========================================
  Files          37       37            
  Lines        2326     2326            
  Branches      486      341   -145     
========================================
  Hits         2296     2296            
  Misses         29       29            
  Partials        1        1            

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[github-actions]

Slither report

THIS CHECKLIST IS NOT COMPLETE. Use --show-ignored-findings to show all the results.
Summary

• arbitrary-send-eth (2 results) (High)
• divide-before-multiply (1 results) (Medium)
• uninitialized-local (1 results) (Medium)
• unused-return (14 results) (Medium)
• shadowing-local (8 results) (Low)
• missing-zero-check (2 results) (Low)
• calls-loop (1 results) (Low)
• reentrancy-events (8 results) (Low)
• timestamp (1 results) (Low)

arbitrary-send-eth

Impact: High
Confidence: Medium

• ID-0
  Treasury.transferVET(address,uint256) sends eth to arbitrary user
  Dangerous calls:
  • (sent,None) = _to.call{value: _value}()

vebetterdao-contracts/contracts/Treasury.sol

Lines 232 to 240 in 71256ba

	function transferVET(address _to, uint256 _value) external onlyGovernanceWhenNotPaused nonReentrant {
	TreasuryStorage storage $ = _getTreasuryStorage();
	require($.transferLimitVET >= _value, "Treasury: transfer limit exceeded");
	require(address(this).balance >= _value, "Treasury: insufficient VET balance");
	(bool sent, ) = _to.call{ value: _value }("");
	require(sent, "Failed to send VET");
	}

• ID-1
  B3TRGovernor.relay(address,uint256,bytes) sends eth to arbitrary user
  Dangerous calls:
  • (success,returndata) = target.call{value: value}(data)

vebetterdao-contracts/contracts/B3TRGovernor.sol

Lines 176 to 179 in 71256ba

	function relay(address target, uint256 value, bytes calldata data) external payable virtual onlyGovernance {
	(bool success, bytes memory returndata) = target.call{ value: value }(data);
	Address.verifyCallResult(success, returndata);
	}

divide-before-multiply

Impact: Medium
Confidence: Medium

• ID-2
  XAllocationPool._rewardAmount(uint256,uint256) performs a multiplication on the result of a division:
  • available = (total * variableAllocationPercentage) / 100
  • rewardAmount = (available * share) / PERCENTAGE_PRECISION_SCALING_FACTOR

vebetterdao-contracts/contracts/XAllocationPool.sol

Lines 282 to 290 in 71256ba

	function _rewardAmount(uint256 roundId, uint256 share) internal view returns (uint256) {
	uint256 total = _emissionAmount(roundId);
	uint256 variableAllocationPercentage = 100 - xAllocationVoting().getRoundBaseAllocationPercentage(roundId);
	uint256 available = (total * variableAllocationPercentage) / 100;
	uint256 rewardAmount = (available * share) / PERCENTAGE_PRECISION_SCALING_FACTOR;
	return rewardAmount;
	}

uninitialized-local

Impact: Medium
Confidence: Medium

• ID-3
  XAllocationPool.getAppShares(uint256,bytes32).unallocatedShare is a local variable never initialized

vebetterdao-contracts/contracts/XAllocationPool.sol

Line 483 in 71256ba

uint256 unallocatedShare;

unused-return

Impact: Medium
Confidence: Medium

• ID-4
  Emissions.start() ignores return value by $.xAllocationsGovernor.startNewRound()

vebetterdao-contracts/contracts/Emissions.sol

Lines 273 to 283 in 71256ba

	function start() external onlyRole(MINTER_ROLE) nonReentrant {
	EmissionsStorage storage $ = _getEmissionsStorage();
	require($.b3tr.paused() == false, "Emissions: B3TR token is paused");
	require($.nextCycle == 1, "Emissions: Can only start emissions when next cycle = 1");
	$.lastEmissionBlock = block.number;
	$.xAllocationsGovernor.startNewRound();
	$.nextCycle++;
	}

• ID-5
  GovernorProposalLogic.cancel(GovernorStorageTypes.GovernorStorage,address,bool,address[],uint256[],bytes[],bytes32) ignores return value by GovernorStateLogic.validateStateBitmap(self,proposalId,GovernorStateLogic.ALL_PROPOSAL_STATES_BITMAP ^ GovernorStateLogic.encodeStateBitmap(GovernorTypes.ProposalState.Canceled) ^ GovernorStateLogic.encodeStateBitmap(GovernorTypes.ProposalState.Executed))

vebetterdao-contracts/contracts/governance/libraries/GovernorProposalLogic.sol

Lines 393 to 432 in 71256ba

	function cancel(
	GovernorStorageTypes.GovernorStorage storage self,
	address account,
	bool admin,
	address[] memory targets,
	uint256[] memory values,
	bytes[] memory calldatas,
	bytes32 descriptionHash
	) external returns (uint256) {
	uint256 proposalId = hashProposal(targets, values, calldatas, descriptionHash);
	if (account != proposalProposer(self, proposalId) && !admin) {
	revert UnauthorizedAccess(account);
	}
	GovernorStateLogic.validateStateBitmap(
	self,
	proposalId,
	GovernorStateLogic.ALL_PROPOSAL_STATES_BITMAP ^
	GovernorStateLogic.encodeStateBitmap(GovernorTypes.ProposalState.Canceled) ^
	GovernorStateLogic.encodeStateBitmap(GovernorTypes.ProposalState.Executed)
	);
	if (account == proposalProposer(self, proposalId)) {
	require(
	GovernorStateLogic._state(self, proposalId) == GovernorTypes.ProposalState.Pending,
	"Governor: proposal not pending"
	);
	}
	bytes32 timelockId = self.timelockIds[proposalId];
	if (timelockId != 0) {
	// cancel
	self.timelock.cancel(timelockId);
	// cleanup
	delete self.timelockIds[proposalId];
	}
	return _cancel(self, proposalId);
	}

• ID-6
  GalaxyMember._push(Checkpoints.Trace208,uint208) ignores return value by store.push(clock(),delta)

vebetterdao-contracts/contracts/GalaxyMember.sol

Lines 374 to 376 in 71256ba

	function _push(Checkpoints.Trace208 storage store, uint208 delta) private returns (uint208, uint208) {
	return store.push(clock(), delta);
	}

• ID-7
  VoteEligibilityUpgradeable._pushCheckpoint(Checkpoints.Trace208,uint208) ignores return value by store.push(clock(),delta)

vebetterdao-contracts/contracts/x-2-earn-apps/modules/VoteEligibilityUpgradeable.sol

Lines 130 to 132 in 71256ba

	function _pushCheckpoint(Checkpoints.Trace208 storage store, uint208 delta) private returns (uint208, uint208) {
	return store.push(clock(), delta);
	}

• ID-8
  B3TRGovernor.proposalVotes(uint256) ignores return value by GovernorVotesLogic.getProposalVotes($,proposalId)

vebetterdao-contracts/contracts/B3TRGovernor.sol

Lines 448 to 453 in 71256ba

	function proposalVotes(
	uint256 proposalId
	) external view returns (uint256 againstVotes, uint256 forVotes, uint256 abstainVotes) {
	GovernorStorageTypes.GovernorStorage storage $ = getGovernorStorage();
	return GovernorVotesLogic.getProposalVotes($, proposalId);
	}

• ID-9
  Emissions.distribute() ignores return value by $.xAllocationsGovernor.startNewRound()

vebetterdao-contracts/contracts/Emissions.sol

Lines 286 to 313 in 71256ba

	function distribute() external nonReentrant {
	EmissionsStorage storage $ = _getEmissionsStorage();
	require($.nextCycle > 1, "Emissions: Please start emissions first");
	require(isNextCycleDistributable(), "Emissions: Next cycle not started yet");
	// Mint emissions for current cycle
	uint256 xAllocationsAmount = _calculateNextXAllocation();
	uint256 vote2EarnAmount = _calculateVote2EarnAmount();
	uint256 treasuryAmount = _calculateTreasuryAmount();
	require(
	xAllocationsAmount + vote2EarnAmount + treasuryAmount <= getRemainingEmissions(),
	"Emissions: emissions would exceed B3TR supply cap"
	);
	$.lastEmissionBlock = block.number;
	$.emissions[$.nextCycle] = Emission(xAllocationsAmount, vote2EarnAmount, treasuryAmount);
	$.totalEmissions += xAllocationsAmount + vote2EarnAmount + treasuryAmount;
	$.b3tr.mint($._xAllocations, xAllocationsAmount);
	$.b3tr.mint($._vote2Earn, vote2EarnAmount);
	$.b3tr.mint($._treasury, treasuryAmount);
	$.xAllocationsGovernor.startNewRound();
	emit EmissionDistributed($.nextCycle, xAllocationsAmount, vote2EarnAmount, treasuryAmount);
	$.nextCycle++;
	}

• ID-10
  GovernorDepositLogic.withdraw(GovernorStorageTypes.GovernorStorage,uint256,address) ignores return value by GovernorStateLogic.validateStateBitmap(self,proposalId,GovernorStateLogic.ALL_PROPOSAL_STATES_BITMAP ^ GovernorStateLogic.encodeStateBitmap(GovernorTypes.ProposalState.Pending))

vebetterdao-contracts/contracts/governance/libraries/GovernorDepositLogic.sol

Lines 83 to 100 in 71256ba

	function withdraw(GovernorStorageTypes.GovernorStorage storage self, uint256 proposalId, address depositer) external {
	uint256 amount = self.deposits[proposalId][depositer];
	GovernorStateLogic.validateStateBitmap(
	self,
	proposalId,
	GovernorStateLogic.ALL_PROPOSAL_STATES_BITMAP ^
	GovernorStateLogic.encodeStateBitmap(GovernorTypes.ProposalState.Pending)
	);
	if (amount == 0) {
	revert GovernorNoDepositToWithdraw(proposalId, depositer);
	}
	self.deposits[proposalId][depositer] = 0;
	require(self.vot3.transfer(depositer, amount), "B3TRGovernor: transfer failed");
	}

• ID-11
  GovernorDepositLogic.deposit(GovernorStorageTypes.GovernorStorage,uint256,uint256) ignores return value by GovernorStateLogic.validateStateBitmap(self,proposalId,GovernorStateLogic.encodeStateBitmap(GovernorTypes.ProposalState.Pending))

vebetterdao-contracts/contracts/governance/libraries/GovernorDepositLogic.sol

Lines 54 to 74 in 71256ba

	function deposit(GovernorStorageTypes.GovernorStorage storage self, uint256 amount, uint256 proposalId) external {
	if (amount == 0) {
	revert GovernorInvalidDepositAmount();
	}
	GovernorTypes.ProposalCore storage proposal = self.proposals[proposalId];
	if (proposal.roundIdVoteStart == 0) {
	revert GovernorNonexistentProposal(proposalId);
	}
	GovernorStateLogic.validateStateBitmap(
	self,
	proposalId,
	GovernorStateLogic.encodeStateBitmap(GovernorTypes.ProposalState.Pending)
	);
	proposal.depositAmount += amount;
	depositFunds(self, amount, msg.sender, proposalId);
	}

• ID-12
  GovernorProposalLogic.execute(GovernorStorageTypes.GovernorStorage,address,address[],uint256[],bytes[],bytes32) ignores return value by GovernorStateLogic.validateStateBitmap(self,proposalId,GovernorStateLogic.encodeStateBitmap(GovernorTypes.ProposalState.Succeeded) | GovernorStateLogic.encodeStateBitmap(GovernorTypes.ProposalState.Queued))

vebetterdao-contracts/contracts/governance/libraries/GovernorProposalLogic.sol

Lines 342 to 381 in 71256ba

	function execute(
	GovernorStorageTypes.GovernorStorage storage self,
	address contractAddress, // Address of the calling contract
	address[] memory targets,
	uint256[] memory values,
	bytes[] memory calldatas,
	bytes32 descriptionHash
	) external returns (uint256) {
	uint256 proposalId = hashProposal(targets, values, calldatas, descriptionHash);
	GovernorStateLogic.validateStateBitmap(
	self,
	proposalId,
	GovernorStateLogic.encodeStateBitmap(GovernorTypes.ProposalState.Succeeded) |
	GovernorStateLogic.encodeStateBitmap(GovernorTypes.ProposalState.Queued)
	);
	// mark as executed before calls to avoid reentrancy
	self.proposals[proposalId].executed = true;
	// before execute: register governance call in queue.
	if (GovernorGovernanceLogic.executor(self) != contractAddress) {
	for (uint256 i; i < targets.length; ++i) {
	if (targets[i] == address(this)) {
	self.governanceCall.pushBack(keccak256(calldatas[i]));
	}
	}
	}
	_executeOperations(self, contractAddress, proposalId, targets, values, calldatas, descriptionHash);
	// after execute: cleanup governance call queue.
	if (GovernorGovernanceLogic.executor(self) != contractAddress && !self.governanceCall.empty()) {
	self.governanceCall.clear();
	}
	emit ProposalExecuted(proposalId);
	return proposalId;
	}

• ID-13
  VotesQuorumFractionUpgradeable._updateQuorumNumerator(uint256) ignores return value by $._quorumNumeratorHistory.push(clock(),SafeCast.toUint208(newQuorumNumerator))

vebetterdao-contracts/contracts/x-allocation-voting-governance/modules/VotesQuorumFractionUpgradeable.sol

Lines 140 to 152 in 71256ba

	function _updateQuorumNumerator(uint256 newQuorumNumerator) internal virtual {
	uint256 denominator = quorumDenominator();
	if (newQuorumNumerator > denominator) {
	revert GovernorInvalidQuorumFraction(newQuorumNumerator, denominator);
	}
	uint256 oldQuorumNumerator = quorumNumerator();
	VotesQuorumFractionStorage storage $ = _getVotesQuorumFractionStorage();
	$._quorumNumeratorHistory.push(clock(), SafeCast.toUint208(newQuorumNumerator));
	emit QuorumNumeratorUpdated(oldQuorumNumerator, newQuorumNumerator);
	}

• ID-14
  B3TRGovernor.relay(address,uint256,bytes) ignores return value by Address.verifyCallResult(success,returndata)

vebetterdao-contracts/contracts/B3TRGovernor.sol

Lines 176 to 179 in 71256ba

	function relay(address target, uint256 value, bytes calldata data) external payable virtual onlyGovernance {
	(bool success, bytes memory returndata) = target.call{ value: value }(data);
	Address.verifyCallResult(success, returndata);
	}

• ID-15
  GovernorVotesLogic.castVote(GovernorStorageTypes.GovernorStorage,uint256,address,uint8,string) ignores return value by GovernorStateLogic.validateStateBitmap(self,proposalId,GovernorStateLogic.encodeStateBitmap(GovernorTypes.ProposalState.Active))

vebetterdao-contracts/contracts/governance/libraries/GovernorVotesLogic.sol

Lines 207 to 230 in 71256ba

	function castVote(
	GovernorStorageTypes.GovernorStorage storage self,
	uint256 proposalId,
	address voter,
	uint8 support,
	string calldata reason
	) external returns (uint256) {
	GovernorStateLogic.validateStateBitmap(self, proposalId, GovernorStateLogic.encodeStateBitmap(GovernorTypes.ProposalState.Active));
	uint256 weight = self.vot3.getPastVotes(voter, GovernorProposalLogic._proposalSnapshot(self, proposalId));
	uint256 power = Math.sqrt(weight) * 1e9;
	if (weight < GovernorConfigurator.getVotingThreshold(self)) {
	revert GovernorVotingThresholdNotMet(weight, GovernorConfigurator.getVotingThreshold(self));
	}
	_countVote(self, proposalId, voter, support, weight, power);
	self.voterRewards.registerVote(GovernorProposalLogic._proposalSnapshot(self, proposalId), voter, weight, Math.sqrt(weight));
	emit VoteCast(voter, proposalId, support, weight, power, reason);
	return weight;
	}

• ID-16
  GovernorProposalLogic.queue(GovernorStorageTypes.GovernorStorage,address,address[],uint256[],bytes[],bytes32) ignores return value by GovernorStateLogic.validateStateBitmap(self,proposalId,GovernorStateLogic.encodeStateBitmap(GovernorTypes.ProposalState.Succeeded))

vebetterdao-contracts/contracts/governance/libraries/GovernorProposalLogic.sol

Lines 295 to 329 in 71256ba

	function queue(
	GovernorStorageTypes.GovernorStorage storage self,
	address contractAddress, // Address of the calling contract
	address[] memory targets,
	uint256[] memory values,
	bytes[] memory calldatas,
	bytes32 descriptionHash
	) external returns (uint256) {
	uint256 proposalId = hashProposal(targets, values, calldatas, descriptionHash);
	GovernorStateLogic.validateStateBitmap(
	self,
	proposalId,
	GovernorStateLogic.encodeStateBitmap(GovernorTypes.ProposalState.Succeeded)
	);
	uint48 etaSeconds = _queueOperations(
	self,
	contractAddress,
	proposalId,
	targets,
	values,
	calldatas,
	descriptionHash
	);
	if (etaSeconds != 0) {
	self.proposals[proposalId].etaSeconds = etaSeconds;
	emit ProposalQueued(proposalId, etaSeconds);
	} else {
	revert GovernorQueueNotImplemented();
	}
	return proposalId;
	}

• ID-17
  GovernorQuorumLogic.updateQuorumNumerator(GovernorStorageTypes.GovernorStorage,uint256) ignores return value by self.quorumNumeratorHistory.push(GovernorClockLogic.clock(self),SafeCast.toUint208(newQuorumNumerator))

vebetterdao-contracts/contracts/governance/libraries/GovernorQuorumLogic.sol

Lines 117 to 131 in 71256ba

	function updateQuorumNumerator(
	GovernorStorageTypes.GovernorStorage storage self,
	uint256 newQuorumNumerator
	) external {
	uint256 denominator = quorumDenominator();
	uint256 oldQuorumNumerator = quorumNumerator(self);
	if (newQuorumNumerator > denominator) {
	revert GovernorInvalidQuorumFraction(newQuorumNumerator, denominator);
	}
	self.quorumNumeratorHistory.push(GovernorClockLogic.clock(self), SafeCast.toUint208(newQuorumNumerator));
	emit QuorumNumeratorUpdated(oldQuorumNumerator, newQuorumNumerator);
	}

shadowing-local

Impact: Low
Confidence: High

• ID-18
  IX2EarnApps.addApp(address,address,string,string).teamWalletAddress shadows:
  • IX2EarnApps.teamWalletAddress(bytes32) (function)

vebetterdao-contracts/contracts/interfaces/IX2EarnApps.sol

Line 144 in 71256ba

function addApp(address teamWalletAddress, address admin, string memory appName, string memory metadataURI) external;

• ID-19
  IVOT3.eip712Domain().name shadows:
  • IVOT3.name() (function)

vebetterdao-contracts/contracts/interfaces/IVOT3.sol

Line 105 in 71256ba

string memory name,

• ID-20
  IVOT3.eip712Domain().version shadows:
  • IVOT3.version() (function)

vebetterdao-contracts/contracts/interfaces/IVOT3.sol

Line 106 in 71256ba

string memory version,

• ID-21
  AppsStorageUpgradeable._addApp(address,address,string,string).metadataURI shadows:
  • X2EarnAppsUpgradeable.metadataURI(bytes32) (function)

vebetterdao-contracts/contracts/x-2-earn-apps/modules/AppsStorageUpgradeable.sol

Line 82 in 71256ba

string memory metadataURI

• ID-22
  IGalaxyMember.initialize(string,string,address,address,uint256,string,uint256[],uint256[],address,address).name shadows:
  • IGalaxyMember.name() (function)

vebetterdao-contracts/contracts/interfaces/IGalaxyMember.sol

Line 145 in 71256ba

string memory name,

• ID-23
  IGalaxyMember.initialize(string,string,address,address,uint256,string,uint256[],uint256[],address,address).symbol shadows:
  • IGalaxyMember.symbol() (function)

vebetterdao-contracts/contracts/interfaces/IGalaxyMember.sol

Line 146 in 71256ba

string memory symbol,

• ID-24
  AppsStorageUpgradeable._addApp(address,address,string,string).teamWalletAddress shadows:
  • X2EarnAppsUpgradeable.teamWalletAddress(bytes32) (function)
  • IX2EarnApps.teamWalletAddress(bytes32) (function)

vebetterdao-contracts/contracts/x-2-earn-apps/modules/AppsStorageUpgradeable.sol

Line 79 in 71256ba

address teamWalletAddress,

• ID-25
  X2EarnAppsUpgradeable._updateAppMetadata(bytes32,string).metadataURI shadows:
  • X2EarnAppsUpgradeable.metadataURI(bytes32) (function)

vebetterdao-contracts/contracts/x-2-earn-apps/X2EarnAppsUpgradeable.sol

Line 153 in 71256ba

function _updateAppMetadata(bytes32 appId, string memory metadataURI) internal virtual;

missing-zero-check

Impact: Low
Confidence: Medium

• ID-26
  Treasury.transferVET(address,uint256)._to lacks a zero-check on :
  - (sent,None) = _to.call{value: _value}()

vebetterdao-contracts/contracts/Treasury.sol

Line 232 in 71256ba

function transferVET(address _to, uint256 _value) external onlyGovernanceWhenNotPaused nonReentrant {

• ID-27
  B3TRGovernor.relay(address,uint256,bytes).target lacks a zero-check on :
  - (success,returndata) = target.call{value: value}(data)

vebetterdao-contracts/contracts/B3TRGovernor.sol

Line 176 in 71256ba

function relay(address target, uint256 value, bytes calldata data) external payable virtual onlyGovernance {

calls-loop

Impact: Low
Confidence: Medium

• ID-28
  RoundsStorageUpgradeable.getAppsOfRound(uint256) has external calls inside a loop: allApps[i] = x2EarnApps().app(appsInRound[i])

vebetterdao-contracts/contracts/x-allocation-voting-governance/modules/RoundsStorageUpgradeable.sol

Lines 181 to 196 in 71256ba

	function getAppsOfRound(
	uint256 roundId
	) external view returns (X2EarnAppsDataTypes.AppWithDetailsReturnType[] memory) {
	RoundsStorageStorage storage $ = _getRoundsStorageStorage();
	bytes32[] memory appsInRound = $._appsEligibleForVoting[roundId];
	uint256 length = appsInRound.length;
	X2EarnAppsDataTypes.AppWithDetailsReturnType[] memory allApps = new X2EarnAppsDataTypes.AppWithDetailsReturnType[](
	length
	);
	for (uint i; i < length; i++) {
	allApps[i] = x2EarnApps().app(appsInRound[i]);
	}
	return allApps;
	}

reentrancy-events

Impact: Low
Confidence: Medium

• ID-29
  Reentrancy in GovernorProposalLogic.cancel(GovernorStorageTypes.GovernorStorage,address,bool,address[],uint256[],bytes[],bytes32):
  External calls:
  • self.timelock.cancel(timelockId)
    Event emitted after the call(s):
  • ProposalCanceled(proposalId)
    • _cancel(self,proposalId)

vebetterdao-contracts/contracts/governance/libraries/GovernorProposalLogic.sol

Lines 393 to 432 in 71256ba

	function cancel(
	GovernorStorageTypes.GovernorStorage storage self,
	address account,
	bool admin,
	address[] memory targets,
	uint256[] memory values,
	bytes[] memory calldatas,
	bytes32 descriptionHash
	) external returns (uint256) {
	uint256 proposalId = hashProposal(targets, values, calldatas, descriptionHash);
	if (account != proposalProposer(self, proposalId) && !admin) {
	revert UnauthorizedAccess(account);
	}
	GovernorStateLogic.validateStateBitmap(
	self,
	proposalId,
	GovernorStateLogic.ALL_PROPOSAL_STATES_BITMAP ^
	GovernorStateLogic.encodeStateBitmap(GovernorTypes.ProposalState.Canceled) ^
	GovernorStateLogic.encodeStateBitmap(GovernorTypes.ProposalState.Executed)
	);
	if (account == proposalProposer(self, proposalId)) {
	require(
	GovernorStateLogic._state(self, proposalId) == GovernorTypes.ProposalState.Pending,
	"Governor: proposal not pending"
	);
	}
	bytes32 timelockId = self.timelockIds[proposalId];
	if (timelockId != 0) {
	// cancel
	self.timelock.cancel(timelockId);
	// cleanup
	delete self.timelockIds[proposalId];
	}
	return _cancel(self, proposalId);
	}

• ID-30
  Reentrancy in GovernorProposalLogic.queue(GovernorStorageTypes.GovernorStorage,address,address[],uint256[],bytes[],bytes32):
  External calls:
  • etaSeconds = _queueOperations(self,contractAddress,proposalId,targets,values,calldatas,descriptionHash)
    • self.timelock.scheduleBatch(targets,values,calldatas,0,salt,delay)
      Event emitted after the call(s):
  • ProposalQueued(proposalId,etaSeconds)

vebetterdao-contracts/contracts/governance/libraries/GovernorProposalLogic.sol

Lines 295 to 329 in 71256ba

	function queue(
	GovernorStorageTypes.GovernorStorage storage self,
	address contractAddress, // Address of the calling contract
	address[] memory targets,
	uint256[] memory values,
	bytes[] memory calldatas,
	bytes32 descriptionHash
	) external returns (uint256) {
	uint256 proposalId = hashProposal(targets, values, calldatas, descriptionHash);
	GovernorStateLogic.validateStateBitmap(
	self,
	proposalId,
	GovernorStateLogic.encodeStateBitmap(GovernorTypes.ProposalState.Succeeded)
	);
	uint48 etaSeconds = _queueOperations(
	self,
	contractAddress,
	proposalId,
	targets,
	values,
	calldatas,
	descriptionHash
	);
	if (etaSeconds != 0) {
	self.proposals[proposalId].etaSeconds = etaSeconds;
	emit ProposalQueued(proposalId, etaSeconds);
	} else {
	revert GovernorQueueNotImplemented();
	}
	return proposalId;
	}

• ID-31
  Reentrancy in GovernorProposalLogic.execute(GovernorStorageTypes.GovernorStorage,address,address[],uint256[],bytes[],bytes32):
  External calls:
  • _executeOperations(self,contractAddress,proposalId,targets,values,calldatas,descriptionHash)
    • self.timelock.executeBatch{value: msg.value}(targets,values,calldatas,0,GovernorGovernanceLogic.timelockSalt(descriptionHash,contractAddress))
      Event emitted after the call(s):
  • ProposalExecuted(proposalId)

vebetterdao-contracts/contracts/governance/libraries/GovernorProposalLogic.sol

Lines 342 to 381 in 71256ba

	function execute(
	GovernorStorageTypes.GovernorStorage storage self,
	address contractAddress, // Address of the calling contract
	address[] memory targets,
	uint256[] memory values,
	bytes[] memory calldatas,
	bytes32 descriptionHash
	) external returns (uint256) {
	uint256 proposalId = hashProposal(targets, values, calldatas, descriptionHash);
	GovernorStateLogic.validateStateBitmap(
	self,
	proposalId,
	GovernorStateLogic.encodeStateBitmap(GovernorTypes.ProposalState.Succeeded) |
	GovernorStateLogic.encodeStateBitmap(GovernorTypes.ProposalState.Queued)
	);
	// mark as executed before calls to avoid reentrancy
	self.proposals[proposalId].executed = true;
	// before execute: register governance call in queue.
	if (GovernorGovernanceLogic.executor(self) != contractAddress) {
	for (uint256 i; i < targets.length; ++i) {
	if (targets[i] == address(this)) {
	self.governanceCall.pushBack(keccak256(calldatas[i]));
	}
	}
	}
	_executeOperations(self, contractAddress, proposalId, targets, values, calldatas, descriptionHash);
	// after execute: cleanup governance call queue.
	if (GovernorGovernanceLogic.executor(self) != contractAddress && !self.governanceCall.empty()) {
	self.governanceCall.clear();
	}
	emit ProposalExecuted(proposalId);
	return proposalId;
	}

• ID-32
  Reentrancy in X2EarnRewardsPool.deposit(uint256,bytes32):
  External calls:
  • require(bool,string)($.b3tr.transferFrom(msg.sender,address(this),amount),X2EarnRewardsPool: deposit transfer failed)
    Event emitted after the call(s):
  • NewDeposit(amount,appId,msg.sender)

vebetterdao-contracts/contracts/X2EarnRewardsPool.sol

Lines 111 to 126 in 71256ba

	function deposit(uint256 amount, bytes32 appId) external returns (bool) {
	X2EarnRewardsPoolStorage storage $ = _getX2EarnRewardsPoolStorage();
	// check that app exists
	require($.x2EarnApps.appExists(appId), "X2EarnRewardsPool: app does not exist");
	// increase available amount for the app
	$.availableFunds[appId] += amount;
	// transfer tokens to this contract
	require($.b3tr.transferFrom(msg.sender, address(this), amount), "X2EarnRewardsPool: deposit transfer failed");
	emit NewDeposit(amount, appId, msg.sender);
	return true;
	}

• ID-33
  Reentrancy in GovernorDepositLogic.depositFunds(GovernorStorageTypes.GovernorStorage,uint256,address,uint256):
  External calls:
  • require(bool,string)(self.vot3.transferFrom(depositor,address(this),amount),B3TRGovernor: transfer failed)
    Event emitted after the call(s):
  • ProposalDeposit(depositor,proposalId,amount)

vebetterdao-contracts/contracts/governance/libraries/GovernorDepositLogic.sol

Lines 110 to 121 in 71256ba

	function depositFunds(
	GovernorStorageTypes.GovernorStorage storage self,
	uint256 amount,
	address depositor,
	uint256 proposalId
	) internal {
	require(self.vot3.transferFrom(depositor, address(this), amount), "B3TRGovernor: transfer failed");
	self.deposits[proposalId][depositor] += amount;
	emit ProposalDeposit(depositor, proposalId, amount);
	}

• ID-34
  Reentrancy in GovernorProposalLogic._propose(GovernorStorageTypes.GovernorStorage,address,uint256,address[],uint256[],bytes[],string,uint256,uint256):
  External calls:
  • GovernorDepositLogic.depositFunds(self,depositAmount,proposer,proposalId)
    Event emitted after the call(s):
  • [ProposalCreated(proposalId,proposer,targets,values,new string,calldatas,description,startRoundId,depositThresholdAmount)](

    vebetterdao-contracts/contracts/governance/libraries/GovernorProposalLogic.sol

    Lines 477 to 487 in 71256ba

    	emit ProposalCreated(
    	proposalId,
    	proposer,
    	targets,
    	values,
    	new string[](targets.length),
    	calldatas,
    	description,
    	startRoundId,
    	depositThresholdAmount
    	);

    )

vebetterdao-contracts/contracts/governance/libraries/GovernorProposalLogic.sol

Lines 449 to 490 in 71256ba

	function _propose(
	GovernorStorageTypes.GovernorStorage storage self,
	address proposer,
	uint256 proposalId,
	address[] memory targets,
	uint256[] memory values,
	bytes[] memory calldatas,
	string memory description,
	uint256 startRoundId,
	uint256 depositAmount
	) private returns (uint256) {
	uint256 depositThresholdAmount = GovernorDepositLogic._depositThreshold(self);
	_setProposal(
	self,
	proposalId,
	proposer,
	SafeCast.toUint32(self.xAllocationVoting.votingPeriod()),
	startRoundId,
	targets.length > 0,
	depositAmount,
	depositThresholdAmount
	);
	if (depositAmount > 0) {
	GovernorDepositLogic.depositFunds(self, depositAmount, proposer, proposalId);
	}
	emit ProposalCreated(
	proposalId,
	proposer,
	targets,
	values,
	new string[](targets.length),
	calldatas,
	description,
	startRoundId,
	depositThresholdAmount
	);
	return proposalId;
	}

• ID-35
  Reentrancy in GovernorVotesLogic.castVote(GovernorStorageTypes.GovernorStorage,uint256,address,uint8,string):
  External calls:
  • self.voterRewards.registerVote(GovernorProposalLogic._proposalSnapshot(self,proposalId),voter,weight,Math.sqrt(weight))
    Event emitted after the call(s):
  • VoteCast(voter,proposalId,support,weight,power,reason)

vebetterdao-contracts/contracts/governance/libraries/GovernorVotesLogic.sol

Lines 207 to 230 in 71256ba

	function castVote(
	GovernorStorageTypes.GovernorStorage storage self,
	uint256 proposalId,
	address voter,
	uint8 support,
	string calldata reason
	) external returns (uint256) {
	GovernorStateLogic.validateStateBitmap(self, proposalId, GovernorStateLogic.encodeStateBitmap(GovernorTypes.ProposalState.Active));
	uint256 weight = self.vot3.getPastVotes(voter, GovernorProposalLogic._proposalSnapshot(self, proposalId));
	uint256 power = Math.sqrt(weight) * 1e9;
	if (weight < GovernorConfigurator.getVotingThreshold(self)) {
	revert GovernorVotingThresholdNotMet(weight, GovernorConfigurator.getVotingThreshold(self));
	}
	_countVote(self, proposalId, voter, support, weight, power);
	self.voterRewards.registerVote(GovernorProposalLogic._proposalSnapshot(self, proposalId), voter, weight, Math.sqrt(weight));
	emit VoteCast(voter, proposalId, support, weight, power, reason);
	return weight;
	}

• ID-36
  Reentrancy in RoundVotesCountingUpgradeable._countVote(uint256,address,bytes32[],uint256[]):
  External calls:
  • voterRewards().registerVote(roundStart,voter,totalWeight,Math.sqrt(totalWeight))
    Event emitted after the call(s):
  • AllocationVoteCast(voter,roundId,apps,weights)

vebetterdao-contracts/contracts/x-allocation-voting-governance/modules/RoundVotesCountingUpgradeable.sol

Lines 137 to 211 in 71256ba

	function _countVote(
	uint256 roundId,
	address voter,
	bytes32[] memory apps,
	uint256[] memory weights
	) internal virtual override {
	if (hasVoted(roundId, voter)) {
	revert GovernorAlreadyCastVote(voter);
	}
	RoundVotesCountingStorage storage $ = _getRoundVotesCountingStorage();
	// Get the start of the round
	uint256 roundStart = roundSnapshot(roundId);
	// To hold the total weight of votes cast by the voter
	uint256 totalWeight;
	// To hold the total adjustment to the quadratic funding value for the given app
	uint256 totalQFVotesAdjustment;
	// Get the total voting power of the voter to use in the for loop to check
	// if the total weight of votes cast by the voter is greater than the voter's available voting power
	uint256 voterAvailableVotes = getVotes(voter, roundStart);
	// Iterate through the apps and weights to calculate the total weight of votes cast by the voter
	for (uint256 i; i < apps.length; i++) {
	// Update the total weight of votes cast by the voter
	totalWeight += weights[i];
	if (totalWeight > voterAvailableVotes) {
	revert GovernorInsufficientVotingPower();
	}
	// Check if the app is eligible for votes in the current round
	if (!isEligibleForVote(apps[i], roundId)) {
	revert GovernorAppNotAvailableForVoting(apps[i]);
	}
	// Get the current sum of the square roots of individual votes for the given project
	uint256 qfAppVotesPreVote = $._roundVotes[roundId].votesReceivedQF[apps[i]]; // ∑(sqrt(votes)) -> sqrt(votes1) + sqrt(votes2) + ... + sqrt(votesN)
	// Calculate the new sum of the square roots of individual votes for the given project
	uint256 newQFVotes = Math.sqrt(weights[i]); // sqrt(votes)
	uint256 qfAppVotesPostVote = qfAppVotesPreVote + newQFVotes; // ∑(sqrt(votes)) -> sqrt(votes1) + sqrt(votes2) + ... + sqrt(votesN) + sqrt(votesN+1)
	// Calculate the adjustment to the quadratic funding value for the given app
	totalQFVotesAdjustment += (qfAppVotesPostVote * qfAppVotesPostVote) - (qfAppVotesPreVote * qfAppVotesPreVote); // (sqrt(votes1) + ... + sqrt(votesN+1))^2 - (sqrt(votes1) + ... + sqrt(votesN))^2
	// Update the quadratic funding votes received for the given app - sum of the square roots of individual votes
	$._roundVotes[roundId].votesReceivedQF[apps[i]] = qfAppVotesPostVote; // ∑(sqrt(votes)) -> sqrt(votes1) + sqrt(votes2) + ... + sqrt(votesN+1)
	$._roundVotes[roundId].votesReceived[apps[i]] += weights[i]; // ∑votes + votesN+1
	}
	// Check if the total weight of votes cast by the voter is greater than the voting threshold
	if (totalWeight < votingThreshold()) {
	revert GovernorVotingThresholdNotMet(votingThreshold(), totalWeight);
	}
	// Apply the total adjustment to storage
	$._roundVotes[roundId].totalVotesQF += totalQFVotesAdjustment; // update the total quadratic funding value for the round - ∑(∑sqrt(votes))^2 -> (sqrt(votesAppX1) + sqrt(votesAppX2) + ...)^2 + (sqrt(votesAppY1) + sqrt(votesAppY2) + ...)^2 + ...
	$._roundVotes[roundId].totalVotes += totalWeight; // update total votes -> ∑votes + votesN+1
	$._roundVotes[roundId].hasVoted[voter] = true; // mark the voter as having voted
	$._roundVotes[roundId].totalVoters++; // increment the total number of voters
	// save that user cast vote only the first time
	if (!$._hasVotedOnce[voter]) {
	$._hasVotedOnce[voter] = true;
	}
	// Register the vote for rewards calculation where the vote power is the square root of the total votes cast by the voter
	voterRewards().registerVote(roundStart, voter, totalWeight, Math.sqrt(totalWeight));
	// Emit the AllocationVoteCast event
	emit AllocationVoteCast(voter, roundId, apps, weights);
	}

timestamp

Impact: Low
Confidence: Medium

• ID-37
  GovernorProposalLogic.queue(GovernorStorageTypes.GovernorStorage,address,address[],uint256[],bytes[],bytes32) uses timestamp for comparisons
  Dangerous comparisons:
  • etaSeconds != 0

vebetterdao-contracts/contracts/governance/libraries/GovernorProposalLogic.sol

Lines 295 to 329 in 71256ba

	function queue(
	GovernorStorageTypes.GovernorStorage storage self,
	address contractAddress, // Address of the calling contract
	address[] memory targets,
	uint256[] memory values,
	bytes[] memory calldatas,
	bytes32 descriptionHash
	) external returns (uint256) {
	uint256 proposalId = hashProposal(targets, values, calldatas, descriptionHash);
	GovernorStateLogic.validateStateBitmap(
	self,
	proposalId,
	GovernorStateLogic.encodeStateBitmap(GovernorTypes.ProposalState.Succeeded)
	);
	uint48 etaSeconds = _queueOperations(
	self,
	contractAddress,
	proposalId,
	targets,
	values,
	calldatas,
	descriptionHash
	);
	if (etaSeconds != 0) {
	self.proposals[proposalId].etaSeconds = etaSeconds;
	emit ProposalQueued(proposalId, etaSeconds);
	} else {
	revert GovernorQueueNotImplemented();
	}
	return proposalId;
	}