QAReportsTools

Introduction

QAReportsTools is a static analyzer for solidity contracts based on c4udit.

Installation

First you need to have the Go toolchain installed. You can find instruction here.

Then install QAReportsTools with:

$ go install github.com/gsangeryee/[email protected]

To just build the binary:

$ cd QAReports/
$ go build -o QAReports

Now you should be able to run QAReports with:

$ ./QAReports smart-contracts/

Using the -s flag, QAReports will create a report in markdown format.

$ ./QAReports -s smart-contracts/

Usage

Usage:
	QAReportsTools [flags] [files...]

Flags:
	-h    Print help text.
	-s    Save report as file.

Example

Running QAReports against the 2022-05-sturdy directory:

$ ./QAReports -s 2022-05-sturdy/
Files analyzed:
- 2022-05-sturdy/smart-contracts/CollateralAdapter.sol
- 2022-05-sturdy/smart-contracts/ConvexCurveLPVault.sol
- 2022-05-sturdy/smart-contracts/GeneralVault.sol
- 2022-05-sturdy/smart-contracts/LidoVault.sol
- 2022-05-sturdy/smart-contracts/YieldManager.sol


Issues found:
 [G-001]:
  2022-05-sturdy/smart-contracts/ConvexCurveLPVault.sol::106 => for (uint256 i = 0; i < extraRewardsLength; i++) {
  2022-05-sturdy/smart-contracts/GeneralVault.sol::218 => for (uint256 i = 0; i < length; i++) {
  2022-05-sturdy/smart-contracts/YieldManager.sol::120 => for (uint256 i = 0; i < _count; i++) {
  2022-05-sturdy/smart-contracts/YieldManager.sol::130 => for (uint256 i = 0; i < assetYields.length; i++) {
  2022-05-sturdy/smart-contracts/YieldManager.sol::156 => for (uint256 i = 0; i < length; i++) {

 [G-002]:
  2022-05-sturdy/smart-contracts/GeneralVault.sol::210 => uint256 length
  2022-05-sturdy/smart-contracts/GeneralVault.sol::215 => AssetYield[] memory assetYields = new AssetYield[](length);
  2022-05-sturdy/smart-contracts/GeneralVault.sol::218 => for (uint256 i = 0; i < length; i++) {
  2022-05-sturdy/smart-contracts/GeneralVault.sol::220 => if (i != length - 1) {
  2022-05-sturdy/smart-contracts/YieldManager.sol::130 => for (uint256 i = 0; i < assetYields.length; i++) {
  2022-05-sturdy/smart-contracts/YieldManager.sol::148 => uint256 length
  2022-05-sturdy/smart-contracts/YieldManager.sol::153 => AssetYield[] memory assetYields = new AssetYield[](length);
  2022-05-sturdy/smart-contracts/YieldManager.sol::156 => for (uint256 i = 0; i < length; i++) {
  2022-05-sturdy/smart-contracts/YieldManager.sol::158 => if (i != length - 1) {

 [G-003]:
  2022-05-sturdy/smart-contracts/ConvexCurveLPVault.sol::75 => if (_vaultFee > 0) {
  2022-05-sturdy/smart-contracts/GeneralVault.sol::179 => require(yieldStAsset > 0, Errors.VT_PROCESS_YIELD_INVALID);
  2022-05-sturdy/smart-contracts/LidoVault.sol::36 => if (_vaultFee > 0) {
  2022-05-sturdy/smart-contracts/LidoVault.sol::88 => require(msg.value > 0, Errors.VT_COLLATERAL_DEPOSIT_REQUIRE_ETH);
  2022-05-sturdy/smart-contracts/YieldManager.sol::131 => if (assetYields[i].amount > 0) {

 G-008:
  2022-05-sturdy/smart-contracts/YieldManager.sol::128 => // 2. convert from exchange token to other stable assets via curve swap

 L-001:
  2022-05-sturdy/smart-contracts/YieldManager.sol::221 => IERC20(_asset).approve(_lendingPool, _amount);

 L-005:
  2022-05-sturdy/smart-contracts/ConvexCurveLPVault.sol::141 => IERC20(curveLPToken).safeApprove(convexBooster, _amount);
  2022-05-sturdy/smart-contracts/ConvexCurveLPVault.sol::146 => IERC20(internalAssetToken).safeApprove(address(_addressesProvider.getLendingPool()), _amount);
  2022-05-sturdy/smart-contracts/LidoVault.sol::102 => IERC20(LIDO).safeApprove(address(_addressesProvider.getLendingPool()), assetAmount);

Credits

QAReportsTools was developed by Jason Zhang Thus, if you have any ideas, comments, feedback, or doubts, I would be pleased to know about it, so please contact me.

GitHub

View Github