QAReportsTools
Introduction
QAReportsTools is a static analyzer for solidity contracts based on c4udit.
Installation
First you need to have the Go toolchain installed. You can find instruction here.
Then install QAReportsTools with:
$ go install github.com/gsangeryee/QAReportsTools@latest
To just build the binary:
$ cd QAReports/
$ go build -o QAReports
Now you should be able to run QAReports with:
$ ./QAReports smart-contracts/
Using the -s flag, QAReports will create a report in markdown format.
$ ./QAReports -s smart-contracts/
Usage
Usage:
QAReportsTools [flags] [files...]
Flags:
-h Print help text.
-s Save report as file.
Example
Running QAReports against the 2022-05-sturdy directory:
$ ./QAReports -s 2022-05-sturdy/
Files analyzed:
- 2022-05-sturdy/smart-contracts/CollateralAdapter.sol
- 2022-05-sturdy/smart-contracts/ConvexCurveLPVault.sol
- 2022-05-sturdy/smart-contracts/GeneralVault.sol
- 2022-05-sturdy/smart-contracts/LidoVault.sol
- 2022-05-sturdy/smart-contracts/YieldManager.sol
Issues found:
[G-001]:
2022-05-sturdy/smart-contracts/ConvexCurveLPVault.sol::106 => for (uint256 i = 0; i < extraRewardsLength; i++) {
2022-05-sturdy/smart-contracts/GeneralVault.sol::218 => for (uint256 i = 0; i < length; i++) {
2022-05-sturdy/smart-contracts/YieldManager.sol::120 => for (uint256 i = 0; i < _count; i++) {
2022-05-sturdy/smart-contracts/YieldManager.sol::130 => for (uint256 i = 0; i < assetYields.length; i++) {
2022-05-sturdy/smart-contracts/YieldManager.sol::156 => for (uint256 i = 0; i < length; i++) {
[G-002]:
2022-05-sturdy/smart-contracts/GeneralVault.sol::210 => uint256 length
2022-05-sturdy/smart-contracts/GeneralVault.sol::215 => AssetYield[] memory assetYields = new AssetYield[](length);
2022-05-sturdy/smart-contracts/GeneralVault.sol::218 => for (uint256 i = 0; i < length; i++) {
2022-05-sturdy/smart-contracts/GeneralVault.sol::220 => if (i != length - 1) {
2022-05-sturdy/smart-contracts/YieldManager.sol::130 => for (uint256 i = 0; i < assetYields.length; i++) {
2022-05-sturdy/smart-contracts/YieldManager.sol::148 => uint256 length
2022-05-sturdy/smart-contracts/YieldManager.sol::153 => AssetYield[] memory assetYields = new AssetYield[](length);
2022-05-sturdy/smart-contracts/YieldManager.sol::156 => for (uint256 i = 0; i < length; i++) {
2022-05-sturdy/smart-contracts/YieldManager.sol::158 => if (i != length - 1) {
[G-003]:
2022-05-sturdy/smart-contracts/ConvexCurveLPVault.sol::75 => if (_vaultFee > 0) {
2022-05-sturdy/smart-contracts/GeneralVault.sol::179 => require(yieldStAsset > 0, Errors.VT_PROCESS_YIELD_INVALID);
2022-05-sturdy/smart-contracts/LidoVault.sol::36 => if (_vaultFee > 0) {
2022-05-sturdy/smart-contracts/LidoVault.sol::88 => require(msg.value > 0, Errors.VT_COLLATERAL_DEPOSIT_REQUIRE_ETH);
2022-05-sturdy/smart-contracts/YieldManager.sol::131 => if (assetYields[i].amount > 0) {
G-008:
2022-05-sturdy/smart-contracts/YieldManager.sol::128 => // 2. convert from exchange token to other stable assets via curve swap
L-001:
2022-05-sturdy/smart-contracts/YieldManager.sol::221 => IERC20(_asset).approve(_lendingPool, _amount);
L-005:
2022-05-sturdy/smart-contracts/ConvexCurveLPVault.sol::141 => IERC20(curveLPToken).safeApprove(convexBooster, _amount);
2022-05-sturdy/smart-contracts/ConvexCurveLPVault.sol::146 => IERC20(internalAssetToken).safeApprove(address(_addressesProvider.getLendingPool()), _amount);
2022-05-sturdy/smart-contracts/LidoVault.sol::102 => IERC20(LIDO).safeApprove(address(_addressesProvider.getLendingPool()), assetAmount);
Credits
QAReportsTools was developed by Jason Zhang
Thus, if you have any ideas, comments, feedback, or doubts, I would be pleased to know about it, so please contact me.
