This repository has been archived by the owner on Jul 6, 2022. It is now read-only.
forked from Consensys/polymath-audit-report-2019-04
-
Notifications
You must be signed in to change notification settings - Fork 1
/
VestingEscrowWallet.sol.mythril.out
379 lines (311 loc) · 13.4 KB
/
VestingEscrowWallet.sol.mythril.out
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
==== Exception State ====
SWC ID: 110
Severity: Low
Contract: VestingEscrowWalletStorage
Function name: [schedules(address,uint256), schedules(address,uint256)] (ambiguous)
PC address: 552
Estimated Gas Usage: 763 - 1048
A reachable exception has been detected.
It is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking.
--------------------
In file: modules/VestingEscrowWallet.sol:1282
mapping(address => Schedule[]) public schedules
--------------------
==== Exception State ====
SWC ID: 110
Severity: Low
Contract: VestingEscrowWalletStorage
Function name: [templateNames(uint256), templateNames(uint256)] (ambiguous)
PC address: 608
Estimated Gas Usage: 689 - 784
A reachable exception has been detected.
It is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking.
--------------------
In file: modules/VestingEscrowWallet.sol:1297
bytes32[] public templateNames
--------------------
==== Exception State ====
SWC ID: 110
Severity: Low
Contract: VestingEscrowWalletStorage
Function name: [beneficiaries(uint256), beneficiaries(uint256)] (ambiguous)
PC address: 641
Estimated Gas Usage: 711 - 806
A reachable exception has been detected.
It is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking.
--------------------
In file: modules/VestingEscrowWallet.sol:1277
address[] public beneficiaries
--------------------
==== Multiple Calls in a Single Transaction ====
SWC ID: 113
Severity: Medium
Contract: VestingEscrowWallet
Function name: [getTreasuryWallet(), getTreasuryWallet()] (ambiguous)
PC address: 1003
Estimated Gas Usage: 4527 - 74592
Multiple sends are executed in one transaction.
Consecutive calls are executed at the following bytecode offsets:
Offset: 14840
Offset: 6085
Try to isolate each external call into its own transaction, as external calls can fail accidentally or deliberately.
--------------------
In file: modules/VestingEscrowWallet.sol:1411
function getTreasuryWallet() public view returns(address) {
if (treasuryWallet == address(0)) {
address wallet = IDataStore(getDataStore()).getAddress(TREASURY);
require(wallet != address(0), "Invalid address");
return wallet;
} else
return treasuryWallet;
}
--------------------
==== Multiple Calls in a Single Transaction ====
SWC ID: 113
Severity: Medium
Contract: VestingEscrowWallet
Function name: [takeUsageFee(), takeUsageFee(), takeUsageFee(), takeUsageFee()] (ambiguous)
PC address: 3774
Estimated Gas Usage: 11770 - 187361
Multiple sends are executed in one transaction.
Consecutive calls are executed at the following bytecode offsets:
Offset: 15336
Offset: 15762
Offset: 11043
Offset: 11208
Offset: 11423
Try to isolate each external call into its own transaction, as external calls can fail accidentally or deliberately.
--------------------
In file: modules/VestingEscrowWallet.sol:1204
function takeUsageFee() public withPerm(ADMIN) returns(bool) {
require(polyToken.transferFrom(securityToken, Ownable(factory).owner(), IModuleFactory(factory).usageCostInPoly()), "Unable to take fee");
return true;
}
--------------------
==== Multiple Calls in a Single Transaction ====
SWC ID: 113
Severity: Medium
Contract: VestingEscrowWallet
Function name: pushAvailableTokensMulti(uint256,uint256)
PC address: 3830
Estimated Gas Usage: 5630 - 75934
Multiple sends are executed in one transaction.
Consecutive calls are executed at the following bytecode offsets:
Offset: 15336
Offset: 15762
Try to isolate each external call into its own transaction, as external calls can fail accidentally or deliberately.
--------------------
In file: modules/VestingEscrowWallet.sol:1728
function pushAvailableTokensMulti(uint256 _fromIndex, uint256 _toIndex) public withPerm(OPERATOR) {
require(_toIndex <= beneficiaries.length - 1, "Array out of bound");
for (uint256 i = _fromIndex; i <= _toIndex; i++) {
if (schedules[beneficiaries[i]].length !=0)
pushAvailableTokens(beneficiaries[i]);
}
}
--------------------
==== Multiple Calls in a Single Transaction ====
SWC ID: 113
Severity: Medium
Contract: VestingEscrowWallet
Function name: revokeAllSchedules(address)
PC address: 4707
Estimated Gas Usage: 18876 - 130572
Multiple sends are executed in one transaction.
Consecutive calls are executed at the following bytecode offsets:
Offset: 15336
Offset: 15762
Try to isolate each external call into its own transaction, as external calls can fail accidentally or deliberately.
--------------------
In file: modules/VestingEscrowWallet.sol:1627
function revokeAllSchedules(address _beneficiary) public withPerm(ADMIN) {
_revokeAllSchedules(_beneficiary);
}
--------------------
==== Multiple Calls in a Single Transaction ====
SWC ID: 113
Severity: Medium
Contract: VestingEscrowWallet
Function name: depositTokens(uint256)
PC address: 4799
Estimated Gas Usage: 13641 - 139659
Multiple sends are executed in one transaction.
Consecutive calls are executed at the following bytecode offsets:
Offset: 15336
Offset: 15762
Offset: 24246
Try to isolate each external call into its own transaction, as external calls can fail accidentally or deliberately.
--------------------
In file: modules/VestingEscrowWallet.sol:1382
function depositTokens(uint256 _numberOfTokens) external withPerm(ADMIN) {
_depositTokens(_numberOfTokens);
}
--------------------
==== Multiple Calls in a Single Transaction ====
SWC ID: 113
Severity: Medium
Contract: VestingEscrowWallet
Function name: pushAvailableTokens(address)
PC address: 4867
Estimated Gas Usage: 5674 - 76168
Multiple sends are executed in one transaction.
Consecutive calls are executed at the following bytecode offsets:
Offset: 15336
Offset: 15762
Try to isolate each external call into its own transaction, as external calls can fail accidentally or deliberately.
--------------------
In file: modules/VestingEscrowWallet.sol:1424
function pushAvailableTokens(address _beneficiary) public withPerm(OPERATOR) {
_sendTokens(_beneficiary);
}
--------------------
==== Multiple Calls in a Single Transaction ====
SWC ID: 113
Severity: Medium
Contract: VestingEscrowWallet
Function name: revokeSchedulesMulti(address[])
PC address: 5227
Estimated Gas Usage: 5504 - 78583
Multiple sends are executed in one transaction.
Consecutive calls are executed at the following bytecode offsets:
Offset: 15336
Offset: 15762
Try to isolate each external call into its own transaction, as external calls can fail accidentally or deliberately.
--------------------
In file: modules/VestingEscrowWallet.sol:1793
function revokeSchedulesMulti(address[] memory _beneficiaries) public withPerm(ADMIN) {
for (uint256 i = 0; i < _beneficiaries.length; i++) {
_revokeAllSchedules(_beneficiaries[i]);
}
}
--------------------
==== Exception State ====
SWC ID: 110
Severity: Low
Contract: VestingEscrowWallet
Function name: [schedules(address,uint256), schedules(address,uint256)] (ambiguous)
PC address: 8983
Estimated Gas Usage: 787 - 1072
A reachable exception has been detected.
It is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking.
--------------------
In file: modules/VestingEscrowWallet.sol:1282
mapping(address => Schedule[]) public schedules
--------------------
==== External Call To Fixed Address ====
SWC ID: 107
Severity: Low
Contract: VestingEscrowWallet
Function name: [takeUsageFee(), takeUsageFee(), takeUsageFee(), takeUsageFee()] (ambiguous)
PC address: 11208
Estimated Gas Usage: 9180 - 115552
The contract executes an external message call.
An external function call to a fixed contract address is executed. Make sure that the callee contract has been reviewed carefully.
--------------------
In file: modules/VestingEscrowWallet.sol:1205
IModuleFactory(factory).usageCostInPoly()
--------------------
==== External Call To Fixed Address ====
SWC ID: 107
Severity: Low
Contract: VestingEscrowWallet
Function name: [takeUsageFee(), takeUsageFee(), takeUsageFee(), takeUsageFee()] (ambiguous)
PC address: 11423
Estimated Gas Usage: 10863 - 151987
The contract executes an external message call.
An external function call to a fixed contract address is executed. Make sure that the callee contract has been reviewed carefully.
--------------------
In file: modules/VestingEscrowWallet.sol:1205
polyToken.transferFrom(securityToken, Ownable(factory).owner(), IModuleFactory(factory).usageCostInPoly())
--------------------
==== Integer Underflow ====
SWC ID: 101
Severity: High
Contract: VestingEscrowWallet
Function name: pushAvailableTokensMulti(uint256,uint256)
PC address: 11767
Estimated Gas Usage: 5630 - 75934
The binary subtraction can underflow.
The operands of the subtraction operation are not sufficiently constrained. The subtraction could therefore result in an integer underflow. Prevent the underflow by checking inputs or ensure sure that the underflow is caught by an assertion.
--------------------
In file: modules/VestingEscrowWallet.sol:1729
beneficiaries.length - 1
--------------------
==== Exception State ====
SWC ID: 110
Severity: Low
Contract: VestingEscrowWallet
Function name: pushAvailableTokensMulti(uint256,uint256)
PC address: 11915
Estimated Gas Usage: 6049 - 76353
A reachable exception has been detected.
It is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking.
--------------------
In file: modules/VestingEscrowWallet.sol:1731
beneficiaries[i]
--------------------
==== Exception State ====
SWC ID: 110
Severity: Low
Contract: VestingEscrowWallet
Function name: [templateNames(uint256), templateNames(uint256)] (ambiguous)
PC address: 14432
Estimated Gas Usage: 733 - 828
A reachable exception has been detected.
It is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking.
--------------------
In file: modules/VestingEscrowWallet.sol:1297
bytes32[] public templateNames
--------------------
==== Exception State ====
SWC ID: 110
Severity: Low
Contract: VestingEscrowWallet
Function name: [beneficiaries(uint256), beneficiaries(uint256)] (ambiguous)
PC address: 14465
Estimated Gas Usage: 755 - 850
A reachable exception has been detected.
It is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking.
--------------------
In file: modules/VestingEscrowWallet.sol:1277
address[] public beneficiaries
--------------------
==== External Call To Fixed Address ====
SWC ID: 107
Severity: Low
Contract: VestingEscrowWallet
Function name: depositTokens(uint256)
PC address: 24246
Estimated Gas Usage: 6435 - 77635
The contract executes an external message call.
An external function call to a fixed contract address is executed. Make sure that the callee contract has been reviewed carefully.
--------------------
In file: modules/VestingEscrowWallet.sol:1389
ISecurityToken(securityToken).transferFrom(msg.sender, address(this), _numberOfTokens)
--------------------
==== Exception State ====
SWC ID: 110
Severity: Low
Contract: VestingEscrowWallet
Function name: addSchedule(address,bytes32,uint256,uint256,uint256,uint256)
PC address: 24965
Estimated Gas Usage: 6014 - 76508
A reachable exception has been detected.
It is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking.
--------------------
In file: modules/VestingEscrowWallet.sol:1839
_duration % _frequency
--------------------
==== Exception State ====
SWC ID: 110
Severity: Low
Contract: VestingEscrowWallet
Function name: addSchedule(address,bytes32,uint256,uint256,uint256,uint256)
PC address: 25115
Estimated Gas Usage: 6197 - 76691
A reachable exception has been detected.
It is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking.
--------------------
In file: modules/VestingEscrowWallet.sol:1841
_numberOfTokens % periodCount
--------------------