feat(contracts): add wrapped HypERC4626 for ease of defi use #4563
Conversation
aroralanuk
requested review from
yorhodes,
tkporter and
ltyu
as code owners
🦋 Changeset detectedLatest commit: 29f5c37 The changes in this PR will be included in the next version bump. This PR includes changesets to release 9 packages
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| @@ -0,0 +1,112 @@ | |||
| // SPDX-License-Identifier: MIT OR Apache-2.0 | |||
| pragma solidity >=0.8.0; | |||
Check notice
Code scanning / Olympix Integrated Security
Using an unbounded pragma for Solidity version may be unsafe if future versions introduce breaking changes. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/unbounded-pragma Low
| * @notice A wrapper for HypERC4626 that allows for wrapping and unwrapping of underlying rebasing tokens | ||
| */ | ||
| contract WHypERC4626 is ERC20 { | ||
| HypERC4626 public immutable underlying; |
Check notice
Code scanning / Olympix Integrated Security
Some state variables are not being fuzzed in test functions, potentially leaving vulnerabilities unexplored. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/unfuzzed-variables Low
| HypERC4626 public immutable underlying; | ||
|
|
||
| constructor( | ||
| HypERC4626 _underlying, |
Check notice
Code scanning / Olympix Integrated Security
Parameters passed to a constructor that are not validated for correct values may lead to contract creation in an undesired state. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/no-parameter-validation-in-constructor Low
|
|
||
| constructor( | ||
| HypERC4626 _underlying, | ||
| string memory name, |
Check notice
Code scanning / Olympix Integrated Security
Parameters passed to a constructor that are not validated for correct values may lead to contract creation in an undesired state. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/no-parameter-validation-in-constructor Low
| constructor( | ||
| HypERC4626 _underlying, | ||
| string memory name, | ||
| string memory symbol |
Check notice
Code scanning / Olympix Integrated Security
Parameters passed to a constructor that are not validated for correct values may lead to contract creation in an undesired state. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/no-parameter-validation-in-constructor Low
| ); | ||
| uint256 wrappedAmount = underlying.assetsToShares(_underlyingAmount); | ||
| _mint(msg.sender, wrappedAmount); | ||
| underlying.transferFrom(msg.sender, address(this), _underlyingAmount); |
Check warning
Code scanning / Olympix Integrated Security
Calling a function without checking the return value may lead to silent failures. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/unused-return-function-call Medium
| ); | ||
| uint256 wrappedAmount = underlying.assetsToShares(_underlyingAmount); | ||
| _mint(msg.sender, wrappedAmount); | ||
| underlying.transferFrom(msg.sender, address(this), _underlyingAmount); |
Check failure
Code scanning / Olympix Integrated Security
Performing an ERC-20 token transfer without checking the result may result in silent token transfer failures. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/unchecked-token-transfer Critical
| * @param _wrappedAmount The amount of wrapped tokens to unwrap | ||
| * @return The amount of underlying tokens | ||
| */ | ||
| function unwrap(uint256 _wrappedAmount) external returns (uint256) { |
Check notice
Code scanning / Olympix Integrated Security
Reentrant functions which emit events after making an external call may lead to out-of-order events. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/reentrancy-events Low
| ); | ||
| uint256 underlyingAmount = underlying.sharesToAssets(_wrappedAmount); | ||
| _burn(msg.sender, _wrappedAmount); | ||
| underlying.transfer(msg.sender, underlyingAmount); |
Check warning
Code scanning / Olympix Integrated Security
Calling a function without checking the return value may lead to silent failures. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/unused-return-function-call Medium
| ); | ||
| uint256 underlyingAmount = underlying.sharesToAssets(_wrappedAmount); | ||
| _burn(msg.sender, _wrappedAmount); | ||
| underlying.transfer(msg.sender, underlyingAmount); |
Check failure
Code scanning / Olympix Integrated Security
Performing an ERC-20 token transfer without checking the result may result in silent token transfer failures. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/unchecked-token-transfer Critical
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #4563 +/- ##
==========================================
+ Coverage 73.74% 73.89% +0.15%
==========================================
Files 100 101 +1
Lines 1436 1452 +16
Branches 187 189 +2
==========================================
+ Hits 1059 1073 +14
- Misses 356 358 +2
Partials 21 21
|
| * @param _underlyingAmount The amount of underlying tokens to wrap | ||
| * @return The amount of wrapped tokens | ||
| */ | ||
| function wrap(uint256 _underlyingAmount) external returns (uint256) { |
Check failure
Code scanning / Olympix Integrated Security
Modifying state after making an external call may allow for reentrancy attacks. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/reentrancy Critical
| _underlyingAmount > 0, | ||
| "WHypERC4626: wrap amount must be greater than 0" | ||
| ); | ||
| uint256 wrappedAmount = underlying.assetsToShares(_underlyingAmount); |
Check warning
Code scanning / Olympix Integrated Security
Local variables in test functions are not properly fuzzed, potentially reducing the effectiveness of property-based testing. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/unfuzzed-local-variables Medium
| _wrappedAmount > 0, | ||
| "WHypERC4626: unwrap amount must be greater than 0" | ||
| ); | ||
| uint256 underlyingAmount = underlying.sharesToAssets(_wrappedAmount); |
Check warning
Code scanning / Olympix Integrated Security
Local variables in test functions are not properly fuzzed, potentially reducing the effectiveness of property-based testing. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/unfuzzed-local-variables Medium
…ne-xyz#4563) ### Description ### Drive-by changes None ### Related issues - closes https://github.com/chainlight-io/2024-08-hyperlane/issues/7 ### Backward compatibility Yes ### Testing Unit
…ne-xyz#4563) ### Description ### Drive-by changes None ### Related issues - closes https://github.com/chainlight-io/2024-08-hyperlane/issues/7 ### Backward compatibility Yes ### Testing Unit
…ne-xyz#4563) ### Description ### Drive-by changes None ### Related issues - closes https://github.com/chainlight-io/2024-08-hyperlane/issues/7 ### Backward compatibility Yes ### Testing Unit
…ne-xyz#4563) ### Description ### Drive-by changes None ### Related issues - closes https://github.com/chainlight-io/2024-08-hyperlane/issues/7 ### Backward compatibility Yes ### Testing Unit
Description
Drive-by changes
None
Related issues
Backward compatibility
Yes
Testing
Unit