feat: Add succinct lightclient ISM #4334
24 new alerts including 1 critical severity security vulnerability
New alerts in code changed by this pull request
Security Alerts:
- 1 critical
- 9 medium
- 14 low
See annotations below for details.
Annotations
Check failure on line 12 in solidity/contracts/hooks/DispatchedHook.sol
Code scanning / Olympix Integrated Security
Contracts that can receive ether but cannot send it may lock value permanently. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/locked-ether Critical
Check warning on line 15 in solidity/contracts/hooks/DispatchedHook.sol
Code scanning / Olympix Integrated Security
Some state variables are not being fuzzed in test functions, potentially leaving vulnerabilities unexplored. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/unfuzzed-variables Medium
Check notice on line 2 in solidity/contracts/interfaces/ISP1LightClient.sol
Code scanning / Olympix Integrated Security
Using an unbounded pragma for Solidity version may be unsafe if future versions introduce breaking changes. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/unbounded-pragma Low
Check notice on line 2 in solidity/contracts/interfaces/ccip-gateways/ISuccinctProofsService.sol
Code scanning / Olympix Integrated Security
Using an unbounded pragma for Solidity version may be unsafe if future versions introduce breaking changes. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/unbounded-pragma Low
Check notice on line 2 in solidity/contracts/isms/ccip-read/SP1LightClientIsm.sol
Code scanning / Olympix Integrated Security
Using an unbounded pragma for Solidity version may be unsafe if future versions introduce breaking changes. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/unbounded-pragma Low
Check warning on line 62 in solidity/contracts/isms/ccip-read/SP1LightClientIsm.sol
Code scanning / Olympix Integrated Security
Test functions fail to verify specific revert reasons, potentially missing important contract behavior validation. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/missing-revert-reason-tests Medium
Check notice on line 2 in solidity/contracts/isms/ccip-read/StorageProofIsm.sol
Code scanning / Olympix Integrated Security
Using an unbounded pragma for Solidity version may be unsafe if future versions introduce breaking changes. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/unbounded-pragma Low
Check warning on line 36 in solidity/contracts/isms/ccip-read/StorageProofIsm.sol
Code scanning / Olympix Integrated Security
Some state variables are not being fuzzed in test functions, potentially leaving vulnerabilities unexplored. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/unfuzzed-variables Medium
Check warning on line 39 in solidity/contracts/isms/ccip-read/StorageProofIsm.sol
Code scanning / Olympix Integrated Security
Some state variables are not being fuzzed in test functions, potentially leaving vulnerabilities unexplored. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/unfuzzed-variables Medium
Check warning on line 42 in solidity/contracts/isms/ccip-read/StorageProofIsm.sol
Code scanning / Olympix Integrated Security
Some state variables are not being fuzzed in test functions, potentially leaving vulnerabilities unexplored. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/unfuzzed-variables Medium
Check warning on line 45 in solidity/contracts/isms/ccip-read/StorageProofIsm.sol
Code scanning / Olympix Integrated Security
Using uninitialized state variables may lead to unexpected behavior. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/uninitialized-state-variable Medium
Check warning on line 45 in solidity/contracts/isms/ccip-read/StorageProofIsm.sol
Code scanning / Olympix Integrated Security
Some state variables are not being fuzzed in test functions, potentially leaving vulnerabilities unexplored. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/unfuzzed-variables Medium
Check warning on line 48 in solidity/contracts/isms/ccip-read/StorageProofIsm.sol
Code scanning / Olympix Integrated Security
Some state variables are not being fuzzed in test functions, potentially leaving vulnerabilities unexplored. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/unfuzzed-variables Medium
Check warning on line 81 in solidity/contracts/isms/ccip-read/StorageProofIsm.sol
Code scanning / Olympix Integrated Security
Test functions fail to verify specific revert reasons, potentially missing important contract behavior validation. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/missing-revert-reason-tests Medium
Check notice on line 119 in solidity/contracts/isms/ccip-read/StorageProofIsm.sol
Code scanning / Olympix Integrated Security
Local variables in test functions are not properly fuzzed, potentially reducing the effectiveness of property-based testing. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/unfuzzed-local-variables Low
Check notice on line 120 in solidity/contracts/isms/ccip-read/StorageProofIsm.sol
Code scanning / Olympix Integrated Security
Local variables in test functions are not properly fuzzed, potentially reducing the effectiveness of property-based testing. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/unfuzzed-local-variables Low
Check notice on line 121 in solidity/contracts/isms/ccip-read/StorageProofIsm.sol
Code scanning / Olympix Integrated Security
Local variables in test functions are not properly fuzzed, potentially reducing the effectiveness of property-based testing. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/unfuzzed-local-variables Low
Check notice on line 124 in solidity/contracts/isms/ccip-read/StorageProofIsm.sol
Code scanning / Olympix Integrated Security
Local variables in test functions are not properly fuzzed, potentially reducing the effectiveness of property-based testing. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/unfuzzed-local-variables Low
Check notice on line 2 in solidity/contracts/libs/StateProofHelpers.sol
Code scanning / Olympix Integrated Security
Using an unbounded pragma for Solidity version may be unsafe if future versions introduce breaking changes. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/unbounded-pragma Low
Check notice on line 17 in solidity/contracts/libs/StateProofHelpers.sol
Code scanning / Olympix Integrated Security
Local variables in test functions are not properly fuzzed, potentially reducing the effectiveness of property-based testing. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/unfuzzed-local-variables Low
Check notice on line 31 in solidity/contracts/libs/StateProofHelpers.sol
Code scanning / Olympix Integrated Security
Local variables in test functions are not properly fuzzed, potentially reducing the effectiveness of property-based testing. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/unfuzzed-local-variables Low
Check notice on line 32 in solidity/contracts/libs/StateProofHelpers.sol
Code scanning / Olympix Integrated Security
Local variables in test functions are not properly fuzzed, potentially reducing the effectiveness of property-based testing. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/unfuzzed-local-variables Low
Check notice on line 38 in solidity/contracts/libs/StateProofHelpers.sol
Code scanning / Olympix Integrated Security
Local variables in test functions are not properly fuzzed, potentially reducing the effectiveness of property-based testing. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/unfuzzed-local-variables Low
Check notice on line 23 in solidity/contracts/mock/MockLightClient.sol
Code scanning / Olympix Integrated Security
Test functions fail to thoroughly test all aspects of contract constructors, potentially missing critical initialization issues. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/incomplete-constructor-tests Low