Your project to manage napalm detection modules
Project description
🔥 Napalm Package: napalm-core
This is an automatically generated report on the detectors in this package.
Some quick stats:
- 3 collections
- 19 detectors
optimisations modules:
| ID | Description | Severity |
|---|---|---|
| storage-variable-bool | Using bool as a storage variable is more expensive than uint256 or other types that fill a whole 256 bit word. | INFO |
| cache-array-length-loop | The compiler will re-execute each instance of .length for each loop iteration. Caching the length will reduce the amount of sloads necessary to perform the operation. | INFO |
| initialize-default-value | Initializing variables with their default value leads to unnecessary gas expenditure | INFO |
indicators modules:
| ID | Description | Severity |
|---|---|---|
| math-in-unsafe-block | Mathematical operators in unsafe blocks are not checked for under flows or overflows. | INFO |
| use-of-privilege-to-protect-sensitive-functions | It's necessary to implement proper controls on wallet security when privileged functions are used to protect sensitive functions. | INFO |
| import-safetransfer-solmate | Solmate's SafeTransferLib doesn't perform the same checks SafeERC20 does, in particular it doesn't check if a contract exists leading to potential vulnerabilities. | INFO |
| block-number-l2 | Solidity's block.number semantics are not consistent on L2s, leading to potential vulnerabilities. | INFO |
| push-0-solc-version | Your solidity version uses PUSH0 which is not supported by all chains. | INFO |
detectors modules:
| ID | Description | Severity |
|---|---|---|
| int-cast-block-timestamp | Casting block.timestamp can lead to reduced precision and unexpected behavior, consider not casting instead. | WARNING |
| use-of-unsafe-erc20-functions | The ERC20 implementation does not automatically include checks that ensure the success of the operation. Using the OpenZeppelin's SafeERC20 library is recommended. | INFO |
| block-timestamp-swap | Passing block.timestamp as the deadline effectively removes the deadline functionality which prevents malicious validators from holding back transactions to execute them at a later time. | WARNING |
| dos-push-array-loop | Potential Denial of Service when users can push to an array that's irreducible and looped over. | HIGH |
| chainlink-circuit-breaker | Vulnerable to exploitation in case of a Chainlink circuit breaker event. | HIGH |
| unchecked-create-2 | Unchecked return value for CREATE2 call. | MEDIUM |
| unchecked-approve | Unchecked token approve | HIGH |
| unchecked-equation-modifier | Potential lack of input control due to missing requires checks. | HIGH |
| erc721-transfer-from-stuck | transferFrom call on ERC721 can lead to stuck tokens | HIGH |
| erc721-mint-stuck | _mint call on ERC721 can lead to stuck tokens | HIGH |
| erc20-approve-call | Potential Denial of Service when tokens don't implement approve() consistently ( e.g. USDT ). | HIGH |
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
napalm_core-0.1.2.tar.gz
(23.3 kB
view hashes)
Built Distribution
Close
Hashes for napalm_core-0.1.2-py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 9b776c3be16294916f86b919e7e2948a89184e304bda98aabd042d7fc1d4faad |
|
| MD5 | 127f70c1c9d461167d1eab1e752d5fc6 |
|
| BLAKE2b-256 | abf4a684a8dcea71a0d27f076cbf5fd57204cae349b0c500834665b465f10da8 |
