_Follow along with the video:_ --- ### Manual Review - Aderyn First thing's first, assure your version of `Aderyn` is up-to-date with `cargo install aderyn`. We should be able to run the command `aderyn .` and receive an output in the default form of `report.md`. Let's have a peek at what `Aderyn` found! > **Note:** Aderyn is always and rapidly evolving, the output you receive may differ in some ways from the video and from this written lesson, that's ok! Here's an example of the output I received: <details> <summary>report.md</summary> # Aderyn Analysis Report This report was generated by [Aderyn](https://github.com/Cyfrin/aderyn), a static analysis tool built by [Cyfrin](https://cyfrin.io), a blockchain security company. This report is not a substitute for manual audit or security review. It should not be relied upon for any purpose other than to assist in the identification of potential security vulnerabilities. # Table of Contents - [Aderyn Analysis Report](#aderyn-analysis-report) - [Table of Contents](#table-of-contents) - [Summary](#summary) - [Files Summary](#files-summary) - [Files Details](#files-details) - [Issue Summary](#issue-summary) - [Low Issues](#low-issues) - [L-1: `public` functions not used internally could be marked `external`](#l-1-public-functions-not-used-internally-could-be-marked-external) - [L-2: Define and use `constant` variables instead of using literals](#l-2-define-and-use-constant-variables-instead-of-using-literals) - [L-3: Event is missing `indexed` fields](#l-3-event-is-missing-indexed-fields) - [Wrap Up](#wrap-up) # Summary ## Files Summary | Key | Value | | ----------- | ----- | | .sol Files | 2 | | Total nSLOC | 262 | ## Files Details | Filepath | nSLOC | | ------------------- | ------- | | src/PoolFactory.sol | 35 | | src/TSwapPool.sol | 227 | | **Total** | **262** | ## Issue Summary | Category | No. of Issues | | -------- | ------------- | | High | 0 | | Low | 3 | # Low Issues ## L-1: `public` functions not used internally could be marked `external` Instead of marking a function as `public`, consider marking it as `external` if it is not used internally. - Found in src/TSwapPool.sol [Line: 247](src/TSwapPool.sol#L247) ```solidity function swapExactInput( ``` ## L-2: Define and use `constant` variables instead of using literals If the same constant literal value is used multiple times, create a constant state variable and reference it throughout the contract. - Found in src/TSwapPool.sol [Line: 227](src/TSwapPool.sol#L227) ```solidity uint256 inputAmountMinusFee = inputAmount * 997; ``` - Found in src/TSwapPool.sol [Line: 244](src/TSwapPool.sol#L244) ```solidity return ((inputReserves * outputAmount) * 10000) / ((outputReserves - outputAmount) * 997); ``` - Found in src/TSwapPool.sol [Line: 369](src/TSwapPool.sol#L369) ```solidity 1e18, i_wethToken.balanceOf(address(this)), i_poolToken.balanceOf(address(this)) ``` - Found in src/TSwapPool.sol [Line: 375](src/TSwapPool.sol#L375) ```solidity 1e18, i_poolToken.balanceOf(address(this)), i_wethToken.balanceOf(address(this)) ``` ## L-3: Event is missing `indexed` fields Index event fields make the field more quickly accessible to off-chain tools that parse events. However, note that each index field costs extra gas during emission, so it's not necessarily best to index the maximum allowed per event (three fields). Each event should use three indexed fields if there are three or more fields, and gas usage is not particularly of concern for the events in question. If there are fewer than three fields, all of the fields should be indexed. - Found in src/PoolFactory.sol [Line: 35](src/PoolFactory.sol#L35) ```solidity event PoolCreated(address tokenAddress, address poolAddress); ``` - Found in src/TSwapPool.sol [Line: 43](src/TSwapPool.sol#L43) ```solidity event LiquidityAdded(address indexed liquidityProvider, uint256 wethDeposited, uint256 poolTokensDeposited); ``` - Found in src/TSwapPool.sol [Line: 44](src/TSwapPool.sol#L44) ```solidity event LiquidityRemoved(address indexed liquidityProvider, uint256 wethWithdrawn, uint256 poolTokensWithdrawn); ``` - Found in src/TSwapPool.sol [Line: 45](src/TSwapPool.sol#L45) ```solidity event Swap(address indexed swapper, IERC20 tokenIn, uint256 amountTokenIn, IERC20 tokenOut, uint256 amountTokenOut); ``` </details> It looks like Aderyn caught a few `Low/NC (non-critical)` vulnerabilities! Let's quickly go through these and make note of what's valid in our code base. First up is: ``` ## L-1: `public` functions not used internally could be marked `external` ``` Aderyn is directing us to `swapExactInput` at line 247 of `TSwapPool.sol`. If we investigate this function, we'll see this finding by Aderyn would be valid! If the function isn't being called internally we can narrow it's visibility to `external` and save gas. ```js //@Audit - functions not used internally can be marked external to save gas. function swapExactInput( ``` Next up: ``` ## L-2: Define and use `constant` variables instead of using literals ``` The TSwap team is guilty of this in a few different places. We can see they're using `magic numbers` in lines 227, 244, 369 and 375 of `TSwapPool.sol`. While informational, it's best to call these out. ```js //@Audit - Use constants instead of magic numbers/literals ``` The last detection by Aderyn is: ``` ## L-3: Event is missing `indexed` fields ``` We see a number of instances in `TSwapPool.sol` in which events do not have indexed parameters, we can confirm this by checking lines 35, 43, 44, and 45. This "bug" is a little contentious, and I'm actually in the camp advocating for _fewer_ indexes, but depending on who you are, you might add this to your audit notes as well. ```js //@Audit - Event should be indexed if there are more than 3 parameters ``` ### Wrap Up Amazing! Tools like Aderyn and Slither really assist in helping us automate some of these findings. Now that we're done with them, we can move on to some _actual_, line-by-line, manual review. See you in the next lesson, `PoolFactory.sol` is up.