Neo DevPack for Solidity

Appearance

ERC4626 (OpenZeppelin)

Audit Snapshot

  • Status: ✅ pass
  • Source type: npm
  • Source path: third_party/famous-contracts/sources/@openzeppelin/contracts/token/ERC20/extensions/ERC4626.sol
  • Primary issue: No primary issue recorded.
  • Audit corpus size: 98 contracts

Diagnostics

Total diagnostics captured: 720

By Severity

SeverityCount
warning718
error2

Most Common Codes

CodeCountExample
W200678function 'safeTransfer' in 'ERC20' overrides 'Context::safeTransfer' which is not marked 'virtual'
W12130duplicate constant state variable 'GENERIC' detected while merging libraries
MANIFEST_WILDCARD_CONTRACT3contract 'Context' requires wildcard contract manifest permissions (contract='*') due to dynamic contract calls. This is riskier than fixed contract hashes; use --deny-wildcard-contracts to make this a hard error.
RAW2[info][NEP-17] NEP-17 transfer method has 2 parameter(s), spec expects 4. See STANDARDS_MAPPING.md for details.
W1012function 'transfer' has 2 parameters (ERC-20 pattern). NEP-17 requires 4 parameters: transfer(from, to, amount, data). The from address is verified via Runtime.checkWitness() and data (type Any) is forwarded to the recipient's onNEP17Payment callback.
W1032ERC-20 method(s) [approve, allowance, transferfrom] detected. These are not part of the NEP-17 spec; Neo uses Runtime.checkWitness() for authorization instead of the approve/allowance pattern. You may keep them as extensions, but they will not contribute to NEP-17 standard detection.
W1132Contract has transfer function but no onNEP17Payment callback. Other contracts cannot send tokens to this contract.
W1091ERC-4626 tokenized vault pattern detected. The vault logic compiles correctly, but replace ERC-20 token interactions with NEP-17 equivalents.

Source diagnostic payload: docs/data/famous-contracts-audit-results.json.

References

MIT Licensed

Copyright © R3E Network