Additional Known Issues

[Equious]

Aderyn Analysis Report

This report was generated by Aderyn, a static analysis tool built by Cyfrin, a blockchain security company. This report is not a substitute for manual audit or security review. It should not be relied upon for any purpose other than to assist in the identification of potential security vulnerabilities.

Table of Contents

• Summary
  • Files Summary
  • Files Details
  • Issue Summary
• High Issues
  • H-1: Arbitrary from passed to transferFrom (or safeTransferFrom)
• Medium Issues
  • M-1: Centralization Risk for trusted owners
  • M-2: Using ERC721::_mint() can be dangerous
• Low Issues
  • L-1: abi.encodePacked() should not be used with dynamic types when passing the result to a hash function such as keccak256()
  • L-2: Deprecated OpenZeppelin functions should not be used
  • L-3: Unsafe ERC20 Operations should not be used
  • L-4: Solidity pragma should be specific, not wide
  • L-5: Conditional storage checks are not consistent
  • L-6: PUSH0 is not supported by all chains
• NC Issues
  • NC-1: Missing checks for address(0) when assigning values to address state variables
  • NC-2: Functions not used internally could be marked external
  • NC-3: Constants should be defined and used instead of literals
  • NC-4: Event is missing indexed fields
  • NC-5: require() / revert() statements should have descriptive reason strings or custom errors

Summary

Files Summary

Key	Value
.sol Files	33
Total nSLOC	1453

Files Details

Filepath	nSLOC
contracts/LiquidationPool.sol	214
contracts/LiquidationPoolManager.sol	76
contracts/SmartVaultManagerV5.sol	120
contracts/SmartVaultV3.sol	199
contracts/interfaces/IEUROs.sol	9
contracts/interfaces/ILiquidationPool.sol	4
contracts/interfaces/ILiquidationPoolManager.sol	7
contracts/interfaces/INFTMetadataGenerator.sol	5
contracts/interfaces/IPriceCalculator.sol	7
contracts/interfaces/ISmartVault.sol	13
contracts/interfaces/ISmartVaultDeployer.sol	4
contracts/interfaces/ISmartVaultIndex.sol	7
contracts/interfaces/ISmartVaultManager.sol	11
contracts/interfaces/ISmartVaultManagerV2.sol	6
contracts/interfaces/ISmartVaultManagerV3.sol	6
contracts/interfaces/ISwapRouter.sol	14
contracts/interfaces/ITokenManager.sol	7
contracts/interfaces/IWETH.sol	5
contracts/utils/ChainlinkMock.sol	36
contracts/utils/ERC20Mock.sol	14
contracts/utils/EUROsMock.sol	19
contracts/utils/MockSmartVaultManager.sol	37
contracts/utils/PriceCalculator.sol	56
contracts/utils/SmartVaultDeployerV3.sol	15
contracts/utils/SmartVaultIndex.sol	36
contracts/utils/SmartVaultManager.sol	110
contracts/utils/SwapRouterMock.sol	34
contracts/utils/TokenManagerMock.sol	44
contracts/utils/WETHMock.sol	9
contracts/utils/nfts/DefGenerator.sol	88
contracts/utils/nfts/NFTMetadataGenerator.sol	46
contracts/utils/nfts/NFTUtils.sol	61
contracts/utils/nfts/SVGGenerator.sol	134
Total	1453

Issue Summary

Category	No. of Issues
Critical	0
High	1
Medium	2
Low	6
NC	5

High Issues

H-1: Arbitrary from passed to transferFrom (or safeTransferFrom)

Passing an arbitrary from address to transferFrom (or safeTransferFrom) can lead to loss of funds, because anyone can transfer tokens from the from address if an approval is made.

• Found in contracts/LiquidationPool.sol Line: 232

                               IERC20(asset.token.addr).safeTransferFrom(manager, address(this), _portion);

Medium Issues

M-1: Centralization Risk for trusted owners

Contracts have owners with privileged rights to perform admin tasks and need to be trusted to not perform malicious updates or drain funds.

• Found in contracts/LiquidationPoolManager.sol Line: 11

   contract LiquidationPoolManager is Ownable {

• Found in contracts/LiquidationPoolManager.sol Line: 84

       function setPoolFeePercentage(uint32 _poolFeePercentage) external onlyOwner {

• Found in contracts/SmartVaultManagerV5.sol Line: 103

       function setMintFeeRate(uint256 _rate) external onlyOwner {

• Found in contracts/SmartVaultManagerV5.sol Line: 107

       function setBurnFeeRate(uint256 _rate) external onlyOwner {

• Found in contracts/SmartVaultManagerV5.sol Line: 111

       function setSwapFeeRate(uint256 _rate) external onlyOwner {

• Found in contracts/SmartVaultManagerV5.sol Line: 115

       function setWethAddress(address _weth) external onlyOwner() {

• Found in contracts/SmartVaultManagerV5.sol Line: 119

       function setSwapRouter2(address _swapRouter) external onlyOwner() {

• Found in contracts/SmartVaultManagerV5.sol Line: 123

       function setNFTMetadataGenerator(address _nftMetadataGenerator) external onlyOwner() {

• Found in contracts/SmartVaultManagerV5.sol Line: 127

       function setSmartVaultDeployer(address _smartVaultDeployer) external onlyOwner() {

• Found in contracts/SmartVaultManagerV5.sol Line: 131

       function setProtocolAddress(address _protocol) external onlyOwner() {

• Found in contracts/SmartVaultManagerV5.sol Line: 135

       function setLiquidatorAddress(address _liquidator) external onlyOwner() {

• Found in contracts/SmartVaultV3.sol Line: 135

       function removeCollateralNative(uint256 _amount, address payable _to) external onlyOwner {

• Found in contracts/SmartVaultV3.sol Line: 142

       function removeCollateral(bytes32 _symbol, uint256 _amount, address _to) external onlyOwner {

• Found in contracts/SmartVaultV3.sol Line: 149

       function removeAsset(address _tokenAddr, uint256 _amount, address _to) external onlyOwner {

• Found in contracts/SmartVaultV3.sol Line: 160

       function mint(address _to, uint256 _amount) external onlyOwner ifNotLiquidated {

• Found in contracts/SmartVaultV3.sol Line: 214

       function swap(bytes32 _inToken, bytes32 _outToken, uint256 _amount) external onlyOwner {

• Found in contracts/utils/EUROsMock.sol Line: 8

   contract EUROsMock is IEUROs, ERC20, AccessControl {

• Found in contracts/utils/EUROsMock.sol Line: 18

       function mint(address to, uint256 amount) public onlyRole(MINTER_ROLE) {

• Found in contracts/utils/EUROsMock.sol Line: 22

       function burn(address from, uint256 amount) public onlyRole(BURNER_ROLE) {

• Found in contracts/utils/SmartVaultIndex.sol Line: 7

   contract SmartVaultIndex is ISmartVaultIndex, Ownable {

• Found in contracts/utils/SmartVaultIndex.sol Line: 43

       function setVaultManager(address _manager) external onlyOwner {

• Found in contracts/utils/SmartVaultManager.sol Line: 115

       function setMintFeeRate(uint256 _rate) external onlyOwner {

• Found in contracts/utils/SmartVaultManager.sol Line: 119

       function setBurnFeeRate(uint256 _rate) external onlyOwner {

• Found in contracts/utils/TokenManagerMock.sol Line: 9

   contract TokenManagerMock is ITokenManager, Ownable {

• Found in contracts/utils/TokenManagerMock.sol Line: 36

       function addAcceptedToken(address _token, address _chainlinkFeed) external onlyOwner {

• Found in contracts/utils/TokenManagerMock.sol Line: 45

       function removeAcceptedToken(bytes32 _symbol) external onlyOwner {

M-2: Using ERC721::_mint() can be dangerous

Using ERC721::_mint() can mint ERC721 tokens to addresses which don't support ERC721 tokens. Use _safeMint() instead of _mint() for ERC721.

• Found in contracts/utils/ERC20Mock.sol Line: 14

           _mint(to, amount);

• Found in contracts/utils/EUROsMock.sol Line: 19

           _mint(to, amount);

Low Issues

L-1: abi.encodePacked() should not be used with dynamic types when passing the result to a hash function such as keccak256()

Use abi.encode() instead which will pad items to 32 bytes, which will prevent hash collisions (e.g. abi.encodePacked(0x123,0x456) => 0x123456 => abi.encodePacked(0x1,0x23456), but abi.encode(0x123,0x456) => 0x0...1230...456). Unless there is a compelling reason, abi.encode should be preferred. If there is only one argument to abi.encodePacked() it can often be cast to bytes() or bytes32() instead.
If all arguments are strings and or bytes, bytes.concat() should be used instead.

• Found in contracts/utils/nfts/DefGenerator.sol Line: 31

                       abi.encodePacked(

• Found in contracts/utils/nfts/NFTMetadataGenerator.sol Line: 25

               collateralTraits = string(abi.encodePacked(collateralTraits, '{"trait_type":"', NFTUtils.toShortString(asset.token.symbol), '", ','"display_type": "number",','"value": ',NFTUtils.toDecimalString(asset.amount, asset.token.dec),'},'));

• Found in contracts/utils/nfts/NFTMetadataGenerator.sol Line: 31

               abi.encodePacked(

• Found in contracts/utils/nfts/NFTMetadataGenerator.sol Line: 33

                   Base64.encode(abi.encodePacked(

• Found in contracts/utils/nfts/NFTUtils.sol Line: 66

           return string(abi.encodePacked(wholePart, ".", fractionalPartPadded));

• Found in contracts/utils/nfts/SVGGenerator.sol Line: 39

                   displayText = string(abi.encodePacked(displayText,

• Found in contracts/utils/nfts/SVGGenerator.sol Line: 53

               displayText = string(abi.encodePacked(

• Found in contracts/utils/nfts/SVGGenerator.sol Line: 69

               mappedRows = string(abi.encodePacked(

• Found in contracts/utils/nfts/SVGGenerator.sol Line: 75

           mappedRows = string(abi.encodePacked(mappedRows,

• Found in contracts/utils/nfts/SVGGenerator.sol Line: 80

           return _vaultStatus.minted == 0 ? "N/A" : string(abi.encodePacked(NFTUtils.toDecimalString(HUNDRED_PC * _vaultStatus.totalCollateralValue / _vaultStatus.minted, 3),"%"));

• Found in contracts/utils/nfts/SVGGenerator.sol Line: 87

                       abi.encodePacked(

L-2: Deprecated OpenZeppelin functions should not be used

Openzeppelin has deprecated several functions and replaced with newer versions. Please consult https://docs.openzeppelin.com/

• Found in contracts/SmartVaultV3.sol Line: 198

           IERC20(_params.tokenIn).safeApprove(ISmartVaultManagerV3(manager).swapRouter2(), _params.amountIn);

L-3: Unsafe ERC20 Operations should not be used

ERC20 functions may not behave as expected. For example: return values are not always meaningful. It is recommended to use OpenZeppelin's SafeERC20 library.

• Found in contracts/LiquidationPool.sol Line: 175

                       IERC20(_token.addr).transfer(msg.sender, _rewardAmount);

• Found in contracts/LiquidationPoolManager.sol Line: 37

               eurosToken.approve(pool, _feesForPool);

• Found in contracts/LiquidationPoolManager.sol Line: 40

           eurosToken.transfer(protocol, eurosToken.balanceOf(address(this)));

• Found in contracts/LiquidationPoolManager.sol Line: 54

                   if (balance > 0) IERC20(_token.addr).transfer(protocol, balance);

• Found in contracts/LiquidationPoolManager.sol Line: 76

                       ierc20.approve(pool, erc20balance);

• Found in contracts/utils/MockSmartVaultManager.sol Line: 35

                       ierc20.transfer(msg.sender, ierc20.balanceOf(address(this)));

L-4: Solidity pragma should be specific, not wide

Consider using a specific version of Solidity in your contracts instead of a wide version. For example, instead of pragma solidity ^0.8.0;, use pragma solidity 0.8.0;

• Found in contracts/LiquidationPool.sol Line: 2

   pragma solidity ^0.8.17;

• Found in contracts/LiquidationPoolManager.sol Line: 2

   pragma solidity ^0.8.17;

• Found in contracts/interfaces/ILiquidationPool.sol Line: 2

   pragma solidity ^0.8.17;

• Found in contracts/interfaces/ILiquidationPoolManager.sol Line: 2

   pragma solidity ^0.8.17;

• Found in contracts/utils/MockSmartVaultManager.sol Line: 2

   pragma solidity ^0.8.17;

L-5: Conditional storage checks are not consistent

When writing require or if conditionals that check storage values, it is important to be consistent to prevent off-by-one errors. There are instances found where the same storage variable is checked multiple times, but the conditionals are not consistent.

• Found in contracts/SmartVaultV3.sol Line: 54

           require(minted >= _amount, "err-insuff-minted");

• Found in contracts/SmartVaultV3.sol Line: 80

           return _symbol == NATIVE ? address(this).balance : IERC20(_tokenAddress).balanceOf(address(this));

• Found in contracts/SmartVaultV3.sol Line: 100

           return minted > maxMintable();

• Found in contracts/SmartVaultV3.sol Line: 121

               if (tokens[i].symbol != NATIVE) liquidateERC20(IERC20(tokens[i].addr));

• Found in contracts/SmartVaultV3.sol Line: 128

           if (minted == 0) return true;

• Found in contracts/SmartVaultV3.sol Line: 132

               minted <= currentMintable - eurValueToRemove;

• Found in contracts/SmartVaultV3.sol Line: 157

           return minted + _amount <= maxMintable();

• Found in contracts/SmartVaultV3.sol Line: 163

           minted = minted + _amount + fee;

• Found in contracts/SmartVaultV3.sol Line: 171

           minted = minted - _amount;

• Found in contracts/SmartVaultV3.sol Line: 208

           uint256 requiredCollateralValue = minted * _manager.collateralRate() / _manager.HUNDRED_PC();

• Found in contracts/utils/SmartVaultManager.sol Line: 79

           tokenId = lastToken + 1;

• Found in contracts/utils/SmartVaultManager.sol Line: 93

           for (uint256 i = 1; i <= lastToken; i++) {

• Found in contracts/utils/nfts/SVGGenerator.sol Line: 35

               uint256 xShift = collateralSize % 2 == 0 ? 0 : TABLE_ROW_WIDTH >> 1;

• Found in contracts/utils/nfts/SVGGenerator.sol Line: 73

           uint256 rowMidpoint = TABLE_INITIAL_X + TABLE_ROW_WIDTH >> 1;

L-6: PUSH0 is not supported by all chains

Solc compiler version 0.8.20 switches the default target EVM version to Shanghai, which means that the generated bytecode will include PUSH0 opcodes. Be sure to select the appropriate EVM version in case you intend to deploy on a chain other than mainnet like L2 chains that may not support PUSH0, otherwise deployment of your contracts will fail.

• Found in contracts/LiquidationPool.sol Line: 2

   pragma solidity ^0.8.17;

• Found in contracts/LiquidationPoolManager.sol Line: 2

   pragma solidity ^0.8.17;

• Found in contracts/interfaces/ILiquidationPool.sol Line: 2

   pragma solidity ^0.8.17;

• Found in contracts/interfaces/ILiquidationPoolManager.sol Line: 2

   pragma solidity ^0.8.17;

• Found in contracts/utils/MockSmartVaultManager.sol Line: 2

   pragma solidity ^0.8.17;

NC Issues

NC-1: Missing checks for address(0) when assigning values to address state variables

Assigning values to address state variables without checking for address(0).

• Found in contracts/LiquidationPool.sol Line: 35

           tokenManager = _tokenManager;

• Found in contracts/SmartVaultManagerV5.sol Line: 116

           weth = _weth;

• Found in contracts/SmartVaultManagerV5.sol Line: 120

           swapRouter2 = _swapRouter;

• Found in contracts/SmartVaultManagerV5.sol Line: 124

           nftMetadataGenerator = _nftMetadataGenerator;

• Found in contracts/SmartVaultManagerV5.sol Line: 128

           smartVaultDeployer = _smartVaultDeployer;

• Found in contracts/SmartVaultManagerV5.sol Line: 132

           protocol = _protocol;

• Found in contracts/SmartVaultManagerV5.sol Line: 136

           liquidator = _liquidator;

• Found in contracts/SmartVaultV3.sol Line: 37

           owner = _owner;

• Found in contracts/SmartVaultV3.sol Line: 234

           owner = _newOwner;

• Found in contracts/utils/SmartVaultIndex.sol Line: 44

           manager = _manager;

• Found in contracts/utils/SmartVaultManager.sol Line: 45

           euros = _euros;

• Found in contracts/utils/SmartVaultManager.sol Line: 48

           protocol = _protocol;

• Found in contracts/utils/SmartVaultManager.sol Line: 49

           liquidator = _liquidator;

• Found in contracts/utils/SmartVaultManager.sol Line: 50

           tokenManager = _tokenManager;

• Found in contracts/utils/SmartVaultManager.sol Line: 51

           smartVaultDeployer = _smartVaultDeployer;

• Found in contracts/utils/SmartVaultManager.sol Line: 53

           nftMetadataGenerator = _nftMetadataGenerator;

NC-2: Functions not used internally could be marked external

• Found in contracts/SmartVaultManagerV5.sol Line: 46

       function initialize() initializer public {}

• Found in contracts/SmartVaultManagerV5.sol Line: 94

       function tokenURI(uint256 _tokenId) public view virtual override returns (string memory) {

• Found in contracts/utils/ERC20Mock.sol Line: 13

       function mint(address to, uint256 amount) public {

• Found in contracts/utils/ERC20Mock.sol Line: 17

       function decimals() public view override returns (uint8) {

• Found in contracts/utils/EUROsMock.sol Line: 18

       function mint(address to, uint256 amount) public onlyRole(MINTER_ROLE) {

• Found in contracts/utils/EUROsMock.sol Line: 22

       function burn(address from, uint256 amount) public onlyRole(BURNER_ROLE) {

• Found in contracts/utils/SmartVaultManager.sol Line: 41

       function initialize(uint256 _collateralRate, uint256 _feeRate, address _euros, address _protocol, address _liquidator, address _tokenManager, address _smartVaultDeployer, address _smartVaultIndex, address _nftMetadataGenerator) initializer public {

• Found in contracts/utils/SmartVaultManager.sol Line: 106

       function tokenURI(uint256 _tokenId) public view virtual override returns (string memory) {

NC-3: Constants should be defined and used instead of literals

• Found in contracts/LiquidationPool.sol Line: 99

                   holders[i] = holders[holders.length - 1];

• Found in contracts/LiquidationPool.sol Line: 106

           for (uint256 i = _i; i < pendingStakes.length - 1; i++) {

• Found in contracts/LiquidationPool.sol Line: 107

               pendingStakes[i] = pendingStakes[i+1];

• Found in contracts/LiquidationPool.sol Line: 120

           uint256 deadline = block.timestamp - 1 days;

• Found in contracts/LiquidationPool.sol Line: 220

                           uint256 costInEuros = _portion * 10 ** (18 - asset.token.dec) * uint256(assetPriceUsd) / uint256(priceEurUsd)

• Found in contracts/SmartVaultManagerV5.sol Line: 71

           tokenId = lastToken + 1;

• Found in contracts/SmartVaultV3.sol Line: 221

                   fee: 3000,

• Found in contracts/utils/ChainlinkMock.sol Line: 17

       function decimals() external pure returns (uint8) { return 8; }

• Found in contracts/utils/ChainlinkMock.sol Line: 25

           prices.push(PriceRound(block.timestamp - 4 hours, _price));

• Found in contracts/utils/ChainlinkMock.sol Line: 37

               roundId = uint80(prices.length - 1);

• Found in contracts/utils/ChainlinkMock.sol Line: 47

           return 1;

• Found in contracts/utils/PriceCalculator.sol Line: 19

           uint256 startPeriod = block.timestamp - _hours * 1 hours;

• Found in contracts/utils/PriceCalculator.sol Line: 25

           uint256 roundCount = 1;

• Found in contracts/utils/PriceCalculator.sol Line: 26

           while (roundTS > startPeriod && roundId > 1) {

• Found in contracts/utils/PriceCalculator.sol Line: 40

           return _symbol == NATIVE ? 0 : 18 - ERC20(_tokenAddress).decimals();

• Found in contracts/utils/PriceCalculator.sol Line: 45

           uint256 scaledCollateral = _tokenValue * 10 ** getTokenScaleDiff(_token.symbol, _token.addr);

• Found in contracts/utils/PriceCalculator.sol Line: 46

           uint256 collateralUsd = scaledCollateral * avgPrice(4, tokenUsdClFeed);

• Found in contracts/utils/PriceCalculator.sol Line: 53

           uint256 scaledCollateral = _tokenValue * 10 ** getTokenScaleDiff(_token.symbol, _token.addr);

• Found in contracts/utils/PriceCalculator.sol Line: 64

           return _eurValue * uint256(eurUsdPrice) / uint256(tokenUsdPrice) / 10 ** getTokenScaleDiff(_token.symbol, _token.addr);

• Found in contracts/utils/SmartVaultManager.sol Line: 79

           tokenId = lastToken + 1;

• Found in contracts/utils/SmartVaultManager.sol Line: 93

           for (uint256 i = 1; i <= lastToken; i++) {

• Found in contracts/utils/TokenManagerMock.sol Line: 20

           acceptedTokens.push(Token(NATIVE, address(0), 18, _clNativeUsd, Chainlink.AggregatorV3Interface(_clNativeUsd).decimals()));

• Found in contracts/utils/TokenManagerMock.sol Line: 49

                   acceptedTokens[i] = acceptedTokens[acceptedTokens.length - 1];

• Found in contracts/utils/nfts/DefGenerator.sol Line: 14

           bytes32[25] memory colours = [

• Found in contracts/utils/nfts/DefGenerator.sol Line: 22

               colours[(_tokenId % colours.length + _tokenId / colours.length + 1) % colours.length],

• Found in contracts/utils/nfts/DefGenerator.sol Line: 23

               colours[(_tokenId % colours.length + _tokenId / colours.length + _tokenId / colours.length ** 2 + 2) % colours.length]

• Found in contracts/utils/nfts/NFTMetadataGenerator.sol Line: 39

                               '{"trait_type": "Debt",  "display_type": "number", "value": ', NFTUtils.toDecimalString(_vaultStatus.minted, 18),'},',

• Found in contracts/utils/nfts/NFTMetadataGenerator.sol Line: 40

                               '{"trait_type": "Max Borrowable Amount", "display_type": "number", "value": "',NFTUtils.toDecimalString(_vaultStatus.maxMintable, 18),'"},',

• Found in contracts/utils/nfts/NFTMetadataGenerator.sol Line: 41

                               '{"trait_type": "Collateral Value in EUROs", "display_type": "number", "value": ',NFTUtils.toDecimalString(_vaultStatus.totalCollateralValue, 18),'},',

• Found in contracts/utils/nfts/NFTMetadataGenerator.sol Line: 42

                               '{"trait_type": "Value minus debt", "display_type": "number", "value": ',NFTUtils.toDecimalString(_vaultStatus.totalCollateralValue - _vaultStatus.minted, 18),'},',

• Found in contracts/utils/nfts/NFTUtils.sol Line: 14

           bytes memory bytesString = new bytes(32);

• Found in contracts/utils/nfts/NFTUtils.sol Line: 16

           for (uint8 i = 0; i < 32; i++) {

• Found in contracts/utils/nfts/NFTUtils.sol Line: 43

                       fractionalPartPadded = new bytes(fractionalPartPadded.length - 1);

• Found in contracts/utils/nfts/NFTUtils.sol Line: 59

           uint8 maxDecPlaces = 5;

• Found in contracts/utils/nfts/NFTUtils.sol Line: 60

           string memory wholePart = (_amount / 10 ** _inputDec).toString();

• Found in contracts/utils/nfts/NFTUtils.sol Line: 61

           uint256 fraction = _amount % 10 ** _inputDec;

• Found in contracts/utils/nfts/SVGGenerator.sol Line: 29

           uint256 paddingTop = 50;

• Found in contracts/utils/nfts/SVGGenerator.sol Line: 30

           uint256 paddingLeftSymbol = 22;

• Found in contracts/utils/nfts/SVGGenerator.sol Line: 31

           uint256 paddingLeftAmount = paddingLeftSymbol + 250;

• Found in contracts/utils/nfts/SVGGenerator.sol Line: 35

               uint256 xShift = collateralSize % 2 == 0 ? 0 : TABLE_ROW_WIDTH >> 1;

• Found in contracts/utils/nfts/SVGGenerator.sol Line: 37

                   uint256 currentRow = collateralSize >> 1;

• Found in contracts/utils/nfts/SVGGenerator.sol Line: 60

               collateralSize = 1;

• Found in contracts/utils/nfts/SVGGenerator.sol Line: 67

           uint256 rowCount = (_collateralSize + 1) >> 1;

• Found in contracts/utils/nfts/SVGGenerator.sol Line: 68

           for (uint256 i = 0; i < (rowCount + 1) >> 1; i++) {

• Found in contracts/utils/nfts/SVGGenerator.sol Line: 73

           uint256 rowMidpoint = TABLE_INITIAL_X + TABLE_ROW_WIDTH >> 1;

• Found in contracts/utils/nfts/SVGGenerator.sol Line: 80

           return _vaultStatus.minted == 0 ? "N/A" : string(abi.encodePacked(NFTUtils.toDecimalString(HUNDRED_PC * _vaultStatus.totalCollateralValue / _vaultStatus.minted, 3),"%"));

• Found in contracts/utils/nfts/SVGGenerator.sol Line: 106

                                       "<text class='cls-7' transform='translate(2191.03 719.41)'><tspan x='0' y='0'>",NFTUtils.toDecimalString(_vaultStatus.totalCollateralValue, 18)," EUROs</tspan></text>",

• Found in contracts/utils/nfts/SVGGenerator.sol Line: 110

                                       "<text class='cls-7' transform='translate(2191.03 822.75)'><tspan x='0' y='0'>",NFTUtils.toDecimalString(_vaultStatus.minted, 18)," EUROs</tspan></text>",

• Found in contracts/utils/nfts/SVGGenerator.sol Line: 118

                                       "<text class='cls-5' transform='translate(1715.63 1220.22)'><tspan x='0' y='0'>",NFTUtils.toDecimalString(_vaultStatus.totalCollateralValue - _vaultStatus.minted, 18)," EUROs</tspan></text>",

NC-4: Event is missing indexed fields

Index event fields make the field more quickly accessible to off-chain tools that parse events. However, note that each index field costs extra gas during emission, so it's not necessarily best to index the maximum allowed per event (three fields). Each event should use three indexed fields if there are three or more fields, and gas usage is not particularly of concern for the events in question. If there are fewer than three fields, all of the fields should be indexed.

• Found in contracts/SmartVaultManagerV5.sol Line: 37

       event VaultDeployed(address indexed vaultAddress, address indexed owner, address vaultType, uint256 tokenId);

• Found in contracts/SmartVaultManagerV5.sol Line: 39

       event VaultTransferred(uint256 indexed tokenId, address from, address to);

• Found in contracts/SmartVaultV3.sol Line: 30

       event CollateralRemoved(bytes32 symbol, uint256 amount, address to);

• Found in contracts/SmartVaultV3.sol Line: 31

       event AssetRemoved(address token, uint256 amount, address to);

• Found in contracts/SmartVaultV3.sol Line: 32

       event EUROsMinted(address to, uint256 amount, uint256 fee);

• Found in contracts/SmartVaultV3.sol Line: 33

       event EUROsBurned(uint256 amount, uint256 fee);

• Found in contracts/utils/SmartVaultManager.sol Line: 32

       event VaultDeployed(address indexed vaultAddress, address indexed owner, address vaultType, uint256 tokenId);

• Found in contracts/utils/SmartVaultManager.sol Line: 34

       event VaultTransferred(uint256 indexed tokenId, address from, address to);

• Found in contracts/utils/TokenManagerMock.sol Line: 15

       event TokenAdded(bytes32 symbol, address token);

• Found in contracts/utils/TokenManagerMock.sol Line: 16

       event TokenRemoved(bytes32 symbol);

NC-5: require() / revert() statements should have descriptive reason strings or custom errors

• Found in contracts/LiquidationPool.sol Line: 135

           require(_tstVal > 0 || _eurosVal > 0);

• Found in contracts/LiquidationPool.sol Line: 173

                       require(_sent);

• Found in contracts/LiquidationPool.sol Line: 200

                   require(_sent);

• Found in contracts/LiquidationPoolManager.sol Line: 50

                       require(_sent);

• Found in contracts/utils/MockSmartVaultManager.sol Line: 30

                   require(_sent);