Styling: Fix indentation of generated report section for unsafe ERC20 operation
0xble opened this issue · 2 comments
0xble commented
Currently, the unsafe ERC20 operation report section is generated with an extra indent from the rest of the report so that it looks like this:
# Gas Optimizations - (Total Vulnerabilities 2)
The following sections detail the high, medium and low severity vulnerabilities found throughout the codebase.
<br>
## Low Risk
ERC20 operations can be unsafe due to different implementations and vulnerabilities in the standard. To account for this, either use OpenZeppelin's SafeERC20 library or wrap each operation in a require statement.
Additionally, ERC20's approve functions have a known race-condition vulnerability. To account for this, use OpenZeppelin's SafeERC20 library's `safeIncrease` or `safeDecrease` Allowance functions.
#### Unsafe Transfer
```js
IERC20(token).transfer(msg.sender, amount);
```
#### OpenZeppelin SafeTransfer
```js
import {SafeERC20} from "openzeppelin/token/utils/SafeERC20.sol";
//--snip--
IERC20(token).safeTransfer(msg.sender, address(this), amount);
```
#### Safe Transfer with require statement.
```js
bool success = IERC20(token).transfer(msg.sender, amount);
require(success, "ERC20 transfer failed");
```
#### Unsafe TransferFrom
```js
IERC20(token).transferFrom(msg.sender, address(this), amount);
```
#### OpenZeppelin SafeTransferFrom
```js
import {SafeERC20} from "openzeppelin/token/utils/SafeERC20.sol";
//--snip--
IERC20(token).safeTransferFrom(msg.sender, address(this), amount);
```
#### Safe TransferFrom with require statement.
```js
bool success = IERC20(token).transferFrom(msg.sender, address(this), amount);
require(success, "ERC20 transfer failed");
```
### Lines
- Contract.sol:438
- Contract.sol:207
When it seems it should look more like this:
# Gas Optimizations - (Total Vulnerabilities 2)
The following sections detail the high, medium and low severity vulnerabilities found throughout the codebase.
<br>
## Low Risk
ERC20 operations can be unsafe due to different implementations and vulnerabilities in the standard. To account for this, either use OpenZeppelin's SafeERC20 library or wrap each operation in a require statement.
Additionally, ERC20's approve functions have a known race-condition vulnerability. To account for this, use OpenZeppelin's SafeERC20 library's `safeIncrease` or `safeDecrease` Allowance functions.
#### Unsafe Transfer
```js
IERC20(token).transfer(msg.sender, amount);
```
#### OpenZeppelin SafeTransfer
```js
import {SafeERC20} from "openzeppelin/token/utils/SafeERC20.sol";
//--snip--
IERC20(token).safeTransfer(msg.sender, address(this), amount);
```
#### Safe Transfer with require statement.
```js
bool success = IERC20(token).transfer(msg.sender, amount);
require(success, "ERC20 transfer failed");
```
#### Unsafe TransferFrom
```js
IERC20(token).transferFrom(msg.sender, address(this), amount);
```
#### OpenZeppelin SafeTransferFrom
```js
import {SafeERC20} from "openzeppelin/token/utils/SafeERC20.sol";
//--snip--
IERC20(token).safeTransferFrom(msg.sender, address(this), amount);
```
#### Safe TransferFrom with require statement.
```js
bool success = IERC20(token).transferFrom(msg.sender, address(this), amount);
require(success, "ERC20 transfer failed");
```
### Lines
- Contract.sol:438
- Contract.sol:207
Was this intentional?
0xble commented
I'm happy to followup with a PR to fix this if it should be changed.
0xKitsune commented
Nope, not intentional, feel free to PR!