Styling: Fix indentation of generated report section for unsafe ERC20 operation

Question

Styling: Fix indentation of generated report section for unsafe ERC20 operation

0xble opened this issue 2 years ago · 2 comments

Currently, the unsafe ERC20 operation report section is generated with an extra indent from the rest of the report so that it looks like this:

# Gas Optimizations - (Total Vulnerabilities 2)

The following sections detail the high, medium and low severity vulnerabilities found throughout the codebase.

<br>

## Low Risk

        ERC20 operations can be unsafe due to different implementations and vulnerabilities in the standard. To account for this, either use OpenZeppelin's SafeERC20 library or wrap each operation in a require statement.
        Additionally, ERC20's approve functions have a known race-condition vulnerability. To account for this, use OpenZeppelin's SafeERC20 library's `safeIncrease` or `safeDecrease` Allowance functions.
        
        #### Unsafe Transfer
        ```js
        IERC20(token).transfer(msg.sender, amount);
        ```
        #### OpenZeppelin SafeTransfer
        ```js        
        import {SafeERC20} from "openzeppelin/token/utils/SafeERC20.sol";
        //--snip--
        
        IERC20(token).safeTransfer(msg.sender, address(this), amount);
        ```

        #### Safe Transfer with require statement.
        ```js
        bool success = IERC20(token).transfer(msg.sender, amount);
        require(success, "ERC20 transfer failed");
        ```

        #### Unsafe TransferFrom
        ```js
        IERC20(token).transferFrom(msg.sender, address(this), amount);
        ```
        #### OpenZeppelin SafeTransferFrom
        ```js        
        import {SafeERC20} from "openzeppelin/token/utils/SafeERC20.sol";
        //--snip--
        
        IERC20(token).safeTransferFrom(msg.sender, address(this), amount);
        ```

        #### Safe TransferFrom with require statement.
        ```js
        bool success = IERC20(token).transferFrom(msg.sender, address(this), amount);
        require(success, "ERC20 transfer failed");
        ```
    
    
### Lines
- Contract.sol:438
- Contract.sol:207

When it seems it should look more like this:

# Gas Optimizations - (Total Vulnerabilities 2)

The following sections detail the high, medium and low severity vulnerabilities found throughout the codebase.

<br>

## Low Risk

ERC20 operations can be unsafe due to different implementations and vulnerabilities in the standard. To account for this, either use OpenZeppelin's SafeERC20 library or wrap each operation in a require statement.
Additionally, ERC20's approve functions have a known race-condition vulnerability. To account for this, use OpenZeppelin's SafeERC20 library's `safeIncrease` or `safeDecrease` Allowance functions.

#### Unsafe Transfer
```js
IERC20(token).transfer(msg.sender, amount);
```
#### OpenZeppelin SafeTransfer
```js        
import {SafeERC20} from "openzeppelin/token/utils/SafeERC20.sol";
//--snip--

IERC20(token).safeTransfer(msg.sender, address(this), amount);
```

#### Safe Transfer with require statement.
```js
bool success = IERC20(token).transfer(msg.sender, amount);
require(success, "ERC20 transfer failed");
```

#### Unsafe TransferFrom
```js
IERC20(token).transferFrom(msg.sender, address(this), amount);
```
#### OpenZeppelin SafeTransferFrom
```js        
import {SafeERC20} from "openzeppelin/token/utils/SafeERC20.sol";
//--snip--

IERC20(token).safeTransferFrom(msg.sender, address(this), amount);
```

#### Safe TransferFrom with require statement.
```js
bool success = IERC20(token).transferFrom(msg.sender, address(this), amount);
require(success, "ERC20 transfer failed");
```
    
    
### Lines
- Contract.sol:438
- Contract.sol:207

Was this intentional?

Answer 1 · 2022-12-14T19:46:54.000Z

I'm happy to followup with a PR to fix this if it should be changed.

Answer 2 · 2022-12-14T19:49:07.000Z

Nope, not intentional, feel free to PR!