Merge v1.0 audit fixes to v3

[EdNoepel]

No description provided.

[github-actions]

Unit Test Coverage Report

Coverage after merging audit-fix into master will be

100.00%

Coverage Report

File	Stmts	Branches	Funcs	Lines	Uncovered Lines
src/attribute
Attribute.sol	90%	50%	100%	100%	30
Delegatable.sol	100%	100%	100%	100%
Executable.sol	100%	100%	100%	100%
Ownable.sol	100%	100%	100%	100%
Pausable.sol	100%	100%	100%	100%
Withdrawable.sol	100%	100%	100%	100%
src/distribution
Airdrop.sol	100%	100%	100%	100%
Treasury.sol	100%	100%	100%	100%
src/mutability
Derived.sol	100%	100%	100%	100%
Implementation.sol	100%	100%	100%	100%
Mutable.sol	100%	100%	100%	100%
Mutator.sol	100%	100%	100%	100%
src/number
NumberMath.sol	100%	100%	100%	100%
src/number/types
Fixed18.sol	100%	100%	100%	100%
Fixed6.sol	100%	100%	100%	100%
UFixed18.sol	100%	100%	100%	100%
UFixed6.sol	100%	100%	100%	100%
src/token/types
Token.sol	100%	100%	100%	100%
Token18.sol	100%	100%	100%	100%
Token6.sol	100%	100%	100%	100%
src/utils
OwnableStub.sol	100%	100%	100%	100%
console.sol	99.89%	60%	100%	100%	44, 65
src/vrgda
VRGDADecayMath.sol	100%	100%	100%	100%
VRGDAIssuanceMath.sol	100%	100%	100%	100%
src/vrgda/types
LinearExponentialVRGDA.sol	100%	100%	100%	100%

[github-actions]

Slither report

Static Analysis Report

**THIS CHECKLIST IS NOT COMPLETE**. Use `--show-ignored-findings` to show all the results. Summary - [locked-ether](#locked-ether) (2 results) (Medium) - [reentrancy-no-eth](#reentrancy-no-eth) (2 results) (Medium) - [unused-return](#unused-return) (9 results) (Medium) - [incorrect-modifier](#incorrect-modifier) (1 results) (Low) - [calls-loop](#calls-loop) (2 results) (Low) - [reentrancy-benign](#reentrancy-benign) (3 results) (Low) - [reentrancy-events](#reentrancy-events) (4 results) (Low) - [dead-code](#dead-code) (44 results) (Informational) - [solc-version](#solc-version) (3 results) (Informational) - [missing-inheritance](#missing-inheritance) (2 results) (Informational) - [naming-convention](#naming-convention) (13 results) (Informational) - [unimplemented-functions](#unimplemented-functions) (4 results) (Informational) ## locked-ether Impact: Medium Confidence: High - [ ] ID-0 Contract locking ether found: Contract [Mutator](https://github.com/equilibria-xyz/root/blob/c1ab099968cc4a8434a3eb8db942ac8c250477b6/src/mutability/Mutator.sol#L13-L63) has payable functions: - [IMutator.upgrade(IImplementation,bytes)](https://github.com/equilibria-xyz/root/blob/c1ab099968cc4a8434a3eb8db942ac8c250477b6/src/mutability/interfaces/IMutator.sol#L16) - [Mutator.upgrade(IImplementation,bytes)](https://github.com/equilibria-xyz/root/blob/c1ab099968cc4a8434a3eb8db942ac8c250477b6/src/mutability/Mutator.sol#L48-L52) But does not have a function to withdraw the ether

root/src/mutability/Mutator.sol

Lines 13 to 63 in c1ab099

	contract Mutator is IMutator, Derived, Pausable {
	using EnumerableSet for EnumerableSet.AddressSet;
	EnumerableSet.AddressSet private _mutables;
	mapping(ShortString => IMutable) private _nameToMutable;
	constructor() {
	__Pausable__constructor();
	__Ownable__constructor();
	}
	/// @dev The list of all mutables.
	function mutables() public view returns (address[] memory) {
	return _mutables.values();
	}
	/// @notice Creates a new mutable with the given name
	/// @dev Initializes the mutable with the given implementation and data
	/// @param implementation The implementation of the mutable
	/// @param data The calldata to invoke the instance's initializer
	/// @return newMutable The new mutable
	function create(
	IImplementation implementation,
	bytes calldata data
	) public onlyOwner returns (IMutableTransparent newMutable) {
	_mutables.add(address(newMutable = new Mutable(implementation, data)));
	_nameToMutable[ShortStrings.toShortString(implementation.name())] = IMutable(address(newMutable));
	// ensure state of new mutable is consistent with mutator
	if (paused()) IMutable(address(newMutable)).pause();
	}
	/// @notice Upgrades the implementation of a proxy and optionally calls its initializer
	/// @param implementation New version of contract to be proxied
	/// @param data Calldata to invoke the instance's initializer
	function upgrade(IImplementation implementation, bytes memory data) public payable onlyOwner {
	ShortString name = ShortStrings.toShortString(implementation.name());
	if (_nameToMutable[name] == IMutable(address(0))) revert MutatorInvalidMutable();
	_nameToMutable[name].upgrade(implementation, data);
	}
	function _pause() internal override {
	for (uint256 i = 0; i < _mutables.length(); i++) IMutable(_mutables.at(i)).pause();
	super._pause();
	}
	function _unpause() internal override {
	for (uint256 i = 0; i < _mutables.length(); i++) IMutable(_mutables.at(i)).unpause();
	super._unpause();
	}
	}

• ID-1
  Contract locking ether found:
  Contract MutablePauseTarget has payable functions:
  • MutablePauseTarget.fallback()
    But does not have a function to withdraw the ether

https://github.com/equilibria-xyz/root/blob/c1ab099968cc4a8434a3eb8db942ac8c250477b6/src/mutability/Mutable.sol#L138-L143

reentrancy-no-eth

Impact: Medium
Confidence: Medium

• ID-2
  Reentrancy in Mutable._unpause():
  External calls:
  • ERC1967Utils.upgradeToAndCall(Mutable$().paused,)
    State variables written after the call(s):
  • Mutable$().paused = address(0)
    • $ = MutableStorageLocation
      Mutable.MutableStorageLocation can be used in cross function reentrancies:
  • Mutable.Mutable$()

root/src/mutability/Mutable.sol

Lines 123 to 127 in c1ab099

	function _unpause() private whenPaused {
	ERC1967Utils.upgradeToAndCall(Mutable$().paused, "");
	Mutable$().paused = address(0);
	emit Unpaused();
	}

• ID-3
  Reentrancy in Mutable._upgrade(IImplementation,bytes):
  External calls:
  • ERC1967Utils.upgradeToAndCall(address(newImplementation),abi.encodeCall(IImplementation.construct,(data)))
    State variables written after the call(s):
  • Mutable$().version = ShortStrings.toShortString(newImplementation.version())
    • $ = MutableStorageLocation
      Mutable.MutableStorageLocation can be used in cross function reentrancies:
  • Mutable.Mutable$()

root/src/mutability/Mutable.sol

Lines 97 to 113 in c1ab099

	function _upgrade(IImplementation newImplementation, bytes memory data) private {
	// validate the upgrade metadata of the new implementation
	if (!Strings.equal(
	(_implementation() == address(0) ? NULL_VERSION : IImplementation(_implementation()).version()),
	newImplementation.predecessor()
	)) revert MutablePredecessorMismatch();
	if (Strings.equal(
	newImplementation.version(),
	ShortStrings.toString(Mutable$().version)
	)) revert MutableVersionMismatch();
	// update the implementation and call its constructor
	ERC1967Utils.upgradeToAndCall(address(newImplementation), abi.encodeCall(IImplementation.construct, (data)));
	// record the new implementation version
	Mutable$().version = ShortStrings.toShortString(newImplementation.version());
	}

unused-return

Impact: Medium
Confidence: Medium

• ID-4
  Token6Lib.approve(Token6,address) ignores return value by IERC20(Token6.unwrap(self)).approve(grantee,type()(uint256).max)

root/src/token/types/Token6.sol

Lines 43 to 45 in c1ab099

	function approve(Token6 self, address grantee) internal {
	IERC20(Token6.unwrap(self)).approve(grantee, type(uint256).max);
	}

• ID-5
  Airdrop.removeDistribution(bytes32) ignores return value by _merkleRoots.remove(merkleRoot)

root/src/distribution/Airdrop.sol

Lines 46 to 51 in c1ab099

	function removeDistribution(bytes32 merkleRoot) external onlyOwner {
	if (!_merkleRoots.contains(merkleRoot)) revert AirdropRootDoesNotExist();
	_merkleRoots.remove(merkleRoot);
	distributions[merkleRoot] = Token18.wrap(address(0));
	emit DistributionRemoved(merkleRoot);
	}

• ID-6
  TokenLib.approve(Token,address,uint256) ignores return value by IERC20(Token.unwrap(self)).approve(grantee,amount)

root/src/token/types/Token.sol

Lines 51 to 53 in c1ab099

	function approve(Token self, address grantee, uint256 amount) internal {
	IERC20(Token.unwrap(self)).approve(grantee, amount);
	}

• ID-7
  Token18Lib.approve(Token18,address,UFixed18) ignores return value by IERC20(Token18.unwrap(self)).approve(grantee,UFixed18.unwrap(amount))

root/src/token/types/Token18.sol

Lines 53 to 55 in c1ab099

	function approve(Token18 self, address grantee, UFixed18 amount) internal {
	IERC20(Token18.unwrap(self)).approve(grantee, UFixed18.unwrap(amount));
	}

• ID-8
  Token6Lib.approve(Token6,address,UFixed6) ignores return value by IERC20(Token6.unwrap(self)).approve(grantee,UFixed6.unwrap(amount))

root/src/token/types/Token6.sol

Lines 54 to 56 in c1ab099

	function approve(Token6 self, address grantee, UFixed6 amount) internal {
	IERC20(Token6.unwrap(self)).approve(grantee, UFixed6.unwrap(amount));
	}

• ID-9
  Airdrop.addDistributions(Token18,bytes32) ignores return value by _merkleRoots.add(merkleRoot)

root/src/distribution/Airdrop.sol

Lines 28 to 34 in c1ab099

	function addDistributions(Token18 token, bytes32 merkleRoot) external override onlyOwner {
	if (_merkleRoots.contains(merkleRoot)) revert AirdropDistributionAlreadyExists();
	distributions[merkleRoot] = token;
	_merkleRoots.add(merkleRoot);
	emit DistributionAdded(token, merkleRoot);
	}

• ID-10
  Mutator.create(IImplementation,bytes) ignores return value by _mutables.add(address(newMutable = new Mutable(implementation,data)))

root/src/mutability/Mutator.sol

Lines 34 to 43 in c1ab099

	function create(
	IImplementation implementation,
	bytes calldata data
	) public onlyOwner returns (IMutableTransparent newMutable) {
	_mutables.add(address(newMutable = new Mutable(implementation, data)));
	_nameToMutable[ShortStrings.toShortString(implementation.name())] = IMutable(address(newMutable));
	// ensure state of new mutable is consistent with mutator
	if (paused()) IMutable(address(newMutable)).pause();
	}

• ID-11
  TokenLib.approve(Token,address) ignores return value by IERC20(Token.unwrap(self)).approve(grantee,type()(uint256).max)

root/src/token/types/Token.sol

Lines 40 to 42 in c1ab099

	function approve(Token self, address grantee) internal {
	IERC20(Token.unwrap(self)).approve(grantee, type(uint256).max);
	}

• ID-12
  Token18Lib.approve(Token18,address) ignores return value by IERC20(Token18.unwrap(self)).approve(grantee,type()(uint256).max)

root/src/token/types/Token18.sol

Lines 43 to 45 in c1ab099

	function approve(Token18 self, address grantee) internal {
	IERC20(Token18.unwrap(self)).approve(grantee, type(uint256).max);
	}

incorrect-modifier

Impact: Low
Confidence: High

• ID-13
  Modifier Attribute.initializer(string) does not always execute _; or revert

root/src/attribute/Attribute.sol

Lines 28 to 32 in c1ab099

	modifier initializer(string memory attribute) {
	if (!_constructing()) revert AttributeNotConstructing();
	if (!Attribute$().attributes[attribute]) _;
	Attribute$().attributes[attribute] = true;
	}

calls-loop

Impact: Low
Confidence: Medium

• ID-14
  Mutator._pause() has external calls inside a loop: IMutable(_mutables.at(i)).pause()
  Calls stack containing the loop:
  Pausable.pause()

root/src/mutability/Mutator.sol

Lines 54 to 57 in c1ab099

	function _pause() internal override {
	for (uint256 i = 0; i < _mutables.length(); i++) IMutable(_mutables.at(i)).pause();
	super._pause();
	}

• ID-15
  Mutator._unpause() has external calls inside a loop: IMutable(_mutables.at(i)).unpause()
  Calls stack containing the loop:
  Pausable.unpause()

root/src/mutability/Mutator.sol

Lines 59 to 62 in c1ab099

	function _unpause() internal override {
	for (uint256 i = 0; i < _mutables.length(); i++) IMutable(_mutables.at(i)).unpause();
	super._unpause();
	}

reentrancy-benign

Impact: Low
Confidence: Medium

• ID-16
  Reentrancy in Mutator._unpause():
  External calls:
  • IMutable(_mutables.at(i)).unpause()
    State variables written after the call(s):
  • super._unpause()
    • $ = PausableStorageLocation

root/src/mutability/Mutator.sol

Lines 59 to 62 in c1ab099

	function _unpause() internal override {
	for (uint256 i = 0; i < _mutables.length(); i++) IMutable(_mutables.at(i)).unpause();
	super._unpause();
	}

• ID-17
  Reentrancy in Mutator._pause():
  External calls:
  • IMutable(_mutables.at(i)).pause()
    State variables written after the call(s):
  • super._pause()
    • $ = PausableStorageLocation

root/src/mutability/Mutator.sol

Lines 54 to 57 in c1ab099

	function _pause() internal override {
	for (uint256 i = 0; i < _mutables.length(); i++) IMutable(_mutables.at(i)).pause();
	super._pause();
	}

• ID-18
  Reentrancy in Mutator.create(IImplementation,bytes):
  External calls:
  • _mutables.add(address(newMutable = new Mutable(implementation,data)))
    State variables written after the call(s):
  • paused()
    • $ = PausableStorageLocation
  • _nameToMutable[ShortStrings.toShortString(implementation.name())] = IMutable(address(newMutable))

root/src/mutability/Mutator.sol

Lines 34 to 43 in c1ab099

	function create(
	IImplementation implementation,
	bytes calldata data
	) public onlyOwner returns (IMutableTransparent newMutable) {
	_mutables.add(address(newMutable = new Mutable(implementation, data)));
	_nameToMutable[ShortStrings.toShortString(implementation.name())] = IMutable(address(newMutable));
	// ensure state of new mutable is consistent with mutator
	if (paused()) IMutable(address(newMutable)).pause();
	}

reentrancy-events

Impact: Low
Confidence: Medium

• ID-19
  Reentrancy in Mutator._pause():
  External calls:
  • IMutable(_mutables.at(i)).pause()
    Event emitted after the call(s):
  • Paused()
    • super._pause()

root/src/mutability/Mutator.sol

Lines 54 to 57 in c1ab099

	function _pause() internal override {
	for (uint256 i = 0; i < _mutables.length(); i++) IMutable(_mutables.at(i)).pause();
	super._pause();
	}

• ID-20
  Reentrancy in Mutable._pause():
  External calls:
  • ERC1967Utils.upgradeToAndCall(_pauseTarget,)
    Event emitted after the call(s):
  • Paused()

root/src/mutability/Mutable.sol

Lines 116 to 120 in c1ab099

	function _pause() private whenUnpaused {
	Mutable$().paused = _implementation();
	ERC1967Utils.upgradeToAndCall(_pauseTarget, "");
	emit Paused();
	}

• ID-21
  Reentrancy in Mutator._unpause():
  External calls:
  • IMutable(_mutables.at(i)).unpause()
    Event emitted after the call(s):
  • Unpaused()
    • super._unpause()

root/src/mutability/Mutator.sol

Lines 59 to 62 in c1ab099

	function _unpause() internal override {
	for (uint256 i = 0; i < _mutables.length(); i++) IMutable(_mutables.at(i)).unpause();
	super._unpause();
	}

• ID-22
  Reentrancy in Mutable._unpause():
  External calls:
  • ERC1967Utils.upgradeToAndCall(Mutable$().paused,)
    Event emitted after the call(s):
  • Unpaused()

root/src/mutability/Mutable.sol

Lines 123 to 127 in c1ab099

	function _unpause() private whenPaused {
	ERC1967Utils.upgradeToAndCall(Mutable$().paused, "");
	Mutable$().paused = address(0);
	emit Unpaused();
	}

dead-code

Impact: Informational
Confidence: Medium

• ID-23
  eq(UFixed18,UFixed18) is never used and should be removed

root/src/number/types/UFixed18.sol

Lines 288 to 290 in c1ab099

	function eq(UFixed18 a, UFixed18 b) pure returns (bool) {
	return UFixed18.unwrap(a) == UFixed18.unwrap(b);
	}

• ID-24
  add(Fixed6,Fixed6) is never used and should be removed

root/src/number/types/Fixed6.sol

Lines 295 to 297 in c1ab099

	function add(Fixed6 a, Fixed6 b) pure returns (Fixed6) {
	return Fixed6.wrap(Fixed6.unwrap(a) + Fixed6.unwrap(b));
	}

• ID-25
  eq(UFixed6,UFixed6) is never used and should be removed

root/src/number/types/UFixed6.sol

Lines 295 to 297 in c1ab099

	function eq(UFixed6 a, UFixed6 b) pure returns (bool) {
	return UFixed6.unwrap(a) == UFixed6.unwrap(b);
	}

• ID-26
  neg(Fixed6) is never used and should be removed

root/src/number/types/Fixed6.sol

Lines 287 to 289 in c1ab099

	function neg(Fixed6 a) pure returns (Fixed6) {
	return Fixed6.wrap(-Fixed6.unwrap(a));
	}

• ID-27
  Implementation._constructing() is never used and should be removed

root/src/mutability/Implementation.sol

Lines 66 to 68 in c1ab099

	function _constructing() internal view override returns (bool) {
	return Implementation$().constructing;
	}

• ID-28
  add(Fixed18,Fixed18) is never used and should be removed

root/src/number/types/Fixed18.sol

Lines 288 to 290 in c1ab099

	function add(Fixed18 a, Fixed18 b) pure returns (Fixed18) {
	return Fixed18.wrap(Fixed18.unwrap(a) + Fixed18.unwrap(b));
	}

• ID-29
  mul(Fixed6,Fixed6) is never used and should be removed

root/src/number/types/Fixed6.sol

Lines 311 to 313 in c1ab099

	function mul(Fixed6 a, Fixed6 b) pure returns (Fixed6) {
	return Fixed6.wrap(Fixed6.unwrap(a) * Fixed6.unwrap(b) / Fixed6Lib.BASE);
	}

• ID-30
  eq(Fixed6,Fixed6) is never used and should be removed

root/src/number/types/Fixed6.sol

Lines 327 to 329 in c1ab099

	function eq(Fixed6 a, Fixed6 b) pure returns (bool) {
	return Fixed6.unwrap(a) == Fixed6.unwrap(b);
	}

• ID-31
  gt(UFixed6,UFixed6) is never used and should be removed

root/src/number/types/UFixed6.sol

Lines 311 to 314 in c1ab099

	function gt(UFixed6 a, UFixed6 b) pure returns (bool) {
	(uint256 au, uint256 bu) = (UFixed6.unwrap(a), UFixed6.unwrap(b));
	return au > bu;
	}

• ID-32
  neq(Fixed6,Fixed6) is never used and should be removed

root/src/number/types/Fixed6.sol

Lines 335 to 337 in c1ab099

	function neq(Fixed6 a, Fixed6 b) pure returns (bool) {
	return Fixed6.unwrap(a) != Fixed6.unwrap(b);
	}

• ID-33
  mul(Fixed18,Fixed18) is never used and should be removed

root/src/number/types/Fixed18.sol

Lines 304 to 306 in c1ab099

	function mul(Fixed18 a, Fixed18 b) pure returns (Fixed18) {
	return Fixed18.wrap(Fixed18.unwrap(a) * Fixed18.unwrap(b) / Fixed18Lib.BASE);
	}

• ID-34
  gt(Fixed6,Fixed6) is never used and should be removed

root/src/number/types/Fixed6.sol

Lines 343 to 346 in c1ab099

	function gt(Fixed6 a, Fixed6 b) pure returns (bool) {
	(int256 au, int256 bu) = (Fixed6.unwrap(a), Fixed6.unwrap(b));
	return au > bu;
	}

• ID-35
  lt(UFixed18,UFixed18) is never used and should be removed

root/src/number/types/UFixed18.sol

Lines 313 to 316 in c1ab099

	function lt(UFixed18 a, UFixed18 b) pure returns (bool) {
	(uint256 au, uint256 bu) = (UFixed18.unwrap(a), UFixed18.unwrap(b));
	return au < bu;
	}

• ID-36
  div(UFixed18,UFixed18) is never used and should be removed

root/src/number/types/UFixed18.sol

Lines 280 to 282 in c1ab099

	function div(UFixed18 a, UFixed18 b) pure returns (UFixed18) {
	return UFixed18.wrap(UFixed18.unwrap(a) * UFixed18Lib.BASE / UFixed18.unwrap(b));
	}

• ID-37
  gte(UFixed6,UFixed6) is never used and should be removed

root/src/number/types/UFixed6.sol

Lines 329 to 331 in c1ab099

	function gte(UFixed6 a, UFixed6 b) pure returns (bool) {
	return eq(a, b) || gt(a, b);
	}

• ID-38
  neg(Fixed18) is never used and should be removed

root/src/number/types/Fixed18.sol

Lines 280 to 282 in c1ab099

	function neg(Fixed18 a) pure returns (Fixed18) {
	return Fixed18.wrap(-Fixed18.unwrap(a));
	}

• ID-39
  sub(Fixed6,Fixed6) is never used and should be removed

root/src/number/types/Fixed6.sol

Lines 303 to 305 in c1ab099

	function sub(Fixed6 a, Fixed6 b) pure returns (Fixed6) {
	return Fixed6.wrap(Fixed6.unwrap(a) - Fixed6.unwrap(b));
	}

• ID-40
  gte(Fixed6,Fixed6) is never used and should be removed

root/src/number/types/Fixed6.sol

Lines 361 to 363 in c1ab099

	function gte(Fixed6 a, Fixed6 b) pure returns (bool) {
	return eq(a, b) || gt(a, b);
	}

• ID-41
  mul(UFixed6,UFixed6) is never used and should be removed

root/src/number/types/UFixed6.sol

Lines 279 to 281 in c1ab099

	function mul(UFixed6 a, UFixed6 b) pure returns (UFixed6) {
	return UFixed6.wrap(UFixed6.unwrap(a) * UFixed6.unwrap(b) / UFixed6Lib.BASE);
	}

• ID-42
  lte(Fixed6,Fixed6) is never used and should be removed

root/src/number/types/Fixed6.sol

Lines 369 to 371 in c1ab099

	function lte(Fixed6 a, Fixed6 b) pure returns (bool) {
	return eq(a, b) || lt(a, b);
	}

• ID-43
  lte(UFixed18,UFixed18) is never used and should be removed

root/src/number/types/UFixed18.sol

Lines 330 to 332 in c1ab099

	function lte(UFixed18 a, UFixed18 b) pure returns (bool) {
	return eq(a, b) || lt(a, b);
	}

• ID-44
  mul(UFixed18,UFixed18) is never used and should be removed

root/src/number/types/UFixed18.sol

Lines 272 to 274 in c1ab099

	function mul(UFixed18 a, UFixed18 b) pure returns (UFixed18) {
	return UFixed18.wrap(UFixed18.unwrap(a) * UFixed18.unwrap(b) / UFixed18Lib.BASE);
	}

• ID-45
  lt(Fixed6,Fixed6) is never used and should be removed

root/src/number/types/Fixed6.sol

Lines 352 to 355 in c1ab099

	function lt(Fixed6 a, Fixed6 b) pure returns (bool) {
	(int256 au, int256 bu) = (Fixed6.unwrap(a), Fixed6.unwrap(b));
	return au < bu;
	}

• ID-46
  div(Fixed6,Fixed6) is never used and should be removed

root/src/number/types/Fixed6.sol

Lines 319 to 321 in c1ab099

	function div(Fixed6 a, Fixed6 b) pure returns (Fixed6) {
	return Fixed6.wrap(Fixed6.unwrap(a) * Fixed6Lib.BASE / Fixed6.unwrap(b));
	}

• ID-47
  neq(UFixed18,UFixed18) is never used and should be removed

root/src/number/types/UFixed18.sol

Lines 296 to 298 in c1ab099

	function neq(UFixed18 a, UFixed18 b) pure returns (bool) {
	return UFixed18.unwrap(a) != UFixed18.unwrap(b);
	}

• ID-48
  Implementation._deployer() is never used and should be removed

root/src/mutability/Implementation.sol

Lines 71 to 73 in c1ab099

	function _deployer() internal view override returns (address) {
	return IMutator(msg.sender).owner();
	}

• ID-49
  div(Fixed18,Fixed18) is never used and should be removed

root/src/number/types/Fixed18.sol

Lines 312 to 314 in c1ab099

	function div(Fixed18 a, Fixed18 b) pure returns (Fixed18) {
	return Fixed18.wrap(Fixed18.unwrap(a) * Fixed18Lib.BASE / Fixed18.unwrap(b));
	}

• ID-50
  lt(UFixed6,UFixed6) is never used and should be removed

root/src/number/types/UFixed6.sol

Lines 320 to 323 in c1ab099

	function lt(UFixed6 a, UFixed6 b) pure returns (bool) {
	(uint256 au, uint256 bu) = (UFixed6.unwrap(a), UFixed6.unwrap(b));
	return au < bu;
	}

• ID-51
  lt(Fixed18,Fixed18) is never used and should be removed

root/src/number/types/Fixed18.sol

Lines 345 to 348 in c1ab099

	function lt(Fixed18 a, Fixed18 b) pure returns (bool) {
	(int256 au, int256 bu) = (Fixed18.unwrap(a), Fixed18.unwrap(b));
	return au < bu;
	}

• ID-52
  gt(Fixed18,Fixed18) is never used and should be removed

root/src/number/types/Fixed18.sol

Lines 336 to 339 in c1ab099

	function gt(Fixed18 a, Fixed18 b) pure returns (bool) {
	(int256 au, int256 bu) = (Fixed18.unwrap(a), Fixed18.unwrap(b));
	return au > bu;
	}

• ID-53
  lte(Fixed18,Fixed18) is never used and should be removed

root/src/number/types/Fixed18.sol

Lines 362 to 364 in c1ab099

	function lte(Fixed18 a, Fixed18 b) pure returns (bool) {
	return eq(a, b) || lt(a, b);
	}

• ID-54
  eq(Fixed18,Fixed18) is never used and should be removed

root/src/number/types/Fixed18.sol

Lines 320 to 322 in c1ab099

	function eq(Fixed18 a, Fixed18 b) pure returns (bool) {
	return Fixed18.unwrap(a) == Fixed18.unwrap(b);
	}

• ID-55
  sub(UFixed18,UFixed18) is never used and should be removed

root/src/number/types/UFixed18.sol

Lines 264 to 266 in c1ab099

	function sub(UFixed18 a, UFixed18 b) pure returns (UFixed18) {
	return UFixed18.wrap(UFixed18.unwrap(a) - UFixed18.unwrap(b));
	}

• ID-56
  neq(UFixed6,UFixed6) is never used and should be removed

root/src/number/types/UFixed6.sol

Lines 303 to 305 in c1ab099

	function neq(UFixed6 a, UFixed6 b) pure returns (bool) {
	return UFixed6.unwrap(a) != UFixed6.unwrap(b);
	}

• ID-57
  gt(UFixed18,UFixed18) is never used and should be removed

root/src/number/types/UFixed18.sol

Lines 304 to 307 in c1ab099

	function gt(UFixed18 a, UFixed18 b) pure returns (bool) {
	(uint256 au, uint256 bu) = (UFixed18.unwrap(a), UFixed18.unwrap(b));
	return au > bu;
	}

• ID-58
  gte(UFixed18,UFixed18) is never used and should be removed

root/src/number/types/UFixed18.sol

Lines 322 to 324 in c1ab099

	function gte(UFixed18 a, UFixed18 b) pure returns (bool) {
	return eq(a, b) || gt(a, b);
	}

• ID-59
  sub(UFixed6,UFixed6) is never used and should be removed

root/src/number/types/UFixed6.sol

Lines 271 to 273 in c1ab099

	function sub(UFixed6 a, UFixed6 b) pure returns (UFixed6) {
	return UFixed6.wrap(UFixed6.unwrap(a) - UFixed6.unwrap(b));
	}

• ID-60
  add(UFixed6,UFixed6) is never used and should be removed

root/src/number/types/UFixed6.sol

Lines 263 to 265 in c1ab099

	function add(UFixed6 a, UFixed6 b) pure returns (UFixed6) {
	return UFixed6.wrap(UFixed6.unwrap(a) + UFixed6.unwrap(b));
	}

• ID-61
  sub(Fixed18,Fixed18) is never used and should be removed

root/src/number/types/Fixed18.sol

Lines 296 to 298 in c1ab099

	function sub(Fixed18 a, Fixed18 b) pure returns (Fixed18) {
	return Fixed18.wrap(Fixed18.unwrap(a) - Fixed18.unwrap(b));
	}

• ID-62
  gte(Fixed18,Fixed18) is never used and should be removed

root/src/number/types/Fixed18.sol

Lines 354 to 356 in c1ab099

	function gte(Fixed18 a, Fixed18 b) pure returns (bool) {
	return eq(a, b) || gt(a, b);
	}

• ID-63
  lte(UFixed6,UFixed6) is never used and should be removed

root/src/number/types/UFixed6.sol

Lines 337 to 339 in c1ab099

	function lte(UFixed6 a, UFixed6 b) pure returns (bool) {
	return eq(a, b) || lt(a, b);
	}

• ID-64
  div(UFixed6,UFixed6) is never used and should be removed

root/src/number/types/UFixed6.sol

Lines 287 to 289 in c1ab099

	function div(UFixed6 a, UFixed6 b) pure returns (UFixed6) {
	return UFixed6.wrap(UFixed6.unwrap(a) * UFixed6Lib.BASE / UFixed6.unwrap(b));
	}

• ID-65
  add(UFixed18,UFixed18) is never used and should be removed

root/src/number/types/UFixed18.sol

Lines 256 to 258 in c1ab099

	function add(UFixed18 a, UFixed18 b) pure returns (UFixed18) {
	return UFixed18.wrap(UFixed18.unwrap(a) + UFixed18.unwrap(b));
	}

• ID-66
  neq(Fixed18,Fixed18) is never used and should be removed

root/src/number/types/Fixed18.sol

Lines 328 to 330 in c1ab099

	function neq(Fixed18 a, Fixed18 b) pure returns (bool) {
	return Fixed18.unwrap(a) != Fixed18.unwrap(b);
	}

solc-version

Impact: Informational
Confidence: High

• ID-67
  Version constraint ^0.8.13 contains known severe issues (https://solidity.readthedocs.io/en/latest/bugs.html)
  • VerbatimInvalidDeduplication
  • FullInlinerNonExpressionSplitArgumentEvaluationOrder
  • MissingSideEffectsOnSelectorAccess
  • StorageWriteRemovalBeforeConditionalTermination
  • AbiReencodingHeadOverflowWithStaticArrayCleanup
  • DirtyBytesArrayToStorage
  • InlineAssemblyMemorySideEffects
  • DataLocationChangeInInternalOverride
  • NestedCalldataArrayAbiReencodingSizeValidation.
    It is used by:
  • ^0.8.13
  • ^0.8.13
  • ^0.8.13
  • ^0.8.13
  • ^0.8.13
  • ^0.8.13
  • ^0.8.13
  • ^0.8.13
  • ^0.8.13
  • ^0.8.13
  • ^0.8.13
  • ^0.8.13
  • ^0.8.13
  • ^0.8.13
  • ^0.8.13
  • ^0.8.13
  • ^0.8.13
  • ^0.8.13
  • ^0.8.13
  • ^0.8.13
  • ^0.8.13
  • ^0.8.13
  • ^0.8.13
  • ^0.8.13
  • ^0.8.13

root/src/attribute/Attribute.sol

Line 2 in c1ab099

pragma solidity ^0.8.13;

• ID-68
  Version constraint ^0.8.19 contains known severe issues (https://solidity.readthedocs.io/en/latest/bugs.html)
  • VerbatimInvalidDeduplication
  • FullInlinerNonExpressionSplitArgumentEvaluationOrder
  • MissingSideEffectsOnSelectorAccess.
    It is used by:
  • ^0.8.19
  • ^0.8.19
  • ^0.8.19

root/src/number/types/Fixed18.sol

Line 2 in c1ab099

pragma solidity ^0.8.19;

• ID-69
  Version constraint >=0.8.20 contains known severe issues (https://solidity.readthedocs.io/en/latest/bugs.html)
  • VerbatimInvalidDeduplication
  • FullInlinerNonExpressionSplitArgumentEvaluationOrder
  • MissingSideEffectsOnSelectorAccess.
    It is used by:
  • >=0.8.20
  • >=0.8.20
  • >=0.8.20

root/src/vrgda/VRGDADecayMath.sol

Line 2 in c1ab099

pragma solidity >=0.8.20;

missing-inheritance

Impact: Informational
Confidence: High

• ID-70
  OwnableStub should inherit from Contract

root/src/utils/OwnableStub.sol

Lines 9 to 15 in c1ab099

	contract OwnableStub {
	/// @notice Accepts ownership of the contract
	/// @dev Can only be called by the pending owner to ensure correctness.
	function acceptOwner(address ownable) external {
	Ownable(ownable).acceptOwner();
	}
	}

• ID-71
  MutablePauseTarget should inherit from Contract

https://github.com/equilibria-xyz/root/blob/c1ab099968cc4a8434a3eb8db942ac8c250477b6/src/mutability/Mutable.sol#L138-L143

naming-convention

Impact: Informational
Confidence: High

• ID-72
  Function Pausable.__Pausable__constructor() is not in mixedCase

root/src/attribute/Pausable.sol

Lines 34 to 36 in c1ab099

	function __Pausable__constructor() internal initializer("Pausable") {
	_updatePauser(_deployer());
	}

• ID-73
  Function Mutable.Mutable$() is not in mixedCase

root/src/mutability/Mutable.sol

Lines 37 to 41 in c1ab099

	function Mutable$() private pure returns (MutableStorage storage $) {
	assembly {
	$.slot := MutableStorageLocation
	}
	}

• ID-74
  Constant Mutable.MutableStorageLocation is not in UPPER_CASE_WITH_UNDERSCORES

root/src/mutability/Mutable.sol

Line 34 in c1ab099

bytes32 private constant MutableStorageLocation = 0xb906736fa3fc696e6c19a856e0f8737e348fda5c7f33a32db99da3b92f19a800;

• ID-75
  Constant Ownable.OwnableStorageLocation is not in UPPER_CASE_WITH_UNDERSCORES

root/src/attribute/Ownable.sol

Line 21 in c1ab099

bytes32 private constant OwnableStorageLocation = 0x863176706c9b4c9b393005d0714f55de5425abea2a0b5dfac67fac0c9e2ffe00;

• ID-76
  Function Ownable.__Ownable__constructor() is not in mixedCase

root/src/attribute/Ownable.sol

Lines 42 to 44 in c1ab099

	function __Ownable__constructor() internal initializer("Ownable") {
	_updateOwner(_deployer());
	}

• ID-77
  Constant Implementation.ImplementationStorageLocation is not in UPPER_CASE_WITH_UNDERSCORES

root/src/mutability/Implementation.sol

Line 21 in c1ab099

bytes32 private constant ImplementationStorageLocation = 0x3c57b102c533ff058ebe9a7c745178ce4174563553bb3edde7874874c532c200;

• ID-78
  Function Ownable.Ownable$() is not in mixedCase

root/src/attribute/Ownable.sol

Lines 24 to 28 in c1ab099

	function Ownable$() private pure returns (OwnableStorage storage $) {
	assembly {
	$.slot := OwnableStorageLocation
	}
	}

• ID-79
  Function Implementation.Implementation$() is not in mixedCase

root/src/mutability/Implementation.sol

Lines 24 to 28 in c1ab099

	function Implementation$() private pure returns (ImplementationStorage storage $) {
	assembly {
	$.slot := ImplementationStorageLocation
	}
	}

• ID-80
  Constant Pausable.PausableStorageLocation is not in UPPER_CASE_WITH_UNDERSCORES

root/src/attribute/Pausable.sol

Line 23 in c1ab099

bytes32 private constant PausableStorageLocation = 0x3f6e81f1674f7eaca7e8904fa6f14f10175d4d641e37fc18a3df849e00101900;

• ID-81
  Function Pausable.Pausable$() is not in mixedCase

root/src/attribute/Pausable.sol

Lines 26 to 30 in c1ab099

	function Pausable$() private pure returns (PausableStorage storage $) {
	assembly {
	$.slot := PausableStorageLocation
	}
	}

• ID-82
  Function Implementation.__constructor(bytes) is not in mixedCase

root/src/mutability/Implementation.sol

Line 76 in c1ab099

function __constructor(bytes memory data) internal virtual returns (string memory);

• ID-83
  Function Attribute.Attribute$() is not in mixedCase

root/src/attribute/Attribute.sol

Lines 20 to 24 in c1ab099

	function Attribute$() private pure returns (AttributeStorage storage $) {
	assembly {
	$.slot := AttributeStorageLocation
	}
	}

• ID-84
  Constant Attribute.AttributeStorageLocation is not in UPPER_CASE_WITH_UNDERSCORES

root/src/attribute/Attribute.sol

Line 17 in c1ab099

bytes32 private constant AttributeStorageLocation = 0x429797e2de2710eed6bc286312ff2c2286e5c3e13ca14d38e450727a132bfa00;

unimplemented-functions

Impact: Informational
Confidence: High

• ID-85
  Withdrawable does not implement functions:
  • Contract._constructing()
  • Contract._deployer()

root/src/attribute/Withdrawable.sol

Lines 11 to 18 in c1ab099

	abstract contract Withdrawable is IWithdrawable, Attribute, Ownable {
	/// @notice Withdraws all ERC20 tokens from the contract to the owner
	/// @dev Can only be called by the owner
	/// @param token Address of the ERC20 token
	function withdraw(Token18 token) public virtual onlyOwner {
	token.push(owner());
	}
	}

• ID-86
  Implementation does not implement functions:
  • Implementation.__constructor(bytes)
  • Implementation.name()

root/src/mutability/Implementation.sol

Lines 13 to 77 in c1ab099

	abstract contract Implementation is IImplementation, Contract {
	/// @custom:storage-location erc7201:equilibria.root.Implementation
	struct ImplementationStorage {
	bool constructing;
	}
	/// @dev The erc7201 storage location of the mix-in
	// solhint-disable-next-line const-name-snakecase
	bytes32 private constant ImplementationStorageLocation = 0x3c57b102c533ff058ebe9a7c745178ce4174563553bb3edde7874874c532c200;
	/// @dev The erc7201 storage of the mix-in
	function Implementation$() private pure returns (ImplementationStorage storage $) {
	assembly {
	$.slot := ImplementationStorageLocation
	}
	}
	/// @dev The version of this implementation.
	ShortString private immutable _version;
	/// @dev The version of the predecessor implementation.
	ShortString private immutable _predecessor;
	/// @dev Constructor for the implementation.
	constructor(string memory version_, string memory predecessor_) {
	_version = ShortStrings.toShortString(version_);
	_predecessor = ShortStrings.toShortString(predecessor_);
	}
	/// @dev The name of the implementation.
	function name() external view virtual returns (string memory);
	/// @dev The version of this implementation.
	function version() public view virtual returns (string memory) {
	return ShortStrings.toString(_version);
	}
	/// @dev The version of the predecessor implementation.
	function predecessor() external view virtual returns (string memory) {
	return ShortStrings.toString(_predecessor);
	}
	/// @dev Called at upgrade time to initialize the contract with `data`.
	function construct(bytes memory data) external {
	Implementation$().constructing = true;
	string memory constructorVersion = __constructor(data);
	if (!Strings.equal(constructorVersion, version())) revert ImplementationConstructorVersionMismatch();
	Implementation$().constructing = false;
	}
	/// @dev Whether the contract is initializing.
	function _constructing() internal view override returns (bool) {
	return Implementation$().constructing;
	}
	/// @dev The deployer of the contract.
	function _deployer() internal view override returns (address) {
	return IMutator(msg.sender).owner();
	}
	/// @dev Hook for inheriting contracts to construct the contract.
	function __constructor(bytes memory data) internal virtual returns (string memory);
	}

• ID-87
  Delegatable does not implement functions:
  • Contract._constructing()
  • Contract._deployer()

root/src/attribute/Delegatable.sol

Lines 12 to 20 in c1ab099

	abstract contract Delegatable is IDelegatable, Attribute, Ownable {
	/// @notice Delegates voting power for a specific token to an address
	/// @dev Can only be called by the owner
	/// @param token The IVotes-compatible token to delegate
	/// @param delegatee The address to delegate voting power to
	function delegate(IVotes token, address delegatee) public virtual onlyOwner {
	token.delegate(delegatee);
	}
	}

• ID-88
  Executable does not implement functions:
  • Contract._constructing()
  • Contract._deployer()

root/src/attribute/Executable.sol

Lines 12 to 21 in c1ab099

	abstract contract Executable is IExecutable, Attribute, Ownable {
	/// @notice Executes a call to a target contract
	/// @dev Can only be called by the owner
	/// @param target Address of the target contract
	/// @param data Calldata to be executed
	/// @return result The result of the call
	function execute(address target, bytes calldata data) public payable virtual onlyOwner returns (bytes memory) {
	return Address.functionCallWithValue(target, data, msg.value);
	}
	}