Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix #2

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix #2

wants to merge 1 commit into from

Conversation

matiascabello
Copy link
Owner

No description provided.

@github-actions GitHub Actions
Copy link

Scout Report - Workspace - 2024-11-21

Summary

Crate Status Critical Medium Minor Enhancement
governance Analyzed 8 4 0 4

Issues found:

Panic

Assert Violation

Impact: Medium

Issue: Assert causes panic. Instead, return a proper error.

Description: Assert causes panic. Instead, return a proper error.

Learn More

Findings

ID Package File Location
0 src lib.rs:91:28 - 91:55
1 src lib.rs:163:9 - 163:50
2 src lib.rs:191:9 - 191:69

Best Practices

Storage change event checker

Impact: Enhancement

Issue:

Description: Emiting an event when storage changes is a good practice to make the contracts more transparent and usable to its clients and observers

Learn More

Findings

ID Package File Location
13 src lib.rs:71:5 - 78:30
14 src lib.rs:111:5 - 117:30
15 src lib.rs:148:5 - 153:30

Arithmetic

Integer Overflow/Underflow

Impact: Critical

Issue: Potential for integer arithmetic overflow/underflow. Consider checked, wrapping or saturating arithmetic.

Description: An overflow/underflow is typically caught and generates an error. When it is not caught, the operation will result in an inexact result which could lead to serious problems.

Learn More

Findings

ID Package File Location
4 src lib.rs:125:9 - 125:30
5 src lib.rs:135:30 - 135:55
6 src lib.rs:178:13 - 178:41
7 src lib.rs:180:13 - 180:41
8 src lib.rs:195:27 - 195:76
9 src lib.rs:196:40 - 196:76
10 src lib.rs:198:12 - 198:56
11 src lib.rs:206:20 - 206:79

Validations and error handling

Unsafe Unwrap

Impact: Medium

Issue: Unsafe usage of unwrap

Description: This vulnerability class pertains to the inappropriate usage of the unwrap method in Rust, which is commonly employed for error handling. The unwrap method retrieves the inner value of an Option or Result, but if an error or None occurs, it triggers a panic and crashes the program.

Learn More

Findings

ID Package File Location
12 src lib.rs:204:34 - 204:73

Best practices

Check Soroban version

Impact: Enhancement

Issue: Use the latest version of Soroban

Description: Using a older version of Soroban can be dangerous, as it may have bugs or security issues. Use the latest version available.

Learn More

Findings

ID Package File Location
3 src lib.rs:1:1 - 1:1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@matiascabello