Metadata-Version: 2.1
Name: napalm-core
Version: 0.1.2
Summary: Your project to manage napalm detection modules
License: AGPL-3.0
Requires-Python: >=3.10,<4.0
Classifier: License :: OSI Approved :: GNU Affero General Public License v3
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Requires-Dist: slither-analyzer (>=0.10,<0.11)
Description-Content-Type: text/markdown

# 🔥 Napalm Package: napalm-core
This is an automatically generated report on the detectors in this package.

Some quick stats:
  - 3 collections
  - 19 detectors

## optimisations modules:
  | ID | Description | Severity |
  | ------ | ----------- | -------- |
  | storage-variable-bool | Using bool as a storage variable is more expensive than uint256 or other types that fill a whole 256 bit word. | INFO |
  | cache-array-length-loop | The compiler will re-execute each instance of .length for each loop iteration. Caching the length will reduce the amount of sloads necessary to perform the operation. | INFO |
  | initialize-default-value | Initializing variables with their default value leads to unnecessary gas expenditure | INFO |

## indicators modules:
  | ID | Description | Severity |
  | ------ | ----------- | -------- |
  | math-in-unsafe-block | Mathematical operators in unsafe blocks are not checked for under flows or overflows. | INFO |
  | use-of-privilege-to-protect-sensitive-functions | It's necessary to implement proper controls on wallet security when  privileged functions are used to protect sensitive functions. | INFO |
  | import-safetransfer-solmate | Solmate's SafeTransferLib doesn't perform the same checks SafeERC20 does, in particular it doesn't check if a contract exists leading to potential vulnerabilities. | INFO |
  | block-number-l2 | Solidity's block.number semantics are not consistent on L2s, leading to potential vulnerabilities. | INFO |
  | push-0-solc-version | Your solidity version uses PUSH0 which is not supported by all chains. | INFO |

## detectors modules:
  | ID | Description | Severity |
  | ------ | ----------- | -------- |
  | int-cast-block-timestamp | Casting block.timestamp can lead to reduced precision and unexpected behavior, consider not casting instead. | WARNING |
  | use-of-unsafe-erc20-functions | The ERC20 implementation does not automatically include checks that ensure the success of the operation. Using the OpenZeppelin's SafeERC20 library is recommended. | INFO |
  | block-timestamp-swap | Passing block.timestamp as the deadline effectively removes the deadline functionality which prevents malicious validators from holding back transactions to execute them at a later time. | WARNING |
  | dos-push-array-loop | Potential Denial of Service when users can push to an array that's irreducible and looped over. | HIGH |
  | chainlink-circuit-breaker | Vulnerable to exploitation in case of a Chainlink circuit breaker event. | HIGH |
  | unchecked-create-2 | Unchecked return value for CREATE2 call. | MEDIUM |
  | unchecked-approve | Unchecked token approve | HIGH |
  | unchecked-equation-modifier | Potential lack of input control due to missing requires checks. | HIGH |
  | erc721-transfer-from-stuck | transferFrom call on ERC721 can lead to stuck tokens | HIGH |
  | erc721-mint-stuck | _mint call on ERC721 can lead to stuck tokens | HIGH |
  | erc20-approve-call | Potential Denial of Service when tokens don't implement approve() consistently ( e.g. USDT ). | HIGH |

