Quant audit fixes

README.md

@@ -115,6 +115,7 @@ docker-compose up
 docker-compose exec contracts-env bash
 
 # A new Bash terminal is prompted, connected to the container
+npm run compile
 npm run test
 ```
 

contracts/adapters/BaseUniswapAdapter.sol

@@ -28,7 +28,7 @@ abstract contract BaseUniswapAdapter is FlashLoanReceiverBase, IBaseUniswapAdapt
 
   // Max slippage percent allowed
   uint256 public constant override MAX_SLIPPAGE_PERCENT = 3000; // 30%
-  // FLash Loan fee set in lending pool
+  // Flash Loan fee set in lending pool
   uint256 public constant override FLASHLOAN_PREMIUM_TOTAL = 9;
   // USD oracle asset address
   address public constant override USD_ADDRESS = 0x10F7Fc1F91Ba351f9C629c5947AD69bD03C05b96;
@@ -207,7 +207,7 @@ abstract contract BaseUniswapAdapter is FlashLoanReceiverBase, IBaseUniswapAdapt
         .div(fromAssetPrice.mul(10**toAssetDecimals))
         .percentMul(PercentageMath.PERCENTAGE_FACTOR.add(MAX_SLIPPAGE_PERCENT));
 
-    require(maxAmountToSwap < expectedMaxAmountToSwap, 'maxAmountToSwap exceed max slippage');
+    require(maxAmountToSwap <= expectedMaxAmountToSwap, 'maxAmountToSwap exceed max slippage');
 
     // Approves the transfer for the swap. Approves for 0 first to comply with tokens that implement the anti frontrunning approval fix.
     IERC20(assetToSwapFrom).safeApprove(address(UNISWAP_ROUTER), 0);

contracts/interfaces/ILendingPool.sol

@@ -396,7 +396,7 @@ interface ILendingPool {
     address from,
     address to,
     uint256 amount,
-    uint256 balanceFromAfter,
+    uint256 balanceFromBefore,
     uint256 balanceToBefore
   ) external;
 

contracts/misc/AaveOracle.sol

@@ -7,6 +7,7 @@ import {IERC20} from '../dependencies/openzeppelin/contracts/IERC20.sol';
 import {IPriceOracleGetter} from '../interfaces/IPriceOracleGetter.sol';
 import {IChainlinkAggregator} from '../interfaces/IChainlinkAggregator.sol';
 import {SafeERC20} from '../dependencies/openzeppelin/contracts/SafeERC20.sol';
+import {SafeMath} from '../dependencies/openzeppelin/contracts/SafeMath.sol';
 
 /// @title AaveOracle
 /// @author Aave
@@ -17,6 +18,7 @@ import {SafeERC20} from '../dependencies/openzeppelin/contracts/SafeERC20.sol';
 ///   and change the fallbackOracle
 contract AaveOracle is IPriceOracleGetter, Ownable {
   using SafeERC20 for IERC20;
+  using SafeMath for uint256;
 
   event WethSet(address indexed weth);
   event AssetSourceUpdated(address indexed asset, address indexed source);
@@ -89,7 +91,8 @@ contract AaveOracle is IPriceOracleGetter, Ownable {
       return _fallbackOracle.getAssetPrice(asset);
     } else {
       int256 price = IChainlinkAggregator(source).latestAnswer();
-      if (price > 0) {
+      uint256 reportTime = IChainlinkAggregator(source).latestTimestamp();
+      if (price > 0 && (block.timestamp.sub(reportTime) < 10 minutes)) {
         return uint256(price);
       } else {
         return _fallbackOracle.getAssetPrice(asset);

contracts/misc/UiPoolDataProvider.sol

@@ -95,7 +95,7 @@ contract UiPoolDataProvider is IUiPoolDataProvider {
 
       // reserve configuration
 
-      // we're getting this info from the aToken, because some of assets can be not compliant with ETC20Detailed
+      // we're getting this info from the aToken, because some of assets can be not compliant with ERC20Detailed
       reserveData.symbol = IERC20Detailed(reserveData.aTokenAddress).symbol();
       reserveData.name = '';
 

contracts/misc/WETHGateway.sol

@@ -111,19 +111,19 @@ contract WETHGateway is IWETHGateway, Ownable {
    * @dev borrow WETH, unwraps to ETH and send both the ETH and DebtTokens to msg.sender, via `approveDelegation` and onBehalf argument in `LendingPool.borrow`.
    * @param lendingPool address of the targeted underlying lending pool
    * @param amount the amount of ETH to borrow
-   * @param interesRateMode the interest rate mode
+   * @param interestRateMode the interest rate mode
    * @param referralCode integrators are assigned a referral code and can potentially receive rewards
    */
   function borrowETH(
     address lendingPool,
     uint256 amount,
-    uint256 interesRateMode,
+    uint256 interestRateMode,
     uint16 referralCode
   ) external override {
     ILendingPool(lendingPool).borrow(
       address(WETH),
       amount,
-      interesRateMode,
+      interestRateMode,
       referralCode,
       msg.sender
     );

contracts/misc/interfaces/IUiPoolDataProvider.sol

@@ -42,11 +42,6 @@ interface IUiPoolDataProvider {
     uint256 stableRateSlope1;
     uint256 stableRateSlope2;
   }
-  //
-  //  struct ReserveData {
-  //    uint256 averageStableBorrowRate;
-  //    uint256 totalLiquidity;
-  //  }
 
   struct UserReserveData {
     address underlyingAsset;
@@ -58,15 +53,6 @@ interface IUiPoolDataProvider {
     uint256 stableBorrowLastUpdateTimestamp;
   }
 
-  //
-  //  struct ATokenSupplyData {
-  //    string name;
-  //    string symbol;
-  //    uint8 decimals;
-  //    uint256 totalSupply;
-  //    address aTokenAddress;
-  //  }
-
   function getReservesData(ILendingPoolAddressesProvider provider, address user)
     external
     view
@@ -75,19 +61,4 @@ interface IUiPoolDataProvider {
       UserReserveData[] memory,
       uint256
     );
-
-  //  function getUserReservesData(ILendingPoolAddressesProvider provider, address user)
-  //    external
-  //    view
-  //    returns (UserReserveData[] memory);
-  //
-  //  function getAllATokenSupply(ILendingPoolAddressesProvider provider)
-  //    external
-  //    view
-  //    returns (ATokenSupplyData[] memory);
-  //
-  //  function getATokenSupply(address[] calldata aTokens)
-  //    external
-  //    view
-  //    returns (ATokenSupplyData[] memory);
 }

contracts/mocks/oracle/PriceOracle.sol

@@ -4,8 +4,8 @@ pragma solidity 0.6.12;
 import {IPriceOracle} from '../../interfaces/IPriceOracle.sol';
 
 contract PriceOracle is IPriceOracle {
-  mapping(address => uint256) prices;
-  uint256 ethPriceUsd;
+  mapping(address => uint256) internal prices;
+  uint256 internal ethPriceUsd;
 
   event AssetPriceUpdated(address _asset, uint256 _price, uint256 timestamp);
   event EthPriceUpdated(uint256 _price, uint256 timestamp);

contracts/protocol/lendingpool/LendingPool.sol

@@ -292,7 +292,7 @@ contract LendingPool is VersionedInitializable, ILendingPool, LendingPoolStorage
   /**
    * @dev Allows a borrower to swap his debt between stable and variable mode, or viceversa
    * @param asset The address of the underlying asset borrowed
-   * @param rateMode The rate mode that the user wants to swap to
+   * @param rateMode The rate mode that the user wants to swap from
    **/
   function swapBorrowRateMode(address asset, uint256 rateMode) external override whenNotPaused {
     DataTypes.ReserveData storage reserve = _reserves[asset];
@@ -713,7 +713,7 @@ contract LendingPool is VersionedInitializable, ILendingPool, LendingPoolStorage
   }
 
   /**
-   * @dev Returns the fee on flash loans 
+   * @dev Returns the fee on flash loans
    */
   function FLASHLOAN_PREMIUM_TOTAL() public view returns (uint256) {
     return _flashLoanPremiumTotal;

contracts/protocol/tokenization/StableDebtToken.sol

@@ -171,6 +171,10 @@ contract StableDebtToken is IStableDebtToken, DebtTokenBase {
       .add(rate.rayMul(vars.amountInRay))
       .rayDiv(vars.nextSupply.wadToRay());
 
+    if (balanceIncrease > 0) {
+      emit Transfer(address(0), onBehalfOf, balanceIncrease);
+    }
+
     _mint(onBehalfOf, amount.add(balanceIncrease), vars.previousSupply);
 
     emit Transfer(address(0), onBehalfOf, amount);
@@ -234,6 +238,10 @@ contract StableDebtToken is IStableDebtToken, DebtTokenBase {
     //solium-disable-next-line
     _totalSupplyTimestamp = uint40(block.timestamp);
 
+    if (balanceIncrease > 0) {
+      emit Transfer(address(0), user, balanceIncrease);
+    }
+
     if (balanceIncrease > amount) {
       uint256 amountToMint = balanceIncrease.sub(amount);
       _mint(user, amountToMint, previousSupply);