Add fallback blocker to Implementation

[kbrizzle]

Adds fallback() and receive() to Implementation that revert when called directly (not via proxy delegatecall), preventing ETH from getting stuck in the implementation and blocking undefined-selector calls on the implementation's storage.

Uses the address(this) == __self immutable pattern from OZ's UUPSUpgradeable._checkProxy().

---

Note

Medium Risk
Changes core upgradeable Implementation behavior by introducing new fallback/receive revert paths, which could affect integrations that previously (intentionally or accidentally) interacted with implementation addresses. Proxy behavior should be unaffected, but the guard must be correct to avoid breaking delegatecall usage.

Overview
Prevents direct interaction with upgradeable implementation contracts by adding fallback() and receive() guards to Implementation that revert with the new ImplementationDeniedDirectAccess error when not executing behind a proxy.

Updates tests to cover the new direct-access protection (direct unknown-selector calls and ETH transfers now revert, while the proxy path remains allowed) and adjusts several test casts to payable(address(...)) to satisfy Solidity’s address-payable requirements.

^{Written by Cursor Bugbot for commit 1394122. This will update automatically on new commits. Configure here.}

Summary by CodeRabbit

Release Notes

• New Features

  • Implementation contract now blocks direct (non-proxy) access attempts and ETH transfers, preventing unauthorized direct interactions.

• Tests

  • Added comprehensive test coverage for direct access control, validating that direct calls and transfers are blocked while proxy-routed operations function normally.

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR introduces direct-access guards to the implementation contract by adding an immutable __self address and fallback/receive functions that prevent non-proxy calls and direct ETH transfers, reverting with a new ImplementationDeniedDirectAccess error. Test files are updated with address casting adjustments and new coverage for access control validation.

Changes

Cohort / File(s)	Summary
Direct Access Control Implementation src/mutability/Implementation.sol, src/mutability/interfaces/IImplementation.sol	Adds immutable __self address and fallback() / receive() functions that reject direct access to implementation contract with new ImplementationDeniedDirectAccess error.
Test Suite Address Casting Updates test/mutability/MutabilityTest.sol, test/mutability/Mutator.t.sol	Updates address casting from address(mutableContract) to payable(address(mutableContract)) across test setup and assertions for proxy initialization compatibility.
Test Coverage for Direct Access Control test/mutability/Mutable.t.sol	Adds MutableTestDirectAccess contract with four test functions validating that direct calls and ETH transfers to implementation revert with ImplementationDeniedDirectAccess, while proxy-routed calls succeed.

Sequence Diagram

sequenceDiagram
    participant Client
    participant Proxy
    participant Impl as Implementation

    rect rgba(100, 150, 200, 0.5)
    Note over Client,Impl: Direct Call (Blocked)
    Client->>Impl: call unknown selector
    Impl->>Impl: check __self == address(this)
    Impl-->>Client: revert ImplementationDeniedDirectAccess
    end

    rect rgba(100, 200, 150, 0.5)
    Note over Client,Impl: Proxy Call (Allowed)
    Client->>Proxy: call unknown selector
    Proxy->>Impl: delegatecall (__self != address(this))
    Impl-->>Proxy: fallback processes call
    Proxy-->>Client: return result
    end

    rect rgba(200, 100, 100, 0.5)
    Note over Client,Impl: Direct ETH Transfer (Blocked)
    Client->>Impl: send ETH
    Impl->>Impl: check __self == address(this)
    Impl-->>Client: revert ImplementationDeniedDirectAccess
    end

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~13 minutes

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately captures the main change: adding fallback protection to the Implementation contract to block direct access.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

• 📝 Generate docstrings (stacked PR)
• 📝 Generate docstrings (commit on current branch)

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch worktree-fallback-blocker

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

Unit Test Coverage Report

Coverage after merging worktree-fallback-blocker into master will be

100.00%

Coverage Report

File	Stmts	Branches	Funcs	Lines	Uncovered Lines
src/attribute
Attribute.sol	90%	50%	100%	100%	30
Delegatable.sol	100%	100%	100%	100%
Executable.sol	100%	100%	100%	100%
Ownable.sol	100%	100%	100%	100%
Pausable.sol	100%	100%	100%	100%
Withdrawable.sol	100%	100%	100%	100%
src/distribution
Airdrop.sol	100%	100%	100%	100%
Treasury.sol	100%	100%	100%	100%
src/mutability
Derived.sol	100%	100%	100%	100%
Implementation.sol	100%	100%	100%	100%
Mutable.sol	100%	100%	100%	100%
Mutator.sol	100%	100%	100%	100%
src/number
NumberMath.sol	100%	100%	100%	100%
src/number/types
Fixed18.sol	100%	100%	100%	100%
Fixed6.sol	100%	100%	100%	100%
UFixed18.sol	100%	100%	100%	100%
UFixed6.sol	100%	100%	100%	100%
src/token/types
Token.sol	100%	100%	100%	100%
Token18.sol	100%	100%	100%	100%
Token6.sol	100%	100%	100%	100%
src/utils
OwnableStub.sol	100%	100%	100%	100%
console.sol	99.89%	60%	100%	100%	44, 65
src/vrgda
VRGDADecayMath.sol	100%	100%	100%	100%
VRGDAIssuanceMath.sol	100%	100%	100%	100%
src/vrgda/types
LinearExponentialVRGDA.sol	100%	100%	100%	100%

[github-actions]

Slither report

Static Analysis Report

**THIS CHECKLIST IS NOT COMPLETE**. Use `--show-ignored-findings` to show all the results. Summary - [locked-ether](#locked-ether) (2 results) (Medium) - [reentrancy-no-eth](#reentrancy-no-eth) (3 results) (Medium) - [unused-return](#unused-return) (9 results) (Medium) - [incorrect-modifier](#incorrect-modifier) (1 results) (Low) - [calls-loop](#calls-loop) (2 results) (Low) - [reentrancy-benign](#reentrancy-benign) (3 results) (Low) - [reentrancy-events](#reentrancy-events) (4 results) (Low) - [dead-code](#dead-code) (44 results) (Informational) - [solc-version](#solc-version) (3 results) (Informational) - [missing-inheritance](#missing-inheritance) (2 results) (Informational) - [naming-convention](#naming-convention) (14 results) (Informational) - [unimplemented-functions](#unimplemented-functions) (4 results) (Informational) - [unindexed-event-address](#unindexed-event-address) (1 results) (Informational) ## locked-ether Impact: Medium Confidence: High - [ ] ID-0 Contract locking ether found: Contract [Implementation](https://github.com/equilibria-xyz/root/blob/375b2632c93ec88ee4105c2889c1bbe496003e9e/src/mutability/Implementation.sol#L13-L90) has payable functions: - [Implementation.fallback()](https://github.com/equilibria-xyz/root/blob/375b2632c93ec88ee4105c2889c1bbe496003e9e/src/mutability/Implementation.sol#L82-L84) - [Implementation.receive()](https://github.com/equilibria-xyz/root/blob/375b2632c93ec88ee4105c2889c1bbe496003e9e/src/mutability/Implementation.sol#L87-L89) But does not have a function to withdraw the ether

root/src/mutability/Implementation.sol

Lines 13 to 90 in 375b263

	abstract contract Implementation is IImplementation, Contract {
	/// @custom:storage-location erc7201:equilibria.root.Implementation
	struct ImplementationStorage {
	bool constructing;
	}
	/// @dev The erc7201 storage location of the mix-in
	// solhint-disable-next-line const-name-snakecase
	bytes32 private constant ImplementationStorageLocation = 0x3c57b102c533ff058ebe9a7c745178ce4174563553bb3edde7874874c532c200;
	/// @dev The erc7201 storage of the mix-in
	function Implementation$() private pure returns (ImplementationStorage storage $) {
	assembly {
	$.slot := ImplementationStorageLocation
	}
	}
	/// @dev The address of this implementation, used to detect direct (non-proxy) calls.
	address private immutable __self = address(this);
	/// @dev The version of this implementation.
	ShortString private immutable _version;
	/// @dev The version of the predecessor implementation.
	ShortString private immutable _predecessor;
	/// @dev Constructor for the implementation.
	constructor(string memory version_, string memory predecessor_) {
	_version = ShortStrings.toShortString(version_);
	_predecessor = ShortStrings.toShortString(predecessor_);
	}
	/// @dev The name of the implementation.
	function name() external view virtual returns (string memory);
	/// @dev The version of this implementation.
	function version() public view virtual returns (string memory) {
	return ShortStrings.toString(_version);
	}
	/// @dev The version of the predecessor implementation.
	function predecessor() external view virtual returns (string memory) {
	return ShortStrings.toString(_predecessor);
	}
	/// @dev Called at upgrade time to initialize the contract with `data`.
	function construct(bytes memory data) external {
	Implementation$().constructing = true;
	string memory constructorVersion = __constructor(data);
	if (!Strings.equal(constructorVersion, version())) revert ImplementationConstructorVersionMismatch();
	Implementation$().constructing = false;
	}
	/// @dev Whether the contract is initializing.
	function _constructing() internal view override returns (bool) {
	return Implementation$().constructing;
	}
	/// @dev The deployer of the contract.
	function _deployer() internal view override returns (address) {
	return IMutator(msg.sender).owner();
	}
	/// @dev Hook for inheriting contracts to construct the contract.
	function __constructor(bytes memory data) internal virtual returns (string memory);
	/// @dev Blocks direct (non-proxy) calls to the implementation.
	fallback() external payable {
	if (address(this) == __self) revert ImplementationDeniedDirectAccess();
	}
	/// @dev Blocks direct (non-proxy) ETH transfers to the implementation.
	receive() external payable {
	if (address(this) == __self) revert ImplementationDeniedDirectAccess();
	}
	}

• ID-1
  Contract locking ether found:
  Contract MutablePauseTarget has payable functions:
  • MutablePauseTarget.fallback()
    But does not have a function to withdraw the ether

https://github.com/equilibria-xyz/root/blob/375b2632c93ec88ee4105c2889c1bbe496003e9e/src/mutability/Mutable.sol#L138-L143

reentrancy-no-eth

Impact: Medium
Confidence: Medium

• ID-2
  Reentrancy in Mutator.create(IImplementation,bytes):
  External calls:
  • _mutables.add(address(newMutable = new Mutable(implementation,data)))
    State variables written after the call(s):
  • _nameToMutable[name] = IMutable(address(newMutable))
    Mutator._nameToMutable can be used in cross function reentrancies:
  • Mutator.create(IImplementation,bytes)
  • Mutator.upgrade(IImplementation,bytes)

root/src/mutability/Mutator.sol

Lines 34 to 46 in 375b263

	function create(
	IImplementation implementation,
	bytes calldata data
	) public onlyOwner returns (IMutableTransparent newMutable) {
	ShortString name = ShortStrings.toShortString(implementation.name());
	if (_nameToMutable[name] != IMutable(address(0))) revert MutatorMutableAlreadyExists();
	_mutables.add(address(newMutable = new Mutable(implementation, data)));
	_nameToMutable[name] = IMutable(address(newMutable));
	// ensure state of new mutable is consistent with mutator
	if (paused()) IMutable(address(newMutable)).pause();
	}

• ID-3
  Reentrancy in Mutable._unpause():
  External calls:
  • ERC1967Utils.upgradeToAndCall(Mutable$().paused,)
    State variables written after the call(s):
  • Mutable$().paused = address(0)
    • $ = MutableStorageLocation
      Mutable.MutableStorageLocation can be used in cross function reentrancies:
  • Mutable.Mutable$()

root/src/mutability/Mutable.sol

Lines 123 to 127 in 375b263

	function _unpause() private whenPaused {
	ERC1967Utils.upgradeToAndCall(Mutable$().paused, "");
	Mutable$().paused = address(0);
	emit Unpaused();
	}

• ID-4
  Reentrancy in Mutable._upgrade(IImplementation,bytes):
  External calls:
  • ERC1967Utils.upgradeToAndCall(address(newImplementation),abi.encodeCall(IImplementation.construct,(data)))
    State variables written after the call(s):
  • Mutable$().version = ShortStrings.toShortString(newImplementation.version())
    • $ = MutableStorageLocation
      Mutable.MutableStorageLocation can be used in cross function reentrancies:
  • Mutable.Mutable$()

root/src/mutability/Mutable.sol

Lines 97 to 113 in 375b263

	function _upgrade(IImplementation newImplementation, bytes memory data) private {
	// validate the upgrade metadata of the new implementation
	if (!Strings.equal(
	(_implementation() == address(0) ? NULL_VERSION : IImplementation(_implementation()).version()),
	newImplementation.predecessor()
	)) revert MutablePredecessorMismatch();
	if (Strings.equal(
	newImplementation.version(),
	ShortStrings.toString(Mutable$().version)
	)) revert MutableVersionMismatch();
	// update the implementation and call its constructor
	ERC1967Utils.upgradeToAndCall(address(newImplementation), abi.encodeCall(IImplementation.construct, (data)));
	// record the new implementation version
	Mutable$().version = ShortStrings.toShortString(newImplementation.version());
	}

unused-return

Impact: Medium
Confidence: Medium

• ID-5
  Token6Lib.approve(Token6,address) ignores return value by IERC20(Token6.unwrap(self)).approve(grantee,type()(uint256).max)

root/src/token/types/Token6.sol

Lines 43 to 45 in 375b263

	function approve(Token6 self, address grantee) internal {
	IERC20(Token6.unwrap(self)).approve(grantee, type(uint256).max);
	}

• ID-6
  Airdrop.removeDistribution(bytes32) ignores return value by _merkleRoots.remove(merkleRoot)

root/src/distribution/Airdrop.sol

Lines 46 to 51 in 375b263

	function removeDistribution(bytes32 merkleRoot) external onlyOwner {
	if (!_merkleRoots.contains(merkleRoot)) revert AirdropRootDoesNotExist();
	_merkleRoots.remove(merkleRoot);
	distributions[merkleRoot] = Token18.wrap(address(0));
	emit DistributionRemoved(merkleRoot);
	}

• ID-7
  TokenLib.approve(Token,address,uint256) ignores return value by IERC20(Token.unwrap(self)).approve(grantee,amount)

root/src/token/types/Token.sol

Lines 51 to 53 in 375b263

	function approve(Token self, address grantee, uint256 amount) internal {
	IERC20(Token.unwrap(self)).approve(grantee, amount);
	}

• ID-8
  Token18Lib.approve(Token18,address,UFixed18) ignores return value by IERC20(Token18.unwrap(self)).approve(grantee,UFixed18.unwrap(amount))

root/src/token/types/Token18.sol

Lines 53 to 55 in 375b263

	function approve(Token18 self, address grantee, UFixed18 amount) internal {
	IERC20(Token18.unwrap(self)).approve(grantee, UFixed18.unwrap(amount));
	}

• ID-9
  Token6Lib.approve(Token6,address,UFixed6) ignores return value by IERC20(Token6.unwrap(self)).approve(grantee,UFixed6.unwrap(amount))

root/src/token/types/Token6.sol

Lines 54 to 56 in 375b263

	function approve(Token6 self, address grantee, UFixed6 amount) internal {
	IERC20(Token6.unwrap(self)).approve(grantee, UFixed6.unwrap(amount));
	}

• ID-10
  Airdrop.addDistributions(Token18,bytes32) ignores return value by _merkleRoots.add(merkleRoot)

root/src/distribution/Airdrop.sol

Lines 28 to 34 in 375b263

	function addDistributions(Token18 token, bytes32 merkleRoot) external override onlyOwner {
	if (_merkleRoots.contains(merkleRoot)) revert AirdropDistributionAlreadyExists();
	distributions[merkleRoot] = token;
	_merkleRoots.add(merkleRoot);
	emit DistributionAdded(token, merkleRoot);
	}

• ID-11
  TokenLib.approve(Token,address) ignores return value by IERC20(Token.unwrap(self)).approve(grantee,type()(uint256).max)

root/src/token/types/Token.sol

Lines 40 to 42 in 375b263

	function approve(Token self, address grantee) internal {
	IERC20(Token.unwrap(self)).approve(grantee, type(uint256).max);
	}

• ID-12
  Mutator.create(IImplementation,bytes) ignores return value by _mutables.add(address(newMutable = new Mutable(implementation,data)))

root/src/mutability/Mutator.sol

Lines 34 to 46 in 375b263

	function create(
	IImplementation implementation,
	bytes calldata data
	) public onlyOwner returns (IMutableTransparent newMutable) {
	ShortString name = ShortStrings.toShortString(implementation.name());
	if (_nameToMutable[name] != IMutable(address(0))) revert MutatorMutableAlreadyExists();
	_mutables.add(address(newMutable = new Mutable(implementation, data)));
	_nameToMutable[name] = IMutable(address(newMutable));
	// ensure state of new mutable is consistent with mutator
	if (paused()) IMutable(address(newMutable)).pause();
	}

• ID-13
  Token18Lib.approve(Token18,address) ignores return value by IERC20(Token18.unwrap(self)).approve(grantee,type()(uint256).max)

root/src/token/types/Token18.sol

Lines 43 to 45 in 375b263

	function approve(Token18 self, address grantee) internal {
	IERC20(Token18.unwrap(self)).approve(grantee, type(uint256).max);
	}

incorrect-modifier

Impact: Low
Confidence: High

• ID-14
  Modifier Attribute.initializer(string) does not always execute _; or revert

root/src/attribute/Attribute.sol

Lines 28 to 32 in 375b263

	modifier initializer(string memory attribute) {
	if (!_constructing()) revert AttributeNotConstructing();
	if (!Attribute$().attributes[attribute]) _;
	Attribute$().attributes[attribute] = true;
	}

calls-loop

Impact: Low
Confidence: Medium

• ID-15
  Mutator._unpause() has external calls inside a loop: IMutable(_mutables.at(i)).unpause()
  Calls stack containing the loop:
  Pausable.unpause()

root/src/mutability/Mutator.sol

Lines 62 to 65 in 375b263

	function _unpause() internal override {
	for (uint256 i = 0; i < _mutables.length(); i++) IMutable(_mutables.at(i)).unpause();
	super._unpause();
	}

• ID-16
  Mutator._pause() has external calls inside a loop: IMutable(_mutables.at(i)).pause()
  Calls stack containing the loop:
  Pausable.pause()

root/src/mutability/Mutator.sol

Lines 57 to 60 in 375b263

	function _pause() internal override {
	for (uint256 i = 0; i < _mutables.length(); i++) IMutable(_mutables.at(i)).pause();
	super._pause();
	}

reentrancy-benign

Impact: Low
Confidence: Medium

• ID-17
  Reentrancy in Mutator._pause():
  External calls:
  • IMutable(_mutables.at(i)).pause()
    State variables written after the call(s):
  • super._pause()
    • $ = PausableStorageLocation

root/src/mutability/Mutator.sol

Lines 57 to 60 in 375b263

	function _pause() internal override {
	for (uint256 i = 0; i < _mutables.length(); i++) IMutable(_mutables.at(i)).pause();
	super._pause();
	}

• ID-18
  Reentrancy in Mutator._unpause():
  External calls:
  • IMutable(_mutables.at(i)).unpause()
    State variables written after the call(s):
  • super._unpause()
    • $ = PausableStorageLocation

root/src/mutability/Mutator.sol

Lines 62 to 65 in 375b263

	function _unpause() internal override {
	for (uint256 i = 0; i < _mutables.length(); i++) IMutable(_mutables.at(i)).unpause();
	super._unpause();
	}

• ID-19
  Reentrancy in Mutator.create(IImplementation,bytes):
  External calls:
  • _mutables.add(address(newMutable = new Mutable(implementation,data)))
    State variables written after the call(s):
  • paused()
    • $ = PausableStorageLocation

root/src/mutability/Mutator.sol

Lines 34 to 46 in 375b263

	function create(
	IImplementation implementation,
	bytes calldata data
	) public onlyOwner returns (IMutableTransparent newMutable) {
	ShortString name = ShortStrings.toShortString(implementation.name());
	if (_nameToMutable[name] != IMutable(address(0))) revert MutatorMutableAlreadyExists();
	_mutables.add(address(newMutable = new Mutable(implementation, data)));
	_nameToMutable[name] = IMutable(address(newMutable));
	// ensure state of new mutable is consistent with mutator
	if (paused()) IMutable(address(newMutable)).pause();
	}

reentrancy-events

Impact: Low
Confidence: Medium

• ID-20
  Reentrancy in Mutable._pause():
  External calls:
  • ERC1967Utils.upgradeToAndCall(_pauseTarget,)
    Event emitted after the call(s):
  • Paused()

root/src/mutability/Mutable.sol

Lines 116 to 120 in 375b263

	function _pause() private whenUnpaused {
	Mutable$().paused = _implementation();
	ERC1967Utils.upgradeToAndCall(_pauseTarget, "");
	emit Paused();
	}

• ID-21
  Reentrancy in Mutator._unpause():
  External calls:
  • IMutable(_mutables.at(i)).unpause()
    Event emitted after the call(s):
  • Unpaused()
    • super._unpause()

root/src/mutability/Mutator.sol

Lines 62 to 65 in 375b263

	function _unpause() internal override {
	for (uint256 i = 0; i < _mutables.length(); i++) IMutable(_mutables.at(i)).unpause();
	super._unpause();
	}

• ID-22
  Reentrancy in Mutable._unpause():
  External calls:
  • ERC1967Utils.upgradeToAndCall(Mutable$().paused,)
    Event emitted after the call(s):
  • Unpaused()

root/src/mutability/Mutable.sol

Lines 123 to 127 in 375b263

	function _unpause() private whenPaused {
	ERC1967Utils.upgradeToAndCall(Mutable$().paused, "");
	Mutable$().paused = address(0);
	emit Unpaused();
	}

• ID-23
  Reentrancy in Mutator._pause():
  External calls:
  • IMutable(_mutables.at(i)).pause()
    Event emitted after the call(s):
  • Paused()
    • super._pause()

root/src/mutability/Mutator.sol

Lines 57 to 60 in 375b263

	function _pause() internal override {
	for (uint256 i = 0; i < _mutables.length(); i++) IMutable(_mutables.at(i)).pause();
	super._pause();
	}

dead-code

Impact: Informational
Confidence: Medium

• ID-24
  eq(UFixed18,UFixed18) is never used and should be removed

root/src/number/types/UFixed18.sol

Lines 288 to 290 in 375b263

	function eq(UFixed18 a, UFixed18 b) pure returns (bool) {
	return UFixed18.unwrap(a) == UFixed18.unwrap(b);
	}

• ID-25
  add(Fixed6,Fixed6) is never used and should be removed

root/src/number/types/Fixed6.sol

Lines 295 to 297 in 375b263

	function add(Fixed6 a, Fixed6 b) pure returns (Fixed6) {
	return Fixed6.wrap(Fixed6.unwrap(a) + Fixed6.unwrap(b));
	}

• ID-26
  eq(UFixed6,UFixed6) is never used and should be removed

root/src/number/types/UFixed6.sol

Lines 295 to 297 in 375b263

	function eq(UFixed6 a, UFixed6 b) pure returns (bool) {
	return UFixed6.unwrap(a) == UFixed6.unwrap(b);
	}

• ID-27
  neg(Fixed6) is never used and should be removed

root/src/number/types/Fixed6.sol

Lines 287 to 289 in 375b263

	function neg(Fixed6 a) pure returns (Fixed6) {
	return Fixed6.wrap(-Fixed6.unwrap(a));
	}

• ID-28
  Implementation._constructing() is never used and should be removed

root/src/mutability/Implementation.sol

Lines 69 to 71 in 375b263

	function _constructing() internal view override returns (bool) {
	return Implementation$().constructing;
	}

• ID-29
  add(Fixed18,Fixed18) is never used and should be removed

root/src/number/types/Fixed18.sol

Lines 288 to 290 in 375b263

	function add(Fixed18 a, Fixed18 b) pure returns (Fixed18) {
	return Fixed18.wrap(Fixed18.unwrap(a) + Fixed18.unwrap(b));
	}

• ID-30
  mul(Fixed6,Fixed6) is never used and should be removed

root/src/number/types/Fixed6.sol

Lines 311 to 313 in 375b263

	function mul(Fixed6 a, Fixed6 b) pure returns (Fixed6) {
	return Fixed6.wrap(Fixed6.unwrap(a) * Fixed6.unwrap(b) / Fixed6Lib.BASE);
	}

• ID-31
  eq(Fixed6,Fixed6) is never used and should be removed

root/src/number/types/Fixed6.sol

Lines 327 to 329 in 375b263

	function eq(Fixed6 a, Fixed6 b) pure returns (bool) {
	return Fixed6.unwrap(a) == Fixed6.unwrap(b);
	}

• ID-32
  gt(UFixed6,UFixed6) is never used and should be removed

root/src/number/types/UFixed6.sol

Lines 311 to 314 in 375b263

	function gt(UFixed6 a, UFixed6 b) pure returns (bool) {
	(uint256 au, uint256 bu) = (UFixed6.unwrap(a), UFixed6.unwrap(b));
	return au > bu;
	}

• ID-33
  neq(Fixed6,Fixed6) is never used and should be removed

root/src/number/types/Fixed6.sol

Lines 335 to 337 in 375b263

	function neq(Fixed6 a, Fixed6 b) pure returns (bool) {
	return Fixed6.unwrap(a) != Fixed6.unwrap(b);
	}

• ID-34
  mul(Fixed18,Fixed18) is never used and should be removed

root/src/number/types/Fixed18.sol

Lines 304 to 306 in 375b263

	function mul(Fixed18 a, Fixed18 b) pure returns (Fixed18) {
	return Fixed18.wrap(Fixed18.unwrap(a) * Fixed18.unwrap(b) / Fixed18Lib.BASE);
	}

• ID-35
  gt(Fixed6,Fixed6) is never used and should be removed

root/src/number/types/Fixed6.sol

Lines 343 to 346 in 375b263

	function gt(Fixed6 a, Fixed6 b) pure returns (bool) {
	(int256 au, int256 bu) = (Fixed6.unwrap(a), Fixed6.unwrap(b));
	return au > bu;
	}

• ID-36
  lt(UFixed18,UFixed18) is never used and should be removed

root/src/number/types/UFixed18.sol

Lines 313 to 316 in 375b263

	function lt(UFixed18 a, UFixed18 b) pure returns (bool) {
	(uint256 au, uint256 bu) = (UFixed18.unwrap(a), UFixed18.unwrap(b));
	return au < bu;
	}

• ID-37
  div(UFixed18,UFixed18) is never used and should be removed

root/src/number/types/UFixed18.sol

Lines 280 to 282 in 375b263

	function div(UFixed18 a, UFixed18 b) pure returns (UFixed18) {
	return UFixed18.wrap(UFixed18.unwrap(a) * UFixed18Lib.BASE / UFixed18.unwrap(b));
	}

• ID-38
  gte(UFixed6,UFixed6) is never used and should be removed

root/src/number/types/UFixed6.sol

Lines 329 to 331 in 375b263

	function gte(UFixed6 a, UFixed6 b) pure returns (bool) {
	return eq(a, b) || gt(a, b);
	}

• ID-39
  neg(Fixed18) is never used and should be removed

root/src/number/types/Fixed18.sol

Lines 280 to 282 in 375b263

	function neg(Fixed18 a) pure returns (Fixed18) {
	return Fixed18.wrap(-Fixed18.unwrap(a));
	}

• ID-40
  sub(Fixed6,Fixed6) is never used and should be removed

root/src/number/types/Fixed6.sol

Lines 303 to 305 in 375b263

	function sub(Fixed6 a, Fixed6 b) pure returns (Fixed6) {
	return Fixed6.wrap(Fixed6.unwrap(a) - Fixed6.unwrap(b));
	}

• ID-41
  gte(Fixed6,Fixed6) is never used and should be removed

root/src/number/types/Fixed6.sol

Lines 361 to 363 in 375b263

	function gte(Fixed6 a, Fixed6 b) pure returns (bool) {
	return eq(a, b) || gt(a, b);
	}

• ID-42
  mul(UFixed6,UFixed6) is never used and should be removed

root/src/number/types/UFixed6.sol

Lines 279 to 281 in 375b263

	function mul(UFixed6 a, UFixed6 b) pure returns (UFixed6) {
	return UFixed6.wrap(UFixed6.unwrap(a) * UFixed6.unwrap(b) / UFixed6Lib.BASE);
	}

• ID-43
  lte(Fixed6,Fixed6) is never used and should be removed

root/src/number/types/Fixed6.sol

Lines 369 to 371 in 375b263

	function lte(Fixed6 a, Fixed6 b) pure returns (bool) {
	return eq(a, b) || lt(a, b);
	}

• ID-44
  lte(UFixed18,UFixed18) is never used and should be removed

root/src/number/types/UFixed18.sol

Lines 330 to 332 in 375b263

	function lte(UFixed18 a, UFixed18 b) pure returns (bool) {
	return eq(a, b) || lt(a, b);
	}

• ID-45
  mul(UFixed18,UFixed18) is never used and should be removed

root/src/number/types/UFixed18.sol

Lines 272 to 274 in 375b263

	function mul(UFixed18 a, UFixed18 b) pure returns (UFixed18) {
	return UFixed18.wrap(UFixed18.unwrap(a) * UFixed18.unwrap(b) / UFixed18Lib.BASE);
	}

• ID-46
  lt(Fixed6,Fixed6) is never used and should be removed

root/src/number/types/Fixed6.sol

Lines 352 to 355 in 375b263

	function lt(Fixed6 a, Fixed6 b) pure returns (bool) {
	(int256 au, int256 bu) = (Fixed6.unwrap(a), Fixed6.unwrap(b));
	return au < bu;
	}

• ID-47
  div(Fixed6,Fixed6) is never used and should be removed

root/src/number/types/Fixed6.sol

Lines 319 to 321 in 375b263

	function div(Fixed6 a, Fixed6 b) pure returns (Fixed6) {
	return Fixed6.wrap(Fixed6.unwrap(a) * Fixed6Lib.BASE / Fixed6.unwrap(b));
	}

• ID-48
  neq(UFixed18,UFixed18) is never used and should be removed

root/src/number/types/UFixed18.sol

Lines 296 to 298 in 375b263

	function neq(UFixed18 a, UFixed18 b) pure returns (bool) {
	return UFixed18.unwrap(a) != UFixed18.unwrap(b);
	}

• ID-49
  Implementation._deployer() is never used and should be removed

root/src/mutability/Implementation.sol

Lines 74 to 76 in 375b263

	function _deployer() internal view override returns (address) {
	return IMutator(msg.sender).owner();
	}

• ID-50
  div(Fixed18,Fixed18) is never used and should be removed

root/src/number/types/Fixed18.sol

Lines 312 to 314 in 375b263

	function div(Fixed18 a, Fixed18 b) pure returns (Fixed18) {
	return Fixed18.wrap(Fixed18.unwrap(a) * Fixed18Lib.BASE / Fixed18.unwrap(b));
	}

• ID-51
  lt(UFixed6,UFixed6) is never used and should be removed

root/src/number/types/UFixed6.sol

Lines 320 to 323 in 375b263

	function lt(UFixed6 a, UFixed6 b) pure returns (bool) {
	(uint256 au, uint256 bu) = (UFixed6.unwrap(a), UFixed6.unwrap(b));
	return au < bu;
	}

• ID-52
  lt(Fixed18,Fixed18) is never used and should be removed

root/src/number/types/Fixed18.sol

Lines 345 to 348 in 375b263

	function lt(Fixed18 a, Fixed18 b) pure returns (bool) {
	(int256 au, int256 bu) = (Fixed18.unwrap(a), Fixed18.unwrap(b));
	return au < bu;
	}

• ID-53
  gt(Fixed18,Fixed18) is never used and should be removed

root/src/number/types/Fixed18.sol

Lines 336 to 339 in 375b263

	function gt(Fixed18 a, Fixed18 b) pure returns (bool) {
	(int256 au, int256 bu) = (Fixed18.unwrap(a), Fixed18.unwrap(b));
	return au > bu;
	}

• ID-54
  lte(Fixed18,Fixed18) is never used and should be removed

root/src/number/types/Fixed18.sol

Lines 362 to 364 in 375b263

	function lte(Fixed18 a, Fixed18 b) pure returns (bool) {
	return eq(a, b) || lt(a, b);
	}

• ID-55
  eq(Fixed18,Fixed18) is never used and should be removed

root/src/number/types/Fixed18.sol

Lines 320 to 322 in 375b263

	function eq(Fixed18 a, Fixed18 b) pure returns (bool) {
	return Fixed18.unwrap(a) == Fixed18.unwrap(b);
	}

• ID-56
  sub(UFixed18,UFixed18) is never used and should be removed

root/src/number/types/UFixed18.sol

Lines 264 to 266 in 375b263

	function sub(UFixed18 a, UFixed18 b) pure returns (UFixed18) {
	return UFixed18.wrap(UFixed18.unwrap(a) - UFixed18.unwrap(b));
	}

• ID-57
  neq(UFixed6,UFixed6) is never used and should be removed

root/src/number/types/UFixed6.sol

Lines 303 to 305 in 375b263

	function neq(UFixed6 a, UFixed6 b) pure returns (bool) {
	return UFixed6.unwrap(a) != UFixed6.unwrap(b);
	}

• ID-58
  gt(UFixed18,UFixed18) is never used and should be removed

root/src/number/types/UFixed18.sol

Lines 304 to 307 in 375b263

	function gt(UFixed18 a, UFixed18 b) pure returns (bool) {
	(uint256 au, uint256 bu) = (UFixed18.unwrap(a), UFixed18.unwrap(b));
	return au > bu;
	}

• ID-59
  gte(UFixed18,UFixed18) is never used and should be removed

root/src/number/types/UFixed18.sol

Lines 322 to 324 in 375b263

	function gte(UFixed18 a, UFixed18 b) pure returns (bool) {
	return eq(a, b) || gt(a, b);
	}

• ID-60
  sub(UFixed6,UFixed6) is never used and should be removed

root/src/number/types/UFixed6.sol

Lines 271 to 273 in 375b263

	function sub(UFixed6 a, UFixed6 b) pure returns (UFixed6) {
	return UFixed6.wrap(UFixed6.unwrap(a) - UFixed6.unwrap(b));
	}

• ID-61
  add(UFixed6,UFixed6) is never used and should be removed

root/src/number/types/UFixed6.sol

Lines 263 to 265 in 375b263

	function add(UFixed6 a, UFixed6 b) pure returns (UFixed6) {
	return UFixed6.wrap(UFixed6.unwrap(a) + UFixed6.unwrap(b));
	}

• ID-62
  sub(Fixed18,Fixed18) is never used and should be removed

root/src/number/types/Fixed18.sol

Lines 296 to 298 in 375b263

	function sub(Fixed18 a, Fixed18 b) pure returns (Fixed18) {
	return Fixed18.wrap(Fixed18.unwrap(a) - Fixed18.unwrap(b));
	}

• ID-63
  gte(Fixed18,Fixed18) is never used and should be removed

root/src/number/types/Fixed18.sol

Lines 354 to 356 in 375b263

	function gte(Fixed18 a, Fixed18 b) pure returns (bool) {
	return eq(a, b) || gt(a, b);
	}

• ID-64
  lte(UFixed6,UFixed6) is never used and should be removed

root/src/number/types/UFixed6.sol

Lines 337 to 339 in 375b263

	function lte(UFixed6 a, UFixed6 b) pure returns (bool) {
	return eq(a, b) || lt(a, b);
	}

• ID-65
  div(UFixed6,UFixed6) is never used and should be removed

root/src/number/types/UFixed6.sol

Lines 287 to 289 in 375b263

	function div(UFixed6 a, UFixed6 b) pure returns (UFixed6) {
	return UFixed6.wrap(UFixed6.unwrap(a) * UFixed6Lib.BASE / UFixed6.unwrap(b));
	}

• ID-66
  add(UFixed18,UFixed18) is never used and should be removed

root/src/number/types/UFixed18.sol

Lines 256 to 258 in 375b263

	function add(UFixed18 a, UFixed18 b) pure returns (UFixed18) {
	return UFixed18.wrap(UFixed18.unwrap(a) + UFixed18.unwrap(b));
	}

• ID-67
  neq(Fixed18,Fixed18) is never used and should be removed

root/src/number/types/Fixed18.sol

Lines 328 to 330 in 375b263

	function neq(Fixed18 a, Fixed18 b) pure returns (bool) {
	return Fixed18.unwrap(a) != Fixed18.unwrap(b);
	}

solc-version

Impact: Informational
Confidence: High

• ID-68
  Version constraint ^0.8.13 contains known severe issues (https://solidity.readthedocs.io/en/latest/bugs.html)
  • VerbatimInvalidDeduplication
  • FullInlinerNonExpressionSplitArgumentEvaluationOrder
  • MissingSideEffectsOnSelectorAccess
  • StorageWriteRemovalBeforeConditionalTermination
  • AbiReencodingHeadOverflowWithStaticArrayCleanup
  • DirtyBytesArrayToStorage
  • InlineAssemblyMemorySideEffects
  • DataLocationChangeInInternalOverride
  • NestedCalldataArrayAbiReencodingSizeValidation.
    It is used by:
  • ^0.8.13
  • ^0.8.13
  • ^0.8.13
  • ^0.8.13
  • ^0.8.13
  • ^0.8.13
  • ^0.8.13
  • ^0.8.13
  • ^0.8.13
  • ^0.8.13
  • ^0.8.13
  • ^0.8.13
  • ^0.8.13
  • ^0.8.13
  • ^0.8.13
  • ^0.8.13
  • ^0.8.13
  • ^0.8.13
  • ^0.8.13
  • ^0.8.13
  • ^0.8.13
  • ^0.8.13
  • ^0.8.13
  • ^0.8.13
  • ^0.8.13

root/src/attribute/Attribute.sol

Line 2 in 375b263

pragma solidity ^0.8.13;

• ID-69
  Version constraint ^0.8.19 contains known severe issues (https://solidity.readthedocs.io/en/latest/bugs.html)
  • VerbatimInvalidDeduplication
  • FullInlinerNonExpressionSplitArgumentEvaluationOrder
  • MissingSideEffectsOnSelectorAccess.
    It is used by:
  • ^0.8.19
  • ^0.8.19
  • ^0.8.19

root/src/number/types/Fixed18.sol

Line 2 in 375b263

pragma solidity ^0.8.19;

• ID-70
  Version constraint >=0.8.20 contains known severe issues (https://solidity.readthedocs.io/en/latest/bugs.html)
  • VerbatimInvalidDeduplication
  • FullInlinerNonExpressionSplitArgumentEvaluationOrder
  • MissingSideEffectsOnSelectorAccess.
    It is used by:
  • >=0.8.20
  • >=0.8.20
  • >=0.8.20

root/src/vrgda/VRGDADecayMath.sol

Line 2 in 375b263

pragma solidity >=0.8.20;

missing-inheritance

Impact: Informational
Confidence: High

• ID-71
  OwnableStub should inherit from Contract

root/src/utils/OwnableStub.sol

Lines 9 to 15 in 375b263

	contract OwnableStub {
	/// @notice Accepts ownership of the contract
	/// @dev Can only be called by the pending owner to ensure correctness.
	function acceptOwner(address ownable) external {
	Ownable(ownable).acceptOwner();
	}
	}

• ID-72
  MutablePauseTarget should inherit from Contract

https://github.com/equilibria-xyz/root/blob/375b2632c93ec88ee4105c2889c1bbe496003e9e/src/mutability/Mutable.sol#L138-L143

naming-convention

Impact: Informational
Confidence: High

• ID-73
  Function Pausable.__Pausable__constructor() is not in mixedCase

root/src/attribute/Pausable.sol

Lines 34 to 36 in 375b263

	function __Pausable__constructor() internal initializer("Pausable") {
	_updatePauser(_deployer());
	}

• ID-74
  Function Mutable.Mutable$() is not in mixedCase

root/src/mutability/Mutable.sol

Lines 37 to 41 in 375b263

	function Mutable$() private pure returns (MutableStorage storage $) {
	assembly {
	$.slot := MutableStorageLocation
	}
	}

• ID-75
  Constant Mutable.MutableStorageLocation is not in UPPER_CASE_WITH_UNDERSCORES

root/src/mutability/Mutable.sol

Line 34 in 375b263

bytes32 private constant MutableStorageLocation = 0xb906736fa3fc696e6c19a856e0f8737e348fda5c7f33a32db99da3b92f19a800;

• ID-76
  Constant Ownable.OwnableStorageLocation is not in UPPER_CASE_WITH_UNDERSCORES

root/src/attribute/Ownable.sol

Line 21 in 375b263

bytes32 private constant OwnableStorageLocation = 0x863176706c9b4c9b393005d0714f55de5425abea2a0b5dfac67fac0c9e2ffe00;

• ID-77
  Function Ownable.__Ownable__constructor() is not in mixedCase

root/src/attribute/Ownable.sol

Lines 42 to 44 in 375b263

	function __Ownable__constructor() internal initializer("Ownable") {
	_updateOwner(_deployer());
	}

• ID-78
  Variable Implementation.__self is not in mixedCase

root/src/mutability/Implementation.sol

Line 31 in 375b263

address private immutable __self = address(this);

• ID-79
  Constant Implementation.ImplementationStorageLocation is not in UPPER_CASE_WITH_UNDERSCORES

root/src/mutability/Implementation.sol

Line 21 in 375b263

bytes32 private constant ImplementationStorageLocation = 0x3c57b102c533ff058ebe9a7c745178ce4174563553bb3edde7874874c532c200;

• ID-80
  Function Ownable.Ownable$() is not in mixedCase

root/src/attribute/Ownable.sol

Lines 24 to 28 in 375b263

	function Ownable$() private pure returns (OwnableStorage storage $) {
	assembly {
	$.slot := OwnableStorageLocation
	}
	}

• ID-81
  Function Implementation.Implementation$() is not in mixedCase

root/src/mutability/Implementation.sol

Lines 24 to 28 in 375b263

	function Implementation$() private pure returns (ImplementationStorage storage $) {
	assembly {
	$.slot := ImplementationStorageLocation
	}
	}

• ID-82
  Constant Pausable.PausableStorageLocation is not in UPPER_CASE_WITH_UNDERSCORES

root/src/attribute/Pausable.sol

Line 23 in 375b263

bytes32 private constant PausableStorageLocation = 0x3f6e81f1674f7eaca7e8904fa6f14f10175d4d641e37fc18a3df849e00101900;

• ID-83
  Function Pausable.Pausable$() is not in mixedCase

root/src/attribute/Pausable.sol

Lines 26 to 30 in 375b263

	function Pausable$() private pure returns (PausableStorage storage $) {
	assembly {
	$.slot := PausableStorageLocation
	}
	}

• ID-84
  Function Implementation.__constructor(bytes) is not in mixedCase

root/src/mutability/Implementation.sol

Line 79 in 375b263

function __constructor(bytes memory data) internal virtual returns (string memory);

• ID-85
  Function Attribute.Attribute$() is not in mixedCase

root/src/attribute/Attribute.sol

Lines 20 to 24 in 375b263

	function Attribute$() private pure returns (AttributeStorage storage $) {
	assembly {
	$.slot := AttributeStorageLocation
	}
	}

• ID-86
  Constant Attribute.AttributeStorageLocation is not in UPPER_CASE_WITH_UNDERSCORES

root/src/attribute/Attribute.sol

Line 17 in 375b263

bytes32 private constant AttributeStorageLocation = 0x429797e2de2710eed6bc286312ff2c2286e5c3e13ca14d38e450727a132bfa00;

unimplemented-functions

Impact: Informational
Confidence: High

• ID-87
  Withdrawable does not implement functions:
  • Contract._constructing()
  • Contract._deployer()

root/src/attribute/Withdrawable.sol

Lines 11 to 18 in 375b263

	abstract contract Withdrawable is IWithdrawable, Attribute, Ownable {
	/// @notice Withdraws all ERC20 tokens from the contract to the owner
	/// @dev Can only be called by the owner
	/// @param token Address of the ERC20 token
	function withdraw(Token18 token) public virtual onlyOwner {
	token.push(owner());
	}
	}

• ID-88
  Implementation does not implement functions:
  • Implementation.__constructor(bytes)
  • Implementation.name()

root/src/mutability/Implementation.sol

Lines 13 to 90 in 375b263

	abstract contract Implementation is IImplementation, Contract {
	/// @custom:storage-location erc7201:equilibria.root.Implementation
	struct ImplementationStorage {
	bool constructing;
	}
	/// @dev The erc7201 storage location of the mix-in
	// solhint-disable-next-line const-name-snakecase
	bytes32 private constant ImplementationStorageLocation = 0x3c57b102c533ff058ebe9a7c745178ce4174563553bb3edde7874874c532c200;
	/// @dev The erc7201 storage of the mix-in
	function Implementation$() private pure returns (ImplementationStorage storage $) {
	assembly {
	$.slot := ImplementationStorageLocation
	}
	}
	/// @dev The address of this implementation, used to detect direct (non-proxy) calls.
	address private immutable __self = address(this);
	/// @dev The version of this implementation.
	ShortString private immutable _version;
	/// @dev The version of the predecessor implementation.
	ShortString private immutable _predecessor;
	/// @dev Constructor for the implementation.
	constructor(string memory version_, string memory predecessor_) {
	_version = ShortStrings.toShortString(version_);
	_predecessor = ShortStrings.toShortString(predecessor_);
	}
	/// @dev The name of the implementation.
	function name() external view virtual returns (string memory);
	/// @dev The version of this implementation.
	function version() public view virtual returns (string memory) {
	return ShortStrings.toString(_version);
	}
	/// @dev The version of the predecessor implementation.
	function predecessor() external view virtual returns (string memory) {
	return ShortStrings.toString(_predecessor);
	}
	/// @dev Called at upgrade time to initialize the contract with `data`.
	function construct(bytes memory data) external {
	Implementation$().constructing = true;
	string memory constructorVersion = __constructor(data);
	if (!Strings.equal(constructorVersion, version())) revert ImplementationConstructorVersionMismatch();
	Implementation$().constructing = false;
	}
	/// @dev Whether the contract is initializing.
	function _constructing() internal view override returns (bool) {
	return Implementation$().constructing;
	}
	/// @dev The deployer of the contract.
	function _deployer() internal view override returns (address) {
	return IMutator(msg.sender).owner();
	}
	/// @dev Hook for inheriting contracts to construct the contract.
	function __constructor(bytes memory data) internal virtual returns (string memory);
	/// @dev Blocks direct (non-proxy) calls to the implementation.
	fallback() external payable {
	if (address(this) == __self) revert ImplementationDeniedDirectAccess();
	}
	/// @dev Blocks direct (non-proxy) ETH transfers to the implementation.
	receive() external payable {
	if (address(this) == __self) revert ImplementationDeniedDirectAccess();
	}
	}

• ID-89
  Delegatable does not implement functions:
  • Contract._constructing()
  • Contract._deployer()

root/src/attribute/Delegatable.sol

Lines 12 to 20 in 375b263

	abstract contract Delegatable is IDelegatable, Attribute, Ownable {
	/// @notice Delegates voting power for a specific token to an address
	/// @dev Can only be called by the owner
	/// @param token The IVotes-compatible token to delegate
	/// @param delegatee The address to delegate voting power to
	function delegate(IVotes token, address delegatee) public virtual onlyOwner {
	token.delegate(delegatee);
	}
	}

• ID-90
  Executable does not implement functions:
  • Contract._constructing()
  • Contract._deployer()

root/src/attribute/Executable.sol

Lines 12 to 21 in 375b263

	abstract contract Executable is IExecutable, Attribute, Ownable {
	/// @notice Executes a call to a target contract
	/// @dev Can only be called by the owner
	/// @param target Address of the target contract
	/// @param data Calldata to be executed
	/// @return result The result of the call
	function execute(address target, bytes calldata data) public payable virtual onlyOwner returns (bytes memory) {
	return Address.functionCallWithValue(target, data, msg.value);
	}
	}

unindexed-event-address

Impact: Informational
Confidence: High

• ID-91
  Event IERC1967.AdminChanged(address,address) has address parameters but no indexed parameters