Readme.md.mustache

{{> partials/splash}}

[TOC]

<div class="pagebreak"></div>

## Details

- **Client** {{client_name}}
- **Date** {{date}}
- **Lead reviewer** Daniel Luca ([@cleanunicorn](https://twitter.com/cleanunicorn))
- **Reviewers** Daniel Luca ([@cleanunicorn](https://twitter.com/cleanunicorn))
- **Repository**: [{{project_name}}]({{source_repository}})
- **Commit hash** `{{commit_hash}}`
- **Technologies**
  - Solidity

## Issues Summary

{{#issues_overview_image}}
  <p align="center">
      <img align="center" src="{{issues_overview_image}}">
  </p>
{{/issues_overview_image}}

| SEVERITY       |    OPEN    |    CLOSED    |
|----------------|:----------:|:------------:|
{{#issues_summary}}
|  {{severity}}  |  {{open}}  |  {{closed}}  |
{{/issues_summary}}

## Executive summary

This report represents the results of the engagement with **{{client_name}}** to review **{{project_name}}**.

The review was conducted over the course of **{{review_period}}** during **{{date_interval}}**. A total of **{{person_days}} person-days** were spent reviewing the code.

### Project handover

I spent an approximate of 2 hours reviewing the current state of the project and the codebase. I identified a few small issues that would help create a more defensive codebase.

Additionally we discussed some assumptions about the deposit mechanics, specifically if the deposit is sandwitched between transactions that would imbalance the pool substantially.

This time was critical because it allowed us to understand the project and the codebase before starting the review.

### Day 1

I spent the first day reviewing the codebase and the project. I focused on manually reviewing the codebase, searching for security issues such as, but not limited to, re-entrancy problems, transaction ordering, block timestamp dependency, exception handling, call stack depth limitation, integer overflow/underflow, self-destructible contracts, unsecured balance, use of origin, costly gas patterns, architectural problems, code readability.

In parallel, I checked the Balancer V2 implementation to see if it matches the codebase.

### Review handover

We discussed any open questions and issues we found during the review. Each issue that required a change was fixed in a separate commit. Other issues were acknowledged and don't require any code changes.

## Scope

The initial review focused on the [{{project_name}}]({{source_repository}}) repository, identified by the commit hash `{{commit_hash}}`.

I focused on manually reviewing the codebase, searching for security issues such as, but not limited to, re-entrancy problems, transaction ordering, block timestamp dependency, exception handling, call stack depth limitation, integer overflow/underflow, self-destructible contracts, unsecured balance, use of origin, costly gas patterns, architectural problems, code readability.

**Includes:**
- BoycoBurrZap.sol

**Auxiliary but not included:**
- BoycoBurrZap.t.sol

## Recommendations

I identified a few possible general improvements that are not security issues during the review, which will bring value to the developers and the community reviewing and using the product.

## Issues

{{#issues}}

### [{{title}}]({{url}})
![Issue status: {{status}}](https://img.shields.io/static/v1?label=Status&message={{status}}&color={{status_color}}&style=flat-square) ![{{severity}}](https://img.shields.io/static/v1?label=Severity&message={{severity}}&color={{severity_color}}&style=flat-square)

{{{body}}}

---

{{/issues}}

## Artifacts

### Surya

Sūrya is a utility tool for smart contract systems. It provides a number of visual outputs and information about the structure of smart contracts. It also supports querying the function call graph in multiple ways to aid in the manual inspection and control flow analysis of contracts.

#### Graphs

***BoycoBurrZap***

#### Graph

```text
surya graph BoycoBurrZap.sol | dot -Tpng > ./static/BoycoBurrZap_graph.png
```

![BoycoBurrZap Graph](./static/BoycoBurrZap_graph.png)

#### Inheritance

```text
surya inheritance BoycoBurrZap.sol | dot -Tpng > ./static/BoycoBurrZap_inheritance.png
```

![BoycoBurrZap Inheritance](./static/BoycoBurrZap_inheritance.png)

#### UML Diagram

![BoycoBurrZap UML](./static/BoycoBurrZap_uml.png)

#### Describe

```text
➜ surya describe code/src/BoycoBurrZap.sol 
 +  BoycoBurrZap (Ownable)
    - [Pub] <Constructor> #
       - modifiers: Ownable
    - [Pub] whitelist #
       - modifiers: onlyOwner
    - [Pub] revoke #
       - modifiers: onlyOwner
    - [Pub] deposit #
       - modifiers: onlyWhitelisted
    - [Prv] _splitAmounts #
    - [Prv] _getHoneyIndex
    - [Prv] _joinPool #
    - [Int] _asIAsset
    - [Int] _dropBptItem
    - [Int] _computeScalingFactor

 + [Int] IERC20Detailed 
    - [Ext] decimals

 + [Int] IComposableStablePool 
    - [Ext] getScalingFactors
    - [Ext] getBptIndex
    - [Ext] getPoolId
    - [Ext] getVault

 + [Int] IHoneyFactory 
    - [Ext] honey
    - [Ext] mintRates
    - [Ext] mint #

 + [Int] IPSMBondProxy 
    - [Ext] deposit #
```

### Coverage

```text
$ forge coverage
```

### Tests

```text
➜ forge test
[⠊] Compiling...
No files changed, compilation skipped

Ran 8 tests for test/BoycoBurrZap.t.sol:BoycoBurrZapTest
[PASS] test_Fuzz_create_pool_and_deposit(uint256) (runs: 2048, μ: 8172259, ~: 8172260)
[PASS] test_Fuzz_deposit(uint256) (runs: 2048, μ: 895249, ~: 903654)
[PASS] test_Fuzz_deposit_max(uint256) (runs: 2048, μ: 903916, ~: 903916)
[PASS] test_deposit_0() (gas: 11462)
[PASS] test_deposit_max() (gas: 682393)
[PASS] test_pool_ratio_loop_deposit() (gas: 17207952)
[PASS] test_small_deposits() (gas: 325049051)
[PASS] test_whitelisted() (gas: 67170)
Suite result: ok. 8 passed; 0 failed; 0 skipped; finished in 15.49s (39.84s CPU time)

Ran 1 test suite in 15.49s (15.49s CPU time): 8 tests passed, 0 failed, 0 skipped (8 total tests)
```

## License

This report falls under the terms described in the included [LICENSE](./LICENSE).

{{> partials/features}}
<link rel="stylesheet" href="./style/print.css"/>