Archon public report
VaultV2_Demo_Vault
Mantle Mainnet · scan depth deep · generated 6/15/2026, 10:18:47 AM
Risk Score
100
Archon completed a read-only Mantle Mainnet audit of VaultV2_Demo_Vault and found 17 deterministic findings. The highest-priority issue is Reentrancy Eth, with risk score 100/100 based on severity-weighted findings. The withdraw function is vulnerable to reentrancy attacks due to the external call occurring before the state change. Review the recommended fixes and run regression tests before deployment.
Findings
| Severity | Finding | Location | Confidence |
|---|---|---|---|
| high | Reentrancy Eth The withdraw function is vulnerable to reentrancy attacks due to the external call occurring before the state change. | VaultV2_Demo_Vault.sol:27 | 90% |
| low | Reentrancy Events The withdraw function emits an event after an external call, which can lead to misleading event logs in the case of reentrancy. | VaultV2_Demo_Vault.sol:27 | 70% |
| info | Low Level Calls The use of low-level calls can introduce risks if not handled properly. | VaultV2_Demo_Vault.sol:27 | 60% |
| info | Redundant Statements The minAmountOut variable is declared but never used, leading to redundant code. | VaultV2_Demo_Vault.sol:48 | 50% |
| low | Cache Array Length The totalDepositedSlow function uses an unbounded loop to calculate total deposits, which can be gas-wasteful. | VaultV2_Demo_Vault.sol:55 | 40% |
| critical | External value transfer before balance update The contract allows external value transfer before updating the user's balance, which can lead to reentrancy attacks. | VaultV2_Demo_Vault.sol:30 | 90% |
| high | Missing slippage enforcement for swap output The swapWithoutSlippageCheck function does not enforce slippage limits, potentially allowing users to receive less than expected. | VaultV2_Demo_Vault.sol:37 | 80% |
| medium | Unbounded storage iteration can create runaway gas cost The totalDepositedSlow function iterates over an unbounded storage array, which can lead to excessive gas costs. | VaultV2_Demo_Vault.sol:55 | 70% |
| low | Review calldata parameter width The withdraw function's calldata parameter width may be optimized for gas savings. | VaultV2_Demo_Vault.sol:27 | 60% |
| info | Replace long revert string with custom error Long revert strings can be replaced with custom errors for gas optimization. | VaultV2_Demo_Vault.sol:28 | 50% |
| info | Replace long revert string with custom error Replace long revert string with custom error for better gas efficiency. | VaultV2_Demo_Vault.sol:41 | 80% |
| info | Cache repeated storage read Cache repeated storage read to optimize gas usage. | VaultV2_Demo_Vault.sol:18 | 75% |
| info | Use unchecked loop increment where bounded Use unchecked loop increment where bounded to save gas. | VaultV2_Demo_Vault.sol:55 | 70% |
| info | Cache array length before loop Cache array length before loop to optimize gas usage. | VaultV2_Demo_Vault.sol:55 | 75% |
| info | Use != 0 for unsigned non-zero checks Use != 0 for unsigned non-zero checks to optimize gas usage. | VaultV2_Demo_Vault.sol:16 | 70% |
| info | Use != 0 for unsigned non-zero checks Use of '>' for unsigned non-zero checks can be optimized. | VaultV2_Demo_Vault.sol:40 | 80% |
| info | Remove redundant zero initialization Redundant zero initialization in a loop can be removed to optimize gas usage. | VaultV2_Demo_Vault.sol:55 | 70% |