Static Analyzer for Solidity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
slither/tests/detectors/arbitrary-send-erc20/0.4.25/arbitrary_send_erc20.sol

78 lines
2.1 KiB

pragma solidity 0.4.25;
library SafeERC20 {
function safeTransferFrom(IERC20 token, address from, address to, uint256 value) internal {}
}
interface IERC20 {
function transferFrom(address, address, uint256) external returns(bool);
}
contract ERC20 is IERC20 {
function transferFrom(address from, address to, uint256 amount) external returns(bool) {
return true;
}
}
contract C {
using SafeERC20 for IERC20;
IERC20 erc20;
address notsend;
address send;
constructor() public {
erc20 = new ERC20();
notsend = address(0x3);
send = msg.sender;
}
function good1(address to, uint256 am) public {
address from_msgsender = msg.sender;
erc20.transferFrom(from_msgsender, to, am);
}
function bad1(address to, uint256 am) public {
erc20.transferFrom(notsend, to, am);
}
function good2(address to, uint256 am) public {
address from_msgsender = msg.sender;
int_transferFrom(from_msgsender, to, am);
}
// This is not detected
function bad2(address from, address to, uint256 am) public {
int_transferFrom(from, to, am);
}
function int_transferFrom(address from, address to, uint256 amount) internal {
erc20.transferFrom(from, to, amount);
}
function good3(address to, uint256 amount) external {
erc20.safeTransferFrom(msg.sender, to, amount);
}
function bad3(address from, address to, uint256 amount) external {
erc20.safeTransferFrom(from, to, amount);
}
function good4(address to, uint256 amount) external {
SafeERC20.safeTransferFrom(erc20, msg.sender, to, amount);
}
function bad4(address from, address to, uint256 amount) external {
SafeERC20.safeTransferFrom(erc20, from, to, amount);
}
function good5(address to, uint256 amount) external {
SafeERC20.safeTransferFrom(erc20, address(this), to, amount);
}
function good6(address from, address to, uint256 amount) external {
erc20.safeTransferFrom(address(this), to, amount);
}
}