slither/utils/upgradability/compare_variables_order.py

'''
    This utility looks for functions collisions between a proxy and the implementation
    More for information: https://medium.com/nomic-labs-blog/malicious-backdoors-in-ethereum-proxies-62629adf3357
'''

import sys
from slither import Slither
from slither.utils.function import get_function_id
from slither.utils.colors import red, green

if __name__ == "__main__":

    if len(sys.argv) != 5:
        print('Usage: python3 compare_variables_order.py v1.sol Contract1 v2.sol Contract2')

    v1 = Slither(sys.argv[1])
    v2 = Slither(sys.argv[3])

    contract_v1 = v1.get_contract_from_name(sys.argv[2])
    if contract_v1 is None:
        print(red('Contract {} not found'.format(sys.argv[2])))
        exit(-1)

    contract_v2 = v2.get_contract_from_name(sys.argv[4])
    if contract_v2 is None:
        print(red('Contract {} not found'.format(sys.argv[4])))
        exit(-1)


    order_v1 = [(variable.name, variable.type) for variable in contract_v1.state_variables if not variable.is_constant]
    order_v2 = [(variable.name, variable.type) for variable in contract_v2.state_variables if not variable.is_constant]


    found = False
    for idx in range(0, len(order_v1)):
        (v1_name, v1_type) =  order_v1[idx]
        if len(order_v2) < idx:
            print(red('Missing variable in the new version: {} {}'.format(v1_name, v1_type)))
            continue
        (v2_name, v2_type) =  order_v2[idx]

        if (v1_name != v2_name) or (v1_type != v2_type):
            found = True
            print(red('Different variable: {} {} -> {} {}'.format(v1_name,
                                                                  v1_type,
                                                                  v2_name,
                                                                  v2_type)))

    if len(order_v2) > len(order_v1):
        new_variables = order_v2[len(order_v1):]
        for (name, t) in new_variables:
            print(green('New variable: {} {}'.format(name, t)))

    if not found:
        print(green('No error found'))
Add print to show the state variables ordering Add utility to compare the state variables order given two version of a contract 6 years ago			`'''`
			`This utility looks for functions collisions between a proxy and the implementation`
			`More for information: https://medium.com/nomic-labs-blog/malicious-backdoors-in-ethereum-proxies-62629adf3357`
			`'''`

			`import sys`
			`from slither import Slither`
			`from slither.utils.function import get_function_id`
			`from slither.utils.colors import red, green`

			`if __name__ == "__main__":`

			`if len(sys.argv) != 5:`
			`print('Usage: python3 compare_variables_order.py v1.sol Contract1 v2.sol Contract2')`

			`v1 = Slither(sys.argv[1])`
			`v2 = Slither(sys.argv[3])`

			`contract_v1 = v1.get_contract_from_name(sys.argv[2])`
			`if contract_v1 is None:`
			`print(red('Contract {} not found'.format(sys.argv[2])))`
			`exit(-1)`

			`contract_v2 = v2.get_contract_from_name(sys.argv[4])`
			`if contract_v2 is None:`
			`print(red('Contract {} not found'.format(sys.argv[4])))`
			`exit(-1)`


			`order_v1 = [(variable.name, variable.type) for variable in contract_v1.state_variables if not variable.is_constant]`
			`order_v2 = [(variable.name, variable.type) for variable in contract_v2.state_variables if not variable.is_constant]`


			`found = False`
			`for idx in range(0, len(order_v1)):`
			`(v1_name, v1_type) = order_v1[idx]`
			`if len(order_v2) < idx:`
			`print(red('Missing variable in the new version: {} {}'.format(v1_name, v1_type)))`
			`continue`
			`(v2_name, v2_type) = order_v2[idx]`

			`if (v1_name != v2_name) or (v1_type != v2_type):`
			`found = True`
			`print(red('Different variable: {} {} -> {} {}'.format(v1_name,`
			`v1_type,`
			`v2_name,`
			`v2_type)))`

			`if len(order_v2) > len(order_v1):`
			`new_variables = order_v2[len(order_v1):]`
			`for (name, t) in new_variables:`
			`print(green('New variable: {} {}'.format(name, t)))`

			`if not found:`
			`print(green('No error found'))`