mirror of https://github.com/crytic/slither
Merge pull request #991 from crytic/dev-detector-msg-value-in-loop
Add detector use of msg.value inside a looppull/994/head
Feist Josselin
3 years ago
committed by
GitHub
commit
0e092f6e97
@ -0,0 +1,89 @@ |
||||
from typing import List |
||||
from slither.core.cfg.node import NodeType, Node |
||||
from slither.detectors.abstract_detector import AbstractDetector, DetectorClassification |
||||
from slither.slithir.operations import InternalCall |
||||
from slither.core.declarations import SolidityVariableComposed, Contract |
||||
from slither.utils.output import Output |
||||
|
||||
|
||||
def detect_msg_value_in_loop(contract: Contract) -> List[Node]: |
||||
results: List[Node] = [] |
||||
for f in contract.functions_entry_points: |
||||
if f.is_implemented and f.payable: |
||||
msg_value_in_loop(f.entry_point, 0, [], results) |
||||
return results |
||||
|
||||
|
||||
def msg_value_in_loop( |
||||
node: Node, in_loop_counter: int, visited: List[Node], results: List[Node] |
||||
) -> None: |
||||
if node in visited: |
||||
return |
||||
# shared visited |
||||
visited.append(node) |
||||
|
||||
if node.type == NodeType.STARTLOOP: |
||||
in_loop_counter += 1 |
||||
elif node.type == NodeType.ENDLOOP: |
||||
in_loop_counter -= 1 |
||||
|
||||
for ir in node.all_slithir_operations(): |
||||
if in_loop_counter > 0 and SolidityVariableComposed("msg.value") in ir.read: |
||||
results.append(ir.node) |
||||
if isinstance(ir, (InternalCall)): |
||||
msg_value_in_loop(ir.function.entry_point, in_loop_counter, visited, results) |
||||
|
||||
for son in node.sons: |
||||
msg_value_in_loop(son, in_loop_counter, visited, results) |
||||
|
||||
|
||||
class MsgValueInLoop(AbstractDetector): |
||||
""" |
||||
Detect the use of msg.value inside a loop |
||||
""" |
||||
|
||||
ARGUMENT = "msg-value-loop" |
||||
HELP = "msg.value inside a loop" |
||||
IMPACT = DetectorClassification.HIGH |
||||
CONFIDENCE = DetectorClassification.MEDIUM |
||||
|
||||
WIKI = "https://github.com/crytic/slither/wiki/Detector-Documentation/#msgvalue-inside-a-loop" |
||||
|
||||
WIKI_TITLE = "`msg.value` inside a loop" |
||||
WIKI_DESCRIPTION = "Detect the use of `msg.value` inside a loop." |
||||
|
||||
# region wiki_exploit_scenario |
||||
WIKI_EXPLOIT_SCENARIO = """ |
||||
```solidity |
||||
contract MsgValueInLoop{ |
||||
|
||||
mapping (address => uint256) balances; |
||||
|
||||
function bad(address[] memory receivers) public payable { |
||||
for (uint256 i=0; i < receivers.length; i++) { |
||||
balances[receivers[i]] += msg.value; |
||||
} |
||||
} |
||||
|
||||
} |
||||
``` |
||||
""" |
||||
# endregion wiki_exploit_scenario |
||||
|
||||
WIKI_RECOMMENDATION = """ |
||||
Track msg.value through a local variable and decrease its amount on every iteration/usage. |
||||
""" |
||||
|
||||
def _detect(self) -> List[Output]: |
||||
"""""" |
||||
results: List[Output] = [] |
||||
for c in self.compilation_unit.contracts_derived: |
||||
values = detect_msg_value_in_loop(c) |
||||
for node in values: |
||||
func = node.function |
||||
|
||||
info = [func, " use msg.value in a loop: ", node, "\n"] |
||||
res = self.generate_result(info) |
||||
results.append(res) |
||||
|
||||
return results |
||||
@ -0,0 +1,29 @@ |
||||
contract C{ |
||||
|
||||
mapping (address => uint256) balances; |
||||
|
||||
function bad(address[] memory receivers) public payable { |
||||
for (uint256 i = 0; i < receivers.length; i++) { |
||||
balances[receivers[i]] += msg.value; |
||||
} |
||||
} |
||||
|
||||
function bad2(address[] memory receivers) public payable { |
||||
for (uint256 i = 0; i < receivers.length; i++) { |
||||
bad2_internal(receivers[i]); |
||||
} |
||||
} |
||||
|
||||
function bad2_internal(address a) internal { |
||||
balances[a] += msg.value; |
||||
} |
||||
|
||||
function bad3(address[] memory receivers) public payable { |
||||
for (uint256 i = 0; i < 2; i++) { |
||||
for (uint256 j = 0; j < receivers.length; j++) { |
||||
balances[receivers[j]] += msg.value; |
||||
} |
||||
} |
||||
} |
||||
|
||||
} |
||||
@ -0,0 +1,529 @@ |
||||
[ |
||||
[ |
||||
{ |
||||
"elements": [ |
||||
{ |
||||
"type": "function", |
||||
"name": "bad", |
||||
"source_mapping": { |
||||
"start": 61, |
||||
"length": 179, |
||||
"filename_used": "/GENERIC_PATH", |
||||
"filename_relative": "tests/detectors/msg-value-loop/0.4.25/msg_value_loop.sol", |
||||
"filename_absolute": "/GENERIC_PATH", |
||||
"filename_short": "tests/detectors/msg-value-loop/0.4.25/msg_value_loop.sol", |
||||
"is_dependency": false, |
||||
"lines": [ |
||||
5, |
||||
6, |
||||
7, |
||||
8, |
||||
9 |
||||
], |
||||
"starting_column": 5, |
||||
"ending_column": 6 |
||||
}, |
||||
"type_specific_fields": { |
||||
"parent": { |
||||
"type": "contract", |
||||
"name": "C", |
||||
"source_mapping": { |
||||
"start": 0, |
||||
"length": 763, |
||||
"filename_used": "/GENERIC_PATH", |
||||
"filename_relative": "tests/detectors/msg-value-loop/0.4.25/msg_value_loop.sol", |
||||
"filename_absolute": "/GENERIC_PATH", |
||||
"filename_short": "tests/detectors/msg-value-loop/0.4.25/msg_value_loop.sol", |
||||
"is_dependency": false, |
||||
"lines": [ |
||||
1, |
||||
2, |
||||
3, |
||||
4, |
||||
5, |
||||
6, |
||||
7, |
||||
8, |
||||
9, |
||||
10, |
||||
11, |
||||
12, |
||||
13, |
||||
14, |
||||
15, |
||||
16, |
||||
17, |
||||
18, |
||||
19, |
||||
20, |
||||
21, |
||||
22, |
||||
23, |
||||
24, |
||||
25, |
||||
26, |
||||
27, |
||||
28, |
||||
29, |
||||
30 |
||||
], |
||||
"starting_column": 1, |
||||
"ending_column": 0 |
||||
} |
||||
}, |
||||
"signature": "bad(address[])" |
||||
} |
||||
}, |
||||
{ |
||||
"type": "node", |
||||
"name": "balances[receivers[i]] += msg.value", |
||||
"source_mapping": { |
||||
"start": 188, |
||||
"length": 35, |
||||
"filename_used": "/GENERIC_PATH", |
||||
"filename_relative": "tests/detectors/msg-value-loop/0.4.25/msg_value_loop.sol", |
||||
"filename_absolute": "/GENERIC_PATH", |
||||
"filename_short": "tests/detectors/msg-value-loop/0.4.25/msg_value_loop.sol", |
||||
"is_dependency": false, |
||||
"lines": [ |
||||
7 |
||||
], |
||||
"starting_column": 13, |
||||
"ending_column": 48 |
||||
}, |
||||
"type_specific_fields": { |
||||
"parent": { |
||||
"type": "function", |
||||
"name": "bad", |
||||
"source_mapping": { |
||||
"start": 61, |
||||
"length": 179, |
||||
"filename_used": "/GENERIC_PATH", |
||||
"filename_relative": "tests/detectors/msg-value-loop/0.4.25/msg_value_loop.sol", |
||||
"filename_absolute": "/GENERIC_PATH", |
||||
"filename_short": "tests/detectors/msg-value-loop/0.4.25/msg_value_loop.sol", |
||||
"is_dependency": false, |
||||
"lines": [ |
||||
5, |
||||
6, |
||||
7, |
||||
8, |
||||
9 |
||||
], |
||||
"starting_column": 5, |
||||
"ending_column": 6 |
||||
}, |
||||
"type_specific_fields": { |
||||
"parent": { |
||||
"type": "contract", |
||||
"name": "C", |
||||
"source_mapping": { |
||||
"start": 0, |
||||
"length": 763, |
||||
"filename_used": "/GENERIC_PATH", |
||||
"filename_relative": "tests/detectors/msg-value-loop/0.4.25/msg_value_loop.sol", |
||||
"filename_absolute": "/GENERIC_PATH", |
||||
"filename_short": "tests/detectors/msg-value-loop/0.4.25/msg_value_loop.sol", |
||||
"is_dependency": false, |
||||
"lines": [ |
||||
1, |
||||
2, |
||||
3, |
||||
4, |
||||
5, |
||||
6, |
||||
7, |
||||
8, |
||||
9, |
||||
10, |
||||
11, |
||||
12, |
||||
13, |
||||
14, |
||||
15, |
||||
16, |
||||
17, |
||||
18, |
||||
19, |
||||
20, |
||||
21, |
||||
22, |
||||
23, |
||||
24, |
||||
25, |
||||
26, |
||||
27, |
||||
28, |
||||
29, |
||||
30 |
||||
], |
||||
"starting_column": 1, |
||||
"ending_column": 0 |
||||
} |
||||
}, |
||||
"signature": "bad(address[])" |
||||
} |
||||
} |
||||
} |
||||
} |
||||
], |
||||
"description": "C.bad(address[]) (tests/detectors/msg-value-loop/0.4.25/msg_value_loop.sol#5-9) use msg.value in a loop: balances[receivers[i]] += msg.value (tests/detectors/msg-value-loop/0.4.25/msg_value_loop.sol#7)\n", |
||||
"markdown": "[C.bad(address[])](tests/detectors/msg-value-loop/0.4.25/msg_value_loop.sol#L5-L9) use msg.value in a loop: [balances[receivers[i]] += msg.value](tests/detectors/msg-value-loop/0.4.25/msg_value_loop.sol#L7)\n", |
||||
"first_markdown_element": "tests/detectors/msg-value-loop/0.4.25/msg_value_loop.sol#L5-L9", |
||||
"id": "027924fc305bf0f3b5ac969d0581163babd157c200d89860a2ee0f3f0f32fb9e", |
||||
"check": "msg-value-loop", |
||||
"impact": "High", |
||||
"confidence": "Medium" |
||||
}, |
||||
{ |
||||
"elements": [ |
||||
{ |
||||
"type": "function", |
||||
"name": "bad2_internal", |
||||
"source_mapping": { |
||||
"start": 425, |
||||
"length": 84, |
||||
"filename_used": "/GENERIC_PATH", |
||||
"filename_relative": "tests/detectors/msg-value-loop/0.4.25/msg_value_loop.sol", |
||||
"filename_absolute": "/GENERIC_PATH", |
||||
"filename_short": "tests/detectors/msg-value-loop/0.4.25/msg_value_loop.sol", |
||||
"is_dependency": false, |
||||
"lines": [ |
||||
17, |
||||
18, |
||||
19 |
||||
], |
||||
"starting_column": 5, |
||||
"ending_column": 6 |
||||
}, |
||||
"type_specific_fields": { |
||||
"parent": { |
||||
"type": "contract", |
||||
"name": "C", |
||||
"source_mapping": { |
||||
"start": 0, |
||||
"length": 763, |
||||
"filename_used": "/GENERIC_PATH", |
||||
"filename_relative": "tests/detectors/msg-value-loop/0.4.25/msg_value_loop.sol", |
||||
"filename_absolute": "/GENERIC_PATH", |
||||
"filename_short": "tests/detectors/msg-value-loop/0.4.25/msg_value_loop.sol", |
||||
"is_dependency": false, |
||||
"lines": [ |
||||
1, |
||||
2, |
||||
3, |
||||
4, |
||||
5, |
||||
6, |
||||
7, |
||||
8, |
||||
9, |
||||
10, |
||||
11, |
||||
12, |
||||
13, |
||||
14, |
||||
15, |
||||
16, |
||||
17, |
||||
18, |
||||
19, |
||||
20, |
||||
21, |
||||
22, |
||||
23, |
||||
24, |
||||
25, |
||||
26, |
||||
27, |
||||
28, |
||||
29, |
||||
30 |
||||
], |
||||
"starting_column": 1, |
||||
"ending_column": 0 |
||||
} |
||||
}, |
||||
"signature": "bad2_internal(address)" |
||||
} |
||||
}, |
||||
{ |
||||
"type": "node", |
||||
"name": "balances[a] += msg.value", |
||||
"source_mapping": { |
||||
"start": 478, |
||||
"length": 24, |
||||
"filename_used": "/GENERIC_PATH", |
||||
"filename_relative": "tests/detectors/msg-value-loop/0.4.25/msg_value_loop.sol", |
||||
"filename_absolute": "/GENERIC_PATH", |
||||
"filename_short": "tests/detectors/msg-value-loop/0.4.25/msg_value_loop.sol", |
||||
"is_dependency": false, |
||||
"lines": [ |
||||
18 |
||||
], |
||||
"starting_column": 9, |
||||
"ending_column": 33 |
||||
}, |
||||
"type_specific_fields": { |
||||
"parent": { |
||||
"type": "function", |
||||
"name": "bad2_internal", |
||||
"source_mapping": { |
||||
"start": 425, |
||||
"length": 84, |
||||
"filename_used": "/GENERIC_PATH", |
||||
"filename_relative": "tests/detectors/msg-value-loop/0.4.25/msg_value_loop.sol", |
||||
"filename_absolute": "/GENERIC_PATH", |
||||
"filename_short": "tests/detectors/msg-value-loop/0.4.25/msg_value_loop.sol", |
||||
"is_dependency": false, |
||||
"lines": [ |
||||
17, |
||||
18, |
||||
19 |
||||
], |
||||
"starting_column": 5, |
||||
"ending_column": 6 |
||||
}, |
||||
"type_specific_fields": { |
||||
"parent": { |
||||
"type": "contract", |
||||
"name": "C", |
||||
"source_mapping": { |
||||
"start": 0, |
||||
"length": 763, |
||||
"filename_used": "/GENERIC_PATH", |
||||
"filename_relative": "tests/detectors/msg-value-loop/0.4.25/msg_value_loop.sol", |
||||
"filename_absolute": "/GENERIC_PATH", |
||||
"filename_short": "tests/detectors/msg-value-loop/0.4.25/msg_value_loop.sol", |
||||
"is_dependency": false, |
||||
"lines": [ |
||||
1, |
||||
2, |
||||
3, |
||||
4, |
||||
5, |
||||
6, |
||||
7, |
||||
8, |
||||
9, |
||||
10, |
||||
11, |
||||
12, |
||||
13, |
||||
14, |
||||
15, |
||||
16, |
||||
17, |
||||
18, |
||||
19, |
||||
20, |
||||
21, |
||||
22, |
||||
23, |
||||
24, |
||||
25, |
||||
26, |
||||
27, |
||||
28, |
||||
29, |
||||
30 |
||||
], |
||||
"starting_column": 1, |
||||
"ending_column": 0 |
||||
} |
||||
}, |
||||
"signature": "bad2_internal(address)" |
||||
} |
||||
} |
||||
} |
||||
} |
||||
], |
||||
"description": "C.bad2_internal(address) (tests/detectors/msg-value-loop/0.4.25/msg_value_loop.sol#17-19) use msg.value in a loop: balances[a] += msg.value (tests/detectors/msg-value-loop/0.4.25/msg_value_loop.sol#18)\n", |
||||
"markdown": "[C.bad2_internal(address)](tests/detectors/msg-value-loop/0.4.25/msg_value_loop.sol#L17-L19) use msg.value in a loop: [balances[a] += msg.value](tests/detectors/msg-value-loop/0.4.25/msg_value_loop.sol#L18)\n", |
||||
"first_markdown_element": "tests/detectors/msg-value-loop/0.4.25/msg_value_loop.sol#L17-L19", |
||||
"id": "46e81ee3916dd92be3598ae1c853e34145102f527870dd2eb0409fee047ddc4d", |
||||
"check": "msg-value-loop", |
||||
"impact": "High", |
||||
"confidence": "Medium" |
||||
}, |
||||
{ |
||||
"elements": [ |
||||
{ |
||||
"type": "function", |
||||
"name": "bad3", |
||||
"source_mapping": { |
||||
"start": 515, |
||||
"length": 245, |
||||
"filename_used": "/GENERIC_PATH", |
||||
"filename_relative": "tests/detectors/msg-value-loop/0.4.25/msg_value_loop.sol", |
||||
"filename_absolute": "/GENERIC_PATH", |
||||
"filename_short": "tests/detectors/msg-value-loop/0.4.25/msg_value_loop.sol", |
||||
"is_dependency": false, |
||||
"lines": [ |
||||
21, |
||||
22, |
||||
23, |
||||
24, |
||||
25, |
||||
26, |
||||
27 |
||||
], |
||||
"starting_column": 5, |
||||
"ending_column": 6 |
||||
}, |
||||
"type_specific_fields": { |
||||
"parent": { |
||||
"type": "contract", |
||||
"name": "C", |
||||
"source_mapping": { |
||||
"start": 0, |
||||
"length": 763, |
||||
"filename_used": "/GENERIC_PATH", |
||||
"filename_relative": "tests/detectors/msg-value-loop/0.4.25/msg_value_loop.sol", |
||||
"filename_absolute": "/GENERIC_PATH", |
||||
"filename_short": "tests/detectors/msg-value-loop/0.4.25/msg_value_loop.sol", |
||||
"is_dependency": false, |
||||
"lines": [ |
||||
1, |
||||
2, |
||||
3, |
||||
4, |
||||
5, |
||||
6, |
||||
7, |
||||
8, |
||||
9, |
||||
10, |
||||
11, |
||||
12, |
||||
13, |
||||
14, |
||||
15, |
||||
16, |
||||
17, |
||||
18, |
||||
19, |
||||
20, |
||||
21, |
||||
22, |
||||
23, |
||||
24, |
||||
25, |
||||
26, |
||||
27, |
||||
28, |
||||
29, |
||||
30 |
||||
], |
||||
"starting_column": 1, |
||||
"ending_column": 0 |
||||
} |
||||
}, |
||||
"signature": "bad3(address[])" |
||||
} |
||||
}, |
||||
{ |
||||
"type": "node", |
||||
"name": "balances[receivers[j]] += msg.value", |
||||
"source_mapping": { |
||||
"start": 694, |
||||
"length": 35, |
||||
"filename_used": "/GENERIC_PATH", |
||||
"filename_relative": "tests/detectors/msg-value-loop/0.4.25/msg_value_loop.sol", |
||||
"filename_absolute": "/GENERIC_PATH", |
||||
"filename_short": "tests/detectors/msg-value-loop/0.4.25/msg_value_loop.sol", |
||||
"is_dependency": false, |
||||
"lines": [ |
||||
24 |
||||
], |
||||
"starting_column": 17, |
||||
"ending_column": 52 |
||||
}, |
||||
"type_specific_fields": { |
||||
"parent": { |
||||
"type": "function", |
||||
"name": "bad3", |
||||
"source_mapping": { |
||||
"start": 515, |
||||
"length": 245, |
||||
"filename_used": "/GENERIC_PATH", |
||||
"filename_relative": "tests/detectors/msg-value-loop/0.4.25/msg_value_loop.sol", |
||||
"filename_absolute": "/GENERIC_PATH", |
||||
"filename_short": "tests/detectors/msg-value-loop/0.4.25/msg_value_loop.sol", |
||||
"is_dependency": false, |
||||
"lines": [ |
||||
21, |
||||
22, |
||||
23, |
||||
24, |
||||
25, |
||||
26, |
||||
27 |
||||
], |
||||
"starting_column": 5, |
||||
"ending_column": 6 |
||||
}, |
||||
"type_specific_fields": { |
||||
"parent": { |
||||
"type": "contract", |
||||
"name": "C", |
||||
"source_mapping": { |
||||
"start": 0, |
||||
"length": 763, |
||||
"filename_used": "/GENERIC_PATH", |
||||
"filename_relative": "tests/detectors/msg-value-loop/0.4.25/msg_value_loop.sol", |
||||
"filename_absolute": "/GENERIC_PATH", |
||||
"filename_short": "tests/detectors/msg-value-loop/0.4.25/msg_value_loop.sol", |
||||
"is_dependency": false, |
||||
"lines": [ |
||||
1, |
||||
2, |
||||
3, |
||||
4, |
||||
5, |
||||
6, |
||||
7, |
||||
8, |
||||
9, |
||||
10, |
||||
11, |
||||
12, |
||||
13, |
||||
14, |
||||
15, |
||||
16, |
||||
17, |
||||
18, |
||||
19, |
||||
20, |
||||
21, |
||||
22, |
||||
23, |
||||
24, |
||||
25, |
||||
26, |
||||
27, |
||||
28, |
||||
29, |
||||
30 |
||||
], |
||||
"starting_column": 1, |
||||
"ending_column": 0 |
||||
} |
||||
}, |
||||
"signature": "bad3(address[])" |
||||
} |
||||
} |
||||
} |
||||
} |
||||
], |
||||
"description": "C.bad3(address[]) (tests/detectors/msg-value-loop/0.4.25/msg_value_loop.sol#21-27) use msg.value in a loop: balances[receivers[j]] += msg.value (tests/detectors/msg-value-loop/0.4.25/msg_value_loop.sol#24)\n", |
||||
"markdown": "[C.bad3(address[])](tests/detectors/msg-value-loop/0.4.25/msg_value_loop.sol#L21-L27) use msg.value in a loop: [balances[receivers[j]] += msg.value](tests/detectors/msg-value-loop/0.4.25/msg_value_loop.sol#L24)\n", |
||||
"first_markdown_element": "tests/detectors/msg-value-loop/0.4.25/msg_value_loop.sol#L21-L27", |
||||
"id": "91bc78ce47280ec59296ebb0cf98afb5ede603b3c31025002c1c2ec1b940ad68", |
||||
"check": "msg-value-loop", |
||||
"impact": "High", |
||||
"confidence": "Medium" |
||||
} |
||||
] |
||||
] |
||||
@ -0,0 +1,29 @@ |
||||
contract C{ |
||||
|
||||
mapping (address => uint256) balances; |
||||
|
||||
function bad(address[] memory receivers) public payable { |
||||
for (uint256 i = 0; i < receivers.length; i++) { |
||||
balances[receivers[i]] += msg.value; |
||||
} |
||||
} |
||||
|
||||
function bad2(address[] memory receivers) public payable { |
||||
for (uint256 i = 0; i < receivers.length; i++) { |
||||
bad2_internal(receivers[i]); |
||||
} |
||||
} |
||||
|
||||
function bad2_internal(address a) internal { |
||||
balances[a] += msg.value; |
||||
} |
||||
|
||||
function bad3(address[] memory receivers) public payable { |
||||
for (uint256 i = 0; i < 2; i++) { |
||||
for (uint256 j = 0; j < receivers.length; j++) { |
||||
balances[receivers[j]] += msg.value; |
||||
} |
||||
} |
||||
} |
||||
|
||||
} |
||||
@ -0,0 +1,529 @@ |
||||
[ |
||||
[ |
||||
{ |
||||
"elements": [ |
||||
{ |
||||
"type": "function", |
||||
"name": "bad", |
||||
"source_mapping": { |
||||
"start": 61, |
||||
"length": 179, |
||||
"filename_used": "/GENERIC_PATH", |
||||
"filename_relative": "tests/detectors/msg-value-loop/0.5.16/msg_value_loop.sol", |
||||
"filename_absolute": "/GENERIC_PATH", |
||||
"filename_short": "tests/detectors/msg-value-loop/0.5.16/msg_value_loop.sol", |
||||
"is_dependency": false, |
||||
"lines": [ |
||||
5, |
||||
6, |
||||
7, |
||||
8, |
||||
9 |
||||
], |
||||
"starting_column": 5, |
||||
"ending_column": 6 |
||||
}, |
||||
"type_specific_fields": { |
||||
"parent": { |
||||
"type": "contract", |
||||
"name": "C", |
||||
"source_mapping": { |
||||
"start": 0, |
||||
"length": 763, |
||||
"filename_used": "/GENERIC_PATH", |
||||
"filename_relative": "tests/detectors/msg-value-loop/0.5.16/msg_value_loop.sol", |
||||
"filename_absolute": "/GENERIC_PATH", |
||||
"filename_short": "tests/detectors/msg-value-loop/0.5.16/msg_value_loop.sol", |
||||
"is_dependency": false, |
||||
"lines": [ |
||||
1, |
||||
2, |
||||
3, |
||||
4, |
||||
5, |
||||
6, |
||||
7, |
||||
8, |
||||
9, |
||||
10, |
||||
11, |
||||
12, |
||||
13, |
||||
14, |
||||
15, |
||||
16, |
||||
17, |
||||
18, |
||||
19, |
||||
20, |
||||
21, |
||||
22, |
||||
23, |
||||
24, |
||||
25, |
||||
26, |
||||
27, |
||||
28, |
||||
29, |
||||
30 |
||||
], |
||||
"starting_column": 1, |
||||
"ending_column": 0 |
||||
} |
||||
}, |
||||
"signature": "bad(address[])" |
||||
} |
||||
}, |
||||
{ |
||||
"type": "node", |
||||
"name": "balances[receivers[i]] += msg.value", |
||||
"source_mapping": { |
||||
"start": 188, |
||||
"length": 35, |
||||
"filename_used": "/GENERIC_PATH", |
||||
"filename_relative": "tests/detectors/msg-value-loop/0.5.16/msg_value_loop.sol", |
||||
"filename_absolute": "/GENERIC_PATH", |
||||
"filename_short": "tests/detectors/msg-value-loop/0.5.16/msg_value_loop.sol", |
||||
"is_dependency": false, |
||||
"lines": [ |
||||
7 |
||||
], |
||||
"starting_column": 13, |
||||
"ending_column": 48 |
||||
}, |
||||
"type_specific_fields": { |
||||
"parent": { |
||||
"type": "function", |
||||
"name": "bad", |
||||
"source_mapping": { |
||||
"start": 61, |
||||
"length": 179, |
||||
"filename_used": "/GENERIC_PATH", |
||||
"filename_relative": "tests/detectors/msg-value-loop/0.5.16/msg_value_loop.sol", |
||||
"filename_absolute": "/GENERIC_PATH", |
||||
"filename_short": "tests/detectors/msg-value-loop/0.5.16/msg_value_loop.sol", |
||||
"is_dependency": false, |
||||
"lines": [ |
||||
5, |
||||
6, |
||||
7, |
||||
8, |
||||
9 |
||||
], |
||||
"starting_column": 5, |
||||
"ending_column": 6 |
||||
}, |
||||
"type_specific_fields": { |
||||
"parent": { |
||||
"type": "contract", |
||||
"name": "C", |
||||
"source_mapping": { |
||||
"start": 0, |
||||
"length": 763, |
||||
"filename_used": "/GENERIC_PATH", |
||||
"filename_relative": "tests/detectors/msg-value-loop/0.5.16/msg_value_loop.sol", |
||||
"filename_absolute": "/GENERIC_PATH", |
||||
"filename_short": "tests/detectors/msg-value-loop/0.5.16/msg_value_loop.sol", |
||||
"is_dependency": false, |
||||
"lines": [ |
||||
1, |
||||
2, |
||||
3, |
||||
4, |
||||
5, |
||||
6, |
||||
7, |
||||
8, |
||||
9, |
||||
10, |
||||
11, |
||||
12, |
||||
13, |
||||
14, |
||||
15, |
||||
16, |
||||
17, |
||||
18, |
||||
19, |
||||
20, |
||||
21, |
||||
22, |
||||
23, |
||||
24, |
||||
25, |
||||
26, |
||||
27, |
||||
28, |
||||
29, |
||||
30 |
||||
], |
||||
"starting_column": 1, |
||||
"ending_column": 0 |
||||
} |
||||
}, |
||||
"signature": "bad(address[])" |
||||
} |
||||
} |
||||
} |
||||
} |
||||
], |
||||
"description": "C.bad(address[]) (tests/detectors/msg-value-loop/0.5.16/msg_value_loop.sol#5-9) use msg.value in a loop: balances[receivers[i]] += msg.value (tests/detectors/msg-value-loop/0.5.16/msg_value_loop.sol#7)\n", |
||||
"markdown": "[C.bad(address[])](tests/detectors/msg-value-loop/0.5.16/msg_value_loop.sol#L5-L9) use msg.value in a loop: [balances[receivers[i]] += msg.value](tests/detectors/msg-value-loop/0.5.16/msg_value_loop.sol#L7)\n", |
||||
"first_markdown_element": "tests/detectors/msg-value-loop/0.5.16/msg_value_loop.sol#L5-L9", |
||||
"id": "73184041d050abe4e838c17a866f4b56dcb249488d85eecf48cde8eaad21511a", |
||||
"check": "msg-value-loop", |
||||
"impact": "High", |
||||
"confidence": "Medium" |
||||
}, |
||||
{ |
||||
"elements": [ |
||||
{ |
||||
"type": "function", |
||||
"name": "bad2_internal", |
||||
"source_mapping": { |
||||
"start": 425, |
||||
"length": 84, |
||||
"filename_used": "/GENERIC_PATH", |
||||
"filename_relative": "tests/detectors/msg-value-loop/0.5.16/msg_value_loop.sol", |
||||
"filename_absolute": "/GENERIC_PATH", |
||||
"filename_short": "tests/detectors/msg-value-loop/0.5.16/msg_value_loop.sol", |
||||
"is_dependency": false, |
||||
"lines": [ |
||||
17, |
||||
18, |
||||
19 |
||||
], |
||||
"starting_column": 5, |
||||
"ending_column": 6 |
||||
}, |
||||
"type_specific_fields": { |
||||
"parent": { |
||||
"type": "contract", |
||||
"name": "C", |
||||
"source_mapping": { |
||||
"start": 0, |
||||
"length": 763, |
||||
"filename_used": "/GENERIC_PATH", |
||||
"filename_relative": "tests/detectors/msg-value-loop/0.5.16/msg_value_loop.sol", |
||||
"filename_absolute": "/GENERIC_PATH", |
||||
"filename_short": "tests/detectors/msg-value-loop/0.5.16/msg_value_loop.sol", |
||||
"is_dependency": false, |
||||
"lines": [ |
||||
1, |
||||
2, |
||||
3, |
||||
4, |
||||
5, |
||||
6, |
||||
7, |
||||
8, |
||||
9, |
||||
10, |
||||
11, |
||||
12, |
||||
13, |
||||
14, |
||||
15, |
||||
16, |
||||
17, |
||||
18, |
||||
19, |
||||
20, |
||||
21, |
||||
22, |
||||
23, |
||||
24, |
||||
25, |
||||
26, |
||||
27, |
||||
28, |
||||
29, |
||||
30 |
||||
], |
||||
"starting_column": 1, |
||||
"ending_column": 0 |
||||
} |
||||
}, |
||||
"signature": "bad2_internal(address)" |
||||
} |
||||
}, |
||||
{ |
||||
"type": "node", |
||||
"name": "balances[a] += msg.value", |
||||
"source_mapping": { |
||||
"start": 478, |
||||
"length": 24, |
||||
"filename_used": "/GENERIC_PATH", |
||||
"filename_relative": "tests/detectors/msg-value-loop/0.5.16/msg_value_loop.sol", |
||||
"filename_absolute": "/GENERIC_PATH", |
||||
"filename_short": "tests/detectors/msg-value-loop/0.5.16/msg_value_loop.sol", |
||||
"is_dependency": false, |
||||
"lines": [ |
||||
18 |
||||
], |
||||
"starting_column": 9, |
||||
"ending_column": 33 |
||||
}, |
||||
"type_specific_fields": { |
||||
"parent": { |
||||
"type": "function", |
||||
"name": "bad2_internal", |
||||
"source_mapping": { |
||||
"start": 425, |
||||
"length": 84, |
||||
"filename_used": "/GENERIC_PATH", |
||||
"filename_relative": "tests/detectors/msg-value-loop/0.5.16/msg_value_loop.sol", |
||||
"filename_absolute": "/GENERIC_PATH", |
||||
"filename_short": "tests/detectors/msg-value-loop/0.5.16/msg_value_loop.sol", |
||||
"is_dependency": false, |
||||
"lines": [ |
||||
17, |
||||
18, |
||||
19 |
||||
], |
||||
"starting_column": 5, |
||||
"ending_column": 6 |
||||
}, |
||||
"type_specific_fields": { |
||||
"parent": { |
||||
"type": "contract", |
||||
"name": "C", |
||||
"source_mapping": { |
||||
"start": 0, |
||||
"length": 763, |
||||
"filename_used": "/GENERIC_PATH", |
||||
"filename_relative": "tests/detectors/msg-value-loop/0.5.16/msg_value_loop.sol", |
||||
"filename_absolute": "/GENERIC_PATH", |
||||
"filename_short": "tests/detectors/msg-value-loop/0.5.16/msg_value_loop.sol", |
||||
"is_dependency": false, |
||||
"lines": [ |
||||
1, |
||||
2, |
||||
3, |
||||
4, |
||||
5, |
||||
6, |
||||
7, |
||||
8, |
||||
9, |
||||
10, |
||||
11, |
||||
12, |
||||
13, |
||||
14, |
||||
15, |
||||
16, |
||||
17, |
||||
18, |
||||
19, |
||||
20, |
||||
21, |
||||
22, |
||||
23, |
||||
24, |
||||
25, |
||||
26, |
||||
27, |
||||
28, |
||||
29, |
||||
30 |
||||
], |
||||
"starting_column": 1, |
||||
"ending_column": 0 |
||||
} |
||||
}, |
||||
"signature": "bad2_internal(address)" |
||||
} |
||||
} |
||||
} |
||||
} |
||||
], |
||||
"description": "C.bad2_internal(address) (tests/detectors/msg-value-loop/0.5.16/msg_value_loop.sol#17-19) use msg.value in a loop: balances[a] += msg.value (tests/detectors/msg-value-loop/0.5.16/msg_value_loop.sol#18)\n", |
||||
"markdown": "[C.bad2_internal(address)](tests/detectors/msg-value-loop/0.5.16/msg_value_loop.sol#L17-L19) use msg.value in a loop: [balances[a] += msg.value](tests/detectors/msg-value-loop/0.5.16/msg_value_loop.sol#L18)\n", |
||||
"first_markdown_element": "tests/detectors/msg-value-loop/0.5.16/msg_value_loop.sol#L17-L19", |
||||
"id": "a7decdca7d1ca27f92038a6a0d1ee3899fe523fef53329f4bdd976040fe05fd4", |
||||
"check": "msg-value-loop", |
||||
"impact": "High", |
||||
"confidence": "Medium" |
||||
}, |
||||
{ |
||||
"elements": [ |
||||
{ |
||||
"type": "function", |
||||
"name": "bad3", |
||||
"source_mapping": { |
||||
"start": 515, |
||||
"length": 245, |
||||
"filename_used": "/GENERIC_PATH", |
||||
"filename_relative": "tests/detectors/msg-value-loop/0.5.16/msg_value_loop.sol", |
||||
"filename_absolute": "/GENERIC_PATH", |
||||
"filename_short": "tests/detectors/msg-value-loop/0.5.16/msg_value_loop.sol", |
||||
"is_dependency": false, |
||||
"lines": [ |
||||
21, |
||||
22, |
||||
23, |
||||
24, |
||||
25, |
||||
26, |
||||
27 |
||||
], |
||||
"starting_column": 5, |
||||
"ending_column": 6 |
||||
}, |
||||
"type_specific_fields": { |
||||
"parent": { |
||||
"type": "contract", |
||||
"name": "C", |
||||
"source_mapping": { |
||||
"start": 0, |
||||
"length": 763, |
||||
"filename_used": "/GENERIC_PATH", |
||||
"filename_relative": "tests/detectors/msg-value-loop/0.5.16/msg_value_loop.sol", |
||||
"filename_absolute": "/GENERIC_PATH", |
||||
"filename_short": "tests/detectors/msg-value-loop/0.5.16/msg_value_loop.sol", |
||||
"is_dependency": false, |
||||
"lines": [ |
||||
1, |
||||
2, |
||||
3, |
||||
4, |
||||
5, |
||||
6, |
||||
7, |
||||
8, |
||||
9, |
||||
10, |
||||
11, |
||||
12, |
||||
13, |
||||
14, |
||||
15, |
||||
16, |
||||
17, |
||||
18, |
||||
19, |
||||
20, |
||||
21, |
||||
22, |
||||
23, |
||||
24, |
||||
25, |
||||
26, |
||||
27, |
||||
28, |
||||
29, |
||||
30 |
||||
], |
||||
"starting_column": 1, |
||||
"ending_column": 0 |
||||
} |
||||
}, |
||||
"signature": "bad3(address[])" |
||||
} |
||||
}, |
||||
{ |
||||
"type": "node", |
||||
"name": "balances[receivers[j]] += msg.value", |
||||
"source_mapping": { |
||||
"start": 694, |
||||
"length": 35, |
||||
"filename_used": "/GENERIC_PATH", |
||||
"filename_relative": "tests/detectors/msg-value-loop/0.5.16/msg_value_loop.sol", |
||||
"filename_absolute": "/GENERIC_PATH", |
||||
"filename_short": "tests/detectors/msg-value-loop/0.5.16/msg_value_loop.sol", |
||||
"is_dependency": false, |
||||
"lines": [ |
||||
24 |
||||
], |
||||
"starting_column": 17, |
||||
"ending_column": 52 |
||||
}, |
||||
"type_specific_fields": { |
||||
"parent": { |
||||
"type": "function", |
||||
"name": "bad3", |
||||
"source_mapping": { |
||||
"start": 515, |
||||
"length": 245, |
||||
"filename_used": "/GENERIC_PATH", |
||||
"filename_relative": "tests/detectors/msg-value-loop/0.5.16/msg_value_loop.sol", |
||||
"filename_absolute": "/GENERIC_PATH", |
||||
"filename_short": "tests/detectors/msg-value-loop/0.5.16/msg_value_loop.sol", |
||||
"is_dependency": false, |
||||
"lines": [ |
||||
21, |
||||
22, |
||||
23, |
||||
24, |
||||
25, |
||||
26, |
||||
27 |
||||
], |
||||
"starting_column": 5, |
||||
"ending_column": 6 |
||||
}, |
||||
"type_specific_fields": { |
||||
"parent": { |
||||
"type": "contract", |
||||
"name": "C", |
||||
"source_mapping": { |
||||
"start": 0, |
||||
"length": 763, |
||||
"filename_used": "/GENERIC_PATH", |
||||
"filename_relative": "tests/detectors/msg-value-loop/0.5.16/msg_value_loop.sol", |
||||
"filename_absolute": "/GENERIC_PATH", |
||||
"filename_short": "tests/detectors/msg-value-loop/0.5.16/msg_value_loop.sol", |
||||
"is_dependency": false, |
||||
"lines": [ |
||||
1, |
||||
2, |
||||
3, |
||||
4, |
||||
5, |
||||
6, |
||||
7, |
||||
8, |
||||
9, |
||||
10, |
||||
11, |
||||
12, |
||||
13, |
||||
14, |
||||
15, |
||||
16, |
||||
17, |
||||
18, |
||||
19, |
||||
20, |
||||
21, |
||||
22, |
||||
23, |
||||
24, |
||||
25, |
||||
26, |
||||
27, |
||||
28, |
||||
29, |
||||
30 |
||||
], |
||||
"starting_column": 1, |
||||
"ending_column": 0 |
||||
} |
||||
}, |
||||
"signature": "bad3(address[])" |
||||
} |
||||
} |
||||
} |
||||
} |
||||
], |
||||
"description": "C.bad3(address[]) (tests/detectors/msg-value-loop/0.5.16/msg_value_loop.sol#21-27) use msg.value in a loop: balances[receivers[j]] += msg.value (tests/detectors/msg-value-loop/0.5.16/msg_value_loop.sol#24)\n", |
||||
"markdown": "[C.bad3(address[])](tests/detectors/msg-value-loop/0.5.16/msg_value_loop.sol#L21-L27) use msg.value in a loop: [balances[receivers[j]] += msg.value](tests/detectors/msg-value-loop/0.5.16/msg_value_loop.sol#L24)\n", |
||||
"first_markdown_element": "tests/detectors/msg-value-loop/0.5.16/msg_value_loop.sol#L21-L27", |
||||
"id": "e8b65da4e14be1243f400e5b4e656c10d7e360391ecdc376848c2c25c257f593", |
||||
"check": "msg-value-loop", |
||||
"impact": "High", |
||||
"confidence": "Medium" |
||||
} |
||||
] |
||||
] |
||||
@ -0,0 +1,29 @@ |
||||
contract C{ |
||||
|
||||
mapping (address => uint256) balances; |
||||
|
||||
function bad(address[] memory receivers) public payable { |
||||
for (uint256 i = 0; i < receivers.length; i++) { |
||||
balances[receivers[i]] += msg.value; |
||||
} |
||||
} |
||||
|
||||
function bad2(address[] memory receivers) public payable { |
||||
for (uint256 i = 0; i < receivers.length; i++) { |
||||
bad2_internal(receivers[i]); |
||||
} |
||||
} |
||||
|
||||
function bad2_internal(address a) internal { |
||||
balances[a] += msg.value; |
||||
} |
||||
|
||||
function bad3(address[] memory receivers) public payable { |
||||
for (uint256 i = 0; i < 2; i++) { |
||||
for (uint256 j = 0; j < receivers.length; j++) { |
||||
balances[receivers[j]] += msg.value; |
||||
} |
||||
} |
||||
} |
||||
|
||||
} |
||||
@ -0,0 +1,529 @@ |
||||
[ |
||||
[ |
||||
{ |
||||
"elements": [ |
||||
{ |
||||
"type": "function", |
||||
"name": "bad", |
||||
"source_mapping": { |
||||
"start": 61, |
||||
"length": 179, |
||||
"filename_used": "/GENERIC_PATH", |
||||
"filename_relative": "tests/detectors/msg-value-loop/0.6.11/msg_value_loop.sol", |
||||
"filename_absolute": "/GENERIC_PATH", |
||||
"filename_short": "tests/detectors/msg-value-loop/0.6.11/msg_value_loop.sol", |
||||
"is_dependency": false, |
||||
"lines": [ |
||||
5, |
||||
6, |
||||
7, |
||||
8, |
||||
9 |
||||
], |
||||
"starting_column": 5, |
||||
"ending_column": 6 |
||||
}, |
||||
"type_specific_fields": { |
||||
"parent": { |
||||
"type": "contract", |
||||
"name": "C", |
||||
"source_mapping": { |
||||
"start": 0, |
||||
"length": 763, |
||||
"filename_used": "/GENERIC_PATH", |
||||
"filename_relative": "tests/detectors/msg-value-loop/0.6.11/msg_value_loop.sol", |
||||
"filename_absolute": "/GENERIC_PATH", |
||||
"filename_short": "tests/detectors/msg-value-loop/0.6.11/msg_value_loop.sol", |
||||
"is_dependency": false, |
||||
"lines": [ |
||||
1, |
||||
2, |
||||
3, |
||||
4, |
||||
5, |
||||
6, |
||||
7, |
||||
8, |
||||
9, |
||||
10, |
||||
11, |
||||
12, |
||||
13, |
||||
14, |
||||
15, |
||||
16, |
||||
17, |
||||
18, |
||||
19, |
||||
20, |
||||
21, |
||||
22, |
||||
23, |
||||
24, |
||||
25, |
||||
26, |
||||
27, |
||||
28, |
||||
29, |
||||
30 |
||||
], |
||||
"starting_column": 1, |
||||
"ending_column": 0 |
||||
} |
||||
}, |
||||
"signature": "bad(address[])" |
||||
} |
||||
}, |
||||
{ |
||||
"type": "node", |
||||
"name": "balances[receivers[i]] += msg.value", |
||||
"source_mapping": { |
||||
"start": 188, |
||||
"length": 35, |
||||
"filename_used": "/GENERIC_PATH", |
||||
"filename_relative": "tests/detectors/msg-value-loop/0.6.11/msg_value_loop.sol", |
||||
"filename_absolute": "/GENERIC_PATH", |
||||
"filename_short": "tests/detectors/msg-value-loop/0.6.11/msg_value_loop.sol", |
||||
"is_dependency": false, |
||||
"lines": [ |
||||
7 |
||||
], |
||||
"starting_column": 13, |
||||
"ending_column": 48 |
||||
}, |
||||
"type_specific_fields": { |
||||
"parent": { |
||||
"type": "function", |
||||
"name": "bad", |
||||
"source_mapping": { |
||||
"start": 61, |
||||
"length": 179, |
||||
"filename_used": "/GENERIC_PATH", |
||||
"filename_relative": "tests/detectors/msg-value-loop/0.6.11/msg_value_loop.sol", |
||||
"filename_absolute": "/GENERIC_PATH", |
||||
"filename_short": "tests/detectors/msg-value-loop/0.6.11/msg_value_loop.sol", |
||||
"is_dependency": false, |
||||
"lines": [ |
||||
5, |
||||
6, |
||||
7, |
||||
8, |
||||
9 |
||||
], |
||||
"starting_column": 5, |
||||
"ending_column": 6 |
||||
}, |
||||
"type_specific_fields": { |
||||
"parent": { |
||||
"type": "contract", |
||||
"name": "C", |
||||
"source_mapping": { |
||||
"start": 0, |
||||
"length": 763, |
||||
"filename_used": "/GENERIC_PATH", |
||||
"filename_relative": "tests/detectors/msg-value-loop/0.6.11/msg_value_loop.sol", |
||||
"filename_absolute": "/GENERIC_PATH", |
||||
"filename_short": "tests/detectors/msg-value-loop/0.6.11/msg_value_loop.sol", |
||||
"is_dependency": false, |
||||
"lines": [ |
||||
1, |
||||
2, |
||||
3, |
||||
4, |
||||
5, |
||||
6, |
||||
7, |
||||
8, |
||||
9, |
||||
10, |
||||
11, |
||||
12, |
||||
13, |
||||
14, |
||||
15, |
||||
16, |
||||
17, |
||||
18, |
||||
19, |
||||
20, |
||||
21, |
||||
22, |
||||
23, |
||||
24, |
||||
25, |
||||
26, |
||||
27, |
||||
28, |
||||
29, |
||||
30 |
||||
], |
||||
"starting_column": 1, |
||||
"ending_column": 0 |
||||
} |
||||
}, |
||||
"signature": "bad(address[])" |
||||
} |
||||
} |
||||
} |
||||
} |
||||
], |
||||
"description": "C.bad(address[]) (tests/detectors/msg-value-loop/0.6.11/msg_value_loop.sol#5-9) use msg.value in a loop: balances[receivers[i]] += msg.value (tests/detectors/msg-value-loop/0.6.11/msg_value_loop.sol#7)\n", |
||||
"markdown": "[C.bad(address[])](tests/detectors/msg-value-loop/0.6.11/msg_value_loop.sol#L5-L9) use msg.value in a loop: [balances[receivers[i]] += msg.value](tests/detectors/msg-value-loop/0.6.11/msg_value_loop.sol#L7)\n", |
||||
"first_markdown_element": "tests/detectors/msg-value-loop/0.6.11/msg_value_loop.sol#L5-L9", |
||||
"id": "b8e2b147c51a880dc38a635915a0511954ade8ffeab3efd16e389a370e0c0b1b", |
||||
"check": "msg-value-loop", |
||||
"impact": "High", |
||||
"confidence": "Medium" |
||||
}, |
||||
{ |
||||
"elements": [ |
||||
{ |
||||
"type": "function", |
||||
"name": "bad2_internal", |
||||
"source_mapping": { |
||||
"start": 425, |
||||
"length": 84, |
||||
"filename_used": "/GENERIC_PATH", |
||||
"filename_relative": "tests/detectors/msg-value-loop/0.6.11/msg_value_loop.sol", |
||||
"filename_absolute": "/GENERIC_PATH", |
||||
"filename_short": "tests/detectors/msg-value-loop/0.6.11/msg_value_loop.sol", |
||||
"is_dependency": false, |
||||
"lines": [ |
||||
17, |
||||
18, |
||||
19 |
||||
], |
||||
"starting_column": 5, |
||||
"ending_column": 6 |
||||
}, |
||||
"type_specific_fields": { |
||||
"parent": { |
||||
"type": "contract", |
||||
"name": "C", |
||||
"source_mapping": { |
||||
"start": 0, |
||||
"length": 763, |
||||
"filename_used": "/GENERIC_PATH", |
||||
"filename_relative": "tests/detectors/msg-value-loop/0.6.11/msg_value_loop.sol", |
||||
"filename_absolute": "/GENERIC_PATH", |
||||
"filename_short": "tests/detectors/msg-value-loop/0.6.11/msg_value_loop.sol", |
||||
"is_dependency": false, |
||||
"lines": [ |
||||
1, |
||||
2, |
||||
3, |
||||
4, |
||||
5, |
||||
6, |
||||
7, |
||||
8, |
||||
9, |
||||
10, |
||||
11, |
||||
12, |
||||
13, |
||||
14, |
||||
15, |
||||
16, |
||||
17, |
||||
18, |
||||
19, |
||||
20, |
||||
21, |
||||
22, |
||||
23, |
||||
24, |
||||
25, |
||||
26, |
||||
27, |
||||
28, |
||||
29, |
||||
30 |
||||
], |
||||
"starting_column": 1, |
||||
"ending_column": 0 |
||||
} |
||||
}, |
||||
"signature": "bad2_internal(address)" |
||||
} |
||||
}, |
||||
{ |
||||
"type": "node", |
||||
"name": "balances[a] += msg.value", |
||||
"source_mapping": { |
||||
"start": 478, |
||||
"length": 24, |
||||
"filename_used": "/GENERIC_PATH", |
||||
"filename_relative": "tests/detectors/msg-value-loop/0.6.11/msg_value_loop.sol", |
||||
"filename_absolute": "/GENERIC_PATH", |
||||
"filename_short": "tests/detectors/msg-value-loop/0.6.11/msg_value_loop.sol", |
||||
"is_dependency": false, |
||||
"lines": [ |
||||
18 |
||||
], |
||||
"starting_column": 9, |
||||
"ending_column": 33 |
||||
}, |
||||
"type_specific_fields": { |
||||
"parent": { |
||||
"type": "function", |
||||
"name": "bad2_internal", |
||||
"source_mapping": { |
||||
"start": 425, |
||||
"length": 84, |
||||
"filename_used": "/GENERIC_PATH", |
||||
"filename_relative": "tests/detectors/msg-value-loop/0.6.11/msg_value_loop.sol", |
||||
"filename_absolute": "/GENERIC_PATH", |
||||
"filename_short": "tests/detectors/msg-value-loop/0.6.11/msg_value_loop.sol", |
||||
"is_dependency": false, |
||||
"lines": [ |
||||
17, |
||||
18, |
||||
19 |
||||
], |
||||
"starting_column": 5, |
||||
"ending_column": 6 |
||||
}, |
||||
"type_specific_fields": { |
||||
"parent": { |
||||
"type": "contract", |
||||
"name": "C", |
||||
"source_mapping": { |
||||
"start": 0, |
||||
"length": 763, |
||||
"filename_used": "/GENERIC_PATH", |
||||
"filename_relative": "tests/detectors/msg-value-loop/0.6.11/msg_value_loop.sol", |
||||
"filename_absolute": "/GENERIC_PATH", |
||||
"filename_short": "tests/detectors/msg-value-loop/0.6.11/msg_value_loop.sol", |
||||
"is_dependency": false, |
||||
"lines": [ |
||||
1, |
||||
2, |
||||
3, |
||||
4, |
||||
5, |
||||
6, |
||||
7, |
||||
8, |
||||
9, |
||||
10, |
||||
11, |
||||
12, |
||||
13, |
||||
14, |
||||
15, |
||||
16, |
||||
17, |
||||
18, |
||||
19, |
||||
20, |
||||
21, |
||||
22, |
||||
23, |
||||
24, |
||||
25, |
||||
26, |
||||
27, |
||||
28, |
||||
29, |
||||
30 |
||||
], |
||||
"starting_column": 1, |
||||
"ending_column": 0 |
||||
} |
||||
}, |
||||
"signature": "bad2_internal(address)" |
||||
} |
||||
} |
||||
} |
||||
} |
||||
], |
||||
"description": "C.bad2_internal(address) (tests/detectors/msg-value-loop/0.6.11/msg_value_loop.sol#17-19) use msg.value in a loop: balances[a] += msg.value (tests/detectors/msg-value-loop/0.6.11/msg_value_loop.sol#18)\n", |
||||
"markdown": "[C.bad2_internal(address)](tests/detectors/msg-value-loop/0.6.11/msg_value_loop.sol#L17-L19) use msg.value in a loop: [balances[a] += msg.value](tests/detectors/msg-value-loop/0.6.11/msg_value_loop.sol#L18)\n", |
||||
"first_markdown_element": "tests/detectors/msg-value-loop/0.6.11/msg_value_loop.sol#L17-L19", |
||||
"id": "84b39e0706b72e42b4cf069a649c5825e35ed842871350cc064c8123396b6f96", |
||||
"check": "msg-value-loop", |
||||
"impact": "High", |
||||
"confidence": "Medium" |
||||
}, |
||||
{ |
||||
"elements": [ |
||||
{ |
||||
"type": "function", |
||||
"name": "bad3", |
||||
"source_mapping": { |
||||
"start": 515, |
||||
"length": 245, |
||||
"filename_used": "/GENERIC_PATH", |
||||
"filename_relative": "tests/detectors/msg-value-loop/0.6.11/msg_value_loop.sol", |
||||
"filename_absolute": "/GENERIC_PATH", |
||||
"filename_short": "tests/detectors/msg-value-loop/0.6.11/msg_value_loop.sol", |
||||
"is_dependency": false, |
||||
"lines": [ |
||||
21, |
||||
22, |
||||
23, |
||||
24, |
||||
25, |
||||
26, |
||||
27 |
||||
], |
||||
"starting_column": 5, |
||||
"ending_column": 6 |
||||
}, |
||||
"type_specific_fields": { |
||||
"parent": { |
||||
"type": "contract", |
||||
"name": "C", |
||||
"source_mapping": { |
||||
"start": 0, |
||||
"length": 763, |
||||
"filename_used": "/GENERIC_PATH", |
||||
"filename_relative": "tests/detectors/msg-value-loop/0.6.11/msg_value_loop.sol", |
||||
"filename_absolute": "/GENERIC_PATH", |
||||
"filename_short": "tests/detectors/msg-value-loop/0.6.11/msg_value_loop.sol", |
||||
"is_dependency": false, |
||||
"lines": [ |
||||
1, |
||||
2, |
||||
3, |
||||
4, |
||||
5, |
||||
6, |
||||
7, |
||||
8, |
||||
9, |
||||
10, |
||||
11, |
||||
12, |
||||
13, |
||||
14, |
||||
15, |
||||
16, |
||||
17, |
||||
18, |
||||
19, |
||||
20, |
||||
21, |
||||
22, |
||||
23, |
||||
24, |
||||
25, |
||||
26, |
||||
27, |
||||
28, |
||||
29, |
||||
30 |
||||
], |
||||
"starting_column": 1, |
||||
"ending_column": 0 |
||||
} |
||||
}, |
||||
"signature": "bad3(address[])" |
||||
} |
||||
}, |
||||
{ |
||||
"type": "node", |
||||
"name": "balances[receivers[j]] += msg.value", |
||||
"source_mapping": { |
||||
"start": 694, |
||||
"length": 35, |
||||
"filename_used": "/GENERIC_PATH", |
||||
"filename_relative": "tests/detectors/msg-value-loop/0.6.11/msg_value_loop.sol", |
||||
"filename_absolute": "/GENERIC_PATH", |
||||
"filename_short": "tests/detectors/msg-value-loop/0.6.11/msg_value_loop.sol", |
||||
"is_dependency": false, |
||||
"lines": [ |
||||
24 |
||||
], |
||||
"starting_column": 17, |
||||
"ending_column": 52 |
||||
}, |
||||
"type_specific_fields": { |
||||
"parent": { |
||||
"type": "function", |
||||
"name": "bad3", |
||||
"source_mapping": { |
||||
"start": 515, |
||||
"length": 245, |
||||
"filename_used": "/GENERIC_PATH", |
||||
"filename_relative": "tests/detectors/msg-value-loop/0.6.11/msg_value_loop.sol", |
||||
"filename_absolute": "/GENERIC_PATH", |
||||
"filename_short": "tests/detectors/msg-value-loop/0.6.11/msg_value_loop.sol", |
||||
"is_dependency": false, |
||||
"lines": [ |
||||
21, |
||||
22, |
||||
23, |
||||
24, |
||||
25, |
||||
26, |
||||
27 |
||||
], |
||||
"starting_column": 5, |
||||
"ending_column": 6 |
||||
}, |
||||
"type_specific_fields": { |
||||
"parent": { |
||||
"type": "contract", |
||||
"name": "C", |
||||
"source_mapping": { |
||||
"start": 0, |
||||
"length": 763, |
||||
"filename_used": "/GENERIC_PATH", |
||||
"filename_relative": "tests/detectors/msg-value-loop/0.6.11/msg_value_loop.sol", |
||||
"filename_absolute": "/GENERIC_PATH", |
||||
"filename_short": "tests/detectors/msg-value-loop/0.6.11/msg_value_loop.sol", |
||||
"is_dependency": false, |
||||
"lines": [ |
||||
1, |
||||
2, |
||||
3, |
||||
4, |
||||
5, |
||||
6, |
||||
7, |
||||
8, |
||||
9, |
||||
10, |
||||
11, |
||||
12, |
||||
13, |
||||
14, |
||||
15, |
||||
16, |
||||
17, |
||||
18, |
||||
19, |
||||
20, |
||||
21, |
||||
22, |
||||
23, |
||||
24, |
||||
25, |
||||
26, |
||||
27, |
||||
28, |
||||
29, |
||||
30 |
||||
], |
||||
"starting_column": 1, |
||||
"ending_column": 0 |
||||
} |
||||
}, |
||||
"signature": "bad3(address[])" |
||||
} |
||||
} |
||||
} |
||||
} |
||||
], |
||||
"description": "C.bad3(address[]) (tests/detectors/msg-value-loop/0.6.11/msg_value_loop.sol#21-27) use msg.value in a loop: balances[receivers[j]] += msg.value (tests/detectors/msg-value-loop/0.6.11/msg_value_loop.sol#24)\n", |
||||
"markdown": "[C.bad3(address[])](tests/detectors/msg-value-loop/0.6.11/msg_value_loop.sol#L21-L27) use msg.value in a loop: [balances[receivers[j]] += msg.value](tests/detectors/msg-value-loop/0.6.11/msg_value_loop.sol#L24)\n", |
||||
"first_markdown_element": "tests/detectors/msg-value-loop/0.6.11/msg_value_loop.sol#L21-L27", |
||||
"id": "d89c600adf6767e1270ee5b760bf2e5917e9f27aa77c86f956b55a883552bb0d", |
||||
"check": "msg-value-loop", |
||||
"impact": "High", |
||||
"confidence": "Medium" |
||||
} |
||||
] |
||||
] |
||||
@ -0,0 +1,29 @@ |
||||
contract C{ |
||||
|
||||
mapping (address => uint256) balances; |
||||
|
||||
function bad(address[] memory receivers) public payable { |
||||
for (uint256 i = 0; i < receivers.length; i++) { |
||||
balances[receivers[i]] += msg.value; |
||||
} |
||||
} |
||||
|
||||
function bad2(address[] memory receivers) public payable { |
||||
for (uint256 i = 0; i < receivers.length; i++) { |
||||
bad2_internal(receivers[i]); |
||||
} |
||||
} |
||||
|
||||
function bad2_internal(address a) internal { |
||||
balances[a] += msg.value; |
||||
} |
||||
|
||||
function bad3(address[] memory receivers) public payable { |
||||
for (uint256 i = 0; i < 2; i++) { |
||||
for (uint256 j = 0; j < receivers.length; j++) { |
||||
balances[receivers[j]] += msg.value; |
||||
} |
||||
} |
||||
} |
||||
|
||||
} |
||||
@ -0,0 +1,529 @@ |
||||
[ |
||||
[ |
||||
{ |
||||
"elements": [ |
||||
{ |
||||
"type": "function", |
||||
"name": "bad", |
||||
"source_mapping": { |
||||
"start": 61, |
||||
"length": 179, |
||||
"filename_used": "/GENERIC_PATH", |
||||
"filename_relative": "tests/detectors/msg-value-loop/0.7.6/msg_value_loop.sol", |
||||
"filename_absolute": "/GENERIC_PATH", |
||||
"filename_short": "tests/detectors/msg-value-loop/0.7.6/msg_value_loop.sol", |
||||
"is_dependency": false, |
||||
"lines": [ |
||||
5, |
||||
6, |
||||
7, |
||||
8, |
||||
9 |
||||
], |
||||
"starting_column": 5, |
||||
"ending_column": 6 |
||||
}, |
||||
"type_specific_fields": { |
||||
"parent": { |
||||
"type": "contract", |
||||
"name": "C", |
||||
"source_mapping": { |
||||
"start": 0, |
||||
"length": 763, |
||||
"filename_used": "/GENERIC_PATH", |
||||
"filename_relative": "tests/detectors/msg-value-loop/0.7.6/msg_value_loop.sol", |
||||
"filename_absolute": "/GENERIC_PATH", |
||||
"filename_short": "tests/detectors/msg-value-loop/0.7.6/msg_value_loop.sol", |
||||
"is_dependency": false, |
||||
"lines": [ |
||||
1, |
||||
2, |
||||
3, |
||||
4, |
||||
5, |
||||
6, |
||||
7, |
||||
8, |
||||
9, |
||||
10, |
||||
11, |
||||
12, |
||||
13, |
||||
14, |
||||
15, |
||||
16, |
||||
17, |
||||
18, |
||||
19, |
||||
20, |
||||
21, |
||||
22, |
||||
23, |
||||
24, |
||||
25, |
||||
26, |
||||
27, |
||||
28, |
||||
29, |
||||
30 |
||||
], |
||||
"starting_column": 1, |
||||
"ending_column": 0 |
||||
} |
||||
}, |
||||
"signature": "bad(address[])" |
||||
} |
||||
}, |
||||
{ |
||||
"type": "node", |
||||
"name": "balances[receivers[i]] += msg.value", |
||||
"source_mapping": { |
||||
"start": 188, |
||||
"length": 35, |
||||
"filename_used": "/GENERIC_PATH", |
||||
"filename_relative": "tests/detectors/msg-value-loop/0.7.6/msg_value_loop.sol", |
||||
"filename_absolute": "/GENERIC_PATH", |
||||
"filename_short": "tests/detectors/msg-value-loop/0.7.6/msg_value_loop.sol", |
||||
"is_dependency": false, |
||||
"lines": [ |
||||
7 |
||||
], |
||||
"starting_column": 13, |
||||
"ending_column": 48 |
||||
}, |
||||
"type_specific_fields": { |
||||
"parent": { |
||||
"type": "function", |
||||
"name": "bad", |
||||
"source_mapping": { |
||||
"start": 61, |
||||
"length": 179, |
||||
"filename_used": "/GENERIC_PATH", |
||||
"filename_relative": "tests/detectors/msg-value-loop/0.7.6/msg_value_loop.sol", |
||||
"filename_absolute": "/GENERIC_PATH", |
||||
"filename_short": "tests/detectors/msg-value-loop/0.7.6/msg_value_loop.sol", |
||||
"is_dependency": false, |
||||
"lines": [ |
||||
5, |
||||
6, |
||||
7, |
||||
8, |
||||
9 |
||||
], |
||||
"starting_column": 5, |
||||
"ending_column": 6 |
||||
}, |
||||
"type_specific_fields": { |
||||
"parent": { |
||||
"type": "contract", |
||||
"name": "C", |
||||
"source_mapping": { |
||||
"start": 0, |
||||
"length": 763, |
||||
"filename_used": "/GENERIC_PATH", |
||||
"filename_relative": "tests/detectors/msg-value-loop/0.7.6/msg_value_loop.sol", |
||||
"filename_absolute": "/GENERIC_PATH", |
||||
"filename_short": "tests/detectors/msg-value-loop/0.7.6/msg_value_loop.sol", |
||||
"is_dependency": false, |
||||
"lines": [ |
||||
1, |
||||
2, |
||||
3, |
||||
4, |
||||
5, |
||||
6, |
||||
7, |
||||
8, |
||||
9, |
||||
10, |
||||
11, |
||||
12, |
||||
13, |
||||
14, |
||||
15, |
||||
16, |
||||
17, |
||||
18, |
||||
19, |
||||
20, |
||||
21, |
||||
22, |
||||
23, |
||||
24, |
||||
25, |
||||
26, |
||||
27, |
||||
28, |
||||
29, |
||||
30 |
||||
], |
||||
"starting_column": 1, |
||||
"ending_column": 0 |
||||
} |
||||
}, |
||||
"signature": "bad(address[])" |
||||
} |
||||
} |
||||
} |
||||
} |
||||
], |
||||
"description": "C.bad(address[]) (tests/detectors/msg-value-loop/0.7.6/msg_value_loop.sol#5-9) use msg.value in a loop: balances[receivers[i]] += msg.value (tests/detectors/msg-value-loop/0.7.6/msg_value_loop.sol#7)\n", |
||||
"markdown": "[C.bad(address[])](tests/detectors/msg-value-loop/0.7.6/msg_value_loop.sol#L5-L9) use msg.value in a loop: [balances[receivers[i]] += msg.value](tests/detectors/msg-value-loop/0.7.6/msg_value_loop.sol#L7)\n", |
||||
"first_markdown_element": "tests/detectors/msg-value-loop/0.7.6/msg_value_loop.sol#L5-L9", |
||||
"id": "fd0c2f6abecbecd689c995b2cd3c30c9f1bd3763e34f4d5cb91788604f8ec3da", |
||||
"check": "msg-value-loop", |
||||
"impact": "High", |
||||
"confidence": "Medium" |
||||
}, |
||||
{ |
||||
"elements": [ |
||||
{ |
||||
"type": "function", |
||||
"name": "bad2_internal", |
||||
"source_mapping": { |
||||
"start": 425, |
||||
"length": 84, |
||||
"filename_used": "/GENERIC_PATH", |
||||
"filename_relative": "tests/detectors/msg-value-loop/0.7.6/msg_value_loop.sol", |
||||
"filename_absolute": "/GENERIC_PATH", |
||||
"filename_short": "tests/detectors/msg-value-loop/0.7.6/msg_value_loop.sol", |
||||
"is_dependency": false, |
||||
"lines": [ |
||||
17, |
||||
18, |
||||
19 |
||||
], |
||||
"starting_column": 5, |
||||
"ending_column": 6 |
||||
}, |
||||
"type_specific_fields": { |
||||
"parent": { |
||||
"type": "contract", |
||||
"name": "C", |
||||
"source_mapping": { |
||||
"start": 0, |
||||
"length": 763, |
||||
"filename_used": "/GENERIC_PATH", |
||||
"filename_relative": "tests/detectors/msg-value-loop/0.7.6/msg_value_loop.sol", |
||||
"filename_absolute": "/GENERIC_PATH", |
||||
"filename_short": "tests/detectors/msg-value-loop/0.7.6/msg_value_loop.sol", |
||||
"is_dependency": false, |
||||
"lines": [ |
||||
1, |
||||
2, |
||||
3, |
||||
4, |
||||
5, |
||||
6, |
||||
7, |
||||
8, |
||||
9, |
||||
10, |
||||
11, |
||||
12, |
||||
13, |
||||
14, |
||||
15, |
||||
16, |
||||
17, |
||||
18, |
||||
19, |
||||
20, |
||||
21, |
||||
22, |
||||
23, |
||||
24, |
||||
25, |
||||
26, |
||||
27, |
||||
28, |
||||
29, |
||||
30 |
||||
], |
||||
"starting_column": 1, |
||||
"ending_column": 0 |
||||
} |
||||
}, |
||||
"signature": "bad2_internal(address)" |
||||
} |
||||
}, |
||||
{ |
||||
"type": "node", |
||||
"name": "balances[a] += msg.value", |
||||
"source_mapping": { |
||||
"start": 478, |
||||
"length": 24, |
||||
"filename_used": "/GENERIC_PATH", |
||||
"filename_relative": "tests/detectors/msg-value-loop/0.7.6/msg_value_loop.sol", |
||||
"filename_absolute": "/GENERIC_PATH", |
||||
"filename_short": "tests/detectors/msg-value-loop/0.7.6/msg_value_loop.sol", |
||||
"is_dependency": false, |
||||
"lines": [ |
||||
18 |
||||
], |
||||
"starting_column": 9, |
||||
"ending_column": 33 |
||||
}, |
||||
"type_specific_fields": { |
||||
"parent": { |
||||
"type": "function", |
||||
"name": "bad2_internal", |
||||
"source_mapping": { |
||||
"start": 425, |
||||
"length": 84, |
||||
"filename_used": "/GENERIC_PATH", |
||||
"filename_relative": "tests/detectors/msg-value-loop/0.7.6/msg_value_loop.sol", |
||||
"filename_absolute": "/GENERIC_PATH", |
||||
"filename_short": "tests/detectors/msg-value-loop/0.7.6/msg_value_loop.sol", |
||||
"is_dependency": false, |
||||
"lines": [ |
||||
17, |
||||
18, |
||||
19 |
||||
], |
||||
"starting_column": 5, |
||||
"ending_column": 6 |
||||
}, |
||||
"type_specific_fields": { |
||||
"parent": { |
||||
"type": "contract", |
||||
"name": "C", |
||||
"source_mapping": { |
||||
"start": 0, |
||||
"length": 763, |
||||
"filename_used": "/GENERIC_PATH", |
||||
"filename_relative": "tests/detectors/msg-value-loop/0.7.6/msg_value_loop.sol", |
||||
"filename_absolute": "/GENERIC_PATH", |
||||
"filename_short": "tests/detectors/msg-value-loop/0.7.6/msg_value_loop.sol", |
||||
"is_dependency": false, |
||||
"lines": [ |
||||
1, |
||||
2, |
||||
3, |
||||
4, |
||||
5, |
||||
6, |
||||
7, |
||||
8, |
||||
9, |
||||
10, |
||||
11, |
||||
12, |
||||
13, |
||||
14, |
||||
15, |
||||
16, |
||||
17, |
||||
18, |
||||
19, |
||||
20, |
||||
21, |
||||
22, |
||||
23, |
||||
24, |
||||
25, |
||||
26, |
||||
27, |
||||
28, |
||||
29, |
||||
30 |
||||
], |
||||
"starting_column": 1, |
||||
"ending_column": 0 |
||||
} |
||||
}, |
||||
"signature": "bad2_internal(address)" |
||||
} |
||||
} |
||||
} |
||||
} |
||||
], |
||||
"description": "C.bad2_internal(address) (tests/detectors/msg-value-loop/0.7.6/msg_value_loop.sol#17-19) use msg.value in a loop: balances[a] += msg.value (tests/detectors/msg-value-loop/0.7.6/msg_value_loop.sol#18)\n", |
||||
"markdown": "[C.bad2_internal(address)](tests/detectors/msg-value-loop/0.7.6/msg_value_loop.sol#L17-L19) use msg.value in a loop: [balances[a] += msg.value](tests/detectors/msg-value-loop/0.7.6/msg_value_loop.sol#L18)\n", |
||||
"first_markdown_element": "tests/detectors/msg-value-loop/0.7.6/msg_value_loop.sol#L17-L19", |
||||
"id": "0fd3ac1c8051090ec1fe86fa9e1e5f8e7381d8eef3f252fede8dc3bb07e87104", |
||||
"check": "msg-value-loop", |
||||
"impact": "High", |
||||
"confidence": "Medium" |
||||
}, |
||||
{ |
||||
"elements": [ |
||||
{ |
||||
"type": "function", |
||||
"name": "bad3", |
||||
"source_mapping": { |
||||
"start": 515, |
||||
"length": 245, |
||||
"filename_used": "/GENERIC_PATH", |
||||
"filename_relative": "tests/detectors/msg-value-loop/0.7.6/msg_value_loop.sol", |
||||
"filename_absolute": "/GENERIC_PATH", |
||||
"filename_short": "tests/detectors/msg-value-loop/0.7.6/msg_value_loop.sol", |
||||
"is_dependency": false, |
||||
"lines": [ |
||||
21, |
||||
22, |
||||
23, |
||||
24, |
||||
25, |
||||
26, |
||||
27 |
||||
], |
||||
"starting_column": 5, |
||||
"ending_column": 6 |
||||
}, |
||||
"type_specific_fields": { |
||||
"parent": { |
||||
"type": "contract", |
||||
"name": "C", |
||||
"source_mapping": { |
||||
"start": 0, |
||||
"length": 763, |
||||
"filename_used": "/GENERIC_PATH", |
||||
"filename_relative": "tests/detectors/msg-value-loop/0.7.6/msg_value_loop.sol", |
||||
"filename_absolute": "/GENERIC_PATH", |
||||
"filename_short": "tests/detectors/msg-value-loop/0.7.6/msg_value_loop.sol", |
||||
"is_dependency": false, |
||||
"lines": [ |
||||
1, |
||||
2, |
||||
3, |
||||
4, |
||||
5, |
||||
6, |
||||
7, |
||||
8, |
||||
9, |
||||
10, |
||||
11, |
||||
12, |
||||
13, |
||||
14, |
||||
15, |
||||
16, |
||||
17, |
||||
18, |
||||
19, |
||||
20, |
||||
21, |
||||
22, |
||||
23, |
||||
24, |
||||
25, |
||||
26, |
||||
27, |
||||
28, |
||||
29, |
||||
30 |
||||
], |
||||
"starting_column": 1, |
||||
"ending_column": 0 |
||||
} |
||||
}, |
||||
"signature": "bad3(address[])" |
||||
} |
||||
}, |
||||
{ |
||||
"type": "node", |
||||
"name": "balances[receivers[j]] += msg.value", |
||||
"source_mapping": { |
||||
"start": 694, |
||||
"length": 35, |
||||
"filename_used": "/GENERIC_PATH", |
||||
"filename_relative": "tests/detectors/msg-value-loop/0.7.6/msg_value_loop.sol", |
||||
"filename_absolute": "/GENERIC_PATH", |
||||
"filename_short": "tests/detectors/msg-value-loop/0.7.6/msg_value_loop.sol", |
||||
"is_dependency": false, |
||||
"lines": [ |
||||
24 |
||||
], |
||||
"starting_column": 17, |
||||
"ending_column": 52 |
||||
}, |
||||
"type_specific_fields": { |
||||
"parent": { |
||||
"type": "function", |
||||
"name": "bad3", |
||||
"source_mapping": { |
||||
"start": 515, |
||||
"length": 245, |
||||
"filename_used": "/GENERIC_PATH", |
||||
"filename_relative": "tests/detectors/msg-value-loop/0.7.6/msg_value_loop.sol", |
||||
"filename_absolute": "/GENERIC_PATH", |
||||
"filename_short": "tests/detectors/msg-value-loop/0.7.6/msg_value_loop.sol", |
||||
"is_dependency": false, |
||||
"lines": [ |
||||
21, |
||||
22, |
||||
23, |
||||
24, |
||||
25, |
||||
26, |
||||
27 |
||||
], |
||||
"starting_column": 5, |
||||
"ending_column": 6 |
||||
}, |
||||
"type_specific_fields": { |
||||
"parent": { |
||||
"type": "contract", |
||||
"name": "C", |
||||
"source_mapping": { |
||||
"start": 0, |
||||
"length": 763, |
||||
"filename_used": "/GENERIC_PATH", |
||||
"filename_relative": "tests/detectors/msg-value-loop/0.7.6/msg_value_loop.sol", |
||||
"filename_absolute": "/GENERIC_PATH", |
||||
"filename_short": "tests/detectors/msg-value-loop/0.7.6/msg_value_loop.sol", |
||||
"is_dependency": false, |
||||
"lines": [ |
||||
1, |
||||
2, |
||||
3, |
||||
4, |
||||
5, |
||||
6, |
||||
7, |
||||
8, |
||||
9, |
||||
10, |
||||
11, |
||||
12, |
||||
13, |
||||
14, |
||||
15, |
||||
16, |
||||
17, |
||||
18, |
||||
19, |
||||
20, |
||||
21, |
||||
22, |
||||
23, |
||||
24, |
||||
25, |
||||
26, |
||||
27, |
||||
28, |
||||
29, |
||||
30 |
||||
], |
||||
"starting_column": 1, |
||||
"ending_column": 0 |
||||
} |
||||
}, |
||||
"signature": "bad3(address[])" |
||||
} |
||||
} |
||||
} |
||||
} |
||||
], |
||||
"description": "C.bad3(address[]) (tests/detectors/msg-value-loop/0.7.6/msg_value_loop.sol#21-27) use msg.value in a loop: balances[receivers[j]] += msg.value (tests/detectors/msg-value-loop/0.7.6/msg_value_loop.sol#24)\n", |
||||
"markdown": "[C.bad3(address[])](tests/detectors/msg-value-loop/0.7.6/msg_value_loop.sol#L21-L27) use msg.value in a loop: [balances[receivers[j]] += msg.value](tests/detectors/msg-value-loop/0.7.6/msg_value_loop.sol#L24)\n", |
||||
"first_markdown_element": "tests/detectors/msg-value-loop/0.7.6/msg_value_loop.sol#L21-L27", |
||||
"id": "9a021823637092277317750625e1f63b1b6f4b394a5dd1fdde50088af8d9e805", |
||||
"check": "msg-value-loop", |
||||
"impact": "High", |
||||
"confidence": "Medium" |
||||
} |
||||
] |
||||
] |
||||
@ -0,0 +1,29 @@ |
||||
contract C{ |
||||
|
||||
mapping (address => uint256) balances; |
||||
|
||||
function bad(address[] memory receivers) public payable { |
||||
for (uint256 i = 0; i < receivers.length; i++) { |
||||
balances[receivers[i]] += msg.value; |
||||
} |
||||
} |
||||
|
||||
function bad2(address[] memory receivers) public payable { |
||||
for (uint256 i = 0; i < receivers.length; i++) { |
||||
bad2_internal(receivers[i]); |
||||
} |
||||
} |
||||
|
||||
function bad2_internal(address a) internal { |
||||
balances[a] += msg.value; |
||||
} |
||||
|
||||
function bad3(address[] memory receivers) public payable { |
||||
for (uint256 i = 0; i < 2; i++) { |
||||
for (uint256 j = 0; j < receivers.length; j++) { |
||||
balances[receivers[j]] += msg.value; |
||||
} |
||||
} |
||||
} |
||||
|
||||
} |
||||
@ -0,0 +1,529 @@ |
||||
[ |
||||
[ |
||||
{ |
||||
"elements": [ |
||||
{ |
||||
"type": "function", |
||||
"name": "bad", |
||||
"source_mapping": { |
||||
"start": 61, |
||||
"length": 179, |
||||
"filename_used": "/GENERIC_PATH", |
||||
"filename_relative": "tests/detectors/msg-value-loop/0.8.0/msg_value_loop.sol", |
||||
"filename_absolute": "/GENERIC_PATH", |
||||
"filename_short": "tests/detectors/msg-value-loop/0.8.0/msg_value_loop.sol", |
||||
"is_dependency": false, |
||||
"lines": [ |
||||
5, |
||||
6, |
||||
7, |
||||
8, |
||||
9 |
||||
], |
||||
"starting_column": 5, |
||||
"ending_column": 6 |
||||
}, |
||||
"type_specific_fields": { |
||||
"parent": { |
||||
"type": "contract", |
||||
"name": "C", |
||||
"source_mapping": { |
||||
"start": 0, |
||||
"length": 763, |
||||
"filename_used": "/GENERIC_PATH", |
||||
"filename_relative": "tests/detectors/msg-value-loop/0.8.0/msg_value_loop.sol", |
||||
"filename_absolute": "/GENERIC_PATH", |
||||
"filename_short": "tests/detectors/msg-value-loop/0.8.0/msg_value_loop.sol", |
||||
"is_dependency": false, |
||||
"lines": [ |
||||
1, |
||||
2, |
||||
3, |
||||
4, |
||||
5, |
||||
6, |
||||
7, |
||||
8, |
||||
9, |
||||
10, |
||||
11, |
||||
12, |
||||
13, |
||||
14, |
||||
15, |
||||
16, |
||||
17, |
||||
18, |
||||
19, |
||||
20, |
||||
21, |
||||
22, |
||||
23, |
||||
24, |
||||
25, |
||||
26, |
||||
27, |
||||
28, |
||||
29, |
||||
30 |
||||
], |
||||
"starting_column": 1, |
||||
"ending_column": 0 |
||||
} |
||||
}, |
||||
"signature": "bad(address[])" |
||||
} |
||||
}, |
||||
{ |
||||
"type": "node", |
||||
"name": "balances[receivers[i]] += msg.value", |
||||
"source_mapping": { |
||||
"start": 188, |
||||
"length": 35, |
||||
"filename_used": "/GENERIC_PATH", |
||||
"filename_relative": "tests/detectors/msg-value-loop/0.8.0/msg_value_loop.sol", |
||||
"filename_absolute": "/GENERIC_PATH", |
||||
"filename_short": "tests/detectors/msg-value-loop/0.8.0/msg_value_loop.sol", |
||||
"is_dependency": false, |
||||
"lines": [ |
||||
7 |
||||
], |
||||
"starting_column": 13, |
||||
"ending_column": 48 |
||||
}, |
||||
"type_specific_fields": { |
||||
"parent": { |
||||
"type": "function", |
||||
"name": "bad", |
||||
"source_mapping": { |
||||
"start": 61, |
||||
"length": 179, |
||||
"filename_used": "/GENERIC_PATH", |
||||
"filename_relative": "tests/detectors/msg-value-loop/0.8.0/msg_value_loop.sol", |
||||
"filename_absolute": "/GENERIC_PATH", |
||||
"filename_short": "tests/detectors/msg-value-loop/0.8.0/msg_value_loop.sol", |
||||
"is_dependency": false, |
||||
"lines": [ |
||||
5, |
||||
6, |
||||
7, |
||||
8, |
||||
9 |
||||
], |
||||
"starting_column": 5, |
||||
"ending_column": 6 |
||||
}, |
||||
"type_specific_fields": { |
||||
"parent": { |
||||
"type": "contract", |
||||
"name": "C", |
||||
"source_mapping": { |
||||
"start": 0, |
||||
"length": 763, |
||||
"filename_used": "/GENERIC_PATH", |
||||
"filename_relative": "tests/detectors/msg-value-loop/0.8.0/msg_value_loop.sol", |
||||
"filename_absolute": "/GENERIC_PATH", |
||||
"filename_short": "tests/detectors/msg-value-loop/0.8.0/msg_value_loop.sol", |
||||
"is_dependency": false, |
||||
"lines": [ |
||||
1, |
||||
2, |
||||
3, |
||||
4, |
||||
5, |
||||
6, |
||||
7, |
||||
8, |
||||
9, |
||||
10, |
||||
11, |
||||
12, |
||||
13, |
||||
14, |
||||
15, |
||||
16, |
||||
17, |
||||
18, |
||||
19, |
||||
20, |
||||
21, |
||||
22, |
||||
23, |
||||
24, |
||||
25, |
||||
26, |
||||
27, |
||||
28, |
||||
29, |
||||
30 |
||||
], |
||||
"starting_column": 1, |
||||
"ending_column": 0 |
||||
} |
||||
}, |
||||
"signature": "bad(address[])" |
||||
} |
||||
} |
||||
} |
||||
} |
||||
], |
||||
"description": "C.bad(address[]) (tests/detectors/msg-value-loop/0.8.0/msg_value_loop.sol#5-9) use msg.value in a loop: balances[receivers[i]] += msg.value (tests/detectors/msg-value-loop/0.8.0/msg_value_loop.sol#7)\n", |
||||
"markdown": "[C.bad(address[])](tests/detectors/msg-value-loop/0.8.0/msg_value_loop.sol#L5-L9) use msg.value in a loop: [balances[receivers[i]] += msg.value](tests/detectors/msg-value-loop/0.8.0/msg_value_loop.sol#L7)\n", |
||||
"first_markdown_element": "tests/detectors/msg-value-loop/0.8.0/msg_value_loop.sol#L5-L9", |
||||
"id": "0051349cec04c37ffe5ac2f85a2dbbd4a567f5194c16278745de3b12a1c86cb9", |
||||
"check": "msg-value-loop", |
||||
"impact": "High", |
||||
"confidence": "Medium" |
||||
}, |
||||
{ |
||||
"elements": [ |
||||
{ |
||||
"type": "function", |
||||
"name": "bad2_internal", |
||||
"source_mapping": { |
||||
"start": 425, |
||||
"length": 84, |
||||
"filename_used": "/GENERIC_PATH", |
||||
"filename_relative": "tests/detectors/msg-value-loop/0.8.0/msg_value_loop.sol", |
||||
"filename_absolute": "/GENERIC_PATH", |
||||
"filename_short": "tests/detectors/msg-value-loop/0.8.0/msg_value_loop.sol", |
||||
"is_dependency": false, |
||||
"lines": [ |
||||
17, |
||||
18, |
||||
19 |
||||
], |
||||
"starting_column": 5, |
||||
"ending_column": 6 |
||||
}, |
||||
"type_specific_fields": { |
||||
"parent": { |
||||
"type": "contract", |
||||
"name": "C", |
||||
"source_mapping": { |
||||
"start": 0, |
||||
"length": 763, |
||||
"filename_used": "/GENERIC_PATH", |
||||
"filename_relative": "tests/detectors/msg-value-loop/0.8.0/msg_value_loop.sol", |
||||
"filename_absolute": "/GENERIC_PATH", |
||||
"filename_short": "tests/detectors/msg-value-loop/0.8.0/msg_value_loop.sol", |
||||
"is_dependency": false, |
||||
"lines": [ |
||||
1, |
||||
2, |
||||
3, |
||||
4, |
||||
5, |
||||
6, |
||||
7, |
||||
8, |
||||
9, |
||||
10, |
||||
11, |
||||
12, |
||||
13, |
||||
14, |
||||
15, |
||||
16, |
||||
17, |
||||
18, |
||||
19, |
||||
20, |
||||
21, |
||||
22, |
||||
23, |
||||
24, |
||||
25, |
||||
26, |
||||
27, |
||||
28, |
||||
29, |
||||
30 |
||||
], |
||||
"starting_column": 1, |
||||
"ending_column": 0 |
||||
} |
||||
}, |
||||
"signature": "bad2_internal(address)" |
||||
} |
||||
}, |
||||
{ |
||||
"type": "node", |
||||
"name": "balances[a] += msg.value", |
||||
"source_mapping": { |
||||
"start": 478, |
||||
"length": 24, |
||||
"filename_used": "/GENERIC_PATH", |
||||
"filename_relative": "tests/detectors/msg-value-loop/0.8.0/msg_value_loop.sol", |
||||
"filename_absolute": "/GENERIC_PATH", |
||||
"filename_short": "tests/detectors/msg-value-loop/0.8.0/msg_value_loop.sol", |
||||
"is_dependency": false, |
||||
"lines": [ |
||||
18 |
||||
], |
||||
"starting_column": 9, |
||||
"ending_column": 33 |
||||
}, |
||||
"type_specific_fields": { |
||||
"parent": { |
||||
"type": "function", |
||||
"name": "bad2_internal", |
||||
"source_mapping": { |
||||
"start": 425, |
||||
"length": 84, |
||||
"filename_used": "/GENERIC_PATH", |
||||
"filename_relative": "tests/detectors/msg-value-loop/0.8.0/msg_value_loop.sol", |
||||
"filename_absolute": "/GENERIC_PATH", |
||||
"filename_short": "tests/detectors/msg-value-loop/0.8.0/msg_value_loop.sol", |
||||
"is_dependency": false, |
||||
"lines": [ |
||||
17, |
||||
18, |
||||
19 |
||||
], |
||||
"starting_column": 5, |
||||
"ending_column": 6 |
||||
}, |
||||
"type_specific_fields": { |
||||
"parent": { |
||||
"type": "contract", |
||||
"name": "C", |
||||
"source_mapping": { |
||||
"start": 0, |
||||
"length": 763, |
||||
"filename_used": "/GENERIC_PATH", |
||||
"filename_relative": "tests/detectors/msg-value-loop/0.8.0/msg_value_loop.sol", |
||||
"filename_absolute": "/GENERIC_PATH", |
||||
"filename_short": "tests/detectors/msg-value-loop/0.8.0/msg_value_loop.sol", |
||||
"is_dependency": false, |
||||
"lines": [ |
||||
1, |
||||
2, |
||||
3, |
||||
4, |
||||
5, |
||||
6, |
||||
7, |
||||
8, |
||||
9, |
||||
10, |
||||
11, |
||||
12, |
||||
13, |
||||
14, |
||||
15, |
||||
16, |
||||
17, |
||||
18, |
||||
19, |
||||
20, |
||||
21, |
||||
22, |
||||
23, |
||||
24, |
||||
25, |
||||
26, |
||||
27, |
||||
28, |
||||
29, |
||||
30 |
||||
], |
||||
"starting_column": 1, |
||||
"ending_column": 0 |
||||
} |
||||
}, |
||||
"signature": "bad2_internal(address)" |
||||
} |
||||
} |
||||
} |
||||
} |
||||
], |
||||
"description": "C.bad2_internal(address) (tests/detectors/msg-value-loop/0.8.0/msg_value_loop.sol#17-19) use msg.value in a loop: balances[a] += msg.value (tests/detectors/msg-value-loop/0.8.0/msg_value_loop.sol#18)\n", |
||||
"markdown": "[C.bad2_internal(address)](tests/detectors/msg-value-loop/0.8.0/msg_value_loop.sol#L17-L19) use msg.value in a loop: [balances[a] += msg.value](tests/detectors/msg-value-loop/0.8.0/msg_value_loop.sol#L18)\n", |
||||
"first_markdown_element": "tests/detectors/msg-value-loop/0.8.0/msg_value_loop.sol#L17-L19", |
||||
"id": "0064bba498edf780c73f858d7a8d6cc42e1be323e288eea78622b8d84fe557bc", |
||||
"check": "msg-value-loop", |
||||
"impact": "High", |
||||
"confidence": "Medium" |
||||
}, |
||||
{ |
||||
"elements": [ |
||||
{ |
||||
"type": "function", |
||||
"name": "bad3", |
||||
"source_mapping": { |
||||
"start": 515, |
||||
"length": 245, |
||||
"filename_used": "/GENERIC_PATH", |
||||
"filename_relative": "tests/detectors/msg-value-loop/0.8.0/msg_value_loop.sol", |
||||
"filename_absolute": "/GENERIC_PATH", |
||||
"filename_short": "tests/detectors/msg-value-loop/0.8.0/msg_value_loop.sol", |
||||
"is_dependency": false, |
||||
"lines": [ |
||||
21, |
||||
22, |
||||
23, |
||||
24, |
||||
25, |
||||
26, |
||||
27 |
||||
], |
||||
"starting_column": 5, |
||||
"ending_column": 6 |
||||
}, |
||||
"type_specific_fields": { |
||||
"parent": { |
||||
"type": "contract", |
||||
"name": "C", |
||||
"source_mapping": { |
||||
"start": 0, |
||||
"length": 763, |
||||
"filename_used": "/GENERIC_PATH", |
||||
"filename_relative": "tests/detectors/msg-value-loop/0.8.0/msg_value_loop.sol", |
||||
"filename_absolute": "/GENERIC_PATH", |
||||
"filename_short": "tests/detectors/msg-value-loop/0.8.0/msg_value_loop.sol", |
||||
"is_dependency": false, |
||||
"lines": [ |
||||
1, |
||||
2, |
||||
3, |
||||
4, |
||||
5, |
||||
6, |
||||
7, |
||||
8, |
||||
9, |
||||
10, |
||||
11, |
||||
12, |
||||
13, |
||||
14, |
||||
15, |
||||
16, |
||||
17, |
||||
18, |
||||
19, |
||||
20, |
||||
21, |
||||
22, |
||||
23, |
||||
24, |
||||
25, |
||||
26, |
||||
27, |
||||
28, |
||||
29, |
||||
30 |
||||
], |
||||
"starting_column": 1, |
||||
"ending_column": 0 |
||||
} |
||||
}, |
||||
"signature": "bad3(address[])" |
||||
} |
||||
}, |
||||
{ |
||||
"type": "node", |
||||
"name": "balances[receivers[j]] += msg.value", |
||||
"source_mapping": { |
||||
"start": 694, |
||||
"length": 35, |
||||
"filename_used": "/GENERIC_PATH", |
||||
"filename_relative": "tests/detectors/msg-value-loop/0.8.0/msg_value_loop.sol", |
||||
"filename_absolute": "/GENERIC_PATH", |
||||
"filename_short": "tests/detectors/msg-value-loop/0.8.0/msg_value_loop.sol", |
||||
"is_dependency": false, |
||||
"lines": [ |
||||
24 |
||||
], |
||||
"starting_column": 17, |
||||
"ending_column": 52 |
||||
}, |
||||
"type_specific_fields": { |
||||
"parent": { |
||||
"type": "function", |
||||
"name": "bad3", |
||||
"source_mapping": { |
||||
"start": 515, |
||||
"length": 245, |
||||
"filename_used": "/GENERIC_PATH", |
||||
"filename_relative": "tests/detectors/msg-value-loop/0.8.0/msg_value_loop.sol", |
||||
"filename_absolute": "/GENERIC_PATH", |
||||
"filename_short": "tests/detectors/msg-value-loop/0.8.0/msg_value_loop.sol", |
||||
"is_dependency": false, |
||||
"lines": [ |
||||
21, |
||||
22, |
||||
23, |
||||
24, |
||||
25, |
||||
26, |
||||
27 |
||||
], |
||||
"starting_column": 5, |
||||
"ending_column": 6 |
||||
}, |
||||
"type_specific_fields": { |
||||
"parent": { |
||||
"type": "contract", |
||||
"name": "C", |
||||
"source_mapping": { |
||||
"start": 0, |
||||
"length": 763, |
||||
"filename_used": "/GENERIC_PATH", |
||||
"filename_relative": "tests/detectors/msg-value-loop/0.8.0/msg_value_loop.sol", |
||||
"filename_absolute": "/GENERIC_PATH", |
||||
"filename_short": "tests/detectors/msg-value-loop/0.8.0/msg_value_loop.sol", |
||||
"is_dependency": false, |
||||
"lines": [ |
||||
1, |
||||
2, |
||||
3, |
||||
4, |
||||
5, |
||||
6, |
||||
7, |
||||
8, |
||||
9, |
||||
10, |
||||
11, |
||||
12, |
||||
13, |
||||
14, |
||||
15, |
||||
16, |
||||
17, |
||||
18, |
||||
19, |
||||
20, |
||||
21, |
||||
22, |
||||
23, |
||||
24, |
||||
25, |
||||
26, |
||||
27, |
||||
28, |
||||
29, |
||||
30 |
||||
], |
||||
"starting_column": 1, |
||||
"ending_column": 0 |
||||
} |
||||
}, |
||||
"signature": "bad3(address[])" |
||||
} |
||||
} |
||||
} |
||||
} |
||||
], |
||||
"description": "C.bad3(address[]) (tests/detectors/msg-value-loop/0.8.0/msg_value_loop.sol#21-27) use msg.value in a loop: balances[receivers[j]] += msg.value (tests/detectors/msg-value-loop/0.8.0/msg_value_loop.sol#24)\n", |
||||
"markdown": "[C.bad3(address[])](tests/detectors/msg-value-loop/0.8.0/msg_value_loop.sol#L21-L27) use msg.value in a loop: [balances[receivers[j]] += msg.value](tests/detectors/msg-value-loop/0.8.0/msg_value_loop.sol#L24)\n", |
||||
"first_markdown_element": "tests/detectors/msg-value-loop/0.8.0/msg_value_loop.sol#L21-L27", |
||||
"id": "5aba5d0fecd0935e1e8d98c5779a7114fbfd4587b6b8b7fdca61829d3322f584", |
||||
"check": "msg-value-loop", |
||||
"impact": "High", |
||||
"confidence": "Medium" |
||||
} |
||||
] |
||||
] |
||||
Loading…
Reference in new issue