From 831f9dead3deaaf84cacc0d00843f0cd7a5d982e Mon Sep 17 00:00:00 2001 From: Josselin Feist Date: Wed, 17 Aug 2022 10:43:39 +0200 Subject: [PATCH 1/9] Improve reentrancy detector: - Fix loop detection (fix #1019) - Add python types --- slither/detectors/reentrancy/reentrancy.py | 61 +++++++++++----------- slither/slithir/operations/call.py | 4 +- 2 files changed, 32 insertions(+), 33 deletions(-) diff --git a/slither/detectors/reentrancy/reentrancy.py b/slither/detectors/reentrancy/reentrancy.py index b51c9fad8..8dd9aecc0 100644 --- a/slither/detectors/reentrancy/reentrancy.py +++ b/slither/detectors/reentrancy/reentrancy.py @@ -5,31 +5,32 @@ Iterate over all the nodes of the graph until reaching a fixpoint """ from collections import defaultdict -from typing import Set, Dict, Union +from typing import Set, Dict, List, Tuple, Optional from slither.core.cfg.node import NodeType, Node -from slither.core.declarations import Function +from slither.core.declarations import Function, Contract from slither.core.expressions import UnaryOperation, UnaryOperationType from slither.core.variables.variable import Variable from slither.detectors.abstract_detector import AbstractDetector -from slither.slithir.operations import Call, EventCall +from slither.slithir.operations import Call, EventCall, Operation +from slither.utils.output import Output -def union_dict(d1, d2): +def union_dict(d1: Dict, d2: Dict) -> Dict: d3 = {k: d1.get(k, set()) | d2.get(k, set()) for k in set(list(d1.keys()) + list(d2.keys()))} return defaultdict(set, d3) -def dict_are_equal(d1, d2): +def dict_are_equal(d1: Dict, d2: Dict) -> bool: if set(list(d1.keys())) != set(list(d2.keys())): return False return all(set(d1[k]) == set(d2[k]) for k in d1.keys()) def is_subset( - new_info: Dict[Union[Variable, Node], Set[Node]], - old_info: Dict[Union[Variable, Node], Set[Node]], -): + new_info: Dict, + old_info: Dict, +) -> bool: for k in new_info.keys(): if k not in old_info: return False @@ -38,7 +39,7 @@ def is_subset( return True -def to_hashable(d: Dict[Node, Set[Node]]): +def to_hashable(d: Dict[Node, Set[Node]]) -> Tuple: list_tuple = list( tuple((k, tuple(sorted(values, key=lambda x: x.node_id)))) for k, values in d.items() ) @@ -46,7 +47,7 @@ def to_hashable(d: Dict[Node, Set[Node]]): class AbstractState: - def __init__(self): + def __init__(self) -> None: # send_eth returns the list of calls sending value # calls returns the list of calls that can callback # read returns the variable read @@ -106,7 +107,9 @@ class AbstractState: """ return self._events - def merge_fathers(self, node, skip_father, detector): + def merge_fathers( + self, node: Node, skip_father: Optional[Node], detector: "Reentrancy" + ) -> None: for father in node.fathers: if detector.KEY in father.context: self._send_eth = union_dict( @@ -131,7 +134,7 @@ class AbstractState: father.context[detector.KEY].reads_prior_calls, ) - def analyze_node(self, node, detector): + def analyze_node(self, node: Node, detector: "Reentrancy") -> bool: state_vars_read: Dict[Variable, Set[Node]] = defaultdict( set, {v: {node} for v in node.state_variables_read} ) @@ -175,13 +178,13 @@ class AbstractState: return contains_call - def add(self, fathers): + def add(self, fathers: "AbstractState") -> None: self._send_eth = union_dict(self._send_eth, fathers.send_eth) self._calls = union_dict(self._calls, fathers.calls) self._reads = union_dict(self._reads, fathers.reads) self._reads_prior_calls = union_dict(self._reads_prior_calls, fathers.reads_prior_calls) - def does_not_bring_new_info(self, new_info): + def does_not_bring_new_info(self, new_info: "AbstractState") -> bool: if is_subset(new_info.calls, self.calls): if is_subset(new_info.send_eth, self.send_eth): if is_subset(new_info.reads, self.reads): @@ -190,7 +193,7 @@ class AbstractState: return False -def _filter_if(node): +def _filter_if(node: Node) -> bool: """ Check if the node is a condtional node where there is an external call checked @@ -201,10 +204,8 @@ def _filter_if(node): This will work only on naive implementation """ - return ( - isinstance(node.expression, UnaryOperation) - and node.expression.type == UnaryOperationType.BANG - ) + expression = node.expression + return isinstance(expression, UnaryOperation) and expression.type == UnaryOperationType.BANG class Reentrancy(AbstractDetector): @@ -214,7 +215,7 @@ class Reentrancy(AbstractDetector): # allowing inherited classes to define different behaviors # For example reentrancy_no_gas consider Send and Transfer as reentrant functions @staticmethod - def can_callback(ir): + def can_callback(ir: Operation) -> bool: """ Detect if the node contains a call that can be used to re-entrance @@ -228,13 +229,13 @@ class Reentrancy(AbstractDetector): return isinstance(ir, Call) and ir.can_reenter() @staticmethod - def can_send_eth(ir): + def can_send_eth(ir: Operation) -> bool: """ Detect if the node can send eth """ return isinstance(ir, Call) and ir.can_send_eth() - def _explore(self, node, visited, skip_father=None): + def _explore(self, node: Optional[Node], skip_father: Optional[Node] = None) -> None: """ Explore the CFG and look for re-entrancy Heuristic: There is a re-entrancy if a state variable is written @@ -245,11 +246,9 @@ class Reentrancy(AbstractDetector): if node.context is not empty, and variables are written, a re-entrancy is possible """ - if node in visited: + if node is None: return - visited = visited + [node] - fathers_context = AbstractState() fathers_context.merge_fathers(node, skip_father, self) @@ -271,26 +270,26 @@ class Reentrancy(AbstractDetector): if contains_call and node.type in [NodeType.IF, NodeType.IFLOOP]: if _filter_if(node): son = sons[0] - self._explore(son, visited, node) + self._explore(son, skip_father=node) sons = sons[1:] else: son = sons[1] - self._explore(son, visited, node) + self._explore(son, skip_father=node) sons = [sons[0]] for son in sons: - self._explore(son, visited) + self._explore(son) - def detect_reentrancy(self, contract): + def detect_reentrancy(self, contract: Contract) -> None: for function in contract.functions_and_modifiers_declared: if not function.is_constructor: if function.is_implemented: if self.KEY in function.context: continue - self._explore(function.entry_point, []) + self._explore(function.entry_point) function.context[self.KEY] = True - def _detect(self): + def _detect(self) -> List[Output]: """""" # if a node was already visited by another path # we will only explore it if the traversal brings diff --git a/slither/slithir/operations/call.py b/slither/slithir/operations/call.py index cff2767cd..2e0c3d1df 100644 --- a/slither/slithir/operations/call.py +++ b/slither/slithir/operations/call.py @@ -14,14 +14,14 @@ class Call(Operation): def arguments(self, v): self._arguments = v - def can_reenter(self, _callstack=None): # pylint: disable=no-self-use + def can_reenter(self, _callstack=None) -> bool: # pylint: disable=no-self-use """ Must be called after slithIR analysis pass :return: bool """ return False - def can_send_eth(self): # pylint: disable=no-self-use + def can_send_eth(self) -> bool: # pylint: disable=no-self-use """ Must be called after slithIR analysis pass :return: bool From 70dff581ed47644b575311282aca13118e99e7cd Mon Sep 17 00:00:00 2001 From: Josselin Feist Date: Wed, 17 Aug 2022 11:29:44 +0200 Subject: [PATCH 2/9] Add function.all_reachable_from_functions and function.is_reentrant Fix type in function.reacheable_from_functions --- slither/core/declarations/function.py | 50 +++++++++++++++++++++++++-- tests/test_function.py | 17 +++++++++ tests/test_function_reentrant.sol | 36 +++++++++++++++++++ 3 files changed, 100 insertions(+), 3 deletions(-) create mode 100644 tests/test_function_reentrant.sol diff --git a/slither/core/declarations/function.py b/slither/core/declarations/function.py index 4c88150d2..ccabb87e6 100644 --- a/slither/core/declarations/function.py +++ b/slither/core/declarations/function.py @@ -189,7 +189,8 @@ class Function(SourceMapping, metaclass=ABCMeta): # pylint: disable=too-many-pu # set(ReacheableNode) self._reachable_from_nodes: Set[ReacheableNode] = set() - self._reachable_from_functions: Set[ReacheableNode] = set() + self._reachable_from_functions: Set[Function] = set() + self._all_reachable_from_functions: Optional[Set[Function]] = None # Constructor, fallback, State variable constructor self._function_type: Optional[FunctionType] = None @@ -214,7 +215,7 @@ class Function(SourceMapping, metaclass=ABCMeta): # pylint: disable=too-many-pu self.compilation_unit: "SlitherCompilationUnit" = compilation_unit - # Assume we are analyzing Solidty by default + # Assume we are analyzing Solidity by default self.function_language: FunctionLanguage = FunctionLanguage.Solidity self._id: Optional[str] = None @@ -1024,9 +1025,32 @@ class Function(SourceMapping, metaclass=ABCMeta): # pylint: disable=too-many-pu return self._reachable_from_nodes @property - def reachable_from_functions(self) -> Set[ReacheableNode]: + def reachable_from_functions(self) -> Set["Function"]: return self._reachable_from_functions + @property + def all_reachable_from_functions(self) -> Set["Function"]: + """ + Give the recursive version of reachable_from_functions (all the functions that lead to call self in the CFG) + """ + if self._all_reachable_from_functions is None: + functions: Set["Function"] = set() + + new_functions = self.reachable_from_functions + print([str(f) for f in new_functions]) + # iterate until we have are finding new functions + while new_functions and new_functions not in functions: + print([str(f) for f in new_functions]) + functions = functions.union(new_functions) + # Use a temporary set, because we iterate over new_functions + new_functionss: Set["Function"] = set() + for f in new_functions: + new_functionss = new_functionss.union(f.reachable_from_functions) + new_functions = new_functionss + + self._all_reachable_from_functions = functions + return self._all_reachable_from_functions + def add_reachable_from_node(self, n: "Node", ir: "Operation"): self._reachable_from_nodes.add(ReacheableNode(n, ir)) self._reachable_from_functions.add(n.function) @@ -1455,6 +1479,26 @@ class Function(SourceMapping, metaclass=ABCMeta): # pylint: disable=too-many-pu ) return self._is_protected + @property + def is_reentrant(self) -> bool: + """ + Determine if the function can be re-entered + """ + # TODO: compare with hash of known nonReentrant modifier instead of the name + if "nonReentrant" in [m.name for m in self.modifiers]: + return False + + if self.visibility in ["public", "external"]: + return True + + # If it's an internal function, check if all its entry points have the nonReentrant modifier + all_entry_points = [ + f for f in self.all_reachable_from_functions if f.visibility in ["public", "external"] + ] + if not all_entry_points: + return True + return not all(("nonReentrant" in [m.name for m in f.modifiers] for f in all_entry_points)) + # endregion ################################################################################### ################################################################################### diff --git a/tests/test_function.py b/tests/test_function.py index 19fa596ab..09ecdc6ba 100644 --- a/tests/test_function.py +++ b/tests/test_function.py @@ -247,6 +247,7 @@ def test_functions(): def test_function_can_send_eth(): + solc_select.switch_global_version("0.6.12", always_install=True) slither = Slither("tests/test_function.sol") compilation_unit = slither.compilation_units[0] functions = compilation_unit.get_contract_from_name("TestFunctionCanSendEth")[ @@ -267,3 +268,19 @@ def test_function_can_send_eth(): assert functions["transfer_via_external()"].can_send_eth() is False assert functions["call_via_external()"].can_send_eth() is False assert functions["highlevel_call_via_external()"].can_send_eth() is False + + +def test_reentrant(): + solc_select.switch_global_version("0.8.10", always_install=True) + slither = Slither("tests/test_function_reentrant.sol") + compilation_unit = slither.compilation_units[0] + functions = compilation_unit.get_contract_from_name("TestReentrant")[ + 0 + ].available_functions_as_dict() + + assert functions["is_reentrant()"].is_reentrant + assert not functions["is_non_reentrant()"].is_reentrant + assert not functions["internal_and_not_reentrant()"].is_reentrant + assert not functions["internal_and_not_reentrant2()"].is_reentrant + assert functions["internal_and_could_be_reentrant()"].is_reentrant + assert functions["internal_and_reentrant()"].is_reentrant diff --git a/tests/test_function_reentrant.sol b/tests/test_function_reentrant.sol new file mode 100644 index 000000000..a1a8faa7b --- /dev/null +++ b/tests/test_function_reentrant.sol @@ -0,0 +1,36 @@ +contract TestReentrant{ + + modifier nonReentrant(){ + _; + } + + function is_reentrant() public{ + internal_and_could_be_reentrant(); + internal_and_reentrant(); + } + + function is_non_reentrant() nonReentrant() public{ + internal_and_could_be_reentrant(); + internal_and_not_reentrant2(); + } + + function internal_and_not_reentrant() nonReentrant() internal{ + + } + + function internal_and_not_reentrant2() internal{ + + } + + // Called by a protected and unprotected function + function internal_and_could_be_reentrant() internal{ + + } + + // Called by a protected and unprotected function + function internal_and_reentrant() internal{ + + } + + +} \ No newline at end of file From 08994a3971bd18eb1cdaff1f2faf6fd73b80a1e3 Mon Sep 17 00:00:00 2001 From: Josselin Feist Date: Wed, 17 Aug 2022 13:53:04 +0200 Subject: [PATCH 3/9] Filter reentrancies detector based on the nonReentrant modifier - reentrancy-eth/reentrancy-no-eth: do not warn if the function is non reentrant, and there is no other reentrant function that writes to the affected variable - reentrancy-event: do not warm if the function is non reentrant --- slither/core/declarations/contract.py | 13 + slither/core/declarations/function.py | 2 - .../detectors/reentrancy/reentrancy_eth.py | 4 + .../detectors/reentrancy/reentrancy_events.py | 2 + .../reentrancy_read_before_write.py | 4 + .../0.8.10/reentrancy_with_non_reentrant.sol | 108 ++++ ...on_reentrant.sol.0.8.10.ReentrancyEth.json | 506 ++++++++++++++++++ tests/test_detectors.py | 1 + 8 files changed, 638 insertions(+), 2 deletions(-) create mode 100644 tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol create mode 100644 tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol.0.8.10.ReentrancyEth.json diff --git a/slither/core/declarations/contract.py b/slither/core/declarations/contract.py index 5d65d5cc5..3b001453d 100644 --- a/slither/core/declarations/contract.py +++ b/slither/core/declarations/contract.py @@ -100,6 +100,9 @@ class Contract(SourceMapping): # pylint: disable=too-many-public-methods self.compilation_unit: "SlitherCompilationUnit" = compilation_unit self.file_scope: "FileScope" = scope + # memoize + self._state_variables_written_in_reentrant_targets: Optional[List["StateVariable"]] = None + ################################################################################### ################################################################################### # region General's properties @@ -349,6 +352,16 @@ class Contract(SourceMapping): # pylint: disable=too-many-public-methods slithir_variables = [item for sublist in slithir_variabless for item in sublist] return list(set(slithir_variables)) + @property + def state_variables_written_in_reentrant_targets(self) -> List["StateVariable"]: + if self._state_variables_written_in_reentrant_targets is None: + reentrant_functions = [f for f in self.functions if f.is_reentrant] + variables_writtenss = [f.all_state_variables_written() for f in reentrant_functions] + self._state_variables_written_in_reentrant_targets = [ + item for sublist in variables_writtenss for item in sublist + ] + return self._state_variables_written_in_reentrant_targets + # endregion ################################################################################### ################################################################################### diff --git a/slither/core/declarations/function.py b/slither/core/declarations/function.py index ccabb87e6..96b4573e9 100644 --- a/slither/core/declarations/function.py +++ b/slither/core/declarations/function.py @@ -1037,10 +1037,8 @@ class Function(SourceMapping, metaclass=ABCMeta): # pylint: disable=too-many-pu functions: Set["Function"] = set() new_functions = self.reachable_from_functions - print([str(f) for f in new_functions]) # iterate until we have are finding new functions while new_functions and new_functions not in functions: - print([str(f) for f in new_functions]) functions = functions.union(new_functions) # Use a temporary set, because we iterate over new_functions new_functionss: Set["Function"] = set() diff --git a/slither/detectors/reentrancy/reentrancy_eth.py b/slither/detectors/reentrancy/reentrancy_eth.py index d64a4affc..5a64e2bd9 100644 --- a/slither/detectors/reentrancy/reentrancy_eth.py +++ b/slither/detectors/reentrancy/reentrancy_eth.py @@ -75,6 +75,10 @@ Bob uses the re-entrancy bug to call `withdrawBalance` two times, and withdraw m ) for (v, nodes) in node.context[self.KEY].written.items() if v in node.context[self.KEY].reads_prior_calls[c] + and ( + f.is_reentrant + or v in contract.state_variables_written_in_reentrant_targets + ) } if read_then_written: diff --git a/slither/detectors/reentrancy/reentrancy_events.py b/slither/detectors/reentrancy/reentrancy_events.py index f7c9a9848..78a6058be 100644 --- a/slither/detectors/reentrancy/reentrancy_events.py +++ b/slither/detectors/reentrancy/reentrancy_events.py @@ -52,6 +52,8 @@ If `d.()` re-enters, the `Counter` events will be shown in an incorrect order, w result = defaultdict(set) for contract in self.contracts: for f in contract.functions_and_modifiers_declared: + if not f.is_reentrant: + continue for node in f.nodes: # dead code if self.KEY not in node.context: diff --git a/slither/detectors/reentrancy/reentrancy_read_before_write.py b/slither/detectors/reentrancy/reentrancy_read_before_write.py index 63b6a705a..83cff9478 100644 --- a/slither/detectors/reentrancy/reentrancy_read_before_write.py +++ b/slither/detectors/reentrancy/reentrancy_read_before_write.py @@ -70,6 +70,10 @@ Do not report reentrancies that involve Ether (see `reentrancy-eth`).""" ) for (v, nodes) in node.context[self.KEY].written.items() if v in node.context[self.KEY].reads_prior_calls[c] + and ( + f.is_reentrant + or v in contract.state_variables_written_in_reentrant_targets + ) } # We found a potential re-entrancy bug diff --git a/tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol b/tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol new file mode 100644 index 000000000..41d3e4fa1 --- /dev/null +++ b/tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol @@ -0,0 +1,108 @@ +interface Receiver{ + function send_funds() payable external; +} + +contract TestWithBug{ + + mapping(address => uint) balances; + + modifier nonReentrant(){ + _; + } + + function withdraw(uint amount) nonReentrant public{ + require(amount <= balances[msg.sender]); + Receiver(msg.sender).send_funds{value: amount}(); + balances[msg.sender] -= amount; + } + + function withdraw_all() public{ + uint amount = balances[msg.sender]; + balances[msg.sender] = 0; + Receiver(msg.sender).send_funds{value: amount}(); + } + +} + + +contract TestWithoutBug{ + + mapping(address => uint) balances; + + modifier nonReentrant(){ + _; + } + + function withdraw(uint amount) nonReentrant public{ + require(amount <= balances[msg.sender]); + Receiver(msg.sender).send_funds{value: amount}(); + balances[msg.sender] -= amount; + } + + function withdraw_all() nonReentrant public{ + uint amount = balances[msg.sender]; + balances[msg.sender] = 0; + Receiver(msg.sender).send_funds{value: amount}(); + } + +} + +contract TestWithBugInternal{ + + mapping(address => uint) balances; + + modifier nonReentrant(){ + _; + } + + function withdraw(uint amount) nonReentrant public{ + withdraw_internal(amount); + } + + function withdraw_internal(uint amount) internal{ + require(amount <= balances[msg.sender]); + Receiver(msg.sender).send_funds{value: amount}(); + balances[msg.sender] -= amount; + } + + function withdraw_all() public{ + withdraw_all_internal(); + } + + function withdraw_all_internal() internal { + uint amount = balances[msg.sender]; + balances[msg.sender] = 0; + Receiver(msg.sender).send_funds{value: amount}(); + } + +} + +contract TestWithoutBugInternal{ + + mapping(address => uint) balances; + + modifier nonReentrant(){ + _; + } + + function withdraw(uint amount) nonReentrant public{ + withdraw_internal(amount); + } + + function withdraw_internal(uint amount) internal{ + require(amount <= balances[msg.sender]); + Receiver(msg.sender).send_funds{value: amount}(); + balances[msg.sender] -= amount; + } + + function withdraw_all() nonReentrant public{ + withdraw_all_internal(); + } + + function withdraw_all_internal() internal { + uint amount = balances[msg.sender]; + balances[msg.sender] = 0; + Receiver(msg.sender).send_funds{value: amount}(); + } + +} \ No newline at end of file diff --git a/tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol.0.8.10.ReentrancyEth.json b/tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol.0.8.10.ReentrancyEth.json new file mode 100644 index 000000000..72dd19c48 --- /dev/null +++ b/tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol.0.8.10.ReentrancyEth.json @@ -0,0 +1,506 @@ +[ + [ + { + "elements": [ + { + "type": "function", + "name": "withdraw", + "source_mapping": { + "start": 181, + "length": 207, + "filename_relative": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol", + "is_dependency": false, + "lines": [ + 13, + 14, + 15, + 16, + 17 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "TestWithBug", + "source_mapping": { + "start": 67, + "length": 506, + "filename_relative": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol", + "is_dependency": false, + "lines": [ + 5, + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24, + 25 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "withdraw(uint256)" + } + }, + { + "type": "node", + "name": "Receiver(msg.sender).send_funds{value: amount}()", + "source_mapping": { + "start": 292, + "length": 48, + "filename_relative": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol", + "is_dependency": false, + "lines": [ + 15 + ], + "starting_column": 10, + "ending_column": 58 + }, + "type_specific_fields": { + "parent": { + "type": "function", + "name": "withdraw", + "source_mapping": { + "start": 181, + "length": 207, + "filename_relative": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol", + "is_dependency": false, + "lines": [ + 13, + 14, + 15, + 16, + 17 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "TestWithBug", + "source_mapping": { + "start": 67, + "length": 506, + "filename_relative": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol", + "is_dependency": false, + "lines": [ + 5, + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24, + 25 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "withdraw(uint256)" + } + } + }, + "additional_fields": { + "underlying_type": "external_calls" + } + }, + { + "type": "node", + "name": "balances[msg.sender] -= amount", + "source_mapping": { + "start": 351, + "length": 30, + "filename_relative": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol", + "is_dependency": false, + "lines": [ + 16 + ], + "starting_column": 10, + "ending_column": 40 + }, + "type_specific_fields": { + "parent": { + "type": "function", + "name": "withdraw", + "source_mapping": { + "start": 181, + "length": 207, + "filename_relative": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol", + "is_dependency": false, + "lines": [ + 13, + 14, + 15, + 16, + 17 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "TestWithBug", + "source_mapping": { + "start": 67, + "length": 506, + "filename_relative": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol", + "is_dependency": false, + "lines": [ + 5, + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24, + 25 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "withdraw(uint256)" + } + } + }, + "additional_fields": { + "underlying_type": "variables_written", + "variable_name": "balances" + } + } + ], + "description": "Reentrancy in TestWithBug.withdraw(uint256) (tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#13-17):\n\tExternal calls:\n\t- Receiver(msg.sender).send_funds{value: amount}() (tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#15)\n\tState variables written after the call(s):\n\t- balances[msg.sender] -= amount (tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#16)\n", + "markdown": "Reentrancy in [TestWithBug.withdraw(uint256)](tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#L13-L17):\n\tExternal calls:\n\t- [Receiver(msg.sender).send_funds{value: amount}()](tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#L15)\n\tState variables written after the call(s):\n\t- [balances[msg.sender] -= amount](tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#L16)\n", + "first_markdown_element": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#L13-L17", + "id": "746b848eb5d1102128ce24fa085ea13e78073daa2e2934383a204dfdcf8f02c0", + "check": "reentrancy-eth", + "impact": "High", + "confidence": "Medium" + }, + { + "elements": [ + { + "type": "function", + "name": "withdraw_internal", + "source_mapping": { + "start": 1320, + "length": 205, + "filename_relative": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol", + "is_dependency": false, + "lines": [ + 62, + 63, + 64, + 65, + 66 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "TestWithBugInternal", + "source_mapping": { + "start": 1100, + "length": 698, + "filename_relative": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol", + "is_dependency": false, + "lines": [ + 50, + 51, + 52, + 53, + 54, + 55, + 56, + 57, + 58, + 59, + 60, + 61, + 62, + 63, + 64, + 65, + 66, + 67, + 68, + 69, + 70, + 71, + 72, + 73, + 74, + 75, + 76, + 77, + 78 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "withdraw_internal(uint256)" + } + }, + { + "type": "node", + "name": "Receiver(msg.sender).send_funds{value: amount}()", + "source_mapping": { + "start": 1429, + "length": 48, + "filename_relative": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol", + "is_dependency": false, + "lines": [ + 64 + ], + "starting_column": 10, + "ending_column": 58 + }, + "type_specific_fields": { + "parent": { + "type": "function", + "name": "withdraw_internal", + "source_mapping": { + "start": 1320, + "length": 205, + "filename_relative": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol", + "is_dependency": false, + "lines": [ + 62, + 63, + 64, + 65, + 66 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "TestWithBugInternal", + "source_mapping": { + "start": 1100, + "length": 698, + "filename_relative": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol", + "is_dependency": false, + "lines": [ + 50, + 51, + 52, + 53, + 54, + 55, + 56, + 57, + 58, + 59, + 60, + 61, + 62, + 63, + 64, + 65, + 66, + 67, + 68, + 69, + 70, + 71, + 72, + 73, + 74, + 75, + 76, + 77, + 78 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "withdraw_internal(uint256)" + } + } + }, + "additional_fields": { + "underlying_type": "external_calls" + } + }, + { + "type": "node", + "name": "balances[msg.sender] -= amount", + "source_mapping": { + "start": 1488, + "length": 30, + "filename_relative": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol", + "is_dependency": false, + "lines": [ + 65 + ], + "starting_column": 10, + "ending_column": 40 + }, + "type_specific_fields": { + "parent": { + "type": "function", + "name": "withdraw_internal", + "source_mapping": { + "start": 1320, + "length": 205, + "filename_relative": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol", + "is_dependency": false, + "lines": [ + 62, + 63, + 64, + 65, + 66 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "TestWithBugInternal", + "source_mapping": { + "start": 1100, + "length": 698, + "filename_relative": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol", + "is_dependency": false, + "lines": [ + 50, + 51, + 52, + 53, + 54, + 55, + 56, + 57, + 58, + 59, + 60, + 61, + 62, + 63, + 64, + 65, + 66, + 67, + 68, + 69, + 70, + 71, + 72, + 73, + 74, + 75, + 76, + 77, + 78 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "withdraw_internal(uint256)" + } + } + }, + "additional_fields": { + "underlying_type": "variables_written", + "variable_name": "balances" + } + } + ], + "description": "Reentrancy in TestWithBugInternal.withdraw_internal(uint256) (tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#62-66):\n\tExternal calls:\n\t- Receiver(msg.sender).send_funds{value: amount}() (tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#64)\n\tState variables written after the call(s):\n\t- balances[msg.sender] -= amount (tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#65)\n", + "markdown": "Reentrancy in [TestWithBugInternal.withdraw_internal(uint256)](tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#L62-L66):\n\tExternal calls:\n\t- [Receiver(msg.sender).send_funds{value: amount}()](tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#L64)\n\tState variables written after the call(s):\n\t- [balances[msg.sender] -= amount](tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#L65)\n", + "first_markdown_element": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#L62-L66", + "id": "d0680f2465dbe3b98cba27b175607d789949a9d1a1b686bd373b584caf3a0913", + "check": "reentrancy-eth", + "impact": "High", + "confidence": "Medium" + } + ] +] \ No newline at end of file diff --git a/tests/test_detectors.py b/tests/test_detectors.py index 69cef53bb..dfd23956c 100644 --- a/tests/test_detectors.py +++ b/tests/test_detectors.py @@ -362,6 +362,7 @@ ALL_TEST_OBJECTS = [ "DAO.sol", "0.4.25", ), + Test(all_detectors.ReentrancyEth, "reentrancy_with_non_reentrant.sol", "0.8.10"), Test( all_detectors.UninitializedStorageVars, "uninitialized_storage_pointer.sol", From d2a93f0225947f24297d96cc20083e120434564d Mon Sep 17 00:00:00 2001 From: Josselin Feist Date: Thu, 18 Aug 2022 14:10:14 +0200 Subject: [PATCH 4/9] Update the cross function reentrancy heuristic to work on variable read, and public state variables --- slither/core/declarations/contract.py | 33 +- .../detectors/reentrancy/reentrancy_eth.py | 24 +- .../reentrancy_read_before_write.py | 24 +- .../0.8.10/reentrancy_with_non_reentrant.sol | 45 +- ...on_reentrant.sol.0.8.10.ReentrancyEth.json | 677 +++++++++++++++--- 5 files changed, 676 insertions(+), 127 deletions(-) diff --git a/slither/core/declarations/contract.py b/slither/core/declarations/contract.py index 3b001453d..94c72786b 100644 --- a/slither/core/declarations/contract.py +++ b/slither/core/declarations/contract.py @@ -2,8 +2,9 @@ Contract module """ import logging +from collections import defaultdict from pathlib import Path -from typing import Optional, List, Dict, Callable, Tuple, TYPE_CHECKING, Union +from typing import Optional, List, Dict, Callable, Tuple, TYPE_CHECKING, Union, Set from crytic_compile.platform import Type as PlatformType @@ -101,7 +102,7 @@ class Contract(SourceMapping): # pylint: disable=too-many-public-methods self.file_scope: "FileScope" = scope # memoize - self._state_variables_written_in_reentrant_targets: Optional[List["StateVariable"]] = None + self._state_variables_used_in_reentrant_targets: Optional[Dict["StateVariable", Set[Union["StateVariable", "Function"]]]]= None ################################################################################### ################################################################################### @@ -353,14 +354,26 @@ class Contract(SourceMapping): # pylint: disable=too-many-public-methods return list(set(slithir_variables)) @property - def state_variables_written_in_reentrant_targets(self) -> List["StateVariable"]: - if self._state_variables_written_in_reentrant_targets is None: - reentrant_functions = [f for f in self.functions if f.is_reentrant] - variables_writtenss = [f.all_state_variables_written() for f in reentrant_functions] - self._state_variables_written_in_reentrant_targets = [ - item for sublist in variables_writtenss for item in sublist - ] - return self._state_variables_written_in_reentrant_targets + def state_variables_used_in_reentrant_targets(self) -> Dict["StateVariable", Set[Union["StateVariable", "Function"]]]: + """ + Returns the state variables used in reentrant targets. Heuristics: + - Variable used (read/write) in entry points that are reentrant + - State variables that are public + + """ + from slither.core.variables.state_variable import StateVariable + if self._state_variables_used_in_reentrant_targets is None: + reentrant_functions = [f for f in self.functions_entry_points if f.is_reentrant] + variables_used: Dict[StateVariable, Set[Union[StateVariable, "Function"]]] = defaultdict(set) + for function in reentrant_functions: + for ir in function.all_slithir_operations(): + state_variables = [v for v in ir.used if isinstance(v, StateVariable)] + for state_variable in state_variables: + variables_used[state_variable].add(ir.function) + for variable in [v for v in self.state_variables if v.visibility == "public"]: + variables_used[variable].add(variable) + self._state_variables_used_in_reentrant_targets = variables_used + return self._state_variables_used_in_reentrant_targets # endregion ################################################################################### diff --git a/slither/detectors/reentrancy/reentrancy_eth.py b/slither/detectors/reentrancy/reentrancy_eth.py index 5a64e2bd9..b8ae6afbc 100644 --- a/slither/detectors/reentrancy/reentrancy_eth.py +++ b/slither/detectors/reentrancy/reentrancy_eth.py @@ -5,13 +5,14 @@ Iterate over all the nodes of the graph until reaching a fixpoint """ from collections import namedtuple, defaultdict -from typing import List +from typing import List, Dict, Set from slither.detectors.abstract_detector import DetectorClassification from .reentrancy import Reentrancy, to_hashable +from ...utils.output import Output FindingKey = namedtuple("FindingKey", ["function", "calls", "send_eth"]) -FindingValue = namedtuple("FindingValue", ["variable", "node", "nodes"]) +FindingValue = namedtuple("FindingValue", ["variable", "node", "nodes", "cross_functions"]) class ReentrancyEth(Reentrancy): @@ -52,9 +53,10 @@ Bob uses the re-entrancy bug to call `withdrawBalance` two times, and withdraw m STANDARD_JSON = False - def find_reentrancies(self): - result = defaultdict(set) + def find_reentrancies(self) -> Dict[FindingKey, Set[FindingValue]]: + result: Dict[FindingKey, Set[FindingValue]] = defaultdict(set) for contract in self.contracts: # pylint: disable=too-many-nested-blocks + variables_used_in_reentrancy = contract.state_variables_used_in_reentrant_targets for f in contract.functions_and_modifiers_declared: for node in f.nodes: # dead code @@ -72,12 +74,13 @@ Bob uses the re-entrancy bug to call `withdrawBalance` two times, and withdraw m v, node, tuple(sorted(nodes, key=lambda x: x.node_id)), + tuple(variables_used_in_reentrancy[v]) ) for (v, nodes) in node.context[self.KEY].written.items() if v in node.context[self.KEY].reads_prior_calls[c] and ( f.is_reentrant - or v in contract.state_variables_written_in_reentrant_targets + or v in variables_used_in_reentrancy ) } @@ -92,7 +95,7 @@ Bob uses the re-entrancy bug to call `withdrawBalance` two times, and withdraw m result[finding_key] |= set(read_then_written) return result - def _detect(self): # pylint: disable=too-many-branches + def _detect(self) -> List[Output]: # pylint: disable=too-many-branches,too-many-locals """""" super()._detect() @@ -102,10 +105,11 @@ Bob uses the re-entrancy bug to call `withdrawBalance` two times, and withdraw m result_sorted = sorted(list(reentrancies.items()), key=lambda x: x[0].function.name) varsWritten: List[FindingValue] - for (func, calls, send_eth), varsWritten in result_sorted: + varsWrittenSet: Set[FindingValue] + for (func, calls, send_eth), varsWrittenSet in result_sorted: calls = sorted(list(set(calls)), key=lambda x: x[0].node_id) send_eth = sorted(list(set(send_eth)), key=lambda x: x[0].node_id) - varsWritten = sorted(varsWritten, key=lambda x: (x.variable.name, x.node.node_id)) + varsWritten = sorted(varsWrittenSet, key=lambda x: (x.variable.name, x.node.node_id)) info = ["Reentrancy in ", func, ":\n"] info += ["\tExternal calls:\n"] @@ -127,6 +131,10 @@ Bob uses the re-entrancy bug to call `withdrawBalance` two times, and withdraw m for other_node in finding_value.nodes: if other_node != finding_value.node: info += ["\t\t- ", other_node, "\n"] + if finding_value.cross_functions: + info += ["\t", finding_value.variable," can be used in cross function reentrancies:\n"] + for cross in finding_value.cross_functions: + info += ["\t- ", cross, "\n"] # Create our JSON result res = self.generate_result(info) diff --git a/slither/detectors/reentrancy/reentrancy_read_before_write.py b/slither/detectors/reentrancy/reentrancy_read_before_write.py index 83cff9478..3b90437d5 100644 --- a/slither/detectors/reentrancy/reentrancy_read_before_write.py +++ b/slither/detectors/reentrancy/reentrancy_read_before_write.py @@ -5,12 +5,14 @@ Iterate over all the nodes of the graph until reaching a fixpoint """ from collections import namedtuple, defaultdict +from typing import Dict, Set, List from slither.detectors.abstract_detector import DetectorClassification from .reentrancy import Reentrancy, to_hashable +from ...utils.output import Output FindingKey = namedtuple("FindingKey", ["function", "calls"]) -FindingValue = namedtuple("FindingValue", ["variable", "node", "nodes"]) +FindingValue = namedtuple("FindingValue", ["variable", "node", "nodes", "cross_functions"]) class ReentrancyReadBeforeWritten(Reentrancy): @@ -49,9 +51,10 @@ Do not report reentrancies that involve Ether (see `reentrancy-eth`).""" STANDARD_JSON = False - def find_reentrancies(self): - result = defaultdict(set) + def find_reentrancies(self) -> Dict[FindingKey, Set[FindingValue]]: + result: Dict[FindingKey, Set[FindingValue]] = defaultdict(set) for contract in self.contracts: # pylint: disable=too-many-nested-blocks + variables_used_in_reentrancy = contract.state_variables_used_in_reentrant_targets for f in contract.functions_and_modifiers_declared: for node in f.nodes: # dead code @@ -67,12 +70,13 @@ Do not report reentrancies that involve Ether (see `reentrancy-eth`).""" v, node, tuple(sorted(nodes, key=lambda x: x.node_id)), + tuple(variables_used_in_reentrancy[v]) ) for (v, nodes) in node.context[self.KEY].written.items() if v in node.context[self.KEY].reads_prior_calls[c] and ( f.is_reentrant - or v in contract.state_variables_written_in_reentrant_targets + or v in variables_used_in_reentrancy ) } @@ -86,7 +90,7 @@ Do not report reentrancies that involve Ether (see `reentrancy-eth`).""" result[finding_key] |= read_then_written return result - def _detect(self): # pylint: disable=too-many-branches + def _detect(self) -> List[Output]: # pylint: disable=too-many-branches """""" super()._detect() @@ -95,9 +99,11 @@ Do not report reentrancies that involve Ether (see `reentrancy-eth`).""" results = [] result_sorted = sorted(list(reentrancies.items()), key=lambda x: x[0].function.name) - for (func, calls), varsWritten in result_sorted: + varsWritten: List[FindingValue] + varsWrittenSet: Set[FindingValue] + for (func, calls), varsWrittenSet in result_sorted: calls = sorted(list(set(calls)), key=lambda x: x[0].node_id) - varsWritten = sorted(varsWritten, key=lambda x: (x.variable.name, x.node.node_id)) + varsWritten = sorted(varsWrittenSet, key=lambda x: (x.variable.name, x.node.node_id)) info = ["Reentrancy in ", func, ":\n"] @@ -113,6 +119,10 @@ Do not report reentrancies that involve Ether (see `reentrancy-eth`).""" for other_node in finding_value.nodes: if other_node != finding_value.node: info += ["\t\t- ", other_node, "\n"] + if finding_value.cross_functions: + info += ["\t", finding_value.variable," can be used in cross function reentrancies:\n"] + for cross in finding_value.cross_functions: + info += ["\t- ", cross, "\n"] # Create our JSON result res = self.generate_result(info) diff --git a/tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol b/tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol index 41d3e4fa1..938738217 100644 --- a/tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol +++ b/tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol @@ -105,4 +105,47 @@ contract TestWithoutBugInternal{ Receiver(msg.sender).send_funds{value: amount}(); } -} \ No newline at end of file +} + +contract TestBugWithPublicVariable{ + + mapping(address => uint) public balances; + + modifier nonReentrant(){ + _; + } + + function withdraw(uint amount) nonReentrant public{ + withdraw_internal(amount); + } + + function withdraw_internal(uint amount) internal{ + require(amount <= balances[msg.sender]); + Receiver(msg.sender).send_funds{value: amount}(); + balances[msg.sender] -= amount; + } + +} + +contract TestWithBugNonReentrantRead{ + + mapping(address => uint) balances; + + modifier nonReentrant(){ + _; + } + + function withdraw(uint amount) nonReentrant public{ + require(amount <= balances[msg.sender]); + Receiver(msg.sender).send_funds{value: amount}(); + balances[msg.sender] -= amount; + } + + // Simulate a reentrancy that allows to read variable in a potential incorrect state during a reentrancy + // This is more likely to impact protocol like reentrancy + function read() public returns(uint){ + uint amount = balances[msg.sender]; + return amount; + } + +} diff --git a/tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol.0.8.10.ReentrancyEth.json b/tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol.0.8.10.ReentrancyEth.json index 72dd19c48..9f1dbed3e 100644 --- a/tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol.0.8.10.ReentrancyEth.json +++ b/tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol.0.8.10.ReentrancyEth.json @@ -6,18 +6,18 @@ "type": "function", "name": "withdraw", "source_mapping": { - "start": 181, + "start": 3089, "length": 207, "filename_relative": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol", "is_dependency": false, "lines": [ - 13, - 14, - 15, - 16, - 17 + 138, + 139, + 140, + 141, + 142 ], "starting_column": 5, "ending_column": 6 @@ -25,36 +25,37 @@ "type_specific_fields": { "parent": { "type": "contract", - "name": "TestWithBug", + "name": "TestWithBugNonReentrantRead", "source_mapping": { - "start": 67, - "length": 506, + "start": 2959, + "length": 629, "filename_relative": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol", "is_dependency": false, "lines": [ - 5, - 6, - 7, - 8, - 9, - 10, - 11, - 12, - 13, - 14, - 15, - 16, - 17, - 18, - 19, - 20, - 21, - 22, - 23, - 24, - 25 + 130, + 131, + 132, + 133, + 134, + 135, + 136, + 137, + 138, + 139, + 140, + 141, + 142, + 143, + 144, + 145, + 146, + 147, + 148, + 149, + 150, + 151 ], "starting_column": 1, "ending_column": 2 @@ -67,14 +68,14 @@ "type": "node", "name": "Receiver(msg.sender).send_funds{value: amount}()", "source_mapping": { - "start": 292, + "start": 3200, "length": 48, "filename_relative": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol", "is_dependency": false, "lines": [ - 15 + 140 ], "starting_column": 10, "ending_column": 58 @@ -84,18 +85,18 @@ "type": "function", "name": "withdraw", "source_mapping": { - "start": 181, + "start": 3089, "length": 207, "filename_relative": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol", "is_dependency": false, "lines": [ - 13, - 14, - 15, - 16, - 17 + 138, + 139, + 140, + 141, + 142 ], "starting_column": 5, "ending_column": 6 @@ -103,36 +104,37 @@ "type_specific_fields": { "parent": { "type": "contract", - "name": "TestWithBug", + "name": "TestWithBugNonReentrantRead", "source_mapping": { - "start": 67, - "length": 506, + "start": 2959, + "length": 629, "filename_relative": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol", "is_dependency": false, "lines": [ - 5, - 6, - 7, - 8, - 9, - 10, - 11, - 12, - 13, - 14, - 15, - 16, - 17, - 18, - 19, - 20, - 21, - 22, - 23, - 24, - 25 + 130, + 131, + 132, + 133, + 134, + 135, + 136, + 137, + 138, + 139, + 140, + 141, + 142, + 143, + 144, + 145, + 146, + 147, + 148, + 149, + 150, + 151 ], "starting_column": 1, "ending_column": 2 @@ -150,14 +152,14 @@ "type": "node", "name": "balances[msg.sender] -= amount", "source_mapping": { - "start": 351, + "start": 3259, "length": 30, "filename_relative": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol", "is_dependency": false, "lines": [ - 16 + 141 ], "starting_column": 10, "ending_column": 40 @@ -167,18 +169,18 @@ "type": "function", "name": "withdraw", "source_mapping": { - "start": 181, + "start": 3089, "length": 207, "filename_relative": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol", "is_dependency": false, "lines": [ - 13, - 14, - 15, - 16, - 17 + 138, + 139, + 140, + 141, + 142 ], "starting_column": 5, "ending_column": 6 @@ -186,36 +188,37 @@ "type_specific_fields": { "parent": { "type": "contract", - "name": "TestWithBug", + "name": "TestWithBugNonReentrantRead", "source_mapping": { - "start": 67, - "length": 506, + "start": 2959, + "length": 629, "filename_relative": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol", "is_dependency": false, "lines": [ - 5, - 6, - 7, - 8, - 9, - 10, - 11, - 12, - 13, - 14, - 15, - 16, - 17, - 18, - 19, - 20, - 21, - 22, - 23, - 24, - 25 + 130, + 131, + 132, + 133, + 134, + 135, + 136, + 137, + 138, + 139, + 140, + 141, + 142, + 143, + 144, + 145, + 146, + 147, + 148, + 149, + 150, + 151 ], "starting_column": 1, "ending_column": 2 @@ -231,10 +234,10 @@ } } ], - "description": "Reentrancy in TestWithBug.withdraw(uint256) (tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#13-17):\n\tExternal calls:\n\t- Receiver(msg.sender).send_funds{value: amount}() (tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#15)\n\tState variables written after the call(s):\n\t- balances[msg.sender] -= amount (tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#16)\n", - "markdown": "Reentrancy in [TestWithBug.withdraw(uint256)](tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#L13-L17):\n\tExternal calls:\n\t- [Receiver(msg.sender).send_funds{value: amount}()](tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#L15)\n\tState variables written after the call(s):\n\t- [balances[msg.sender] -= amount](tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#L16)\n", - "first_markdown_element": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#L13-L17", - "id": "746b848eb5d1102128ce24fa085ea13e78073daa2e2934383a204dfdcf8f02c0", + "description": "Reentrancy in TestWithBugNonReentrantRead.withdraw(uint256) (tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#138-142):\n\tExternal calls:\n\t- Receiver(msg.sender).send_funds{value: amount}() (tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#140)\n\tState variables written after the call(s):\n\t- balances[msg.sender] -= amount (tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#141)\n\tTestWithBugNonReentrantRead.balances (tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#132) can be used in cross function reentrancies:\n\t- TestWithBugNonReentrantRead.read() (tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#146-149)\n", + "markdown": "Reentrancy in [TestWithBugNonReentrantRead.withdraw(uint256)](tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#L138-L142):\n\tExternal calls:\n\t- [Receiver(msg.sender).send_funds{value: amount}()](tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#L140)\n\tState variables written after the call(s):\n\t- [balances[msg.sender] -= amount](tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#L141)\n\t[TestWithBugNonReentrantRead.balances](tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#L132) can be used in cross function reentrancies:\n\t- [TestWithBugNonReentrantRead.read()](tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#L146-L149)\n", + "first_markdown_element": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#L138-L142", + "id": "0b2149d8ea8554c24092bad5ce3061d661d4f0447d5d96716893538474bca40f", "check": "reentrancy-eth", "impact": "High", "confidence": "Medium" @@ -494,10 +497,482 @@ } } ], - "description": "Reentrancy in TestWithBugInternal.withdraw_internal(uint256) (tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#62-66):\n\tExternal calls:\n\t- Receiver(msg.sender).send_funds{value: amount}() (tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#64)\n\tState variables written after the call(s):\n\t- balances[msg.sender] -= amount (tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#65)\n", - "markdown": "Reentrancy in [TestWithBugInternal.withdraw_internal(uint256)](tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#L62-L66):\n\tExternal calls:\n\t- [Receiver(msg.sender).send_funds{value: amount}()](tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#L64)\n\tState variables written after the call(s):\n\t- [balances[msg.sender] -= amount](tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#L65)\n", + "description": "Reentrancy in TestWithBugInternal.withdraw_internal(uint256) (tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#62-66):\n\tExternal calls:\n\t- Receiver(msg.sender).send_funds{value: amount}() (tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#64)\n\tState variables written after the call(s):\n\t- balances[msg.sender] -= amount (tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#65)\n\tTestWithBugInternal.balances (tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#52) can be used in cross function reentrancies:\n\t- TestWithBugInternal.withdraw_all_internal() (tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#72-76)\n", + "markdown": "Reentrancy in [TestWithBugInternal.withdraw_internal(uint256)](tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#L62-L66):\n\tExternal calls:\n\t- [Receiver(msg.sender).send_funds{value: amount}()](tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#L64)\n\tState variables written after the call(s):\n\t- [balances[msg.sender] -= amount](tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#L65)\n\t[TestWithBugInternal.balances](tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#L52) can be used in cross function reentrancies:\n\t- [TestWithBugInternal.withdraw_all_internal()](tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#L72-L76)\n", "first_markdown_element": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#L62-L66", - "id": "d0680f2465dbe3b98cba27b175607d789949a9d1a1b686bd373b584caf3a0913", + "id": "7d618f027540d61d9af79a3a9475677476d1c4d7ad1be68ff8026f6c0d4cdc82", + "check": "reentrancy-eth", + "impact": "High", + "confidence": "Medium" + }, + { + "elements": [ + { + "type": "function", + "name": "withdraw_internal", + "source_mapping": { + "start": 2749, + "length": 205, + "filename_relative": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol", + "is_dependency": false, + "lines": [ + 122, + 123, + 124, + 125, + 126 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "TestBugWithPublicVariable", + "source_mapping": { + "start": 2516, + "length": 441, + "filename_relative": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol", + "is_dependency": false, + "lines": [ + 110, + 111, + 112, + 113, + 114, + 115, + 116, + 117, + 118, + 119, + 120, + 121, + 122, + 123, + 124, + 125, + 126, + 127, + 128 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "withdraw_internal(uint256)" + } + }, + { + "type": "node", + "name": "Receiver(msg.sender).send_funds{value: amount}()", + "source_mapping": { + "start": 2858, + "length": 48, + "filename_relative": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol", + "is_dependency": false, + "lines": [ + 124 + ], + "starting_column": 10, + "ending_column": 58 + }, + "type_specific_fields": { + "parent": { + "type": "function", + "name": "withdraw_internal", + "source_mapping": { + "start": 2749, + "length": 205, + "filename_relative": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol", + "is_dependency": false, + "lines": [ + 122, + 123, + 124, + 125, + 126 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "TestBugWithPublicVariable", + "source_mapping": { + "start": 2516, + "length": 441, + "filename_relative": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol", + "is_dependency": false, + "lines": [ + 110, + 111, + 112, + 113, + 114, + 115, + 116, + 117, + 118, + 119, + 120, + 121, + 122, + 123, + 124, + 125, + 126, + 127, + 128 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "withdraw_internal(uint256)" + } + } + }, + "additional_fields": { + "underlying_type": "external_calls" + } + }, + { + "type": "node", + "name": "balances[msg.sender] -= amount", + "source_mapping": { + "start": 2917, + "length": 30, + "filename_relative": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol", + "is_dependency": false, + "lines": [ + 125 + ], + "starting_column": 10, + "ending_column": 40 + }, + "type_specific_fields": { + "parent": { + "type": "function", + "name": "withdraw_internal", + "source_mapping": { + "start": 2749, + "length": 205, + "filename_relative": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol", + "is_dependency": false, + "lines": [ + 122, + 123, + 124, + 125, + 126 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "TestBugWithPublicVariable", + "source_mapping": { + "start": 2516, + "length": 441, + "filename_relative": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol", + "is_dependency": false, + "lines": [ + 110, + 111, + 112, + 113, + 114, + 115, + 116, + 117, + 118, + 119, + 120, + 121, + 122, + 123, + 124, + 125, + 126, + 127, + 128 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "withdraw_internal(uint256)" + } + } + }, + "additional_fields": { + "underlying_type": "variables_written", + "variable_name": "balances" + } + } + ], + "description": "Reentrancy in TestBugWithPublicVariable.withdraw_internal(uint256) (tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#122-126):\n\tExternal calls:\n\t- Receiver(msg.sender).send_funds{value: amount}() (tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#124)\n\tState variables written after the call(s):\n\t- balances[msg.sender] -= amount (tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#125)\n\tTestBugWithPublicVariable.balances (tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#112) can be used in cross function reentrancies:\n\t- TestBugWithPublicVariable.balances (tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#112)\n", + "markdown": "Reentrancy in [TestBugWithPublicVariable.withdraw_internal(uint256)](tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#L122-L126):\n\tExternal calls:\n\t- [Receiver(msg.sender).send_funds{value: amount}()](tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#L124)\n\tState variables written after the call(s):\n\t- [balances[msg.sender] -= amount](tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#L125)\n\t[TestBugWithPublicVariable.balances](tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#L112) can be used in cross function reentrancies:\n\t- [TestBugWithPublicVariable.balances](tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#L112)\n", + "first_markdown_element": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#L122-L126", + "id": "a3e52c882aa9fb88119aa3507f4158436bfe3f1abee0828665afa41213587097", + "check": "reentrancy-eth", + "impact": "High", + "confidence": "Medium" + }, + { + "elements": [ + { + "type": "function", + "name": "withdraw", + "source_mapping": { + "start": 181, + "length": 207, + "filename_relative": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol", + "is_dependency": false, + "lines": [ + 13, + 14, + 15, + 16, + 17 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "TestWithBug", + "source_mapping": { + "start": 67, + "length": 506, + "filename_relative": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol", + "is_dependency": false, + "lines": [ + 5, + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24, + 25 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "withdraw(uint256)" + } + }, + { + "type": "node", + "name": "Receiver(msg.sender).send_funds{value: amount}()", + "source_mapping": { + "start": 292, + "length": 48, + "filename_relative": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol", + "is_dependency": false, + "lines": [ + 15 + ], + "starting_column": 10, + "ending_column": 58 + }, + "type_specific_fields": { + "parent": { + "type": "function", + "name": "withdraw", + "source_mapping": { + "start": 181, + "length": 207, + "filename_relative": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol", + "is_dependency": false, + "lines": [ + 13, + 14, + 15, + 16, + 17 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "TestWithBug", + "source_mapping": { + "start": 67, + "length": 506, + "filename_relative": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol", + "is_dependency": false, + "lines": [ + 5, + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24, + 25 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "withdraw(uint256)" + } + } + }, + "additional_fields": { + "underlying_type": "external_calls" + } + }, + { + "type": "node", + "name": "balances[msg.sender] -= amount", + "source_mapping": { + "start": 351, + "length": 30, + "filename_relative": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol", + "is_dependency": false, + "lines": [ + 16 + ], + "starting_column": 10, + "ending_column": 40 + }, + "type_specific_fields": { + "parent": { + "type": "function", + "name": "withdraw", + "source_mapping": { + "start": 181, + "length": 207, + "filename_relative": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol", + "is_dependency": false, + "lines": [ + 13, + 14, + 15, + 16, + 17 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "TestWithBug", + "source_mapping": { + "start": 67, + "length": 506, + "filename_relative": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol", + "is_dependency": false, + "lines": [ + 5, + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24, + 25 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "withdraw(uint256)" + } + } + }, + "additional_fields": { + "underlying_type": "variables_written", + "variable_name": "balances" + } + } + ], + "description": "Reentrancy in TestWithBug.withdraw(uint256) (tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#13-17):\n\tExternal calls:\n\t- Receiver(msg.sender).send_funds{value: amount}() (tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#15)\n\tState variables written after the call(s):\n\t- balances[msg.sender] -= amount (tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#16)\n\tTestWithBug.balances (tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#7) can be used in cross function reentrancies:\n\t- TestWithBug.withdraw_all() (tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#19-23)\n", + "markdown": "Reentrancy in [TestWithBug.withdraw(uint256)](tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#L13-L17):\n\tExternal calls:\n\t- [Receiver(msg.sender).send_funds{value: amount}()](tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#L15)\n\tState variables written after the call(s):\n\t- [balances[msg.sender] -= amount](tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#L16)\n\t[TestWithBug.balances](tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#L7) can be used in cross function reentrancies:\n\t- [TestWithBug.withdraw_all()](tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#L19-L23)\n", + "first_markdown_element": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#L13-L17", + "id": "bcfa65e776908d618f202fa48f03dde3fbf8397b752d2e8cc3c8e46019e9e174", "check": "reentrancy-eth", "impact": "High", "confidence": "Medium" From a000d337bf36d388b026cf9f1a5667851bd3488b Mon Sep 17 00:00:00 2001 From: Josselin Feist Date: Thu, 18 Aug 2022 14:54:54 +0200 Subject: [PATCH 5/9] Black & pylint --- slither/core/declarations/contract.py | 13 ++++++++++--- slither/detectors/reentrancy/reentrancy_eth.py | 13 +++++++------ .../reentrancy/reentrancy_read_before_write.py | 13 +++++++------ 3 files changed, 24 insertions(+), 15 deletions(-) diff --git a/slither/core/declarations/contract.py b/slither/core/declarations/contract.py index 94c72786b..fc656b855 100644 --- a/slither/core/declarations/contract.py +++ b/slither/core/declarations/contract.py @@ -102,7 +102,9 @@ class Contract(SourceMapping): # pylint: disable=too-many-public-methods self.file_scope: "FileScope" = scope # memoize - self._state_variables_used_in_reentrant_targets: Optional[Dict["StateVariable", Set[Union["StateVariable", "Function"]]]]= None + self._state_variables_used_in_reentrant_targets: Optional[ + Dict["StateVariable", Set[Union["StateVariable", "Function"]]] + ] = None ################################################################################### ################################################################################### @@ -354,7 +356,9 @@ class Contract(SourceMapping): # pylint: disable=too-many-public-methods return list(set(slithir_variables)) @property - def state_variables_used_in_reentrant_targets(self) -> Dict["StateVariable", Set[Union["StateVariable", "Function"]]]: + def state_variables_used_in_reentrant_targets( + self, + ) -> Dict["StateVariable", Set[Union["StateVariable", "Function"]]]: """ Returns the state variables used in reentrant targets. Heuristics: - Variable used (read/write) in entry points that are reentrant @@ -362,9 +366,12 @@ class Contract(SourceMapping): # pylint: disable=too-many-public-methods """ from slither.core.variables.state_variable import StateVariable + if self._state_variables_used_in_reentrant_targets is None: reentrant_functions = [f for f in self.functions_entry_points if f.is_reentrant] - variables_used: Dict[StateVariable, Set[Union[StateVariable, "Function"]]] = defaultdict(set) + variables_used: Dict[ + StateVariable, Set[Union[StateVariable, "Function"]] + ] = defaultdict(set) for function in reentrant_functions: for ir in function.all_slithir_operations(): state_variables = [v for v in ir.used if isinstance(v, StateVariable)] diff --git a/slither/detectors/reentrancy/reentrancy_eth.py b/slither/detectors/reentrancy/reentrancy_eth.py index b8ae6afbc..c5183e82f 100644 --- a/slither/detectors/reentrancy/reentrancy_eth.py +++ b/slither/detectors/reentrancy/reentrancy_eth.py @@ -74,14 +74,11 @@ Bob uses the re-entrancy bug to call `withdrawBalance` two times, and withdraw m v, node, tuple(sorted(nodes, key=lambda x: x.node_id)), - tuple(variables_used_in_reentrancy[v]) + tuple(variables_used_in_reentrancy[v]), ) for (v, nodes) in node.context[self.KEY].written.items() if v in node.context[self.KEY].reads_prior_calls[c] - and ( - f.is_reentrant - or v in variables_used_in_reentrancy - ) + and (f.is_reentrant or v in variables_used_in_reentrancy) } if read_then_written: @@ -132,7 +129,11 @@ Bob uses the re-entrancy bug to call `withdrawBalance` two times, and withdraw m if other_node != finding_value.node: info += ["\t\t- ", other_node, "\n"] if finding_value.cross_functions: - info += ["\t", finding_value.variable," can be used in cross function reentrancies:\n"] + info += [ + "\t", + finding_value.variable, + " can be used in cross function reentrancies:\n", + ] for cross in finding_value.cross_functions: info += ["\t- ", cross, "\n"] diff --git a/slither/detectors/reentrancy/reentrancy_read_before_write.py b/slither/detectors/reentrancy/reentrancy_read_before_write.py index 3b90437d5..fff022d5e 100644 --- a/slither/detectors/reentrancy/reentrancy_read_before_write.py +++ b/slither/detectors/reentrancy/reentrancy_read_before_write.py @@ -70,14 +70,11 @@ Do not report reentrancies that involve Ether (see `reentrancy-eth`).""" v, node, tuple(sorted(nodes, key=lambda x: x.node_id)), - tuple(variables_used_in_reentrancy[v]) + tuple(variables_used_in_reentrancy[v]), ) for (v, nodes) in node.context[self.KEY].written.items() if v in node.context[self.KEY].reads_prior_calls[c] - and ( - f.is_reentrant - or v in variables_used_in_reentrancy - ) + and (f.is_reentrant or v in variables_used_in_reentrancy) } # We found a potential re-entrancy bug @@ -120,7 +117,11 @@ Do not report reentrancies that involve Ether (see `reentrancy-eth`).""" if other_node != finding_value.node: info += ["\t\t- ", other_node, "\n"] if finding_value.cross_functions: - info += ["\t", finding_value.variable," can be used in cross function reentrancies:\n"] + info += [ + "\t", + finding_value.variable, + " can be used in cross function reentrancies:\n", + ] for cross in finding_value.cross_functions: info += ["\t- ", cross, "\n"] From b6c95e6db9e501d625d88f3e17d4905be5a78f78 Mon Sep 17 00:00:00 2001 From: Josselin Feist Date: Thu, 18 Aug 2022 15:08:21 +0200 Subject: [PATCH 6/9] Minor --- slither/detectors/reentrancy/reentrancy_read_before_write.py | 1 + 1 file changed, 1 insertion(+) diff --git a/slither/detectors/reentrancy/reentrancy_read_before_write.py b/slither/detectors/reentrancy/reentrancy_read_before_write.py index fff022d5e..d4322e824 100644 --- a/slither/detectors/reentrancy/reentrancy_read_before_write.py +++ b/slither/detectors/reentrancy/reentrancy_read_before_write.py @@ -51,6 +51,7 @@ Do not report reentrancies that involve Ether (see `reentrancy-eth`).""" STANDARD_JSON = False + # pylint: disable=too-many-locals def find_reentrancies(self) -> Dict[FindingKey, Set[FindingValue]]: result: Dict[FindingKey, Set[FindingValue]] = defaultdict(set) for contract in self.contracts: # pylint: disable=too-many-nested-blocks From be82a1fe16df249330fbf73e356093d8643c73b2 Mon Sep 17 00:00:00 2001 From: Josselin Feist Date: Thu, 18 Aug 2022 16:08:07 +0200 Subject: [PATCH 7/9] Multiple improvements --- slither/core/declarations/contract.py | 2 +- .../0.4.25/DAO.sol.0.4.25.ReentrancyEth.json | 1782 +-- .../reentrancy.sol.0.4.25.ReentrancyEth.json | 190 +- ...ncy_indirect.sol.0.4.25.ReentrancyEth.json | 6 +- .../reentrancy.sol.0.5.16.ReentrancyEth.json | 12 +- ...ncy_indirect.sol.0.5.16.ReentrancyEth.json | 6 +- .../reentrancy.sol.0.6.11.ReentrancyEth.json | 222 +- ...ncy_indirect.sol.0.6.11.ReentrancyEth.json | 6 +- .../reentrancy.sol.0.7.6.ReentrancyEth.json | 222 +- ...ancy_indirect.sol.0.7.6.ReentrancyEth.json | 6 +- ...ol.0.4.25.ReentrancyReadBeforeWritten.json | 12410 ++++++++-------- ...ol.0.4.25.ReentrancyReadBeforeWritten.json | 12 +- ...ol.0.5.16.ReentrancyReadBeforeWritten.json | 12 +- ...ol.0.6.11.ReentrancyReadBeforeWritten.json | 352 +- ...sol.0.7.6.ReentrancyReadBeforeWritten.json | 352 +- 15 files changed, 7796 insertions(+), 7796 deletions(-) diff --git a/slither/core/declarations/contract.py b/slither/core/declarations/contract.py index fc656b855..2e02dbf51 100644 --- a/slither/core/declarations/contract.py +++ b/slither/core/declarations/contract.py @@ -376,7 +376,7 @@ class Contract(SourceMapping): # pylint: disable=too-many-public-methods for ir in function.all_slithir_operations(): state_variables = [v for v in ir.used if isinstance(v, StateVariable)] for state_variable in state_variables: - variables_used[state_variable].add(ir.function) + variables_used[state_variable].add(ir.node.function) for variable in [v for v in self.state_variables if v.visibility == "public"]: variables_used[variable].add(variable) self._state_variables_used_in_reentrant_targets = variables_used diff --git a/tests/detectors/reentrancy-eth/0.4.25/DAO.sol.0.4.25.ReentrancyEth.json b/tests/detectors/reentrancy-eth/0.4.25/DAO.sol.0.4.25.ReentrancyEth.json index b0b67ae49..6960696cd 100644 --- a/tests/detectors/reentrancy-eth/0.4.25/DAO.sol.0.4.25.ReentrancyEth.json +++ b/tests/detectors/reentrancy-eth/0.4.25/DAO.sol.0.4.25.ReentrancyEth.json @@ -4,30 +4,100 @@ "elements": [ { "type": "function", - "name": "refund", + "name": "executeProposal", "source_mapping": { - "start": 11531, - "length": 635, + "start": 32955, + "length": 2978, "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 318, - 319, - 320, - 321, - 322, - 323, - 324, - 325, - 326, - 327, - 328, - 329, - 330, - 331, - 332 + 853, + 854, + 855, + 856, + 857, + 858, + 859, + 860, + 861, + 862, + 863, + 864, + 865, + 866, + 867, + 868, + 869, + 870, + 871, + 872, + 873, + 874, + 875, + 876, + 877, + 878, + 879, + 880, + 881, + 882, + 883, + 884, + 885, + 886, + 887, + 888, + 889, + 890, + 891, + 892, + 893, + 894, + 895, + 896, + 897, + 898, + 899, + 900, + 901, + 902, + 903, + 904, + 905, + 906, + 907, + 908, + 909, + 910, + 911, + 912, + 913, + 914, + 915, + 916, + 917, + 918, + 919, + 920, + 921, + 922, + 923, + 924, + 925, + 926, + 927, + 928, + 929, + 930, + 931, + 932, + 933, + 934, + 935, + 936, + 937 ], "starting_column": 5, "ending_column": 6 @@ -35,874 +105,10 @@ "type_specific_fields": { "parent": { "type": "contract", - "name": "TokenCreation", - "source_mapping": { - "start": 10437, - "length": 2342, - "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 287, - 288, - 289, - 290, - 291, - 292, - 293, - 294, - 295, - 296, - 297, - 298, - 299, - 300, - 301, - 302, - 303, - 304, - 305, - 306, - 307, - 308, - 309, - 310, - 311, - 312, - 313, - 314, - 315, - 316, - 317, - 318, - 319, - 320, - 321, - 322, - 323, - 324, - 325, - 326, - 327, - 328, - 329, - 330, - 331, - 332, - 333, - 334, - 335, - 336, - 337, - 338, - 339, - 340, - 341, - 342, - 343, - 344, - 345, - 346, - 347, - 348 - ], - "starting_column": 1, - "ending_column": 2 - } - }, - "signature": "refund()" - } - }, - { - "type": "node", - "name": "extraBalance.balance >= extraBalance.accumulatedInput()", - "source_mapping": { - "start": 11704, - "length": 55, - "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 321 - ], - "starting_column": 17, - "ending_column": 72 - }, - "type_specific_fields": { - "parent": { - "type": "function", - "name": "refund", + "name": "DAO", "source_mapping": { - "start": 11531, - "length": 635, - "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 318, - 319, - 320, - 321, - 322, - 323, - 324, - 325, - 326, - 327, - 328, - 329, - 330, - 331, - 332 - ], - "starting_column": 5, - "ending_column": 6 - }, - "type_specific_fields": { - "parent": { - "type": "contract", - "name": "TokenCreation", - "source_mapping": { - "start": 10437, - "length": 2342, - "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 287, - 288, - 289, - 290, - 291, - 292, - 293, - 294, - 295, - 296, - 297, - 298, - 299, - 300, - 301, - 302, - 303, - 304, - 305, - 306, - 307, - 308, - 309, - 310, - 311, - 312, - 313, - 314, - 315, - 316, - 317, - 318, - 319, - 320, - 321, - 322, - 323, - 324, - 325, - 326, - 327, - 328, - 329, - 330, - 331, - 332, - 333, - 334, - 335, - 336, - 337, - 338, - 339, - 340, - 341, - 342, - 343, - 344, - 345, - 346, - 347, - 348 - ], - "starting_column": 1, - "ending_column": 2 - } - }, - "signature": "refund()" - } - } - }, - "additional_fields": { - "underlying_type": "external_calls" - } - }, - { - "type": "node", - "name": "extraBalance.payOut(address(this),extraBalance.accumulatedInput())", - "source_mapping": { - "start": 11777, - "length": 67, - "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 322 - ], - "starting_column": 17, - "ending_column": 84 - }, - "type_specific_fields": { - "parent": { - "type": "function", - "name": "refund", - "source_mapping": { - "start": 11531, - "length": 635, - "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 318, - 319, - 320, - 321, - 322, - 323, - 324, - 325, - 326, - 327, - 328, - 329, - 330, - 331, - 332 - ], - "starting_column": 5, - "ending_column": 6 - }, - "type_specific_fields": { - "parent": { - "type": "contract", - "name": "TokenCreation", - "source_mapping": { - "start": 10437, - "length": 2342, - "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 287, - 288, - 289, - 290, - 291, - 292, - 293, - 294, - 295, - 296, - 297, - 298, - 299, - 300, - 301, - 302, - 303, - 304, - 305, - 306, - 307, - 308, - 309, - 310, - 311, - 312, - 313, - 314, - 315, - 316, - 317, - 318, - 319, - 320, - 321, - 322, - 323, - 324, - 325, - 326, - 327, - 328, - 329, - 330, - 331, - 332, - 333, - 334, - 335, - 336, - 337, - 338, - 339, - 340, - 341, - 342, - 343, - 344, - 345, - 346, - 347, - 348 - ], - "starting_column": 1, - "ending_column": 2 - } - }, - "signature": "refund()" - } - } - }, - "additional_fields": { - "underlying_type": "external_calls" - } - }, - { - "type": "node", - "name": "msg.sender.call.value(weiGiven[msg.sender])()", - "source_mapping": { - "start": 11893, - "length": 45, - "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 325 - ], - "starting_column": 17, - "ending_column": 62 - }, - "type_specific_fields": { - "parent": { - "type": "function", - "name": "refund", - "source_mapping": { - "start": 11531, - "length": 635, - "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 318, - 319, - 320, - 321, - 322, - 323, - 324, - 325, - 326, - 327, - 328, - 329, - 330, - 331, - 332 - ], - "starting_column": 5, - "ending_column": 6 - }, - "type_specific_fields": { - "parent": { - "type": "contract", - "name": "TokenCreation", - "source_mapping": { - "start": 10437, - "length": 2342, - "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 287, - 288, - 289, - 290, - 291, - 292, - 293, - 294, - 295, - 296, - 297, - 298, - 299, - 300, - 301, - 302, - 303, - 304, - 305, - 306, - 307, - 308, - 309, - 310, - 311, - 312, - 313, - 314, - 315, - 316, - 317, - 318, - 319, - 320, - 321, - 322, - 323, - 324, - 325, - 326, - 327, - 328, - 329, - 330, - 331, - 332, - 333, - 334, - 335, - 336, - 337, - 338, - 339, - 340, - 341, - 342, - 343, - 344, - 345, - 346, - 347, - 348 - ], - "starting_column": 1, - "ending_column": 2 - } - }, - "signature": "refund()" - } - } - }, - "additional_fields": { - "underlying_type": "external_calls" - } - }, - { - "type": "node", - "name": "msg.sender.call.value(weiGiven[msg.sender])()", - "source_mapping": { - "start": 11893, - "length": 45, - "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 325 - ], - "starting_column": 17, - "ending_column": 62 - }, - "type_specific_fields": { - "parent": { - "type": "function", - "name": "refund", - "source_mapping": { - "start": 11531, - "length": 635, - "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 318, - 319, - 320, - 321, - 322, - 323, - 324, - 325, - 326, - 327, - 328, - 329, - 330, - 331, - 332 - ], - "starting_column": 5, - "ending_column": 6 - }, - "type_specific_fields": { - "parent": { - "type": "contract", - "name": "TokenCreation", - "source_mapping": { - "start": 10437, - "length": 2342, - "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 287, - 288, - 289, - 290, - 291, - 292, - 293, - 294, - 295, - 296, - 297, - 298, - 299, - 300, - 301, - 302, - 303, - 304, - 305, - 306, - 307, - 308, - 309, - 310, - 311, - 312, - 313, - 314, - 315, - 316, - 317, - 318, - 319, - 320, - 321, - 322, - 323, - 324, - 325, - 326, - 327, - 328, - 329, - 330, - 331, - 332, - 333, - 334, - 335, - 336, - 337, - 338, - 339, - 340, - 341, - 342, - 343, - 344, - 345, - 346, - 347, - 348 - ], - "starting_column": 1, - "ending_column": 2 - } - }, - "signature": "refund()" - } - } - }, - "additional_fields": { - "underlying_type": "external_calls_sending_eth" - } - }, - { - "type": "node", - "name": "weiGiven[msg.sender] = 0", - "source_mapping": { - "start": 12111, - "length": 24, - "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 329 - ], - "starting_column": 17, - "ending_column": 41 - }, - "type_specific_fields": { - "parent": { - "type": "function", - "name": "refund", - "source_mapping": { - "start": 11531, - "length": 635, - "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 318, - 319, - 320, - 321, - 322, - 323, - 324, - 325, - 326, - 327, - 328, - 329, - 330, - 331, - 332 - ], - "starting_column": 5, - "ending_column": 6 - }, - "type_specific_fields": { - "parent": { - "type": "contract", - "name": "TokenCreation", - "source_mapping": { - "start": 10437, - "length": 2342, - "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 287, - 288, - 289, - 290, - 291, - 292, - 293, - 294, - 295, - 296, - 297, - 298, - 299, - 300, - 301, - 302, - 303, - 304, - 305, - 306, - 307, - 308, - 309, - 310, - 311, - 312, - 313, - 314, - 315, - 316, - 317, - 318, - 319, - 320, - 321, - 322, - 323, - 324, - 325, - 326, - 327, - 328, - 329, - 330, - 331, - 332, - 333, - 334, - 335, - 336, - 337, - 338, - 339, - 340, - 341, - 342, - 343, - 344, - 345, - 346, - 347, - 348 - ], - "starting_column": 1, - "ending_column": 2 - } - }, - "signature": "refund()" - } - } - }, - "additional_fields": { - "underlying_type": "variables_written", - "variable_name": "weiGiven" - } - } - ], - "description": "Reentrancy in TokenCreation.refund() (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#318-332):\n\tExternal calls:\n\t- extraBalance.balance >= extraBalance.accumulatedInput() (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#321)\n\t- extraBalance.payOut(address(this),extraBalance.accumulatedInput()) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#322)\n\t- msg.sender.call.value(weiGiven[msg.sender])() (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#325)\n\tExternal calls sending eth:\n\t- msg.sender.call.value(weiGiven[msg.sender])() (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#325)\n\tState variables written after the call(s):\n\t- weiGiven[msg.sender] = 0 (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#329)\n", - "markdown": "Reentrancy in [TokenCreation.refund()](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L318-L332):\n\tExternal calls:\n\t- [extraBalance.balance >= extraBalance.accumulatedInput()](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L321)\n\t- [extraBalance.payOut(address(this),extraBalance.accumulatedInput())](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L322)\n\t- [msg.sender.call.value(weiGiven[msg.sender])()](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L325)\n\tExternal calls sending eth:\n\t- [msg.sender.call.value(weiGiven[msg.sender])()](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L325)\n\tState variables written after the call(s):\n\t- [weiGiven[msg.sender] = 0](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L329)\n", - "first_markdown_element": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L318-L332", - "id": "c464e3c8a788029668f77cdff5d7e6a2af53a5ec0f79e21392a5910bfb9dcbe5", - "check": "reentrancy-eth", - "impact": "High", - "confidence": "Medium" - }, - { - "elements": [ - { - "type": "function", - "name": "executeProposal", - "source_mapping": { - "start": 32955, - "length": 2978, - "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 853, - 854, - 855, - 856, - 857, - 858, - 859, - 860, - 861, - 862, - 863, - 864, - 865, - 866, - 867, - 868, - 869, - 870, - 871, - 872, - 873, - 874, - 875, - 876, - 877, - 878, - 879, - 880, - 881, - 882, - 883, - 884, - 885, - 886, - 887, - 888, - 889, - 890, - 891, - 892, - 893, - 894, - 895, - 896, - 897, - 898, - 899, - 900, - 901, - 902, - 903, - 904, - 905, - 906, - 907, - 908, - 909, - 910, - 911, - 912, - 913, - 914, - 915, - 916, - 917, - 918, - 919, - 920, - 921, - 922, - 923, - 924, - 925, - 926, - 927, - 928, - 929, - 930, - 931, - 932, - 933, - 934, - 935, - 936, - 937 - ], - "starting_column": 5, - "ending_column": 6 - }, - "type_specific_fields": { - "parent": { - "type": "contract", - "name": "DAO", - "source_mapping": { - "start": 28296, - "length": 17108, + "start": 28296, + "length": 17108, "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", @@ -9279,20 +8485,814 @@ "ending_column": 2 } }, - "signature": "executeProposal(uint256,bytes)" + "signature": "executeProposal(uint256,bytes)" + } + } + }, + "additional_fields": { + "underlying_type": "variables_written", + "variable_name": "totalRewardToken" + } + } + ], + "description": "Reentrancy in DAO.executeProposal(uint256,bytes) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#853-937):\n\tExternal calls:\n\t- ! isRecipientAllowed(p.recipient) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#881)\n\t\t- allowedRecipients[_recipient] || (_recipient == address(extraBalance) && totalRewardToken > extraBalance.accumulatedInput()) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#1159-1163)\n\t- ! p.recipient.call.value(p.amount)(_transactionData) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#915)\n\tExternal calls sending eth:\n\t- ! p.creator.send(p.proposalDeposit) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#904)\n\t- ! p.recipient.call.value(p.amount)(_transactionData) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#915)\n\tState variables written after the call(s):\n\t- p.proposalPassed = true (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#918)\n\tDAOInterface.proposals (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#394) can be used in cross function reentrancies:\n\t- DAO.executeProposal(uint256,bytes) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#853-937)\n\t- DAO.DAO(address,DAO_Creator,uint256,uint256,uint256,address) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#702-726)\n\t- DAOInterface.proposals (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#394)\n\t- DAO.getNewDAOAddress(uint256) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#1204-1206)\n\t- DAO.checkProposalCode(uint256,address,uint256,bytes) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#809-817)\n\t- DAO.splitDAO(uint256,address) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#947-1020)\n\t- DAO.closeProposal(uint256) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#940-945)\n\t- DAO.isBlocked(address) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#1208-1218)\n\t- DAO.vote(uint256,bool) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#820-850)\n\t- DAO.numberOfProposals() (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#1199-1202)\n\t- DAO.newProposal(address,uint256,string,bytes,uint256,bool) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#741-806)\n\t- closeProposal(_proposalID) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#933)\n\t\t- p.open = false (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#944)\n\tDAOInterface.proposals (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#394) can be used in cross function reentrancies:\n\t- DAO.executeProposal(uint256,bytes) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#853-937)\n\t- DAO.DAO(address,DAO_Creator,uint256,uint256,uint256,address) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#702-726)\n\t- DAOInterface.proposals (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#394)\n\t- DAO.getNewDAOAddress(uint256) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#1204-1206)\n\t- DAO.checkProposalCode(uint256,address,uint256,bytes) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#809-817)\n\t- DAO.splitDAO(uint256,address) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#947-1020)\n\t- DAO.closeProposal(uint256) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#940-945)\n\t- DAO.isBlocked(address) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#1208-1218)\n\t- DAO.vote(uint256,bool) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#820-850)\n\t- DAO.numberOfProposals() (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#1199-1202)\n\t- DAO.newProposal(address,uint256,string,bytes,uint256,bool) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#741-806)\n\t- rewardToken[address(this)] += p.amount (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#928)\n\tDAOInterface.rewardToken (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#410) can be used in cross function reentrancies:\n\t- DAO.executeProposal(uint256,bytes) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#853-937)\n\t- DAO.splitDAO(uint256,address) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#947-1020)\n\t- DAOInterface.rewardToken (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#410)\n\t- DAO.changeProposalDeposit(uint256) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#1139-1146)\n\t- DAO.newContract(address) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#1022-1034)\n\t- DAO.minQuorum(uint256) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#1174-1178)\n\t- DAO.retrieveDAOReward(bool) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#1037-1057)\n\t- closeProposal(_proposalID) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#933)\n\t\t- sumOfProposalDeposits -= p.proposalDeposit (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#943)\n\tDAOInterface.sumOfProposalDeposits (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#436) can be used in cross function reentrancies:\n\t- DAO.closeProposal(uint256) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#940-945)\n\t- DAO.newProposal(address,uint256,string,bytes,uint256,bool) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#741-806)\n\t- DAO.actualBalance() (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#1169-1171)\n\t- DAO.splitDAO(uint256,address) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#947-1020)\n\t- totalRewardToken += p.amount (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#929)\n\tDAOInterface.totalRewardToken (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#412) can be used in cross function reentrancies:\n\t- DAO.executeProposal(uint256,bytes) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#853-937)\n\t- DAO.isRecipientAllowed(address) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#1158-1167)\n\t- DAO.retrieveDAOReward(bool) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#1037-1057)\n\t- DAOInterface.totalRewardToken (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#412)\n", + "markdown": "Reentrancy in [DAO.executeProposal(uint256,bytes)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L853-L937):\n\tExternal calls:\n\t- [! isRecipientAllowed(p.recipient)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L881)\n\t\t- [allowedRecipients[_recipient] || (_recipient == address(extraBalance) && totalRewardToken > extraBalance.accumulatedInput())](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L1159-L1163)\n\t- [! p.recipient.call.value(p.amount)(_transactionData)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L915)\n\tExternal calls sending eth:\n\t- [! p.creator.send(p.proposalDeposit)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L904)\n\t- [! p.recipient.call.value(p.amount)(_transactionData)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L915)\n\tState variables written after the call(s):\n\t- [p.proposalPassed = true](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L918)\n\t[DAOInterface.proposals](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L394) can be used in cross function reentrancies:\n\t- [DAO.executeProposal(uint256,bytes)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L853-L937)\n\t- [DAO.DAO(address,DAO_Creator,uint256,uint256,uint256,address)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L702-L726)\n\t- [DAOInterface.proposals](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L394)\n\t- [DAO.getNewDAOAddress(uint256)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L1204-L1206)\n\t- [DAO.checkProposalCode(uint256,address,uint256,bytes)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L809-L817)\n\t- [DAO.splitDAO(uint256,address)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L947-L1020)\n\t- [DAO.closeProposal(uint256)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L940-L945)\n\t- [DAO.isBlocked(address)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L1208-L1218)\n\t- [DAO.vote(uint256,bool)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L820-L850)\n\t- [DAO.numberOfProposals()](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L1199-L1202)\n\t- [DAO.newProposal(address,uint256,string,bytes,uint256,bool)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L741-L806)\n\t- [closeProposal(_proposalID)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L933)\n\t\t- [p.open = false](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L944)\n\t[DAOInterface.proposals](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L394) can be used in cross function reentrancies:\n\t- [DAO.executeProposal(uint256,bytes)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L853-L937)\n\t- [DAO.DAO(address,DAO_Creator,uint256,uint256,uint256,address)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L702-L726)\n\t- [DAOInterface.proposals](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L394)\n\t- [DAO.getNewDAOAddress(uint256)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L1204-L1206)\n\t- [DAO.checkProposalCode(uint256,address,uint256,bytes)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L809-L817)\n\t- [DAO.splitDAO(uint256,address)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L947-L1020)\n\t- [DAO.closeProposal(uint256)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L940-L945)\n\t- [DAO.isBlocked(address)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L1208-L1218)\n\t- [DAO.vote(uint256,bool)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L820-L850)\n\t- [DAO.numberOfProposals()](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L1199-L1202)\n\t- [DAO.newProposal(address,uint256,string,bytes,uint256,bool)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L741-L806)\n\t- [rewardToken[address(this)] += p.amount](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L928)\n\t[DAOInterface.rewardToken](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L410) can be used in cross function reentrancies:\n\t- [DAO.executeProposal(uint256,bytes)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L853-L937)\n\t- [DAO.splitDAO(uint256,address)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L947-L1020)\n\t- [DAOInterface.rewardToken](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L410)\n\t- [DAO.changeProposalDeposit(uint256)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L1139-L1146)\n\t- [DAO.newContract(address)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L1022-L1034)\n\t- [DAO.minQuorum(uint256)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L1174-L1178)\n\t- [DAO.retrieveDAOReward(bool)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L1037-L1057)\n\t- [closeProposal(_proposalID)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L933)\n\t\t- [sumOfProposalDeposits -= p.proposalDeposit](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L943)\n\t[DAOInterface.sumOfProposalDeposits](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L436) can be used in cross function reentrancies:\n\t- [DAO.closeProposal(uint256)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L940-L945)\n\t- [DAO.newProposal(address,uint256,string,bytes,uint256,bool)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L741-L806)\n\t- [DAO.actualBalance()](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L1169-L1171)\n\t- [DAO.splitDAO(uint256,address)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L947-L1020)\n\t- [totalRewardToken += p.amount](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L929)\n\t[DAOInterface.totalRewardToken](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L412) can be used in cross function reentrancies:\n\t- [DAO.executeProposal(uint256,bytes)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L853-L937)\n\t- [DAO.isRecipientAllowed(address)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L1158-L1167)\n\t- [DAO.retrieveDAOReward(bool)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L1037-L1057)\n\t- [DAOInterface.totalRewardToken](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L412)\n", + "first_markdown_element": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L853-L937", + "id": "b9c802c4b5548888a9ad51baffffaa8ef2f5240c1e77c360df8f3ee9a083e92e", + "check": "reentrancy-eth", + "impact": "High", + "confidence": "Medium" + }, + { + "elements": [ + { + "type": "function", + "name": "refund", + "source_mapping": { + "start": 11531, + "length": 635, + "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 318, + 319, + 320, + 321, + 322, + 323, + 324, + 325, + 326, + 327, + 328, + 329, + 330, + 331, + 332 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "TokenCreation", + "source_mapping": { + "start": 10437, + "length": 2342, + "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 287, + 288, + 289, + 290, + 291, + 292, + 293, + 294, + 295, + 296, + 297, + 298, + 299, + 300, + 301, + 302, + 303, + 304, + 305, + 306, + 307, + 308, + 309, + 310, + 311, + 312, + 313, + 314, + 315, + 316, + 317, + 318, + 319, + 320, + 321, + 322, + 323, + 324, + 325, + 326, + 327, + 328, + 329, + 330, + 331, + 332, + 333, + 334, + 335, + 336, + 337, + 338, + 339, + 340, + 341, + 342, + 343, + 344, + 345, + 346, + 347, + 348 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "refund()" + } + }, + { + "type": "node", + "name": "extraBalance.balance >= extraBalance.accumulatedInput()", + "source_mapping": { + "start": 11704, + "length": 55, + "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 321 + ], + "starting_column": 17, + "ending_column": 72 + }, + "type_specific_fields": { + "parent": { + "type": "function", + "name": "refund", + "source_mapping": { + "start": 11531, + "length": 635, + "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 318, + 319, + 320, + 321, + 322, + 323, + 324, + 325, + 326, + 327, + 328, + 329, + 330, + 331, + 332 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "TokenCreation", + "source_mapping": { + "start": 10437, + "length": 2342, + "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 287, + 288, + 289, + 290, + 291, + 292, + 293, + 294, + 295, + 296, + 297, + 298, + 299, + 300, + 301, + 302, + 303, + 304, + 305, + 306, + 307, + 308, + 309, + 310, + 311, + 312, + 313, + 314, + 315, + 316, + 317, + 318, + 319, + 320, + 321, + 322, + 323, + 324, + 325, + 326, + 327, + 328, + 329, + 330, + 331, + 332, + 333, + 334, + 335, + 336, + 337, + 338, + 339, + 340, + 341, + 342, + 343, + 344, + 345, + 346, + 347, + 348 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "refund()" + } + } + }, + "additional_fields": { + "underlying_type": "external_calls" + } + }, + { + "type": "node", + "name": "extraBalance.payOut(address(this),extraBalance.accumulatedInput())", + "source_mapping": { + "start": 11777, + "length": 67, + "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 322 + ], + "starting_column": 17, + "ending_column": 84 + }, + "type_specific_fields": { + "parent": { + "type": "function", + "name": "refund", + "source_mapping": { + "start": 11531, + "length": 635, + "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 318, + 319, + 320, + 321, + 322, + 323, + 324, + 325, + 326, + 327, + 328, + 329, + 330, + 331, + 332 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "TokenCreation", + "source_mapping": { + "start": 10437, + "length": 2342, + "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 287, + 288, + 289, + 290, + 291, + 292, + 293, + 294, + 295, + 296, + 297, + 298, + 299, + 300, + 301, + 302, + 303, + 304, + 305, + 306, + 307, + 308, + 309, + 310, + 311, + 312, + 313, + 314, + 315, + 316, + 317, + 318, + 319, + 320, + 321, + 322, + 323, + 324, + 325, + 326, + 327, + 328, + 329, + 330, + 331, + 332, + 333, + 334, + 335, + 336, + 337, + 338, + 339, + 340, + 341, + 342, + 343, + 344, + 345, + 346, + 347, + 348 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "refund()" + } + } + }, + "additional_fields": { + "underlying_type": "external_calls" + } + }, + { + "type": "node", + "name": "msg.sender.call.value(weiGiven[msg.sender])()", + "source_mapping": { + "start": 11893, + "length": 45, + "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 325 + ], + "starting_column": 17, + "ending_column": 62 + }, + "type_specific_fields": { + "parent": { + "type": "function", + "name": "refund", + "source_mapping": { + "start": 11531, + "length": 635, + "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 318, + 319, + 320, + 321, + 322, + 323, + 324, + 325, + 326, + 327, + 328, + 329, + 330, + 331, + 332 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "TokenCreation", + "source_mapping": { + "start": 10437, + "length": 2342, + "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 287, + 288, + 289, + 290, + 291, + 292, + 293, + 294, + 295, + 296, + 297, + 298, + 299, + 300, + 301, + 302, + 303, + 304, + 305, + 306, + 307, + 308, + 309, + 310, + 311, + 312, + 313, + 314, + 315, + 316, + 317, + 318, + 319, + 320, + 321, + 322, + 323, + 324, + 325, + 326, + 327, + 328, + 329, + 330, + 331, + 332, + 333, + 334, + 335, + 336, + 337, + 338, + 339, + 340, + 341, + 342, + 343, + 344, + 345, + 346, + 347, + 348 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "refund()" + } + } + }, + "additional_fields": { + "underlying_type": "external_calls" + } + }, + { + "type": "node", + "name": "msg.sender.call.value(weiGiven[msg.sender])()", + "source_mapping": { + "start": 11893, + "length": 45, + "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 325 + ], + "starting_column": 17, + "ending_column": 62 + }, + "type_specific_fields": { + "parent": { + "type": "function", + "name": "refund", + "source_mapping": { + "start": 11531, + "length": 635, + "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 318, + 319, + 320, + 321, + 322, + 323, + 324, + 325, + 326, + 327, + 328, + 329, + 330, + 331, + 332 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "TokenCreation", + "source_mapping": { + "start": 10437, + "length": 2342, + "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 287, + 288, + 289, + 290, + 291, + 292, + 293, + 294, + 295, + 296, + 297, + 298, + 299, + 300, + 301, + 302, + 303, + 304, + 305, + 306, + 307, + 308, + 309, + 310, + 311, + 312, + 313, + 314, + 315, + 316, + 317, + 318, + 319, + 320, + 321, + 322, + 323, + 324, + 325, + 326, + 327, + 328, + 329, + 330, + 331, + 332, + 333, + 334, + 335, + 336, + 337, + 338, + 339, + 340, + 341, + 342, + 343, + 344, + 345, + 346, + 347, + 348 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "refund()" + } + } + }, + "additional_fields": { + "underlying_type": "external_calls_sending_eth" + } + }, + { + "type": "node", + "name": "weiGiven[msg.sender] = 0", + "source_mapping": { + "start": 12111, + "length": 24, + "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 329 + ], + "starting_column": 17, + "ending_column": 41 + }, + "type_specific_fields": { + "parent": { + "type": "function", + "name": "refund", + "source_mapping": { + "start": 11531, + "length": 635, + "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 318, + 319, + 320, + 321, + 322, + 323, + 324, + 325, + 326, + 327, + 328, + 329, + 330, + 331, + 332 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "TokenCreation", + "source_mapping": { + "start": 10437, + "length": 2342, + "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 287, + 288, + 289, + 290, + 291, + 292, + 293, + 294, + 295, + 296, + 297, + 298, + 299, + 300, + 301, + 302, + 303, + 304, + 305, + 306, + 307, + 308, + 309, + 310, + 311, + 312, + 313, + 314, + 315, + 316, + 317, + 318, + 319, + 320, + 321, + 322, + 323, + 324, + 325, + 326, + 327, + 328, + 329, + 330, + 331, + 332, + 333, + 334, + 335, + 336, + 337, + 338, + 339, + 340, + 341, + 342, + 343, + 344, + 345, + 346, + 347, + 348 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "refund()" } } }, "additional_fields": { "underlying_type": "variables_written", - "variable_name": "totalRewardToken" + "variable_name": "weiGiven" } } ], - "description": "Reentrancy in DAO.executeProposal(uint256,bytes) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#853-937):\n\tExternal calls:\n\t- ! isRecipientAllowed(p.recipient) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#881)\n\t\t- allowedRecipients[_recipient] || (_recipient == address(extraBalance) && totalRewardToken > extraBalance.accumulatedInput()) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#1159-1163)\n\t- ! p.recipient.call.value(p.amount)(_transactionData) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#915)\n\tExternal calls sending eth:\n\t- ! p.creator.send(p.proposalDeposit) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#904)\n\t- ! p.recipient.call.value(p.amount)(_transactionData) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#915)\n\tState variables written after the call(s):\n\t- p.proposalPassed = true (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#918)\n\t- closeProposal(_proposalID) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#933)\n\t\t- p.open = false (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#944)\n\t- rewardToken[address(this)] += p.amount (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#928)\n\t- closeProposal(_proposalID) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#933)\n\t\t- sumOfProposalDeposits -= p.proposalDeposit (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#943)\n\t- totalRewardToken += p.amount (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#929)\n", - "markdown": "Reentrancy in [DAO.executeProposal(uint256,bytes)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L853-L937):\n\tExternal calls:\n\t- [! isRecipientAllowed(p.recipient)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L881)\n\t\t- [allowedRecipients[_recipient] || (_recipient == address(extraBalance) && totalRewardToken > extraBalance.accumulatedInput())](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L1159-L1163)\n\t- [! p.recipient.call.value(p.amount)(_transactionData)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L915)\n\tExternal calls sending eth:\n\t- [! p.creator.send(p.proposalDeposit)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L904)\n\t- [! p.recipient.call.value(p.amount)(_transactionData)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L915)\n\tState variables written after the call(s):\n\t- [p.proposalPassed = true](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L918)\n\t- [closeProposal(_proposalID)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L933)\n\t\t- [p.open = false](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L944)\n\t- [rewardToken[address(this)] += p.amount](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L928)\n\t- [closeProposal(_proposalID)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L933)\n\t\t- [sumOfProposalDeposits -= p.proposalDeposit](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L943)\n\t- [totalRewardToken += p.amount](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L929)\n", - "first_markdown_element": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L853-L937", - "id": "da2955efdedec834e2cbc56b913933ba273e4a4da5d9c5c6be9ff59c9249b84c", + "description": "Reentrancy in TokenCreation.refund() (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#318-332):\n\tExternal calls:\n\t- extraBalance.balance >= extraBalance.accumulatedInput() (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#321)\n\t- extraBalance.payOut(address(this),extraBalance.accumulatedInput()) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#322)\n\t- msg.sender.call.value(weiGiven[msg.sender])() (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#325)\n\tExternal calls sending eth:\n\t- msg.sender.call.value(weiGiven[msg.sender])() (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#325)\n\tState variables written after the call(s):\n\t- weiGiven[msg.sender] = 0 (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#329)\n\tTokenCreationInterface.weiGiven (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#251) can be used in cross function reentrancies:\n\t- TokenCreation.createTokenProxy(address) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#299-316)\n\t- TokenCreation.refund() (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#318-332)\n", + "markdown": "Reentrancy in [TokenCreation.refund()](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L318-L332):\n\tExternal calls:\n\t- [extraBalance.balance >= extraBalance.accumulatedInput()](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L321)\n\t- [extraBalance.payOut(address(this),extraBalance.accumulatedInput())](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L322)\n\t- [msg.sender.call.value(weiGiven[msg.sender])()](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L325)\n\tExternal calls sending eth:\n\t- [msg.sender.call.value(weiGiven[msg.sender])()](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L325)\n\tState variables written after the call(s):\n\t- [weiGiven[msg.sender] = 0](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L329)\n\t[TokenCreationInterface.weiGiven](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L251) can be used in cross function reentrancies:\n\t- [TokenCreation.createTokenProxy(address)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L299-L316)\n\t- [TokenCreation.refund()](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L318-L332)\n", + "first_markdown_element": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L318-L332", + "id": "ec60469e1cc5d8cd352a86998673bfb43580d5119e501f9a3e58e3b55befb0a9", "check": "reentrancy-eth", "impact": "High", "confidence": "Medium" diff --git a/tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol.0.4.25.ReentrancyEth.json b/tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol.0.4.25.ReentrancyEth.json index 6b323b1a9..c1a3fef5e 100644 --- a/tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol.0.4.25.ReentrancyEth.json +++ b/tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol.0.4.25.ReentrancyEth.json @@ -4,23 +4,22 @@ "elements": [ { "type": "function", - "name": "withdrawBalance", + "name": "withdrawBalance_nested", "source_mapping": { - "start": 656, - "length": 314, + "start": 2465, + "length": 246, "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol", "is_dependency": false, "lines": [ - 24, - 25, - 26, - 27, - 28, - 29, - 30, - 31 + 74, + 75, + 76, + 77, + 78, + 79, + 80 ], "starting_column": 5, "ending_column": 6 @@ -122,45 +121,44 @@ "ending_column": 2 } }, - "signature": "withdrawBalance()" + "signature": "withdrawBalance_nested()" } }, { "type": "node", - "name": "! (msg.sender.call.value(userBalance[msg.sender])())", + "name": "msg.sender.call.value(amount / 2)()", "source_mapping": { - "start": 839, - "length": 53, + "start": 2620, + "length": 33, "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol", "is_dependency": false, "lines": [ - 27 + 77 ], "starting_column": 13, - "ending_column": 66 + "ending_column": 46 }, "type_specific_fields": { "parent": { "type": "function", - "name": "withdrawBalance", + "name": "withdrawBalance_nested", "source_mapping": { - "start": 656, - "length": 314, + "start": 2465, + "length": 246, "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol", "is_dependency": false, "lines": [ - 24, - 25, - 26, - 27, - 28, - 29, - 30, - 31 + 74, + 75, + 76, + 77, + 78, + 79, + 80 ], "starting_column": 5, "ending_column": 6 @@ -262,7 +260,7 @@ "ending_column": 2 } }, - "signature": "withdrawBalance()" + "signature": "withdrawBalance_nested()" } } }, @@ -274,38 +272,37 @@ "type": "node", "name": "userBalance[msg.sender] = 0", "source_mapping": { - "start": 936, + "start": 2667, "length": 27, "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol", "is_dependency": false, "lines": [ - 30 + 78 ], - "starting_column": 9, - "ending_column": 36 + "starting_column": 13, + "ending_column": 40 }, "type_specific_fields": { "parent": { "type": "function", - "name": "withdrawBalance", + "name": "withdrawBalance_nested", "source_mapping": { - "start": 656, - "length": 314, + "start": 2465, + "length": 246, "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol", "is_dependency": false, "lines": [ - 24, - 25, - 26, - 27, - 28, - 29, - 30, - 31 + 74, + 75, + 76, + 77, + 78, + 79, + 80 ], "starting_column": 5, "ending_column": 6 @@ -407,7 +404,7 @@ "ending_column": 2 } }, - "signature": "withdrawBalance()" + "signature": "withdrawBalance_nested()" } } }, @@ -417,10 +414,10 @@ } } ], - "description": "Reentrancy in Reentrancy.withdrawBalance() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#24-31):\n\tExternal calls:\n\t- ! (msg.sender.call.value(userBalance[msg.sender])()) (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#27)\n\tState variables written after the call(s):\n\t- userBalance[msg.sender] = 0 (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#30)\n", - "markdown": "Reentrancy in [Reentrancy.withdrawBalance()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L24-L31):\n\tExternal calls:\n\t- [! (msg.sender.call.value(userBalance[msg.sender])())](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L27)\n\tState variables written after the call(s):\n\t- [userBalance[msg.sender] = 0](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L30)\n", - "first_markdown_element": "tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L24-L31", - "id": "759a5ea5deb597f6ca748c9b27656dee01b1e4b634365a68b918bf10518662e8", + "description": "Reentrancy in Reentrancy.withdrawBalance_nested() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#74-80):\n\tExternal calls:\n\t- msg.sender.call.value(amount / 2)() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#77)\n\tState variables written after the call(s):\n\t- userBalance[msg.sender] = 0 (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#78)\n\tReentrancy.userBalance (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#4) can be used in cross function reentrancies:\n\t- Reentrancy.constructor() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#15-22)\n\t- Reentrancy.addToBalance() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#10-12)\n\t- Reentrancy.withdrawBalance_fixed_4() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#61-72)\n\t- Reentrancy.withdrawBalance() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#24-31)\n\t- Reentrancy.withdrawBalance_nested() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#74-80)\n\t- Reentrancy.withdrawBalance_fixed_3() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#52-60)\n\t- Reentrancy.withdrawBalance_fixed_2() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#43-50)\n\t- Reentrancy.withdrawBalance_fixed() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#33-41)\n\t- Reentrancy.getBalance(address) (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#6-8)\n", + "markdown": "Reentrancy in [Reentrancy.withdrawBalance_nested()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L74-L80):\n\tExternal calls:\n\t- [msg.sender.call.value(amount / 2)()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L77)\n\tState variables written after the call(s):\n\t- [userBalance[msg.sender] = 0](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L78)\n\t[Reentrancy.userBalance](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L4) can be used in cross function reentrancies:\n\t- [Reentrancy.constructor()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L15-L22)\n\t- [Reentrancy.addToBalance()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L10-L12)\n\t- [Reentrancy.withdrawBalance_fixed_4()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L61-L72)\n\t- [Reentrancy.withdrawBalance()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L24-L31)\n\t- [Reentrancy.withdrawBalance_nested()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L74-L80)\n\t- [Reentrancy.withdrawBalance_fixed_3()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L52-L60)\n\t- [Reentrancy.withdrawBalance_fixed_2()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L43-L50)\n\t- [Reentrancy.withdrawBalance_fixed()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L33-L41)\n\t- [Reentrancy.getBalance(address)](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L6-L8)\n", + "first_markdown_element": "tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L74-L80", + "id": "40068dd897810c9dd5841a3225068906bdf31af8ffac1dda0fe0afacc008f0f1", "check": "reentrancy-eth", "impact": "High", "confidence": "Medium" @@ -429,22 +426,23 @@ "elements": [ { "type": "function", - "name": "withdrawBalance_nested", + "name": "withdrawBalance", "source_mapping": { - "start": 2465, - "length": 246, + "start": 656, + "length": 314, "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol", "is_dependency": false, "lines": [ - 74, - 75, - 76, - 77, - 78, - 79, - 80 + 24, + 25, + 26, + 27, + 28, + 29, + 30, + 31 ], "starting_column": 5, "ending_column": 6 @@ -546,44 +544,45 @@ "ending_column": 2 } }, - "signature": "withdrawBalance_nested()" + "signature": "withdrawBalance()" } }, { "type": "node", - "name": "msg.sender.call.value(amount / 2)()", + "name": "! (msg.sender.call.value(userBalance[msg.sender])())", "source_mapping": { - "start": 2620, - "length": 33, + "start": 839, + "length": 53, "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol", "is_dependency": false, "lines": [ - 77 + 27 ], "starting_column": 13, - "ending_column": 46 + "ending_column": 66 }, "type_specific_fields": { "parent": { "type": "function", - "name": "withdrawBalance_nested", + "name": "withdrawBalance", "source_mapping": { - "start": 2465, - "length": 246, + "start": 656, + "length": 314, "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol", "is_dependency": false, "lines": [ - 74, - 75, - 76, - 77, - 78, - 79, - 80 + 24, + 25, + 26, + 27, + 28, + 29, + 30, + 31 ], "starting_column": 5, "ending_column": 6 @@ -685,7 +684,7 @@ "ending_column": 2 } }, - "signature": "withdrawBalance_nested()" + "signature": "withdrawBalance()" } } }, @@ -697,37 +696,38 @@ "type": "node", "name": "userBalance[msg.sender] = 0", "source_mapping": { - "start": 2667, + "start": 936, "length": 27, "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol", "is_dependency": false, "lines": [ - 78 + 30 ], - "starting_column": 13, - "ending_column": 40 + "starting_column": 9, + "ending_column": 36 }, "type_specific_fields": { "parent": { "type": "function", - "name": "withdrawBalance_nested", + "name": "withdrawBalance", "source_mapping": { - "start": 2465, - "length": 246, + "start": 656, + "length": 314, "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol", "is_dependency": false, "lines": [ - 74, - 75, - 76, - 77, - 78, - 79, - 80 + 24, + 25, + 26, + 27, + 28, + 29, + 30, + 31 ], "starting_column": 5, "ending_column": 6 @@ -829,7 +829,7 @@ "ending_column": 2 } }, - "signature": "withdrawBalance_nested()" + "signature": "withdrawBalance()" } } }, @@ -839,10 +839,10 @@ } } ], - "description": "Reentrancy in Reentrancy.withdrawBalance_nested() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#74-80):\n\tExternal calls:\n\t- msg.sender.call.value(amount / 2)() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#77)\n\tState variables written after the call(s):\n\t- userBalance[msg.sender] = 0 (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#78)\n", - "markdown": "Reentrancy in [Reentrancy.withdrawBalance_nested()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L74-L80):\n\tExternal calls:\n\t- [msg.sender.call.value(amount / 2)()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L77)\n\tState variables written after the call(s):\n\t- [userBalance[msg.sender] = 0](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L78)\n", - "first_markdown_element": "tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L74-L80", - "id": "cc27a0e36ba51b1a24ae1df9b9f2ec9e67afedd649839a3302b6f9e08987c7d8", + "description": "Reentrancy in Reentrancy.withdrawBalance() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#24-31):\n\tExternal calls:\n\t- ! (msg.sender.call.value(userBalance[msg.sender])()) (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#27)\n\tState variables written after the call(s):\n\t- userBalance[msg.sender] = 0 (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#30)\n\tReentrancy.userBalance (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#4) can be used in cross function reentrancies:\n\t- Reentrancy.constructor() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#15-22)\n\t- Reentrancy.addToBalance() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#10-12)\n\t- Reentrancy.withdrawBalance_fixed_4() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#61-72)\n\t- Reentrancy.withdrawBalance() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#24-31)\n\t- Reentrancy.withdrawBalance_nested() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#74-80)\n\t- Reentrancy.withdrawBalance_fixed_3() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#52-60)\n\t- Reentrancy.withdrawBalance_fixed_2() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#43-50)\n\t- Reentrancy.withdrawBalance_fixed() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#33-41)\n\t- Reentrancy.getBalance(address) (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#6-8)\n", + "markdown": "Reentrancy in [Reentrancy.withdrawBalance()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L24-L31):\n\tExternal calls:\n\t- [! (msg.sender.call.value(userBalance[msg.sender])())](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L27)\n\tState variables written after the call(s):\n\t- [userBalance[msg.sender] = 0](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L30)\n\t[Reentrancy.userBalance](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L4) can be used in cross function reentrancies:\n\t- [Reentrancy.constructor()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L15-L22)\n\t- [Reentrancy.addToBalance()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L10-L12)\n\t- [Reentrancy.withdrawBalance_fixed_4()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L61-L72)\n\t- [Reentrancy.withdrawBalance()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L24-L31)\n\t- [Reentrancy.withdrawBalance_nested()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L74-L80)\n\t- [Reentrancy.withdrawBalance_fixed_3()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L52-L60)\n\t- [Reentrancy.withdrawBalance_fixed_2()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L43-L50)\n\t- [Reentrancy.withdrawBalance_fixed()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L33-L41)\n\t- [Reentrancy.getBalance(address)](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L6-L8)\n", + "first_markdown_element": "tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L24-L31", + "id": "dd0fcd3095a9151d9ce4b893b8fbad6f1800fab62623d56b305e6dedb7f1f69a", "check": "reentrancy-eth", "impact": "High", "confidence": "Medium" diff --git a/tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol.0.4.25.ReentrancyEth.json b/tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol.0.4.25.ReentrancyEth.json index d2d53ed0e..1d0fd8862 100644 --- a/tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol.0.4.25.ReentrancyEth.json +++ b/tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol.0.4.25.ReentrancyEth.json @@ -428,10 +428,10 @@ } } ], - "description": "Reentrancy in Reentrancy.withdraw(address) (tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#22-29):\n\tExternal calls:\n\t- require(bool)(Token(token).transfer(msg.sender,token_deposed[token][msg.sender])) (tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#24)\n\tExternal calls sending eth:\n\t- msg.sender.transfer(eth_deposed[token][msg.sender]) (tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#23)\n\tState variables written after the call(s):\n\t- eth_deposed[token][msg.sender] = 0 (tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#26)\n\t- token_deposed[token][msg.sender] = 0 (tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#27)\n", - "markdown": "Reentrancy in [Reentrancy.withdraw(address)](tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#L22-L29):\n\tExternal calls:\n\t- [require(bool)(Token(token).transfer(msg.sender,token_deposed[token][msg.sender]))](tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#L24)\n\tExternal calls sending eth:\n\t- [msg.sender.transfer(eth_deposed[token][msg.sender])](tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#L23)\n\tState variables written after the call(s):\n\t- [eth_deposed[token][msg.sender] = 0](tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#L26)\n\t- [token_deposed[token][msg.sender] = 0](tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#L27)\n", + "description": "Reentrancy in Reentrancy.withdraw(address) (tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#22-29):\n\tExternal calls:\n\t- require(bool)(Token(token).transfer(msg.sender,token_deposed[token][msg.sender])) (tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#24)\n\tExternal calls sending eth:\n\t- msg.sender.transfer(eth_deposed[token][msg.sender]) (tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#23)\n\tState variables written after the call(s):\n\t- eth_deposed[token][msg.sender] = 0 (tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#26)\n\tReentrancy.eth_deposed (tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#10) can be used in cross function reentrancies:\n\t- Reentrancy.withdraw(address) (tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#22-29)\n\t- Reentrancy.deposit_eth(address) (tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#13-15)\n\t- token_deposed[token][msg.sender] = 0 (tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#27)\n\tReentrancy.token_deposed (tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#11) can be used in cross function reentrancies:\n\t- Reentrancy.deposit_token(address,uint256) (tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#17-20)\n\t- Reentrancy.withdraw(address) (tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#22-29)\n", + "markdown": "Reentrancy in [Reentrancy.withdraw(address)](tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#L22-L29):\n\tExternal calls:\n\t- [require(bool)(Token(token).transfer(msg.sender,token_deposed[token][msg.sender]))](tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#L24)\n\tExternal calls sending eth:\n\t- [msg.sender.transfer(eth_deposed[token][msg.sender])](tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#L23)\n\tState variables written after the call(s):\n\t- [eth_deposed[token][msg.sender] = 0](tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#L26)\n\t[Reentrancy.eth_deposed](tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#L10) can be used in cross function reentrancies:\n\t- [Reentrancy.withdraw(address)](tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#L22-L29)\n\t- [Reentrancy.deposit_eth(address)](tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#L13-L15)\n\t- [token_deposed[token][msg.sender] = 0](tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#L27)\n\t[Reentrancy.token_deposed](tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#L11) can be used in cross function reentrancies:\n\t- [Reentrancy.deposit_token(address,uint256)](tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#L17-L20)\n\t- [Reentrancy.withdraw(address)](tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#L22-L29)\n", "first_markdown_element": "tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#L22-L29", - "id": "8a2174b6a3476b6e52f3cdac7e85b44337e3b7d7df2b2504c5a75b8e2a00ea7f", + "id": "a8ba28ead6de289d54a6a09f7c8f038b1feff8ead5a9f9a50144a3405e1a5d84", "check": "reentrancy-eth", "impact": "High", "confidence": "Medium" diff --git a/tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol.0.5.16.ReentrancyEth.json b/tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol.0.5.16.ReentrancyEth.json index 2d9d75949..83d210cba 100644 --- a/tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol.0.5.16.ReentrancyEth.json +++ b/tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol.0.5.16.ReentrancyEth.json @@ -372,10 +372,10 @@ } } ], - "description": "Reentrancy in Reentrancy.withdrawBalance_fixed_3() (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#55-64):\n\tExternal calls:\n\t- (ret,mem) = msg.sender.call.value(amount)() (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#60)\n\tState variables written after the call(s):\n\t- userBalance[msg.sender] = amount (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#62)\n", - "markdown": "Reentrancy in [Reentrancy.withdrawBalance_fixed_3()](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L55-L64):\n\tExternal calls:\n\t- [(ret,mem) = msg.sender.call.value(amount)()](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L60)\n\tState variables written after the call(s):\n\t- [userBalance[msg.sender] = amount](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L62)\n", + "description": "Reentrancy in Reentrancy.withdrawBalance_fixed_3() (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#55-64):\n\tExternal calls:\n\t- (ret,mem) = msg.sender.call.value(amount)() (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#60)\n\tState variables written after the call(s):\n\t- userBalance[msg.sender] = amount (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#62)\n\tReentrancy.userBalance (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#4) can be used in cross function reentrancies:\n\t- Reentrancy.addToBalance() (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#10-12)\n\t- Reentrancy.constructor() (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#15-23)\n\t- Reentrancy.withdrawBalance_fixed() (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#35-44)\n\t- Reentrancy.withdrawBalance() (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#25-33)\n\t- Reentrancy.withdrawBalance_fixed_3() (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#55-64)\n\t- Reentrancy.withdrawBalance_fixed_2() (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#46-53)\n\t- Reentrancy.getBalance(address) (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#6-8)\n", + "markdown": "Reentrancy in [Reentrancy.withdrawBalance_fixed_3()](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L55-L64):\n\tExternal calls:\n\t- [(ret,mem) = msg.sender.call.value(amount)()](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L60)\n\tState variables written after the call(s):\n\t- [userBalance[msg.sender] = amount](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L62)\n\t[Reentrancy.userBalance](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L4) can be used in cross function reentrancies:\n\t- [Reentrancy.addToBalance()](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L10-L12)\n\t- [Reentrancy.constructor()](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L15-L23)\n\t- [Reentrancy.withdrawBalance_fixed()](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L35-L44)\n\t- [Reentrancy.withdrawBalance()](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L25-L33)\n\t- [Reentrancy.withdrawBalance_fixed_3()](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L55-L64)\n\t- [Reentrancy.withdrawBalance_fixed_2()](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L46-L53)\n\t- [Reentrancy.getBalance(address)](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L6-L8)\n", "first_markdown_element": "tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L55-L64", - "id": "b1d5762a3d9738215079d50da4bf0ecdc8eddd575b7f8686bdbfa3d101adf809", + "id": "14bd70d68ad1a7a1de9653bb90378aaa9912309c63aa307e014f56bf6946f6d9", "check": "reentrancy-eth", "impact": "High", "confidence": "Medium" @@ -749,10 +749,10 @@ } } ], - "description": "Reentrancy in Reentrancy.withdrawBalance() (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#25-33):\n\tExternal calls:\n\t- (ret,mem) = msg.sender.call.value(userBalance[msg.sender])() (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#28)\n\tState variables written after the call(s):\n\t- userBalance[msg.sender] = 0 (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#32)\n", - "markdown": "Reentrancy in [Reentrancy.withdrawBalance()](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L25-L33):\n\tExternal calls:\n\t- [(ret,mem) = msg.sender.call.value(userBalance[msg.sender])()](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L28)\n\tState variables written after the call(s):\n\t- [userBalance[msg.sender] = 0](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L32)\n", + "description": "Reentrancy in Reentrancy.withdrawBalance() (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#25-33):\n\tExternal calls:\n\t- (ret,mem) = msg.sender.call.value(userBalance[msg.sender])() (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#28)\n\tState variables written after the call(s):\n\t- userBalance[msg.sender] = 0 (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#32)\n\tReentrancy.userBalance (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#4) can be used in cross function reentrancies:\n\t- Reentrancy.addToBalance() (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#10-12)\n\t- Reentrancy.constructor() (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#15-23)\n\t- Reentrancy.withdrawBalance_fixed() (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#35-44)\n\t- Reentrancy.withdrawBalance() (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#25-33)\n\t- Reentrancy.withdrawBalance_fixed_3() (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#55-64)\n\t- Reentrancy.withdrawBalance_fixed_2() (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#46-53)\n\t- Reentrancy.getBalance(address) (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#6-8)\n", + "markdown": "Reentrancy in [Reentrancy.withdrawBalance()](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L25-L33):\n\tExternal calls:\n\t- [(ret,mem) = msg.sender.call.value(userBalance[msg.sender])()](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L28)\n\tState variables written after the call(s):\n\t- [userBalance[msg.sender] = 0](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L32)\n\t[Reentrancy.userBalance](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L4) can be used in cross function reentrancies:\n\t- [Reentrancy.addToBalance()](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L10-L12)\n\t- [Reentrancy.constructor()](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L15-L23)\n\t- [Reentrancy.withdrawBalance_fixed()](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L35-L44)\n\t- [Reentrancy.withdrawBalance()](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L25-L33)\n\t- [Reentrancy.withdrawBalance_fixed_3()](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L55-L64)\n\t- [Reentrancy.withdrawBalance_fixed_2()](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L46-L53)\n\t- [Reentrancy.getBalance(address)](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L6-L8)\n", "first_markdown_element": "tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L25-L33", - "id": "e2dcb62d8ffcc2636bab0fee518b4a79c760f2974c39950214749fc78bebc9de", + "id": "adefd8720d742bbfce41168a7f6671258c2a2274203a275438c8c1b9bce3be69", "check": "reentrancy-eth", "impact": "High", "confidence": "Medium" diff --git a/tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol.0.5.16.ReentrancyEth.json b/tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol.0.5.16.ReentrancyEth.json index 39e1ba145..2fd0e6feb 100644 --- a/tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol.0.5.16.ReentrancyEth.json +++ b/tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol.0.5.16.ReentrancyEth.json @@ -428,10 +428,10 @@ } } ], - "description": "Reentrancy in Reentrancy.withdraw(address) (tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#22-29):\n\tExternal calls:\n\t- require(bool)(Token(token).transfer(msg.sender,token_deposed[token][msg.sender])) (tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#24)\n\tExternal calls sending eth:\n\t- msg.sender.transfer(eth_deposed[token][msg.sender]) (tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#23)\n\tState variables written after the call(s):\n\t- eth_deposed[token][msg.sender] = 0 (tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#26)\n\t- token_deposed[token][msg.sender] = 0 (tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#27)\n", - "markdown": "Reentrancy in [Reentrancy.withdraw(address)](tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#L22-L29):\n\tExternal calls:\n\t- [require(bool)(Token(token).transfer(msg.sender,token_deposed[token][msg.sender]))](tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#L24)\n\tExternal calls sending eth:\n\t- [msg.sender.transfer(eth_deposed[token][msg.sender])](tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#L23)\n\tState variables written after the call(s):\n\t- [eth_deposed[token][msg.sender] = 0](tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#L26)\n\t- [token_deposed[token][msg.sender] = 0](tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#L27)\n", + "description": "Reentrancy in Reentrancy.withdraw(address) (tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#22-29):\n\tExternal calls:\n\t- require(bool)(Token(token).transfer(msg.sender,token_deposed[token][msg.sender])) (tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#24)\n\tExternal calls sending eth:\n\t- msg.sender.transfer(eth_deposed[token][msg.sender]) (tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#23)\n\tState variables written after the call(s):\n\t- eth_deposed[token][msg.sender] = 0 (tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#26)\n\tReentrancy.eth_deposed (tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#10) can be used in cross function reentrancies:\n\t- Reentrancy.withdraw(address) (tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#22-29)\n\t- Reentrancy.deposit_eth(address) (tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#13-15)\n\t- token_deposed[token][msg.sender] = 0 (tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#27)\n\tReentrancy.token_deposed (tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#11) can be used in cross function reentrancies:\n\t- Reentrancy.deposit_token(address,uint256) (tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#17-20)\n\t- Reentrancy.withdraw(address) (tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#22-29)\n", + "markdown": "Reentrancy in [Reentrancy.withdraw(address)](tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#L22-L29):\n\tExternal calls:\n\t- [require(bool)(Token(token).transfer(msg.sender,token_deposed[token][msg.sender]))](tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#L24)\n\tExternal calls sending eth:\n\t- [msg.sender.transfer(eth_deposed[token][msg.sender])](tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#L23)\n\tState variables written after the call(s):\n\t- [eth_deposed[token][msg.sender] = 0](tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#L26)\n\t[Reentrancy.eth_deposed](tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#L10) can be used in cross function reentrancies:\n\t- [Reentrancy.withdraw(address)](tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#L22-L29)\n\t- [Reentrancy.deposit_eth(address)](tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#L13-L15)\n\t- [token_deposed[token][msg.sender] = 0](tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#L27)\n\t[Reentrancy.token_deposed](tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#L11) can be used in cross function reentrancies:\n\t- [Reentrancy.deposit_token(address,uint256)](tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#L17-L20)\n\t- [Reentrancy.withdraw(address)](tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#L22-L29)\n", "first_markdown_element": "tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#L22-L29", - "id": "b409436e604deed3ecb1b621a908db6ddbd69754315b41a9806919d8348391d9", + "id": "63385af783ed3eb67d0d73e9f3350256e9cc6ee2f5485c50cf6c6c91f8757601", "check": "reentrancy-eth", "impact": "High", "confidence": "Medium" diff --git a/tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol.0.6.11.ReentrancyEth.json b/tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol.0.6.11.ReentrancyEth.json index 6f592b511..0aec13387 100644 --- a/tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol.0.6.11.ReentrancyEth.json +++ b/tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol.0.6.11.ReentrancyEth.json @@ -4,24 +4,25 @@ "elements": [ { "type": "function", - "name": "withdrawBalance", + "name": "withdrawBalance_fixed_3", "source_mapping": { - "start": 707, - "length": 357, + "start": 1843, + "length": 393, "filename_relative": "tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol", "is_dependency": false, "lines": [ - 25, - 26, - 27, - 28, - 29, - 30, - 31, - 32, - 33 + 55, + 56, + 57, + 58, + 59, + 60, + 61, + 62, + 63, + 64 ], "starting_column": 5, "ending_column": 6 @@ -106,46 +107,47 @@ "ending_column": 2 } }, - "signature": "withdrawBalance()" + "signature": "withdrawBalance_fixed_3()" } }, { "type": "node", - "name": "(ret,mem) = msg.sender.call.value(userBalance[msg.sender])()", + "name": "(ret,mem) = msg.sender.call.value(amount)()", "source_mapping": { - "start": 886, - "length": 81, + "start": 2088, + "length": 64, "filename_relative": "tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol", "is_dependency": false, "lines": [ - 28 + 60 ], "starting_column": 9, - "ending_column": 90 + "ending_column": 73 }, "type_specific_fields": { "parent": { "type": "function", - "name": "withdrawBalance", + "name": "withdrawBalance_fixed_3", "source_mapping": { - "start": 707, - "length": 357, + "start": 1843, + "length": 393, "filename_relative": "tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol", "is_dependency": false, "lines": [ - 25, - 26, - 27, - 28, - 29, - 30, - 31, - 32, - 33 + 55, + 56, + 57, + 58, + 59, + 60, + 61, + 62, + 63, + 64 ], "starting_column": 5, "ending_column": 6 @@ -230,7 +232,7 @@ "ending_column": 2 } }, - "signature": "withdrawBalance()" + "signature": "withdrawBalance_fixed_3()" } } }, @@ -240,41 +242,42 @@ }, { "type": "node", - "name": "userBalance[msg.sender] = 0", + "name": "userBalance[msg.sender] = amount", "source_mapping": { - "start": 1030, - "length": 27, + "start": 2187, + "length": 32, "filename_relative": "tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol", "is_dependency": false, "lines": [ - 32 + 62 ], - "starting_column": 9, - "ending_column": 36 + "starting_column": 13, + "ending_column": 45 }, "type_specific_fields": { "parent": { "type": "function", - "name": "withdrawBalance", + "name": "withdrawBalance_fixed_3", "source_mapping": { - "start": 707, - "length": 357, + "start": 1843, + "length": 393, "filename_relative": "tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol", "is_dependency": false, "lines": [ - 25, - 26, - 27, - 28, - 29, - 30, - 31, - 32, - 33 + 55, + 56, + 57, + 58, + 59, + 60, + 61, + 62, + 63, + 64 ], "starting_column": 5, "ending_column": 6 @@ -359,7 +362,7 @@ "ending_column": 2 } }, - "signature": "withdrawBalance()" + "signature": "withdrawBalance_fixed_3()" } } }, @@ -369,10 +372,10 @@ } } ], - "description": "Reentrancy in Reentrancy.withdrawBalance() (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#25-33):\n\tExternal calls:\n\t- (ret,mem) = msg.sender.call.value(userBalance[msg.sender])() (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#28)\n\tState variables written after the call(s):\n\t- userBalance[msg.sender] = 0 (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#32)\n", - "markdown": "Reentrancy in [Reentrancy.withdrawBalance()](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L25-L33):\n\tExternal calls:\n\t- [(ret,mem) = msg.sender.call.value(userBalance[msg.sender])()](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L28)\n\tState variables written after the call(s):\n\t- [userBalance[msg.sender] = 0](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L32)\n", - "first_markdown_element": "tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L25-L33", - "id": "2ae23f335df95d0f5c56d214774a6afc507773d057c4ca44f2eb4eff0e2ebe98", + "description": "Reentrancy in Reentrancy.withdrawBalance_fixed_3() (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#55-64):\n\tExternal calls:\n\t- (ret,mem) = msg.sender.call.value(amount)() (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#60)\n\tState variables written after the call(s):\n\t- userBalance[msg.sender] = amount (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#62)\n\tReentrancy.userBalance (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#4) can be used in cross function reentrancies:\n\t- Reentrancy.addToBalance() (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#10-12)\n\t- Reentrancy.constructor() (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#15-23)\n\t- Reentrancy.getBalance(address) (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#6-8)\n\t- Reentrancy.withdrawBalance_fixed_3() (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#55-64)\n\t- Reentrancy.withdrawBalance() (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#25-33)\n\t- Reentrancy.withdrawBalance_fixed() (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#35-44)\n\t- Reentrancy.withdrawBalance_fixed_2() (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#46-53)\n", + "markdown": "Reentrancy in [Reentrancy.withdrawBalance_fixed_3()](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L55-L64):\n\tExternal calls:\n\t- [(ret,mem) = msg.sender.call.value(amount)()](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L60)\n\tState variables written after the call(s):\n\t- [userBalance[msg.sender] = amount](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L62)\n\t[Reentrancy.userBalance](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L4) can be used in cross function reentrancies:\n\t- [Reentrancy.addToBalance()](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L10-L12)\n\t- [Reentrancy.constructor()](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L15-L23)\n\t- [Reentrancy.getBalance(address)](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L6-L8)\n\t- [Reentrancy.withdrawBalance_fixed_3()](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L55-L64)\n\t- [Reentrancy.withdrawBalance()](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L25-L33)\n\t- [Reentrancy.withdrawBalance_fixed()](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L35-L44)\n\t- [Reentrancy.withdrawBalance_fixed_2()](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L46-L53)\n", + "first_markdown_element": "tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L55-L64", + "id": "198c0aa45e21eaf93239b89902af77daf6acd1431a537d38c9ff8ac798d7de1a", "check": "reentrancy-eth", "impact": "High", "confidence": "Medium" @@ -381,25 +384,24 @@ "elements": [ { "type": "function", - "name": "withdrawBalance_fixed_3", + "name": "withdrawBalance", "source_mapping": { - "start": 1843, - "length": 393, + "start": 707, + "length": 357, "filename_relative": "tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol", "is_dependency": false, "lines": [ - 55, - 56, - 57, - 58, - 59, - 60, - 61, - 62, - 63, - 64 + 25, + 26, + 27, + 28, + 29, + 30, + 31, + 32, + 33 ], "starting_column": 5, "ending_column": 6 @@ -484,47 +486,46 @@ "ending_column": 2 } }, - "signature": "withdrawBalance_fixed_3()" + "signature": "withdrawBalance()" } }, { "type": "node", - "name": "(ret,mem) = msg.sender.call.value(amount)()", + "name": "(ret,mem) = msg.sender.call.value(userBalance[msg.sender])()", "source_mapping": { - "start": 2088, - "length": 64, + "start": 886, + "length": 81, "filename_relative": "tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol", "is_dependency": false, "lines": [ - 60 + 28 ], "starting_column": 9, - "ending_column": 73 + "ending_column": 90 }, "type_specific_fields": { "parent": { "type": "function", - "name": "withdrawBalance_fixed_3", + "name": "withdrawBalance", "source_mapping": { - "start": 1843, - "length": 393, + "start": 707, + "length": 357, "filename_relative": "tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol", "is_dependency": false, "lines": [ - 55, - 56, - 57, - 58, - 59, - 60, - 61, - 62, - 63, - 64 + 25, + 26, + 27, + 28, + 29, + 30, + 31, + 32, + 33 ], "starting_column": 5, "ending_column": 6 @@ -609,7 +610,7 @@ "ending_column": 2 } }, - "signature": "withdrawBalance_fixed_3()" + "signature": "withdrawBalance()" } } }, @@ -619,42 +620,41 @@ }, { "type": "node", - "name": "userBalance[msg.sender] = amount", + "name": "userBalance[msg.sender] = 0", "source_mapping": { - "start": 2187, - "length": 32, + "start": 1030, + "length": 27, "filename_relative": "tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol", "is_dependency": false, "lines": [ - 62 + 32 ], - "starting_column": 13, - "ending_column": 45 + "starting_column": 9, + "ending_column": 36 }, "type_specific_fields": { "parent": { "type": "function", - "name": "withdrawBalance_fixed_3", + "name": "withdrawBalance", "source_mapping": { - "start": 1843, - "length": 393, + "start": 707, + "length": 357, "filename_relative": "tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol", "is_dependency": false, "lines": [ - 55, - 56, - 57, - 58, - 59, - 60, - 61, - 62, - 63, - 64 + 25, + 26, + 27, + 28, + 29, + 30, + 31, + 32, + 33 ], "starting_column": 5, "ending_column": 6 @@ -739,7 +739,7 @@ "ending_column": 2 } }, - "signature": "withdrawBalance_fixed_3()" + "signature": "withdrawBalance()" } } }, @@ -749,10 +749,10 @@ } } ], - "description": "Reentrancy in Reentrancy.withdrawBalance_fixed_3() (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#55-64):\n\tExternal calls:\n\t- (ret,mem) = msg.sender.call.value(amount)() (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#60)\n\tState variables written after the call(s):\n\t- userBalance[msg.sender] = amount (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#62)\n", - "markdown": "Reentrancy in [Reentrancy.withdrawBalance_fixed_3()](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L55-L64):\n\tExternal calls:\n\t- [(ret,mem) = msg.sender.call.value(amount)()](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L60)\n\tState variables written after the call(s):\n\t- [userBalance[msg.sender] = amount](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L62)\n", - "first_markdown_element": "tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L55-L64", - "id": "c4d2dd489fd8bc396119bdd7e5a73c3782cf5fa27171112104e34b2f3ccf37c4", + "description": "Reentrancy in Reentrancy.withdrawBalance() (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#25-33):\n\tExternal calls:\n\t- (ret,mem) = msg.sender.call.value(userBalance[msg.sender])() (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#28)\n\tState variables written after the call(s):\n\t- userBalance[msg.sender] = 0 (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#32)\n\tReentrancy.userBalance (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#4) can be used in cross function reentrancies:\n\t- Reentrancy.addToBalance() (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#10-12)\n\t- Reentrancy.constructor() (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#15-23)\n\t- Reentrancy.getBalance(address) (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#6-8)\n\t- Reentrancy.withdrawBalance_fixed_3() (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#55-64)\n\t- Reentrancy.withdrawBalance() (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#25-33)\n\t- Reentrancy.withdrawBalance_fixed() (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#35-44)\n\t- Reentrancy.withdrawBalance_fixed_2() (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#46-53)\n", + "markdown": "Reentrancy in [Reentrancy.withdrawBalance()](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L25-L33):\n\tExternal calls:\n\t- [(ret,mem) = msg.sender.call.value(userBalance[msg.sender])()](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L28)\n\tState variables written after the call(s):\n\t- [userBalance[msg.sender] = 0](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L32)\n\t[Reentrancy.userBalance](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L4) can be used in cross function reentrancies:\n\t- [Reentrancy.addToBalance()](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L10-L12)\n\t- [Reentrancy.constructor()](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L15-L23)\n\t- [Reentrancy.getBalance(address)](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L6-L8)\n\t- [Reentrancy.withdrawBalance_fixed_3()](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L55-L64)\n\t- [Reentrancy.withdrawBalance()](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L25-L33)\n\t- [Reentrancy.withdrawBalance_fixed()](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L35-L44)\n\t- [Reentrancy.withdrawBalance_fixed_2()](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L46-L53)\n", + "first_markdown_element": "tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L25-L33", + "id": "8e2d5646c5d4c6276b4c732adccb83f27cedb7c979f67e27d86066a3c86ad293", "check": "reentrancy-eth", "impact": "High", "confidence": "Medium" diff --git a/tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol.0.6.11.ReentrancyEth.json b/tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol.0.6.11.ReentrancyEth.json index d33ca45ce..9bdf46f7e 100644 --- a/tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol.0.6.11.ReentrancyEth.json +++ b/tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol.0.6.11.ReentrancyEth.json @@ -428,10 +428,10 @@ } } ], - "description": "Reentrancy in Reentrancy.withdraw(address) (tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#22-29):\n\tExternal calls:\n\t- require(bool)(Token(token).transfer(msg.sender,token_deposed[token][msg.sender])) (tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#24)\n\tExternal calls sending eth:\n\t- msg.sender.transfer(eth_deposed[token][msg.sender]) (tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#23)\n\tState variables written after the call(s):\n\t- eth_deposed[token][msg.sender] = 0 (tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#26)\n\t- token_deposed[token][msg.sender] = 0 (tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#27)\n", - "markdown": "Reentrancy in [Reentrancy.withdraw(address)](tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#L22-L29):\n\tExternal calls:\n\t- [require(bool)(Token(token).transfer(msg.sender,token_deposed[token][msg.sender]))](tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#L24)\n\tExternal calls sending eth:\n\t- [msg.sender.transfer(eth_deposed[token][msg.sender])](tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#L23)\n\tState variables written after the call(s):\n\t- [eth_deposed[token][msg.sender] = 0](tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#L26)\n\t- [token_deposed[token][msg.sender] = 0](tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#L27)\n", + "description": "Reentrancy in Reentrancy.withdraw(address) (tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#22-29):\n\tExternal calls:\n\t- require(bool)(Token(token).transfer(msg.sender,token_deposed[token][msg.sender])) (tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#24)\n\tExternal calls sending eth:\n\t- msg.sender.transfer(eth_deposed[token][msg.sender]) (tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#23)\n\tState variables written after the call(s):\n\t- eth_deposed[token][msg.sender] = 0 (tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#26)\n\tReentrancy.eth_deposed (tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#10) can be used in cross function reentrancies:\n\t- Reentrancy.withdraw(address) (tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#22-29)\n\t- Reentrancy.deposit_eth(address) (tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#13-15)\n\t- token_deposed[token][msg.sender] = 0 (tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#27)\n\tReentrancy.token_deposed (tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#11) can be used in cross function reentrancies:\n\t- Reentrancy.deposit_token(address,uint256) (tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#17-20)\n\t- Reentrancy.withdraw(address) (tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#22-29)\n", + "markdown": "Reentrancy in [Reentrancy.withdraw(address)](tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#L22-L29):\n\tExternal calls:\n\t- [require(bool)(Token(token).transfer(msg.sender,token_deposed[token][msg.sender]))](tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#L24)\n\tExternal calls sending eth:\n\t- [msg.sender.transfer(eth_deposed[token][msg.sender])](tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#L23)\n\tState variables written after the call(s):\n\t- [eth_deposed[token][msg.sender] = 0](tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#L26)\n\t[Reentrancy.eth_deposed](tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#L10) can be used in cross function reentrancies:\n\t- [Reentrancy.withdraw(address)](tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#L22-L29)\n\t- [Reentrancy.deposit_eth(address)](tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#L13-L15)\n\t- [token_deposed[token][msg.sender] = 0](tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#L27)\n\t[Reentrancy.token_deposed](tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#L11) can be used in cross function reentrancies:\n\t- [Reentrancy.deposit_token(address,uint256)](tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#L17-L20)\n\t- [Reentrancy.withdraw(address)](tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#L22-L29)\n", "first_markdown_element": "tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#L22-L29", - "id": "592ad3a6f86cbf4b9e9e1c21c6345d8616f0e6e8a85c7e9ab283b5b0a1271c71", + "id": "c2901845976c503271b1f0210ebe3a50274502ce56d3de66f1bb8414c33891c5", "check": "reentrancy-eth", "impact": "High", "confidence": "Medium" diff --git a/tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol.0.7.6.ReentrancyEth.json b/tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol.0.7.6.ReentrancyEth.json index 7ef54ba95..c6206b38a 100644 --- a/tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol.0.7.6.ReentrancyEth.json +++ b/tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol.0.7.6.ReentrancyEth.json @@ -4,25 +4,24 @@ "elements": [ { "type": "function", - "name": "withdrawBalance_fixed_3", + "name": "withdrawBalance", "source_mapping": { - "start": 1839, - "length": 393, + "start": 703, + "length": 357, "filename_relative": "tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol", "is_dependency": false, "lines": [ - 55, - 56, - 57, - 58, - 59, - 60, - 61, - 62, - 63, - 64 + 25, + 26, + 27, + 28, + 29, + 30, + 31, + 32, + 33 ], "starting_column": 5, "ending_column": 6 @@ -107,47 +106,46 @@ "ending_column": 2 } }, - "signature": "withdrawBalance_fixed_3()" + "signature": "withdrawBalance()" } }, { "type": "node", - "name": "(ret,mem) = msg.sender.call{value: amount}()", + "name": "(ret,mem) = msg.sender.call{value: userBalance[msg.sender]}()", "source_mapping": { - "start": 2084, - "length": 64, + "start": 882, + "length": 81, "filename_relative": "tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol", "is_dependency": false, "lines": [ - 60 + 28 ], "starting_column": 9, - "ending_column": 73 + "ending_column": 90 }, "type_specific_fields": { "parent": { "type": "function", - "name": "withdrawBalance_fixed_3", + "name": "withdrawBalance", "source_mapping": { - "start": 1839, - "length": 393, + "start": 703, + "length": 357, "filename_relative": "tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol", "is_dependency": false, "lines": [ - 55, - 56, - 57, - 58, - 59, - 60, - 61, - 62, - 63, - 64 + 25, + 26, + 27, + 28, + 29, + 30, + 31, + 32, + 33 ], "starting_column": 5, "ending_column": 6 @@ -232,7 +230,7 @@ "ending_column": 2 } }, - "signature": "withdrawBalance_fixed_3()" + "signature": "withdrawBalance()" } } }, @@ -242,42 +240,41 @@ }, { "type": "node", - "name": "userBalance[msg.sender] = amount", + "name": "userBalance[msg.sender] = 0", "source_mapping": { - "start": 2183, - "length": 32, + "start": 1026, + "length": 27, "filename_relative": "tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol", "is_dependency": false, "lines": [ - 62 + 32 ], - "starting_column": 13, - "ending_column": 45 + "starting_column": 9, + "ending_column": 36 }, "type_specific_fields": { "parent": { "type": "function", - "name": "withdrawBalance_fixed_3", + "name": "withdrawBalance", "source_mapping": { - "start": 1839, - "length": 393, + "start": 703, + "length": 357, "filename_relative": "tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol", "is_dependency": false, "lines": [ - 55, - 56, - 57, - 58, - 59, - 60, - 61, - 62, - 63, - 64 + 25, + 26, + 27, + 28, + 29, + 30, + 31, + 32, + 33 ], "starting_column": 5, "ending_column": 6 @@ -362,7 +359,7 @@ "ending_column": 2 } }, - "signature": "withdrawBalance_fixed_3()" + "signature": "withdrawBalance()" } } }, @@ -372,10 +369,10 @@ } } ], - "description": "Reentrancy in Reentrancy.withdrawBalance_fixed_3() (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#55-64):\n\tExternal calls:\n\t- (ret,mem) = msg.sender.call{value: amount}() (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#60)\n\tState variables written after the call(s):\n\t- userBalance[msg.sender] = amount (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#62)\n", - "markdown": "Reentrancy in [Reentrancy.withdrawBalance_fixed_3()](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L55-L64):\n\tExternal calls:\n\t- [(ret,mem) = msg.sender.call{value: amount}()](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L60)\n\tState variables written after the call(s):\n\t- [userBalance[msg.sender] = amount](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L62)\n", - "first_markdown_element": "tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L55-L64", - "id": "d68cc7cd493eca1fda517423f6f6ad0a5671d0bbea1d80ec0cb403ca66d5d4b8", + "description": "Reentrancy in Reentrancy.withdrawBalance() (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#25-33):\n\tExternal calls:\n\t- (ret,mem) = msg.sender.call{value: userBalance[msg.sender]}() (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#28)\n\tState variables written after the call(s):\n\t- userBalance[msg.sender] = 0 (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#32)\n\tReentrancy.userBalance (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#4) can be used in cross function reentrancies:\n\t- Reentrancy.getBalance(address) (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#6-8)\n\t- Reentrancy.constructor() (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#15-23)\n\t- Reentrancy.addToBalance() (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#10-12)\n\t- Reentrancy.withdrawBalance_fixed() (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#35-44)\n\t- Reentrancy.withdrawBalance_fixed_3() (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#55-64)\n\t- Reentrancy.withdrawBalance() (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#25-33)\n\t- Reentrancy.withdrawBalance_fixed_2() (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#46-53)\n", + "markdown": "Reentrancy in [Reentrancy.withdrawBalance()](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L25-L33):\n\tExternal calls:\n\t- [(ret,mem) = msg.sender.call{value: userBalance[msg.sender]}()](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L28)\n\tState variables written after the call(s):\n\t- [userBalance[msg.sender] = 0](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L32)\n\t[Reentrancy.userBalance](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L4) can be used in cross function reentrancies:\n\t- [Reentrancy.getBalance(address)](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L6-L8)\n\t- [Reentrancy.constructor()](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L15-L23)\n\t- [Reentrancy.addToBalance()](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L10-L12)\n\t- [Reentrancy.withdrawBalance_fixed()](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L35-L44)\n\t- [Reentrancy.withdrawBalance_fixed_3()](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L55-L64)\n\t- [Reentrancy.withdrawBalance()](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L25-L33)\n\t- [Reentrancy.withdrawBalance_fixed_2()](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L46-L53)\n", + "first_markdown_element": "tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L25-L33", + "id": "37e2382d9122de6b05be022dc852d8adf129f921998831fcdc34a04d393dd384", "check": "reentrancy-eth", "impact": "High", "confidence": "Medium" @@ -384,24 +381,25 @@ "elements": [ { "type": "function", - "name": "withdrawBalance", + "name": "withdrawBalance_fixed_3", "source_mapping": { - "start": 703, - "length": 357, + "start": 1839, + "length": 393, "filename_relative": "tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol", "is_dependency": false, "lines": [ - 25, - 26, - 27, - 28, - 29, - 30, - 31, - 32, - 33 + 55, + 56, + 57, + 58, + 59, + 60, + 61, + 62, + 63, + 64 ], "starting_column": 5, "ending_column": 6 @@ -486,46 +484,47 @@ "ending_column": 2 } }, - "signature": "withdrawBalance()" + "signature": "withdrawBalance_fixed_3()" } }, { "type": "node", - "name": "(ret,mem) = msg.sender.call{value: userBalance[msg.sender]}()", + "name": "(ret,mem) = msg.sender.call{value: amount}()", "source_mapping": { - "start": 882, - "length": 81, + "start": 2084, + "length": 64, "filename_relative": "tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol", "is_dependency": false, "lines": [ - 28 + 60 ], "starting_column": 9, - "ending_column": 90 + "ending_column": 73 }, "type_specific_fields": { "parent": { "type": "function", - "name": "withdrawBalance", + "name": "withdrawBalance_fixed_3", "source_mapping": { - "start": 703, - "length": 357, + "start": 1839, + "length": 393, "filename_relative": "tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol", "is_dependency": false, "lines": [ - 25, - 26, - 27, - 28, - 29, - 30, - 31, - 32, - 33 + 55, + 56, + 57, + 58, + 59, + 60, + 61, + 62, + 63, + 64 ], "starting_column": 5, "ending_column": 6 @@ -610,7 +609,7 @@ "ending_column": 2 } }, - "signature": "withdrawBalance()" + "signature": "withdrawBalance_fixed_3()" } } }, @@ -620,41 +619,42 @@ }, { "type": "node", - "name": "userBalance[msg.sender] = 0", + "name": "userBalance[msg.sender] = amount", "source_mapping": { - "start": 1026, - "length": 27, + "start": 2183, + "length": 32, "filename_relative": "tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol", "is_dependency": false, "lines": [ - 32 + 62 ], - "starting_column": 9, - "ending_column": 36 + "starting_column": 13, + "ending_column": 45 }, "type_specific_fields": { "parent": { "type": "function", - "name": "withdrawBalance", + "name": "withdrawBalance_fixed_3", "source_mapping": { - "start": 703, - "length": 357, + "start": 1839, + "length": 393, "filename_relative": "tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol", "is_dependency": false, "lines": [ - 25, - 26, - 27, - 28, - 29, - 30, - 31, - 32, - 33 + 55, + 56, + 57, + 58, + 59, + 60, + 61, + 62, + 63, + 64 ], "starting_column": 5, "ending_column": 6 @@ -739,7 +739,7 @@ "ending_column": 2 } }, - "signature": "withdrawBalance()" + "signature": "withdrawBalance_fixed_3()" } } }, @@ -749,10 +749,10 @@ } } ], - "description": "Reentrancy in Reentrancy.withdrawBalance() (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#25-33):\n\tExternal calls:\n\t- (ret,mem) = msg.sender.call{value: userBalance[msg.sender]}() (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#28)\n\tState variables written after the call(s):\n\t- userBalance[msg.sender] = 0 (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#32)\n", - "markdown": "Reentrancy in [Reentrancy.withdrawBalance()](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L25-L33):\n\tExternal calls:\n\t- [(ret,mem) = msg.sender.call{value: userBalance[msg.sender]}()](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L28)\n\tState variables written after the call(s):\n\t- [userBalance[msg.sender] = 0](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L32)\n", - "first_markdown_element": "tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L25-L33", - "id": "df77aefe86b51d596b1dba22bde98d85390038724420e61fb18579fd90af852c", + "description": "Reentrancy in Reentrancy.withdrawBalance_fixed_3() (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#55-64):\n\tExternal calls:\n\t- (ret,mem) = msg.sender.call{value: amount}() (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#60)\n\tState variables written after the call(s):\n\t- userBalance[msg.sender] = amount (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#62)\n\tReentrancy.userBalance (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#4) can be used in cross function reentrancies:\n\t- Reentrancy.getBalance(address) (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#6-8)\n\t- Reentrancy.constructor() (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#15-23)\n\t- Reentrancy.addToBalance() (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#10-12)\n\t- Reentrancy.withdrawBalance_fixed() (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#35-44)\n\t- Reentrancy.withdrawBalance_fixed_3() (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#55-64)\n\t- Reentrancy.withdrawBalance() (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#25-33)\n\t- Reentrancy.withdrawBalance_fixed_2() (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#46-53)\n", + "markdown": "Reentrancy in [Reentrancy.withdrawBalance_fixed_3()](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L55-L64):\n\tExternal calls:\n\t- [(ret,mem) = msg.sender.call{value: amount}()](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L60)\n\tState variables written after the call(s):\n\t- [userBalance[msg.sender] = amount](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L62)\n\t[Reentrancy.userBalance](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L4) can be used in cross function reentrancies:\n\t- [Reentrancy.getBalance(address)](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L6-L8)\n\t- [Reentrancy.constructor()](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L15-L23)\n\t- [Reentrancy.addToBalance()](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L10-L12)\n\t- [Reentrancy.withdrawBalance_fixed()](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L35-L44)\n\t- [Reentrancy.withdrawBalance_fixed_3()](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L55-L64)\n\t- [Reentrancy.withdrawBalance()](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L25-L33)\n\t- [Reentrancy.withdrawBalance_fixed_2()](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L46-L53)\n", + "first_markdown_element": "tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L55-L64", + "id": "b40693864ea56a41248ea1fecfa8c0ed95552a62235a9282281b220d0c7000cc", "check": "reentrancy-eth", "impact": "High", "confidence": "Medium" diff --git a/tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol.0.7.6.ReentrancyEth.json b/tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol.0.7.6.ReentrancyEth.json index fb9b56b12..7907cfe64 100644 --- a/tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol.0.7.6.ReentrancyEth.json +++ b/tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol.0.7.6.ReentrancyEth.json @@ -428,10 +428,10 @@ } } ], - "description": "Reentrancy in Reentrancy.withdraw(address) (tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#22-29):\n\tExternal calls:\n\t- require(bool)(Token(token).transfer(msg.sender,token_deposed[token][msg.sender])) (tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#24)\n\tExternal calls sending eth:\n\t- msg.sender.transfer(eth_deposed[token][msg.sender]) (tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#23)\n\tState variables written after the call(s):\n\t- eth_deposed[token][msg.sender] = 0 (tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#26)\n\t- token_deposed[token][msg.sender] = 0 (tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#27)\n", - "markdown": "Reentrancy in [Reentrancy.withdraw(address)](tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#L22-L29):\n\tExternal calls:\n\t- [require(bool)(Token(token).transfer(msg.sender,token_deposed[token][msg.sender]))](tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#L24)\n\tExternal calls sending eth:\n\t- [msg.sender.transfer(eth_deposed[token][msg.sender])](tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#L23)\n\tState variables written after the call(s):\n\t- [eth_deposed[token][msg.sender] = 0](tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#L26)\n\t- [token_deposed[token][msg.sender] = 0](tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#L27)\n", + "description": "Reentrancy in Reentrancy.withdraw(address) (tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#22-29):\n\tExternal calls:\n\t- require(bool)(Token(token).transfer(msg.sender,token_deposed[token][msg.sender])) (tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#24)\n\tExternal calls sending eth:\n\t- msg.sender.transfer(eth_deposed[token][msg.sender]) (tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#23)\n\tState variables written after the call(s):\n\t- eth_deposed[token][msg.sender] = 0 (tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#26)\n\tReentrancy.eth_deposed (tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#10) can be used in cross function reentrancies:\n\t- Reentrancy.withdraw(address) (tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#22-29)\n\t- Reentrancy.deposit_eth(address) (tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#13-15)\n\t- token_deposed[token][msg.sender] = 0 (tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#27)\n\tReentrancy.token_deposed (tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#11) can be used in cross function reentrancies:\n\t- Reentrancy.withdraw(address) (tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#22-29)\n\t- Reentrancy.deposit_token(address,uint256) (tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#17-20)\n", + "markdown": "Reentrancy in [Reentrancy.withdraw(address)](tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#L22-L29):\n\tExternal calls:\n\t- [require(bool)(Token(token).transfer(msg.sender,token_deposed[token][msg.sender]))](tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#L24)\n\tExternal calls sending eth:\n\t- [msg.sender.transfer(eth_deposed[token][msg.sender])](tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#L23)\n\tState variables written after the call(s):\n\t- [eth_deposed[token][msg.sender] = 0](tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#L26)\n\t[Reentrancy.eth_deposed](tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#L10) can be used in cross function reentrancies:\n\t- [Reentrancy.withdraw(address)](tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#L22-L29)\n\t- [Reentrancy.deposit_eth(address)](tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#L13-L15)\n\t- [token_deposed[token][msg.sender] = 0](tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#L27)\n\t[Reentrancy.token_deposed](tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#L11) can be used in cross function reentrancies:\n\t- [Reentrancy.withdraw(address)](tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#L22-L29)\n\t- [Reentrancy.deposit_token(address,uint256)](tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#L17-L20)\n", "first_markdown_element": "tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#L22-L29", - "id": "24fc47678720105e363d9594b5bcec35f854903103c3c4a4ca82d9b4fb5348c3", + "id": "a84e723534171eddc7c9650042d0b8e9487490b61491df5e5faa8d91d5ce826f", "check": "reentrancy-eth", "impact": "High", "confidence": "Medium" diff --git a/tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol.0.4.25.ReentrancyReadBeforeWritten.json b/tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol.0.4.25.ReentrancyReadBeforeWritten.json index 9ad593e4e..c1cb8c22a 100644 --- a/tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol.0.4.25.ReentrancyReadBeforeWritten.json +++ b/tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol.0.4.25.ReentrancyReadBeforeWritten.json @@ -4,89 +4,25 @@ "elements": [ { "type": "function", - "name": "splitDAO", + "name": "transferFromWithoutReward", "source_mapping": { - "start": 36148, - "length": 2849, + "start": 41743, + "length": 247, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 947, - 948, - 949, - 950, - 951, - 952, - 953, - 954, - 955, - 956, - 957, - 958, - 959, - 960, - 961, - 962, - 963, - 964, - 965, - 966, - 967, - 968, - 969, - 970, - 971, - 972, - 973, - 974, - 975, - 976, - 977, - 978, - 979, - 980, - 981, - 982, - 983, - 984, - 985, - 986, - 987, - 988, - 989, - 990, - 991, - 992, - 993, - 994, - 995, - 996, - 997, - 998, - 999, - 1000, - 1001, - 1002, - 1003, - 1004, - 1005, - 1006, - 1007, - 1008, - 1009, - 1010, - 1011, - 1012, - 1013, - 1014, - 1015, - 1016, - 1017, - 1018, - 1019, - 1020 + 1112, + 1113, + 1114, + 1115, + 1116, + 1117, + 1118, + 1119, + 1120, + 1121 ], "starting_column": 5, "ending_column": 6 @@ -638,111 +574,47 @@ "ending_column": 2 } }, - "signature": "splitDAO(uint256,address)" + "signature": "transferFromWithoutReward(address,address,uint256)" } }, { "type": "node", - "name": "p.splitData[0].newDAO = createNewDAO(_newCurator)", + "name": "! withdrawRewardFor(_from)", "source_mapping": { - "start": 37159, - "length": 49, + "start": 41890, + "length": 25, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 974 + 1118 ], "starting_column": 13, - "ending_column": 62 + "ending_column": 38 }, "type_specific_fields": { "parent": { "type": "function", - "name": "splitDAO", + "name": "transferFromWithoutReward", "source_mapping": { - "start": 36148, - "length": 2849, + "start": 41743, + "length": 247, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 947, - 948, - 949, - 950, - 951, - 952, - 953, - 954, - 955, - 956, - 957, - 958, - 959, - 960, - 961, - 962, - 963, - 964, - 965, - 966, - 967, - 968, - 969, - 970, - 971, - 972, - 973, - 974, - 975, - 976, - 977, - 978, - 979, - 980, - 981, - 982, - 983, - 984, - 985, - 986, - 987, - 988, - 989, - 990, - 991, - 992, - 993, - 994, - 995, - 996, - 997, - 998, - 999, - 1000, - 1001, - 1002, - 1003, - 1004, - 1005, - 1006, - 1007, - 1008, - 1009, - 1010, - 1011, - 1012, - 1013, - 1014, - 1015, - 1016, - 1017, - 1018, - 1019, - 1020 + 1112, + 1113, + 1114, + 1115, + 1116, + 1117, + 1118, + 1119, + 1120, + 1121 ], "starting_column": 5, "ending_column": 6 @@ -1294,7 +1166,7 @@ "ending_column": 2 } }, - "signature": "splitDAO(uint256,address)" + "signature": "transferFromWithoutReward(address,address,uint256)" } } }, @@ -1304,36 +1176,43 @@ }, { "type": "node", - "name": "daoCreator.createDAO(_newCurator,0,0,now + splitExecutionPeriod)", + "name": "(balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply < paidOut[_account]", "source_mapping": { - "start": 44544, - "length": 74, + "start": 40461, + "length": 90, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1196 + 1065 ], - "starting_column": 9, - "ending_column": 83 + "starting_column": 13, + "ending_column": 103 }, "type_specific_fields": { "parent": { "type": "function", - "name": "createNewDAO", + "name": "withdrawRewardFor", "source_mapping": { - "start": 44427, - "length": 198, + "start": 40361, + "length": 473, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1194, - 1195, - 1196, - 1197 + 1064, + 1065, + 1066, + 1067, + 1068, + 1069, + 1070, + 1071, + 1072, + 1073, + 1074 ], "starting_column": 5, "ending_column": 6 @@ -1885,7 +1764,7 @@ "ending_column": 2 } }, - "signature": "createNewDAO(address)" + "signature": "withdrawRewardFor(address)" } } }, @@ -1895,106 +1774,44 @@ }, { "type": "node", - "name": "withdrawRewardFor(msg.sender)", + "name": "reward = (balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply - paidOut[_account]", "source_mapping": { - "start": 38796, - "length": 29, + "start": 40581, + "length": 116, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1015 + 1068, + 1069 ], "starting_column": 9, - "ending_column": 38 + "ending_column": 103 }, "type_specific_fields": { "parent": { "type": "function", - "name": "splitDAO", + "name": "withdrawRewardFor", "source_mapping": { - "start": 36148, - "length": 2849, + "start": 40361, + "length": 473, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 947, - 948, - 949, - 950, - 951, - 952, - 953, - 954, - 955, - 956, - 957, - 958, - 959, - 960, - 961, - 962, - 963, - 964, - 965, - 966, - 967, - 968, - 969, - 970, - 971, - 972, - 973, - 974, - 975, - 976, - 977, - 978, - 979, - 980, - 981, - 982, - 983, - 984, - 985, - 986, - 987, - 988, - 989, - 990, - 991, - 992, - 993, - 994, - 995, - 996, - 997, - 998, - 999, - 1000, - 1001, - 1002, - 1003, - 1004, - 1005, - 1006, - 1007, - 1008, - 1009, - 1010, - 1011, - 1012, - 1013, - 1014, - 1015, - 1016, - 1017, - 1018, - 1019, - 1020 + 1064, + 1065, + 1066, + 1067, + 1068, + 1069, + 1070, + 1071, + 1072, + 1073, + 1074 ], "starting_column": 5, "ending_column": 6 @@ -2546,29 +2363,29 @@ "ending_column": 2 } }, - "signature": "splitDAO(uint256,address)" + "signature": "withdrawRewardFor(address)" } } }, "additional_fields": { - "underlying_type": "external_calls" + "underlying_type": "external_calls_sending_eth" } }, { "type": "node", - "name": "(balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply < paidOut[_account]", + "name": "! rewardAccount.payOut(_account,reward)", "source_mapping": { - "start": 40461, - "length": 90, + "start": 40711, + "length": 39, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1065 + 1070 ], "starting_column": 13, - "ending_column": 103 + "ending_column": 52 }, "type_specific_fields": { "parent": { @@ -3154,44 +2971,42 @@ }, { "type": "node", - "name": "reward = (balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply - paidOut[_account]", + "name": "transferFrom(_from,_to,_value)", "source_mapping": { - "start": 40581, - "length": 116, + "start": 41944, + "length": 39, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1068, - 1069 + 1120 ], "starting_column": 9, - "ending_column": 103 + "ending_column": 48 }, "type_specific_fields": { "parent": { "type": "function", - "name": "withdrawRewardFor", + "name": "transferFromWithoutReward", "source_mapping": { - "start": 40361, - "length": 473, + "start": 41743, + "length": 247, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1064, - 1065, - 1066, - 1067, - 1068, - 1069, - 1070, - 1071, - 1072, - 1073, - 1074 + 1112, + 1113, + 1114, + 1115, + 1116, + 1117, + 1118, + 1119, + 1120, + 1121 ], "starting_column": 5, "ending_column": 6 @@ -3743,53 +3558,62 @@ "ending_column": 2 } }, - "signature": "withdrawRewardFor(address)" + "signature": "transferFromWithoutReward(address,address,uint256)" } } }, "additional_fields": { - "underlying_type": "external_calls_sending_eth" + "underlying_type": "variables_written", + "variable_name": "balances" } }, { "type": "node", - "name": "! rewardAccount.payOut(_account,reward)", + "name": "balances[_to] += _amount", "source_mapping": { - "start": 40711, - "length": 39, + "start": 4393, + "length": 24, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1070 + 120 ], "starting_column": 13, - "ending_column": 52 + "ending_column": 37 }, "type_specific_fields": { "parent": { "type": "function", - "name": "withdrawRewardFor", + "name": "transferFrom", "source_mapping": { - "start": 40361, - "length": 473, + "start": 4127, + "length": 509, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1064, - 1065, - 1066, - 1067, - 1068, - 1069, - 1070, - 1071, - 1072, - 1073, - 1074 + 110, + 111, + 112, + 113, + 114, + 115, + 116, + 117, + 118, + 119, + 120, + 121, + 122, + 123, + 124, + 125, + 126, + 127, + 128 ], "starting_column": 5, "ending_column": 6 @@ -3797,4365 +3621,244 @@ "type_specific_fields": { "parent": { "type": "contract", - "name": "DAO", + "name": "Token", "source_mapping": { - "start": 28296, - "length": 17108, + "start": 3440, + "length": 1550, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 694, - 695, - 696, - 697, - 698, - 699, - 700, - 701, - 702, - 703, - 704, - 705, - 706, - 707, - 708, - 709, - 710, - 711, - 712, - 713, - 714, - 715, - 716, - 717, - 718, - 719, - 720, - 721, - 722, - 723, - 724, - 725, - 726, - 727, - 728, - 729, - 730, - 731, - 732, - 733, - 734, - 735, - 736, - 737, - 738, - 739, - 740, - 741, - 742, - 743, - 744, - 745, - 746, - 747, - 748, - 749, - 750, - 751, - 752, - 753, - 754, - 755, - 756, - 757, - 758, - 759, - 760, - 761, - 762, - 763, - 764, - 765, - 766, - 767, - 768, - 769, - 770, - 771, - 772, - 773, - 774, - 775, - 776, - 777, - 778, - 779, - 780, - 781, - 782, - 783, - 784, - 785, - 786, - 787, - 788, - 789, - 790, - 791, - 792, - 793, - 794, - 795, - 796, - 797, - 798, - 799, - 800, - 801, - 802, - 803, - 804, - 805, - 806, - 807, - 808, - 809, - 810, - 811, - 812, - 813, - 814, - 815, - 816, - 817, - 818, - 819, - 820, - 821, - 822, - 823, - 824, - 825, - 826, - 827, - 828, - 829, - 830, - 831, - 832, - 833, - 834, - 835, - 836, - 837, - 838, - 839, - 840, - 841, - 842, - 843, - 844, - 845, - 846, - 847, - 848, - 849, - 850, - 851, - 852, - 853, - 854, - 855, - 856, - 857, - 858, - 859, - 860, - 861, - 862, - 863, - 864, - 865, - 866, - 867, - 868, - 869, - 870, - 871, - 872, - 873, - 874, - 875, - 876, - 877, - 878, - 879, - 880, - 881, - 882, - 883, - 884, - 885, - 886, - 887, - 888, - 889, - 890, - 891, - 892, - 893, - 894, - 895, - 896, - 897, - 898, - 899, - 900, - 901, - 902, - 903, - 904, - 905, - 906, - 907, - 908, - 909, - 910, - 911, - 912, - 913, - 914, - 915, - 916, - 917, - 918, - 919, - 920, - 921, - 922, - 923, - 924, - 925, - 926, - 927, - 928, - 929, - 930, - 931, - 932, - 933, - 934, - 935, - 936, - 937, - 938, - 939, - 940, - 941, - 942, - 943, - 944, - 945, - 946, - 947, - 948, - 949, - 950, - 951, - 952, - 953, - 954, - 955, - 956, - 957, - 958, - 959, - 960, - 961, - 962, - 963, - 964, - 965, - 966, - 967, - 968, - 969, - 970, - 971, - 972, - 973, - 974, - 975, - 976, - 977, - 978, - 979, - 980, - 981, - 982, - 983, - 984, - 985, - 986, - 987, - 988, - 989, - 990, - 991, - 992, - 993, - 994, - 995, - 996, - 997, - 998, - 999, - 1000, - 1001, - 1002, - 1003, - 1004, - 1005, - 1006, - 1007, - 1008, - 1009, - 1010, - 1011, - 1012, - 1013, - 1014, - 1015, - 1016, - 1017, - 1018, - 1019, - 1020, - 1021, - 1022, - 1023, - 1024, - 1025, - 1026, - 1027, - 1028, - 1029, - 1030, - 1031, - 1032, - 1033, - 1034, - 1035, - 1036, - 1037, - 1038, - 1039, - 1040, - 1041, - 1042, - 1043, - 1044, - 1045, - 1046, - 1047, - 1048, - 1049, - 1050, - 1051, - 1052, - 1053, - 1054, - 1055, - 1056, - 1057, - 1058, - 1059, - 1060, - 1061, - 1062, - 1063, - 1064, - 1065, - 1066, - 1067, - 1068, - 1069, - 1070, - 1071, - 1072, - 1073, - 1074, - 1075, - 1076, - 1077, - 1078, - 1079, - 1080, - 1081, - 1082, - 1083, - 1084, - 1085, - 1086, - 1087, - 1088, - 1089, - 1090, - 1091, - 1092, - 1093, - 1094, - 1095, - 1096, - 1097, - 1098, - 1099, - 1100, - 1101, - 1102, - 1103, - 1104, - 1105, - 1106, - 1107, - 1108, - 1109, - 1110, - 1111, - 1112, - 1113, - 1114, - 1115, - 1116, - 1117, - 1118, - 1119, - 1120, - 1121, - 1122, - 1123, - 1124, - 1125, - 1126, - 1127, - 1128, - 1129, - 1130, - 1131, - 1132, - 1133, - 1134, - 1135, - 1136, - 1137, - 1138, - 1139, - 1140, - 1141, - 1142, - 1143, - 1144, - 1145, - 1146, - 1147, - 1148, - 1149, - 1150, - 1151, - 1152, - 1153, - 1154, - 1155, - 1156, - 1157, - 1158, - 1159, - 1160, - 1161, - 1162, - 1163, - 1164, - 1165, - 1166, - 1167, - 1168, - 1169, - 1170, - 1171, - 1172, - 1173, - 1174, - 1175, - 1176, - 1177, - 1178, - 1179, - 1180, - 1181, - 1182, - 1183, - 1184, - 1185, - 1186, - 1187, - 1188, - 1189, - 1190, - 1191, - 1192, - 1193, - 1194, - 1195, - 1196, - 1197, - 1198, - 1199, - 1200, - 1201, - 1202, - 1203, - 1204, - 1205, - 1206, - 1207, - 1208, - 1209, - 1210, - 1211, - 1212, - 1213, - 1214, - 1215, - 1216, - 1217, - 1218, - 1219, - 1220, - 1221, - 1222, - 1223 - ], - "starting_column": 1, - "ending_column": 2 - } - }, - "signature": "withdrawRewardFor(address)" - } - } - }, - "additional_fields": { - "underlying_type": "external_calls_sending_eth" - } - }, - { - "type": "node", - "name": "balances[msg.sender] = 0", - "source_mapping": { - "start": 38912, - "length": 24, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 1017 - ], - "starting_column": 9, - "ending_column": 33 - }, - "type_specific_fields": { - "parent": { - "type": "function", - "name": "splitDAO", - "source_mapping": { - "start": 36148, - "length": 2849, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 947, - 948, - 949, - 950, - 951, - 952, - 953, - 954, - 955, - 956, - 957, - 958, - 959, - 960, - 961, - 962, - 963, - 964, - 965, - 966, - 967, - 968, - 969, - 970, - 971, - 972, - 973, - 974, - 975, - 976, - 977, - 978, - 979, - 980, - 981, - 982, - 983, - 984, - 985, - 986, - 987, - 988, - 989, - 990, - 991, - 992, - 993, - 994, - 995, - 996, - 997, - 998, - 999, - 1000, - 1001, - 1002, - 1003, - 1004, - 1005, - 1006, - 1007, - 1008, - 1009, - 1010, - 1011, - 1012, - 1013, - 1014, - 1015, - 1016, - 1017, - 1018, - 1019, - 1020 - ], - "starting_column": 5, - "ending_column": 6 - }, - "type_specific_fields": { - "parent": { - "type": "contract", - "name": "DAO", - "source_mapping": { - "start": 28296, - "length": 17108, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 694, - 695, - 696, - 697, - 698, - 699, - 700, - 701, - 702, - 703, - 704, - 705, - 706, - 707, - 708, - 709, - 710, - 711, - 712, - 713, - 714, - 715, - 716, - 717, - 718, - 719, - 720, - 721, - 722, - 723, - 724, - 725, - 726, - 727, - 728, - 729, - 730, - 731, - 732, - 733, - 734, - 735, - 736, - 737, - 738, - 739, - 740, - 741, - 742, - 743, - 744, - 745, - 746, - 747, - 748, - 749, - 750, - 751, - 752, - 753, - 754, - 755, - 756, - 757, - 758, - 759, - 760, - 761, - 762, - 763, - 764, - 765, - 766, - 767, - 768, - 769, - 770, - 771, - 772, - 773, - 774, - 775, - 776, - 777, - 778, - 779, - 780, - 781, - 782, - 783, - 784, - 785, - 786, - 787, - 788, - 789, - 790, - 791, - 792, - 793, - 794, - 795, - 796, - 797, - 798, - 799, - 800, - 801, - 802, - 803, - 804, - 805, - 806, - 807, - 808, - 809, - 810, - 811, - 812, - 813, - 814, - 815, - 816, - 817, - 818, - 819, - 820, - 821, - 822, - 823, - 824, - 825, - 826, - 827, - 828, - 829, - 830, - 831, - 832, - 833, - 834, - 835, - 836, - 837, - 838, - 839, - 840, - 841, - 842, - 843, - 844, - 845, - 846, - 847, - 848, - 849, - 850, - 851, - 852, - 853, - 854, - 855, - 856, - 857, - 858, - 859, - 860, - 861, - 862, - 863, - 864, - 865, - 866, - 867, - 868, - 869, - 870, - 871, - 872, - 873, - 874, - 875, - 876, - 877, - 878, - 879, - 880, - 881, - 882, - 883, - 884, - 885, - 886, - 887, - 888, - 889, - 890, - 891, - 892, - 893, - 894, - 895, - 896, - 897, - 898, - 899, - 900, - 901, - 902, - 903, - 904, - 905, - 906, - 907, - 908, - 909, - 910, - 911, - 912, - 913, - 914, - 915, - 916, - 917, - 918, - 919, - 920, - 921, - 922, - 923, - 924, - 925, - 926, - 927, - 928, - 929, - 930, - 931, - 932, - 933, - 934, - 935, - 936, - 937, - 938, - 939, - 940, - 941, - 942, - 943, - 944, - 945, - 946, - 947, - 948, - 949, - 950, - 951, - 952, - 953, - 954, - 955, - 956, - 957, - 958, - 959, - 960, - 961, - 962, - 963, - 964, - 965, - 966, - 967, - 968, - 969, - 970, - 971, - 972, - 973, - 974, - 975, - 976, - 977, - 978, - 979, - 980, - 981, - 982, - 983, - 984, - 985, - 986, - 987, - 988, - 989, - 990, - 991, - 992, - 993, - 994, - 995, - 996, - 997, - 998, - 999, - 1000, - 1001, - 1002, - 1003, - 1004, - 1005, - 1006, - 1007, - 1008, - 1009, - 1010, - 1011, - 1012, - 1013, - 1014, - 1015, - 1016, - 1017, - 1018, - 1019, - 1020, - 1021, - 1022, - 1023, - 1024, - 1025, - 1026, - 1027, - 1028, - 1029, - 1030, - 1031, - 1032, - 1033, - 1034, - 1035, - 1036, - 1037, - 1038, - 1039, - 1040, - 1041, - 1042, - 1043, - 1044, - 1045, - 1046, - 1047, - 1048, - 1049, - 1050, - 1051, - 1052, - 1053, - 1054, - 1055, - 1056, - 1057, - 1058, - 1059, - 1060, - 1061, - 1062, - 1063, - 1064, - 1065, - 1066, - 1067, - 1068, - 1069, - 1070, - 1071, - 1072, - 1073, - 1074, - 1075, - 1076, - 1077, - 1078, - 1079, - 1080, - 1081, - 1082, - 1083, - 1084, - 1085, - 1086, - 1087, - 1088, - 1089, - 1090, - 1091, - 1092, - 1093, - 1094, - 1095, - 1096, - 1097, - 1098, - 1099, - 1100, - 1101, - 1102, - 1103, - 1104, - 1105, - 1106, - 1107, - 1108, - 1109, - 1110, - 1111, - 1112, - 1113, - 1114, - 1115, - 1116, - 1117, - 1118, - 1119, - 1120, - 1121, - 1122, - 1123, - 1124, - 1125, - 1126, - 1127, - 1128, - 1129, - 1130, - 1131, - 1132, - 1133, - 1134, - 1135, - 1136, - 1137, - 1138, - 1139, - 1140, - 1141, - 1142, - 1143, - 1144, - 1145, - 1146, - 1147, - 1148, - 1149, - 1150, - 1151, - 1152, - 1153, - 1154, - 1155, - 1156, - 1157, - 1158, - 1159, - 1160, - 1161, - 1162, - 1163, - 1164, - 1165, - 1166, - 1167, - 1168, - 1169, - 1170, - 1171, - 1172, - 1173, - 1174, - 1175, - 1176, - 1177, - 1178, - 1179, - 1180, - 1181, - 1182, - 1183, - 1184, - 1185, - 1186, - 1187, - 1188, - 1189, - 1190, - 1191, - 1192, - 1193, - 1194, - 1195, - 1196, - 1197, - 1198, - 1199, - 1200, - 1201, - 1202, - 1203, - 1204, - 1205, - 1206, - 1207, - 1208, - 1209, - 1210, - 1211, - 1212, - 1213, - 1214, - 1215, - 1216, - 1217, - 1218, - 1219, - 1220, - 1221, - 1222, - 1223 - ], - "starting_column": 1, - "ending_column": 2 - } - }, - "signature": "splitDAO(uint256,address)" - } - } - }, - "additional_fields": { - "underlying_type": "variables_written", - "variable_name": "balances" - } - }, - { - "type": "node", - "name": "paidOut[msg.sender] = 0", - "source_mapping": { - "start": 38946, - "length": 23, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 1018 - ], - "starting_column": 9, - "ending_column": 32 - }, - "type_specific_fields": { - "parent": { - "type": "function", - "name": "splitDAO", - "source_mapping": { - "start": 36148, - "length": 2849, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 947, - 948, - 949, - 950, - 951, - 952, - 953, - 954, - 955, - 956, - 957, - 958, - 959, - 960, - 961, - 962, - 963, - 964, - 965, - 966, - 967, - 968, - 969, - 970, - 971, - 972, - 973, - 974, - 975, - 976, - 977, - 978, - 979, - 980, - 981, - 982, - 983, - 984, - 985, - 986, - 987, - 988, - 989, - 990, - 991, - 992, - 993, - 994, - 995, - 996, - 997, - 998, - 999, - 1000, - 1001, - 1002, - 1003, - 1004, - 1005, - 1006, - 1007, - 1008, - 1009, - 1010, - 1011, - 1012, - 1013, - 1014, - 1015, - 1016, - 1017, - 1018, - 1019, - 1020 - ], - "starting_column": 5, - "ending_column": 6 - }, - "type_specific_fields": { - "parent": { - "type": "contract", - "name": "DAO", - "source_mapping": { - "start": 28296, - "length": 17108, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 694, - 695, - 696, - 697, - 698, - 699, - 700, - 701, - 702, - 703, - 704, - 705, - 706, - 707, - 708, - 709, - 710, - 711, - 712, - 713, - 714, - 715, - 716, - 717, - 718, - 719, - 720, - 721, - 722, - 723, - 724, - 725, - 726, - 727, - 728, - 729, - 730, - 731, - 732, - 733, - 734, - 735, - 736, - 737, - 738, - 739, - 740, - 741, - 742, - 743, - 744, - 745, - 746, - 747, - 748, - 749, - 750, - 751, - 752, - 753, - 754, - 755, - 756, - 757, - 758, - 759, - 760, - 761, - 762, - 763, - 764, - 765, - 766, - 767, - 768, - 769, - 770, - 771, - 772, - 773, - 774, - 775, - 776, - 777, - 778, - 779, - 780, - 781, - 782, - 783, - 784, - 785, - 786, - 787, - 788, - 789, - 790, - 791, - 792, - 793, - 794, - 795, - 796, - 797, - 798, - 799, - 800, - 801, - 802, - 803, - 804, - 805, - 806, - 807, - 808, - 809, - 810, - 811, - 812, - 813, - 814, - 815, - 816, - 817, - 818, - 819, - 820, - 821, - 822, - 823, - 824, - 825, - 826, - 827, - 828, - 829, - 830, - 831, - 832, - 833, - 834, - 835, - 836, - 837, - 838, - 839, - 840, - 841, - 842, - 843, - 844, - 845, - 846, - 847, - 848, - 849, - 850, - 851, - 852, - 853, - 854, - 855, - 856, - 857, - 858, - 859, - 860, - 861, - 862, - 863, - 864, - 865, - 866, - 867, - 868, - 869, - 870, - 871, - 872, - 873, - 874, - 875, - 876, - 877, - 878, - 879, - 880, - 881, - 882, - 883, - 884, - 885, - 886, - 887, - 888, - 889, - 890, - 891, - 892, - 893, - 894, - 895, - 896, - 897, - 898, - 899, - 900, - 901, - 902, - 903, - 904, - 905, - 906, - 907, - 908, - 909, - 910, - 911, - 912, - 913, - 914, - 915, - 916, - 917, - 918, - 919, - 920, - 921, - 922, - 923, - 924, - 925, - 926, - 927, - 928, - 929, - 930, - 931, - 932, - 933, - 934, - 935, - 936, - 937, - 938, - 939, - 940, - 941, - 942, - 943, - 944, - 945, - 946, - 947, - 948, - 949, - 950, - 951, - 952, - 953, - 954, - 955, - 956, - 957, - 958, - 959, - 960, - 961, - 962, - 963, - 964, - 965, - 966, - 967, - 968, - 969, - 970, - 971, - 972, - 973, - 974, - 975, - 976, - 977, - 978, - 979, - 980, - 981, - 982, - 983, - 984, - 985, - 986, - 987, - 988, - 989, - 990, - 991, - 992, - 993, - 994, - 995, - 996, - 997, - 998, - 999, - 1000, - 1001, - 1002, - 1003, - 1004, - 1005, - 1006, - 1007, - 1008, - 1009, - 1010, - 1011, - 1012, - 1013, - 1014, - 1015, - 1016, - 1017, - 1018, - 1019, - 1020, - 1021, - 1022, - 1023, - 1024, - 1025, - 1026, - 1027, - 1028, - 1029, - 1030, - 1031, - 1032, - 1033, - 1034, - 1035, - 1036, - 1037, - 1038, - 1039, - 1040, - 1041, - 1042, - 1043, - 1044, - 1045, - 1046, - 1047, - 1048, - 1049, - 1050, - 1051, - 1052, - 1053, - 1054, - 1055, - 1056, - 1057, - 1058, - 1059, - 1060, - 1061, - 1062, - 1063, - 1064, - 1065, - 1066, - 1067, - 1068, - 1069, - 1070, - 1071, - 1072, - 1073, - 1074, - 1075, - 1076, - 1077, - 1078, - 1079, - 1080, - 1081, - 1082, - 1083, - 1084, - 1085, - 1086, - 1087, - 1088, - 1089, - 1090, - 1091, - 1092, - 1093, - 1094, - 1095, - 1096, - 1097, - 1098, - 1099, - 1100, - 1101, - 1102, - 1103, - 1104, - 1105, - 1106, - 1107, - 1108, - 1109, - 1110, - 1111, - 1112, - 1113, - 1114, - 1115, - 1116, - 1117, - 1118, - 1119, - 1120, - 1121, - 1122, - 1123, - 1124, - 1125, - 1126, - 1127, - 1128, - 1129, - 1130, - 1131, - 1132, - 1133, - 1134, - 1135, - 1136, - 1137, - 1138, - 1139, - 1140, - 1141, - 1142, - 1143, - 1144, - 1145, - 1146, - 1147, - 1148, - 1149, - 1150, - 1151, - 1152, - 1153, - 1154, - 1155, - 1156, - 1157, - 1158, - 1159, - 1160, - 1161, - 1162, - 1163, - 1164, - 1165, - 1166, - 1167, - 1168, - 1169, - 1170, - 1171, - 1172, - 1173, - 1174, - 1175, - 1176, - 1177, - 1178, - 1179, - 1180, - 1181, - 1182, - 1183, - 1184, - 1185, - 1186, - 1187, - 1188, - 1189, - 1190, - 1191, - 1192, - 1193, - 1194, - 1195, - 1196, - 1197, - 1198, - 1199, - 1200, - 1201, - 1202, - 1203, - 1204, - 1205, - 1206, - 1207, - 1208, - 1209, - 1210, - 1211, - 1212, - 1213, - 1214, - 1215, - 1216, - 1217, - 1218, - 1219, - 1220, - 1221, - 1222, - 1223 - ], - "starting_column": 1, - "ending_column": 2 - } - }, - "signature": "splitDAO(uint256,address)" - } - } - }, - "additional_fields": { - "underlying_type": "variables_written", - "variable_name": "paidOut" - } - }, - { - "type": "node", - "name": "totalSupply -= balances[msg.sender]", - "source_mapping": { - "start": 38867, - "length": 35, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 1016 - ], - "starting_column": 9, - "ending_column": 44 - }, - "type_specific_fields": { - "parent": { - "type": "function", - "name": "splitDAO", - "source_mapping": { - "start": 36148, - "length": 2849, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 947, - 948, - 949, - 950, - 951, - 952, - 953, - 954, - 955, - 956, - 957, - 958, - 959, - 960, - 961, - 962, - 963, - 964, - 965, - 966, - 967, - 968, - 969, - 970, - 971, - 972, - 973, - 974, - 975, - 976, - 977, - 978, - 979, - 980, - 981, - 982, - 983, - 984, - 985, - 986, - 987, - 988, - 989, - 990, - 991, - 992, - 993, - 994, - 995, - 996, - 997, - 998, - 999, - 1000, - 1001, - 1002, - 1003, - 1004, - 1005, - 1006, - 1007, - 1008, - 1009, - 1010, - 1011, - 1012, - 1013, - 1014, - 1015, - 1016, - 1017, - 1018, - 1019, - 1020 - ], - "starting_column": 5, - "ending_column": 6 - }, - "type_specific_fields": { - "parent": { - "type": "contract", - "name": "DAO", - "source_mapping": { - "start": 28296, - "length": 17108, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 694, - 695, - 696, - 697, - 698, - 699, - 700, - 701, - 702, - 703, - 704, - 705, - 706, - 707, - 708, - 709, - 710, - 711, - 712, - 713, - 714, - 715, - 716, - 717, - 718, - 719, - 720, - 721, - 722, - 723, - 724, - 725, - 726, - 727, - 728, - 729, - 730, - 731, - 732, - 733, - 734, - 735, - 736, - 737, - 738, - 739, - 740, - 741, - 742, - 743, - 744, - 745, - 746, - 747, - 748, - 749, - 750, - 751, - 752, - 753, - 754, - 755, - 756, - 757, - 758, - 759, - 760, - 761, - 762, - 763, - 764, - 765, - 766, - 767, - 768, - 769, - 770, - 771, - 772, - 773, - 774, - 775, - 776, - 777, - 778, - 779, - 780, - 781, - 782, - 783, - 784, - 785, - 786, - 787, - 788, - 789, - 790, - 791, - 792, - 793, - 794, - 795, - 796, - 797, - 798, - 799, - 800, - 801, - 802, - 803, - 804, - 805, - 806, - 807, - 808, - 809, - 810, - 811, - 812, - 813, - 814, - 815, - 816, - 817, - 818, - 819, - 820, - 821, - 822, - 823, - 824, - 825, - 826, - 827, - 828, - 829, - 830, - 831, - 832, - 833, - 834, - 835, - 836, - 837, - 838, - 839, - 840, - 841, - 842, - 843, - 844, - 845, - 846, - 847, - 848, - 849, - 850, - 851, - 852, - 853, - 854, - 855, - 856, - 857, - 858, - 859, - 860, - 861, - 862, - 863, - 864, - 865, - 866, - 867, - 868, - 869, - 870, - 871, - 872, - 873, - 874, - 875, - 876, - 877, - 878, - 879, - 880, - 881, - 882, - 883, - 884, - 885, - 886, - 887, - 888, - 889, - 890, - 891, - 892, - 893, - 894, - 895, - 896, - 897, - 898, - 899, - 900, - 901, - 902, - 903, - 904, - 905, - 906, - 907, - 908, - 909, - 910, - 911, - 912, - 913, - 914, - 915, - 916, - 917, - 918, - 919, - 920, - 921, - 922, - 923, - 924, - 925, - 926, - 927, - 928, - 929, - 930, - 931, - 932, - 933, - 934, - 935, - 936, - 937, - 938, - 939, - 940, - 941, - 942, - 943, - 944, - 945, - 946, - 947, - 948, - 949, - 950, - 951, - 952, - 953, - 954, - 955, - 956, - 957, - 958, - 959, - 960, - 961, - 962, - 963, - 964, - 965, - 966, - 967, - 968, - 969, - 970, - 971, - 972, - 973, - 974, - 975, - 976, - 977, - 978, - 979, - 980, - 981, - 982, - 983, - 984, - 985, - 986, - 987, - 988, - 989, - 990, - 991, - 992, - 993, - 994, - 995, - 996, - 997, - 998, - 999, - 1000, - 1001, - 1002, - 1003, - 1004, - 1005, - 1006, - 1007, - 1008, - 1009, - 1010, - 1011, - 1012, - 1013, - 1014, - 1015, - 1016, - 1017, - 1018, - 1019, - 1020, - 1021, - 1022, - 1023, - 1024, - 1025, - 1026, - 1027, - 1028, - 1029, - 1030, - 1031, - 1032, - 1033, - 1034, - 1035, - 1036, - 1037, - 1038, - 1039, - 1040, - 1041, - 1042, - 1043, - 1044, - 1045, - 1046, - 1047, - 1048, - 1049, - 1050, - 1051, - 1052, - 1053, - 1054, - 1055, - 1056, - 1057, - 1058, - 1059, - 1060, - 1061, - 1062, - 1063, - 1064, - 1065, - 1066, - 1067, - 1068, - 1069, - 1070, - 1071, - 1072, - 1073, - 1074, - 1075, - 1076, - 1077, - 1078, - 1079, - 1080, - 1081, - 1082, - 1083, - 1084, - 1085, - 1086, - 1087, - 1088, - 1089, - 1090, - 1091, - 1092, - 1093, - 1094, - 1095, - 1096, - 1097, - 1098, - 1099, - 1100, - 1101, - 1102, - 1103, - 1104, - 1105, - 1106, - 1107, - 1108, - 1109, - 1110, - 1111, - 1112, - 1113, - 1114, - 1115, - 1116, - 1117, - 1118, - 1119, - 1120, - 1121, - 1122, - 1123, - 1124, - 1125, - 1126, - 1127, - 1128, - 1129, - 1130, - 1131, - 1132, - 1133, - 1134, - 1135, - 1136, - 1137, - 1138, - 1139, - 1140, - 1141, - 1142, - 1143, - 1144, - 1145, - 1146, - 1147, - 1148, - 1149, - 1150, - 1151, - 1152, - 1153, - 1154, - 1155, - 1156, - 1157, - 1158, - 1159, - 1160, - 1161, - 1162, - 1163, - 1164, - 1165, - 1166, - 1167, - 1168, - 1169, - 1170, - 1171, - 1172, - 1173, - 1174, - 1175, - 1176, - 1177, - 1178, - 1179, - 1180, - 1181, - 1182, - 1183, - 1184, - 1185, - 1186, - 1187, - 1188, - 1189, - 1190, - 1191, - 1192, - 1193, - 1194, - 1195, - 1196, - 1197, - 1198, - 1199, - 1200, - 1201, - 1202, - 1203, - 1204, - 1205, - 1206, - 1207, - 1208, - 1209, - 1210, - 1211, - 1212, - 1213, - 1214, - 1215, - 1216, - 1217, - 1218, - 1219, - 1220, - 1221, - 1222, - 1223 - ], - "starting_column": 1, - "ending_column": 2 - } - }, - "signature": "splitDAO(uint256,address)" - } - } - }, - "additional_fields": { - "underlying_type": "variables_written", - "variable_name": "totalSupply" - } - } - ], - "description": "Reentrancy in DAO.splitDAO(uint256,address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#947-1020):\n\tExternal calls:\n\t- p.splitData[0].newDAO = createNewDAO(_newCurator) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#974)\n\t\t- daoCreator.createDAO(_newCurator,0,0,now + splitExecutionPeriod) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1196)\n\t- withdrawRewardFor(msg.sender) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1015)\n\t\t- (balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply < paidOut[_account] (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1065)\n\t\t- reward = (balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply - paidOut[_account] (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1068-1069)\n\t\t- ! rewardAccount.payOut(_account,reward) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1070)\n\tState variables written after the call(s):\n\t- balances[msg.sender] = 0 (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1017)\n\t- paidOut[msg.sender] = 0 (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1018)\n\t- totalSupply -= balances[msg.sender] (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1016)\n", - "markdown": "Reentrancy in [DAO.splitDAO(uint256,address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L947-L1020):\n\tExternal calls:\n\t- [p.splitData[0].newDAO = createNewDAO(_newCurator)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L974)\n\t\t- [daoCreator.createDAO(_newCurator,0,0,now + splitExecutionPeriod)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1196)\n\t- [withdrawRewardFor(msg.sender)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1015)\n\t\t- [(balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply < paidOut[_account]](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1065)\n\t\t- [reward = (balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply - paidOut[_account]](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1068-L1069)\n\t\t- [! rewardAccount.payOut(_account,reward)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1070)\n\tState variables written after the call(s):\n\t- [balances[msg.sender] = 0](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1017)\n\t- [paidOut[msg.sender] = 0](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1018)\n\t- [totalSupply -= balances[msg.sender]](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1016)\n", - "first_markdown_element": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L947-L1020", - "id": "4ce8b483e6c9e8e2bbc854d3ff7713e20404b0be5e7cc714329c9a56c52e8d31", - "check": "reentrancy-no-eth", - "impact": "Medium", - "confidence": "Medium" - }, - { - "elements": [ - { - "type": "function", - "name": "transferFromWithoutReward", - "source_mapping": { - "start": 41743, - "length": 247, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 1112, - 1113, - 1114, - 1115, - 1116, - 1117, - 1118, - 1119, - 1120, - 1121 - ], - "starting_column": 5, - "ending_column": 6 - }, - "type_specific_fields": { - "parent": { - "type": "contract", - "name": "DAO", - "source_mapping": { - "start": 28296, - "length": 17108, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 694, - 695, - 696, - 697, - 698, - 699, - 700, - 701, - 702, - 703, - 704, - 705, - 706, - 707, - 708, - 709, - 710, - 711, - 712, - 713, - 714, - 715, - 716, - 717, - 718, - 719, - 720, - 721, - 722, - 723, - 724, - 725, - 726, - 727, - 728, - 729, - 730, - 731, - 732, - 733, - 734, - 735, - 736, - 737, - 738, - 739, - 740, - 741, - 742, - 743, - 744, - 745, - 746, - 747, - 748, - 749, - 750, - 751, - 752, - 753, - 754, - 755, - 756, - 757, - 758, - 759, - 760, - 761, - 762, - 763, - 764, - 765, - 766, - 767, - 768, - 769, - 770, - 771, - 772, - 773, - 774, - 775, - 776, - 777, - 778, - 779, - 780, - 781, - 782, - 783, - 784, - 785, - 786, - 787, - 788, - 789, - 790, - 791, - 792, - 793, - 794, - 795, - 796, - 797, - 798, - 799, - 800, - 801, - 802, - 803, - 804, - 805, - 806, - 807, - 808, - 809, - 810, - 811, - 812, - 813, - 814, - 815, - 816, - 817, - 818, - 819, - 820, - 821, - 822, - 823, - 824, - 825, - 826, - 827, - 828, - 829, - 830, - 831, - 832, - 833, - 834, - 835, - 836, - 837, - 838, - 839, - 840, - 841, - 842, - 843, - 844, - 845, - 846, - 847, - 848, - 849, - 850, - 851, - 852, - 853, - 854, - 855, - 856, - 857, - 858, - 859, - 860, - 861, - 862, - 863, - 864, - 865, - 866, - 867, - 868, - 869, - 870, - 871, - 872, - 873, - 874, - 875, - 876, - 877, - 878, - 879, - 880, - 881, - 882, - 883, - 884, - 885, - 886, - 887, - 888, - 889, - 890, - 891, - 892, - 893, - 894, - 895, - 896, - 897, - 898, - 899, - 900, - 901, - 902, - 903, - 904, - 905, - 906, - 907, - 908, - 909, - 910, - 911, - 912, - 913, - 914, - 915, - 916, - 917, - 918, - 919, - 920, - 921, - 922, - 923, - 924, - 925, - 926, - 927, - 928, - 929, - 930, - 931, - 932, - 933, - 934, - 935, - 936, - 937, - 938, - 939, - 940, - 941, - 942, - 943, - 944, - 945, - 946, - 947, - 948, - 949, - 950, - 951, - 952, - 953, - 954, - 955, - 956, - 957, - 958, - 959, - 960, - 961, - 962, - 963, - 964, - 965, - 966, - 967, - 968, - 969, - 970, - 971, - 972, - 973, - 974, - 975, - 976, - 977, - 978, - 979, - 980, - 981, - 982, - 983, - 984, - 985, - 986, - 987, - 988, - 989, - 990, - 991, - 992, - 993, - 994, - 995, - 996, - 997, - 998, - 999, - 1000, - 1001, - 1002, - 1003, - 1004, - 1005, - 1006, - 1007, - 1008, - 1009, - 1010, - 1011, - 1012, - 1013, - 1014, - 1015, - 1016, - 1017, - 1018, - 1019, - 1020, - 1021, - 1022, - 1023, - 1024, - 1025, - 1026, - 1027, - 1028, - 1029, - 1030, - 1031, - 1032, - 1033, - 1034, - 1035, - 1036, - 1037, - 1038, - 1039, - 1040, - 1041, - 1042, - 1043, - 1044, - 1045, - 1046, - 1047, - 1048, - 1049, - 1050, - 1051, - 1052, - 1053, - 1054, - 1055, - 1056, - 1057, - 1058, - 1059, - 1060, - 1061, - 1062, - 1063, - 1064, - 1065, - 1066, - 1067, - 1068, - 1069, - 1070, - 1071, - 1072, - 1073, - 1074, - 1075, - 1076, - 1077, - 1078, - 1079, - 1080, - 1081, - 1082, - 1083, - 1084, - 1085, - 1086, - 1087, - 1088, - 1089, - 1090, - 1091, - 1092, - 1093, - 1094, - 1095, - 1096, - 1097, - 1098, - 1099, - 1100, - 1101, - 1102, - 1103, - 1104, - 1105, - 1106, - 1107, - 1108, - 1109, - 1110, - 1111, - 1112, - 1113, - 1114, - 1115, - 1116, - 1117, - 1118, - 1119, - 1120, - 1121, - 1122, - 1123, - 1124, - 1125, - 1126, - 1127, - 1128, - 1129, - 1130, - 1131, - 1132, - 1133, - 1134, - 1135, - 1136, - 1137, - 1138, - 1139, - 1140, - 1141, - 1142, - 1143, - 1144, - 1145, - 1146, - 1147, - 1148, - 1149, - 1150, - 1151, - 1152, - 1153, - 1154, - 1155, - 1156, - 1157, - 1158, - 1159, - 1160, - 1161, - 1162, - 1163, - 1164, - 1165, - 1166, - 1167, - 1168, - 1169, - 1170, - 1171, - 1172, - 1173, - 1174, - 1175, - 1176, - 1177, - 1178, - 1179, - 1180, - 1181, - 1182, - 1183, - 1184, - 1185, - 1186, - 1187, - 1188, - 1189, - 1190, - 1191, - 1192, - 1193, - 1194, - 1195, - 1196, - 1197, - 1198, - 1199, - 1200, - 1201, - 1202, - 1203, - 1204, - 1205, - 1206, - 1207, - 1208, - 1209, - 1210, - 1211, - 1212, - 1213, - 1214, - 1215, - 1216, - 1217, - 1218, - 1219, - 1220, - 1221, - 1222, - 1223 - ], - "starting_column": 1, - "ending_column": 2 - } - }, - "signature": "transferFromWithoutReward(address,address,uint256)" - } - }, - { - "type": "node", - "name": "! withdrawRewardFor(_from)", - "source_mapping": { - "start": 41890, - "length": 25, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 1118 - ], - "starting_column": 13, - "ending_column": 38 - }, - "type_specific_fields": { - "parent": { - "type": "function", - "name": "transferFromWithoutReward", - "source_mapping": { - "start": 41743, - "length": 247, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 1112, - 1113, - 1114, - 1115, - 1116, - 1117, - 1118, - 1119, - 1120, - 1121 - ], - "starting_column": 5, - "ending_column": 6 - }, - "type_specific_fields": { - "parent": { - "type": "contract", - "name": "DAO", - "source_mapping": { - "start": 28296, - "length": 17108, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 694, - 695, - 696, - 697, - 698, - 699, - 700, - 701, - 702, - 703, - 704, - 705, - 706, - 707, - 708, - 709, - 710, - 711, - 712, - 713, - 714, - 715, - 716, - 717, - 718, - 719, - 720, - 721, - 722, - 723, - 724, - 725, - 726, - 727, - 728, - 729, - 730, - 731, - 732, - 733, - 734, - 735, - 736, - 737, - 738, - 739, - 740, - 741, - 742, - 743, - 744, - 745, - 746, - 747, - 748, - 749, - 750, - 751, - 752, - 753, - 754, - 755, - 756, - 757, - 758, - 759, - 760, - 761, - 762, - 763, - 764, - 765, - 766, - 767, - 768, - 769, - 770, - 771, - 772, - 773, - 774, - 775, - 776, - 777, - 778, - 779, - 780, - 781, - 782, - 783, - 784, - 785, - 786, - 787, - 788, - 789, - 790, - 791, - 792, - 793, - 794, - 795, - 796, - 797, - 798, - 799, - 800, - 801, - 802, - 803, - 804, - 805, - 806, - 807, - 808, - 809, - 810, - 811, - 812, - 813, - 814, - 815, - 816, - 817, - 818, - 819, - 820, - 821, - 822, - 823, - 824, - 825, - 826, - 827, - 828, - 829, - 830, - 831, - 832, - 833, - 834, - 835, - 836, - 837, - 838, - 839, - 840, - 841, - 842, - 843, - 844, - 845, - 846, - 847, - 848, - 849, - 850, - 851, - 852, - 853, - 854, - 855, - 856, - 857, - 858, - 859, - 860, - 861, - 862, - 863, - 864, - 865, - 866, - 867, - 868, - 869, - 870, - 871, - 872, - 873, - 874, - 875, - 876, - 877, - 878, - 879, - 880, - 881, - 882, - 883, - 884, - 885, - 886, - 887, - 888, - 889, - 890, - 891, - 892, - 893, - 894, - 895, - 896, - 897, - 898, - 899, - 900, - 901, - 902, - 903, - 904, - 905, - 906, - 907, - 908, - 909, - 910, - 911, - 912, - 913, - 914, - 915, - 916, - 917, - 918, - 919, - 920, - 921, - 922, - 923, - 924, - 925, - 926, - 927, - 928, - 929, - 930, - 931, - 932, - 933, - 934, - 935, - 936, - 937, - 938, - 939, - 940, - 941, - 942, - 943, - 944, - 945, - 946, - 947, - 948, - 949, - 950, - 951, - 952, - 953, - 954, - 955, - 956, - 957, - 958, - 959, - 960, - 961, - 962, - 963, - 964, - 965, - 966, - 967, - 968, - 969, - 970, - 971, - 972, - 973, - 974, - 975, - 976, - 977, - 978, - 979, - 980, - 981, - 982, - 983, - 984, - 985, - 986, - 987, - 988, - 989, - 990, - 991, - 992, - 993, - 994, - 995, - 996, - 997, - 998, - 999, - 1000, - 1001, - 1002, - 1003, - 1004, - 1005, - 1006, - 1007, - 1008, - 1009, - 1010, - 1011, - 1012, - 1013, - 1014, - 1015, - 1016, - 1017, - 1018, - 1019, - 1020, - 1021, - 1022, - 1023, - 1024, - 1025, - 1026, - 1027, - 1028, - 1029, - 1030, - 1031, - 1032, - 1033, - 1034, - 1035, - 1036, - 1037, - 1038, - 1039, - 1040, - 1041, - 1042, - 1043, - 1044, - 1045, - 1046, - 1047, - 1048, - 1049, - 1050, - 1051, - 1052, - 1053, - 1054, - 1055, - 1056, - 1057, - 1058, - 1059, - 1060, - 1061, - 1062, - 1063, - 1064, - 1065, - 1066, - 1067, - 1068, - 1069, - 1070, - 1071, - 1072, - 1073, - 1074, - 1075, - 1076, - 1077, - 1078, - 1079, - 1080, - 1081, - 1082, - 1083, - 1084, - 1085, - 1086, - 1087, - 1088, - 1089, - 1090, - 1091, - 1092, - 1093, - 1094, - 1095, - 1096, - 1097, - 1098, - 1099, - 1100, - 1101, - 1102, - 1103, - 1104, - 1105, - 1106, - 1107, - 1108, - 1109, - 1110, - 1111, - 1112, - 1113, - 1114, - 1115, - 1116, - 1117, - 1118, - 1119, - 1120, - 1121, - 1122, - 1123, - 1124, - 1125, - 1126, - 1127, - 1128, - 1129, - 1130, - 1131, - 1132, - 1133, - 1134, - 1135, - 1136, - 1137, - 1138, - 1139, - 1140, - 1141, - 1142, - 1143, - 1144, - 1145, - 1146, - 1147, - 1148, - 1149, - 1150, - 1151, - 1152, - 1153, - 1154, - 1155, - 1156, - 1157, - 1158, - 1159, - 1160, - 1161, - 1162, - 1163, - 1164, - 1165, - 1166, - 1167, - 1168, - 1169, - 1170, - 1171, - 1172, - 1173, - 1174, - 1175, - 1176, - 1177, - 1178, - 1179, - 1180, - 1181, - 1182, - 1183, - 1184, - 1185, - 1186, - 1187, - 1188, - 1189, - 1190, - 1191, - 1192, - 1193, - 1194, - 1195, - 1196, - 1197, - 1198, - 1199, - 1200, - 1201, - 1202, - 1203, - 1204, - 1205, - 1206, - 1207, - 1208, - 1209, - 1210, - 1211, - 1212, - 1213, - 1214, - 1215, - 1216, - 1217, - 1218, - 1219, - 1220, - 1221, - 1222, - 1223 - ], - "starting_column": 1, - "ending_column": 2 - } - }, - "signature": "transferFromWithoutReward(address,address,uint256)" - } - } - }, - "additional_fields": { - "underlying_type": "external_calls" - } - }, - { - "type": "node", - "name": "(balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply < paidOut[_account]", - "source_mapping": { - "start": 40461, - "length": 90, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 1065 - ], - "starting_column": 13, - "ending_column": 103 - }, - "type_specific_fields": { - "parent": { - "type": "function", - "name": "withdrawRewardFor", - "source_mapping": { - "start": 40361, - "length": 473, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 1064, - 1065, - 1066, - 1067, - 1068, - 1069, - 1070, - 1071, - 1072, - 1073, - 1074 - ], - "starting_column": 5, - "ending_column": 6 - }, - "type_specific_fields": { - "parent": { - "type": "contract", - "name": "DAO", - "source_mapping": { - "start": 28296, - "length": 17108, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 694, - 695, - 696, - 697, - 698, - 699, - 700, - 701, - 702, - 703, - 704, - 705, - 706, - 707, - 708, - 709, - 710, - 711, - 712, - 713, - 714, - 715, - 716, - 717, - 718, - 719, - 720, - 721, - 722, - 723, - 724, - 725, - 726, - 727, - 728, - 729, - 730, - 731, - 732, - 733, - 734, - 735, - 736, - 737, - 738, - 739, - 740, - 741, - 742, - 743, - 744, - 745, - 746, - 747, - 748, - 749, - 750, - 751, - 752, - 753, - 754, - 755, - 756, - 757, - 758, - 759, - 760, - 761, - 762, - 763, - 764, - 765, - 766, - 767, - 768, - 769, - 770, - 771, - 772, - 773, - 774, - 775, - 776, - 777, - 778, - 779, - 780, - 781, - 782, - 783, - 784, - 785, - 786, - 787, - 788, - 789, - 790, - 791, - 792, - 793, - 794, - 795, - 796, - 797, - 798, - 799, - 800, - 801, - 802, - 803, - 804, - 805, - 806, - 807, - 808, - 809, - 810, - 811, - 812, - 813, - 814, - 815, - 816, - 817, - 818, - 819, - 820, - 821, - 822, - 823, - 824, - 825, - 826, - 827, - 828, - 829, - 830, - 831, - 832, - 833, - 834, - 835, - 836, - 837, - 838, - 839, - 840, - 841, - 842, - 843, - 844, - 845, - 846, - 847, - 848, - 849, - 850, - 851, - 852, - 853, - 854, - 855, - 856, - 857, - 858, - 859, - 860, - 861, - 862, - 863, - 864, - 865, - 866, - 867, - 868, - 869, - 870, - 871, - 872, - 873, - 874, - 875, - 876, - 877, - 878, - 879, - 880, - 881, - 882, - 883, - 884, - 885, - 886, - 887, - 888, - 889, - 890, - 891, - 892, - 893, - 894, - 895, - 896, - 897, - 898, - 899, - 900, - 901, - 902, - 903, - 904, - 905, - 906, - 907, - 908, - 909, - 910, - 911, - 912, - 913, - 914, - 915, - 916, - 917, - 918, - 919, - 920, - 921, - 922, - 923, - 924, - 925, - 926, - 927, - 928, - 929, - 930, - 931, - 932, - 933, - 934, - 935, - 936, - 937, - 938, - 939, - 940, - 941, - 942, - 943, - 944, - 945, - 946, - 947, - 948, - 949, - 950, - 951, - 952, - 953, - 954, - 955, - 956, - 957, - 958, - 959, - 960, - 961, - 962, - 963, - 964, - 965, - 966, - 967, - 968, - 969, - 970, - 971, - 972, - 973, - 974, - 975, - 976, - 977, - 978, - 979, - 980, - 981, - 982, - 983, - 984, - 985, - 986, - 987, - 988, - 989, - 990, - 991, - 992, - 993, - 994, - 995, - 996, - 997, - 998, - 999, - 1000, - 1001, - 1002, - 1003, - 1004, - 1005, - 1006, - 1007, - 1008, - 1009, - 1010, - 1011, - 1012, - 1013, - 1014, - 1015, - 1016, - 1017, - 1018, - 1019, - 1020, - 1021, - 1022, - 1023, - 1024, - 1025, - 1026, - 1027, - 1028, - 1029, - 1030, - 1031, - 1032, - 1033, - 1034, - 1035, - 1036, - 1037, - 1038, - 1039, - 1040, - 1041, - 1042, - 1043, - 1044, - 1045, - 1046, - 1047, - 1048, - 1049, - 1050, - 1051, - 1052, - 1053, - 1054, - 1055, - 1056, - 1057, - 1058, - 1059, - 1060, - 1061, - 1062, - 1063, - 1064, - 1065, - 1066, - 1067, - 1068, - 1069, - 1070, - 1071, - 1072, - 1073, - 1074, - 1075, - 1076, - 1077, - 1078, - 1079, - 1080, - 1081, - 1082, - 1083, - 1084, - 1085, - 1086, - 1087, - 1088, - 1089, - 1090, - 1091, - 1092, - 1093, - 1094, - 1095, - 1096, - 1097, - 1098, - 1099, - 1100, - 1101, - 1102, - 1103, - 1104, - 1105, - 1106, - 1107, - 1108, - 1109, - 1110, - 1111, - 1112, - 1113, - 1114, - 1115, - 1116, - 1117, - 1118, - 1119, - 1120, - 1121, - 1122, - 1123, - 1124, - 1125, - 1126, - 1127, - 1128, - 1129, - 1130, - 1131, - 1132, - 1133, - 1134, - 1135, - 1136, - 1137, - 1138, - 1139, - 1140, - 1141, - 1142, - 1143, - 1144, - 1145, - 1146, - 1147, - 1148, - 1149, - 1150, - 1151, - 1152, - 1153, - 1154, - 1155, - 1156, - 1157, - 1158, - 1159, - 1160, - 1161, - 1162, - 1163, - 1164, - 1165, - 1166, - 1167, - 1168, - 1169, - 1170, - 1171, - 1172, - 1173, - 1174, - 1175, - 1176, - 1177, - 1178, - 1179, - 1180, - 1181, - 1182, - 1183, - 1184, - 1185, - 1186, - 1187, - 1188, - 1189, - 1190, - 1191, - 1192, - 1193, - 1194, - 1195, - 1196, - 1197, - 1198, - 1199, - 1200, - 1201, - 1202, - 1203, - 1204, - 1205, - 1206, - 1207, - 1208, - 1209, - 1210, - 1211, - 1212, - 1213, - 1214, - 1215, - 1216, - 1217, - 1218, - 1219, - 1220, - 1221, - 1222, - 1223 + 90, + 91, + 92, + 93, + 94, + 95, + 96, + 97, + 98, + 99, + 100, + 101, + 102, + 103, + 104, + 105, + 106, + 107, + 108, + 109, + 110, + 111, + 112, + 113, + 114, + 115, + 116, + 117, + 118, + 119, + 120, + 121, + 122, + 123, + 124, + 125, + 126, + 127, + 128, + 129, + 130, + 131, + 132, + 133, + 134, + 135, + 136, + 137, + 138, + 139 ], "starting_column": 1, "ending_column": 2 } }, - "signature": "withdrawRewardFor(address)" + "signature": "transferFrom(address,address,uint256)" } } }, "additional_fields": { - "underlying_type": "external_calls_sending_eth" + "underlying_type": "variables_written", + "variable_name": "balances" } }, { "type": "node", - "name": "reward = (balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply - paidOut[_account]", + "name": "balances[_from] -= _amount", "source_mapping": { - "start": 40581, - "length": 116, + "start": 4431, + "length": 26, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1068, - 1069 + 121 + ], + "starting_column": 13, + "ending_column": 39 + }, + "type_specific_fields": { + "parent": { + "type": "function", + "name": "transferFrom", + "source_mapping": { + "start": 4127, + "length": 509, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 110, + 111, + 112, + 113, + 114, + 115, + 116, + 117, + 118, + 119, + 120, + 121, + 122, + 123, + 124, + 125, + 126, + 127, + 128 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "Token", + "source_mapping": { + "start": 3440, + "length": 1550, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 90, + 91, + 92, + 93, + 94, + 95, + 96, + 97, + 98, + 99, + 100, + 101, + 102, + 103, + 104, + 105, + 106, + 107, + 108, + 109, + 110, + 111, + 112, + 113, + 114, + 115, + 116, + 117, + 118, + 119, + 120, + 121, + 122, + 123, + 124, + 125, + 126, + 127, + 128, + 129, + 130, + 131, + 132, + 133, + 134, + 135, + 136, + 137, + 138, + 139 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "transferFrom(address,address,uint256)" + } + } + }, + "additional_fields": { + "underlying_type": "variables_written", + "variable_name": "balances" + } + }, + { + "type": "node", + "name": "transferFrom(_from,_to,_value)", + "source_mapping": { + "start": 41944, + "length": 39, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 1120 ], "starting_column": 9, - "ending_column": 103 + "ending_column": 48 }, "type_specific_fields": { "parent": { "type": "function", - "name": "withdrawRewardFor", + "name": "transferFromWithoutReward", "source_mapping": { - "start": 40361, - "length": 473, + "start": 41743, + "length": 247, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1064, - 1065, - 1066, - 1067, - 1068, - 1069, - 1070, - 1071, - 1072, - 1073, - 1074 + 1112, + 1113, + 1114, + 1115, + 1116, + 1117, + 1118, + 1119, + 1120, + 1121 ], "starting_column": 5, "ending_column": 6 @@ -8707,53 +4410,56 @@ "ending_column": 2 } }, - "signature": "withdrawRewardFor(address)" + "signature": "transferFromWithoutReward(address,address,uint256)" } } }, "additional_fields": { - "underlying_type": "external_calls_sending_eth" + "underlying_type": "variables_written", + "variable_name": "paidOut" } }, { "type": "node", - "name": "! rewardAccount.payOut(_account,reward)", + "name": "paidOut[_from] -= transferPaidOut", "source_mapping": { - "start": 40711, - "length": 39, + "start": 42279, + "length": 33, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1070 + 1133 ], - "starting_column": 13, - "ending_column": 52 + "starting_column": 9, + "ending_column": 42 }, "type_specific_fields": { "parent": { "type": "function", - "name": "withdrawRewardFor", + "name": "transferPaidOut", "source_mapping": { - "start": 40361, - "length": 473, + "start": 41997, + "length": 384, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1064, - 1065, - 1066, - 1067, - 1068, - 1069, - 1070, - 1071, - 1072, - 1073, - 1074 + 1124, + 1125, + 1126, + 1127, + 1128, + 1129, + 1130, + 1131, + 1132, + 1133, + 1134, + 1135, + 1136 ], "starting_column": 5, "ending_column": 6 @@ -9305,52 +5011,56 @@ "ending_column": 2 } }, - "signature": "withdrawRewardFor(address)" + "signature": "transferPaidOut(address,address,uint256)" } } }, "additional_fields": { - "underlying_type": "external_calls_sending_eth" + "underlying_type": "variables_written", + "variable_name": "paidOut" } }, { "type": "node", - "name": "transferFrom(_from,_to,_value)", + "name": "paidOut[_to] += transferPaidOut", "source_mapping": { - "start": 41944, - "length": 39, + "start": 42322, + "length": 31, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1120 + 1134 ], "starting_column": 9, - "ending_column": 48 + "ending_column": 40 }, "type_specific_fields": { "parent": { "type": "function", - "name": "transferFromWithoutReward", + "name": "transferPaidOut", "source_mapping": { - "start": 41743, - "length": 247, + "start": 41997, + "length": 384, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1112, - 1113, - 1114, - 1115, - 1116, - 1117, - 1118, - 1119, - 1120, - 1121 + 1124, + 1125, + 1126, + 1127, + 1128, + 1129, + 1130, + 1131, + 1132, + 1133, + 1134, + 1135, + 1136 ], "starting_column": 5, "ending_column": 6 @@ -9902,307 +5612,642 @@ "ending_column": 2 } }, - "signature": "transferFromWithoutReward(address,address,uint256)" - } - } - }, - "additional_fields": { - "underlying_type": "variables_written", - "variable_name": "balances" - } - }, - { - "type": "node", - "name": "balances[_to] += _amount", - "source_mapping": { - "start": 4393, - "length": 24, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 120 - ], - "starting_column": 13, - "ending_column": 37 - }, - "type_specific_fields": { - "parent": { - "type": "function", - "name": "transferFrom", - "source_mapping": { - "start": 4127, - "length": 509, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 110, - 111, - 112, - 113, - 114, - 115, - 116, - 117, - 118, - 119, - 120, - 121, - 122, - 123, - 124, - 125, - 126, - 127, - 128 - ], - "starting_column": 5, - "ending_column": 6 - }, - "type_specific_fields": { - "parent": { - "type": "contract", - "name": "Token", - "source_mapping": { - "start": 3440, - "length": 1550, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 90, - 91, - 92, - 93, - 94, - 95, - 96, - 97, - 98, - 99, - 100, - 101, - 102, - 103, - 104, - 105, - 106, - 107, - 108, - 109, - 110, - 111, - 112, - 113, - 114, - 115, - 116, - 117, - 118, - 119, - 120, - 121, - 122, - 123, - 124, - 125, - 126, - 127, - 128, - 129, - 130, - 131, - 132, - 133, - 134, - 135, - 136, - 137, - 138, - 139 - ], - "starting_column": 1, - "ending_column": 2 - } - }, - "signature": "transferFrom(address,address,uint256)" + "signature": "transferPaidOut(address,address,uint256)" } } }, "additional_fields": { "underlying_type": "variables_written", - "variable_name": "balances" + "variable_name": "paidOut" } - }, + } + ], + "description": "Reentrancy in DAO.transferFromWithoutReward(address,address,uint256) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1112-1121):\n\tExternal calls:\n\t- ! withdrawRewardFor(_from) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1118)\n\t\t- (balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply < paidOut[_account] (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1065)\n\t\t- reward = (balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply - paidOut[_account] (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1068-1069)\n\t\t- ! rewardAccount.payOut(_account,reward) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1070)\n\tState variables written after the call(s):\n\t- transferFrom(_from,_to,_value) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1120)\n\t\t- balances[_to] += _amount (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#120)\n\t\t- balances[_from] -= _amount (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#121)\n\tTokenInterface.balances (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#41) can be used in cross function reentrancies:\n\t- Token.transfer(address,uint256) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#99-108)\n\t- TokenCreation.createTokenProxy(address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#299-316)\n\t- DAO.splitDAO(uint256,address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#947-1020)\n\t- DAO.vote(uint256,bool) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#820-850)\n\t- Token.balanceOf(address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#95-97)\n\t- TokenCreation.refund() (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#318-332)\n\t- Token.transferFrom(address,address,uint256) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#110-128)\n\t- transferFrom(_from,_to,_value) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1120)\n\t\t- paidOut[_from] -= transferPaidOut (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1133)\n\t\t- paidOut[_to] += transferPaidOut (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1134)\n\tDAOInterface.paidOut (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#426) can be used in cross function reentrancies:\n\t- DAO.splitDAO(uint256,address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#947-1020)\n\t- DAO.transferPaidOut(address,address,uint256) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1124-1136)\n\t- DAO.withdrawRewardFor(address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1064-1074)\n\t- DAOInterface.paidOut (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#426)\n", + "markdown": "Reentrancy in [DAO.transferFromWithoutReward(address,address,uint256)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1112-L1121):\n\tExternal calls:\n\t- [! withdrawRewardFor(_from)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1118)\n\t\t- [(balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply < paidOut[_account]](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1065)\n\t\t- [reward = (balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply - paidOut[_account]](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1068-L1069)\n\t\t- [! rewardAccount.payOut(_account,reward)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1070)\n\tState variables written after the call(s):\n\t- [transferFrom(_from,_to,_value)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1120)\n\t\t- [balances[_to] += _amount](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L120)\n\t\t- [balances[_from] -= _amount](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L121)\n\t[TokenInterface.balances](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L41) can be used in cross function reentrancies:\n\t- [Token.transfer(address,uint256)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L99-L108)\n\t- [TokenCreation.createTokenProxy(address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L299-L316)\n\t- [DAO.splitDAO(uint256,address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L947-L1020)\n\t- [DAO.vote(uint256,bool)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L820-L850)\n\t- [Token.balanceOf(address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L95-L97)\n\t- [TokenCreation.refund()](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L318-L332)\n\t- [Token.transferFrom(address,address,uint256)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L110-L128)\n\t- [transferFrom(_from,_to,_value)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1120)\n\t\t- [paidOut[_from] -= transferPaidOut](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1133)\n\t\t- [paidOut[_to] += transferPaidOut](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1134)\n\t[DAOInterface.paidOut](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L426) can be used in cross function reentrancies:\n\t- [DAO.splitDAO(uint256,address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L947-L1020)\n\t- [DAO.transferPaidOut(address,address,uint256)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1124-L1136)\n\t- [DAO.withdrawRewardFor(address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1064-L1074)\n\t- [DAOInterface.paidOut](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L426)\n", + "first_markdown_element": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1112-L1121", + "id": "216c6ec9fc52ceccdc93f86ce1142188621b5ccc6937a763a63769017613d894", + "check": "reentrancy-no-eth", + "impact": "Medium", + "confidence": "Medium" + }, + { + "elements": [ { - "type": "node", - "name": "balances[_from] -= _amount", + "type": "function", + "name": "withdrawRewardFor", "source_mapping": { - "start": 4431, - "length": 26, + "start": 40361, + "length": 473, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 121 + 1064, + 1065, + 1066, + 1067, + 1068, + 1069, + 1070, + 1071, + 1072, + 1073, + 1074 ], - "starting_column": 13, - "ending_column": 39 + "starting_column": 5, + "ending_column": 6 }, "type_specific_fields": { "parent": { - "type": "function", - "name": "transferFrom", + "type": "contract", + "name": "DAO", "source_mapping": { - "start": 4127, - "length": 509, + "start": 28296, + "length": 17108, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 110, - 111, - 112, - 113, - 114, - 115, - 116, - 117, - 118, - 119, - 120, - 121, - 122, - 123, - 124, - 125, - 126, - 127, - 128 + 694, + 695, + 696, + 697, + 698, + 699, + 700, + 701, + 702, + 703, + 704, + 705, + 706, + 707, + 708, + 709, + 710, + 711, + 712, + 713, + 714, + 715, + 716, + 717, + 718, + 719, + 720, + 721, + 722, + 723, + 724, + 725, + 726, + 727, + 728, + 729, + 730, + 731, + 732, + 733, + 734, + 735, + 736, + 737, + 738, + 739, + 740, + 741, + 742, + 743, + 744, + 745, + 746, + 747, + 748, + 749, + 750, + 751, + 752, + 753, + 754, + 755, + 756, + 757, + 758, + 759, + 760, + 761, + 762, + 763, + 764, + 765, + 766, + 767, + 768, + 769, + 770, + 771, + 772, + 773, + 774, + 775, + 776, + 777, + 778, + 779, + 780, + 781, + 782, + 783, + 784, + 785, + 786, + 787, + 788, + 789, + 790, + 791, + 792, + 793, + 794, + 795, + 796, + 797, + 798, + 799, + 800, + 801, + 802, + 803, + 804, + 805, + 806, + 807, + 808, + 809, + 810, + 811, + 812, + 813, + 814, + 815, + 816, + 817, + 818, + 819, + 820, + 821, + 822, + 823, + 824, + 825, + 826, + 827, + 828, + 829, + 830, + 831, + 832, + 833, + 834, + 835, + 836, + 837, + 838, + 839, + 840, + 841, + 842, + 843, + 844, + 845, + 846, + 847, + 848, + 849, + 850, + 851, + 852, + 853, + 854, + 855, + 856, + 857, + 858, + 859, + 860, + 861, + 862, + 863, + 864, + 865, + 866, + 867, + 868, + 869, + 870, + 871, + 872, + 873, + 874, + 875, + 876, + 877, + 878, + 879, + 880, + 881, + 882, + 883, + 884, + 885, + 886, + 887, + 888, + 889, + 890, + 891, + 892, + 893, + 894, + 895, + 896, + 897, + 898, + 899, + 900, + 901, + 902, + 903, + 904, + 905, + 906, + 907, + 908, + 909, + 910, + 911, + 912, + 913, + 914, + 915, + 916, + 917, + 918, + 919, + 920, + 921, + 922, + 923, + 924, + 925, + 926, + 927, + 928, + 929, + 930, + 931, + 932, + 933, + 934, + 935, + 936, + 937, + 938, + 939, + 940, + 941, + 942, + 943, + 944, + 945, + 946, + 947, + 948, + 949, + 950, + 951, + 952, + 953, + 954, + 955, + 956, + 957, + 958, + 959, + 960, + 961, + 962, + 963, + 964, + 965, + 966, + 967, + 968, + 969, + 970, + 971, + 972, + 973, + 974, + 975, + 976, + 977, + 978, + 979, + 980, + 981, + 982, + 983, + 984, + 985, + 986, + 987, + 988, + 989, + 990, + 991, + 992, + 993, + 994, + 995, + 996, + 997, + 998, + 999, + 1000, + 1001, + 1002, + 1003, + 1004, + 1005, + 1006, + 1007, + 1008, + 1009, + 1010, + 1011, + 1012, + 1013, + 1014, + 1015, + 1016, + 1017, + 1018, + 1019, + 1020, + 1021, + 1022, + 1023, + 1024, + 1025, + 1026, + 1027, + 1028, + 1029, + 1030, + 1031, + 1032, + 1033, + 1034, + 1035, + 1036, + 1037, + 1038, + 1039, + 1040, + 1041, + 1042, + 1043, + 1044, + 1045, + 1046, + 1047, + 1048, + 1049, + 1050, + 1051, + 1052, + 1053, + 1054, + 1055, + 1056, + 1057, + 1058, + 1059, + 1060, + 1061, + 1062, + 1063, + 1064, + 1065, + 1066, + 1067, + 1068, + 1069, + 1070, + 1071, + 1072, + 1073, + 1074, + 1075, + 1076, + 1077, + 1078, + 1079, + 1080, + 1081, + 1082, + 1083, + 1084, + 1085, + 1086, + 1087, + 1088, + 1089, + 1090, + 1091, + 1092, + 1093, + 1094, + 1095, + 1096, + 1097, + 1098, + 1099, + 1100, + 1101, + 1102, + 1103, + 1104, + 1105, + 1106, + 1107, + 1108, + 1109, + 1110, + 1111, + 1112, + 1113, + 1114, + 1115, + 1116, + 1117, + 1118, + 1119, + 1120, + 1121, + 1122, + 1123, + 1124, + 1125, + 1126, + 1127, + 1128, + 1129, + 1130, + 1131, + 1132, + 1133, + 1134, + 1135, + 1136, + 1137, + 1138, + 1139, + 1140, + 1141, + 1142, + 1143, + 1144, + 1145, + 1146, + 1147, + 1148, + 1149, + 1150, + 1151, + 1152, + 1153, + 1154, + 1155, + 1156, + 1157, + 1158, + 1159, + 1160, + 1161, + 1162, + 1163, + 1164, + 1165, + 1166, + 1167, + 1168, + 1169, + 1170, + 1171, + 1172, + 1173, + 1174, + 1175, + 1176, + 1177, + 1178, + 1179, + 1180, + 1181, + 1182, + 1183, + 1184, + 1185, + 1186, + 1187, + 1188, + 1189, + 1190, + 1191, + 1192, + 1193, + 1194, + 1195, + 1196, + 1197, + 1198, + 1199, + 1200, + 1201, + 1202, + 1203, + 1204, + 1205, + 1206, + 1207, + 1208, + 1209, + 1210, + 1211, + 1212, + 1213, + 1214, + 1215, + 1216, + 1217, + 1218, + 1219, + 1220, + 1221, + 1222, + 1223 ], - "starting_column": 5, - "ending_column": 6 - }, - "type_specific_fields": { - "parent": { - "type": "contract", - "name": "Token", - "source_mapping": { - "start": 3440, - "length": 1550, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 90, - 91, - 92, - 93, - 94, - 95, - 96, - 97, - 98, - 99, - 100, - 101, - 102, - 103, - 104, - 105, - 106, - 107, - 108, - 109, - 110, - 111, - 112, - 113, - 114, - 115, - 116, - 117, - 118, - 119, - 120, - 121, - 122, - 123, - 124, - 125, - 126, - 127, - 128, - 129, - 130, - 131, - 132, - 133, - 134, - 135, - 136, - 137, - 138, - 139 - ], - "starting_column": 1, - "ending_column": 2 - } - }, - "signature": "transferFrom(address,address,uint256)" + "starting_column": 1, + "ending_column": 2 } - } - }, - "additional_fields": { - "underlying_type": "variables_written", - "variable_name": "balances" + }, + "signature": "withdrawRewardFor(address)" } }, { "type": "node", - "name": "transferFrom(_from,_to,_value)", + "name": "reward = (balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply - paidOut[_account]", "source_mapping": { - "start": 41944, - "length": 39, + "start": 40581, + "length": 116, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1120 + 1068, + 1069 ], "starting_column": 9, - "ending_column": 48 + "ending_column": 103 }, "type_specific_fields": { "parent": { "type": "function", - "name": "transferFromWithoutReward", + "name": "withdrawRewardFor", "source_mapping": { - "start": 41743, - "length": 247, + "start": 40361, + "length": 473, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1112, - 1113, - 1114, - 1115, - 1116, - 1117, - 1118, - 1119, - 1120, - 1121 + 1064, + 1065, + 1066, + 1067, + 1068, + 1069, + 1070, + 1071, + 1072, + 1073, + 1074 ], "starting_column": 5, "ending_column": 6 @@ -10754,56 +6799,53 @@ "ending_column": 2 } }, - "signature": "transferFromWithoutReward(address,address,uint256)" + "signature": "withdrawRewardFor(address)" } } }, "additional_fields": { - "underlying_type": "variables_written", - "variable_name": "paidOut" + "underlying_type": "external_calls" } }, { "type": "node", - "name": "paidOut[_from] -= transferPaidOut", + "name": "! rewardAccount.payOut(_account,reward)", "source_mapping": { - "start": 42279, - "length": 33, + "start": 40711, + "length": 39, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1133 + 1070 ], - "starting_column": 9, - "ending_column": 42 + "starting_column": 13, + "ending_column": 52 }, "type_specific_fields": { "parent": { "type": "function", - "name": "transferPaidOut", + "name": "withdrawRewardFor", "source_mapping": { - "start": 41997, - "length": 384, + "start": 40361, + "length": 473, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1124, - 1125, - 1126, - 1127, - 1128, - 1129, - 1130, - 1131, - 1132, - 1133, - 1134, - 1135, - 1136 + 1064, + 1065, + 1066, + 1067, + 1068, + 1069, + 1070, + 1071, + 1072, + 1073, + 1074 ], "starting_column": 5, "ending_column": 6 @@ -11355,56 +7397,53 @@ "ending_column": 2 } }, - "signature": "transferPaidOut(address,address,uint256)" + "signature": "withdrawRewardFor(address)" } } }, "additional_fields": { - "underlying_type": "variables_written", - "variable_name": "paidOut" + "underlying_type": "external_calls" } }, { "type": "node", - "name": "paidOut[_to] += transferPaidOut", + "name": "paidOut[_account] += reward", "source_mapping": { - "start": 42322, - "length": 31, + "start": 40779, + "length": 27, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1134 + 1072 ], "starting_column": 9, - "ending_column": 40 + "ending_column": 36 }, "type_specific_fields": { "parent": { "type": "function", - "name": "transferPaidOut", + "name": "withdrawRewardFor", "source_mapping": { - "start": 41997, - "length": 384, + "start": 40361, + "length": 473, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1124, - 1125, - 1126, - 1127, - 1128, - 1129, - 1130, - 1131, - 1132, - 1133, - 1134, - 1135, - 1136 + 1064, + 1065, + 1066, + 1067, + 1068, + 1069, + 1070, + 1071, + 1072, + 1073, + 1074 ], "starting_column": 5, "ending_column": 6 @@ -11956,7 +7995,7 @@ "ending_column": 2 } }, - "signature": "transferPaidOut(address,address,uint256)" + "signature": "withdrawRewardFor(address)" } } }, @@ -11966,10 +8005,10 @@ } } ], - "description": "Reentrancy in DAO.transferFromWithoutReward(address,address,uint256) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1112-1121):\n\tExternal calls:\n\t- ! withdrawRewardFor(_from) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1118)\n\t\t- (balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply < paidOut[_account] (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1065)\n\t\t- reward = (balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply - paidOut[_account] (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1068-1069)\n\t\t- ! rewardAccount.payOut(_account,reward) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1070)\n\tState variables written after the call(s):\n\t- transferFrom(_from,_to,_value) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1120)\n\t\t- balances[_to] += _amount (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#120)\n\t\t- balances[_from] -= _amount (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#121)\n\t- transferFrom(_from,_to,_value) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1120)\n\t\t- paidOut[_from] -= transferPaidOut (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1133)\n\t\t- paidOut[_to] += transferPaidOut (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1134)\n", - "markdown": "Reentrancy in [DAO.transferFromWithoutReward(address,address,uint256)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1112-L1121):\n\tExternal calls:\n\t- [! withdrawRewardFor(_from)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1118)\n\t\t- [(balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply < paidOut[_account]](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1065)\n\t\t- [reward = (balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply - paidOut[_account]](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1068-L1069)\n\t\t- [! rewardAccount.payOut(_account,reward)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1070)\n\tState variables written after the call(s):\n\t- [transferFrom(_from,_to,_value)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1120)\n\t\t- [balances[_to] += _amount](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L120)\n\t\t- [balances[_from] -= _amount](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L121)\n\t- [transferFrom(_from,_to,_value)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1120)\n\t\t- [paidOut[_from] -= transferPaidOut](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1133)\n\t\t- [paidOut[_to] += transferPaidOut](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1134)\n", - "first_markdown_element": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1112-L1121", - "id": "b888f2335a7b1a29c1f4940886bfbe26a6277d2dca59310ede3dfdb6f02adeb0", + "description": "Reentrancy in DAO.withdrawRewardFor(address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1064-1074):\n\tExternal calls:\n\t- reward = (balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply - paidOut[_account] (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1068-1069)\n\t- ! rewardAccount.payOut(_account,reward) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1070)\n\tState variables written after the call(s):\n\t- paidOut[_account] += reward (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1072)\n\tDAOInterface.paidOut (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#426) can be used in cross function reentrancies:\n\t- DAO.splitDAO(uint256,address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#947-1020)\n\t- DAO.transferPaidOut(address,address,uint256) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1124-1136)\n\t- DAO.withdrawRewardFor(address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1064-1074)\n\t- DAOInterface.paidOut (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#426)\n", + "markdown": "Reentrancy in [DAO.withdrawRewardFor(address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1064-L1074):\n\tExternal calls:\n\t- [reward = (balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply - paidOut[_account]](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1068-L1069)\n\t- [! rewardAccount.payOut(_account,reward)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1070)\n\tState variables written after the call(s):\n\t- [paidOut[_account] += reward](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1072)\n\t[DAOInterface.paidOut](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L426) can be used in cross function reentrancies:\n\t- [DAO.splitDAO(uint256,address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L947-L1020)\n\t- [DAO.transferPaidOut(address,address,uint256)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1124-L1136)\n\t- [DAO.withdrawRewardFor(address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1064-L1074)\n\t- [DAOInterface.paidOut](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L426)\n", + "first_markdown_element": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1064-L1074", + "id": "2660bfd41b50f556e2d92972f4fe983a0d64930fc55431952f842a5ae8066bc8", "check": "reentrancy-no-eth", "impact": "Medium", "confidence": "Medium" @@ -11978,20 +8017,89 @@ "elements": [ { "type": "function", - "name": "transferWithoutReward", + "name": "splitDAO", "source_mapping": { - "start": 41191, - "length": 175, + "start": 36148, + "length": 2849, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1091, - 1092, - 1093, - 1094, - 1095 + 947, + 948, + 949, + 950, + 951, + 952, + 953, + 954, + 955, + 956, + 957, + 958, + 959, + 960, + 961, + 962, + 963, + 964, + 965, + 966, + 967, + 968, + 969, + 970, + 971, + 972, + 973, + 974, + 975, + 976, + 977, + 978, + 979, + 980, + 981, + 982, + 983, + 984, + 985, + 986, + 987, + 988, + 989, + 990, + 991, + 992, + 993, + 994, + 995, + 996, + 997, + 998, + 999, + 1000, + 1001, + 1002, + 1003, + 1004, + 1005, + 1006, + 1007, + 1008, + 1009, + 1010, + 1011, + 1012, + 1013, + 1014, + 1015, + 1016, + 1017, + 1018, + 1019, + 1020 ], "starting_column": 5, "ending_column": 6 @@ -12543,42 +8651,111 @@ "ending_column": 2 } }, - "signature": "transferWithoutReward(address,uint256)" + "signature": "splitDAO(uint256,address)" } }, { "type": "node", - "name": "! getMyReward()", + "name": "p.splitData[0].newDAO = createNewDAO(_newCurator)", "source_mapping": { - "start": 41288, - "length": 14, + "start": 37159, + "length": 49, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1092 + 974 ], "starting_column": 13, - "ending_column": 27 + "ending_column": 62 }, "type_specific_fields": { "parent": { "type": "function", - "name": "transferWithoutReward", + "name": "splitDAO", "source_mapping": { - "start": 41191, - "length": 175, + "start": 36148, + "length": 2849, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1091, - 1092, - 1093, - 1094, - 1095 + 947, + 948, + 949, + 950, + 951, + 952, + 953, + 954, + 955, + 956, + 957, + 958, + 959, + 960, + 961, + 962, + 963, + 964, + 965, + 966, + 967, + 968, + 969, + 970, + 971, + 972, + 973, + 974, + 975, + 976, + 977, + 978, + 979, + 980, + 981, + 982, + 983, + 984, + 985, + 986, + 987, + 988, + 989, + 990, + 991, + 992, + 993, + 994, + 995, + 996, + 997, + 998, + 999, + 1000, + 1001, + 1002, + 1003, + 1004, + 1005, + 1006, + 1007, + 1008, + 1009, + 1010, + 1011, + 1012, + 1013, + 1014, + 1015, + 1016, + 1017, + 1018, + 1019, + 1020 ], "starting_column": 5, "ending_column": 6 @@ -13130,7 +9307,7 @@ "ending_column": 2 } }, - "signature": "transferWithoutReward(address,uint256)" + "signature": "splitDAO(uint256,address)" } } }, @@ -13140,43 +9317,36 @@ }, { "type": "node", - "name": "(balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply < paidOut[_account]", + "name": "daoCreator.createDAO(_newCurator,0,0,now + splitExecutionPeriod)", "source_mapping": { - "start": 40461, - "length": 90, + "start": 44544, + "length": 74, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1065 + 1196 ], - "starting_column": 13, - "ending_column": 103 + "starting_column": 9, + "ending_column": 83 }, "type_specific_fields": { "parent": { "type": "function", - "name": "withdrawRewardFor", + "name": "createNewDAO", "source_mapping": { - "start": 40361, - "length": 473, + "start": 44427, + "length": 198, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1064, - 1065, - 1066, - 1067, - 1068, - 1069, - 1070, - 1071, - 1072, - 1073, - 1074 + 1194, + 1195, + 1196, + 1197 ], "starting_column": 5, "ending_column": 6 @@ -13728,7 +9898,7 @@ "ending_column": 2 } }, - "signature": "withdrawRewardFor(address)" + "signature": "createNewDAO(address)" } } }, @@ -13738,44 +9908,106 @@ }, { "type": "node", - "name": "reward = (balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply - paidOut[_account]", + "name": "withdrawRewardFor(msg.sender)", "source_mapping": { - "start": 40581, - "length": 116, + "start": 38796, + "length": 29, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1068, - 1069 + 1015 ], "starting_column": 9, - "ending_column": 103 + "ending_column": 38 }, "type_specific_fields": { "parent": { "type": "function", - "name": "withdrawRewardFor", + "name": "splitDAO", "source_mapping": { - "start": 40361, - "length": 473, + "start": 36148, + "length": 2849, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 1064, - 1065, - 1066, - 1067, - 1068, - 1069, - 1070, - 1071, - 1072, - 1073, - 1074 + "is_dependency": false, + "lines": [ + 947, + 948, + 949, + 950, + 951, + 952, + 953, + 954, + 955, + 956, + 957, + 958, + 959, + 960, + 961, + 962, + 963, + 964, + 965, + 966, + 967, + 968, + 969, + 970, + 971, + 972, + 973, + 974, + 975, + 976, + 977, + 978, + 979, + 980, + 981, + 982, + 983, + 984, + 985, + 986, + 987, + 988, + 989, + 990, + 991, + 992, + 993, + 994, + 995, + 996, + 997, + 998, + 999, + 1000, + 1001, + 1002, + 1003, + 1004, + 1005, + 1006, + 1007, + 1008, + 1009, + 1010, + 1011, + 1012, + 1013, + 1014, + 1015, + 1016, + 1017, + 1018, + 1019, + 1020 ], "starting_column": 5, "ending_column": 6 @@ -14327,29 +10559,29 @@ "ending_column": 2 } }, - "signature": "withdrawRewardFor(address)" + "signature": "splitDAO(uint256,address)" } } }, "additional_fields": { - "underlying_type": "external_calls_sending_eth" + "underlying_type": "external_calls" } }, { "type": "node", - "name": "! rewardAccount.payOut(_account,reward)", + "name": "(balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply < paidOut[_account]", "source_mapping": { - "start": 40711, - "length": 39, + "start": 40461, + "length": 90, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1070 + 1065 ], "starting_column": 13, - "ending_column": 52 + "ending_column": 103 }, "type_specific_fields": { "parent": { @@ -14935,37 +11167,44 @@ }, { "type": "node", - "name": "transfer(_to,_value)", + "name": "reward = (balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply - paidOut[_account]", "source_mapping": { - "start": 41331, - "length": 28, + "start": 40581, + "length": 116, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1094 + 1068, + 1069 ], "starting_column": 9, - "ending_column": 37 + "ending_column": 103 }, "type_specific_fields": { "parent": { "type": "function", - "name": "transferWithoutReward", + "name": "withdrawRewardFor", "source_mapping": { - "start": 41191, - "length": 175, + "start": 40361, + "length": 473, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1091, - 1092, - 1093, - 1094, - 1095 + 1064, + 1065, + 1066, + 1067, + 1068, + 1069, + 1070, + 1071, + 1072, + 1073, + 1074 ], "starting_column": 5, "ending_column": 6 @@ -15517,171 +11756,53 @@ "ending_column": 2 } }, - "signature": "transferWithoutReward(address,uint256)" - } - } - }, - "additional_fields": { - "underlying_type": "variables_written", - "variable_name": "balances" - } - }, - { - "type": "node", - "name": "balances[msg.sender] -= _amount", - "source_mapping": { - "start": 3920, - "length": 31, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 101 - ], - "starting_column": 13, - "ending_column": 44 - }, - "type_specific_fields": { - "parent": { - "type": "function", - "name": "transfer", - "source_mapping": { - "start": 3765, - "length": 356, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 99, - 100, - 101, - 102, - 103, - 104, - 105, - 106, - 107, - 108 - ], - "starting_column": 5, - "ending_column": 6 - }, - "type_specific_fields": { - "parent": { - "type": "contract", - "name": "Token", - "source_mapping": { - "start": 3440, - "length": 1550, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 90, - 91, - 92, - 93, - 94, - 95, - 96, - 97, - 98, - 99, - 100, - 101, - 102, - 103, - 104, - 105, - 106, - 107, - 108, - 109, - 110, - 111, - 112, - 113, - 114, - 115, - 116, - 117, - 118, - 119, - 120, - 121, - 122, - 123, - 124, - 125, - 126, - 127, - 128, - 129, - 130, - 131, - 132, - 133, - 134, - 135, - 136, - 137, - 138, - 139 - ], - "starting_column": 1, - "ending_column": 2 - } - }, - "signature": "transfer(address,uint256)" + "signature": "withdrawRewardFor(address)" } } }, "additional_fields": { - "underlying_type": "variables_written", - "variable_name": "balances" + "underlying_type": "external_calls_sending_eth" } }, { "type": "node", - "name": "balances[_to] += _amount", + "name": "! rewardAccount.payOut(_account,reward)", "source_mapping": { - "start": 3965, - "length": 24, + "start": 40711, + "length": 39, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 102 + 1070 ], "starting_column": 13, - "ending_column": 37 + "ending_column": 52 }, "type_specific_fields": { "parent": { "type": "function", - "name": "transfer", + "name": "withdrawRewardFor", "source_mapping": { - "start": 3765, - "length": 356, + "start": 40361, + "length": 473, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 99, - 100, - 101, - 102, - 103, - 104, - 105, - 106, - 107, - 108 + 1064, + 1065, + 1066, + 1067, + 1068, + 1069, + 1070, + 1071, + 1072, + 1073, + 1074 ], "starting_column": 5, "ending_column": 6 @@ -15689,112 +11810,660 @@ "type_specific_fields": { "parent": { "type": "contract", - "name": "Token", + "name": "DAO", "source_mapping": { - "start": 3440, - "length": 1550, + "start": 28296, + "length": 17108, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 90, - 91, - 92, - 93, - 94, - 95, - 96, - 97, - 98, - 99, - 100, - 101, - 102, - 103, - 104, - 105, - 106, - 107, - 108, - 109, - 110, - 111, - 112, - 113, - 114, - 115, - 116, - 117, - 118, - 119, - 120, - 121, - 122, - 123, - 124, - 125, - 126, - 127, - 128, - 129, - 130, - 131, - 132, - 133, - 134, - 135, - 136, - 137, - 138, - 139 + 694, + 695, + 696, + 697, + 698, + 699, + 700, + 701, + 702, + 703, + 704, + 705, + 706, + 707, + 708, + 709, + 710, + 711, + 712, + 713, + 714, + 715, + 716, + 717, + 718, + 719, + 720, + 721, + 722, + 723, + 724, + 725, + 726, + 727, + 728, + 729, + 730, + 731, + 732, + 733, + 734, + 735, + 736, + 737, + 738, + 739, + 740, + 741, + 742, + 743, + 744, + 745, + 746, + 747, + 748, + 749, + 750, + 751, + 752, + 753, + 754, + 755, + 756, + 757, + 758, + 759, + 760, + 761, + 762, + 763, + 764, + 765, + 766, + 767, + 768, + 769, + 770, + 771, + 772, + 773, + 774, + 775, + 776, + 777, + 778, + 779, + 780, + 781, + 782, + 783, + 784, + 785, + 786, + 787, + 788, + 789, + 790, + 791, + 792, + 793, + 794, + 795, + 796, + 797, + 798, + 799, + 800, + 801, + 802, + 803, + 804, + 805, + 806, + 807, + 808, + 809, + 810, + 811, + 812, + 813, + 814, + 815, + 816, + 817, + 818, + 819, + 820, + 821, + 822, + 823, + 824, + 825, + 826, + 827, + 828, + 829, + 830, + 831, + 832, + 833, + 834, + 835, + 836, + 837, + 838, + 839, + 840, + 841, + 842, + 843, + 844, + 845, + 846, + 847, + 848, + 849, + 850, + 851, + 852, + 853, + 854, + 855, + 856, + 857, + 858, + 859, + 860, + 861, + 862, + 863, + 864, + 865, + 866, + 867, + 868, + 869, + 870, + 871, + 872, + 873, + 874, + 875, + 876, + 877, + 878, + 879, + 880, + 881, + 882, + 883, + 884, + 885, + 886, + 887, + 888, + 889, + 890, + 891, + 892, + 893, + 894, + 895, + 896, + 897, + 898, + 899, + 900, + 901, + 902, + 903, + 904, + 905, + 906, + 907, + 908, + 909, + 910, + 911, + 912, + 913, + 914, + 915, + 916, + 917, + 918, + 919, + 920, + 921, + 922, + 923, + 924, + 925, + 926, + 927, + 928, + 929, + 930, + 931, + 932, + 933, + 934, + 935, + 936, + 937, + 938, + 939, + 940, + 941, + 942, + 943, + 944, + 945, + 946, + 947, + 948, + 949, + 950, + 951, + 952, + 953, + 954, + 955, + 956, + 957, + 958, + 959, + 960, + 961, + 962, + 963, + 964, + 965, + 966, + 967, + 968, + 969, + 970, + 971, + 972, + 973, + 974, + 975, + 976, + 977, + 978, + 979, + 980, + 981, + 982, + 983, + 984, + 985, + 986, + 987, + 988, + 989, + 990, + 991, + 992, + 993, + 994, + 995, + 996, + 997, + 998, + 999, + 1000, + 1001, + 1002, + 1003, + 1004, + 1005, + 1006, + 1007, + 1008, + 1009, + 1010, + 1011, + 1012, + 1013, + 1014, + 1015, + 1016, + 1017, + 1018, + 1019, + 1020, + 1021, + 1022, + 1023, + 1024, + 1025, + 1026, + 1027, + 1028, + 1029, + 1030, + 1031, + 1032, + 1033, + 1034, + 1035, + 1036, + 1037, + 1038, + 1039, + 1040, + 1041, + 1042, + 1043, + 1044, + 1045, + 1046, + 1047, + 1048, + 1049, + 1050, + 1051, + 1052, + 1053, + 1054, + 1055, + 1056, + 1057, + 1058, + 1059, + 1060, + 1061, + 1062, + 1063, + 1064, + 1065, + 1066, + 1067, + 1068, + 1069, + 1070, + 1071, + 1072, + 1073, + 1074, + 1075, + 1076, + 1077, + 1078, + 1079, + 1080, + 1081, + 1082, + 1083, + 1084, + 1085, + 1086, + 1087, + 1088, + 1089, + 1090, + 1091, + 1092, + 1093, + 1094, + 1095, + 1096, + 1097, + 1098, + 1099, + 1100, + 1101, + 1102, + 1103, + 1104, + 1105, + 1106, + 1107, + 1108, + 1109, + 1110, + 1111, + 1112, + 1113, + 1114, + 1115, + 1116, + 1117, + 1118, + 1119, + 1120, + 1121, + 1122, + 1123, + 1124, + 1125, + 1126, + 1127, + 1128, + 1129, + 1130, + 1131, + 1132, + 1133, + 1134, + 1135, + 1136, + 1137, + 1138, + 1139, + 1140, + 1141, + 1142, + 1143, + 1144, + 1145, + 1146, + 1147, + 1148, + 1149, + 1150, + 1151, + 1152, + 1153, + 1154, + 1155, + 1156, + 1157, + 1158, + 1159, + 1160, + 1161, + 1162, + 1163, + 1164, + 1165, + 1166, + 1167, + 1168, + 1169, + 1170, + 1171, + 1172, + 1173, + 1174, + 1175, + 1176, + 1177, + 1178, + 1179, + 1180, + 1181, + 1182, + 1183, + 1184, + 1185, + 1186, + 1187, + 1188, + 1189, + 1190, + 1191, + 1192, + 1193, + 1194, + 1195, + 1196, + 1197, + 1198, + 1199, + 1200, + 1201, + 1202, + 1203, + 1204, + 1205, + 1206, + 1207, + 1208, + 1209, + 1210, + 1211, + 1212, + 1213, + 1214, + 1215, + 1216, + 1217, + 1218, + 1219, + 1220, + 1221, + 1222, + 1223 ], "starting_column": 1, "ending_column": 2 } }, - "signature": "transfer(address,uint256)" + "signature": "withdrawRewardFor(address)" } } }, "additional_fields": { - "underlying_type": "variables_written", - "variable_name": "balances" + "underlying_type": "external_calls_sending_eth" } }, { "type": "node", - "name": "transfer(_to,_value)", + "name": "balances[msg.sender] = 0", "source_mapping": { - "start": 41331, - "length": 28, + "start": 38912, + "length": 24, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1094 + 1017 ], "starting_column": 9, - "ending_column": 37 + "ending_column": 33 }, "type_specific_fields": { "parent": { "type": "function", - "name": "transferWithoutReward", + "name": "splitDAO", "source_mapping": { - "start": 41191, - "length": 175, + "start": 36148, + "length": 2849, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1091, - 1092, - 1093, - 1094, - 1095 + 947, + 948, + 949, + 950, + 951, + 952, + 953, + 954, + 955, + 956, + 957, + 958, + 959, + 960, + 961, + 962, + 963, + 964, + 965, + 966, + 967, + 968, + 969, + 970, + 971, + 972, + 973, + 974, + 975, + 976, + 977, + 978, + 979, + 980, + 981, + 982, + 983, + 984, + 985, + 986, + 987, + 988, + 989, + 990, + 991, + 992, + 993, + 994, + 995, + 996, + 997, + 998, + 999, + 1000, + 1001, + 1002, + 1003, + 1004, + 1005, + 1006, + 1007, + 1008, + 1009, + 1010, + 1011, + 1012, + 1013, + 1014, + 1015, + 1016, + 1017, + 1018, + 1019, + 1020 ], "starting_column": 5, "ending_column": 6 @@ -16346,56 +13015,117 @@ "ending_column": 2 } }, - "signature": "transferWithoutReward(address,uint256)" + "signature": "splitDAO(uint256,address)" } } }, "additional_fields": { "underlying_type": "variables_written", - "variable_name": "paidOut" + "variable_name": "balances" } }, { "type": "node", - "name": "paidOut[_from] -= transferPaidOut", + "name": "paidOut[msg.sender] = 0", "source_mapping": { - "start": 42279, - "length": 33, + "start": 38946, + "length": 23, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1133 + 1018 ], "starting_column": 9, - "ending_column": 42 + "ending_column": 32 }, "type_specific_fields": { "parent": { "type": "function", - "name": "transferPaidOut", + "name": "splitDAO", "source_mapping": { - "start": 41997, - "length": 384, + "start": 36148, + "length": 2849, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1124, - 1125, - 1126, - 1127, - 1128, - 1129, - 1130, - 1131, - 1132, - 1133, - 1134, - 1135, - 1136 + 947, + 948, + 949, + 950, + 951, + 952, + 953, + 954, + 955, + 956, + 957, + 958, + 959, + 960, + 961, + 962, + 963, + 964, + 965, + 966, + 967, + 968, + 969, + 970, + 971, + 972, + 973, + 974, + 975, + 976, + 977, + 978, + 979, + 980, + 981, + 982, + 983, + 984, + 985, + 986, + 987, + 988, + 989, + 990, + 991, + 992, + 993, + 994, + 995, + 996, + 997, + 998, + 999, + 1000, + 1001, + 1002, + 1003, + 1004, + 1005, + 1006, + 1007, + 1008, + 1009, + 1010, + 1011, + 1012, + 1013, + 1014, + 1015, + 1016, + 1017, + 1018, + 1019, + 1020 ], "starting_column": 5, "ending_column": 6 @@ -16947,7 +13677,7 @@ "ending_column": 2 } }, - "signature": "transferPaidOut(address,address,uint256)" + "signature": "splitDAO(uint256,address)" } } }, @@ -16958,45 +13688,106 @@ }, { "type": "node", - "name": "paidOut[_to] += transferPaidOut", + "name": "totalSupply -= balances[msg.sender]", "source_mapping": { - "start": 42322, - "length": 31, + "start": 38867, + "length": 35, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1134 + 1016 ], "starting_column": 9, - "ending_column": 40 + "ending_column": 44 }, "type_specific_fields": { "parent": { "type": "function", - "name": "transferPaidOut", + "name": "splitDAO", "source_mapping": { - "start": 41997, - "length": 384, + "start": 36148, + "length": 2849, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1124, - 1125, - 1126, - 1127, - 1128, - 1129, - 1130, - 1131, - 1132, - 1133, - 1134, - 1135, - 1136 + 947, + 948, + 949, + 950, + 951, + 952, + 953, + 954, + 955, + 956, + 957, + 958, + 959, + 960, + 961, + 962, + 963, + 964, + 965, + 966, + 967, + 968, + 969, + 970, + 971, + 972, + 973, + 974, + 975, + 976, + 977, + 978, + 979, + 980, + 981, + 982, + 983, + 984, + 985, + 986, + 987, + 988, + 989, + 990, + 991, + 992, + 993, + 994, + 995, + 996, + 997, + 998, + 999, + 1000, + 1001, + 1002, + 1003, + 1004, + 1005, + 1006, + 1007, + 1008, + 1009, + 1010, + 1011, + 1012, + 1013, + 1014, + 1015, + 1016, + 1017, + 1018, + 1019, + 1020 ], "starting_column": 5, "ending_column": 6 @@ -17548,111 +14339,42 @@ "ending_column": 2 } }, - "signature": "transferPaidOut(address,address,uint256)" + "signature": "splitDAO(uint256,address)" } } }, "additional_fields": { "underlying_type": "variables_written", - "variable_name": "paidOut" - } - } - ], - "description": "Reentrancy in DAO.transferWithoutReward(address,uint256) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1091-1095):\n\tExternal calls:\n\t- ! getMyReward() (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1092)\n\t\t- (balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply < paidOut[_account] (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1065)\n\t\t- reward = (balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply - paidOut[_account] (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1068-1069)\n\t\t- ! rewardAccount.payOut(_account,reward) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1070)\n\tState variables written after the call(s):\n\t- transfer(_to,_value) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1094)\n\t\t- balances[msg.sender] -= _amount (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#101)\n\t\t- balances[_to] += _amount (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#102)\n\t- transfer(_to,_value) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1094)\n\t\t- paidOut[_from] -= transferPaidOut (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1133)\n\t\t- paidOut[_to] += transferPaidOut (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1134)\n", - "markdown": "Reentrancy in [DAO.transferWithoutReward(address,uint256)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1091-L1095):\n\tExternal calls:\n\t- [! getMyReward()](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1092)\n\t\t- [(balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply < paidOut[_account]](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1065)\n\t\t- [reward = (balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply - paidOut[_account]](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1068-L1069)\n\t\t- [! rewardAccount.payOut(_account,reward)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1070)\n\tState variables written after the call(s):\n\t- [transfer(_to,_value)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1094)\n\t\t- [balances[msg.sender] -= _amount](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L101)\n\t\t- [balances[_to] += _amount](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L102)\n\t- [transfer(_to,_value)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1094)\n\t\t- [paidOut[_from] -= transferPaidOut](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1133)\n\t\t- [paidOut[_to] += transferPaidOut](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1134)\n", - "first_markdown_element": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1091-L1095", - "id": "bb78c66126a39c10a22c2be95caccd1bc16b010bc959bdeb23bdc1d728654eea", - "check": "reentrancy-no-eth", - "impact": "Medium", - "confidence": "Medium" - }, - { - "elements": [ - { - "type": "function", - "name": "splitDAO", - "source_mapping": { - "start": 36148, - "length": 2849, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 947, - 948, - 949, - 950, - 951, - 952, - 953, - 954, - 955, - 956, - 957, - 958, - 959, - 960, - 961, - 962, - 963, - 964, - 965, - 966, - 967, - 968, - 969, - 970, - 971, - 972, - 973, - 974, - 975, - 976, - 977, - 978, - 979, - 980, - 981, - 982, - 983, - 984, - 985, - 986, - 987, - 988, - 989, - 990, - 991, - 992, - 993, - 994, - 995, - 996, - 997, - 998, - 999, - 1000, - 1001, - 1002, - 1003, - 1004, - 1005, - 1006, - 1007, - 1008, - 1009, - 1010, - 1011, - 1012, - 1013, - 1014, - 1015, - 1016, - 1017, - 1018, - 1019, - 1020 + "variable_name": "totalSupply" + } + } + ], + "description": "Reentrancy in DAO.splitDAO(uint256,address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#947-1020):\n\tExternal calls:\n\t- p.splitData[0].newDAO = createNewDAO(_newCurator) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#974)\n\t\t- daoCreator.createDAO(_newCurator,0,0,now + splitExecutionPeriod) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1196)\n\t- withdrawRewardFor(msg.sender) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1015)\n\t\t- (balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply < paidOut[_account] (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1065)\n\t\t- reward = (balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply - paidOut[_account] (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1068-1069)\n\t\t- ! rewardAccount.payOut(_account,reward) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1070)\n\tState variables written after the call(s):\n\t- balances[msg.sender] = 0 (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1017)\n\tTokenInterface.balances (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#41) can be used in cross function reentrancies:\n\t- Token.transfer(address,uint256) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#99-108)\n\t- TokenCreation.createTokenProxy(address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#299-316)\n\t- DAO.splitDAO(uint256,address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#947-1020)\n\t- DAO.vote(uint256,bool) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#820-850)\n\t- Token.balanceOf(address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#95-97)\n\t- TokenCreation.refund() (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#318-332)\n\t- Token.transferFrom(address,address,uint256) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#110-128)\n\t- paidOut[msg.sender] = 0 (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1018)\n\tDAOInterface.paidOut (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#426) can be used in cross function reentrancies:\n\t- DAO.splitDAO(uint256,address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#947-1020)\n\t- DAO.transferPaidOut(address,address,uint256) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1124-1136)\n\t- DAO.withdrawRewardFor(address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1064-1074)\n\t- DAOInterface.paidOut (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#426)\n\t- totalSupply -= balances[msg.sender] (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1016)\n\tTokenInterface.totalSupply (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#45) can be used in cross function reentrancies:\n\t- TokenCreation.createTokenProxy(address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#299-316)\n\t- DAO.splitDAO(uint256,address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#947-1020)\n\t- DAO.minQuorum(uint256) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1174-1178)\n\t- TokenInterface.totalSupply (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#45)\n\t- DAO.executeProposal(uint256,bytes) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#853-937)\n\t- DAO.withdrawRewardFor(address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1064-1074)\n\t- TokenCreation.refund() (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#318-332)\n", + "markdown": "Reentrancy in [DAO.splitDAO(uint256,address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L947-L1020):\n\tExternal calls:\n\t- [p.splitData[0].newDAO = createNewDAO(_newCurator)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L974)\n\t\t- [daoCreator.createDAO(_newCurator,0,0,now + splitExecutionPeriod)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1196)\n\t- [withdrawRewardFor(msg.sender)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1015)\n\t\t- [(balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply < paidOut[_account]](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1065)\n\t\t- [reward = (balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply - paidOut[_account]](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1068-L1069)\n\t\t- [! rewardAccount.payOut(_account,reward)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1070)\n\tState variables written after the call(s):\n\t- [balances[msg.sender] = 0](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1017)\n\t[TokenInterface.balances](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L41) can be used in cross function reentrancies:\n\t- [Token.transfer(address,uint256)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L99-L108)\n\t- [TokenCreation.createTokenProxy(address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L299-L316)\n\t- [DAO.splitDAO(uint256,address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L947-L1020)\n\t- [DAO.vote(uint256,bool)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L820-L850)\n\t- [Token.balanceOf(address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L95-L97)\n\t- [TokenCreation.refund()](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L318-L332)\n\t- [Token.transferFrom(address,address,uint256)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L110-L128)\n\t- [paidOut[msg.sender] = 0](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1018)\n\t[DAOInterface.paidOut](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L426) can be used in cross function reentrancies:\n\t- [DAO.splitDAO(uint256,address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L947-L1020)\n\t- [DAO.transferPaidOut(address,address,uint256)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1124-L1136)\n\t- [DAO.withdrawRewardFor(address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1064-L1074)\n\t- [DAOInterface.paidOut](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L426)\n\t- [totalSupply -= balances[msg.sender]](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1016)\n\t[TokenInterface.totalSupply](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L45) can be used in cross function reentrancies:\n\t- [TokenCreation.createTokenProxy(address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L299-L316)\n\t- [DAO.splitDAO(uint256,address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L947-L1020)\n\t- [DAO.minQuorum(uint256)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1174-L1178)\n\t- [TokenInterface.totalSupply](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L45)\n\t- [DAO.executeProposal(uint256,bytes)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L853-L937)\n\t- [DAO.withdrawRewardFor(address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1064-L1074)\n\t- [TokenCreation.refund()](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L318-L332)\n", + "first_markdown_element": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L947-L1020", + "id": "42a79513e1c7098fa23ca86561e61190d6d20dd43429f0392174bd44954abf98", + "check": "reentrancy-no-eth", + "impact": "Medium", + "confidence": "Medium" + }, + { + "elements": [ + { + "type": "function", + "name": "transferWithoutReward", + "source_mapping": { + "start": 41191, + "length": 175, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 1091, + 1092, + 1093, + 1094, + 1095 ], "starting_column": 5, "ending_column": 6 @@ -18049,266 +14771,1394 @@ 1071, 1072, 1073, - 1074, - 1075, - 1076, - 1077, - 1078, - 1079, - 1080, - 1081, - 1082, - 1083, - 1084, - 1085, - 1086, - 1087, - 1088, - 1089, - 1090, - 1091, - 1092, - 1093, - 1094, - 1095, - 1096, - 1097, - 1098, - 1099, - 1100, - 1101, - 1102, - 1103, - 1104, - 1105, - 1106, - 1107, - 1108, - 1109, - 1110, - 1111, - 1112, - 1113, - 1114, - 1115, - 1116, - 1117, - 1118, - 1119, - 1120, - 1121, - 1122, - 1123, - 1124, - 1125, - 1126, - 1127, - 1128, - 1129, - 1130, - 1131, - 1132, - 1133, - 1134, - 1135, - 1136, - 1137, - 1138, - 1139, - 1140, - 1141, - 1142, - 1143, - 1144, - 1145, - 1146, - 1147, - 1148, - 1149, - 1150, - 1151, - 1152, - 1153, - 1154, - 1155, - 1156, - 1157, - 1158, - 1159, - 1160, - 1161, - 1162, - 1163, - 1164, - 1165, - 1166, - 1167, - 1168, - 1169, - 1170, - 1171, - 1172, - 1173, - 1174, - 1175, - 1176, - 1177, - 1178, - 1179, - 1180, - 1181, - 1182, - 1183, - 1184, - 1185, - 1186, - 1187, - 1188, - 1189, - 1190, - 1191, - 1192, - 1193, - 1194, - 1195, - 1196, - 1197, - 1198, - 1199, - 1200, - 1201, - 1202, - 1203, - 1204, - 1205, - 1206, - 1207, - 1208, - 1209, - 1210, - 1211, - 1212, - 1213, - 1214, - 1215, - 1216, - 1217, - 1218, - 1219, - 1220, - 1221, - 1222, - 1223 + 1074, + 1075, + 1076, + 1077, + 1078, + 1079, + 1080, + 1081, + 1082, + 1083, + 1084, + 1085, + 1086, + 1087, + 1088, + 1089, + 1090, + 1091, + 1092, + 1093, + 1094, + 1095, + 1096, + 1097, + 1098, + 1099, + 1100, + 1101, + 1102, + 1103, + 1104, + 1105, + 1106, + 1107, + 1108, + 1109, + 1110, + 1111, + 1112, + 1113, + 1114, + 1115, + 1116, + 1117, + 1118, + 1119, + 1120, + 1121, + 1122, + 1123, + 1124, + 1125, + 1126, + 1127, + 1128, + 1129, + 1130, + 1131, + 1132, + 1133, + 1134, + 1135, + 1136, + 1137, + 1138, + 1139, + 1140, + 1141, + 1142, + 1143, + 1144, + 1145, + 1146, + 1147, + 1148, + 1149, + 1150, + 1151, + 1152, + 1153, + 1154, + 1155, + 1156, + 1157, + 1158, + 1159, + 1160, + 1161, + 1162, + 1163, + 1164, + 1165, + 1166, + 1167, + 1168, + 1169, + 1170, + 1171, + 1172, + 1173, + 1174, + 1175, + 1176, + 1177, + 1178, + 1179, + 1180, + 1181, + 1182, + 1183, + 1184, + 1185, + 1186, + 1187, + 1188, + 1189, + 1190, + 1191, + 1192, + 1193, + 1194, + 1195, + 1196, + 1197, + 1198, + 1199, + 1200, + 1201, + 1202, + 1203, + 1204, + 1205, + 1206, + 1207, + 1208, + 1209, + 1210, + 1211, + 1212, + 1213, + 1214, + 1215, + 1216, + 1217, + 1218, + 1219, + 1220, + 1221, + 1222, + 1223 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "transferWithoutReward(address,uint256)" + } + }, + { + "type": "node", + "name": "! getMyReward()", + "source_mapping": { + "start": 41288, + "length": 14, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 1092 + ], + "starting_column": 13, + "ending_column": 27 + }, + "type_specific_fields": { + "parent": { + "type": "function", + "name": "transferWithoutReward", + "source_mapping": { + "start": 41191, + "length": 175, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 1091, + 1092, + 1093, + 1094, + 1095 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "DAO", + "source_mapping": { + "start": 28296, + "length": 17108, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 694, + 695, + 696, + 697, + 698, + 699, + 700, + 701, + 702, + 703, + 704, + 705, + 706, + 707, + 708, + 709, + 710, + 711, + 712, + 713, + 714, + 715, + 716, + 717, + 718, + 719, + 720, + 721, + 722, + 723, + 724, + 725, + 726, + 727, + 728, + 729, + 730, + 731, + 732, + 733, + 734, + 735, + 736, + 737, + 738, + 739, + 740, + 741, + 742, + 743, + 744, + 745, + 746, + 747, + 748, + 749, + 750, + 751, + 752, + 753, + 754, + 755, + 756, + 757, + 758, + 759, + 760, + 761, + 762, + 763, + 764, + 765, + 766, + 767, + 768, + 769, + 770, + 771, + 772, + 773, + 774, + 775, + 776, + 777, + 778, + 779, + 780, + 781, + 782, + 783, + 784, + 785, + 786, + 787, + 788, + 789, + 790, + 791, + 792, + 793, + 794, + 795, + 796, + 797, + 798, + 799, + 800, + 801, + 802, + 803, + 804, + 805, + 806, + 807, + 808, + 809, + 810, + 811, + 812, + 813, + 814, + 815, + 816, + 817, + 818, + 819, + 820, + 821, + 822, + 823, + 824, + 825, + 826, + 827, + 828, + 829, + 830, + 831, + 832, + 833, + 834, + 835, + 836, + 837, + 838, + 839, + 840, + 841, + 842, + 843, + 844, + 845, + 846, + 847, + 848, + 849, + 850, + 851, + 852, + 853, + 854, + 855, + 856, + 857, + 858, + 859, + 860, + 861, + 862, + 863, + 864, + 865, + 866, + 867, + 868, + 869, + 870, + 871, + 872, + 873, + 874, + 875, + 876, + 877, + 878, + 879, + 880, + 881, + 882, + 883, + 884, + 885, + 886, + 887, + 888, + 889, + 890, + 891, + 892, + 893, + 894, + 895, + 896, + 897, + 898, + 899, + 900, + 901, + 902, + 903, + 904, + 905, + 906, + 907, + 908, + 909, + 910, + 911, + 912, + 913, + 914, + 915, + 916, + 917, + 918, + 919, + 920, + 921, + 922, + 923, + 924, + 925, + 926, + 927, + 928, + 929, + 930, + 931, + 932, + 933, + 934, + 935, + 936, + 937, + 938, + 939, + 940, + 941, + 942, + 943, + 944, + 945, + 946, + 947, + 948, + 949, + 950, + 951, + 952, + 953, + 954, + 955, + 956, + 957, + 958, + 959, + 960, + 961, + 962, + 963, + 964, + 965, + 966, + 967, + 968, + 969, + 970, + 971, + 972, + 973, + 974, + 975, + 976, + 977, + 978, + 979, + 980, + 981, + 982, + 983, + 984, + 985, + 986, + 987, + 988, + 989, + 990, + 991, + 992, + 993, + 994, + 995, + 996, + 997, + 998, + 999, + 1000, + 1001, + 1002, + 1003, + 1004, + 1005, + 1006, + 1007, + 1008, + 1009, + 1010, + 1011, + 1012, + 1013, + 1014, + 1015, + 1016, + 1017, + 1018, + 1019, + 1020, + 1021, + 1022, + 1023, + 1024, + 1025, + 1026, + 1027, + 1028, + 1029, + 1030, + 1031, + 1032, + 1033, + 1034, + 1035, + 1036, + 1037, + 1038, + 1039, + 1040, + 1041, + 1042, + 1043, + 1044, + 1045, + 1046, + 1047, + 1048, + 1049, + 1050, + 1051, + 1052, + 1053, + 1054, + 1055, + 1056, + 1057, + 1058, + 1059, + 1060, + 1061, + 1062, + 1063, + 1064, + 1065, + 1066, + 1067, + 1068, + 1069, + 1070, + 1071, + 1072, + 1073, + 1074, + 1075, + 1076, + 1077, + 1078, + 1079, + 1080, + 1081, + 1082, + 1083, + 1084, + 1085, + 1086, + 1087, + 1088, + 1089, + 1090, + 1091, + 1092, + 1093, + 1094, + 1095, + 1096, + 1097, + 1098, + 1099, + 1100, + 1101, + 1102, + 1103, + 1104, + 1105, + 1106, + 1107, + 1108, + 1109, + 1110, + 1111, + 1112, + 1113, + 1114, + 1115, + 1116, + 1117, + 1118, + 1119, + 1120, + 1121, + 1122, + 1123, + 1124, + 1125, + 1126, + 1127, + 1128, + 1129, + 1130, + 1131, + 1132, + 1133, + 1134, + 1135, + 1136, + 1137, + 1138, + 1139, + 1140, + 1141, + 1142, + 1143, + 1144, + 1145, + 1146, + 1147, + 1148, + 1149, + 1150, + 1151, + 1152, + 1153, + 1154, + 1155, + 1156, + 1157, + 1158, + 1159, + 1160, + 1161, + 1162, + 1163, + 1164, + 1165, + 1166, + 1167, + 1168, + 1169, + 1170, + 1171, + 1172, + 1173, + 1174, + 1175, + 1176, + 1177, + 1178, + 1179, + 1180, + 1181, + 1182, + 1183, + 1184, + 1185, + 1186, + 1187, + 1188, + 1189, + 1190, + 1191, + 1192, + 1193, + 1194, + 1195, + 1196, + 1197, + 1198, + 1199, + 1200, + 1201, + 1202, + 1203, + 1204, + 1205, + 1206, + 1207, + 1208, + 1209, + 1210, + 1211, + 1212, + 1213, + 1214, + 1215, + 1216, + 1217, + 1218, + 1219, + 1220, + 1221, + 1222, + 1223 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "transferWithoutReward(address,uint256)" + } + } + }, + "additional_fields": { + "underlying_type": "external_calls" + } + }, + { + "type": "node", + "name": "(balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply < paidOut[_account]", + "source_mapping": { + "start": 40461, + "length": 90, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 1065 + ], + "starting_column": 13, + "ending_column": 103 + }, + "type_specific_fields": { + "parent": { + "type": "function", + "name": "withdrawRewardFor", + "source_mapping": { + "start": 40361, + "length": 473, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 1064, + 1065, + 1066, + 1067, + 1068, + 1069, + 1070, + 1071, + 1072, + 1073, + 1074 ], - "starting_column": 1, - "ending_column": 2 + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "DAO", + "source_mapping": { + "start": 28296, + "length": 17108, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 694, + 695, + 696, + 697, + 698, + 699, + 700, + 701, + 702, + 703, + 704, + 705, + 706, + 707, + 708, + 709, + 710, + 711, + 712, + 713, + 714, + 715, + 716, + 717, + 718, + 719, + 720, + 721, + 722, + 723, + 724, + 725, + 726, + 727, + 728, + 729, + 730, + 731, + 732, + 733, + 734, + 735, + 736, + 737, + 738, + 739, + 740, + 741, + 742, + 743, + 744, + 745, + 746, + 747, + 748, + 749, + 750, + 751, + 752, + 753, + 754, + 755, + 756, + 757, + 758, + 759, + 760, + 761, + 762, + 763, + 764, + 765, + 766, + 767, + 768, + 769, + 770, + 771, + 772, + 773, + 774, + 775, + 776, + 777, + 778, + 779, + 780, + 781, + 782, + 783, + 784, + 785, + 786, + 787, + 788, + 789, + 790, + 791, + 792, + 793, + 794, + 795, + 796, + 797, + 798, + 799, + 800, + 801, + 802, + 803, + 804, + 805, + 806, + 807, + 808, + 809, + 810, + 811, + 812, + 813, + 814, + 815, + 816, + 817, + 818, + 819, + 820, + 821, + 822, + 823, + 824, + 825, + 826, + 827, + 828, + 829, + 830, + 831, + 832, + 833, + 834, + 835, + 836, + 837, + 838, + 839, + 840, + 841, + 842, + 843, + 844, + 845, + 846, + 847, + 848, + 849, + 850, + 851, + 852, + 853, + 854, + 855, + 856, + 857, + 858, + 859, + 860, + 861, + 862, + 863, + 864, + 865, + 866, + 867, + 868, + 869, + 870, + 871, + 872, + 873, + 874, + 875, + 876, + 877, + 878, + 879, + 880, + 881, + 882, + 883, + 884, + 885, + 886, + 887, + 888, + 889, + 890, + 891, + 892, + 893, + 894, + 895, + 896, + 897, + 898, + 899, + 900, + 901, + 902, + 903, + 904, + 905, + 906, + 907, + 908, + 909, + 910, + 911, + 912, + 913, + 914, + 915, + 916, + 917, + 918, + 919, + 920, + 921, + 922, + 923, + 924, + 925, + 926, + 927, + 928, + 929, + 930, + 931, + 932, + 933, + 934, + 935, + 936, + 937, + 938, + 939, + 940, + 941, + 942, + 943, + 944, + 945, + 946, + 947, + 948, + 949, + 950, + 951, + 952, + 953, + 954, + 955, + 956, + 957, + 958, + 959, + 960, + 961, + 962, + 963, + 964, + 965, + 966, + 967, + 968, + 969, + 970, + 971, + 972, + 973, + 974, + 975, + 976, + 977, + 978, + 979, + 980, + 981, + 982, + 983, + 984, + 985, + 986, + 987, + 988, + 989, + 990, + 991, + 992, + 993, + 994, + 995, + 996, + 997, + 998, + 999, + 1000, + 1001, + 1002, + 1003, + 1004, + 1005, + 1006, + 1007, + 1008, + 1009, + 1010, + 1011, + 1012, + 1013, + 1014, + 1015, + 1016, + 1017, + 1018, + 1019, + 1020, + 1021, + 1022, + 1023, + 1024, + 1025, + 1026, + 1027, + 1028, + 1029, + 1030, + 1031, + 1032, + 1033, + 1034, + 1035, + 1036, + 1037, + 1038, + 1039, + 1040, + 1041, + 1042, + 1043, + 1044, + 1045, + 1046, + 1047, + 1048, + 1049, + 1050, + 1051, + 1052, + 1053, + 1054, + 1055, + 1056, + 1057, + 1058, + 1059, + 1060, + 1061, + 1062, + 1063, + 1064, + 1065, + 1066, + 1067, + 1068, + 1069, + 1070, + 1071, + 1072, + 1073, + 1074, + 1075, + 1076, + 1077, + 1078, + 1079, + 1080, + 1081, + 1082, + 1083, + 1084, + 1085, + 1086, + 1087, + 1088, + 1089, + 1090, + 1091, + 1092, + 1093, + 1094, + 1095, + 1096, + 1097, + 1098, + 1099, + 1100, + 1101, + 1102, + 1103, + 1104, + 1105, + 1106, + 1107, + 1108, + 1109, + 1110, + 1111, + 1112, + 1113, + 1114, + 1115, + 1116, + 1117, + 1118, + 1119, + 1120, + 1121, + 1122, + 1123, + 1124, + 1125, + 1126, + 1127, + 1128, + 1129, + 1130, + 1131, + 1132, + 1133, + 1134, + 1135, + 1136, + 1137, + 1138, + 1139, + 1140, + 1141, + 1142, + 1143, + 1144, + 1145, + 1146, + 1147, + 1148, + 1149, + 1150, + 1151, + 1152, + 1153, + 1154, + 1155, + 1156, + 1157, + 1158, + 1159, + 1160, + 1161, + 1162, + 1163, + 1164, + 1165, + 1166, + 1167, + 1168, + 1169, + 1170, + 1171, + 1172, + 1173, + 1174, + 1175, + 1176, + 1177, + 1178, + 1179, + 1180, + 1181, + 1182, + 1183, + 1184, + 1185, + 1186, + 1187, + 1188, + 1189, + 1190, + 1191, + 1192, + 1193, + 1194, + 1195, + 1196, + 1197, + 1198, + 1199, + 1200, + 1201, + 1202, + 1203, + 1204, + 1205, + 1206, + 1207, + 1208, + 1209, + 1210, + 1211, + 1212, + 1213, + 1214, + 1215, + 1216, + 1217, + 1218, + 1219, + 1220, + 1221, + 1222, + 1223 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "withdrawRewardFor(address)" } - }, - "signature": "splitDAO(uint256,address)" + } + }, + "additional_fields": { + "underlying_type": "external_calls_sending_eth" } }, { "type": "node", - "name": "p.splitData[0].newDAO = createNewDAO(_newCurator)", + "name": "reward = (balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply - paidOut[_account]", "source_mapping": { - "start": 37159, - "length": 49, + "start": 40581, + "length": 116, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 974 + 1068, + 1069 ], - "starting_column": 13, - "ending_column": 62 + "starting_column": 9, + "ending_column": 103 }, "type_specific_fields": { "parent": { "type": "function", - "name": "splitDAO", + "name": "withdrawRewardFor", "source_mapping": { - "start": 36148, - "length": 2849, + "start": 40361, + "length": 473, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 947, - 948, - 949, - 950, - 951, - 952, - 953, - 954, - 955, - 956, - 957, - 958, - 959, - 960, - 961, - 962, - 963, - 964, - 965, - 966, - 967, - 968, - 969, - 970, - 971, - 972, - 973, - 974, - 975, - 976, - 977, - 978, - 979, - 980, - 981, - 982, - 983, - 984, - 985, - 986, - 987, - 988, - 989, - 990, - 991, - 992, - 993, - 994, - 995, - 996, - 997, - 998, - 999, - 1000, - 1001, - 1002, - 1003, - 1004, - 1005, - 1006, - 1007, - 1008, - 1009, - 1010, - 1011, - 1012, - 1013, - 1014, - 1015, - 1016, - 1017, - 1018, - 1019, - 1020 + 1064, + 1065, + 1066, + 1067, + 1068, + 1069, + 1070, + 1071, + 1072, + 1073, + 1074 ], "starting_column": 5, "ending_column": 6 @@ -18860,46 +16710,53 @@ "ending_column": 2 } }, - "signature": "splitDAO(uint256,address)" + "signature": "withdrawRewardFor(address)" } } }, "additional_fields": { - "underlying_type": "external_calls" + "underlying_type": "external_calls_sending_eth" } }, { "type": "node", - "name": "daoCreator.createDAO(_newCurator,0,0,now + splitExecutionPeriod)", + "name": "! rewardAccount.payOut(_account,reward)", "source_mapping": { - "start": 44544, - "length": 74, + "start": 40711, + "length": 39, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1196 + 1070 ], - "starting_column": 9, - "ending_column": 83 + "starting_column": 13, + "ending_column": 52 }, "type_specific_fields": { "parent": { "type": "function", - "name": "createNewDAO", + "name": "withdrawRewardFor", "source_mapping": { - "start": 44427, - "length": 198, + "start": 40361, + "length": 473, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1194, - 1195, - 1196, - 1197 + 1064, + 1065, + 1066, + 1067, + 1068, + 1069, + 1070, + 1071, + 1072, + 1073, + 1074 ], "starting_column": 5, "ending_column": 6 @@ -19434,133 +17291,64 @@ 1209, 1210, 1211, - 1212, - 1213, - 1214, - 1215, - 1216, - 1217, - 1218, - 1219, - 1220, - 1221, - 1222, - 1223 - ], - "starting_column": 1, - "ending_column": 2 - } - }, - "signature": "createNewDAO(address)" - } - } - }, - "additional_fields": { - "underlying_type": "external_calls_sending_eth" - } - }, - { - "type": "node", - "name": "p.splitData[0].splitBalance = actualBalance()", - "source_mapping": { - "start": 37456, - "length": 45, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 981 - ], - "starting_column": 13, - "ending_column": 58 - }, - "type_specific_fields": { - "parent": { - "type": "function", - "name": "splitDAO", - "source_mapping": { - "start": 36148, - "length": 2849, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 947, - 948, - 949, - 950, - 951, - 952, - 953, - 954, - 955, - 956, - 957, - 958, - 959, - 960, - 961, - 962, - 963, - 964, - 965, - 966, - 967, - 968, - 969, - 970, - 971, - 972, - 973, - 974, - 975, - 976, - 977, - 978, - 979, - 980, - 981, - 982, - 983, - 984, - 985, - 986, - 987, - 988, - 989, - 990, - 991, - 992, - 993, - 994, - 995, - 996, - 997, - 998, - 999, - 1000, - 1001, - 1002, - 1003, - 1004, - 1005, - 1006, - 1007, - 1008, - 1009, - 1010, - 1011, - 1012, - 1013, - 1014, - 1015, - 1016, - 1017, - 1018, - 1019, - 1020 + 1212, + 1213, + 1214, + 1215, + 1216, + 1217, + 1218, + 1219, + 1220, + 1221, + 1222, + 1223 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "withdrawRewardFor(address)" + } + } + }, + "additional_fields": { + "underlying_type": "external_calls_sending_eth" + } + }, + { + "type": "node", + "name": "transfer(_to,_value)", + "source_mapping": { + "start": 41331, + "length": 28, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 1094 + ], + "starting_column": 9, + "ending_column": 37 + }, + "type_specific_fields": { + "parent": { + "type": "function", + "name": "transferWithoutReward", + "source_mapping": { + "start": 41191, + "length": 175, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 1091, + 1092, + 1093, + 1094, + 1095 ], "starting_column": 5, "ending_column": 6 @@ -20112,117 +17900,284 @@ "ending_column": 2 } }, - "signature": "splitDAO(uint256,address)" + "signature": "transferWithoutReward(address,uint256)" + } + } + }, + "additional_fields": { + "underlying_type": "variables_written", + "variable_name": "balances" + } + }, + { + "type": "node", + "name": "balances[msg.sender] -= _amount", + "source_mapping": { + "start": 3920, + "length": 31, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 101 + ], + "starting_column": 13, + "ending_column": 44 + }, + "type_specific_fields": { + "parent": { + "type": "function", + "name": "transfer", + "source_mapping": { + "start": 3765, + "length": 356, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 99, + 100, + 101, + 102, + 103, + 104, + 105, + 106, + 107, + 108 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "Token", + "source_mapping": { + "start": 3440, + "length": 1550, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 90, + 91, + 92, + 93, + 94, + 95, + 96, + 97, + 98, + 99, + 100, + 101, + 102, + 103, + 104, + 105, + 106, + 107, + 108, + 109, + 110, + 111, + 112, + 113, + 114, + 115, + 116, + 117, + 118, + 119, + 120, + 121, + 122, + 123, + 124, + 125, + 126, + 127, + 128, + 129, + 130, + 131, + 132, + 133, + 134, + 135, + 136, + 137, + 138, + 139 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "transfer(address,uint256)" + } + } + }, + "additional_fields": { + "underlying_type": "variables_written", + "variable_name": "balances" + } + }, + { + "type": "node", + "name": "balances[_to] += _amount", + "source_mapping": { + "start": 3965, + "length": 24, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 102 + ], + "starting_column": 13, + "ending_column": 37 + }, + "type_specific_fields": { + "parent": { + "type": "function", + "name": "transfer", + "source_mapping": { + "start": 3765, + "length": 356, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 99, + 100, + 101, + 102, + 103, + 104, + 105, + 106, + 107, + 108 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "Token", + "source_mapping": { + "start": 3440, + "length": 1550, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 90, + 91, + 92, + 93, + 94, + 95, + 96, + 97, + 98, + 99, + 100, + 101, + 102, + 103, + 104, + 105, + 106, + 107, + 108, + 109, + 110, + 111, + 112, + 113, + 114, + 115, + 116, + 117, + 118, + 119, + 120, + 121, + 122, + 123, + 124, + 125, + 126, + 127, + 128, + 129, + 130, + 131, + 132, + 133, + 134, + 135, + 136, + 137, + 138, + 139 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "transfer(address,uint256)" } } }, "additional_fields": { "underlying_type": "variables_written", - "variable_name": "proposals" + "variable_name": "balances" } }, { "type": "node", - "name": "p.splitData[0].rewardToken = rewardToken[address(this)]", + "name": "transfer(_to,_value)", "source_mapping": { - "start": 37515, - "length": 55, + "start": 41331, + "length": 28, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 982 + 1094 ], - "starting_column": 13, - "ending_column": 68 + "starting_column": 9, + "ending_column": 37 }, "type_specific_fields": { "parent": { "type": "function", - "name": "splitDAO", + "name": "transferWithoutReward", "source_mapping": { - "start": 36148, - "length": 2849, + "start": 41191, + "length": 175, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 947, - 948, - 949, - 950, - 951, - 952, - 953, - 954, - 955, - 956, - 957, - 958, - 959, - 960, - 961, - 962, - 963, - 964, - 965, - 966, - 967, - 968, - 969, - 970, - 971, - 972, - 973, - 974, - 975, - 976, - 977, - 978, - 979, - 980, - 981, - 982, - 983, - 984, - 985, - 986, - 987, - 988, - 989, - 990, - 991, - 992, - 993, - 994, - 995, - 996, - 997, - 998, - 999, - 1000, - 1001, - 1002, - 1003, - 1004, - 1005, - 1006, - 1007, - 1008, - 1009, - 1010, - 1011, - 1012, - 1013, - 1014, - 1015, - 1016, - 1017, - 1018, - 1019, - 1020 + 1091, + 1092, + 1093, + 1094, + 1095 ], "starting_column": 5, "ending_column": 6 @@ -20768,123 +18723,62 @@ 1220, 1221, 1222, - 1223 - ], - "starting_column": 1, - "ending_column": 2 - } - }, - "signature": "splitDAO(uint256,address)" - } - } - }, - "additional_fields": { - "underlying_type": "variables_written", - "variable_name": "proposals" - } - }, - { - "type": "node", - "name": "p.splitData[0].totalSupply = totalSupply", - "source_mapping": { - "start": 37584, - "length": 40, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 983 - ], - "starting_column": 13, - "ending_column": 53 - }, - "type_specific_fields": { - "parent": { - "type": "function", - "name": "splitDAO", - "source_mapping": { - "start": 36148, - "length": 2849, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 947, - 948, - 949, - 950, - 951, - 952, - 953, - 954, - 955, - 956, - 957, - 958, - 959, - 960, - 961, - 962, - 963, - 964, - 965, - 966, - 967, - 968, - 969, - 970, - 971, - 972, - 973, - 974, - 975, - 976, - 977, - 978, - 979, - 980, - 981, - 982, - 983, - 984, - 985, - 986, - 987, - 988, - 989, - 990, - 991, - 992, - 993, - 994, - 995, - 996, - 997, - 998, - 999, - 1000, - 1001, - 1002, - 1003, - 1004, - 1005, - 1006, - 1007, - 1008, - 1009, - 1010, - 1011, - 1012, - 1013, - 1014, - 1015, - 1016, - 1017, - 1018, - 1019, - 1020 + 1223 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "transferWithoutReward(address,uint256)" + } + } + }, + "additional_fields": { + "underlying_type": "variables_written", + "variable_name": "paidOut" + } + }, + { + "type": "node", + "name": "paidOut[_from] -= transferPaidOut", + "source_mapping": { + "start": 42279, + "length": 33, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 1133 + ], + "starting_column": 9, + "ending_column": 42 + }, + "type_specific_fields": { + "parent": { + "type": "function", + "name": "transferPaidOut", + "source_mapping": { + "start": 41997, + "length": 384, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 1124, + 1125, + 1126, + 1127, + 1128, + 1129, + 1130, + 1131, + 1132, + 1133, + 1134, + 1135, + 1136 ], "starting_column": 5, "ending_column": 6 @@ -21436,117 +19330,56 @@ "ending_column": 2 } }, - "signature": "splitDAO(uint256,address)" + "signature": "transferPaidOut(address,address,uint256)" } } }, "additional_fields": { "underlying_type": "variables_written", - "variable_name": "proposals" + "variable_name": "paidOut" } }, { "type": "node", - "name": "p.proposalPassed = true", + "name": "paidOut[_to] += transferPaidOut", "source_mapping": { - "start": 37638, - "length": 23, + "start": 42322, + "length": 31, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 984 + 1134 ], - "starting_column": 13, - "ending_column": 36 + "starting_column": 9, + "ending_column": 40 }, "type_specific_fields": { "parent": { "type": "function", - "name": "splitDAO", + "name": "transferPaidOut", "source_mapping": { - "start": 36148, - "length": 2849, + "start": 41997, + "length": 384, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 947, - 948, - 949, - 950, - 951, - 952, - 953, - 954, - 955, - 956, - 957, - 958, - 959, - 960, - 961, - 962, - 963, - 964, - 965, - 966, - 967, - 968, - 969, - 970, - 971, - 972, - 973, - 974, - 975, - 976, - 977, - 978, - 979, - 980, - 981, - 982, - 983, - 984, - 985, - 986, - 987, - 988, - 989, - 990, - 991, - 992, - 993, - 994, - 995, - 996, - 997, - 998, - 999, - 1000, - 1001, - 1002, - 1003, - 1004, - 1005, - 1006, - 1007, - 1008, - 1009, - 1010, - 1011, - 1012, - 1013, - 1014, - 1015, - 1016, - 1017, - 1018, - 1019, - 1020 + 1124, + 1125, + 1126, + 1127, + 1128, + 1129, + 1130, + 1131, + 1132, + 1133, + 1134, + 1135, + 1136 ], "starting_column": 5, "ending_column": 6 @@ -22098,20 +19931,20 @@ "ending_column": 2 } }, - "signature": "splitDAO(uint256,address)" + "signature": "transferPaidOut(address,address,uint256)" } } }, "additional_fields": { "underlying_type": "variables_written", - "variable_name": "proposals" + "variable_name": "paidOut" } } ], - "description": "Reentrancy in DAO.splitDAO(uint256,address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#947-1020):\n\tExternal calls:\n\t- p.splitData[0].newDAO = createNewDAO(_newCurator) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#974)\n\t\t- daoCreator.createDAO(_newCurator,0,0,now + splitExecutionPeriod) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1196)\n\tState variables written after the call(s):\n\t- p.splitData[0].splitBalance = actualBalance() (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#981)\n\t- p.splitData[0].rewardToken = rewardToken[address(this)] (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#982)\n\t- p.splitData[0].totalSupply = totalSupply (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#983)\n\t- p.proposalPassed = true (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#984)\n", - "markdown": "Reentrancy in [DAO.splitDAO(uint256,address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L947-L1020):\n\tExternal calls:\n\t- [p.splitData[0].newDAO = createNewDAO(_newCurator)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L974)\n\t\t- [daoCreator.createDAO(_newCurator,0,0,now + splitExecutionPeriod)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1196)\n\tState variables written after the call(s):\n\t- [p.splitData[0].splitBalance = actualBalance()](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L981)\n\t- [p.splitData[0].rewardToken = rewardToken[address(this)]](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L982)\n\t- [p.splitData[0].totalSupply = totalSupply](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L983)\n\t- [p.proposalPassed = true](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L984)\n", - "first_markdown_element": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L947-L1020", - "id": "ca170302627c298d8230a6d9f9cae19a84c58325d2df49a6ef15a0b17208bf00", + "description": "Reentrancy in DAO.transferWithoutReward(address,uint256) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1091-1095):\n\tExternal calls:\n\t- ! getMyReward() (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1092)\n\t\t- (balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply < paidOut[_account] (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1065)\n\t\t- reward = (balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply - paidOut[_account] (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1068-1069)\n\t\t- ! rewardAccount.payOut(_account,reward) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1070)\n\tState variables written after the call(s):\n\t- transfer(_to,_value) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1094)\n\t\t- balances[msg.sender] -= _amount (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#101)\n\t\t- balances[_to] += _amount (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#102)\n\tTokenInterface.balances (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#41) can be used in cross function reentrancies:\n\t- Token.transfer(address,uint256) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#99-108)\n\t- TokenCreation.createTokenProxy(address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#299-316)\n\t- DAO.splitDAO(uint256,address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#947-1020)\n\t- DAO.vote(uint256,bool) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#820-850)\n\t- Token.balanceOf(address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#95-97)\n\t- TokenCreation.refund() (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#318-332)\n\t- Token.transferFrom(address,address,uint256) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#110-128)\n\t- transfer(_to,_value) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1094)\n\t\t- paidOut[_from] -= transferPaidOut (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1133)\n\t\t- paidOut[_to] += transferPaidOut (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1134)\n\tDAOInterface.paidOut (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#426) can be used in cross function reentrancies:\n\t- DAO.splitDAO(uint256,address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#947-1020)\n\t- DAO.transferPaidOut(address,address,uint256) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1124-1136)\n\t- DAO.withdrawRewardFor(address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1064-1074)\n\t- DAOInterface.paidOut (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#426)\n", + "markdown": "Reentrancy in [DAO.transferWithoutReward(address,uint256)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1091-L1095):\n\tExternal calls:\n\t- [! getMyReward()](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1092)\n\t\t- [(balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply < paidOut[_account]](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1065)\n\t\t- [reward = (balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply - paidOut[_account]](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1068-L1069)\n\t\t- [! rewardAccount.payOut(_account,reward)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1070)\n\tState variables written after the call(s):\n\t- [transfer(_to,_value)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1094)\n\t\t- [balances[msg.sender] -= _amount](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L101)\n\t\t- [balances[_to] += _amount](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L102)\n\t[TokenInterface.balances](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L41) can be used in cross function reentrancies:\n\t- [Token.transfer(address,uint256)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L99-L108)\n\t- [TokenCreation.createTokenProxy(address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L299-L316)\n\t- [DAO.splitDAO(uint256,address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L947-L1020)\n\t- [DAO.vote(uint256,bool)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L820-L850)\n\t- [Token.balanceOf(address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L95-L97)\n\t- [TokenCreation.refund()](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L318-L332)\n\t- [Token.transferFrom(address,address,uint256)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L110-L128)\n\t- [transfer(_to,_value)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1094)\n\t\t- [paidOut[_from] -= transferPaidOut](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1133)\n\t\t- [paidOut[_to] += transferPaidOut](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1134)\n\t[DAOInterface.paidOut](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L426) can be used in cross function reentrancies:\n\t- [DAO.splitDAO(uint256,address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L947-L1020)\n\t- [DAO.transferPaidOut(address,address,uint256)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1124-L1136)\n\t- [DAO.withdrawRewardFor(address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1064-L1074)\n\t- [DAOInterface.paidOut](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L426)\n", + "first_markdown_element": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1091-L1095", + "id": "44124a3b90da24c2f4c671b87ae917299ba79bcf99ad0cd2f5f0208463ca47f7", "check": "reentrancy-no-eth", "impact": "Medium", "confidence": "Medium" @@ -25140,10 +22973,10 @@ } } ], - "description": "Reentrancy in DAO.retrieveDAOReward(bool) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1037-1057):\n\tExternal calls:\n\t- reward = (rewardToken[msg.sender] * DAOrewardAccount.accumulatedInput()) / totalRewardToken - DAOpaidOut[msg.sender] (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1044-1046)\n\t- ! DAOrewardAccount.payOut(dao.rewardAccount(),reward) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1048)\n\t- ! DAOrewardAccount.payOut(dao,reward) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1052)\n\tState variables written after the call(s):\n\t- DAOpaidOut[msg.sender] += reward (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1055)\n", - "markdown": "Reentrancy in [DAO.retrieveDAOReward(bool)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1037-L1057):\n\tExternal calls:\n\t- [reward = (rewardToken[msg.sender] * DAOrewardAccount.accumulatedInput()) / totalRewardToken - DAOpaidOut[msg.sender]](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1044-L1046)\n\t- [! DAOrewardAccount.payOut(dao.rewardAccount(),reward)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1048)\n\t- [! DAOrewardAccount.payOut(dao,reward)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1052)\n\tState variables written after the call(s):\n\t- [DAOpaidOut[msg.sender] += reward](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1055)\n", + "description": "Reentrancy in DAO.retrieveDAOReward(bool) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1037-1057):\n\tExternal calls:\n\t- reward = (rewardToken[msg.sender] * DAOrewardAccount.accumulatedInput()) / totalRewardToken - DAOpaidOut[msg.sender] (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1044-1046)\n\t- ! DAOrewardAccount.payOut(dao.rewardAccount(),reward) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1048)\n\t- ! DAOrewardAccount.payOut(dao,reward) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1052)\n\tState variables written after the call(s):\n\t- DAOpaidOut[msg.sender] += reward (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1055)\n\tDAOInterface.DAOpaidOut (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#423) can be used in cross function reentrancies:\n\t- DAO.splitDAO(uint256,address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#947-1020)\n\t- DAO.newContract(address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1022-1034)\n\t- DAOInterface.DAOpaidOut (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#423)\n\t- DAO.retrieveDAOReward(bool) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1037-1057)\n", + "markdown": "Reentrancy in [DAO.retrieveDAOReward(bool)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1037-L1057):\n\tExternal calls:\n\t- [reward = (rewardToken[msg.sender] * DAOrewardAccount.accumulatedInput()) / totalRewardToken - DAOpaidOut[msg.sender]](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1044-L1046)\n\t- [! DAOrewardAccount.payOut(dao.rewardAccount(),reward)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1048)\n\t- [! DAOrewardAccount.payOut(dao,reward)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1052)\n\tState variables written after the call(s):\n\t- [DAOpaidOut[msg.sender] += reward](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1055)\n\t[DAOInterface.DAOpaidOut](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L423) can be used in cross function reentrancies:\n\t- [DAO.splitDAO(uint256,address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L947-L1020)\n\t- [DAO.newContract(address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1022-L1034)\n\t- [DAOInterface.DAOpaidOut](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L423)\n\t- [DAO.retrieveDAOReward(bool)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1037-L1057)\n", "first_markdown_element": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1037-L1057", - "id": "f4fcbe9e693a60538ed19ff7c298fa578309af52604f3265bac4254b82e45d8f", + "id": "6275c27bb80d9d1ab0d9125193b9c8e8c12670aae64a93559b09ec160bcbf5e7", "check": "reentrancy-no-eth", "impact": "Medium", "confidence": "Medium" @@ -25152,26 +22985,89 @@ "elements": [ { "type": "function", - "name": "withdrawRewardFor", + "name": "splitDAO", "source_mapping": { - "start": 40361, - "length": 473, + "start": 36148, + "length": 2849, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1064, - 1065, - 1066, - 1067, - 1068, - 1069, - 1070, - 1071, - 1072, - 1073, - 1074 + 947, + 948, + 949, + 950, + 951, + 952, + 953, + 954, + 955, + 956, + 957, + 958, + 959, + 960, + 961, + 962, + 963, + 964, + 965, + 966, + 967, + 968, + 969, + 970, + 971, + 972, + 973, + 974, + 975, + 976, + 977, + 978, + 979, + 980, + 981, + 982, + 983, + 984, + 985, + 986, + 987, + 988, + 989, + 990, + 991, + 992, + 993, + 994, + 995, + 996, + 997, + 998, + 999, + 1000, + 1001, + 1002, + 1003, + 1004, + 1005, + 1006, + 1007, + 1008, + 1009, + 1010, + 1011, + 1012, + 1013, + 1014, + 1015, + 1016, + 1017, + 1018, + 1019, + 1020 ], "starting_column": 5, "ending_column": 6 @@ -25691,81 +23587,2057 @@ 1194, 1195, 1196, - 1197, - 1198, - 1199, - 1200, - 1201, - 1202, - 1203, - 1204, - 1205, - 1206, - 1207, - 1208, - 1209, - 1210, - 1211, - 1212, - 1213, - 1214, - 1215, - 1216, - 1217, - 1218, - 1219, - 1220, - 1221, - 1222, - 1223 + 1197, + 1198, + 1199, + 1200, + 1201, + 1202, + 1203, + 1204, + 1205, + 1206, + 1207, + 1208, + 1209, + 1210, + 1211, + 1212, + 1213, + 1214, + 1215, + 1216, + 1217, + 1218, + 1219, + 1220, + 1221, + 1222, + 1223 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "splitDAO(uint256,address)" + } + }, + { + "type": "node", + "name": "p.splitData[0].newDAO = createNewDAO(_newCurator)", + "source_mapping": { + "start": 37159, + "length": 49, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 974 + ], + "starting_column": 13, + "ending_column": 62 + }, + "type_specific_fields": { + "parent": { + "type": "function", + "name": "splitDAO", + "source_mapping": { + "start": 36148, + "length": 2849, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 947, + 948, + 949, + 950, + 951, + 952, + 953, + 954, + 955, + 956, + 957, + 958, + 959, + 960, + 961, + 962, + 963, + 964, + 965, + 966, + 967, + 968, + 969, + 970, + 971, + 972, + 973, + 974, + 975, + 976, + 977, + 978, + 979, + 980, + 981, + 982, + 983, + 984, + 985, + 986, + 987, + 988, + 989, + 990, + 991, + 992, + 993, + 994, + 995, + 996, + 997, + 998, + 999, + 1000, + 1001, + 1002, + 1003, + 1004, + 1005, + 1006, + 1007, + 1008, + 1009, + 1010, + 1011, + 1012, + 1013, + 1014, + 1015, + 1016, + 1017, + 1018, + 1019, + 1020 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "DAO", + "source_mapping": { + "start": 28296, + "length": 17108, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 694, + 695, + 696, + 697, + 698, + 699, + 700, + 701, + 702, + 703, + 704, + 705, + 706, + 707, + 708, + 709, + 710, + 711, + 712, + 713, + 714, + 715, + 716, + 717, + 718, + 719, + 720, + 721, + 722, + 723, + 724, + 725, + 726, + 727, + 728, + 729, + 730, + 731, + 732, + 733, + 734, + 735, + 736, + 737, + 738, + 739, + 740, + 741, + 742, + 743, + 744, + 745, + 746, + 747, + 748, + 749, + 750, + 751, + 752, + 753, + 754, + 755, + 756, + 757, + 758, + 759, + 760, + 761, + 762, + 763, + 764, + 765, + 766, + 767, + 768, + 769, + 770, + 771, + 772, + 773, + 774, + 775, + 776, + 777, + 778, + 779, + 780, + 781, + 782, + 783, + 784, + 785, + 786, + 787, + 788, + 789, + 790, + 791, + 792, + 793, + 794, + 795, + 796, + 797, + 798, + 799, + 800, + 801, + 802, + 803, + 804, + 805, + 806, + 807, + 808, + 809, + 810, + 811, + 812, + 813, + 814, + 815, + 816, + 817, + 818, + 819, + 820, + 821, + 822, + 823, + 824, + 825, + 826, + 827, + 828, + 829, + 830, + 831, + 832, + 833, + 834, + 835, + 836, + 837, + 838, + 839, + 840, + 841, + 842, + 843, + 844, + 845, + 846, + 847, + 848, + 849, + 850, + 851, + 852, + 853, + 854, + 855, + 856, + 857, + 858, + 859, + 860, + 861, + 862, + 863, + 864, + 865, + 866, + 867, + 868, + 869, + 870, + 871, + 872, + 873, + 874, + 875, + 876, + 877, + 878, + 879, + 880, + 881, + 882, + 883, + 884, + 885, + 886, + 887, + 888, + 889, + 890, + 891, + 892, + 893, + 894, + 895, + 896, + 897, + 898, + 899, + 900, + 901, + 902, + 903, + 904, + 905, + 906, + 907, + 908, + 909, + 910, + 911, + 912, + 913, + 914, + 915, + 916, + 917, + 918, + 919, + 920, + 921, + 922, + 923, + 924, + 925, + 926, + 927, + 928, + 929, + 930, + 931, + 932, + 933, + 934, + 935, + 936, + 937, + 938, + 939, + 940, + 941, + 942, + 943, + 944, + 945, + 946, + 947, + 948, + 949, + 950, + 951, + 952, + 953, + 954, + 955, + 956, + 957, + 958, + 959, + 960, + 961, + 962, + 963, + 964, + 965, + 966, + 967, + 968, + 969, + 970, + 971, + 972, + 973, + 974, + 975, + 976, + 977, + 978, + 979, + 980, + 981, + 982, + 983, + 984, + 985, + 986, + 987, + 988, + 989, + 990, + 991, + 992, + 993, + 994, + 995, + 996, + 997, + 998, + 999, + 1000, + 1001, + 1002, + 1003, + 1004, + 1005, + 1006, + 1007, + 1008, + 1009, + 1010, + 1011, + 1012, + 1013, + 1014, + 1015, + 1016, + 1017, + 1018, + 1019, + 1020, + 1021, + 1022, + 1023, + 1024, + 1025, + 1026, + 1027, + 1028, + 1029, + 1030, + 1031, + 1032, + 1033, + 1034, + 1035, + 1036, + 1037, + 1038, + 1039, + 1040, + 1041, + 1042, + 1043, + 1044, + 1045, + 1046, + 1047, + 1048, + 1049, + 1050, + 1051, + 1052, + 1053, + 1054, + 1055, + 1056, + 1057, + 1058, + 1059, + 1060, + 1061, + 1062, + 1063, + 1064, + 1065, + 1066, + 1067, + 1068, + 1069, + 1070, + 1071, + 1072, + 1073, + 1074, + 1075, + 1076, + 1077, + 1078, + 1079, + 1080, + 1081, + 1082, + 1083, + 1084, + 1085, + 1086, + 1087, + 1088, + 1089, + 1090, + 1091, + 1092, + 1093, + 1094, + 1095, + 1096, + 1097, + 1098, + 1099, + 1100, + 1101, + 1102, + 1103, + 1104, + 1105, + 1106, + 1107, + 1108, + 1109, + 1110, + 1111, + 1112, + 1113, + 1114, + 1115, + 1116, + 1117, + 1118, + 1119, + 1120, + 1121, + 1122, + 1123, + 1124, + 1125, + 1126, + 1127, + 1128, + 1129, + 1130, + 1131, + 1132, + 1133, + 1134, + 1135, + 1136, + 1137, + 1138, + 1139, + 1140, + 1141, + 1142, + 1143, + 1144, + 1145, + 1146, + 1147, + 1148, + 1149, + 1150, + 1151, + 1152, + 1153, + 1154, + 1155, + 1156, + 1157, + 1158, + 1159, + 1160, + 1161, + 1162, + 1163, + 1164, + 1165, + 1166, + 1167, + 1168, + 1169, + 1170, + 1171, + 1172, + 1173, + 1174, + 1175, + 1176, + 1177, + 1178, + 1179, + 1180, + 1181, + 1182, + 1183, + 1184, + 1185, + 1186, + 1187, + 1188, + 1189, + 1190, + 1191, + 1192, + 1193, + 1194, + 1195, + 1196, + 1197, + 1198, + 1199, + 1200, + 1201, + 1202, + 1203, + 1204, + 1205, + 1206, + 1207, + 1208, + 1209, + 1210, + 1211, + 1212, + 1213, + 1214, + 1215, + 1216, + 1217, + 1218, + 1219, + 1220, + 1221, + 1222, + 1223 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "splitDAO(uint256,address)" + } + } + }, + "additional_fields": { + "underlying_type": "external_calls" + } + }, + { + "type": "node", + "name": "daoCreator.createDAO(_newCurator,0,0,now + splitExecutionPeriod)", + "source_mapping": { + "start": 44544, + "length": 74, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 1196 + ], + "starting_column": 9, + "ending_column": 83 + }, + "type_specific_fields": { + "parent": { + "type": "function", + "name": "createNewDAO", + "source_mapping": { + "start": 44427, + "length": 198, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 1194, + 1195, + 1196, + 1197 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "DAO", + "source_mapping": { + "start": 28296, + "length": 17108, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 694, + 695, + 696, + 697, + 698, + 699, + 700, + 701, + 702, + 703, + 704, + 705, + 706, + 707, + 708, + 709, + 710, + 711, + 712, + 713, + 714, + 715, + 716, + 717, + 718, + 719, + 720, + 721, + 722, + 723, + 724, + 725, + 726, + 727, + 728, + 729, + 730, + 731, + 732, + 733, + 734, + 735, + 736, + 737, + 738, + 739, + 740, + 741, + 742, + 743, + 744, + 745, + 746, + 747, + 748, + 749, + 750, + 751, + 752, + 753, + 754, + 755, + 756, + 757, + 758, + 759, + 760, + 761, + 762, + 763, + 764, + 765, + 766, + 767, + 768, + 769, + 770, + 771, + 772, + 773, + 774, + 775, + 776, + 777, + 778, + 779, + 780, + 781, + 782, + 783, + 784, + 785, + 786, + 787, + 788, + 789, + 790, + 791, + 792, + 793, + 794, + 795, + 796, + 797, + 798, + 799, + 800, + 801, + 802, + 803, + 804, + 805, + 806, + 807, + 808, + 809, + 810, + 811, + 812, + 813, + 814, + 815, + 816, + 817, + 818, + 819, + 820, + 821, + 822, + 823, + 824, + 825, + 826, + 827, + 828, + 829, + 830, + 831, + 832, + 833, + 834, + 835, + 836, + 837, + 838, + 839, + 840, + 841, + 842, + 843, + 844, + 845, + 846, + 847, + 848, + 849, + 850, + 851, + 852, + 853, + 854, + 855, + 856, + 857, + 858, + 859, + 860, + 861, + 862, + 863, + 864, + 865, + 866, + 867, + 868, + 869, + 870, + 871, + 872, + 873, + 874, + 875, + 876, + 877, + 878, + 879, + 880, + 881, + 882, + 883, + 884, + 885, + 886, + 887, + 888, + 889, + 890, + 891, + 892, + 893, + 894, + 895, + 896, + 897, + 898, + 899, + 900, + 901, + 902, + 903, + 904, + 905, + 906, + 907, + 908, + 909, + 910, + 911, + 912, + 913, + 914, + 915, + 916, + 917, + 918, + 919, + 920, + 921, + 922, + 923, + 924, + 925, + 926, + 927, + 928, + 929, + 930, + 931, + 932, + 933, + 934, + 935, + 936, + 937, + 938, + 939, + 940, + 941, + 942, + 943, + 944, + 945, + 946, + 947, + 948, + 949, + 950, + 951, + 952, + 953, + 954, + 955, + 956, + 957, + 958, + 959, + 960, + 961, + 962, + 963, + 964, + 965, + 966, + 967, + 968, + 969, + 970, + 971, + 972, + 973, + 974, + 975, + 976, + 977, + 978, + 979, + 980, + 981, + 982, + 983, + 984, + 985, + 986, + 987, + 988, + 989, + 990, + 991, + 992, + 993, + 994, + 995, + 996, + 997, + 998, + 999, + 1000, + 1001, + 1002, + 1003, + 1004, + 1005, + 1006, + 1007, + 1008, + 1009, + 1010, + 1011, + 1012, + 1013, + 1014, + 1015, + 1016, + 1017, + 1018, + 1019, + 1020, + 1021, + 1022, + 1023, + 1024, + 1025, + 1026, + 1027, + 1028, + 1029, + 1030, + 1031, + 1032, + 1033, + 1034, + 1035, + 1036, + 1037, + 1038, + 1039, + 1040, + 1041, + 1042, + 1043, + 1044, + 1045, + 1046, + 1047, + 1048, + 1049, + 1050, + 1051, + 1052, + 1053, + 1054, + 1055, + 1056, + 1057, + 1058, + 1059, + 1060, + 1061, + 1062, + 1063, + 1064, + 1065, + 1066, + 1067, + 1068, + 1069, + 1070, + 1071, + 1072, + 1073, + 1074, + 1075, + 1076, + 1077, + 1078, + 1079, + 1080, + 1081, + 1082, + 1083, + 1084, + 1085, + 1086, + 1087, + 1088, + 1089, + 1090, + 1091, + 1092, + 1093, + 1094, + 1095, + 1096, + 1097, + 1098, + 1099, + 1100, + 1101, + 1102, + 1103, + 1104, + 1105, + 1106, + 1107, + 1108, + 1109, + 1110, + 1111, + 1112, + 1113, + 1114, + 1115, + 1116, + 1117, + 1118, + 1119, + 1120, + 1121, + 1122, + 1123, + 1124, + 1125, + 1126, + 1127, + 1128, + 1129, + 1130, + 1131, + 1132, + 1133, + 1134, + 1135, + 1136, + 1137, + 1138, + 1139, + 1140, + 1141, + 1142, + 1143, + 1144, + 1145, + 1146, + 1147, + 1148, + 1149, + 1150, + 1151, + 1152, + 1153, + 1154, + 1155, + 1156, + 1157, + 1158, + 1159, + 1160, + 1161, + 1162, + 1163, + 1164, + 1165, + 1166, + 1167, + 1168, + 1169, + 1170, + 1171, + 1172, + 1173, + 1174, + 1175, + 1176, + 1177, + 1178, + 1179, + 1180, + 1181, + 1182, + 1183, + 1184, + 1185, + 1186, + 1187, + 1188, + 1189, + 1190, + 1191, + 1192, + 1193, + 1194, + 1195, + 1196, + 1197, + 1198, + 1199, + 1200, + 1201, + 1202, + 1203, + 1204, + 1205, + 1206, + 1207, + 1208, + 1209, + 1210, + 1211, + 1212, + 1213, + 1214, + 1215, + 1216, + 1217, + 1218, + 1219, + 1220, + 1221, + 1222, + 1223 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "createNewDAO(address)" + } + } + }, + "additional_fields": { + "underlying_type": "external_calls_sending_eth" + } + }, + { + "type": "node", + "name": "p.splitData[0].splitBalance = actualBalance()", + "source_mapping": { + "start": 37456, + "length": 45, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 981 + ], + "starting_column": 13, + "ending_column": 58 + }, + "type_specific_fields": { + "parent": { + "type": "function", + "name": "splitDAO", + "source_mapping": { + "start": 36148, + "length": 2849, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 947, + 948, + 949, + 950, + 951, + 952, + 953, + 954, + 955, + 956, + 957, + 958, + 959, + 960, + 961, + 962, + 963, + 964, + 965, + 966, + 967, + 968, + 969, + 970, + 971, + 972, + 973, + 974, + 975, + 976, + 977, + 978, + 979, + 980, + 981, + 982, + 983, + 984, + 985, + 986, + 987, + 988, + 989, + 990, + 991, + 992, + 993, + 994, + 995, + 996, + 997, + 998, + 999, + 1000, + 1001, + 1002, + 1003, + 1004, + 1005, + 1006, + 1007, + 1008, + 1009, + 1010, + 1011, + 1012, + 1013, + 1014, + 1015, + 1016, + 1017, + 1018, + 1019, + 1020 ], - "starting_column": 1, - "ending_column": 2 + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "DAO", + "source_mapping": { + "start": 28296, + "length": 17108, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 694, + 695, + 696, + 697, + 698, + 699, + 700, + 701, + 702, + 703, + 704, + 705, + 706, + 707, + 708, + 709, + 710, + 711, + 712, + 713, + 714, + 715, + 716, + 717, + 718, + 719, + 720, + 721, + 722, + 723, + 724, + 725, + 726, + 727, + 728, + 729, + 730, + 731, + 732, + 733, + 734, + 735, + 736, + 737, + 738, + 739, + 740, + 741, + 742, + 743, + 744, + 745, + 746, + 747, + 748, + 749, + 750, + 751, + 752, + 753, + 754, + 755, + 756, + 757, + 758, + 759, + 760, + 761, + 762, + 763, + 764, + 765, + 766, + 767, + 768, + 769, + 770, + 771, + 772, + 773, + 774, + 775, + 776, + 777, + 778, + 779, + 780, + 781, + 782, + 783, + 784, + 785, + 786, + 787, + 788, + 789, + 790, + 791, + 792, + 793, + 794, + 795, + 796, + 797, + 798, + 799, + 800, + 801, + 802, + 803, + 804, + 805, + 806, + 807, + 808, + 809, + 810, + 811, + 812, + 813, + 814, + 815, + 816, + 817, + 818, + 819, + 820, + 821, + 822, + 823, + 824, + 825, + 826, + 827, + 828, + 829, + 830, + 831, + 832, + 833, + 834, + 835, + 836, + 837, + 838, + 839, + 840, + 841, + 842, + 843, + 844, + 845, + 846, + 847, + 848, + 849, + 850, + 851, + 852, + 853, + 854, + 855, + 856, + 857, + 858, + 859, + 860, + 861, + 862, + 863, + 864, + 865, + 866, + 867, + 868, + 869, + 870, + 871, + 872, + 873, + 874, + 875, + 876, + 877, + 878, + 879, + 880, + 881, + 882, + 883, + 884, + 885, + 886, + 887, + 888, + 889, + 890, + 891, + 892, + 893, + 894, + 895, + 896, + 897, + 898, + 899, + 900, + 901, + 902, + 903, + 904, + 905, + 906, + 907, + 908, + 909, + 910, + 911, + 912, + 913, + 914, + 915, + 916, + 917, + 918, + 919, + 920, + 921, + 922, + 923, + 924, + 925, + 926, + 927, + 928, + 929, + 930, + 931, + 932, + 933, + 934, + 935, + 936, + 937, + 938, + 939, + 940, + 941, + 942, + 943, + 944, + 945, + 946, + 947, + 948, + 949, + 950, + 951, + 952, + 953, + 954, + 955, + 956, + 957, + 958, + 959, + 960, + 961, + 962, + 963, + 964, + 965, + 966, + 967, + 968, + 969, + 970, + 971, + 972, + 973, + 974, + 975, + 976, + 977, + 978, + 979, + 980, + 981, + 982, + 983, + 984, + 985, + 986, + 987, + 988, + 989, + 990, + 991, + 992, + 993, + 994, + 995, + 996, + 997, + 998, + 999, + 1000, + 1001, + 1002, + 1003, + 1004, + 1005, + 1006, + 1007, + 1008, + 1009, + 1010, + 1011, + 1012, + 1013, + 1014, + 1015, + 1016, + 1017, + 1018, + 1019, + 1020, + 1021, + 1022, + 1023, + 1024, + 1025, + 1026, + 1027, + 1028, + 1029, + 1030, + 1031, + 1032, + 1033, + 1034, + 1035, + 1036, + 1037, + 1038, + 1039, + 1040, + 1041, + 1042, + 1043, + 1044, + 1045, + 1046, + 1047, + 1048, + 1049, + 1050, + 1051, + 1052, + 1053, + 1054, + 1055, + 1056, + 1057, + 1058, + 1059, + 1060, + 1061, + 1062, + 1063, + 1064, + 1065, + 1066, + 1067, + 1068, + 1069, + 1070, + 1071, + 1072, + 1073, + 1074, + 1075, + 1076, + 1077, + 1078, + 1079, + 1080, + 1081, + 1082, + 1083, + 1084, + 1085, + 1086, + 1087, + 1088, + 1089, + 1090, + 1091, + 1092, + 1093, + 1094, + 1095, + 1096, + 1097, + 1098, + 1099, + 1100, + 1101, + 1102, + 1103, + 1104, + 1105, + 1106, + 1107, + 1108, + 1109, + 1110, + 1111, + 1112, + 1113, + 1114, + 1115, + 1116, + 1117, + 1118, + 1119, + 1120, + 1121, + 1122, + 1123, + 1124, + 1125, + 1126, + 1127, + 1128, + 1129, + 1130, + 1131, + 1132, + 1133, + 1134, + 1135, + 1136, + 1137, + 1138, + 1139, + 1140, + 1141, + 1142, + 1143, + 1144, + 1145, + 1146, + 1147, + 1148, + 1149, + 1150, + 1151, + 1152, + 1153, + 1154, + 1155, + 1156, + 1157, + 1158, + 1159, + 1160, + 1161, + 1162, + 1163, + 1164, + 1165, + 1166, + 1167, + 1168, + 1169, + 1170, + 1171, + 1172, + 1173, + 1174, + 1175, + 1176, + 1177, + 1178, + 1179, + 1180, + 1181, + 1182, + 1183, + 1184, + 1185, + 1186, + 1187, + 1188, + 1189, + 1190, + 1191, + 1192, + 1193, + 1194, + 1195, + 1196, + 1197, + 1198, + 1199, + 1200, + 1201, + 1202, + 1203, + 1204, + 1205, + 1206, + 1207, + 1208, + 1209, + 1210, + 1211, + 1212, + 1213, + 1214, + 1215, + 1216, + 1217, + 1218, + 1219, + 1220, + 1221, + 1222, + 1223 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "splitDAO(uint256,address)" } - }, - "signature": "withdrawRewardFor(address)" + } + }, + "additional_fields": { + "underlying_type": "variables_written", + "variable_name": "proposals" } }, { "type": "node", - "name": "reward = (balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply - paidOut[_account]", + "name": "p.splitData[0].rewardToken = rewardToken[address(this)]", "source_mapping": { - "start": 40581, - "length": 116, + "start": 37515, + "length": 55, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1068, - 1069 + 982 ], - "starting_column": 9, - "ending_column": 103 + "starting_column": 13, + "ending_column": 68 }, "type_specific_fields": { "parent": { "type": "function", - "name": "withdrawRewardFor", + "name": "splitDAO", "source_mapping": { - "start": 40361, - "length": 473, + "start": 36148, + "length": 2849, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1064, - 1065, - 1066, - 1067, - 1068, - 1069, - 1070, - 1071, - 1072, - 1073, - 1074 + 947, + 948, + 949, + 950, + 951, + 952, + 953, + 954, + 955, + 956, + 957, + 958, + 959, + 960, + 961, + 962, + 963, + 964, + 965, + 966, + 967, + 968, + 969, + 970, + 971, + 972, + 973, + 974, + 975, + 976, + 977, + 978, + 979, + 980, + 981, + 982, + 983, + 984, + 985, + 986, + 987, + 988, + 989, + 990, + 991, + 992, + 993, + 994, + 995, + 996, + 997, + 998, + 999, + 1000, + 1001, + 1002, + 1003, + 1004, + 1005, + 1006, + 1007, + 1008, + 1009, + 1010, + 1011, + 1012, + 1013, + 1014, + 1015, + 1016, + 1017, + 1018, + 1019, + 1020 ], "starting_column": 5, "ending_column": 6 @@ -26317,53 +26189,117 @@ "ending_column": 2 } }, - "signature": "withdrawRewardFor(address)" + "signature": "splitDAO(uint256,address)" } } }, "additional_fields": { - "underlying_type": "external_calls" + "underlying_type": "variables_written", + "variable_name": "proposals" } }, { "type": "node", - "name": "! rewardAccount.payOut(_account,reward)", + "name": "p.splitData[0].totalSupply = totalSupply", "source_mapping": { - "start": 40711, - "length": 39, + "start": 37584, + "length": 40, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1070 + 983 ], "starting_column": 13, - "ending_column": 52 + "ending_column": 53 }, "type_specific_fields": { "parent": { "type": "function", - "name": "withdrawRewardFor", + "name": "splitDAO", "source_mapping": { - "start": 40361, - "length": 473, + "start": 36148, + "length": 2849, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1064, - 1065, - 1066, - 1067, - 1068, - 1069, - 1070, - 1071, - 1072, - 1073, - 1074 + 947, + 948, + 949, + 950, + 951, + 952, + 953, + 954, + 955, + 956, + 957, + 958, + 959, + 960, + 961, + 962, + 963, + 964, + 965, + 966, + 967, + 968, + 969, + 970, + 971, + 972, + 973, + 974, + 975, + 976, + 977, + 978, + 979, + 980, + 981, + 982, + 983, + 984, + 985, + 986, + 987, + 988, + 989, + 990, + 991, + 992, + 993, + 994, + 995, + 996, + 997, + 998, + 999, + 1000, + 1001, + 1002, + 1003, + 1004, + 1005, + 1006, + 1007, + 1008, + 1009, + 1010, + 1011, + 1012, + 1013, + 1014, + 1015, + 1016, + 1017, + 1018, + 1019, + 1020 ], "starting_column": 5, "ending_column": 6 @@ -26915,53 +26851,117 @@ "ending_column": 2 } }, - "signature": "withdrawRewardFor(address)" + "signature": "splitDAO(uint256,address)" } } }, "additional_fields": { - "underlying_type": "external_calls" + "underlying_type": "variables_written", + "variable_name": "proposals" } }, { "type": "node", - "name": "paidOut[_account] += reward", + "name": "p.proposalPassed = true", "source_mapping": { - "start": 40779, - "length": 27, + "start": 37638, + "length": 23, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1072 + 984 ], - "starting_column": 9, + "starting_column": 13, "ending_column": 36 }, "type_specific_fields": { "parent": { "type": "function", - "name": "withdrawRewardFor", + "name": "splitDAO", "source_mapping": { - "start": 40361, - "length": 473, + "start": 36148, + "length": 2849, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1064, - 1065, - 1066, - 1067, - 1068, - 1069, - 1070, - 1071, - 1072, - 1073, - 1074 + 947, + 948, + 949, + 950, + 951, + 952, + 953, + 954, + 955, + 956, + 957, + 958, + 959, + 960, + 961, + 962, + 963, + 964, + 965, + 966, + 967, + 968, + 969, + 970, + 971, + 972, + 973, + 974, + 975, + 976, + 977, + 978, + 979, + 980, + 981, + 982, + 983, + 984, + 985, + 986, + 987, + 988, + 989, + 990, + 991, + 992, + 993, + 994, + 995, + 996, + 997, + 998, + 999, + 1000, + 1001, + 1002, + 1003, + 1004, + 1005, + 1006, + 1007, + 1008, + 1009, + 1010, + 1011, + 1012, + 1013, + 1014, + 1015, + 1016, + 1017, + 1018, + 1019, + 1020 ], "starting_column": 5, "ending_column": 6 @@ -27513,20 +27513,20 @@ "ending_column": 2 } }, - "signature": "withdrawRewardFor(address)" + "signature": "splitDAO(uint256,address)" } } }, "additional_fields": { "underlying_type": "variables_written", - "variable_name": "paidOut" + "variable_name": "proposals" } } ], - "description": "Reentrancy in DAO.withdrawRewardFor(address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1064-1074):\n\tExternal calls:\n\t- reward = (balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply - paidOut[_account] (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1068-1069)\n\t- ! rewardAccount.payOut(_account,reward) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1070)\n\tState variables written after the call(s):\n\t- paidOut[_account] += reward (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1072)\n", - "markdown": "Reentrancy in [DAO.withdrawRewardFor(address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1064-L1074):\n\tExternal calls:\n\t- [reward = (balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply - paidOut[_account]](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1068-L1069)\n\t- [! rewardAccount.payOut(_account,reward)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1070)\n\tState variables written after the call(s):\n\t- [paidOut[_account] += reward](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1072)\n", - "first_markdown_element": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1064-L1074", - "id": "fb092ddf0ad631483e2154ebe8224d43f9bf6212386128fcac54c051b2db88db", + "description": "Reentrancy in DAO.splitDAO(uint256,address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#947-1020):\n\tExternal calls:\n\t- p.splitData[0].newDAO = createNewDAO(_newCurator) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#974)\n\t\t- daoCreator.createDAO(_newCurator,0,0,now + splitExecutionPeriod) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1196)\n\tState variables written after the call(s):\n\t- p.splitData[0].splitBalance = actualBalance() (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#981)\n\tDAOInterface.proposals (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#394) can be used in cross function reentrancies:\n\t- DAO.DAO(address,DAO_Creator,uint256,uint256,uint256,address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#702-726)\n\t- DAO.splitDAO(uint256,address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#947-1020)\n\t- DAO.closeProposal(uint256) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#940-945)\n\t- DAO.executeProposal(uint256,bytes) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#853-937)\n\t- DAO.vote(uint256,bool) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#820-850)\n\t- DAO.checkProposalCode(uint256,address,uint256,bytes) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#809-817)\n\t- DAO.isBlocked(address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1208-1218)\n\t- DAO.newProposal(address,uint256,string,bytes,uint256,bool) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#741-806)\n\t- DAOInterface.proposals (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#394)\n\t- DAO.getNewDAOAddress(uint256) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1204-1206)\n\t- DAO.numberOfProposals() (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1199-1202)\n\t- p.splitData[0].rewardToken = rewardToken[address(this)] (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#982)\n\tDAOInterface.proposals (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#394) can be used in cross function reentrancies:\n\t- DAO.DAO(address,DAO_Creator,uint256,uint256,uint256,address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#702-726)\n\t- DAO.splitDAO(uint256,address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#947-1020)\n\t- DAO.closeProposal(uint256) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#940-945)\n\t- DAO.executeProposal(uint256,bytes) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#853-937)\n\t- DAO.vote(uint256,bool) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#820-850)\n\t- DAO.checkProposalCode(uint256,address,uint256,bytes) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#809-817)\n\t- DAO.isBlocked(address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1208-1218)\n\t- DAO.newProposal(address,uint256,string,bytes,uint256,bool) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#741-806)\n\t- DAOInterface.proposals (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#394)\n\t- DAO.getNewDAOAddress(uint256) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1204-1206)\n\t- DAO.numberOfProposals() (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1199-1202)\n\t- p.splitData[0].totalSupply = totalSupply (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#983)\n\tDAOInterface.proposals (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#394) can be used in cross function reentrancies:\n\t- DAO.DAO(address,DAO_Creator,uint256,uint256,uint256,address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#702-726)\n\t- DAO.splitDAO(uint256,address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#947-1020)\n\t- DAO.closeProposal(uint256) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#940-945)\n\t- DAO.executeProposal(uint256,bytes) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#853-937)\n\t- DAO.vote(uint256,bool) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#820-850)\n\t- DAO.checkProposalCode(uint256,address,uint256,bytes) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#809-817)\n\t- DAO.isBlocked(address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1208-1218)\n\t- DAO.newProposal(address,uint256,string,bytes,uint256,bool) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#741-806)\n\t- DAOInterface.proposals (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#394)\n\t- DAO.getNewDAOAddress(uint256) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1204-1206)\n\t- DAO.numberOfProposals() (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1199-1202)\n\t- p.proposalPassed = true (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#984)\n\tDAOInterface.proposals (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#394) can be used in cross function reentrancies:\n\t- DAO.DAO(address,DAO_Creator,uint256,uint256,uint256,address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#702-726)\n\t- DAO.splitDAO(uint256,address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#947-1020)\n\t- DAO.closeProposal(uint256) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#940-945)\n\t- DAO.executeProposal(uint256,bytes) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#853-937)\n\t- DAO.vote(uint256,bool) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#820-850)\n\t- DAO.checkProposalCode(uint256,address,uint256,bytes) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#809-817)\n\t- DAO.isBlocked(address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1208-1218)\n\t- DAO.newProposal(address,uint256,string,bytes,uint256,bool) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#741-806)\n\t- DAOInterface.proposals (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#394)\n\t- DAO.getNewDAOAddress(uint256) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1204-1206)\n\t- DAO.numberOfProposals() (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1199-1202)\n", + "markdown": "Reentrancy in [DAO.splitDAO(uint256,address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L947-L1020):\n\tExternal calls:\n\t- [p.splitData[0].newDAO = createNewDAO(_newCurator)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L974)\n\t\t- [daoCreator.createDAO(_newCurator,0,0,now + splitExecutionPeriod)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1196)\n\tState variables written after the call(s):\n\t- [p.splitData[0].splitBalance = actualBalance()](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L981)\n\t[DAOInterface.proposals](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L394) can be used in cross function reentrancies:\n\t- [DAO.DAO(address,DAO_Creator,uint256,uint256,uint256,address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L702-L726)\n\t- [DAO.splitDAO(uint256,address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L947-L1020)\n\t- [DAO.closeProposal(uint256)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L940-L945)\n\t- [DAO.executeProposal(uint256,bytes)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L853-L937)\n\t- [DAO.vote(uint256,bool)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L820-L850)\n\t- [DAO.checkProposalCode(uint256,address,uint256,bytes)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L809-L817)\n\t- [DAO.isBlocked(address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1208-L1218)\n\t- [DAO.newProposal(address,uint256,string,bytes,uint256,bool)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L741-L806)\n\t- [DAOInterface.proposals](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L394)\n\t- [DAO.getNewDAOAddress(uint256)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1204-L1206)\n\t- [DAO.numberOfProposals()](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1199-L1202)\n\t- [p.splitData[0].rewardToken = rewardToken[address(this)]](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L982)\n\t[DAOInterface.proposals](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L394) can be used in cross function reentrancies:\n\t- [DAO.DAO(address,DAO_Creator,uint256,uint256,uint256,address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L702-L726)\n\t- [DAO.splitDAO(uint256,address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L947-L1020)\n\t- [DAO.closeProposal(uint256)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L940-L945)\n\t- [DAO.executeProposal(uint256,bytes)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L853-L937)\n\t- [DAO.vote(uint256,bool)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L820-L850)\n\t- [DAO.checkProposalCode(uint256,address,uint256,bytes)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L809-L817)\n\t- [DAO.isBlocked(address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1208-L1218)\n\t- [DAO.newProposal(address,uint256,string,bytes,uint256,bool)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L741-L806)\n\t- [DAOInterface.proposals](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L394)\n\t- [DAO.getNewDAOAddress(uint256)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1204-L1206)\n\t- [DAO.numberOfProposals()](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1199-L1202)\n\t- [p.splitData[0].totalSupply = totalSupply](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L983)\n\t[DAOInterface.proposals](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L394) can be used in cross function reentrancies:\n\t- [DAO.DAO(address,DAO_Creator,uint256,uint256,uint256,address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L702-L726)\n\t- [DAO.splitDAO(uint256,address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L947-L1020)\n\t- [DAO.closeProposal(uint256)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L940-L945)\n\t- [DAO.executeProposal(uint256,bytes)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L853-L937)\n\t- [DAO.vote(uint256,bool)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L820-L850)\n\t- [DAO.checkProposalCode(uint256,address,uint256,bytes)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L809-L817)\n\t- [DAO.isBlocked(address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1208-L1218)\n\t- [DAO.newProposal(address,uint256,string,bytes,uint256,bool)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L741-L806)\n\t- [DAOInterface.proposals](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L394)\n\t- [DAO.getNewDAOAddress(uint256)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1204-L1206)\n\t- [DAO.numberOfProposals()](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1199-L1202)\n\t- [p.proposalPassed = true](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L984)\n\t[DAOInterface.proposals](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L394) can be used in cross function reentrancies:\n\t- [DAO.DAO(address,DAO_Creator,uint256,uint256,uint256,address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L702-L726)\n\t- [DAO.splitDAO(uint256,address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L947-L1020)\n\t- [DAO.closeProposal(uint256)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L940-L945)\n\t- [DAO.executeProposal(uint256,bytes)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L853-L937)\n\t- [DAO.vote(uint256,bool)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L820-L850)\n\t- [DAO.checkProposalCode(uint256,address,uint256,bytes)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L809-L817)\n\t- [DAO.isBlocked(address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1208-L1218)\n\t- [DAO.newProposal(address,uint256,string,bytes,uint256,bool)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L741-L806)\n\t- [DAOInterface.proposals](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L394)\n\t- [DAO.getNewDAOAddress(uint256)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1204-L1206)\n\t- [DAO.numberOfProposals()](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1199-L1202)\n", + "first_markdown_element": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L947-L1020", + "id": "a29fd7cc3b139b8557f0b567f7d6fd65848b7e89128fcdbd7b170fc326f2d034", "check": "reentrancy-no-eth", "impact": "Medium", "confidence": "Medium" diff --git a/tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol.0.4.25.ReentrancyReadBeforeWritten.json b/tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol.0.4.25.ReentrancyReadBeforeWritten.json index db8e6c5a9..cd221e264 100644 --- a/tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol.0.4.25.ReentrancyReadBeforeWritten.json +++ b/tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol.0.4.25.ReentrancyReadBeforeWritten.json @@ -285,10 +285,10 @@ } } ], - "description": "Reentrancy in ReentrancyWrite.bad0() (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#16-22):\n\tExternal calls:\n\t- ! (msg.sender.call()) (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#18)\n\tState variables written after the call(s):\n\t- notCalled = false (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#21)\n", - "markdown": "Reentrancy in [ReentrancyWrite.bad0()](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L16-L22):\n\tExternal calls:\n\t- [! (msg.sender.call())](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L18)\n\tState variables written after the call(s):\n\t- [notCalled = false](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L21)\n", + "description": "Reentrancy in ReentrancyWrite.bad0() (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#16-22):\n\tExternal calls:\n\t- ! (msg.sender.call()) (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#18)\n\tState variables written after the call(s):\n\t- notCalled = false (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#21)\n\tReentrancyWrite.notCalled (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#4) can be used in cross function reentrancies:\n\t- ReentrancyWrite.bad1(address) (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#24-29)\n\t- ReentrancyWrite.good() (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#31-37)\n\t- ReentrancyWrite.bad0() (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#16-22)\n\t- ReentrancyWrite.constructor(address) (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#7-14)\n", + "markdown": "Reentrancy in [ReentrancyWrite.bad0()](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L16-L22):\n\tExternal calls:\n\t- [! (msg.sender.call())](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L18)\n\tState variables written after the call(s):\n\t- [notCalled = false](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L21)\n\t[ReentrancyWrite.notCalled](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L4) can be used in cross function reentrancies:\n\t- [ReentrancyWrite.bad1(address)](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L24-L29)\n\t- [ReentrancyWrite.good()](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L31-L37)\n\t- [ReentrancyWrite.bad0()](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L16-L22)\n\t- [ReentrancyWrite.constructor(address)](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L7-L14)\n", "first_markdown_element": "tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L16-L22", - "id": "296bbfc5c41b40046e8fc0563e89099df3ff17caf0bd3ff8dde0271aacd8d981", + "id": "3bc05460c227cccc946c2f7168a6a1c08270f2bb11cae6b62f0126a11c567e4d", "check": "reentrancy-no-eth", "impact": "Medium", "confidence": "Medium" @@ -878,10 +878,10 @@ } } ], - "description": "Reentrancy in ReentrancyWrite.bad1(address) (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#24-29):\n\tExternal calls:\n\t- success = msg.sender.call() (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#26)\n\t- bad0() (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#28)\n\t\t- ! (msg.sender.call()) (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#18)\n\tState variables written after the call(s):\n\t- bad0() (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#28)\n\t\t- notCalled = false (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#21)\n", - "markdown": "Reentrancy in [ReentrancyWrite.bad1(address)](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L24-L29):\n\tExternal calls:\n\t- [success = msg.sender.call()](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L26)\n\t- [bad0()](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L28)\n\t\t- [! (msg.sender.call())](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L18)\n\tState variables written after the call(s):\n\t- [bad0()](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L28)\n\t\t- [notCalled = false](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L21)\n", + "description": "Reentrancy in ReentrancyWrite.bad1(address) (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#24-29):\n\tExternal calls:\n\t- success = msg.sender.call() (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#26)\n\t- bad0() (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#28)\n\t\t- ! (msg.sender.call()) (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#18)\n\tState variables written after the call(s):\n\t- bad0() (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#28)\n\t\t- notCalled = false (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#21)\n\tReentrancyWrite.notCalled (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#4) can be used in cross function reentrancies:\n\t- ReentrancyWrite.bad1(address) (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#24-29)\n\t- ReentrancyWrite.good() (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#31-37)\n\t- ReentrancyWrite.bad0() (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#16-22)\n\t- ReentrancyWrite.constructor(address) (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#7-14)\n", + "markdown": "Reentrancy in [ReentrancyWrite.bad1(address)](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L24-L29):\n\tExternal calls:\n\t- [success = msg.sender.call()](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L26)\n\t- [bad0()](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L28)\n\t\t- [! (msg.sender.call())](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L18)\n\tState variables written after the call(s):\n\t- [bad0()](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L28)\n\t\t- [notCalled = false](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L21)\n\t[ReentrancyWrite.notCalled](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L4) can be used in cross function reentrancies:\n\t- [ReentrancyWrite.bad1(address)](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L24-L29)\n\t- [ReentrancyWrite.good()](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L31-L37)\n\t- [ReentrancyWrite.bad0()](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L16-L22)\n\t- [ReentrancyWrite.constructor(address)](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L7-L14)\n", "first_markdown_element": "tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L24-L29", - "id": "93b771e9737b42c786392b01e24457616ec7e54b5dd7714c96a1e67b9dd535f3", + "id": "514836811124969afe8a00811a5b65e796b256cc4c2335a2a47b070ceeea6c56", "check": "reentrancy-no-eth", "impact": "Medium", "confidence": "Medium" diff --git a/tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol.0.5.16.ReentrancyReadBeforeWritten.json b/tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol.0.5.16.ReentrancyReadBeforeWritten.json index f95464351..bdca823bc 100644 --- a/tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol.0.5.16.ReentrancyReadBeforeWritten.json +++ b/tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol.0.5.16.ReentrancyReadBeforeWritten.json @@ -599,10 +599,10 @@ } } ], - "description": "Reentrancy in ReentrancyWrite.bad1(address) (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#25-30):\n\tExternal calls:\n\t- (success) = msg.sender.call() (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#27)\n\t- bad0() (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#29)\n\t\t- (success) = msg.sender.call() (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#18)\n\tState variables written after the call(s):\n\t- bad0() (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#29)\n\t\t- notCalled = false (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#22)\n", - "markdown": "Reentrancy in [ReentrancyWrite.bad1(address)](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L25-L30):\n\tExternal calls:\n\t- [(success) = msg.sender.call()](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L27)\n\t- [bad0()](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L29)\n\t\t- [(success) = msg.sender.call()](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L18)\n\tState variables written after the call(s):\n\t- [bad0()](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L29)\n\t\t- [notCalled = false](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L22)\n", + "description": "Reentrancy in ReentrancyWrite.bad1(address) (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#25-30):\n\tExternal calls:\n\t- (success) = msg.sender.call() (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#27)\n\t- bad0() (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#29)\n\t\t- (success) = msg.sender.call() (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#18)\n\tState variables written after the call(s):\n\t- bad0() (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#29)\n\t\t- notCalled = false (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#22)\n\tReentrancyWrite.notCalled (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#4) can be used in cross function reentrancies:\n\t- ReentrancyWrite.bad1(address) (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#25-30)\n\t- ReentrancyWrite.good() (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#32-39)\n\t- ReentrancyWrite.constructor(address) (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#7-14)\n\t- ReentrancyWrite.bad0() (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#16-23)\n", + "markdown": "Reentrancy in [ReentrancyWrite.bad1(address)](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L25-L30):\n\tExternal calls:\n\t- [(success) = msg.sender.call()](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L27)\n\t- [bad0()](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L29)\n\t\t- [(success) = msg.sender.call()](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L18)\n\tState variables written after the call(s):\n\t- [bad0()](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L29)\n\t\t- [notCalled = false](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L22)\n\t[ReentrancyWrite.notCalled](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L4) can be used in cross function reentrancies:\n\t- [ReentrancyWrite.bad1(address)](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L25-L30)\n\t- [ReentrancyWrite.good()](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L32-L39)\n\t- [ReentrancyWrite.constructor(address)](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L7-L14)\n\t- [ReentrancyWrite.bad0()](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L16-L23)\n", "first_markdown_element": "tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L25-L30", - "id": "9fbfafd0d47ce4f4ead524570f382093c186c4e9e5e96ce0067fce3ffb6dc74a", + "id": "0dd623b92acd7258e533f11a80e357a3b37fd0779dfba04f26838b425911f6aa", "check": "reentrancy-no-eth", "impact": "Medium", "confidence": "Medium" @@ -901,10 +901,10 @@ } } ], - "description": "Reentrancy in ReentrancyWrite.bad0() (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#16-23):\n\tExternal calls:\n\t- (success) = msg.sender.call() (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#18)\n\tState variables written after the call(s):\n\t- notCalled = false (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#22)\n", - "markdown": "Reentrancy in [ReentrancyWrite.bad0()](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L16-L23):\n\tExternal calls:\n\t- [(success) = msg.sender.call()](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L18)\n\tState variables written after the call(s):\n\t- [notCalled = false](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L22)\n", + "description": "Reentrancy in ReentrancyWrite.bad0() (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#16-23):\n\tExternal calls:\n\t- (success) = msg.sender.call() (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#18)\n\tState variables written after the call(s):\n\t- notCalled = false (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#22)\n\tReentrancyWrite.notCalled (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#4) can be used in cross function reentrancies:\n\t- ReentrancyWrite.bad1(address) (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#25-30)\n\t- ReentrancyWrite.good() (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#32-39)\n\t- ReentrancyWrite.constructor(address) (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#7-14)\n\t- ReentrancyWrite.bad0() (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#16-23)\n", + "markdown": "Reentrancy in [ReentrancyWrite.bad0()](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L16-L23):\n\tExternal calls:\n\t- [(success) = msg.sender.call()](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L18)\n\tState variables written after the call(s):\n\t- [notCalled = false](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L22)\n\t[ReentrancyWrite.notCalled](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L4) can be used in cross function reentrancies:\n\t- [ReentrancyWrite.bad1(address)](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L25-L30)\n\t- [ReentrancyWrite.good()](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L32-L39)\n\t- [ReentrancyWrite.constructor(address)](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L7-L14)\n\t- [ReentrancyWrite.bad0()](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L16-L23)\n", "first_markdown_element": "tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L16-L23", - "id": "c9ba81d76d46579f9e78ac96b1aae43b71f2d4a96d4c47b2fab9831bf0f15a8f", + "id": "93009818ac1279458d7d6da3c2fe118a577b904efb7631d3778b8e3e268ada11", "check": "reentrancy-no-eth", "impact": "Medium", "confidence": "Medium" diff --git a/tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol.0.6.11.ReentrancyReadBeforeWritten.json b/tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol.0.6.11.ReentrancyReadBeforeWritten.json index e65491e8a..54f9cb2f0 100644 --- a/tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol.0.6.11.ReentrancyReadBeforeWritten.json +++ b/tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol.0.6.11.ReentrancyReadBeforeWritten.json @@ -4,23 +4,21 @@ "elements": [ { "type": "function", - "name": "bad0", + "name": "bad1", "source_mapping": { - "start": 336, - "length": 188, + "start": 530, + "length": 161, "filename_relative": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol", "is_dependency": false, "lines": [ - 16, - 17, - 18, - 19, - 20, - 21, - 22, - 23 + 25, + 26, + 27, + 28, + 29, + 30 ], "starting_column": 5, "ending_column": 6 @@ -81,21 +79,21 @@ "ending_column": 2 } }, - "signature": "bad0()" + "signature": "bad1(address)" } }, { "type": "node", "name": "(success) = msg.sender.call()", "source_mapping": { - "start": 397, + "start": 605, "length": 37, "filename_relative": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol", "is_dependency": false, "lines": [ - 18 + 27 ], "starting_column": 9, "ending_column": 46 @@ -103,23 +101,21 @@ "type_specific_fields": { "parent": { "type": "function", - "name": "bad0", + "name": "bad1", "source_mapping": { - "start": 336, - "length": 188, + "start": 530, + "length": 161, "filename_relative": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol", "is_dependency": false, "lines": [ - 16, - 17, - 18, - 19, - 20, - 21, - 22, - 23 + 25, + 26, + 27, + 28, + 29, + 30 ], "starting_column": 5, "ending_column": 6 @@ -180,7 +176,7 @@ "ending_column": 2 } }, - "signature": "bad0()" + "signature": "bad1(address)" } } }, @@ -190,40 +186,38 @@ }, { "type": "node", - "name": "notCalled = false", + "name": "bad0()", "source_mapping": { - "start": 500, - "length": 17, + "start": 678, + "length": 6, "filename_relative": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol", "is_dependency": false, "lines": [ - 22 + 29 ], "starting_column": 9, - "ending_column": 26 + "ending_column": 15 }, "type_specific_fields": { "parent": { "type": "function", - "name": "bad0", + "name": "bad1", "source_mapping": { - "start": 336, - "length": 188, + "start": 530, + "length": 161, "filename_relative": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol", "is_dependency": false, "lines": [ - 16, - 17, - 18, - 19, - 20, - 21, - 22, - 23 + 25, + 26, + 27, + 28, + 29, + 30 ], "starting_column": 5, "ending_column": 6 @@ -284,118 +278,26 @@ "ending_column": 2 } }, - "signature": "bad0()" + "signature": "bad1(address)" } } }, "additional_fields": { - "underlying_type": "variables_written", - "variable_name": "notCalled" - } - } - ], - "description": "Reentrancy in ReentrancyWrite.bad0() (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#16-23):\n\tExternal calls:\n\t- (success) = msg.sender.call() (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#18)\n\tState variables written after the call(s):\n\t- notCalled = false (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#22)\n", - "markdown": "Reentrancy in [ReentrancyWrite.bad0()](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L16-L23):\n\tExternal calls:\n\t- [(success) = msg.sender.call()](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L18)\n\tState variables written after the call(s):\n\t- [notCalled = false](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L22)\n", - "first_markdown_element": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L16-L23", - "id": "6d19938cb98129ec5abb0fcde1a08ea92c6ab0125e210a1d4c10f27e9a9419cb", - "check": "reentrancy-no-eth", - "impact": "Medium", - "confidence": "Medium" - }, - { - "elements": [ - { - "type": "function", - "name": "bad1", - "source_mapping": { - "start": 530, - "length": 161, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol", - "is_dependency": false, - "lines": [ - 25, - 26, - 27, - 28, - 29, - 30 - ], - "starting_column": 5, - "ending_column": 6 - }, - "type_specific_fields": { - "parent": { - "type": "contract", - "name": "ReentrancyWrite", - "source_mapping": { - "start": 28, - "length": 859, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol", - "is_dependency": false, - "lines": [ - 3, - 4, - 5, - 6, - 7, - 8, - 9, - 10, - 11, - 12, - 13, - 14, - 15, - 16, - 17, - 18, - 19, - 20, - 21, - 22, - 23, - 24, - 25, - 26, - 27, - 28, - 29, - 30, - 31, - 32, - 33, - 34, - 35, - 36, - 37, - 38, - 39, - 40, - 41 - ], - "starting_column": 1, - "ending_column": 2 - } - }, - "signature": "bad1(address)" + "underlying_type": "external_calls" } }, { "type": "node", "name": "(success) = msg.sender.call()", "source_mapping": { - "start": 605, + "start": 397, "length": 37, "filename_relative": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol", "is_dependency": false, "lines": [ - 27 + 18 ], "starting_column": 9, "ending_column": 46 @@ -403,21 +305,23 @@ "type_specific_fields": { "parent": { "type": "function", - "name": "bad1", + "name": "bad0", "source_mapping": { - "start": 530, - "length": 161, + "start": 336, + "length": 188, "filename_relative": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol", "is_dependency": false, "lines": [ - 25, - 26, - 27, - 28, - 29, - 30 + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23 ], "starting_column": 5, "ending_column": 6 @@ -478,12 +382,12 @@ "ending_column": 2 } }, - "signature": "bad1(address)" + "signature": "bad0()" } } }, "additional_fields": { - "underlying_type": "external_calls" + "underlying_type": "external_calls_sending_eth" } }, { @@ -585,24 +489,25 @@ } }, "additional_fields": { - "underlying_type": "external_calls" + "underlying_type": "variables_written", + "variable_name": "notCalled" } }, { "type": "node", - "name": "(success) = msg.sender.call()", + "name": "notCalled = false", "source_mapping": { - "start": 397, - "length": 37, + "start": 500, + "length": 17, "filename_relative": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol", "is_dependency": false, "lines": [ - 18 + 22 ], "starting_column": 9, - "ending_column": 46 + "ending_column": 26 }, "type_specific_fields": { "parent": { @@ -689,43 +594,139 @@ } }, "additional_fields": { - "underlying_type": "external_calls_sending_eth" + "underlying_type": "variables_written", + "variable_name": "notCalled" } - }, + } + ], + "description": "Reentrancy in ReentrancyWrite.bad1(address) (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#25-30):\n\tExternal calls:\n\t- (success) = msg.sender.call() (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#27)\n\t- bad0() (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#29)\n\t\t- (success) = msg.sender.call() (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#18)\n\tState variables written after the call(s):\n\t- bad0() (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#29)\n\t\t- notCalled = false (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#22)\n\tReentrancyWrite.notCalled (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#4) can be used in cross function reentrancies:\n\t- ReentrancyWrite.bad1(address) (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#25-30)\n\t- ReentrancyWrite.bad0() (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#16-23)\n\t- ReentrancyWrite.good() (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#32-39)\n\t- ReentrancyWrite.constructor(address) (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#7-14)\n", + "markdown": "Reentrancy in [ReentrancyWrite.bad1(address)](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L25-L30):\n\tExternal calls:\n\t- [(success) = msg.sender.call()](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L27)\n\t- [bad0()](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L29)\n\t\t- [(success) = msg.sender.call()](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L18)\n\tState variables written after the call(s):\n\t- [bad0()](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L29)\n\t\t- [notCalled = false](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L22)\n\t[ReentrancyWrite.notCalled](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L4) can be used in cross function reentrancies:\n\t- [ReentrancyWrite.bad1(address)](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L25-L30)\n\t- [ReentrancyWrite.bad0()](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L16-L23)\n\t- [ReentrancyWrite.good()](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L32-L39)\n\t- [ReentrancyWrite.constructor(address)](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L7-L14)\n", + "first_markdown_element": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L25-L30", + "id": "232f48650d7bf9469e38dc71c912becdf053b585138ae647ce118e7fd00f172f", + "check": "reentrancy-no-eth", + "impact": "Medium", + "confidence": "Medium" + }, + { + "elements": [ { - "type": "node", - "name": "bad0()", + "type": "function", + "name": "bad0", "source_mapping": { - "start": 678, - "length": 6, + "start": 336, + "length": 188, "filename_relative": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol", "is_dependency": false, "lines": [ - 29 + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23 ], - "starting_column": 9, - "ending_column": 15 + "starting_column": 5, + "ending_column": 6 }, "type_specific_fields": { "parent": { - "type": "function", - "name": "bad1", + "type": "contract", + "name": "ReentrancyWrite", "source_mapping": { - "start": 530, - "length": 161, + "start": 28, + "length": 859, "filename_relative": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol", "is_dependency": false, "lines": [ + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24, 25, 26, 27, 28, 29, - 30 + 30, + 31, + 32, + 33, + 34, + 35, + 36, + 37, + 38, + 39, + 40, + 41 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "bad0()" + } + }, + { + "type": "node", + "name": "(success) = msg.sender.call()", + "source_mapping": { + "start": 397, + "length": 37, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol", + "is_dependency": false, + "lines": [ + 18 + ], + "starting_column": 9, + "ending_column": 46 + }, + "type_specific_fields": { + "parent": { + "type": "function", + "name": "bad0", + "source_mapping": { + "start": 336, + "length": 188, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol", + "is_dependency": false, + "lines": [ + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23 ], "starting_column": 5, "ending_column": 6 @@ -786,13 +787,12 @@ "ending_column": 2 } }, - "signature": "bad1(address)" + "signature": "bad0()" } } }, "additional_fields": { - "underlying_type": "variables_written", - "variable_name": "notCalled" + "underlying_type": "external_calls" } }, { @@ -901,10 +901,10 @@ } } ], - "description": "Reentrancy in ReentrancyWrite.bad1(address) (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#25-30):\n\tExternal calls:\n\t- (success) = msg.sender.call() (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#27)\n\t- bad0() (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#29)\n\t\t- (success) = msg.sender.call() (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#18)\n\tState variables written after the call(s):\n\t- bad0() (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#29)\n\t\t- notCalled = false (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#22)\n", - "markdown": "Reentrancy in [ReentrancyWrite.bad1(address)](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L25-L30):\n\tExternal calls:\n\t- [(success) = msg.sender.call()](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L27)\n\t- [bad0()](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L29)\n\t\t- [(success) = msg.sender.call()](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L18)\n\tState variables written after the call(s):\n\t- [bad0()](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L29)\n\t\t- [notCalled = false](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L22)\n", - "first_markdown_element": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L25-L30", - "id": "dfc70c3670d28f163af1fd624da8ace78193a8309e4c442462e7bc96e88eeae1", + "description": "Reentrancy in ReentrancyWrite.bad0() (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#16-23):\n\tExternal calls:\n\t- (success) = msg.sender.call() (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#18)\n\tState variables written after the call(s):\n\t- notCalled = false (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#22)\n\tReentrancyWrite.notCalled (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#4) can be used in cross function reentrancies:\n\t- ReentrancyWrite.bad1(address) (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#25-30)\n\t- ReentrancyWrite.bad0() (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#16-23)\n\t- ReentrancyWrite.good() (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#32-39)\n\t- ReentrancyWrite.constructor(address) (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#7-14)\n", + "markdown": "Reentrancy in [ReentrancyWrite.bad0()](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L16-L23):\n\tExternal calls:\n\t- [(success) = msg.sender.call()](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L18)\n\tState variables written after the call(s):\n\t- [notCalled = false](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L22)\n\t[ReentrancyWrite.notCalled](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L4) can be used in cross function reentrancies:\n\t- [ReentrancyWrite.bad1(address)](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L25-L30)\n\t- [ReentrancyWrite.bad0()](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L16-L23)\n\t- [ReentrancyWrite.good()](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L32-L39)\n\t- [ReentrancyWrite.constructor(address)](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L7-L14)\n", + "first_markdown_element": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L16-L23", + "id": "5e64a5802add2be9ad59984ffa00767903dd82e9ce98c639b82ba05cd3d66197", "check": "reentrancy-no-eth", "impact": "Medium", "confidence": "Medium" diff --git a/tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol.0.7.6.ReentrancyReadBeforeWritten.json b/tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol.0.7.6.ReentrancyReadBeforeWritten.json index da5b4ef65..8c55f5d56 100644 --- a/tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol.0.7.6.ReentrancyReadBeforeWritten.json +++ b/tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol.0.7.6.ReentrancyReadBeforeWritten.json @@ -4,21 +4,23 @@ "elements": [ { "type": "function", - "name": "bad1", + "name": "bad0", "source_mapping": { - "start": 577, - "length": 161, + "start": 383, + "length": 188, "filename_relative": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol", "is_dependency": false, "lines": [ - 29, - 30, - 31, - 32, - 33, - 34 + 20, + 21, + 22, + 23, + 24, + 25, + 26, + 27 ], "starting_column": 5, "ending_column": 6 @@ -79,21 +81,21 @@ "ending_column": 2 } }, - "signature": "bad1(address)" + "signature": "bad0()" } }, { "type": "node", "name": "(success) = msg.sender.call()", "source_mapping": { - "start": 652, + "start": 444, "length": 37, "filename_relative": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol", "is_dependency": false, "lines": [ - 31 + 22 ], "starting_column": 9, "ending_column": 46 @@ -101,21 +103,23 @@ "type_specific_fields": { "parent": { "type": "function", - "name": "bad1", + "name": "bad0", "source_mapping": { - "start": 577, - "length": 161, + "start": 383, + "length": 188, "filename_relative": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol", "is_dependency": false, "lines": [ - 29, - 30, - 31, - 32, - 33, - 34 + 20, + 21, + 22, + 23, + 24, + 25, + 26, + 27 ], "starting_column": 5, "ending_column": 6 @@ -176,7 +180,7 @@ "ending_column": 2 } }, - "signature": "bad1(address)" + "signature": "bad0()" } } }, @@ -186,38 +190,40 @@ }, { "type": "node", - "name": "bad0()", + "name": "notCalled = false", "source_mapping": { - "start": 725, - "length": 6, + "start": 547, + "length": 17, "filename_relative": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol", "is_dependency": false, "lines": [ - 33 + 26 ], "starting_column": 9, - "ending_column": 15 + "ending_column": 26 }, "type_specific_fields": { "parent": { "type": "function", - "name": "bad1", + "name": "bad0", "source_mapping": { - "start": 577, - "length": 161, + "start": 383, + "length": 188, "filename_relative": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol", "is_dependency": false, "lines": [ - 29, - 30, - 31, - 32, - 33, - 34 + 20, + 21, + 22, + 23, + 24, + 25, + 26, + 27 ], "starting_column": 5, "ending_column": 6 @@ -278,42 +284,72 @@ "ending_column": 2 } }, - "signature": "bad1(address)" + "signature": "bad0()" } } }, "additional_fields": { - "underlying_type": "external_calls" + "underlying_type": "variables_written", + "variable_name": "notCalled" } - }, + } + ], + "description": "Reentrancy in ReentrancyWrite.bad0() (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#20-27):\n\tExternal calls:\n\t- (success) = msg.sender.call() (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#22)\n\tState variables written after the call(s):\n\t- notCalled = false (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#26)\n\tReentrancyWrite.notCalled (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#8) can be used in cross function reentrancies:\n\t- ReentrancyWrite.good() (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#36-43)\n\t- ReentrancyWrite.bad1(address) (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#29-34)\n\t- ReentrancyWrite.constructor(address) (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#11-18)\n\t- ReentrancyWrite.bad0() (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#20-27)\n", + "markdown": "Reentrancy in [ReentrancyWrite.bad0()](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L20-L27):\n\tExternal calls:\n\t- [(success) = msg.sender.call()](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L22)\n\tState variables written after the call(s):\n\t- [notCalled = false](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L26)\n\t[ReentrancyWrite.notCalled](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L8) can be used in cross function reentrancies:\n\t- [ReentrancyWrite.good()](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L36-L43)\n\t- [ReentrancyWrite.bad1(address)](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L29-L34)\n\t- [ReentrancyWrite.constructor(address)](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L11-L18)\n\t- [ReentrancyWrite.bad0()](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L20-L27)\n", + "first_markdown_element": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L20-L27", + "id": "cf39a28788af70504d3a13236987d1865481df931b5eaac9e9e28b1b826d4ce6", + "check": "reentrancy-no-eth", + "impact": "Medium", + "confidence": "Medium" + }, + { + "elements": [ { - "type": "node", - "name": "(success) = msg.sender.call()", + "type": "function", + "name": "bad1", "source_mapping": { - "start": 444, - "length": 37, + "start": 577, + "length": 161, "filename_relative": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol", "is_dependency": false, "lines": [ - 22 + 29, + 30, + 31, + 32, + 33, + 34 ], - "starting_column": 9, - "ending_column": 46 + "starting_column": 5, + "ending_column": 6 }, "type_specific_fields": { "parent": { - "type": "function", - "name": "bad0", + "type": "contract", + "name": "ReentrancyWrite", "source_mapping": { - "start": 383, - "length": 188, + "start": 82, + "length": 852, "filename_relative": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol", "is_dependency": false, "lines": [ + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, 20, 21, 22, @@ -321,7 +357,67 @@ 24, 25, 26, - 27 + 27, + 28, + 29, + 30, + 31, + 32, + 33, + 34, + 35, + 36, + 37, + 38, + 39, + 40, + 41, + 42, + 43, + 44, + 45 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "bad1(address)" + } + }, + { + "type": "node", + "name": "(success) = msg.sender.call()", + "source_mapping": { + "start": 652, + "length": 37, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol", + "is_dependency": false, + "lines": [ + 31 + ], + "starting_column": 9, + "ending_column": 46 + }, + "type_specific_fields": { + "parent": { + "type": "function", + "name": "bad1", + "source_mapping": { + "start": 577, + "length": 161, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol", + "is_dependency": false, + "lines": [ + 29, + 30, + 31, + 32, + 33, + 34 ], "starting_column": 5, "ending_column": 6 @@ -382,12 +478,12 @@ "ending_column": 2 } }, - "signature": "bad0()" + "signature": "bad1(address)" } } }, "additional_fields": { - "underlying_type": "external_calls_sending_eth" + "underlying_type": "external_calls" } }, { @@ -489,25 +585,24 @@ } }, "additional_fields": { - "underlying_type": "variables_written", - "variable_name": "notCalled" + "underlying_type": "external_calls" } }, { "type": "node", - "name": "notCalled = false", + "name": "(success) = msg.sender.call()", "source_mapping": { - "start": 547, - "length": 17, + "start": 444, + "length": 37, "filename_relative": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol", "is_dependency": false, "lines": [ - 26 + 22 ], "starting_column": 9, - "ending_column": 26 + "ending_column": 46 }, "type_specific_fields": { "parent": { @@ -594,139 +689,43 @@ } }, "additional_fields": { - "underlying_type": "variables_written", - "variable_name": "notCalled" + "underlying_type": "external_calls_sending_eth" } - } - ], - "description": "Reentrancy in ReentrancyWrite.bad1(address) (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#29-34):\n\tExternal calls:\n\t- (success) = msg.sender.call() (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#31)\n\t- bad0() (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#33)\n\t\t- (success) = msg.sender.call() (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#22)\n\tState variables written after the call(s):\n\t- bad0() (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#33)\n\t\t- notCalled = false (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#26)\n", - "markdown": "Reentrancy in [ReentrancyWrite.bad1(address)](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L29-L34):\n\tExternal calls:\n\t- [(success) = msg.sender.call()](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L31)\n\t- [bad0()](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L33)\n\t\t- [(success) = msg.sender.call()](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L22)\n\tState variables written after the call(s):\n\t- [bad0()](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L33)\n\t\t- [notCalled = false](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L26)\n", - "first_markdown_element": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L29-L34", - "id": "11273f8e5ccbb848ea0de9b7c15e3fb66deb7c061265f88b8aa7646eed935c0e", - "check": "reentrancy-no-eth", - "impact": "Medium", - "confidence": "Medium" - }, - { - "elements": [ + }, { - "type": "function", - "name": "bad0", + "type": "node", + "name": "bad0()", "source_mapping": { - "start": 383, - "length": 188, + "start": 725, + "length": 6, "filename_relative": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol", "is_dependency": false, "lines": [ - 20, - 21, - 22, - 23, - 24, - 25, - 26, - 27 + 33 ], - "starting_column": 5, - "ending_column": 6 + "starting_column": 9, + "ending_column": 15 }, "type_specific_fields": { "parent": { - "type": "contract", - "name": "ReentrancyWrite", + "type": "function", + "name": "bad1", "source_mapping": { - "start": 82, - "length": 852, + "start": 577, + "length": 161, "filename_relative": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol", "is_dependency": false, "lines": [ - 7, - 8, - 9, - 10, - 11, - 12, - 13, - 14, - 15, - 16, - 17, - 18, - 19, - 20, - 21, - 22, - 23, - 24, - 25, - 26, - 27, - 28, 29, 30, 31, 32, 33, - 34, - 35, - 36, - 37, - 38, - 39, - 40, - 41, - 42, - 43, - 44, - 45 - ], - "starting_column": 1, - "ending_column": 2 - } - }, - "signature": "bad0()" - } - }, - { - "type": "node", - "name": "(success) = msg.sender.call()", - "source_mapping": { - "start": 444, - "length": 37, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol", - "is_dependency": false, - "lines": [ - 22 - ], - "starting_column": 9, - "ending_column": 46 - }, - "type_specific_fields": { - "parent": { - "type": "function", - "name": "bad0", - "source_mapping": { - "start": 383, - "length": 188, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol", - "is_dependency": false, - "lines": [ - 20, - 21, - 22, - 23, - 24, - 25, - 26, - 27 + 34 ], "starting_column": 5, "ending_column": 6 @@ -787,12 +786,13 @@ "ending_column": 2 } }, - "signature": "bad0()" + "signature": "bad1(address)" } } }, "additional_fields": { - "underlying_type": "external_calls" + "underlying_type": "variables_written", + "variable_name": "notCalled" } }, { @@ -901,10 +901,10 @@ } } ], - "description": "Reentrancy in ReentrancyWrite.bad0() (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#20-27):\n\tExternal calls:\n\t- (success) = msg.sender.call() (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#22)\n\tState variables written after the call(s):\n\t- notCalled = false (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#26)\n", - "markdown": "Reentrancy in [ReentrancyWrite.bad0()](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L20-L27):\n\tExternal calls:\n\t- [(success) = msg.sender.call()](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L22)\n\tState variables written after the call(s):\n\t- [notCalled = false](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L26)\n", - "first_markdown_element": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L20-L27", - "id": "ef995e89d54c7b577af2ca26540e01da65ac0e2466d6d7a58e4d11e9211b12a4", + "description": "Reentrancy in ReentrancyWrite.bad1(address) (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#29-34):\n\tExternal calls:\n\t- (success) = msg.sender.call() (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#31)\n\t- bad0() (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#33)\n\t\t- (success) = msg.sender.call() (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#22)\n\tState variables written after the call(s):\n\t- bad0() (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#33)\n\t\t- notCalled = false (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#26)\n\tReentrancyWrite.notCalled (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#8) can be used in cross function reentrancies:\n\t- ReentrancyWrite.good() (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#36-43)\n\t- ReentrancyWrite.bad1(address) (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#29-34)\n\t- ReentrancyWrite.constructor(address) (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#11-18)\n\t- ReentrancyWrite.bad0() (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#20-27)\n", + "markdown": "Reentrancy in [ReentrancyWrite.bad1(address)](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L29-L34):\n\tExternal calls:\n\t- [(success) = msg.sender.call()](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L31)\n\t- [bad0()](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L33)\n\t\t- [(success) = msg.sender.call()](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L22)\n\tState variables written after the call(s):\n\t- [bad0()](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L33)\n\t\t- [notCalled = false](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L26)\n\t[ReentrancyWrite.notCalled](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L8) can be used in cross function reentrancies:\n\t- [ReentrancyWrite.good()](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L36-L43)\n\t- [ReentrancyWrite.bad1(address)](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L29-L34)\n\t- [ReentrancyWrite.constructor(address)](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L11-L18)\n\t- [ReentrancyWrite.bad0()](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L20-L27)\n", + "first_markdown_element": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L29-L34", + "id": "dd963c750bf6572ff8ee3e1f804143780370e025262d1f94204f7e82bd26b0e3", "check": "reentrancy-no-eth", "impact": "Medium", "confidence": "Medium" From 81f0e7042307760599bdd3fb063d02caf2eaf686 Mon Sep 17 00:00:00 2001 From: Josselin Feist Date: Fri, 19 Aug 2022 09:54:59 +0200 Subject: [PATCH 8/9] Make results deterministic --- .../detectors/reentrancy/reentrancy_eth.py | 6 +- .../reentrancy_read_before_write.py | 6 +- .../0.4.25/DAO.sol.0.4.25.ReentrancyEth.json | 6 +- .../reentrancy.sol.0.4.25.ReentrancyEth.json | 12 +- ...ncy_indirect.sol.0.4.25.ReentrancyEth.json | 6 +- .../reentrancy.sol.0.5.16.ReentrancyEth.json | 222 +- ...ncy_indirect.sol.0.5.16.ReentrancyEth.json | 6 +- .../reentrancy.sol.0.6.11.ReentrancyEth.json | 12 +- ...ncy_indirect.sol.0.6.11.ReentrancyEth.json | 6 +- .../reentrancy.sol.0.7.6.ReentrancyEth.json | 222 +- ...ancy_indirect.sol.0.7.6.ReentrancyEth.json | 6 +- ...ol.0.4.25.ReentrancyReadBeforeWritten.json | 15552 ++++++++-------- ...ol.0.4.25.ReentrancyReadBeforeWritten.json | 354 +- ...ol.0.5.16.ReentrancyReadBeforeWritten.json | 12 +- ...ol.0.6.11.ReentrancyReadBeforeWritten.json | 352 +- ...sol.0.7.6.ReentrancyReadBeforeWritten.json | 12 +- 16 files changed, 8400 insertions(+), 8392 deletions(-) diff --git a/slither/detectors/reentrancy/reentrancy_eth.py b/slither/detectors/reentrancy/reentrancy_eth.py index c5183e82f..73622cf54 100644 --- a/slither/detectors/reentrancy/reentrancy_eth.py +++ b/slither/detectors/reentrancy/reentrancy_eth.py @@ -74,7 +74,11 @@ Bob uses the re-entrancy bug to call `withdrawBalance` two times, and withdraw m v, node, tuple(sorted(nodes, key=lambda x: x.node_id)), - tuple(variables_used_in_reentrancy[v]), + tuple( + sorted( + variables_used_in_reentrancy[v], key=lambda x: str(x) + ) + ), ) for (v, nodes) in node.context[self.KEY].written.items() if v in node.context[self.KEY].reads_prior_calls[c] diff --git a/slither/detectors/reentrancy/reentrancy_read_before_write.py b/slither/detectors/reentrancy/reentrancy_read_before_write.py index d4322e824..c149d5a4a 100644 --- a/slither/detectors/reentrancy/reentrancy_read_before_write.py +++ b/slither/detectors/reentrancy/reentrancy_read_before_write.py @@ -71,7 +71,11 @@ Do not report reentrancies that involve Ether (see `reentrancy-eth`).""" v, node, tuple(sorted(nodes, key=lambda x: x.node_id)), - tuple(variables_used_in_reentrancy[v]), + tuple( + sorted( + variables_used_in_reentrancy[v], key=lambda x: str(x) + ) + ), ) for (v, nodes) in node.context[self.KEY].written.items() if v in node.context[self.KEY].reads_prior_calls[c] diff --git a/tests/detectors/reentrancy-eth/0.4.25/DAO.sol.0.4.25.ReentrancyEth.json b/tests/detectors/reentrancy-eth/0.4.25/DAO.sol.0.4.25.ReentrancyEth.json index 6960696cd..fa3420830 100644 --- a/tests/detectors/reentrancy-eth/0.4.25/DAO.sol.0.4.25.ReentrancyEth.json +++ b/tests/detectors/reentrancy-eth/0.4.25/DAO.sol.0.4.25.ReentrancyEth.json @@ -8495,10 +8495,10 @@ } } ], - "description": "Reentrancy in DAO.executeProposal(uint256,bytes) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#853-937):\n\tExternal calls:\n\t- ! isRecipientAllowed(p.recipient) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#881)\n\t\t- allowedRecipients[_recipient] || (_recipient == address(extraBalance) && totalRewardToken > extraBalance.accumulatedInput()) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#1159-1163)\n\t- ! p.recipient.call.value(p.amount)(_transactionData) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#915)\n\tExternal calls sending eth:\n\t- ! p.creator.send(p.proposalDeposit) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#904)\n\t- ! p.recipient.call.value(p.amount)(_transactionData) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#915)\n\tState variables written after the call(s):\n\t- p.proposalPassed = true (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#918)\n\tDAOInterface.proposals (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#394) can be used in cross function reentrancies:\n\t- DAO.executeProposal(uint256,bytes) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#853-937)\n\t- DAO.DAO(address,DAO_Creator,uint256,uint256,uint256,address) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#702-726)\n\t- DAOInterface.proposals (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#394)\n\t- DAO.getNewDAOAddress(uint256) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#1204-1206)\n\t- DAO.checkProposalCode(uint256,address,uint256,bytes) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#809-817)\n\t- DAO.splitDAO(uint256,address) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#947-1020)\n\t- DAO.closeProposal(uint256) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#940-945)\n\t- DAO.isBlocked(address) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#1208-1218)\n\t- DAO.vote(uint256,bool) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#820-850)\n\t- DAO.numberOfProposals() (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#1199-1202)\n\t- DAO.newProposal(address,uint256,string,bytes,uint256,bool) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#741-806)\n\t- closeProposal(_proposalID) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#933)\n\t\t- p.open = false (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#944)\n\tDAOInterface.proposals (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#394) can be used in cross function reentrancies:\n\t- DAO.executeProposal(uint256,bytes) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#853-937)\n\t- DAO.DAO(address,DAO_Creator,uint256,uint256,uint256,address) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#702-726)\n\t- DAOInterface.proposals (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#394)\n\t- DAO.getNewDAOAddress(uint256) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#1204-1206)\n\t- DAO.checkProposalCode(uint256,address,uint256,bytes) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#809-817)\n\t- DAO.splitDAO(uint256,address) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#947-1020)\n\t- DAO.closeProposal(uint256) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#940-945)\n\t- DAO.isBlocked(address) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#1208-1218)\n\t- DAO.vote(uint256,bool) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#820-850)\n\t- DAO.numberOfProposals() (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#1199-1202)\n\t- DAO.newProposal(address,uint256,string,bytes,uint256,bool) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#741-806)\n\t- rewardToken[address(this)] += p.amount (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#928)\n\tDAOInterface.rewardToken (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#410) can be used in cross function reentrancies:\n\t- DAO.executeProposal(uint256,bytes) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#853-937)\n\t- DAO.splitDAO(uint256,address) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#947-1020)\n\t- DAOInterface.rewardToken (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#410)\n\t- DAO.changeProposalDeposit(uint256) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#1139-1146)\n\t- DAO.newContract(address) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#1022-1034)\n\t- DAO.minQuorum(uint256) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#1174-1178)\n\t- DAO.retrieveDAOReward(bool) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#1037-1057)\n\t- closeProposal(_proposalID) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#933)\n\t\t- sumOfProposalDeposits -= p.proposalDeposit (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#943)\n\tDAOInterface.sumOfProposalDeposits (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#436) can be used in cross function reentrancies:\n\t- DAO.closeProposal(uint256) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#940-945)\n\t- DAO.newProposal(address,uint256,string,bytes,uint256,bool) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#741-806)\n\t- DAO.actualBalance() (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#1169-1171)\n\t- DAO.splitDAO(uint256,address) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#947-1020)\n\t- totalRewardToken += p.amount (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#929)\n\tDAOInterface.totalRewardToken (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#412) can be used in cross function reentrancies:\n\t- DAO.executeProposal(uint256,bytes) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#853-937)\n\t- DAO.isRecipientAllowed(address) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#1158-1167)\n\t- DAO.retrieveDAOReward(bool) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#1037-1057)\n\t- DAOInterface.totalRewardToken (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#412)\n", - "markdown": "Reentrancy in [DAO.executeProposal(uint256,bytes)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L853-L937):\n\tExternal calls:\n\t- [! isRecipientAllowed(p.recipient)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L881)\n\t\t- [allowedRecipients[_recipient] || (_recipient == address(extraBalance) && totalRewardToken > extraBalance.accumulatedInput())](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L1159-L1163)\n\t- [! p.recipient.call.value(p.amount)(_transactionData)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L915)\n\tExternal calls sending eth:\n\t- [! p.creator.send(p.proposalDeposit)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L904)\n\t- [! p.recipient.call.value(p.amount)(_transactionData)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L915)\n\tState variables written after the call(s):\n\t- [p.proposalPassed = true](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L918)\n\t[DAOInterface.proposals](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L394) can be used in cross function reentrancies:\n\t- [DAO.executeProposal(uint256,bytes)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L853-L937)\n\t- [DAO.DAO(address,DAO_Creator,uint256,uint256,uint256,address)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L702-L726)\n\t- [DAOInterface.proposals](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L394)\n\t- [DAO.getNewDAOAddress(uint256)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L1204-L1206)\n\t- [DAO.checkProposalCode(uint256,address,uint256,bytes)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L809-L817)\n\t- [DAO.splitDAO(uint256,address)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L947-L1020)\n\t- [DAO.closeProposal(uint256)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L940-L945)\n\t- [DAO.isBlocked(address)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L1208-L1218)\n\t- [DAO.vote(uint256,bool)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L820-L850)\n\t- [DAO.numberOfProposals()](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L1199-L1202)\n\t- [DAO.newProposal(address,uint256,string,bytes,uint256,bool)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L741-L806)\n\t- [closeProposal(_proposalID)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L933)\n\t\t- [p.open = false](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L944)\n\t[DAOInterface.proposals](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L394) can be used in cross function reentrancies:\n\t- [DAO.executeProposal(uint256,bytes)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L853-L937)\n\t- [DAO.DAO(address,DAO_Creator,uint256,uint256,uint256,address)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L702-L726)\n\t- [DAOInterface.proposals](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L394)\n\t- [DAO.getNewDAOAddress(uint256)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L1204-L1206)\n\t- [DAO.checkProposalCode(uint256,address,uint256,bytes)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L809-L817)\n\t- [DAO.splitDAO(uint256,address)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L947-L1020)\n\t- [DAO.closeProposal(uint256)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L940-L945)\n\t- [DAO.isBlocked(address)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L1208-L1218)\n\t- [DAO.vote(uint256,bool)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L820-L850)\n\t- [DAO.numberOfProposals()](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L1199-L1202)\n\t- [DAO.newProposal(address,uint256,string,bytes,uint256,bool)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L741-L806)\n\t- [rewardToken[address(this)] += p.amount](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L928)\n\t[DAOInterface.rewardToken](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L410) can be used in cross function reentrancies:\n\t- [DAO.executeProposal(uint256,bytes)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L853-L937)\n\t- [DAO.splitDAO(uint256,address)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L947-L1020)\n\t- [DAOInterface.rewardToken](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L410)\n\t- [DAO.changeProposalDeposit(uint256)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L1139-L1146)\n\t- [DAO.newContract(address)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L1022-L1034)\n\t- [DAO.minQuorum(uint256)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L1174-L1178)\n\t- [DAO.retrieveDAOReward(bool)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L1037-L1057)\n\t- [closeProposal(_proposalID)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L933)\n\t\t- [sumOfProposalDeposits -= p.proposalDeposit](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L943)\n\t[DAOInterface.sumOfProposalDeposits](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L436) can be used in cross function reentrancies:\n\t- [DAO.closeProposal(uint256)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L940-L945)\n\t- [DAO.newProposal(address,uint256,string,bytes,uint256,bool)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L741-L806)\n\t- [DAO.actualBalance()](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L1169-L1171)\n\t- [DAO.splitDAO(uint256,address)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L947-L1020)\n\t- [totalRewardToken += p.amount](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L929)\n\t[DAOInterface.totalRewardToken](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L412) can be used in cross function reentrancies:\n\t- [DAO.executeProposal(uint256,bytes)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L853-L937)\n\t- [DAO.isRecipientAllowed(address)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L1158-L1167)\n\t- [DAO.retrieveDAOReward(bool)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L1037-L1057)\n\t- [DAOInterface.totalRewardToken](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L412)\n", + "description": "Reentrancy in DAO.executeProposal(uint256,bytes) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#853-937):\n\tExternal calls:\n\t- ! isRecipientAllowed(p.recipient) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#881)\n\t\t- allowedRecipients[_recipient] || (_recipient == address(extraBalance) && totalRewardToken > extraBalance.accumulatedInput()) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#1159-1163)\n\t- ! p.recipient.call.value(p.amount)(_transactionData) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#915)\n\tExternal calls sending eth:\n\t- ! p.creator.send(p.proposalDeposit) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#904)\n\t- ! p.recipient.call.value(p.amount)(_transactionData) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#915)\n\tState variables written after the call(s):\n\t- p.proposalPassed = true (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#918)\n\tDAOInterface.proposals (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#394) can be used in cross function reentrancies:\n\t- DAO.DAO(address,DAO_Creator,uint256,uint256,uint256,address) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#702-726)\n\t- DAO.checkProposalCode(uint256,address,uint256,bytes) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#809-817)\n\t- DAO.closeProposal(uint256) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#940-945)\n\t- DAO.executeProposal(uint256,bytes) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#853-937)\n\t- DAO.getNewDAOAddress(uint256) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#1204-1206)\n\t- DAO.isBlocked(address) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#1208-1218)\n\t- DAO.newProposal(address,uint256,string,bytes,uint256,bool) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#741-806)\n\t- DAO.numberOfProposals() (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#1199-1202)\n\t- DAOInterface.proposals (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#394)\n\t- DAO.splitDAO(uint256,address) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#947-1020)\n\t- DAO.vote(uint256,bool) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#820-850)\n\t- closeProposal(_proposalID) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#933)\n\t\t- p.open = false (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#944)\n\tDAOInterface.proposals (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#394) can be used in cross function reentrancies:\n\t- DAO.DAO(address,DAO_Creator,uint256,uint256,uint256,address) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#702-726)\n\t- DAO.checkProposalCode(uint256,address,uint256,bytes) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#809-817)\n\t- DAO.closeProposal(uint256) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#940-945)\n\t- DAO.executeProposal(uint256,bytes) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#853-937)\n\t- DAO.getNewDAOAddress(uint256) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#1204-1206)\n\t- DAO.isBlocked(address) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#1208-1218)\n\t- DAO.newProposal(address,uint256,string,bytes,uint256,bool) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#741-806)\n\t- DAO.numberOfProposals() (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#1199-1202)\n\t- DAOInterface.proposals (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#394)\n\t- DAO.splitDAO(uint256,address) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#947-1020)\n\t- DAO.vote(uint256,bool) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#820-850)\n\t- rewardToken[address(this)] += p.amount (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#928)\n\tDAOInterface.rewardToken (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#410) can be used in cross function reentrancies:\n\t- DAO.changeProposalDeposit(uint256) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#1139-1146)\n\t- DAO.executeProposal(uint256,bytes) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#853-937)\n\t- DAO.minQuorum(uint256) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#1174-1178)\n\t- DAO.newContract(address) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#1022-1034)\n\t- DAO.retrieveDAOReward(bool) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#1037-1057)\n\t- DAOInterface.rewardToken (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#410)\n\t- DAO.splitDAO(uint256,address) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#947-1020)\n\t- closeProposal(_proposalID) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#933)\n\t\t- sumOfProposalDeposits -= p.proposalDeposit (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#943)\n\tDAOInterface.sumOfProposalDeposits (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#436) can be used in cross function reentrancies:\n\t- DAO.actualBalance() (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#1169-1171)\n\t- DAO.closeProposal(uint256) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#940-945)\n\t- DAO.newProposal(address,uint256,string,bytes,uint256,bool) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#741-806)\n\t- DAO.splitDAO(uint256,address) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#947-1020)\n\t- totalRewardToken += p.amount (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#929)\n\tDAOInterface.totalRewardToken (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#412) can be used in cross function reentrancies:\n\t- DAO.executeProposal(uint256,bytes) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#853-937)\n\t- DAO.isRecipientAllowed(address) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#1158-1167)\n\t- DAO.retrieveDAOReward(bool) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#1037-1057)\n\t- DAOInterface.totalRewardToken (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#412)\n", + "markdown": "Reentrancy in [DAO.executeProposal(uint256,bytes)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L853-L937):\n\tExternal calls:\n\t- [! isRecipientAllowed(p.recipient)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L881)\n\t\t- [allowedRecipients[_recipient] || (_recipient == address(extraBalance) && totalRewardToken > extraBalance.accumulatedInput())](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L1159-L1163)\n\t- [! p.recipient.call.value(p.amount)(_transactionData)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L915)\n\tExternal calls sending eth:\n\t- [! p.creator.send(p.proposalDeposit)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L904)\n\t- [! p.recipient.call.value(p.amount)(_transactionData)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L915)\n\tState variables written after the call(s):\n\t- [p.proposalPassed = true](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L918)\n\t[DAOInterface.proposals](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L394) can be used in cross function reentrancies:\n\t- [DAO.DAO(address,DAO_Creator,uint256,uint256,uint256,address)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L702-L726)\n\t- [DAO.checkProposalCode(uint256,address,uint256,bytes)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L809-L817)\n\t- [DAO.closeProposal(uint256)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L940-L945)\n\t- [DAO.executeProposal(uint256,bytes)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L853-L937)\n\t- [DAO.getNewDAOAddress(uint256)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L1204-L1206)\n\t- [DAO.isBlocked(address)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L1208-L1218)\n\t- [DAO.newProposal(address,uint256,string,bytes,uint256,bool)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L741-L806)\n\t- [DAO.numberOfProposals()](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L1199-L1202)\n\t- [DAOInterface.proposals](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L394)\n\t- [DAO.splitDAO(uint256,address)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L947-L1020)\n\t- [DAO.vote(uint256,bool)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L820-L850)\n\t- [closeProposal(_proposalID)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L933)\n\t\t- [p.open = false](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L944)\n\t[DAOInterface.proposals](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L394) can be used in cross function reentrancies:\n\t- [DAO.DAO(address,DAO_Creator,uint256,uint256,uint256,address)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L702-L726)\n\t- [DAO.checkProposalCode(uint256,address,uint256,bytes)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L809-L817)\n\t- [DAO.closeProposal(uint256)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L940-L945)\n\t- [DAO.executeProposal(uint256,bytes)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L853-L937)\n\t- [DAO.getNewDAOAddress(uint256)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L1204-L1206)\n\t- [DAO.isBlocked(address)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L1208-L1218)\n\t- [DAO.newProposal(address,uint256,string,bytes,uint256,bool)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L741-L806)\n\t- [DAO.numberOfProposals()](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L1199-L1202)\n\t- [DAOInterface.proposals](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L394)\n\t- [DAO.splitDAO(uint256,address)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L947-L1020)\n\t- [DAO.vote(uint256,bool)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L820-L850)\n\t- [rewardToken[address(this)] += p.amount](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L928)\n\t[DAOInterface.rewardToken](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L410) can be used in cross function reentrancies:\n\t- [DAO.changeProposalDeposit(uint256)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L1139-L1146)\n\t- [DAO.executeProposal(uint256,bytes)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L853-L937)\n\t- [DAO.minQuorum(uint256)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L1174-L1178)\n\t- [DAO.newContract(address)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L1022-L1034)\n\t- [DAO.retrieveDAOReward(bool)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L1037-L1057)\n\t- [DAOInterface.rewardToken](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L410)\n\t- [DAO.splitDAO(uint256,address)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L947-L1020)\n\t- [closeProposal(_proposalID)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L933)\n\t\t- [sumOfProposalDeposits -= p.proposalDeposit](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L943)\n\t[DAOInterface.sumOfProposalDeposits](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L436) can be used in cross function reentrancies:\n\t- [DAO.actualBalance()](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L1169-L1171)\n\t- [DAO.closeProposal(uint256)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L940-L945)\n\t- [DAO.newProposal(address,uint256,string,bytes,uint256,bool)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L741-L806)\n\t- [DAO.splitDAO(uint256,address)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L947-L1020)\n\t- [totalRewardToken += p.amount](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L929)\n\t[DAOInterface.totalRewardToken](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L412) can be used in cross function reentrancies:\n\t- [DAO.executeProposal(uint256,bytes)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L853-L937)\n\t- [DAO.isRecipientAllowed(address)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L1158-L1167)\n\t- [DAO.retrieveDAOReward(bool)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L1037-L1057)\n\t- [DAOInterface.totalRewardToken](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L412)\n", "first_markdown_element": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L853-L937", - "id": "b9c802c4b5548888a9ad51baffffaa8ef2f5240c1e77c360df8f3ee9a083e92e", + "id": "b0ba06b4d03ea41bf0a200039964e2095441dddc3ffa19c56a40182a4cba834a", "check": "reentrancy-eth", "impact": "High", "confidence": "Medium" diff --git a/tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol.0.4.25.ReentrancyEth.json b/tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol.0.4.25.ReentrancyEth.json index c1a3fef5e..c16d1be61 100644 --- a/tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol.0.4.25.ReentrancyEth.json +++ b/tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol.0.4.25.ReentrancyEth.json @@ -414,10 +414,10 @@ } } ], - "description": "Reentrancy in Reentrancy.withdrawBalance_nested() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#74-80):\n\tExternal calls:\n\t- msg.sender.call.value(amount / 2)() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#77)\n\tState variables written after the call(s):\n\t- userBalance[msg.sender] = 0 (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#78)\n\tReentrancy.userBalance (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#4) can be used in cross function reentrancies:\n\t- Reentrancy.constructor() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#15-22)\n\t- Reentrancy.addToBalance() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#10-12)\n\t- Reentrancy.withdrawBalance_fixed_4() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#61-72)\n\t- Reentrancy.withdrawBalance() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#24-31)\n\t- Reentrancy.withdrawBalance_nested() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#74-80)\n\t- Reentrancy.withdrawBalance_fixed_3() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#52-60)\n\t- Reentrancy.withdrawBalance_fixed_2() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#43-50)\n\t- Reentrancy.withdrawBalance_fixed() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#33-41)\n\t- Reentrancy.getBalance(address) (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#6-8)\n", - "markdown": "Reentrancy in [Reentrancy.withdrawBalance_nested()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L74-L80):\n\tExternal calls:\n\t- [msg.sender.call.value(amount / 2)()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L77)\n\tState variables written after the call(s):\n\t- [userBalance[msg.sender] = 0](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L78)\n\t[Reentrancy.userBalance](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L4) can be used in cross function reentrancies:\n\t- [Reentrancy.constructor()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L15-L22)\n\t- [Reentrancy.addToBalance()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L10-L12)\n\t- [Reentrancy.withdrawBalance_fixed_4()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L61-L72)\n\t- [Reentrancy.withdrawBalance()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L24-L31)\n\t- [Reentrancy.withdrawBalance_nested()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L74-L80)\n\t- [Reentrancy.withdrawBalance_fixed_3()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L52-L60)\n\t- [Reentrancy.withdrawBalance_fixed_2()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L43-L50)\n\t- [Reentrancy.withdrawBalance_fixed()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L33-L41)\n\t- [Reentrancy.getBalance(address)](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L6-L8)\n", + "description": "Reentrancy in Reentrancy.withdrawBalance_nested() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#74-80):\n\tExternal calls:\n\t- msg.sender.call.value(amount / 2)() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#77)\n\tState variables written after the call(s):\n\t- userBalance[msg.sender] = 0 (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#78)\n\tReentrancy.userBalance (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#4) can be used in cross function reentrancies:\n\t- Reentrancy.addToBalance() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#10-12)\n\t- Reentrancy.constructor() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#15-22)\n\t- Reentrancy.getBalance(address) (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#6-8)\n\t- Reentrancy.withdrawBalance() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#24-31)\n\t- Reentrancy.withdrawBalance_fixed() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#33-41)\n\t- Reentrancy.withdrawBalance_fixed_2() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#43-50)\n\t- Reentrancy.withdrawBalance_fixed_3() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#52-60)\n\t- Reentrancy.withdrawBalance_fixed_4() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#61-72)\n\t- Reentrancy.withdrawBalance_nested() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#74-80)\n", + "markdown": "Reentrancy in [Reentrancy.withdrawBalance_nested()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L74-L80):\n\tExternal calls:\n\t- [msg.sender.call.value(amount / 2)()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L77)\n\tState variables written after the call(s):\n\t- [userBalance[msg.sender] = 0](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L78)\n\t[Reentrancy.userBalance](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L4) can be used in cross function reentrancies:\n\t- [Reentrancy.addToBalance()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L10-L12)\n\t- [Reentrancy.constructor()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L15-L22)\n\t- [Reentrancy.getBalance(address)](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L6-L8)\n\t- [Reentrancy.withdrawBalance()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L24-L31)\n\t- [Reentrancy.withdrawBalance_fixed()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L33-L41)\n\t- [Reentrancy.withdrawBalance_fixed_2()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L43-L50)\n\t- [Reentrancy.withdrawBalance_fixed_3()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L52-L60)\n\t- [Reentrancy.withdrawBalance_fixed_4()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L61-L72)\n\t- [Reentrancy.withdrawBalance_nested()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L74-L80)\n", "first_markdown_element": "tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L74-L80", - "id": "40068dd897810c9dd5841a3225068906bdf31af8ffac1dda0fe0afacc008f0f1", + "id": "5853108dfdb4138662a85fbd17c35511950298872f89c124f1869942c6c4e880", "check": "reentrancy-eth", "impact": "High", "confidence": "Medium" @@ -839,10 +839,10 @@ } } ], - "description": "Reentrancy in Reentrancy.withdrawBalance() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#24-31):\n\tExternal calls:\n\t- ! (msg.sender.call.value(userBalance[msg.sender])()) (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#27)\n\tState variables written after the call(s):\n\t- userBalance[msg.sender] = 0 (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#30)\n\tReentrancy.userBalance (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#4) can be used in cross function reentrancies:\n\t- Reentrancy.constructor() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#15-22)\n\t- Reentrancy.addToBalance() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#10-12)\n\t- Reentrancy.withdrawBalance_fixed_4() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#61-72)\n\t- Reentrancy.withdrawBalance() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#24-31)\n\t- Reentrancy.withdrawBalance_nested() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#74-80)\n\t- Reentrancy.withdrawBalance_fixed_3() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#52-60)\n\t- Reentrancy.withdrawBalance_fixed_2() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#43-50)\n\t- Reentrancy.withdrawBalance_fixed() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#33-41)\n\t- Reentrancy.getBalance(address) (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#6-8)\n", - "markdown": "Reentrancy in [Reentrancy.withdrawBalance()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L24-L31):\n\tExternal calls:\n\t- [! (msg.sender.call.value(userBalance[msg.sender])())](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L27)\n\tState variables written after the call(s):\n\t- [userBalance[msg.sender] = 0](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L30)\n\t[Reentrancy.userBalance](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L4) can be used in cross function reentrancies:\n\t- [Reentrancy.constructor()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L15-L22)\n\t- [Reentrancy.addToBalance()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L10-L12)\n\t- [Reentrancy.withdrawBalance_fixed_4()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L61-L72)\n\t- [Reentrancy.withdrawBalance()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L24-L31)\n\t- [Reentrancy.withdrawBalance_nested()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L74-L80)\n\t- [Reentrancy.withdrawBalance_fixed_3()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L52-L60)\n\t- [Reentrancy.withdrawBalance_fixed_2()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L43-L50)\n\t- [Reentrancy.withdrawBalance_fixed()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L33-L41)\n\t- [Reentrancy.getBalance(address)](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L6-L8)\n", + "description": "Reentrancy in Reentrancy.withdrawBalance() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#24-31):\n\tExternal calls:\n\t- ! (msg.sender.call.value(userBalance[msg.sender])()) (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#27)\n\tState variables written after the call(s):\n\t- userBalance[msg.sender] = 0 (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#30)\n\tReentrancy.userBalance (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#4) can be used in cross function reentrancies:\n\t- Reentrancy.addToBalance() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#10-12)\n\t- Reentrancy.constructor() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#15-22)\n\t- Reentrancy.getBalance(address) (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#6-8)\n\t- Reentrancy.withdrawBalance() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#24-31)\n\t- Reentrancy.withdrawBalance_fixed() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#33-41)\n\t- Reentrancy.withdrawBalance_fixed_2() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#43-50)\n\t- Reentrancy.withdrawBalance_fixed_3() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#52-60)\n\t- Reentrancy.withdrawBalance_fixed_4() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#61-72)\n\t- Reentrancy.withdrawBalance_nested() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#74-80)\n", + "markdown": "Reentrancy in [Reentrancy.withdrawBalance()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L24-L31):\n\tExternal calls:\n\t- [! (msg.sender.call.value(userBalance[msg.sender])())](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L27)\n\tState variables written after the call(s):\n\t- [userBalance[msg.sender] = 0](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L30)\n\t[Reentrancy.userBalance](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L4) can be used in cross function reentrancies:\n\t- [Reentrancy.addToBalance()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L10-L12)\n\t- [Reentrancy.constructor()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L15-L22)\n\t- [Reentrancy.getBalance(address)](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L6-L8)\n\t- [Reentrancy.withdrawBalance()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L24-L31)\n\t- [Reentrancy.withdrawBalance_fixed()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L33-L41)\n\t- [Reentrancy.withdrawBalance_fixed_2()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L43-L50)\n\t- [Reentrancy.withdrawBalance_fixed_3()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L52-L60)\n\t- [Reentrancy.withdrawBalance_fixed_4()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L61-L72)\n\t- [Reentrancy.withdrawBalance_nested()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L74-L80)\n", "first_markdown_element": "tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L24-L31", - "id": "dd0fcd3095a9151d9ce4b893b8fbad6f1800fab62623d56b305e6dedb7f1f69a", + "id": "8746b87cbc0fcd59a17ae20018967719c6ebc9fca41c6a128e5ac18dd4ee27cc", "check": "reentrancy-eth", "impact": "High", "confidence": "Medium" diff --git a/tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol.0.4.25.ReentrancyEth.json b/tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol.0.4.25.ReentrancyEth.json index 1d0fd8862..4c7ee5e88 100644 --- a/tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol.0.4.25.ReentrancyEth.json +++ b/tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol.0.4.25.ReentrancyEth.json @@ -428,10 +428,10 @@ } } ], - "description": "Reentrancy in Reentrancy.withdraw(address) (tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#22-29):\n\tExternal calls:\n\t- require(bool)(Token(token).transfer(msg.sender,token_deposed[token][msg.sender])) (tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#24)\n\tExternal calls sending eth:\n\t- msg.sender.transfer(eth_deposed[token][msg.sender]) (tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#23)\n\tState variables written after the call(s):\n\t- eth_deposed[token][msg.sender] = 0 (tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#26)\n\tReentrancy.eth_deposed (tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#10) can be used in cross function reentrancies:\n\t- Reentrancy.withdraw(address) (tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#22-29)\n\t- Reentrancy.deposit_eth(address) (tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#13-15)\n\t- token_deposed[token][msg.sender] = 0 (tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#27)\n\tReentrancy.token_deposed (tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#11) can be used in cross function reentrancies:\n\t- Reentrancy.deposit_token(address,uint256) (tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#17-20)\n\t- Reentrancy.withdraw(address) (tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#22-29)\n", - "markdown": "Reentrancy in [Reentrancy.withdraw(address)](tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#L22-L29):\n\tExternal calls:\n\t- [require(bool)(Token(token).transfer(msg.sender,token_deposed[token][msg.sender]))](tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#L24)\n\tExternal calls sending eth:\n\t- [msg.sender.transfer(eth_deposed[token][msg.sender])](tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#L23)\n\tState variables written after the call(s):\n\t- [eth_deposed[token][msg.sender] = 0](tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#L26)\n\t[Reentrancy.eth_deposed](tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#L10) can be used in cross function reentrancies:\n\t- [Reentrancy.withdraw(address)](tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#L22-L29)\n\t- [Reentrancy.deposit_eth(address)](tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#L13-L15)\n\t- [token_deposed[token][msg.sender] = 0](tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#L27)\n\t[Reentrancy.token_deposed](tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#L11) can be used in cross function reentrancies:\n\t- [Reentrancy.deposit_token(address,uint256)](tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#L17-L20)\n\t- [Reentrancy.withdraw(address)](tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#L22-L29)\n", + "description": "Reentrancy in Reentrancy.withdraw(address) (tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#22-29):\n\tExternal calls:\n\t- require(bool)(Token(token).transfer(msg.sender,token_deposed[token][msg.sender])) (tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#24)\n\tExternal calls sending eth:\n\t- msg.sender.transfer(eth_deposed[token][msg.sender]) (tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#23)\n\tState variables written after the call(s):\n\t- eth_deposed[token][msg.sender] = 0 (tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#26)\n\tReentrancy.eth_deposed (tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#10) can be used in cross function reentrancies:\n\t- Reentrancy.deposit_eth(address) (tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#13-15)\n\t- Reentrancy.withdraw(address) (tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#22-29)\n\t- token_deposed[token][msg.sender] = 0 (tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#27)\n\tReentrancy.token_deposed (tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#11) can be used in cross function reentrancies:\n\t- Reentrancy.deposit_token(address,uint256) (tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#17-20)\n\t- Reentrancy.withdraw(address) (tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#22-29)\n", + "markdown": "Reentrancy in [Reentrancy.withdraw(address)](tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#L22-L29):\n\tExternal calls:\n\t- [require(bool)(Token(token).transfer(msg.sender,token_deposed[token][msg.sender]))](tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#L24)\n\tExternal calls sending eth:\n\t- [msg.sender.transfer(eth_deposed[token][msg.sender])](tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#L23)\n\tState variables written after the call(s):\n\t- [eth_deposed[token][msg.sender] = 0](tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#L26)\n\t[Reentrancy.eth_deposed](tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#L10) can be used in cross function reentrancies:\n\t- [Reentrancy.deposit_eth(address)](tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#L13-L15)\n\t- [Reentrancy.withdraw(address)](tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#L22-L29)\n\t- [token_deposed[token][msg.sender] = 0](tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#L27)\n\t[Reentrancy.token_deposed](tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#L11) can be used in cross function reentrancies:\n\t- [Reentrancy.deposit_token(address,uint256)](tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#L17-L20)\n\t- [Reentrancy.withdraw(address)](tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#L22-L29)\n", "first_markdown_element": "tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#L22-L29", - "id": "a8ba28ead6de289d54a6a09f7c8f038b1feff8ead5a9f9a50144a3405e1a5d84", + "id": "7ff6a788e1559497246f084096fd10a9fd3a7d30de1b89ac896b7600ba32710d", "check": "reentrancy-eth", "impact": "High", "confidence": "Medium" diff --git a/tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol.0.5.16.ReentrancyEth.json b/tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol.0.5.16.ReentrancyEth.json index 83d210cba..242d7bf7e 100644 --- a/tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol.0.5.16.ReentrancyEth.json +++ b/tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol.0.5.16.ReentrancyEth.json @@ -4,25 +4,24 @@ "elements": [ { "type": "function", - "name": "withdrawBalance_fixed_3", + "name": "withdrawBalance", "source_mapping": { - "start": 1839, - "length": 393, + "start": 703, + "length": 357, "filename_relative": "tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol", "is_dependency": false, "lines": [ - 55, - 56, - 57, - 58, - 59, - 60, - 61, - 62, - 63, - 64 + 25, + 26, + 27, + 28, + 29, + 30, + 31, + 32, + 33 ], "starting_column": 5, "ending_column": 6 @@ -107,47 +106,46 @@ "ending_column": 2 } }, - "signature": "withdrawBalance_fixed_3()" + "signature": "withdrawBalance()" } }, { "type": "node", - "name": "(ret,mem) = msg.sender.call.value(amount)()", + "name": "(ret,mem) = msg.sender.call.value(userBalance[msg.sender])()", "source_mapping": { - "start": 2084, - "length": 64, + "start": 882, + "length": 81, "filename_relative": "tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol", "is_dependency": false, "lines": [ - 60 + 28 ], "starting_column": 9, - "ending_column": 73 + "ending_column": 90 }, "type_specific_fields": { "parent": { "type": "function", - "name": "withdrawBalance_fixed_3", + "name": "withdrawBalance", "source_mapping": { - "start": 1839, - "length": 393, + "start": 703, + "length": 357, "filename_relative": "tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol", "is_dependency": false, "lines": [ - 55, - 56, - 57, - 58, - 59, - 60, - 61, - 62, - 63, - 64 + 25, + 26, + 27, + 28, + 29, + 30, + 31, + 32, + 33 ], "starting_column": 5, "ending_column": 6 @@ -232,7 +230,7 @@ "ending_column": 2 } }, - "signature": "withdrawBalance_fixed_3()" + "signature": "withdrawBalance()" } } }, @@ -242,42 +240,41 @@ }, { "type": "node", - "name": "userBalance[msg.sender] = amount", + "name": "userBalance[msg.sender] = 0", "source_mapping": { - "start": 2183, - "length": 32, + "start": 1026, + "length": 27, "filename_relative": "tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol", "is_dependency": false, "lines": [ - 62 + 32 ], - "starting_column": 13, - "ending_column": 45 + "starting_column": 9, + "ending_column": 36 }, "type_specific_fields": { "parent": { "type": "function", - "name": "withdrawBalance_fixed_3", + "name": "withdrawBalance", "source_mapping": { - "start": 1839, - "length": 393, + "start": 703, + "length": 357, "filename_relative": "tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol", "is_dependency": false, "lines": [ - 55, - 56, - 57, - 58, - 59, - 60, - 61, - 62, - 63, - 64 + 25, + 26, + 27, + 28, + 29, + 30, + 31, + 32, + 33 ], "starting_column": 5, "ending_column": 6 @@ -362,7 +359,7 @@ "ending_column": 2 } }, - "signature": "withdrawBalance_fixed_3()" + "signature": "withdrawBalance()" } } }, @@ -372,10 +369,10 @@ } } ], - "description": "Reentrancy in Reentrancy.withdrawBalance_fixed_3() (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#55-64):\n\tExternal calls:\n\t- (ret,mem) = msg.sender.call.value(amount)() (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#60)\n\tState variables written after the call(s):\n\t- userBalance[msg.sender] = amount (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#62)\n\tReentrancy.userBalance (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#4) can be used in cross function reentrancies:\n\t- Reentrancy.addToBalance() (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#10-12)\n\t- Reentrancy.constructor() (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#15-23)\n\t- Reentrancy.withdrawBalance_fixed() (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#35-44)\n\t- Reentrancy.withdrawBalance() (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#25-33)\n\t- Reentrancy.withdrawBalance_fixed_3() (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#55-64)\n\t- Reentrancy.withdrawBalance_fixed_2() (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#46-53)\n\t- Reentrancy.getBalance(address) (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#6-8)\n", - "markdown": "Reentrancy in [Reentrancy.withdrawBalance_fixed_3()](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L55-L64):\n\tExternal calls:\n\t- [(ret,mem) = msg.sender.call.value(amount)()](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L60)\n\tState variables written after the call(s):\n\t- [userBalance[msg.sender] = amount](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L62)\n\t[Reentrancy.userBalance](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L4) can be used in cross function reentrancies:\n\t- [Reentrancy.addToBalance()](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L10-L12)\n\t- [Reentrancy.constructor()](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L15-L23)\n\t- [Reentrancy.withdrawBalance_fixed()](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L35-L44)\n\t- [Reentrancy.withdrawBalance()](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L25-L33)\n\t- [Reentrancy.withdrawBalance_fixed_3()](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L55-L64)\n\t- [Reentrancy.withdrawBalance_fixed_2()](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L46-L53)\n\t- [Reentrancy.getBalance(address)](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L6-L8)\n", - "first_markdown_element": "tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L55-L64", - "id": "14bd70d68ad1a7a1de9653bb90378aaa9912309c63aa307e014f56bf6946f6d9", + "description": "Reentrancy in Reentrancy.withdrawBalance() (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#25-33):\n\tExternal calls:\n\t- (ret,mem) = msg.sender.call.value(userBalance[msg.sender])() (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#28)\n\tState variables written after the call(s):\n\t- userBalance[msg.sender] = 0 (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#32)\n\tReentrancy.userBalance (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#4) can be used in cross function reentrancies:\n\t- Reentrancy.addToBalance() (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#10-12)\n\t- Reentrancy.constructor() (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#15-23)\n\t- Reentrancy.getBalance(address) (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#6-8)\n\t- Reentrancy.withdrawBalance() (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#25-33)\n\t- Reentrancy.withdrawBalance_fixed() (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#35-44)\n\t- Reentrancy.withdrawBalance_fixed_2() (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#46-53)\n\t- Reentrancy.withdrawBalance_fixed_3() (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#55-64)\n", + "markdown": "Reentrancy in [Reentrancy.withdrawBalance()](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L25-L33):\n\tExternal calls:\n\t- [(ret,mem) = msg.sender.call.value(userBalance[msg.sender])()](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L28)\n\tState variables written after the call(s):\n\t- [userBalance[msg.sender] = 0](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L32)\n\t[Reentrancy.userBalance](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L4) can be used in cross function reentrancies:\n\t- [Reentrancy.addToBalance()](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L10-L12)\n\t- [Reentrancy.constructor()](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L15-L23)\n\t- [Reentrancy.getBalance(address)](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L6-L8)\n\t- [Reentrancy.withdrawBalance()](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L25-L33)\n\t- [Reentrancy.withdrawBalance_fixed()](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L35-L44)\n\t- [Reentrancy.withdrawBalance_fixed_2()](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L46-L53)\n\t- [Reentrancy.withdrawBalance_fixed_3()](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L55-L64)\n", + "first_markdown_element": "tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L25-L33", + "id": "1fec5eddc1a1f7c95bbaa72099c7f36d9c8768271ba1bb51b2ece7f2dab1a175", "check": "reentrancy-eth", "impact": "High", "confidence": "Medium" @@ -384,24 +381,25 @@ "elements": [ { "type": "function", - "name": "withdrawBalance", + "name": "withdrawBalance_fixed_3", "source_mapping": { - "start": 703, - "length": 357, + "start": 1839, + "length": 393, "filename_relative": "tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol", "is_dependency": false, "lines": [ - 25, - 26, - 27, - 28, - 29, - 30, - 31, - 32, - 33 + 55, + 56, + 57, + 58, + 59, + 60, + 61, + 62, + 63, + 64 ], "starting_column": 5, "ending_column": 6 @@ -486,46 +484,47 @@ "ending_column": 2 } }, - "signature": "withdrawBalance()" + "signature": "withdrawBalance_fixed_3()" } }, { "type": "node", - "name": "(ret,mem) = msg.sender.call.value(userBalance[msg.sender])()", + "name": "(ret,mem) = msg.sender.call.value(amount)()", "source_mapping": { - "start": 882, - "length": 81, + "start": 2084, + "length": 64, "filename_relative": "tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol", "is_dependency": false, "lines": [ - 28 + 60 ], "starting_column": 9, - "ending_column": 90 + "ending_column": 73 }, "type_specific_fields": { "parent": { "type": "function", - "name": "withdrawBalance", + "name": "withdrawBalance_fixed_3", "source_mapping": { - "start": 703, - "length": 357, + "start": 1839, + "length": 393, "filename_relative": "tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol", "is_dependency": false, "lines": [ - 25, - 26, - 27, - 28, - 29, - 30, - 31, - 32, - 33 + 55, + 56, + 57, + 58, + 59, + 60, + 61, + 62, + 63, + 64 ], "starting_column": 5, "ending_column": 6 @@ -610,7 +609,7 @@ "ending_column": 2 } }, - "signature": "withdrawBalance()" + "signature": "withdrawBalance_fixed_3()" } } }, @@ -620,41 +619,42 @@ }, { "type": "node", - "name": "userBalance[msg.sender] = 0", + "name": "userBalance[msg.sender] = amount", "source_mapping": { - "start": 1026, - "length": 27, + "start": 2183, + "length": 32, "filename_relative": "tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol", "is_dependency": false, "lines": [ - 32 + 62 ], - "starting_column": 9, - "ending_column": 36 + "starting_column": 13, + "ending_column": 45 }, "type_specific_fields": { "parent": { "type": "function", - "name": "withdrawBalance", + "name": "withdrawBalance_fixed_3", "source_mapping": { - "start": 703, - "length": 357, + "start": 1839, + "length": 393, "filename_relative": "tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol", "is_dependency": false, "lines": [ - 25, - 26, - 27, - 28, - 29, - 30, - 31, - 32, - 33 + 55, + 56, + 57, + 58, + 59, + 60, + 61, + 62, + 63, + 64 ], "starting_column": 5, "ending_column": 6 @@ -739,7 +739,7 @@ "ending_column": 2 } }, - "signature": "withdrawBalance()" + "signature": "withdrawBalance_fixed_3()" } } }, @@ -749,10 +749,10 @@ } } ], - "description": "Reentrancy in Reentrancy.withdrawBalance() (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#25-33):\n\tExternal calls:\n\t- (ret,mem) = msg.sender.call.value(userBalance[msg.sender])() (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#28)\n\tState variables written after the call(s):\n\t- userBalance[msg.sender] = 0 (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#32)\n\tReentrancy.userBalance (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#4) can be used in cross function reentrancies:\n\t- Reentrancy.addToBalance() (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#10-12)\n\t- Reentrancy.constructor() (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#15-23)\n\t- Reentrancy.withdrawBalance_fixed() (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#35-44)\n\t- Reentrancy.withdrawBalance() (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#25-33)\n\t- Reentrancy.withdrawBalance_fixed_3() (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#55-64)\n\t- Reentrancy.withdrawBalance_fixed_2() (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#46-53)\n\t- Reentrancy.getBalance(address) (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#6-8)\n", - "markdown": "Reentrancy in [Reentrancy.withdrawBalance()](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L25-L33):\n\tExternal calls:\n\t- [(ret,mem) = msg.sender.call.value(userBalance[msg.sender])()](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L28)\n\tState variables written after the call(s):\n\t- [userBalance[msg.sender] = 0](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L32)\n\t[Reentrancy.userBalance](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L4) can be used in cross function reentrancies:\n\t- [Reentrancy.addToBalance()](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L10-L12)\n\t- [Reentrancy.constructor()](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L15-L23)\n\t- [Reentrancy.withdrawBalance_fixed()](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L35-L44)\n\t- [Reentrancy.withdrawBalance()](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L25-L33)\n\t- [Reentrancy.withdrawBalance_fixed_3()](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L55-L64)\n\t- [Reentrancy.withdrawBalance_fixed_2()](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L46-L53)\n\t- [Reentrancy.getBalance(address)](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L6-L8)\n", - "first_markdown_element": "tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L25-L33", - "id": "adefd8720d742bbfce41168a7f6671258c2a2274203a275438c8c1b9bce3be69", + "description": "Reentrancy in Reentrancy.withdrawBalance_fixed_3() (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#55-64):\n\tExternal calls:\n\t- (ret,mem) = msg.sender.call.value(amount)() (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#60)\n\tState variables written after the call(s):\n\t- userBalance[msg.sender] = amount (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#62)\n\tReentrancy.userBalance (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#4) can be used in cross function reentrancies:\n\t- Reentrancy.addToBalance() (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#10-12)\n\t- Reentrancy.constructor() (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#15-23)\n\t- Reentrancy.getBalance(address) (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#6-8)\n\t- Reentrancy.withdrawBalance() (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#25-33)\n\t- Reentrancy.withdrawBalance_fixed() (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#35-44)\n\t- Reentrancy.withdrawBalance_fixed_2() (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#46-53)\n\t- Reentrancy.withdrawBalance_fixed_3() (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#55-64)\n", + "markdown": "Reentrancy in [Reentrancy.withdrawBalance_fixed_3()](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L55-L64):\n\tExternal calls:\n\t- [(ret,mem) = msg.sender.call.value(amount)()](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L60)\n\tState variables written after the call(s):\n\t- [userBalance[msg.sender] = amount](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L62)\n\t[Reentrancy.userBalance](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L4) can be used in cross function reentrancies:\n\t- [Reentrancy.addToBalance()](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L10-L12)\n\t- [Reentrancy.constructor()](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L15-L23)\n\t- [Reentrancy.getBalance(address)](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L6-L8)\n\t- [Reentrancy.withdrawBalance()](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L25-L33)\n\t- [Reentrancy.withdrawBalance_fixed()](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L35-L44)\n\t- [Reentrancy.withdrawBalance_fixed_2()](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L46-L53)\n\t- [Reentrancy.withdrawBalance_fixed_3()](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L55-L64)\n", + "first_markdown_element": "tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L55-L64", + "id": "c1a4b6379bd0137d705b0e1994021e4478445b98ba4d23c547338f09e2213ef0", "check": "reentrancy-eth", "impact": "High", "confidence": "Medium" diff --git a/tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol.0.5.16.ReentrancyEth.json b/tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol.0.5.16.ReentrancyEth.json index 2fd0e6feb..e489c1d98 100644 --- a/tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol.0.5.16.ReentrancyEth.json +++ b/tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol.0.5.16.ReentrancyEth.json @@ -428,10 +428,10 @@ } } ], - "description": "Reentrancy in Reentrancy.withdraw(address) (tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#22-29):\n\tExternal calls:\n\t- require(bool)(Token(token).transfer(msg.sender,token_deposed[token][msg.sender])) (tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#24)\n\tExternal calls sending eth:\n\t- msg.sender.transfer(eth_deposed[token][msg.sender]) (tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#23)\n\tState variables written after the call(s):\n\t- eth_deposed[token][msg.sender] = 0 (tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#26)\n\tReentrancy.eth_deposed (tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#10) can be used in cross function reentrancies:\n\t- Reentrancy.withdraw(address) (tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#22-29)\n\t- Reentrancy.deposit_eth(address) (tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#13-15)\n\t- token_deposed[token][msg.sender] = 0 (tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#27)\n\tReentrancy.token_deposed (tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#11) can be used in cross function reentrancies:\n\t- Reentrancy.deposit_token(address,uint256) (tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#17-20)\n\t- Reentrancy.withdraw(address) (tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#22-29)\n", - "markdown": "Reentrancy in [Reentrancy.withdraw(address)](tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#L22-L29):\n\tExternal calls:\n\t- [require(bool)(Token(token).transfer(msg.sender,token_deposed[token][msg.sender]))](tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#L24)\n\tExternal calls sending eth:\n\t- [msg.sender.transfer(eth_deposed[token][msg.sender])](tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#L23)\n\tState variables written after the call(s):\n\t- [eth_deposed[token][msg.sender] = 0](tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#L26)\n\t[Reentrancy.eth_deposed](tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#L10) can be used in cross function reentrancies:\n\t- [Reentrancy.withdraw(address)](tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#L22-L29)\n\t- [Reentrancy.deposit_eth(address)](tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#L13-L15)\n\t- [token_deposed[token][msg.sender] = 0](tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#L27)\n\t[Reentrancy.token_deposed](tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#L11) can be used in cross function reentrancies:\n\t- [Reentrancy.deposit_token(address,uint256)](tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#L17-L20)\n\t- [Reentrancy.withdraw(address)](tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#L22-L29)\n", + "description": "Reentrancy in Reentrancy.withdraw(address) (tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#22-29):\n\tExternal calls:\n\t- require(bool)(Token(token).transfer(msg.sender,token_deposed[token][msg.sender])) (tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#24)\n\tExternal calls sending eth:\n\t- msg.sender.transfer(eth_deposed[token][msg.sender]) (tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#23)\n\tState variables written after the call(s):\n\t- eth_deposed[token][msg.sender] = 0 (tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#26)\n\tReentrancy.eth_deposed (tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#10) can be used in cross function reentrancies:\n\t- Reentrancy.deposit_eth(address) (tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#13-15)\n\t- Reentrancy.withdraw(address) (tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#22-29)\n\t- token_deposed[token][msg.sender] = 0 (tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#27)\n\tReentrancy.token_deposed (tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#11) can be used in cross function reentrancies:\n\t- Reentrancy.deposit_token(address,uint256) (tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#17-20)\n\t- Reentrancy.withdraw(address) (tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#22-29)\n", + "markdown": "Reentrancy in [Reentrancy.withdraw(address)](tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#L22-L29):\n\tExternal calls:\n\t- [require(bool)(Token(token).transfer(msg.sender,token_deposed[token][msg.sender]))](tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#L24)\n\tExternal calls sending eth:\n\t- [msg.sender.transfer(eth_deposed[token][msg.sender])](tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#L23)\n\tState variables written after the call(s):\n\t- [eth_deposed[token][msg.sender] = 0](tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#L26)\n\t[Reentrancy.eth_deposed](tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#L10) can be used in cross function reentrancies:\n\t- [Reentrancy.deposit_eth(address)](tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#L13-L15)\n\t- [Reentrancy.withdraw(address)](tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#L22-L29)\n\t- [token_deposed[token][msg.sender] = 0](tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#L27)\n\t[Reentrancy.token_deposed](tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#L11) can be used in cross function reentrancies:\n\t- [Reentrancy.deposit_token(address,uint256)](tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#L17-L20)\n\t- [Reentrancy.withdraw(address)](tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#L22-L29)\n", "first_markdown_element": "tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#L22-L29", - "id": "63385af783ed3eb67d0d73e9f3350256e9cc6ee2f5485c50cf6c6c91f8757601", + "id": "52cd1e82b29830aa25a1ea1bbc1b35c0e3097eab1f2922b4ecc98eae8f1ed225", "check": "reentrancy-eth", "impact": "High", "confidence": "Medium" diff --git a/tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol.0.6.11.ReentrancyEth.json b/tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol.0.6.11.ReentrancyEth.json index 0aec13387..ed59ee2c0 100644 --- a/tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol.0.6.11.ReentrancyEth.json +++ b/tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol.0.6.11.ReentrancyEth.json @@ -372,10 +372,10 @@ } } ], - "description": "Reentrancy in Reentrancy.withdrawBalance_fixed_3() (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#55-64):\n\tExternal calls:\n\t- (ret,mem) = msg.sender.call.value(amount)() (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#60)\n\tState variables written after the call(s):\n\t- userBalance[msg.sender] = amount (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#62)\n\tReentrancy.userBalance (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#4) can be used in cross function reentrancies:\n\t- Reentrancy.addToBalance() (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#10-12)\n\t- Reentrancy.constructor() (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#15-23)\n\t- Reentrancy.getBalance(address) (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#6-8)\n\t- Reentrancy.withdrawBalance_fixed_3() (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#55-64)\n\t- Reentrancy.withdrawBalance() (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#25-33)\n\t- Reentrancy.withdrawBalance_fixed() (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#35-44)\n\t- Reentrancy.withdrawBalance_fixed_2() (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#46-53)\n", - "markdown": "Reentrancy in [Reentrancy.withdrawBalance_fixed_3()](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L55-L64):\n\tExternal calls:\n\t- [(ret,mem) = msg.sender.call.value(amount)()](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L60)\n\tState variables written after the call(s):\n\t- [userBalance[msg.sender] = amount](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L62)\n\t[Reentrancy.userBalance](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L4) can be used in cross function reentrancies:\n\t- [Reentrancy.addToBalance()](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L10-L12)\n\t- [Reentrancy.constructor()](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L15-L23)\n\t- [Reentrancy.getBalance(address)](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L6-L8)\n\t- [Reentrancy.withdrawBalance_fixed_3()](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L55-L64)\n\t- [Reentrancy.withdrawBalance()](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L25-L33)\n\t- [Reentrancy.withdrawBalance_fixed()](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L35-L44)\n\t- [Reentrancy.withdrawBalance_fixed_2()](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L46-L53)\n", + "description": "Reentrancy in Reentrancy.withdrawBalance_fixed_3() (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#55-64):\n\tExternal calls:\n\t- (ret,mem) = msg.sender.call.value(amount)() (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#60)\n\tState variables written after the call(s):\n\t- userBalance[msg.sender] = amount (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#62)\n\tReentrancy.userBalance (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#4) can be used in cross function reentrancies:\n\t- Reentrancy.addToBalance() (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#10-12)\n\t- Reentrancy.constructor() (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#15-23)\n\t- Reentrancy.getBalance(address) (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#6-8)\n\t- Reentrancy.withdrawBalance() (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#25-33)\n\t- Reentrancy.withdrawBalance_fixed() (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#35-44)\n\t- Reentrancy.withdrawBalance_fixed_2() (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#46-53)\n\t- Reentrancy.withdrawBalance_fixed_3() (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#55-64)\n", + "markdown": "Reentrancy in [Reentrancy.withdrawBalance_fixed_3()](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L55-L64):\n\tExternal calls:\n\t- [(ret,mem) = msg.sender.call.value(amount)()](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L60)\n\tState variables written after the call(s):\n\t- [userBalance[msg.sender] = amount](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L62)\n\t[Reentrancy.userBalance](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L4) can be used in cross function reentrancies:\n\t- [Reentrancy.addToBalance()](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L10-L12)\n\t- [Reentrancy.constructor()](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L15-L23)\n\t- [Reentrancy.getBalance(address)](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L6-L8)\n\t- [Reentrancy.withdrawBalance()](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L25-L33)\n\t- [Reentrancy.withdrawBalance_fixed()](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L35-L44)\n\t- [Reentrancy.withdrawBalance_fixed_2()](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L46-L53)\n\t- [Reentrancy.withdrawBalance_fixed_3()](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L55-L64)\n", "first_markdown_element": "tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L55-L64", - "id": "198c0aa45e21eaf93239b89902af77daf6acd1431a537d38c9ff8ac798d7de1a", + "id": "bc199b4c8749cb08649e2084ac891e0cb098640e2752bf319ffa79d99ee10cdb", "check": "reentrancy-eth", "impact": "High", "confidence": "Medium" @@ -749,10 +749,10 @@ } } ], - "description": "Reentrancy in Reentrancy.withdrawBalance() (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#25-33):\n\tExternal calls:\n\t- (ret,mem) = msg.sender.call.value(userBalance[msg.sender])() (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#28)\n\tState variables written after the call(s):\n\t- userBalance[msg.sender] = 0 (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#32)\n\tReentrancy.userBalance (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#4) can be used in cross function reentrancies:\n\t- Reentrancy.addToBalance() (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#10-12)\n\t- Reentrancy.constructor() (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#15-23)\n\t- Reentrancy.getBalance(address) (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#6-8)\n\t- Reentrancy.withdrawBalance_fixed_3() (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#55-64)\n\t- Reentrancy.withdrawBalance() (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#25-33)\n\t- Reentrancy.withdrawBalance_fixed() (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#35-44)\n\t- Reentrancy.withdrawBalance_fixed_2() (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#46-53)\n", - "markdown": "Reentrancy in [Reentrancy.withdrawBalance()](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L25-L33):\n\tExternal calls:\n\t- [(ret,mem) = msg.sender.call.value(userBalance[msg.sender])()](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L28)\n\tState variables written after the call(s):\n\t- [userBalance[msg.sender] = 0](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L32)\n\t[Reentrancy.userBalance](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L4) can be used in cross function reentrancies:\n\t- [Reentrancy.addToBalance()](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L10-L12)\n\t- [Reentrancy.constructor()](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L15-L23)\n\t- [Reentrancy.getBalance(address)](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L6-L8)\n\t- [Reentrancy.withdrawBalance_fixed_3()](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L55-L64)\n\t- [Reentrancy.withdrawBalance()](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L25-L33)\n\t- [Reentrancy.withdrawBalance_fixed()](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L35-L44)\n\t- [Reentrancy.withdrawBalance_fixed_2()](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L46-L53)\n", + "description": "Reentrancy in Reentrancy.withdrawBalance() (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#25-33):\n\tExternal calls:\n\t- (ret,mem) = msg.sender.call.value(userBalance[msg.sender])() (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#28)\n\tState variables written after the call(s):\n\t- userBalance[msg.sender] = 0 (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#32)\n\tReentrancy.userBalance (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#4) can be used in cross function reentrancies:\n\t- Reentrancy.addToBalance() (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#10-12)\n\t- Reentrancy.constructor() (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#15-23)\n\t- Reentrancy.getBalance(address) (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#6-8)\n\t- Reentrancy.withdrawBalance() (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#25-33)\n\t- Reentrancy.withdrawBalance_fixed() (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#35-44)\n\t- Reentrancy.withdrawBalance_fixed_2() (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#46-53)\n\t- Reentrancy.withdrawBalance_fixed_3() (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#55-64)\n", + "markdown": "Reentrancy in [Reentrancy.withdrawBalance()](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L25-L33):\n\tExternal calls:\n\t- [(ret,mem) = msg.sender.call.value(userBalance[msg.sender])()](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L28)\n\tState variables written after the call(s):\n\t- [userBalance[msg.sender] = 0](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L32)\n\t[Reentrancy.userBalance](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L4) can be used in cross function reentrancies:\n\t- [Reentrancy.addToBalance()](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L10-L12)\n\t- [Reentrancy.constructor()](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L15-L23)\n\t- [Reentrancy.getBalance(address)](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L6-L8)\n\t- [Reentrancy.withdrawBalance()](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L25-L33)\n\t- [Reentrancy.withdrawBalance_fixed()](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L35-L44)\n\t- [Reentrancy.withdrawBalance_fixed_2()](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L46-L53)\n\t- [Reentrancy.withdrawBalance_fixed_3()](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L55-L64)\n", "first_markdown_element": "tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L25-L33", - "id": "8e2d5646c5d4c6276b4c732adccb83f27cedb7c979f67e27d86066a3c86ad293", + "id": "c8c4106c11c4f1fc4a76fc18e91bb3132d5b8d95d94c707453f64be98f1efa8d", "check": "reentrancy-eth", "impact": "High", "confidence": "Medium" diff --git a/tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol.0.6.11.ReentrancyEth.json b/tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol.0.6.11.ReentrancyEth.json index 9bdf46f7e..1c6cf3b56 100644 --- a/tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol.0.6.11.ReentrancyEth.json +++ b/tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol.0.6.11.ReentrancyEth.json @@ -428,10 +428,10 @@ } } ], - "description": "Reentrancy in Reentrancy.withdraw(address) (tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#22-29):\n\tExternal calls:\n\t- require(bool)(Token(token).transfer(msg.sender,token_deposed[token][msg.sender])) (tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#24)\n\tExternal calls sending eth:\n\t- msg.sender.transfer(eth_deposed[token][msg.sender]) (tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#23)\n\tState variables written after the call(s):\n\t- eth_deposed[token][msg.sender] = 0 (tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#26)\n\tReentrancy.eth_deposed (tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#10) can be used in cross function reentrancies:\n\t- Reentrancy.withdraw(address) (tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#22-29)\n\t- Reentrancy.deposit_eth(address) (tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#13-15)\n\t- token_deposed[token][msg.sender] = 0 (tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#27)\n\tReentrancy.token_deposed (tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#11) can be used in cross function reentrancies:\n\t- Reentrancy.deposit_token(address,uint256) (tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#17-20)\n\t- Reentrancy.withdraw(address) (tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#22-29)\n", - "markdown": "Reentrancy in [Reentrancy.withdraw(address)](tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#L22-L29):\n\tExternal calls:\n\t- [require(bool)(Token(token).transfer(msg.sender,token_deposed[token][msg.sender]))](tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#L24)\n\tExternal calls sending eth:\n\t- [msg.sender.transfer(eth_deposed[token][msg.sender])](tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#L23)\n\tState variables written after the call(s):\n\t- [eth_deposed[token][msg.sender] = 0](tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#L26)\n\t[Reentrancy.eth_deposed](tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#L10) can be used in cross function reentrancies:\n\t- [Reentrancy.withdraw(address)](tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#L22-L29)\n\t- [Reentrancy.deposit_eth(address)](tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#L13-L15)\n\t- [token_deposed[token][msg.sender] = 0](tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#L27)\n\t[Reentrancy.token_deposed](tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#L11) can be used in cross function reentrancies:\n\t- [Reentrancy.deposit_token(address,uint256)](tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#L17-L20)\n\t- [Reentrancy.withdraw(address)](tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#L22-L29)\n", + "description": "Reentrancy in Reentrancy.withdraw(address) (tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#22-29):\n\tExternal calls:\n\t- require(bool)(Token(token).transfer(msg.sender,token_deposed[token][msg.sender])) (tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#24)\n\tExternal calls sending eth:\n\t- msg.sender.transfer(eth_deposed[token][msg.sender]) (tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#23)\n\tState variables written after the call(s):\n\t- eth_deposed[token][msg.sender] = 0 (tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#26)\n\tReentrancy.eth_deposed (tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#10) can be used in cross function reentrancies:\n\t- Reentrancy.deposit_eth(address) (tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#13-15)\n\t- Reentrancy.withdraw(address) (tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#22-29)\n\t- token_deposed[token][msg.sender] = 0 (tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#27)\n\tReentrancy.token_deposed (tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#11) can be used in cross function reentrancies:\n\t- Reentrancy.deposit_token(address,uint256) (tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#17-20)\n\t- Reentrancy.withdraw(address) (tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#22-29)\n", + "markdown": "Reentrancy in [Reentrancy.withdraw(address)](tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#L22-L29):\n\tExternal calls:\n\t- [require(bool)(Token(token).transfer(msg.sender,token_deposed[token][msg.sender]))](tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#L24)\n\tExternal calls sending eth:\n\t- [msg.sender.transfer(eth_deposed[token][msg.sender])](tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#L23)\n\tState variables written after the call(s):\n\t- [eth_deposed[token][msg.sender] = 0](tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#L26)\n\t[Reentrancy.eth_deposed](tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#L10) can be used in cross function reentrancies:\n\t- [Reentrancy.deposit_eth(address)](tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#L13-L15)\n\t- [Reentrancy.withdraw(address)](tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#L22-L29)\n\t- [token_deposed[token][msg.sender] = 0](tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#L27)\n\t[Reentrancy.token_deposed](tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#L11) can be used in cross function reentrancies:\n\t- [Reentrancy.deposit_token(address,uint256)](tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#L17-L20)\n\t- [Reentrancy.withdraw(address)](tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#L22-L29)\n", "first_markdown_element": "tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#L22-L29", - "id": "c2901845976c503271b1f0210ebe3a50274502ce56d3de66f1bb8414c33891c5", + "id": "f892080cd6edb9d73d435cd8c4cea16e1b65098abf2a0df5debcd493787f6654", "check": "reentrancy-eth", "impact": "High", "confidence": "Medium" diff --git a/tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol.0.7.6.ReentrancyEth.json b/tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol.0.7.6.ReentrancyEth.json index c6206b38a..05be376b4 100644 --- a/tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol.0.7.6.ReentrancyEth.json +++ b/tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol.0.7.6.ReentrancyEth.json @@ -4,24 +4,25 @@ "elements": [ { "type": "function", - "name": "withdrawBalance", + "name": "withdrawBalance_fixed_3", "source_mapping": { - "start": 703, - "length": 357, + "start": 1839, + "length": 393, "filename_relative": "tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol", "is_dependency": false, "lines": [ - 25, - 26, - 27, - 28, - 29, - 30, - 31, - 32, - 33 + 55, + 56, + 57, + 58, + 59, + 60, + 61, + 62, + 63, + 64 ], "starting_column": 5, "ending_column": 6 @@ -106,46 +107,47 @@ "ending_column": 2 } }, - "signature": "withdrawBalance()" + "signature": "withdrawBalance_fixed_3()" } }, { "type": "node", - "name": "(ret,mem) = msg.sender.call{value: userBalance[msg.sender]}()", + "name": "(ret,mem) = msg.sender.call{value: amount}()", "source_mapping": { - "start": 882, - "length": 81, + "start": 2084, + "length": 64, "filename_relative": "tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol", "is_dependency": false, "lines": [ - 28 + 60 ], "starting_column": 9, - "ending_column": 90 + "ending_column": 73 }, "type_specific_fields": { "parent": { "type": "function", - "name": "withdrawBalance", + "name": "withdrawBalance_fixed_3", "source_mapping": { - "start": 703, - "length": 357, + "start": 1839, + "length": 393, "filename_relative": "tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol", "is_dependency": false, "lines": [ - 25, - 26, - 27, - 28, - 29, - 30, - 31, - 32, - 33 + 55, + 56, + 57, + 58, + 59, + 60, + 61, + 62, + 63, + 64 ], "starting_column": 5, "ending_column": 6 @@ -230,7 +232,7 @@ "ending_column": 2 } }, - "signature": "withdrawBalance()" + "signature": "withdrawBalance_fixed_3()" } } }, @@ -240,41 +242,42 @@ }, { "type": "node", - "name": "userBalance[msg.sender] = 0", + "name": "userBalance[msg.sender] = amount", "source_mapping": { - "start": 1026, - "length": 27, + "start": 2183, + "length": 32, "filename_relative": "tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol", "is_dependency": false, "lines": [ - 32 + 62 ], - "starting_column": 9, - "ending_column": 36 + "starting_column": 13, + "ending_column": 45 }, "type_specific_fields": { "parent": { "type": "function", - "name": "withdrawBalance", + "name": "withdrawBalance_fixed_3", "source_mapping": { - "start": 703, - "length": 357, + "start": 1839, + "length": 393, "filename_relative": "tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol", "is_dependency": false, "lines": [ - 25, - 26, - 27, - 28, - 29, - 30, - 31, - 32, - 33 + 55, + 56, + 57, + 58, + 59, + 60, + 61, + 62, + 63, + 64 ], "starting_column": 5, "ending_column": 6 @@ -359,7 +362,7 @@ "ending_column": 2 } }, - "signature": "withdrawBalance()" + "signature": "withdrawBalance_fixed_3()" } } }, @@ -369,10 +372,10 @@ } } ], - "description": "Reentrancy in Reentrancy.withdrawBalance() (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#25-33):\n\tExternal calls:\n\t- (ret,mem) = msg.sender.call{value: userBalance[msg.sender]}() (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#28)\n\tState variables written after the call(s):\n\t- userBalance[msg.sender] = 0 (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#32)\n\tReentrancy.userBalance (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#4) can be used in cross function reentrancies:\n\t- Reentrancy.getBalance(address) (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#6-8)\n\t- Reentrancy.constructor() (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#15-23)\n\t- Reentrancy.addToBalance() (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#10-12)\n\t- Reentrancy.withdrawBalance_fixed() (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#35-44)\n\t- Reentrancy.withdrawBalance_fixed_3() (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#55-64)\n\t- Reentrancy.withdrawBalance() (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#25-33)\n\t- Reentrancy.withdrawBalance_fixed_2() (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#46-53)\n", - "markdown": "Reentrancy in [Reentrancy.withdrawBalance()](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L25-L33):\n\tExternal calls:\n\t- [(ret,mem) = msg.sender.call{value: userBalance[msg.sender]}()](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L28)\n\tState variables written after the call(s):\n\t- [userBalance[msg.sender] = 0](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L32)\n\t[Reentrancy.userBalance](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L4) can be used in cross function reentrancies:\n\t- [Reentrancy.getBalance(address)](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L6-L8)\n\t- [Reentrancy.constructor()](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L15-L23)\n\t- [Reentrancy.addToBalance()](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L10-L12)\n\t- [Reentrancy.withdrawBalance_fixed()](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L35-L44)\n\t- [Reentrancy.withdrawBalance_fixed_3()](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L55-L64)\n\t- [Reentrancy.withdrawBalance()](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L25-L33)\n\t- [Reentrancy.withdrawBalance_fixed_2()](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L46-L53)\n", - "first_markdown_element": "tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L25-L33", - "id": "37e2382d9122de6b05be022dc852d8adf129f921998831fcdc34a04d393dd384", + "description": "Reentrancy in Reentrancy.withdrawBalance_fixed_3() (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#55-64):\n\tExternal calls:\n\t- (ret,mem) = msg.sender.call{value: amount}() (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#60)\n\tState variables written after the call(s):\n\t- userBalance[msg.sender] = amount (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#62)\n\tReentrancy.userBalance (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#4) can be used in cross function reentrancies:\n\t- Reentrancy.addToBalance() (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#10-12)\n\t- Reentrancy.constructor() (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#15-23)\n\t- Reentrancy.getBalance(address) (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#6-8)\n\t- Reentrancy.withdrawBalance() (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#25-33)\n\t- Reentrancy.withdrawBalance_fixed() (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#35-44)\n\t- Reentrancy.withdrawBalance_fixed_2() (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#46-53)\n\t- Reentrancy.withdrawBalance_fixed_3() (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#55-64)\n", + "markdown": "Reentrancy in [Reentrancy.withdrawBalance_fixed_3()](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L55-L64):\n\tExternal calls:\n\t- [(ret,mem) = msg.sender.call{value: amount}()](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L60)\n\tState variables written after the call(s):\n\t- [userBalance[msg.sender] = amount](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L62)\n\t[Reentrancy.userBalance](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L4) can be used in cross function reentrancies:\n\t- [Reentrancy.addToBalance()](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L10-L12)\n\t- [Reentrancy.constructor()](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L15-L23)\n\t- [Reentrancy.getBalance(address)](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L6-L8)\n\t- [Reentrancy.withdrawBalance()](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L25-L33)\n\t- [Reentrancy.withdrawBalance_fixed()](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L35-L44)\n\t- [Reentrancy.withdrawBalance_fixed_2()](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L46-L53)\n\t- [Reentrancy.withdrawBalance_fixed_3()](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L55-L64)\n", + "first_markdown_element": "tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L55-L64", + "id": "75d254de1c95646a633659a0bb8c1cd874b1a83f8bdba6fda28e9092be76beeb", "check": "reentrancy-eth", "impact": "High", "confidence": "Medium" @@ -381,25 +384,24 @@ "elements": [ { "type": "function", - "name": "withdrawBalance_fixed_3", + "name": "withdrawBalance", "source_mapping": { - "start": 1839, - "length": 393, + "start": 703, + "length": 357, "filename_relative": "tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol", "is_dependency": false, "lines": [ - 55, - 56, - 57, - 58, - 59, - 60, - 61, - 62, - 63, - 64 + 25, + 26, + 27, + 28, + 29, + 30, + 31, + 32, + 33 ], "starting_column": 5, "ending_column": 6 @@ -484,47 +486,46 @@ "ending_column": 2 } }, - "signature": "withdrawBalance_fixed_3()" + "signature": "withdrawBalance()" } }, { "type": "node", - "name": "(ret,mem) = msg.sender.call{value: amount}()", + "name": "(ret,mem) = msg.sender.call{value: userBalance[msg.sender]}()", "source_mapping": { - "start": 2084, - "length": 64, + "start": 882, + "length": 81, "filename_relative": "tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol", "is_dependency": false, "lines": [ - 60 + 28 ], "starting_column": 9, - "ending_column": 73 + "ending_column": 90 }, "type_specific_fields": { "parent": { "type": "function", - "name": "withdrawBalance_fixed_3", + "name": "withdrawBalance", "source_mapping": { - "start": 1839, - "length": 393, + "start": 703, + "length": 357, "filename_relative": "tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol", "is_dependency": false, "lines": [ - 55, - 56, - 57, - 58, - 59, - 60, - 61, - 62, - 63, - 64 + 25, + 26, + 27, + 28, + 29, + 30, + 31, + 32, + 33 ], "starting_column": 5, "ending_column": 6 @@ -609,7 +610,7 @@ "ending_column": 2 } }, - "signature": "withdrawBalance_fixed_3()" + "signature": "withdrawBalance()" } } }, @@ -619,42 +620,41 @@ }, { "type": "node", - "name": "userBalance[msg.sender] = amount", + "name": "userBalance[msg.sender] = 0", "source_mapping": { - "start": 2183, - "length": 32, + "start": 1026, + "length": 27, "filename_relative": "tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol", "is_dependency": false, "lines": [ - 62 + 32 ], - "starting_column": 13, - "ending_column": 45 + "starting_column": 9, + "ending_column": 36 }, "type_specific_fields": { "parent": { "type": "function", - "name": "withdrawBalance_fixed_3", + "name": "withdrawBalance", "source_mapping": { - "start": 1839, - "length": 393, + "start": 703, + "length": 357, "filename_relative": "tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol", "is_dependency": false, "lines": [ - 55, - 56, - 57, - 58, - 59, - 60, - 61, - 62, - 63, - 64 + 25, + 26, + 27, + 28, + 29, + 30, + 31, + 32, + 33 ], "starting_column": 5, "ending_column": 6 @@ -739,7 +739,7 @@ "ending_column": 2 } }, - "signature": "withdrawBalance_fixed_3()" + "signature": "withdrawBalance()" } } }, @@ -749,10 +749,10 @@ } } ], - "description": "Reentrancy in Reentrancy.withdrawBalance_fixed_3() (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#55-64):\n\tExternal calls:\n\t- (ret,mem) = msg.sender.call{value: amount}() (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#60)\n\tState variables written after the call(s):\n\t- userBalance[msg.sender] = amount (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#62)\n\tReentrancy.userBalance (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#4) can be used in cross function reentrancies:\n\t- Reentrancy.getBalance(address) (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#6-8)\n\t- Reentrancy.constructor() (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#15-23)\n\t- Reentrancy.addToBalance() (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#10-12)\n\t- Reentrancy.withdrawBalance_fixed() (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#35-44)\n\t- Reentrancy.withdrawBalance_fixed_3() (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#55-64)\n\t- Reentrancy.withdrawBalance() (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#25-33)\n\t- Reentrancy.withdrawBalance_fixed_2() (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#46-53)\n", - "markdown": "Reentrancy in [Reentrancy.withdrawBalance_fixed_3()](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L55-L64):\n\tExternal calls:\n\t- [(ret,mem) = msg.sender.call{value: amount}()](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L60)\n\tState variables written after the call(s):\n\t- [userBalance[msg.sender] = amount](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L62)\n\t[Reentrancy.userBalance](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L4) can be used in cross function reentrancies:\n\t- [Reentrancy.getBalance(address)](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L6-L8)\n\t- [Reentrancy.constructor()](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L15-L23)\n\t- [Reentrancy.addToBalance()](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L10-L12)\n\t- [Reentrancy.withdrawBalance_fixed()](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L35-L44)\n\t- [Reentrancy.withdrawBalance_fixed_3()](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L55-L64)\n\t- [Reentrancy.withdrawBalance()](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L25-L33)\n\t- [Reentrancy.withdrawBalance_fixed_2()](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L46-L53)\n", - "first_markdown_element": "tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L55-L64", - "id": "b40693864ea56a41248ea1fecfa8c0ed95552a62235a9282281b220d0c7000cc", + "description": "Reentrancy in Reentrancy.withdrawBalance() (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#25-33):\n\tExternal calls:\n\t- (ret,mem) = msg.sender.call{value: userBalance[msg.sender]}() (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#28)\n\tState variables written after the call(s):\n\t- userBalance[msg.sender] = 0 (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#32)\n\tReentrancy.userBalance (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#4) can be used in cross function reentrancies:\n\t- Reentrancy.addToBalance() (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#10-12)\n\t- Reentrancy.constructor() (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#15-23)\n\t- Reentrancy.getBalance(address) (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#6-8)\n\t- Reentrancy.withdrawBalance() (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#25-33)\n\t- Reentrancy.withdrawBalance_fixed() (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#35-44)\n\t- Reentrancy.withdrawBalance_fixed_2() (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#46-53)\n\t- Reentrancy.withdrawBalance_fixed_3() (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#55-64)\n", + "markdown": "Reentrancy in [Reentrancy.withdrawBalance()](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L25-L33):\n\tExternal calls:\n\t- [(ret,mem) = msg.sender.call{value: userBalance[msg.sender]}()](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L28)\n\tState variables written after the call(s):\n\t- [userBalance[msg.sender] = 0](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L32)\n\t[Reentrancy.userBalance](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L4) can be used in cross function reentrancies:\n\t- [Reentrancy.addToBalance()](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L10-L12)\n\t- [Reentrancy.constructor()](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L15-L23)\n\t- [Reentrancy.getBalance(address)](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L6-L8)\n\t- [Reentrancy.withdrawBalance()](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L25-L33)\n\t- [Reentrancy.withdrawBalance_fixed()](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L35-L44)\n\t- [Reentrancy.withdrawBalance_fixed_2()](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L46-L53)\n\t- [Reentrancy.withdrawBalance_fixed_3()](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L55-L64)\n", + "first_markdown_element": "tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L25-L33", + "id": "a20a04b25c124d64a595c2dec1a37f745f1594c4f0461622c558d66911ea5235", "check": "reentrancy-eth", "impact": "High", "confidence": "Medium" diff --git a/tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol.0.7.6.ReentrancyEth.json b/tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol.0.7.6.ReentrancyEth.json index 7907cfe64..7f45a528f 100644 --- a/tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol.0.7.6.ReentrancyEth.json +++ b/tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol.0.7.6.ReentrancyEth.json @@ -428,10 +428,10 @@ } } ], - "description": "Reentrancy in Reentrancy.withdraw(address) (tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#22-29):\n\tExternal calls:\n\t- require(bool)(Token(token).transfer(msg.sender,token_deposed[token][msg.sender])) (tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#24)\n\tExternal calls sending eth:\n\t- msg.sender.transfer(eth_deposed[token][msg.sender]) (tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#23)\n\tState variables written after the call(s):\n\t- eth_deposed[token][msg.sender] = 0 (tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#26)\n\tReentrancy.eth_deposed (tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#10) can be used in cross function reentrancies:\n\t- Reentrancy.withdraw(address) (tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#22-29)\n\t- Reentrancy.deposit_eth(address) (tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#13-15)\n\t- token_deposed[token][msg.sender] = 0 (tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#27)\n\tReentrancy.token_deposed (tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#11) can be used in cross function reentrancies:\n\t- Reentrancy.withdraw(address) (tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#22-29)\n\t- Reentrancy.deposit_token(address,uint256) (tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#17-20)\n", - "markdown": "Reentrancy in [Reentrancy.withdraw(address)](tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#L22-L29):\n\tExternal calls:\n\t- [require(bool)(Token(token).transfer(msg.sender,token_deposed[token][msg.sender]))](tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#L24)\n\tExternal calls sending eth:\n\t- [msg.sender.transfer(eth_deposed[token][msg.sender])](tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#L23)\n\tState variables written after the call(s):\n\t- [eth_deposed[token][msg.sender] = 0](tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#L26)\n\t[Reentrancy.eth_deposed](tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#L10) can be used in cross function reentrancies:\n\t- [Reentrancy.withdraw(address)](tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#L22-L29)\n\t- [Reentrancy.deposit_eth(address)](tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#L13-L15)\n\t- [token_deposed[token][msg.sender] = 0](tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#L27)\n\t[Reentrancy.token_deposed](tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#L11) can be used in cross function reentrancies:\n\t- [Reentrancy.withdraw(address)](tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#L22-L29)\n\t- [Reentrancy.deposit_token(address,uint256)](tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#L17-L20)\n", + "description": "Reentrancy in Reentrancy.withdraw(address) (tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#22-29):\n\tExternal calls:\n\t- require(bool)(Token(token).transfer(msg.sender,token_deposed[token][msg.sender])) (tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#24)\n\tExternal calls sending eth:\n\t- msg.sender.transfer(eth_deposed[token][msg.sender]) (tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#23)\n\tState variables written after the call(s):\n\t- eth_deposed[token][msg.sender] = 0 (tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#26)\n\tReentrancy.eth_deposed (tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#10) can be used in cross function reentrancies:\n\t- Reentrancy.deposit_eth(address) (tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#13-15)\n\t- Reentrancy.withdraw(address) (tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#22-29)\n\t- token_deposed[token][msg.sender] = 0 (tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#27)\n\tReentrancy.token_deposed (tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#11) can be used in cross function reentrancies:\n\t- Reentrancy.deposit_token(address,uint256) (tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#17-20)\n\t- Reentrancy.withdraw(address) (tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#22-29)\n", + "markdown": "Reentrancy in [Reentrancy.withdraw(address)](tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#L22-L29):\n\tExternal calls:\n\t- [require(bool)(Token(token).transfer(msg.sender,token_deposed[token][msg.sender]))](tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#L24)\n\tExternal calls sending eth:\n\t- [msg.sender.transfer(eth_deposed[token][msg.sender])](tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#L23)\n\tState variables written after the call(s):\n\t- [eth_deposed[token][msg.sender] = 0](tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#L26)\n\t[Reentrancy.eth_deposed](tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#L10) can be used in cross function reentrancies:\n\t- [Reentrancy.deposit_eth(address)](tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#L13-L15)\n\t- [Reentrancy.withdraw(address)](tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#L22-L29)\n\t- [token_deposed[token][msg.sender] = 0](tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#L27)\n\t[Reentrancy.token_deposed](tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#L11) can be used in cross function reentrancies:\n\t- [Reentrancy.deposit_token(address,uint256)](tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#L17-L20)\n\t- [Reentrancy.withdraw(address)](tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#L22-L29)\n", "first_markdown_element": "tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#L22-L29", - "id": "a84e723534171eddc7c9650042d0b8e9487490b61491df5e5faa8d91d5ce826f", + "id": "8aacbf836cda179a2f29017ba3fb238dbb3e88837efd207cd07622e5c746f56a", "check": "reentrancy-eth", "impact": "High", "confidence": "Medium" diff --git a/tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol.0.4.25.ReentrancyReadBeforeWritten.json b/tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol.0.4.25.ReentrancyReadBeforeWritten.json index c1cb8c22a..67304b3a5 100644 --- a/tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol.0.4.25.ReentrancyReadBeforeWritten.json +++ b/tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol.0.4.25.ReentrancyReadBeforeWritten.json @@ -4,25 +4,36 @@ "elements": [ { "type": "function", - "name": "transferFromWithoutReward", + "name": "retrieveDAOReward", "source_mapping": { - "start": 41743, - "length": 247, + "start": 39505, + "length": 735, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1112, - 1113, - 1114, - 1115, - 1116, - 1117, - 1118, - 1119, - 1120, - 1121 + 1037, + 1038, + 1039, + 1040, + 1041, + 1042, + 1043, + 1044, + 1045, + 1046, + 1047, + 1048, + 1049, + 1050, + 1051, + 1052, + 1053, + 1054, + 1055, + 1056, + 1057 ], "starting_column": 5, "ending_column": 6 @@ -574,47 +585,60 @@ "ending_column": 2 } }, - "signature": "transferFromWithoutReward(address,address,uint256)" + "signature": "retrieveDAOReward(bool)" } }, { "type": "node", - "name": "! withdrawRewardFor(_from)", + "name": "reward = (rewardToken[msg.sender] * DAOrewardAccount.accumulatedInput()) / totalRewardToken - DAOpaidOut[msg.sender]", "source_mapping": { - "start": 41890, - "length": 25, + "start": 39789, + "length": 145, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1118 + 1044, + 1045, + 1046 ], - "starting_column": 13, - "ending_column": 38 + "starting_column": 9, + "ending_column": 54 }, "type_specific_fields": { "parent": { "type": "function", - "name": "transferFromWithoutReward", + "name": "retrieveDAOReward", "source_mapping": { - "start": 41743, - "length": 247, + "start": 39505, + "length": 735, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1112, - 1113, - 1114, - 1115, - 1116, - 1117, - 1118, - 1119, - 1120, - 1121 + 1037, + 1038, + 1039, + 1040, + 1041, + 1042, + 1043, + 1044, + 1045, + 1046, + 1047, + 1048, + 1049, + 1050, + 1051, + 1052, + 1053, + 1054, + 1055, + 1056, + 1057 ], "starting_column": 5, "ending_column": 6 @@ -1166,7 +1190,7 @@ "ending_column": 2 } }, - "signature": "transferFromWithoutReward(address,address,uint256)" + "signature": "retrieveDAOReward(bool)" } } }, @@ -1176,43 +1200,53 @@ }, { "type": "node", - "name": "(balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply < paidOut[_account]", + "name": "! DAOrewardAccount.payOut(dao.rewardAccount(),reward)", "source_mapping": { - "start": 40461, - "length": 90, + "start": 39977, + "length": 53, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1065 + 1048 ], - "starting_column": 13, - "ending_column": 103 + "starting_column": 17, + "ending_column": 70 }, "type_specific_fields": { "parent": { "type": "function", - "name": "withdrawRewardFor", + "name": "retrieveDAOReward", "source_mapping": { - "start": 40361, - "length": 473, + "start": 39505, + "length": 735, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1064, - 1065, - 1066, - 1067, - 1068, - 1069, - 1070, - 1071, - 1072, - 1073, - 1074 + 1037, + 1038, + 1039, + 1040, + 1041, + 1042, + 1043, + 1044, + 1045, + 1046, + 1047, + 1048, + 1049, + 1050, + 1051, + 1052, + 1053, + 1054, + 1055, + 1056, + 1057 ], "starting_column": 5, "ending_column": 6 @@ -1764,54 +1798,63 @@ "ending_column": 2 } }, - "signature": "withdrawRewardFor(address)" + "signature": "retrieveDAOReward(bool)" } } }, "additional_fields": { - "underlying_type": "external_calls_sending_eth" + "underlying_type": "external_calls" } }, { "type": "node", - "name": "reward = (balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply - paidOut[_account]", + "name": "! DAOrewardAccount.payOut(dao,reward)", "source_mapping": { - "start": 40581, - "length": 116, + "start": 40100, + "length": 37, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1068, - 1069 + 1052 ], - "starting_column": 9, - "ending_column": 103 + "starting_column": 17, + "ending_column": 54 }, "type_specific_fields": { "parent": { "type": "function", - "name": "withdrawRewardFor", + "name": "retrieveDAOReward", "source_mapping": { - "start": 40361, - "length": 473, + "start": 39505, + "length": 735, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1064, - 1065, - 1066, - 1067, - 1068, - 1069, - 1070, - 1071, - 1072, - 1073, - 1074 + 1037, + 1038, + 1039, + 1040, + 1041, + 1042, + 1043, + 1044, + 1045, + 1046, + 1047, + 1048, + 1049, + 1050, + 1051, + 1052, + 1053, + 1054, + 1055, + 1056, + 1057 ], "starting_column": 5, "ending_column": 6 @@ -2363,53 +2406,63 @@ "ending_column": 2 } }, - "signature": "withdrawRewardFor(address)" + "signature": "retrieveDAOReward(bool)" } } }, "additional_fields": { - "underlying_type": "external_calls_sending_eth" + "underlying_type": "external_calls" } }, { "type": "node", - "name": "! rewardAccount.payOut(_account,reward)", + "name": "DAOpaidOut[msg.sender] += reward", "source_mapping": { - "start": 40711, - "length": 39, + "start": 40180, + "length": 32, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1070 + 1055 ], - "starting_column": 13, - "ending_column": 52 + "starting_column": 9, + "ending_column": 41 }, "type_specific_fields": { "parent": { "type": "function", - "name": "withdrawRewardFor", + "name": "retrieveDAOReward", "source_mapping": { - "start": 40361, - "length": 473, + "start": 39505, + "length": 735, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1064, - 1065, - 1066, - 1067, - 1068, - 1069, - 1070, - 1071, - 1072, - 1073, - 1074 + 1037, + 1038, + 1039, + 1040, + 1041, + 1042, + 1043, + 1044, + 1045, + 1046, + 1047, + 1048, + 1049, + 1050, + 1051, + 1052, + 1053, + 1054, + 1055, + 1056, + 1057 ], "starting_column": 5, "ending_column": 6 @@ -2961,6392 +3014,639 @@ "ending_column": 2 } }, - "signature": "withdrawRewardFor(address)" + "signature": "retrieveDAOReward(bool)" } } }, "additional_fields": { - "underlying_type": "external_calls_sending_eth" + "underlying_type": "variables_written", + "variable_name": "DAOpaidOut" } - }, + } + ], + "description": "Reentrancy in DAO.retrieveDAOReward(bool) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1037-1057):\n\tExternal calls:\n\t- reward = (rewardToken[msg.sender] * DAOrewardAccount.accumulatedInput()) / totalRewardToken - DAOpaidOut[msg.sender] (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1044-1046)\n\t- ! DAOrewardAccount.payOut(dao.rewardAccount(),reward) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1048)\n\t- ! DAOrewardAccount.payOut(dao,reward) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1052)\n\tState variables written after the call(s):\n\t- DAOpaidOut[msg.sender] += reward (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1055)\n\tDAOInterface.DAOpaidOut (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#423) can be used in cross function reentrancies:\n\t- DAOInterface.DAOpaidOut (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#423)\n\t- DAO.newContract(address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1022-1034)\n\t- DAO.retrieveDAOReward(bool) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1037-1057)\n\t- DAO.splitDAO(uint256,address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#947-1020)\n", + "markdown": "Reentrancy in [DAO.retrieveDAOReward(bool)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1037-L1057):\n\tExternal calls:\n\t- [reward = (rewardToken[msg.sender] * DAOrewardAccount.accumulatedInput()) / totalRewardToken - DAOpaidOut[msg.sender]](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1044-L1046)\n\t- [! DAOrewardAccount.payOut(dao.rewardAccount(),reward)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1048)\n\t- [! DAOrewardAccount.payOut(dao,reward)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1052)\n\tState variables written after the call(s):\n\t- [DAOpaidOut[msg.sender] += reward](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1055)\n\t[DAOInterface.DAOpaidOut](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L423) can be used in cross function reentrancies:\n\t- [DAOInterface.DAOpaidOut](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L423)\n\t- [DAO.newContract(address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1022-L1034)\n\t- [DAO.retrieveDAOReward(bool)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1037-L1057)\n\t- [DAO.splitDAO(uint256,address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L947-L1020)\n", + "first_markdown_element": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1037-L1057", + "id": "46f3602c51aa374d23e5b813ad0fe727cb1ea9b91d446c8e8eee0665554d8752", + "check": "reentrancy-no-eth", + "impact": "Medium", + "confidence": "Medium" + }, + { + "elements": [ { - "type": "node", - "name": "transferFrom(_from,_to,_value)", + "type": "function", + "name": "transferFromWithoutReward", "source_mapping": { - "start": 41944, - "length": 39, + "start": 41743, + "length": 247, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1120 + 1112, + 1113, + 1114, + 1115, + 1116, + 1117, + 1118, + 1119, + 1120, + 1121 ], - "starting_column": 9, - "ending_column": 48 + "starting_column": 5, + "ending_column": 6 }, "type_specific_fields": { "parent": { - "type": "function", - "name": "transferFromWithoutReward", + "type": "contract", + "name": "DAO", "source_mapping": { - "start": 41743, - "length": 247, + "start": 28296, + "length": 17108, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1112, - 1113, - 1114, - 1115, - 1116, - 1117, - 1118, - 1119, - 1120, - 1121 - ], - "starting_column": 5, - "ending_column": 6 - }, - "type_specific_fields": { - "parent": { - "type": "contract", - "name": "DAO", - "source_mapping": { - "start": 28296, - "length": 17108, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 694, - 695, - 696, - 697, - 698, - 699, - 700, - 701, - 702, - 703, - 704, - 705, - 706, - 707, - 708, - 709, - 710, - 711, - 712, - 713, - 714, - 715, - 716, - 717, - 718, - 719, - 720, - 721, - 722, - 723, - 724, - 725, - 726, - 727, - 728, - 729, - 730, - 731, - 732, - 733, - 734, - 735, - 736, - 737, - 738, - 739, - 740, - 741, - 742, - 743, - 744, - 745, - 746, - 747, - 748, - 749, - 750, - 751, - 752, - 753, - 754, - 755, - 756, - 757, - 758, - 759, - 760, - 761, - 762, - 763, - 764, - 765, - 766, - 767, - 768, - 769, - 770, - 771, - 772, - 773, - 774, - 775, - 776, - 777, - 778, - 779, - 780, - 781, - 782, - 783, - 784, - 785, - 786, - 787, - 788, - 789, - 790, - 791, - 792, - 793, - 794, - 795, - 796, - 797, - 798, - 799, - 800, - 801, - 802, - 803, - 804, - 805, - 806, - 807, - 808, - 809, - 810, - 811, - 812, - 813, - 814, - 815, - 816, - 817, - 818, - 819, - 820, - 821, - 822, - 823, - 824, - 825, - 826, - 827, - 828, - 829, - 830, - 831, - 832, - 833, - 834, - 835, - 836, - 837, - 838, - 839, - 840, - 841, - 842, - 843, - 844, - 845, - 846, - 847, - 848, - 849, - 850, - 851, - 852, - 853, - 854, - 855, - 856, - 857, - 858, - 859, - 860, - 861, - 862, - 863, - 864, - 865, - 866, - 867, - 868, - 869, - 870, - 871, - 872, - 873, - 874, - 875, - 876, - 877, - 878, - 879, - 880, - 881, - 882, - 883, - 884, - 885, - 886, - 887, - 888, - 889, - 890, - 891, - 892, - 893, - 894, - 895, - 896, - 897, - 898, - 899, - 900, - 901, - 902, - 903, - 904, - 905, - 906, - 907, - 908, - 909, - 910, - 911, - 912, - 913, - 914, - 915, - 916, - 917, - 918, - 919, - 920, - 921, - 922, - 923, - 924, - 925, - 926, - 927, - 928, - 929, - 930, - 931, - 932, - 933, - 934, - 935, - 936, - 937, - 938, - 939, - 940, - 941, - 942, - 943, - 944, - 945, - 946, - 947, - 948, - 949, - 950, - 951, - 952, - 953, - 954, - 955, - 956, - 957, - 958, - 959, - 960, - 961, - 962, - 963, - 964, - 965, - 966, - 967, - 968, - 969, - 970, - 971, - 972, - 973, - 974, - 975, - 976, - 977, - 978, - 979, - 980, - 981, - 982, - 983, - 984, - 985, - 986, - 987, - 988, - 989, - 990, - 991, - 992, - 993, - 994, - 995, - 996, - 997, - 998, - 999, - 1000, - 1001, - 1002, - 1003, - 1004, - 1005, - 1006, - 1007, - 1008, - 1009, - 1010, - 1011, - 1012, - 1013, - 1014, - 1015, - 1016, - 1017, - 1018, - 1019, - 1020, - 1021, - 1022, - 1023, - 1024, - 1025, - 1026, - 1027, - 1028, - 1029, - 1030, - 1031, - 1032, - 1033, - 1034, - 1035, - 1036, - 1037, - 1038, - 1039, - 1040, - 1041, - 1042, - 1043, - 1044, - 1045, - 1046, - 1047, - 1048, - 1049, - 1050, - 1051, - 1052, - 1053, - 1054, - 1055, - 1056, - 1057, - 1058, - 1059, - 1060, - 1061, - 1062, - 1063, - 1064, - 1065, - 1066, - 1067, - 1068, - 1069, - 1070, - 1071, - 1072, - 1073, - 1074, - 1075, - 1076, - 1077, - 1078, - 1079, - 1080, - 1081, - 1082, - 1083, - 1084, - 1085, - 1086, - 1087, - 1088, - 1089, - 1090, - 1091, - 1092, - 1093, - 1094, - 1095, - 1096, - 1097, - 1098, - 1099, - 1100, - 1101, - 1102, - 1103, - 1104, - 1105, - 1106, - 1107, - 1108, - 1109, - 1110, - 1111, - 1112, - 1113, - 1114, - 1115, - 1116, - 1117, - 1118, - 1119, - 1120, - 1121, - 1122, - 1123, - 1124, - 1125, - 1126, - 1127, - 1128, - 1129, - 1130, - 1131, - 1132, - 1133, - 1134, - 1135, - 1136, - 1137, - 1138, - 1139, - 1140, - 1141, - 1142, - 1143, - 1144, - 1145, - 1146, - 1147, - 1148, - 1149, - 1150, - 1151, - 1152, - 1153, - 1154, - 1155, - 1156, - 1157, - 1158, - 1159, - 1160, - 1161, - 1162, - 1163, - 1164, - 1165, - 1166, - 1167, - 1168, - 1169, - 1170, - 1171, - 1172, - 1173, - 1174, - 1175, - 1176, - 1177, - 1178, - 1179, - 1180, - 1181, - 1182, - 1183, - 1184, - 1185, - 1186, - 1187, - 1188, - 1189, - 1190, - 1191, - 1192, - 1193, - 1194, - 1195, - 1196, - 1197, - 1198, - 1199, - 1200, - 1201, - 1202, - 1203, - 1204, - 1205, - 1206, - 1207, - 1208, - 1209, - 1210, - 1211, - 1212, - 1213, - 1214, - 1215, - 1216, - 1217, - 1218, - 1219, - 1220, - 1221, - 1222, - 1223 - ], - "starting_column": 1, - "ending_column": 2 - } - }, - "signature": "transferFromWithoutReward(address,address,uint256)" - } - } - }, - "additional_fields": { - "underlying_type": "variables_written", - "variable_name": "balances" - } - }, - { - "type": "node", - "name": "balances[_to] += _amount", - "source_mapping": { - "start": 4393, - "length": 24, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 120 - ], - "starting_column": 13, - "ending_column": 37 - }, - "type_specific_fields": { - "parent": { - "type": "function", - "name": "transferFrom", - "source_mapping": { - "start": 4127, - "length": 509, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 110, - 111, - 112, - 113, - 114, - 115, - 116, - 117, - 118, - 119, - 120, - 121, - 122, - 123, - 124, - 125, - 126, - 127, - 128 - ], - "starting_column": 5, - "ending_column": 6 - }, - "type_specific_fields": { - "parent": { - "type": "contract", - "name": "Token", - "source_mapping": { - "start": 3440, - "length": 1550, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 90, - 91, - 92, - 93, - 94, - 95, - 96, - 97, - 98, - 99, - 100, - 101, - 102, - 103, - 104, - 105, - 106, - 107, - 108, - 109, - 110, - 111, - 112, - 113, - 114, - 115, - 116, - 117, - 118, - 119, - 120, - 121, - 122, - 123, - 124, - 125, - 126, - 127, - 128, - 129, - 130, - 131, - 132, - 133, - 134, - 135, - 136, - 137, - 138, - 139 - ], - "starting_column": 1, - "ending_column": 2 - } - }, - "signature": "transferFrom(address,address,uint256)" - } - } - }, - "additional_fields": { - "underlying_type": "variables_written", - "variable_name": "balances" - } - }, - { - "type": "node", - "name": "balances[_from] -= _amount", - "source_mapping": { - "start": 4431, - "length": 26, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 121 - ], - "starting_column": 13, - "ending_column": 39 - }, - "type_specific_fields": { - "parent": { - "type": "function", - "name": "transferFrom", - "source_mapping": { - "start": 4127, - "length": 509, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 110, - 111, - 112, - 113, - 114, - 115, - 116, - 117, - 118, - 119, - 120, - 121, - 122, - 123, - 124, - 125, - 126, - 127, - 128 - ], - "starting_column": 5, - "ending_column": 6 - }, - "type_specific_fields": { - "parent": { - "type": "contract", - "name": "Token", - "source_mapping": { - "start": 3440, - "length": 1550, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 90, - 91, - 92, - 93, - 94, - 95, - 96, - 97, - 98, - 99, - 100, - 101, - 102, - 103, - 104, - 105, - 106, - 107, - 108, - 109, - 110, - 111, - 112, - 113, - 114, - 115, - 116, - 117, - 118, - 119, - 120, - 121, - 122, - 123, - 124, - 125, - 126, - 127, - 128, - 129, - 130, - 131, - 132, - 133, - 134, - 135, - 136, - 137, - 138, - 139 - ], - "starting_column": 1, - "ending_column": 2 - } - }, - "signature": "transferFrom(address,address,uint256)" - } - } - }, - "additional_fields": { - "underlying_type": "variables_written", - "variable_name": "balances" - } - }, - { - "type": "node", - "name": "transferFrom(_from,_to,_value)", - "source_mapping": { - "start": 41944, - "length": 39, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 1120 - ], - "starting_column": 9, - "ending_column": 48 - }, - "type_specific_fields": { - "parent": { - "type": "function", - "name": "transferFromWithoutReward", - "source_mapping": { - "start": 41743, - "length": 247, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 1112, - 1113, - 1114, - 1115, - 1116, - 1117, - 1118, - 1119, - 1120, - 1121 - ], - "starting_column": 5, - "ending_column": 6 - }, - "type_specific_fields": { - "parent": { - "type": "contract", - "name": "DAO", - "source_mapping": { - "start": 28296, - "length": 17108, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 694, - 695, - 696, - 697, - 698, - 699, - 700, - 701, - 702, - 703, - 704, - 705, - 706, - 707, - 708, - 709, - 710, - 711, - 712, - 713, - 714, - 715, - 716, - 717, - 718, - 719, - 720, - 721, - 722, - 723, - 724, - 725, - 726, - 727, - 728, - 729, - 730, - 731, - 732, - 733, - 734, - 735, - 736, - 737, - 738, - 739, - 740, - 741, - 742, - 743, - 744, - 745, - 746, - 747, - 748, - 749, - 750, - 751, - 752, - 753, - 754, - 755, - 756, - 757, - 758, - 759, - 760, - 761, - 762, - 763, - 764, - 765, - 766, - 767, - 768, - 769, - 770, - 771, - 772, - 773, - 774, - 775, - 776, - 777, - 778, - 779, - 780, - 781, - 782, - 783, - 784, - 785, - 786, - 787, - 788, - 789, - 790, - 791, - 792, - 793, - 794, - 795, - 796, - 797, - 798, - 799, - 800, - 801, - 802, - 803, - 804, - 805, - 806, - 807, - 808, - 809, - 810, - 811, - 812, - 813, - 814, - 815, - 816, - 817, - 818, - 819, - 820, - 821, - 822, - 823, - 824, - 825, - 826, - 827, - 828, - 829, - 830, - 831, - 832, - 833, - 834, - 835, - 836, - 837, - 838, - 839, - 840, - 841, - 842, - 843, - 844, - 845, - 846, - 847, - 848, - 849, - 850, - 851, - 852, - 853, - 854, - 855, - 856, - 857, - 858, - 859, - 860, - 861, - 862, - 863, - 864, - 865, - 866, - 867, - 868, - 869, - 870, - 871, - 872, - 873, - 874, - 875, - 876, - 877, - 878, - 879, - 880, - 881, - 882, - 883, - 884, - 885, - 886, - 887, - 888, - 889, - 890, - 891, - 892, - 893, - 894, - 895, - 896, - 897, - 898, - 899, - 900, - 901, - 902, - 903, - 904, - 905, - 906, - 907, - 908, - 909, - 910, - 911, - 912, - 913, - 914, - 915, - 916, - 917, - 918, - 919, - 920, - 921, - 922, - 923, - 924, - 925, - 926, - 927, - 928, - 929, - 930, - 931, - 932, - 933, - 934, - 935, - 936, - 937, - 938, - 939, - 940, - 941, - 942, - 943, - 944, - 945, - 946, - 947, - 948, - 949, - 950, - 951, - 952, - 953, - 954, - 955, - 956, - 957, - 958, - 959, - 960, - 961, - 962, - 963, - 964, - 965, - 966, - 967, - 968, - 969, - 970, - 971, - 972, - 973, - 974, - 975, - 976, - 977, - 978, - 979, - 980, - 981, - 982, - 983, - 984, - 985, - 986, - 987, - 988, - 989, - 990, - 991, - 992, - 993, - 994, - 995, - 996, - 997, - 998, - 999, - 1000, - 1001, - 1002, - 1003, - 1004, - 1005, - 1006, - 1007, - 1008, - 1009, - 1010, - 1011, - 1012, - 1013, - 1014, - 1015, - 1016, - 1017, - 1018, - 1019, - 1020, - 1021, - 1022, - 1023, - 1024, - 1025, - 1026, - 1027, - 1028, - 1029, - 1030, - 1031, - 1032, - 1033, - 1034, - 1035, - 1036, - 1037, - 1038, - 1039, - 1040, - 1041, - 1042, - 1043, - 1044, - 1045, - 1046, - 1047, - 1048, - 1049, - 1050, - 1051, - 1052, - 1053, - 1054, - 1055, - 1056, - 1057, - 1058, - 1059, - 1060, - 1061, - 1062, - 1063, - 1064, - 1065, - 1066, - 1067, - 1068, - 1069, - 1070, - 1071, - 1072, - 1073, - 1074, - 1075, - 1076, - 1077, - 1078, - 1079, - 1080, - 1081, - 1082, - 1083, - 1084, - 1085, - 1086, - 1087, - 1088, - 1089, - 1090, - 1091, - 1092, - 1093, - 1094, - 1095, - 1096, - 1097, - 1098, - 1099, - 1100, - 1101, - 1102, - 1103, - 1104, - 1105, - 1106, - 1107, - 1108, - 1109, - 1110, - 1111, - 1112, - 1113, - 1114, - 1115, - 1116, - 1117, - 1118, - 1119, - 1120, - 1121, - 1122, - 1123, - 1124, - 1125, - 1126, - 1127, - 1128, - 1129, - 1130, - 1131, - 1132, - 1133, - 1134, - 1135, - 1136, - 1137, - 1138, - 1139, - 1140, - 1141, - 1142, - 1143, - 1144, - 1145, - 1146, - 1147, - 1148, - 1149, - 1150, - 1151, - 1152, - 1153, - 1154, - 1155, - 1156, - 1157, - 1158, - 1159, - 1160, - 1161, - 1162, - 1163, - 1164, - 1165, - 1166, - 1167, - 1168, - 1169, - 1170, - 1171, - 1172, - 1173, - 1174, - 1175, - 1176, - 1177, - 1178, - 1179, - 1180, - 1181, - 1182, - 1183, - 1184, - 1185, - 1186, - 1187, - 1188, - 1189, - 1190, - 1191, - 1192, - 1193, - 1194, - 1195, - 1196, - 1197, - 1198, - 1199, - 1200, - 1201, - 1202, - 1203, - 1204, - 1205, - 1206, - 1207, - 1208, - 1209, - 1210, - 1211, - 1212, - 1213, - 1214, - 1215, - 1216, - 1217, - 1218, - 1219, - 1220, - 1221, - 1222, - 1223 - ], - "starting_column": 1, - "ending_column": 2 - } - }, - "signature": "transferFromWithoutReward(address,address,uint256)" - } - } - }, - "additional_fields": { - "underlying_type": "variables_written", - "variable_name": "paidOut" - } - }, - { - "type": "node", - "name": "paidOut[_from] -= transferPaidOut", - "source_mapping": { - "start": 42279, - "length": 33, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 1133 - ], - "starting_column": 9, - "ending_column": 42 - }, - "type_specific_fields": { - "parent": { - "type": "function", - "name": "transferPaidOut", - "source_mapping": { - "start": 41997, - "length": 384, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 1124, - 1125, - 1126, - 1127, - 1128, - 1129, - 1130, - 1131, - 1132, - 1133, - 1134, - 1135, - 1136 - ], - "starting_column": 5, - "ending_column": 6 - }, - "type_specific_fields": { - "parent": { - "type": "contract", - "name": "DAO", - "source_mapping": { - "start": 28296, - "length": 17108, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 694, - 695, - 696, - 697, - 698, - 699, - 700, - 701, - 702, - 703, - 704, - 705, - 706, - 707, - 708, - 709, - 710, - 711, - 712, - 713, - 714, - 715, - 716, - 717, - 718, - 719, - 720, - 721, - 722, - 723, - 724, - 725, - 726, - 727, - 728, - 729, - 730, - 731, - 732, - 733, - 734, - 735, - 736, - 737, - 738, - 739, - 740, - 741, - 742, - 743, - 744, - 745, - 746, - 747, - 748, - 749, - 750, - 751, - 752, - 753, - 754, - 755, - 756, - 757, - 758, - 759, - 760, - 761, - 762, - 763, - 764, - 765, - 766, - 767, - 768, - 769, - 770, - 771, - 772, - 773, - 774, - 775, - 776, - 777, - 778, - 779, - 780, - 781, - 782, - 783, - 784, - 785, - 786, - 787, - 788, - 789, - 790, - 791, - 792, - 793, - 794, - 795, - 796, - 797, - 798, - 799, - 800, - 801, - 802, - 803, - 804, - 805, - 806, - 807, - 808, - 809, - 810, - 811, - 812, - 813, - 814, - 815, - 816, - 817, - 818, - 819, - 820, - 821, - 822, - 823, - 824, - 825, - 826, - 827, - 828, - 829, - 830, - 831, - 832, - 833, - 834, - 835, - 836, - 837, - 838, - 839, - 840, - 841, - 842, - 843, - 844, - 845, - 846, - 847, - 848, - 849, - 850, - 851, - 852, - 853, - 854, - 855, - 856, - 857, - 858, - 859, - 860, - 861, - 862, - 863, - 864, - 865, - 866, - 867, - 868, - 869, - 870, - 871, - 872, - 873, - 874, - 875, - 876, - 877, - 878, - 879, - 880, - 881, - 882, - 883, - 884, - 885, - 886, - 887, - 888, - 889, - 890, - 891, - 892, - 893, - 894, - 895, - 896, - 897, - 898, - 899, - 900, - 901, - 902, - 903, - 904, - 905, - 906, - 907, - 908, - 909, - 910, - 911, - 912, - 913, - 914, - 915, - 916, - 917, - 918, - 919, - 920, - 921, - 922, - 923, - 924, - 925, - 926, - 927, - 928, - 929, - 930, - 931, - 932, - 933, - 934, - 935, - 936, - 937, - 938, - 939, - 940, - 941, - 942, - 943, - 944, - 945, - 946, - 947, - 948, - 949, - 950, - 951, - 952, - 953, - 954, - 955, - 956, - 957, - 958, - 959, - 960, - 961, - 962, - 963, - 964, - 965, - 966, - 967, - 968, - 969, - 970, - 971, - 972, - 973, - 974, - 975, - 976, - 977, - 978, - 979, - 980, - 981, - 982, - 983, - 984, - 985, - 986, - 987, - 988, - 989, - 990, - 991, - 992, - 993, - 994, - 995, - 996, - 997, - 998, - 999, - 1000, - 1001, - 1002, - 1003, - 1004, - 1005, - 1006, - 1007, - 1008, - 1009, - 1010, - 1011, - 1012, - 1013, - 1014, - 1015, - 1016, - 1017, - 1018, - 1019, - 1020, - 1021, - 1022, - 1023, - 1024, - 1025, - 1026, - 1027, - 1028, - 1029, - 1030, - 1031, - 1032, - 1033, - 1034, - 1035, - 1036, - 1037, - 1038, - 1039, - 1040, - 1041, - 1042, - 1043, - 1044, - 1045, - 1046, - 1047, - 1048, - 1049, - 1050, - 1051, - 1052, - 1053, - 1054, - 1055, - 1056, - 1057, - 1058, - 1059, - 1060, - 1061, - 1062, - 1063, - 1064, - 1065, - 1066, - 1067, - 1068, - 1069, - 1070, - 1071, - 1072, - 1073, - 1074, - 1075, - 1076, - 1077, - 1078, - 1079, - 1080, - 1081, - 1082, - 1083, - 1084, - 1085, - 1086, - 1087, - 1088, - 1089, - 1090, - 1091, - 1092, - 1093, - 1094, - 1095, - 1096, - 1097, - 1098, - 1099, - 1100, - 1101, - 1102, - 1103, - 1104, - 1105, - 1106, - 1107, - 1108, - 1109, - 1110, - 1111, - 1112, - 1113, - 1114, - 1115, - 1116, - 1117, - 1118, - 1119, - 1120, - 1121, - 1122, - 1123, - 1124, - 1125, - 1126, - 1127, - 1128, - 1129, - 1130, - 1131, - 1132, - 1133, - 1134, - 1135, - 1136, - 1137, - 1138, - 1139, - 1140, - 1141, - 1142, - 1143, - 1144, - 1145, - 1146, - 1147, - 1148, - 1149, - 1150, - 1151, - 1152, - 1153, - 1154, - 1155, - 1156, - 1157, - 1158, - 1159, - 1160, - 1161, - 1162, - 1163, - 1164, - 1165, - 1166, - 1167, - 1168, - 1169, - 1170, - 1171, - 1172, - 1173, - 1174, - 1175, - 1176, - 1177, - 1178, - 1179, - 1180, - 1181, - 1182, - 1183, - 1184, - 1185, - 1186, - 1187, - 1188, - 1189, - 1190, - 1191, - 1192, - 1193, - 1194, - 1195, - 1196, - 1197, - 1198, - 1199, - 1200, - 1201, - 1202, - 1203, - 1204, - 1205, - 1206, - 1207, - 1208, - 1209, - 1210, - 1211, - 1212, - 1213, - 1214, - 1215, - 1216, - 1217, - 1218, - 1219, - 1220, - 1221, - 1222, - 1223 - ], - "starting_column": 1, - "ending_column": 2 - } - }, - "signature": "transferPaidOut(address,address,uint256)" - } - } - }, - "additional_fields": { - "underlying_type": "variables_written", - "variable_name": "paidOut" - } - }, - { - "type": "node", - "name": "paidOut[_to] += transferPaidOut", - "source_mapping": { - "start": 42322, - "length": 31, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 1134 - ], - "starting_column": 9, - "ending_column": 40 - }, - "type_specific_fields": { - "parent": { - "type": "function", - "name": "transferPaidOut", - "source_mapping": { - "start": 41997, - "length": 384, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 1124, - 1125, - 1126, - 1127, - 1128, - 1129, - 1130, - 1131, - 1132, - 1133, - 1134, - 1135, - 1136 - ], - "starting_column": 5, - "ending_column": 6 - }, - "type_specific_fields": { - "parent": { - "type": "contract", - "name": "DAO", - "source_mapping": { - "start": 28296, - "length": 17108, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 694, - 695, - 696, - 697, - 698, - 699, - 700, - 701, - 702, - 703, - 704, - 705, - 706, - 707, - 708, - 709, - 710, - 711, - 712, - 713, - 714, - 715, - 716, - 717, - 718, - 719, - 720, - 721, - 722, - 723, - 724, - 725, - 726, - 727, - 728, - 729, - 730, - 731, - 732, - 733, - 734, - 735, - 736, - 737, - 738, - 739, - 740, - 741, - 742, - 743, - 744, - 745, - 746, - 747, - 748, - 749, - 750, - 751, - 752, - 753, - 754, - 755, - 756, - 757, - 758, - 759, - 760, - 761, - 762, - 763, - 764, - 765, - 766, - 767, - 768, - 769, - 770, - 771, - 772, - 773, - 774, - 775, - 776, - 777, - 778, - 779, - 780, - 781, - 782, - 783, - 784, - 785, - 786, - 787, - 788, - 789, - 790, - 791, - 792, - 793, - 794, - 795, - 796, - 797, - 798, - 799, - 800, - 801, - 802, - 803, - 804, - 805, - 806, - 807, - 808, - 809, - 810, - 811, - 812, - 813, - 814, - 815, - 816, - 817, - 818, - 819, - 820, - 821, - 822, - 823, - 824, - 825, - 826, - 827, - 828, - 829, - 830, - 831, - 832, - 833, - 834, - 835, - 836, - 837, - 838, - 839, - 840, - 841, - 842, - 843, - 844, - 845, - 846, - 847, - 848, - 849, - 850, - 851, - 852, - 853, - 854, - 855, - 856, - 857, - 858, - 859, - 860, - 861, - 862, - 863, - 864, - 865, - 866, - 867, - 868, - 869, - 870, - 871, - 872, - 873, - 874, - 875, - 876, - 877, - 878, - 879, - 880, - 881, - 882, - 883, - 884, - 885, - 886, - 887, - 888, - 889, - 890, - 891, - 892, - 893, - 894, - 895, - 896, - 897, - 898, - 899, - 900, - 901, - 902, - 903, - 904, - 905, - 906, - 907, - 908, - 909, - 910, - 911, - 912, - 913, - 914, - 915, - 916, - 917, - 918, - 919, - 920, - 921, - 922, - 923, - 924, - 925, - 926, - 927, - 928, - 929, - 930, - 931, - 932, - 933, - 934, - 935, - 936, - 937, - 938, - 939, - 940, - 941, - 942, - 943, - 944, - 945, - 946, - 947, - 948, - 949, - 950, - 951, - 952, - 953, - 954, - 955, - 956, - 957, - 958, - 959, - 960, - 961, - 962, - 963, - 964, - 965, - 966, - 967, - 968, - 969, - 970, - 971, - 972, - 973, - 974, - 975, - 976, - 977, - 978, - 979, - 980, - 981, - 982, - 983, - 984, - 985, - 986, - 987, - 988, - 989, - 990, - 991, - 992, - 993, - 994, - 995, - 996, - 997, - 998, - 999, - 1000, - 1001, - 1002, - 1003, - 1004, - 1005, - 1006, - 1007, - 1008, - 1009, - 1010, - 1011, - 1012, - 1013, - 1014, - 1015, - 1016, - 1017, - 1018, - 1019, - 1020, - 1021, - 1022, - 1023, - 1024, - 1025, - 1026, - 1027, - 1028, - 1029, - 1030, - 1031, - 1032, - 1033, - 1034, - 1035, - 1036, - 1037, - 1038, - 1039, - 1040, - 1041, - 1042, - 1043, - 1044, - 1045, - 1046, - 1047, - 1048, - 1049, - 1050, - 1051, - 1052, - 1053, - 1054, - 1055, - 1056, - 1057, - 1058, - 1059, - 1060, - 1061, - 1062, - 1063, - 1064, - 1065, - 1066, - 1067, - 1068, - 1069, - 1070, - 1071, - 1072, - 1073, - 1074, - 1075, - 1076, - 1077, - 1078, - 1079, - 1080, - 1081, - 1082, - 1083, - 1084, - 1085, - 1086, - 1087, - 1088, - 1089, - 1090, - 1091, - 1092, - 1093, - 1094, - 1095, - 1096, - 1097, - 1098, - 1099, - 1100, - 1101, - 1102, - 1103, - 1104, - 1105, - 1106, - 1107, - 1108, - 1109, - 1110, - 1111, - 1112, - 1113, - 1114, - 1115, - 1116, - 1117, - 1118, - 1119, - 1120, - 1121, - 1122, - 1123, - 1124, - 1125, - 1126, - 1127, - 1128, - 1129, - 1130, - 1131, - 1132, - 1133, - 1134, - 1135, - 1136, - 1137, - 1138, - 1139, - 1140, - 1141, - 1142, - 1143, - 1144, - 1145, - 1146, - 1147, - 1148, - 1149, - 1150, - 1151, - 1152, - 1153, - 1154, - 1155, - 1156, - 1157, - 1158, - 1159, - 1160, - 1161, - 1162, - 1163, - 1164, - 1165, - 1166, - 1167, - 1168, - 1169, - 1170, - 1171, - 1172, - 1173, - 1174, - 1175, - 1176, - 1177, - 1178, - 1179, - 1180, - 1181, - 1182, - 1183, - 1184, - 1185, - 1186, - 1187, - 1188, - 1189, - 1190, - 1191, - 1192, - 1193, - 1194, - 1195, - 1196, - 1197, - 1198, - 1199, - 1200, - 1201, - 1202, - 1203, - 1204, - 1205, - 1206, - 1207, - 1208, - 1209, - 1210, - 1211, - 1212, - 1213, - 1214, - 1215, - 1216, - 1217, - 1218, - 1219, - 1220, - 1221, - 1222, - 1223 - ], - "starting_column": 1, - "ending_column": 2 - } - }, - "signature": "transferPaidOut(address,address,uint256)" - } - } - }, - "additional_fields": { - "underlying_type": "variables_written", - "variable_name": "paidOut" - } - } - ], - "description": "Reentrancy in DAO.transferFromWithoutReward(address,address,uint256) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1112-1121):\n\tExternal calls:\n\t- ! withdrawRewardFor(_from) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1118)\n\t\t- (balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply < paidOut[_account] (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1065)\n\t\t- reward = (balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply - paidOut[_account] (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1068-1069)\n\t\t- ! rewardAccount.payOut(_account,reward) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1070)\n\tState variables written after the call(s):\n\t- transferFrom(_from,_to,_value) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1120)\n\t\t- balances[_to] += _amount (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#120)\n\t\t- balances[_from] -= _amount (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#121)\n\tTokenInterface.balances (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#41) can be used in cross function reentrancies:\n\t- Token.transfer(address,uint256) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#99-108)\n\t- TokenCreation.createTokenProxy(address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#299-316)\n\t- DAO.splitDAO(uint256,address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#947-1020)\n\t- DAO.vote(uint256,bool) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#820-850)\n\t- Token.balanceOf(address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#95-97)\n\t- TokenCreation.refund() (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#318-332)\n\t- Token.transferFrom(address,address,uint256) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#110-128)\n\t- transferFrom(_from,_to,_value) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1120)\n\t\t- paidOut[_from] -= transferPaidOut (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1133)\n\t\t- paidOut[_to] += transferPaidOut (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1134)\n\tDAOInterface.paidOut (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#426) can be used in cross function reentrancies:\n\t- DAO.splitDAO(uint256,address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#947-1020)\n\t- DAO.transferPaidOut(address,address,uint256) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1124-1136)\n\t- DAO.withdrawRewardFor(address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1064-1074)\n\t- DAOInterface.paidOut (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#426)\n", - "markdown": "Reentrancy in [DAO.transferFromWithoutReward(address,address,uint256)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1112-L1121):\n\tExternal calls:\n\t- [! withdrawRewardFor(_from)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1118)\n\t\t- [(balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply < paidOut[_account]](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1065)\n\t\t- [reward = (balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply - paidOut[_account]](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1068-L1069)\n\t\t- [! rewardAccount.payOut(_account,reward)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1070)\n\tState variables written after the call(s):\n\t- [transferFrom(_from,_to,_value)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1120)\n\t\t- [balances[_to] += _amount](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L120)\n\t\t- [balances[_from] -= _amount](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L121)\n\t[TokenInterface.balances](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L41) can be used in cross function reentrancies:\n\t- [Token.transfer(address,uint256)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L99-L108)\n\t- [TokenCreation.createTokenProxy(address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L299-L316)\n\t- [DAO.splitDAO(uint256,address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L947-L1020)\n\t- [DAO.vote(uint256,bool)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L820-L850)\n\t- [Token.balanceOf(address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L95-L97)\n\t- [TokenCreation.refund()](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L318-L332)\n\t- [Token.transferFrom(address,address,uint256)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L110-L128)\n\t- [transferFrom(_from,_to,_value)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1120)\n\t\t- [paidOut[_from] -= transferPaidOut](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1133)\n\t\t- [paidOut[_to] += transferPaidOut](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1134)\n\t[DAOInterface.paidOut](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L426) can be used in cross function reentrancies:\n\t- [DAO.splitDAO(uint256,address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L947-L1020)\n\t- [DAO.transferPaidOut(address,address,uint256)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1124-L1136)\n\t- [DAO.withdrawRewardFor(address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1064-L1074)\n\t- [DAOInterface.paidOut](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L426)\n", - "first_markdown_element": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1112-L1121", - "id": "216c6ec9fc52ceccdc93f86ce1142188621b5ccc6937a763a63769017613d894", - "check": "reentrancy-no-eth", - "impact": "Medium", - "confidence": "Medium" - }, - { - "elements": [ - { - "type": "function", - "name": "withdrawRewardFor", - "source_mapping": { - "start": 40361, - "length": 473, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 1064, - 1065, - 1066, - 1067, - 1068, - 1069, - 1070, - 1071, - 1072, - 1073, - 1074 - ], - "starting_column": 5, - "ending_column": 6 - }, - "type_specific_fields": { - "parent": { - "type": "contract", - "name": "DAO", - "source_mapping": { - "start": 28296, - "length": 17108, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 694, - 695, - 696, - 697, - 698, - 699, - 700, - 701, - 702, - 703, - 704, - 705, - 706, - 707, - 708, - 709, - 710, - 711, - 712, - 713, - 714, - 715, - 716, - 717, - 718, - 719, - 720, - 721, - 722, - 723, - 724, - 725, - 726, - 727, - 728, - 729, - 730, - 731, - 732, - 733, - 734, - 735, - 736, - 737, - 738, - 739, - 740, - 741, - 742, - 743, - 744, - 745, - 746, - 747, - 748, - 749, - 750, - 751, - 752, - 753, - 754, - 755, - 756, - 757, - 758, - 759, - 760, - 761, - 762, - 763, - 764, - 765, - 766, - 767, - 768, - 769, - 770, - 771, - 772, - 773, - 774, - 775, - 776, - 777, - 778, - 779, - 780, - 781, - 782, - 783, - 784, - 785, - 786, - 787, - 788, - 789, - 790, - 791, - 792, - 793, - 794, - 795, - 796, - 797, - 798, - 799, - 800, - 801, - 802, - 803, - 804, - 805, - 806, - 807, - 808, - 809, - 810, - 811, - 812, - 813, - 814, - 815, - 816, - 817, - 818, - 819, - 820, - 821, - 822, - 823, - 824, - 825, - 826, - 827, - 828, - 829, - 830, - 831, - 832, - 833, - 834, - 835, - 836, - 837, - 838, - 839, - 840, - 841, - 842, - 843, - 844, - 845, - 846, - 847, - 848, - 849, - 850, - 851, - 852, - 853, - 854, - 855, - 856, - 857, - 858, - 859, - 860, - 861, - 862, - 863, - 864, - 865, - 866, - 867, - 868, - 869, - 870, - 871, - 872, - 873, - 874, - 875, - 876, - 877, - 878, - 879, - 880, - 881, - 882, - 883, - 884, - 885, - 886, - 887, - 888, - 889, - 890, - 891, - 892, - 893, - 894, - 895, - 896, - 897, - 898, - 899, - 900, - 901, - 902, - 903, - 904, - 905, - 906, - 907, - 908, - 909, - 910, - 911, - 912, - 913, - 914, - 915, - 916, - 917, - 918, - 919, - 920, - 921, - 922, - 923, - 924, - 925, - 926, - 927, - 928, - 929, - 930, - 931, - 932, - 933, - 934, - 935, - 936, - 937, - 938, - 939, - 940, - 941, - 942, - 943, - 944, - 945, - 946, - 947, - 948, - 949, - 950, - 951, - 952, - 953, - 954, - 955, - 956, - 957, - 958, - 959, - 960, - 961, - 962, - 963, - 964, - 965, - 966, - 967, - 968, - 969, - 970, - 971, - 972, - 973, - 974, - 975, - 976, - 977, - 978, - 979, - 980, - 981, - 982, - 983, - 984, - 985, - 986, - 987, - 988, - 989, - 990, - 991, - 992, - 993, - 994, - 995, - 996, - 997, - 998, - 999, - 1000, - 1001, - 1002, - 1003, - 1004, - 1005, - 1006, - 1007, - 1008, - 1009, - 1010, - 1011, - 1012, - 1013, - 1014, - 1015, - 1016, - 1017, - 1018, - 1019, - 1020, - 1021, - 1022, - 1023, - 1024, - 1025, - 1026, - 1027, - 1028, - 1029, - 1030, - 1031, - 1032, - 1033, - 1034, - 1035, - 1036, - 1037, - 1038, - 1039, - 1040, - 1041, - 1042, - 1043, - 1044, - 1045, - 1046, - 1047, - 1048, - 1049, - 1050, - 1051, - 1052, - 1053, - 1054, - 1055, - 1056, - 1057, - 1058, - 1059, - 1060, - 1061, - 1062, - 1063, - 1064, - 1065, - 1066, - 1067, - 1068, - 1069, - 1070, - 1071, - 1072, - 1073, - 1074, - 1075, - 1076, - 1077, - 1078, - 1079, - 1080, - 1081, - 1082, - 1083, - 1084, - 1085, - 1086, - 1087, - 1088, - 1089, - 1090, - 1091, - 1092, - 1093, - 1094, - 1095, - 1096, - 1097, - 1098, - 1099, - 1100, - 1101, - 1102, - 1103, - 1104, - 1105, - 1106, - 1107, - 1108, - 1109, - 1110, - 1111, - 1112, - 1113, - 1114, - 1115, - 1116, - 1117, - 1118, - 1119, - 1120, - 1121, - 1122, - 1123, - 1124, - 1125, - 1126, - 1127, - 1128, - 1129, - 1130, - 1131, - 1132, - 1133, - 1134, - 1135, - 1136, - 1137, - 1138, - 1139, - 1140, - 1141, - 1142, - 1143, - 1144, - 1145, - 1146, - 1147, - 1148, - 1149, - 1150, - 1151, - 1152, - 1153, - 1154, - 1155, - 1156, - 1157, - 1158, - 1159, - 1160, - 1161, - 1162, - 1163, - 1164, - 1165, - 1166, - 1167, - 1168, - 1169, - 1170, - 1171, - 1172, - 1173, - 1174, - 1175, - 1176, - 1177, - 1178, - 1179, - 1180, - 1181, - 1182, - 1183, - 1184, - 1185, - 1186, - 1187, - 1188, - 1189, - 1190, - 1191, - 1192, - 1193, - 1194, - 1195, - 1196, - 1197, - 1198, - 1199, - 1200, - 1201, - 1202, - 1203, - 1204, - 1205, - 1206, - 1207, - 1208, - 1209, - 1210, - 1211, - 1212, - 1213, - 1214, - 1215, - 1216, - 1217, - 1218, - 1219, - 1220, - 1221, - 1222, - 1223 - ], - "starting_column": 1, - "ending_column": 2 - } - }, - "signature": "withdrawRewardFor(address)" - } - }, - { - "type": "node", - "name": "reward = (balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply - paidOut[_account]", - "source_mapping": { - "start": 40581, - "length": 116, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 1068, - 1069 - ], - "starting_column": 9, - "ending_column": 103 - }, - "type_specific_fields": { - "parent": { - "type": "function", - "name": "withdrawRewardFor", - "source_mapping": { - "start": 40361, - "length": 473, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 1064, - 1065, - 1066, - 1067, - 1068, - 1069, - 1070, - 1071, - 1072, - 1073, - 1074 - ], - "starting_column": 5, - "ending_column": 6 - }, - "type_specific_fields": { - "parent": { - "type": "contract", - "name": "DAO", - "source_mapping": { - "start": 28296, - "length": 17108, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 694, - 695, - 696, - 697, - 698, - 699, - 700, - 701, - 702, - 703, - 704, - 705, - 706, - 707, - 708, - 709, - 710, - 711, - 712, - 713, - 714, - 715, - 716, - 717, - 718, - 719, - 720, - 721, - 722, - 723, - 724, - 725, - 726, - 727, - 728, - 729, - 730, - 731, - 732, - 733, - 734, - 735, - 736, - 737, - 738, - 739, - 740, - 741, - 742, - 743, - 744, - 745, - 746, - 747, - 748, - 749, - 750, - 751, - 752, - 753, - 754, - 755, - 756, - 757, - 758, - 759, - 760, - 761, - 762, - 763, - 764, - 765, - 766, - 767, - 768, - 769, - 770, - 771, - 772, - 773, - 774, - 775, - 776, - 777, - 778, - 779, - 780, - 781, - 782, - 783, - 784, - 785, - 786, - 787, - 788, - 789, - 790, - 791, - 792, - 793, - 794, - 795, - 796, - 797, - 798, - 799, - 800, - 801, - 802, - 803, - 804, - 805, - 806, - 807, - 808, - 809, - 810, - 811, - 812, - 813, - 814, - 815, - 816, - 817, - 818, - 819, - 820, - 821, - 822, - 823, - 824, - 825, - 826, - 827, - 828, - 829, - 830, - 831, - 832, - 833, - 834, - 835, - 836, - 837, - 838, - 839, - 840, - 841, - 842, - 843, - 844, - 845, - 846, - 847, - 848, - 849, - 850, - 851, - 852, - 853, - 854, - 855, - 856, - 857, - 858, - 859, - 860, - 861, - 862, - 863, - 864, - 865, - 866, - 867, - 868, - 869, - 870, - 871, - 872, - 873, - 874, - 875, - 876, - 877, - 878, - 879, - 880, - 881, - 882, - 883, - 884, - 885, - 886, - 887, - 888, - 889, - 890, - 891, - 892, - 893, - 894, - 895, - 896, - 897, - 898, - 899, - 900, - 901, - 902, - 903, - 904, - 905, - 906, - 907, - 908, - 909, - 910, - 911, - 912, - 913, - 914, - 915, - 916, - 917, - 918, - 919, - 920, - 921, - 922, - 923, - 924, - 925, - 926, - 927, - 928, - 929, - 930, - 931, - 932, - 933, - 934, - 935, - 936, - 937, - 938, - 939, - 940, - 941, - 942, - 943, - 944, - 945, - 946, - 947, - 948, - 949, - 950, - 951, - 952, - 953, - 954, - 955, - 956, - 957, - 958, - 959, - 960, - 961, - 962, - 963, - 964, - 965, - 966, - 967, - 968, - 969, - 970, - 971, - 972, - 973, - 974, - 975, - 976, - 977, - 978, - 979, - 980, - 981, - 982, - 983, - 984, - 985, - 986, - 987, - 988, - 989, - 990, - 991, - 992, - 993, - 994, - 995, - 996, - 997, - 998, - 999, - 1000, - 1001, - 1002, - 1003, - 1004, - 1005, - 1006, - 1007, - 1008, - 1009, - 1010, - 1011, - 1012, - 1013, - 1014, - 1015, - 1016, - 1017, - 1018, - 1019, - 1020, - 1021, - 1022, - 1023, - 1024, - 1025, - 1026, - 1027, - 1028, - 1029, - 1030, - 1031, - 1032, - 1033, - 1034, - 1035, - 1036, - 1037, - 1038, - 1039, - 1040, - 1041, - 1042, - 1043, - 1044, - 1045, - 1046, - 1047, - 1048, - 1049, - 1050, - 1051, - 1052, - 1053, - 1054, - 1055, - 1056, - 1057, - 1058, - 1059, - 1060, - 1061, - 1062, - 1063, - 1064, - 1065, - 1066, - 1067, - 1068, - 1069, - 1070, - 1071, - 1072, - 1073, - 1074, - 1075, - 1076, - 1077, - 1078, - 1079, - 1080, - 1081, - 1082, - 1083, - 1084, - 1085, - 1086, - 1087, - 1088, - 1089, - 1090, - 1091, - 1092, - 1093, - 1094, - 1095, - 1096, - 1097, - 1098, - 1099, - 1100, - 1101, - 1102, - 1103, - 1104, - 1105, - 1106, - 1107, - 1108, - 1109, - 1110, - 1111, - 1112, - 1113, - 1114, - 1115, - 1116, - 1117, - 1118, - 1119, - 1120, - 1121, - 1122, - 1123, - 1124, - 1125, - 1126, - 1127, - 1128, - 1129, - 1130, - 1131, - 1132, - 1133, - 1134, - 1135, - 1136, - 1137, - 1138, - 1139, - 1140, - 1141, - 1142, - 1143, - 1144, - 1145, - 1146, - 1147, - 1148, - 1149, - 1150, - 1151, - 1152, - 1153, - 1154, - 1155, - 1156, - 1157, - 1158, - 1159, - 1160, - 1161, - 1162, - 1163, - 1164, - 1165, - 1166, - 1167, - 1168, - 1169, - 1170, - 1171, - 1172, - 1173, - 1174, - 1175, - 1176, - 1177, - 1178, - 1179, - 1180, - 1181, - 1182, - 1183, - 1184, - 1185, - 1186, - 1187, - 1188, - 1189, - 1190, - 1191, - 1192, - 1193, - 1194, - 1195, - 1196, - 1197, - 1198, - 1199, - 1200, - 1201, - 1202, - 1203, - 1204, - 1205, - 1206, - 1207, - 1208, - 1209, - 1210, - 1211, - 1212, - 1213, - 1214, - 1215, - 1216, - 1217, - 1218, - 1219, - 1220, - 1221, - 1222, - 1223 - ], - "starting_column": 1, - "ending_column": 2 - } - }, - "signature": "withdrawRewardFor(address)" - } - } - }, - "additional_fields": { - "underlying_type": "external_calls" - } - }, - { - "type": "node", - "name": "! rewardAccount.payOut(_account,reward)", - "source_mapping": { - "start": 40711, - "length": 39, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 1070 - ], - "starting_column": 13, - "ending_column": 52 - }, - "type_specific_fields": { - "parent": { - "type": "function", - "name": "withdrawRewardFor", - "source_mapping": { - "start": 40361, - "length": 473, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 1064, - 1065, - 1066, - 1067, - 1068, - 1069, - 1070, - 1071, - 1072, - 1073, - 1074 - ], - "starting_column": 5, - "ending_column": 6 - }, - "type_specific_fields": { - "parent": { - "type": "contract", - "name": "DAO", - "source_mapping": { - "start": 28296, - "length": 17108, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 694, - 695, - 696, - 697, - 698, - 699, - 700, - 701, - 702, - 703, - 704, - 705, - 706, - 707, - 708, - 709, - 710, - 711, - 712, - 713, - 714, - 715, - 716, - 717, - 718, - 719, - 720, - 721, - 722, - 723, - 724, - 725, - 726, - 727, - 728, - 729, - 730, - 731, - 732, - 733, - 734, - 735, - 736, - 737, - 738, - 739, - 740, - 741, - 742, - 743, - 744, - 745, - 746, - 747, - 748, - 749, - 750, - 751, - 752, - 753, - 754, - 755, - 756, - 757, - 758, - 759, - 760, - 761, - 762, - 763, - 764, - 765, - 766, - 767, - 768, - 769, - 770, - 771, - 772, - 773, - 774, - 775, - 776, - 777, - 778, - 779, - 780, - 781, - 782, - 783, - 784, - 785, - 786, - 787, - 788, - 789, - 790, - 791, - 792, - 793, - 794, - 795, - 796, - 797, - 798, - 799, - 800, - 801, - 802, - 803, - 804, - 805, - 806, - 807, - 808, - 809, - 810, - 811, - 812, - 813, - 814, - 815, - 816, - 817, - 818, - 819, - 820, - 821, - 822, - 823, - 824, - 825, - 826, - 827, - 828, - 829, - 830, - 831, - 832, - 833, - 834, - 835, - 836, - 837, - 838, - 839, - 840, - 841, - 842, - 843, - 844, - 845, - 846, - 847, - 848, - 849, - 850, - 851, - 852, - 853, - 854, - 855, - 856, - 857, - 858, - 859, - 860, - 861, - 862, - 863, - 864, - 865, - 866, - 867, - 868, - 869, - 870, - 871, - 872, - 873, - 874, - 875, - 876, - 877, - 878, - 879, - 880, - 881, - 882, - 883, - 884, - 885, - 886, - 887, - 888, - 889, - 890, - 891, - 892, - 893, - 894, - 895, - 896, - 897, - 898, - 899, - 900, - 901, - 902, - 903, - 904, - 905, - 906, - 907, - 908, - 909, - 910, - 911, - 912, - 913, - 914, - 915, - 916, - 917, - 918, - 919, - 920, - 921, - 922, - 923, - 924, - 925, - 926, - 927, - 928, - 929, - 930, - 931, - 932, - 933, - 934, - 935, - 936, - 937, - 938, - 939, - 940, - 941, - 942, - 943, - 944, - 945, - 946, - 947, - 948, - 949, - 950, - 951, - 952, - 953, - 954, - 955, - 956, - 957, - 958, - 959, - 960, - 961, - 962, - 963, - 964, - 965, - 966, - 967, - 968, - 969, - 970, - 971, - 972, - 973, - 974, - 975, - 976, - 977, - 978, - 979, - 980, - 981, - 982, - 983, - 984, - 985, - 986, - 987, - 988, - 989, - 990, - 991, - 992, - 993, - 994, - 995, - 996, - 997, - 998, - 999, - 1000, - 1001, - 1002, - 1003, - 1004, - 1005, - 1006, - 1007, - 1008, - 1009, - 1010, - 1011, - 1012, - 1013, - 1014, - 1015, - 1016, - 1017, - 1018, - 1019, - 1020, - 1021, - 1022, - 1023, - 1024, - 1025, - 1026, - 1027, - 1028, - 1029, - 1030, - 1031, - 1032, - 1033, - 1034, - 1035, - 1036, - 1037, - 1038, - 1039, - 1040, - 1041, - 1042, - 1043, - 1044, - 1045, - 1046, - 1047, - 1048, - 1049, - 1050, - 1051, - 1052, - 1053, - 1054, - 1055, - 1056, - 1057, - 1058, - 1059, - 1060, - 1061, - 1062, - 1063, - 1064, - 1065, - 1066, - 1067, - 1068, - 1069, - 1070, - 1071, - 1072, - 1073, - 1074, - 1075, - 1076, - 1077, - 1078, - 1079, - 1080, - 1081, - 1082, - 1083, - 1084, - 1085, - 1086, - 1087, - 1088, - 1089, - 1090, - 1091, - 1092, - 1093, - 1094, - 1095, - 1096, - 1097, - 1098, - 1099, - 1100, - 1101, - 1102, - 1103, - 1104, - 1105, - 1106, - 1107, - 1108, - 1109, - 1110, - 1111, - 1112, - 1113, - 1114, - 1115, - 1116, - 1117, - 1118, - 1119, - 1120, - 1121, - 1122, - 1123, - 1124, - 1125, - 1126, - 1127, - 1128, - 1129, - 1130, - 1131, - 1132, - 1133, - 1134, - 1135, - 1136, - 1137, - 1138, - 1139, - 1140, - 1141, - 1142, - 1143, - 1144, - 1145, - 1146, - 1147, - 1148, - 1149, - 1150, - 1151, - 1152, - 1153, - 1154, - 1155, - 1156, - 1157, - 1158, - 1159, - 1160, - 1161, - 1162, - 1163, - 1164, - 1165, - 1166, - 1167, - 1168, - 1169, - 1170, - 1171, - 1172, - 1173, - 1174, - 1175, - 1176, - 1177, - 1178, - 1179, - 1180, - 1181, - 1182, - 1183, - 1184, - 1185, - 1186, - 1187, - 1188, - 1189, - 1190, - 1191, - 1192, - 1193, - 1194, - 1195, - 1196, - 1197, - 1198, - 1199, - 1200, - 1201, - 1202, - 1203, - 1204, - 1205, - 1206, - 1207, - 1208, - 1209, - 1210, - 1211, - 1212, - 1213, - 1214, - 1215, - 1216, - 1217, - 1218, - 1219, - 1220, - 1221, - 1222, - 1223 - ], - "starting_column": 1, - "ending_column": 2 - } - }, - "signature": "withdrawRewardFor(address)" - } - } - }, - "additional_fields": { - "underlying_type": "external_calls" - } - }, - { - "type": "node", - "name": "paidOut[_account] += reward", - "source_mapping": { - "start": 40779, - "length": 27, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 1072 - ], - "starting_column": 9, - "ending_column": 36 - }, - "type_specific_fields": { - "parent": { - "type": "function", - "name": "withdrawRewardFor", - "source_mapping": { - "start": 40361, - "length": 473, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 1064, - 1065, - 1066, - 1067, - 1068, - 1069, - 1070, - 1071, - 1072, - 1073, - 1074 - ], - "starting_column": 5, - "ending_column": 6 - }, - "type_specific_fields": { - "parent": { - "type": "contract", - "name": "DAO", - "source_mapping": { - "start": 28296, - "length": 17108, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 694, - 695, - 696, - 697, - 698, - 699, - 700, - 701, - 702, - 703, - 704, - 705, - 706, - 707, - 708, - 709, - 710, - 711, - 712, - 713, - 714, - 715, - 716, - 717, - 718, - 719, - 720, - 721, - 722, - 723, - 724, - 725, - 726, - 727, - 728, - 729, - 730, - 731, - 732, - 733, - 734, - 735, - 736, - 737, - 738, - 739, - 740, - 741, - 742, - 743, - 744, - 745, - 746, - 747, - 748, - 749, - 750, - 751, - 752, - 753, - 754, - 755, - 756, - 757, - 758, - 759, - 760, - 761, - 762, - 763, - 764, - 765, - 766, - 767, - 768, - 769, - 770, - 771, - 772, - 773, - 774, - 775, - 776, - 777, - 778, - 779, - 780, - 781, - 782, - 783, - 784, - 785, - 786, - 787, - 788, - 789, - 790, - 791, - 792, - 793, - 794, - 795, - 796, - 797, - 798, - 799, - 800, - 801, - 802, - 803, - 804, - 805, - 806, - 807, - 808, - 809, - 810, - 811, - 812, - 813, - 814, - 815, - 816, - 817, - 818, - 819, - 820, - 821, - 822, - 823, - 824, - 825, - 826, - 827, - 828, - 829, - 830, - 831, - 832, - 833, - 834, - 835, - 836, - 837, - 838, - 839, - 840, - 841, - 842, - 843, - 844, - 845, - 846, - 847, - 848, - 849, - 850, - 851, - 852, - 853, - 854, - 855, - 856, - 857, - 858, - 859, - 860, - 861, - 862, - 863, - 864, - 865, - 866, - 867, - 868, - 869, - 870, - 871, - 872, - 873, - 874, - 875, - 876, - 877, - 878, - 879, - 880, - 881, - 882, - 883, - 884, - 885, - 886, - 887, - 888, - 889, - 890, - 891, - 892, - 893, - 894, - 895, - 896, - 897, - 898, - 899, - 900, - 901, - 902, - 903, - 904, - 905, - 906, - 907, - 908, - 909, - 910, - 911, - 912, - 913, - 914, - 915, - 916, - 917, - 918, - 919, - 920, - 921, - 922, - 923, - 924, - 925, - 926, - 927, - 928, - 929, - 930, - 931, - 932, - 933, - 934, - 935, - 936, - 937, - 938, - 939, - 940, - 941, - 942, - 943, - 944, - 945, - 946, - 947, - 948, - 949, - 950, - 951, - 952, - 953, - 954, - 955, - 956, - 957, - 958, - 959, - 960, - 961, - 962, - 963, - 964, - 965, - 966, - 967, - 968, - 969, - 970, - 971, - 972, - 973, - 974, - 975, - 976, - 977, - 978, - 979, - 980, - 981, - 982, - 983, - 984, - 985, - 986, - 987, - 988, - 989, - 990, - 991, - 992, - 993, - 994, - 995, - 996, - 997, - 998, - 999, - 1000, - 1001, - 1002, - 1003, - 1004, - 1005, - 1006, - 1007, - 1008, - 1009, - 1010, - 1011, - 1012, - 1013, - 1014, - 1015, - 1016, - 1017, - 1018, - 1019, - 1020, - 1021, - 1022, - 1023, - 1024, - 1025, - 1026, - 1027, - 1028, - 1029, - 1030, - 1031, - 1032, - 1033, - 1034, - 1035, - 1036, - 1037, - 1038, - 1039, - 1040, - 1041, - 1042, - 1043, - 1044, - 1045, - 1046, - 1047, - 1048, - 1049, - 1050, - 1051, - 1052, - 1053, - 1054, - 1055, - 1056, - 1057, - 1058, - 1059, - 1060, - 1061, - 1062, - 1063, - 1064, - 1065, - 1066, - 1067, - 1068, - 1069, - 1070, - 1071, - 1072, - 1073, - 1074, - 1075, - 1076, - 1077, - 1078, - 1079, - 1080, - 1081, - 1082, - 1083, - 1084, - 1085, - 1086, - 1087, - 1088, - 1089, - 1090, - 1091, - 1092, - 1093, - 1094, - 1095, - 1096, - 1097, - 1098, - 1099, - 1100, - 1101, - 1102, - 1103, - 1104, - 1105, - 1106, - 1107, - 1108, - 1109, - 1110, - 1111, - 1112, - 1113, - 1114, - 1115, - 1116, - 1117, - 1118, - 1119, - 1120, - 1121, - 1122, - 1123, - 1124, - 1125, - 1126, - 1127, - 1128, - 1129, - 1130, - 1131, - 1132, - 1133, - 1134, - 1135, - 1136, - 1137, - 1138, - 1139, - 1140, - 1141, - 1142, - 1143, - 1144, - 1145, - 1146, - 1147, - 1148, - 1149, - 1150, - 1151, - 1152, - 1153, - 1154, - 1155, - 1156, - 1157, - 1158, - 1159, - 1160, - 1161, - 1162, - 1163, - 1164, - 1165, - 1166, - 1167, - 1168, - 1169, - 1170, - 1171, - 1172, - 1173, - 1174, - 1175, - 1176, - 1177, - 1178, - 1179, - 1180, - 1181, - 1182, - 1183, - 1184, - 1185, - 1186, - 1187, - 1188, - 1189, - 1190, - 1191, - 1192, - 1193, - 1194, - 1195, - 1196, - 1197, - 1198, - 1199, - 1200, - 1201, - 1202, - 1203, - 1204, - 1205, - 1206, - 1207, - 1208, - 1209, - 1210, - 1211, - 1212, - 1213, - 1214, - 1215, - 1216, - 1217, - 1218, - 1219, - 1220, - 1221, - 1222, - 1223 - ], - "starting_column": 1, - "ending_column": 2 - } - }, - "signature": "withdrawRewardFor(address)" - } - } - }, - "additional_fields": { - "underlying_type": "variables_written", - "variable_name": "paidOut" - } - } - ], - "description": "Reentrancy in DAO.withdrawRewardFor(address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1064-1074):\n\tExternal calls:\n\t- reward = (balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply - paidOut[_account] (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1068-1069)\n\t- ! rewardAccount.payOut(_account,reward) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1070)\n\tState variables written after the call(s):\n\t- paidOut[_account] += reward (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1072)\n\tDAOInterface.paidOut (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#426) can be used in cross function reentrancies:\n\t- DAO.splitDAO(uint256,address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#947-1020)\n\t- DAO.transferPaidOut(address,address,uint256) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1124-1136)\n\t- DAO.withdrawRewardFor(address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1064-1074)\n\t- DAOInterface.paidOut (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#426)\n", - "markdown": "Reentrancy in [DAO.withdrawRewardFor(address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1064-L1074):\n\tExternal calls:\n\t- [reward = (balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply - paidOut[_account]](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1068-L1069)\n\t- [! rewardAccount.payOut(_account,reward)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1070)\n\tState variables written after the call(s):\n\t- [paidOut[_account] += reward](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1072)\n\t[DAOInterface.paidOut](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L426) can be used in cross function reentrancies:\n\t- [DAO.splitDAO(uint256,address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L947-L1020)\n\t- [DAO.transferPaidOut(address,address,uint256)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1124-L1136)\n\t- [DAO.withdrawRewardFor(address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1064-L1074)\n\t- [DAOInterface.paidOut](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L426)\n", - "first_markdown_element": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1064-L1074", - "id": "2660bfd41b50f556e2d92972f4fe983a0d64930fc55431952f842a5ae8066bc8", - "check": "reentrancy-no-eth", - "impact": "Medium", - "confidence": "Medium" - }, - { - "elements": [ - { - "type": "function", - "name": "splitDAO", - "source_mapping": { - "start": 36148, - "length": 2849, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 947, - 948, - 949, - 950, - 951, - 952, - 953, - 954, - 955, - 956, - 957, - 958, - 959, - 960, - 961, - 962, - 963, - 964, - 965, - 966, - 967, - 968, - 969, - 970, - 971, - 972, - 973, - 974, - 975, - 976, - 977, - 978, - 979, - 980, - 981, - 982, - 983, - 984, - 985, - 986, - 987, - 988, - 989, - 990, - 991, - 992, - 993, - 994, - 995, - 996, - 997, - 998, - 999, - 1000, - 1001, - 1002, - 1003, - 1004, - 1005, - 1006, - 1007, - 1008, - 1009, - 1010, - 1011, - 1012, - 1013, - 1014, - 1015, - 1016, - 1017, - 1018, - 1019, - 1020 - ], - "starting_column": 5, - "ending_column": 6 - }, - "type_specific_fields": { - "parent": { - "type": "contract", - "name": "DAO", - "source_mapping": { - "start": 28296, - "length": 17108, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 694, - 695, - 696, - 697, - 698, - 699, - 700, - 701, - 702, - 703, - 704, - 705, - 706, - 707, - 708, - 709, - 710, - 711, - 712, - 713, - 714, - 715, - 716, - 717, - 718, - 719, - 720, - 721, - 722, - 723, - 724, - 725, - 726, - 727, - 728, - 729, - 730, - 731, - 732, - 733, - 734, - 735, - 736, - 737, - 738, - 739, - 740, - 741, - 742, - 743, - 744, - 745, - 746, - 747, - 748, - 749, - 750, - 751, - 752, - 753, - 754, - 755, - 756, - 757, - 758, - 759, - 760, - 761, - 762, - 763, - 764, - 765, - 766, - 767, - 768, - 769, - 770, - 771, - 772, - 773, - 774, - 775, - 776, - 777, - 778, - 779, - 780, - 781, - 782, - 783, - 784, - 785, - 786, - 787, - 788, - 789, - 790, - 791, - 792, - 793, - 794, - 795, - 796, - 797, - 798, - 799, - 800, - 801, - 802, - 803, - 804, - 805, - 806, - 807, - 808, - 809, - 810, - 811, - 812, - 813, - 814, - 815, - 816, - 817, - 818, - 819, - 820, - 821, - 822, - 823, - 824, - 825, - 826, - 827, - 828, - 829, - 830, - 831, - 832, - 833, - 834, - 835, - 836, - 837, - 838, - 839, - 840, - 841, - 842, - 843, - 844, - 845, - 846, - 847, - 848, - 849, - 850, - 851, - 852, - 853, - 854, - 855, - 856, - 857, - 858, - 859, - 860, - 861, - 862, - 863, - 864, - 865, - 866, - 867, - 868, - 869, - 870, - 871, - 872, - 873, - 874, - 875, - 876, - 877, - 878, - 879, - 880, - 881, - 882, - 883, - 884, - 885, - 886, - 887, - 888, - 889, - 890, - 891, - 892, - 893, - 894, - 895, - 896, - 897, - 898, - 899, - 900, - 901, - 902, - 903, - 904, - 905, - 906, - 907, - 908, - 909, - 910, - 911, - 912, - 913, - 914, - 915, - 916, - 917, - 918, - 919, - 920, - 921, - 922, - 923, - 924, - 925, - 926, - 927, - 928, - 929, - 930, - 931, - 932, - 933, - 934, - 935, - 936, - 937, - 938, - 939, - 940, - 941, - 942, - 943, - 944, - 945, - 946, - 947, - 948, - 949, - 950, - 951, - 952, - 953, - 954, - 955, - 956, - 957, - 958, - 959, - 960, - 961, - 962, - 963, - 964, - 965, - 966, - 967, - 968, - 969, - 970, - 971, - 972, - 973, - 974, - 975, - 976, - 977, - 978, - 979, - 980, - 981, - 982, - 983, - 984, - 985, - 986, - 987, - 988, - 989, - 990, - 991, - 992, - 993, - 994, - 995, - 996, - 997, - 998, - 999, - 1000, - 1001, - 1002, - 1003, - 1004, - 1005, - 1006, - 1007, - 1008, - 1009, - 1010, - 1011, - 1012, - 1013, - 1014, - 1015, - 1016, - 1017, - 1018, - 1019, - 1020, - 1021, - 1022, - 1023, - 1024, - 1025, - 1026, - 1027, - 1028, - 1029, - 1030, - 1031, - 1032, - 1033, - 1034, - 1035, - 1036, - 1037, - 1038, - 1039, - 1040, - 1041, - 1042, - 1043, - 1044, - 1045, - 1046, - 1047, - 1048, - 1049, - 1050, - 1051, - 1052, - 1053, - 1054, - 1055, - 1056, - 1057, - 1058, - 1059, - 1060, - 1061, - 1062, - 1063, - 1064, - 1065, - 1066, - 1067, - 1068, - 1069, - 1070, - 1071, - 1072, - 1073, - 1074, - 1075, - 1076, - 1077, - 1078, - 1079, - 1080, - 1081, - 1082, - 1083, - 1084, - 1085, - 1086, - 1087, - 1088, - 1089, - 1090, - 1091, - 1092, - 1093, - 1094, - 1095, - 1096, - 1097, - 1098, - 1099, - 1100, - 1101, - 1102, - 1103, - 1104, - 1105, - 1106, - 1107, - 1108, - 1109, - 1110, - 1111, - 1112, - 1113, - 1114, - 1115, - 1116, - 1117, - 1118, - 1119, - 1120, - 1121, - 1122, - 1123, - 1124, - 1125, - 1126, - 1127, - 1128, - 1129, - 1130, - 1131, - 1132, - 1133, - 1134, - 1135, - 1136, - 1137, - 1138, - 1139, - 1140, - 1141, - 1142, - 1143, - 1144, - 1145, - 1146, - 1147, - 1148, - 1149, - 1150, - 1151, - 1152, - 1153, - 1154, - 1155, - 1156, - 1157, - 1158, - 1159, - 1160, - 1161, - 1162, - 1163, - 1164, - 1165, - 1166, - 1167, - 1168, - 1169, - 1170, - 1171, - 1172, - 1173, - 1174, - 1175, - 1176, - 1177, - 1178, - 1179, - 1180, - 1181, - 1182, - 1183, - 1184, - 1185, - 1186, - 1187, - 1188, - 1189, - 1190, - 1191, - 1192, - 1193, - 1194, - 1195, - 1196, - 1197, - 1198, - 1199, - 1200, - 1201, - 1202, - 1203, - 1204, - 1205, - 1206, - 1207, - 1208, - 1209, - 1210, - 1211, - 1212, - 1213, - 1214, - 1215, - 1216, - 1217, - 1218, - 1219, - 1220, - 1221, - 1222, - 1223 - ], - "starting_column": 1, - "ending_column": 2 - } - }, - "signature": "splitDAO(uint256,address)" - } - }, - { - "type": "node", - "name": "p.splitData[0].newDAO = createNewDAO(_newCurator)", - "source_mapping": { - "start": 37159, - "length": 49, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 974 - ], - "starting_column": 13, - "ending_column": 62 - }, - "type_specific_fields": { - "parent": { - "type": "function", - "name": "splitDAO", - "source_mapping": { - "start": 36148, - "length": 2849, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 947, - 948, - 949, - 950, - 951, - 952, - 953, - 954, - 955, - 956, - 957, - 958, - 959, - 960, - 961, - 962, - 963, - 964, - 965, - 966, - 967, - 968, - 969, - 970, - 971, - 972, - 973, - 974, - 975, - 976, - 977, - 978, - 979, - 980, - 981, - 982, - 983, - 984, - 985, - 986, - 987, - 988, - 989, - 990, - 991, - 992, - 993, - 994, - 995, - 996, - 997, - 998, - 999, - 1000, - 1001, - 1002, - 1003, - 1004, - 1005, - 1006, - 1007, - 1008, - 1009, - 1010, - 1011, - 1012, - 1013, - 1014, - 1015, - 1016, - 1017, - 1018, - 1019, - 1020 - ], - "starting_column": 5, - "ending_column": 6 - }, - "type_specific_fields": { - "parent": { - "type": "contract", - "name": "DAO", - "source_mapping": { - "start": 28296, - "length": 17108, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 694, - 695, - 696, - 697, - 698, - 699, - 700, - 701, - 702, - 703, - 704, - 705, - 706, - 707, - 708, - 709, - 710, - 711, - 712, - 713, - 714, - 715, - 716, - 717, - 718, - 719, - 720, - 721, - 722, - 723, - 724, - 725, - 726, - 727, - 728, - 729, - 730, - 731, - 732, - 733, - 734, - 735, - 736, - 737, - 738, - 739, - 740, - 741, - 742, - 743, - 744, - 745, - 746, - 747, - 748, - 749, - 750, - 751, - 752, - 753, - 754, - 755, - 756, - 757, - 758, - 759, - 760, - 761, - 762, - 763, - 764, - 765, - 766, - 767, - 768, - 769, - 770, - 771, - 772, - 773, - 774, - 775, - 776, - 777, - 778, - 779, - 780, - 781, - 782, - 783, - 784, - 785, - 786, - 787, - 788, - 789, - 790, - 791, - 792, - 793, - 794, - 795, - 796, - 797, - 798, - 799, - 800, - 801, - 802, - 803, - 804, - 805, - 806, - 807, - 808, - 809, - 810, - 811, - 812, - 813, - 814, - 815, - 816, - 817, - 818, - 819, - 820, - 821, - 822, - 823, - 824, - 825, - 826, - 827, - 828, - 829, - 830, - 831, - 832, - 833, - 834, - 835, - 836, - 837, - 838, - 839, - 840, - 841, - 842, - 843, - 844, - 845, - 846, - 847, - 848, - 849, - 850, - 851, - 852, - 853, - 854, - 855, - 856, - 857, - 858, - 859, - 860, - 861, - 862, - 863, - 864, - 865, - 866, - 867, - 868, - 869, - 870, - 871, - 872, - 873, - 874, - 875, - 876, - 877, - 878, - 879, - 880, - 881, - 882, - 883, - 884, - 885, - 886, - 887, - 888, - 889, - 890, - 891, - 892, - 893, - 894, - 895, - 896, - 897, - 898, - 899, - 900, - 901, - 902, - 903, - 904, - 905, - 906, - 907, - 908, - 909, - 910, - 911, - 912, - 913, - 914, - 915, - 916, - 917, - 918, - 919, - 920, - 921, - 922, - 923, - 924, - 925, - 926, - 927, - 928, - 929, - 930, - 931, - 932, - 933, - 934, - 935, - 936, - 937, - 938, - 939, - 940, - 941, - 942, - 943, - 944, - 945, - 946, - 947, - 948, - 949, - 950, - 951, - 952, - 953, - 954, - 955, - 956, - 957, - 958, - 959, - 960, - 961, - 962, - 963, - 964, - 965, - 966, - 967, - 968, - 969, - 970, - 971, - 972, - 973, - 974, - 975, - 976, - 977, - 978, - 979, - 980, - 981, - 982, - 983, - 984, - 985, - 986, - 987, - 988, - 989, - 990, - 991, - 992, - 993, - 994, - 995, - 996, - 997, - 998, - 999, - 1000, - 1001, - 1002, - 1003, - 1004, - 1005, - 1006, - 1007, - 1008, - 1009, - 1010, - 1011, - 1012, - 1013, - 1014, - 1015, - 1016, - 1017, - 1018, - 1019, - 1020, - 1021, - 1022, - 1023, - 1024, - 1025, - 1026, - 1027, - 1028, - 1029, - 1030, - 1031, - 1032, - 1033, - 1034, - 1035, - 1036, - 1037, - 1038, - 1039, - 1040, - 1041, - 1042, - 1043, - 1044, - 1045, - 1046, - 1047, - 1048, - 1049, - 1050, - 1051, - 1052, - 1053, - 1054, - 1055, - 1056, - 1057, - 1058, - 1059, - 1060, - 1061, - 1062, - 1063, - 1064, - 1065, - 1066, - 1067, - 1068, - 1069, - 1070, - 1071, - 1072, - 1073, - 1074, - 1075, - 1076, - 1077, - 1078, - 1079, - 1080, - 1081, - 1082, - 1083, - 1084, - 1085, - 1086, - 1087, - 1088, - 1089, - 1090, - 1091, - 1092, - 1093, - 1094, - 1095, - 1096, - 1097, - 1098, - 1099, - 1100, - 1101, - 1102, - 1103, - 1104, - 1105, - 1106, - 1107, - 1108, - 1109, - 1110, - 1111, - 1112, - 1113, - 1114, - 1115, - 1116, - 1117, - 1118, - 1119, - 1120, - 1121, - 1122, - 1123, - 1124, - 1125, - 1126, - 1127, - 1128, - 1129, - 1130, - 1131, - 1132, - 1133, - 1134, - 1135, - 1136, - 1137, - 1138, - 1139, - 1140, - 1141, - 1142, - 1143, - 1144, - 1145, - 1146, - 1147, - 1148, - 1149, - 1150, - 1151, - 1152, - 1153, - 1154, - 1155, - 1156, - 1157, - 1158, - 1159, - 1160, - 1161, - 1162, - 1163, - 1164, - 1165, - 1166, - 1167, - 1168, - 1169, - 1170, - 1171, - 1172, - 1173, - 1174, - 1175, - 1176, - 1177, - 1178, - 1179, - 1180, - 1181, - 1182, - 1183, - 1184, - 1185, - 1186, - 1187, - 1188, - 1189, - 1190, - 1191, - 1192, - 1193, - 1194, - 1195, - 1196, - 1197, - 1198, - 1199, - 1200, - 1201, - 1202, - 1203, - 1204, - 1205, - 1206, - 1207, - 1208, - 1209, - 1210, - 1211, - 1212, - 1213, - 1214, - 1215, - 1216, - 1217, - 1218, - 1219, - 1220, - 1221, - 1222, - 1223 - ], - "starting_column": 1, - "ending_column": 2 - } - }, - "signature": "splitDAO(uint256,address)" + 694, + 695, + 696, + 697, + 698, + 699, + 700, + 701, + 702, + 703, + 704, + 705, + 706, + 707, + 708, + 709, + 710, + 711, + 712, + 713, + 714, + 715, + 716, + 717, + 718, + 719, + 720, + 721, + 722, + 723, + 724, + 725, + 726, + 727, + 728, + 729, + 730, + 731, + 732, + 733, + 734, + 735, + 736, + 737, + 738, + 739, + 740, + 741, + 742, + 743, + 744, + 745, + 746, + 747, + 748, + 749, + 750, + 751, + 752, + 753, + 754, + 755, + 756, + 757, + 758, + 759, + 760, + 761, + 762, + 763, + 764, + 765, + 766, + 767, + 768, + 769, + 770, + 771, + 772, + 773, + 774, + 775, + 776, + 777, + 778, + 779, + 780, + 781, + 782, + 783, + 784, + 785, + 786, + 787, + 788, + 789, + 790, + 791, + 792, + 793, + 794, + 795, + 796, + 797, + 798, + 799, + 800, + 801, + 802, + 803, + 804, + 805, + 806, + 807, + 808, + 809, + 810, + 811, + 812, + 813, + 814, + 815, + 816, + 817, + 818, + 819, + 820, + 821, + 822, + 823, + 824, + 825, + 826, + 827, + 828, + 829, + 830, + 831, + 832, + 833, + 834, + 835, + 836, + 837, + 838, + 839, + 840, + 841, + 842, + 843, + 844, + 845, + 846, + 847, + 848, + 849, + 850, + 851, + 852, + 853, + 854, + 855, + 856, + 857, + 858, + 859, + 860, + 861, + 862, + 863, + 864, + 865, + 866, + 867, + 868, + 869, + 870, + 871, + 872, + 873, + 874, + 875, + 876, + 877, + 878, + 879, + 880, + 881, + 882, + 883, + 884, + 885, + 886, + 887, + 888, + 889, + 890, + 891, + 892, + 893, + 894, + 895, + 896, + 897, + 898, + 899, + 900, + 901, + 902, + 903, + 904, + 905, + 906, + 907, + 908, + 909, + 910, + 911, + 912, + 913, + 914, + 915, + 916, + 917, + 918, + 919, + 920, + 921, + 922, + 923, + 924, + 925, + 926, + 927, + 928, + 929, + 930, + 931, + 932, + 933, + 934, + 935, + 936, + 937, + 938, + 939, + 940, + 941, + 942, + 943, + 944, + 945, + 946, + 947, + 948, + 949, + 950, + 951, + 952, + 953, + 954, + 955, + 956, + 957, + 958, + 959, + 960, + 961, + 962, + 963, + 964, + 965, + 966, + 967, + 968, + 969, + 970, + 971, + 972, + 973, + 974, + 975, + 976, + 977, + 978, + 979, + 980, + 981, + 982, + 983, + 984, + 985, + 986, + 987, + 988, + 989, + 990, + 991, + 992, + 993, + 994, + 995, + 996, + 997, + 998, + 999, + 1000, + 1001, + 1002, + 1003, + 1004, + 1005, + 1006, + 1007, + 1008, + 1009, + 1010, + 1011, + 1012, + 1013, + 1014, + 1015, + 1016, + 1017, + 1018, + 1019, + 1020, + 1021, + 1022, + 1023, + 1024, + 1025, + 1026, + 1027, + 1028, + 1029, + 1030, + 1031, + 1032, + 1033, + 1034, + 1035, + 1036, + 1037, + 1038, + 1039, + 1040, + 1041, + 1042, + 1043, + 1044, + 1045, + 1046, + 1047, + 1048, + 1049, + 1050, + 1051, + 1052, + 1053, + 1054, + 1055, + 1056, + 1057, + 1058, + 1059, + 1060, + 1061, + 1062, + 1063, + 1064, + 1065, + 1066, + 1067, + 1068, + 1069, + 1070, + 1071, + 1072, + 1073, + 1074, + 1075, + 1076, + 1077, + 1078, + 1079, + 1080, + 1081, + 1082, + 1083, + 1084, + 1085, + 1086, + 1087, + 1088, + 1089, + 1090, + 1091, + 1092, + 1093, + 1094, + 1095, + 1096, + 1097, + 1098, + 1099, + 1100, + 1101, + 1102, + 1103, + 1104, + 1105, + 1106, + 1107, + 1108, + 1109, + 1110, + 1111, + 1112, + 1113, + 1114, + 1115, + 1116, + 1117, + 1118, + 1119, + 1120, + 1121, + 1122, + 1123, + 1124, + 1125, + 1126, + 1127, + 1128, + 1129, + 1130, + 1131, + 1132, + 1133, + 1134, + 1135, + 1136, + 1137, + 1138, + 1139, + 1140, + 1141, + 1142, + 1143, + 1144, + 1145, + 1146, + 1147, + 1148, + 1149, + 1150, + 1151, + 1152, + 1153, + 1154, + 1155, + 1156, + 1157, + 1158, + 1159, + 1160, + 1161, + 1162, + 1163, + 1164, + 1165, + 1166, + 1167, + 1168, + 1169, + 1170, + 1171, + 1172, + 1173, + 1174, + 1175, + 1176, + 1177, + 1178, + 1179, + 1180, + 1181, + 1182, + 1183, + 1184, + 1185, + 1186, + 1187, + 1188, + 1189, + 1190, + 1191, + 1192, + 1193, + 1194, + 1195, + 1196, + 1197, + 1198, + 1199, + 1200, + 1201, + 1202, + 1203, + 1204, + 1205, + 1206, + 1207, + 1208, + 1209, + 1210, + 1211, + 1212, + 1213, + 1214, + 1215, + 1216, + 1217, + 1218, + 1219, + 1220, + 1221, + 1222, + 1223 + ], + "starting_column": 1, + "ending_column": 2 } - } - }, - "additional_fields": { - "underlying_type": "external_calls" + }, + "signature": "transferFromWithoutReward(address,address,uint256)" } }, { "type": "node", - "name": "daoCreator.createDAO(_newCurator,0,0,now + splitExecutionPeriod)", + "name": "! withdrawRewardFor(_from)", "source_mapping": { - "start": 44544, - "length": 74, + "start": 41890, + "length": 25, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1196 + 1118 ], - "starting_column": 9, - "ending_column": 83 + "starting_column": 13, + "ending_column": 38 }, "type_specific_fields": { "parent": { "type": "function", - "name": "createNewDAO", + "name": "transferFromWithoutReward", "source_mapping": { - "start": 44427, - "length": 198, + "start": 41743, + "length": 247, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1194, - 1195, - 1196, - 1197 + 1112, + 1113, + 1114, + 1115, + 1116, + 1117, + 1118, + 1119, + 1120, + 1121 ], "starting_column": 5, "ending_column": 6 @@ -9898,116 +4198,53 @@ "ending_column": 2 } }, - "signature": "createNewDAO(address)" + "signature": "transferFromWithoutReward(address,address,uint256)" } } }, "additional_fields": { - "underlying_type": "external_calls_sending_eth" + "underlying_type": "external_calls" } }, { "type": "node", - "name": "withdrawRewardFor(msg.sender)", + "name": "(balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply < paidOut[_account]", "source_mapping": { - "start": 38796, - "length": 29, + "start": 40461, + "length": 90, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1015 + 1065 ], - "starting_column": 9, - "ending_column": 38 + "starting_column": 13, + "ending_column": 103 }, "type_specific_fields": { "parent": { "type": "function", - "name": "splitDAO", + "name": "withdrawRewardFor", "source_mapping": { - "start": 36148, - "length": 2849, + "start": 40361, + "length": 473, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 947, - 948, - 949, - 950, - 951, - 952, - 953, - 954, - 955, - 956, - 957, - 958, - 959, - 960, - 961, - 962, - 963, - 964, - 965, - 966, - 967, - 968, - 969, - 970, - 971, - 972, - 973, - 974, - 975, - 976, - 977, - 978, - 979, - 980, - 981, - 982, - 983, - 984, - 985, - 986, - 987, - 988, - 989, - 990, - 991, - 992, - 993, - 994, - 995, - 996, - 997, - 998, - 999, - 1000, - 1001, - 1002, - 1003, - 1004, - 1005, - 1006, - 1007, - 1008, - 1009, - 1010, - 1011, - 1012, - 1013, - 1014, - 1015, - 1016, - 1017, - 1018, - 1019, - 1020 + 1064, + 1065, + 1066, + 1067, + 1068, + 1069, + 1070, + 1071, + 1072, + 1073, + 1074 ], "starting_column": 5, "ending_column": 6 @@ -10559,28 +4796,29 @@ "ending_column": 2 } }, - "signature": "splitDAO(uint256,address)" + "signature": "withdrawRewardFor(address)" } } }, "additional_fields": { - "underlying_type": "external_calls" + "underlying_type": "external_calls_sending_eth" } }, { "type": "node", - "name": "(balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply < paidOut[_account]", + "name": "reward = (balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply - paidOut[_account]", "source_mapping": { - "start": 40461, - "length": 90, + "start": 40581, + "length": 116, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1065 + 1068, + 1069 ], - "starting_column": 13, + "starting_column": 9, "ending_column": 103 }, "type_specific_fields": { @@ -11167,20 +5405,19 @@ }, { "type": "node", - "name": "reward = (balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply - paidOut[_account]", + "name": "! rewardAccount.payOut(_account,reward)", "source_mapping": { - "start": 40581, - "length": 116, + "start": 40711, + "length": 39, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1068, - 1069 + 1070 ], - "starting_column": 9, - "ending_column": 103 + "starting_column": 13, + "ending_column": 52 }, "type_specific_fields": { "parent": { @@ -11766,43 +6003,42 @@ }, { "type": "node", - "name": "! rewardAccount.payOut(_account,reward)", + "name": "transferFrom(_from,_to,_value)", "source_mapping": { - "start": 40711, + "start": 41944, "length": 39, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1070 + 1120 ], - "starting_column": 13, - "ending_column": 52 + "starting_column": 9, + "ending_column": 48 }, "type_specific_fields": { "parent": { "type": "function", - "name": "withdrawRewardFor", + "name": "transferFromWithoutReward", "source_mapping": { - "start": 40361, - "length": 473, + "start": 41743, + "length": 247, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1064, - 1065, - 1066, - 1067, - 1068, - 1069, - 1070, - 1071, - 1072, - 1073, - 1074 + 1112, + 1113, + 1114, + 1115, + 1116, + 1117, + 1118, + 1119, + 1120, + 1121 ], "starting_column": 5, "ending_column": 6 @@ -12354,116 +6590,307 @@ "ending_column": 2 } }, - "signature": "withdrawRewardFor(address)" + "signature": "transferFromWithoutReward(address,address,uint256)" + } + } + }, + "additional_fields": { + "underlying_type": "variables_written", + "variable_name": "balances" + } + }, + { + "type": "node", + "name": "balances[_to] += _amount", + "source_mapping": { + "start": 4393, + "length": 24, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 120 + ], + "starting_column": 13, + "ending_column": 37 + }, + "type_specific_fields": { + "parent": { + "type": "function", + "name": "transferFrom", + "source_mapping": { + "start": 4127, + "length": 509, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 110, + 111, + 112, + 113, + 114, + 115, + 116, + 117, + 118, + 119, + 120, + 121, + 122, + 123, + 124, + 125, + 126, + 127, + 128 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "Token", + "source_mapping": { + "start": 3440, + "length": 1550, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 90, + 91, + 92, + 93, + 94, + 95, + 96, + 97, + 98, + 99, + 100, + 101, + 102, + 103, + 104, + 105, + 106, + 107, + 108, + 109, + 110, + 111, + 112, + 113, + 114, + 115, + 116, + 117, + 118, + 119, + 120, + 121, + 122, + 123, + 124, + 125, + 126, + 127, + 128, + 129, + 130, + 131, + 132, + 133, + 134, + 135, + 136, + 137, + 138, + 139 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "transferFrom(address,address,uint256)" + } + } + }, + "additional_fields": { + "underlying_type": "variables_written", + "variable_name": "balances" + } + }, + { + "type": "node", + "name": "balances[_from] -= _amount", + "source_mapping": { + "start": 4431, + "length": 26, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 121 + ], + "starting_column": 13, + "ending_column": 39 + }, + "type_specific_fields": { + "parent": { + "type": "function", + "name": "transferFrom", + "source_mapping": { + "start": 4127, + "length": 509, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 110, + 111, + 112, + 113, + 114, + 115, + 116, + 117, + 118, + 119, + 120, + 121, + 122, + 123, + 124, + 125, + 126, + 127, + 128 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "Token", + "source_mapping": { + "start": 3440, + "length": 1550, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 90, + 91, + 92, + 93, + 94, + 95, + 96, + 97, + 98, + 99, + 100, + 101, + 102, + 103, + 104, + 105, + 106, + 107, + 108, + 109, + 110, + 111, + 112, + 113, + 114, + 115, + 116, + 117, + 118, + 119, + 120, + 121, + 122, + 123, + 124, + 125, + 126, + 127, + 128, + 129, + 130, + 131, + 132, + 133, + 134, + 135, + 136, + 137, + 138, + 139 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "transferFrom(address,address,uint256)" } } }, "additional_fields": { - "underlying_type": "external_calls_sending_eth" + "underlying_type": "variables_written", + "variable_name": "balances" } }, { "type": "node", - "name": "balances[msg.sender] = 0", + "name": "transferFrom(_from,_to,_value)", "source_mapping": { - "start": 38912, - "length": 24, + "start": 41944, + "length": 39, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1017 + 1120 ], "starting_column": 9, - "ending_column": 33 + "ending_column": 48 }, "type_specific_fields": { "parent": { "type": "function", - "name": "splitDAO", + "name": "transferFromWithoutReward", "source_mapping": { - "start": 36148, - "length": 2849, + "start": 41743, + "length": 247, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 947, - 948, - 949, - 950, - 951, - 952, - 953, - 954, - 955, - 956, - 957, - 958, - 959, - 960, - 961, - 962, - 963, - 964, - 965, - 966, - 967, - 968, - 969, - 970, - 971, - 972, - 973, - 974, - 975, - 976, - 977, - 978, - 979, - 980, - 981, - 982, - 983, - 984, - 985, - 986, - 987, - 988, - 989, - 990, - 991, - 992, - 993, - 994, - 995, - 996, - 997, - 998, - 999, - 1000, - 1001, - 1002, - 1003, - 1004, - 1005, - 1006, - 1007, - 1008, - 1009, - 1010, - 1011, - 1012, - 1013, - 1014, - 1015, - 1016, - 1017, - 1018, - 1019, - 1020 + 1112, + 1113, + 1114, + 1115, + 1116, + 1117, + 1118, + 1119, + 1120, + 1121 ], "starting_column": 5, "ending_column": 6 @@ -12994,138 +7421,77 @@ 1205, 1206, 1207, - 1208, - 1209, - 1210, - 1211, - 1212, - 1213, - 1214, - 1215, - 1216, - 1217, - 1218, - 1219, - 1220, - 1221, - 1222, - 1223 - ], - "starting_column": 1, - "ending_column": 2 - } - }, - "signature": "splitDAO(uint256,address)" - } - } - }, - "additional_fields": { - "underlying_type": "variables_written", - "variable_name": "balances" - } - }, - { - "type": "node", - "name": "paidOut[msg.sender] = 0", - "source_mapping": { - "start": 38946, - "length": 23, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 1018 - ], - "starting_column": 9, - "ending_column": 32 - }, - "type_specific_fields": { - "parent": { - "type": "function", - "name": "splitDAO", - "source_mapping": { - "start": 36148, - "length": 2849, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 947, - 948, - 949, - 950, - 951, - 952, - 953, - 954, - 955, - 956, - 957, - 958, - 959, - 960, - 961, - 962, - 963, - 964, - 965, - 966, - 967, - 968, - 969, - 970, - 971, - 972, - 973, - 974, - 975, - 976, - 977, - 978, - 979, - 980, - 981, - 982, - 983, - 984, - 985, - 986, - 987, - 988, - 989, - 990, - 991, - 992, - 993, - 994, - 995, - 996, - 997, - 998, - 999, - 1000, - 1001, - 1002, - 1003, - 1004, - 1005, - 1006, - 1007, - 1008, - 1009, - 1010, - 1011, - 1012, - 1013, - 1014, - 1015, - 1016, - 1017, - 1018, - 1019, - 1020 + 1208, + 1209, + 1210, + 1211, + 1212, + 1213, + 1214, + 1215, + 1216, + 1217, + 1218, + 1219, + 1220, + 1221, + 1222, + 1223 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "transferFromWithoutReward(address,address,uint256)" + } + } + }, + "additional_fields": { + "underlying_type": "variables_written", + "variable_name": "paidOut" + } + }, + { + "type": "node", + "name": "paidOut[_from] -= transferPaidOut", + "source_mapping": { + "start": 42279, + "length": 33, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 1133 + ], + "starting_column": 9, + "ending_column": 42 + }, + "type_specific_fields": { + "parent": { + "type": "function", + "name": "transferPaidOut", + "source_mapping": { + "start": 41997, + "length": 384, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 1124, + 1125, + 1126, + 1127, + 1128, + 1129, + 1130, + 1131, + 1132, + 1133, + 1134, + 1135, + 1136 ], "starting_column": 5, "ending_column": 6 @@ -13677,7 +8043,7 @@ "ending_column": 2 } }, - "signature": "splitDAO(uint256,address)" + "signature": "transferPaidOut(address,address,uint256)" } } }, @@ -13688,106 +8054,45 @@ }, { "type": "node", - "name": "totalSupply -= balances[msg.sender]", + "name": "paidOut[_to] += transferPaidOut", "source_mapping": { - "start": 38867, - "length": 35, + "start": 42322, + "length": 31, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1016 + 1134 ], "starting_column": 9, - "ending_column": 44 + "ending_column": 40 }, "type_specific_fields": { "parent": { "type": "function", - "name": "splitDAO", + "name": "transferPaidOut", "source_mapping": { - "start": 36148, - "length": 2849, + "start": 41997, + "length": 384, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 947, - 948, - 949, - 950, - 951, - 952, - 953, - 954, - 955, - 956, - 957, - 958, - 959, - 960, - 961, - 962, - 963, - 964, - 965, - 966, - 967, - 968, - 969, - 970, - 971, - 972, - 973, - 974, - 975, - 976, - 977, - 978, - 979, - 980, - 981, - 982, - 983, - 984, - 985, - 986, - 987, - 988, - 989, - 990, - 991, - 992, - 993, - 994, - 995, - 996, - 997, - 998, - 999, - 1000, - 1001, - 1002, - 1003, - 1004, - 1005, - 1006, - 1007, - 1008, - 1009, - 1010, - 1011, - 1012, - 1013, - 1014, - 1015, - 1016, - 1017, - 1018, - 1019, - 1020 + 1124, + 1125, + 1126, + 1127, + 1128, + 1129, + 1130, + 1131, + 1132, + 1133, + 1134, + 1135, + 1136 ], "starting_column": 5, "ending_column": 6 @@ -14339,20 +8644,20 @@ "ending_column": 2 } }, - "signature": "splitDAO(uint256,address)" + "signature": "transferPaidOut(address,address,uint256)" } } }, "additional_fields": { "underlying_type": "variables_written", - "variable_name": "totalSupply" + "variable_name": "paidOut" } } ], - "description": "Reentrancy in DAO.splitDAO(uint256,address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#947-1020):\n\tExternal calls:\n\t- p.splitData[0].newDAO = createNewDAO(_newCurator) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#974)\n\t\t- daoCreator.createDAO(_newCurator,0,0,now + splitExecutionPeriod) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1196)\n\t- withdrawRewardFor(msg.sender) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1015)\n\t\t- (balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply < paidOut[_account] (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1065)\n\t\t- reward = (balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply - paidOut[_account] (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1068-1069)\n\t\t- ! rewardAccount.payOut(_account,reward) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1070)\n\tState variables written after the call(s):\n\t- balances[msg.sender] = 0 (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1017)\n\tTokenInterface.balances (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#41) can be used in cross function reentrancies:\n\t- Token.transfer(address,uint256) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#99-108)\n\t- TokenCreation.createTokenProxy(address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#299-316)\n\t- DAO.splitDAO(uint256,address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#947-1020)\n\t- DAO.vote(uint256,bool) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#820-850)\n\t- Token.balanceOf(address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#95-97)\n\t- TokenCreation.refund() (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#318-332)\n\t- Token.transferFrom(address,address,uint256) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#110-128)\n\t- paidOut[msg.sender] = 0 (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1018)\n\tDAOInterface.paidOut (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#426) can be used in cross function reentrancies:\n\t- DAO.splitDAO(uint256,address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#947-1020)\n\t- DAO.transferPaidOut(address,address,uint256) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1124-1136)\n\t- DAO.withdrawRewardFor(address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1064-1074)\n\t- DAOInterface.paidOut (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#426)\n\t- totalSupply -= balances[msg.sender] (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1016)\n\tTokenInterface.totalSupply (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#45) can be used in cross function reentrancies:\n\t- TokenCreation.createTokenProxy(address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#299-316)\n\t- DAO.splitDAO(uint256,address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#947-1020)\n\t- DAO.minQuorum(uint256) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1174-1178)\n\t- TokenInterface.totalSupply (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#45)\n\t- DAO.executeProposal(uint256,bytes) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#853-937)\n\t- DAO.withdrawRewardFor(address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1064-1074)\n\t- TokenCreation.refund() (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#318-332)\n", - "markdown": "Reentrancy in [DAO.splitDAO(uint256,address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L947-L1020):\n\tExternal calls:\n\t- [p.splitData[0].newDAO = createNewDAO(_newCurator)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L974)\n\t\t- [daoCreator.createDAO(_newCurator,0,0,now + splitExecutionPeriod)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1196)\n\t- [withdrawRewardFor(msg.sender)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1015)\n\t\t- [(balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply < paidOut[_account]](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1065)\n\t\t- [reward = (balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply - paidOut[_account]](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1068-L1069)\n\t\t- [! rewardAccount.payOut(_account,reward)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1070)\n\tState variables written after the call(s):\n\t- [balances[msg.sender] = 0](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1017)\n\t[TokenInterface.balances](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L41) can be used in cross function reentrancies:\n\t- [Token.transfer(address,uint256)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L99-L108)\n\t- [TokenCreation.createTokenProxy(address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L299-L316)\n\t- [DAO.splitDAO(uint256,address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L947-L1020)\n\t- [DAO.vote(uint256,bool)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L820-L850)\n\t- [Token.balanceOf(address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L95-L97)\n\t- [TokenCreation.refund()](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L318-L332)\n\t- [Token.transferFrom(address,address,uint256)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L110-L128)\n\t- [paidOut[msg.sender] = 0](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1018)\n\t[DAOInterface.paidOut](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L426) can be used in cross function reentrancies:\n\t- [DAO.splitDAO(uint256,address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L947-L1020)\n\t- [DAO.transferPaidOut(address,address,uint256)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1124-L1136)\n\t- [DAO.withdrawRewardFor(address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1064-L1074)\n\t- [DAOInterface.paidOut](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L426)\n\t- [totalSupply -= balances[msg.sender]](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1016)\n\t[TokenInterface.totalSupply](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L45) can be used in cross function reentrancies:\n\t- [TokenCreation.createTokenProxy(address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L299-L316)\n\t- [DAO.splitDAO(uint256,address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L947-L1020)\n\t- [DAO.minQuorum(uint256)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1174-L1178)\n\t- [TokenInterface.totalSupply](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L45)\n\t- [DAO.executeProposal(uint256,bytes)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L853-L937)\n\t- [DAO.withdrawRewardFor(address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1064-L1074)\n\t- [TokenCreation.refund()](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L318-L332)\n", - "first_markdown_element": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L947-L1020", - "id": "42a79513e1c7098fa23ca86561e61190d6d20dd43429f0392174bd44954abf98", + "description": "Reentrancy in DAO.transferFromWithoutReward(address,address,uint256) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1112-1121):\n\tExternal calls:\n\t- ! withdrawRewardFor(_from) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1118)\n\t\t- (balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply < paidOut[_account] (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1065)\n\t\t- reward = (balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply - paidOut[_account] (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1068-1069)\n\t\t- ! rewardAccount.payOut(_account,reward) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1070)\n\tState variables written after the call(s):\n\t- transferFrom(_from,_to,_value) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1120)\n\t\t- balances[_to] += _amount (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#120)\n\t\t- balances[_from] -= _amount (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#121)\n\tTokenInterface.balances (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#41) can be used in cross function reentrancies:\n\t- Token.balanceOf(address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#95-97)\n\t- TokenCreation.createTokenProxy(address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#299-316)\n\t- TokenCreation.refund() (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#318-332)\n\t- DAO.splitDAO(uint256,address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#947-1020)\n\t- Token.transfer(address,uint256) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#99-108)\n\t- Token.transferFrom(address,address,uint256) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#110-128)\n\t- DAO.vote(uint256,bool) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#820-850)\n\t- transferFrom(_from,_to,_value) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1120)\n\t\t- paidOut[_from] -= transferPaidOut (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1133)\n\t\t- paidOut[_to] += transferPaidOut (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1134)\n\tDAOInterface.paidOut (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#426) can be used in cross function reentrancies:\n\t- DAOInterface.paidOut (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#426)\n\t- DAO.splitDAO(uint256,address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#947-1020)\n\t- DAO.transferPaidOut(address,address,uint256) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1124-1136)\n\t- DAO.withdrawRewardFor(address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1064-1074)\n", + "markdown": "Reentrancy in [DAO.transferFromWithoutReward(address,address,uint256)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1112-L1121):\n\tExternal calls:\n\t- [! withdrawRewardFor(_from)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1118)\n\t\t- [(balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply < paidOut[_account]](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1065)\n\t\t- [reward = (balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply - paidOut[_account]](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1068-L1069)\n\t\t- [! rewardAccount.payOut(_account,reward)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1070)\n\tState variables written after the call(s):\n\t- [transferFrom(_from,_to,_value)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1120)\n\t\t- [balances[_to] += _amount](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L120)\n\t\t- [balances[_from] -= _amount](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L121)\n\t[TokenInterface.balances](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L41) can be used in cross function reentrancies:\n\t- [Token.balanceOf(address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L95-L97)\n\t- [TokenCreation.createTokenProxy(address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L299-L316)\n\t- [TokenCreation.refund()](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L318-L332)\n\t- [DAO.splitDAO(uint256,address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L947-L1020)\n\t- [Token.transfer(address,uint256)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L99-L108)\n\t- [Token.transferFrom(address,address,uint256)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L110-L128)\n\t- [DAO.vote(uint256,bool)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L820-L850)\n\t- [transferFrom(_from,_to,_value)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1120)\n\t\t- [paidOut[_from] -= transferPaidOut](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1133)\n\t\t- [paidOut[_to] += transferPaidOut](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1134)\n\t[DAOInterface.paidOut](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L426) can be used in cross function reentrancies:\n\t- [DAOInterface.paidOut](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L426)\n\t- [DAO.splitDAO(uint256,address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L947-L1020)\n\t- [DAO.transferPaidOut(address,address,uint256)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1124-L1136)\n\t- [DAO.withdrawRewardFor(address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1064-L1074)\n", + "first_markdown_element": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1112-L1121", + "id": "909a0ca64efee741832ff649b172fed1112e86771da217fea671356d66c42a49", "check": "reentrancy-no-eth", "impact": "Medium", "confidence": "Medium" @@ -14361,20 +8666,89 @@ "elements": [ { "type": "function", - "name": "transferWithoutReward", + "name": "splitDAO", "source_mapping": { - "start": 41191, - "length": 175, + "start": 36148, + "length": 2849, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1091, - 1092, - 1093, - 1094, - 1095 + 947, + 948, + 949, + 950, + 951, + 952, + 953, + 954, + 955, + 956, + 957, + 958, + 959, + 960, + 961, + 962, + 963, + 964, + 965, + 966, + 967, + 968, + 969, + 970, + 971, + 972, + 973, + 974, + 975, + 976, + 977, + 978, + 979, + 980, + 981, + 982, + 983, + 984, + 985, + 986, + 987, + 988, + 989, + 990, + 991, + 992, + 993, + 994, + 995, + 996, + 997, + 998, + 999, + 1000, + 1001, + 1002, + 1003, + 1004, + 1005, + 1006, + 1007, + 1008, + 1009, + 1010, + 1011, + 1012, + 1013, + 1014, + 1015, + 1016, + 1017, + 1018, + 1019, + 1020 ], "starting_column": 5, "ending_column": 6 @@ -14926,42 +9300,111 @@ "ending_column": 2 } }, - "signature": "transferWithoutReward(address,uint256)" + "signature": "splitDAO(uint256,address)" } }, { "type": "node", - "name": "! getMyReward()", + "name": "p.splitData[0].newDAO = createNewDAO(_newCurator)", "source_mapping": { - "start": 41288, - "length": 14, + "start": 37159, + "length": 49, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1092 + 974 ], "starting_column": 13, - "ending_column": 27 + "ending_column": 62 }, "type_specific_fields": { "parent": { "type": "function", - "name": "transferWithoutReward", + "name": "splitDAO", "source_mapping": { - "start": 41191, - "length": 175, + "start": 36148, + "length": 2849, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1091, - 1092, - 1093, - 1094, - 1095 + 947, + 948, + 949, + 950, + 951, + 952, + 953, + 954, + 955, + 956, + 957, + 958, + 959, + 960, + 961, + 962, + 963, + 964, + 965, + 966, + 967, + 968, + 969, + 970, + 971, + 972, + 973, + 974, + 975, + 976, + 977, + 978, + 979, + 980, + 981, + 982, + 983, + 984, + 985, + 986, + 987, + 988, + 989, + 990, + 991, + 992, + 993, + 994, + 995, + 996, + 997, + 998, + 999, + 1000, + 1001, + 1002, + 1003, + 1004, + 1005, + 1006, + 1007, + 1008, + 1009, + 1010, + 1011, + 1012, + 1013, + 1014, + 1015, + 1016, + 1017, + 1018, + 1019, + 1020 ], "starting_column": 5, "ending_column": 6 @@ -15513,7 +9956,7 @@ "ending_column": 2 } }, - "signature": "transferWithoutReward(address,uint256)" + "signature": "splitDAO(uint256,address)" } } }, @@ -15523,43 +9966,36 @@ }, { "type": "node", - "name": "(balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply < paidOut[_account]", + "name": "daoCreator.createDAO(_newCurator,0,0,now + splitExecutionPeriod)", "source_mapping": { - "start": 40461, - "length": 90, + "start": 44544, + "length": 74, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1065 + 1196 ], - "starting_column": 13, - "ending_column": 103 + "starting_column": 9, + "ending_column": 83 }, "type_specific_fields": { "parent": { "type": "function", - "name": "withdrawRewardFor", + "name": "createNewDAO", "source_mapping": { - "start": 40361, - "length": 473, + "start": 44427, + "length": 198, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1064, - 1065, - 1066, - 1067, - 1068, - 1069, - 1070, - 1071, - 1072, - 1073, - 1074 + 1194, + 1195, + 1196, + 1197 ], "starting_column": 5, "ending_column": 6 @@ -16111,7 +10547,7 @@ "ending_column": 2 } }, - "signature": "withdrawRewardFor(address)" + "signature": "createNewDAO(address)" } } }, @@ -16121,44 +10557,106 @@ }, { "type": "node", - "name": "reward = (balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply - paidOut[_account]", + "name": "withdrawRewardFor(msg.sender)", "source_mapping": { - "start": 40581, - "length": 116, + "start": 38796, + "length": 29, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1068, - 1069 + 1015 ], "starting_column": 9, - "ending_column": 103 + "ending_column": 38 }, "type_specific_fields": { "parent": { "type": "function", - "name": "withdrawRewardFor", + "name": "splitDAO", "source_mapping": { - "start": 40361, - "length": 473, + "start": 36148, + "length": 2849, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1064, - 1065, - 1066, - 1067, - 1068, - 1069, - 1070, - 1071, - 1072, - 1073, - 1074 + 947, + 948, + 949, + 950, + 951, + 952, + 953, + 954, + 955, + 956, + 957, + 958, + 959, + 960, + 961, + 962, + 963, + 964, + 965, + 966, + 967, + 968, + 969, + 970, + 971, + 972, + 973, + 974, + 975, + 976, + 977, + 978, + 979, + 980, + 981, + 982, + 983, + 984, + 985, + 986, + 987, + 988, + 989, + 990, + 991, + 992, + 993, + 994, + 995, + 996, + 997, + 998, + 999, + 1000, + 1001, + 1002, + 1003, + 1004, + 1005, + 1006, + 1007, + 1008, + 1009, + 1010, + 1011, + 1012, + 1013, + 1014, + 1015, + 1016, + 1017, + 1018, + 1019, + 1020 ], "starting_column": 5, "ending_column": 6 @@ -16710,29 +11208,29 @@ "ending_column": 2 } }, - "signature": "withdrawRewardFor(address)" + "signature": "splitDAO(uint256,address)" } } }, "additional_fields": { - "underlying_type": "external_calls_sending_eth" + "underlying_type": "external_calls" } }, { "type": "node", - "name": "! rewardAccount.payOut(_account,reward)", + "name": "(balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply < paidOut[_account]", "source_mapping": { - "start": 40711, - "length": 39, + "start": 40461, + "length": 90, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1070 + 1065 ], "starting_column": 13, - "ending_column": 52 + "ending_column": 103 }, "type_specific_fields": { "parent": { @@ -17318,37 +11816,44 @@ }, { "type": "node", - "name": "transfer(_to,_value)", + "name": "reward = (balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply - paidOut[_account]", "source_mapping": { - "start": 41331, - "length": 28, + "start": 40581, + "length": 116, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1094 + 1068, + 1069 ], "starting_column": 9, - "ending_column": 37 + "ending_column": 103 }, "type_specific_fields": { "parent": { "type": "function", - "name": "transferWithoutReward", + "name": "withdrawRewardFor", "source_mapping": { - "start": 41191, - "length": 175, + "start": 40361, + "length": 473, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1091, - 1092, - 1093, - 1094, - 1095 + 1064, + 1065, + 1066, + 1067, + 1068, + 1069, + 1070, + 1071, + 1072, + 1073, + 1074 ], "starting_column": 5, "ending_column": 6 @@ -17900,284 +12405,714 @@ "ending_column": 2 } }, - "signature": "transferWithoutReward(address,uint256)" - } - } - }, - "additional_fields": { - "underlying_type": "variables_written", - "variable_name": "balances" - } - }, - { - "type": "node", - "name": "balances[msg.sender] -= _amount", - "source_mapping": { - "start": 3920, - "length": 31, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 101 - ], - "starting_column": 13, - "ending_column": 44 - }, - "type_specific_fields": { - "parent": { - "type": "function", - "name": "transfer", - "source_mapping": { - "start": 3765, - "length": 356, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 99, - 100, - 101, - 102, - 103, - 104, - 105, - 106, - 107, - 108 - ], - "starting_column": 5, - "ending_column": 6 - }, - "type_specific_fields": { - "parent": { - "type": "contract", - "name": "Token", - "source_mapping": { - "start": 3440, - "length": 1550, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 90, - 91, - 92, - 93, - 94, - 95, - 96, - 97, - 98, - 99, - 100, - 101, - 102, - 103, - 104, - 105, - 106, - 107, - 108, - 109, - 110, - 111, - 112, - 113, - 114, - 115, - 116, - 117, - 118, - 119, - 120, - 121, - 122, - 123, - 124, - 125, - 126, - 127, - 128, - 129, - 130, - 131, - 132, - 133, - 134, - 135, - 136, - 137, - 138, - 139 - ], - "starting_column": 1, - "ending_column": 2 - } - }, - "signature": "transfer(address,uint256)" + "signature": "withdrawRewardFor(address)" } } }, "additional_fields": { - "underlying_type": "variables_written", - "variable_name": "balances" + "underlying_type": "external_calls_sending_eth" } }, { "type": "node", - "name": "balances[_to] += _amount", + "name": "! rewardAccount.payOut(_account,reward)", "source_mapping": { - "start": 3965, - "length": 24, + "start": 40711, + "length": 39, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 102 + 1070 ], "starting_column": 13, - "ending_column": 37 + "ending_column": 52 }, "type_specific_fields": { "parent": { "type": "function", - "name": "transfer", + "name": "withdrawRewardFor", "source_mapping": { - "start": 3765, - "length": 356, + "start": 40361, + "length": 473, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 99, - 100, - 101, - 102, - 103, - 104, - 105, - 106, - 107, - 108 - ], - "starting_column": 5, - "ending_column": 6 - }, - "type_specific_fields": { - "parent": { - "type": "contract", - "name": "Token", - "source_mapping": { - "start": 3440, - "length": 1550, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 90, - 91, - 92, - 93, - 94, - 95, - 96, - 97, - 98, - 99, - 100, - 101, - 102, - 103, - 104, - 105, - 106, - 107, - 108, - 109, - 110, - 111, - 112, - 113, - 114, - 115, - 116, - 117, - 118, - 119, - 120, - 121, - 122, - 123, - 124, - 125, - 126, - 127, - 128, - 129, - 130, - 131, - 132, - 133, - 134, - 135, - 136, - 137, - 138, - 139 + 1064, + 1065, + 1066, + 1067, + 1068, + 1069, + 1070, + 1071, + 1072, + 1073, + 1074 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "DAO", + "source_mapping": { + "start": 28296, + "length": 17108, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 694, + 695, + 696, + 697, + 698, + 699, + 700, + 701, + 702, + 703, + 704, + 705, + 706, + 707, + 708, + 709, + 710, + 711, + 712, + 713, + 714, + 715, + 716, + 717, + 718, + 719, + 720, + 721, + 722, + 723, + 724, + 725, + 726, + 727, + 728, + 729, + 730, + 731, + 732, + 733, + 734, + 735, + 736, + 737, + 738, + 739, + 740, + 741, + 742, + 743, + 744, + 745, + 746, + 747, + 748, + 749, + 750, + 751, + 752, + 753, + 754, + 755, + 756, + 757, + 758, + 759, + 760, + 761, + 762, + 763, + 764, + 765, + 766, + 767, + 768, + 769, + 770, + 771, + 772, + 773, + 774, + 775, + 776, + 777, + 778, + 779, + 780, + 781, + 782, + 783, + 784, + 785, + 786, + 787, + 788, + 789, + 790, + 791, + 792, + 793, + 794, + 795, + 796, + 797, + 798, + 799, + 800, + 801, + 802, + 803, + 804, + 805, + 806, + 807, + 808, + 809, + 810, + 811, + 812, + 813, + 814, + 815, + 816, + 817, + 818, + 819, + 820, + 821, + 822, + 823, + 824, + 825, + 826, + 827, + 828, + 829, + 830, + 831, + 832, + 833, + 834, + 835, + 836, + 837, + 838, + 839, + 840, + 841, + 842, + 843, + 844, + 845, + 846, + 847, + 848, + 849, + 850, + 851, + 852, + 853, + 854, + 855, + 856, + 857, + 858, + 859, + 860, + 861, + 862, + 863, + 864, + 865, + 866, + 867, + 868, + 869, + 870, + 871, + 872, + 873, + 874, + 875, + 876, + 877, + 878, + 879, + 880, + 881, + 882, + 883, + 884, + 885, + 886, + 887, + 888, + 889, + 890, + 891, + 892, + 893, + 894, + 895, + 896, + 897, + 898, + 899, + 900, + 901, + 902, + 903, + 904, + 905, + 906, + 907, + 908, + 909, + 910, + 911, + 912, + 913, + 914, + 915, + 916, + 917, + 918, + 919, + 920, + 921, + 922, + 923, + 924, + 925, + 926, + 927, + 928, + 929, + 930, + 931, + 932, + 933, + 934, + 935, + 936, + 937, + 938, + 939, + 940, + 941, + 942, + 943, + 944, + 945, + 946, + 947, + 948, + 949, + 950, + 951, + 952, + 953, + 954, + 955, + 956, + 957, + 958, + 959, + 960, + 961, + 962, + 963, + 964, + 965, + 966, + 967, + 968, + 969, + 970, + 971, + 972, + 973, + 974, + 975, + 976, + 977, + 978, + 979, + 980, + 981, + 982, + 983, + 984, + 985, + 986, + 987, + 988, + 989, + 990, + 991, + 992, + 993, + 994, + 995, + 996, + 997, + 998, + 999, + 1000, + 1001, + 1002, + 1003, + 1004, + 1005, + 1006, + 1007, + 1008, + 1009, + 1010, + 1011, + 1012, + 1013, + 1014, + 1015, + 1016, + 1017, + 1018, + 1019, + 1020, + 1021, + 1022, + 1023, + 1024, + 1025, + 1026, + 1027, + 1028, + 1029, + 1030, + 1031, + 1032, + 1033, + 1034, + 1035, + 1036, + 1037, + 1038, + 1039, + 1040, + 1041, + 1042, + 1043, + 1044, + 1045, + 1046, + 1047, + 1048, + 1049, + 1050, + 1051, + 1052, + 1053, + 1054, + 1055, + 1056, + 1057, + 1058, + 1059, + 1060, + 1061, + 1062, + 1063, + 1064, + 1065, + 1066, + 1067, + 1068, + 1069, + 1070, + 1071, + 1072, + 1073, + 1074, + 1075, + 1076, + 1077, + 1078, + 1079, + 1080, + 1081, + 1082, + 1083, + 1084, + 1085, + 1086, + 1087, + 1088, + 1089, + 1090, + 1091, + 1092, + 1093, + 1094, + 1095, + 1096, + 1097, + 1098, + 1099, + 1100, + 1101, + 1102, + 1103, + 1104, + 1105, + 1106, + 1107, + 1108, + 1109, + 1110, + 1111, + 1112, + 1113, + 1114, + 1115, + 1116, + 1117, + 1118, + 1119, + 1120, + 1121, + 1122, + 1123, + 1124, + 1125, + 1126, + 1127, + 1128, + 1129, + 1130, + 1131, + 1132, + 1133, + 1134, + 1135, + 1136, + 1137, + 1138, + 1139, + 1140, + 1141, + 1142, + 1143, + 1144, + 1145, + 1146, + 1147, + 1148, + 1149, + 1150, + 1151, + 1152, + 1153, + 1154, + 1155, + 1156, + 1157, + 1158, + 1159, + 1160, + 1161, + 1162, + 1163, + 1164, + 1165, + 1166, + 1167, + 1168, + 1169, + 1170, + 1171, + 1172, + 1173, + 1174, + 1175, + 1176, + 1177, + 1178, + 1179, + 1180, + 1181, + 1182, + 1183, + 1184, + 1185, + 1186, + 1187, + 1188, + 1189, + 1190, + 1191, + 1192, + 1193, + 1194, + 1195, + 1196, + 1197, + 1198, + 1199, + 1200, + 1201, + 1202, + 1203, + 1204, + 1205, + 1206, + 1207, + 1208, + 1209, + 1210, + 1211, + 1212, + 1213, + 1214, + 1215, + 1216, + 1217, + 1218, + 1219, + 1220, + 1221, + 1222, + 1223 ], "starting_column": 1, "ending_column": 2 } }, - "signature": "transfer(address,uint256)" + "signature": "withdrawRewardFor(address)" } } }, "additional_fields": { - "underlying_type": "variables_written", - "variable_name": "balances" + "underlying_type": "external_calls_sending_eth" } }, { "type": "node", - "name": "transfer(_to,_value)", + "name": "balances[msg.sender] = 0", "source_mapping": { - "start": 41331, - "length": 28, + "start": 38912, + "length": 24, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1094 + 1017 ], "starting_column": 9, - "ending_column": 37 + "ending_column": 33 }, "type_specific_fields": { "parent": { "type": "function", - "name": "transferWithoutReward", + "name": "splitDAO", "source_mapping": { - "start": 41191, - "length": 175, + "start": 36148, + "length": 2849, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1091, - 1092, - 1093, - 1094, - 1095 + 947, + 948, + 949, + 950, + 951, + 952, + 953, + 954, + 955, + 956, + 957, + 958, + 959, + 960, + 961, + 962, + 963, + 964, + 965, + 966, + 967, + 968, + 969, + 970, + 971, + 972, + 973, + 974, + 975, + 976, + 977, + 978, + 979, + 980, + 981, + 982, + 983, + 984, + 985, + 986, + 987, + 988, + 989, + 990, + 991, + 992, + 993, + 994, + 995, + 996, + 997, + 998, + 999, + 1000, + 1001, + 1002, + 1003, + 1004, + 1005, + 1006, + 1007, + 1008, + 1009, + 1010, + 1011, + 1012, + 1013, + 1014, + 1015, + 1016, + 1017, + 1018, + 1019, + 1020 ], "starting_column": 5, "ending_column": 6 @@ -18729,56 +13664,117 @@ "ending_column": 2 } }, - "signature": "transferWithoutReward(address,uint256)" + "signature": "splitDAO(uint256,address)" } } }, "additional_fields": { "underlying_type": "variables_written", - "variable_name": "paidOut" + "variable_name": "balances" } }, { "type": "node", - "name": "paidOut[_from] -= transferPaidOut", + "name": "paidOut[msg.sender] = 0", "source_mapping": { - "start": 42279, - "length": 33, + "start": 38946, + "length": 23, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1133 + 1018 ], "starting_column": 9, - "ending_column": 42 + "ending_column": 32 }, "type_specific_fields": { "parent": { "type": "function", - "name": "transferPaidOut", + "name": "splitDAO", "source_mapping": { - "start": 41997, - "length": 384, + "start": 36148, + "length": 2849, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1124, - 1125, - 1126, - 1127, - 1128, - 1129, - 1130, - 1131, - 1132, - 1133, - 1134, - 1135, - 1136 + 947, + 948, + 949, + 950, + 951, + 952, + 953, + 954, + 955, + 956, + 957, + 958, + 959, + 960, + 961, + 962, + 963, + 964, + 965, + 966, + 967, + 968, + 969, + 970, + 971, + 972, + 973, + 974, + 975, + 976, + 977, + 978, + 979, + 980, + 981, + 982, + 983, + 984, + 985, + 986, + 987, + 988, + 989, + 990, + 991, + 992, + 993, + 994, + 995, + 996, + 997, + 998, + 999, + 1000, + 1001, + 1002, + 1003, + 1004, + 1005, + 1006, + 1007, + 1008, + 1009, + 1010, + 1011, + 1012, + 1013, + 1014, + 1015, + 1016, + 1017, + 1018, + 1019, + 1020 ], "starting_column": 5, "ending_column": 6 @@ -19330,7 +14326,7 @@ "ending_column": 2 } }, - "signature": "transferPaidOut(address,address,uint256)" + "signature": "splitDAO(uint256,address)" } } }, @@ -19341,45 +14337,106 @@ }, { "type": "node", - "name": "paidOut[_to] += transferPaidOut", + "name": "totalSupply -= balances[msg.sender]", "source_mapping": { - "start": 42322, - "length": 31, + "start": 38867, + "length": 35, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1134 + 1016 ], "starting_column": 9, - "ending_column": 40 + "ending_column": 44 }, "type_specific_fields": { "parent": { "type": "function", - "name": "transferPaidOut", + "name": "splitDAO", "source_mapping": { - "start": 41997, - "length": 384, + "start": 36148, + "length": 2849, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1124, - 1125, - 1126, - 1127, - 1128, - 1129, - 1130, - 1131, - 1132, - 1133, - 1134, - 1135, - 1136 + 947, + 948, + 949, + 950, + 951, + 952, + 953, + 954, + 955, + 956, + 957, + 958, + 959, + 960, + 961, + 962, + 963, + 964, + 965, + 966, + 967, + 968, + 969, + 970, + 971, + 972, + 973, + 974, + 975, + 976, + 977, + 978, + 979, + 980, + 981, + 982, + 983, + 984, + 985, + 986, + 987, + 988, + 989, + 990, + 991, + 992, + 993, + 994, + 995, + 996, + 997, + 998, + 999, + 1000, + 1001, + 1002, + 1003, + 1004, + 1005, + 1006, + 1007, + 1008, + 1009, + 1010, + 1011, + 1012, + 1013, + 1014, + 1015, + 1016, + 1017, + 1018, + 1019, + 1020 ], "starting_column": 5, "ending_column": 6 @@ -19931,20 +14988,20 @@ "ending_column": 2 } }, - "signature": "transferPaidOut(address,address,uint256)" + "signature": "splitDAO(uint256,address)" } } }, "additional_fields": { "underlying_type": "variables_written", - "variable_name": "paidOut" + "variable_name": "totalSupply" } } ], - "description": "Reentrancy in DAO.transferWithoutReward(address,uint256) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1091-1095):\n\tExternal calls:\n\t- ! getMyReward() (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1092)\n\t\t- (balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply < paidOut[_account] (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1065)\n\t\t- reward = (balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply - paidOut[_account] (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1068-1069)\n\t\t- ! rewardAccount.payOut(_account,reward) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1070)\n\tState variables written after the call(s):\n\t- transfer(_to,_value) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1094)\n\t\t- balances[msg.sender] -= _amount (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#101)\n\t\t- balances[_to] += _amount (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#102)\n\tTokenInterface.balances (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#41) can be used in cross function reentrancies:\n\t- Token.transfer(address,uint256) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#99-108)\n\t- TokenCreation.createTokenProxy(address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#299-316)\n\t- DAO.splitDAO(uint256,address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#947-1020)\n\t- DAO.vote(uint256,bool) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#820-850)\n\t- Token.balanceOf(address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#95-97)\n\t- TokenCreation.refund() (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#318-332)\n\t- Token.transferFrom(address,address,uint256) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#110-128)\n\t- transfer(_to,_value) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1094)\n\t\t- paidOut[_from] -= transferPaidOut (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1133)\n\t\t- paidOut[_to] += transferPaidOut (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1134)\n\tDAOInterface.paidOut (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#426) can be used in cross function reentrancies:\n\t- DAO.splitDAO(uint256,address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#947-1020)\n\t- DAO.transferPaidOut(address,address,uint256) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1124-1136)\n\t- DAO.withdrawRewardFor(address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1064-1074)\n\t- DAOInterface.paidOut (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#426)\n", - "markdown": "Reentrancy in [DAO.transferWithoutReward(address,uint256)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1091-L1095):\n\tExternal calls:\n\t- [! getMyReward()](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1092)\n\t\t- [(balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply < paidOut[_account]](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1065)\n\t\t- [reward = (balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply - paidOut[_account]](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1068-L1069)\n\t\t- [! rewardAccount.payOut(_account,reward)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1070)\n\tState variables written after the call(s):\n\t- [transfer(_to,_value)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1094)\n\t\t- [balances[msg.sender] -= _amount](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L101)\n\t\t- [balances[_to] += _amount](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L102)\n\t[TokenInterface.balances](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L41) can be used in cross function reentrancies:\n\t- [Token.transfer(address,uint256)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L99-L108)\n\t- [TokenCreation.createTokenProxy(address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L299-L316)\n\t- [DAO.splitDAO(uint256,address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L947-L1020)\n\t- [DAO.vote(uint256,bool)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L820-L850)\n\t- [Token.balanceOf(address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L95-L97)\n\t- [TokenCreation.refund()](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L318-L332)\n\t- [Token.transferFrom(address,address,uint256)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L110-L128)\n\t- [transfer(_to,_value)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1094)\n\t\t- [paidOut[_from] -= transferPaidOut](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1133)\n\t\t- [paidOut[_to] += transferPaidOut](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1134)\n\t[DAOInterface.paidOut](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L426) can be used in cross function reentrancies:\n\t- [DAO.splitDAO(uint256,address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L947-L1020)\n\t- [DAO.transferPaidOut(address,address,uint256)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1124-L1136)\n\t- [DAO.withdrawRewardFor(address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1064-L1074)\n\t- [DAOInterface.paidOut](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L426)\n", - "first_markdown_element": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1091-L1095", - "id": "44124a3b90da24c2f4c671b87ae917299ba79bcf99ad0cd2f5f0208463ca47f7", + "description": "Reentrancy in DAO.splitDAO(uint256,address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#947-1020):\n\tExternal calls:\n\t- p.splitData[0].newDAO = createNewDAO(_newCurator) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#974)\n\t\t- daoCreator.createDAO(_newCurator,0,0,now + splitExecutionPeriod) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1196)\n\t- withdrawRewardFor(msg.sender) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1015)\n\t\t- (balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply < paidOut[_account] (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1065)\n\t\t- reward = (balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply - paidOut[_account] (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1068-1069)\n\t\t- ! rewardAccount.payOut(_account,reward) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1070)\n\tState variables written after the call(s):\n\t- balances[msg.sender] = 0 (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1017)\n\tTokenInterface.balances (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#41) can be used in cross function reentrancies:\n\t- Token.balanceOf(address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#95-97)\n\t- TokenCreation.createTokenProxy(address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#299-316)\n\t- TokenCreation.refund() (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#318-332)\n\t- DAO.splitDAO(uint256,address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#947-1020)\n\t- Token.transfer(address,uint256) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#99-108)\n\t- Token.transferFrom(address,address,uint256) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#110-128)\n\t- DAO.vote(uint256,bool) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#820-850)\n\t- paidOut[msg.sender] = 0 (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1018)\n\tDAOInterface.paidOut (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#426) can be used in cross function reentrancies:\n\t- DAOInterface.paidOut (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#426)\n\t- DAO.splitDAO(uint256,address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#947-1020)\n\t- DAO.transferPaidOut(address,address,uint256) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1124-1136)\n\t- DAO.withdrawRewardFor(address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1064-1074)\n\t- totalSupply -= balances[msg.sender] (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1016)\n\tTokenInterface.totalSupply (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#45) can be used in cross function reentrancies:\n\t- TokenCreation.createTokenProxy(address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#299-316)\n\t- DAO.executeProposal(uint256,bytes) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#853-937)\n\t- DAO.minQuorum(uint256) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1174-1178)\n\t- TokenCreation.refund() (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#318-332)\n\t- DAO.splitDAO(uint256,address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#947-1020)\n\t- TokenInterface.totalSupply (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#45)\n\t- DAO.withdrawRewardFor(address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1064-1074)\n", + "markdown": "Reentrancy in [DAO.splitDAO(uint256,address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L947-L1020):\n\tExternal calls:\n\t- [p.splitData[0].newDAO = createNewDAO(_newCurator)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L974)\n\t\t- [daoCreator.createDAO(_newCurator,0,0,now + splitExecutionPeriod)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1196)\n\t- [withdrawRewardFor(msg.sender)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1015)\n\t\t- [(balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply < paidOut[_account]](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1065)\n\t\t- [reward = (balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply - paidOut[_account]](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1068-L1069)\n\t\t- [! rewardAccount.payOut(_account,reward)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1070)\n\tState variables written after the call(s):\n\t- [balances[msg.sender] = 0](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1017)\n\t[TokenInterface.balances](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L41) can be used in cross function reentrancies:\n\t- [Token.balanceOf(address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L95-L97)\n\t- [TokenCreation.createTokenProxy(address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L299-L316)\n\t- [TokenCreation.refund()](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L318-L332)\n\t- [DAO.splitDAO(uint256,address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L947-L1020)\n\t- [Token.transfer(address,uint256)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L99-L108)\n\t- [Token.transferFrom(address,address,uint256)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L110-L128)\n\t- [DAO.vote(uint256,bool)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L820-L850)\n\t- [paidOut[msg.sender] = 0](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1018)\n\t[DAOInterface.paidOut](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L426) can be used in cross function reentrancies:\n\t- [DAOInterface.paidOut](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L426)\n\t- [DAO.splitDAO(uint256,address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L947-L1020)\n\t- [DAO.transferPaidOut(address,address,uint256)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1124-L1136)\n\t- [DAO.withdrawRewardFor(address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1064-L1074)\n\t- [totalSupply -= balances[msg.sender]](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1016)\n\t[TokenInterface.totalSupply](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L45) can be used in cross function reentrancies:\n\t- [TokenCreation.createTokenProxy(address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L299-L316)\n\t- [DAO.executeProposal(uint256,bytes)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L853-L937)\n\t- [DAO.minQuorum(uint256)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1174-L1178)\n\t- [TokenCreation.refund()](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L318-L332)\n\t- [DAO.splitDAO(uint256,address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L947-L1020)\n\t- [TokenInterface.totalSupply](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L45)\n\t- [DAO.withdrawRewardFor(address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1064-L1074)\n", + "first_markdown_element": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L947-L1020", + "id": "963e4c36f1b98773a1c2817e28fb118a93db29d43e20dfa8d001139ba2a4175f", "check": "reentrancy-no-eth", "impact": "Medium", "confidence": "Medium" @@ -19953,36 +15010,20 @@ "elements": [ { "type": "function", - "name": "retrieveDAOReward", + "name": "transferWithoutReward", "source_mapping": { - "start": 39505, - "length": 735, + "start": 41191, + "length": 175, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1037, - 1038, - 1039, - 1040, - 1041, - 1042, - 1043, - 1044, - 1045, - 1046, - 1047, - 1048, - 1049, - 1050, - 1051, - 1052, - 1053, - 1054, - 1055, - 1056, - 1057 + 1091, + 1092, + 1093, + 1094, + 1095 ], "starting_column": 5, "ending_column": 6 @@ -20379,215 +15420,2584 @@ 1071, 1072, 1073, - 1074, - 1075, - 1076, - 1077, - 1078, - 1079, - 1080, - 1081, - 1082, - 1083, - 1084, - 1085, - 1086, - 1087, - 1088, - 1089, - 1090, - 1091, - 1092, - 1093, - 1094, - 1095, - 1096, - 1097, - 1098, - 1099, - 1100, - 1101, - 1102, - 1103, - 1104, - 1105, - 1106, - 1107, - 1108, - 1109, - 1110, - 1111, - 1112, - 1113, - 1114, - 1115, - 1116, - 1117, - 1118, - 1119, - 1120, - 1121, - 1122, - 1123, - 1124, - 1125, - 1126, - 1127, - 1128, - 1129, - 1130, - 1131, - 1132, - 1133, - 1134, - 1135, - 1136, - 1137, - 1138, - 1139, - 1140, - 1141, - 1142, - 1143, - 1144, - 1145, - 1146, - 1147, - 1148, - 1149, - 1150, - 1151, - 1152, - 1153, - 1154, - 1155, - 1156, - 1157, - 1158, - 1159, - 1160, - 1161, - 1162, - 1163, - 1164, - 1165, - 1166, - 1167, - 1168, - 1169, - 1170, - 1171, - 1172, - 1173, - 1174, - 1175, - 1176, - 1177, - 1178, - 1179, - 1180, - 1181, - 1182, - 1183, - 1184, - 1185, - 1186, - 1187, - 1188, - 1189, - 1190, - 1191, - 1192, - 1193, - 1194, - 1195, - 1196, - 1197, - 1198, - 1199, - 1200, - 1201, - 1202, - 1203, - 1204, - 1205, - 1206, - 1207, - 1208, - 1209, - 1210, - 1211, - 1212, - 1213, - 1214, - 1215, - 1216, - 1217, - 1218, - 1219, - 1220, - 1221, - 1222, - 1223 + 1074, + 1075, + 1076, + 1077, + 1078, + 1079, + 1080, + 1081, + 1082, + 1083, + 1084, + 1085, + 1086, + 1087, + 1088, + 1089, + 1090, + 1091, + 1092, + 1093, + 1094, + 1095, + 1096, + 1097, + 1098, + 1099, + 1100, + 1101, + 1102, + 1103, + 1104, + 1105, + 1106, + 1107, + 1108, + 1109, + 1110, + 1111, + 1112, + 1113, + 1114, + 1115, + 1116, + 1117, + 1118, + 1119, + 1120, + 1121, + 1122, + 1123, + 1124, + 1125, + 1126, + 1127, + 1128, + 1129, + 1130, + 1131, + 1132, + 1133, + 1134, + 1135, + 1136, + 1137, + 1138, + 1139, + 1140, + 1141, + 1142, + 1143, + 1144, + 1145, + 1146, + 1147, + 1148, + 1149, + 1150, + 1151, + 1152, + 1153, + 1154, + 1155, + 1156, + 1157, + 1158, + 1159, + 1160, + 1161, + 1162, + 1163, + 1164, + 1165, + 1166, + 1167, + 1168, + 1169, + 1170, + 1171, + 1172, + 1173, + 1174, + 1175, + 1176, + 1177, + 1178, + 1179, + 1180, + 1181, + 1182, + 1183, + 1184, + 1185, + 1186, + 1187, + 1188, + 1189, + 1190, + 1191, + 1192, + 1193, + 1194, + 1195, + 1196, + 1197, + 1198, + 1199, + 1200, + 1201, + 1202, + 1203, + 1204, + 1205, + 1206, + 1207, + 1208, + 1209, + 1210, + 1211, + 1212, + 1213, + 1214, + 1215, + 1216, + 1217, + 1218, + 1219, + 1220, + 1221, + 1222, + 1223 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "transferWithoutReward(address,uint256)" + } + }, + { + "type": "node", + "name": "! getMyReward()", + "source_mapping": { + "start": 41288, + "length": 14, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 1092 + ], + "starting_column": 13, + "ending_column": 27 + }, + "type_specific_fields": { + "parent": { + "type": "function", + "name": "transferWithoutReward", + "source_mapping": { + "start": 41191, + "length": 175, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 1091, + 1092, + 1093, + 1094, + 1095 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "DAO", + "source_mapping": { + "start": 28296, + "length": 17108, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 694, + 695, + 696, + 697, + 698, + 699, + 700, + 701, + 702, + 703, + 704, + 705, + 706, + 707, + 708, + 709, + 710, + 711, + 712, + 713, + 714, + 715, + 716, + 717, + 718, + 719, + 720, + 721, + 722, + 723, + 724, + 725, + 726, + 727, + 728, + 729, + 730, + 731, + 732, + 733, + 734, + 735, + 736, + 737, + 738, + 739, + 740, + 741, + 742, + 743, + 744, + 745, + 746, + 747, + 748, + 749, + 750, + 751, + 752, + 753, + 754, + 755, + 756, + 757, + 758, + 759, + 760, + 761, + 762, + 763, + 764, + 765, + 766, + 767, + 768, + 769, + 770, + 771, + 772, + 773, + 774, + 775, + 776, + 777, + 778, + 779, + 780, + 781, + 782, + 783, + 784, + 785, + 786, + 787, + 788, + 789, + 790, + 791, + 792, + 793, + 794, + 795, + 796, + 797, + 798, + 799, + 800, + 801, + 802, + 803, + 804, + 805, + 806, + 807, + 808, + 809, + 810, + 811, + 812, + 813, + 814, + 815, + 816, + 817, + 818, + 819, + 820, + 821, + 822, + 823, + 824, + 825, + 826, + 827, + 828, + 829, + 830, + 831, + 832, + 833, + 834, + 835, + 836, + 837, + 838, + 839, + 840, + 841, + 842, + 843, + 844, + 845, + 846, + 847, + 848, + 849, + 850, + 851, + 852, + 853, + 854, + 855, + 856, + 857, + 858, + 859, + 860, + 861, + 862, + 863, + 864, + 865, + 866, + 867, + 868, + 869, + 870, + 871, + 872, + 873, + 874, + 875, + 876, + 877, + 878, + 879, + 880, + 881, + 882, + 883, + 884, + 885, + 886, + 887, + 888, + 889, + 890, + 891, + 892, + 893, + 894, + 895, + 896, + 897, + 898, + 899, + 900, + 901, + 902, + 903, + 904, + 905, + 906, + 907, + 908, + 909, + 910, + 911, + 912, + 913, + 914, + 915, + 916, + 917, + 918, + 919, + 920, + 921, + 922, + 923, + 924, + 925, + 926, + 927, + 928, + 929, + 930, + 931, + 932, + 933, + 934, + 935, + 936, + 937, + 938, + 939, + 940, + 941, + 942, + 943, + 944, + 945, + 946, + 947, + 948, + 949, + 950, + 951, + 952, + 953, + 954, + 955, + 956, + 957, + 958, + 959, + 960, + 961, + 962, + 963, + 964, + 965, + 966, + 967, + 968, + 969, + 970, + 971, + 972, + 973, + 974, + 975, + 976, + 977, + 978, + 979, + 980, + 981, + 982, + 983, + 984, + 985, + 986, + 987, + 988, + 989, + 990, + 991, + 992, + 993, + 994, + 995, + 996, + 997, + 998, + 999, + 1000, + 1001, + 1002, + 1003, + 1004, + 1005, + 1006, + 1007, + 1008, + 1009, + 1010, + 1011, + 1012, + 1013, + 1014, + 1015, + 1016, + 1017, + 1018, + 1019, + 1020, + 1021, + 1022, + 1023, + 1024, + 1025, + 1026, + 1027, + 1028, + 1029, + 1030, + 1031, + 1032, + 1033, + 1034, + 1035, + 1036, + 1037, + 1038, + 1039, + 1040, + 1041, + 1042, + 1043, + 1044, + 1045, + 1046, + 1047, + 1048, + 1049, + 1050, + 1051, + 1052, + 1053, + 1054, + 1055, + 1056, + 1057, + 1058, + 1059, + 1060, + 1061, + 1062, + 1063, + 1064, + 1065, + 1066, + 1067, + 1068, + 1069, + 1070, + 1071, + 1072, + 1073, + 1074, + 1075, + 1076, + 1077, + 1078, + 1079, + 1080, + 1081, + 1082, + 1083, + 1084, + 1085, + 1086, + 1087, + 1088, + 1089, + 1090, + 1091, + 1092, + 1093, + 1094, + 1095, + 1096, + 1097, + 1098, + 1099, + 1100, + 1101, + 1102, + 1103, + 1104, + 1105, + 1106, + 1107, + 1108, + 1109, + 1110, + 1111, + 1112, + 1113, + 1114, + 1115, + 1116, + 1117, + 1118, + 1119, + 1120, + 1121, + 1122, + 1123, + 1124, + 1125, + 1126, + 1127, + 1128, + 1129, + 1130, + 1131, + 1132, + 1133, + 1134, + 1135, + 1136, + 1137, + 1138, + 1139, + 1140, + 1141, + 1142, + 1143, + 1144, + 1145, + 1146, + 1147, + 1148, + 1149, + 1150, + 1151, + 1152, + 1153, + 1154, + 1155, + 1156, + 1157, + 1158, + 1159, + 1160, + 1161, + 1162, + 1163, + 1164, + 1165, + 1166, + 1167, + 1168, + 1169, + 1170, + 1171, + 1172, + 1173, + 1174, + 1175, + 1176, + 1177, + 1178, + 1179, + 1180, + 1181, + 1182, + 1183, + 1184, + 1185, + 1186, + 1187, + 1188, + 1189, + 1190, + 1191, + 1192, + 1193, + 1194, + 1195, + 1196, + 1197, + 1198, + 1199, + 1200, + 1201, + 1202, + 1203, + 1204, + 1205, + 1206, + 1207, + 1208, + 1209, + 1210, + 1211, + 1212, + 1213, + 1214, + 1215, + 1216, + 1217, + 1218, + 1219, + 1220, + 1221, + 1222, + 1223 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "transferWithoutReward(address,uint256)" + } + } + }, + "additional_fields": { + "underlying_type": "external_calls" + } + }, + { + "type": "node", + "name": "(balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply < paidOut[_account]", + "source_mapping": { + "start": 40461, + "length": 90, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 1065 + ], + "starting_column": 13, + "ending_column": 103 + }, + "type_specific_fields": { + "parent": { + "type": "function", + "name": "withdrawRewardFor", + "source_mapping": { + "start": 40361, + "length": 473, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 1064, + 1065, + 1066, + 1067, + 1068, + 1069, + 1070, + 1071, + 1072, + 1073, + 1074 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "DAO", + "source_mapping": { + "start": 28296, + "length": 17108, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 694, + 695, + 696, + 697, + 698, + 699, + 700, + 701, + 702, + 703, + 704, + 705, + 706, + 707, + 708, + 709, + 710, + 711, + 712, + 713, + 714, + 715, + 716, + 717, + 718, + 719, + 720, + 721, + 722, + 723, + 724, + 725, + 726, + 727, + 728, + 729, + 730, + 731, + 732, + 733, + 734, + 735, + 736, + 737, + 738, + 739, + 740, + 741, + 742, + 743, + 744, + 745, + 746, + 747, + 748, + 749, + 750, + 751, + 752, + 753, + 754, + 755, + 756, + 757, + 758, + 759, + 760, + 761, + 762, + 763, + 764, + 765, + 766, + 767, + 768, + 769, + 770, + 771, + 772, + 773, + 774, + 775, + 776, + 777, + 778, + 779, + 780, + 781, + 782, + 783, + 784, + 785, + 786, + 787, + 788, + 789, + 790, + 791, + 792, + 793, + 794, + 795, + 796, + 797, + 798, + 799, + 800, + 801, + 802, + 803, + 804, + 805, + 806, + 807, + 808, + 809, + 810, + 811, + 812, + 813, + 814, + 815, + 816, + 817, + 818, + 819, + 820, + 821, + 822, + 823, + 824, + 825, + 826, + 827, + 828, + 829, + 830, + 831, + 832, + 833, + 834, + 835, + 836, + 837, + 838, + 839, + 840, + 841, + 842, + 843, + 844, + 845, + 846, + 847, + 848, + 849, + 850, + 851, + 852, + 853, + 854, + 855, + 856, + 857, + 858, + 859, + 860, + 861, + 862, + 863, + 864, + 865, + 866, + 867, + 868, + 869, + 870, + 871, + 872, + 873, + 874, + 875, + 876, + 877, + 878, + 879, + 880, + 881, + 882, + 883, + 884, + 885, + 886, + 887, + 888, + 889, + 890, + 891, + 892, + 893, + 894, + 895, + 896, + 897, + 898, + 899, + 900, + 901, + 902, + 903, + 904, + 905, + 906, + 907, + 908, + 909, + 910, + 911, + 912, + 913, + 914, + 915, + 916, + 917, + 918, + 919, + 920, + 921, + 922, + 923, + 924, + 925, + 926, + 927, + 928, + 929, + 930, + 931, + 932, + 933, + 934, + 935, + 936, + 937, + 938, + 939, + 940, + 941, + 942, + 943, + 944, + 945, + 946, + 947, + 948, + 949, + 950, + 951, + 952, + 953, + 954, + 955, + 956, + 957, + 958, + 959, + 960, + 961, + 962, + 963, + 964, + 965, + 966, + 967, + 968, + 969, + 970, + 971, + 972, + 973, + 974, + 975, + 976, + 977, + 978, + 979, + 980, + 981, + 982, + 983, + 984, + 985, + 986, + 987, + 988, + 989, + 990, + 991, + 992, + 993, + 994, + 995, + 996, + 997, + 998, + 999, + 1000, + 1001, + 1002, + 1003, + 1004, + 1005, + 1006, + 1007, + 1008, + 1009, + 1010, + 1011, + 1012, + 1013, + 1014, + 1015, + 1016, + 1017, + 1018, + 1019, + 1020, + 1021, + 1022, + 1023, + 1024, + 1025, + 1026, + 1027, + 1028, + 1029, + 1030, + 1031, + 1032, + 1033, + 1034, + 1035, + 1036, + 1037, + 1038, + 1039, + 1040, + 1041, + 1042, + 1043, + 1044, + 1045, + 1046, + 1047, + 1048, + 1049, + 1050, + 1051, + 1052, + 1053, + 1054, + 1055, + 1056, + 1057, + 1058, + 1059, + 1060, + 1061, + 1062, + 1063, + 1064, + 1065, + 1066, + 1067, + 1068, + 1069, + 1070, + 1071, + 1072, + 1073, + 1074, + 1075, + 1076, + 1077, + 1078, + 1079, + 1080, + 1081, + 1082, + 1083, + 1084, + 1085, + 1086, + 1087, + 1088, + 1089, + 1090, + 1091, + 1092, + 1093, + 1094, + 1095, + 1096, + 1097, + 1098, + 1099, + 1100, + 1101, + 1102, + 1103, + 1104, + 1105, + 1106, + 1107, + 1108, + 1109, + 1110, + 1111, + 1112, + 1113, + 1114, + 1115, + 1116, + 1117, + 1118, + 1119, + 1120, + 1121, + 1122, + 1123, + 1124, + 1125, + 1126, + 1127, + 1128, + 1129, + 1130, + 1131, + 1132, + 1133, + 1134, + 1135, + 1136, + 1137, + 1138, + 1139, + 1140, + 1141, + 1142, + 1143, + 1144, + 1145, + 1146, + 1147, + 1148, + 1149, + 1150, + 1151, + 1152, + 1153, + 1154, + 1155, + 1156, + 1157, + 1158, + 1159, + 1160, + 1161, + 1162, + 1163, + 1164, + 1165, + 1166, + 1167, + 1168, + 1169, + 1170, + 1171, + 1172, + 1173, + 1174, + 1175, + 1176, + 1177, + 1178, + 1179, + 1180, + 1181, + 1182, + 1183, + 1184, + 1185, + 1186, + 1187, + 1188, + 1189, + 1190, + 1191, + 1192, + 1193, + 1194, + 1195, + 1196, + 1197, + 1198, + 1199, + 1200, + 1201, + 1202, + 1203, + 1204, + 1205, + 1206, + 1207, + 1208, + 1209, + 1210, + 1211, + 1212, + 1213, + 1214, + 1215, + 1216, + 1217, + 1218, + 1219, + 1220, + 1221, + 1222, + 1223 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "withdrawRewardFor(address)" + } + } + }, + "additional_fields": { + "underlying_type": "external_calls_sending_eth" + } + }, + { + "type": "node", + "name": "reward = (balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply - paidOut[_account]", + "source_mapping": { + "start": 40581, + "length": 116, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 1068, + 1069 + ], + "starting_column": 9, + "ending_column": 103 + }, + "type_specific_fields": { + "parent": { + "type": "function", + "name": "withdrawRewardFor", + "source_mapping": { + "start": 40361, + "length": 473, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 1064, + 1065, + 1066, + 1067, + 1068, + 1069, + 1070, + 1071, + 1072, + 1073, + 1074 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "DAO", + "source_mapping": { + "start": 28296, + "length": 17108, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 694, + 695, + 696, + 697, + 698, + 699, + 700, + 701, + 702, + 703, + 704, + 705, + 706, + 707, + 708, + 709, + 710, + 711, + 712, + 713, + 714, + 715, + 716, + 717, + 718, + 719, + 720, + 721, + 722, + 723, + 724, + 725, + 726, + 727, + 728, + 729, + 730, + 731, + 732, + 733, + 734, + 735, + 736, + 737, + 738, + 739, + 740, + 741, + 742, + 743, + 744, + 745, + 746, + 747, + 748, + 749, + 750, + 751, + 752, + 753, + 754, + 755, + 756, + 757, + 758, + 759, + 760, + 761, + 762, + 763, + 764, + 765, + 766, + 767, + 768, + 769, + 770, + 771, + 772, + 773, + 774, + 775, + 776, + 777, + 778, + 779, + 780, + 781, + 782, + 783, + 784, + 785, + 786, + 787, + 788, + 789, + 790, + 791, + 792, + 793, + 794, + 795, + 796, + 797, + 798, + 799, + 800, + 801, + 802, + 803, + 804, + 805, + 806, + 807, + 808, + 809, + 810, + 811, + 812, + 813, + 814, + 815, + 816, + 817, + 818, + 819, + 820, + 821, + 822, + 823, + 824, + 825, + 826, + 827, + 828, + 829, + 830, + 831, + 832, + 833, + 834, + 835, + 836, + 837, + 838, + 839, + 840, + 841, + 842, + 843, + 844, + 845, + 846, + 847, + 848, + 849, + 850, + 851, + 852, + 853, + 854, + 855, + 856, + 857, + 858, + 859, + 860, + 861, + 862, + 863, + 864, + 865, + 866, + 867, + 868, + 869, + 870, + 871, + 872, + 873, + 874, + 875, + 876, + 877, + 878, + 879, + 880, + 881, + 882, + 883, + 884, + 885, + 886, + 887, + 888, + 889, + 890, + 891, + 892, + 893, + 894, + 895, + 896, + 897, + 898, + 899, + 900, + 901, + 902, + 903, + 904, + 905, + 906, + 907, + 908, + 909, + 910, + 911, + 912, + 913, + 914, + 915, + 916, + 917, + 918, + 919, + 920, + 921, + 922, + 923, + 924, + 925, + 926, + 927, + 928, + 929, + 930, + 931, + 932, + 933, + 934, + 935, + 936, + 937, + 938, + 939, + 940, + 941, + 942, + 943, + 944, + 945, + 946, + 947, + 948, + 949, + 950, + 951, + 952, + 953, + 954, + 955, + 956, + 957, + 958, + 959, + 960, + 961, + 962, + 963, + 964, + 965, + 966, + 967, + 968, + 969, + 970, + 971, + 972, + 973, + 974, + 975, + 976, + 977, + 978, + 979, + 980, + 981, + 982, + 983, + 984, + 985, + 986, + 987, + 988, + 989, + 990, + 991, + 992, + 993, + 994, + 995, + 996, + 997, + 998, + 999, + 1000, + 1001, + 1002, + 1003, + 1004, + 1005, + 1006, + 1007, + 1008, + 1009, + 1010, + 1011, + 1012, + 1013, + 1014, + 1015, + 1016, + 1017, + 1018, + 1019, + 1020, + 1021, + 1022, + 1023, + 1024, + 1025, + 1026, + 1027, + 1028, + 1029, + 1030, + 1031, + 1032, + 1033, + 1034, + 1035, + 1036, + 1037, + 1038, + 1039, + 1040, + 1041, + 1042, + 1043, + 1044, + 1045, + 1046, + 1047, + 1048, + 1049, + 1050, + 1051, + 1052, + 1053, + 1054, + 1055, + 1056, + 1057, + 1058, + 1059, + 1060, + 1061, + 1062, + 1063, + 1064, + 1065, + 1066, + 1067, + 1068, + 1069, + 1070, + 1071, + 1072, + 1073, + 1074, + 1075, + 1076, + 1077, + 1078, + 1079, + 1080, + 1081, + 1082, + 1083, + 1084, + 1085, + 1086, + 1087, + 1088, + 1089, + 1090, + 1091, + 1092, + 1093, + 1094, + 1095, + 1096, + 1097, + 1098, + 1099, + 1100, + 1101, + 1102, + 1103, + 1104, + 1105, + 1106, + 1107, + 1108, + 1109, + 1110, + 1111, + 1112, + 1113, + 1114, + 1115, + 1116, + 1117, + 1118, + 1119, + 1120, + 1121, + 1122, + 1123, + 1124, + 1125, + 1126, + 1127, + 1128, + 1129, + 1130, + 1131, + 1132, + 1133, + 1134, + 1135, + 1136, + 1137, + 1138, + 1139, + 1140, + 1141, + 1142, + 1143, + 1144, + 1145, + 1146, + 1147, + 1148, + 1149, + 1150, + 1151, + 1152, + 1153, + 1154, + 1155, + 1156, + 1157, + 1158, + 1159, + 1160, + 1161, + 1162, + 1163, + 1164, + 1165, + 1166, + 1167, + 1168, + 1169, + 1170, + 1171, + 1172, + 1173, + 1174, + 1175, + 1176, + 1177, + 1178, + 1179, + 1180, + 1181, + 1182, + 1183, + 1184, + 1185, + 1186, + 1187, + 1188, + 1189, + 1190, + 1191, + 1192, + 1193, + 1194, + 1195, + 1196, + 1197, + 1198, + 1199, + 1200, + 1201, + 1202, + 1203, + 1204, + 1205, + 1206, + 1207, + 1208, + 1209, + 1210, + 1211, + 1212, + 1213, + 1214, + 1215, + 1216, + 1217, + 1218, + 1219, + 1220, + 1221, + 1222, + 1223 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "withdrawRewardFor(address)" + } + } + }, + "additional_fields": { + "underlying_type": "external_calls_sending_eth" + } + }, + { + "type": "node", + "name": "! rewardAccount.payOut(_account,reward)", + "source_mapping": { + "start": 40711, + "length": 39, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 1070 + ], + "starting_column": 13, + "ending_column": 52 + }, + "type_specific_fields": { + "parent": { + "type": "function", + "name": "withdrawRewardFor", + "source_mapping": { + "start": 40361, + "length": 473, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 1064, + 1065, + 1066, + 1067, + 1068, + 1069, + 1070, + 1071, + 1072, + 1073, + 1074 ], - "starting_column": 1, - "ending_column": 2 + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "DAO", + "source_mapping": { + "start": 28296, + "length": 17108, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 694, + 695, + 696, + 697, + 698, + 699, + 700, + 701, + 702, + 703, + 704, + 705, + 706, + 707, + 708, + 709, + 710, + 711, + 712, + 713, + 714, + 715, + 716, + 717, + 718, + 719, + 720, + 721, + 722, + 723, + 724, + 725, + 726, + 727, + 728, + 729, + 730, + 731, + 732, + 733, + 734, + 735, + 736, + 737, + 738, + 739, + 740, + 741, + 742, + 743, + 744, + 745, + 746, + 747, + 748, + 749, + 750, + 751, + 752, + 753, + 754, + 755, + 756, + 757, + 758, + 759, + 760, + 761, + 762, + 763, + 764, + 765, + 766, + 767, + 768, + 769, + 770, + 771, + 772, + 773, + 774, + 775, + 776, + 777, + 778, + 779, + 780, + 781, + 782, + 783, + 784, + 785, + 786, + 787, + 788, + 789, + 790, + 791, + 792, + 793, + 794, + 795, + 796, + 797, + 798, + 799, + 800, + 801, + 802, + 803, + 804, + 805, + 806, + 807, + 808, + 809, + 810, + 811, + 812, + 813, + 814, + 815, + 816, + 817, + 818, + 819, + 820, + 821, + 822, + 823, + 824, + 825, + 826, + 827, + 828, + 829, + 830, + 831, + 832, + 833, + 834, + 835, + 836, + 837, + 838, + 839, + 840, + 841, + 842, + 843, + 844, + 845, + 846, + 847, + 848, + 849, + 850, + 851, + 852, + 853, + 854, + 855, + 856, + 857, + 858, + 859, + 860, + 861, + 862, + 863, + 864, + 865, + 866, + 867, + 868, + 869, + 870, + 871, + 872, + 873, + 874, + 875, + 876, + 877, + 878, + 879, + 880, + 881, + 882, + 883, + 884, + 885, + 886, + 887, + 888, + 889, + 890, + 891, + 892, + 893, + 894, + 895, + 896, + 897, + 898, + 899, + 900, + 901, + 902, + 903, + 904, + 905, + 906, + 907, + 908, + 909, + 910, + 911, + 912, + 913, + 914, + 915, + 916, + 917, + 918, + 919, + 920, + 921, + 922, + 923, + 924, + 925, + 926, + 927, + 928, + 929, + 930, + 931, + 932, + 933, + 934, + 935, + 936, + 937, + 938, + 939, + 940, + 941, + 942, + 943, + 944, + 945, + 946, + 947, + 948, + 949, + 950, + 951, + 952, + 953, + 954, + 955, + 956, + 957, + 958, + 959, + 960, + 961, + 962, + 963, + 964, + 965, + 966, + 967, + 968, + 969, + 970, + 971, + 972, + 973, + 974, + 975, + 976, + 977, + 978, + 979, + 980, + 981, + 982, + 983, + 984, + 985, + 986, + 987, + 988, + 989, + 990, + 991, + 992, + 993, + 994, + 995, + 996, + 997, + 998, + 999, + 1000, + 1001, + 1002, + 1003, + 1004, + 1005, + 1006, + 1007, + 1008, + 1009, + 1010, + 1011, + 1012, + 1013, + 1014, + 1015, + 1016, + 1017, + 1018, + 1019, + 1020, + 1021, + 1022, + 1023, + 1024, + 1025, + 1026, + 1027, + 1028, + 1029, + 1030, + 1031, + 1032, + 1033, + 1034, + 1035, + 1036, + 1037, + 1038, + 1039, + 1040, + 1041, + 1042, + 1043, + 1044, + 1045, + 1046, + 1047, + 1048, + 1049, + 1050, + 1051, + 1052, + 1053, + 1054, + 1055, + 1056, + 1057, + 1058, + 1059, + 1060, + 1061, + 1062, + 1063, + 1064, + 1065, + 1066, + 1067, + 1068, + 1069, + 1070, + 1071, + 1072, + 1073, + 1074, + 1075, + 1076, + 1077, + 1078, + 1079, + 1080, + 1081, + 1082, + 1083, + 1084, + 1085, + 1086, + 1087, + 1088, + 1089, + 1090, + 1091, + 1092, + 1093, + 1094, + 1095, + 1096, + 1097, + 1098, + 1099, + 1100, + 1101, + 1102, + 1103, + 1104, + 1105, + 1106, + 1107, + 1108, + 1109, + 1110, + 1111, + 1112, + 1113, + 1114, + 1115, + 1116, + 1117, + 1118, + 1119, + 1120, + 1121, + 1122, + 1123, + 1124, + 1125, + 1126, + 1127, + 1128, + 1129, + 1130, + 1131, + 1132, + 1133, + 1134, + 1135, + 1136, + 1137, + 1138, + 1139, + 1140, + 1141, + 1142, + 1143, + 1144, + 1145, + 1146, + 1147, + 1148, + 1149, + 1150, + 1151, + 1152, + 1153, + 1154, + 1155, + 1156, + 1157, + 1158, + 1159, + 1160, + 1161, + 1162, + 1163, + 1164, + 1165, + 1166, + 1167, + 1168, + 1169, + 1170, + 1171, + 1172, + 1173, + 1174, + 1175, + 1176, + 1177, + 1178, + 1179, + 1180, + 1181, + 1182, + 1183, + 1184, + 1185, + 1186, + 1187, + 1188, + 1189, + 1190, + 1191, + 1192, + 1193, + 1194, + 1195, + 1196, + 1197, + 1198, + 1199, + 1200, + 1201, + 1202, + 1203, + 1204, + 1205, + 1206, + 1207, + 1208, + 1209, + 1210, + 1211, + 1212, + 1213, + 1214, + 1215, + 1216, + 1217, + 1218, + 1219, + 1220, + 1221, + 1222, + 1223 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "withdrawRewardFor(address)" } - }, - "signature": "retrieveDAOReward(bool)" + } + }, + "additional_fields": { + "underlying_type": "external_calls_sending_eth" } }, { "type": "node", - "name": "reward = (rewardToken[msg.sender] * DAOrewardAccount.accumulatedInput()) / totalRewardToken - DAOpaidOut[msg.sender]", + "name": "transfer(_to,_value)", "source_mapping": { - "start": 39789, - "length": 145, + "start": 41331, + "length": 28, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1044, - 1045, - 1046 + 1094 ], "starting_column": 9, - "ending_column": 54 + "ending_column": 37 }, "type_specific_fields": { "parent": { "type": "function", - "name": "retrieveDAOReward", + "name": "transferWithoutReward", "source_mapping": { - "start": 39505, - "length": 735, + "start": 41191, + "length": 175, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1037, - 1038, - 1039, - 1040, - 1041, - 1042, - 1043, - 1044, - 1045, - 1046, - 1047, - 1048, - 1049, - 1050, - 1051, - 1052, - 1053, - 1054, - 1055, - 1056, - 1057 + 1091, + 1092, + 1093, + 1094, + 1095 ], "starting_column": 5, "ending_column": 6 @@ -21139,63 +18549,284 @@ "ending_column": 2 } }, - "signature": "retrieveDAOReward(bool)" + "signature": "transferWithoutReward(address,uint256)" + } + } + }, + "additional_fields": { + "underlying_type": "variables_written", + "variable_name": "balances" + } + }, + { + "type": "node", + "name": "balances[msg.sender] -= _amount", + "source_mapping": { + "start": 3920, + "length": 31, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 101 + ], + "starting_column": 13, + "ending_column": 44 + }, + "type_specific_fields": { + "parent": { + "type": "function", + "name": "transfer", + "source_mapping": { + "start": 3765, + "length": 356, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 99, + 100, + 101, + 102, + 103, + 104, + 105, + 106, + 107, + 108 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "Token", + "source_mapping": { + "start": 3440, + "length": 1550, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 90, + 91, + 92, + 93, + 94, + 95, + 96, + 97, + 98, + 99, + 100, + 101, + 102, + 103, + 104, + 105, + 106, + 107, + 108, + 109, + 110, + 111, + 112, + 113, + 114, + 115, + 116, + 117, + 118, + 119, + 120, + 121, + 122, + 123, + 124, + 125, + 126, + 127, + 128, + 129, + 130, + 131, + 132, + 133, + 134, + 135, + 136, + 137, + 138, + 139 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "transfer(address,uint256)" + } + } + }, + "additional_fields": { + "underlying_type": "variables_written", + "variable_name": "balances" + } + }, + { + "type": "node", + "name": "balances[_to] += _amount", + "source_mapping": { + "start": 3965, + "length": 24, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 102 + ], + "starting_column": 13, + "ending_column": 37 + }, + "type_specific_fields": { + "parent": { + "type": "function", + "name": "transfer", + "source_mapping": { + "start": 3765, + "length": 356, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 99, + 100, + 101, + 102, + 103, + 104, + 105, + 106, + 107, + 108 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "Token", + "source_mapping": { + "start": 3440, + "length": 1550, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 90, + 91, + 92, + 93, + 94, + 95, + 96, + 97, + 98, + 99, + 100, + 101, + 102, + 103, + 104, + 105, + 106, + 107, + 108, + 109, + 110, + 111, + 112, + 113, + 114, + 115, + 116, + 117, + 118, + 119, + 120, + 121, + 122, + 123, + 124, + 125, + 126, + 127, + 128, + 129, + 130, + 131, + 132, + 133, + 134, + 135, + 136, + 137, + 138, + 139 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "transfer(address,uint256)" } } }, "additional_fields": { - "underlying_type": "external_calls" + "underlying_type": "variables_written", + "variable_name": "balances" } }, { "type": "node", - "name": "! DAOrewardAccount.payOut(dao.rewardAccount(),reward)", + "name": "transfer(_to,_value)", "source_mapping": { - "start": 39977, - "length": 53, + "start": 41331, + "length": 28, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1048 + 1094 ], - "starting_column": 17, - "ending_column": 70 + "starting_column": 9, + "ending_column": 37 }, "type_specific_fields": { "parent": { "type": "function", - "name": "retrieveDAOReward", + "name": "transferWithoutReward", "source_mapping": { - "start": 39505, - "length": 735, + "start": 41191, + "length": 175, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1037, - 1038, - 1039, - 1040, - 1041, - 1042, - 1043, - 1044, - 1045, - 1046, - 1047, - 1048, - 1049, - 1050, - 1051, - 1052, - 1053, - 1054, - 1055, - 1056, - 1057 + 1091, + 1092, + 1093, + 1094, + 1095 ], "starting_column": 5, "ending_column": 6 @@ -21747,63 +19378,56 @@ "ending_column": 2 } }, - "signature": "retrieveDAOReward(bool)" + "signature": "transferWithoutReward(address,uint256)" } } }, "additional_fields": { - "underlying_type": "external_calls" + "underlying_type": "variables_written", + "variable_name": "paidOut" } }, { "type": "node", - "name": "! DAOrewardAccount.payOut(dao,reward)", + "name": "paidOut[_from] -= transferPaidOut", "source_mapping": { - "start": 40100, - "length": 37, + "start": 42279, + "length": 33, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1052 + 1133 ], - "starting_column": 17, - "ending_column": 54 + "starting_column": 9, + "ending_column": 42 }, "type_specific_fields": { "parent": { "type": "function", - "name": "retrieveDAOReward", + "name": "transferPaidOut", "source_mapping": { - "start": 39505, - "length": 735, + "start": 41997, + "length": 384, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1037, - 1038, - 1039, - 1040, - 1041, - 1042, - 1043, - 1044, - 1045, - 1046, - 1047, - 1048, - 1049, - 1050, - 1051, - 1052, - 1053, - 1054, - 1055, - 1056, - 1057 + 1124, + 1125, + 1126, + 1127, + 1128, + 1129, + 1130, + 1131, + 1132, + 1133, + 1134, + 1135, + 1136 ], "starting_column": 5, "ending_column": 6 @@ -22355,63 +19979,56 @@ "ending_column": 2 } }, - "signature": "retrieveDAOReward(bool)" + "signature": "transferPaidOut(address,address,uint256)" } } }, "additional_fields": { - "underlying_type": "external_calls" + "underlying_type": "variables_written", + "variable_name": "paidOut" } }, { "type": "node", - "name": "DAOpaidOut[msg.sender] += reward", + "name": "paidOut[_to] += transferPaidOut", "source_mapping": { - "start": 40180, - "length": 32, + "start": 42322, + "length": 31, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1055 + 1134 ], "starting_column": 9, - "ending_column": 41 + "ending_column": 40 }, "type_specific_fields": { "parent": { "type": "function", - "name": "retrieveDAOReward", + "name": "transferPaidOut", "source_mapping": { - "start": 39505, - "length": 735, + "start": 41997, + "length": 384, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1037, - 1038, - 1039, - 1040, - 1041, - 1042, - 1043, - 1044, - 1045, - 1046, - 1047, - 1048, - 1049, - 1050, - 1051, - 1052, - 1053, - 1054, - 1055, - 1056, - 1057 + 1124, + 1125, + 1126, + 1127, + 1128, + 1129, + 1130, + 1131, + 1132, + 1133, + 1134, + 1135, + 1136 ], "starting_column": 5, "ending_column": 6 @@ -22963,20 +20580,20 @@ "ending_column": 2 } }, - "signature": "retrieveDAOReward(bool)" + "signature": "transferPaidOut(address,address,uint256)" } } }, "additional_fields": { "underlying_type": "variables_written", - "variable_name": "DAOpaidOut" + "variable_name": "paidOut" } } ], - "description": "Reentrancy in DAO.retrieveDAOReward(bool) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1037-1057):\n\tExternal calls:\n\t- reward = (rewardToken[msg.sender] * DAOrewardAccount.accumulatedInput()) / totalRewardToken - DAOpaidOut[msg.sender] (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1044-1046)\n\t- ! DAOrewardAccount.payOut(dao.rewardAccount(),reward) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1048)\n\t- ! DAOrewardAccount.payOut(dao,reward) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1052)\n\tState variables written after the call(s):\n\t- DAOpaidOut[msg.sender] += reward (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1055)\n\tDAOInterface.DAOpaidOut (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#423) can be used in cross function reentrancies:\n\t- DAO.splitDAO(uint256,address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#947-1020)\n\t- DAO.newContract(address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1022-1034)\n\t- DAOInterface.DAOpaidOut (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#423)\n\t- DAO.retrieveDAOReward(bool) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1037-1057)\n", - "markdown": "Reentrancy in [DAO.retrieveDAOReward(bool)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1037-L1057):\n\tExternal calls:\n\t- [reward = (rewardToken[msg.sender] * DAOrewardAccount.accumulatedInput()) / totalRewardToken - DAOpaidOut[msg.sender]](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1044-L1046)\n\t- [! DAOrewardAccount.payOut(dao.rewardAccount(),reward)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1048)\n\t- [! DAOrewardAccount.payOut(dao,reward)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1052)\n\tState variables written after the call(s):\n\t- [DAOpaidOut[msg.sender] += reward](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1055)\n\t[DAOInterface.DAOpaidOut](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L423) can be used in cross function reentrancies:\n\t- [DAO.splitDAO(uint256,address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L947-L1020)\n\t- [DAO.newContract(address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1022-L1034)\n\t- [DAOInterface.DAOpaidOut](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L423)\n\t- [DAO.retrieveDAOReward(bool)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1037-L1057)\n", - "first_markdown_element": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1037-L1057", - "id": "6275c27bb80d9d1ab0d9125193b9c8e8c12670aae64a93559b09ec160bcbf5e7", + "description": "Reentrancy in DAO.transferWithoutReward(address,uint256) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1091-1095):\n\tExternal calls:\n\t- ! getMyReward() (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1092)\n\t\t- (balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply < paidOut[_account] (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1065)\n\t\t- reward = (balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply - paidOut[_account] (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1068-1069)\n\t\t- ! rewardAccount.payOut(_account,reward) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1070)\n\tState variables written after the call(s):\n\t- transfer(_to,_value) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1094)\n\t\t- balances[msg.sender] -= _amount (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#101)\n\t\t- balances[_to] += _amount (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#102)\n\tTokenInterface.balances (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#41) can be used in cross function reentrancies:\n\t- Token.balanceOf(address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#95-97)\n\t- TokenCreation.createTokenProxy(address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#299-316)\n\t- TokenCreation.refund() (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#318-332)\n\t- DAO.splitDAO(uint256,address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#947-1020)\n\t- Token.transfer(address,uint256) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#99-108)\n\t- Token.transferFrom(address,address,uint256) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#110-128)\n\t- DAO.vote(uint256,bool) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#820-850)\n\t- transfer(_to,_value) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1094)\n\t\t- paidOut[_from] -= transferPaidOut (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1133)\n\t\t- paidOut[_to] += transferPaidOut (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1134)\n\tDAOInterface.paidOut (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#426) can be used in cross function reentrancies:\n\t- DAOInterface.paidOut (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#426)\n\t- DAO.splitDAO(uint256,address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#947-1020)\n\t- DAO.transferPaidOut(address,address,uint256) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1124-1136)\n\t- DAO.withdrawRewardFor(address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1064-1074)\n", + "markdown": "Reentrancy in [DAO.transferWithoutReward(address,uint256)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1091-L1095):\n\tExternal calls:\n\t- [! getMyReward()](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1092)\n\t\t- [(balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply < paidOut[_account]](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1065)\n\t\t- [reward = (balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply - paidOut[_account]](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1068-L1069)\n\t\t- [! rewardAccount.payOut(_account,reward)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1070)\n\tState variables written after the call(s):\n\t- [transfer(_to,_value)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1094)\n\t\t- [balances[msg.sender] -= _amount](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L101)\n\t\t- [balances[_to] += _amount](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L102)\n\t[TokenInterface.balances](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L41) can be used in cross function reentrancies:\n\t- [Token.balanceOf(address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L95-L97)\n\t- [TokenCreation.createTokenProxy(address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L299-L316)\n\t- [TokenCreation.refund()](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L318-L332)\n\t- [DAO.splitDAO(uint256,address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L947-L1020)\n\t- [Token.transfer(address,uint256)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L99-L108)\n\t- [Token.transferFrom(address,address,uint256)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L110-L128)\n\t- [DAO.vote(uint256,bool)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L820-L850)\n\t- [transfer(_to,_value)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1094)\n\t\t- [paidOut[_from] -= transferPaidOut](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1133)\n\t\t- [paidOut[_to] += transferPaidOut](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1134)\n\t[DAOInterface.paidOut](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L426) can be used in cross function reentrancies:\n\t- [DAOInterface.paidOut](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L426)\n\t- [DAO.splitDAO(uint256,address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L947-L1020)\n\t- [DAO.transferPaidOut(address,address,uint256)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1124-L1136)\n\t- [DAO.withdrawRewardFor(address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1064-L1074)\n", + "first_markdown_element": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1091-L1095", + "id": "ad6f23948098980472bb7aff30e5fff31c6b90fe570d3f9fa5aa33faaddf32e3", "check": "reentrancy-no-eth", "impact": "Medium", "confidence": "Medium" @@ -23587,56 +21204,1970 @@ 1194, 1195, 1196, - 1197, - 1198, - 1199, - 1200, - 1201, - 1202, - 1203, - 1204, - 1205, - 1206, - 1207, - 1208, - 1209, - 1210, - 1211, - 1212, - 1213, - 1214, - 1215, - 1216, - 1217, - 1218, - 1219, - 1220, - 1221, - 1222, - 1223 + 1197, + 1198, + 1199, + 1200, + 1201, + 1202, + 1203, + 1204, + 1205, + 1206, + 1207, + 1208, + 1209, + 1210, + 1211, + 1212, + 1213, + 1214, + 1215, + 1216, + 1217, + 1218, + 1219, + 1220, + 1221, + 1222, + 1223 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "splitDAO(uint256,address)" + } + }, + { + "type": "node", + "name": "p.splitData[0].newDAO = createNewDAO(_newCurator)", + "source_mapping": { + "start": 37159, + "length": 49, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 974 + ], + "starting_column": 13, + "ending_column": 62 + }, + "type_specific_fields": { + "parent": { + "type": "function", + "name": "splitDAO", + "source_mapping": { + "start": 36148, + "length": 2849, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 947, + 948, + 949, + 950, + 951, + 952, + 953, + 954, + 955, + 956, + 957, + 958, + 959, + 960, + 961, + 962, + 963, + 964, + 965, + 966, + 967, + 968, + 969, + 970, + 971, + 972, + 973, + 974, + 975, + 976, + 977, + 978, + 979, + 980, + 981, + 982, + 983, + 984, + 985, + 986, + 987, + 988, + 989, + 990, + 991, + 992, + 993, + 994, + 995, + 996, + 997, + 998, + 999, + 1000, + 1001, + 1002, + 1003, + 1004, + 1005, + 1006, + 1007, + 1008, + 1009, + 1010, + 1011, + 1012, + 1013, + 1014, + 1015, + 1016, + 1017, + 1018, + 1019, + 1020 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "DAO", + "source_mapping": { + "start": 28296, + "length": 17108, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 694, + 695, + 696, + 697, + 698, + 699, + 700, + 701, + 702, + 703, + 704, + 705, + 706, + 707, + 708, + 709, + 710, + 711, + 712, + 713, + 714, + 715, + 716, + 717, + 718, + 719, + 720, + 721, + 722, + 723, + 724, + 725, + 726, + 727, + 728, + 729, + 730, + 731, + 732, + 733, + 734, + 735, + 736, + 737, + 738, + 739, + 740, + 741, + 742, + 743, + 744, + 745, + 746, + 747, + 748, + 749, + 750, + 751, + 752, + 753, + 754, + 755, + 756, + 757, + 758, + 759, + 760, + 761, + 762, + 763, + 764, + 765, + 766, + 767, + 768, + 769, + 770, + 771, + 772, + 773, + 774, + 775, + 776, + 777, + 778, + 779, + 780, + 781, + 782, + 783, + 784, + 785, + 786, + 787, + 788, + 789, + 790, + 791, + 792, + 793, + 794, + 795, + 796, + 797, + 798, + 799, + 800, + 801, + 802, + 803, + 804, + 805, + 806, + 807, + 808, + 809, + 810, + 811, + 812, + 813, + 814, + 815, + 816, + 817, + 818, + 819, + 820, + 821, + 822, + 823, + 824, + 825, + 826, + 827, + 828, + 829, + 830, + 831, + 832, + 833, + 834, + 835, + 836, + 837, + 838, + 839, + 840, + 841, + 842, + 843, + 844, + 845, + 846, + 847, + 848, + 849, + 850, + 851, + 852, + 853, + 854, + 855, + 856, + 857, + 858, + 859, + 860, + 861, + 862, + 863, + 864, + 865, + 866, + 867, + 868, + 869, + 870, + 871, + 872, + 873, + 874, + 875, + 876, + 877, + 878, + 879, + 880, + 881, + 882, + 883, + 884, + 885, + 886, + 887, + 888, + 889, + 890, + 891, + 892, + 893, + 894, + 895, + 896, + 897, + 898, + 899, + 900, + 901, + 902, + 903, + 904, + 905, + 906, + 907, + 908, + 909, + 910, + 911, + 912, + 913, + 914, + 915, + 916, + 917, + 918, + 919, + 920, + 921, + 922, + 923, + 924, + 925, + 926, + 927, + 928, + 929, + 930, + 931, + 932, + 933, + 934, + 935, + 936, + 937, + 938, + 939, + 940, + 941, + 942, + 943, + 944, + 945, + 946, + 947, + 948, + 949, + 950, + 951, + 952, + 953, + 954, + 955, + 956, + 957, + 958, + 959, + 960, + 961, + 962, + 963, + 964, + 965, + 966, + 967, + 968, + 969, + 970, + 971, + 972, + 973, + 974, + 975, + 976, + 977, + 978, + 979, + 980, + 981, + 982, + 983, + 984, + 985, + 986, + 987, + 988, + 989, + 990, + 991, + 992, + 993, + 994, + 995, + 996, + 997, + 998, + 999, + 1000, + 1001, + 1002, + 1003, + 1004, + 1005, + 1006, + 1007, + 1008, + 1009, + 1010, + 1011, + 1012, + 1013, + 1014, + 1015, + 1016, + 1017, + 1018, + 1019, + 1020, + 1021, + 1022, + 1023, + 1024, + 1025, + 1026, + 1027, + 1028, + 1029, + 1030, + 1031, + 1032, + 1033, + 1034, + 1035, + 1036, + 1037, + 1038, + 1039, + 1040, + 1041, + 1042, + 1043, + 1044, + 1045, + 1046, + 1047, + 1048, + 1049, + 1050, + 1051, + 1052, + 1053, + 1054, + 1055, + 1056, + 1057, + 1058, + 1059, + 1060, + 1061, + 1062, + 1063, + 1064, + 1065, + 1066, + 1067, + 1068, + 1069, + 1070, + 1071, + 1072, + 1073, + 1074, + 1075, + 1076, + 1077, + 1078, + 1079, + 1080, + 1081, + 1082, + 1083, + 1084, + 1085, + 1086, + 1087, + 1088, + 1089, + 1090, + 1091, + 1092, + 1093, + 1094, + 1095, + 1096, + 1097, + 1098, + 1099, + 1100, + 1101, + 1102, + 1103, + 1104, + 1105, + 1106, + 1107, + 1108, + 1109, + 1110, + 1111, + 1112, + 1113, + 1114, + 1115, + 1116, + 1117, + 1118, + 1119, + 1120, + 1121, + 1122, + 1123, + 1124, + 1125, + 1126, + 1127, + 1128, + 1129, + 1130, + 1131, + 1132, + 1133, + 1134, + 1135, + 1136, + 1137, + 1138, + 1139, + 1140, + 1141, + 1142, + 1143, + 1144, + 1145, + 1146, + 1147, + 1148, + 1149, + 1150, + 1151, + 1152, + 1153, + 1154, + 1155, + 1156, + 1157, + 1158, + 1159, + 1160, + 1161, + 1162, + 1163, + 1164, + 1165, + 1166, + 1167, + 1168, + 1169, + 1170, + 1171, + 1172, + 1173, + 1174, + 1175, + 1176, + 1177, + 1178, + 1179, + 1180, + 1181, + 1182, + 1183, + 1184, + 1185, + 1186, + 1187, + 1188, + 1189, + 1190, + 1191, + 1192, + 1193, + 1194, + 1195, + 1196, + 1197, + 1198, + 1199, + 1200, + 1201, + 1202, + 1203, + 1204, + 1205, + 1206, + 1207, + 1208, + 1209, + 1210, + 1211, + 1212, + 1213, + 1214, + 1215, + 1216, + 1217, + 1218, + 1219, + 1220, + 1221, + 1222, + 1223 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "splitDAO(uint256,address)" + } + } + }, + "additional_fields": { + "underlying_type": "external_calls" + } + }, + { + "type": "node", + "name": "daoCreator.createDAO(_newCurator,0,0,now + splitExecutionPeriod)", + "source_mapping": { + "start": 44544, + "length": 74, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 1196 + ], + "starting_column": 9, + "ending_column": 83 + }, + "type_specific_fields": { + "parent": { + "type": "function", + "name": "createNewDAO", + "source_mapping": { + "start": 44427, + "length": 198, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 1194, + 1195, + 1196, + 1197 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "DAO", + "source_mapping": { + "start": 28296, + "length": 17108, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 694, + 695, + 696, + 697, + 698, + 699, + 700, + 701, + 702, + 703, + 704, + 705, + 706, + 707, + 708, + 709, + 710, + 711, + 712, + 713, + 714, + 715, + 716, + 717, + 718, + 719, + 720, + 721, + 722, + 723, + 724, + 725, + 726, + 727, + 728, + 729, + 730, + 731, + 732, + 733, + 734, + 735, + 736, + 737, + 738, + 739, + 740, + 741, + 742, + 743, + 744, + 745, + 746, + 747, + 748, + 749, + 750, + 751, + 752, + 753, + 754, + 755, + 756, + 757, + 758, + 759, + 760, + 761, + 762, + 763, + 764, + 765, + 766, + 767, + 768, + 769, + 770, + 771, + 772, + 773, + 774, + 775, + 776, + 777, + 778, + 779, + 780, + 781, + 782, + 783, + 784, + 785, + 786, + 787, + 788, + 789, + 790, + 791, + 792, + 793, + 794, + 795, + 796, + 797, + 798, + 799, + 800, + 801, + 802, + 803, + 804, + 805, + 806, + 807, + 808, + 809, + 810, + 811, + 812, + 813, + 814, + 815, + 816, + 817, + 818, + 819, + 820, + 821, + 822, + 823, + 824, + 825, + 826, + 827, + 828, + 829, + 830, + 831, + 832, + 833, + 834, + 835, + 836, + 837, + 838, + 839, + 840, + 841, + 842, + 843, + 844, + 845, + 846, + 847, + 848, + 849, + 850, + 851, + 852, + 853, + 854, + 855, + 856, + 857, + 858, + 859, + 860, + 861, + 862, + 863, + 864, + 865, + 866, + 867, + 868, + 869, + 870, + 871, + 872, + 873, + 874, + 875, + 876, + 877, + 878, + 879, + 880, + 881, + 882, + 883, + 884, + 885, + 886, + 887, + 888, + 889, + 890, + 891, + 892, + 893, + 894, + 895, + 896, + 897, + 898, + 899, + 900, + 901, + 902, + 903, + 904, + 905, + 906, + 907, + 908, + 909, + 910, + 911, + 912, + 913, + 914, + 915, + 916, + 917, + 918, + 919, + 920, + 921, + 922, + 923, + 924, + 925, + 926, + 927, + 928, + 929, + 930, + 931, + 932, + 933, + 934, + 935, + 936, + 937, + 938, + 939, + 940, + 941, + 942, + 943, + 944, + 945, + 946, + 947, + 948, + 949, + 950, + 951, + 952, + 953, + 954, + 955, + 956, + 957, + 958, + 959, + 960, + 961, + 962, + 963, + 964, + 965, + 966, + 967, + 968, + 969, + 970, + 971, + 972, + 973, + 974, + 975, + 976, + 977, + 978, + 979, + 980, + 981, + 982, + 983, + 984, + 985, + 986, + 987, + 988, + 989, + 990, + 991, + 992, + 993, + 994, + 995, + 996, + 997, + 998, + 999, + 1000, + 1001, + 1002, + 1003, + 1004, + 1005, + 1006, + 1007, + 1008, + 1009, + 1010, + 1011, + 1012, + 1013, + 1014, + 1015, + 1016, + 1017, + 1018, + 1019, + 1020, + 1021, + 1022, + 1023, + 1024, + 1025, + 1026, + 1027, + 1028, + 1029, + 1030, + 1031, + 1032, + 1033, + 1034, + 1035, + 1036, + 1037, + 1038, + 1039, + 1040, + 1041, + 1042, + 1043, + 1044, + 1045, + 1046, + 1047, + 1048, + 1049, + 1050, + 1051, + 1052, + 1053, + 1054, + 1055, + 1056, + 1057, + 1058, + 1059, + 1060, + 1061, + 1062, + 1063, + 1064, + 1065, + 1066, + 1067, + 1068, + 1069, + 1070, + 1071, + 1072, + 1073, + 1074, + 1075, + 1076, + 1077, + 1078, + 1079, + 1080, + 1081, + 1082, + 1083, + 1084, + 1085, + 1086, + 1087, + 1088, + 1089, + 1090, + 1091, + 1092, + 1093, + 1094, + 1095, + 1096, + 1097, + 1098, + 1099, + 1100, + 1101, + 1102, + 1103, + 1104, + 1105, + 1106, + 1107, + 1108, + 1109, + 1110, + 1111, + 1112, + 1113, + 1114, + 1115, + 1116, + 1117, + 1118, + 1119, + 1120, + 1121, + 1122, + 1123, + 1124, + 1125, + 1126, + 1127, + 1128, + 1129, + 1130, + 1131, + 1132, + 1133, + 1134, + 1135, + 1136, + 1137, + 1138, + 1139, + 1140, + 1141, + 1142, + 1143, + 1144, + 1145, + 1146, + 1147, + 1148, + 1149, + 1150, + 1151, + 1152, + 1153, + 1154, + 1155, + 1156, + 1157, + 1158, + 1159, + 1160, + 1161, + 1162, + 1163, + 1164, + 1165, + 1166, + 1167, + 1168, + 1169, + 1170, + 1171, + 1172, + 1173, + 1174, + 1175, + 1176, + 1177, + 1178, + 1179, + 1180, + 1181, + 1182, + 1183, + 1184, + 1185, + 1186, + 1187, + 1188, + 1189, + 1190, + 1191, + 1192, + 1193, + 1194, + 1195, + 1196, + 1197, + 1198, + 1199, + 1200, + 1201, + 1202, + 1203, + 1204, + 1205, + 1206, + 1207, + 1208, + 1209, + 1210, + 1211, + 1212, + 1213, + 1214, + 1215, + 1216, + 1217, + 1218, + 1219, + 1220, + 1221, + 1222, + 1223 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "createNewDAO(address)" + } + } + }, + "additional_fields": { + "underlying_type": "external_calls_sending_eth" + } + }, + { + "type": "node", + "name": "p.splitData[0].splitBalance = actualBalance()", + "source_mapping": { + "start": 37456, + "length": 45, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 981 + ], + "starting_column": 13, + "ending_column": 58 + }, + "type_specific_fields": { + "parent": { + "type": "function", + "name": "splitDAO", + "source_mapping": { + "start": 36148, + "length": 2849, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 947, + 948, + 949, + 950, + 951, + 952, + 953, + 954, + 955, + 956, + 957, + 958, + 959, + 960, + 961, + 962, + 963, + 964, + 965, + 966, + 967, + 968, + 969, + 970, + 971, + 972, + 973, + 974, + 975, + 976, + 977, + 978, + 979, + 980, + 981, + 982, + 983, + 984, + 985, + 986, + 987, + 988, + 989, + 990, + 991, + 992, + 993, + 994, + 995, + 996, + 997, + 998, + 999, + 1000, + 1001, + 1002, + 1003, + 1004, + 1005, + 1006, + 1007, + 1008, + 1009, + 1010, + 1011, + 1012, + 1013, + 1014, + 1015, + 1016, + 1017, + 1018, + 1019, + 1020 ], - "starting_column": 1, - "ending_column": 2 + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "DAO", + "source_mapping": { + "start": 28296, + "length": 17108, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 694, + 695, + 696, + 697, + 698, + 699, + 700, + 701, + 702, + 703, + 704, + 705, + 706, + 707, + 708, + 709, + 710, + 711, + 712, + 713, + 714, + 715, + 716, + 717, + 718, + 719, + 720, + 721, + 722, + 723, + 724, + 725, + 726, + 727, + 728, + 729, + 730, + 731, + 732, + 733, + 734, + 735, + 736, + 737, + 738, + 739, + 740, + 741, + 742, + 743, + 744, + 745, + 746, + 747, + 748, + 749, + 750, + 751, + 752, + 753, + 754, + 755, + 756, + 757, + 758, + 759, + 760, + 761, + 762, + 763, + 764, + 765, + 766, + 767, + 768, + 769, + 770, + 771, + 772, + 773, + 774, + 775, + 776, + 777, + 778, + 779, + 780, + 781, + 782, + 783, + 784, + 785, + 786, + 787, + 788, + 789, + 790, + 791, + 792, + 793, + 794, + 795, + 796, + 797, + 798, + 799, + 800, + 801, + 802, + 803, + 804, + 805, + 806, + 807, + 808, + 809, + 810, + 811, + 812, + 813, + 814, + 815, + 816, + 817, + 818, + 819, + 820, + 821, + 822, + 823, + 824, + 825, + 826, + 827, + 828, + 829, + 830, + 831, + 832, + 833, + 834, + 835, + 836, + 837, + 838, + 839, + 840, + 841, + 842, + 843, + 844, + 845, + 846, + 847, + 848, + 849, + 850, + 851, + 852, + 853, + 854, + 855, + 856, + 857, + 858, + 859, + 860, + 861, + 862, + 863, + 864, + 865, + 866, + 867, + 868, + 869, + 870, + 871, + 872, + 873, + 874, + 875, + 876, + 877, + 878, + 879, + 880, + 881, + 882, + 883, + 884, + 885, + 886, + 887, + 888, + 889, + 890, + 891, + 892, + 893, + 894, + 895, + 896, + 897, + 898, + 899, + 900, + 901, + 902, + 903, + 904, + 905, + 906, + 907, + 908, + 909, + 910, + 911, + 912, + 913, + 914, + 915, + 916, + 917, + 918, + 919, + 920, + 921, + 922, + 923, + 924, + 925, + 926, + 927, + 928, + 929, + 930, + 931, + 932, + 933, + 934, + 935, + 936, + 937, + 938, + 939, + 940, + 941, + 942, + 943, + 944, + 945, + 946, + 947, + 948, + 949, + 950, + 951, + 952, + 953, + 954, + 955, + 956, + 957, + 958, + 959, + 960, + 961, + 962, + 963, + 964, + 965, + 966, + 967, + 968, + 969, + 970, + 971, + 972, + 973, + 974, + 975, + 976, + 977, + 978, + 979, + 980, + 981, + 982, + 983, + 984, + 985, + 986, + 987, + 988, + 989, + 990, + 991, + 992, + 993, + 994, + 995, + 996, + 997, + 998, + 999, + 1000, + 1001, + 1002, + 1003, + 1004, + 1005, + 1006, + 1007, + 1008, + 1009, + 1010, + 1011, + 1012, + 1013, + 1014, + 1015, + 1016, + 1017, + 1018, + 1019, + 1020, + 1021, + 1022, + 1023, + 1024, + 1025, + 1026, + 1027, + 1028, + 1029, + 1030, + 1031, + 1032, + 1033, + 1034, + 1035, + 1036, + 1037, + 1038, + 1039, + 1040, + 1041, + 1042, + 1043, + 1044, + 1045, + 1046, + 1047, + 1048, + 1049, + 1050, + 1051, + 1052, + 1053, + 1054, + 1055, + 1056, + 1057, + 1058, + 1059, + 1060, + 1061, + 1062, + 1063, + 1064, + 1065, + 1066, + 1067, + 1068, + 1069, + 1070, + 1071, + 1072, + 1073, + 1074, + 1075, + 1076, + 1077, + 1078, + 1079, + 1080, + 1081, + 1082, + 1083, + 1084, + 1085, + 1086, + 1087, + 1088, + 1089, + 1090, + 1091, + 1092, + 1093, + 1094, + 1095, + 1096, + 1097, + 1098, + 1099, + 1100, + 1101, + 1102, + 1103, + 1104, + 1105, + 1106, + 1107, + 1108, + 1109, + 1110, + 1111, + 1112, + 1113, + 1114, + 1115, + 1116, + 1117, + 1118, + 1119, + 1120, + 1121, + 1122, + 1123, + 1124, + 1125, + 1126, + 1127, + 1128, + 1129, + 1130, + 1131, + 1132, + 1133, + 1134, + 1135, + 1136, + 1137, + 1138, + 1139, + 1140, + 1141, + 1142, + 1143, + 1144, + 1145, + 1146, + 1147, + 1148, + 1149, + 1150, + 1151, + 1152, + 1153, + 1154, + 1155, + 1156, + 1157, + 1158, + 1159, + 1160, + 1161, + 1162, + 1163, + 1164, + 1165, + 1166, + 1167, + 1168, + 1169, + 1170, + 1171, + 1172, + 1173, + 1174, + 1175, + 1176, + 1177, + 1178, + 1179, + 1180, + 1181, + 1182, + 1183, + 1184, + 1185, + 1186, + 1187, + 1188, + 1189, + 1190, + 1191, + 1192, + 1193, + 1194, + 1195, + 1196, + 1197, + 1198, + 1199, + 1200, + 1201, + 1202, + 1203, + 1204, + 1205, + 1206, + 1207, + 1208, + 1209, + 1210, + 1211, + 1212, + 1213, + 1214, + 1215, + 1216, + 1217, + 1218, + 1219, + 1220, + 1221, + 1222, + 1223 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "splitDAO(uint256,address)" } - }, - "signature": "splitDAO(uint256,address)" + } + }, + "additional_fields": { + "underlying_type": "variables_written", + "variable_name": "proposals" } }, { "type": "node", - "name": "p.splitData[0].newDAO = createNewDAO(_newCurator)", + "name": "p.splitData[0].rewardToken = rewardToken[address(this)]", "source_mapping": { - "start": 37159, - "length": 49, + "start": 37515, + "length": 55, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 974 + 982 ], "starting_column": 13, - "ending_column": 62 + "ending_column": 68 }, "type_specific_fields": { "parent": { @@ -24280,41 +23811,112 @@ } }, "additional_fields": { - "underlying_type": "external_calls" + "underlying_type": "variables_written", + "variable_name": "proposals" } }, { "type": "node", - "name": "daoCreator.createDAO(_newCurator,0,0,now + splitExecutionPeriod)", + "name": "p.splitData[0].totalSupply = totalSupply", "source_mapping": { - "start": 44544, - "length": 74, + "start": 37584, + "length": 40, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1196 + 983 ], - "starting_column": 9, - "ending_column": 83 + "starting_column": 13, + "ending_column": 53 }, "type_specific_fields": { "parent": { "type": "function", - "name": "createNewDAO", + "name": "splitDAO", "source_mapping": { - "start": 44427, - "length": 198, + "start": 36148, + "length": 2849, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1194, - 1195, - 1196, - 1197 + 947, + 948, + 949, + 950, + 951, + 952, + 953, + 954, + 955, + 956, + 957, + 958, + 959, + 960, + 961, + 962, + 963, + 964, + 965, + 966, + 967, + 968, + 969, + 970, + 971, + 972, + 973, + 974, + 975, + 976, + 977, + 978, + 979, + 980, + 981, + 982, + 983, + 984, + 985, + 986, + 987, + 988, + 989, + 990, + 991, + 992, + 993, + 994, + 995, + 996, + 997, + 998, + 999, + 1000, + 1001, + 1002, + 1003, + 1004, + 1005, + 1006, + 1007, + 1008, + 1009, + 1010, + 1011, + 1012, + 1013, + 1014, + 1015, + 1016, + 1017, + 1018, + 1019, + 1020 ], "starting_column": 5, "ending_column": 6 @@ -24866,29 +24468,30 @@ "ending_column": 2 } }, - "signature": "createNewDAO(address)" + "signature": "splitDAO(uint256,address)" } } }, "additional_fields": { - "underlying_type": "external_calls_sending_eth" + "underlying_type": "variables_written", + "variable_name": "proposals" } }, { "type": "node", - "name": "p.splitData[0].splitBalance = actualBalance()", + "name": "p.proposalPassed = true", "source_mapping": { - "start": 37456, - "length": 45, + "start": 37638, + "length": 23, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 981 + 984 ], "starting_column": 13, - "ending_column": 58 + "ending_column": 36 }, "type_specific_fields": { "parent": { @@ -25535,35 +25138,309 @@ "underlying_type": "variables_written", "variable_name": "proposals" } - }, + } + ], + "description": "Reentrancy in DAO.splitDAO(uint256,address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#947-1020):\n\tExternal calls:\n\t- p.splitData[0].newDAO = createNewDAO(_newCurator) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#974)\n\t\t- daoCreator.createDAO(_newCurator,0,0,now + splitExecutionPeriod) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1196)\n\tState variables written after the call(s):\n\t- p.splitData[0].splitBalance = actualBalance() (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#981)\n\tDAOInterface.proposals (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#394) can be used in cross function reentrancies:\n\t- DAO.DAO(address,DAO_Creator,uint256,uint256,uint256,address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#702-726)\n\t- DAO.checkProposalCode(uint256,address,uint256,bytes) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#809-817)\n\t- DAO.closeProposal(uint256) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#940-945)\n\t- DAO.executeProposal(uint256,bytes) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#853-937)\n\t- DAO.getNewDAOAddress(uint256) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1204-1206)\n\t- DAO.isBlocked(address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1208-1218)\n\t- DAO.newProposal(address,uint256,string,bytes,uint256,bool) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#741-806)\n\t- DAO.numberOfProposals() (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1199-1202)\n\t- DAOInterface.proposals (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#394)\n\t- DAO.splitDAO(uint256,address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#947-1020)\n\t- DAO.vote(uint256,bool) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#820-850)\n\t- p.splitData[0].rewardToken = rewardToken[address(this)] (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#982)\n\tDAOInterface.proposals (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#394) can be used in cross function reentrancies:\n\t- DAO.DAO(address,DAO_Creator,uint256,uint256,uint256,address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#702-726)\n\t- DAO.checkProposalCode(uint256,address,uint256,bytes) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#809-817)\n\t- DAO.closeProposal(uint256) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#940-945)\n\t- DAO.executeProposal(uint256,bytes) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#853-937)\n\t- DAO.getNewDAOAddress(uint256) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1204-1206)\n\t- DAO.isBlocked(address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1208-1218)\n\t- DAO.newProposal(address,uint256,string,bytes,uint256,bool) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#741-806)\n\t- DAO.numberOfProposals() (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1199-1202)\n\t- DAOInterface.proposals (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#394)\n\t- DAO.splitDAO(uint256,address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#947-1020)\n\t- DAO.vote(uint256,bool) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#820-850)\n\t- p.splitData[0].totalSupply = totalSupply (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#983)\n\tDAOInterface.proposals (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#394) can be used in cross function reentrancies:\n\t- DAO.DAO(address,DAO_Creator,uint256,uint256,uint256,address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#702-726)\n\t- DAO.checkProposalCode(uint256,address,uint256,bytes) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#809-817)\n\t- DAO.closeProposal(uint256) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#940-945)\n\t- DAO.executeProposal(uint256,bytes) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#853-937)\n\t- DAO.getNewDAOAddress(uint256) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1204-1206)\n\t- DAO.isBlocked(address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1208-1218)\n\t- DAO.newProposal(address,uint256,string,bytes,uint256,bool) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#741-806)\n\t- DAO.numberOfProposals() (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1199-1202)\n\t- DAOInterface.proposals (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#394)\n\t- DAO.splitDAO(uint256,address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#947-1020)\n\t- DAO.vote(uint256,bool) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#820-850)\n\t- p.proposalPassed = true (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#984)\n\tDAOInterface.proposals (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#394) can be used in cross function reentrancies:\n\t- DAO.DAO(address,DAO_Creator,uint256,uint256,uint256,address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#702-726)\n\t- DAO.checkProposalCode(uint256,address,uint256,bytes) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#809-817)\n\t- DAO.closeProposal(uint256) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#940-945)\n\t- DAO.executeProposal(uint256,bytes) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#853-937)\n\t- DAO.getNewDAOAddress(uint256) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1204-1206)\n\t- DAO.isBlocked(address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1208-1218)\n\t- DAO.newProposal(address,uint256,string,bytes,uint256,bool) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#741-806)\n\t- DAO.numberOfProposals() (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1199-1202)\n\t- DAOInterface.proposals (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#394)\n\t- DAO.splitDAO(uint256,address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#947-1020)\n\t- DAO.vote(uint256,bool) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#820-850)\n", + "markdown": "Reentrancy in [DAO.splitDAO(uint256,address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L947-L1020):\n\tExternal calls:\n\t- [p.splitData[0].newDAO = createNewDAO(_newCurator)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L974)\n\t\t- [daoCreator.createDAO(_newCurator,0,0,now + splitExecutionPeriod)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1196)\n\tState variables written after the call(s):\n\t- [p.splitData[0].splitBalance = actualBalance()](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L981)\n\t[DAOInterface.proposals](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L394) can be used in cross function reentrancies:\n\t- [DAO.DAO(address,DAO_Creator,uint256,uint256,uint256,address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L702-L726)\n\t- [DAO.checkProposalCode(uint256,address,uint256,bytes)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L809-L817)\n\t- [DAO.closeProposal(uint256)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L940-L945)\n\t- [DAO.executeProposal(uint256,bytes)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L853-L937)\n\t- [DAO.getNewDAOAddress(uint256)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1204-L1206)\n\t- [DAO.isBlocked(address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1208-L1218)\n\t- [DAO.newProposal(address,uint256,string,bytes,uint256,bool)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L741-L806)\n\t- [DAO.numberOfProposals()](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1199-L1202)\n\t- [DAOInterface.proposals](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L394)\n\t- [DAO.splitDAO(uint256,address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L947-L1020)\n\t- [DAO.vote(uint256,bool)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L820-L850)\n\t- [p.splitData[0].rewardToken = rewardToken[address(this)]](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L982)\n\t[DAOInterface.proposals](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L394) can be used in cross function reentrancies:\n\t- [DAO.DAO(address,DAO_Creator,uint256,uint256,uint256,address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L702-L726)\n\t- [DAO.checkProposalCode(uint256,address,uint256,bytes)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L809-L817)\n\t- [DAO.closeProposal(uint256)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L940-L945)\n\t- [DAO.executeProposal(uint256,bytes)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L853-L937)\n\t- [DAO.getNewDAOAddress(uint256)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1204-L1206)\n\t- [DAO.isBlocked(address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1208-L1218)\n\t- [DAO.newProposal(address,uint256,string,bytes,uint256,bool)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L741-L806)\n\t- [DAO.numberOfProposals()](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1199-L1202)\n\t- [DAOInterface.proposals](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L394)\n\t- [DAO.splitDAO(uint256,address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L947-L1020)\n\t- [DAO.vote(uint256,bool)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L820-L850)\n\t- [p.splitData[0].totalSupply = totalSupply](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L983)\n\t[DAOInterface.proposals](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L394) can be used in cross function reentrancies:\n\t- [DAO.DAO(address,DAO_Creator,uint256,uint256,uint256,address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L702-L726)\n\t- [DAO.checkProposalCode(uint256,address,uint256,bytes)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L809-L817)\n\t- [DAO.closeProposal(uint256)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L940-L945)\n\t- [DAO.executeProposal(uint256,bytes)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L853-L937)\n\t- [DAO.getNewDAOAddress(uint256)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1204-L1206)\n\t- [DAO.isBlocked(address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1208-L1218)\n\t- [DAO.newProposal(address,uint256,string,bytes,uint256,bool)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L741-L806)\n\t- [DAO.numberOfProposals()](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1199-L1202)\n\t- [DAOInterface.proposals](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L394)\n\t- [DAO.splitDAO(uint256,address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L947-L1020)\n\t- [DAO.vote(uint256,bool)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L820-L850)\n\t- [p.proposalPassed = true](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L984)\n\t[DAOInterface.proposals](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L394) can be used in cross function reentrancies:\n\t- [DAO.DAO(address,DAO_Creator,uint256,uint256,uint256,address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L702-L726)\n\t- [DAO.checkProposalCode(uint256,address,uint256,bytes)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L809-L817)\n\t- [DAO.closeProposal(uint256)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L940-L945)\n\t- [DAO.executeProposal(uint256,bytes)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L853-L937)\n\t- [DAO.getNewDAOAddress(uint256)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1204-L1206)\n\t- [DAO.isBlocked(address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1208-L1218)\n\t- [DAO.newProposal(address,uint256,string,bytes,uint256,bool)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L741-L806)\n\t- [DAO.numberOfProposals()](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1199-L1202)\n\t- [DAOInterface.proposals](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L394)\n\t- [DAO.splitDAO(uint256,address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L947-L1020)\n\t- [DAO.vote(uint256,bool)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L820-L850)\n", + "first_markdown_element": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L947-L1020", + "id": "e68209eb3271625f1c21778f53fe675ae0daaa8c769d3a73d7cc49fc0b9624c0", + "check": "reentrancy-no-eth", + "impact": "Medium", + "confidence": "Medium" + }, + { + "elements": [ { - "type": "node", - "name": "p.splitData[0].rewardToken = rewardToken[address(this)]", + "type": "function", + "name": "withdrawRewardFor", "source_mapping": { - "start": 37515, - "length": 55, + "start": 40361, + "length": 473, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 982 + 1064, + 1065, + 1066, + 1067, + 1068, + 1069, + 1070, + 1071, + 1072, + 1073, + 1074 ], - "starting_column": 13, - "ending_column": 68 + "starting_column": 5, + "ending_column": 6 }, "type_specific_fields": { "parent": { - "type": "function", - "name": "splitDAO", + "type": "contract", + "name": "DAO", "source_mapping": { - "start": 36148, - "length": 2849, + "start": 28296, + "length": 17108, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ + 694, + 695, + 696, + 697, + 698, + 699, + 700, + 701, + 702, + 703, + 704, + 705, + 706, + 707, + 708, + 709, + 710, + 711, + 712, + 713, + 714, + 715, + 716, + 717, + 718, + 719, + 720, + 721, + 722, + 723, + 724, + 725, + 726, + 727, + 728, + 729, + 730, + 731, + 732, + 733, + 734, + 735, + 736, + 737, + 738, + 739, + 740, + 741, + 742, + 743, + 744, + 745, + 746, + 747, + 748, + 749, + 750, + 751, + 752, + 753, + 754, + 755, + 756, + 757, + 758, + 759, + 760, + 761, + 762, + 763, + 764, + 765, + 766, + 767, + 768, + 769, + 770, + 771, + 772, + 773, + 774, + 775, + 776, + 777, + 778, + 779, + 780, + 781, + 782, + 783, + 784, + 785, + 786, + 787, + 788, + 789, + 790, + 791, + 792, + 793, + 794, + 795, + 796, + 797, + 798, + 799, + 800, + 801, + 802, + 803, + 804, + 805, + 806, + 807, + 808, + 809, + 810, + 811, + 812, + 813, + 814, + 815, + 816, + 817, + 818, + 819, + 820, + 821, + 822, + 823, + 824, + 825, + 826, + 827, + 828, + 829, + 830, + 831, + 832, + 833, + 834, + 835, + 836, + 837, + 838, + 839, + 840, + 841, + 842, + 843, + 844, + 845, + 846, + 847, + 848, + 849, + 850, + 851, + 852, + 853, + 854, + 855, + 856, + 857, + 858, + 859, + 860, + 861, + 862, + 863, + 864, + 865, + 866, + 867, + 868, + 869, + 870, + 871, + 872, + 873, + 874, + 875, + 876, + 877, + 878, + 879, + 880, + 881, + 882, + 883, + 884, + 885, + 886, + 887, + 888, + 889, + 890, + 891, + 892, + 893, + 894, + 895, + 896, + 897, + 898, + 899, + 900, + 901, + 902, + 903, + 904, + 905, + 906, + 907, + 908, + 909, + 910, + 911, + 912, + 913, + 914, + 915, + 916, + 917, + 918, + 919, + 920, + 921, + 922, + 923, + 924, + 925, + 926, + 927, + 928, + 929, + 930, + 931, + 932, + 933, + 934, + 935, + 936, + 937, + 938, + 939, + 940, + 941, + 942, + 943, + 944, + 945, + 946, 947, 948, 949, @@ -25637,7 +25514,258 @@ 1017, 1018, 1019, - 1020 + 1020, + 1021, + 1022, + 1023, + 1024, + 1025, + 1026, + 1027, + 1028, + 1029, + 1030, + 1031, + 1032, + 1033, + 1034, + 1035, + 1036, + 1037, + 1038, + 1039, + 1040, + 1041, + 1042, + 1043, + 1044, + 1045, + 1046, + 1047, + 1048, + 1049, + 1050, + 1051, + 1052, + 1053, + 1054, + 1055, + 1056, + 1057, + 1058, + 1059, + 1060, + 1061, + 1062, + 1063, + 1064, + 1065, + 1066, + 1067, + 1068, + 1069, + 1070, + 1071, + 1072, + 1073, + 1074, + 1075, + 1076, + 1077, + 1078, + 1079, + 1080, + 1081, + 1082, + 1083, + 1084, + 1085, + 1086, + 1087, + 1088, + 1089, + 1090, + 1091, + 1092, + 1093, + 1094, + 1095, + 1096, + 1097, + 1098, + 1099, + 1100, + 1101, + 1102, + 1103, + 1104, + 1105, + 1106, + 1107, + 1108, + 1109, + 1110, + 1111, + 1112, + 1113, + 1114, + 1115, + 1116, + 1117, + 1118, + 1119, + 1120, + 1121, + 1122, + 1123, + 1124, + 1125, + 1126, + 1127, + 1128, + 1129, + 1130, + 1131, + 1132, + 1133, + 1134, + 1135, + 1136, + 1137, + 1138, + 1139, + 1140, + 1141, + 1142, + 1143, + 1144, + 1145, + 1146, + 1147, + 1148, + 1149, + 1150, + 1151, + 1152, + 1153, + 1154, + 1155, + 1156, + 1157, + 1158, + 1159, + 1160, + 1161, + 1162, + 1163, + 1164, + 1165, + 1166, + 1167, + 1168, + 1169, + 1170, + 1171, + 1172, + 1173, + 1174, + 1175, + 1176, + 1177, + 1178, + 1179, + 1180, + 1181, + 1182, + 1183, + 1184, + 1185, + 1186, + 1187, + 1188, + 1189, + 1190, + 1191, + 1192, + 1193, + 1194, + 1195, + 1196, + 1197, + 1198, + 1199, + 1200, + 1201, + 1202, + 1203, + 1204, + 1205, + 1206, + 1207, + 1208, + 1209, + 1210, + 1211, + 1212, + 1213, + 1214, + 1215, + 1216, + 1217, + 1218, + 1219, + 1220, + 1221, + 1222, + 1223 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "withdrawRewardFor(address)" + } + }, + { + "type": "node", + "name": "reward = (balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply - paidOut[_account]", + "source_mapping": { + "start": 40581, + "length": 116, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 1068, + 1069 + ], + "starting_column": 9, + "ending_column": 103 + }, + "type_specific_fields": { + "parent": { + "type": "function", + "name": "withdrawRewardFor", + "source_mapping": { + "start": 40361, + "length": 473, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 1064, + 1065, + 1066, + 1067, + 1068, + 1069, + 1070, + 1071, + 1072, + 1073, + 1074 ], "starting_column": 5, "ending_column": 6 @@ -26189,117 +26317,53 @@ "ending_column": 2 } }, - "signature": "splitDAO(uint256,address)" + "signature": "withdrawRewardFor(address)" } } }, "additional_fields": { - "underlying_type": "variables_written", - "variable_name": "proposals" + "underlying_type": "external_calls" } }, { "type": "node", - "name": "p.splitData[0].totalSupply = totalSupply", + "name": "! rewardAccount.payOut(_account,reward)", "source_mapping": { - "start": 37584, - "length": 40, + "start": 40711, + "length": 39, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 983 + 1070 ], "starting_column": 13, - "ending_column": 53 + "ending_column": 52 }, "type_specific_fields": { "parent": { "type": "function", - "name": "splitDAO", + "name": "withdrawRewardFor", "source_mapping": { - "start": 36148, - "length": 2849, + "start": 40361, + "length": 473, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 947, - 948, - 949, - 950, - 951, - 952, - 953, - 954, - 955, - 956, - 957, - 958, - 959, - 960, - 961, - 962, - 963, - 964, - 965, - 966, - 967, - 968, - 969, - 970, - 971, - 972, - 973, - 974, - 975, - 976, - 977, - 978, - 979, - 980, - 981, - 982, - 983, - 984, - 985, - 986, - 987, - 988, - 989, - 990, - 991, - 992, - 993, - 994, - 995, - 996, - 997, - 998, - 999, - 1000, - 1001, - 1002, - 1003, - 1004, - 1005, - 1006, - 1007, - 1008, - 1009, - 1010, - 1011, - 1012, - 1013, - 1014, - 1015, - 1016, - 1017, - 1018, - 1019, - 1020 + 1064, + 1065, + 1066, + 1067, + 1068, + 1069, + 1070, + 1071, + 1072, + 1073, + 1074 ], "starting_column": 5, "ending_column": 6 @@ -26851,117 +26915,53 @@ "ending_column": 2 } }, - "signature": "splitDAO(uint256,address)" + "signature": "withdrawRewardFor(address)" } } }, "additional_fields": { - "underlying_type": "variables_written", - "variable_name": "proposals" + "underlying_type": "external_calls" } }, { "type": "node", - "name": "p.proposalPassed = true", + "name": "paidOut[_account] += reward", "source_mapping": { - "start": 37638, - "length": 23, + "start": 40779, + "length": 27, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 984 + 1072 ], - "starting_column": 13, + "starting_column": 9, "ending_column": 36 }, "type_specific_fields": { "parent": { "type": "function", - "name": "splitDAO", + "name": "withdrawRewardFor", "source_mapping": { - "start": 36148, - "length": 2849, + "start": 40361, + "length": 473, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 947, - 948, - 949, - 950, - 951, - 952, - 953, - 954, - 955, - 956, - 957, - 958, - 959, - 960, - 961, - 962, - 963, - 964, - 965, - 966, - 967, - 968, - 969, - 970, - 971, - 972, - 973, - 974, - 975, - 976, - 977, - 978, - 979, - 980, - 981, - 982, - 983, - 984, - 985, - 986, - 987, - 988, - 989, - 990, - 991, - 992, - 993, - 994, - 995, - 996, - 997, - 998, - 999, - 1000, - 1001, - 1002, - 1003, - 1004, - 1005, - 1006, - 1007, - 1008, - 1009, - 1010, - 1011, - 1012, - 1013, - 1014, - 1015, - 1016, - 1017, - 1018, - 1019, - 1020 + 1064, + 1065, + 1066, + 1067, + 1068, + 1069, + 1070, + 1071, + 1072, + 1073, + 1074 ], "starting_column": 5, "ending_column": 6 @@ -27513,20 +27513,20 @@ "ending_column": 2 } }, - "signature": "splitDAO(uint256,address)" + "signature": "withdrawRewardFor(address)" } } }, "additional_fields": { "underlying_type": "variables_written", - "variable_name": "proposals" + "variable_name": "paidOut" } } ], - "description": "Reentrancy in DAO.splitDAO(uint256,address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#947-1020):\n\tExternal calls:\n\t- p.splitData[0].newDAO = createNewDAO(_newCurator) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#974)\n\t\t- daoCreator.createDAO(_newCurator,0,0,now + splitExecutionPeriod) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1196)\n\tState variables written after the call(s):\n\t- p.splitData[0].splitBalance = actualBalance() (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#981)\n\tDAOInterface.proposals (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#394) can be used in cross function reentrancies:\n\t- DAO.DAO(address,DAO_Creator,uint256,uint256,uint256,address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#702-726)\n\t- DAO.splitDAO(uint256,address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#947-1020)\n\t- DAO.closeProposal(uint256) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#940-945)\n\t- DAO.executeProposal(uint256,bytes) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#853-937)\n\t- DAO.vote(uint256,bool) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#820-850)\n\t- DAO.checkProposalCode(uint256,address,uint256,bytes) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#809-817)\n\t- DAO.isBlocked(address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1208-1218)\n\t- DAO.newProposal(address,uint256,string,bytes,uint256,bool) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#741-806)\n\t- DAOInterface.proposals (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#394)\n\t- DAO.getNewDAOAddress(uint256) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1204-1206)\n\t- DAO.numberOfProposals() (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1199-1202)\n\t- p.splitData[0].rewardToken = rewardToken[address(this)] (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#982)\n\tDAOInterface.proposals (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#394) can be used in cross function reentrancies:\n\t- DAO.DAO(address,DAO_Creator,uint256,uint256,uint256,address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#702-726)\n\t- DAO.splitDAO(uint256,address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#947-1020)\n\t- DAO.closeProposal(uint256) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#940-945)\n\t- DAO.executeProposal(uint256,bytes) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#853-937)\n\t- DAO.vote(uint256,bool) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#820-850)\n\t- DAO.checkProposalCode(uint256,address,uint256,bytes) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#809-817)\n\t- DAO.isBlocked(address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1208-1218)\n\t- DAO.newProposal(address,uint256,string,bytes,uint256,bool) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#741-806)\n\t- DAOInterface.proposals (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#394)\n\t- DAO.getNewDAOAddress(uint256) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1204-1206)\n\t- DAO.numberOfProposals() (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1199-1202)\n\t- p.splitData[0].totalSupply = totalSupply (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#983)\n\tDAOInterface.proposals (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#394) can be used in cross function reentrancies:\n\t- DAO.DAO(address,DAO_Creator,uint256,uint256,uint256,address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#702-726)\n\t- DAO.splitDAO(uint256,address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#947-1020)\n\t- DAO.closeProposal(uint256) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#940-945)\n\t- DAO.executeProposal(uint256,bytes) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#853-937)\n\t- DAO.vote(uint256,bool) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#820-850)\n\t- DAO.checkProposalCode(uint256,address,uint256,bytes) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#809-817)\n\t- DAO.isBlocked(address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1208-1218)\n\t- DAO.newProposal(address,uint256,string,bytes,uint256,bool) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#741-806)\n\t- DAOInterface.proposals (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#394)\n\t- DAO.getNewDAOAddress(uint256) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1204-1206)\n\t- DAO.numberOfProposals() (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1199-1202)\n\t- p.proposalPassed = true (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#984)\n\tDAOInterface.proposals (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#394) can be used in cross function reentrancies:\n\t- DAO.DAO(address,DAO_Creator,uint256,uint256,uint256,address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#702-726)\n\t- DAO.splitDAO(uint256,address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#947-1020)\n\t- DAO.closeProposal(uint256) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#940-945)\n\t- DAO.executeProposal(uint256,bytes) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#853-937)\n\t- DAO.vote(uint256,bool) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#820-850)\n\t- DAO.checkProposalCode(uint256,address,uint256,bytes) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#809-817)\n\t- DAO.isBlocked(address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1208-1218)\n\t- DAO.newProposal(address,uint256,string,bytes,uint256,bool) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#741-806)\n\t- DAOInterface.proposals (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#394)\n\t- DAO.getNewDAOAddress(uint256) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1204-1206)\n\t- DAO.numberOfProposals() (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1199-1202)\n", - "markdown": "Reentrancy in [DAO.splitDAO(uint256,address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L947-L1020):\n\tExternal calls:\n\t- [p.splitData[0].newDAO = createNewDAO(_newCurator)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L974)\n\t\t- [daoCreator.createDAO(_newCurator,0,0,now + splitExecutionPeriod)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1196)\n\tState variables written after the call(s):\n\t- [p.splitData[0].splitBalance = actualBalance()](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L981)\n\t[DAOInterface.proposals](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L394) can be used in cross function reentrancies:\n\t- [DAO.DAO(address,DAO_Creator,uint256,uint256,uint256,address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L702-L726)\n\t- [DAO.splitDAO(uint256,address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L947-L1020)\n\t- [DAO.closeProposal(uint256)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L940-L945)\n\t- [DAO.executeProposal(uint256,bytes)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L853-L937)\n\t- [DAO.vote(uint256,bool)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L820-L850)\n\t- [DAO.checkProposalCode(uint256,address,uint256,bytes)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L809-L817)\n\t- [DAO.isBlocked(address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1208-L1218)\n\t- [DAO.newProposal(address,uint256,string,bytes,uint256,bool)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L741-L806)\n\t- [DAOInterface.proposals](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L394)\n\t- [DAO.getNewDAOAddress(uint256)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1204-L1206)\n\t- [DAO.numberOfProposals()](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1199-L1202)\n\t- [p.splitData[0].rewardToken = rewardToken[address(this)]](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L982)\n\t[DAOInterface.proposals](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L394) can be used in cross function reentrancies:\n\t- [DAO.DAO(address,DAO_Creator,uint256,uint256,uint256,address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L702-L726)\n\t- [DAO.splitDAO(uint256,address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L947-L1020)\n\t- [DAO.closeProposal(uint256)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L940-L945)\n\t- [DAO.executeProposal(uint256,bytes)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L853-L937)\n\t- [DAO.vote(uint256,bool)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L820-L850)\n\t- [DAO.checkProposalCode(uint256,address,uint256,bytes)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L809-L817)\n\t- [DAO.isBlocked(address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1208-L1218)\n\t- [DAO.newProposal(address,uint256,string,bytes,uint256,bool)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L741-L806)\n\t- [DAOInterface.proposals](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L394)\n\t- [DAO.getNewDAOAddress(uint256)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1204-L1206)\n\t- [DAO.numberOfProposals()](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1199-L1202)\n\t- [p.splitData[0].totalSupply = totalSupply](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L983)\n\t[DAOInterface.proposals](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L394) can be used in cross function reentrancies:\n\t- [DAO.DAO(address,DAO_Creator,uint256,uint256,uint256,address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L702-L726)\n\t- [DAO.splitDAO(uint256,address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L947-L1020)\n\t- [DAO.closeProposal(uint256)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L940-L945)\n\t- [DAO.executeProposal(uint256,bytes)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L853-L937)\n\t- [DAO.vote(uint256,bool)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L820-L850)\n\t- [DAO.checkProposalCode(uint256,address,uint256,bytes)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L809-L817)\n\t- [DAO.isBlocked(address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1208-L1218)\n\t- [DAO.newProposal(address,uint256,string,bytes,uint256,bool)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L741-L806)\n\t- [DAOInterface.proposals](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L394)\n\t- [DAO.getNewDAOAddress(uint256)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1204-L1206)\n\t- [DAO.numberOfProposals()](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1199-L1202)\n\t- [p.proposalPassed = true](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L984)\n\t[DAOInterface.proposals](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L394) can be used in cross function reentrancies:\n\t- [DAO.DAO(address,DAO_Creator,uint256,uint256,uint256,address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L702-L726)\n\t- [DAO.splitDAO(uint256,address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L947-L1020)\n\t- [DAO.closeProposal(uint256)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L940-L945)\n\t- [DAO.executeProposal(uint256,bytes)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L853-L937)\n\t- [DAO.vote(uint256,bool)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L820-L850)\n\t- [DAO.checkProposalCode(uint256,address,uint256,bytes)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L809-L817)\n\t- [DAO.isBlocked(address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1208-L1218)\n\t- [DAO.newProposal(address,uint256,string,bytes,uint256,bool)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L741-L806)\n\t- [DAOInterface.proposals](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L394)\n\t- [DAO.getNewDAOAddress(uint256)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1204-L1206)\n\t- [DAO.numberOfProposals()](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1199-L1202)\n", - "first_markdown_element": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L947-L1020", - "id": "a29fd7cc3b139b8557f0b567f7d6fd65848b7e89128fcdbd7b170fc326f2d034", + "description": "Reentrancy in DAO.withdrawRewardFor(address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1064-1074):\n\tExternal calls:\n\t- reward = (balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply - paidOut[_account] (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1068-1069)\n\t- ! rewardAccount.payOut(_account,reward) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1070)\n\tState variables written after the call(s):\n\t- paidOut[_account] += reward (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1072)\n\tDAOInterface.paidOut (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#426) can be used in cross function reentrancies:\n\t- DAOInterface.paidOut (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#426)\n\t- DAO.splitDAO(uint256,address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#947-1020)\n\t- DAO.transferPaidOut(address,address,uint256) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1124-1136)\n\t- DAO.withdrawRewardFor(address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1064-1074)\n", + "markdown": "Reentrancy in [DAO.withdrawRewardFor(address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1064-L1074):\n\tExternal calls:\n\t- [reward = (balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply - paidOut[_account]](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1068-L1069)\n\t- [! rewardAccount.payOut(_account,reward)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1070)\n\tState variables written after the call(s):\n\t- [paidOut[_account] += reward](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1072)\n\t[DAOInterface.paidOut](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L426) can be used in cross function reentrancies:\n\t- [DAOInterface.paidOut](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L426)\n\t- [DAO.splitDAO(uint256,address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L947-L1020)\n\t- [DAO.transferPaidOut(address,address,uint256)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1124-L1136)\n\t- [DAO.withdrawRewardFor(address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1064-L1074)\n", + "first_markdown_element": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1064-L1074", + "id": "f722fd06c30754e9f97e39e08629bbfc87c8791397463889c85944b9223026dc", "check": "reentrancy-no-eth", "impact": "Medium", "confidence": "Medium" diff --git a/tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol.0.4.25.ReentrancyReadBeforeWritten.json b/tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol.0.4.25.ReentrancyReadBeforeWritten.json index cd221e264..56e1888f9 100644 --- a/tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol.0.4.25.ReentrancyReadBeforeWritten.json +++ b/tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol.0.4.25.ReentrancyReadBeforeWritten.json @@ -4,22 +4,21 @@ "elements": [ { "type": "function", - "name": "bad0", + "name": "bad1", "source_mapping": { - "start": 326, - "length": 153, + "start": 485, + "length": 158, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol", "is_dependency": false, "lines": [ - 16, - 17, - 18, - 19, - 20, - 21, - 22 + 24, + 25, + 26, + 27, + 28, + 29 ], "starting_column": 5, "ending_column": 6 @@ -78,44 +77,43 @@ "ending_column": 2 } }, - "signature": "bad0()" + "signature": "bad1(address)" } }, { "type": "node", - "name": "! (msg.sender.call())", + "name": "success = msg.sender.call()", "source_mapping": { - "start": 391, - "length": 20, + "start": 560, + "length": 34, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol", "is_dependency": false, "lines": [ - 18 + 26 ], - "starting_column": 13, - "ending_column": 33 + "starting_column": 9, + "ending_column": 43 }, "type_specific_fields": { "parent": { "type": "function", - "name": "bad0", + "name": "bad1", "source_mapping": { - "start": 326, - "length": 153, + "start": 485, + "length": 158, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol", "is_dependency": false, "lines": [ - 16, - 17, - 18, - 19, - 20, - 21, - 22 + 24, + 25, + 26, + 27, + 28, + 29 ], "starting_column": 5, "ending_column": 6 @@ -174,7 +172,7 @@ "ending_column": 2 } }, - "signature": "bad0()" + "signature": "bad1(address)" } } }, @@ -184,39 +182,38 @@ }, { "type": "node", - "name": "notCalled = false", + "name": "bad0()", "source_mapping": { - "start": 455, - "length": 17, + "start": 630, + "length": 6, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol", "is_dependency": false, "lines": [ - 21 + 28 ], "starting_column": 9, - "ending_column": 26 + "ending_column": 15 }, "type_specific_fields": { "parent": { "type": "function", - "name": "bad0", + "name": "bad1", "source_mapping": { - "start": 326, - "length": 153, + "start": 485, + "length": 158, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol", "is_dependency": false, "lines": [ - 16, - 17, - 18, - 19, - 20, - 21, - 22 + 24, + 25, + 26, + 27, + 28, + 29 ], "starting_column": 5, "ending_column": 6 @@ -275,138 +272,49 @@ "ending_column": 2 } }, - "signature": "bad0()" + "signature": "bad1(address)" } } }, "additional_fields": { - "underlying_type": "variables_written", - "variable_name": "notCalled" + "underlying_type": "external_calls" } - } - ], - "description": "Reentrancy in ReentrancyWrite.bad0() (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#16-22):\n\tExternal calls:\n\t- ! (msg.sender.call()) (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#18)\n\tState variables written after the call(s):\n\t- notCalled = false (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#21)\n\tReentrancyWrite.notCalled (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#4) can be used in cross function reentrancies:\n\t- ReentrancyWrite.bad1(address) (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#24-29)\n\t- ReentrancyWrite.good() (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#31-37)\n\t- ReentrancyWrite.bad0() (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#16-22)\n\t- ReentrancyWrite.constructor(address) (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#7-14)\n", - "markdown": "Reentrancy in [ReentrancyWrite.bad0()](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L16-L22):\n\tExternal calls:\n\t- [! (msg.sender.call())](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L18)\n\tState variables written after the call(s):\n\t- [notCalled = false](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L21)\n\t[ReentrancyWrite.notCalled](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L4) can be used in cross function reentrancies:\n\t- [ReentrancyWrite.bad1(address)](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L24-L29)\n\t- [ReentrancyWrite.good()](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L31-L37)\n\t- [ReentrancyWrite.bad0()](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L16-L22)\n\t- [ReentrancyWrite.constructor(address)](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L7-L14)\n", - "first_markdown_element": "tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L16-L22", - "id": "3bc05460c227cccc946c2f7168a6a1c08270f2bb11cae6b62f0126a11c567e4d", - "check": "reentrancy-no-eth", - "impact": "Medium", - "confidence": "Medium" - }, - { - "elements": [ + }, { - "type": "function", - "name": "bad1", + "type": "node", + "name": "! (msg.sender.call())", "source_mapping": { - "start": 485, - "length": 158, + "start": 391, + "length": 20, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol", "is_dependency": false, "lines": [ - 24, - 25, - 26, - 27, - 28, - 29 + 18 ], - "starting_column": 5, - "ending_column": 6 + "starting_column": 13, + "ending_column": 33 }, "type_specific_fields": { "parent": { - "type": "contract", - "name": "ReentrancyWrite", + "type": "function", + "name": "bad0", "source_mapping": { - "start": 28, - "length": 776, + "start": 326, + "length": 153, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol", "is_dependency": false, "lines": [ - 3, - 4, - 5, - 6, - 7, - 8, - 9, - 10, - 11, - 12, - 13, - 14, - 15, 16, 17, 18, 19, 20, 21, - 22, - 23, - 24, - 25, - 26, - 27, - 28, - 29, - 30, - 31, - 32, - 33, - 34, - 35, - 36, - 37, - 38, - 39 - ], - "starting_column": 1, - "ending_column": 2 - } - }, - "signature": "bad1(address)" - } - }, - { - "type": "node", - "name": "success = msg.sender.call()", - "source_mapping": { - "start": 560, - "length": 34, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol", - "is_dependency": false, - "lines": [ - 26 - ], - "starting_column": 9, - "ending_column": 43 - }, - "type_specific_fields": { - "parent": { - "type": "function", - "name": "bad1", - "source_mapping": { - "start": 485, - "length": 158, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol", - "is_dependency": false, - "lines": [ - 24, - 25, - 26, - 27, - 28, - 29 + 22 ], "starting_column": 5, "ending_column": 6 @@ -465,12 +373,12 @@ "ending_column": 2 } }, - "signature": "bad1(address)" + "signature": "bad0()" } } }, "additional_fields": { - "underlying_type": "external_calls" + "underlying_type": "external_calls_sending_eth" } }, { @@ -570,24 +478,25 @@ } }, "additional_fields": { - "underlying_type": "external_calls" + "underlying_type": "variables_written", + "variable_name": "notCalled" } }, { "type": "node", - "name": "! (msg.sender.call())", + "name": "notCalled = false", "source_mapping": { - "start": 391, - "length": 20, + "start": 455, + "length": 17, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol", "is_dependency": false, "lines": [ - 18 + 21 ], - "starting_column": 13, - "ending_column": 33 + "starting_column": 9, + "ending_column": 26 }, "type_specific_fields": { "parent": { @@ -671,43 +580,135 @@ } }, "additional_fields": { - "underlying_type": "external_calls_sending_eth" + "underlying_type": "variables_written", + "variable_name": "notCalled" } - }, + } + ], + "description": "Reentrancy in ReentrancyWrite.bad1(address) (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#24-29):\n\tExternal calls:\n\t- success = msg.sender.call() (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#26)\n\t- bad0() (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#28)\n\t\t- ! (msg.sender.call()) (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#18)\n\tState variables written after the call(s):\n\t- bad0() (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#28)\n\t\t- notCalled = false (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#21)\n\tReentrancyWrite.notCalled (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#4) can be used in cross function reentrancies:\n\t- ReentrancyWrite.bad0() (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#16-22)\n\t- ReentrancyWrite.bad1(address) (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#24-29)\n\t- ReentrancyWrite.constructor(address) (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#7-14)\n\t- ReentrancyWrite.good() (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#31-37)\n", + "markdown": "Reentrancy in [ReentrancyWrite.bad1(address)](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L24-L29):\n\tExternal calls:\n\t- [success = msg.sender.call()](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L26)\n\t- [bad0()](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L28)\n\t\t- [! (msg.sender.call())](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L18)\n\tState variables written after the call(s):\n\t- [bad0()](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L28)\n\t\t- [notCalled = false](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L21)\n\t[ReentrancyWrite.notCalled](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L4) can be used in cross function reentrancies:\n\t- [ReentrancyWrite.bad0()](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L16-L22)\n\t- [ReentrancyWrite.bad1(address)](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L24-L29)\n\t- [ReentrancyWrite.constructor(address)](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L7-L14)\n\t- [ReentrancyWrite.good()](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L31-L37)\n", + "first_markdown_element": "tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L24-L29", + "id": "3abbc9e8f73096dd53d7a40513439b00f2bcfb9c594446c25eb8f0845a83f634", + "check": "reentrancy-no-eth", + "impact": "Medium", + "confidence": "Medium" + }, + { + "elements": [ { - "type": "node", - "name": "bad0()", + "type": "function", + "name": "bad0", "source_mapping": { - "start": 630, - "length": 6, + "start": 326, + "length": 153, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol", "is_dependency": false, "lines": [ - 28 + 16, + 17, + 18, + 19, + 20, + 21, + 22 ], - "starting_column": 9, - "ending_column": 15 + "starting_column": 5, + "ending_column": 6 }, "type_specific_fields": { "parent": { - "type": "function", - "name": "bad1", + "type": "contract", + "name": "ReentrancyWrite", "source_mapping": { - "start": 485, - "length": 158, + "start": 28, + "length": 776, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol", "is_dependency": false, "lines": [ + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, 24, 25, 26, 27, 28, - 29 + 29, + 30, + 31, + 32, + 33, + 34, + 35, + 36, + 37, + 38, + 39 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "bad0()" + } + }, + { + "type": "node", + "name": "! (msg.sender.call())", + "source_mapping": { + "start": 391, + "length": 20, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol", + "is_dependency": false, + "lines": [ + 18 + ], + "starting_column": 13, + "ending_column": 33 + }, + "type_specific_fields": { + "parent": { + "type": "function", + "name": "bad0", + "source_mapping": { + "start": 326, + "length": 153, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol", + "is_dependency": false, + "lines": [ + 16, + 17, + 18, + 19, + 20, + 21, + 22 ], "starting_column": 5, "ending_column": 6 @@ -766,13 +767,12 @@ "ending_column": 2 } }, - "signature": "bad1(address)" + "signature": "bad0()" } } }, "additional_fields": { - "underlying_type": "variables_written", - "variable_name": "notCalled" + "underlying_type": "external_calls" } }, { @@ -878,10 +878,10 @@ } } ], - "description": "Reentrancy in ReentrancyWrite.bad1(address) (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#24-29):\n\tExternal calls:\n\t- success = msg.sender.call() (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#26)\n\t- bad0() (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#28)\n\t\t- ! (msg.sender.call()) (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#18)\n\tState variables written after the call(s):\n\t- bad0() (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#28)\n\t\t- notCalled = false (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#21)\n\tReentrancyWrite.notCalled (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#4) can be used in cross function reentrancies:\n\t- ReentrancyWrite.bad1(address) (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#24-29)\n\t- ReentrancyWrite.good() (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#31-37)\n\t- ReentrancyWrite.bad0() (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#16-22)\n\t- ReentrancyWrite.constructor(address) (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#7-14)\n", - "markdown": "Reentrancy in [ReentrancyWrite.bad1(address)](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L24-L29):\n\tExternal calls:\n\t- [success = msg.sender.call()](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L26)\n\t- [bad0()](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L28)\n\t\t- [! (msg.sender.call())](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L18)\n\tState variables written after the call(s):\n\t- [bad0()](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L28)\n\t\t- [notCalled = false](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L21)\n\t[ReentrancyWrite.notCalled](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L4) can be used in cross function reentrancies:\n\t- [ReentrancyWrite.bad1(address)](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L24-L29)\n\t- [ReentrancyWrite.good()](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L31-L37)\n\t- [ReentrancyWrite.bad0()](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L16-L22)\n\t- [ReentrancyWrite.constructor(address)](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L7-L14)\n", - "first_markdown_element": "tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L24-L29", - "id": "514836811124969afe8a00811a5b65e796b256cc4c2335a2a47b070ceeea6c56", + "description": "Reentrancy in ReentrancyWrite.bad0() (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#16-22):\n\tExternal calls:\n\t- ! (msg.sender.call()) (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#18)\n\tState variables written after the call(s):\n\t- notCalled = false (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#21)\n\tReentrancyWrite.notCalled (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#4) can be used in cross function reentrancies:\n\t- ReentrancyWrite.bad0() (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#16-22)\n\t- ReentrancyWrite.bad1(address) (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#24-29)\n\t- ReentrancyWrite.constructor(address) (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#7-14)\n\t- ReentrancyWrite.good() (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#31-37)\n", + "markdown": "Reentrancy in [ReentrancyWrite.bad0()](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L16-L22):\n\tExternal calls:\n\t- [! (msg.sender.call())](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L18)\n\tState variables written after the call(s):\n\t- [notCalled = false](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L21)\n\t[ReentrancyWrite.notCalled](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L4) can be used in cross function reentrancies:\n\t- [ReentrancyWrite.bad0()](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L16-L22)\n\t- [ReentrancyWrite.bad1(address)](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L24-L29)\n\t- [ReentrancyWrite.constructor(address)](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L7-L14)\n\t- [ReentrancyWrite.good()](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L31-L37)\n", + "first_markdown_element": "tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L16-L22", + "id": "849ca5d32a80a76091f9049ebde3e9267a1c1bc22fd11197246e748b56a31f3b", "check": "reentrancy-no-eth", "impact": "Medium", "confidence": "Medium" diff --git a/tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol.0.5.16.ReentrancyReadBeforeWritten.json b/tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol.0.5.16.ReentrancyReadBeforeWritten.json index bdca823bc..d22a8dc15 100644 --- a/tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol.0.5.16.ReentrancyReadBeforeWritten.json +++ b/tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol.0.5.16.ReentrancyReadBeforeWritten.json @@ -599,10 +599,10 @@ } } ], - "description": "Reentrancy in ReentrancyWrite.bad1(address) (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#25-30):\n\tExternal calls:\n\t- (success) = msg.sender.call() (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#27)\n\t- bad0() (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#29)\n\t\t- (success) = msg.sender.call() (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#18)\n\tState variables written after the call(s):\n\t- bad0() (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#29)\n\t\t- notCalled = false (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#22)\n\tReentrancyWrite.notCalled (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#4) can be used in cross function reentrancies:\n\t- ReentrancyWrite.bad1(address) (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#25-30)\n\t- ReentrancyWrite.good() (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#32-39)\n\t- ReentrancyWrite.constructor(address) (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#7-14)\n\t- ReentrancyWrite.bad0() (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#16-23)\n", - "markdown": "Reentrancy in [ReentrancyWrite.bad1(address)](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L25-L30):\n\tExternal calls:\n\t- [(success) = msg.sender.call()](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L27)\n\t- [bad0()](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L29)\n\t\t- [(success) = msg.sender.call()](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L18)\n\tState variables written after the call(s):\n\t- [bad0()](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L29)\n\t\t- [notCalled = false](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L22)\n\t[ReentrancyWrite.notCalled](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L4) can be used in cross function reentrancies:\n\t- [ReentrancyWrite.bad1(address)](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L25-L30)\n\t- [ReentrancyWrite.good()](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L32-L39)\n\t- [ReentrancyWrite.constructor(address)](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L7-L14)\n\t- [ReentrancyWrite.bad0()](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L16-L23)\n", + "description": "Reentrancy in ReentrancyWrite.bad1(address) (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#25-30):\n\tExternal calls:\n\t- (success) = msg.sender.call() (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#27)\n\t- bad0() (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#29)\n\t\t- (success) = msg.sender.call() (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#18)\n\tState variables written after the call(s):\n\t- bad0() (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#29)\n\t\t- notCalled = false (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#22)\n\tReentrancyWrite.notCalled (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#4) can be used in cross function reentrancies:\n\t- ReentrancyWrite.bad0() (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#16-23)\n\t- ReentrancyWrite.bad1(address) (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#25-30)\n\t- ReentrancyWrite.constructor(address) (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#7-14)\n\t- ReentrancyWrite.good() (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#32-39)\n", + "markdown": "Reentrancy in [ReentrancyWrite.bad1(address)](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L25-L30):\n\tExternal calls:\n\t- [(success) = msg.sender.call()](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L27)\n\t- [bad0()](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L29)\n\t\t- [(success) = msg.sender.call()](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L18)\n\tState variables written after the call(s):\n\t- [bad0()](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L29)\n\t\t- [notCalled = false](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L22)\n\t[ReentrancyWrite.notCalled](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L4) can be used in cross function reentrancies:\n\t- [ReentrancyWrite.bad0()](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L16-L23)\n\t- [ReentrancyWrite.bad1(address)](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L25-L30)\n\t- [ReentrancyWrite.constructor(address)](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L7-L14)\n\t- [ReentrancyWrite.good()](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L32-L39)\n", "first_markdown_element": "tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L25-L30", - "id": "0dd623b92acd7258e533f11a80e357a3b37fd0779dfba04f26838b425911f6aa", + "id": "80cbbc2ca9b1ec618f677d49ad8c55c3e7b458a8f8f2d5083e5388dabf526d6f", "check": "reentrancy-no-eth", "impact": "Medium", "confidence": "Medium" @@ -901,10 +901,10 @@ } } ], - "description": "Reentrancy in ReentrancyWrite.bad0() (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#16-23):\n\tExternal calls:\n\t- (success) = msg.sender.call() (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#18)\n\tState variables written after the call(s):\n\t- notCalled = false (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#22)\n\tReentrancyWrite.notCalled (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#4) can be used in cross function reentrancies:\n\t- ReentrancyWrite.bad1(address) (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#25-30)\n\t- ReentrancyWrite.good() (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#32-39)\n\t- ReentrancyWrite.constructor(address) (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#7-14)\n\t- ReentrancyWrite.bad0() (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#16-23)\n", - "markdown": "Reentrancy in [ReentrancyWrite.bad0()](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L16-L23):\n\tExternal calls:\n\t- [(success) = msg.sender.call()](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L18)\n\tState variables written after the call(s):\n\t- [notCalled = false](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L22)\n\t[ReentrancyWrite.notCalled](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L4) can be used in cross function reentrancies:\n\t- [ReentrancyWrite.bad1(address)](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L25-L30)\n\t- [ReentrancyWrite.good()](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L32-L39)\n\t- [ReentrancyWrite.constructor(address)](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L7-L14)\n\t- [ReentrancyWrite.bad0()](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L16-L23)\n", + "description": "Reentrancy in ReentrancyWrite.bad0() (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#16-23):\n\tExternal calls:\n\t- (success) = msg.sender.call() (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#18)\n\tState variables written after the call(s):\n\t- notCalled = false (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#22)\n\tReentrancyWrite.notCalled (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#4) can be used in cross function reentrancies:\n\t- ReentrancyWrite.bad0() (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#16-23)\n\t- ReentrancyWrite.bad1(address) (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#25-30)\n\t- ReentrancyWrite.constructor(address) (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#7-14)\n\t- ReentrancyWrite.good() (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#32-39)\n", + "markdown": "Reentrancy in [ReentrancyWrite.bad0()](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L16-L23):\n\tExternal calls:\n\t- [(success) = msg.sender.call()](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L18)\n\tState variables written after the call(s):\n\t- [notCalled = false](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L22)\n\t[ReentrancyWrite.notCalled](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L4) can be used in cross function reentrancies:\n\t- [ReentrancyWrite.bad0()](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L16-L23)\n\t- [ReentrancyWrite.bad1(address)](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L25-L30)\n\t- [ReentrancyWrite.constructor(address)](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L7-L14)\n\t- [ReentrancyWrite.good()](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L32-L39)\n", "first_markdown_element": "tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L16-L23", - "id": "93009818ac1279458d7d6da3c2fe118a577b904efb7631d3778b8e3e268ada11", + "id": "aec3401a9ebdcd0961e5a0f704379be83fc18e5c8ea5e98641b0ea1783184a3d", "check": "reentrancy-no-eth", "impact": "Medium", "confidence": "Medium" diff --git a/tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol.0.6.11.ReentrancyReadBeforeWritten.json b/tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol.0.6.11.ReentrancyReadBeforeWritten.json index 54f9cb2f0..b414073d1 100644 --- a/tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol.0.6.11.ReentrancyReadBeforeWritten.json +++ b/tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol.0.6.11.ReentrancyReadBeforeWritten.json @@ -4,21 +4,23 @@ "elements": [ { "type": "function", - "name": "bad1", + "name": "bad0", "source_mapping": { - "start": 530, - "length": 161, + "start": 336, + "length": 188, "filename_relative": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol", "is_dependency": false, "lines": [ - 25, - 26, - 27, - 28, - 29, - 30 + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23 ], "starting_column": 5, "ending_column": 6 @@ -79,21 +81,21 @@ "ending_column": 2 } }, - "signature": "bad1(address)" + "signature": "bad0()" } }, { "type": "node", "name": "(success) = msg.sender.call()", "source_mapping": { - "start": 605, + "start": 397, "length": 37, "filename_relative": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol", "is_dependency": false, "lines": [ - 27 + 18 ], "starting_column": 9, "ending_column": 46 @@ -101,21 +103,23 @@ "type_specific_fields": { "parent": { "type": "function", - "name": "bad1", + "name": "bad0", "source_mapping": { - "start": 530, - "length": 161, + "start": 336, + "length": 188, "filename_relative": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol", "is_dependency": false, "lines": [ - 25, - 26, - 27, - 28, - 29, - 30 + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23 ], "starting_column": 5, "ending_column": 6 @@ -176,7 +180,7 @@ "ending_column": 2 } }, - "signature": "bad1(address)" + "signature": "bad0()" } } }, @@ -186,38 +190,40 @@ }, { "type": "node", - "name": "bad0()", + "name": "notCalled = false", "source_mapping": { - "start": 678, - "length": 6, + "start": 500, + "length": 17, "filename_relative": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol", "is_dependency": false, "lines": [ - 29 + 22 ], "starting_column": 9, - "ending_column": 15 + "ending_column": 26 }, "type_specific_fields": { "parent": { "type": "function", - "name": "bad1", + "name": "bad0", "source_mapping": { - "start": 530, - "length": 161, + "start": 336, + "length": 188, "filename_relative": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol", "is_dependency": false, "lines": [ - 25, - 26, - 27, - 28, - 29, - 30 + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23 ], "starting_column": 5, "ending_column": 6 @@ -278,42 +284,72 @@ "ending_column": 2 } }, - "signature": "bad1(address)" + "signature": "bad0()" } } }, "additional_fields": { - "underlying_type": "external_calls" + "underlying_type": "variables_written", + "variable_name": "notCalled" } - }, + } + ], + "description": "Reentrancy in ReentrancyWrite.bad0() (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#16-23):\n\tExternal calls:\n\t- (success) = msg.sender.call() (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#18)\n\tState variables written after the call(s):\n\t- notCalled = false (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#22)\n\tReentrancyWrite.notCalled (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#4) can be used in cross function reentrancies:\n\t- ReentrancyWrite.bad0() (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#16-23)\n\t- ReentrancyWrite.bad1(address) (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#25-30)\n\t- ReentrancyWrite.constructor(address) (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#7-14)\n\t- ReentrancyWrite.good() (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#32-39)\n", + "markdown": "Reentrancy in [ReentrancyWrite.bad0()](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L16-L23):\n\tExternal calls:\n\t- [(success) = msg.sender.call()](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L18)\n\tState variables written after the call(s):\n\t- [notCalled = false](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L22)\n\t[ReentrancyWrite.notCalled](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L4) can be used in cross function reentrancies:\n\t- [ReentrancyWrite.bad0()](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L16-L23)\n\t- [ReentrancyWrite.bad1(address)](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L25-L30)\n\t- [ReentrancyWrite.constructor(address)](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L7-L14)\n\t- [ReentrancyWrite.good()](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L32-L39)\n", + "first_markdown_element": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L16-L23", + "id": "92d6df62568c8094a9c5cd5c7e4c7162054281244d3d3a1d4efe7df14d18a35a", + "check": "reentrancy-no-eth", + "impact": "Medium", + "confidence": "Medium" + }, + { + "elements": [ { - "type": "node", - "name": "(success) = msg.sender.call()", + "type": "function", + "name": "bad1", "source_mapping": { - "start": 397, - "length": 37, + "start": 530, + "length": 161, "filename_relative": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol", "is_dependency": false, "lines": [ - 18 + 25, + 26, + 27, + 28, + 29, + 30 ], - "starting_column": 9, - "ending_column": 46 + "starting_column": 5, + "ending_column": 6 }, "type_specific_fields": { "parent": { - "type": "function", - "name": "bad0", + "type": "contract", + "name": "ReentrancyWrite", "source_mapping": { - "start": 336, - "length": 188, + "start": 28, + "length": 859, "filename_relative": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol", "is_dependency": false, "lines": [ + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, 16, 17, 18, @@ -321,7 +357,67 @@ 20, 21, 22, - 23 + 23, + 24, + 25, + 26, + 27, + 28, + 29, + 30, + 31, + 32, + 33, + 34, + 35, + 36, + 37, + 38, + 39, + 40, + 41 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "bad1(address)" + } + }, + { + "type": "node", + "name": "(success) = msg.sender.call()", + "source_mapping": { + "start": 605, + "length": 37, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol", + "is_dependency": false, + "lines": [ + 27 + ], + "starting_column": 9, + "ending_column": 46 + }, + "type_specific_fields": { + "parent": { + "type": "function", + "name": "bad1", + "source_mapping": { + "start": 530, + "length": 161, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol", + "is_dependency": false, + "lines": [ + 25, + 26, + 27, + 28, + 29, + 30 ], "starting_column": 5, "ending_column": 6 @@ -382,12 +478,12 @@ "ending_column": 2 } }, - "signature": "bad0()" + "signature": "bad1(address)" } } }, "additional_fields": { - "underlying_type": "external_calls_sending_eth" + "underlying_type": "external_calls" } }, { @@ -489,25 +585,24 @@ } }, "additional_fields": { - "underlying_type": "variables_written", - "variable_name": "notCalled" + "underlying_type": "external_calls" } }, { "type": "node", - "name": "notCalled = false", + "name": "(success) = msg.sender.call()", "source_mapping": { - "start": 500, - "length": 17, + "start": 397, + "length": 37, "filename_relative": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol", "is_dependency": false, "lines": [ - 22 + 18 ], "starting_column": 9, - "ending_column": 26 + "ending_column": 46 }, "type_specific_fields": { "parent": { @@ -594,139 +689,43 @@ } }, "additional_fields": { - "underlying_type": "variables_written", - "variable_name": "notCalled" + "underlying_type": "external_calls_sending_eth" } - } - ], - "description": "Reentrancy in ReentrancyWrite.bad1(address) (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#25-30):\n\tExternal calls:\n\t- (success) = msg.sender.call() (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#27)\n\t- bad0() (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#29)\n\t\t- (success) = msg.sender.call() (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#18)\n\tState variables written after the call(s):\n\t- bad0() (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#29)\n\t\t- notCalled = false (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#22)\n\tReentrancyWrite.notCalled (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#4) can be used in cross function reentrancies:\n\t- ReentrancyWrite.bad1(address) (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#25-30)\n\t- ReentrancyWrite.bad0() (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#16-23)\n\t- ReentrancyWrite.good() (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#32-39)\n\t- ReentrancyWrite.constructor(address) (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#7-14)\n", - "markdown": "Reentrancy in [ReentrancyWrite.bad1(address)](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L25-L30):\n\tExternal calls:\n\t- [(success) = msg.sender.call()](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L27)\n\t- [bad0()](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L29)\n\t\t- [(success) = msg.sender.call()](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L18)\n\tState variables written after the call(s):\n\t- [bad0()](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L29)\n\t\t- [notCalled = false](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L22)\n\t[ReentrancyWrite.notCalled](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L4) can be used in cross function reentrancies:\n\t- [ReentrancyWrite.bad1(address)](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L25-L30)\n\t- [ReentrancyWrite.bad0()](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L16-L23)\n\t- [ReentrancyWrite.good()](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L32-L39)\n\t- [ReentrancyWrite.constructor(address)](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L7-L14)\n", - "first_markdown_element": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L25-L30", - "id": "232f48650d7bf9469e38dc71c912becdf053b585138ae647ce118e7fd00f172f", - "check": "reentrancy-no-eth", - "impact": "Medium", - "confidence": "Medium" - }, - { - "elements": [ + }, { - "type": "function", - "name": "bad0", + "type": "node", + "name": "bad0()", "source_mapping": { - "start": 336, - "length": 188, + "start": 678, + "length": 6, "filename_relative": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol", "is_dependency": false, "lines": [ - 16, - 17, - 18, - 19, - 20, - 21, - 22, - 23 + 29 ], - "starting_column": 5, - "ending_column": 6 + "starting_column": 9, + "ending_column": 15 }, "type_specific_fields": { "parent": { - "type": "contract", - "name": "ReentrancyWrite", + "type": "function", + "name": "bad1", "source_mapping": { - "start": 28, - "length": 859, + "start": 530, + "length": 161, "filename_relative": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol", "is_dependency": false, "lines": [ - 3, - 4, - 5, - 6, - 7, - 8, - 9, - 10, - 11, - 12, - 13, - 14, - 15, - 16, - 17, - 18, - 19, - 20, - 21, - 22, - 23, - 24, 25, 26, 27, 28, 29, - 30, - 31, - 32, - 33, - 34, - 35, - 36, - 37, - 38, - 39, - 40, - 41 - ], - "starting_column": 1, - "ending_column": 2 - } - }, - "signature": "bad0()" - } - }, - { - "type": "node", - "name": "(success) = msg.sender.call()", - "source_mapping": { - "start": 397, - "length": 37, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol", - "is_dependency": false, - "lines": [ - 18 - ], - "starting_column": 9, - "ending_column": 46 - }, - "type_specific_fields": { - "parent": { - "type": "function", - "name": "bad0", - "source_mapping": { - "start": 336, - "length": 188, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol", - "is_dependency": false, - "lines": [ - 16, - 17, - 18, - 19, - 20, - 21, - 22, - 23 + 30 ], "starting_column": 5, "ending_column": 6 @@ -787,12 +786,13 @@ "ending_column": 2 } }, - "signature": "bad0()" + "signature": "bad1(address)" } } }, "additional_fields": { - "underlying_type": "external_calls" + "underlying_type": "variables_written", + "variable_name": "notCalled" } }, { @@ -901,10 +901,10 @@ } } ], - "description": "Reentrancy in ReentrancyWrite.bad0() (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#16-23):\n\tExternal calls:\n\t- (success) = msg.sender.call() (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#18)\n\tState variables written after the call(s):\n\t- notCalled = false (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#22)\n\tReentrancyWrite.notCalled (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#4) can be used in cross function reentrancies:\n\t- ReentrancyWrite.bad1(address) (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#25-30)\n\t- ReentrancyWrite.bad0() (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#16-23)\n\t- ReentrancyWrite.good() (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#32-39)\n\t- ReentrancyWrite.constructor(address) (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#7-14)\n", - "markdown": "Reentrancy in [ReentrancyWrite.bad0()](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L16-L23):\n\tExternal calls:\n\t- [(success) = msg.sender.call()](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L18)\n\tState variables written after the call(s):\n\t- [notCalled = false](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L22)\n\t[ReentrancyWrite.notCalled](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L4) can be used in cross function reentrancies:\n\t- [ReentrancyWrite.bad1(address)](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L25-L30)\n\t- [ReentrancyWrite.bad0()](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L16-L23)\n\t- [ReentrancyWrite.good()](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L32-L39)\n\t- [ReentrancyWrite.constructor(address)](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L7-L14)\n", - "first_markdown_element": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L16-L23", - "id": "5e64a5802add2be9ad59984ffa00767903dd82e9ce98c639b82ba05cd3d66197", + "description": "Reentrancy in ReentrancyWrite.bad1(address) (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#25-30):\n\tExternal calls:\n\t- (success) = msg.sender.call() (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#27)\n\t- bad0() (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#29)\n\t\t- (success) = msg.sender.call() (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#18)\n\tState variables written after the call(s):\n\t- bad0() (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#29)\n\t\t- notCalled = false (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#22)\n\tReentrancyWrite.notCalled (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#4) can be used in cross function reentrancies:\n\t- ReentrancyWrite.bad0() (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#16-23)\n\t- ReentrancyWrite.bad1(address) (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#25-30)\n\t- ReentrancyWrite.constructor(address) (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#7-14)\n\t- ReentrancyWrite.good() (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#32-39)\n", + "markdown": "Reentrancy in [ReentrancyWrite.bad1(address)](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L25-L30):\n\tExternal calls:\n\t- [(success) = msg.sender.call()](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L27)\n\t- [bad0()](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L29)\n\t\t- [(success) = msg.sender.call()](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L18)\n\tState variables written after the call(s):\n\t- [bad0()](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L29)\n\t\t- [notCalled = false](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L22)\n\t[ReentrancyWrite.notCalled](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L4) can be used in cross function reentrancies:\n\t- [ReentrancyWrite.bad0()](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L16-L23)\n\t- [ReentrancyWrite.bad1(address)](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L25-L30)\n\t- [ReentrancyWrite.constructor(address)](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L7-L14)\n\t- [ReentrancyWrite.good()](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L32-L39)\n", + "first_markdown_element": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L25-L30", + "id": "b0372b9d2879e62eb13c185a89ae1e80653ef3339cb5521630a9717e1592100e", "check": "reentrancy-no-eth", "impact": "Medium", "confidence": "Medium" diff --git a/tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol.0.7.6.ReentrancyReadBeforeWritten.json b/tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol.0.7.6.ReentrancyReadBeforeWritten.json index 8c55f5d56..7c01c5ce0 100644 --- a/tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol.0.7.6.ReentrancyReadBeforeWritten.json +++ b/tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol.0.7.6.ReentrancyReadBeforeWritten.json @@ -294,10 +294,10 @@ } } ], - "description": "Reentrancy in ReentrancyWrite.bad0() (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#20-27):\n\tExternal calls:\n\t- (success) = msg.sender.call() (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#22)\n\tState variables written after the call(s):\n\t- notCalled = false (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#26)\n\tReentrancyWrite.notCalled (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#8) can be used in cross function reentrancies:\n\t- ReentrancyWrite.good() (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#36-43)\n\t- ReentrancyWrite.bad1(address) (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#29-34)\n\t- ReentrancyWrite.constructor(address) (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#11-18)\n\t- ReentrancyWrite.bad0() (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#20-27)\n", - "markdown": "Reentrancy in [ReentrancyWrite.bad0()](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L20-L27):\n\tExternal calls:\n\t- [(success) = msg.sender.call()](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L22)\n\tState variables written after the call(s):\n\t- [notCalled = false](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L26)\n\t[ReentrancyWrite.notCalled](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L8) can be used in cross function reentrancies:\n\t- [ReentrancyWrite.good()](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L36-L43)\n\t- [ReentrancyWrite.bad1(address)](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L29-L34)\n\t- [ReentrancyWrite.constructor(address)](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L11-L18)\n\t- [ReentrancyWrite.bad0()](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L20-L27)\n", + "description": "Reentrancy in ReentrancyWrite.bad0() (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#20-27):\n\tExternal calls:\n\t- (success) = msg.sender.call() (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#22)\n\tState variables written after the call(s):\n\t- notCalled = false (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#26)\n\tReentrancyWrite.notCalled (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#8) can be used in cross function reentrancies:\n\t- ReentrancyWrite.bad0() (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#20-27)\n\t- ReentrancyWrite.bad1(address) (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#29-34)\n\t- ReentrancyWrite.constructor(address) (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#11-18)\n\t- ReentrancyWrite.good() (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#36-43)\n", + "markdown": "Reentrancy in [ReentrancyWrite.bad0()](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L20-L27):\n\tExternal calls:\n\t- [(success) = msg.sender.call()](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L22)\n\tState variables written after the call(s):\n\t- [notCalled = false](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L26)\n\t[ReentrancyWrite.notCalled](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L8) can be used in cross function reentrancies:\n\t- [ReentrancyWrite.bad0()](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L20-L27)\n\t- [ReentrancyWrite.bad1(address)](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L29-L34)\n\t- [ReentrancyWrite.constructor(address)](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L11-L18)\n\t- [ReentrancyWrite.good()](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L36-L43)\n", "first_markdown_element": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L20-L27", - "id": "cf39a28788af70504d3a13236987d1865481df931b5eaac9e9e28b1b826d4ce6", + "id": "24a6dbb0286f86f1dac424bdc447262dcbfda1a1c637c4c0f21885b82eb9af24", "check": "reentrancy-no-eth", "impact": "Medium", "confidence": "Medium" @@ -901,10 +901,10 @@ } } ], - "description": "Reentrancy in ReentrancyWrite.bad1(address) (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#29-34):\n\tExternal calls:\n\t- (success) = msg.sender.call() (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#31)\n\t- bad0() (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#33)\n\t\t- (success) = msg.sender.call() (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#22)\n\tState variables written after the call(s):\n\t- bad0() (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#33)\n\t\t- notCalled = false (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#26)\n\tReentrancyWrite.notCalled (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#8) can be used in cross function reentrancies:\n\t- ReentrancyWrite.good() (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#36-43)\n\t- ReentrancyWrite.bad1(address) (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#29-34)\n\t- ReentrancyWrite.constructor(address) (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#11-18)\n\t- ReentrancyWrite.bad0() (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#20-27)\n", - "markdown": "Reentrancy in [ReentrancyWrite.bad1(address)](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L29-L34):\n\tExternal calls:\n\t- [(success) = msg.sender.call()](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L31)\n\t- [bad0()](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L33)\n\t\t- [(success) = msg.sender.call()](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L22)\n\tState variables written after the call(s):\n\t- [bad0()](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L33)\n\t\t- [notCalled = false](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L26)\n\t[ReentrancyWrite.notCalled](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L8) can be used in cross function reentrancies:\n\t- [ReentrancyWrite.good()](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L36-L43)\n\t- [ReentrancyWrite.bad1(address)](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L29-L34)\n\t- [ReentrancyWrite.constructor(address)](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L11-L18)\n\t- [ReentrancyWrite.bad0()](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L20-L27)\n", + "description": "Reentrancy in ReentrancyWrite.bad1(address) (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#29-34):\n\tExternal calls:\n\t- (success) = msg.sender.call() (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#31)\n\t- bad0() (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#33)\n\t\t- (success) = msg.sender.call() (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#22)\n\tState variables written after the call(s):\n\t- bad0() (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#33)\n\t\t- notCalled = false (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#26)\n\tReentrancyWrite.notCalled (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#8) can be used in cross function reentrancies:\n\t- ReentrancyWrite.bad0() (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#20-27)\n\t- ReentrancyWrite.bad1(address) (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#29-34)\n\t- ReentrancyWrite.constructor(address) (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#11-18)\n\t- ReentrancyWrite.good() (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#36-43)\n", + "markdown": "Reentrancy in [ReentrancyWrite.bad1(address)](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L29-L34):\n\tExternal calls:\n\t- [(success) = msg.sender.call()](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L31)\n\t- [bad0()](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L33)\n\t\t- [(success) = msg.sender.call()](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L22)\n\tState variables written after the call(s):\n\t- [bad0()](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L33)\n\t\t- [notCalled = false](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L26)\n\t[ReentrancyWrite.notCalled](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L8) can be used in cross function reentrancies:\n\t- [ReentrancyWrite.bad0()](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L20-L27)\n\t- [ReentrancyWrite.bad1(address)](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L29-L34)\n\t- [ReentrancyWrite.constructor(address)](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L11-L18)\n\t- [ReentrancyWrite.good()](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L36-L43)\n", "first_markdown_element": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L29-L34", - "id": "dd963c750bf6572ff8ee3e1f804143780370e025262d1f94204f7e82bd26b0e3", + "id": "e8259d1bbe21b2c12ea23f8ed1c67b9a8f63a1828d3b91db1f7b78ddd43ef7d6", "check": "reentrancy-no-eth", "impact": "Medium", "confidence": "Medium" From 4c5a5a89fe911ba18963df478f60713e81c0ef2c Mon Sep 17 00:00:00 2001 From: Josselin Feist Date: Mon, 28 Nov 2022 14:12:59 +0100 Subject: [PATCH 9/9] Fix all_reachable_from_functions --- slither/core/declarations/function.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/slither/core/declarations/function.py b/slither/core/declarations/function.py index face2d364..a4624feec 100644 --- a/slither/core/declarations/function.py +++ b/slither/core/declarations/function.py @@ -1043,13 +1043,13 @@ class Function(SourceMapping, metaclass=ABCMeta): # pylint: disable=too-many-pu new_functions = self.reachable_from_functions # iterate until we have are finding new functions - while new_functions and new_functions not in functions: + while new_functions and not new_functions.issubset(functions): functions = functions.union(new_functions) # Use a temporary set, because we iterate over new_functions new_functionss: Set["Function"] = set() for f in new_functions: new_functionss = new_functionss.union(f.reachable_from_functions) - new_functions = new_functionss + new_functions = new_functionss - functions self._all_reachable_from_functions = functions return self._all_reachable_from_functions