diff --git a/slither/detectors/abstract_detector.py b/slither/detectors/abstract_detector.py index 4ebead96a..778695d85 100644 --- a/slither/detectors/abstract_detector.py +++ b/slither/detectors/abstract_detector.py @@ -46,6 +46,20 @@ classification_txt = { } +def make_solc_versions(minor: int, patch_min: int, patch_max: int) -> List[str]: + """ + Create a list of solc version: [0.minor.patch_min .... 0.minor.patch_max] + """ + return [f"0.{minor}.{x}" for x in range(patch_min, patch_max + 1)] + + +ALL_SOLC_VERSIONS_04 = make_solc_versions(4, 0, 26) +ALL_SOLC_VERSIONS_05 = make_solc_versions(5, 0, 17) +ALL_SOLC_VERSIONS_06 = make_solc_versions(6, 0, 12) +ALL_SOLC_VERSIONS_07 = make_solc_versions(7, 0, 6) +# No VERSIONS_08 as it is still in dev + + class AbstractDetector(metaclass=abc.ABCMeta): ARGUMENT = "" # run the detector with slither.py --ARGUMENT HELP = "" # help information @@ -61,6 +75,10 @@ class AbstractDetector(metaclass=abc.ABCMeta): STANDARD_JSON = True + # list of vulnerable solc versions as strings (e.g. ["0.4.25", "0.5.0"]) + # If the detector is meant to run on all versions, use None + VULNERABLE_SOLC_VERSIONS: Optional[List[str]] = None + def __init__( self, compilation_unit: SlitherCompilationUnit, slither: "Slither", logger: Logger ): @@ -108,6 +126,11 @@ class AbstractDetector(metaclass=abc.ABCMeta): f"WIKI_RECOMMENDATION is not initialized {self.__class__.__name__}" ) + if self.VULNERABLE_SOLC_VERSIONS is not None and not self.VULNERABLE_SOLC_VERSIONS: + raise IncorrectDetectorInitialization( + f"VULNERABLE_SOLC_VERSIONS should not be an empty list {self.__class__.__name__}" + ) + if re.match("^[a-zA-Z0-9_-]*$", self.ARGUMENT) is None: raise IncorrectDetectorInitialization( f"ARGUMENT has illegal character {self.__class__.__name__}" @@ -139,6 +162,11 @@ class AbstractDetector(metaclass=abc.ABCMeta): if self.logger: self.logger.info(self.color(info)) + def _uses_vulnerable_solc_version(self) -> bool: + if self.VULNERABLE_SOLC_VERSIONS: + return self.compilation_unit.solc_version in self.VULNERABLE_SOLC_VERSIONS + return True + @abc.abstractmethod def _detect(self) -> List[Output]: """TODO Documentation""" @@ -147,6 +175,11 @@ class AbstractDetector(metaclass=abc.ABCMeta): # pylint: disable=too-many-branches def detect(self) -> List[Dict]: results: List[Dict] = [] + + # check solc version + if not self._uses_vulnerable_solc_version(): + return results + # only keep valid result, and remove duplicate # Keep only dictionaries for r in [output.data for output in self._detect()]: diff --git a/slither/detectors/attributes/const_functions_asm.py b/slither/detectors/attributes/const_functions_asm.py index cb805afb7..33853c9f4 100644 --- a/slither/detectors/attributes/const_functions_asm.py +++ b/slither/detectors/attributes/const_functions_asm.py @@ -2,7 +2,11 @@ Module detecting constant functions Recursively check the called functions """ -from slither.detectors.abstract_detector import AbstractDetector, DetectorClassification +from slither.detectors.abstract_detector import ( + AbstractDetector, + DetectorClassification, + ALL_SOLC_VERSIONS_04, +) from slither.formatters.attributes.const_functions import custom_format @@ -49,6 +53,8 @@ All the calls to `get` revert, breaking Bob's smart contract execution.""" "Ensure the attributes of contracts compiled prior to Solidity 0.5.0 are correct." ) + VULNERABLE_SOLC_VERSIONS = ALL_SOLC_VERSIONS_04 + def _detect(self): """Detect the constant function using assembly code @@ -57,8 +63,6 @@ All the calls to `get` revert, breaking Bob's smart contract execution.""" list: {'vuln', 'filename,'contract','func','#varsWritten'} """ results = [] - if self.compilation_unit.solc_version and self.compilation_unit.solc_version >= "0.5.0": - return results for c in self.contracts: for f in c.functions: if f.contract_declarer != c: diff --git a/slither/detectors/attributes/const_functions_state.py b/slither/detectors/attributes/const_functions_state.py index 78618c523..a351727cf 100644 --- a/slither/detectors/attributes/const_functions_state.py +++ b/slither/detectors/attributes/const_functions_state.py @@ -2,7 +2,11 @@ Module detecting constant functions Recursively check the called functions """ -from slither.detectors.abstract_detector import AbstractDetector, DetectorClassification +from slither.detectors.abstract_detector import ( + AbstractDetector, + DetectorClassification, + ALL_SOLC_VERSIONS_04, +) from slither.formatters.attributes.const_functions import custom_format @@ -49,6 +53,8 @@ All the calls to `get` revert, breaking Bob's smart contract execution.""" "Ensure that attributes of contracts compiled prior to Solidity 0.5.0 are correct." ) + VULNERABLE_SOLC_VERSIONS = ALL_SOLC_VERSIONS_04 + def _detect(self): """Detect the constant function changing the state @@ -57,8 +63,6 @@ All the calls to `get` revert, breaking Bob's smart contract execution.""" list: {'vuln', 'filename,'contract','func','#varsWritten'} """ results = [] - if self.compilation_unit.solc_version and self.compilation_unit.solc_version >= "0.5.0": - return results for c in self.contracts: for f in c.functions: if f.contract_declarer != c: diff --git a/slither/detectors/compiler_bugs/enum_conversion.py b/slither/detectors/compiler_bugs/enum_conversion.py index 1db166ac2..477188fe0 100644 --- a/slither/detectors/compiler_bugs/enum_conversion.py +++ b/slither/detectors/compiler_bugs/enum_conversion.py @@ -2,23 +2,15 @@ Module detecting dangerous conversion to enum """ -from slither.detectors.abstract_detector import AbstractDetector, DetectorClassification +from slither.detectors.abstract_detector import ( + AbstractDetector, + DetectorClassification, + make_solc_versions, +) from slither.slithir.operations import TypeConversion from slither.core.declarations.enum import Enum -def _uses_vulnerable_solc_version(version): - """Detect if used compiler version is 0.4.[0|1|2|3|4] - Args: - version (solc version used) - Returns: - Bool - """ - if version in ["0.4.0", "0.4.1", "0.4.2", "0.4.3", "0.4.4"]: - return True - return False - - def _detect_dangerous_enum_conversions(contract): """Detect dangerous conversion to enum by checking IR Args: @@ -54,11 +46,11 @@ class EnumConversion(AbstractDetector): ```solidity pragma solidity 0.4.2; contract Test{ - + enum E{a} - + function bug(uint a) public returns(E){ - return E(a); + return E(a); } } ``` @@ -67,12 +59,11 @@ Attackers can trigger unexpected behaviour by calling `bug(1)`.""" WIKI_RECOMMENDATION = "Use a recent compiler version. If `solc` <`0.4.5` is required, check the `enum` conversion range." + VULNERABLE_SOLC_VERSIONS = make_solc_versions(4, 0, 4) + def _detect(self): """Detect dangerous conversion to enum""" results = [] - # If solc version >= 0.4.5 then return - if not _uses_vulnerable_solc_version(self.compilation_unit.solc_version): - return results for c in self.compilation_unit.contracts: ret = _detect_dangerous_enum_conversions(c) diff --git a/slither/detectors/compiler_bugs/public_mapping_nested.py b/slither/detectors/compiler_bugs/public_mapping_nested.py index 5d557ddcc..8e6b6f4a8 100644 --- a/slither/detectors/compiler_bugs/public_mapping_nested.py +++ b/slither/detectors/compiler_bugs/public_mapping_nested.py @@ -2,7 +2,11 @@ Module detecting public mappings with nested variables (returns incorrect values prior to 0.5.x) """ -from slither.detectors.abstract_detector import AbstractDetector, DetectorClassification +from slither.detectors.abstract_detector import ( + AbstractDetector, + DetectorClassification, + ALL_SOLC_VERSIONS_04, +) from slither.core.solidity_types.mapping_type import MappingType from slither.core.solidity_types.user_defined_type import UserDefinedType from slither.core.declarations.structure import Structure @@ -62,6 +66,8 @@ class PublicMappingNested(AbstractDetector): WIKI_EXPLOIT_SCENARIO = """Bob interacts with a contract that has a public mapping with nested structures. The values returned by the mapping are incorrect, breaking Bob's usage""" WIKI_RECOMMENDATION = "Do not use public mapping with nested structures." + VULNERABLE_SOLC_VERSIONS = ALL_SOLC_VERSIONS_04 + def _detect(self): """ Detect public mappings with nested variables (returns incorrect values prior to 0.5.x) @@ -72,14 +78,6 @@ class PublicMappingNested(AbstractDetector): """ results = [] - if self.compilation_unit.solc_version >= "0.5.0": - return [] - - if self.compilation_unit.solc_version and self.compilation_unit.solc_version.startswith( - "0.5." - ): - return [] - for contract in self.contracts: public_nested_mappings = detect_public_nested_mappings(contract) if public_nested_mappings: diff --git a/slither/detectors/compiler_bugs/reused_base_constructor.py b/slither/detectors/compiler_bugs/reused_base_constructor.py index 2ad0b0a6a..9d0b91448 100644 --- a/slither/detectors/compiler_bugs/reused_base_constructor.py +++ b/slither/detectors/compiler_bugs/reused_base_constructor.py @@ -2,7 +2,11 @@ Module detecting re-used base constructors in inheritance hierarchy. """ -from slither.detectors.abstract_detector import AbstractDetector, DetectorClassification +from slither.detectors.abstract_detector import ( + AbstractDetector, + DetectorClassification, + ALL_SOLC_VERSIONS_04, +) # Helper: adds explicitly called constructors with arguments to the results lookup. @@ -71,6 +75,8 @@ The constructor of `A` is called multiple times in `D` and `E`: WIKI_RECOMMENDATION = "Remove the duplicate constructor call." + VULNERABLE_SOLC_VERSIONS = ALL_SOLC_VERSIONS_04 + def _detect_explicitly_called_base_constructors(self, contract): """ Detects explicitly calls to base constructors with arguments in the inheritance hierarchy. @@ -126,10 +132,6 @@ The constructor of `A` is called multiple times in `D` and `E`: results = [] - # The bug is not possible with solc >= 0.5.0 - if not self.compilation_unit.solc_version.startswith("0.4."): - return [] - # Loop for each contract for contract in self.contracts: diff --git a/slither/detectors/compiler_bugs/storage_ABIEncoderV2_array.py b/slither/detectors/compiler_bugs/storage_ABIEncoderV2_array.py index 5045a0e68..59d52760e 100644 --- a/slither/detectors/compiler_bugs/storage_ABIEncoderV2_array.py +++ b/slither/detectors/compiler_bugs/storage_ABIEncoderV2_array.py @@ -2,7 +2,11 @@ Module detecting ABIEncoderV2 array bug """ -from slither.detectors.abstract_detector import AbstractDetector, DetectorClassification +from slither.detectors.abstract_detector import ( + AbstractDetector, + DetectorClassification, + make_solc_versions, +) from slither.core.solidity_types import ArrayType from slither.core.solidity_types import UserDefinedType from slither.core.variables.local_variable import LocalVariable @@ -13,38 +17,6 @@ from slither.slithir.operations import EventCall from slither.slithir.operations import HighLevelCall from slither.utils.utils import unroll -vulnerable_solc_versions = [ - "0.4.7", - "0.4.8", - "0.4.9", - "0.4.10", - "0.4.11", - "0.4.12", - "0.4.13", - "0.4.14", - "0.4.15", - "0.4.16", - "0.4.17", - "0.4.18", - "0.4.19", - "0.4.20", - "0.4.21", - "0.4.22", - "0.4.23", - "0.4.24", - "0.4.25", - "0.5.0", - "0.5.1", - "0.5.2", - "0.5.3", - "0.5.4", - "0.5.5", - "0.5.6", - "0.5.7", - "0.5.8", - "0.5.9", -] - class ABIEncoderV2Array(AbstractDetector): """ @@ -80,6 +52,8 @@ contract A { WIKI_RECOMMENDATION = "Use a compiler >= `0.5.10`." + VULNERABLE_SOLC_VERSIONS = make_solc_versions(4, 7, 25) + make_solc_versions(5, 0, 9) + @staticmethod def _detect_storage_abiencoderv2_arrays(contract): """ @@ -130,10 +104,6 @@ contract A { """ results = [] - # Check if vulnerable solc versions are used - if self.compilation_unit.solc_version not in vulnerable_solc_versions: - return results - # Check if pragma experimental ABIEncoderV2 is used if not any( (p.directive[0] == "experimental" and p.directive[1] == "ABIEncoderV2") diff --git a/slither/detectors/compiler_bugs/storage_signed_integer_array.py b/slither/detectors/compiler_bugs/storage_signed_integer_array.py index 408b49905..419c71c87 100644 --- a/slither/detectors/compiler_bugs/storage_signed_integer_array.py +++ b/slither/detectors/compiler_bugs/storage_signed_integer_array.py @@ -2,7 +2,11 @@ Module detecting storage signed integer array bug """ -from slither.detectors.abstract_detector import AbstractDetector, DetectorClassification +from slither.detectors.abstract_detector import ( + AbstractDetector, + DetectorClassification, + make_solc_versions, +) from slither.core.cfg.node import NodeType from slither.core.solidity_types import ArrayType from slither.core.solidity_types.elementary_type import Int, ElementaryType @@ -11,39 +15,6 @@ from slither.core.variables.state_variable import StateVariable from slither.slithir.operations.assignment import Assignment from slither.slithir.operations.init_array import InitArray -vulnerable_solc_versions = [ - "0.4.7", - "0.4.8", - "0.4.9", - "0.4.10", - "0.4.11", - "0.4.12", - "0.4.13", - "0.4.14", - "0.4.15", - "0.4.16", - "0.4.17", - "0.4.18", - "0.4.19", - "0.4.20", - "0.4.21", - "0.4.22", - "0.4.23", - "0.4.24", - "0.4.25", - "0.5.0", - "0.5.1", - "0.5.2", - "0.5.3", - "0.5.4", - "0.5.5", - "0.5.6", - "0.5.7", - "0.5.8", - "0.5.9", - "0.5.10", -] - class StorageSignedIntegerArray(AbstractDetector): """ @@ -61,7 +32,7 @@ class StorageSignedIntegerArray(AbstractDetector): WIKI_TITLE = "Storage Signed Integer Array" # region wiki_description - WIKI_DESCRIPTION = """`solc` versions `0.4.7`-`0.5.10` contain [a compiler bug](https://blog.ethereum.org/2019/06/25/solidity-storage-array-bugs) + WIKI_DESCRIPTION = """`solc` versions `0.4.7`-`0.5.9` contain [a compiler bug](https://blog.ethereum.org/2019/06/25/solidity-storage-array-bugs) leading to incorrect values in signed integer arrays.""" # endregion wiki_description @@ -84,6 +55,8 @@ contract A { WIKI_RECOMMENDATION = "Use a compiler version >= `0.5.10`." + VULNERABLE_SOLC_VERSIONS = make_solc_versions(4, 7, 25) + make_solc_versions(5, 0, 9) + @staticmethod def _is_vulnerable_type(ir): """ @@ -140,8 +113,6 @@ contract A { Detect storage signed integer array init/assignment """ results = [] - if self.compilation_unit.solc_version not in vulnerable_solc_versions: - return results for contract in self.contracts: storage_signed_integer_arrays = self.detect_storage_signed_integer_arrays(contract) for function, node in storage_signed_integer_arrays: diff --git a/slither/detectors/compiler_bugs/uninitialized_function_ptr_in_constructor.py b/slither/detectors/compiler_bugs/uninitialized_function_ptr_in_constructor.py index 69fd45cae..a4d3cb8f2 100644 --- a/slither/detectors/compiler_bugs/uninitialized_function_ptr_in_constructor.py +++ b/slither/detectors/compiler_bugs/uninitialized_function_ptr_in_constructor.py @@ -2,44 +2,15 @@ Module detecting uninitialized function pointer calls in constructors """ -from slither.detectors.abstract_detector import AbstractDetector, DetectorClassification +from slither.detectors.abstract_detector import ( + AbstractDetector, + DetectorClassification, + make_solc_versions, +) from slither.slithir.operations import InternalDynamicCall, OperationWithLValue from slither.slithir.variables import ReferenceVariable from slither.slithir.variables.variable import SlithIRVariable -vulnerable_solc_versions = [ - "0.4.5", - "0.4.6", - "0.4.7", - "0.4.8", - "0.4.9", - "0.4.10", - "0.4.11", - "0.4.12", - "0.4.13", - "0.4.14", - "0.4.15", - "0.4.16", - "0.4.17", - "0.4.18", - "0.4.19", - "0.4.20", - "0.4.21", - "0.4.22", - "0.4.23", - "0.4.24", - "0.4.25", - "0.5.0", - "0.5.1", - "0.5.2", - "0.5.3", - "0.5.4", - "0.5.5", - "0.5.6", - "0.5.7", - "0.5.8", -] - def _get_variables_entrance(function): """ @@ -110,6 +81,8 @@ The call to `a(10)` will lead to unexpected behavior because function pointer `a "Initialize function pointers before calling. Avoid function pointers if possible." ) + VULNERABLE_SOLC_VERSIONS = make_solc_versions(4, 5, 25) + make_solc_versions(5, 0, 8) + @staticmethod def _detect_uninitialized_function_ptr_in_constructor(contract): """ @@ -134,10 +107,6 @@ The call to `a(10)` will lead to unexpected behavior because function pointer `a """ results = [] - # Check if vulnerable solc versions are used - if self.compilation_unit.solc_version not in vulnerable_solc_versions: - return results - for contract in self.compilation_unit.contracts: contract_info = ["Contract ", contract, " \n"] nodes = self._detect_uninitialized_function_ptr_in_constructor(contract) diff --git a/slither/detectors/functions/external_function.py b/slither/detectors/functions/external_function.py index 631e5ffc1..5858c2baf 100644 --- a/slither/detectors/functions/external_function.py +++ b/slither/detectors/functions/external_function.py @@ -5,7 +5,13 @@ from slither.core.declarations.structure import Structure from slither.core.solidity_types.array_type import ArrayType from slither.core.solidity_types.user_defined_type import UserDefinedType from slither.core.variables.variable import Variable -from slither.detectors.abstract_detector import AbstractDetector, DetectorClassification +from slither.detectors.abstract_detector import ( + AbstractDetector, + DetectorClassification, + ALL_SOLC_VERSIONS_04, + ALL_SOLC_VERSIONS_05, + make_solc_versions, +) from slither.formatters.functions.external_function import custom_format from slither.slithir.operations import InternalCall, InternalDynamicCall from slither.slithir.operations import SolidityCall @@ -31,6 +37,10 @@ class ExternalFunction(AbstractDetector): WIKI_DESCRIPTION = "`public` functions that are never called by the contract should be declared `external`, and its immutable parameters should be located in `calldata` to save gas." WIKI_RECOMMENDATION = "Use the `external` attribute for functions never called from the contract, and change the location of immutable parameters to `calldata` to save gas." + VULNERABLE_SOLC_VERSIONS = ( + ALL_SOLC_VERSIONS_04 + ALL_SOLC_VERSIONS_05 + make_solc_versions(6, 0, 8) + ) + @staticmethod def detect_functions_called(contract: Contract) -> List[Function]: """Returns a list of InternallCall, SolidityCall @@ -134,15 +144,6 @@ class ExternalFunction(AbstractDetector): def _detect(self) -> List[Output]: # pylint: disable=too-many-locals,too-many-branches results: List[Output] = [] - # After solc 0.6.9, calldata arguments are allowed in public functions - if self.compilation_unit.solc_version >= "0.7." or self.compilation_unit.solc_version in [ - "0.6.9", - "0.6.10", - "0.6.11", - "0.6.12", - ]: - return results - # Create a set to track contracts with dynamic calls. All contracts with dynamic calls could potentially be # calling functions internally, and thus we can't assume any function in such contracts isn't called by them. dynamic_call_contracts: Set[Contract] = set() diff --git a/slither/detectors/statements/array_length_assignment.py b/slither/detectors/statements/array_length_assignment.py index 93ba36da3..7f875fa9e 100644 --- a/slither/detectors/statements/array_length_assignment.py +++ b/slither/detectors/statements/array_length_assignment.py @@ -2,7 +2,12 @@ Module detecting assignment of array length """ -from slither.detectors.abstract_detector import AbstractDetector, DetectorClassification +from slither.detectors.abstract_detector import ( + AbstractDetector, + DetectorClassification, + ALL_SOLC_VERSIONS_04, + ALL_SOLC_VERSIONS_05, +) from slither.core.cfg.node import NodeType from slither.slithir.operations import Assignment, Length from slither.slithir.variables.reference import ReferenceVariable @@ -103,14 +108,13 @@ Note that storage slots here are indexed via a hash of the indexers; nonetheless Otherwise, thoroughly review the contract to ensure a user-controlled variable cannot reach an array length assignment.""" # endregion wiki_recommendation + VULNERABLE_SOLC_VERSIONS = ALL_SOLC_VERSIONS_04 + ALL_SOLC_VERSIONS_05 + def _detect(self): """ Detect array length assignments """ results = [] - # Starting from 0.6 .length is read only - if self.compilation_unit.solc_version >= "0.6.": - return results for contract in self.contracts: array_length_assignments = detect_array_length_assignment(contract) if array_length_assignments: diff --git a/tests/detectors/storage-array/0.5.10/storage_signed_integer_array.sol.0.5.10.StorageSignedIntegerArray.json b/tests/detectors/storage-array/0.5.10/storage_signed_integer_array.sol.0.5.10.StorageSignedIntegerArray.json index 139c92e55..5825bcacc 100644 --- a/tests/detectors/storage-array/0.5.10/storage_signed_integer_array.sol.0.5.10.StorageSignedIntegerArray.json +++ b/tests/detectors/storage-array/0.5.10/storage_signed_integer_array.sol.0.5.10.StorageSignedIntegerArray.json @@ -1,506 +1,3 @@ [ - [ - { - "elements": [ - { - "type": "contract", - "name": "A", - "source_mapping": { - "start": 25, - "length": 2256, - "filename_relative": "tests/detectors/storage-array/0.5.10/storage_signed_integer_array.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/storage-array/0.5.10/storage_signed_integer_array.sol", - "is_dependency": false, - "lines": [ - 3, - 4, - 5, - 6, - 7, - 8, - 9, - 10, - 11, - 12, - 13, - 14, - 15, - 16, - 17, - 18, - 19, - 20, - 21, - 22, - 23, - 24, - 25, - 26, - 27, - 28, - 29, - 30, - 31, - 32, - 33, - 34, - 35, - 36, - 37, - 38, - 39, - 40, - 41, - 42, - 43, - 44, - 45 - ], - "starting_column": 1, - "ending_column": 2 - } - }, - { - "type": "function", - "name": "bad1", - "source_mapping": { - "start": 601, - "length": 170, - "filename_relative": "tests/detectors/storage-array/0.5.10/storage_signed_integer_array.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/storage-array/0.5.10/storage_signed_integer_array.sol", - "is_dependency": false, - "lines": [ - 15, - 16, - 17 - ], - "starting_column": 3, - "ending_column": 4 - }, - "type_specific_fields": { - "parent": { - "type": "contract", - "name": "A", - "source_mapping": { - "start": 25, - "length": 2256, - "filename_relative": "tests/detectors/storage-array/0.5.10/storage_signed_integer_array.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/storage-array/0.5.10/storage_signed_integer_array.sol", - "is_dependency": false, - "lines": [ - 3, - 4, - 5, - 6, - 7, - 8, - 9, - 10, - 11, - 12, - 13, - 14, - 15, - 16, - 17, - 18, - 19, - 20, - 21, - 22, - 23, - 24, - 25, - 26, - 27, - 28, - 29, - 30, - 31, - 32, - 33, - 34, - 35, - 36, - 37, - 38, - 39, - 40, - 41, - 42, - 43, - 44, - 45 - ], - "starting_column": 1, - "ending_column": 2 - } - }, - "signature": "bad1(int128[3])" - } - }, - { - "type": "node", - "name": "intArray = userArray", - "source_mapping": { - "start": 746, - "length": 20, - "filename_relative": "tests/detectors/storage-array/0.5.10/storage_signed_integer_array.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/storage-array/0.5.10/storage_signed_integer_array.sol", - "is_dependency": false, - "lines": [ - 16 - ], - "starting_column": 5, - "ending_column": 25 - }, - "type_specific_fields": { - "parent": { - "type": "function", - "name": "bad1", - "source_mapping": { - "start": 601, - "length": 170, - "filename_relative": "tests/detectors/storage-array/0.5.10/storage_signed_integer_array.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/storage-array/0.5.10/storage_signed_integer_array.sol", - "is_dependency": false, - "lines": [ - 15, - 16, - 17 - ], - "starting_column": 3, - "ending_column": 4 - }, - "type_specific_fields": { - "parent": { - "type": "contract", - "name": "A", - "source_mapping": { - "start": 25, - "length": 2256, - "filename_relative": "tests/detectors/storage-array/0.5.10/storage_signed_integer_array.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/storage-array/0.5.10/storage_signed_integer_array.sol", - "is_dependency": false, - "lines": [ - 3, - 4, - 5, - 6, - 7, - 8, - 9, - 10, - 11, - 12, - 13, - 14, - 15, - 16, - 17, - 18, - 19, - 20, - 21, - 22, - 23, - 24, - 25, - 26, - 27, - 28, - 29, - 30, - 31, - 32, - 33, - 34, - 35, - 36, - 37, - 38, - 39, - 40, - 41, - 42, - 43, - 44, - 45 - ], - "starting_column": 1, - "ending_column": 2 - } - }, - "signature": "bad1(int128[3])" - } - } - } - } - ], - "description": "Contract A (tests/detectors/storage-array/0.5.10/storage_signed_integer_array.sol#3-45) \n\t- Function A.bad1(int128[3]) (tests/detectors/storage-array/0.5.10/storage_signed_integer_array.sol#15-17)\n\t\t- intArray = userArray (tests/detectors/storage-array/0.5.10/storage_signed_integer_array.sol#16) has a storage signed integer array assignment\n", - "markdown": "Contract [A](tests/detectors/storage-array/0.5.10/storage_signed_integer_array.sol#L3-L45) \n\t- Function [A.bad1(int128[3])](tests/detectors/storage-array/0.5.10/storage_signed_integer_array.sol#L15-L17)\n\t\t- [intArray = userArray](tests/detectors/storage-array/0.5.10/storage_signed_integer_array.sol#L16) has a storage signed integer array assignment\n", - "first_markdown_element": "tests/detectors/storage-array/0.5.10/storage_signed_integer_array.sol#L3-L45", - "id": "7ba5efbfb61ba63a7ac01d376a0cede2fda18c2a2d8604c4a82cccec92ae2bdb", - "check": "storage-array", - "impact": "High", - "confidence": "Medium" - }, - { - "elements": [ - { - "type": "contract", - "name": "A", - "source_mapping": { - "start": 25, - "length": 2256, - "filename_relative": "tests/detectors/storage-array/0.5.10/storage_signed_integer_array.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/storage-array/0.5.10/storage_signed_integer_array.sol", - "is_dependency": false, - "lines": [ - 3, - 4, - 5, - 6, - 7, - 8, - 9, - 10, - 11, - 12, - 13, - 14, - 15, - 16, - 17, - 18, - 19, - 20, - 21, - 22, - 23, - 24, - 25, - 26, - 27, - 28, - 29, - 30, - 31, - 32, - 33, - 34, - 35, - 36, - 37, - 38, - 39, - 40, - 41, - 42, - 43, - 44, - 45 - ], - "starting_column": 1, - "ending_column": 2 - } - }, - { - "type": "function", - "name": "bad0", - "source_mapping": { - "start": 355, - "length": 132, - "filename_relative": "tests/detectors/storage-array/0.5.10/storage_signed_integer_array.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/storage-array/0.5.10/storage_signed_integer_array.sol", - "is_dependency": false, - "lines": [ - 10, - 11, - 12 - ], - "starting_column": 3, - "ending_column": 4 - }, - "type_specific_fields": { - "parent": { - "type": "contract", - "name": "A", - "source_mapping": { - "start": 25, - "length": 2256, - "filename_relative": "tests/detectors/storage-array/0.5.10/storage_signed_integer_array.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/storage-array/0.5.10/storage_signed_integer_array.sol", - "is_dependency": false, - "lines": [ - 3, - 4, - 5, - 6, - 7, - 8, - 9, - 10, - 11, - 12, - 13, - 14, - 15, - 16, - 17, - 18, - 19, - 20, - 21, - 22, - 23, - 24, - 25, - 26, - 27, - 28, - 29, - 30, - 31, - 32, - 33, - 34, - 35, - 36, - 37, - 38, - 39, - 40, - 41, - 42, - 43, - 44, - 45 - ], - "starting_column": 1, - "ending_column": 2 - } - }, - "signature": "bad0()" - } - }, - { - "type": "node", - "name": "intArray = (- 1,- 2,- 3)", - "source_mapping": { - "start": 384, - "length": 23, - "filename_relative": "tests/detectors/storage-array/0.5.10/storage_signed_integer_array.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/storage-array/0.5.10/storage_signed_integer_array.sol", - "is_dependency": false, - "lines": [ - 11 - ], - "starting_column": 5, - "ending_column": 28 - }, - "type_specific_fields": { - "parent": { - "type": "function", - "name": "bad0", - "source_mapping": { - "start": 355, - "length": 132, - "filename_relative": "tests/detectors/storage-array/0.5.10/storage_signed_integer_array.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/storage-array/0.5.10/storage_signed_integer_array.sol", - "is_dependency": false, - "lines": [ - 10, - 11, - 12 - ], - "starting_column": 3, - "ending_column": 4 - }, - "type_specific_fields": { - "parent": { - "type": "contract", - "name": "A", - "source_mapping": { - "start": 25, - "length": 2256, - "filename_relative": "tests/detectors/storage-array/0.5.10/storage_signed_integer_array.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/storage-array/0.5.10/storage_signed_integer_array.sol", - "is_dependency": false, - "lines": [ - 3, - 4, - 5, - 6, - 7, - 8, - 9, - 10, - 11, - 12, - 13, - 14, - 15, - 16, - 17, - 18, - 19, - 20, - 21, - 22, - 23, - 24, - 25, - 26, - 27, - 28, - 29, - 30, - 31, - 32, - 33, - 34, - 35, - 36, - 37, - 38, - 39, - 40, - 41, - 42, - 43, - 44, - 45 - ], - "starting_column": 1, - "ending_column": 2 - } - }, - "signature": "bad0()" - } - } - } - } - ], - "description": "Contract A (tests/detectors/storage-array/0.5.10/storage_signed_integer_array.sol#3-45) \n\t- Function A.bad0() (tests/detectors/storage-array/0.5.10/storage_signed_integer_array.sol#10-12)\n\t\t- intArray = (- 1,- 2,- 3) (tests/detectors/storage-array/0.5.10/storage_signed_integer_array.sol#11) has a storage signed integer array assignment\n", - "markdown": "Contract [A](tests/detectors/storage-array/0.5.10/storage_signed_integer_array.sol#L3-L45) \n\t- Function [A.bad0()](tests/detectors/storage-array/0.5.10/storage_signed_integer_array.sol#L10-L12)\n\t\t- [intArray = (- 1,- 2,- 3)](tests/detectors/storage-array/0.5.10/storage_signed_integer_array.sol#L11) has a storage signed integer array assignment\n", - "first_markdown_element": "tests/detectors/storage-array/0.5.10/storage_signed_integer_array.sol#L3-L45", - "id": "da870be9a396bc52d2f6f8caeb00e6b8809ad1b6fb4c24a019568257b3404a2f", - "check": "storage-array", - "impact": "High", - "confidence": "Medium" - } - ] + [] ] \ No newline at end of file