TheDude
/
slither
mirror of https://github.com/crytic/slither
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

add 0.8.15/0.7.6 tests for disableInitializers

Browse Source
pull/1344/head
plotchy 2 years ago
parent ab778b3fa0
commit 1bec56f64e
11 changed files with 319 additions and 3 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 18
      tests/detectors/unprotected-upgrade/0.7.6/Fixed.sol
  2. 16
      tests/detectors/unprotected-upgrade/0.7.6/Initializable.sol
  3. 14
      tests/detectors/unprotected-upgrade/0.8.15/Buggy.sol
  4. 145
      tests/detectors/unprotected-upgrade/0.8.15/Buggy.sol.0.8.15.UnprotectedUpgradeable.json
  5. 73
      tests/detectors/unprotected-upgrade/0.8.15/Fixed.sol
  6. 3
      tests/detectors/unprotected-upgrade/0.8.15/Fixed.sol.0.8.15.UnprotectedUpgradeable.json
  7. 15
      tests/detectors/unprotected-upgrade/0.8.15/Initializable.sol
  8. 5
      tests/detectors/unprotected-upgrade/0.8.15/OnlyProxy.sol
  9. 15
      tests/detectors/unprotected-upgrade/0.8.15/whitelisted.sol
  10. 3
      tests/detectors/unprotected-upgrade/0.8.15/whitelisted.sol.0.8.15.UnprotectedUpgradeable.json
  11. 15
      tests/test_detectors.py

18
tests/detectors/unprotected-upgrade/0.7.6/Fixed.sol
Unescape View File

@ -47,6 +47,24 @@ contract Fixed2 is Initializable {
owner = msg.sender;
}
function kill() external {
require(msg.sender == owner);
selfdestruct(owner);
}
}
contract Fixed3 is Initializable {
address payable owner;
constructor() {
_disableInitializers();
}
function initialize() external initializer {
require(owner == address(0));
owner = payable(msg.sender);
}
function kill() external {
require(msg.sender == owner);
selfdestruct(owner);

16
tests/detectors/unprotected-upgrade/0.7.6/Initializable.sol
Unescape View File

@ -1,5 +1,15 @@
contract Initializable{
modifier initializer() {
_;
}
uint8 private _initialized;
bool private _initializing;
modifier initializer() {
_;
}
function _disableInitializers() internal virtual {
require(!_initializing, "Initializable: contract is initializing");
if (_initialized < type(uint8).max) {
_initialized = type(uint8).max;
}
}
}

14
tests/detectors/unprotected-upgrade/0.8.15/Buggy.sol
Unescape View File

@ -0,0 +1,14 @@
import "./Initializable.sol";
contract Buggy is Initializable{
address payable owner;
function initialize() external initializer{
require(owner == address(0));
owner = payable(msg.sender);
}
function kill() external{
require(msg.sender == owner);
selfdestruct(owner);
}
}

145
tests/detectors/unprotected-upgrade/0.8.15/Buggy.sol.0.8.15.UnprotectedUpgradeable.json
Unescape View File

@ -0,0 +1,145 @@
[
[
{
"elements": [
{
"type": "contract",
"name": "Buggy",
"source_mapping": {
"start": 31,
"length": 294,
"filename_relative": "tests/detectors/unprotected-upgrade/0.8.15/Buggy.sol",
"filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/unprotected-upgrade/0.8.15/Buggy.sol",
"is_dependency": false,
"lines": [
3,
4,
5,
6,
7,
8,
9,
10,
11,
12,
13,
14
],
"starting_column": 1,
"ending_column": 2
}
},
{
"type": "function",
"name": "initialize",
"source_mapping": {
"start": 96,
"length": 124,
"filename_relative": "tests/detectors/unprotected-upgrade/0.8.15/Buggy.sol",
"filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/unprotected-upgrade/0.8.15/Buggy.sol",
"is_dependency": false,
"lines": [
6,
7,
8,
9
],
"starting_column": 5,
"ending_column": 6
},
"type_specific_fields": {
"parent": {
"type": "contract",
"name": "Buggy",
"source_mapping": {
"start": 31,
"length": 294,
"filename_relative": "tests/detectors/unprotected-upgrade/0.8.15/Buggy.sol",
"filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/unprotected-upgrade/0.8.15/Buggy.sol",
"is_dependency": false,
"lines": [
3,
4,
5,
6,
7,
8,
9,
10,
11,
12,
13,
14
],
"starting_column": 1,
"ending_column": 2
}
},
"signature": "initialize()"
}
},
{
"type": "function",
"name": "kill",
"source_mapping": {
"start": 225,
"length": 98,
"filename_relative": "tests/detectors/unprotected-upgrade/0.8.15/Buggy.sol",
"filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/unprotected-upgrade/0.8.15/Buggy.sol",
"is_dependency": false,
"lines": [
10,
11,
12,
13
],
"starting_column": 5,
"ending_column": 6
},
"type_specific_fields": {
"parent": {
"type": "contract",
"name": "Buggy",
"source_mapping": {
"start": 31,
"length": 294,
"filename_relative": "tests/detectors/unprotected-upgrade/0.8.15/Buggy.sol",
"filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/unprotected-upgrade/0.8.15/Buggy.sol",
"is_dependency": false,
"lines": [
3,
4,
5,
6,
7,
8,
9,
10,
11,
12,
13,
14
],
"starting_column": 1,
"ending_column": 2
}
},
"signature": "kill()"
}
}
],
"description": "Buggy (tests/detectors/unprotected-upgrade/0.8.15/Buggy.sol#3-14) is an upgradeable contract that does not protect its initialize functions: Buggy.initialize() (tests/detectors/unprotected-upgrade/0.8.15/Buggy.sol#6-9). Anyone can delete the contract with: Buggy.kill() (tests/detectors/unprotected-upgrade/0.8.15/Buggy.sol#10-13)",
"markdown": "[Buggy](tests/detectors/unprotected-upgrade/0.8.15/Buggy.sol#L3-L14) is an upgradeable contract that does not protect its initialize functions: [Buggy.initialize()](tests/detectors/unprotected-upgrade/0.8.15/Buggy.sol#L6-L9). Anyone can delete the contract with: [Buggy.kill()](tests/detectors/unprotected-upgrade/0.8.15/Buggy.sol#L10-L13)",
"first_markdown_element": "tests/detectors/unprotected-upgrade/0.8.15/Buggy.sol#L3-L14",
"id": "d85b90230632a30f7ffb5140a791d4a9ae8b0be045c5b27175f3c477e189c08c",
"check": "unprotected-upgrade",
"impact": "High",
"confidence": "High"
}
]
]

73
tests/detectors/unprotected-upgrade/0.8.15/Fixed.sol
Unescape View File

@ -0,0 +1,73 @@
import "./Initializable.sol";
contract Fixed is Initializable{
address payable owner;
constructor() {
owner = payable(msg.sender);
}
function initialize() external initializer{
require(owner == address(0));
owner = payable(msg.sender);
}
function kill() external{
require(msg.sender == owner);
selfdestruct(owner);
}
function other_function() external{
}
}
contract Not_Upgradeable{
}
contract UpgradeableNoDestruct is Initializable{
address payable owner;
constructor() {
owner = payable(msg.sender);
}
function initialize() external initializer{
require(owner == address(0));
owner = payable(msg.sender);
}
}
contract Fixed2 is Initializable {
address payable owner;
constructor() initializer {}
function initialize() external initializer {
require(owner == address(0));
owner = payable(msg.sender);
}
function kill() external {
require(msg.sender == owner);
selfdestruct(owner);
}
}
contract Fixed3 is Initializable {
address payable owner;
constructor() {
_disableInitializers();
}
function initialize() external initializer {
require(owner == address(0));
owner = payable(msg.sender);
}
function kill() external {
require(msg.sender == owner);
selfdestruct(owner);
}
}

3
tests/detectors/unprotected-upgrade/0.8.15/Fixed.sol.0.8.15.UnprotectedUpgradeable.json
Unescape View File

@ -0,0 +1,3 @@
[
[]
]

15
tests/detectors/unprotected-upgrade/0.8.15/Initializable.sol
Unescape View File

@ -0,0 +1,15 @@
contract Initializable {
uint8 private _initialized;
bool private _initializing;
modifier initializer() {
_;
}
function _disableInitializers() internal virtual {
require(!_initializing, "Initializable: contract is initializing");
if (_initialized < type(uint8).max) {
_initialized = type(uint8).max;
}
}
}

5
tests/detectors/unprotected-upgrade/0.8.15/OnlyProxy.sol
Unescape View File

@ -0,0 +1,5 @@
contract OnlyProxy {
modifier onlyProxy() {
_;
}
}

15
tests/detectors/unprotected-upgrade/0.8.15/whitelisted.sol
Unescape View File

@ -0,0 +1,15 @@
import "./Initializable.sol";
import "./OnlyProxy.sol";
contract Whitelisted is Initializable, OnlyProxy{
address payable owner;
function initialize() external initializer onlyProxy {
owner = payable(msg.sender);
}
function kill() external {
require(msg.sender == owner);
selfdestruct(owner);
}
}

3
tests/detectors/unprotected-upgrade/0.8.15/whitelisted.sol.0.8.15.UnprotectedUpgradeable.json
Unescape View File

@ -0,0 +1,3 @@
[
[]
]

15
tests/test_detectors.py
Unescape View File

@ -928,6 +928,21 @@ ALL_TEST_OBJECTS = [
"whitelisted.sol",
"0.7.6",
),
Test(
all_detectors.UnprotectedUpgradeable,
"Buggy.sol",
"0.8.15",
),
Test(
all_detectors.UnprotectedUpgradeable,
"Fixed.sol",
"0.8.15",
),
Test(
all_detectors.UnprotectedUpgradeable,
"whitelisted.sol",
"0.8.15",
),
Test(
all_detectors.ABIEncoderV2Array,
"storage_ABIEncoderV2_array.sol",

Write Preview
Loading…
Cancel
Save