Merge branch 'dev' into detector_for_array_len_caching

.github/workflows/ci.yml

@@ -36,6 +36,7 @@ jobs:
                "etherscan",
                "find_paths",
                "flat",
+               "interface",
                "kspec",
                "printers",
                # "prop"

.github/workflows/pip-audit.yml

@@ -34,6 +34,6 @@ jobs:
           python -m pip install .
 
       - name: Run pip-audit
-        uses: trailofbits/gh-action-pip-audit@v0.0.4
+        uses: pypa/gh-action-pip-audit@v1.0.8
         with:
           virtual-environment: /tmp/pip-audit-env

examples/flat/a.sol

@@ -1,3 +1,9 @@
-contract A{
+pragma solidity 0.8.19;
 
-}
+error RevertIt();
+
+contract Example {
+  function reverts() external pure {
+    revert RevertIt();
+  }
+}

examples/flat/b.sol

@@ -1,5 +1,16 @@
 import "./a.sol";
 
-contract B is A{
+pragma solidity 0.8.19;
 
+enum B {
+  a,
+  b
 }
+
+contract T {
+    Example e = new Example();
+    function b() public returns(uint) {
+        B b = B.a;
+        return 4;
+    }
+}

scripts/ci_test_flat.sh

@@ -1,6 +1,8 @@
 #!/usr/bin/env bash
+shopt -s extglob
 
-### Test slither-prop
+### Test slither-flat
+solc-select use 0.8.19 --always-install
 
 cd examples/flat || exit 1
 
@@ -8,5 +10,11 @@ if ! slither-flat b.sol; then
     echo "slither-flat failed"
     exit 1
 fi
+ 
+SUFFIX="@(sol)"
+if ! solc "crytic-export/flattening/"*$SUFFIX; then
+    echo "solc failed on flattened files"
+    exit 1
+fi
 
 exit 0

scripts/ci_test_interface.sh

@@ -0,0 +1,95 @@
+#!/usr/bin/env bash
+
+### Test slither-interface
+
+DIR_TESTS="tests/tools/interface" 
+
+solc-select use 0.8.19 --always-install
+
+#Test 1 - Etherscan target
+slither-interface WETH9 0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2
+DIFF=$(diff crytic-export/interfaces/IWETH9.sol "$DIR_TESTS/test_1.sol" --strip-trailing-cr)
+if [  "$DIFF" != "" ]
+then
+    echo "slither-interface test 1 failed"
+    cat "crytic-export/interfaces/IWETH9.sol"
+    echo ""
+    cat "$DIR_TESTS/test_1.sol"
+    exit 255
+fi
+
+
+#Test 2 - Local file target
+slither-interface Mock tests/tools/interface/ContractMock.sol
+DIFF=$(diff crytic-export/interfaces/IMock.sol "$DIR_TESTS/test_2.sol" --strip-trailing-cr)
+if [  "$DIFF" != "" ]
+then
+    echo "slither-interface test 2 failed"
+    cat "crytic-export/interfaces/IMock.sol"
+    echo ""
+    cat "$DIR_TESTS/test_2.sol"
+    exit 255
+fi
+
+
+#Test 3 - unroll structs
+slither-interface Mock tests/tools/interface/ContractMock.sol --unroll-structs
+DIFF=$(diff crytic-export/interfaces/IMock.sol "$DIR_TESTS/test_3.sol" --strip-trailing-cr)
+if [  "$DIFF" != "" ]
+then
+    echo "slither-interface test 3 failed"
+    cat "crytic-export/interfaces/IMock.sol"
+    echo ""
+    cat "$DIR_TESTS/test_3.sol"
+    exit 255
+fi
+
+#Test 4 - exclude structs
+slither-interface Mock tests/tools/interface/ContractMock.sol --exclude-structs
+DIFF=$(diff crytic-export/interfaces/IMock.sol "$DIR_TESTS/test_4.sol" --strip-trailing-cr)
+if [  "$DIFF" != "" ]
+then
+    echo "slither-interface test 4 failed"
+    cat "crytic-export/interfaces/IMock.sol"
+    echo ""
+    cat "$DIR_TESTS/test_4.sol"
+    exit 255
+fi
+
+#Test 5 - exclude errors
+slither-interface Mock tests/tools/interface/ContractMock.sol --exclude-errors
+DIFF=$(diff crytic-export/interfaces/IMock.sol "$DIR_TESTS/test_5.sol" --strip-trailing-cr)
+if [  "$DIFF" != "" ]
+then
+    echo "slither-interface test 5 failed"
+    cat "crytic-export/interfaces/IMock.sol"
+    echo ""
+    cat "$DIR_TESTS/test_5.sol"
+    exit 255
+fi
+
+#Test 6 - exclude enums
+slither-interface Mock tests/tools/interface/ContractMock.sol --exclude-enums
+DIFF=$(diff crytic-export/interfaces/IMock.sol "$DIR_TESTS/test_6.sol" --strip-trailing-cr)
+if [  "$DIFF" != "" ]
+then
+    echo "slither-interface test 6 failed"
+    cat "crytic-export/interfaces/IMock.sol"
+    echo ""
+    cat "$DIR_TESTS/test_6.sol"
+    exit 255
+fi
+
+#Test 7 - exclude events
+slither-interface Mock tests/tools/interface/ContractMock.sol --exclude-events
+DIFF=$(diff crytic-export/interfaces/IMock.sol "$DIR_TESTS/test_7.sol" --strip-trailing-cr)
+if [  "$DIFF" != "" ]
+then
+    echo "slither-interface test 7 failed"
+    cat "crytic-export/interfaces/IMock.sol"
+    echo ""
+    cat "$DIR_TESTS/test_7.sol"
+    exit 255
+fi
+
+rm -r crytic-export

setup.py

@@ -13,11 +13,14 @@ setup(
     python_requires=">=3.8",
     install_requires=[
         "packaging",
-        "prettytable>=0.7.2",
+        "prettytable>=3.3.0",
         "pycryptodome>=3.4.6",
         # "crytic-compile>=0.3.1,<0.4.0",
-        "crytic-compile@git+https://github.com/crytic/crytic-compile.git@windows-rel-path#egg=crytic-compile",
+        "crytic-compile@git+https://github.com/crytic/crytic-compile.git@dev#egg=crytic-compile",
         "web3>=6.0.0",
+        "eth-abi>=4.0.0",
+        "eth-typing>=3.0.0",
+        "eth-utils>=2.1.0",
     ],
     extras_require={
         "lint": [
@@ -61,6 +64,7 @@ setup(
             "slither-read-storage = slither.tools.read_storage.__main__:main",
             "slither-doctor = slither.tools.doctor.__main__:main",
             "slither-documentation = slither.tools.documentation.__main__:main",
+            "slither-interface = slither.tools.interface.__main__:main",
         ]
     },
 )

slither/analyses/data_dependency/data_dependency.py

@@ -129,6 +129,7 @@ GENERIC_TAINT = {
     SolidityVariableComposed("msg.value"),
     SolidityVariableComposed("msg.data"),
     SolidityVariableComposed("tx.origin"),
+    SolidityVariableComposed("tx.gasprice"),
 }
 
 

slither/analyses/evm/convert.py

@@ -186,7 +186,7 @@ def generate_source_to_evm_ins_mapping(evm_instructions, srcmap_runtime, slither
             if mapping_item[i] == "":
                 mapping_item[i] = int(prev_mapping[i])
 
-        offset, _length, file_id, _ = mapping_item
+        offset, _length, file_id, *_ = mapping_item
         prev_mapping = mapping_item
 
         if file_id == "-1":

slither/core/compilation_unit.py

@@ -13,7 +13,7 @@ from slither.core.declarations import (
     Function,
     Modifier,
 )
-from slither.core.declarations.custom_error import CustomError
+from slither.core.declarations.custom_error_top_level import CustomErrorTopLevel
 from slither.core.declarations.enum_top_level import EnumTopLevel
 from slither.core.declarations.function_top_level import FunctionTopLevel
 from slither.core.declarations.structure_top_level import StructureTopLevel
@@ -46,7 +46,7 @@ class SlitherCompilationUnit(Context):
         self._using_for_top_level: List[UsingForTopLevel] = []
         self._pragma_directives: List[Pragma] = []
         self._import_directives: List[Import] = []
-        self._custom_errors: List[CustomError] = []
+        self._custom_errors: List[CustomErrorTopLevel] = []
         self._user_defined_value_types: Dict[str, TypeAliasTopLevel] = {}
 
         self._all_functions: Set[Function] = set()
@@ -216,7 +216,7 @@ class SlitherCompilationUnit(Context):
         return self._using_for_top_level
 
     @property
-    def custom_errors(self) -> List[CustomError]:
+    def custom_errors(self) -> List[CustomErrorTopLevel]:
         return self._custom_errors
 
     @property

slither/core/declarations/custom_error.py

@@ -1,8 +1,8 @@
 from typing import List, TYPE_CHECKING, Optional, Type
 
-from slither.core.solidity_types import UserDefinedType
 from slither.core.source_mapping.source_mapping import SourceMapping
 from slither.core.variables.local_variable import LocalVariable
+from slither.utils.type import is_underlying_type_address
 
 if TYPE_CHECKING:
     from slither.core.compilation_unit import SlitherCompilationUnit
@@ -43,10 +43,7 @@ class CustomError(SourceMapping):
 
     @staticmethod
     def _convert_type_for_solidity_signature(t: Optional[Type]) -> str:
-        # pylint: disable=import-outside-toplevel
-        from slither.core.declarations import Contract
-
-        if isinstance(t, UserDefinedType) and isinstance(t.type, Contract):
+        if is_underlying_type_address(t):
             return "address"
         return str(t)
 

slither/core/declarations/solidity_variables.py

@@ -201,6 +201,10 @@ class SolidityCustomRevert(SolidityFunction):
         self._custom_error = custom_error
         self._return_type: List[Union[TypeInformation, ElementaryType]] = []
 
+    @property
+    def custom_error(self) -> CustomError:
+        return self._custom_error
+
     def __eq__(self, other: Any) -> bool:
         return (
             self.__class__ == other.__class__

slither/core/expressions/new_array.py

@@ -1,32 +1,23 @@
-from typing import Union, TYPE_CHECKING
-
+from typing import TYPE_CHECKING
 
 from slither.core.expressions.expression import Expression
-from slither.core.solidity_types.type import Type
 
 if TYPE_CHECKING:
-    from slither.core.solidity_types.elementary_type import ElementaryType
-    from slither.core.solidity_types.type_alias import TypeAliasTopLevel
+    from slither.core.solidity_types.array_type import ArrayType
 
 
 class NewArray(Expression):
-
-    # note: dont conserve the size of the array if provided
-    def __init__(
-        self, depth: int, array_type: Union["TypeAliasTopLevel", "ElementaryType"]
-    ) -> None:
+    def __init__(self, array_type: "ArrayType") -> None:
         super().__init__()
-        assert isinstance(array_type, Type)
-        self._depth: int = depth
-        self._array_type: Type = array_type
+        # pylint: disable=import-outside-toplevel
+        from slither.core.solidity_types.array_type import ArrayType
 
-    @property
-    def array_type(self) -> Type:
-        return self._array_type
+        assert isinstance(array_type, ArrayType)
+        self._array_type = array_type
 
     @property
-    def depth(self) -> int:
-        return self._depth
+    def array_type(self) -> "ArrayType":
+        return self._array_type
 
     def __str__(self):
-        return "new " + str(self._array_type) + "[]" * self._depth
+        return "new " + str(self._array_type)

slither/detectors/all_detectors.py

@@ -90,3 +90,5 @@ from .functions.permit_domain_signature_collision import DomainSeparatorCollisio
 from .functions.codex import Codex
 from .functions.cyclomatic_complexity import CyclomaticComplexity
 from .operations.cache_array_length import CacheArrayLength
+from .statements.incorrect_using_for import IncorrectUsingFor
+from .operations.encode_packed import EncodePackedCollision

slither/detectors/assembly/shift_parameter_mixup.py

@@ -52,7 +52,9 @@ The shift statement will right-shift the constant 8 by `a` bits"""
                     BinaryType.LEFT_SHIFT,
                     BinaryType.RIGHT_SHIFT,
                 ]:
-                    if isinstance(ir.variable_left, Constant):
+                    if isinstance(ir.variable_left, Constant) and not isinstance(
+                        ir.variable_right, Constant
+                    ):
                         info: DETECTOR_INFO = [
                             f,
                             " contains an incorrect shift operation: ",

slither/detectors/operations/encode_packed.py

@@ -0,0 +1,104 @@
+"""
+Module detecting usage of more than one dynamic type in abi.encodePacked() arguments which could lead to collision
+"""
+
+from slither.detectors.abstract_detector import AbstractDetector, DetectorClassification
+from slither.core.declarations.solidity_variables import SolidityFunction
+from slither.slithir.operations import SolidityCall
+from slither.analyses.data_dependency.data_dependency import is_tainted
+from slither.core.solidity_types import ElementaryType
+from slither.core.solidity_types import ArrayType
+
+
+def _is_dynamic_type(arg):
+    """
+    Args:
+        arg (function argument)
+    Returns:
+        Bool
+    """
+    if isinstance(arg.type, ElementaryType) and (arg.type.name in ["string", "bytes"]):
+        return True
+    if isinstance(arg.type, ArrayType) and arg.type.length is None:
+        return True
+
+    return False
+
+
+def _detect_abi_encodePacked_collision(contract):
+    """
+    Args:
+        contract (Contract)
+    Returns:
+        list((Function), (list (Node)))
+    """
+    ret = []
+    # pylint: disable=too-many-nested-blocks
+    for f in contract.functions_and_modifiers_declared:
+        for n in f.nodes:
+            for ir in n.irs:
+                if isinstance(ir, SolidityCall) and ir.function == SolidityFunction(
+                    "abi.encodePacked()"
+                ):
+                    dynamic_type_count = 0
+                    for arg in ir.arguments:
+                        if is_tainted(arg, contract) and _is_dynamic_type(arg):
+                            dynamic_type_count += 1
+                        elif dynamic_type_count > 1:
+                            ret.append((f, n))
+                            dynamic_type_count = 0
+                        else:
+                            dynamic_type_count = 0
+                    if dynamic_type_count > 1:
+                        ret.append((f, n))
+    return ret
+
+
+class EncodePackedCollision(AbstractDetector):
+    """
+    Detect usage of more than one dynamic type in abi.encodePacked() arguments which could to collision
+    """
+
+    ARGUMENT = "encode-packed-collision"
+    HELP = "ABI encodePacked Collision"
+    IMPACT = DetectorClassification.HIGH
+    CONFIDENCE = DetectorClassification.HIGH
+
+    WIKI = (
+        "https://github.com/crytic/slither/wiki/Detector-Documentation#abi-encodePacked-collision"
+    )
+
+    WIKI_TITLE = "ABI encodePacked Collision"
+    WIKI_DESCRIPTION = """Detect collision due to dynamic type usages in `abi.encodePacked`"""
+
+    WIKI_EXPLOIT_SCENARIO = """
+```solidity
+contract Sign {
+    function get_hash_for_signature(string name, string doc) external returns(bytes32) {
+        return keccak256(abi.encodePacked(name, doc));
+    }
+}
+```
+Bob calls `get_hash_for_signature` with (`bob`, `This is the content`). The hash returned is used as an ID.
+Eve creates a collision with the ID using (`bo`, `bThis is the content`) and compromises the system.
+"""
+    WIKI_RECOMMENDATION = """Do not use more than one dynamic type in `abi.encodePacked()`
+(see the [Solidity documentation](https://solidity.readthedocs.io/en/v0.5.10/abi-spec.html?highlight=abi.encodePacked#non-standard-packed-modeDynamic)). 
+Use `abi.encode()`, preferably."""
+
+    def _detect(self):
+        """Detect usage of more than one dynamic type in abi.encodePacked(..) arguments which could lead to collision"""
+        results = []
+        for c in self.compilation_unit.contracts:
+            values = _detect_abi_encodePacked_collision(c)
+            for func, node in values:
+                info = [
+                    func,
+                    " calls abi.encodePacked() with multiple dynamic arguments:\n\t- ",
+                    node,
+                    "\n",
+                ]
+                json = self.generate_result(info)
+                results.append(json)
+
+        return results

slither/detectors/operations/unused_return_values.py

@@ -3,7 +3,7 @@ Module detecting unused return values from external calls
 """
 from typing import List
 
-from slither.core.cfg.node import Node
+from slither.core.cfg.node import Node, NodeType
 from slither.core.declarations import Function
 from slither.core.declarations.function_contract import FunctionContract
 from slither.core.variables.state_variable import StateVariable
@@ -12,8 +12,8 @@ from slither.detectors.abstract_detector import (
     DetectorClassification,
     DETECTOR_INFO,
 )
-from slither.slithir.operations import HighLevelCall
-from slither.slithir.operations.operation import Operation
+from slither.slithir.operations import HighLevelCall, Assignment, Unpack, Operation
+from slither.slithir.variables import TupleVariable
 from slither.utils.output import Output
 
 
@@ -50,13 +50,18 @@ contract MyConc{
     WIKI_RECOMMENDATION = "Ensure that all the return values of the function calls are used."
 
     def _is_instance(self, ir: Operation) -> bool:  # pylint: disable=no-self-use
-        return isinstance(ir, HighLevelCall) and (
-            (
-                isinstance(ir.function, Function)
-                and ir.function.solidity_signature
-                not in ["transfer(address,uint256)", "transferFrom(address,address,uint256)"]
+        return (
+            isinstance(ir, HighLevelCall)
+            and (
+                (
+                    isinstance(ir.function, Function)
+                    and ir.function.solidity_signature
+                    not in ["transfer(address,uint256)", "transferFrom(address,address,uint256)"]
+                )
+                or not isinstance(ir.function, Function)
             )
-            or not isinstance(ir.function, Function)
+            or ir.node.type == NodeType.TRY
+            and isinstance(ir, (Assignment, Unpack))
         )
 
     def detect_unused_return_values(
@@ -71,18 +76,27 @@ contract MyConc{
         """
         values_returned = []
         nodes_origin = {}
+        # pylint: disable=too-many-nested-blocks
         for n in f.nodes:
             for ir in n.irs:
                 if self._is_instance(ir):
                     # if a return value is stored in a state variable, it's ok
                     if ir.lvalue and not isinstance(ir.lvalue, StateVariable):
-                        values_returned.append(ir.lvalue)
+                        values_returned.append((ir.lvalue, None))
                         nodes_origin[ir.lvalue] = ir
+                        if isinstance(ir.lvalue, TupleVariable):
+                            # we iterate the number of elements the tuple has
+                            # and add a (variable, index) in values_returned for each of them
+                            for index in range(len(ir.lvalue.type)):
+                                values_returned.append((ir.lvalue, index))
                 for read in ir.read:
-                    if read in values_returned:
-                        values_returned.remove(read)
-
-        return [nodes_origin[value].node for value in values_returned]
+                    remove = (read, ir.index) if isinstance(ir, Unpack) else (read, None)
+                    if remove in values_returned:
+                        # this is needed to remove the tuple variable when the first time one of its element is used
+                        if remove[1] is not None and (remove[0], None) in values_returned:
+                            values_returned.remove((remove[0], None))
+                        values_returned.remove(remove)
+        return [nodes_origin[value].node for (value, _) in values_returned]
 
     def _detect(self) -> List[Output]:
         """Detect high level calls which return a value that are never used"""

slither/detectors/reentrancy/reentrancy_events.py

@@ -29,24 +29,45 @@ class ReentrancyEvent(Reentrancy):
 
     # region wiki_description
     WIKI_DESCRIPTION = """
-Detection of the [reentrancy bug](https://github.com/trailofbits/not-so-smart-contracts/tree/master/reentrancy).
-Only report reentrancies leading to out-of-order events."""
+Detects [reentrancies](https://github.com/trailofbits/not-so-smart-contracts/tree/master/reentrancy) that allow manipulation of the order or value of events."""
     # endregion wiki_description
 
     # region wiki_exploit_scenario
     WIKI_EXPLOIT_SCENARIO = """
 ```solidity
-    function bug(Called d){
+contract ReentrantContract {
+	function f() external {
+		if (BugReentrancyEvents(msg.sender).counter() == 1) {
+			BugReentrancyEvents(msg.sender).count(this);
+		}
+	}
+}
+contract Counter {
+	uint public counter;
+	event Counter(uint);
+
+}
+contract BugReentrancyEvents is Counter {
+    function count(ReentrantContract d) external {
         counter += 1;
         d.f();
         emit Counter(counter);
     }
+}
+contract NoReentrancyEvents is Counter {
+	function count(ReentrantContract d) external {
+        counter += 1;
+        emit Counter(counter);
+        d.f();
+    }
+}
 ```
 
-If `d.()` re-enters, the `Counter` events will be shown in an incorrect order, which might lead to issues for third parties."""
+If the external call `d.f()` re-enters `BugReentrancyEvents`, the `Counter` events will be incorrect (`Counter(2)`, `Counter(2)`) whereas `NoReentrancyEvents` will correctly emit 
+(`Counter(1)`, `Counter(2)`). This may cause issues for offchain components that rely on the values of events e.g. checking for the amount deposited to a bridge."""
     # endregion wiki_exploit_scenario
 
-    WIKI_RECOMMENDATION = "Apply the [`check-effects-interactions` pattern](http://solidity.readthedocs.io/en/v0.4.21/security-considerations.html#re-entrancy)."
+    WIKI_RECOMMENDATION = "Apply the [`check-effects-interactions` pattern](https://docs.soliditylang.org/en/latest/security-considerations.html#re-entrancy)."
 
     STANDARD_JSON = False
 

slither/detectors/statements/incorrect_strict_equality.py

@@ -31,6 +31,7 @@ from slither.slithir.variables.constant import Constant
 from slither.slithir.variables.local_variable import LocalIRVariable
 from slither.slithir.variables.temporary_ssa import TemporaryVariableSSA
 from slither.utils.output import Output
+from slither.utils.type import is_underlying_type_address
 
 
 class IncorrectStrictEquality(AbstractDetector):
@@ -72,6 +73,19 @@ contract Crowdsale{
     def is_direct_comparison(ir: Operation) -> bool:
         return isinstance(ir, Binary) and ir.type == BinaryType.EQUAL
 
+    @staticmethod
+    def is_not_comparing_addresses(ir: Binary) -> bool:
+        """
+        Comparing addresses strictly should not be flagged.
+        """
+
+        if is_underlying_type_address(ir.variable_left.type) and is_underlying_type_address(
+            ir.variable_right.type
+        ):
+            return False
+
+        return True
+
     @staticmethod
     def is_any_tainted(
         variables: List[
@@ -108,7 +122,6 @@ contract Crowdsale{
                     ):
                         taints.append(ir.lvalue)
                     if isinstance(ir, HighLevelCall):
-                        # print(ir.function.full_name)
                         if (
                             isinstance(ir.function, Function)
                             and ir.function.full_name == "balanceOf(address)"
@@ -125,7 +138,6 @@ contract Crowdsale{
                     if isinstance(ir, Assignment):
                         if ir.rvalue in self.sources_taint:
                             taints.append(ir.lvalue)
-
         return taints
 
     # Retrieve all tainted (node, function) pairs
@@ -145,7 +157,12 @@ contract Crowdsale{
                 for ir in node.irs_ssa:
 
                     # Filter to only tainted equality (==) comparisons
-                    if self.is_direct_comparison(ir) and self.is_any_tainted(ir.used, taints, func):
+                    if (
+                        self.is_direct_comparison(ir)
+                        # Filter out address comparisons which may occur due to lack of field sensitivity in data dependency
+                        and self.is_not_comparing_addresses(ir)
+                        and self.is_any_tainted(ir.used, taints, func)
+                    ):
                         if func not in results:
                             results[func] = []
                         results[func].append(node)

slither/detectors/statements/incorrect_using_for.py

@@ -0,0 +1,223 @@
+from typing import List
+
+from slither.core.declarations import Contract, Structure, Enum
+from slither.core.declarations.using_for_top_level import UsingForTopLevel
+from slither.core.solidity_types import (
+    UserDefinedType,
+    Type,
+    ElementaryType,
+    TypeAlias,
+    MappingType,
+    ArrayType,
+)
+from slither.core.solidity_types.elementary_type import Uint, Int, Byte
+from slither.detectors.abstract_detector import (
+    AbstractDetector,
+    DetectorClassification,
+    DETECTOR_INFO,
+)
+from slither.utils.output import Output
+
+
+def _is_correctly_used(type_: Type, library: Contract) -> bool:
+    """
+    Checks if a `using library for type_` statement is used correctly (that is, does library contain any function
+    with type_ as the first argument).
+    """
+    for f in library.functions:
+        if len(f.parameters) == 0:
+            continue
+        if f.parameters[0].type and not _implicitly_convertible_to(type_, f.parameters[0].type):
+            continue
+        return True
+    return False
+
+
+def _implicitly_convertible_to(type1: Type, type2: Type) -> bool:
+    """
+    Returns True if type1 may be implicitly converted to type2.
+    """
+    if isinstance(type1, TypeAlias) or isinstance(type2, TypeAlias):
+        if isinstance(type1, TypeAlias) and isinstance(type2, TypeAlias):
+            return type1.type == type2.type
+        return False
+
+    if isinstance(type1, UserDefinedType) and isinstance(type2, UserDefinedType):
+        if isinstance(type1.type, Contract) and isinstance(type2.type, Contract):
+            return _implicitly_convertible_to_for_contracts(type1.type, type2.type)
+
+        if isinstance(type1.type, Structure) and isinstance(type2.type, Structure):
+            return type1.type.canonical_name == type2.type.canonical_name
+
+        if isinstance(type1.type, Enum) and isinstance(type2.type, Enum):
+            return type1.type.canonical_name == type2.type.canonical_name
+
+    if isinstance(type1, ElementaryType) and isinstance(type2, ElementaryType):
+        return _implicitly_convertible_to_for_elementary_types(type1, type2)
+
+    if isinstance(type1, MappingType) and isinstance(type2, MappingType):
+        return _implicitly_convertible_to_for_mappings(type1, type2)
+
+    if isinstance(type1, ArrayType) and isinstance(type2, ArrayType):
+        return _implicitly_convertible_to_for_arrays(type1, type2)
+
+    return False
+
+
+def _implicitly_convertible_to_for_arrays(type1: ArrayType, type2: ArrayType) -> bool:
+    """
+    Returns True if type1 may be implicitly converted to type2.
+    """
+    return _implicitly_convertible_to(type1.type, type2.type)
+
+
+def _implicitly_convertible_to_for_mappings(type1: MappingType, type2: MappingType) -> bool:
+    """
+    Returns True if type1 may be implicitly converted to type2.
+    """
+    return type1.type_from == type2.type_from and type1.type_to == type2.type_to
+
+
+def _implicitly_convertible_to_for_elementary_types(
+    type1: ElementaryType, type2: ElementaryType
+) -> bool:
+    """
+    Returns True if type1 may be implicitly converted to type2.
+    """
+    if type1.type == "bool" and type2.type == "bool":
+        return True
+    if type1.type == "string" and type2.type == "string":
+        return True
+    if type1.type == "bytes" and type2.type == "bytes":
+        return True
+    if type1.type == "address" and type2.type == "address":
+        return _implicitly_convertible_to_for_addresses(type1, type2)
+    if type1.type in Uint and type2.type in Uint:
+        return _implicitly_convertible_to_for_uints(type1, type2)
+    if type1.type in Int and type2.type in Int:
+        return _implicitly_convertible_to_for_ints(type1, type2)
+    if (
+        type1.type != "bytes"
+        and type2.type != "bytes"
+        and type1.type in Byte
+        and type2.type in Byte
+    ):
+        return _implicitly_convertible_to_for_bytes(type1, type2)
+    return False
+
+
+def _implicitly_convertible_to_for_bytes(type1: ElementaryType, type2: ElementaryType) -> bool:
+    """
+    Returns True if type1 may be implicitly converted to type2 assuming they are both bytes.
+    """
+    assert type1.type in Byte and type2.type in Byte
+    assert type1.size is not None
+    assert type2.size is not None
+
+    return type1.size <= type2.size
+
+
+def _implicitly_convertible_to_for_addresses(type1: ElementaryType, type2: ElementaryType) -> bool:
+    """
+    Returns True if type1 may be implicitly converted to type2 assuming they are both addresses.
+    """
+    assert type1.type == "address" and type2.type == "address"
+    # payable attribute to be implemented; for now, always return True
+    return True
+
+
+def _implicitly_convertible_to_for_ints(type1: ElementaryType, type2: ElementaryType) -> bool:
+    """
+    Returns True if type1 may be implicitly converted to type2 assuming they are both ints.
+    """
+    assert type1.type in Int and type2.type in Int
+    assert type1.size is not None
+    assert type2.size is not None
+
+    return type1.size <= type2.size
+
+
+def _implicitly_convertible_to_for_uints(type1: ElementaryType, type2: ElementaryType) -> bool:
+    """
+    Returns True if type1 may be implicitly converted to type2 assuming they are both uints.
+    """
+    assert type1.type in Uint and type2.type in Uint
+    assert type1.size is not None
+    assert type2.size is not None
+
+    return type1.size <= type2.size
+
+
+def _implicitly_convertible_to_for_contracts(contract1: Contract, contract2: Contract) -> bool:
+    """
+    Returns True if contract1 may be implicitly converted to contract2.
+    """
+    return contract1 == contract2 or contract2 in contract1.inheritance
+
+
+class IncorrectUsingFor(AbstractDetector):
+    """
+    Detector for incorrect using-for statement usage.
+    """
+
+    ARGUMENT = "incorrect-using-for"
+    HELP = "Detects using-for statement usage when no function from a given library matches a given type"
+    IMPACT = DetectorClassification.INFORMATIONAL
+    CONFIDENCE = DetectorClassification.HIGH
+
+    WIKI = "https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-using-for-usage"
+
+    WIKI_TITLE = "Incorrect usage of using-for statement"
+    WIKI_DESCRIPTION = (
+        "In Solidity, it is possible to use libraries for certain types, by the `using-for` statement "
+        "(`using <library> for <type>`). However, the Solidity compiler doesn't check whether a given "
+        "library has at least one function matching a given type. If it doesn't, such a statement has "
+        "no effect and may be confusing. "
+    )
+
+    # region wiki_exploit_scenario
+    WIKI_EXPLOIT_SCENARIO = """
+    ```solidity
+    library L {
+        function f(bool) public pure {}
+    }
+    
+    using L for uint;
+    ```
+    Such a code will compile despite the fact that `L` has no function with `uint` as its first argument."""
+    # endregion wiki_exploit_scenario
+    WIKI_RECOMMENDATION = (
+        "Make sure that the libraries used in `using-for` statements have at least one function "
+        "matching a type used in these statements. "
+    )
+
+    def _append_result(
+        self, results: List[Output], uf: UsingForTopLevel, type_: Type, library: Contract
+    ) -> None:
+        info: DETECTOR_INFO = [
+            f"using-for statement at {uf.source_mapping} is incorrect - no matching function for {type_} found in ",
+            library,
+            ".\n",
+        ]
+        res = self.generate_result(info)
+        results.append(res)
+
+    def _detect(self) -> List[Output]:
+        results: List[Output] = []
+
+        for uf in self.compilation_unit.using_for_top_level:
+            # UsingForTopLevel.using_for is a dict with a single entry, which is mapped to a list of functions/libraries
+            # the following code extracts the type from using-for and skips using-for statements with functions
+            type_ = list(uf.using_for.keys())[0]
+            for lib_or_fcn in uf.using_for[type_]:
+                # checking for using-for with functions is already performed by the compiler; we only consider libraries
+                if isinstance(lib_or_fcn, UserDefinedType):
+                    lib_or_fcn_type = lib_or_fcn.type
+                    if (
+                        isinstance(type_, Type)
+                        and isinstance(lib_or_fcn_type, Contract)
+                        and not _is_correctly_used(type_, lib_or_fcn_type)
+                    ):
+                        self._append_result(results, uf, type_, lib_or_fcn_type)
+
+        return results

slither/detectors/variables/uninitialized_local_variables.py

@@ -6,7 +6,7 @@
 """
 from typing import List
 
-from slither.core.cfg.node import Node
+from slither.core.cfg.node import Node, NodeType
 from slither.core.declarations.function_contract import FunctionContract
 from slither.detectors.abstract_detector import AbstractDetector, DetectorClassification
 from slither.utils.output import Output
@@ -64,6 +64,15 @@ Bob calls `transfer`. As a result, all Ether is sent to the address `0x0` and is
 
         self.visited_all_paths[node] = list(set(self.visited_all_paths[node] + fathers_context))
 
+        # Remove a local variable declared in a for loop header
+        if (
+            node.type == NodeType.VARIABLE
+            and len(node.sons) == 1  # Should always be true for a node that has a STARTLOOP son
+            and node.sons[0].type == NodeType.STARTLOOP
+        ):
+            if node.variable_declaration in fathers_context:
+                fathers_context.remove(node.variable_declaration)
+
         if self.key in node.context:
             fathers_context += node.context[self.key]
 

slither/slithir/convert.py

@@ -1077,7 +1077,7 @@ def extract_tmp_call(ins: TmpCall, contract: Optional[Contract]) -> Union[Call,
         return op
 
     if isinstance(ins.ori, TmpNewArray):
-        n = NewArray(ins.ori.depth, ins.ori.array_type, ins.lvalue)
+        n = NewArray(ins.ori.array_type, ins.lvalue)
         n.set_expression(ins.expression)
         return n
 
@@ -1363,7 +1363,14 @@ def convert_to_pop(ir: HighLevelCall, node: "Node") -> List[Operation]:
     # TODO the following is equivalent to length.points_to = arr
     # Should it be removed?
     ir_length.lvalue.points_to = arr
-    element_to_delete.set_type(ElementaryType("uint256"))
+    # Note bytes is an ElementaryType not ArrayType so in that case we use ir.destination.type
+    # while in other cases such as uint256[] (ArrayType) we use ir.destination.type.type
+    # in this way we will have the type always set to the corresponding ElementaryType
+    element_to_delete.set_type(
+        ir.destination.type
+        if isinstance(ir.destination.type, ElementaryType)
+        else ir.destination.type.type
+    )
     ir_assign_element_to_delete.set_expression(ir.expression)
     ir_assign_element_to_delete.set_node(ir.node)
     ret.append(ir_assign_element_to_delete)

slither/slithir/operations/assignment.py

@@ -50,5 +50,5 @@ class Assignment(OperationWithLValue):
             points = lvalue.points_to
             while isinstance(points, ReferenceVariable):
                 points = points.points_to
-            return f"{lvalue} (->{points}) := {self.rvalue}({self.rvalue.type})"
+            return f"{lvalue}({lvalue.type}) (->{points}) := {self.rvalue}({self.rvalue.type})"
         return f"{lvalue}({lvalue.type}) := {self.rvalue}({self.rvalue.type})"

slither/slithir/operations/binary.py

@@ -94,7 +94,6 @@ class BinaryType(Enum):
         return self in [
             BinaryType.POWER,
             BinaryType.MULTIPLICATION,
-            BinaryType.MODULO,
             BinaryType.ADDITION,
             BinaryType.SUBTRACTION,
             BinaryType.DIVISION,

slither/slithir/operations/init_array.py

@@ -41,7 +41,7 @@ class InitArray(OperationWithLValue):
         def convert(elem):
             if isinstance(elem, (list,)):
                 return str([convert(x) for x in elem])
-            return str(elem)
+            return f"{elem}({elem.type})"
 
         init_values = convert(self.init_values)
         return f"{self.lvalue}({self.lvalue.type}) =  {init_values}"

slither/slithir/operations/new_array.py

@@ -1,10 +1,10 @@
 from typing import List, Union, TYPE_CHECKING
-from slither.slithir.operations.lvalue import OperationWithLValue
+
+from slither.core.solidity_types.array_type import ArrayType
 from slither.slithir.operations.call import Call
-from slither.core.solidity_types.type import Type
+from slither.slithir.operations.lvalue import OperationWithLValue
 
 if TYPE_CHECKING:
-    from slither.core.solidity_types.type_alias import TypeAliasTopLevel
     from slither.slithir.variables.constant import Constant
     from slither.slithir.variables.temporary import TemporaryVariable
     from slither.slithir.variables.temporary_ssa import TemporaryVariableSSA
@@ -13,29 +13,24 @@ if TYPE_CHECKING:
 class NewArray(Call, OperationWithLValue):
     def __init__(
         self,
-        depth: int,
-        array_type: "TypeAliasTopLevel",
+        array_type: "ArrayType",
         lvalue: Union["TemporaryVariableSSA", "TemporaryVariable"],
     ) -> None:
         super().__init__()
-        assert isinstance(array_type, Type)
-        self._depth = depth
+        assert isinstance(array_type, ArrayType)
         self._array_type = array_type
 
         self._lvalue = lvalue
 
     @property
-    def array_type(self) -> "TypeAliasTopLevel":
+    def array_type(self) -> "ArrayType":
         return self._array_type
 
     @property
     def read(self) -> List["Constant"]:
         return self._unroll(self.arguments)
 
-    @property
-    def depth(self) -> int:
-        return self._depth
-
     def __str__(self):
         args = [str(a) for a in self.arguments]
-        return f"{self.lvalue} = new {self.array_type}{'[]' * self.depth}({','.join(args)})"
+        lvalue = self.lvalue
+        return f"{lvalue}{lvalue.type})  = new {self.array_type}({','.join(args)})"

slither/slithir/operations/new_contract.py

@@ -104,4 +104,5 @@ class NewContract(Call, OperationWithLValue):  # pylint: disable=too-many-instan
         if self.call_salt:
             options += f"salt:{self.call_salt} "
         args = [str(a) for a in self.arguments]
-        return f"{self.lvalue} = new {self.contract_name}({','.join(args)}) {options}"
+        lvalue = self.lvalue
+        return f"{lvalue}({lvalue.type}) = new {self.contract_name}({','.join(args)}) {options}"

slither/slithir/operations/new_structure.py

@@ -39,4 +39,5 @@ class NewStructure(Call, OperationWithLValue):
 
     def __str__(self):
         args = [str(a) for a in self.arguments]
-        return f"{self.lvalue} = new {self.structure_name}({','.join(args)})"
+        lvalue = self.lvalue
+        return f"{lvalue}({lvalue.type}) = new {self.structure_name}({','.join(args)})"

slither/slithir/operations/unary.py

@@ -58,7 +58,7 @@ class Unary(OperationWithLValue):
 
     @property
     def type_str(self):
-        return self._type.value
+        return str(self._type)
 
     def __str__(self):
         return f"{self.lvalue} = {self.type_str} {self.rvalue} "

slither/slithir/tmp_operations/tmp_new_array.py

@@ -6,13 +6,11 @@ from slither.slithir.variables.temporary import TemporaryVariable
 class TmpNewArray(OperationWithLValue):
     def __init__(
         self,
-        depth: int,
         array_type: Type,
         lvalue: TemporaryVariable,
     ) -> None:
         super().__init__()
         assert isinstance(array_type, Type)
-        self._depth = depth
         self._array_type = array_type
         self._lvalue = lvalue
 
@@ -24,9 +22,5 @@ class TmpNewArray(OperationWithLValue):
     def read(self):
         return []
 
-    @property
-    def depth(self) -> int:
-        return self._depth
-
     def __str__(self):
-        return f"{self.lvalue} = new {self.array_type}{'[]' * self._depth}"
+        return f"{self.lvalue} = new {self.array_type}"

slither/slithir/utils/ssa.py

@@ -789,10 +789,9 @@ def copy_ir(ir: Operation, *instances) -> Operation:
         variable_right = get_variable(ir, lambda x: x.variable_right, *instances)
         return Member(variable_left, variable_right, lvalue)
     if isinstance(ir, NewArray):
-        depth = ir.depth
         array_type = ir.array_type
         lvalue = get_variable(ir, lambda x: x.lvalue, *instances)
-        new_ir = NewArray(depth, array_type, lvalue)
+        new_ir = NewArray(array_type, lvalue)
         new_ir.arguments = get_rec_values(ir, lambda x: x.arguments, *instances)
         return new_ir
     if isinstance(ir, NewElementaryType):

slither/solc_parsing/declarations/function.py

@@ -774,6 +774,7 @@ class FunctionSolc(CallerContextExpression):
                             "nodeType": "Identifier",
                             "src": v["src"],
                             "name": v["name"],
+                            "referencedDeclaration": v["id"],
                             "typeDescriptions": {"typeString": v["typeDescriptions"]["typeString"]},
                         }
                         var_identifiers.append(identifier)

slither/solc_parsing/declarations/modifier.py

@@ -87,6 +87,9 @@ class ModifierSolc(FunctionSolc):
         for node in self._node_to_nodesolc.values():
             node.analyze_expressions(self)
 
+        for yul_parser in self._node_to_yulobject.values():
+            yul_parser.analyze_expressions()
+
         self._rewrite_ternary_as_if_else()
         self._remove_alone_endif()
 

slither/solc_parsing/expressions/expression_parsing.py

@@ -559,37 +559,9 @@ def parse_expression(expression: Dict, caller_context: CallerContextExpression)
             type_name = children[0]
 
         if type_name[caller_context.get_key()] == "ArrayTypeName":
-            depth = 0
-            while type_name[caller_context.get_key()] == "ArrayTypeName":
-                # Note: dont conserve the size of the array if provided
-                # We compute it directly
-                if is_compact_ast:
-                    type_name = type_name["baseType"]
-                else:
-                    type_name = type_name["children"][0]
-                depth += 1
-            if type_name[caller_context.get_key()] == "ElementaryTypeName":
-                if is_compact_ast:
-                    array_type = ElementaryType(type_name["name"])
-                else:
-                    array_type = ElementaryType(type_name["attributes"]["name"])
-            elif type_name[caller_context.get_key()] == "UserDefinedTypeName":
-                if is_compact_ast:
-                    if "name" not in type_name:
-                        name_type = type_name["pathNode"]["name"]
-                    else:
-                        name_type = type_name["name"]
-
-                    array_type = parse_type(UnknownType(name_type), caller_context)
-                else:
-                    array_type = parse_type(
-                        UnknownType(type_name["attributes"]["name"]), caller_context
-                    )
-            elif type_name[caller_context.get_key()] == "FunctionTypeName":
-                array_type = parse_type(type_name, caller_context)
-            else:
-                raise ParsingError(f"Incorrect type array {type_name}")
-            array = NewArray(depth, array_type)
+            array_type = parse_type(type_name, caller_context)
+            assert isinstance(array_type, ArrayType)
+            array = NewArray(array_type)
             array.set_offset(src, caller_context.compilation_unit)
             return array
 

slither/solc_parsing/slither_compilation_unit_solc.py

@@ -742,12 +742,46 @@ Please rename it, this name is reserved for Slither's internals"""
                     self._underlying_contract_to_parser[contract].log_incorrect_parsing(
                         f"Impossible to generate IR for {contract.name}.{func.name} ({func.source_mapping}):\n {e}"
                     )
-
-            contract.convert_expression_to_slithir_ssa()
+                except Exception as e:
+                    func_expressions = "\n".join([f"\t{ex}" for ex in func.expressions])
+                    logger.error(
+                        f"\nFailed to generate IR for {contract.name}.{func.name}. Please open an issue https://github.com/crytic/slither/issues.\n{contract.name}.{func.name} ({func.source_mapping}):\n "
+                        f"{func_expressions}"
+                    )
+                    raise e
+            try:
+                contract.convert_expression_to_slithir_ssa()
+            except Exception as e:
+                logger.error(
+                    f"\nFailed to convert IR to SSA for {contract.name} contract. Please open an issue https://github.com/crytic/slither/issues.\n "
+                )
+                raise e
 
         for func in self._compilation_unit.functions_top_level:
-            func.generate_slithir_and_analyze()
-            func.generate_slithir_ssa({})
+            try:
+                func.generate_slithir_and_analyze()
+            except AttributeError as e:
+                logger.error(
+                    f"Impossible to generate IR for top level function {func.name} ({func.source_mapping}):\n {e}"
+                )
+            except Exception as e:
+                func_expressions = "\n".join([f"\t{ex}" for ex in func.expressions])
+                logger.error(
+                    f"\nFailed to generate IR for top level function {func.name}. Please open an issue https://github.com/crytic/slither/issues.\n{func.name} ({func.source_mapping}):\n "
+                    f"{func_expressions}"
+                )
+                raise e
+
+            try:
+                func.generate_slithir_ssa({})
+            except Exception as e:
+                func_expressions = "\n".join([f"\t{ex}" for ex in func.expressions])
+                logger.error(
+                    f"\nFailed to convert IR to SSA for top level function {func.name}. Please open an issue https://github.com/crytic/slither/issues.\n{func.name} ({func.source_mapping}):\n "
+                    f"{func_expressions}"
+                )
+                raise e
+
         self._compilation_unit.propagate_function_calls()
         for contract in self._compilation_unit.contracts:
             contract.fix_phi()

slither/tools/flattening/export/export.py

@@ -15,7 +15,7 @@ ZIP_TYPES_ACCEPTED = {
 
 Export = namedtuple("Export", ["filename", "content"])
 
-logger = logging.getLogger("Slither")
+logger = logging.getLogger("Slither-flat")
 
 
 def save_to_zip(files: List[Export], zip_filename: str, zip_type: str = "lzma"):

slither/tools/flattening/flattening.py

@@ -11,6 +11,7 @@ from slither.core.declarations import SolidityFunction, EnumContract, StructureC
 from slither.core.declarations.contract import Contract
 from slither.core.declarations.function_top_level import FunctionTopLevel
 from slither.core.declarations.top_level import TopLevel
+from slither.core.declarations.solidity_variables import SolidityCustomRevert
 from slither.core.solidity_types import MappingType, ArrayType
 from slither.core.solidity_types.type import Type
 from slither.core.solidity_types.user_defined_type import UserDefinedType
@@ -23,7 +24,8 @@ from slither.tools.flattening.export.export import (
     save_to_disk,
 )
 
-logger = logging.getLogger("Slither-flattening")
+logger = logging.getLogger("Slither-flat")
+logger.setLevel(logging.INFO)
 
 # index: where to start
 # patch_type:
@@ -75,6 +77,7 @@ class Flattening:
 
         self._get_source_code_top_level(compilation_unit.structures_top_level)
         self._get_source_code_top_level(compilation_unit.enums_top_level)
+        self._get_source_code_top_level(compilation_unit.custom_errors)
         self._get_source_code_top_level(compilation_unit.variables_top_level)
         self._get_source_code_top_level(compilation_unit.functions_top_level)
 
@@ -249,12 +252,14 @@ class Flattening:
         t: Type,
         contract: Contract,
         exported: Set[str],
-        list_contract: List[Contract],
-        list_top_level: List[TopLevel],
+        list_contract: Set[Contract],
+        list_top_level: Set[TopLevel],
     ):
         if isinstance(t, UserDefinedType):
             t_type = t.type
-            if isinstance(t_type, (EnumContract, StructureContract)):
+            if isinstance(t_type, TopLevel):
+                list_top_level.add(t_type)
+            elif isinstance(t_type, (EnumContract, StructureContract)):
                 if t_type.contract != contract and t_type.contract not in exported:
                     self._export_list_used_contracts(
                         t_type.contract, exported, list_contract, list_top_level
@@ -275,8 +280,8 @@ class Flattening:
         self,
         contract: Contract,
         exported: Set[str],
-        list_contract: List[Contract],
-        list_top_level: List[TopLevel],
+        list_contract: Set[Contract],
+        list_top_level: Set[TopLevel],
     ):
         # TODO: investigate why this happen
         if not isinstance(contract, Contract):
@@ -332,19 +337,21 @@ class Flattening:
 
                 for read in ir.read:
                     if isinstance(read, TopLevel):
-                        if read not in list_top_level:
-                            list_top_level.append(read)
-                if isinstance(ir, InternalCall):
-                    function_called = ir.function
-                    if isinstance(function_called, FunctionTopLevel):
-                        list_top_level.append(function_called)
-
-        if contract not in list_contract:
-            list_contract.append(contract)
+                        list_top_level.add(read)
+                if isinstance(ir, InternalCall) and isinstance(ir.function, FunctionTopLevel):
+                    list_top_level.add(ir.function)
+                if (
+                    isinstance(ir, SolidityCall)
+                    and isinstance(ir.function, SolidityCustomRevert)
+                    and isinstance(ir.function.custom_error, TopLevel)
+                ):
+                    list_top_level.add(ir.function.custom_error)
+
+        list_contract.add(contract)
 
     def _export_contract_with_inheritance(self, contract) -> Export:
-        list_contracts: List[Contract] = []  # will contain contract itself
-        list_top_level: List[TopLevel] = []
+        list_contracts: Set[Contract] = set()  # will contain contract itself
+        list_top_level: Set[TopLevel] = set()
         self._export_list_used_contracts(contract, set(), list_contracts, list_top_level)
         path = Path(self._export_path, f"{contract.name}_{uuid.uuid4()}.sol")
 
@@ -401,8 +408,8 @@ class Flattening:
     def _export_with_import(self) -> List[Export]:
         exports: List[Export] = []
         for contract in self._compilation_unit.contracts:
-            list_contracts: List[Contract] = []  # will contain contract itself
-            list_top_level: List[TopLevel] = []
+            list_contracts: Set[Contract] = set()  # will contain contract itself
+            list_top_level: Set[TopLevel] = set()
             self._export_list_used_contracts(contract, set(), list_contracts, list_top_level)
 
             if list_top_level:

slither/tools/interface/__main__.py

@@ -0,0 +1,105 @@
+import argparse
+import logging
+from pathlib import Path
+
+from crytic_compile import cryticparser
+
+from slither import Slither
+from slither.utils.code_generation import generate_interface
+
+logging.basicConfig()
+logger = logging.getLogger("Slither-Interface")
+logger.setLevel(logging.INFO)
+
+
+def parse_args() -> argparse.Namespace:
+    """
+    Parse the underlying arguments for the program.
+    :return: Returns the arguments for the program.
+    """
+    parser = argparse.ArgumentParser(
+        description="Generates code for a Solidity interface from contract",
+        usage=("slither-interface <ContractName> <source file or deployment address>"),
+    )
+
+    parser.add_argument(
+        "contract_source",
+        help="The name of the contract (case sensitive) followed by the deployed contract address if verified on etherscan or project directory/filename for local contracts.",
+        nargs="+",
+    )
+
+    parser.add_argument(
+        "--unroll-structs",
+        help="Whether to use structures' underlying types instead of the user-defined type",
+        default=False,
+        action="store_true",
+    )
+
+    parser.add_argument(
+        "--exclude-events",
+        help="Excludes event signatures in the interface",
+        default=False,
+        action="store_true",
+    )
+
+    parser.add_argument(
+        "--exclude-errors",
+        help="Excludes custom error signatures in the interface",
+        default=False,
+        action="store_true",
+    )
+
+    parser.add_argument(
+        "--exclude-enums",
+        help="Excludes enum definitions in the interface",
+        default=False,
+        action="store_true",
+    )
+
+    parser.add_argument(
+        "--exclude-structs",
+        help="Exclude struct definitions in the interface",
+        default=False,
+        action="store_true",
+    )
+
+    cryticparser.init(parser)
+
+    return parser.parse_args()
+
+
+def main() -> None:
+    args = parse_args()
+
+    contract_name, target = args.contract_source
+    slither = Slither(target, **vars(args))
+
+    _contract = slither.get_contract_from_name(contract_name)[0]
+
+    interface = generate_interface(
+        contract=_contract,
+        unroll_structs=args.unroll_structs,
+        include_events=not args.exclude_events,
+        include_errors=not args.exclude_errors,
+        include_enums=not args.exclude_enums,
+        include_structs=not args.exclude_structs,
+    )
+
+    # add version pragma
+    interface = (
+        f"pragma solidity {_contract.compilation_unit.pragma_directives[0].version};\n\n"
+        + interface
+    )
+
+    # write interface to file
+    export = Path("crytic-export", "interfaces")
+    export.mkdir(parents=True, exist_ok=True)
+    filename = f"I{contract_name}.sol"
+    path = Path(export, filename)
+    logger.info(f" Interface exported to {path}")
+    with open(path, "w", encoding="utf8") as f:
+        f.write(interface)
+
+
+if __name__ == "__main__":
+    main()

slither/tools/read_storage/__init__.py

@@ -1 +1 @@
-from .read_storage import SlitherReadStorage
+from .read_storage import SlitherReadStorage, RpcInfo

slither/tools/read_storage/__main__.py

@@ -7,7 +7,7 @@ import argparse
 from crytic_compile import cryticparser
 
 from slither import Slither
-from slither.tools.read_storage.read_storage import SlitherReadStorage
+from slither.tools.read_storage.read_storage import SlitherReadStorage, RpcInfo
 
 
 def parse_args() -> argparse.Namespace:
@@ -126,22 +126,19 @@ def main() -> None:
     else:
         contracts = slither.contracts
 
-    srs = SlitherReadStorage(contracts, args.max_depth)
-
-    try:
-        srs.block = int(args.block)
-    except ValueError:
-        srs.block = str(args.block or "latest")
-
+    rpc_info = None
     if args.rpc_url:
-        # Remove target prefix e.g. rinkeby:0x0 -> 0x0.
-        address = target[target.find(":") + 1 :]
-        # Default to implementation address unless a storage address is given.
-        if not args.storage_address:
-            args.storage_address = address
-        srs.storage_address = args.storage_address
-
-        srs.rpc = args.rpc_url
+        valid = ["latest", "earliest", "pending", "safe", "finalized"]
+        block = args.block if args.block in valid else int(args.block)
+        rpc_info = RpcInfo(args.rpc_url, block)
+
+    srs = SlitherReadStorage(contracts, args.max_depth, rpc_info)
+    # Remove target prefix e.g. rinkeby:0x0 -> 0x0.
+    address = target[target.find(":") + 1 :]
+    # Default to implementation address unless a storage address is given.
+    if not args.storage_address:
+        args.storage_address = address
+    srs.storage_address = args.storage_address
 
     if args.variable_name:
         # Use a lambda func to only return variables that have same name as target.

slither/tools/read_storage/read_storage.py

@@ -6,8 +6,11 @@ import dataclasses
 
 from eth_abi import decode, encode
 from eth_typing.evm import ChecksumAddress
-from eth_utils import keccak
+from eth_utils import keccak, to_checksum_address
 from web3 import Web3
+from web3.types import BlockIdentifier
+from web3.exceptions import ExtraDataLengthError
+from web3.middleware import geth_poa_middleware
 
 from slither.core.declarations import Contract, Structure
 from slither.core.solidity_types import ArrayType, ElementaryType, MappingType, UserDefinedType
@@ -42,18 +45,43 @@ class SlitherReadStorageException(Exception):
     pass
 
 
+class RpcInfo:
+    def __init__(self, rpc_url: str, block: BlockIdentifier = "latest") -> None:
+        assert isinstance(block, int) or block in [
+            "latest",
+            "earliest",
+            "pending",
+            "safe",
+            "finalized",
+        ]
+        self.rpc: str = rpc_url
+        self._web3: Web3 = Web3(Web3.HTTPProvider(self.rpc))
+        """If the RPC is for a POA network, the first call to get_block fails, so we inject geth_poa_middleware"""
+        try:
+            self._block: int = self.web3.eth.get_block(block)["number"]
+        except ExtraDataLengthError:
+            self._web3.middleware_onion.inject(geth_poa_middleware, layer=0)
+            self._block: int = self.web3.eth.get_block(block)["number"]
+
+    @property
+    def web3(self) -> Web3:
+        return self._web3
+
+    @property
+    def block(self) -> int:
+        return self._block
+
+
 # pylint: disable=too-many-instance-attributes
 class SlitherReadStorage:
-    def __init__(self, contracts: List[Contract], max_depth: int) -> None:
+    def __init__(self, contracts: List[Contract], max_depth: int, rpc_info: RpcInfo = None) -> None:
         self._checksum_address: Optional[ChecksumAddress] = None
         self._contracts: List[Contract] = contracts
         self._log: str = ""
         self._max_depth: int = max_depth
         self._slot_info: Dict[str, SlotInfo] = {}
         self._target_variables: List[Tuple[Contract, StateVariable]] = []
-        self._web3: Optional[Web3] = None
-        self.block: Union[str, int] = "latest"
-        self.rpc: Optional[str] = None
+        self.rpc_info: Optional[RpcInfo] = rpc_info
         self.storage_address: Optional[str] = None
         self.table: Optional[MyPrettyTable] = None
 
@@ -73,18 +101,12 @@ class SlitherReadStorage:
     def log(self, log: str) -> None:
         self._log = log
 
-    @property
-    def web3(self) -> Web3:
-        if not self._web3:
-            self._web3 = Web3(Web3.HTTPProvider(self.rpc))
-        return self._web3
-
     @property
     def checksum_address(self) -> ChecksumAddress:
         if not self.storage_address:
             raise ValueError
         if not self._checksum_address:
-            self._checksum_address = self.web3.to_checksum_address(self.storage_address)
+            self._checksum_address = to_checksum_address(self.storage_address)
         return self._checksum_address
 
     @property
@@ -223,11 +245,12 @@ class SlitherReadStorage:
         """Fetches the slot value of `SlotInfo` object
         :param slot_info:
         """
+        assert self.rpc_info is not None
         hex_bytes = get_storage_data(
-            self.web3,
+            self.rpc_info.web3,
             self.checksum_address,
             int.to_bytes(slot_info.slot, 32, byteorder="big"),
-            self.block,
+            self.rpc_info.block,
         )
         slot_info.value = self.convert_value_to_type(
             hex_bytes, slot_info.size, slot_info.offset, slot_info.type_string
@@ -441,7 +464,7 @@ class SlitherReadStorage:
         if "int" in key_type:  # without this eth_utils encoding fails
             key = int(key)
         key = coerce_type(key_type, key)
-        slot = keccak(encode([key_type, "uint256"], [key, decode("uint256", slot)]))
+        slot = keccak(encode([key_type, "uint256"], [key, decode(["uint256"], slot)[0]]))
 
         if isinstance(target_variable_type.type_to, UserDefinedType) and isinstance(
             target_variable_type.type_to.type, Structure
@@ -600,15 +623,15 @@ class SlitherReadStorage:
             (int): The length of the array.
         """
         val = 0
-        if self.rpc:
+        if self.rpc_info:
             # The length of dynamic arrays is stored at the starting slot.
             # Convert from hexadecimal to decimal.
             val = int(
                 get_storage_data(
-                    self.web3,
+                    self.rpc_info.web3,
                     self.checksum_address,
                     int.to_bytes(slot, 32, byteorder="big"),
-                    self.block,
+                    self.rpc_info.block,
                 ).hex(),
                 16,
             )

slither/utils/code_generation.py

@@ -1,62 +1,149 @@
 # Functions for generating Solidity code
 from typing import TYPE_CHECKING, Optional
 
-from slither.utils.type import convert_type_for_solidity_signature_to_string
+from slither.utils.type import (
+    convert_type_for_solidity_signature_to_string,
+    export_nested_types_from_variable,
+    export_return_type_from_variable,
+)
+from slither.core.solidity_types import (
+    Type,
+    UserDefinedType,
+    MappingType,
+    ArrayType,
+    ElementaryType,
+)
+from slither.core.declarations import Structure, Enum, Contract
 
 if TYPE_CHECKING:
-    from slither.core.declarations import FunctionContract, Structure, Contract
+    from slither.core.declarations import FunctionContract, CustomErrorContract
+    from slither.core.variables.state_variable import StateVariable
+    from slither.core.variables.local_variable import LocalVariable
 
 
-def generate_interface(contract: "Contract") -> str:
+# pylint: disable=too-many-arguments
+def generate_interface(
+    contract: "Contract",
+    unroll_structs: bool = True,
+    include_events: bool = True,
+    include_errors: bool = True,
+    include_enums: bool = True,
+    include_structs: bool = True,
+) -> str:
     """
     Generates code for a Solidity interface to the contract.
     Args:
-        contract: A Contract object
+        contract: A Contract object.
+        unroll_structs: Whether to use structures' underlying types instead of the user-defined type (default: True).
+        include_events: Whether to include event signatures in the interface (default: True).
+        include_errors: Whether to include custom error signatures in the interface (default: True).
+        include_enums: Whether to include enum definitions in the interface (default: True).
+        include_structs: Whether to include struct definitions in the interface (default: True).
 
     Returns:
         A string with the code for an interface, with function stubs for all public or external functions and
         state variables, as well as any events, custom errors and/or structs declared in the contract.
     """
     interface = f"interface I{contract.name} {{\n"
-    for event in contract.events:
-        name, args = event.signature
-        interface += f"    event {name}({', '.join(args)});\n"
-    for error in contract.custom_errors:
-        args = [
-            convert_type_for_solidity_signature_to_string(arg.type)
-            .replace("(", "")
-            .replace(")", "")
-            for arg in error.parameters
-        ]
-        interface += f"    error {error.name}({', '.join(args)});\n"
-    for enum in contract.enums:
-        interface += f"    enum {enum.name} {{ {', '.join(enum.values)} }}\n"
-    for struct in contract.structures:
-        interface += generate_struct_interface_str(struct)
+    if include_events:
+        for event in contract.events:
+            name, args = event.signature
+            interface += f"    event {name}({', '.join(args)});\n"
+    if include_errors:
+        for error in contract.custom_errors:
+            interface += f"    error {generate_custom_error_interface(error, unroll_structs)};\n"
+    if include_enums:
+        for enum in contract.enums:
+            interface += f"    enum {enum.name} {{ {', '.join(enum.values)} }}\n"
+    if include_structs:
+        for struct in contract.structures:
+            interface += generate_struct_interface_str(struct, indent=4)
     for var in contract.state_variables_entry_points:
-        interface += f"    function {var.signature_str.replace('returns', 'external returns ')};\n"
+        interface += f"    function {generate_interface_variable_signature(var, unroll_structs)};\n"
     for func in contract.functions_entry_points:
         if func.is_constructor or func.is_fallback or func.is_receive:
             continue
-        interface += f"    function {generate_interface_function_signature(func)};\n"
+        interface += (
+            f"    function {generate_interface_function_signature(func, unroll_structs)};\n"
+        )
     interface += "}\n\n"
     return interface
 
 
-def generate_interface_function_signature(func: "FunctionContract") -> Optional[str]:
+def generate_interface_variable_signature(
+    var: "StateVariable", unroll_structs: bool = True
+) -> Optional[str]:
+    if var.visibility in ["private", "internal"]:
+        return None
+    if unroll_structs:
+        params = [
+            convert_type_for_solidity_signature_to_string(x).replace("(", "").replace(")", "")
+            for x in export_nested_types_from_variable(var)
+        ]
+        returns = [
+            convert_type_for_solidity_signature_to_string(x).replace("(", "").replace(")", "")
+            for x in export_return_type_from_variable(var)
+        ]
+    else:
+        _, params, _ = var.signature
+        params = [p + " memory" if p in ["bytes", "string"] else p for p in params]
+        returns = []
+        _type = var.type
+        while isinstance(_type, MappingType):
+            _type = _type.type_to
+        while isinstance(_type, (ArrayType, UserDefinedType)):
+            _type = _type.type
+        ret = str(_type)
+        if isinstance(_type, Structure) or (isinstance(_type, Type) and _type.is_dynamic):
+            ret += " memory"
+        elif isinstance(_type, Contract):
+            ret = "address"
+        returns.append(ret)
+    return f"{var.name}({','.join(params)}) external returns ({', '.join(returns)})"
+
+
+def generate_interface_function_signature(
+    func: "FunctionContract", unroll_structs: bool = True
+) -> Optional[str]:
     """
     Generates a string of the form:
         func_name(type1,type2) external {payable/view/pure} returns (type3)
 
     Args:
         func: A FunctionContract object
+        unroll_structs: Determines whether structs are unrolled into underlying types (default: True)
 
     Returns:
         The function interface as a str (contains the return values).
         Returns None if the function is private or internal, or is a constructor/fallback/receive.
     """
 
-    name, parameters, return_vars = func.signature
+    def format_var(var: "LocalVariable", unroll: bool) -> str:
+        if unroll:
+            return (
+                convert_type_for_solidity_signature_to_string(var.type)
+                .replace("(", "")
+                .replace(")", "")
+            )
+        if isinstance(var.type, ArrayType) and isinstance(
+            var.type.type, (UserDefinedType, ElementaryType)
+        ):
+            return (
+                convert_type_for_solidity_signature_to_string(var.type)
+                .replace("(", "")
+                .replace(")", "")
+                + f" {var.location}"
+            )
+        if isinstance(var.type, UserDefinedType):
+            if isinstance(var.type.type, (Structure, Enum)):
+                return f"{str(var.type.type)} memory"
+            if isinstance(var.type.type, Contract):
+                return "address"
+        if var.type.is_dynamic:
+            return f"{var.type} {var.location}"
+        return str(var.type)
+
+    name, _, _ = func.signature
     if (
         func not in func.contract.functions_entry_points
         or func.is_constructor
@@ -64,26 +151,20 @@ def generate_interface_function_signature(func: "FunctionContract") -> Optional[
         or func.is_receive
     ):
         return None
-    view = " view" if func.view else ""
+    view = " view" if func.view and not func.pure else ""
     pure = " pure" if func.pure else ""
     payable = " payable" if func.payable else ""
-    returns = [
-        convert_type_for_solidity_signature_to_string(ret.type).replace("(", "").replace(")", "")
-        for ret in func.returns
-    ]
-    parameters = [
-        convert_type_for_solidity_signature_to_string(param.type).replace("(", "").replace(")", "")
-        for param in func.parameters
-    ]
+    returns = [format_var(ret, unroll_structs) for ret in func.returns]
+    parameters = [format_var(param, unroll_structs) for param in func.parameters]
     _interface_signature_str = (
         name + "(" + ",".join(parameters) + ") external" + payable + pure + view
     )
-    if len(return_vars) > 0:
+    if len(returns) > 0:
         _interface_signature_str += " returns (" + ",".join(returns) + ")"
     return _interface_signature_str
 
 
-def generate_struct_interface_str(struct: "Structure") -> str:
+def generate_struct_interface_str(struct: "Structure", indent: int = 0) -> str:
     """
     Generates code for a structure declaration in an interface of the form:
         struct struct_name {
@@ -92,13 +173,37 @@ def generate_struct_interface_str(struct: "Structure") -> str:
             ...        ...
         }
     Args:
-        struct: A Structure object
+        struct: A Structure object.
+        indent: Number of spaces to indent the code block with.
 
     Returns:
         The structure declaration code as a string.
     """
-    definition = f"    struct {struct.name} {{\n"
+    spaces = ""
+    for _ in range(0, indent):
+        spaces += " "
+    definition = f"{spaces}struct {struct.name} {{\n"
     for elem in struct.elems_ordered:
-        definition += f"        {elem.type} {elem.name};\n"
-    definition += "    }\n"
+        if isinstance(elem.type, UserDefinedType):
+            if isinstance(elem.type.type, (Structure, Enum)):
+                definition += f"{spaces}    {elem.type.type} {elem.name};\n"
+            elif isinstance(elem.type.type, Contract):
+                definition += f"{spaces}    address {elem.name};\n"
+        else:
+            definition += f"{spaces}    {elem.type} {elem.name};\n"
+    definition += f"{spaces}}}\n"
     return definition
+
+
+def generate_custom_error_interface(
+    error: "CustomErrorContract", unroll_structs: bool = True
+) -> str:
+    args = [
+        convert_type_for_solidity_signature_to_string(arg.type).replace("(", "").replace(")", "")
+        if unroll_structs
+        else str(arg.type.type)
+        if isinstance(arg.type, UserDefinedType) and isinstance(arg.type.type, (Structure, Enum))
+        else str(arg.type)
+        for arg in error.parameters
+    ]
+    return f"{error.name}({', '.join(args)})"

slither/utils/myprettytable.py

@@ -1,6 +1,6 @@
 from typing import List, Dict, Union
 
-from prettytable import PrettyTable
+from prettytable.colortable import ColorTable, Themes
 
 
 class MyPrettyTable:
@@ -11,8 +11,8 @@ class MyPrettyTable:
     def add_row(self, row: List[Union[str, List[str]]]) -> None:
         self._rows.append(row)
 
-    def to_pretty_table(self) -> PrettyTable:
-        table = PrettyTable(self._field_names)
+    def to_pretty_table(self) -> ColorTable:
+        table = ColorTable(self._field_names, theme=Themes.OCEAN)
         for row in self._rows:
             table.add_row(row)
         return table

slither/utils/type.py

@@ -197,3 +197,18 @@ def export_return_type_from_variable(
         return ret
 
     return [variable_or_type.type]
+
+
+def is_underlying_type_address(t: "Type") -> bool:
+    """
+    Return true if the underlying type is an address
+    i.e. if the type is an address or a contract
+    """
+    # pylint: disable=import-outside-toplevel
+    from slither.core.declarations.contract import Contract
+
+    if t == ElementaryType("address"):
+        return True
+    if isinstance(t, UserDefinedType) and isinstance(t.type, Contract):
+        return True
+    return False

slither/visitors/expression/expression_printer.py

@@ -76,8 +76,7 @@ class ExpressionPrinter(ExpressionVisitor):
 
     def _post_new_array(self, expression: expressions.NewArray) -> None:
         array = str(expression.array_type)
-        depth = expression.depth
-        val = f"new {array}{'[]' * depth}"
+        val = f"new {array}"
         set_val(expression, val)
 
     def _post_new_contract(self, expression: expressions.NewContract) -> None:

slither/visitors/slithir/expression_to_slithir.py

@@ -532,7 +532,7 @@ class ExpressionToSlithIR(ExpressionVisitor):
 
     def _post_new_array(self, expression: NewArray) -> None:
         val = TemporaryVariable(self._node)
-        operation = TmpNewArray(expression.depth, expression.array_type, val)
+        operation = TmpNewArray(expression.array_type, val)
         operation.set_expression(expression)
         self._result.append(operation)
         set_val(expression, val)
@@ -626,7 +626,6 @@ class ExpressionToSlithIR(ExpressionVisitor):
             set_val(expression, value)
         elif expression.type in [UnaryOperationType.MINUS_PRE]:
             lvalue = TemporaryVariable(self._node)
-            assert isinstance(value.type, ElementaryType)
             operation = Binary(lvalue, Constant("0", value.type), value, BinaryType.SUBTRACTION)
             operation.set_expression(expression)
             self._result.append(operation)

tests/e2e/detectors/snapshots/detectors__detector_EncodePackedCollision_0_7_6_encode_packed_collision_sol__0.txt

@@ -0,0 +1,15 @@
+EncodePackedCollision.bad4(bytes,bytes) (tests/e2e/detectors/test_data/encode-packed-collision/0.7.6/encode_packed_collision.sol#34-36) calls abi.encodePacked() with multiple dynamic arguments:
+	- packed = abi.encodePacked(a,a2,a3,a) (tests/e2e/detectors/test_data/encode-packed-collision/0.7.6/encode_packed_collision.sol#35)
+
+EncodePackedCollision.bad2(string,uint256[]) (tests/e2e/detectors/test_data/encode-packed-collision/0.7.6/encode_packed_collision.sol#24-26) calls abi.encodePacked() with multiple dynamic arguments:
+	- packed = abi.encodePacked(stra,arra) (tests/e2e/detectors/test_data/encode-packed-collision/0.7.6/encode_packed_collision.sol#25)
+
+EncodePackedCollision.bad3_get_hash_for_signature(string,string) (tests/e2e/detectors/test_data/encode-packed-collision/0.7.6/encode_packed_collision.sol#29-31) calls abi.encodePacked() with multiple dynamic arguments:
+	- keccak256(bytes)(abi.encodePacked(name,doc)) (tests/e2e/detectors/test_data/encode-packed-collision/0.7.6/encode_packed_collision.sol#30)
+
+EncodePackedCollision.bad0(string,string) (tests/e2e/detectors/test_data/encode-packed-collision/0.7.6/encode_packed_collision.sol#14-16) calls abi.encodePacked() with multiple dynamic arguments:
+	- packed = abi.encodePacked(stra,strb) (tests/e2e/detectors/test_data/encode-packed-collision/0.7.6/encode_packed_collision.sol#15)
+
+EncodePackedCollision.bad1(string,bytes) (tests/e2e/detectors/test_data/encode-packed-collision/0.7.6/encode_packed_collision.sol#19-21) calls abi.encodePacked() with multiple dynamic arguments:
+	- packed = abi.encodePacked(stra,bytesa) (tests/e2e/detectors/test_data/encode-packed-collision/0.7.6/encode_packed_collision.sol#20)
+

tests/e2e/detectors/snapshots/detectors__detector_IncorrectUsingFor_0_8_17_IncorrectUsingForTopLevel_sol__0.txt

@@ -0,0 +1,24 @@
+using-for statement at tests/e2e/detectors/test_data/incorrect-using-for/0.8.17/IncorrectUsingForTopLevel.sol#84 is incorrect - no matching function for bytes17[] found in L (tests/e2e/detectors/test_data/incorrect-using-for/0.8.17/IncorrectUsingForTopLevel.sol#48-64).
+
+using-for statement at tests/e2e/detectors/test_data/incorrect-using-for/0.8.17/IncorrectUsingForTopLevel.sol#85 is incorrect - no matching function for uint256 found in L (tests/e2e/detectors/test_data/incorrect-using-for/0.8.17/IncorrectUsingForTopLevel.sol#48-64).
+
+using-for statement at tests/e2e/detectors/test_data/incorrect-using-for/0.8.17/IncorrectUsingForTopLevel.sol#90 is incorrect - no matching function for mapping(int256 => uint128) found in L (tests/e2e/detectors/test_data/incorrect-using-for/0.8.17/IncorrectUsingForTopLevel.sol#48-64).
+
+using-for statement at tests/e2e/detectors/test_data/incorrect-using-for/0.8.17/IncorrectUsingForTopLevel.sol#86 is incorrect - no matching function for int256 found in L (tests/e2e/detectors/test_data/incorrect-using-for/0.8.17/IncorrectUsingForTopLevel.sol#48-64).
+
+using-for statement at tests/e2e/detectors/test_data/incorrect-using-for/0.8.17/IncorrectUsingForTopLevel.sol#89 is incorrect - no matching function for E2 found in L (tests/e2e/detectors/test_data/incorrect-using-for/0.8.17/IncorrectUsingForTopLevel.sol#48-64).
+
+using-for statement at tests/e2e/detectors/test_data/incorrect-using-for/0.8.17/IncorrectUsingForTopLevel.sol#93 is incorrect - no matching function for bytes[][] found in L (tests/e2e/detectors/test_data/incorrect-using-for/0.8.17/IncorrectUsingForTopLevel.sol#48-64).
+
+using-for statement at tests/e2e/detectors/test_data/incorrect-using-for/0.8.17/IncorrectUsingForTopLevel.sol#92 is incorrect - no matching function for string[][] found in L (tests/e2e/detectors/test_data/incorrect-using-for/0.8.17/IncorrectUsingForTopLevel.sol#48-64).
+
+using-for statement at tests/e2e/detectors/test_data/incorrect-using-for/0.8.17/IncorrectUsingForTopLevel.sol#91 is incorrect - no matching function for mapping(int128 => uint256) found in L (tests/e2e/detectors/test_data/incorrect-using-for/0.8.17/IncorrectUsingForTopLevel.sol#48-64).
+
+using-for statement at tests/e2e/detectors/test_data/incorrect-using-for/0.8.17/IncorrectUsingForTopLevel.sol#87 is incorrect - no matching function for bytes18 found in L (tests/e2e/detectors/test_data/incorrect-using-for/0.8.17/IncorrectUsingForTopLevel.sol#48-64).
+
+using-for statement at tests/e2e/detectors/test_data/incorrect-using-for/0.8.17/IncorrectUsingForTopLevel.sol#88 is incorrect - no matching function for S2 found in L (tests/e2e/detectors/test_data/incorrect-using-for/0.8.17/IncorrectUsingForTopLevel.sol#48-64).
+
+using-for statement at tests/e2e/detectors/test_data/incorrect-using-for/0.8.17/IncorrectUsingForTopLevel.sol#83 is incorrect - no matching function for C3 found in L (tests/e2e/detectors/test_data/incorrect-using-for/0.8.17/IncorrectUsingForTopLevel.sol#48-64).
+
+using-for statement at tests/e2e/detectors/test_data/incorrect-using-for/0.8.17/IncorrectUsingForTopLevel.sol#94 is incorrect - no matching function for custom_int found in L (tests/e2e/detectors/test_data/incorrect-using-for/0.8.17/IncorrectUsingForTopLevel.sol#48-64).
+

tests/e2e/detectors/snapshots/detectors__detector_ShiftParameterMixup_0_7_6_shift_parameter_mixup_sol__0.txt

@@ -1,2 +1,2 @@
-C.f() (tests/e2e/detectors/test_data/incorrect-shift/0.7.6/shift_parameter_mixup.sol#3-7) contains an incorrect shift operation: a = 8 >> a (tests/e2e/detectors/test_data/incorrect-shift/0.7.6/shift_parameter_mixup.sol#5)
+C.f() (tests/e2e/detectors/test_data/incorrect-shift/0.7.6/shift_parameter_mixup.sol#3-8) contains an incorrect shift operation: a = 8 >> a (tests/e2e/detectors/test_data/incorrect-shift/0.7.6/shift_parameter_mixup.sol#5)
 

tests/e2e/detectors/snapshots/detectors__detector_UnusedReturnValues_0_4_25_unused_return_sol__0.txt

@@ -1,4 +1,8 @@
-User.test(Target) (tests/e2e/detectors/test_data/unused-return/0.4.25/unused_return.sol#17-29) ignores return value by t.f() (tests/e2e/detectors/test_data/unused-return/0.4.25/unused_return.sol#18)
+User.test(Target) (tests/e2e/detectors/test_data/unused-return/0.4.25/unused_return.sol#18-37) ignores return value by t.g() (tests/e2e/detectors/test_data/unused-return/0.4.25/unused_return.sol#31)
 
-User.test(Target) (tests/e2e/detectors/test_data/unused-return/0.4.25/unused_return.sol#17-29) ignores return value by a.add(0) (tests/e2e/detectors/test_data/unused-return/0.4.25/unused_return.sol#22)
+User.test(Target) (tests/e2e/detectors/test_data/unused-return/0.4.25/unused_return.sol#18-37) ignores return value by t.f() (tests/e2e/detectors/test_data/unused-return/0.4.25/unused_return.sol#19)
+
+User.test(Target) (tests/e2e/detectors/test_data/unused-return/0.4.25/unused_return.sol#18-37) ignores return value by a.add(0) (tests/e2e/detectors/test_data/unused-return/0.4.25/unused_return.sol#23)
+
+User.test(Target) (tests/e2e/detectors/test_data/unused-return/0.4.25/unused_return.sol#18-37) ignores return value by (e) = t.g() (tests/e2e/detectors/test_data/unused-return/0.4.25/unused_return.sol#36)
 

tests/e2e/detectors/snapshots/detectors__detector_UnusedReturnValues_0_5_16_unused_return_sol__0.txt

@@ -1,4 +1,8 @@
-User.test(Target) (tests/e2e/detectors/test_data/unused-return/0.5.16/unused_return.sol#17-29) ignores return value by t.f() (tests/e2e/detectors/test_data/unused-return/0.5.16/unused_return.sol#18)
+User.test(Target) (tests/e2e/detectors/test_data/unused-return/0.5.16/unused_return.sol#18-37) ignores return value by (e) = t.g() (tests/e2e/detectors/test_data/unused-return/0.5.16/unused_return.sol#36)
 
-User.test(Target) (tests/e2e/detectors/test_data/unused-return/0.5.16/unused_return.sol#17-29) ignores return value by a.add(0) (tests/e2e/detectors/test_data/unused-return/0.5.16/unused_return.sol#22)
+User.test(Target) (tests/e2e/detectors/test_data/unused-return/0.5.16/unused_return.sol#18-37) ignores return value by a.add(0) (tests/e2e/detectors/test_data/unused-return/0.5.16/unused_return.sol#23)
+
+User.test(Target) (tests/e2e/detectors/test_data/unused-return/0.5.16/unused_return.sol#18-37) ignores return value by t.g() (tests/e2e/detectors/test_data/unused-return/0.5.16/unused_return.sol#31)
+
+User.test(Target) (tests/e2e/detectors/test_data/unused-return/0.5.16/unused_return.sol#18-37) ignores return value by t.f() (tests/e2e/detectors/test_data/unused-return/0.5.16/unused_return.sol#19)
 

tests/e2e/detectors/snapshots/detectors__detector_UnusedReturnValues_0_6_11_unused_return_sol__0.txt

@@ -1,4 +1,8 @@
-User.test(Target) (tests/e2e/detectors/test_data/unused-return/0.6.11/unused_return.sol#17-29) ignores return value by a.add(0) (tests/e2e/detectors/test_data/unused-return/0.6.11/unused_return.sol#22)
+User.test(Target) (tests/e2e/detectors/test_data/unused-return/0.6.11/unused_return.sol#18-37) ignores return value by t.f() (tests/e2e/detectors/test_data/unused-return/0.6.11/unused_return.sol#19)
 
-User.test(Target) (tests/e2e/detectors/test_data/unused-return/0.6.11/unused_return.sol#17-29) ignores return value by t.f() (tests/e2e/detectors/test_data/unused-return/0.6.11/unused_return.sol#18)
+User.test(Target) (tests/e2e/detectors/test_data/unused-return/0.6.11/unused_return.sol#18-37) ignores return value by a.add(0) (tests/e2e/detectors/test_data/unused-return/0.6.11/unused_return.sol#23)
+
+User.test(Target) (tests/e2e/detectors/test_data/unused-return/0.6.11/unused_return.sol#18-37) ignores return value by t.g() (tests/e2e/detectors/test_data/unused-return/0.6.11/unused_return.sol#31)
+
+User.test(Target) (tests/e2e/detectors/test_data/unused-return/0.6.11/unused_return.sol#18-37) ignores return value by (e) = t.g() (tests/e2e/detectors/test_data/unused-return/0.6.11/unused_return.sol#36)
 

tests/e2e/detectors/snapshots/detectors__detector_UnusedReturnValues_0_7_6_unused_return_sol__0.txt

@@ -1,4 +1,8 @@
-User.test(Target) (tests/e2e/detectors/test_data/unused-return/0.7.6/unused_return.sol#17-29) ignores return value by a.add(0) (tests/e2e/detectors/test_data/unused-return/0.7.6/unused_return.sol#22)
+User.test(Target) (tests/e2e/detectors/test_data/unused-return/0.7.6/unused_return.sol#18-37) ignores return value by t.g() (tests/e2e/detectors/test_data/unused-return/0.7.6/unused_return.sol#31)
 
-User.test(Target) (tests/e2e/detectors/test_data/unused-return/0.7.6/unused_return.sol#17-29) ignores return value by t.f() (tests/e2e/detectors/test_data/unused-return/0.7.6/unused_return.sol#18)
+User.test(Target) (tests/e2e/detectors/test_data/unused-return/0.7.6/unused_return.sol#18-37) ignores return value by a.add(0) (tests/e2e/detectors/test_data/unused-return/0.7.6/unused_return.sol#23)
+
+User.test(Target) (tests/e2e/detectors/test_data/unused-return/0.7.6/unused_return.sol#18-37) ignores return value by t.f() (tests/e2e/detectors/test_data/unused-return/0.7.6/unused_return.sol#19)
+
+User.test(Target) (tests/e2e/detectors/test_data/unused-return/0.7.6/unused_return.sol#18-37) ignores return value by (e) = t.g() (tests/e2e/detectors/test_data/unused-return/0.7.6/unused_return.sol#36)
 

tests/e2e/detectors/test_data/encode-packed-collision/0.7.6/encode_packed_collision.sol

@@ -0,0 +1,78 @@
+contract ABIencodePacked{
+
+  uint a;
+  string str1 = "a";
+  string str2 = "bc";
+  bytes _bytes = "hello world";
+  uint[] arr;
+  uint[2] arr2;
+  string[3] str_arr3; /* This nested dynamic type is not supported in abi.encodePacked mode by solc */
+  string[] str_array; /* This nested dynamic type is not supported in abi.encodePacked mode by solc */
+  bytes[] bytes_array; /* This nested dynamic type and tuples are not supported in abi.encodePacked mode by solc */
+
+  /* Two dynamic types */
+  function bad0(string calldata stra, string calldata strb) external{
+    bytes memory packed = abi.encodePacked(stra, strb);
+  }
+
+  /* Two dynamic types */
+  function bad1(string calldata stra, bytes calldata bytesa) external{
+    bytes memory packed = abi.encodePacked(stra, bytesa);
+  }
+
+  /* Two dynamic types */
+  function bad2(string calldata stra, uint[] calldata arra) external{
+    bytes memory packed = abi.encodePacked(stra, arra);
+  }
+
+  /* Two dynamic types */
+  function bad3_get_hash_for_signature(string calldata name, string calldata doc) external returns (bytes32) {                              
+        return keccak256(abi.encodePacked(name, doc));
+  }
+
+  /* Two dynamic types between non dynamic types */
+  function bad4(bytes calldata a2, bytes calldata a3) external {
+    bytes memory packed = abi.encodePacked(a, a2, a3, a);
+  }
+
+  /* Two dynamic types but static values*/
+  function good0() external{
+    bytes memory packed = abi.encodePacked(str1, str2);
+  }
+
+  /* Two dynamic types but static values*/
+  function good1() external{
+    bytes memory packed = abi.encodePacked(str1, _bytes);
+  }
+
+  /* Two dynamic types but static values*/
+  function good2() external{
+    bytes memory packed = abi.encodePacked(str1, arr);
+  }
+  
+  /* No dynamic types */
+  function good3() external{
+    bytes memory packed = abi.encodePacked(a);
+  }
+
+  /* One dynamic type */
+  function good4() external{
+    bytes memory packed = abi.encodePacked(str1);
+  }
+
+  /* One dynamic type */
+  function good5() external{
+    bytes memory packed = abi.encodePacked(a, str1);
+  }
+
+  /* One dynamic type */
+  function good6() external{
+    bytes memory packed = abi.encodePacked(str1, arr2);
+  }
+
+  /* Two dynamic types but not consecutive*/
+  function good7(string calldata a, uint b, string calldata c) external{
+    bytes memory packed = abi.encodePacked(a, b, c);
+  }
+}
+

tests/e2e/detectors/test_data/incorrect-equality/0.7.6/incorrect_equality.sol

@@ -134,3 +134,27 @@ contract TestSolidityKeyword{
 
 }
 
+interface Receiver {
+    
+}
+contract A {
+    mapping(address => Info) data;
+
+    struct Info {
+        uint a;
+        address b;
+        uint c;
+    }
+    function good(address b) public payable  {
+        data[msg.sender] = Info(block.timestamp, b, msg.value);
+        if (data[msg.sender].b == address(0)) {
+            payable(msg.sender).transfer(data[msg.sender].c);
+        }
+    }
+    function good2(address b) public payable  {
+        data[msg.sender] = Info(block.timestamp, b, msg.value);
+        if (Receiver(data[msg.sender].b) == Receiver(address(0))) {
+            payable(msg.sender).transfer(data[msg.sender].c);
+        }
+    }
+}

tests/e2e/detectors/test_data/incorrect-shift/0.7.6/shift_parameter_mixup.sol

@@ -1,8 +1,9 @@
 contract C { 
 
-    function f() internal returns (uint a) { 
+    function f() internal returns (uint a, uint b) { 
         assembly { 
             a := shr(a, 8) 
+            b := shl(248, 0xff)
         } 
     } 
 } 

tests/e2e/detectors/test_data/incorrect-using-for/0.8.17/IncorrectUsingForTopLevel.sol

@@ -0,0 +1,94 @@
+pragma solidity 0.8.17;
+
+struct S1
+{
+    uint __;
+}
+
+struct S2
+{
+    uint128 __;
+}
+
+enum E1
+{
+    A,
+    B
+}
+
+enum E2
+{
+    A,
+    B
+}
+
+contract C0
+{
+
+}
+
+contract C1 is C0
+{
+
+}
+
+contract C2 is C1
+{
+
+}
+
+contract C3
+{
+
+}
+
+type custom_uint is uint248;
+type custom_int is int248;
+
+library L
+{
+    function f0(C0) public pure {}
+    function f1(bool) public pure {}
+    function f2(string memory) public pure {}
+    function f3(bytes memory) public pure {}
+    function f4(uint248) public pure {}
+    function f5(int248) public pure {}
+    function f6(address) public pure {}
+    function f7(bytes17) public pure {}
+    function f8(S1 memory) public pure {}
+    function f9(E1) public pure {}
+    function f10(mapping(int => uint) storage) public pure {}
+    function f11(string[] memory) public pure {}
+    function f12(bytes[][][] memory) public pure {}
+    function f13(custom_uint) public pure {}
+}
+
+// the following statements are correct
+using L for C2;
+using L for bool;
+using L for string;
+using L for bytes;
+using L for uint240;
+using L for int16;
+using L for address;
+using L for bytes16;
+using L for S1;
+using L for E1;
+using L for mapping(int => uint);
+using L for string[];
+using L for bytes[][][];
+using L for custom_uint;
+
+// the following statements are incorrect
+using L for C3;
+using L for bytes17[];
+using L for uint;
+using L for int;
+using L for bytes18;
+using L for S2;
+using L for E2;
+using L for mapping(int => uint128);
+using L for mapping(int128 => uint);
+using L for string[][];
+using L for bytes[][];
+using L for custom_int;

tests/e2e/detectors/test_data/uninitialized-local/0.4.25/uninitialized_local_variable.sol

@@ -6,4 +6,15 @@ contract Uninitialized{
         return uint_not_init + uint_init;
     }    
 
+    function noreportfor() public {
+        for(uint i; i < 6; i++) { 
+            uint a = i;
+        }
+
+        for(uint j = 0; j < 6; j++) { 
+            uint b = j;
+        }
+
+    }
+
 }

tests/e2e/detectors/test_data/uninitialized-local/0.5.16/uninitialized_local_variable.sol

@@ -6,4 +6,15 @@ contract Uninitialized{
         return uint_not_init + uint_init;
     }    
 
+    function noreportfor() public {
+        for(uint i; i < 6; i++) { 
+            uint a = i;
+        }
+
+        for(uint j = 0; j < 6; j++) { 
+            uint b = j;
+        }
+
+    }
+
 }

tests/e2e/detectors/test_data/uninitialized-local/0.6.11/uninitialized_local_variable.sol

@@ -6,4 +6,15 @@ contract Uninitialized{
         return uint_not_init + uint_init;
     }    
 
+    function noreportfor() public {
+        for(uint i; i < 6; i++) { 
+            uint a = i;
+        }
+
+        for(uint j = 0; j < 6; j++) { 
+            uint b = j;
+        }
+
+    }
+
 }

tests/e2e/detectors/test_data/uninitialized-local/0.7.6/uninitialized_local_variable.sol

@@ -6,4 +6,15 @@ contract Uninitialized{
         return uint_not_init + uint_init;
     }    
 
+    function noreportfor() public {
+        for(uint i; i < 6; i++) { 
+            uint a = i;
+        }
+
+        for(uint j = 0; j < 6; j++) { 
+            uint b = j;
+        }
+
+    }
+
 }

tests/e2e/detectors/test_data/unused-return/0.4.25/unused_return.sol

@@ -8,6 +8,7 @@ library SafeMath{
 
 contract Target{
     function f() public returns(uint);
+    function g() public returns(uint, uint);
 }
 
 contract User{
@@ -26,5 +27,12 @@ contract User{
         // As the value returned by the call is stored
         // (unused local variable should be another issue) 
         uint b = a.add(1);
+
+        t.g();
+
+        (uint c, uint d) = t.g();
+
+        // Detected as unused return
+        (uint e,) = t.g();
     }
 }

tests/e2e/detectors/test_data/unused-return/0.5.16/unused_return.sol

@@ -8,6 +8,7 @@ library SafeMath{
 
 contract Target{
     function f() public returns(uint);
+    function g() public returns(uint, uint);
 }
 
 contract User{
@@ -26,5 +27,12 @@ contract User{
         // As the value returned by the call is stored
         // (unused local variable should be another issue) 
         uint b = a.add(1);
+
+        t.g();
+
+        (uint c, uint d) = t.g();
+
+        // Detected as unused return
+        (uint e,) = t.g();
     }
 }

tests/e2e/detectors/test_data/unused-return/0.6.11/unused_return.sol

@@ -8,6 +8,7 @@ library SafeMath{
 
 abstract contract Target{
     function f() public virtual returns(uint);
+    function g() public virtual returns(uint, uint);
 }
 
 contract User{
@@ -26,5 +27,12 @@ contract User{
         // As the value returned by the call is stored
         // (unused local variable should be another issue) 
         uint b = a.add(1);
+
+        t.g();
+
+        (uint c, uint d) = t.g();
+
+        // Detected as unused return
+        (uint e,) = t.g();
     }
 }

tests/e2e/detectors/test_data/unused-return/0.7.6/unused_return.sol

@@ -8,6 +8,7 @@ library SafeMath{
 
 abstract contract Target{
     function f() public virtual returns(uint);
+    function g() public virtual returns(uint, uint);
 }
 
 contract User{
@@ -26,5 +27,12 @@ contract User{
         // As the value returned by the call is stored
         // (unused local variable should be another issue) 
         uint b = a.add(1);
+
+        t.g();
+
+        (uint c, uint d) = t.g();
+
+        // Detected as unused return
+        (uint e,) = t.g();
     }
 }

tests/e2e/detectors/test_detectors.py

@@ -1644,6 +1644,16 @@ ALL_TEST_OBJECTS = [
         "CacheArrayLength.sol",
         "0.8.17",
     ),
+    Test(
+        all_detectors.IncorrectUsingFor,
+        "IncorrectUsingForTopLevel.sol",
+        "0.8.17",
+    ),
+    Test(
+        all_detectors.EncodePackedCollision,
+        "encode_packed_collision.sol",
+        "0.7.6",
+    ),
 ]
 
 GENERIC_PATH = "/GENERIC_PATH"

tests/e2e/solc_parsing/test_ast_parsing.py

@@ -452,6 +452,7 @@ ALL_TESTS = [
     Test("yul-top-level-0.8.0.sol", ["0.8.0"]),
     Test("complex_imports/import_aliases_issue_1319/test.sol", ["0.5.12"]),
     Test("yul-state-constant-access.sol", ["0.8.16"]),
+    Test("negate-unary-element.sol", ["0.8.16"]),
 ]
 # create the output folder if needed
 try:

tests/e2e/solc_parsing/test_data/assembly-all.sol

@@ -1,5 +1,12 @@
 contract C {
-    function f() public {
+    modifier a() {
+        assembly {
+            let y := 0
+        }
+        _;
+    }
+
+    function f() public a {
         assembly {
             let x := 0
         }