mirror of https://github.com/crytic/slither
commit
5e051ce6e8
@ -0,0 +1,88 @@ |
||||
SHELL := /bin/bash
|
||||
|
||||
PY_MODULE := slither
|
||||
TEST_MODULE := tests
|
||||
|
||||
ALL_PY_SRCS := $(shell find $(PY_MODULE) -name '*.py') \
|
||||
$(shell find test -name '*.py')
|
||||
|
||||
# Optionally overriden by the user, if they're using a virtual environment manager.
|
||||
VENV ?= env
|
||||
|
||||
# On Windows, venv scripts/shims are under `Scripts` instead of `bin`.
|
||||
VENV_BIN := $(VENV)/bin
|
||||
ifeq ($(OS),Windows_NT) |
||||
VENV_BIN := $(VENV)/Scripts
|
||||
endif |
||||
|
||||
# Optionally overridden by the user in the `release` target.
|
||||
BUMP_ARGS :=
|
||||
|
||||
# Optionally overridden by the user in the `test` target.
|
||||
TESTS :=
|
||||
|
||||
# Optionally overridden by the user/CI, to limit the installation to a specific
|
||||
# subset of development dependencies.
|
||||
SLITHER_EXTRA := dev
|
||||
|
||||
# If the user selects a specific test pattern to run, set `pytest` to fail fast
|
||||
# and only run tests that match the pattern.
|
||||
# Otherwise, run all tests and enable coverage assertions, since we expect
|
||||
# complete test coverage.
|
||||
ifneq ($(TESTS),) |
||||
TEST_ARGS := -x -k $(TESTS)
|
||||
COV_ARGS :=
|
||||
else |
||||
TEST_ARGS := -n auto
|
||||
COV_ARGS := # --fail-under 100
|
||||
endif |
||||
|
||||
.PHONY: all |
||||
all: |
||||
@echo "Run my targets individually!"
|
||||
|
||||
.PHONY: dev |
||||
dev: $(VENV)/pyvenv.cfg |
||||
|
||||
.PHONY: run |
||||
run: $(VENV)/pyvenv.cfg |
||||
@. $(VENV_BIN)/activate && slither $(ARGS)
|
||||
|
||||
$(VENV)/pyvenv.cfg: pyproject.toml |
||||
# Create our Python 3 virtual environment
|
||||
python3 -m venv env
|
||||
$(VENV_BIN)/python -m pip install --upgrade pip
|
||||
$(VENV_BIN)/python -m pip install -e .[$(SLITHER_EXTRA)]
|
||||
|
||||
.PHONY: lint |
||||
lint: $(VENV)/pyvenv.cfg |
||||
. $(VENV_BIN)/activate && \
|
||||
black --check . && \
|
||||
pylint $(PY_MODULE) $(TEST_MODULE)
|
||||
# ruff $(ALL_PY_SRCS) && \
|
||||
# mypy $(PY_MODULE) &&
|
||||
|
||||
.PHONY: reformat |
||||
reformat: |
||||
. $(VENV_BIN)/activate && \
|
||||
black .
|
||||
|
||||
.PHONY: test tests |
||||
test tests: $(VENV)/pyvenv.cfg |
||||
. $(VENV_BIN)/activate && \
|
||||
pytest --cov=$(PY_MODULE) $(T) $(TEST_ARGS) && \
|
||||
python -m coverage report -m $(COV_ARGS)
|
||||
|
||||
.PHONY: doc |
||||
doc: $(VENV)/pyvenv.cfg |
||||
. $(VENV_BIN)/activate && \
|
||||
PDOC_ALLOW_EXEC=1 pdoc -o html slither '!slither.tools'
|
||||
|
||||
.PHONY: package |
||||
package: $(VENV)/pyvenv.cfg |
||||
. $(VENV_BIN)/activate && \
|
||||
python3 -m build
|
||||
|
||||
.PHONY: edit |
||||
edit: |
||||
$(EDITOR) $(ALL_PY_SRCS)
|
@ -1,3 +1,9 @@ |
||||
contract A{ |
||||
pragma solidity 0.8.19; |
||||
|
||||
} |
||||
error RevertIt(); |
||||
|
||||
contract Example { |
||||
function reverts() external pure { |
||||
revert RevertIt(); |
||||
} |
||||
} |
@ -1,5 +1,16 @@ |
||||
import "./a.sol"; |
||||
|
||||
contract B is A{ |
||||
pragma solidity 0.8.19; |
||||
|
||||
enum B { |
||||
a, |
||||
b |
||||
} |
||||
|
||||
contract T { |
||||
Example e = new Example(); |
||||
function b() public returns(uint) { |
||||
B b = B.a; |
||||
return 4; |
||||
} |
||||
} |
@ -1 +1,4 @@ |
||||
""" |
||||
.. include:: ../README.md |
||||
""" |
||||
from .slither import Slither |
||||
|
@ -0,0 +1,104 @@ |
||||
""" |
||||
Module detecting usage of more than one dynamic type in abi.encodePacked() arguments which could lead to collision |
||||
""" |
||||
|
||||
from slither.detectors.abstract_detector import AbstractDetector, DetectorClassification |
||||
from slither.core.declarations.solidity_variables import SolidityFunction |
||||
from slither.slithir.operations import SolidityCall |
||||
from slither.analyses.data_dependency.data_dependency import is_tainted |
||||
from slither.core.solidity_types import ElementaryType |
||||
from slither.core.solidity_types import ArrayType |
||||
|
||||
|
||||
def _is_dynamic_type(arg): |
||||
""" |
||||
Args: |
||||
arg (function argument) |
||||
Returns: |
||||
Bool |
||||
""" |
||||
if isinstance(arg.type, ElementaryType) and (arg.type.name in ["string", "bytes"]): |
||||
return True |
||||
if isinstance(arg.type, ArrayType) and arg.type.length is None: |
||||
return True |
||||
|
||||
return False |
||||
|
||||
|
||||
def _detect_abi_encodePacked_collision(contract): |
||||
""" |
||||
Args: |
||||
contract (Contract) |
||||
Returns: |
||||
list((Function), (list (Node))) |
||||
""" |
||||
ret = [] |
||||
# pylint: disable=too-many-nested-blocks |
||||
for f in contract.functions_and_modifiers_declared: |
||||
for n in f.nodes: |
||||
for ir in n.irs: |
||||
if isinstance(ir, SolidityCall) and ir.function == SolidityFunction( |
||||
"abi.encodePacked()" |
||||
): |
||||
dynamic_type_count = 0 |
||||
for arg in ir.arguments: |
||||
if is_tainted(arg, contract) and _is_dynamic_type(arg): |
||||
dynamic_type_count += 1 |
||||
elif dynamic_type_count > 1: |
||||
ret.append((f, n)) |
||||
dynamic_type_count = 0 |
||||
else: |
||||
dynamic_type_count = 0 |
||||
if dynamic_type_count > 1: |
||||
ret.append((f, n)) |
||||
return ret |
||||
|
||||
|
||||
class EncodePackedCollision(AbstractDetector): |
||||
""" |
||||
Detect usage of more than one dynamic type in abi.encodePacked() arguments which could to collision |
||||
""" |
||||
|
||||
ARGUMENT = "encode-packed-collision" |
||||
HELP = "ABI encodePacked Collision" |
||||
IMPACT = DetectorClassification.HIGH |
||||
CONFIDENCE = DetectorClassification.HIGH |
||||
|
||||
WIKI = ( |
||||
"https://github.com/crytic/slither/wiki/Detector-Documentation#abi-encodePacked-collision" |
||||
) |
||||
|
||||
WIKI_TITLE = "ABI encodePacked Collision" |
||||
WIKI_DESCRIPTION = """Detect collision due to dynamic type usages in `abi.encodePacked`""" |
||||
|
||||
WIKI_EXPLOIT_SCENARIO = """ |
||||
```solidity |
||||
contract Sign { |
||||
function get_hash_for_signature(string name, string doc) external returns(bytes32) { |
||||
return keccak256(abi.encodePacked(name, doc)); |
||||
} |
||||
} |
||||
``` |
||||
Bob calls `get_hash_for_signature` with (`bob`, `This is the content`). The hash returned is used as an ID. |
||||
Eve creates a collision with the ID using (`bo`, `bThis is the content`) and compromises the system. |
||||
""" |
||||
WIKI_RECOMMENDATION = """Do not use more than one dynamic type in `abi.encodePacked()` |
||||
(see the [Solidity documentation](https://solidity.readthedocs.io/en/v0.5.10/abi-spec.html?highlight=abi.encodePacked#non-standard-packed-modeDynamic)). |
||||
Use `abi.encode()`, preferably.""" |
||||
|
||||
def _detect(self): |
||||
"""Detect usage of more than one dynamic type in abi.encodePacked(..) arguments which could lead to collision""" |
||||
results = [] |
||||
for c in self.compilation_unit.contracts: |
||||
values = _detect_abi_encodePacked_collision(c) |
||||
for func, node in values: |
||||
info = [ |
||||
func, |
||||
" calls abi.encodePacked() with multiple dynamic arguments:\n\t- ", |
||||
node, |
||||
"\n", |
||||
] |
||||
json = self.generate_result(info) |
||||
results.append(json) |
||||
|
||||
return results |
@ -0,0 +1,79 @@ |
||||
# pylint: disable=redefined-outer-name |
||||
import os |
||||
from pathlib import Path |
||||
import tempfile |
||||
import shutil |
||||
from contextlib import contextmanager |
||||
import pytest |
||||
from filelock import FileLock |
||||
from solc_select import solc_select |
||||
from slither import Slither |
||||
|
||||
|
||||
def pytest_configure(config): |
||||
"""Create a temporary directory for the tests to use.""" |
||||
if is_master(): |
||||
config.stash["shared_directory"] = tempfile.mkdtemp() |
||||
|
||||
|
||||
def pytest_unconfigure(config): |
||||
"""Remove the temporary directory after the tests are done.""" |
||||
if is_master(): |
||||
shutil.rmtree(config.stash["shared_directory"]) |
||||
|
||||
|
||||
def pytest_configure_node(node): |
||||
"""Configure each worker node with the shared directory.""" |
||||
node.workerinput["shared_directory"] = node.config.stash["shared_directory"] |
||||
|
||||
|
||||
def is_master(): |
||||
"""Returns True if the current process is the master process (which does not have a worker id).""" |
||||
return os.environ.get("PYTEST_XDIST_WORKER") is None |
||||
|
||||
|
||||
@pytest.fixture |
||||
def shared_directory(request): |
||||
"""Returns the shared directory for the current process.""" |
||||
if is_master(): |
||||
return request.config.stash["shared_directory"] |
||||
return request.config.workerinput["shared_directory"] |
||||
|
||||
|
||||
@pytest.fixture |
||||
def solc_binary_path(shared_directory): |
||||
""" |
||||
Returns the path to the solc binary for the given version. |
||||
If the binary is not installed, it will be installed. |
||||
""" |
||||
|
||||
def inner(version): |
||||
lock = FileLock(f"{shared_directory}/{version}.lock", timeout=60) |
||||
with lock: |
||||
if not solc_select.artifact_path(version).exists(): |
||||
print("Installing solc version", version) |
||||
solc_select.install_artifacts([version]) |
||||
return solc_select.artifact_path(version).as_posix() |
||||
|
||||
return inner |
||||
|
||||
|
||||
@pytest.fixture |
||||
def slither_from_source(solc_binary_path): |
||||
@contextmanager |
||||
def inner(source_code: str, solc_version: str = "0.8.19"): |
||||
"""Yields a Slither instance using source_code string and solc_version. |
||||
Creates a temporary file and compiles with solc_version. |
||||
""" |
||||
|
||||
fname = "" |
||||
try: |
||||
with tempfile.NamedTemporaryFile(mode="w", suffix=".sol", delete=False) as f: |
||||
fname = f.name |
||||
f.write(source_code) |
||||
solc_path = solc_binary_path(solc_version) |
||||
yield Slither(fname, solc=solc_path) |
||||
finally: |
||||
Path(fname).unlink() |
||||
|
||||
return inner |
@ -0,0 +1,18 @@ |
||||
Function A.bad3() (tests/e2e/detectors/test_data/abiencoderv2-array/0.4.25/storage_ABIEncoderV2_array.sol#39-41) trigger an abi encoding bug: |
||||
- b = abi.encode(s) (tests/e2e/detectors/test_data/abiencoderv2-array/0.4.25/storage_ABIEncoderV2_array.sol#40) |
||||
|
||||
Function A.bad0() (tests/e2e/detectors/test_data/abiencoderv2-array/0.4.25/storage_ABIEncoderV2_array.sol#21-23) trigger an abi encoding bug: |
||||
- this.bad0_external(bad_arr) (tests/e2e/detectors/test_data/abiencoderv2-array/0.4.25/storage_ABIEncoderV2_array.sol#22) |
||||
|
||||
Function A.bad4() (tests/e2e/detectors/test_data/abiencoderv2-array/0.4.25/storage_ABIEncoderV2_array.sol#44-46) trigger an abi encoding bug: |
||||
- event1_bad(bad_arr) (tests/e2e/detectors/test_data/abiencoderv2-array/0.4.25/storage_ABIEncoderV2_array.sol#45) |
||||
|
||||
Function A.bad2() (tests/e2e/detectors/test_data/abiencoderv2-array/0.4.25/storage_ABIEncoderV2_array.sol#34-36) trigger an abi encoding bug: |
||||
- b = abi.encode(bad_arr) (tests/e2e/detectors/test_data/abiencoderv2-array/0.4.25/storage_ABIEncoderV2_array.sol#35) |
||||
|
||||
Function A.bad1(A.S[3]) (tests/e2e/detectors/test_data/abiencoderv2-array/0.4.25/storage_ABIEncoderV2_array.sol#29-31) trigger an abi encoding bug: |
||||
- this.bad1_external(s) (tests/e2e/detectors/test_data/abiencoderv2-array/0.4.25/storage_ABIEncoderV2_array.sol#30) |
||||
|
||||
Function A.bad5() (tests/e2e/detectors/test_data/abiencoderv2-array/0.4.25/storage_ABIEncoderV2_array.sol#49-51) trigger an abi encoding bug: |
||||
- event2_bad(s) (tests/e2e/detectors/test_data/abiencoderv2-array/0.4.25/storage_ABIEncoderV2_array.sol#50) |
||||
|
@ -0,0 +1,18 @@ |
||||
Function A.bad5() (tests/e2e/detectors/test_data/abiencoderv2-array/0.5.9/storage_ABIEncoderV2_array.sol#49-51) trigger an abi encoding bug: |
||||
- event2_bad(s) (tests/e2e/detectors/test_data/abiencoderv2-array/0.5.9/storage_ABIEncoderV2_array.sol#50) |
||||
|
||||
Function A.bad0() (tests/e2e/detectors/test_data/abiencoderv2-array/0.5.9/storage_ABIEncoderV2_array.sol#21-23) trigger an abi encoding bug: |
||||
- this.bad0_external(bad_arr) (tests/e2e/detectors/test_data/abiencoderv2-array/0.5.9/storage_ABIEncoderV2_array.sol#22) |
||||
|
||||
Function A.bad4() (tests/e2e/detectors/test_data/abiencoderv2-array/0.5.9/storage_ABIEncoderV2_array.sol#44-46) trigger an abi encoding bug: |
||||
- event1_bad(bad_arr) (tests/e2e/detectors/test_data/abiencoderv2-array/0.5.9/storage_ABIEncoderV2_array.sol#45) |
||||
|
||||
Function A.bad2() (tests/e2e/detectors/test_data/abiencoderv2-array/0.5.9/storage_ABIEncoderV2_array.sol#34-36) trigger an abi encoding bug: |
||||
- b = abi.encode(bad_arr) (tests/e2e/detectors/test_data/abiencoderv2-array/0.5.9/storage_ABIEncoderV2_array.sol#35) |
||||
|
||||
Function A.bad1(A.S[3]) (tests/e2e/detectors/test_data/abiencoderv2-array/0.5.9/storage_ABIEncoderV2_array.sol#29-31) trigger an abi encoding bug: |
||||
- this.bad1_external(s) (tests/e2e/detectors/test_data/abiencoderv2-array/0.5.9/storage_ABIEncoderV2_array.sol#30) |
||||
|
||||
Function A.bad3() (tests/e2e/detectors/test_data/abiencoderv2-array/0.5.9/storage_ABIEncoderV2_array.sol#39-41) trigger an abi encoding bug: |
||||
- b = abi.encode(s) (tests/e2e/detectors/test_data/abiencoderv2-array/0.5.9/storage_ABIEncoderV2_array.sol#40) |
||||
|
@ -0,0 +1,6 @@ |
||||
C.bad4(address,address,uint256) (tests/e2e/detectors/test_data/arbitrary-send-erc20/0.4.25/arbitrary_send_erc20.sol#65-67) uses arbitrary from in transferFrom: SafeERC20.safeTransferFrom(erc20,from,to,amount) (tests/e2e/detectors/test_data/arbitrary-send-erc20/0.4.25/arbitrary_send_erc20.sol#66) |
||||
|
||||
C.bad1(address,uint256) (tests/e2e/detectors/test_data/arbitrary-send-erc20/0.4.25/arbitrary_send_erc20.sol#35-37) uses arbitrary from in transferFrom: erc20.transferFrom(notsend,to,am) (tests/e2e/detectors/test_data/arbitrary-send-erc20/0.4.25/arbitrary_send_erc20.sol#36) |
||||
|
||||
C.bad3(address,address,uint256) (tests/e2e/detectors/test_data/arbitrary-send-erc20/0.4.25/arbitrary_send_erc20.sol#57-59) uses arbitrary from in transferFrom: erc20.safeTransferFrom(from,to,amount) (tests/e2e/detectors/test_data/arbitrary-send-erc20/0.4.25/arbitrary_send_erc20.sol#58) |
||||
|
@ -0,0 +1,6 @@ |
||||
C.bad4(address,address,uint256) (tests/e2e/detectors/test_data/arbitrary-send-erc20/0.5.16/arbitrary_send_erc20.sol#65-67) uses arbitrary from in transferFrom: SafeERC20.safeTransferFrom(erc20,from,to,amount) (tests/e2e/detectors/test_data/arbitrary-send-erc20/0.5.16/arbitrary_send_erc20.sol#66) |
||||
|
||||
C.bad3(address,address,uint256) (tests/e2e/detectors/test_data/arbitrary-send-erc20/0.5.16/arbitrary_send_erc20.sol#57-59) uses arbitrary from in transferFrom: erc20.safeTransferFrom(from,to,amount) (tests/e2e/detectors/test_data/arbitrary-send-erc20/0.5.16/arbitrary_send_erc20.sol#58) |
||||
|
||||
C.bad1(address,uint256) (tests/e2e/detectors/test_data/arbitrary-send-erc20/0.5.16/arbitrary_send_erc20.sol#35-37) uses arbitrary from in transferFrom: erc20.transferFrom(notsend,to,am) (tests/e2e/detectors/test_data/arbitrary-send-erc20/0.5.16/arbitrary_send_erc20.sol#36) |
||||
|
@ -0,0 +1,6 @@ |
||||
C.bad1(address,uint256) (tests/e2e/detectors/test_data/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol#35-37) uses arbitrary from in transferFrom: erc20.transferFrom(notsend,to,am) (tests/e2e/detectors/test_data/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol#36) |
||||
|
||||
C.bad3(address,address,uint256) (tests/e2e/detectors/test_data/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol#57-59) uses arbitrary from in transferFrom: erc20.safeTransferFrom(from,to,amount) (tests/e2e/detectors/test_data/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol#58) |
||||
|
||||
C.bad4(address,address,uint256) (tests/e2e/detectors/test_data/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol#65-67) uses arbitrary from in transferFrom: SafeERC20.safeTransferFrom(erc20,from,to,amount) (tests/e2e/detectors/test_data/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol#66) |
||||
|
@ -0,0 +1,6 @@ |
||||
C.bad4(address,address,uint256) (tests/e2e/detectors/test_data/arbitrary-send-erc20/0.7.6/arbitrary_send_erc20.sol#65-67) uses arbitrary from in transferFrom: SafeERC20.safeTransferFrom(erc20,from,to,amount) (tests/e2e/detectors/test_data/arbitrary-send-erc20/0.7.6/arbitrary_send_erc20.sol#66) |
||||
|
||||
C.bad3(address,address,uint256) (tests/e2e/detectors/test_data/arbitrary-send-erc20/0.7.6/arbitrary_send_erc20.sol#57-59) uses arbitrary from in transferFrom: erc20.safeTransferFrom(from,to,amount) (tests/e2e/detectors/test_data/arbitrary-send-erc20/0.7.6/arbitrary_send_erc20.sol#58) |
||||
|
||||
C.bad1(address,uint256) (tests/e2e/detectors/test_data/arbitrary-send-erc20/0.7.6/arbitrary_send_erc20.sol#35-37) uses arbitrary from in transferFrom: erc20.transferFrom(notsend,to,am) (tests/e2e/detectors/test_data/arbitrary-send-erc20/0.7.6/arbitrary_send_erc20.sol#36) |
||||
|
@ -0,0 +1,2 @@ |
||||
T.bad(address) (tests/e2e/detectors/test_data/arbitrary-send-erc20/0.8.0/arbitrary_send_erc20_inheritance.sol#11-13) uses arbitrary from in transferFrom: erc20.safeTransferFrom(from,address(0x1),90) (tests/e2e/detectors/test_data/arbitrary-send-erc20/0.8.0/arbitrary_send_erc20_inheritance.sol#12) |
||||
|
@ -0,0 +1,6 @@ |
||||
C.bad1(address,uint256) (tests/e2e/detectors/test_data/arbitrary-send-erc20/0.8.0/arbitrary_send_erc20.sol#35-37) uses arbitrary from in transferFrom: erc20.transferFrom(notsend,to,am) (tests/e2e/detectors/test_data/arbitrary-send-erc20/0.8.0/arbitrary_send_erc20.sol#36) |
||||
|
||||
C.bad3(address,address,uint256) (tests/e2e/detectors/test_data/arbitrary-send-erc20/0.8.0/arbitrary_send_erc20.sol#57-59) uses arbitrary from in transferFrom: erc20.safeTransferFrom(from,to,amount) (tests/e2e/detectors/test_data/arbitrary-send-erc20/0.8.0/arbitrary_send_erc20.sol#58) |
||||
|
||||
C.bad4(address,address,uint256) (tests/e2e/detectors/test_data/arbitrary-send-erc20/0.8.0/arbitrary_send_erc20.sol#65-67) uses arbitrary from in transferFrom: SafeERC20.safeTransferFrom(erc20,from,to,amount) (tests/e2e/detectors/test_data/arbitrary-send-erc20/0.8.0/arbitrary_send_erc20.sol#66) |
||||
|
@ -0,0 +1,8 @@ |
||||
C.int_transferFrom(address,uint256,uint256,uint8,bytes32,bytes32,address) (tests/e2e/detectors/test_data/arbitrary-send-erc20-permit/0.4.25/arbitrary_send_erc20_permit.sol#42-45) uses arbitrary from in transferFrom in combination with permit: erc20.transferFrom(from,to,value) (tests/e2e/detectors/test_data/arbitrary-send-erc20-permit/0.4.25/arbitrary_send_erc20_permit.sol#44) |
||||
|
||||
C.bad3(address,uint256,uint256,uint8,bytes32,bytes32,address) (tests/e2e/detectors/test_data/arbitrary-send-erc20-permit/0.4.25/arbitrary_send_erc20_permit.sol#47-50) uses arbitrary from in transferFrom in combination with permit: erc20.safeTransferFrom(from,to,value) (tests/e2e/detectors/test_data/arbitrary-send-erc20-permit/0.4.25/arbitrary_send_erc20_permit.sol#49) |
||||
|
||||
C.bad4(address,uint256,uint256,uint8,bytes32,bytes32,address) (tests/e2e/detectors/test_data/arbitrary-send-erc20-permit/0.4.25/arbitrary_send_erc20_permit.sol#52-55) uses arbitrary from in transferFrom in combination with permit: SafeERC20.safeTransferFrom(erc20,from,to,value) (tests/e2e/detectors/test_data/arbitrary-send-erc20-permit/0.4.25/arbitrary_send_erc20_permit.sol#54) |
||||
|
||||
C.bad1(address,uint256,uint256,uint8,bytes32,bytes32,address) (tests/e2e/detectors/test_data/arbitrary-send-erc20-permit/0.4.25/arbitrary_send_erc20_permit.sol#32-35) uses arbitrary from in transferFrom in combination with permit: erc20.transferFrom(from,to,value) (tests/e2e/detectors/test_data/arbitrary-send-erc20-permit/0.4.25/arbitrary_send_erc20_permit.sol#34) |
||||
|
@ -0,0 +1,8 @@ |
||||
C.int_transferFrom(address,uint256,uint256,uint8,bytes32,bytes32,address) (tests/e2e/detectors/test_data/arbitrary-send-erc20-permit/0.5.16/arbitrary_send_erc20_permit.sol#42-45) uses arbitrary from in transferFrom in combination with permit: erc20.transferFrom(from,to,value) (tests/e2e/detectors/test_data/arbitrary-send-erc20-permit/0.5.16/arbitrary_send_erc20_permit.sol#44) |
||||
|
||||
C.bad4(address,uint256,uint256,uint8,bytes32,bytes32,address) (tests/e2e/detectors/test_data/arbitrary-send-erc20-permit/0.5.16/arbitrary_send_erc20_permit.sol#52-55) uses arbitrary from in transferFrom in combination with permit: SafeERC20.safeTransferFrom(erc20,from,to,value) (tests/e2e/detectors/test_data/arbitrary-send-erc20-permit/0.5.16/arbitrary_send_erc20_permit.sol#54) |
||||
|
||||
C.bad3(address,uint256,uint256,uint8,bytes32,bytes32,address) (tests/e2e/detectors/test_data/arbitrary-send-erc20-permit/0.5.16/arbitrary_send_erc20_permit.sol#47-50) uses arbitrary from in transferFrom in combination with permit: erc20.safeTransferFrom(from,to,value) (tests/e2e/detectors/test_data/arbitrary-send-erc20-permit/0.5.16/arbitrary_send_erc20_permit.sol#49) |
||||
|
||||
C.bad1(address,uint256,uint256,uint8,bytes32,bytes32,address) (tests/e2e/detectors/test_data/arbitrary-send-erc20-permit/0.5.16/arbitrary_send_erc20_permit.sol#32-35) uses arbitrary from in transferFrom in combination with permit: erc20.transferFrom(from,to,value) (tests/e2e/detectors/test_data/arbitrary-send-erc20-permit/0.5.16/arbitrary_send_erc20_permit.sol#34) |
||||
|
@ -0,0 +1,8 @@ |
||||
C.bad3(address,uint256,uint256,uint8,bytes32,bytes32,address) (tests/e2e/detectors/test_data/arbitrary-send-erc20-permit/0.6.11/arbitrary_send_erc20_permit.sol#47-50) uses arbitrary from in transferFrom in combination with permit: erc20.safeTransferFrom(from,to,value) (tests/e2e/detectors/test_data/arbitrary-send-erc20-permit/0.6.11/arbitrary_send_erc20_permit.sol#49) |
||||
|
||||
C.bad4(address,uint256,uint256,uint8,bytes32,bytes32,address) (tests/e2e/detectors/test_data/arbitrary-send-erc20-permit/0.6.11/arbitrary_send_erc20_permit.sol#52-55) uses arbitrary from in transferFrom in combination with permit: SafeERC20.safeTransferFrom(erc20,from,to,value) (tests/e2e/detectors/test_data/arbitrary-send-erc20-permit/0.6.11/arbitrary_send_erc20_permit.sol#54) |
||||
|
||||
C.int_transferFrom(address,uint256,uint256,uint8,bytes32,bytes32,address) (tests/e2e/detectors/test_data/arbitrary-send-erc20-permit/0.6.11/arbitrary_send_erc20_permit.sol#42-45) uses arbitrary from in transferFrom in combination with permit: erc20.transferFrom(from,to,value) (tests/e2e/detectors/test_data/arbitrary-send-erc20-permit/0.6.11/arbitrary_send_erc20_permit.sol#44) |
||||
|
||||
C.bad1(address,uint256,uint256,uint8,bytes32,bytes32,address) (tests/e2e/detectors/test_data/arbitrary-send-erc20-permit/0.6.11/arbitrary_send_erc20_permit.sol#32-35) uses arbitrary from in transferFrom in combination with permit: erc20.transferFrom(from,to,value) (tests/e2e/detectors/test_data/arbitrary-send-erc20-permit/0.6.11/arbitrary_send_erc20_permit.sol#34) |
||||
|
@ -0,0 +1,8 @@ |
||||
C.int_transferFrom(address,uint256,uint256,uint8,bytes32,bytes32,address) (tests/e2e/detectors/test_data/arbitrary-send-erc20-permit/0.7.6/arbitrary_send_erc20_permit.sol#42-45) uses arbitrary from in transferFrom in combination with permit: erc20.transferFrom(from,to,value) (tests/e2e/detectors/test_data/arbitrary-send-erc20-permit/0.7.6/arbitrary_send_erc20_permit.sol#44) |
||||
|
||||
C.bad1(address,uint256,uint256,uint8,bytes32,bytes32,address) (tests/e2e/detectors/test_data/arbitrary-send-erc20-permit/0.7.6/arbitrary_send_erc20_permit.sol#32-35) uses arbitrary from in transferFrom in combination with permit: erc20.transferFrom(from,to,value) (tests/e2e/detectors/test_data/arbitrary-send-erc20-permit/0.7.6/arbitrary_send_erc20_permit.sol#34) |
||||
|
||||
C.bad4(address,uint256,uint256,uint8,bytes32,bytes32,address) (tests/e2e/detectors/test_data/arbitrary-send-erc20-permit/0.7.6/arbitrary_send_erc20_permit.sol#52-55) uses arbitrary from in transferFrom in combination with permit: SafeERC20.safeTransferFrom(erc20,from,to,value) (tests/e2e/detectors/test_data/arbitrary-send-erc20-permit/0.7.6/arbitrary_send_erc20_permit.sol#54) |
||||
|
||||
C.bad3(address,uint256,uint256,uint8,bytes32,bytes32,address) (tests/e2e/detectors/test_data/arbitrary-send-erc20-permit/0.7.6/arbitrary_send_erc20_permit.sol#47-50) uses arbitrary from in transferFrom in combination with permit: erc20.safeTransferFrom(from,to,value) (tests/e2e/detectors/test_data/arbitrary-send-erc20-permit/0.7.6/arbitrary_send_erc20_permit.sol#49) |
||||
|
@ -0,0 +1,8 @@ |
||||
C.bad3(address,uint256,uint256,uint8,bytes32,bytes32,address) (tests/e2e/detectors/test_data/arbitrary-send-erc20-permit/0.8.0/arbitrary_send_erc20_permit.sol#47-50) uses arbitrary from in transferFrom in combination with permit: erc20.safeTransferFrom(from,to,value) (tests/e2e/detectors/test_data/arbitrary-send-erc20-permit/0.8.0/arbitrary_send_erc20_permit.sol#49) |
||||
|
||||
C.bad4(address,uint256,uint256,uint8,bytes32,bytes32,address) (tests/e2e/detectors/test_data/arbitrary-send-erc20-permit/0.8.0/arbitrary_send_erc20_permit.sol#52-55) uses arbitrary from in transferFrom in combination with permit: SafeERC20.safeTransferFrom(erc20,from,to,value) (tests/e2e/detectors/test_data/arbitrary-send-erc20-permit/0.8.0/arbitrary_send_erc20_permit.sol#54) |
||||
|
||||
C.int_transferFrom(address,uint256,uint256,uint8,bytes32,bytes32,address) (tests/e2e/detectors/test_data/arbitrary-send-erc20-permit/0.8.0/arbitrary_send_erc20_permit.sol#42-45) uses arbitrary from in transferFrom in combination with permit: erc20.transferFrom(from,to,value) (tests/e2e/detectors/test_data/arbitrary-send-erc20-permit/0.8.0/arbitrary_send_erc20_permit.sol#44) |
||||
|
||||
C.bad1(address,uint256,uint256,uint8,bytes32,bytes32,address) (tests/e2e/detectors/test_data/arbitrary-send-erc20-permit/0.8.0/arbitrary_send_erc20_permit.sol#32-35) uses arbitrary from in transferFrom in combination with permit: erc20.transferFrom(from,to,value) (tests/e2e/detectors/test_data/arbitrary-send-erc20-permit/0.8.0/arbitrary_send_erc20_permit.sol#34) |
||||
|
@ -0,0 +1,8 @@ |
||||
Test.indirect() (tests/e2e/detectors/test_data/arbitrary-send-eth/0.4.25/arbitrary_send_eth.sol#19-21) sends eth to arbitrary user |
||||
Dangerous calls: |
||||
- destination.send(address(this).balance) (tests/e2e/detectors/test_data/arbitrary-send-eth/0.4.25/arbitrary_send_eth.sol#20) |
||||
|
||||
Test.direct() (tests/e2e/detectors/test_data/arbitrary-send-eth/0.4.25/arbitrary_send_eth.sol#11-13) sends eth to arbitrary user |
||||
Dangerous calls: |
||||
- msg.sender.send(address(this).balance) (tests/e2e/detectors/test_data/arbitrary-send-eth/0.4.25/arbitrary_send_eth.sol#12) |
||||
|
@ -0,0 +1,8 @@ |
||||
Test.direct() (tests/e2e/detectors/test_data/arbitrary-send-eth/0.5.16/arbitrary_send_eth.sol#11-13) sends eth to arbitrary user |
||||
Dangerous calls: |
||||
- msg.sender.send(address(this).balance) (tests/e2e/detectors/test_data/arbitrary-send-eth/0.5.16/arbitrary_send_eth.sol#12) |
||||
|
||||
Test.indirect() (tests/e2e/detectors/test_data/arbitrary-send-eth/0.5.16/arbitrary_send_eth.sol#19-21) sends eth to arbitrary user |
||||
Dangerous calls: |
||||
- destination.send(address(this).balance) (tests/e2e/detectors/test_data/arbitrary-send-eth/0.5.16/arbitrary_send_eth.sol#20) |
||||
|
@ -0,0 +1,8 @@ |
||||
Test.indirect() (tests/e2e/detectors/test_data/arbitrary-send-eth/0.6.11/arbitrary_send_eth.sol#19-21) sends eth to arbitrary user |
||||
Dangerous calls: |
||||
- destination.send(address(this).balance) (tests/e2e/detectors/test_data/arbitrary-send-eth/0.6.11/arbitrary_send_eth.sol#20) |
||||
|
||||
Test.direct() (tests/e2e/detectors/test_data/arbitrary-send-eth/0.6.11/arbitrary_send_eth.sol#11-13) sends eth to arbitrary user |
||||
Dangerous calls: |
||||
- msg.sender.send(address(this).balance) (tests/e2e/detectors/test_data/arbitrary-send-eth/0.6.11/arbitrary_send_eth.sol#12) |
||||
|
@ -0,0 +1,8 @@ |
||||
Test.direct() (tests/e2e/detectors/test_data/arbitrary-send-eth/0.7.6/arbitrary_send_eth.sol#11-13) sends eth to arbitrary user |
||||
Dangerous calls: |
||||
- msg.sender.send(address(this).balance) (tests/e2e/detectors/test_data/arbitrary-send-eth/0.7.6/arbitrary_send_eth.sol#12) |
||||
|
||||
Test.indirect() (tests/e2e/detectors/test_data/arbitrary-send-eth/0.7.6/arbitrary_send_eth.sol#19-21) sends eth to arbitrary user |
||||
Dangerous calls: |
||||
- destination.send(address(this).balance) (tests/e2e/detectors/test_data/arbitrary-send-eth/0.7.6/arbitrary_send_eth.sol#20) |
||||
|
@ -0,0 +1,12 @@ |
||||
D.f() (tests/e2e/detectors/test_data/array-by-reference/0.4.25/array_by_reference.sol#42-48) passes array D.x (tests/e2e/detectors/test_data/array-by-reference/0.4.25/array_by_reference.sol#39)by reference to C.setByValueAndReturn(uint256[1]) (tests/e2e/detectors/test_data/array-by-reference/0.4.25/array_by_reference.sol#25-28)which only takes arrays by value |
||||
|
||||
D.f() (tests/e2e/detectors/test_data/array-by-reference/0.4.25/array_by_reference.sol#42-48) passes array D.x (tests/e2e/detectors/test_data/array-by-reference/0.4.25/array_by_reference.sol#39)by reference to C.setByValue(uint256[1]) (tests/e2e/detectors/test_data/array-by-reference/0.4.25/array_by_reference.sol#21-23)which only takes arrays by value |
||||
|
||||
C.f() (tests/e2e/detectors/test_data/array-by-reference/0.4.25/array_by_reference.sol#4-8) passes array C.x (tests/e2e/detectors/test_data/array-by-reference/0.4.25/array_by_reference.sol#2)by reference to C.setByValue(uint256[1]) (tests/e2e/detectors/test_data/array-by-reference/0.4.25/array_by_reference.sol#21-23)which only takes arrays by value |
||||
|
||||
C.f() (tests/e2e/detectors/test_data/array-by-reference/0.4.25/array_by_reference.sol#4-8) passes array C.x (tests/e2e/detectors/test_data/array-by-reference/0.4.25/array_by_reference.sol#2)by reference to C.setByValueAndReturn(uint256[1]) (tests/e2e/detectors/test_data/array-by-reference/0.4.25/array_by_reference.sol#25-28)which only takes arrays by value |
||||
|
||||
C.g() (tests/e2e/detectors/test_data/array-by-reference/0.4.25/array_by_reference.sol#10-15) passes array C.g().y (tests/e2e/detectors/test_data/array-by-reference/0.4.25/array_by_reference.sol#11)by reference to C.setByValueAndReturn(uint256[1]) (tests/e2e/detectors/test_data/array-by-reference/0.4.25/array_by_reference.sol#25-28)which only takes arrays by value |
||||
|
||||
C.g() (tests/e2e/detectors/test_data/array-by-reference/0.4.25/array_by_reference.sol#10-15) passes array C.g().y (tests/e2e/detectors/test_data/array-by-reference/0.4.25/array_by_reference.sol#11)by reference to C.setByValue(uint256[1]) (tests/e2e/detectors/test_data/array-by-reference/0.4.25/array_by_reference.sol#21-23)which only takes arrays by value |
||||
|
@ -0,0 +1,12 @@ |
||||
D.f() (tests/e2e/detectors/test_data/array-by-reference/0.5.16/array_by_reference.sol#42-48) passes array D.x (tests/e2e/detectors/test_data/array-by-reference/0.5.16/array_by_reference.sol#39)by reference to C.setByValueAndReturn(uint256[1]) (tests/e2e/detectors/test_data/array-by-reference/0.5.16/array_by_reference.sol#25-28)which only takes arrays by value |
||||
|
||||
D.f() (tests/e2e/detectors/test_data/array-by-reference/0.5.16/array_by_reference.sol#42-48) passes array D.x (tests/e2e/detectors/test_data/array-by-reference/0.5.16/array_by_reference.sol#39)by reference to C.setByValue(uint256[1]) (tests/e2e/detectors/test_data/array-by-reference/0.5.16/array_by_reference.sol#21-23)which only takes arrays by value |
||||
|
||||
C.f() (tests/e2e/detectors/test_data/array-by-reference/0.5.16/array_by_reference.sol#4-8) passes array C.x (tests/e2e/detectors/test_data/array-by-reference/0.5.16/array_by_reference.sol#2)by reference to C.setByValue(uint256[1]) (tests/e2e/detectors/test_data/array-by-reference/0.5.16/array_by_reference.sol#21-23)which only takes arrays by value |
||||
|
||||
C.f() (tests/e2e/detectors/test_data/array-by-reference/0.5.16/array_by_reference.sol#4-8) passes array C.x (tests/e2e/detectors/test_data/array-by-reference/0.5.16/array_by_reference.sol#2)by reference to C.setByValueAndReturn(uint256[1]) (tests/e2e/detectors/test_data/array-by-reference/0.5.16/array_by_reference.sol#25-28)which only takes arrays by value |
||||
|
||||
C.g() (tests/e2e/detectors/test_data/array-by-reference/0.5.16/array_by_reference.sol#10-15) passes array C.g().y (tests/e2e/detectors/test_data/array-by-reference/0.5.16/array_by_reference.sol#11)by reference to C.setByValueAndReturn(uint256[1]) (tests/e2e/detectors/test_data/array-by-reference/0.5.16/array_by_reference.sol#25-28)which only takes arrays by value |
||||
|
||||
C.g() (tests/e2e/detectors/test_data/array-by-reference/0.5.16/array_by_reference.sol#10-15) passes array C.g().y (tests/e2e/detectors/test_data/array-by-reference/0.5.16/array_by_reference.sol#11)by reference to C.setByValue(uint256[1]) (tests/e2e/detectors/test_data/array-by-reference/0.5.16/array_by_reference.sol#21-23)which only takes arrays by value |
||||
|
@ -0,0 +1,12 @@ |
||||
D.f() (tests/e2e/detectors/test_data/array-by-reference/0.6.11/array_by_reference.sol#42-48) passes array D.x (tests/e2e/detectors/test_data/array-by-reference/0.6.11/array_by_reference.sol#39)by reference to C.setByValueAndReturn(uint256[1]) (tests/e2e/detectors/test_data/array-by-reference/0.6.11/array_by_reference.sol#25-28)which only takes arrays by value |
||||
|
||||
D.f() (tests/e2e/detectors/test_data/array-by-reference/0.6.11/array_by_reference.sol#42-48) passes array D.x (tests/e2e/detectors/test_data/array-by-reference/0.6.11/array_by_reference.sol#39)by reference to C.setByValue(uint256[1]) (tests/e2e/detectors/test_data/array-by-reference/0.6.11/array_by_reference.sol#21-23)which only takes arrays by value |
||||
|
||||
C.f() (tests/e2e/detectors/test_data/array-by-reference/0.6.11/array_by_reference.sol#4-8) passes array C.x (tests/e2e/detectors/test_data/array-by-reference/0.6.11/array_by_reference.sol#2)by reference to C.setByValue(uint256[1]) (tests/e2e/detectors/test_data/array-by-reference/0.6.11/array_by_reference.sol#21-23)which only takes arrays by value |
||||
|
||||
C.f() (tests/e2e/detectors/test_data/array-by-reference/0.6.11/array_by_reference.sol#4-8) passes array C.x (tests/e2e/detectors/test_data/array-by-reference/0.6.11/array_by_reference.sol#2)by reference to C.setByValueAndReturn(uint256[1]) (tests/e2e/detectors/test_data/array-by-reference/0.6.11/array_by_reference.sol#25-28)which only takes arrays by value |
||||
|
||||
C.g() (tests/e2e/detectors/test_data/array-by-reference/0.6.11/array_by_reference.sol#10-15) passes array C.g().y (tests/e2e/detectors/test_data/array-by-reference/0.6.11/array_by_reference.sol#11)by reference to C.setByValueAndReturn(uint256[1]) (tests/e2e/detectors/test_data/array-by-reference/0.6.11/array_by_reference.sol#25-28)which only takes arrays by value |
||||
|
||||
C.g() (tests/e2e/detectors/test_data/array-by-reference/0.6.11/array_by_reference.sol#10-15) passes array C.g().y (tests/e2e/detectors/test_data/array-by-reference/0.6.11/array_by_reference.sol#11)by reference to C.setByValue(uint256[1]) (tests/e2e/detectors/test_data/array-by-reference/0.6.11/array_by_reference.sol#21-23)which only takes arrays by value |
||||
|
@ -0,0 +1,12 @@ |
||||
D.f() (tests/e2e/detectors/test_data/array-by-reference/0.7.6/array_by_reference.sol#42-48) passes array D.x (tests/e2e/detectors/test_data/array-by-reference/0.7.6/array_by_reference.sol#39)by reference to C.setByValueAndReturn(uint256[1]) (tests/e2e/detectors/test_data/array-by-reference/0.7.6/array_by_reference.sol#25-28)which only takes arrays by value |
||||
|
||||
D.f() (tests/e2e/detectors/test_data/array-by-reference/0.7.6/array_by_reference.sol#42-48) passes array D.x (tests/e2e/detectors/test_data/array-by-reference/0.7.6/array_by_reference.sol#39)by reference to C.setByValue(uint256[1]) (tests/e2e/detectors/test_data/array-by-reference/0.7.6/array_by_reference.sol#21-23)which only takes arrays by value |
||||
|
||||
C.f() (tests/e2e/detectors/test_data/array-by-reference/0.7.6/array_by_reference.sol#4-8) passes array C.x (tests/e2e/detectors/test_data/array-by-reference/0.7.6/array_by_reference.sol#2)by reference to C.setByValue(uint256[1]) (tests/e2e/detectors/test_data/array-by-reference/0.7.6/array_by_reference.sol#21-23)which only takes arrays by value |
||||
|
||||
C.f() (tests/e2e/detectors/test_data/array-by-reference/0.7.6/array_by_reference.sol#4-8) passes array C.x (tests/e2e/detectors/test_data/array-by-reference/0.7.6/array_by_reference.sol#2)by reference to C.setByValueAndReturn(uint256[1]) (tests/e2e/detectors/test_data/array-by-reference/0.7.6/array_by_reference.sol#25-28)which only takes arrays by value |
||||
|
||||
C.g() (tests/e2e/detectors/test_data/array-by-reference/0.7.6/array_by_reference.sol#10-15) passes array C.g().y (tests/e2e/detectors/test_data/array-by-reference/0.7.6/array_by_reference.sol#11)by reference to C.setByValueAndReturn(uint256[1]) (tests/e2e/detectors/test_data/array-by-reference/0.7.6/array_by_reference.sol#25-28)which only takes arrays by value |
||||
|
||||
C.g() (tests/e2e/detectors/test_data/array-by-reference/0.7.6/array_by_reference.sol#10-15) passes array C.g().y (tests/e2e/detectors/test_data/array-by-reference/0.7.6/array_by_reference.sol#11)by reference to C.setByValue(uint256[1]) (tests/e2e/detectors/test_data/array-by-reference/0.7.6/array_by_reference.sol#21-23)which only takes arrays by value |
||||
|
@ -0,0 +1,9 @@ |
||||
ArrayLengthAssignment (tests/e2e/detectors/test_data/controlled-array-length/0.4.25/array_length_assignment.sol#1-46) contract sets array length with a user-controlled value: |
||||
- b.subStruct.x.length = param + 1 (tests/e2e/detectors/test_data/controlled-array-length/0.4.25/array_length_assignment.sol#41) |
||||
|
||||
ArrayLengthAssignment (tests/e2e/detectors/test_data/controlled-array-length/0.4.25/array_length_assignment.sol#1-46) contract sets array length with a user-controlled value: |
||||
- a.x.length = param (tests/e2e/detectors/test_data/controlled-array-length/0.4.25/array_length_assignment.sol#36) |
||||
|
||||
ArrayLengthAssignment (tests/e2e/detectors/test_data/controlled-array-length/0.4.25/array_length_assignment.sol#1-46) contract sets array length with a user-controlled value: |
||||
- arr.length = param (tests/e2e/detectors/test_data/controlled-array-length/0.4.25/array_length_assignment.sol#26) |
||||
|
@ -0,0 +1,9 @@ |
||||
ArrayLengthAssignment (tests/e2e/detectors/test_data/controlled-array-length/0.5.16/array_length_assignment.sol#1-46) contract sets array length with a user-controlled value: |
||||
- b.subStruct.x.length = param + 1 (tests/e2e/detectors/test_data/controlled-array-length/0.5.16/array_length_assignment.sol#41) |
||||
|
||||
ArrayLengthAssignment (tests/e2e/detectors/test_data/controlled-array-length/0.5.16/array_length_assignment.sol#1-46) contract sets array length with a user-controlled value: |
||||
- a.x.length = param (tests/e2e/detectors/test_data/controlled-array-length/0.5.16/array_length_assignment.sol#36) |
||||
|
||||
ArrayLengthAssignment (tests/e2e/detectors/test_data/controlled-array-length/0.5.16/array_length_assignment.sol#1-46) contract sets array length with a user-controlled value: |
||||
- arr.length = param (tests/e2e/detectors/test_data/controlled-array-length/0.5.16/array_length_assignment.sol#26) |
||||
|
@ -0,0 +1,3 @@ |
||||
GetCode.at(address) (tests/e2e/detectors/test_data/assembly/0.4.25/inline_assembly_contract.sol#6-20) uses assembly |
||||
- INLINE ASM (tests/e2e/detectors/test_data/assembly/0.4.25/inline_assembly_contract.sol#7-20) |
||||
|
@ -0,0 +1,6 @@ |
||||
VectorSum.sumPureAsm(uint256[]) (tests/e2e/detectors/test_data/assembly/0.4.25/inline_assembly_library.sol#25-47) uses assembly |
||||
- INLINE ASM (tests/e2e/detectors/test_data/assembly/0.4.25/inline_assembly_library.sol#26-47) |
||||
|
||||
VectorSum.sumAsm(uint256[]) (tests/e2e/detectors/test_data/assembly/0.4.25/inline_assembly_library.sol#16-22) uses assembly |
||||
- INLINE ASM (tests/e2e/detectors/test_data/assembly/0.4.25/inline_assembly_library.sol#18-21) |
||||
|
@ -0,0 +1,3 @@ |
||||
GetCode.at(address) (tests/e2e/detectors/test_data/assembly/0.5.16/inline_assembly_contract.sol#6-20) uses assembly |
||||
- INLINE ASM (tests/e2e/detectors/test_data/assembly/0.5.16/inline_assembly_contract.sol#7-19) |
||||
|
@ -0,0 +1,6 @@ |
||||
VectorSum.sumAsm(uint256[]) (tests/e2e/detectors/test_data/assembly/0.5.16/inline_assembly_library.sol#16-22) uses assembly |
||||
- INLINE ASM (tests/e2e/detectors/test_data/assembly/0.5.16/inline_assembly_library.sol#18-20) |
||||
|
||||
VectorSum.sumPureAsm(uint256[]) (tests/e2e/detectors/test_data/assembly/0.5.16/inline_assembly_library.sol#25-47) uses assembly |
||||
- INLINE ASM (tests/e2e/detectors/test_data/assembly/0.5.16/inline_assembly_library.sol#26-46) |
||||
|
@ -0,0 +1,3 @@ |
||||
GetCode.at(address) (tests/e2e/detectors/test_data/assembly/0.6.11/inline_assembly_contract.sol#4-18) uses assembly |
||||
- INLINE ASM (tests/e2e/detectors/test_data/assembly/0.6.11/inline_assembly_contract.sol#5-17) |
||||
|
@ -0,0 +1,6 @@ |
||||
VectorSum.sumAsm(uint256[]) (tests/e2e/detectors/test_data/assembly/0.6.11/inline_assembly_library.sol#14-20) uses assembly |
||||
- INLINE ASM (tests/e2e/detectors/test_data/assembly/0.6.11/inline_assembly_library.sol#16-18) |
||||
|
||||
VectorSum.sumPureAsm(uint256[]) (tests/e2e/detectors/test_data/assembly/0.6.11/inline_assembly_library.sol#23-45) uses assembly |
||||
- INLINE ASM (tests/e2e/detectors/test_data/assembly/0.6.11/inline_assembly_library.sol#24-44) |
||||
|
@ -0,0 +1,3 @@ |
||||
GetCode.at(address) (tests/e2e/detectors/test_data/assembly/0.7.6/inline_assembly_contract.sol#4-18) uses assembly |
||||
- INLINE ASM (tests/e2e/detectors/test_data/assembly/0.7.6/inline_assembly_contract.sol#5-17) |
||||
|
@ -0,0 +1,6 @@ |
||||
VectorSum.sumAsm(uint256[]) (tests/e2e/detectors/test_data/assembly/0.7.6/inline_assembly_library.sol#14-20) uses assembly |
||||
- INLINE ASM (tests/e2e/detectors/test_data/assembly/0.7.6/inline_assembly_library.sol#16-18) |
||||
|
||||
VectorSum.sumPureAsm(uint256[]) (tests/e2e/detectors/test_data/assembly/0.7.6/inline_assembly_library.sol#23-45) uses assembly |
||||
- INLINE ASM (tests/e2e/detectors/test_data/assembly/0.7.6/inline_assembly_library.sol#24-44) |
||||
|
@ -0,0 +1,12 @@ |
||||
A.bad2() (tests/e2e/detectors/test_data/assert-state-change/0.4.25/assert_state_change.sol#19-21) has an assert() call which possibly changes state. |
||||
-assert(bool)(bad2_callee()) (tests/e2e/detectors/test_data/assert-state-change/0.4.25/assert_state_change.sol#20) |
||||
Consider using require() or change the invariant to not modify the state. |
||||
|
||||
A.bad0() (tests/e2e/detectors/test_data/assert-state-change/0.4.25/assert_state_change.sol#6-8) has an assert() call which possibly changes state. |
||||
-assert(bool)((s_a += 1) > 10) (tests/e2e/detectors/test_data/assert-state-change/0.4.25/assert_state_change.sol#7) |
||||
Consider using require() or change the invariant to not modify the state. |
||||
|
||||
A.bad1(uint256) (tests/e2e/detectors/test_data/assert-state-change/0.4.25/assert_state_change.sol#11-13) has an assert() call which possibly changes state. |
||||
-assert(bool)((s_a += a) > 10) (tests/e2e/detectors/test_data/assert-state-change/0.4.25/assert_state_change.sol#12) |
||||
Consider using require() or change the invariant to not modify the state. |
||||
|
@ -0,0 +1,12 @@ |
||||
A.bad1(uint256) (tests/e2e/detectors/test_data/assert-state-change/0.5.16/assert_state_change.sol#11-13) has an assert() call which possibly changes state. |
||||
-assert(bool)((s_a += a) > 10) (tests/e2e/detectors/test_data/assert-state-change/0.5.16/assert_state_change.sol#12) |
||||
Consider using require() or change the invariant to not modify the state. |
||||
|
||||
A.bad2() (tests/e2e/detectors/test_data/assert-state-change/0.5.16/assert_state_change.sol#19-21) has an assert() call which possibly changes state. |
||||
-assert(bool)(bad2_callee()) (tests/e2e/detectors/test_data/assert-state-change/0.5.16/assert_state_change.sol#20) |
||||
Consider using require() or change the invariant to not modify the state. |
||||
|
||||
A.bad0() (tests/e2e/detectors/test_data/assert-state-change/0.5.16/assert_state_change.sol#6-8) has an assert() call which possibly changes state. |
||||
-assert(bool)((s_a += 1) > 10) (tests/e2e/detectors/test_data/assert-state-change/0.5.16/assert_state_change.sol#7) |
||||
Consider using require() or change the invariant to not modify the state. |
||||
|
@ -0,0 +1,12 @@ |
||||
A.bad0() (tests/e2e/detectors/test_data/assert-state-change/0.6.11/assert_state_change.sol#6-8) has an assert() call which possibly changes state. |
||||
-assert(bool)((s_a += 1) > 10) (tests/e2e/detectors/test_data/assert-state-change/0.6.11/assert_state_change.sol#7) |
||||
Consider using require() or change the invariant to not modify the state. |
||||
|
||||
A.bad1(uint256) (tests/e2e/detectors/test_data/assert-state-change/0.6.11/assert_state_change.sol#11-13) has an assert() call which possibly changes state. |
||||
-assert(bool)((s_a += a) > 10) (tests/e2e/detectors/test_data/assert-state-change/0.6.11/assert_state_change.sol#12) |
||||
Consider using require() or change the invariant to not modify the state. |
||||
|
||||
A.bad2() (tests/e2e/detectors/test_data/assert-state-change/0.6.11/assert_state_change.sol#19-21) has an assert() call which possibly changes state. |
||||
-assert(bool)(bad2_callee()) (tests/e2e/detectors/test_data/assert-state-change/0.6.11/assert_state_change.sol#20) |
||||
Consider using require() or change the invariant to not modify the state. |
||||
|
@ -0,0 +1,12 @@ |
||||
A.bad2() (tests/e2e/detectors/test_data/assert-state-change/0.7.6/assert_state_change.sol#19-21) has an assert() call which possibly changes state. |
||||
-assert(bool)(bad2_callee()) (tests/e2e/detectors/test_data/assert-state-change/0.7.6/assert_state_change.sol#20) |
||||
Consider using require() or change the invariant to not modify the state. |
||||
|
||||
A.bad1(uint256) (tests/e2e/detectors/test_data/assert-state-change/0.7.6/assert_state_change.sol#11-13) has an assert() call which possibly changes state. |
||||
-assert(bool)((s_a += a) > 10) (tests/e2e/detectors/test_data/assert-state-change/0.7.6/assert_state_change.sol#12) |
||||
Consider using require() or change the invariant to not modify the state. |
||||
|
||||
A.bad0() (tests/e2e/detectors/test_data/assert-state-change/0.7.6/assert_state_change.sol#6-8) has an assert() call which possibly changes state. |
||||
-assert(bool)((s_a += 1) > 10) (tests/e2e/detectors/test_data/assert-state-change/0.7.6/assert_state_change.sol#7) |
||||
Consider using require() or change the invariant to not modify the state. |
||||
|
@ -0,0 +1,2 @@ |
||||
Backdoor function found in C.i_am_a_backdoor() (tests/e2e/detectors/test_data/backdoor/0.4.25/backdoor.sol#4-6) |
||||
|
@ -0,0 +1,2 @@ |
||||
Backdoor function found in C.i_am_a_backdoor() (tests/e2e/detectors/test_data/backdoor/0.5.16/backdoor.sol#4-6) |
||||
|
@ -0,0 +1,2 @@ |
||||
Backdoor function found in C.i_am_a_backdoor() (tests/e2e/detectors/test_data/backdoor/0.6.11/backdoor.sol#4-6) |
||||
|
@ -0,0 +1,2 @@ |
||||
Backdoor function found in C.i_am_a_backdoor() (tests/e2e/detectors/test_data/backdoor/0.7.6/backdoor.sol#4-6) |
||||
|
@ -0,0 +1,8 @@ |
||||
BadPRNG.bad1() (tests/e2e/detectors/test_data/weak-prng/0.4.25/bad_prng.sol#8-10) uses a weak PRNG: "i = now % 10 (tests/e2e/detectors/test_data/weak-prng/0.4.25/bad_prng.sol#9)" |
||||
|
||||
BadPRNG.bad2() (tests/e2e/detectors/test_data/weak-prng/0.4.25/bad_prng.sol#12-14) uses a weak PRNG: "i = uint256(blockhash(uint256)(10000)) % 10 (tests/e2e/detectors/test_data/weak-prng/0.4.25/bad_prng.sol#13)" |
||||
|
||||
BadPRNG.bad3() (tests/e2e/detectors/test_data/weak-prng/0.4.25/bad_prng.sol#20-22) uses a weak PRNG: "i = foo() % 10 (tests/e2e/detectors/test_data/weak-prng/0.4.25/bad_prng.sol#21)" |
||||
|
||||
BadPRNG.bad0() (tests/e2e/detectors/test_data/weak-prng/0.4.25/bad_prng.sol#4-6) uses a weak PRNG: "i = block.timestamp % 10 (tests/e2e/detectors/test_data/weak-prng/0.4.25/bad_prng.sol#5)" |
||||
|
@ -0,0 +1,8 @@ |
||||
BadPRNG.bad1() (tests/e2e/detectors/test_data/weak-prng/0.5.16/bad_prng.sol#8-10) uses a weak PRNG: "i = now % 10 (tests/e2e/detectors/test_data/weak-prng/0.5.16/bad_prng.sol#9)" |
||||
|
||||
BadPRNG.bad0() (tests/e2e/detectors/test_data/weak-prng/0.5.16/bad_prng.sol#4-6) uses a weak PRNG: "i = block.timestamp % 10 (tests/e2e/detectors/test_data/weak-prng/0.5.16/bad_prng.sol#5)" |
||||
|
||||
BadPRNG.bad2() (tests/e2e/detectors/test_data/weak-prng/0.5.16/bad_prng.sol#12-14) uses a weak PRNG: "i = uint256(blockhash(uint256)(10000)) % 10 (tests/e2e/detectors/test_data/weak-prng/0.5.16/bad_prng.sol#13)" |
||||
|
||||
BadPRNG.bad3() (tests/e2e/detectors/test_data/weak-prng/0.5.16/bad_prng.sol#20-22) uses a weak PRNG: "i = foo() % 10 (tests/e2e/detectors/test_data/weak-prng/0.5.16/bad_prng.sol#21)" |
||||
|
@ -0,0 +1,8 @@ |
||||
BadPRNG.bad1() (tests/e2e/detectors/test_data/weak-prng/0.6.11/bad_prng.sol#8-10) uses a weak PRNG: "i = now % 10 (tests/e2e/detectors/test_data/weak-prng/0.6.11/bad_prng.sol#9)" |
||||
|
||||
BadPRNG.bad0() (tests/e2e/detectors/test_data/weak-prng/0.6.11/bad_prng.sol#4-6) uses a weak PRNG: "i = block.timestamp % 10 (tests/e2e/detectors/test_data/weak-prng/0.6.11/bad_prng.sol#5)" |
||||
|
||||
BadPRNG.bad2() (tests/e2e/detectors/test_data/weak-prng/0.6.11/bad_prng.sol#12-14) uses a weak PRNG: "i = uint256(blockhash(uint256)(10000)) % 10 (tests/e2e/detectors/test_data/weak-prng/0.6.11/bad_prng.sol#13)" |
||||
|
||||
BadPRNG.bad3() (tests/e2e/detectors/test_data/weak-prng/0.6.11/bad_prng.sol#20-22) uses a weak PRNG: "i = foo() % 10 (tests/e2e/detectors/test_data/weak-prng/0.6.11/bad_prng.sol#21)" |
||||
|
@ -0,0 +1,8 @@ |
||||
BadPRNG.bad3() (tests/e2e/detectors/test_data/weak-prng/0.7.6/bad_prng.sol#20-22) uses a weak PRNG: "i = foo() % 10 (tests/e2e/detectors/test_data/weak-prng/0.7.6/bad_prng.sol#21)" |
||||
|
||||
BadPRNG.bad2() (tests/e2e/detectors/test_data/weak-prng/0.7.6/bad_prng.sol#12-14) uses a weak PRNG: "i = uint256(blockhash(uint256)(10000)) % 10 (tests/e2e/detectors/test_data/weak-prng/0.7.6/bad_prng.sol#13)" |
||||
|
||||
BadPRNG.bad1() (tests/e2e/detectors/test_data/weak-prng/0.7.6/bad_prng.sol#8-10) uses a weak PRNG: "i = block.timestamp % 10 (tests/e2e/detectors/test_data/weak-prng/0.7.6/bad_prng.sol#9)" |
||||
|
||||
BadPRNG.bad0() (tests/e2e/detectors/test_data/weak-prng/0.7.6/bad_prng.sol#4-6) uses a weak PRNG: "i = block.timestamp % 10 (tests/e2e/detectors/test_data/weak-prng/0.7.6/bad_prng.sol#5)" |
||||
|
@ -0,0 +1,3 @@ |
||||
MyConc.bad1(bool) (tests/e2e/detectors/test_data/boolean-cst/0.4.25/boolean-constant-misuse.sol#9-11) uses a Boolean constant improperly: |
||||
-(b || true) (tests/e2e/detectors/test_data/boolean-cst/0.4.25/boolean-constant-misuse.sol#10) |
||||
|
@ -0,0 +1,3 @@ |
||||
MyConc.bad1(bool) (tests/e2e/detectors/test_data/boolean-cst/0.5.16/boolean-constant-misuse.sol#9-11) uses a Boolean constant improperly: |
||||
-(b || true) (tests/e2e/detectors/test_data/boolean-cst/0.5.16/boolean-constant-misuse.sol#10) |
||||
|
@ -0,0 +1,3 @@ |
||||
MyConc.bad1(bool) (tests/e2e/detectors/test_data/boolean-cst/0.6.11/boolean-constant-misuse.sol#9-11) uses a Boolean constant improperly: |
||||
-(b || true) (tests/e2e/detectors/test_data/boolean-cst/0.6.11/boolean-constant-misuse.sol#10) |
||||
|
@ -0,0 +1,3 @@ |
||||
MyConc.bad1(bool) (tests/e2e/detectors/test_data/boolean-cst/0.7.6/boolean-constant-misuse.sol#9-11) uses a Boolean constant improperly: |
||||
-(b || true) (tests/e2e/detectors/test_data/boolean-cst/0.7.6/boolean-constant-misuse.sol#10) |
||||
|
@ -0,0 +1,3 @@ |
||||
MyConc.bad1(bool) (tests/e2e/detectors/test_data/boolean-equal/0.4.25/boolean-constant-equality.sol#7-9) compares to a boolean constant: |
||||
-(b == true) (tests/e2e/detectors/test_data/boolean-equal/0.4.25/boolean-constant-equality.sol#8) |
||||
|
@ -0,0 +1,3 @@ |
||||
MyConc.bad1(bool) (tests/e2e/detectors/test_data/boolean-equal/0.5.16/boolean-constant-equality.sol#7-9) compares to a boolean constant: |
||||
-(b == true) (tests/e2e/detectors/test_data/boolean-equal/0.5.16/boolean-constant-equality.sol#8) |
||||
|
@ -0,0 +1,3 @@ |
||||
MyConc.bad1(bool) (tests/e2e/detectors/test_data/boolean-equal/0.6.11/boolean-constant-equality.sol#7-9) compares to a boolean constant: |
||||
-(b == true) (tests/e2e/detectors/test_data/boolean-equal/0.6.11/boolean-constant-equality.sol#8) |
||||
|
@ -0,0 +1,3 @@ |
||||
MyConc.bad1(bool) (tests/e2e/detectors/test_data/boolean-equal/0.7.6/boolean-constant-equality.sol#7-9) compares to a boolean constant: |
||||
-(b == true) (tests/e2e/detectors/test_data/boolean-equal/0.7.6/boolean-constant-equality.sol#8) |
||||
|
@ -0,0 +1,26 @@ |
||||
Reserved.mutable (tests/e2e/detectors/test_data/shadowing-builtin/0.4.25/shadowing_builtin_symbols.sol#32) (state variable) shadows built-in symbol" |
||||
|
||||
ExtendedContract.ecrecover (tests/e2e/detectors/test_data/shadowing-builtin/0.4.25/shadowing_builtin_symbols.sol#11) (state variable) shadows built-in symbol" |
||||
|
||||
FurtherExtendedContract.require().keccak256 (tests/e2e/detectors/test_data/shadowing-builtin/0.4.25/shadowing_builtin_symbols.sol#25) (local variable) shadows built-in symbol" |
||||
|
||||
FurtherExtendedContract.abi (tests/e2e/detectors/test_data/shadowing-builtin/0.4.25/shadowing_builtin_symbols.sol#21) (state variable) shadows built-in symbol" |
||||
|
||||
BaseContract.blockhash (tests/e2e/detectors/test_data/shadowing-builtin/0.4.25/shadowing_builtin_symbols.sol#4) (state variable) shadows built-in symbol" |
||||
|
||||
FurtherExtendedContract.this (tests/e2e/detectors/test_data/shadowing-builtin/0.4.25/shadowing_builtin_symbols.sol#20) (state variable) shadows built-in symbol" |
||||
|
||||
BaseContract.now (tests/e2e/detectors/test_data/shadowing-builtin/0.4.25/shadowing_builtin_symbols.sol#5) (state variable) shadows built-in symbol" |
||||
|
||||
BaseContractrevert(bool) (tests/e2e/detectors/test_data/shadowing-builtin/0.4.25/shadowing_builtin_symbols.sol#7) (event) shadows built-in symbol" |
||||
|
||||
ExtendedContract.assert(bool).msg (tests/e2e/detectors/test_data/shadowing-builtin/0.4.25/shadowing_builtin_symbols.sol#14) (local variable) shadows built-in symbol" |
||||
|
||||
ExtendedContract.assert(bool) (tests/e2e/detectors/test_data/shadowing-builtin/0.4.25/shadowing_builtin_symbols.sol#13-15) (function) shadows built-in symbol" |
||||
|
||||
FurtherExtendedContract.require().sha3 (tests/e2e/detectors/test_data/shadowing-builtin/0.4.25/shadowing_builtin_symbols.sol#26) (local variable) shadows built-in symbol" |
||||
|
||||
FurtherExtendedContract.blockhash (tests/e2e/detectors/test_data/shadowing-builtin/0.4.25/shadowing_builtin_symbols.sol#19) (state variable) shadows built-in symbol" |
||||
|
||||
FurtherExtendedContract.require() (tests/e2e/detectors/test_data/shadowing-builtin/0.4.25/shadowing_builtin_symbols.sol#23-28) (modifier) shadows built-in symbol" |
||||
|
@ -0,0 +1,24 @@ |
||||
ExtendedContract.ecrecover (tests/e2e/detectors/test_data/shadowing-builtin/0.5.16/shadowing_builtin_symbols.sol#11) (state variable) shadows built-in symbol" |
||||
|
||||
FurtherExtendedContract.require().keccak256 (tests/e2e/detectors/test_data/shadowing-builtin/0.5.16/shadowing_builtin_symbols.sol#25) (local variable) shadows built-in symbol" |
||||
|
||||
FurtherExtendedContract.abi (tests/e2e/detectors/test_data/shadowing-builtin/0.5.16/shadowing_builtin_symbols.sol#21) (state variable) shadows built-in symbol" |
||||
|
||||
BaseContract.blockhash (tests/e2e/detectors/test_data/shadowing-builtin/0.5.16/shadowing_builtin_symbols.sol#4) (state variable) shadows built-in symbol" |
||||
|
||||
FurtherExtendedContract.this (tests/e2e/detectors/test_data/shadowing-builtin/0.5.16/shadowing_builtin_symbols.sol#20) (state variable) shadows built-in symbol" |
||||
|
||||
BaseContract.now (tests/e2e/detectors/test_data/shadowing-builtin/0.5.16/shadowing_builtin_symbols.sol#5) (state variable) shadows built-in symbol" |
||||
|
||||
BaseContractrevert(bool) (tests/e2e/detectors/test_data/shadowing-builtin/0.5.16/shadowing_builtin_symbols.sol#7) (event) shadows built-in symbol" |
||||
|
||||
ExtendedContract.assert(bool).msg (tests/e2e/detectors/test_data/shadowing-builtin/0.5.16/shadowing_builtin_symbols.sol#14) (local variable) shadows built-in symbol" |
||||
|
||||
ExtendedContract.assert(bool) (tests/e2e/detectors/test_data/shadowing-builtin/0.5.16/shadowing_builtin_symbols.sol#13-15) (function) shadows built-in symbol" |
||||
|
||||
FurtherExtendedContract.require().sha3 (tests/e2e/detectors/test_data/shadowing-builtin/0.5.16/shadowing_builtin_symbols.sol#26) (local variable) shadows built-in symbol" |
||||
|
||||
FurtherExtendedContract.blockhash (tests/e2e/detectors/test_data/shadowing-builtin/0.5.16/shadowing_builtin_symbols.sol#19) (state variable) shadows built-in symbol" |
||||
|
||||
FurtherExtendedContract.require() (tests/e2e/detectors/test_data/shadowing-builtin/0.5.16/shadowing_builtin_symbols.sol#23-28) (modifier) shadows built-in symbol" |
||||
|
@ -0,0 +1,2 @@ |
||||
Constant.test_assembly_bug() (tests/e2e/detectors/test_data/constant-function-asm/0.4.25/constant.sol#22-24) is declared view but contains assembly code |
||||
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in new issue