diff --git a/slither/detectors/statements/msg_value_in_loop.py b/slither/detectors/statements/msg_value_in_loop.py index e2c8523c4..5bd5c398c 100644 --- a/slither/detectors/statements/msg_value_in_loop.py +++ b/slither/detectors/statements/msg_value_in_loop.py @@ -1,34 +1,40 @@ -from slither.core.cfg.node import NodeType +from typing import List +from slither.core.cfg.node import NodeType, Node from slither.detectors.abstract_detector import AbstractDetector, DetectorClassification -from slither.core.declarations import SolidityVariableComposed +from slither.slithir.operations import InternalCall +from slither.core.declarations import SolidityVariableComposed, Contract +from slither.utils.output import Output -def detect_msg_value_in_loop(contract): - results = [] - for f in contract.functions + contract.modifiers: +def detect_msg_value_in_loop(contract: Contract) -> List[Node]: + results: List[Node] = [] + for f in contract.functions_entry_points: if f.is_implemented and f.payable: - msg_value_in_loop(f.entry_point, False, [], results) + msg_value_in_loop(f.entry_point, 0, [], results) return results -def msg_value_in_loop(node, in_loop, visited, results): +def msg_value_in_loop( + node: Node, in_loop_counter: int, visited: List[Node], results: List[Node] +) -> None: if node in visited: return # shared visited visited.append(node) if node.type == NodeType.STARTLOOP: - in_loop = True + in_loop_counter += 1 elif node.type == NodeType.ENDLOOP: - in_loop = False + in_loop_counter -= 1 - if in_loop: - for ir in node.all_slithir_operations(): - if SolidityVariableComposed("msg.value") in ir.read: - results.append(node) + for ir in node.all_slithir_operations(): + if in_loop_counter > 0 and SolidityVariableComposed("msg.value") in ir.read: + results.append(ir.node) + if isinstance(ir, (InternalCall)): + msg_value_in_loop(ir.function.entry_point, in_loop_counter, visited, results) for son in node.sons: - msg_value_in_loop(son, in_loop, visited, results) + msg_value_in_loop(son, in_loop_counter, visited, results) class MsgValueInLoop(AbstractDetector): @@ -61,17 +67,16 @@ contract MsgValueInLoop{ } ``` -When calling `bad` the same `msg.value` amount will be accredited multiple times.""" +""" # endregion wiki_exploit_scenario WIKI_RECOMMENDATION = """ -Don't use `msg.value` inside a loop. -If you need to use it inside a loop save the `msg.value` to a local variable and use it as a cache (subtract the amount used from it) +Track msg.value through a local variable and decrease its amount on every iteration/usage. """ - def _detect(self): + def _detect(self) -> List[Output]: """""" - results = [] + results: List[Output] = [] for c in self.compilation_unit.contracts_derived: values = detect_msg_value_in_loop(c) for node in values: diff --git a/tests/detectors/msg-value-loop/0.4.25/msg_value_loop.sol b/tests/detectors/msg-value-loop/0.4.25/msg_value_loop.sol index 4b90d1a29..a32b79d8d 100644 --- a/tests/detectors/msg-value-loop/0.4.25/msg_value_loop.sol +++ b/tests/detectors/msg-value-loop/0.4.25/msg_value_loop.sol @@ -18,4 +18,12 @@ contract C{ balances[a] += msg.value; } + function bad3(address[] memory receivers) public payable { + for (uint256 i = 0; i < 2; i++) { + for (uint256 j = 0; j < receivers.length; j++) { + balances[receivers[j]] += msg.value; + } + } + } + } \ No newline at end of file diff --git a/tests/detectors/msg-value-loop/0.4.25/msg_value_loop.sol.0.4.25.MsgValueInLoop.json b/tests/detectors/msg-value-loop/0.4.25/msg_value_loop.sol.0.4.25.MsgValueInLoop.json index 118bdf11d..69ef30e2a 100644 --- a/tests/detectors/msg-value-loop/0.4.25/msg_value_loop.sol.0.4.25.MsgValueInLoop.json +++ b/tests/detectors/msg-value-loop/0.4.25/msg_value_loop.sol.0.4.25.MsgValueInLoop.json @@ -29,7 +29,7 @@ "name": "C", "source_mapping": { "start": 0, - "length": 512, + "length": 763, "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/msg-value-loop/0.4.25/msg_value_loop.sol", "filename_absolute": "/GENERIC_PATH", @@ -57,7 +57,15 @@ 19, 20, 21, - 22 + 22, + 23, + 24, + 25, + 26, + 27, + 28, + 29, + 30 ], "starting_column": 1, "ending_column": 0 @@ -111,7 +119,7 @@ "name": "C", "source_mapping": { "start": 0, - "length": 512, + "length": 763, "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/msg-value-loop/0.4.25/msg_value_loop.sol", "filename_absolute": "/GENERIC_PATH", @@ -139,7 +147,15 @@ 19, 20, 21, - 22 + 22, + 23, + 24, + 25, + 26, + 27, + 28, + 29, + 30 ], "starting_column": 1, "ending_column": 0 @@ -163,21 +179,19 @@ "elements": [ { "type": "function", - "name": "bad2", + "name": "bad2_internal", "source_mapping": { - "start": 246, - "length": 173, + "start": 425, + "length": 84, "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/msg-value-loop/0.4.25/msg_value_loop.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/msg-value-loop/0.4.25/msg_value_loop.sol", "is_dependency": false, "lines": [ - 11, - 12, - 13, - 14, - 15 + 17, + 18, + 19 ], "starting_column": 5, "ending_column": 6 @@ -188,7 +202,7 @@ "name": "C", "source_mapping": { "start": 0, - "length": 512, + "length": 763, "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/msg-value-loop/0.4.25/msg_value_loop.sol", "filename_absolute": "/GENERIC_PATH", @@ -216,50 +230,235 @@ 19, 20, 21, - 22 + 22, + 23, + 24, + 25, + 26, + 27, + 28, + 29, + 30 ], "starting_column": 1, "ending_column": 0 } }, - "signature": "bad2(address[])" + "signature": "bad2_internal(address)" } }, { "type": "node", - "name": "bad2_internal(receivers[i])", + "name": "balances[a] += msg.value", "source_mapping": { - "start": 375, - "length": 27, + "start": 478, + "length": 24, "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/msg-value-loop/0.4.25/msg_value_loop.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/msg-value-loop/0.4.25/msg_value_loop.sol", "is_dependency": false, "lines": [ - 13 + 18 ], - "starting_column": 13, - "ending_column": 40 + "starting_column": 9, + "ending_column": 33 }, "type_specific_fields": { "parent": { "type": "function", - "name": "bad2", + "name": "bad2_internal", + "source_mapping": { + "start": 425, + "length": 84, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/msg-value-loop/0.4.25/msg_value_loop.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/msg-value-loop/0.4.25/msg_value_loop.sol", + "is_dependency": false, + "lines": [ + 17, + 18, + 19 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "C", + "source_mapping": { + "start": 0, + "length": 763, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/msg-value-loop/0.4.25/msg_value_loop.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/msg-value-loop/0.4.25/msg_value_loop.sol", + "is_dependency": false, + "lines": [ + 1, + 2, + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24, + 25, + 26, + 27, + 28, + 29, + 30 + ], + "starting_column": 1, + "ending_column": 0 + } + }, + "signature": "bad2_internal(address)" + } + } + } + } + ], + "description": "C.bad2_internal(address) (tests/detectors/msg-value-loop/0.4.25/msg_value_loop.sol#17-19) use msg.value in a loop: balances[a] += msg.value (tests/detectors/msg-value-loop/0.4.25/msg_value_loop.sol#18)\n", + "markdown": "[C.bad2_internal(address)](tests/detectors/msg-value-loop/0.4.25/msg_value_loop.sol#L17-L19) use msg.value in a loop: [balances[a] += msg.value](tests/detectors/msg-value-loop/0.4.25/msg_value_loop.sol#L18)\n", + "first_markdown_element": "tests/detectors/msg-value-loop/0.4.25/msg_value_loop.sol#L17-L19", + "id": "46e81ee3916dd92be3598ae1c853e34145102f527870dd2eb0409fee047ddc4d", + "check": "msg-value-loop", + "impact": "High", + "confidence": "Medium" + }, + { + "elements": [ + { + "type": "function", + "name": "bad3", + "source_mapping": { + "start": 515, + "length": 245, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/msg-value-loop/0.4.25/msg_value_loop.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/msg-value-loop/0.4.25/msg_value_loop.sol", + "is_dependency": false, + "lines": [ + 21, + 22, + 23, + 24, + 25, + 26, + 27 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "C", "source_mapping": { - "start": 246, - "length": 173, + "start": 0, + "length": 763, "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/msg-value-loop/0.4.25/msg_value_loop.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/msg-value-loop/0.4.25/msg_value_loop.sol", "is_dependency": false, "lines": [ + 1, + 2, + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10, 11, 12, 13, 14, - 15 + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24, + 25, + 26, + 27, + 28, + 29, + 30 + ], + "starting_column": 1, + "ending_column": 0 + } + }, + "signature": "bad3(address[])" + } + }, + { + "type": "node", + "name": "balances[receivers[j]] += msg.value", + "source_mapping": { + "start": 694, + "length": 35, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/msg-value-loop/0.4.25/msg_value_loop.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/msg-value-loop/0.4.25/msg_value_loop.sol", + "is_dependency": false, + "lines": [ + 24 + ], + "starting_column": 17, + "ending_column": 52 + }, + "type_specific_fields": { + "parent": { + "type": "function", + "name": "bad3", + "source_mapping": { + "start": 515, + "length": 245, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/msg-value-loop/0.4.25/msg_value_loop.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/msg-value-loop/0.4.25/msg_value_loop.sol", + "is_dependency": false, + "lines": [ + 21, + 22, + 23, + 24, + 25, + 26, + 27 ], "starting_column": 5, "ending_column": 6 @@ -270,7 +469,7 @@ "name": "C", "source_mapping": { "start": 0, - "length": 512, + "length": 763, "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/msg-value-loop/0.4.25/msg_value_loop.sol", "filename_absolute": "/GENERIC_PATH", @@ -298,22 +497,30 @@ 19, 20, 21, - 22 + 22, + 23, + 24, + 25, + 26, + 27, + 28, + 29, + 30 ], "starting_column": 1, "ending_column": 0 } }, - "signature": "bad2(address[])" + "signature": "bad3(address[])" } } } } ], - "description": "C.bad2(address[]) (tests/detectors/msg-value-loop/0.4.25/msg_value_loop.sol#11-15) use msg.value in a loop: bad2_internal(receivers[i]) (tests/detectors/msg-value-loop/0.4.25/msg_value_loop.sol#13)\n", - "markdown": "[C.bad2(address[])](tests/detectors/msg-value-loop/0.4.25/msg_value_loop.sol#L11-L15) use msg.value in a loop: [bad2_internal(receivers[i])](tests/detectors/msg-value-loop/0.4.25/msg_value_loop.sol#L13)\n", - "first_markdown_element": "tests/detectors/msg-value-loop/0.4.25/msg_value_loop.sol#L11-L15", - "id": "4d17ef147fc09de0f0b15d1919f6fc14f98b5e8db7d468b2033c640a26ca34b5", + "description": "C.bad3(address[]) (tests/detectors/msg-value-loop/0.4.25/msg_value_loop.sol#21-27) use msg.value in a loop: balances[receivers[j]] += msg.value (tests/detectors/msg-value-loop/0.4.25/msg_value_loop.sol#24)\n", + "markdown": "[C.bad3(address[])](tests/detectors/msg-value-loop/0.4.25/msg_value_loop.sol#L21-L27) use msg.value in a loop: [balances[receivers[j]] += msg.value](tests/detectors/msg-value-loop/0.4.25/msg_value_loop.sol#L24)\n", + "first_markdown_element": "tests/detectors/msg-value-loop/0.4.25/msg_value_loop.sol#L21-L27", + "id": "91bc78ce47280ec59296ebb0cf98afb5ede603b3c31025002c1c2ec1b940ad68", "check": "msg-value-loop", "impact": "High", "confidence": "Medium" diff --git a/tests/detectors/msg-value-loop/0.5.16/msg_value_loop.sol b/tests/detectors/msg-value-loop/0.5.16/msg_value_loop.sol index 203e22102..a32b79d8d 100644 --- a/tests/detectors/msg-value-loop/0.5.16/msg_value_loop.sol +++ b/tests/detectors/msg-value-loop/0.5.16/msg_value_loop.sol @@ -8,7 +8,7 @@ contract C{ } } - function bad2(address[] memory receivers) public payable { + function bad2(address[] memory receivers) public payable { for (uint256 i = 0; i < receivers.length; i++) { bad2_internal(receivers[i]); } @@ -18,4 +18,12 @@ contract C{ balances[a] += msg.value; } + function bad3(address[] memory receivers) public payable { + for (uint256 i = 0; i < 2; i++) { + for (uint256 j = 0; j < receivers.length; j++) { + balances[receivers[j]] += msg.value; + } + } + } + } \ No newline at end of file diff --git a/tests/detectors/msg-value-loop/0.5.16/msg_value_loop.sol.0.5.16.MsgValueInLoop.json b/tests/detectors/msg-value-loop/0.5.16/msg_value_loop.sol.0.5.16.MsgValueInLoop.json index 12ada415d..ca36202bb 100644 --- a/tests/detectors/msg-value-loop/0.5.16/msg_value_loop.sol.0.5.16.MsgValueInLoop.json +++ b/tests/detectors/msg-value-loop/0.5.16/msg_value_loop.sol.0.5.16.MsgValueInLoop.json @@ -29,7 +29,7 @@ "name": "C", "source_mapping": { "start": 0, - "length": 511, + "length": 763, "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/msg-value-loop/0.5.16/msg_value_loop.sol", "filename_absolute": "/GENERIC_PATH", @@ -57,7 +57,15 @@ 19, 20, 21, - 22 + 22, + 23, + 24, + 25, + 26, + 27, + 28, + 29, + 30 ], "starting_column": 1, "ending_column": 0 @@ -111,7 +119,7 @@ "name": "C", "source_mapping": { "start": 0, - "length": 511, + "length": 763, "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/msg-value-loop/0.5.16/msg_value_loop.sol", "filename_absolute": "/GENERIC_PATH", @@ -139,7 +147,15 @@ 19, 20, 21, - 22 + 22, + 23, + 24, + 25, + 26, + 27, + 28, + 29, + 30 ], "starting_column": 1, "ending_column": 0 @@ -163,21 +179,19 @@ "elements": [ { "type": "function", - "name": "bad2", + "name": "bad2_internal", "source_mapping": { - "start": 246, - "length": 172, + "start": 425, + "length": 84, "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/msg-value-loop/0.5.16/msg_value_loop.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/msg-value-loop/0.5.16/msg_value_loop.sol", "is_dependency": false, "lines": [ - 11, - 12, - 13, - 14, - 15 + 17, + 18, + 19 ], "starting_column": 5, "ending_column": 6 @@ -188,7 +202,7 @@ "name": "C", "source_mapping": { "start": 0, - "length": 511, + "length": 763, "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/msg-value-loop/0.5.16/msg_value_loop.sol", "filename_absolute": "/GENERIC_PATH", @@ -216,50 +230,235 @@ 19, 20, 21, - 22 + 22, + 23, + 24, + 25, + 26, + 27, + 28, + 29, + 30 ], "starting_column": 1, "ending_column": 0 } }, - "signature": "bad2(address[])" + "signature": "bad2_internal(address)" } }, { "type": "node", - "name": "bad2_internal(receivers[i])", + "name": "balances[a] += msg.value", "source_mapping": { - "start": 374, - "length": 27, + "start": 478, + "length": 24, "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/msg-value-loop/0.5.16/msg_value_loop.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/msg-value-loop/0.5.16/msg_value_loop.sol", "is_dependency": false, "lines": [ - 13 + 18 ], - "starting_column": 13, - "ending_column": 40 + "starting_column": 9, + "ending_column": 33 }, "type_specific_fields": { "parent": { "type": "function", - "name": "bad2", + "name": "bad2_internal", + "source_mapping": { + "start": 425, + "length": 84, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/msg-value-loop/0.5.16/msg_value_loop.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/msg-value-loop/0.5.16/msg_value_loop.sol", + "is_dependency": false, + "lines": [ + 17, + 18, + 19 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "C", + "source_mapping": { + "start": 0, + "length": 763, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/msg-value-loop/0.5.16/msg_value_loop.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/msg-value-loop/0.5.16/msg_value_loop.sol", + "is_dependency": false, + "lines": [ + 1, + 2, + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24, + 25, + 26, + 27, + 28, + 29, + 30 + ], + "starting_column": 1, + "ending_column": 0 + } + }, + "signature": "bad2_internal(address)" + } + } + } + } + ], + "description": "C.bad2_internal(address) (tests/detectors/msg-value-loop/0.5.16/msg_value_loop.sol#17-19) use msg.value in a loop: balances[a] += msg.value (tests/detectors/msg-value-loop/0.5.16/msg_value_loop.sol#18)\n", + "markdown": "[C.bad2_internal(address)](tests/detectors/msg-value-loop/0.5.16/msg_value_loop.sol#L17-L19) use msg.value in a loop: [balances[a] += msg.value](tests/detectors/msg-value-loop/0.5.16/msg_value_loop.sol#L18)\n", + "first_markdown_element": "tests/detectors/msg-value-loop/0.5.16/msg_value_loop.sol#L17-L19", + "id": "a7decdca7d1ca27f92038a6a0d1ee3899fe523fef53329f4bdd976040fe05fd4", + "check": "msg-value-loop", + "impact": "High", + "confidence": "Medium" + }, + { + "elements": [ + { + "type": "function", + "name": "bad3", + "source_mapping": { + "start": 515, + "length": 245, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/msg-value-loop/0.5.16/msg_value_loop.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/msg-value-loop/0.5.16/msg_value_loop.sol", + "is_dependency": false, + "lines": [ + 21, + 22, + 23, + 24, + 25, + 26, + 27 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "C", "source_mapping": { - "start": 246, - "length": 172, + "start": 0, + "length": 763, "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/msg-value-loop/0.5.16/msg_value_loop.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/msg-value-loop/0.5.16/msg_value_loop.sol", "is_dependency": false, "lines": [ + 1, + 2, + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10, 11, 12, 13, 14, - 15 + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24, + 25, + 26, + 27, + 28, + 29, + 30 + ], + "starting_column": 1, + "ending_column": 0 + } + }, + "signature": "bad3(address[])" + } + }, + { + "type": "node", + "name": "balances[receivers[j]] += msg.value", + "source_mapping": { + "start": 694, + "length": 35, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/msg-value-loop/0.5.16/msg_value_loop.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/msg-value-loop/0.5.16/msg_value_loop.sol", + "is_dependency": false, + "lines": [ + 24 + ], + "starting_column": 17, + "ending_column": 52 + }, + "type_specific_fields": { + "parent": { + "type": "function", + "name": "bad3", + "source_mapping": { + "start": 515, + "length": 245, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/msg-value-loop/0.5.16/msg_value_loop.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/msg-value-loop/0.5.16/msg_value_loop.sol", + "is_dependency": false, + "lines": [ + 21, + 22, + 23, + 24, + 25, + 26, + 27 ], "starting_column": 5, "ending_column": 6 @@ -270,7 +469,7 @@ "name": "C", "source_mapping": { "start": 0, - "length": 511, + "length": 763, "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/msg-value-loop/0.5.16/msg_value_loop.sol", "filename_absolute": "/GENERIC_PATH", @@ -298,22 +497,30 @@ 19, 20, 21, - 22 + 22, + 23, + 24, + 25, + 26, + 27, + 28, + 29, + 30 ], "starting_column": 1, "ending_column": 0 } }, - "signature": "bad2(address[])" + "signature": "bad3(address[])" } } } } ], - "description": "C.bad2(address[]) (tests/detectors/msg-value-loop/0.5.16/msg_value_loop.sol#11-15) use msg.value in a loop: bad2_internal(receivers[i]) (tests/detectors/msg-value-loop/0.5.16/msg_value_loop.sol#13)\n", - "markdown": "[C.bad2(address[])](tests/detectors/msg-value-loop/0.5.16/msg_value_loop.sol#L11-L15) use msg.value in a loop: [bad2_internal(receivers[i])](tests/detectors/msg-value-loop/0.5.16/msg_value_loop.sol#L13)\n", - "first_markdown_element": "tests/detectors/msg-value-loop/0.5.16/msg_value_loop.sol#L11-L15", - "id": "a7431e2289be529e37c5edaeb3a3eda07e55f9959d69655b47b1ec70812a5ed4", + "description": "C.bad3(address[]) (tests/detectors/msg-value-loop/0.5.16/msg_value_loop.sol#21-27) use msg.value in a loop: balances[receivers[j]] += msg.value (tests/detectors/msg-value-loop/0.5.16/msg_value_loop.sol#24)\n", + "markdown": "[C.bad3(address[])](tests/detectors/msg-value-loop/0.5.16/msg_value_loop.sol#L21-L27) use msg.value in a loop: [balances[receivers[j]] += msg.value](tests/detectors/msg-value-loop/0.5.16/msg_value_loop.sol#L24)\n", + "first_markdown_element": "tests/detectors/msg-value-loop/0.5.16/msg_value_loop.sol#L21-L27", + "id": "e8b65da4e14be1243f400e5b4e656c10d7e360391ecdc376848c2c25c257f593", "check": "msg-value-loop", "impact": "High", "confidence": "Medium" diff --git a/tests/detectors/msg-value-loop/0.6.11/msg_value_loop.sol b/tests/detectors/msg-value-loop/0.6.11/msg_value_loop.sol index 203e22102..a32b79d8d 100644 --- a/tests/detectors/msg-value-loop/0.6.11/msg_value_loop.sol +++ b/tests/detectors/msg-value-loop/0.6.11/msg_value_loop.sol @@ -8,7 +8,7 @@ contract C{ } } - function bad2(address[] memory receivers) public payable { + function bad2(address[] memory receivers) public payable { for (uint256 i = 0; i < receivers.length; i++) { bad2_internal(receivers[i]); } @@ -18,4 +18,12 @@ contract C{ balances[a] += msg.value; } + function bad3(address[] memory receivers) public payable { + for (uint256 i = 0; i < 2; i++) { + for (uint256 j = 0; j < receivers.length; j++) { + balances[receivers[j]] += msg.value; + } + } + } + } \ No newline at end of file diff --git a/tests/detectors/msg-value-loop/0.6.11/msg_value_loop.sol.0.6.11.MsgValueInLoop.json b/tests/detectors/msg-value-loop/0.6.11/msg_value_loop.sol.0.6.11.MsgValueInLoop.json index 04bdbd34d..9b3f96591 100644 --- a/tests/detectors/msg-value-loop/0.6.11/msg_value_loop.sol.0.6.11.MsgValueInLoop.json +++ b/tests/detectors/msg-value-loop/0.6.11/msg_value_loop.sol.0.6.11.MsgValueInLoop.json @@ -29,7 +29,7 @@ "name": "C", "source_mapping": { "start": 0, - "length": 511, + "length": 763, "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/msg-value-loop/0.6.11/msg_value_loop.sol", "filename_absolute": "/GENERIC_PATH", @@ -57,7 +57,15 @@ 19, 20, 21, - 22 + 22, + 23, + 24, + 25, + 26, + 27, + 28, + 29, + 30 ], "starting_column": 1, "ending_column": 0 @@ -111,7 +119,7 @@ "name": "C", "source_mapping": { "start": 0, - "length": 511, + "length": 763, "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/msg-value-loop/0.6.11/msg_value_loop.sol", "filename_absolute": "/GENERIC_PATH", @@ -139,7 +147,15 @@ 19, 20, 21, - 22 + 22, + 23, + 24, + 25, + 26, + 27, + 28, + 29, + 30 ], "starting_column": 1, "ending_column": 0 @@ -163,21 +179,19 @@ "elements": [ { "type": "function", - "name": "bad2", + "name": "bad2_internal", "source_mapping": { - "start": 246, - "length": 172, + "start": 425, + "length": 84, "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/msg-value-loop/0.6.11/msg_value_loop.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/msg-value-loop/0.6.11/msg_value_loop.sol", "is_dependency": false, "lines": [ - 11, - 12, - 13, - 14, - 15 + 17, + 18, + 19 ], "starting_column": 5, "ending_column": 6 @@ -188,7 +202,7 @@ "name": "C", "source_mapping": { "start": 0, - "length": 511, + "length": 763, "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/msg-value-loop/0.6.11/msg_value_loop.sol", "filename_absolute": "/GENERIC_PATH", @@ -216,50 +230,235 @@ 19, 20, 21, - 22 + 22, + 23, + 24, + 25, + 26, + 27, + 28, + 29, + 30 ], "starting_column": 1, "ending_column": 0 } }, - "signature": "bad2(address[])" + "signature": "bad2_internal(address)" } }, { "type": "node", - "name": "bad2_internal(receivers[i])", + "name": "balances[a] += msg.value", "source_mapping": { - "start": 374, - "length": 27, + "start": 478, + "length": 24, "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/msg-value-loop/0.6.11/msg_value_loop.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/msg-value-loop/0.6.11/msg_value_loop.sol", "is_dependency": false, "lines": [ - 13 + 18 ], - "starting_column": 13, - "ending_column": 40 + "starting_column": 9, + "ending_column": 33 }, "type_specific_fields": { "parent": { "type": "function", - "name": "bad2", + "name": "bad2_internal", + "source_mapping": { + "start": 425, + "length": 84, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/msg-value-loop/0.6.11/msg_value_loop.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/msg-value-loop/0.6.11/msg_value_loop.sol", + "is_dependency": false, + "lines": [ + 17, + 18, + 19 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "C", + "source_mapping": { + "start": 0, + "length": 763, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/msg-value-loop/0.6.11/msg_value_loop.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/msg-value-loop/0.6.11/msg_value_loop.sol", + "is_dependency": false, + "lines": [ + 1, + 2, + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24, + 25, + 26, + 27, + 28, + 29, + 30 + ], + "starting_column": 1, + "ending_column": 0 + } + }, + "signature": "bad2_internal(address)" + } + } + } + } + ], + "description": "C.bad2_internal(address) (tests/detectors/msg-value-loop/0.6.11/msg_value_loop.sol#17-19) use msg.value in a loop: balances[a] += msg.value (tests/detectors/msg-value-loop/0.6.11/msg_value_loop.sol#18)\n", + "markdown": "[C.bad2_internal(address)](tests/detectors/msg-value-loop/0.6.11/msg_value_loop.sol#L17-L19) use msg.value in a loop: [balances[a] += msg.value](tests/detectors/msg-value-loop/0.6.11/msg_value_loop.sol#L18)\n", + "first_markdown_element": "tests/detectors/msg-value-loop/0.6.11/msg_value_loop.sol#L17-L19", + "id": "84b39e0706b72e42b4cf069a649c5825e35ed842871350cc064c8123396b6f96", + "check": "msg-value-loop", + "impact": "High", + "confidence": "Medium" + }, + { + "elements": [ + { + "type": "function", + "name": "bad3", + "source_mapping": { + "start": 515, + "length": 245, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/msg-value-loop/0.6.11/msg_value_loop.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/msg-value-loop/0.6.11/msg_value_loop.sol", + "is_dependency": false, + "lines": [ + 21, + 22, + 23, + 24, + 25, + 26, + 27 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "C", "source_mapping": { - "start": 246, - "length": 172, + "start": 0, + "length": 763, "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/msg-value-loop/0.6.11/msg_value_loop.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/msg-value-loop/0.6.11/msg_value_loop.sol", "is_dependency": false, "lines": [ + 1, + 2, + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10, 11, 12, 13, 14, - 15 + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24, + 25, + 26, + 27, + 28, + 29, + 30 + ], + "starting_column": 1, + "ending_column": 0 + } + }, + "signature": "bad3(address[])" + } + }, + { + "type": "node", + "name": "balances[receivers[j]] += msg.value", + "source_mapping": { + "start": 694, + "length": 35, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/msg-value-loop/0.6.11/msg_value_loop.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/msg-value-loop/0.6.11/msg_value_loop.sol", + "is_dependency": false, + "lines": [ + 24 + ], + "starting_column": 17, + "ending_column": 52 + }, + "type_specific_fields": { + "parent": { + "type": "function", + "name": "bad3", + "source_mapping": { + "start": 515, + "length": 245, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/msg-value-loop/0.6.11/msg_value_loop.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/msg-value-loop/0.6.11/msg_value_loop.sol", + "is_dependency": false, + "lines": [ + 21, + 22, + 23, + 24, + 25, + 26, + 27 ], "starting_column": 5, "ending_column": 6 @@ -270,7 +469,7 @@ "name": "C", "source_mapping": { "start": 0, - "length": 511, + "length": 763, "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/msg-value-loop/0.6.11/msg_value_loop.sol", "filename_absolute": "/GENERIC_PATH", @@ -298,22 +497,30 @@ 19, 20, 21, - 22 + 22, + 23, + 24, + 25, + 26, + 27, + 28, + 29, + 30 ], "starting_column": 1, "ending_column": 0 } }, - "signature": "bad2(address[])" + "signature": "bad3(address[])" } } } } ], - "description": "C.bad2(address[]) (tests/detectors/msg-value-loop/0.6.11/msg_value_loop.sol#11-15) use msg.value in a loop: bad2_internal(receivers[i]) (tests/detectors/msg-value-loop/0.6.11/msg_value_loop.sol#13)\n", - "markdown": "[C.bad2(address[])](tests/detectors/msg-value-loop/0.6.11/msg_value_loop.sol#L11-L15) use msg.value in a loop: [bad2_internal(receivers[i])](tests/detectors/msg-value-loop/0.6.11/msg_value_loop.sol#L13)\n", - "first_markdown_element": "tests/detectors/msg-value-loop/0.6.11/msg_value_loop.sol#L11-L15", - "id": "ed7f7cc6f26ba8aefd0b196507d26232414a3aa3709b3ca003e1ca6cced6576d", + "description": "C.bad3(address[]) (tests/detectors/msg-value-loop/0.6.11/msg_value_loop.sol#21-27) use msg.value in a loop: balances[receivers[j]] += msg.value (tests/detectors/msg-value-loop/0.6.11/msg_value_loop.sol#24)\n", + "markdown": "[C.bad3(address[])](tests/detectors/msg-value-loop/0.6.11/msg_value_loop.sol#L21-L27) use msg.value in a loop: [balances[receivers[j]] += msg.value](tests/detectors/msg-value-loop/0.6.11/msg_value_loop.sol#L24)\n", + "first_markdown_element": "tests/detectors/msg-value-loop/0.6.11/msg_value_loop.sol#L21-L27", + "id": "d89c600adf6767e1270ee5b760bf2e5917e9f27aa77c86f956b55a883552bb0d", "check": "msg-value-loop", "impact": "High", "confidence": "Medium" diff --git a/tests/detectors/msg-value-loop/0.7.6/msg_value_loop.sol b/tests/detectors/msg-value-loop/0.7.6/msg_value_loop.sol index 203e22102..a32b79d8d 100644 --- a/tests/detectors/msg-value-loop/0.7.6/msg_value_loop.sol +++ b/tests/detectors/msg-value-loop/0.7.6/msg_value_loop.sol @@ -8,7 +8,7 @@ contract C{ } } - function bad2(address[] memory receivers) public payable { + function bad2(address[] memory receivers) public payable { for (uint256 i = 0; i < receivers.length; i++) { bad2_internal(receivers[i]); } @@ -18,4 +18,12 @@ contract C{ balances[a] += msg.value; } + function bad3(address[] memory receivers) public payable { + for (uint256 i = 0; i < 2; i++) { + for (uint256 j = 0; j < receivers.length; j++) { + balances[receivers[j]] += msg.value; + } + } + } + } \ No newline at end of file diff --git a/tests/detectors/msg-value-loop/0.7.6/msg_value_loop.sol.0.7.6.MsgValueInLoop.json b/tests/detectors/msg-value-loop/0.7.6/msg_value_loop.sol.0.7.6.MsgValueInLoop.json index d8b7ada3c..15ce57037 100644 --- a/tests/detectors/msg-value-loop/0.7.6/msg_value_loop.sol.0.7.6.MsgValueInLoop.json +++ b/tests/detectors/msg-value-loop/0.7.6/msg_value_loop.sol.0.7.6.MsgValueInLoop.json @@ -29,7 +29,7 @@ "name": "C", "source_mapping": { "start": 0, - "length": 511, + "length": 763, "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/msg-value-loop/0.7.6/msg_value_loop.sol", "filename_absolute": "/GENERIC_PATH", @@ -57,7 +57,15 @@ 19, 20, 21, - 22 + 22, + 23, + 24, + 25, + 26, + 27, + 28, + 29, + 30 ], "starting_column": 1, "ending_column": 0 @@ -111,7 +119,7 @@ "name": "C", "source_mapping": { "start": 0, - "length": 511, + "length": 763, "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/msg-value-loop/0.7.6/msg_value_loop.sol", "filename_absolute": "/GENERIC_PATH", @@ -139,7 +147,15 @@ 19, 20, 21, - 22 + 22, + 23, + 24, + 25, + 26, + 27, + 28, + 29, + 30 ], "starting_column": 1, "ending_column": 0 @@ -163,21 +179,19 @@ "elements": [ { "type": "function", - "name": "bad2", + "name": "bad2_internal", "source_mapping": { - "start": 246, - "length": 172, + "start": 425, + "length": 84, "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/msg-value-loop/0.7.6/msg_value_loop.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/msg-value-loop/0.7.6/msg_value_loop.sol", "is_dependency": false, "lines": [ - 11, - 12, - 13, - 14, - 15 + 17, + 18, + 19 ], "starting_column": 5, "ending_column": 6 @@ -188,7 +202,7 @@ "name": "C", "source_mapping": { "start": 0, - "length": 511, + "length": 763, "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/msg-value-loop/0.7.6/msg_value_loop.sol", "filename_absolute": "/GENERIC_PATH", @@ -216,50 +230,235 @@ 19, 20, 21, - 22 + 22, + 23, + 24, + 25, + 26, + 27, + 28, + 29, + 30 ], "starting_column": 1, "ending_column": 0 } }, - "signature": "bad2(address[])" + "signature": "bad2_internal(address)" } }, { "type": "node", - "name": "bad2_internal(receivers[i])", + "name": "balances[a] += msg.value", "source_mapping": { - "start": 374, - "length": 27, + "start": 478, + "length": 24, "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/msg-value-loop/0.7.6/msg_value_loop.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/msg-value-loop/0.7.6/msg_value_loop.sol", "is_dependency": false, "lines": [ - 13 + 18 ], - "starting_column": 13, - "ending_column": 40 + "starting_column": 9, + "ending_column": 33 }, "type_specific_fields": { "parent": { "type": "function", - "name": "bad2", + "name": "bad2_internal", + "source_mapping": { + "start": 425, + "length": 84, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/msg-value-loop/0.7.6/msg_value_loop.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/msg-value-loop/0.7.6/msg_value_loop.sol", + "is_dependency": false, + "lines": [ + 17, + 18, + 19 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "C", + "source_mapping": { + "start": 0, + "length": 763, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/msg-value-loop/0.7.6/msg_value_loop.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/msg-value-loop/0.7.6/msg_value_loop.sol", + "is_dependency": false, + "lines": [ + 1, + 2, + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24, + 25, + 26, + 27, + 28, + 29, + 30 + ], + "starting_column": 1, + "ending_column": 0 + } + }, + "signature": "bad2_internal(address)" + } + } + } + } + ], + "description": "C.bad2_internal(address) (tests/detectors/msg-value-loop/0.7.6/msg_value_loop.sol#17-19) use msg.value in a loop: balances[a] += msg.value (tests/detectors/msg-value-loop/0.7.6/msg_value_loop.sol#18)\n", + "markdown": "[C.bad2_internal(address)](tests/detectors/msg-value-loop/0.7.6/msg_value_loop.sol#L17-L19) use msg.value in a loop: [balances[a] += msg.value](tests/detectors/msg-value-loop/0.7.6/msg_value_loop.sol#L18)\n", + "first_markdown_element": "tests/detectors/msg-value-loop/0.7.6/msg_value_loop.sol#L17-L19", + "id": "0fd3ac1c8051090ec1fe86fa9e1e5f8e7381d8eef3f252fede8dc3bb07e87104", + "check": "msg-value-loop", + "impact": "High", + "confidence": "Medium" + }, + { + "elements": [ + { + "type": "function", + "name": "bad3", + "source_mapping": { + "start": 515, + "length": 245, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/msg-value-loop/0.7.6/msg_value_loop.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/msg-value-loop/0.7.6/msg_value_loop.sol", + "is_dependency": false, + "lines": [ + 21, + 22, + 23, + 24, + 25, + 26, + 27 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "C", "source_mapping": { - "start": 246, - "length": 172, + "start": 0, + "length": 763, "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/msg-value-loop/0.7.6/msg_value_loop.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/msg-value-loop/0.7.6/msg_value_loop.sol", "is_dependency": false, "lines": [ + 1, + 2, + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10, 11, 12, 13, 14, - 15 + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24, + 25, + 26, + 27, + 28, + 29, + 30 + ], + "starting_column": 1, + "ending_column": 0 + } + }, + "signature": "bad3(address[])" + } + }, + { + "type": "node", + "name": "balances[receivers[j]] += msg.value", + "source_mapping": { + "start": 694, + "length": 35, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/msg-value-loop/0.7.6/msg_value_loop.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/msg-value-loop/0.7.6/msg_value_loop.sol", + "is_dependency": false, + "lines": [ + 24 + ], + "starting_column": 17, + "ending_column": 52 + }, + "type_specific_fields": { + "parent": { + "type": "function", + "name": "bad3", + "source_mapping": { + "start": 515, + "length": 245, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/msg-value-loop/0.7.6/msg_value_loop.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/msg-value-loop/0.7.6/msg_value_loop.sol", + "is_dependency": false, + "lines": [ + 21, + 22, + 23, + 24, + 25, + 26, + 27 ], "starting_column": 5, "ending_column": 6 @@ -270,7 +469,7 @@ "name": "C", "source_mapping": { "start": 0, - "length": 511, + "length": 763, "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/msg-value-loop/0.7.6/msg_value_loop.sol", "filename_absolute": "/GENERIC_PATH", @@ -298,22 +497,30 @@ 19, 20, 21, - 22 + 22, + 23, + 24, + 25, + 26, + 27, + 28, + 29, + 30 ], "starting_column": 1, "ending_column": 0 } }, - "signature": "bad2(address[])" + "signature": "bad3(address[])" } } } } ], - "description": "C.bad2(address[]) (tests/detectors/msg-value-loop/0.7.6/msg_value_loop.sol#11-15) use msg.value in a loop: bad2_internal(receivers[i]) (tests/detectors/msg-value-loop/0.7.6/msg_value_loop.sol#13)\n", - "markdown": "[C.bad2(address[])](tests/detectors/msg-value-loop/0.7.6/msg_value_loop.sol#L11-L15) use msg.value in a loop: [bad2_internal(receivers[i])](tests/detectors/msg-value-loop/0.7.6/msg_value_loop.sol#L13)\n", - "first_markdown_element": "tests/detectors/msg-value-loop/0.7.6/msg_value_loop.sol#L11-L15", - "id": "0fec821a1c77be9b94a219d21c9c2795cee09a25271cc47ea1ea68156c9cddff", + "description": "C.bad3(address[]) (tests/detectors/msg-value-loop/0.7.6/msg_value_loop.sol#21-27) use msg.value in a loop: balances[receivers[j]] += msg.value (tests/detectors/msg-value-loop/0.7.6/msg_value_loop.sol#24)\n", + "markdown": "[C.bad3(address[])](tests/detectors/msg-value-loop/0.7.6/msg_value_loop.sol#L21-L27) use msg.value in a loop: [balances[receivers[j]] += msg.value](tests/detectors/msg-value-loop/0.7.6/msg_value_loop.sol#L24)\n", + "first_markdown_element": "tests/detectors/msg-value-loop/0.7.6/msg_value_loop.sol#L21-L27", + "id": "9a021823637092277317750625e1f63b1b6f4b394a5dd1fdde50088af8d9e805", "check": "msg-value-loop", "impact": "High", "confidence": "Medium" diff --git a/tests/detectors/msg-value-loop/0.8.0/msg_value_loop.sol b/tests/detectors/msg-value-loop/0.8.0/msg_value_loop.sol index 203e22102..a32b79d8d 100644 --- a/tests/detectors/msg-value-loop/0.8.0/msg_value_loop.sol +++ b/tests/detectors/msg-value-loop/0.8.0/msg_value_loop.sol @@ -8,7 +8,7 @@ contract C{ } } - function bad2(address[] memory receivers) public payable { + function bad2(address[] memory receivers) public payable { for (uint256 i = 0; i < receivers.length; i++) { bad2_internal(receivers[i]); } @@ -18,4 +18,12 @@ contract C{ balances[a] += msg.value; } + function bad3(address[] memory receivers) public payable { + for (uint256 i = 0; i < 2; i++) { + for (uint256 j = 0; j < receivers.length; j++) { + balances[receivers[j]] += msg.value; + } + } + } + } \ No newline at end of file diff --git a/tests/detectors/msg-value-loop/0.8.0/msg_value_loop.sol.0.8.0.MsgValueInLoop.json b/tests/detectors/msg-value-loop/0.8.0/msg_value_loop.sol.0.8.0.MsgValueInLoop.json index 8449a16d9..e965e1531 100644 --- a/tests/detectors/msg-value-loop/0.8.0/msg_value_loop.sol.0.8.0.MsgValueInLoop.json +++ b/tests/detectors/msg-value-loop/0.8.0/msg_value_loop.sol.0.8.0.MsgValueInLoop.json @@ -29,7 +29,7 @@ "name": "C", "source_mapping": { "start": 0, - "length": 511, + "length": 763, "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/msg-value-loop/0.8.0/msg_value_loop.sol", "filename_absolute": "/GENERIC_PATH", @@ -57,7 +57,15 @@ 19, 20, 21, - 22 + 22, + 23, + 24, + 25, + 26, + 27, + 28, + 29, + 30 ], "starting_column": 1, "ending_column": 0 @@ -111,7 +119,7 @@ "name": "C", "source_mapping": { "start": 0, - "length": 511, + "length": 763, "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/msg-value-loop/0.8.0/msg_value_loop.sol", "filename_absolute": "/GENERIC_PATH", @@ -139,7 +147,15 @@ 19, 20, 21, - 22 + 22, + 23, + 24, + 25, + 26, + 27, + 28, + 29, + 30 ], "starting_column": 1, "ending_column": 0 @@ -163,21 +179,19 @@ "elements": [ { "type": "function", - "name": "bad2", + "name": "bad2_internal", "source_mapping": { - "start": 246, - "length": 172, + "start": 425, + "length": 84, "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/msg-value-loop/0.8.0/msg_value_loop.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/msg-value-loop/0.8.0/msg_value_loop.sol", "is_dependency": false, "lines": [ - 11, - 12, - 13, - 14, - 15 + 17, + 18, + 19 ], "starting_column": 5, "ending_column": 6 @@ -188,7 +202,7 @@ "name": "C", "source_mapping": { "start": 0, - "length": 511, + "length": 763, "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/msg-value-loop/0.8.0/msg_value_loop.sol", "filename_absolute": "/GENERIC_PATH", @@ -216,50 +230,235 @@ 19, 20, 21, - 22 + 22, + 23, + 24, + 25, + 26, + 27, + 28, + 29, + 30 ], "starting_column": 1, "ending_column": 0 } }, - "signature": "bad2(address[])" + "signature": "bad2_internal(address)" } }, { "type": "node", - "name": "bad2_internal(receivers[i])", + "name": "balances[a] += msg.value", "source_mapping": { - "start": 374, - "length": 27, + "start": 478, + "length": 24, "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/msg-value-loop/0.8.0/msg_value_loop.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/msg-value-loop/0.8.0/msg_value_loop.sol", "is_dependency": false, "lines": [ - 13 + 18 ], - "starting_column": 13, - "ending_column": 40 + "starting_column": 9, + "ending_column": 33 }, "type_specific_fields": { "parent": { "type": "function", - "name": "bad2", + "name": "bad2_internal", + "source_mapping": { + "start": 425, + "length": 84, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/msg-value-loop/0.8.0/msg_value_loop.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/msg-value-loop/0.8.0/msg_value_loop.sol", + "is_dependency": false, + "lines": [ + 17, + 18, + 19 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "C", + "source_mapping": { + "start": 0, + "length": 763, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/msg-value-loop/0.8.0/msg_value_loop.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/msg-value-loop/0.8.0/msg_value_loop.sol", + "is_dependency": false, + "lines": [ + 1, + 2, + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24, + 25, + 26, + 27, + 28, + 29, + 30 + ], + "starting_column": 1, + "ending_column": 0 + } + }, + "signature": "bad2_internal(address)" + } + } + } + } + ], + "description": "C.bad2_internal(address) (tests/detectors/msg-value-loop/0.8.0/msg_value_loop.sol#17-19) use msg.value in a loop: balances[a] += msg.value (tests/detectors/msg-value-loop/0.8.0/msg_value_loop.sol#18)\n", + "markdown": "[C.bad2_internal(address)](tests/detectors/msg-value-loop/0.8.0/msg_value_loop.sol#L17-L19) use msg.value in a loop: [balances[a] += msg.value](tests/detectors/msg-value-loop/0.8.0/msg_value_loop.sol#L18)\n", + "first_markdown_element": "tests/detectors/msg-value-loop/0.8.0/msg_value_loop.sol#L17-L19", + "id": "0064bba498edf780c73f858d7a8d6cc42e1be323e288eea78622b8d84fe557bc", + "check": "msg-value-loop", + "impact": "High", + "confidence": "Medium" + }, + { + "elements": [ + { + "type": "function", + "name": "bad3", + "source_mapping": { + "start": 515, + "length": 245, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/msg-value-loop/0.8.0/msg_value_loop.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/msg-value-loop/0.8.0/msg_value_loop.sol", + "is_dependency": false, + "lines": [ + 21, + 22, + 23, + 24, + 25, + 26, + 27 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "C", "source_mapping": { - "start": 246, - "length": 172, + "start": 0, + "length": 763, "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/msg-value-loop/0.8.0/msg_value_loop.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/msg-value-loop/0.8.0/msg_value_loop.sol", "is_dependency": false, "lines": [ + 1, + 2, + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10, 11, 12, 13, 14, - 15 + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24, + 25, + 26, + 27, + 28, + 29, + 30 + ], + "starting_column": 1, + "ending_column": 0 + } + }, + "signature": "bad3(address[])" + } + }, + { + "type": "node", + "name": "balances[receivers[j]] += msg.value", + "source_mapping": { + "start": 694, + "length": 35, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/msg-value-loop/0.8.0/msg_value_loop.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/msg-value-loop/0.8.0/msg_value_loop.sol", + "is_dependency": false, + "lines": [ + 24 + ], + "starting_column": 17, + "ending_column": 52 + }, + "type_specific_fields": { + "parent": { + "type": "function", + "name": "bad3", + "source_mapping": { + "start": 515, + "length": 245, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/msg-value-loop/0.8.0/msg_value_loop.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/msg-value-loop/0.8.0/msg_value_loop.sol", + "is_dependency": false, + "lines": [ + 21, + 22, + 23, + 24, + 25, + 26, + 27 ], "starting_column": 5, "ending_column": 6 @@ -270,7 +469,7 @@ "name": "C", "source_mapping": { "start": 0, - "length": 511, + "length": 763, "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/msg-value-loop/0.8.0/msg_value_loop.sol", "filename_absolute": "/GENERIC_PATH", @@ -298,22 +497,30 @@ 19, 20, 21, - 22 + 22, + 23, + 24, + 25, + 26, + 27, + 28, + 29, + 30 ], "starting_column": 1, "ending_column": 0 } }, - "signature": "bad2(address[])" + "signature": "bad3(address[])" } } } } ], - "description": "C.bad2(address[]) (tests/detectors/msg-value-loop/0.8.0/msg_value_loop.sol#11-15) use msg.value in a loop: bad2_internal(receivers[i]) (tests/detectors/msg-value-loop/0.8.0/msg_value_loop.sol#13)\n", - "markdown": "[C.bad2(address[])](tests/detectors/msg-value-loop/0.8.0/msg_value_loop.sol#L11-L15) use msg.value in a loop: [bad2_internal(receivers[i])](tests/detectors/msg-value-loop/0.8.0/msg_value_loop.sol#L13)\n", - "first_markdown_element": "tests/detectors/msg-value-loop/0.8.0/msg_value_loop.sol#L11-L15", - "id": "36cc43f938a3f57751ebb390fb30f8cc20a3f80634af3bab797d6b97feadf103", + "description": "C.bad3(address[]) (tests/detectors/msg-value-loop/0.8.0/msg_value_loop.sol#21-27) use msg.value in a loop: balances[receivers[j]] += msg.value (tests/detectors/msg-value-loop/0.8.0/msg_value_loop.sol#24)\n", + "markdown": "[C.bad3(address[])](tests/detectors/msg-value-loop/0.8.0/msg_value_loop.sol#L21-L27) use msg.value in a loop: [balances[receivers[j]] += msg.value](tests/detectors/msg-value-loop/0.8.0/msg_value_loop.sol#L24)\n", + "first_markdown_element": "tests/detectors/msg-value-loop/0.8.0/msg_value_loop.sol#L21-L27", + "id": "5aba5d0fecd0935e1e8d98c5779a7114fbfd4587b6b8b7fdca61829d3322f584", "check": "msg-value-loop", "impact": "High", "confidence": "Medium"