replace-initialize (#1239)

pull/1300/head
Kyle Baker 2 years ago committed by GitHub
parent 167b4c0394
commit 6971f3005d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 2
      slither/detectors/statements/unprotected_upgradeable.py
  2. 6
      slither/tools/upgradeability/checks/initialization.py
  3. 6
      tests/detectors/uninitialized-state/0.4.25/uninitialized.sol
  4. 6
      tests/detectors/uninitialized-state/0.5.16/uninitialized.sol
  5. 6
      tests/detectors/uninitialized-state/0.6.11/uninitialized.sol
  6. 6
      tests/detectors/uninitialized-state/0.7.6/uninitialized.sol
  7. 4
      tests/detectors/unprotected-upgrade/0.4.25/Buggy.sol.0.4.25.UnprotectedUpgradeable.json
  8. 4
      tests/detectors/unprotected-upgrade/0.5.16/Buggy.sol.0.5.16.UnprotectedUpgradeable.json
  9. 4
      tests/detectors/unprotected-upgrade/0.6.11/Buggy.sol.0.6.11.UnprotectedUpgradeable.json
  10. 4
      tests/detectors/unprotected-upgrade/0.7.6/Buggy.sol.0.7.6.UnprotectedUpgradeable.json

@ -102,7 +102,7 @@ class UnprotectedUpgradeable(AbstractDetector):
info = ( info = (
[ [
contract, contract,
" is an upgradeable contract that does not protect its initiliaze functions: ", " is an upgradeable contract that does not protect its initialize functions: ",
] ]
+ initialize_functions + initialize_functions
+ [ + [

@ -15,7 +15,7 @@ class MultipleInitTarget(Exception):
pass pass
def _has_initiliaze_modifier(function: Function): def _has_initialize_modifier(function: Function):
if not function.modifiers: if not function.modifiers:
return False return False
return any((m.name == "initializer") for m in function.modifiers) return any((m.name == "initializer") for m in function.modifiers)
@ -25,7 +25,7 @@ def _get_initialize_functions(contract):
return [ return [
f f
for f in contract.functions for f in contract.functions
if (f.name == "initialize" or _has_initiliaze_modifier(f)) and f.is_implemented if (f.name == "initialize" or _has_initialize_modifier(f)) and f.is_implemented
] ]
@ -313,7 +313,7 @@ contract DerivedDerived is Derived{
} }
``` ```
`Base.initialize(uint)` is called two times in `DerivedDerived.initiliaze` execution, leading to a potential corruption. `Base.initialize(uint)` is called two times in `DerivedDerived.initialize` execution, leading to a potential corruption.
""" """
# endregion wiki_exploit_scenario # endregion wiki_exploit_scenario

@ -43,16 +43,16 @@ contract Test2 {
using Lib for Lib.MyStruct; using Lib for Lib.MyStruct;
Lib.MyStruct st; Lib.MyStruct st;
Lib.MyStruct stInitiliazed; Lib.MyStruct stinitialized;
uint v; // v is used as parameter of the lib, but is never init uint v; // v is used as parameter of the lib, but is never init
function init(){ function init(){
stInitiliazed.set(v); stinitialized.set(v);
} }
function use(){ function use(){
// random operation to use the structure // random operation to use the structure
require(st.val == stInitiliazed.val); require(st.val == stinitialized.val);
} }
} }

@ -43,16 +43,16 @@ contract Test2 {
using Lib for Lib.MyStruct; using Lib for Lib.MyStruct;
Lib.MyStruct st; Lib.MyStruct st;
Lib.MyStruct stInitiliazed; Lib.MyStruct stinitialized;
uint v; // v is used as parameter of the lib, but is never init uint v; // v is used as parameter of the lib, but is never init
function init() public{ function init() public{
stInitiliazed.set(v); stinitialized.set(v);
} }
function use() view public{ function use() view public{
// random operation to use the structure // random operation to use the structure
require(st.val == stInitiliazed.val); require(st.val == stinitialized.val);
} }
} }

@ -43,16 +43,16 @@ contract Test2 {
using Lib for Lib.MyStruct; using Lib for Lib.MyStruct;
Lib.MyStruct st; Lib.MyStruct st;
Lib.MyStruct stInitiliazed; Lib.MyStruct stinitialized;
uint v; // v is used as parameter of the lib, but is never init uint v; // v is used as parameter of the lib, but is never init
function init() public{ function init() public{
stInitiliazed.set(v); stinitialized.set(v);
} }
function use() view public{ function use() view public{
// random operation to use the structure // random operation to use the structure
require(st.val == stInitiliazed.val); require(st.val == stinitialized.val);
} }
} }

@ -43,16 +43,16 @@ contract Test2 {
using Lib for Lib.MyStruct; using Lib for Lib.MyStruct;
Lib.MyStruct st; Lib.MyStruct st;
Lib.MyStruct stInitiliazed; Lib.MyStruct stinitialized;
uint v; // v is used as parameter of the lib, but is never init uint v; // v is used as parameter of the lib, but is never init
function init() public{ function init() public{
stInitiliazed.set(v); stinitialized.set(v);
} }
function use() view public{ function use() view public{
// random operation to use the structure // random operation to use the structure
require(st.val == stInitiliazed.val); require(st.val == stinitialized.val);
} }
} }

@ -141,8 +141,8 @@
} }
} }
], ],
"description": "Buggy (tests/detectors/unprotected-upgrade/0.4.25/Buggy.sol#3-15) is an upgradeable contract that does not protect its initiliaze functions: Buggy.initialize() (tests/detectors/unprotected-upgrade/0.4.25/Buggy.sol#6-9). Anyone can delete the contract with: Buggy.kill() (tests/detectors/unprotected-upgrade/0.4.25/Buggy.sol#10-13)", "description": "Buggy (tests/detectors/unprotected-upgrade/0.4.25/Buggy.sol#3-15) is an upgradeable contract that does not protect its initialize functions: Buggy.initialize() (tests/detectors/unprotected-upgrade/0.4.25/Buggy.sol#6-9). Anyone can delete the contract with: Buggy.kill() (tests/detectors/unprotected-upgrade/0.4.25/Buggy.sol#10-13)",
"markdown": "[Buggy](tests/detectors/unprotected-upgrade/0.4.25/Buggy.sol#L3-L15) is an upgradeable contract that does not protect its initiliaze functions: [Buggy.initialize()](tests/detectors/unprotected-upgrade/0.4.25/Buggy.sol#L6-L9). Anyone can delete the contract with: [Buggy.kill()](tests/detectors/unprotected-upgrade/0.4.25/Buggy.sol#L10-L13)", "markdown": "[Buggy](tests/detectors/unprotected-upgrade/0.4.25/Buggy.sol#L3-L15) is an upgradeable contract that does not protect its initialize functions: [Buggy.initialize()](tests/detectors/unprotected-upgrade/0.4.25/Buggy.sol#L6-L9). Anyone can delete the contract with: [Buggy.kill()](tests/detectors/unprotected-upgrade/0.4.25/Buggy.sol#L10-L13)",
"first_markdown_element": "tests/detectors/unprotected-upgrade/0.4.25/Buggy.sol#L3-L15", "first_markdown_element": "tests/detectors/unprotected-upgrade/0.4.25/Buggy.sol#L3-L15",
"id": "aceca400ce0b482809a70df612af22e24d154c5c89c24d630ec0ee5a366d09fe", "id": "aceca400ce0b482809a70df612af22e24d154c5c89c24d630ec0ee5a366d09fe",
"check": "unprotected-upgrade", "check": "unprotected-upgrade",

@ -141,8 +141,8 @@
} }
} }
], ],
"description": "Buggy (tests/detectors/unprotected-upgrade/0.5.16/Buggy.sol#3-15) is an upgradeable contract that does not protect its initiliaze functions: Buggy.initialize() (tests/detectors/unprotected-upgrade/0.5.16/Buggy.sol#6-9). Anyone can delete the contract with: Buggy.kill() (tests/detectors/unprotected-upgrade/0.5.16/Buggy.sol#10-13)", "description": "Buggy (tests/detectors/unprotected-upgrade/0.5.16/Buggy.sol#3-15) is an upgradeable contract that does not protect its initialize functions: Buggy.initialize() (tests/detectors/unprotected-upgrade/0.5.16/Buggy.sol#6-9). Anyone can delete the contract with: Buggy.kill() (tests/detectors/unprotected-upgrade/0.5.16/Buggy.sol#10-13)",
"markdown": "[Buggy](tests/detectors/unprotected-upgrade/0.5.16/Buggy.sol#L3-L15) is an upgradeable contract that does not protect its initiliaze functions: [Buggy.initialize()](tests/detectors/unprotected-upgrade/0.5.16/Buggy.sol#L6-L9). Anyone can delete the contract with: [Buggy.kill()](tests/detectors/unprotected-upgrade/0.5.16/Buggy.sol#L10-L13)", "markdown": "[Buggy](tests/detectors/unprotected-upgrade/0.5.16/Buggy.sol#L3-L15) is an upgradeable contract that does not protect its initialize functions: [Buggy.initialize()](tests/detectors/unprotected-upgrade/0.5.16/Buggy.sol#L6-L9). Anyone can delete the contract with: [Buggy.kill()](tests/detectors/unprotected-upgrade/0.5.16/Buggy.sol#L10-L13)",
"first_markdown_element": "tests/detectors/unprotected-upgrade/0.5.16/Buggy.sol#L3-L15", "first_markdown_element": "tests/detectors/unprotected-upgrade/0.5.16/Buggy.sol#L3-L15",
"id": "aceca400ce0b482809a70df612af22e24d154c5c89c24d630ec0ee5a366d09fe", "id": "aceca400ce0b482809a70df612af22e24d154c5c89c24d630ec0ee5a366d09fe",
"check": "unprotected-upgrade", "check": "unprotected-upgrade",

@ -141,8 +141,8 @@
} }
} }
], ],
"description": "Buggy (tests/detectors/unprotected-upgrade/0.6.11/Buggy.sol#3-15) is an upgradeable contract that does not protect its initiliaze functions: Buggy.initialize() (tests/detectors/unprotected-upgrade/0.6.11/Buggy.sol#6-9). Anyone can delete the contract with: Buggy.kill() (tests/detectors/unprotected-upgrade/0.6.11/Buggy.sol#10-13)", "description": "Buggy (tests/detectors/unprotected-upgrade/0.6.11/Buggy.sol#3-15) is an upgradeable contract that does not protect its initialize functions: Buggy.initialize() (tests/detectors/unprotected-upgrade/0.6.11/Buggy.sol#6-9). Anyone can delete the contract with: Buggy.kill() (tests/detectors/unprotected-upgrade/0.6.11/Buggy.sol#10-13)",
"markdown": "[Buggy](tests/detectors/unprotected-upgrade/0.6.11/Buggy.sol#L3-L15) is an upgradeable contract that does not protect its initiliaze functions: [Buggy.initialize()](tests/detectors/unprotected-upgrade/0.6.11/Buggy.sol#L6-L9). Anyone can delete the contract with: [Buggy.kill()](tests/detectors/unprotected-upgrade/0.6.11/Buggy.sol#L10-L13)", "markdown": "[Buggy](tests/detectors/unprotected-upgrade/0.6.11/Buggy.sol#L3-L15) is an upgradeable contract that does not protect its initialize functions: [Buggy.initialize()](tests/detectors/unprotected-upgrade/0.6.11/Buggy.sol#L6-L9). Anyone can delete the contract with: [Buggy.kill()](tests/detectors/unprotected-upgrade/0.6.11/Buggy.sol#L10-L13)",
"first_markdown_element": "tests/detectors/unprotected-upgrade/0.6.11/Buggy.sol#L3-L15", "first_markdown_element": "tests/detectors/unprotected-upgrade/0.6.11/Buggy.sol#L3-L15",
"id": "aceca400ce0b482809a70df612af22e24d154c5c89c24d630ec0ee5a366d09fe", "id": "aceca400ce0b482809a70df612af22e24d154c5c89c24d630ec0ee5a366d09fe",
"check": "unprotected-upgrade", "check": "unprotected-upgrade",

@ -141,8 +141,8 @@
} }
} }
], ],
"description": "Buggy (tests/detectors/unprotected-upgrade/0.7.6/Buggy.sol#3-15) is an upgradeable contract that does not protect its initiliaze functions: Buggy.initialize() (tests/detectors/unprotected-upgrade/0.7.6/Buggy.sol#6-9). Anyone can delete the contract with: Buggy.kill() (tests/detectors/unprotected-upgrade/0.7.6/Buggy.sol#10-13)", "description": "Buggy (tests/detectors/unprotected-upgrade/0.7.6/Buggy.sol#3-15) is an upgradeable contract that does not protect its initialize functions: Buggy.initialize() (tests/detectors/unprotected-upgrade/0.7.6/Buggy.sol#6-9). Anyone can delete the contract with: Buggy.kill() (tests/detectors/unprotected-upgrade/0.7.6/Buggy.sol#10-13)",
"markdown": "[Buggy](tests/detectors/unprotected-upgrade/0.7.6/Buggy.sol#L3-L15) is an upgradeable contract that does not protect its initiliaze functions: [Buggy.initialize()](tests/detectors/unprotected-upgrade/0.7.6/Buggy.sol#L6-L9). Anyone can delete the contract with: [Buggy.kill()](tests/detectors/unprotected-upgrade/0.7.6/Buggy.sol#L10-L13)", "markdown": "[Buggy](tests/detectors/unprotected-upgrade/0.7.6/Buggy.sol#L3-L15) is an upgradeable contract that does not protect its initialize functions: [Buggy.initialize()](tests/detectors/unprotected-upgrade/0.7.6/Buggy.sol#L6-L9). Anyone can delete the contract with: [Buggy.kill()](tests/detectors/unprotected-upgrade/0.7.6/Buggy.sol#L10-L13)",
"first_markdown_element": "tests/detectors/unprotected-upgrade/0.7.6/Buggy.sol#L3-L15", "first_markdown_element": "tests/detectors/unprotected-upgrade/0.7.6/Buggy.sol#L3-L15",
"id": "aceca400ce0b482809a70df612af22e24d154c5c89c24d630ec0ee5a366d09fe", "id": "aceca400ce0b482809a70df612af22e24d154c5c89c24d630ec0ee5a366d09fe",
"check": "unprotected-upgrade", "check": "unprotected-upgrade",

Loading…
Cancel
Save