From 12c581498f09156b1a72ac01b46fa2d4a7f85cb6 Mon Sep 17 00:00:00 2001 From: Feist Josselin Date: Mon, 11 Jan 2021 11:27:44 +0100 Subject: [PATCH 01/16] Create trophies.md --- trophies.md | 83 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 83 insertions(+) create mode 100644 trophies.md diff --git a/trophies.md b/trophies.md new file mode 100644 index 000000000..58899bbc8 --- /dev/null +++ b/trophies.md @@ -0,0 +1,83 @@ +# Slither Trophies +The following lists security vulnerabilities that were found by Slither. If you found a security vulnerability using Slither, please submit a PR with the relevant information. + + +## October 2018 +- [Basis](https://github.com/trailofbits/publications/blob/master/reviews/basis.pdf) + - Missing return value check +## November 2018 +- [Origin protocol](https://github.com/trailofbits/publications/blob/master/reviews/origin.pdf) + - Reentrancy +## July 2019 +- [Numerai](https://github.com/trailofbits/publications/blob/master/reviews/numerai.pdf) + - Deletion of a mapping with structure + - Missing return value +## September 2019 +- [Flexa](https://github.com/trailofbits/publications/blob/master/reviews/Flexa.pdf) + - Reentrancy (events out of order) +## October 2019 +- [0x](https://github.com/trailofbits/publications/blob/master/reviews/0x-protocol.pdf) + - Missing return value +## December 2019 +- [Token mint](https://certificate.quantstamp.com/full/token-mint) + - Reentrancies +## February 2020 +- [Airswap](https://certificate.quantstamp.com/full/airswap) + - Missing return value check +## March 202 +- [Stake Technologies Lockdrop](https://certificate.quantstamp.com/full/stake-technologies-lockdrop) + - Dangerous strict equality +## May 2020 +- [E&Y’s Nightfall](https://blog.trailofbits.com/2020/05/15/bug-hunting-with-crytic/) + - Missing return value + - Empty return value +- [DefiStrategies](https://blog.trailofbits.com/2020/05/15/bug-hunting-with-crytic/) + - Modifier can return the default value + - Dangerous strict equality allows the contract to be trapped +- [DOSnetwork](https://blog.trailofbits.com/2020/05/15/bug-hunting-with-crytic/) + - Abi `encodedPacked `collision +- [EthKids](https://blog.trailofbits.com/2020/05/15/bug-hunting-with-crytic/) + - `msg.value` is used two times to compute a price +- [HQ20](https://blog.trailofbits.com/2020/05/15/bug-hunting-with-crytic/) + - Reentrancy +## June 2020 +- [88mph](https://certificate.quantstamp.com/full/88-mph) + - Dangerous `block.timestamp` usage +- [Dloop](https://certificate.quantstamp.com/full/dloop-art-registry-smart-contract) + - Dangerous `block.timestamp` usage +## July 2020 +- [Atomic Loans](https://certificate.quantstamp.com/full/atomic-loans) + - Uninitialized state variable + - State variable shadowing + - Reentrancy +- [Parity](https://github.com/trailofbits/publications/blob/master/reviews/parity.pdf) + - Incorrect constructor name + - Deletion of a mapping with structure + - Uninitialized state variables +## August 3 2020 +- [Amp](https://github.com/trailofbits/publications/blob/master/reviews/amp.pdf) + - Duplicate contract name +- [PerlinXRewards](https://certificate.quantstamp.com/full/perlin-x-rewards-sol) + - Multiple reentrancies +## November 2020 +- [Linkswap](https://certificate.quantstamp.com/full/linkswap) + - Lack of return value check + - Uninitialized state variable +- [Cryptex](https://certificate.quantstamp.com/full/cryptex) + - Lack of return value check +## December 2020 +- [Idle](https://certificate.quantstamp.com/full/idle-finance) + - Dangerous divide before multiply operations +- [RariCapital](https://certificate.quantstamp.com/full/rari-capital) + - Lack of return value check + - Uninitialized state variable +- [wfil-factory](https://github.com/wfil/wfil-factory/commit/a43c1ddf52cf1191ccf1e71a637df02d78b98cc0) + - Reentrancy +## January 2021 +- [Origin Dollar](https://github.com/trailofbits/publications/blob/master/reviews/OriginDollar.pdf) + - Reentrancy + - Variable shadowing +- [OriginTrait](https://github.com/OriginTrail/starfleet-boarding-contract/commit/6481b12abc3cfd0d782abd0e32eabd103d8f6953) + - Reentrancy + + From 9e1e564588f493469624d80b1071aa49db44d4ee Mon Sep 17 00:00:00 2001 From: Feist Josselin Date: Mon, 11 Jan 2021 12:10:17 +0100 Subject: [PATCH 02/16] Update trophies.md --- trophies.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/trophies.md b/trophies.md index 58899bbc8..42df1b4c7 100644 --- a/trophies.md +++ b/trophies.md @@ -65,6 +65,8 @@ The following lists security vulnerabilities that were found by Slither. If you - Uninitialized state variable - [Cryptex](https://certificate.quantstamp.com/full/cryptex) - Lack of return value check +- [Unoswap](https://www.unos.finance/wp-content/uploads/2020/11/block-audit.pdf) + - Contract locking ethers ## December 2020 - [Idle](https://certificate.quantstamp.com/full/idle-finance) - Dangerous divide before multiply operations From c0acb5f2479ee82a237b9a51b62b4dfdf7599dfd Mon Sep 17 00:00:00 2001 From: Feist Josselin Date: Mon, 11 Jan 2021 12:40:55 +0100 Subject: [PATCH 03/16] Update trophies.md --- trophies.md | 69 +++++++++++++++++++++-------------------------------- 1 file changed, 27 insertions(+), 42 deletions(-) diff --git a/trophies.md b/trophies.md index 42df1b4c7..a45579652 100644 --- a/trophies.md +++ b/trophies.md @@ -2,84 +2,69 @@ The following lists security vulnerabilities that were found by Slither. If you found a security vulnerability using Slither, please submit a PR with the relevant information. -## October 2018 -- [Basis](https://github.com/trailofbits/publications/blob/master/reviews/basis.pdf) +- October 2018 - [Basis](https://github.com/trailofbits/publications/blob/master/reviews/basis.pdf) - Missing return value check -## November 2018 -- [Origin protocol](https://github.com/trailofbits/publications/blob/master/reviews/origin.pdf) +- November 2018- [Origin protocol](https://github.com/trailofbits/publications/blob/master/reviews/origin.pdf) - Reentrancy -## July 2019 -- [Numerai](https://github.com/trailofbits/publications/blob/master/reviews/numerai.pdf) +- July 2019 - [Numerai](https://github.com/trailofbits/publications/blob/master/reviews/numerai.pdf) - Deletion of a mapping with structure - Missing return value -## September 2019 -- [Flexa](https://github.com/trailofbits/publications/blob/master/reviews/Flexa.pdf) +- September 2019 - [Flexa](https://github.com/trailofbits/publications/blob/master/reviews/Flexa.pdf) - Reentrancy (events out of order) -## October 2019 -- [0x](https://github.com/trailofbits/publications/blob/master/reviews/0x-protocol.pdf) +- October 2019 - [0x](https://github.com/trailofbits/publications/blob/master/reviews/0x-protocol.pdf) - Missing return value -## December 2019 -- [Token mint](https://certificate.quantstamp.com/full/token-mint) +- December 2019 - [Token mint](https://certificate.quantstamp.com/full/token-mint) - Reentrancies -## February 2020 -- [Airswap](https://certificate.quantstamp.com/full/airswap) +- February 2020 - [Airswap](https://certificate.quantstamp.com/full/airswap) - Missing return value check -## March 202 -- [Stake Technologies Lockdrop](https://certificate.quantstamp.com/full/stake-technologies-lockdrop) +- March 202 - [Stake Technologies Lockdrop](https://certificate.quantstamp.com/full/stake-technologies-lockdrop) - Dangerous strict equality -## May 2020 -- [E&Y’s Nightfall](https://blog.trailofbits.com/2020/05/15/bug-hunting-with-crytic/) +- May 2020 - [E&Y’s Nightfall](https://blog.trailofbits.com/2020/05/15/bug-hunting-with-crytic/) - Missing return value - Empty return value -- [DefiStrategies](https://blog.trailofbits.com/2020/05/15/bug-hunting-with-crytic/) +- May 2020 - [DefiStrategies](https://blog.trailofbits.com/2020/05/15/bug-hunting-with-crytic/) - Modifier can return the default value - Dangerous strict equality allows the contract to be trapped -- [DOSnetwork](https://blog.trailofbits.com/2020/05/15/bug-hunting-with-crytic/) +- May 2020 - [DOSnetwork](https://blog.trailofbits.com/2020/05/15/bug-hunting-with-crytic/) - Abi `encodedPacked `collision -- [EthKids](https://blog.trailofbits.com/2020/05/15/bug-hunting-with-crytic/) +- May 2020 - [EthKids](https://blog.trailofbits.com/2020/05/15/bug-hunting-with-crytic/) - `msg.value` is used two times to compute a price -- [HQ20](https://blog.trailofbits.com/2020/05/15/bug-hunting-with-crytic/) +- May 2020 - [HQ20](https://blog.trailofbits.com/2020/05/15/bug-hunting-with-crytic/) - Reentrancy -## June 2020 -- [88mph](https://certificate.quantstamp.com/full/88-mph) +- June 2020 - [88mph](https://certificate.quantstamp.com/full/88-mph) - Dangerous `block.timestamp` usage -- [Dloop](https://certificate.quantstamp.com/full/dloop-art-registry-smart-contract) +- June 2020 - [Dloop](https://certificate.quantstamp.com/full/dloop-art-registry-smart-contract) - Dangerous `block.timestamp` usage -## July 2020 -- [Atomic Loans](https://certificate.quantstamp.com/full/atomic-loans) +- July 2020 - [Atomic Loans](https://certificate.quantstamp.com/full/atomic-loans) - Uninitialized state variable - State variable shadowing - Reentrancy -- [Parity](https://github.com/trailofbits/publications/blob/master/reviews/parity.pdf) +- July 2020 - [Parity](https://github.com/trailofbits/publications/blob/master/reviews/parity.pdf) - Incorrect constructor name - Deletion of a mapping with structure - Uninitialized state variables -## August 3 2020 -- [Amp](https://github.com/trailofbits/publications/blob/master/reviews/amp.pdf) +- August 2020 - [Amp](https://github.com/trailofbits/publications/blob/master/reviews/amp.pdf) - Duplicate contract name -- [PerlinXRewards](https://certificate.quantstamp.com/full/perlin-x-rewards-sol) +- August 2020 - [PerlinXRewards](https://certificate.quantstamp.com/full/perlin-x-rewards-sol) - Multiple reentrancies -## November 2020 -- [Linkswap](https://certificate.quantstamp.com/full/linkswap) +- November 2020 - [Linkswap](https://certificate.quantstamp.com/full/linkswap) - Lack of return value check - Uninitialized state variable -- [Cryptex](https://certificate.quantstamp.com/full/cryptex) +- November 2020 - [Cryptex](https://certificate.quantstamp.com/full/cryptex) - Lack of return value check -- [Unoswap](https://www.unos.finance/wp-content/uploads/2020/11/block-audit.pdf) +- November 2020 - [Unoswap](https://www.unos.finance/wp-content/uploads/2020/11/block-audit.pdf) - Contract locking ethers -## December 2020 -- [Idle](https://certificate.quantstamp.com/full/idle-finance) +- December 2020 - [Idle](https://certificate.quantstamp.com/full/idle-finance) - Dangerous divide before multiply operations -- [RariCapital](https://certificate.quantstamp.com/full/rari-capital) +- December 2020 - [RariCapital](https://certificate.quantstamp.com/full/rari-capital) - Lack of return value check - Uninitialized state variable -- [wfil-factory](https://github.com/wfil/wfil-factory/commit/a43c1ddf52cf1191ccf1e71a637df02d78b98cc0) +- December 2020 - [wfil-factory](https://github.com/wfil/wfil-factory/commit/a43c1ddf52cf1191ccf1e71a637df02d78b98cc0) - Reentrancy -## January 2021 -- [Origin Dollar](https://github.com/trailofbits/publications/blob/master/reviews/OriginDollar.pdf) +- January 2021 - [Origin Dollar](https://github.com/trailofbits/publications/blob/master/reviews/OriginDollar.pdf) - Reentrancy - Variable shadowing -- [OriginTrait](https://github.com/OriginTrail/starfleet-boarding-contract/commit/6481b12abc3cfd0d782abd0e32eabd103d8f6953) +- January 2021 - [OriginTrait](https://github.com/OriginTrail/starfleet-boarding-contract/commit/6481b12abc3cfd0d782abd0e32eabd103d8f6953) - Reentrancy From cdcb1698c6de189c1d14d538be6b3b283c147c9e Mon Sep 17 00:00:00 2001 From: Feist Josselin Date: Mon, 11 Jan 2021 12:42:17 +0100 Subject: [PATCH 04/16] Update trophies.md --- trophies.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/trophies.md b/trophies.md index a45579652..072d72067 100644 --- a/trophies.md +++ b/trophies.md @@ -4,7 +4,7 @@ The following lists security vulnerabilities that were found by Slither. If you - October 2018 - [Basis](https://github.com/trailofbits/publications/blob/master/reviews/basis.pdf) - Missing return value check -- November 2018- [Origin protocol](https://github.com/trailofbits/publications/blob/master/reviews/origin.pdf) +- November 2018 - [Origin protocol](https://github.com/trailofbits/publications/blob/master/reviews/origin.pdf) - Reentrancy - July 2019 - [Numerai](https://github.com/trailofbits/publications/blob/master/reviews/numerai.pdf) - Deletion of a mapping with structure From 670664685972d17213261ddb22f992b5e2001f35 Mon Sep 17 00:00:00 2001 From: Josselin Date: Wed, 13 Jan 2021 17:16:53 +0100 Subject: [PATCH 05/16] run markdownlinter --- trophies.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/trophies.md b/trophies.md index 072d72067..c5201f0ae 100644 --- a/trophies.md +++ b/trophies.md @@ -1,11 +1,13 @@ # Slither Trophies -The following lists security vulnerabilities that were found by Slither. If you found a security vulnerability using Slither, please submit a PR with the relevant information. +The following lists security vulnerabilities that were found by Slither. +If you found a security vulnerability using Slither, +please submit a PR with the relevant information. - October 2018 - [Basis](https://github.com/trailofbits/publications/blob/master/reviews/basis.pdf) - Missing return value check -- November 2018 - [Origin protocol](https://github.com/trailofbits/publications/blob/master/reviews/origin.pdf) - - Reentrancy +- November 2018 - [Origin protocol](https://github.com/trailofbits/publications/blob/master/reviews/origin.pdf) + - Reentrancy - July 2019 - [Numerai](https://github.com/trailofbits/publications/blob/master/reviews/numerai.pdf) - Deletion of a mapping with structure - Missing return value @@ -26,7 +28,7 @@ The following lists security vulnerabilities that were found by Slither. If you - Modifier can return the default value - Dangerous strict equality allows the contract to be trapped - May 2020 - [DOSnetwork](https://blog.trailofbits.com/2020/05/15/bug-hunting-with-crytic/) - - Abi `encodedPacked `collision + - Abi `encodedPacked` collision - May 2020 - [EthKids](https://blog.trailofbits.com/2020/05/15/bug-hunting-with-crytic/) - `msg.value` is used two times to compute a price - May 2020 - [HQ20](https://blog.trailofbits.com/2020/05/15/bug-hunting-with-crytic/) @@ -61,10 +63,8 @@ The following lists security vulnerabilities that were found by Slither. If you - Uninitialized state variable - December 2020 - [wfil-factory](https://github.com/wfil/wfil-factory/commit/a43c1ddf52cf1191ccf1e71a637df02d78b98cc0) - Reentrancy -- January 2021 - [Origin Dollar](https://github.com/trailofbits/publications/blob/master/reviews/OriginDollar.pdf) +- January 2021 - [Origin Dollar](https://github.com/trailofbits/publications/blob/master/reviews/OriginDollar.pdf) - Reentrancy - Variable shadowing - January 2021 - [OriginTrait](https://github.com/OriginTrail/starfleet-boarding-contract/commit/6481b12abc3cfd0d782abd0e32eabd103d8f6953) - Reentrancy - - From e8f4f4288600b626aee63726ffdffde07cf989d4 Mon Sep 17 00:00:00 2001 From: Feist Josselin Date: Wed, 13 Jan 2021 18:05:42 +0100 Subject: [PATCH 06/16] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 196a569f8..1022e4cc5 100644 --- a/README.md +++ b/README.md @@ -17,7 +17,7 @@ Slither is a Solidity static analysis framework written in Python 3. It runs a s ## Features -* Detects vulnerable Solidity code with low false positives +* Detects vulnerable Solidity code with low false positives (see the list of [trophies](./trophies.md)) * Identifies where the error condition occurs in the source code * Easily integrates into continuous integration and Truffle builds * Built-in 'printers' quickly report crucial contract information From c0c581b3ba830b6ce8dc3f4be82592a7a42e9752 Mon Sep 17 00:00:00 2001 From: Feist Josselin Date: Thu, 14 Jan 2021 20:24:05 +0100 Subject: [PATCH 07/16] Update trophies.md --- trophies.md | 103 ++++++++++++++++++++-------------------------------- 1 file changed, 39 insertions(+), 64 deletions(-) diff --git a/trophies.md b/trophies.md index c5201f0ae..bc33c20dd 100644 --- a/trophies.md +++ b/trophies.md @@ -4,67 +4,42 @@ The following lists security vulnerabilities that were found by Slither. If you found a security vulnerability using Slither, please submit a PR with the relevant information. -- October 2018 - [Basis](https://github.com/trailofbits/publications/blob/master/reviews/basis.pdf) - - Missing return value check -- November 2018 - [Origin protocol](https://github.com/trailofbits/publications/blob/master/reviews/origin.pdf) - - Reentrancy -- July 2019 - [Numerai](https://github.com/trailofbits/publications/blob/master/reviews/numerai.pdf) - - Deletion of a mapping with structure - - Missing return value -- September 2019 - [Flexa](https://github.com/trailofbits/publications/blob/master/reviews/Flexa.pdf) - - Reentrancy (events out of order) -- October 2019 - [0x](https://github.com/trailofbits/publications/blob/master/reviews/0x-protocol.pdf) - - Missing return value -- December 2019 - [Token mint](https://certificate.quantstamp.com/full/token-mint) - - Reentrancies -- February 2020 - [Airswap](https://certificate.quantstamp.com/full/airswap) - - Missing return value check -- March 202 - [Stake Technologies Lockdrop](https://certificate.quantstamp.com/full/stake-technologies-lockdrop) - - Dangerous strict equality -- May 2020 - [E&Y’s Nightfall](https://blog.trailofbits.com/2020/05/15/bug-hunting-with-crytic/) - - Missing return value - - Empty return value -- May 2020 - [DefiStrategies](https://blog.trailofbits.com/2020/05/15/bug-hunting-with-crytic/) - - Modifier can return the default value - - Dangerous strict equality allows the contract to be trapped -- May 2020 - [DOSnetwork](https://blog.trailofbits.com/2020/05/15/bug-hunting-with-crytic/) - - Abi `encodedPacked` collision -- May 2020 - [EthKids](https://blog.trailofbits.com/2020/05/15/bug-hunting-with-crytic/) - - `msg.value` is used two times to compute a price -- May 2020 - [HQ20](https://blog.trailofbits.com/2020/05/15/bug-hunting-with-crytic/) - - Reentrancy -- June 2020 - [88mph](https://certificate.quantstamp.com/full/88-mph) - - Dangerous `block.timestamp` usage -- June 2020 - [Dloop](https://certificate.quantstamp.com/full/dloop-art-registry-smart-contract) - - Dangerous `block.timestamp` usage -- July 2020 - [Atomic Loans](https://certificate.quantstamp.com/full/atomic-loans) - - Uninitialized state variable - - State variable shadowing - - Reentrancy -- July 2020 - [Parity](https://github.com/trailofbits/publications/blob/master/reviews/parity.pdf) - - Incorrect constructor name - - Deletion of a mapping with structure - - Uninitialized state variables -- August 2020 - [Amp](https://github.com/trailofbits/publications/blob/master/reviews/amp.pdf) - - Duplicate contract name -- August 2020 - [PerlinXRewards](https://certificate.quantstamp.com/full/perlin-x-rewards-sol) - - Multiple reentrancies -- November 2020 - [Linkswap](https://certificate.quantstamp.com/full/linkswap) - - Lack of return value check - - Uninitialized state variable -- November 2020 - [Cryptex](https://certificate.quantstamp.com/full/cryptex) - - Lack of return value check -- November 2020 - [Unoswap](https://www.unos.finance/wp-content/uploads/2020/11/block-audit.pdf) - - Contract locking ethers -- December 2020 - [Idle](https://certificate.quantstamp.com/full/idle-finance) - - Dangerous divide before multiply operations -- December 2020 - [RariCapital](https://certificate.quantstamp.com/full/rari-capital) - - Lack of return value check - - Uninitialized state variable -- December 2020 - [wfil-factory](https://github.com/wfil/wfil-factory/commit/a43c1ddf52cf1191ccf1e71a637df02d78b98cc0) - - Reentrancy -- January 2021 - [Origin Dollar](https://github.com/trailofbits/publications/blob/master/reviews/OriginDollar.pdf) - - Reentrancy - - Variable shadowing -- January 2021 - [OriginTrait](https://github.com/OriginTrail/starfleet-boarding-contract/commit/6481b12abc3cfd0d782abd0e32eabd103d8f6953) - - Reentrancy +| Project | Vulnerability | Date | +|--|--|--| +[Parity](https://github.com/trailofbits/publications/blob/master/reviews/parity.pdf) | Incorrect constructor name | July 2018 +[Parity](https://github.com/trailofbits/publications/blob/master/reviews/parity.pdf) | Deletion of a mapping with structure | July 2018 +[Parity](https://github.com/trailofbits/publications/blob/master/reviews/parity.pdf) | Uninitialized state variables | July 2018 +[Basis](https://github.com/trailofbits/publications/blob/master/reviews/basis.pdf) | Missing return value check | Oct 2018 +[Origin protocol](https://github.com/trailofbits/publications/blob/master/reviews/origin.pdf) | Reentrancy | Nov 2018 +[Numerai](https://github.com/trailofbits/publications/blob/master/reviews/numerai.pdf) | Deletion of a mapping with structure | Jul 2019 +[Numerai](https://github.com/trailofbits/publications/blob/master/reviews/numerai.pdf) | Missing return value | Jul 2019 +[Flexa](https://github.com/trailofbits/publications/blob/master/reviews/Flexa.pdf) | Reentrancy (events out of order) | Sep 2019 +[0x](https://github.com/trailofbits/publications/blob/master/reviews/0x-protocol.pdf) | Missing return value | Oct 2019 +[Token mint](https://certificate.quantstamp.com/full/token-mint) | Reentrancies | Dec 2019 +[Airswap](https://certificate.quantstamp.com/full/airswap) | Missing return value check | Feb 2020 +[Stake Technologies Lockdrop](https://certificate.quantstamp.com/full/stake-technologies-lockdrop) | Dangerous strict equality | Mar 2020 +[E&Y’s Nightfall](https://blog.trailofbits.com/2020/05/15/bug-hunting-with-crytic/) | Missing return value | May 2020 +[E&Y’s Nightfall](https://blog.trailofbits.com/2020/05/15/bug-hunting-with-crytic/) | Empty return value | May 2020 +[DefiStrategies](https://blog.trailofbits.com/2020/05/15/bug-hunting-with-crytic/) | Modifier can return the default value | May 2020 +[DefiStrategies](https://blog.trailofbits.com/2020/05/15/bug-hunting-with-crytic/) | Dangerous strict equality allows the contract to be trapped | May 2020 +[DOSnetwork](https://blog.trailofbits.com/2020/05/15/bug-hunting-with-crytic/) | Abi `encodedPacked` collision | May 2020 +[EthKids](https://blog.trailofbits.com/2020/05/15/bug-hunting-with-crytic/) | `msg.value` is used two times to compute a price | May 2020 +[HQ20](https://blog.trailofbits.com/2020/05/15/bug-hunting-with-crytic/) | Reentrancy | May 2020 +[88mph](https://certificate.quantstamp.com/full/88-mph) | Dangerous `block.timestamp` usage | Jun 2020 +[Dloop](https://certificate.quantstamp.com/full/dloop-art-registry-smart-contract) | Dangerous `block.timestamp` usage | Jun 2020 +[Atomic Loans](https://certificate.quantstamp.com/full/atomic-loans) | Uninitialized state variable | Jul 2020 +[Atomic Loans](https://certificate.quantstamp.com/full/atomic-loans) | State variable shadowing | Jul 2020 +[Atomic Loans](https://certificate.quantstamp.com/full/atomic-loans) | Reentrancy | Jul 2020 +[Amp](https://github.com/trailofbits/publications/blob/master/reviews/amp.pdf) | Duplicate contract name | Aug 2020 +[PerlinXRewards](https://certificate.quantstamp.com/full/perlin-x-rewards-sol) | Multiple reentrancies | Aug 2020 +[Linkswap](https://certificate.quantstamp.com/full/linkswap) | Lack of return value check | Nov 2020 +[Linkswap](https://certificate.quantstamp.com/full/linkswap) | Uninitialized state variable | Nov 2020 +[Cryptex](https://certificate.quantstamp.com/full/cryptex) | Lack of return value check | Nov 2020 +[Unoswap](https://www.unos.finance/wp-content/uploads/2020/11/block-audit.pdf) | Contract locking ethers | Nov 2020 +[Idle](https://certificate.quantstamp.com/full/idle-finance) | Dangerous divide before multiply operations | Dec 2020 +[RariCapital](https://certificate.quantstamp.com/full/rari-capital) | Lack of return value check | Dec 2020 +[RariCapital](https://certificate.quantstamp.com/full/rari-capital) | Uninitialized state variable | Dec 2020 +[wfil-factory](https://github.com/wfil/wfil-factory/commit/a43c1ddf52cf1191ccf1e71a637df02d78b98cc0) | Reentrancy | Dec 2020 +[Origin Dollar](https://github.com/trailofbits/publications/blob/master/reviews/OriginDollar.pdf) | Reentrancy | Jan 2021 +[Origin Dollar](https://github.com/trailofbits/publications/blob/master/reviews/OriginDollar.pdf) | Variable shadowing | Jan 2021 +[OriginTrait](https://github.com/OriginTrail/starfleet-boarding-contract/commit/6481b12abc3cfd0d782abd0e32eabd103d8f6953) | Reentrancy | Jan 2021 From f5ca637c34b33cd3c7c022f524396fbd53f20383 Mon Sep 17 00:00:00 2001 From: Feist Josselin Date: Thu, 21 Jan 2021 13:05:56 +0100 Subject: [PATCH 08/16] Update external publications --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 1022e4cc5..b944c8f7f 100644 --- a/README.md +++ b/README.md @@ -217,5 +217,6 @@ Slither is licensed and distributed under the AGPLv3 license. [Contact us](mailt - [ETHPLOIT: From Fuzzing to Efficient Exploit Generation against Smart Contracts](https://wcventure.github.io/FuzzingPaper/Paper/SANER20_ETHPLOIT.pdf), Qingzhao Zhang, Yizhuo Wang, Juanru Li, Siqi Ma - SANER 20 - [Verification of Ethereum Smart Contracts: A Model Checking Approach](http://www.ijmlc.org/vol10/977-AM0059.pdf), Tam Bang, Hoang H Nguyen, Dung Nguyen, Toan Trieu, Tho Quan - IJMLC 20 - [Smart Contract Repair](https://arxiv.org/pdf/1912.05823.pdf), Xiao Liang Yu, Omar Al-Bataineh, David Lo, Abhik Roychoudhury - TOSEM 20 +- [Demystifying Loops in Smart Contracts](https://www.microsoft.com/en-us/research/uploads/prod/2020/08/loops_solidity__camera_ready-5f3fec3f15c69.pdf), Ben Mariano, Yanju Chen, Yu Feng, Shuvendu Lahiri, Isil Dillig - ASE 20 If you are using Slither on an academic work, consider applying to the [Crytic $10k Research Prize](https://blog.trailofbits.com/2019/11/13/announcing-the-crytic-10k-research-prize/). From 8afd4227120d35ec3f216158e2402cb8da06f929 Mon Sep 17 00:00:00 2001 From: Feist Josselin Date: Thu, 28 Jan 2021 14:38:57 +0100 Subject: [PATCH 09/16] disable jscp from gh super linter --- .github/workflows/linter.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index c2720d5ae..2629567bb 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -80,4 +80,5 @@ jobs: VALIDATE_DOCKERFILE: false VALIDATE_DOCKERFILE_HADOLINT: false VALIDATE_EDITORCONFIG: false + VALIDATE_JSCPD: false SHELLCHECK_OPTS: "-e SC1090" From d10fe9a0fe0f18a7da027b043c9cd165e9e8a37f Mon Sep 17 00:00:00 2001 From: Franco Victorio Date: Mon, 1 Feb 2021 09:25:59 -0300 Subject: [PATCH 10/16] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index b944c8f7f..d68f2aa00 100644 --- a/README.md +++ b/README.md @@ -30,7 +30,7 @@ Slither is a Solidity static analysis framework written in Python 3. It runs a s ## Bugs and Optimizations Detection -Run Slither on a Truffle/Embark/Dapp/Etherlime application: +Run Slither on a Truffle/Embark/Dapp/Etherlime/Hardhat application: ```bash slither . ``` From 90cd5f0b26f785b9ee11bb87a7dfbced96a44332 Mon Sep 17 00:00:00 2001 From: Feist Josselin Date: Mon, 8 Feb 2021 09:57:55 +0100 Subject: [PATCH 11/16] Add hermez reentrancy to trophies.md --- trophies.md | 1 + 1 file changed, 1 insertion(+) diff --git a/trophies.md b/trophies.md index bc33c20dd..0cccf5579 100644 --- a/trophies.md +++ b/trophies.md @@ -35,6 +35,7 @@ please submit a PR with the relevant information. [Linkswap](https://certificate.quantstamp.com/full/linkswap) | Lack of return value check | Nov 2020 [Linkswap](https://certificate.quantstamp.com/full/linkswap) | Uninitialized state variable | Nov 2020 [Cryptex](https://certificate.quantstamp.com/full/cryptex) | Lack of return value check | Nov 2020 +[Hermez](https://github.com/trailofbits/publications/blob/master/reviews/hermez.pdf) | Reentrancy | Nov 2020 [Unoswap](https://www.unos.finance/wp-content/uploads/2020/11/block-audit.pdf) | Contract locking ethers | Nov 2020 [Idle](https://certificate.quantstamp.com/full/idle-finance) | Dangerous divide before multiply operations | Dec 2020 [RariCapital](https://certificate.quantstamp.com/full/rari-capital) | Lack of return value check | Dec 2020 From cc01a1f5fec85a9a6684613863b1e0f754d0b82e Mon Sep 17 00:00:00 2001 From: Feist Josselin Date: Tue, 9 Feb 2021 11:41:31 +0100 Subject: [PATCH 12/16] Update trophies.md --- trophies.md | 1 - 1 file changed, 1 deletion(-) diff --git a/trophies.md b/trophies.md index 0cccf5579..55383790f 100644 --- a/trophies.md +++ b/trophies.md @@ -25,7 +25,6 @@ please submit a PR with the relevant information. [DOSnetwork](https://blog.trailofbits.com/2020/05/15/bug-hunting-with-crytic/) | Abi `encodedPacked` collision | May 2020 [EthKids](https://blog.trailofbits.com/2020/05/15/bug-hunting-with-crytic/) | `msg.value` is used two times to compute a price | May 2020 [HQ20](https://blog.trailofbits.com/2020/05/15/bug-hunting-with-crytic/) | Reentrancy | May 2020 -[88mph](https://certificate.quantstamp.com/full/88-mph) | Dangerous `block.timestamp` usage | Jun 2020 [Dloop](https://certificate.quantstamp.com/full/dloop-art-registry-smart-contract) | Dangerous `block.timestamp` usage | Jun 2020 [Atomic Loans](https://certificate.quantstamp.com/full/atomic-loans) | Uninitialized state variable | Jul 2020 [Atomic Loans](https://certificate.quantstamp.com/full/atomic-loans) | State variable shadowing | Jul 2020 From d401aa19f8b19374ed9fc222403963cf026bdd50 Mon Sep 17 00:00:00 2001 From: Josselin Date: Sun, 14 Feb 2021 18:34:59 +0100 Subject: [PATCH 13/16] Use python version of solc-select in CI --- .github/workflows/ci.yml | 5 +---- .github/workflows/detectors.yml | 6 +----- .github/workflows/parser.yml | 6 +----- 3 files changed, 3 insertions(+), 14 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 7a21519b7..d3b1421fa 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -45,10 +45,7 @@ jobs: # Used by ci_test.sh pip install deepdiff - git clone https://github.com/crytic/solc-select.git - ./solc-select/scripts/install.sh - export PATH=/home/runner/.solc-select:$PATH - echo "export PATH=/home/runner/.solc-select:$PATH" >> ~/.bashrc + pip install solc-select solc use 0.5.1 - name: Run Tests diff --git a/.github/workflows/detectors.yml b/.github/workflows/detectors.yml index cbd4a2f92..64b32cea8 100644 --- a/.github/workflows/detectors.yml +++ b/.github/workflows/detectors.yml @@ -33,11 +33,7 @@ jobs: pip install deepdiff pip install pytest - git clone https://github.com/crytic/solc-select.git - ./solc-select/scripts/install.sh - export PATH=/home/runner/.solc-select:$PATH - echo "export PATH=/home/runner/.solc-select:$PATH" >> ~/.bashrc - + pip install solc-select - name: Test with pytest run: | pytest tests/test_detectors.py diff --git a/.github/workflows/parser.yml b/.github/workflows/parser.yml index bfa687f42..5f09fcd80 100644 --- a/.github/workflows/parser.yml +++ b/.github/workflows/parser.yml @@ -32,11 +32,7 @@ jobs: python setup.py install pip install deepdiff pip install pytest - - git clone https://github.com/crytic/solc-select.git - ./solc-select/scripts/install.sh - export PATH=/home/runner/.solc-select:$PATH - echo "export PATH=/home/runner/.solc-select:$PATH" >> ~/.bashrc + pip install solc-select - name: Test with pytest run: | From 13e6939a935cfdf90ae5694cdf9e69ea0f6e85fc Mon Sep 17 00:00:00 2001 From: Josselin Date: Sun, 14 Feb 2021 18:46:05 +0100 Subject: [PATCH 14/16] Improvements --- .github/workflows/ci.yml | 3 ++- .github/workflows/detectors.yml | 2 ++ .github/workflows/parser.yml | 2 ++ scripts/ci_test_cli.sh | 2 +- scripts/ci_test_erc.sh | 2 +- scripts/ci_test_find_paths.sh | 2 +- scripts/ci_test_kspec.sh | 2 +- scripts/ci_test_printers.sh | 2 +- scripts/ci_test_simil.sh | 2 +- scripts/ci_test_upgradability.sh | 2 +- 10 files changed, 13 insertions(+), 8 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index d3b1421fa..65f49b685 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -46,7 +46,8 @@ jobs: pip install deepdiff pip install solc-select - solc use 0.5.1 + solc-select install all + solc-select use 0.5.1 - name: Run Tests env: diff --git a/.github/workflows/detectors.yml b/.github/workflows/detectors.yml index 64b32cea8..13f4ca6ff 100644 --- a/.github/workflows/detectors.yml +++ b/.github/workflows/detectors.yml @@ -34,6 +34,8 @@ jobs: pip install pytest pip install solc-select + solc-select install all + solc-select use 0.7.3 - name: Test with pytest run: | pytest tests/test_detectors.py diff --git a/.github/workflows/parser.yml b/.github/workflows/parser.yml index 5f09fcd80..60cb0cb9b 100644 --- a/.github/workflows/parser.yml +++ b/.github/workflows/parser.yml @@ -33,6 +33,8 @@ jobs: pip install deepdiff pip install pytest pip install solc-select + solc-select install all + solc-select use 0.7.3 - name: Test with pytest run: | diff --git a/scripts/ci_test_cli.sh b/scripts/ci_test_cli.sh index fcdc960ff..9bfe63d5b 100755 --- a/scripts/ci_test_cli.sh +++ b/scripts/ci_test_cli.sh @@ -2,7 +2,7 @@ ### Test -solc use 0.7.0 +solc-select use 0.7.0 if ! slither "tests/config/test.sol" --solc-ast --ignore-return-value; then echo "--solc-ast failed" diff --git a/scripts/ci_test_erc.sh b/scripts/ci_test_erc.sh index a96a414e1..ce9a62363 100755 --- a/scripts/ci_test_erc.sh +++ b/scripts/ci_test_erc.sh @@ -4,7 +4,7 @@ DIR_TESTS="tests/check-erc" -solc use 0.5.0 +solc-select use 0.5.0 slither-check-erc "$DIR_TESTS/erc20.sol" ERC20 > test_1.txt 2>&1 DIFF=$(diff test_1.txt "$DIR_TESTS/test_1.txt") if [ "$DIFF" != "" ] diff --git a/scripts/ci_test_find_paths.sh b/scripts/ci_test_find_paths.sh index 2707aaa07..a916fb5a9 100755 --- a/scripts/ci_test_find_paths.sh +++ b/scripts/ci_test_find_paths.sh @@ -4,7 +4,7 @@ DIR_TESTS="tests/possible_paths" -solc use "0.5.0" +solc-select use "0.5.0" slither-find-paths "$DIR_TESTS/paths.sol" A.destination > test_possible_paths.txt 2>&1 DIFF=$(diff test_possible_paths.txt "$DIR_TESTS/paths.txt") if [ "$DIFF" != "" ] diff --git a/scripts/ci_test_kspec.sh b/scripts/ci_test_kspec.sh index c80df54e0..cb0a131a8 100755 --- a/scripts/ci_test_kspec.sh +++ b/scripts/ci_test_kspec.sh @@ -2,7 +2,7 @@ DIR_TESTS="tests/check-kspec" -solc use "0.5.0" +solc-select use "0.5.0" slither-check-kspec "$DIR_TESTS/safeAdd/safeAdd.sol" "$DIR_TESTS/safeAdd/spec.md" > test_1.txt 2>&1 DIFF=$(diff test_1.txt "$DIR_TESTS/test_1.txt") if [ "$DIFF" != "" ] diff --git a/scripts/ci_test_printers.sh b/scripts/ci_test_printers.sh index 209f4329e..1acfff3f1 100755 --- a/scripts/ci_test_printers.sh +++ b/scripts/ci_test_printers.sh @@ -10,6 +10,6 @@ if ! slither "tests/*.json" --print all --json -; then exit 1 fi -solc use "0.5.1" +solc-select use "0.5.1" slither examples/scripts/test_evm_api.sol --print evm diff --git a/scripts/ci_test_simil.sh b/scripts/ci_test_simil.sh index 5c8a8f70d..bad5fd067 100755 --- a/scripts/ci_test_simil.sh +++ b/scripts/ci_test_simil.sh @@ -7,7 +7,7 @@ pip3.6 install https://github.com/facebookresearch/fastText/archive/0.2.0.zip ### Test slither-simil -solc use "0.4.25" +solc-select use "0.4.25" DIR_TESTS="tests/simil" slither-simil info "" --filename $DIR_TESTS/../complex_func.sol --fname Complex.complexExternalWrites > test_1.txt 2>&1 diff --git a/scripts/ci_test_upgradability.sh b/scripts/ci_test_upgradability.sh index 2dd8f7a52..b34564003 100755 --- a/scripts/ci_test_upgradability.sh +++ b/scripts/ci_test_upgradability.sh @@ -3,7 +3,7 @@ ### Test slither-check-upgradeability DIR_TESTS="tests/check-upgradeability" -solc use "0.5.0" +solc-select use "0.5.0" slither-check-upgradeability "$DIR_TESTS/contractV1.sol" ContractV1 --proxy-filename "$DIR_TESTS/proxy.sol" --proxy-name Proxy > test_1.txt 2>&1 DIFF=$(diff test_1.txt "$DIR_TESTS/test_1.txt") From ba7babc15cbe117201ea2b0406d4921696d088db Mon Sep 17 00:00:00 2001 From: Josselin Date: Sun, 14 Feb 2021 18:50:20 +0100 Subject: [PATCH 15/16] Fix test_ast_parsing --- tests/test_ast_parsing.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/test_ast_parsing.py b/tests/test_ast_parsing.py index c37700324..33eabad5a 100644 --- a/tests/test_ast_parsing.py +++ b/tests/test_ast_parsing.py @@ -411,7 +411,7 @@ def get_solc_versions() -> List[str]: get a list of all the supported versions of solidity, sorted from earliest to latest :return: ascending list of versions, for example ["0.4.0", "0.4.1", ...] """ - result = subprocess.run(["solc", "--versions"], stdout=subprocess.PIPE, check=True) + result = subprocess.run(["solc-select", "versions"], stdout=subprocess.PIPE, check=True) solc_versions = result.stdout.decode("utf-8").split("\n") # there's an extra newline so just remove all empty strings From 196dd342fb46294b5c7d92bc984e0f8c5dcaaf7c Mon Sep 17 00:00:00 2001 From: Josselin Date: Mon, 15 Feb 2021 10:02:35 +0100 Subject: [PATCH 16/16] Revert to docker version of solc select for the parsing tests (see https://github.com/crytic/solc-select/issues/41) --- .github/workflows/parser.yml | 12 +++++++++--- tests/test_ast_parsing.py | 2 +- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/.github/workflows/parser.yml b/.github/workflows/parser.yml index 60cb0cb9b..c7db98197 100644 --- a/.github/workflows/parser.yml +++ b/.github/workflows/parser.yml @@ -32,9 +32,15 @@ jobs: python setup.py install pip install deepdiff pip install pytest - pip install solc-select - solc-select install all - solc-select use 0.7.3 + + git clone https://github.com/crytic/solc-select.git + cd solc-select + git checkout 857d6fa883d9283454be1cb2d869a8f9962b27b8 + cd .. + ./solc-select/scripts/install.sh + export PATH=/home/runner/.solc-select:$PATH + echo "export PATH=/home/runner/.solc-select:$PATH" >> ~/.bashrc + solc use 0.7.3 - name: Test with pytest run: | diff --git a/tests/test_ast_parsing.py b/tests/test_ast_parsing.py index 33eabad5a..c37700324 100644 --- a/tests/test_ast_parsing.py +++ b/tests/test_ast_parsing.py @@ -411,7 +411,7 @@ def get_solc_versions() -> List[str]: get a list of all the supported versions of solidity, sorted from earliest to latest :return: ascending list of versions, for example ["0.4.0", "0.4.1", ...] """ - result = subprocess.run(["solc-select", "versions"], stdout=subprocess.PIPE, check=True) + result = subprocess.run(["solc", "--versions"], stdout=subprocess.PIPE, check=True) solc_versions = result.stdout.decode("utf-8").split("\n") # there's an extra newline so just remove all empty strings