From 8344c4edf371a87e50e821e1b25e419a7d4fc09c Mon Sep 17 00:00:00 2001 From: rajeevgopalakrishna Date: Mon, 18 Feb 2019 15:24:23 +0530 Subject: [PATCH] Fixed a typo in detector where *callcode* was specified as *codecall*. Added a test to verify the fix. --- slither/detectors/statements/controlled_delegatecall.py | 4 ++-- tests/controlled_delegatecall.sol | 4 ++++ 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/slither/detectors/statements/controlled_delegatecall.py b/slither/detectors/statements/controlled_delegatecall.py index 276214121..60b891932 100644 --- a/slither/detectors/statements/controlled_delegatecall.py +++ b/slither/detectors/statements/controlled_delegatecall.py @@ -24,7 +24,7 @@ contract Delegatecall{ } } ``` -Bob calls `delegate` and delegate the execution to its malicious contract. As a result, Bob withdraws the funds of the contract and destruct it.''' +Bob calls `delegate` and delegates the execution to its malicious contract. As a result, Bob withdraws the funds of the contract and destructs it.''' WIKI_RECOMMENDATION = 'Avoid using `delegatecall`. Use only trusted destinations.' @@ -32,7 +32,7 @@ Bob calls `delegate` and delegate the execution to its malicious contract. As a ret = [] for node in function.nodes: for ir in node.irs: - if isinstance(ir, LowLevelCall) and ir.function_name in ['delegatecall', 'codecall']: + if isinstance(ir, LowLevelCall) and ir.function_name in ['delegatecall', 'callcode']: if is_tainted(ir.destination, function.contract): ret.append(node) return ret diff --git a/tests/controlled_delegatecall.sol b/tests/controlled_delegatecall.sol index d3d3a78dd..411fa50cb 100644 --- a/tests/controlled_delegatecall.sol +++ b/tests/controlled_delegatecall.sol @@ -5,6 +5,10 @@ contract C{ bytes4 func_id; + function bad_callcode_call(bytes memory data) public{ + addr_bad.callcode(data); + } + function bad_delegate_call(bytes memory data) public{ addr_good.delegatecall(data); addr_bad.delegatecall(data);