Fixed a typo in detector where *callcode* was specified as *codecall*. Added a test to verify the fix.

6 years ago · 8344c4edf3
parent b3b718101d
commit 8344c4edf3
2 changed files with 6 additions and 2 deletions
--- a/slither/detectors/statements/controlled_delegatecall.py
+++ b/slither/detectors/statements/controlled_delegatecall.py
@ -24,7 +24,7 @@ contract Delegatecall{
    }
 }
 ```
-Bob calls `delegate` and delegate the execution to its malicious contract. As a result, Bob withdraws the funds of the contract and destruct it.'''
+Bob calls `delegate` and delegates the execution to its malicious contract. As a result, Bob withdraws the funds of the contract and destructs it.'''

    WIKI_RECOMMENDATION = 'Avoid using `delegatecall`. Use only trusted destinations.'

@ -32,7 +32,7 @@ Bob calls `delegate` and delegate the execution to its malicious contract. As a
        ret = []
        for node in function.nodes:
            for ir in node.irs:
-                if isinstance(ir, LowLevelCall) and ir.function_name in ['delegatecall', 'codecall']:
+                if isinstance(ir, LowLevelCall) and ir.function_name in ['delegatecall', 'callcode']:
                    if is_tainted(ir.destination, function.contract):
                        ret.append(node)
        return ret
--- a/tests/controlled_delegatecall.sol
+++ b/tests/controlled_delegatecall.sol
@ -5,6 +5,10 @@ contract C{

    bytes4 func_id;

+    function bad_callcode_call(bytes memory data) public{
+        addr_bad.callcode(data);
+    }
+
    function bad_delegate_call(bytes memory data) public{
        addr_good.delegatecall(data);
        addr_bad.delegatecall(data);