Merge pull request #737 from crytic/dev-fix-assert-state-change

Fix incorrect confidence on assert state change detector
pull/769/head
Feist Josselin 4 years ago committed by GitHub
commit ba07231c59
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 2
      README.md
  2. 2
      slither/detectors/statements/assert_state_change.py
  3. 568
      tests/detectors/assert-state-change/assert_state_change.sol.0.5.12.AssertStateChange.json
  4. 6
      tests/detectors/assert-state-change/assert_state_change.sol.0.5.8.AssertStateChange.json

@ -113,7 +113,7 @@ Num | Detector | What it Detects | Impact | Confidence
62 | `solc-version` | [Incorrect Solidity version](https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-versions-of-solidity) | Informational | High
63 | `unimplemented-functions` | [Unimplemented functions](https://github.com/crytic/slither/wiki/Detector-Documentation#unimplemented-functions) | Informational | High
64 | `unused-state` | [Unused state variables](https://github.com/crytic/slither/wiki/Detector-Documentation#unused-state-variables) | Informational | High
65 | `assert-state-change` | [Assert state change](https://github.com/crytic/slither/wiki/Detector-Documentation#assert-state-change) | Informational | Informational
65 | `assert-state-change` | [Assert state change](https://github.com/crytic/slither/wiki/Detector-Documentation#assert-state-change) | Informational | High
66 | `costly-loop` | [Costly operations in a loop](https://github.com/crytic/slither/wiki/Detector-Documentation#costly-operations-inside-a-loop) | Informational | Medium
67 | `reentrancy-unlimited-gas` | [Reentrancy vulnerabilities through send and transfer](https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-4) | Informational | Medium
68 | `similar-names` | [Variable names are too similar](https://github.com/crytic/slither/wiki/Detector-Documentation#variable-names-are-too-similar) | Informational | Medium

@ -45,7 +45,7 @@ class AssertStateChange(AbstractDetector):
ARGUMENT = "assert-state-change"
HELP = "Assert state change"
IMPACT = DetectorClassification.INFORMATIONAL
CONFIDENCE = DetectorClassification.INFORMATIONAL
CONFIDENCE = DetectorClassification.HIGH
WIKI = "https://github.com/crytic/slither/wiki/Detector-Documentation#assert-state-change"
WIKI_TITLE = "Assert state shange"

@ -1,568 +0,0 @@
[
[
{
"elements": [
{
"type": "function",
"name": "bad0",
"source_mapping": {
"start": 77,
"length": 57,
"filename_used": "/GENERIC_PATH",
"filename_relative": "tests/detectors/assert-state-change/assert_state_change.sol",
"filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/assert-state-change/assert_state_change.sol",
"is_dependency": false,
"lines": [
6,
7,
8
],
"starting_column": 3,
"ending_column": 4
},
"type_specific_fields": {
"parent": {
"type": "contract",
"name": "A",
"source_mapping": {
"start": 0,
"length": 759,
"filename_used": "/GENERIC_PATH",
"filename_relative": "tests/detectors/assert-state-change/assert_state_change.sol",
"filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/assert-state-change/assert_state_change.sol",
"is_dependency": false,
"lines": [
1,
2,
3,
4,
5,
6,
7,
8,
9,
10,
11,
12,
13,
14,
15,
16,
17,
18,
19,
20,
21,
22,
23,
24,
25,
26,
27,
28,
29,
30,
31,
32,
33,
34,
35,
36,
37,
38,
39
],
"starting_column": 1,
"ending_column": 2
}
},
"signature": "bad0()"
}
},
{
"type": "node",
"name": "assert(bool)((s_a += 1) > 10)",
"source_mapping": {
"start": 106,
"length": 23,
"filename_used": "/GENERIC_PATH",
"filename_relative": "tests/detectors/assert-state-change/assert_state_change.sol",
"filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/assert-state-change/assert_state_change.sol",
"is_dependency": false,
"lines": [
7
],
"starting_column": 5,
"ending_column": 28
},
"type_specific_fields": {
"parent": {
"type": "function",
"name": "bad0",
"source_mapping": {
"start": 77,
"length": 57,
"filename_used": "/GENERIC_PATH",
"filename_relative": "tests/detectors/assert-state-change/assert_state_change.sol",
"filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/assert-state-change/assert_state_change.sol",
"is_dependency": false,
"lines": [
6,
7,
8
],
"starting_column": 3,
"ending_column": 4
},
"type_specific_fields": {
"parent": {
"type": "contract",
"name": "A",
"source_mapping": {
"start": 0,
"length": 759,
"filename_used": "/GENERIC_PATH",
"filename_relative": "tests/detectors/assert-state-change/assert_state_change.sol",
"filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/assert-state-change/assert_state_change.sol",
"is_dependency": false,
"lines": [
1,
2,
3,
4,
5,
6,
7,
8,
9,
10,
11,
12,
13,
14,
15,
16,
17,
18,
19,
20,
21,
22,
23,
24,
25,
26,
27,
28,
29,
30,
31,
32,
33,
34,
35,
36,
37,
38,
39
],
"starting_column": 1,
"ending_column": 2
}
},
"signature": "bad0()"
}
}
}
}
],
"description": "A.bad0() (tests/detectors/assert-state-change/assert_state_change.sol#6-8) has an assert() call which possibly changes state.\n\t-assert(bool)((s_a += 1) > 10) (tests/detectors/assert-state-change/assert_state_change.sol#7)\nConsider using require() or change the invariant to not modify the state.\n",
"markdown": "[A.bad0()](tests/detectors/assert-state-change/assert_state_change.sol#L6-L8) has an assert() call which possibly changes state.\n\t-[assert(bool)((s_a += 1) > 10)](tests/detectors/assert-state-change/assert_state_change.sol#L7)\nConsider using require() or change the invariant to not modify the state.\n",
"id": "a4f5ea904ad28f8c83aa1bab8284b485e1fe638545b500ca0c8a0fa8e442203e",
"check": "assert-state-change",
"impact": "Informational",
"confidence": "Informational"
},
{
"elements": [
{
"type": "function",
"name": "bad1",
"source_mapping": {
"start": 186,
"length": 66,
"filename_used": "/GENERIC_PATH",
"filename_relative": "tests/detectors/assert-state-change/assert_state_change.sol",
"filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/assert-state-change/assert_state_change.sol",
"is_dependency": false,
"lines": [
11,
12,
13
],
"starting_column": 3,
"ending_column": 4
},
"type_specific_fields": {
"parent": {
"type": "contract",
"name": "A",
"source_mapping": {
"start": 0,
"length": 759,
"filename_used": "/GENERIC_PATH",
"filename_relative": "tests/detectors/assert-state-change/assert_state_change.sol",
"filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/assert-state-change/assert_state_change.sol",
"is_dependency": false,
"lines": [
1,
2,
3,
4,
5,
6,
7,
8,
9,
10,
11,
12,
13,
14,
15,
16,
17,
18,
19,
20,
21,
22,
23,
24,
25,
26,
27,
28,
29,
30,
31,
32,
33,
34,
35,
36,
37,
38,
39
],
"starting_column": 1,
"ending_column": 2
}
},
"signature": "bad1(uint256)"
}
},
{
"type": "node",
"name": "assert(bool)((s_a += a) > 10)",
"source_mapping": {
"start": 224,
"length": 23,
"filename_used": "/GENERIC_PATH",
"filename_relative": "tests/detectors/assert-state-change/assert_state_change.sol",
"filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/assert-state-change/assert_state_change.sol",
"is_dependency": false,
"lines": [
12
],
"starting_column": 5,
"ending_column": 28
},
"type_specific_fields": {
"parent": {
"type": "function",
"name": "bad1",
"source_mapping": {
"start": 186,
"length": 66,
"filename_used": "/GENERIC_PATH",
"filename_relative": "tests/detectors/assert-state-change/assert_state_change.sol",
"filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/assert-state-change/assert_state_change.sol",
"is_dependency": false,
"lines": [
11,
12,
13
],
"starting_column": 3,
"ending_column": 4
},
"type_specific_fields": {
"parent": {
"type": "contract",
"name": "A",
"source_mapping": {
"start": 0,
"length": 759,
"filename_used": "/GENERIC_PATH",
"filename_relative": "tests/detectors/assert-state-change/assert_state_change.sol",
"filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/assert-state-change/assert_state_change.sol",
"is_dependency": false,
"lines": [
1,
2,
3,
4,
5,
6,
7,
8,
9,
10,
11,
12,
13,
14,
15,
16,
17,
18,
19,
20,
21,
22,
23,
24,
25,
26,
27,
28,
29,
30,
31,
32,
33,
34,
35,
36,
37,
38,
39
],
"starting_column": 1,
"ending_column": 2
}
},
"signature": "bad1(uint256)"
}
}
}
}
],
"description": "A.bad1(uint256) (tests/detectors/assert-state-change/assert_state_change.sol#11-13) has an assert() call which possibly changes state.\n\t-assert(bool)((s_a += a) > 10) (tests/detectors/assert-state-change/assert_state_change.sol#12)\nConsider using require() or change the invariant to not modify the state.\n",
"markdown": "[A.bad1(uint256)](tests/detectors/assert-state-change/assert_state_change.sol#L11-L13) has an assert() call which possibly changes state.\n\t-[assert(bool)((s_a += a) > 10)](tests/detectors/assert-state-change/assert_state_change.sol#L12)\nConsider using require() or change the invariant to not modify the state.\n",
"id": "2b42e9f701ebd94656a026702bf90f31c62710a301600e0c05cfed04bfefabf9",
"check": "assert-state-change",
"impact": "Informational",
"confidence": "Informational"
},
{
"elements": [
{
"type": "function",
"name": "bad2",
"source_mapping": {
"start": 398,
"length": 55,
"filename_used": "/GENERIC_PATH",
"filename_relative": "tests/detectors/assert-state-change/assert_state_change.sol",
"filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/assert-state-change/assert_state_change.sol",
"is_dependency": false,
"lines": [
19,
20,
21
],
"starting_column": 3,
"ending_column": 4
},
"type_specific_fields": {
"parent": {
"type": "contract",
"name": "A",
"source_mapping": {
"start": 0,
"length": 759,
"filename_used": "/GENERIC_PATH",
"filename_relative": "tests/detectors/assert-state-change/assert_state_change.sol",
"filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/assert-state-change/assert_state_change.sol",
"is_dependency": false,
"lines": [
1,
2,
3,
4,
5,
6,
7,
8,
9,
10,
11,
12,
13,
14,
15,
16,
17,
18,
19,
20,
21,
22,
23,
24,
25,
26,
27,
28,
29,
30,
31,
32,
33,
34,
35,
36,
37,
38,
39
],
"starting_column": 1,
"ending_column": 2
}
},
"signature": "bad2()"
}
},
{
"type": "node",
"name": "assert(bool)(bad2_callee())",
"source_mapping": {
"start": 427,
"length": 21,
"filename_used": "/GENERIC_PATH",
"filename_relative": "tests/detectors/assert-state-change/assert_state_change.sol",
"filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/assert-state-change/assert_state_change.sol",
"is_dependency": false,
"lines": [
20
],
"starting_column": 5,
"ending_column": 26
},
"type_specific_fields": {
"parent": {
"type": "function",
"name": "bad2",
"source_mapping": {
"start": 398,
"length": 55,
"filename_used": "/GENERIC_PATH",
"filename_relative": "tests/detectors/assert-state-change/assert_state_change.sol",
"filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/assert-state-change/assert_state_change.sol",
"is_dependency": false,
"lines": [
19,
20,
21
],
"starting_column": 3,
"ending_column": 4
},
"type_specific_fields": {
"parent": {
"type": "contract",
"name": "A",
"source_mapping": {
"start": 0,
"length": 759,
"filename_used": "/GENERIC_PATH",
"filename_relative": "tests/detectors/assert-state-change/assert_state_change.sol",
"filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/assert-state-change/assert_state_change.sol",
"is_dependency": false,
"lines": [
1,
2,
3,
4,
5,
6,
7,
8,
9,
10,
11,
12,
13,
14,
15,
16,
17,
18,
19,
20,
21,
22,
23,
24,
25,
26,
27,
28,
29,
30,
31,
32,
33,
34,
35,
36,
37,
38,
39
],
"starting_column": 1,
"ending_column": 2
}
},
"signature": "bad2()"
}
}
}
}
],
"description": "A.bad2() (tests/detectors/assert-state-change/assert_state_change.sol#19-21) has an assert() call which possibly changes state.\n\t-assert(bool)(bad2_callee()) (tests/detectors/assert-state-change/assert_state_change.sol#20)\nConsider using require() or change the invariant to not modify the state.\n",
"markdown": "[A.bad2()](tests/detectors/assert-state-change/assert_state_change.sol#L19-L21) has an assert() call which possibly changes state.\n\t-[assert(bool)(bad2_callee())](tests/detectors/assert-state-change/assert_state_change.sol#L20)\nConsider using require() or change the invariant to not modify the state.\n",
"id": "a72f3e7eef408be55123fbf5c290bfd20aed4f095d659f5df0857d64d61df011",
"check": "assert-state-change",
"impact": "Informational",
"confidence": "Informational"
}
]
]

@ -186,7 +186,7 @@
"id": "a4f5ea904ad28f8c83aa1bab8284b485e1fe638545b500ca0c8a0fa8e442203e",
"check": "assert-state-change",
"impact": "Informational",
"confidence": "Informational"
"confidence": "High"
},
{
"elements": [
@ -374,7 +374,7 @@
"id": "2b42e9f701ebd94656a026702bf90f31c62710a301600e0c05cfed04bfefabf9",
"check": "assert-state-change",
"impact": "Informational",
"confidence": "Informational"
"confidence": "High"
},
{
"elements": [
@ -562,7 +562,7 @@
"id": "a72f3e7eef408be55123fbf5c290bfd20aed4f095d659f5df0857d64d61df011",
"check": "assert-state-change",
"impact": "Informational",
"confidence": "Informational"
"confidence": "High"
}
]
]
Loading…
Cancel
Save