From be82a1fe16df249330fbf73e356093d8643c73b2 Mon Sep 17 00:00:00 2001 From: Josselin Feist Date: Thu, 18 Aug 2022 16:08:07 +0200 Subject: [PATCH] Multiple improvements --- slither/core/declarations/contract.py | 2 +- .../0.4.25/DAO.sol.0.4.25.ReentrancyEth.json | 1782 +-- .../reentrancy.sol.0.4.25.ReentrancyEth.json | 190 +- ...ncy_indirect.sol.0.4.25.ReentrancyEth.json | 6 +- .../reentrancy.sol.0.5.16.ReentrancyEth.json | 12 +- ...ncy_indirect.sol.0.5.16.ReentrancyEth.json | 6 +- .../reentrancy.sol.0.6.11.ReentrancyEth.json | 222 +- ...ncy_indirect.sol.0.6.11.ReentrancyEth.json | 6 +- .../reentrancy.sol.0.7.6.ReentrancyEth.json | 222 +- ...ancy_indirect.sol.0.7.6.ReentrancyEth.json | 6 +- ...ol.0.4.25.ReentrancyReadBeforeWritten.json | 12410 ++++++++-------- ...ol.0.4.25.ReentrancyReadBeforeWritten.json | 12 +- ...ol.0.5.16.ReentrancyReadBeforeWritten.json | 12 +- ...ol.0.6.11.ReentrancyReadBeforeWritten.json | 352 +- ...sol.0.7.6.ReentrancyReadBeforeWritten.json | 352 +- 15 files changed, 7796 insertions(+), 7796 deletions(-) diff --git a/slither/core/declarations/contract.py b/slither/core/declarations/contract.py index fc656b855..2e02dbf51 100644 --- a/slither/core/declarations/contract.py +++ b/slither/core/declarations/contract.py @@ -376,7 +376,7 @@ class Contract(SourceMapping): # pylint: disable=too-many-public-methods for ir in function.all_slithir_operations(): state_variables = [v for v in ir.used if isinstance(v, StateVariable)] for state_variable in state_variables: - variables_used[state_variable].add(ir.function) + variables_used[state_variable].add(ir.node.function) for variable in [v for v in self.state_variables if v.visibility == "public"]: variables_used[variable].add(variable) self._state_variables_used_in_reentrant_targets = variables_used diff --git a/tests/detectors/reentrancy-eth/0.4.25/DAO.sol.0.4.25.ReentrancyEth.json b/tests/detectors/reentrancy-eth/0.4.25/DAO.sol.0.4.25.ReentrancyEth.json index b0b67ae49..6960696cd 100644 --- a/tests/detectors/reentrancy-eth/0.4.25/DAO.sol.0.4.25.ReentrancyEth.json +++ b/tests/detectors/reentrancy-eth/0.4.25/DAO.sol.0.4.25.ReentrancyEth.json @@ -4,30 +4,100 @@ "elements": [ { "type": "function", - "name": "refund", + "name": "executeProposal", "source_mapping": { - "start": 11531, - "length": 635, + "start": 32955, + "length": 2978, "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 318, - 319, - 320, - 321, - 322, - 323, - 324, - 325, - 326, - 327, - 328, - 329, - 330, - 331, - 332 + 853, + 854, + 855, + 856, + 857, + 858, + 859, + 860, + 861, + 862, + 863, + 864, + 865, + 866, + 867, + 868, + 869, + 870, + 871, + 872, + 873, + 874, + 875, + 876, + 877, + 878, + 879, + 880, + 881, + 882, + 883, + 884, + 885, + 886, + 887, + 888, + 889, + 890, + 891, + 892, + 893, + 894, + 895, + 896, + 897, + 898, + 899, + 900, + 901, + 902, + 903, + 904, + 905, + 906, + 907, + 908, + 909, + 910, + 911, + 912, + 913, + 914, + 915, + 916, + 917, + 918, + 919, + 920, + 921, + 922, + 923, + 924, + 925, + 926, + 927, + 928, + 929, + 930, + 931, + 932, + 933, + 934, + 935, + 936, + 937 ], "starting_column": 5, "ending_column": 6 @@ -35,874 +105,10 @@ "type_specific_fields": { "parent": { "type": "contract", - "name": "TokenCreation", - "source_mapping": { - "start": 10437, - "length": 2342, - "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 287, - 288, - 289, - 290, - 291, - 292, - 293, - 294, - 295, - 296, - 297, - 298, - 299, - 300, - 301, - 302, - 303, - 304, - 305, - 306, - 307, - 308, - 309, - 310, - 311, - 312, - 313, - 314, - 315, - 316, - 317, - 318, - 319, - 320, - 321, - 322, - 323, - 324, - 325, - 326, - 327, - 328, - 329, - 330, - 331, - 332, - 333, - 334, - 335, - 336, - 337, - 338, - 339, - 340, - 341, - 342, - 343, - 344, - 345, - 346, - 347, - 348 - ], - "starting_column": 1, - "ending_column": 2 - } - }, - "signature": "refund()" - } - }, - { - "type": "node", - "name": "extraBalance.balance >= extraBalance.accumulatedInput()", - "source_mapping": { - "start": 11704, - "length": 55, - "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 321 - ], - "starting_column": 17, - "ending_column": 72 - }, - "type_specific_fields": { - "parent": { - "type": "function", - "name": "refund", + "name": "DAO", "source_mapping": { - "start": 11531, - "length": 635, - "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 318, - 319, - 320, - 321, - 322, - 323, - 324, - 325, - 326, - 327, - 328, - 329, - 330, - 331, - 332 - ], - "starting_column": 5, - "ending_column": 6 - }, - "type_specific_fields": { - "parent": { - "type": "contract", - "name": "TokenCreation", - "source_mapping": { - "start": 10437, - "length": 2342, - "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 287, - 288, - 289, - 290, - 291, - 292, - 293, - 294, - 295, - 296, - 297, - 298, - 299, - 300, - 301, - 302, - 303, - 304, - 305, - 306, - 307, - 308, - 309, - 310, - 311, - 312, - 313, - 314, - 315, - 316, - 317, - 318, - 319, - 320, - 321, - 322, - 323, - 324, - 325, - 326, - 327, - 328, - 329, - 330, - 331, - 332, - 333, - 334, - 335, - 336, - 337, - 338, - 339, - 340, - 341, - 342, - 343, - 344, - 345, - 346, - 347, - 348 - ], - "starting_column": 1, - "ending_column": 2 - } - }, - "signature": "refund()" - } - } - }, - "additional_fields": { - "underlying_type": "external_calls" - } - }, - { - "type": "node", - "name": "extraBalance.payOut(address(this),extraBalance.accumulatedInput())", - "source_mapping": { - "start": 11777, - "length": 67, - "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 322 - ], - "starting_column": 17, - "ending_column": 84 - }, - "type_specific_fields": { - "parent": { - "type": "function", - "name": "refund", - "source_mapping": { - "start": 11531, - "length": 635, - "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 318, - 319, - 320, - 321, - 322, - 323, - 324, - 325, - 326, - 327, - 328, - 329, - 330, - 331, - 332 - ], - "starting_column": 5, - "ending_column": 6 - }, - "type_specific_fields": { - "parent": { - "type": "contract", - "name": "TokenCreation", - "source_mapping": { - "start": 10437, - "length": 2342, - "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 287, - 288, - 289, - 290, - 291, - 292, - 293, - 294, - 295, - 296, - 297, - 298, - 299, - 300, - 301, - 302, - 303, - 304, - 305, - 306, - 307, - 308, - 309, - 310, - 311, - 312, - 313, - 314, - 315, - 316, - 317, - 318, - 319, - 320, - 321, - 322, - 323, - 324, - 325, - 326, - 327, - 328, - 329, - 330, - 331, - 332, - 333, - 334, - 335, - 336, - 337, - 338, - 339, - 340, - 341, - 342, - 343, - 344, - 345, - 346, - 347, - 348 - ], - "starting_column": 1, - "ending_column": 2 - } - }, - "signature": "refund()" - } - } - }, - "additional_fields": { - "underlying_type": "external_calls" - } - }, - { - "type": "node", - "name": "msg.sender.call.value(weiGiven[msg.sender])()", - "source_mapping": { - "start": 11893, - "length": 45, - "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 325 - ], - "starting_column": 17, - "ending_column": 62 - }, - "type_specific_fields": { - "parent": { - "type": "function", - "name": "refund", - "source_mapping": { - "start": 11531, - "length": 635, - "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 318, - 319, - 320, - 321, - 322, - 323, - 324, - 325, - 326, - 327, - 328, - 329, - 330, - 331, - 332 - ], - "starting_column": 5, - "ending_column": 6 - }, - "type_specific_fields": { - "parent": { - "type": "contract", - "name": "TokenCreation", - "source_mapping": { - "start": 10437, - "length": 2342, - "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 287, - 288, - 289, - 290, - 291, - 292, - 293, - 294, - 295, - 296, - 297, - 298, - 299, - 300, - 301, - 302, - 303, - 304, - 305, - 306, - 307, - 308, - 309, - 310, - 311, - 312, - 313, - 314, - 315, - 316, - 317, - 318, - 319, - 320, - 321, - 322, - 323, - 324, - 325, - 326, - 327, - 328, - 329, - 330, - 331, - 332, - 333, - 334, - 335, - 336, - 337, - 338, - 339, - 340, - 341, - 342, - 343, - 344, - 345, - 346, - 347, - 348 - ], - "starting_column": 1, - "ending_column": 2 - } - }, - "signature": "refund()" - } - } - }, - "additional_fields": { - "underlying_type": "external_calls" - } - }, - { - "type": "node", - "name": "msg.sender.call.value(weiGiven[msg.sender])()", - "source_mapping": { - "start": 11893, - "length": 45, - "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 325 - ], - "starting_column": 17, - "ending_column": 62 - }, - "type_specific_fields": { - "parent": { - "type": "function", - "name": "refund", - "source_mapping": { - "start": 11531, - "length": 635, - "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 318, - 319, - 320, - 321, - 322, - 323, - 324, - 325, - 326, - 327, - 328, - 329, - 330, - 331, - 332 - ], - "starting_column": 5, - "ending_column": 6 - }, - "type_specific_fields": { - "parent": { - "type": "contract", - "name": "TokenCreation", - "source_mapping": { - "start": 10437, - "length": 2342, - "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 287, - 288, - 289, - 290, - 291, - 292, - 293, - 294, - 295, - 296, - 297, - 298, - 299, - 300, - 301, - 302, - 303, - 304, - 305, - 306, - 307, - 308, - 309, - 310, - 311, - 312, - 313, - 314, - 315, - 316, - 317, - 318, - 319, - 320, - 321, - 322, - 323, - 324, - 325, - 326, - 327, - 328, - 329, - 330, - 331, - 332, - 333, - 334, - 335, - 336, - 337, - 338, - 339, - 340, - 341, - 342, - 343, - 344, - 345, - 346, - 347, - 348 - ], - "starting_column": 1, - "ending_column": 2 - } - }, - "signature": "refund()" - } - } - }, - "additional_fields": { - "underlying_type": "external_calls_sending_eth" - } - }, - { - "type": "node", - "name": "weiGiven[msg.sender] = 0", - "source_mapping": { - "start": 12111, - "length": 24, - "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 329 - ], - "starting_column": 17, - "ending_column": 41 - }, - "type_specific_fields": { - "parent": { - "type": "function", - "name": "refund", - "source_mapping": { - "start": 11531, - "length": 635, - "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 318, - 319, - 320, - 321, - 322, - 323, - 324, - 325, - 326, - 327, - 328, - 329, - 330, - 331, - 332 - ], - "starting_column": 5, - "ending_column": 6 - }, - "type_specific_fields": { - "parent": { - "type": "contract", - "name": "TokenCreation", - "source_mapping": { - "start": 10437, - "length": 2342, - "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 287, - 288, - 289, - 290, - 291, - 292, - 293, - 294, - 295, - 296, - 297, - 298, - 299, - 300, - 301, - 302, - 303, - 304, - 305, - 306, - 307, - 308, - 309, - 310, - 311, - 312, - 313, - 314, - 315, - 316, - 317, - 318, - 319, - 320, - 321, - 322, - 323, - 324, - 325, - 326, - 327, - 328, - 329, - 330, - 331, - 332, - 333, - 334, - 335, - 336, - 337, - 338, - 339, - 340, - 341, - 342, - 343, - 344, - 345, - 346, - 347, - 348 - ], - "starting_column": 1, - "ending_column": 2 - } - }, - "signature": "refund()" - } - } - }, - "additional_fields": { - "underlying_type": "variables_written", - "variable_name": "weiGiven" - } - } - ], - "description": "Reentrancy in TokenCreation.refund() (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#318-332):\n\tExternal calls:\n\t- extraBalance.balance >= extraBalance.accumulatedInput() (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#321)\n\t- extraBalance.payOut(address(this),extraBalance.accumulatedInput()) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#322)\n\t- msg.sender.call.value(weiGiven[msg.sender])() (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#325)\n\tExternal calls sending eth:\n\t- msg.sender.call.value(weiGiven[msg.sender])() (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#325)\n\tState variables written after the call(s):\n\t- weiGiven[msg.sender] = 0 (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#329)\n", - "markdown": "Reentrancy in [TokenCreation.refund()](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L318-L332):\n\tExternal calls:\n\t- [extraBalance.balance >= extraBalance.accumulatedInput()](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L321)\n\t- [extraBalance.payOut(address(this),extraBalance.accumulatedInput())](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L322)\n\t- [msg.sender.call.value(weiGiven[msg.sender])()](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L325)\n\tExternal calls sending eth:\n\t- [msg.sender.call.value(weiGiven[msg.sender])()](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L325)\n\tState variables written after the call(s):\n\t- [weiGiven[msg.sender] = 0](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L329)\n", - "first_markdown_element": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L318-L332", - "id": "c464e3c8a788029668f77cdff5d7e6a2af53a5ec0f79e21392a5910bfb9dcbe5", - "check": "reentrancy-eth", - "impact": "High", - "confidence": "Medium" - }, - { - "elements": [ - { - "type": "function", - "name": "executeProposal", - "source_mapping": { - "start": 32955, - "length": 2978, - "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 853, - 854, - 855, - 856, - 857, - 858, - 859, - 860, - 861, - 862, - 863, - 864, - 865, - 866, - 867, - 868, - 869, - 870, - 871, - 872, - 873, - 874, - 875, - 876, - 877, - 878, - 879, - 880, - 881, - 882, - 883, - 884, - 885, - 886, - 887, - 888, - 889, - 890, - 891, - 892, - 893, - 894, - 895, - 896, - 897, - 898, - 899, - 900, - 901, - 902, - 903, - 904, - 905, - 906, - 907, - 908, - 909, - 910, - 911, - 912, - 913, - 914, - 915, - 916, - 917, - 918, - 919, - 920, - 921, - 922, - 923, - 924, - 925, - 926, - 927, - 928, - 929, - 930, - 931, - 932, - 933, - 934, - 935, - 936, - 937 - ], - "starting_column": 5, - "ending_column": 6 - }, - "type_specific_fields": { - "parent": { - "type": "contract", - "name": "DAO", - "source_mapping": { - "start": 28296, - "length": 17108, + "start": 28296, + "length": 17108, "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", @@ -9279,20 +8485,814 @@ "ending_column": 2 } }, - "signature": "executeProposal(uint256,bytes)" + "signature": "executeProposal(uint256,bytes)" + } + } + }, + "additional_fields": { + "underlying_type": "variables_written", + "variable_name": "totalRewardToken" + } + } + ], + "description": "Reentrancy in DAO.executeProposal(uint256,bytes) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#853-937):\n\tExternal calls:\n\t- ! isRecipientAllowed(p.recipient) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#881)\n\t\t- allowedRecipients[_recipient] || (_recipient == address(extraBalance) && totalRewardToken > extraBalance.accumulatedInput()) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#1159-1163)\n\t- ! p.recipient.call.value(p.amount)(_transactionData) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#915)\n\tExternal calls sending eth:\n\t- ! p.creator.send(p.proposalDeposit) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#904)\n\t- ! p.recipient.call.value(p.amount)(_transactionData) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#915)\n\tState variables written after the call(s):\n\t- p.proposalPassed = true (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#918)\n\tDAOInterface.proposals (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#394) can be used in cross function reentrancies:\n\t- DAO.executeProposal(uint256,bytes) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#853-937)\n\t- DAO.DAO(address,DAO_Creator,uint256,uint256,uint256,address) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#702-726)\n\t- DAOInterface.proposals (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#394)\n\t- DAO.getNewDAOAddress(uint256) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#1204-1206)\n\t- DAO.checkProposalCode(uint256,address,uint256,bytes) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#809-817)\n\t- DAO.splitDAO(uint256,address) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#947-1020)\n\t- DAO.closeProposal(uint256) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#940-945)\n\t- DAO.isBlocked(address) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#1208-1218)\n\t- DAO.vote(uint256,bool) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#820-850)\n\t- DAO.numberOfProposals() (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#1199-1202)\n\t- DAO.newProposal(address,uint256,string,bytes,uint256,bool) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#741-806)\n\t- closeProposal(_proposalID) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#933)\n\t\t- p.open = false (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#944)\n\tDAOInterface.proposals (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#394) can be used in cross function reentrancies:\n\t- DAO.executeProposal(uint256,bytes) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#853-937)\n\t- DAO.DAO(address,DAO_Creator,uint256,uint256,uint256,address) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#702-726)\n\t- DAOInterface.proposals (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#394)\n\t- DAO.getNewDAOAddress(uint256) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#1204-1206)\n\t- DAO.checkProposalCode(uint256,address,uint256,bytes) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#809-817)\n\t- DAO.splitDAO(uint256,address) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#947-1020)\n\t- DAO.closeProposal(uint256) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#940-945)\n\t- DAO.isBlocked(address) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#1208-1218)\n\t- DAO.vote(uint256,bool) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#820-850)\n\t- DAO.numberOfProposals() (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#1199-1202)\n\t- DAO.newProposal(address,uint256,string,bytes,uint256,bool) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#741-806)\n\t- rewardToken[address(this)] += p.amount (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#928)\n\tDAOInterface.rewardToken (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#410) can be used in cross function reentrancies:\n\t- DAO.executeProposal(uint256,bytes) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#853-937)\n\t- DAO.splitDAO(uint256,address) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#947-1020)\n\t- DAOInterface.rewardToken (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#410)\n\t- DAO.changeProposalDeposit(uint256) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#1139-1146)\n\t- DAO.newContract(address) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#1022-1034)\n\t- DAO.minQuorum(uint256) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#1174-1178)\n\t- DAO.retrieveDAOReward(bool) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#1037-1057)\n\t- closeProposal(_proposalID) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#933)\n\t\t- sumOfProposalDeposits -= p.proposalDeposit (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#943)\n\tDAOInterface.sumOfProposalDeposits (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#436) can be used in cross function reentrancies:\n\t- DAO.closeProposal(uint256) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#940-945)\n\t- DAO.newProposal(address,uint256,string,bytes,uint256,bool) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#741-806)\n\t- DAO.actualBalance() (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#1169-1171)\n\t- DAO.splitDAO(uint256,address) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#947-1020)\n\t- totalRewardToken += p.amount (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#929)\n\tDAOInterface.totalRewardToken (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#412) can be used in cross function reentrancies:\n\t- DAO.executeProposal(uint256,bytes) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#853-937)\n\t- DAO.isRecipientAllowed(address) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#1158-1167)\n\t- DAO.retrieveDAOReward(bool) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#1037-1057)\n\t- DAOInterface.totalRewardToken (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#412)\n", + "markdown": "Reentrancy in [DAO.executeProposal(uint256,bytes)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L853-L937):\n\tExternal calls:\n\t- [! isRecipientAllowed(p.recipient)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L881)\n\t\t- [allowedRecipients[_recipient] || (_recipient == address(extraBalance) && totalRewardToken > extraBalance.accumulatedInput())](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L1159-L1163)\n\t- [! p.recipient.call.value(p.amount)(_transactionData)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L915)\n\tExternal calls sending eth:\n\t- [! p.creator.send(p.proposalDeposit)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L904)\n\t- [! p.recipient.call.value(p.amount)(_transactionData)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L915)\n\tState variables written after the call(s):\n\t- [p.proposalPassed = true](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L918)\n\t[DAOInterface.proposals](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L394) can be used in cross function reentrancies:\n\t- [DAO.executeProposal(uint256,bytes)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L853-L937)\n\t- [DAO.DAO(address,DAO_Creator,uint256,uint256,uint256,address)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L702-L726)\n\t- [DAOInterface.proposals](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L394)\n\t- [DAO.getNewDAOAddress(uint256)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L1204-L1206)\n\t- [DAO.checkProposalCode(uint256,address,uint256,bytes)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L809-L817)\n\t- [DAO.splitDAO(uint256,address)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L947-L1020)\n\t- [DAO.closeProposal(uint256)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L940-L945)\n\t- [DAO.isBlocked(address)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L1208-L1218)\n\t- [DAO.vote(uint256,bool)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L820-L850)\n\t- [DAO.numberOfProposals()](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L1199-L1202)\n\t- [DAO.newProposal(address,uint256,string,bytes,uint256,bool)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L741-L806)\n\t- [closeProposal(_proposalID)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L933)\n\t\t- [p.open = false](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L944)\n\t[DAOInterface.proposals](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L394) can be used in cross function reentrancies:\n\t- [DAO.executeProposal(uint256,bytes)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L853-L937)\n\t- [DAO.DAO(address,DAO_Creator,uint256,uint256,uint256,address)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L702-L726)\n\t- [DAOInterface.proposals](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L394)\n\t- [DAO.getNewDAOAddress(uint256)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L1204-L1206)\n\t- [DAO.checkProposalCode(uint256,address,uint256,bytes)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L809-L817)\n\t- [DAO.splitDAO(uint256,address)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L947-L1020)\n\t- [DAO.closeProposal(uint256)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L940-L945)\n\t- [DAO.isBlocked(address)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L1208-L1218)\n\t- [DAO.vote(uint256,bool)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L820-L850)\n\t- [DAO.numberOfProposals()](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L1199-L1202)\n\t- [DAO.newProposal(address,uint256,string,bytes,uint256,bool)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L741-L806)\n\t- [rewardToken[address(this)] += p.amount](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L928)\n\t[DAOInterface.rewardToken](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L410) can be used in cross function reentrancies:\n\t- [DAO.executeProposal(uint256,bytes)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L853-L937)\n\t- [DAO.splitDAO(uint256,address)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L947-L1020)\n\t- [DAOInterface.rewardToken](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L410)\n\t- [DAO.changeProposalDeposit(uint256)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L1139-L1146)\n\t- [DAO.newContract(address)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L1022-L1034)\n\t- [DAO.minQuorum(uint256)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L1174-L1178)\n\t- [DAO.retrieveDAOReward(bool)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L1037-L1057)\n\t- [closeProposal(_proposalID)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L933)\n\t\t- [sumOfProposalDeposits -= p.proposalDeposit](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L943)\n\t[DAOInterface.sumOfProposalDeposits](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L436) can be used in cross function reentrancies:\n\t- [DAO.closeProposal(uint256)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L940-L945)\n\t- [DAO.newProposal(address,uint256,string,bytes,uint256,bool)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L741-L806)\n\t- [DAO.actualBalance()](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L1169-L1171)\n\t- [DAO.splitDAO(uint256,address)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L947-L1020)\n\t- [totalRewardToken += p.amount](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L929)\n\t[DAOInterface.totalRewardToken](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L412) can be used in cross function reentrancies:\n\t- [DAO.executeProposal(uint256,bytes)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L853-L937)\n\t- [DAO.isRecipientAllowed(address)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L1158-L1167)\n\t- [DAO.retrieveDAOReward(bool)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L1037-L1057)\n\t- [DAOInterface.totalRewardToken](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L412)\n", + "first_markdown_element": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L853-L937", + "id": "b9c802c4b5548888a9ad51baffffaa8ef2f5240c1e77c360df8f3ee9a083e92e", + "check": "reentrancy-eth", + "impact": "High", + "confidence": "Medium" + }, + { + "elements": [ + { + "type": "function", + "name": "refund", + "source_mapping": { + "start": 11531, + "length": 635, + "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 318, + 319, + 320, + 321, + 322, + 323, + 324, + 325, + 326, + 327, + 328, + 329, + 330, + 331, + 332 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "TokenCreation", + "source_mapping": { + "start": 10437, + "length": 2342, + "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 287, + 288, + 289, + 290, + 291, + 292, + 293, + 294, + 295, + 296, + 297, + 298, + 299, + 300, + 301, + 302, + 303, + 304, + 305, + 306, + 307, + 308, + 309, + 310, + 311, + 312, + 313, + 314, + 315, + 316, + 317, + 318, + 319, + 320, + 321, + 322, + 323, + 324, + 325, + 326, + 327, + 328, + 329, + 330, + 331, + 332, + 333, + 334, + 335, + 336, + 337, + 338, + 339, + 340, + 341, + 342, + 343, + 344, + 345, + 346, + 347, + 348 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "refund()" + } + }, + { + "type": "node", + "name": "extraBalance.balance >= extraBalance.accumulatedInput()", + "source_mapping": { + "start": 11704, + "length": 55, + "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 321 + ], + "starting_column": 17, + "ending_column": 72 + }, + "type_specific_fields": { + "parent": { + "type": "function", + "name": "refund", + "source_mapping": { + "start": 11531, + "length": 635, + "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 318, + 319, + 320, + 321, + 322, + 323, + 324, + 325, + 326, + 327, + 328, + 329, + 330, + 331, + 332 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "TokenCreation", + "source_mapping": { + "start": 10437, + "length": 2342, + "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 287, + 288, + 289, + 290, + 291, + 292, + 293, + 294, + 295, + 296, + 297, + 298, + 299, + 300, + 301, + 302, + 303, + 304, + 305, + 306, + 307, + 308, + 309, + 310, + 311, + 312, + 313, + 314, + 315, + 316, + 317, + 318, + 319, + 320, + 321, + 322, + 323, + 324, + 325, + 326, + 327, + 328, + 329, + 330, + 331, + 332, + 333, + 334, + 335, + 336, + 337, + 338, + 339, + 340, + 341, + 342, + 343, + 344, + 345, + 346, + 347, + 348 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "refund()" + } + } + }, + "additional_fields": { + "underlying_type": "external_calls" + } + }, + { + "type": "node", + "name": "extraBalance.payOut(address(this),extraBalance.accumulatedInput())", + "source_mapping": { + "start": 11777, + "length": 67, + "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 322 + ], + "starting_column": 17, + "ending_column": 84 + }, + "type_specific_fields": { + "parent": { + "type": "function", + "name": "refund", + "source_mapping": { + "start": 11531, + "length": 635, + "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 318, + 319, + 320, + 321, + 322, + 323, + 324, + 325, + 326, + 327, + 328, + 329, + 330, + 331, + 332 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "TokenCreation", + "source_mapping": { + "start": 10437, + "length": 2342, + "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 287, + 288, + 289, + 290, + 291, + 292, + 293, + 294, + 295, + 296, + 297, + 298, + 299, + 300, + 301, + 302, + 303, + 304, + 305, + 306, + 307, + 308, + 309, + 310, + 311, + 312, + 313, + 314, + 315, + 316, + 317, + 318, + 319, + 320, + 321, + 322, + 323, + 324, + 325, + 326, + 327, + 328, + 329, + 330, + 331, + 332, + 333, + 334, + 335, + 336, + 337, + 338, + 339, + 340, + 341, + 342, + 343, + 344, + 345, + 346, + 347, + 348 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "refund()" + } + } + }, + "additional_fields": { + "underlying_type": "external_calls" + } + }, + { + "type": "node", + "name": "msg.sender.call.value(weiGiven[msg.sender])()", + "source_mapping": { + "start": 11893, + "length": 45, + "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 325 + ], + "starting_column": 17, + "ending_column": 62 + }, + "type_specific_fields": { + "parent": { + "type": "function", + "name": "refund", + "source_mapping": { + "start": 11531, + "length": 635, + "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 318, + 319, + 320, + 321, + 322, + 323, + 324, + 325, + 326, + 327, + 328, + 329, + 330, + 331, + 332 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "TokenCreation", + "source_mapping": { + "start": 10437, + "length": 2342, + "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 287, + 288, + 289, + 290, + 291, + 292, + 293, + 294, + 295, + 296, + 297, + 298, + 299, + 300, + 301, + 302, + 303, + 304, + 305, + 306, + 307, + 308, + 309, + 310, + 311, + 312, + 313, + 314, + 315, + 316, + 317, + 318, + 319, + 320, + 321, + 322, + 323, + 324, + 325, + 326, + 327, + 328, + 329, + 330, + 331, + 332, + 333, + 334, + 335, + 336, + 337, + 338, + 339, + 340, + 341, + 342, + 343, + 344, + 345, + 346, + 347, + 348 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "refund()" + } + } + }, + "additional_fields": { + "underlying_type": "external_calls" + } + }, + { + "type": "node", + "name": "msg.sender.call.value(weiGiven[msg.sender])()", + "source_mapping": { + "start": 11893, + "length": 45, + "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 325 + ], + "starting_column": 17, + "ending_column": 62 + }, + "type_specific_fields": { + "parent": { + "type": "function", + "name": "refund", + "source_mapping": { + "start": 11531, + "length": 635, + "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 318, + 319, + 320, + 321, + 322, + 323, + 324, + 325, + 326, + 327, + 328, + 329, + 330, + 331, + 332 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "TokenCreation", + "source_mapping": { + "start": 10437, + "length": 2342, + "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 287, + 288, + 289, + 290, + 291, + 292, + 293, + 294, + 295, + 296, + 297, + 298, + 299, + 300, + 301, + 302, + 303, + 304, + 305, + 306, + 307, + 308, + 309, + 310, + 311, + 312, + 313, + 314, + 315, + 316, + 317, + 318, + 319, + 320, + 321, + 322, + 323, + 324, + 325, + 326, + 327, + 328, + 329, + 330, + 331, + 332, + 333, + 334, + 335, + 336, + 337, + 338, + 339, + 340, + 341, + 342, + 343, + 344, + 345, + 346, + 347, + 348 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "refund()" + } + } + }, + "additional_fields": { + "underlying_type": "external_calls_sending_eth" + } + }, + { + "type": "node", + "name": "weiGiven[msg.sender] = 0", + "source_mapping": { + "start": 12111, + "length": 24, + "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 329 + ], + "starting_column": 17, + "ending_column": 41 + }, + "type_specific_fields": { + "parent": { + "type": "function", + "name": "refund", + "source_mapping": { + "start": 11531, + "length": 635, + "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 318, + 319, + 320, + 321, + 322, + 323, + 324, + 325, + 326, + 327, + 328, + 329, + 330, + 331, + 332 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "TokenCreation", + "source_mapping": { + "start": 10437, + "length": 2342, + "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 287, + 288, + 289, + 290, + 291, + 292, + 293, + 294, + 295, + 296, + 297, + 298, + 299, + 300, + 301, + 302, + 303, + 304, + 305, + 306, + 307, + 308, + 309, + 310, + 311, + 312, + 313, + 314, + 315, + 316, + 317, + 318, + 319, + 320, + 321, + 322, + 323, + 324, + 325, + 326, + 327, + 328, + 329, + 330, + 331, + 332, + 333, + 334, + 335, + 336, + 337, + 338, + 339, + 340, + 341, + 342, + 343, + 344, + 345, + 346, + 347, + 348 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "refund()" } } }, "additional_fields": { "underlying_type": "variables_written", - "variable_name": "totalRewardToken" + "variable_name": "weiGiven" } } ], - "description": "Reentrancy in DAO.executeProposal(uint256,bytes) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#853-937):\n\tExternal calls:\n\t- ! isRecipientAllowed(p.recipient) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#881)\n\t\t- allowedRecipients[_recipient] || (_recipient == address(extraBalance) && totalRewardToken > extraBalance.accumulatedInput()) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#1159-1163)\n\t- ! p.recipient.call.value(p.amount)(_transactionData) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#915)\n\tExternal calls sending eth:\n\t- ! p.creator.send(p.proposalDeposit) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#904)\n\t- ! p.recipient.call.value(p.amount)(_transactionData) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#915)\n\tState variables written after the call(s):\n\t- p.proposalPassed = true (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#918)\n\t- closeProposal(_proposalID) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#933)\n\t\t- p.open = false (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#944)\n\t- rewardToken[address(this)] += p.amount (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#928)\n\t- closeProposal(_proposalID) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#933)\n\t\t- sumOfProposalDeposits -= p.proposalDeposit (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#943)\n\t- totalRewardToken += p.amount (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#929)\n", - "markdown": "Reentrancy in [DAO.executeProposal(uint256,bytes)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L853-L937):\n\tExternal calls:\n\t- [! isRecipientAllowed(p.recipient)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L881)\n\t\t- [allowedRecipients[_recipient] || (_recipient == address(extraBalance) && totalRewardToken > extraBalance.accumulatedInput())](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L1159-L1163)\n\t- [! p.recipient.call.value(p.amount)(_transactionData)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L915)\n\tExternal calls sending eth:\n\t- [! p.creator.send(p.proposalDeposit)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L904)\n\t- [! p.recipient.call.value(p.amount)(_transactionData)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L915)\n\tState variables written after the call(s):\n\t- [p.proposalPassed = true](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L918)\n\t- [closeProposal(_proposalID)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L933)\n\t\t- [p.open = false](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L944)\n\t- [rewardToken[address(this)] += p.amount](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L928)\n\t- [closeProposal(_proposalID)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L933)\n\t\t- [sumOfProposalDeposits -= p.proposalDeposit](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L943)\n\t- [totalRewardToken += p.amount](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L929)\n", - "first_markdown_element": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L853-L937", - "id": "da2955efdedec834e2cbc56b913933ba273e4a4da5d9c5c6be9ff59c9249b84c", + "description": "Reentrancy in TokenCreation.refund() (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#318-332):\n\tExternal calls:\n\t- extraBalance.balance >= extraBalance.accumulatedInput() (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#321)\n\t- extraBalance.payOut(address(this),extraBalance.accumulatedInput()) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#322)\n\t- msg.sender.call.value(weiGiven[msg.sender])() (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#325)\n\tExternal calls sending eth:\n\t- msg.sender.call.value(weiGiven[msg.sender])() (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#325)\n\tState variables written after the call(s):\n\t- weiGiven[msg.sender] = 0 (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#329)\n\tTokenCreationInterface.weiGiven (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#251) can be used in cross function reentrancies:\n\t- TokenCreation.createTokenProxy(address) (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#299-316)\n\t- TokenCreation.refund() (tests/detectors/reentrancy-eth/0.4.25/DAO.sol#318-332)\n", + "markdown": "Reentrancy in [TokenCreation.refund()](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L318-L332):\n\tExternal calls:\n\t- [extraBalance.balance >= extraBalance.accumulatedInput()](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L321)\n\t- [extraBalance.payOut(address(this),extraBalance.accumulatedInput())](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L322)\n\t- [msg.sender.call.value(weiGiven[msg.sender])()](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L325)\n\tExternal calls sending eth:\n\t- [msg.sender.call.value(weiGiven[msg.sender])()](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L325)\n\tState variables written after the call(s):\n\t- [weiGiven[msg.sender] = 0](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L329)\n\t[TokenCreationInterface.weiGiven](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L251) can be used in cross function reentrancies:\n\t- [TokenCreation.createTokenProxy(address)](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L299-L316)\n\t- [TokenCreation.refund()](tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L318-L332)\n", + "first_markdown_element": "tests/detectors/reentrancy-eth/0.4.25/DAO.sol#L318-L332", + "id": "ec60469e1cc5d8cd352a86998673bfb43580d5119e501f9a3e58e3b55befb0a9", "check": "reentrancy-eth", "impact": "High", "confidence": "Medium" diff --git a/tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol.0.4.25.ReentrancyEth.json b/tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol.0.4.25.ReentrancyEth.json index 6b323b1a9..c1a3fef5e 100644 --- a/tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol.0.4.25.ReentrancyEth.json +++ b/tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol.0.4.25.ReentrancyEth.json @@ -4,23 +4,22 @@ "elements": [ { "type": "function", - "name": "withdrawBalance", + "name": "withdrawBalance_nested", "source_mapping": { - "start": 656, - "length": 314, + "start": 2465, + "length": 246, "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol", "is_dependency": false, "lines": [ - 24, - 25, - 26, - 27, - 28, - 29, - 30, - 31 + 74, + 75, + 76, + 77, + 78, + 79, + 80 ], "starting_column": 5, "ending_column": 6 @@ -122,45 +121,44 @@ "ending_column": 2 } }, - "signature": "withdrawBalance()" + "signature": "withdrawBalance_nested()" } }, { "type": "node", - "name": "! (msg.sender.call.value(userBalance[msg.sender])())", + "name": "msg.sender.call.value(amount / 2)()", "source_mapping": { - "start": 839, - "length": 53, + "start": 2620, + "length": 33, "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol", "is_dependency": false, "lines": [ - 27 + 77 ], "starting_column": 13, - "ending_column": 66 + "ending_column": 46 }, "type_specific_fields": { "parent": { "type": "function", - "name": "withdrawBalance", + "name": "withdrawBalance_nested", "source_mapping": { - "start": 656, - "length": 314, + "start": 2465, + "length": 246, "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol", "is_dependency": false, "lines": [ - 24, - 25, - 26, - 27, - 28, - 29, - 30, - 31 + 74, + 75, + 76, + 77, + 78, + 79, + 80 ], "starting_column": 5, "ending_column": 6 @@ -262,7 +260,7 @@ "ending_column": 2 } }, - "signature": "withdrawBalance()" + "signature": "withdrawBalance_nested()" } } }, @@ -274,38 +272,37 @@ "type": "node", "name": "userBalance[msg.sender] = 0", "source_mapping": { - "start": 936, + "start": 2667, "length": 27, "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol", "is_dependency": false, "lines": [ - 30 + 78 ], - "starting_column": 9, - "ending_column": 36 + "starting_column": 13, + "ending_column": 40 }, "type_specific_fields": { "parent": { "type": "function", - "name": "withdrawBalance", + "name": "withdrawBalance_nested", "source_mapping": { - "start": 656, - "length": 314, + "start": 2465, + "length": 246, "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol", "is_dependency": false, "lines": [ - 24, - 25, - 26, - 27, - 28, - 29, - 30, - 31 + 74, + 75, + 76, + 77, + 78, + 79, + 80 ], "starting_column": 5, "ending_column": 6 @@ -407,7 +404,7 @@ "ending_column": 2 } }, - "signature": "withdrawBalance()" + "signature": "withdrawBalance_nested()" } } }, @@ -417,10 +414,10 @@ } } ], - "description": "Reentrancy in Reentrancy.withdrawBalance() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#24-31):\n\tExternal calls:\n\t- ! (msg.sender.call.value(userBalance[msg.sender])()) (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#27)\n\tState variables written after the call(s):\n\t- userBalance[msg.sender] = 0 (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#30)\n", - "markdown": "Reentrancy in [Reentrancy.withdrawBalance()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L24-L31):\n\tExternal calls:\n\t- [! (msg.sender.call.value(userBalance[msg.sender])())](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L27)\n\tState variables written after the call(s):\n\t- [userBalance[msg.sender] = 0](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L30)\n", - "first_markdown_element": "tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L24-L31", - "id": "759a5ea5deb597f6ca748c9b27656dee01b1e4b634365a68b918bf10518662e8", + "description": "Reentrancy in Reentrancy.withdrawBalance_nested() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#74-80):\n\tExternal calls:\n\t- msg.sender.call.value(amount / 2)() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#77)\n\tState variables written after the call(s):\n\t- userBalance[msg.sender] = 0 (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#78)\n\tReentrancy.userBalance (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#4) can be used in cross function reentrancies:\n\t- Reentrancy.constructor() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#15-22)\n\t- Reentrancy.addToBalance() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#10-12)\n\t- Reentrancy.withdrawBalance_fixed_4() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#61-72)\n\t- Reentrancy.withdrawBalance() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#24-31)\n\t- Reentrancy.withdrawBalance_nested() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#74-80)\n\t- Reentrancy.withdrawBalance_fixed_3() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#52-60)\n\t- Reentrancy.withdrawBalance_fixed_2() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#43-50)\n\t- Reentrancy.withdrawBalance_fixed() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#33-41)\n\t- Reentrancy.getBalance(address) (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#6-8)\n", + "markdown": "Reentrancy in [Reentrancy.withdrawBalance_nested()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L74-L80):\n\tExternal calls:\n\t- [msg.sender.call.value(amount / 2)()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L77)\n\tState variables written after the call(s):\n\t- [userBalance[msg.sender] = 0](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L78)\n\t[Reentrancy.userBalance](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L4) can be used in cross function reentrancies:\n\t- [Reentrancy.constructor()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L15-L22)\n\t- [Reentrancy.addToBalance()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L10-L12)\n\t- [Reentrancy.withdrawBalance_fixed_4()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L61-L72)\n\t- [Reentrancy.withdrawBalance()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L24-L31)\n\t- [Reentrancy.withdrawBalance_nested()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L74-L80)\n\t- [Reentrancy.withdrawBalance_fixed_3()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L52-L60)\n\t- [Reentrancy.withdrawBalance_fixed_2()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L43-L50)\n\t- [Reentrancy.withdrawBalance_fixed()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L33-L41)\n\t- [Reentrancy.getBalance(address)](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L6-L8)\n", + "first_markdown_element": "tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L74-L80", + "id": "40068dd897810c9dd5841a3225068906bdf31af8ffac1dda0fe0afacc008f0f1", "check": "reentrancy-eth", "impact": "High", "confidence": "Medium" @@ -429,22 +426,23 @@ "elements": [ { "type": "function", - "name": "withdrawBalance_nested", + "name": "withdrawBalance", "source_mapping": { - "start": 2465, - "length": 246, + "start": 656, + "length": 314, "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol", "is_dependency": false, "lines": [ - 74, - 75, - 76, - 77, - 78, - 79, - 80 + 24, + 25, + 26, + 27, + 28, + 29, + 30, + 31 ], "starting_column": 5, "ending_column": 6 @@ -546,44 +544,45 @@ "ending_column": 2 } }, - "signature": "withdrawBalance_nested()" + "signature": "withdrawBalance()" } }, { "type": "node", - "name": "msg.sender.call.value(amount / 2)()", + "name": "! (msg.sender.call.value(userBalance[msg.sender])())", "source_mapping": { - "start": 2620, - "length": 33, + "start": 839, + "length": 53, "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol", "is_dependency": false, "lines": [ - 77 + 27 ], "starting_column": 13, - "ending_column": 46 + "ending_column": 66 }, "type_specific_fields": { "parent": { "type": "function", - "name": "withdrawBalance_nested", + "name": "withdrawBalance", "source_mapping": { - "start": 2465, - "length": 246, + "start": 656, + "length": 314, "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol", "is_dependency": false, "lines": [ - 74, - 75, - 76, - 77, - 78, - 79, - 80 + 24, + 25, + 26, + 27, + 28, + 29, + 30, + 31 ], "starting_column": 5, "ending_column": 6 @@ -685,7 +684,7 @@ "ending_column": 2 } }, - "signature": "withdrawBalance_nested()" + "signature": "withdrawBalance()" } } }, @@ -697,37 +696,38 @@ "type": "node", "name": "userBalance[msg.sender] = 0", "source_mapping": { - "start": 2667, + "start": 936, "length": 27, "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol", "is_dependency": false, "lines": [ - 78 + 30 ], - "starting_column": 13, - "ending_column": 40 + "starting_column": 9, + "ending_column": 36 }, "type_specific_fields": { "parent": { "type": "function", - "name": "withdrawBalance_nested", + "name": "withdrawBalance", "source_mapping": { - "start": 2465, - "length": 246, + "start": 656, + "length": 314, "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol", "is_dependency": false, "lines": [ - 74, - 75, - 76, - 77, - 78, - 79, - 80 + 24, + 25, + 26, + 27, + 28, + 29, + 30, + 31 ], "starting_column": 5, "ending_column": 6 @@ -829,7 +829,7 @@ "ending_column": 2 } }, - "signature": "withdrawBalance_nested()" + "signature": "withdrawBalance()" } } }, @@ -839,10 +839,10 @@ } } ], - "description": "Reentrancy in Reentrancy.withdrawBalance_nested() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#74-80):\n\tExternal calls:\n\t- msg.sender.call.value(amount / 2)() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#77)\n\tState variables written after the call(s):\n\t- userBalance[msg.sender] = 0 (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#78)\n", - "markdown": "Reentrancy in [Reentrancy.withdrawBalance_nested()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L74-L80):\n\tExternal calls:\n\t- [msg.sender.call.value(amount / 2)()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L77)\n\tState variables written after the call(s):\n\t- [userBalance[msg.sender] = 0](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L78)\n", - "first_markdown_element": "tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L74-L80", - "id": "cc27a0e36ba51b1a24ae1df9b9f2ec9e67afedd649839a3302b6f9e08987c7d8", + "description": "Reentrancy in Reentrancy.withdrawBalance() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#24-31):\n\tExternal calls:\n\t- ! (msg.sender.call.value(userBalance[msg.sender])()) (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#27)\n\tState variables written after the call(s):\n\t- userBalance[msg.sender] = 0 (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#30)\n\tReentrancy.userBalance (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#4) can be used in cross function reentrancies:\n\t- Reentrancy.constructor() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#15-22)\n\t- Reentrancy.addToBalance() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#10-12)\n\t- Reentrancy.withdrawBalance_fixed_4() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#61-72)\n\t- Reentrancy.withdrawBalance() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#24-31)\n\t- Reentrancy.withdrawBalance_nested() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#74-80)\n\t- Reentrancy.withdrawBalance_fixed_3() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#52-60)\n\t- Reentrancy.withdrawBalance_fixed_2() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#43-50)\n\t- Reentrancy.withdrawBalance_fixed() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#33-41)\n\t- Reentrancy.getBalance(address) (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#6-8)\n", + "markdown": "Reentrancy in [Reentrancy.withdrawBalance()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L24-L31):\n\tExternal calls:\n\t- [! (msg.sender.call.value(userBalance[msg.sender])())](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L27)\n\tState variables written after the call(s):\n\t- [userBalance[msg.sender] = 0](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L30)\n\t[Reentrancy.userBalance](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L4) can be used in cross function reentrancies:\n\t- [Reentrancy.constructor()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L15-L22)\n\t- [Reentrancy.addToBalance()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L10-L12)\n\t- [Reentrancy.withdrawBalance_fixed_4()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L61-L72)\n\t- [Reentrancy.withdrawBalance()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L24-L31)\n\t- [Reentrancy.withdrawBalance_nested()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L74-L80)\n\t- [Reentrancy.withdrawBalance_fixed_3()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L52-L60)\n\t- [Reentrancy.withdrawBalance_fixed_2()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L43-L50)\n\t- [Reentrancy.withdrawBalance_fixed()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L33-L41)\n\t- [Reentrancy.getBalance(address)](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L6-L8)\n", + "first_markdown_element": "tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L24-L31", + "id": "dd0fcd3095a9151d9ce4b893b8fbad6f1800fab62623d56b305e6dedb7f1f69a", "check": "reentrancy-eth", "impact": "High", "confidence": "Medium" diff --git a/tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol.0.4.25.ReentrancyEth.json b/tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol.0.4.25.ReentrancyEth.json index d2d53ed0e..1d0fd8862 100644 --- a/tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol.0.4.25.ReentrancyEth.json +++ b/tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol.0.4.25.ReentrancyEth.json @@ -428,10 +428,10 @@ } } ], - "description": "Reentrancy in Reentrancy.withdraw(address) (tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#22-29):\n\tExternal calls:\n\t- require(bool)(Token(token).transfer(msg.sender,token_deposed[token][msg.sender])) (tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#24)\n\tExternal calls sending eth:\n\t- msg.sender.transfer(eth_deposed[token][msg.sender]) (tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#23)\n\tState variables written after the call(s):\n\t- eth_deposed[token][msg.sender] = 0 (tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#26)\n\t- token_deposed[token][msg.sender] = 0 (tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#27)\n", - "markdown": "Reentrancy in [Reentrancy.withdraw(address)](tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#L22-L29):\n\tExternal calls:\n\t- [require(bool)(Token(token).transfer(msg.sender,token_deposed[token][msg.sender]))](tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#L24)\n\tExternal calls sending eth:\n\t- [msg.sender.transfer(eth_deposed[token][msg.sender])](tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#L23)\n\tState variables written after the call(s):\n\t- [eth_deposed[token][msg.sender] = 0](tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#L26)\n\t- [token_deposed[token][msg.sender] = 0](tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#L27)\n", + "description": "Reentrancy in Reentrancy.withdraw(address) (tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#22-29):\n\tExternal calls:\n\t- require(bool)(Token(token).transfer(msg.sender,token_deposed[token][msg.sender])) (tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#24)\n\tExternal calls sending eth:\n\t- msg.sender.transfer(eth_deposed[token][msg.sender]) (tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#23)\n\tState variables written after the call(s):\n\t- eth_deposed[token][msg.sender] = 0 (tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#26)\n\tReentrancy.eth_deposed (tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#10) can be used in cross function reentrancies:\n\t- Reentrancy.withdraw(address) (tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#22-29)\n\t- Reentrancy.deposit_eth(address) (tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#13-15)\n\t- token_deposed[token][msg.sender] = 0 (tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#27)\n\tReentrancy.token_deposed (tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#11) can be used in cross function reentrancies:\n\t- Reentrancy.deposit_token(address,uint256) (tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#17-20)\n\t- Reentrancy.withdraw(address) (tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#22-29)\n", + "markdown": "Reentrancy in [Reentrancy.withdraw(address)](tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#L22-L29):\n\tExternal calls:\n\t- [require(bool)(Token(token).transfer(msg.sender,token_deposed[token][msg.sender]))](tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#L24)\n\tExternal calls sending eth:\n\t- [msg.sender.transfer(eth_deposed[token][msg.sender])](tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#L23)\n\tState variables written after the call(s):\n\t- [eth_deposed[token][msg.sender] = 0](tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#L26)\n\t[Reentrancy.eth_deposed](tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#L10) can be used in cross function reentrancies:\n\t- [Reentrancy.withdraw(address)](tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#L22-L29)\n\t- [Reentrancy.deposit_eth(address)](tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#L13-L15)\n\t- [token_deposed[token][msg.sender] = 0](tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#L27)\n\t[Reentrancy.token_deposed](tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#L11) can be used in cross function reentrancies:\n\t- [Reentrancy.deposit_token(address,uint256)](tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#L17-L20)\n\t- [Reentrancy.withdraw(address)](tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#L22-L29)\n", "first_markdown_element": "tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#L22-L29", - "id": "8a2174b6a3476b6e52f3cdac7e85b44337e3b7d7df2b2504c5a75b8e2a00ea7f", + "id": "a8ba28ead6de289d54a6a09f7c8f038b1feff8ead5a9f9a50144a3405e1a5d84", "check": "reentrancy-eth", "impact": "High", "confidence": "Medium" diff --git a/tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol.0.5.16.ReentrancyEth.json b/tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol.0.5.16.ReentrancyEth.json index 2d9d75949..83d210cba 100644 --- a/tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol.0.5.16.ReentrancyEth.json +++ b/tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol.0.5.16.ReentrancyEth.json @@ -372,10 +372,10 @@ } } ], - "description": "Reentrancy in Reentrancy.withdrawBalance_fixed_3() (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#55-64):\n\tExternal calls:\n\t- (ret,mem) = msg.sender.call.value(amount)() (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#60)\n\tState variables written after the call(s):\n\t- userBalance[msg.sender] = amount (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#62)\n", - "markdown": "Reentrancy in [Reentrancy.withdrawBalance_fixed_3()](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L55-L64):\n\tExternal calls:\n\t- [(ret,mem) = msg.sender.call.value(amount)()](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L60)\n\tState variables written after the call(s):\n\t- [userBalance[msg.sender] = amount](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L62)\n", + "description": "Reentrancy in Reentrancy.withdrawBalance_fixed_3() (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#55-64):\n\tExternal calls:\n\t- (ret,mem) = msg.sender.call.value(amount)() (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#60)\n\tState variables written after the call(s):\n\t- userBalance[msg.sender] = amount (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#62)\n\tReentrancy.userBalance (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#4) can be used in cross function reentrancies:\n\t- Reentrancy.addToBalance() (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#10-12)\n\t- Reentrancy.constructor() (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#15-23)\n\t- Reentrancy.withdrawBalance_fixed() (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#35-44)\n\t- Reentrancy.withdrawBalance() (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#25-33)\n\t- Reentrancy.withdrawBalance_fixed_3() (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#55-64)\n\t- Reentrancy.withdrawBalance_fixed_2() (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#46-53)\n\t- Reentrancy.getBalance(address) (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#6-8)\n", + "markdown": "Reentrancy in [Reentrancy.withdrawBalance_fixed_3()](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L55-L64):\n\tExternal calls:\n\t- [(ret,mem) = msg.sender.call.value(amount)()](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L60)\n\tState variables written after the call(s):\n\t- [userBalance[msg.sender] = amount](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L62)\n\t[Reentrancy.userBalance](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L4) can be used in cross function reentrancies:\n\t- [Reentrancy.addToBalance()](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L10-L12)\n\t- [Reentrancy.constructor()](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L15-L23)\n\t- [Reentrancy.withdrawBalance_fixed()](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L35-L44)\n\t- [Reentrancy.withdrawBalance()](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L25-L33)\n\t- [Reentrancy.withdrawBalance_fixed_3()](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L55-L64)\n\t- [Reentrancy.withdrawBalance_fixed_2()](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L46-L53)\n\t- [Reentrancy.getBalance(address)](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L6-L8)\n", "first_markdown_element": "tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L55-L64", - "id": "b1d5762a3d9738215079d50da4bf0ecdc8eddd575b7f8686bdbfa3d101adf809", + "id": "14bd70d68ad1a7a1de9653bb90378aaa9912309c63aa307e014f56bf6946f6d9", "check": "reentrancy-eth", "impact": "High", "confidence": "Medium" @@ -749,10 +749,10 @@ } } ], - "description": "Reentrancy in Reentrancy.withdrawBalance() (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#25-33):\n\tExternal calls:\n\t- (ret,mem) = msg.sender.call.value(userBalance[msg.sender])() (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#28)\n\tState variables written after the call(s):\n\t- userBalance[msg.sender] = 0 (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#32)\n", - "markdown": "Reentrancy in [Reentrancy.withdrawBalance()](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L25-L33):\n\tExternal calls:\n\t- [(ret,mem) = msg.sender.call.value(userBalance[msg.sender])()](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L28)\n\tState variables written after the call(s):\n\t- [userBalance[msg.sender] = 0](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L32)\n", + "description": "Reentrancy in Reentrancy.withdrawBalance() (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#25-33):\n\tExternal calls:\n\t- (ret,mem) = msg.sender.call.value(userBalance[msg.sender])() (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#28)\n\tState variables written after the call(s):\n\t- userBalance[msg.sender] = 0 (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#32)\n\tReentrancy.userBalance (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#4) can be used in cross function reentrancies:\n\t- Reentrancy.addToBalance() (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#10-12)\n\t- Reentrancy.constructor() (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#15-23)\n\t- Reentrancy.withdrawBalance_fixed() (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#35-44)\n\t- Reentrancy.withdrawBalance() (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#25-33)\n\t- Reentrancy.withdrawBalance_fixed_3() (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#55-64)\n\t- Reentrancy.withdrawBalance_fixed_2() (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#46-53)\n\t- Reentrancy.getBalance(address) (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#6-8)\n", + "markdown": "Reentrancy in [Reentrancy.withdrawBalance()](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L25-L33):\n\tExternal calls:\n\t- [(ret,mem) = msg.sender.call.value(userBalance[msg.sender])()](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L28)\n\tState variables written after the call(s):\n\t- [userBalance[msg.sender] = 0](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L32)\n\t[Reentrancy.userBalance](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L4) can be used in cross function reentrancies:\n\t- [Reentrancy.addToBalance()](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L10-L12)\n\t- [Reentrancy.constructor()](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L15-L23)\n\t- [Reentrancy.withdrawBalance_fixed()](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L35-L44)\n\t- [Reentrancy.withdrawBalance()](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L25-L33)\n\t- [Reentrancy.withdrawBalance_fixed_3()](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L55-L64)\n\t- [Reentrancy.withdrawBalance_fixed_2()](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L46-L53)\n\t- [Reentrancy.getBalance(address)](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L6-L8)\n", "first_markdown_element": "tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L25-L33", - "id": "e2dcb62d8ffcc2636bab0fee518b4a79c760f2974c39950214749fc78bebc9de", + "id": "adefd8720d742bbfce41168a7f6671258c2a2274203a275438c8c1b9bce3be69", "check": "reentrancy-eth", "impact": "High", "confidence": "Medium" diff --git a/tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol.0.5.16.ReentrancyEth.json b/tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol.0.5.16.ReentrancyEth.json index 39e1ba145..2fd0e6feb 100644 --- a/tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol.0.5.16.ReentrancyEth.json +++ b/tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol.0.5.16.ReentrancyEth.json @@ -428,10 +428,10 @@ } } ], - "description": "Reentrancy in Reentrancy.withdraw(address) (tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#22-29):\n\tExternal calls:\n\t- require(bool)(Token(token).transfer(msg.sender,token_deposed[token][msg.sender])) (tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#24)\n\tExternal calls sending eth:\n\t- msg.sender.transfer(eth_deposed[token][msg.sender]) (tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#23)\n\tState variables written after the call(s):\n\t- eth_deposed[token][msg.sender] = 0 (tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#26)\n\t- token_deposed[token][msg.sender] = 0 (tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#27)\n", - "markdown": "Reentrancy in [Reentrancy.withdraw(address)](tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#L22-L29):\n\tExternal calls:\n\t- [require(bool)(Token(token).transfer(msg.sender,token_deposed[token][msg.sender]))](tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#L24)\n\tExternal calls sending eth:\n\t- [msg.sender.transfer(eth_deposed[token][msg.sender])](tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#L23)\n\tState variables written after the call(s):\n\t- [eth_deposed[token][msg.sender] = 0](tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#L26)\n\t- [token_deposed[token][msg.sender] = 0](tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#L27)\n", + "description": "Reentrancy in Reentrancy.withdraw(address) (tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#22-29):\n\tExternal calls:\n\t- require(bool)(Token(token).transfer(msg.sender,token_deposed[token][msg.sender])) (tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#24)\n\tExternal calls sending eth:\n\t- msg.sender.transfer(eth_deposed[token][msg.sender]) (tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#23)\n\tState variables written after the call(s):\n\t- eth_deposed[token][msg.sender] = 0 (tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#26)\n\tReentrancy.eth_deposed (tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#10) can be used in cross function reentrancies:\n\t- Reentrancy.withdraw(address) (tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#22-29)\n\t- Reentrancy.deposit_eth(address) (tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#13-15)\n\t- token_deposed[token][msg.sender] = 0 (tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#27)\n\tReentrancy.token_deposed (tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#11) can be used in cross function reentrancies:\n\t- Reentrancy.deposit_token(address,uint256) (tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#17-20)\n\t- Reentrancy.withdraw(address) (tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#22-29)\n", + "markdown": "Reentrancy in [Reentrancy.withdraw(address)](tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#L22-L29):\n\tExternal calls:\n\t- [require(bool)(Token(token).transfer(msg.sender,token_deposed[token][msg.sender]))](tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#L24)\n\tExternal calls sending eth:\n\t- [msg.sender.transfer(eth_deposed[token][msg.sender])](tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#L23)\n\tState variables written after the call(s):\n\t- [eth_deposed[token][msg.sender] = 0](tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#L26)\n\t[Reentrancy.eth_deposed](tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#L10) can be used in cross function reentrancies:\n\t- [Reentrancy.withdraw(address)](tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#L22-L29)\n\t- [Reentrancy.deposit_eth(address)](tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#L13-L15)\n\t- [token_deposed[token][msg.sender] = 0](tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#L27)\n\t[Reentrancy.token_deposed](tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#L11) can be used in cross function reentrancies:\n\t- [Reentrancy.deposit_token(address,uint256)](tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#L17-L20)\n\t- [Reentrancy.withdraw(address)](tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#L22-L29)\n", "first_markdown_element": "tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#L22-L29", - "id": "b409436e604deed3ecb1b621a908db6ddbd69754315b41a9806919d8348391d9", + "id": "63385af783ed3eb67d0d73e9f3350256e9cc6ee2f5485c50cf6c6c91f8757601", "check": "reentrancy-eth", "impact": "High", "confidence": "Medium" diff --git a/tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol.0.6.11.ReentrancyEth.json b/tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol.0.6.11.ReentrancyEth.json index 6f592b511..0aec13387 100644 --- a/tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol.0.6.11.ReentrancyEth.json +++ b/tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol.0.6.11.ReentrancyEth.json @@ -4,24 +4,25 @@ "elements": [ { "type": "function", - "name": "withdrawBalance", + "name": "withdrawBalance_fixed_3", "source_mapping": { - "start": 707, - "length": 357, + "start": 1843, + "length": 393, "filename_relative": "tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol", "is_dependency": false, "lines": [ - 25, - 26, - 27, - 28, - 29, - 30, - 31, - 32, - 33 + 55, + 56, + 57, + 58, + 59, + 60, + 61, + 62, + 63, + 64 ], "starting_column": 5, "ending_column": 6 @@ -106,46 +107,47 @@ "ending_column": 2 } }, - "signature": "withdrawBalance()" + "signature": "withdrawBalance_fixed_3()" } }, { "type": "node", - "name": "(ret,mem) = msg.sender.call.value(userBalance[msg.sender])()", + "name": "(ret,mem) = msg.sender.call.value(amount)()", "source_mapping": { - "start": 886, - "length": 81, + "start": 2088, + "length": 64, "filename_relative": "tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol", "is_dependency": false, "lines": [ - 28 + 60 ], "starting_column": 9, - "ending_column": 90 + "ending_column": 73 }, "type_specific_fields": { "parent": { "type": "function", - "name": "withdrawBalance", + "name": "withdrawBalance_fixed_3", "source_mapping": { - "start": 707, - "length": 357, + "start": 1843, + "length": 393, "filename_relative": "tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol", "is_dependency": false, "lines": [ - 25, - 26, - 27, - 28, - 29, - 30, - 31, - 32, - 33 + 55, + 56, + 57, + 58, + 59, + 60, + 61, + 62, + 63, + 64 ], "starting_column": 5, "ending_column": 6 @@ -230,7 +232,7 @@ "ending_column": 2 } }, - "signature": "withdrawBalance()" + "signature": "withdrawBalance_fixed_3()" } } }, @@ -240,41 +242,42 @@ }, { "type": "node", - "name": "userBalance[msg.sender] = 0", + "name": "userBalance[msg.sender] = amount", "source_mapping": { - "start": 1030, - "length": 27, + "start": 2187, + "length": 32, "filename_relative": "tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol", "is_dependency": false, "lines": [ - 32 + 62 ], - "starting_column": 9, - "ending_column": 36 + "starting_column": 13, + "ending_column": 45 }, "type_specific_fields": { "parent": { "type": "function", - "name": "withdrawBalance", + "name": "withdrawBalance_fixed_3", "source_mapping": { - "start": 707, - "length": 357, + "start": 1843, + "length": 393, "filename_relative": "tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol", "is_dependency": false, "lines": [ - 25, - 26, - 27, - 28, - 29, - 30, - 31, - 32, - 33 + 55, + 56, + 57, + 58, + 59, + 60, + 61, + 62, + 63, + 64 ], "starting_column": 5, "ending_column": 6 @@ -359,7 +362,7 @@ "ending_column": 2 } }, - "signature": "withdrawBalance()" + "signature": "withdrawBalance_fixed_3()" } } }, @@ -369,10 +372,10 @@ } } ], - "description": "Reentrancy in Reentrancy.withdrawBalance() (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#25-33):\n\tExternal calls:\n\t- (ret,mem) = msg.sender.call.value(userBalance[msg.sender])() (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#28)\n\tState variables written after the call(s):\n\t- userBalance[msg.sender] = 0 (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#32)\n", - "markdown": "Reentrancy in [Reentrancy.withdrawBalance()](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L25-L33):\n\tExternal calls:\n\t- [(ret,mem) = msg.sender.call.value(userBalance[msg.sender])()](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L28)\n\tState variables written after the call(s):\n\t- [userBalance[msg.sender] = 0](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L32)\n", - "first_markdown_element": "tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L25-L33", - "id": "2ae23f335df95d0f5c56d214774a6afc507773d057c4ca44f2eb4eff0e2ebe98", + "description": "Reentrancy in Reentrancy.withdrawBalance_fixed_3() (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#55-64):\n\tExternal calls:\n\t- (ret,mem) = msg.sender.call.value(amount)() (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#60)\n\tState variables written after the call(s):\n\t- userBalance[msg.sender] = amount (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#62)\n\tReentrancy.userBalance (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#4) can be used in cross function reentrancies:\n\t- Reentrancy.addToBalance() (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#10-12)\n\t- Reentrancy.constructor() (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#15-23)\n\t- Reentrancy.getBalance(address) (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#6-8)\n\t- Reentrancy.withdrawBalance_fixed_3() (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#55-64)\n\t- Reentrancy.withdrawBalance() (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#25-33)\n\t- Reentrancy.withdrawBalance_fixed() (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#35-44)\n\t- Reentrancy.withdrawBalance_fixed_2() (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#46-53)\n", + "markdown": "Reentrancy in [Reentrancy.withdrawBalance_fixed_3()](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L55-L64):\n\tExternal calls:\n\t- [(ret,mem) = msg.sender.call.value(amount)()](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L60)\n\tState variables written after the call(s):\n\t- [userBalance[msg.sender] = amount](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L62)\n\t[Reentrancy.userBalance](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L4) can be used in cross function reentrancies:\n\t- [Reentrancy.addToBalance()](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L10-L12)\n\t- [Reentrancy.constructor()](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L15-L23)\n\t- [Reentrancy.getBalance(address)](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L6-L8)\n\t- [Reentrancy.withdrawBalance_fixed_3()](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L55-L64)\n\t- [Reentrancy.withdrawBalance()](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L25-L33)\n\t- [Reentrancy.withdrawBalance_fixed()](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L35-L44)\n\t- [Reentrancy.withdrawBalance_fixed_2()](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L46-L53)\n", + "first_markdown_element": "tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L55-L64", + "id": "198c0aa45e21eaf93239b89902af77daf6acd1431a537d38c9ff8ac798d7de1a", "check": "reentrancy-eth", "impact": "High", "confidence": "Medium" @@ -381,25 +384,24 @@ "elements": [ { "type": "function", - "name": "withdrawBalance_fixed_3", + "name": "withdrawBalance", "source_mapping": { - "start": 1843, - "length": 393, + "start": 707, + "length": 357, "filename_relative": "tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol", "is_dependency": false, "lines": [ - 55, - 56, - 57, - 58, - 59, - 60, - 61, - 62, - 63, - 64 + 25, + 26, + 27, + 28, + 29, + 30, + 31, + 32, + 33 ], "starting_column": 5, "ending_column": 6 @@ -484,47 +486,46 @@ "ending_column": 2 } }, - "signature": "withdrawBalance_fixed_3()" + "signature": "withdrawBalance()" } }, { "type": "node", - "name": "(ret,mem) = msg.sender.call.value(amount)()", + "name": "(ret,mem) = msg.sender.call.value(userBalance[msg.sender])()", "source_mapping": { - "start": 2088, - "length": 64, + "start": 886, + "length": 81, "filename_relative": "tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol", "is_dependency": false, "lines": [ - 60 + 28 ], "starting_column": 9, - "ending_column": 73 + "ending_column": 90 }, "type_specific_fields": { "parent": { "type": "function", - "name": "withdrawBalance_fixed_3", + "name": "withdrawBalance", "source_mapping": { - "start": 1843, - "length": 393, + "start": 707, + "length": 357, "filename_relative": "tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol", "is_dependency": false, "lines": [ - 55, - 56, - 57, - 58, - 59, - 60, - 61, - 62, - 63, - 64 + 25, + 26, + 27, + 28, + 29, + 30, + 31, + 32, + 33 ], "starting_column": 5, "ending_column": 6 @@ -609,7 +610,7 @@ "ending_column": 2 } }, - "signature": "withdrawBalance_fixed_3()" + "signature": "withdrawBalance()" } } }, @@ -619,42 +620,41 @@ }, { "type": "node", - "name": "userBalance[msg.sender] = amount", + "name": "userBalance[msg.sender] = 0", "source_mapping": { - "start": 2187, - "length": 32, + "start": 1030, + "length": 27, "filename_relative": "tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol", "is_dependency": false, "lines": [ - 62 + 32 ], - "starting_column": 13, - "ending_column": 45 + "starting_column": 9, + "ending_column": 36 }, "type_specific_fields": { "parent": { "type": "function", - "name": "withdrawBalance_fixed_3", + "name": "withdrawBalance", "source_mapping": { - "start": 1843, - "length": 393, + "start": 707, + "length": 357, "filename_relative": "tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol", "is_dependency": false, "lines": [ - 55, - 56, - 57, - 58, - 59, - 60, - 61, - 62, - 63, - 64 + 25, + 26, + 27, + 28, + 29, + 30, + 31, + 32, + 33 ], "starting_column": 5, "ending_column": 6 @@ -739,7 +739,7 @@ "ending_column": 2 } }, - "signature": "withdrawBalance_fixed_3()" + "signature": "withdrawBalance()" } } }, @@ -749,10 +749,10 @@ } } ], - "description": "Reentrancy in Reentrancy.withdrawBalance_fixed_3() (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#55-64):\n\tExternal calls:\n\t- (ret,mem) = msg.sender.call.value(amount)() (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#60)\n\tState variables written after the call(s):\n\t- userBalance[msg.sender] = amount (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#62)\n", - "markdown": "Reentrancy in [Reentrancy.withdrawBalance_fixed_3()](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L55-L64):\n\tExternal calls:\n\t- [(ret,mem) = msg.sender.call.value(amount)()](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L60)\n\tState variables written after the call(s):\n\t- [userBalance[msg.sender] = amount](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L62)\n", - "first_markdown_element": "tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L55-L64", - "id": "c4d2dd489fd8bc396119bdd7e5a73c3782cf5fa27171112104e34b2f3ccf37c4", + "description": "Reentrancy in Reentrancy.withdrawBalance() (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#25-33):\n\tExternal calls:\n\t- (ret,mem) = msg.sender.call.value(userBalance[msg.sender])() (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#28)\n\tState variables written after the call(s):\n\t- userBalance[msg.sender] = 0 (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#32)\n\tReentrancy.userBalance (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#4) can be used in cross function reentrancies:\n\t- Reentrancy.addToBalance() (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#10-12)\n\t- Reentrancy.constructor() (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#15-23)\n\t- Reentrancy.getBalance(address) (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#6-8)\n\t- Reentrancy.withdrawBalance_fixed_3() (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#55-64)\n\t- Reentrancy.withdrawBalance() (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#25-33)\n\t- Reentrancy.withdrawBalance_fixed() (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#35-44)\n\t- Reentrancy.withdrawBalance_fixed_2() (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#46-53)\n", + "markdown": "Reentrancy in [Reentrancy.withdrawBalance()](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L25-L33):\n\tExternal calls:\n\t- [(ret,mem) = msg.sender.call.value(userBalance[msg.sender])()](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L28)\n\tState variables written after the call(s):\n\t- [userBalance[msg.sender] = 0](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L32)\n\t[Reentrancy.userBalance](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L4) can be used in cross function reentrancies:\n\t- [Reentrancy.addToBalance()](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L10-L12)\n\t- [Reentrancy.constructor()](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L15-L23)\n\t- [Reentrancy.getBalance(address)](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L6-L8)\n\t- [Reentrancy.withdrawBalance_fixed_3()](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L55-L64)\n\t- [Reentrancy.withdrawBalance()](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L25-L33)\n\t- [Reentrancy.withdrawBalance_fixed()](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L35-L44)\n\t- [Reentrancy.withdrawBalance_fixed_2()](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L46-L53)\n", + "first_markdown_element": "tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L25-L33", + "id": "8e2d5646c5d4c6276b4c732adccb83f27cedb7c979f67e27d86066a3c86ad293", "check": "reentrancy-eth", "impact": "High", "confidence": "Medium" diff --git a/tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol.0.6.11.ReentrancyEth.json b/tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol.0.6.11.ReentrancyEth.json index d33ca45ce..9bdf46f7e 100644 --- a/tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol.0.6.11.ReentrancyEth.json +++ b/tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol.0.6.11.ReentrancyEth.json @@ -428,10 +428,10 @@ } } ], - "description": "Reentrancy in Reentrancy.withdraw(address) (tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#22-29):\n\tExternal calls:\n\t- require(bool)(Token(token).transfer(msg.sender,token_deposed[token][msg.sender])) (tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#24)\n\tExternal calls sending eth:\n\t- msg.sender.transfer(eth_deposed[token][msg.sender]) (tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#23)\n\tState variables written after the call(s):\n\t- eth_deposed[token][msg.sender] = 0 (tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#26)\n\t- token_deposed[token][msg.sender] = 0 (tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#27)\n", - "markdown": "Reentrancy in [Reentrancy.withdraw(address)](tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#L22-L29):\n\tExternal calls:\n\t- [require(bool)(Token(token).transfer(msg.sender,token_deposed[token][msg.sender]))](tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#L24)\n\tExternal calls sending eth:\n\t- [msg.sender.transfer(eth_deposed[token][msg.sender])](tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#L23)\n\tState variables written after the call(s):\n\t- [eth_deposed[token][msg.sender] = 0](tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#L26)\n\t- [token_deposed[token][msg.sender] = 0](tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#L27)\n", + "description": "Reentrancy in Reentrancy.withdraw(address) (tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#22-29):\n\tExternal calls:\n\t- require(bool)(Token(token).transfer(msg.sender,token_deposed[token][msg.sender])) (tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#24)\n\tExternal calls sending eth:\n\t- msg.sender.transfer(eth_deposed[token][msg.sender]) (tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#23)\n\tState variables written after the call(s):\n\t- eth_deposed[token][msg.sender] = 0 (tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#26)\n\tReentrancy.eth_deposed (tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#10) can be used in cross function reentrancies:\n\t- Reentrancy.withdraw(address) (tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#22-29)\n\t- Reentrancy.deposit_eth(address) (tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#13-15)\n\t- token_deposed[token][msg.sender] = 0 (tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#27)\n\tReentrancy.token_deposed (tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#11) can be used in cross function reentrancies:\n\t- Reentrancy.deposit_token(address,uint256) (tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#17-20)\n\t- Reentrancy.withdraw(address) (tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#22-29)\n", + "markdown": "Reentrancy in [Reentrancy.withdraw(address)](tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#L22-L29):\n\tExternal calls:\n\t- [require(bool)(Token(token).transfer(msg.sender,token_deposed[token][msg.sender]))](tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#L24)\n\tExternal calls sending eth:\n\t- [msg.sender.transfer(eth_deposed[token][msg.sender])](tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#L23)\n\tState variables written after the call(s):\n\t- [eth_deposed[token][msg.sender] = 0](tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#L26)\n\t[Reentrancy.eth_deposed](tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#L10) can be used in cross function reentrancies:\n\t- [Reentrancy.withdraw(address)](tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#L22-L29)\n\t- [Reentrancy.deposit_eth(address)](tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#L13-L15)\n\t- [token_deposed[token][msg.sender] = 0](tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#L27)\n\t[Reentrancy.token_deposed](tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#L11) can be used in cross function reentrancies:\n\t- [Reentrancy.deposit_token(address,uint256)](tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#L17-L20)\n\t- [Reentrancy.withdraw(address)](tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#L22-L29)\n", "first_markdown_element": "tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#L22-L29", - "id": "592ad3a6f86cbf4b9e9e1c21c6345d8616f0e6e8a85c7e9ab283b5b0a1271c71", + "id": "c2901845976c503271b1f0210ebe3a50274502ce56d3de66f1bb8414c33891c5", "check": "reentrancy-eth", "impact": "High", "confidence": "Medium" diff --git a/tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol.0.7.6.ReentrancyEth.json b/tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol.0.7.6.ReentrancyEth.json index 7ef54ba95..c6206b38a 100644 --- a/tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol.0.7.6.ReentrancyEth.json +++ b/tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol.0.7.6.ReentrancyEth.json @@ -4,25 +4,24 @@ "elements": [ { "type": "function", - "name": "withdrawBalance_fixed_3", + "name": "withdrawBalance", "source_mapping": { - "start": 1839, - "length": 393, + "start": 703, + "length": 357, "filename_relative": "tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol", "is_dependency": false, "lines": [ - 55, - 56, - 57, - 58, - 59, - 60, - 61, - 62, - 63, - 64 + 25, + 26, + 27, + 28, + 29, + 30, + 31, + 32, + 33 ], "starting_column": 5, "ending_column": 6 @@ -107,47 +106,46 @@ "ending_column": 2 } }, - "signature": "withdrawBalance_fixed_3()" + "signature": "withdrawBalance()" } }, { "type": "node", - "name": "(ret,mem) = msg.sender.call{value: amount}()", + "name": "(ret,mem) = msg.sender.call{value: userBalance[msg.sender]}()", "source_mapping": { - "start": 2084, - "length": 64, + "start": 882, + "length": 81, "filename_relative": "tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol", "is_dependency": false, "lines": [ - 60 + 28 ], "starting_column": 9, - "ending_column": 73 + "ending_column": 90 }, "type_specific_fields": { "parent": { "type": "function", - "name": "withdrawBalance_fixed_3", + "name": "withdrawBalance", "source_mapping": { - "start": 1839, - "length": 393, + "start": 703, + "length": 357, "filename_relative": "tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol", "is_dependency": false, "lines": [ - 55, - 56, - 57, - 58, - 59, - 60, - 61, - 62, - 63, - 64 + 25, + 26, + 27, + 28, + 29, + 30, + 31, + 32, + 33 ], "starting_column": 5, "ending_column": 6 @@ -232,7 +230,7 @@ "ending_column": 2 } }, - "signature": "withdrawBalance_fixed_3()" + "signature": "withdrawBalance()" } } }, @@ -242,42 +240,41 @@ }, { "type": "node", - "name": "userBalance[msg.sender] = amount", + "name": "userBalance[msg.sender] = 0", "source_mapping": { - "start": 2183, - "length": 32, + "start": 1026, + "length": 27, "filename_relative": "tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol", "is_dependency": false, "lines": [ - 62 + 32 ], - "starting_column": 13, - "ending_column": 45 + "starting_column": 9, + "ending_column": 36 }, "type_specific_fields": { "parent": { "type": "function", - "name": "withdrawBalance_fixed_3", + "name": "withdrawBalance", "source_mapping": { - "start": 1839, - "length": 393, + "start": 703, + "length": 357, "filename_relative": "tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol", "is_dependency": false, "lines": [ - 55, - 56, - 57, - 58, - 59, - 60, - 61, - 62, - 63, - 64 + 25, + 26, + 27, + 28, + 29, + 30, + 31, + 32, + 33 ], "starting_column": 5, "ending_column": 6 @@ -362,7 +359,7 @@ "ending_column": 2 } }, - "signature": "withdrawBalance_fixed_3()" + "signature": "withdrawBalance()" } } }, @@ -372,10 +369,10 @@ } } ], - "description": "Reentrancy in Reentrancy.withdrawBalance_fixed_3() (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#55-64):\n\tExternal calls:\n\t- (ret,mem) = msg.sender.call{value: amount}() (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#60)\n\tState variables written after the call(s):\n\t- userBalance[msg.sender] = amount (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#62)\n", - "markdown": "Reentrancy in [Reentrancy.withdrawBalance_fixed_3()](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L55-L64):\n\tExternal calls:\n\t- [(ret,mem) = msg.sender.call{value: amount}()](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L60)\n\tState variables written after the call(s):\n\t- [userBalance[msg.sender] = amount](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L62)\n", - "first_markdown_element": "tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L55-L64", - "id": "d68cc7cd493eca1fda517423f6f6ad0a5671d0bbea1d80ec0cb403ca66d5d4b8", + "description": "Reentrancy in Reentrancy.withdrawBalance() (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#25-33):\n\tExternal calls:\n\t- (ret,mem) = msg.sender.call{value: userBalance[msg.sender]}() (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#28)\n\tState variables written after the call(s):\n\t- userBalance[msg.sender] = 0 (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#32)\n\tReentrancy.userBalance (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#4) can be used in cross function reentrancies:\n\t- Reentrancy.getBalance(address) (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#6-8)\n\t- Reentrancy.constructor() (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#15-23)\n\t- Reentrancy.addToBalance() (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#10-12)\n\t- Reentrancy.withdrawBalance_fixed() (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#35-44)\n\t- Reentrancy.withdrawBalance_fixed_3() (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#55-64)\n\t- Reentrancy.withdrawBalance() (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#25-33)\n\t- Reentrancy.withdrawBalance_fixed_2() (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#46-53)\n", + "markdown": "Reentrancy in [Reentrancy.withdrawBalance()](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L25-L33):\n\tExternal calls:\n\t- [(ret,mem) = msg.sender.call{value: userBalance[msg.sender]}()](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L28)\n\tState variables written after the call(s):\n\t- [userBalance[msg.sender] = 0](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L32)\n\t[Reentrancy.userBalance](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L4) can be used in cross function reentrancies:\n\t- [Reentrancy.getBalance(address)](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L6-L8)\n\t- [Reentrancy.constructor()](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L15-L23)\n\t- [Reentrancy.addToBalance()](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L10-L12)\n\t- [Reentrancy.withdrawBalance_fixed()](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L35-L44)\n\t- [Reentrancy.withdrawBalance_fixed_3()](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L55-L64)\n\t- [Reentrancy.withdrawBalance()](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L25-L33)\n\t- [Reentrancy.withdrawBalance_fixed_2()](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L46-L53)\n", + "first_markdown_element": "tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L25-L33", + "id": "37e2382d9122de6b05be022dc852d8adf129f921998831fcdc34a04d393dd384", "check": "reentrancy-eth", "impact": "High", "confidence": "Medium" @@ -384,24 +381,25 @@ "elements": [ { "type": "function", - "name": "withdrawBalance", + "name": "withdrawBalance_fixed_3", "source_mapping": { - "start": 703, - "length": 357, + "start": 1839, + "length": 393, "filename_relative": "tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol", "is_dependency": false, "lines": [ - 25, - 26, - 27, - 28, - 29, - 30, - 31, - 32, - 33 + 55, + 56, + 57, + 58, + 59, + 60, + 61, + 62, + 63, + 64 ], "starting_column": 5, "ending_column": 6 @@ -486,46 +484,47 @@ "ending_column": 2 } }, - "signature": "withdrawBalance()" + "signature": "withdrawBalance_fixed_3()" } }, { "type": "node", - "name": "(ret,mem) = msg.sender.call{value: userBalance[msg.sender]}()", + "name": "(ret,mem) = msg.sender.call{value: amount}()", "source_mapping": { - "start": 882, - "length": 81, + "start": 2084, + "length": 64, "filename_relative": "tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol", "is_dependency": false, "lines": [ - 28 + 60 ], "starting_column": 9, - "ending_column": 90 + "ending_column": 73 }, "type_specific_fields": { "parent": { "type": "function", - "name": "withdrawBalance", + "name": "withdrawBalance_fixed_3", "source_mapping": { - "start": 703, - "length": 357, + "start": 1839, + "length": 393, "filename_relative": "tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol", "is_dependency": false, "lines": [ - 25, - 26, - 27, - 28, - 29, - 30, - 31, - 32, - 33 + 55, + 56, + 57, + 58, + 59, + 60, + 61, + 62, + 63, + 64 ], "starting_column": 5, "ending_column": 6 @@ -610,7 +609,7 @@ "ending_column": 2 } }, - "signature": "withdrawBalance()" + "signature": "withdrawBalance_fixed_3()" } } }, @@ -620,41 +619,42 @@ }, { "type": "node", - "name": "userBalance[msg.sender] = 0", + "name": "userBalance[msg.sender] = amount", "source_mapping": { - "start": 1026, - "length": 27, + "start": 2183, + "length": 32, "filename_relative": "tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol", "is_dependency": false, "lines": [ - 32 + 62 ], - "starting_column": 9, - "ending_column": 36 + "starting_column": 13, + "ending_column": 45 }, "type_specific_fields": { "parent": { "type": "function", - "name": "withdrawBalance", + "name": "withdrawBalance_fixed_3", "source_mapping": { - "start": 703, - "length": 357, + "start": 1839, + "length": 393, "filename_relative": "tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol", "is_dependency": false, "lines": [ - 25, - 26, - 27, - 28, - 29, - 30, - 31, - 32, - 33 + 55, + 56, + 57, + 58, + 59, + 60, + 61, + 62, + 63, + 64 ], "starting_column": 5, "ending_column": 6 @@ -739,7 +739,7 @@ "ending_column": 2 } }, - "signature": "withdrawBalance()" + "signature": "withdrawBalance_fixed_3()" } } }, @@ -749,10 +749,10 @@ } } ], - "description": "Reentrancy in Reentrancy.withdrawBalance() (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#25-33):\n\tExternal calls:\n\t- (ret,mem) = msg.sender.call{value: userBalance[msg.sender]}() (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#28)\n\tState variables written after the call(s):\n\t- userBalance[msg.sender] = 0 (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#32)\n", - "markdown": "Reentrancy in [Reentrancy.withdrawBalance()](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L25-L33):\n\tExternal calls:\n\t- [(ret,mem) = msg.sender.call{value: userBalance[msg.sender]}()](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L28)\n\tState variables written after the call(s):\n\t- [userBalance[msg.sender] = 0](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L32)\n", - "first_markdown_element": "tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L25-L33", - "id": "df77aefe86b51d596b1dba22bde98d85390038724420e61fb18579fd90af852c", + "description": "Reentrancy in Reentrancy.withdrawBalance_fixed_3() (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#55-64):\n\tExternal calls:\n\t- (ret,mem) = msg.sender.call{value: amount}() (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#60)\n\tState variables written after the call(s):\n\t- userBalance[msg.sender] = amount (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#62)\n\tReentrancy.userBalance (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#4) can be used in cross function reentrancies:\n\t- Reentrancy.getBalance(address) (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#6-8)\n\t- Reentrancy.constructor() (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#15-23)\n\t- Reentrancy.addToBalance() (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#10-12)\n\t- Reentrancy.withdrawBalance_fixed() (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#35-44)\n\t- Reentrancy.withdrawBalance_fixed_3() (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#55-64)\n\t- Reentrancy.withdrawBalance() (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#25-33)\n\t- Reentrancy.withdrawBalance_fixed_2() (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#46-53)\n", + "markdown": "Reentrancy in [Reentrancy.withdrawBalance_fixed_3()](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L55-L64):\n\tExternal calls:\n\t- [(ret,mem) = msg.sender.call{value: amount}()](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L60)\n\tState variables written after the call(s):\n\t- [userBalance[msg.sender] = amount](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L62)\n\t[Reentrancy.userBalance](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L4) can be used in cross function reentrancies:\n\t- [Reentrancy.getBalance(address)](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L6-L8)\n\t- [Reentrancy.constructor()](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L15-L23)\n\t- [Reentrancy.addToBalance()](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L10-L12)\n\t- [Reentrancy.withdrawBalance_fixed()](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L35-L44)\n\t- [Reentrancy.withdrawBalance_fixed_3()](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L55-L64)\n\t- [Reentrancy.withdrawBalance()](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L25-L33)\n\t- [Reentrancy.withdrawBalance_fixed_2()](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L46-L53)\n", + "first_markdown_element": "tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L55-L64", + "id": "b40693864ea56a41248ea1fecfa8c0ed95552a62235a9282281b220d0c7000cc", "check": "reentrancy-eth", "impact": "High", "confidence": "Medium" diff --git a/tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol.0.7.6.ReentrancyEth.json b/tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol.0.7.6.ReentrancyEth.json index fb9b56b12..7907cfe64 100644 --- a/tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol.0.7.6.ReentrancyEth.json +++ b/tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol.0.7.6.ReentrancyEth.json @@ -428,10 +428,10 @@ } } ], - "description": "Reentrancy in Reentrancy.withdraw(address) (tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#22-29):\n\tExternal calls:\n\t- require(bool)(Token(token).transfer(msg.sender,token_deposed[token][msg.sender])) (tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#24)\n\tExternal calls sending eth:\n\t- msg.sender.transfer(eth_deposed[token][msg.sender]) (tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#23)\n\tState variables written after the call(s):\n\t- eth_deposed[token][msg.sender] = 0 (tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#26)\n\t- token_deposed[token][msg.sender] = 0 (tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#27)\n", - "markdown": "Reentrancy in [Reentrancy.withdraw(address)](tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#L22-L29):\n\tExternal calls:\n\t- [require(bool)(Token(token).transfer(msg.sender,token_deposed[token][msg.sender]))](tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#L24)\n\tExternal calls sending eth:\n\t- [msg.sender.transfer(eth_deposed[token][msg.sender])](tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#L23)\n\tState variables written after the call(s):\n\t- [eth_deposed[token][msg.sender] = 0](tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#L26)\n\t- [token_deposed[token][msg.sender] = 0](tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#L27)\n", + "description": "Reentrancy in Reentrancy.withdraw(address) (tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#22-29):\n\tExternal calls:\n\t- require(bool)(Token(token).transfer(msg.sender,token_deposed[token][msg.sender])) (tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#24)\n\tExternal calls sending eth:\n\t- msg.sender.transfer(eth_deposed[token][msg.sender]) (tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#23)\n\tState variables written after the call(s):\n\t- eth_deposed[token][msg.sender] = 0 (tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#26)\n\tReentrancy.eth_deposed (tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#10) can be used in cross function reentrancies:\n\t- Reentrancy.withdraw(address) (tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#22-29)\n\t- Reentrancy.deposit_eth(address) (tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#13-15)\n\t- token_deposed[token][msg.sender] = 0 (tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#27)\n\tReentrancy.token_deposed (tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#11) can be used in cross function reentrancies:\n\t- Reentrancy.withdraw(address) (tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#22-29)\n\t- Reentrancy.deposit_token(address,uint256) (tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#17-20)\n", + "markdown": "Reentrancy in [Reentrancy.withdraw(address)](tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#L22-L29):\n\tExternal calls:\n\t- [require(bool)(Token(token).transfer(msg.sender,token_deposed[token][msg.sender]))](tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#L24)\n\tExternal calls sending eth:\n\t- [msg.sender.transfer(eth_deposed[token][msg.sender])](tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#L23)\n\tState variables written after the call(s):\n\t- [eth_deposed[token][msg.sender] = 0](tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#L26)\n\t[Reentrancy.eth_deposed](tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#L10) can be used in cross function reentrancies:\n\t- [Reentrancy.withdraw(address)](tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#L22-L29)\n\t- [Reentrancy.deposit_eth(address)](tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#L13-L15)\n\t- [token_deposed[token][msg.sender] = 0](tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#L27)\n\t[Reentrancy.token_deposed](tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#L11) can be used in cross function reentrancies:\n\t- [Reentrancy.withdraw(address)](tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#L22-L29)\n\t- [Reentrancy.deposit_token(address,uint256)](tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#L17-L20)\n", "first_markdown_element": "tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#L22-L29", - "id": "24fc47678720105e363d9594b5bcec35f854903103c3c4a4ca82d9b4fb5348c3", + "id": "a84e723534171eddc7c9650042d0b8e9487490b61491df5e5faa8d91d5ce826f", "check": "reentrancy-eth", "impact": "High", "confidence": "Medium" diff --git a/tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol.0.4.25.ReentrancyReadBeforeWritten.json b/tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol.0.4.25.ReentrancyReadBeforeWritten.json index 9ad593e4e..c1cb8c22a 100644 --- a/tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol.0.4.25.ReentrancyReadBeforeWritten.json +++ b/tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol.0.4.25.ReentrancyReadBeforeWritten.json @@ -4,89 +4,25 @@ "elements": [ { "type": "function", - "name": "splitDAO", + "name": "transferFromWithoutReward", "source_mapping": { - "start": 36148, - "length": 2849, + "start": 41743, + "length": 247, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 947, - 948, - 949, - 950, - 951, - 952, - 953, - 954, - 955, - 956, - 957, - 958, - 959, - 960, - 961, - 962, - 963, - 964, - 965, - 966, - 967, - 968, - 969, - 970, - 971, - 972, - 973, - 974, - 975, - 976, - 977, - 978, - 979, - 980, - 981, - 982, - 983, - 984, - 985, - 986, - 987, - 988, - 989, - 990, - 991, - 992, - 993, - 994, - 995, - 996, - 997, - 998, - 999, - 1000, - 1001, - 1002, - 1003, - 1004, - 1005, - 1006, - 1007, - 1008, - 1009, - 1010, - 1011, - 1012, - 1013, - 1014, - 1015, - 1016, - 1017, - 1018, - 1019, - 1020 + 1112, + 1113, + 1114, + 1115, + 1116, + 1117, + 1118, + 1119, + 1120, + 1121 ], "starting_column": 5, "ending_column": 6 @@ -638,111 +574,47 @@ "ending_column": 2 } }, - "signature": "splitDAO(uint256,address)" + "signature": "transferFromWithoutReward(address,address,uint256)" } }, { "type": "node", - "name": "p.splitData[0].newDAO = createNewDAO(_newCurator)", + "name": "! withdrawRewardFor(_from)", "source_mapping": { - "start": 37159, - "length": 49, + "start": 41890, + "length": 25, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 974 + 1118 ], "starting_column": 13, - "ending_column": 62 + "ending_column": 38 }, "type_specific_fields": { "parent": { "type": "function", - "name": "splitDAO", + "name": "transferFromWithoutReward", "source_mapping": { - "start": 36148, - "length": 2849, + "start": 41743, + "length": 247, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 947, - 948, - 949, - 950, - 951, - 952, - 953, - 954, - 955, - 956, - 957, - 958, - 959, - 960, - 961, - 962, - 963, - 964, - 965, - 966, - 967, - 968, - 969, - 970, - 971, - 972, - 973, - 974, - 975, - 976, - 977, - 978, - 979, - 980, - 981, - 982, - 983, - 984, - 985, - 986, - 987, - 988, - 989, - 990, - 991, - 992, - 993, - 994, - 995, - 996, - 997, - 998, - 999, - 1000, - 1001, - 1002, - 1003, - 1004, - 1005, - 1006, - 1007, - 1008, - 1009, - 1010, - 1011, - 1012, - 1013, - 1014, - 1015, - 1016, - 1017, - 1018, - 1019, - 1020 + 1112, + 1113, + 1114, + 1115, + 1116, + 1117, + 1118, + 1119, + 1120, + 1121 ], "starting_column": 5, "ending_column": 6 @@ -1294,7 +1166,7 @@ "ending_column": 2 } }, - "signature": "splitDAO(uint256,address)" + "signature": "transferFromWithoutReward(address,address,uint256)" } } }, @@ -1304,36 +1176,43 @@ }, { "type": "node", - "name": "daoCreator.createDAO(_newCurator,0,0,now + splitExecutionPeriod)", + "name": "(balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply < paidOut[_account]", "source_mapping": { - "start": 44544, - "length": 74, + "start": 40461, + "length": 90, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1196 + 1065 ], - "starting_column": 9, - "ending_column": 83 + "starting_column": 13, + "ending_column": 103 }, "type_specific_fields": { "parent": { "type": "function", - "name": "createNewDAO", + "name": "withdrawRewardFor", "source_mapping": { - "start": 44427, - "length": 198, + "start": 40361, + "length": 473, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1194, - 1195, - 1196, - 1197 + 1064, + 1065, + 1066, + 1067, + 1068, + 1069, + 1070, + 1071, + 1072, + 1073, + 1074 ], "starting_column": 5, "ending_column": 6 @@ -1885,7 +1764,7 @@ "ending_column": 2 } }, - "signature": "createNewDAO(address)" + "signature": "withdrawRewardFor(address)" } } }, @@ -1895,106 +1774,44 @@ }, { "type": "node", - "name": "withdrawRewardFor(msg.sender)", + "name": "reward = (balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply - paidOut[_account]", "source_mapping": { - "start": 38796, - "length": 29, + "start": 40581, + "length": 116, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1015 + 1068, + 1069 ], "starting_column": 9, - "ending_column": 38 + "ending_column": 103 }, "type_specific_fields": { "parent": { "type": "function", - "name": "splitDAO", + "name": "withdrawRewardFor", "source_mapping": { - "start": 36148, - "length": 2849, + "start": 40361, + "length": 473, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 947, - 948, - 949, - 950, - 951, - 952, - 953, - 954, - 955, - 956, - 957, - 958, - 959, - 960, - 961, - 962, - 963, - 964, - 965, - 966, - 967, - 968, - 969, - 970, - 971, - 972, - 973, - 974, - 975, - 976, - 977, - 978, - 979, - 980, - 981, - 982, - 983, - 984, - 985, - 986, - 987, - 988, - 989, - 990, - 991, - 992, - 993, - 994, - 995, - 996, - 997, - 998, - 999, - 1000, - 1001, - 1002, - 1003, - 1004, - 1005, - 1006, - 1007, - 1008, - 1009, - 1010, - 1011, - 1012, - 1013, - 1014, - 1015, - 1016, - 1017, - 1018, - 1019, - 1020 + 1064, + 1065, + 1066, + 1067, + 1068, + 1069, + 1070, + 1071, + 1072, + 1073, + 1074 ], "starting_column": 5, "ending_column": 6 @@ -2546,29 +2363,29 @@ "ending_column": 2 } }, - "signature": "splitDAO(uint256,address)" + "signature": "withdrawRewardFor(address)" } } }, "additional_fields": { - "underlying_type": "external_calls" + "underlying_type": "external_calls_sending_eth" } }, { "type": "node", - "name": "(balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply < paidOut[_account]", + "name": "! rewardAccount.payOut(_account,reward)", "source_mapping": { - "start": 40461, - "length": 90, + "start": 40711, + "length": 39, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1065 + 1070 ], "starting_column": 13, - "ending_column": 103 + "ending_column": 52 }, "type_specific_fields": { "parent": { @@ -3154,44 +2971,42 @@ }, { "type": "node", - "name": "reward = (balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply - paidOut[_account]", + "name": "transferFrom(_from,_to,_value)", "source_mapping": { - "start": 40581, - "length": 116, + "start": 41944, + "length": 39, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1068, - 1069 + 1120 ], "starting_column": 9, - "ending_column": 103 + "ending_column": 48 }, "type_specific_fields": { "parent": { "type": "function", - "name": "withdrawRewardFor", + "name": "transferFromWithoutReward", "source_mapping": { - "start": 40361, - "length": 473, + "start": 41743, + "length": 247, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1064, - 1065, - 1066, - 1067, - 1068, - 1069, - 1070, - 1071, - 1072, - 1073, - 1074 + 1112, + 1113, + 1114, + 1115, + 1116, + 1117, + 1118, + 1119, + 1120, + 1121 ], "starting_column": 5, "ending_column": 6 @@ -3743,53 +3558,62 @@ "ending_column": 2 } }, - "signature": "withdrawRewardFor(address)" + "signature": "transferFromWithoutReward(address,address,uint256)" } } }, "additional_fields": { - "underlying_type": "external_calls_sending_eth" + "underlying_type": "variables_written", + "variable_name": "balances" } }, { "type": "node", - "name": "! rewardAccount.payOut(_account,reward)", + "name": "balances[_to] += _amount", "source_mapping": { - "start": 40711, - "length": 39, + "start": 4393, + "length": 24, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1070 + 120 ], "starting_column": 13, - "ending_column": 52 + "ending_column": 37 }, "type_specific_fields": { "parent": { "type": "function", - "name": "withdrawRewardFor", + "name": "transferFrom", "source_mapping": { - "start": 40361, - "length": 473, + "start": 4127, + "length": 509, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1064, - 1065, - 1066, - 1067, - 1068, - 1069, - 1070, - 1071, - 1072, - 1073, - 1074 + 110, + 111, + 112, + 113, + 114, + 115, + 116, + 117, + 118, + 119, + 120, + 121, + 122, + 123, + 124, + 125, + 126, + 127, + 128 ], "starting_column": 5, "ending_column": 6 @@ -3797,4365 +3621,244 @@ "type_specific_fields": { "parent": { "type": "contract", - "name": "DAO", + "name": "Token", "source_mapping": { - "start": 28296, - "length": 17108, + "start": 3440, + "length": 1550, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 694, - 695, - 696, - 697, - 698, - 699, - 700, - 701, - 702, - 703, - 704, - 705, - 706, - 707, - 708, - 709, - 710, - 711, - 712, - 713, - 714, - 715, - 716, - 717, - 718, - 719, - 720, - 721, - 722, - 723, - 724, - 725, - 726, - 727, - 728, - 729, - 730, - 731, - 732, - 733, - 734, - 735, - 736, - 737, - 738, - 739, - 740, - 741, - 742, - 743, - 744, - 745, - 746, - 747, - 748, - 749, - 750, - 751, - 752, - 753, - 754, - 755, - 756, - 757, - 758, - 759, - 760, - 761, - 762, - 763, - 764, - 765, - 766, - 767, - 768, - 769, - 770, - 771, - 772, - 773, - 774, - 775, - 776, - 777, - 778, - 779, - 780, - 781, - 782, - 783, - 784, - 785, - 786, - 787, - 788, - 789, - 790, - 791, - 792, - 793, - 794, - 795, - 796, - 797, - 798, - 799, - 800, - 801, - 802, - 803, - 804, - 805, - 806, - 807, - 808, - 809, - 810, - 811, - 812, - 813, - 814, - 815, - 816, - 817, - 818, - 819, - 820, - 821, - 822, - 823, - 824, - 825, - 826, - 827, - 828, - 829, - 830, - 831, - 832, - 833, - 834, - 835, - 836, - 837, - 838, - 839, - 840, - 841, - 842, - 843, - 844, - 845, - 846, - 847, - 848, - 849, - 850, - 851, - 852, - 853, - 854, - 855, - 856, - 857, - 858, - 859, - 860, - 861, - 862, - 863, - 864, - 865, - 866, - 867, - 868, - 869, - 870, - 871, - 872, - 873, - 874, - 875, - 876, - 877, - 878, - 879, - 880, - 881, - 882, - 883, - 884, - 885, - 886, - 887, - 888, - 889, - 890, - 891, - 892, - 893, - 894, - 895, - 896, - 897, - 898, - 899, - 900, - 901, - 902, - 903, - 904, - 905, - 906, - 907, - 908, - 909, - 910, - 911, - 912, - 913, - 914, - 915, - 916, - 917, - 918, - 919, - 920, - 921, - 922, - 923, - 924, - 925, - 926, - 927, - 928, - 929, - 930, - 931, - 932, - 933, - 934, - 935, - 936, - 937, - 938, - 939, - 940, - 941, - 942, - 943, - 944, - 945, - 946, - 947, - 948, - 949, - 950, - 951, - 952, - 953, - 954, - 955, - 956, - 957, - 958, - 959, - 960, - 961, - 962, - 963, - 964, - 965, - 966, - 967, - 968, - 969, - 970, - 971, - 972, - 973, - 974, - 975, - 976, - 977, - 978, - 979, - 980, - 981, - 982, - 983, - 984, - 985, - 986, - 987, - 988, - 989, - 990, - 991, - 992, - 993, - 994, - 995, - 996, - 997, - 998, - 999, - 1000, - 1001, - 1002, - 1003, - 1004, - 1005, - 1006, - 1007, - 1008, - 1009, - 1010, - 1011, - 1012, - 1013, - 1014, - 1015, - 1016, - 1017, - 1018, - 1019, - 1020, - 1021, - 1022, - 1023, - 1024, - 1025, - 1026, - 1027, - 1028, - 1029, - 1030, - 1031, - 1032, - 1033, - 1034, - 1035, - 1036, - 1037, - 1038, - 1039, - 1040, - 1041, - 1042, - 1043, - 1044, - 1045, - 1046, - 1047, - 1048, - 1049, - 1050, - 1051, - 1052, - 1053, - 1054, - 1055, - 1056, - 1057, - 1058, - 1059, - 1060, - 1061, - 1062, - 1063, - 1064, - 1065, - 1066, - 1067, - 1068, - 1069, - 1070, - 1071, - 1072, - 1073, - 1074, - 1075, - 1076, - 1077, - 1078, - 1079, - 1080, - 1081, - 1082, - 1083, - 1084, - 1085, - 1086, - 1087, - 1088, - 1089, - 1090, - 1091, - 1092, - 1093, - 1094, - 1095, - 1096, - 1097, - 1098, - 1099, - 1100, - 1101, - 1102, - 1103, - 1104, - 1105, - 1106, - 1107, - 1108, - 1109, - 1110, - 1111, - 1112, - 1113, - 1114, - 1115, - 1116, - 1117, - 1118, - 1119, - 1120, - 1121, - 1122, - 1123, - 1124, - 1125, - 1126, - 1127, - 1128, - 1129, - 1130, - 1131, - 1132, - 1133, - 1134, - 1135, - 1136, - 1137, - 1138, - 1139, - 1140, - 1141, - 1142, - 1143, - 1144, - 1145, - 1146, - 1147, - 1148, - 1149, - 1150, - 1151, - 1152, - 1153, - 1154, - 1155, - 1156, - 1157, - 1158, - 1159, - 1160, - 1161, - 1162, - 1163, - 1164, - 1165, - 1166, - 1167, - 1168, - 1169, - 1170, - 1171, - 1172, - 1173, - 1174, - 1175, - 1176, - 1177, - 1178, - 1179, - 1180, - 1181, - 1182, - 1183, - 1184, - 1185, - 1186, - 1187, - 1188, - 1189, - 1190, - 1191, - 1192, - 1193, - 1194, - 1195, - 1196, - 1197, - 1198, - 1199, - 1200, - 1201, - 1202, - 1203, - 1204, - 1205, - 1206, - 1207, - 1208, - 1209, - 1210, - 1211, - 1212, - 1213, - 1214, - 1215, - 1216, - 1217, - 1218, - 1219, - 1220, - 1221, - 1222, - 1223 - ], - "starting_column": 1, - "ending_column": 2 - } - }, - "signature": "withdrawRewardFor(address)" - } - } - }, - "additional_fields": { - "underlying_type": "external_calls_sending_eth" - } - }, - { - "type": "node", - "name": "balances[msg.sender] = 0", - "source_mapping": { - "start": 38912, - "length": 24, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 1017 - ], - "starting_column": 9, - "ending_column": 33 - }, - "type_specific_fields": { - "parent": { - "type": "function", - "name": "splitDAO", - "source_mapping": { - "start": 36148, - "length": 2849, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 947, - 948, - 949, - 950, - 951, - 952, - 953, - 954, - 955, - 956, - 957, - 958, - 959, - 960, - 961, - 962, - 963, - 964, - 965, - 966, - 967, - 968, - 969, - 970, - 971, - 972, - 973, - 974, - 975, - 976, - 977, - 978, - 979, - 980, - 981, - 982, - 983, - 984, - 985, - 986, - 987, - 988, - 989, - 990, - 991, - 992, - 993, - 994, - 995, - 996, - 997, - 998, - 999, - 1000, - 1001, - 1002, - 1003, - 1004, - 1005, - 1006, - 1007, - 1008, - 1009, - 1010, - 1011, - 1012, - 1013, - 1014, - 1015, - 1016, - 1017, - 1018, - 1019, - 1020 - ], - "starting_column": 5, - "ending_column": 6 - }, - "type_specific_fields": { - "parent": { - "type": "contract", - "name": "DAO", - "source_mapping": { - "start": 28296, - "length": 17108, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 694, - 695, - 696, - 697, - 698, - 699, - 700, - 701, - 702, - 703, - 704, - 705, - 706, - 707, - 708, - 709, - 710, - 711, - 712, - 713, - 714, - 715, - 716, - 717, - 718, - 719, - 720, - 721, - 722, - 723, - 724, - 725, - 726, - 727, - 728, - 729, - 730, - 731, - 732, - 733, - 734, - 735, - 736, - 737, - 738, - 739, - 740, - 741, - 742, - 743, - 744, - 745, - 746, - 747, - 748, - 749, - 750, - 751, - 752, - 753, - 754, - 755, - 756, - 757, - 758, - 759, - 760, - 761, - 762, - 763, - 764, - 765, - 766, - 767, - 768, - 769, - 770, - 771, - 772, - 773, - 774, - 775, - 776, - 777, - 778, - 779, - 780, - 781, - 782, - 783, - 784, - 785, - 786, - 787, - 788, - 789, - 790, - 791, - 792, - 793, - 794, - 795, - 796, - 797, - 798, - 799, - 800, - 801, - 802, - 803, - 804, - 805, - 806, - 807, - 808, - 809, - 810, - 811, - 812, - 813, - 814, - 815, - 816, - 817, - 818, - 819, - 820, - 821, - 822, - 823, - 824, - 825, - 826, - 827, - 828, - 829, - 830, - 831, - 832, - 833, - 834, - 835, - 836, - 837, - 838, - 839, - 840, - 841, - 842, - 843, - 844, - 845, - 846, - 847, - 848, - 849, - 850, - 851, - 852, - 853, - 854, - 855, - 856, - 857, - 858, - 859, - 860, - 861, - 862, - 863, - 864, - 865, - 866, - 867, - 868, - 869, - 870, - 871, - 872, - 873, - 874, - 875, - 876, - 877, - 878, - 879, - 880, - 881, - 882, - 883, - 884, - 885, - 886, - 887, - 888, - 889, - 890, - 891, - 892, - 893, - 894, - 895, - 896, - 897, - 898, - 899, - 900, - 901, - 902, - 903, - 904, - 905, - 906, - 907, - 908, - 909, - 910, - 911, - 912, - 913, - 914, - 915, - 916, - 917, - 918, - 919, - 920, - 921, - 922, - 923, - 924, - 925, - 926, - 927, - 928, - 929, - 930, - 931, - 932, - 933, - 934, - 935, - 936, - 937, - 938, - 939, - 940, - 941, - 942, - 943, - 944, - 945, - 946, - 947, - 948, - 949, - 950, - 951, - 952, - 953, - 954, - 955, - 956, - 957, - 958, - 959, - 960, - 961, - 962, - 963, - 964, - 965, - 966, - 967, - 968, - 969, - 970, - 971, - 972, - 973, - 974, - 975, - 976, - 977, - 978, - 979, - 980, - 981, - 982, - 983, - 984, - 985, - 986, - 987, - 988, - 989, - 990, - 991, - 992, - 993, - 994, - 995, - 996, - 997, - 998, - 999, - 1000, - 1001, - 1002, - 1003, - 1004, - 1005, - 1006, - 1007, - 1008, - 1009, - 1010, - 1011, - 1012, - 1013, - 1014, - 1015, - 1016, - 1017, - 1018, - 1019, - 1020, - 1021, - 1022, - 1023, - 1024, - 1025, - 1026, - 1027, - 1028, - 1029, - 1030, - 1031, - 1032, - 1033, - 1034, - 1035, - 1036, - 1037, - 1038, - 1039, - 1040, - 1041, - 1042, - 1043, - 1044, - 1045, - 1046, - 1047, - 1048, - 1049, - 1050, - 1051, - 1052, - 1053, - 1054, - 1055, - 1056, - 1057, - 1058, - 1059, - 1060, - 1061, - 1062, - 1063, - 1064, - 1065, - 1066, - 1067, - 1068, - 1069, - 1070, - 1071, - 1072, - 1073, - 1074, - 1075, - 1076, - 1077, - 1078, - 1079, - 1080, - 1081, - 1082, - 1083, - 1084, - 1085, - 1086, - 1087, - 1088, - 1089, - 1090, - 1091, - 1092, - 1093, - 1094, - 1095, - 1096, - 1097, - 1098, - 1099, - 1100, - 1101, - 1102, - 1103, - 1104, - 1105, - 1106, - 1107, - 1108, - 1109, - 1110, - 1111, - 1112, - 1113, - 1114, - 1115, - 1116, - 1117, - 1118, - 1119, - 1120, - 1121, - 1122, - 1123, - 1124, - 1125, - 1126, - 1127, - 1128, - 1129, - 1130, - 1131, - 1132, - 1133, - 1134, - 1135, - 1136, - 1137, - 1138, - 1139, - 1140, - 1141, - 1142, - 1143, - 1144, - 1145, - 1146, - 1147, - 1148, - 1149, - 1150, - 1151, - 1152, - 1153, - 1154, - 1155, - 1156, - 1157, - 1158, - 1159, - 1160, - 1161, - 1162, - 1163, - 1164, - 1165, - 1166, - 1167, - 1168, - 1169, - 1170, - 1171, - 1172, - 1173, - 1174, - 1175, - 1176, - 1177, - 1178, - 1179, - 1180, - 1181, - 1182, - 1183, - 1184, - 1185, - 1186, - 1187, - 1188, - 1189, - 1190, - 1191, - 1192, - 1193, - 1194, - 1195, - 1196, - 1197, - 1198, - 1199, - 1200, - 1201, - 1202, - 1203, - 1204, - 1205, - 1206, - 1207, - 1208, - 1209, - 1210, - 1211, - 1212, - 1213, - 1214, - 1215, - 1216, - 1217, - 1218, - 1219, - 1220, - 1221, - 1222, - 1223 - ], - "starting_column": 1, - "ending_column": 2 - } - }, - "signature": "splitDAO(uint256,address)" - } - } - }, - "additional_fields": { - "underlying_type": "variables_written", - "variable_name": "balances" - } - }, - { - "type": "node", - "name": "paidOut[msg.sender] = 0", - "source_mapping": { - "start": 38946, - "length": 23, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 1018 - ], - "starting_column": 9, - "ending_column": 32 - }, - "type_specific_fields": { - "parent": { - "type": "function", - "name": "splitDAO", - "source_mapping": { - "start": 36148, - "length": 2849, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 947, - 948, - 949, - 950, - 951, - 952, - 953, - 954, - 955, - 956, - 957, - 958, - 959, - 960, - 961, - 962, - 963, - 964, - 965, - 966, - 967, - 968, - 969, - 970, - 971, - 972, - 973, - 974, - 975, - 976, - 977, - 978, - 979, - 980, - 981, - 982, - 983, - 984, - 985, - 986, - 987, - 988, - 989, - 990, - 991, - 992, - 993, - 994, - 995, - 996, - 997, - 998, - 999, - 1000, - 1001, - 1002, - 1003, - 1004, - 1005, - 1006, - 1007, - 1008, - 1009, - 1010, - 1011, - 1012, - 1013, - 1014, - 1015, - 1016, - 1017, - 1018, - 1019, - 1020 - ], - "starting_column": 5, - "ending_column": 6 - }, - "type_specific_fields": { - "parent": { - "type": "contract", - "name": "DAO", - "source_mapping": { - "start": 28296, - "length": 17108, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 694, - 695, - 696, - 697, - 698, - 699, - 700, - 701, - 702, - 703, - 704, - 705, - 706, - 707, - 708, - 709, - 710, - 711, - 712, - 713, - 714, - 715, - 716, - 717, - 718, - 719, - 720, - 721, - 722, - 723, - 724, - 725, - 726, - 727, - 728, - 729, - 730, - 731, - 732, - 733, - 734, - 735, - 736, - 737, - 738, - 739, - 740, - 741, - 742, - 743, - 744, - 745, - 746, - 747, - 748, - 749, - 750, - 751, - 752, - 753, - 754, - 755, - 756, - 757, - 758, - 759, - 760, - 761, - 762, - 763, - 764, - 765, - 766, - 767, - 768, - 769, - 770, - 771, - 772, - 773, - 774, - 775, - 776, - 777, - 778, - 779, - 780, - 781, - 782, - 783, - 784, - 785, - 786, - 787, - 788, - 789, - 790, - 791, - 792, - 793, - 794, - 795, - 796, - 797, - 798, - 799, - 800, - 801, - 802, - 803, - 804, - 805, - 806, - 807, - 808, - 809, - 810, - 811, - 812, - 813, - 814, - 815, - 816, - 817, - 818, - 819, - 820, - 821, - 822, - 823, - 824, - 825, - 826, - 827, - 828, - 829, - 830, - 831, - 832, - 833, - 834, - 835, - 836, - 837, - 838, - 839, - 840, - 841, - 842, - 843, - 844, - 845, - 846, - 847, - 848, - 849, - 850, - 851, - 852, - 853, - 854, - 855, - 856, - 857, - 858, - 859, - 860, - 861, - 862, - 863, - 864, - 865, - 866, - 867, - 868, - 869, - 870, - 871, - 872, - 873, - 874, - 875, - 876, - 877, - 878, - 879, - 880, - 881, - 882, - 883, - 884, - 885, - 886, - 887, - 888, - 889, - 890, - 891, - 892, - 893, - 894, - 895, - 896, - 897, - 898, - 899, - 900, - 901, - 902, - 903, - 904, - 905, - 906, - 907, - 908, - 909, - 910, - 911, - 912, - 913, - 914, - 915, - 916, - 917, - 918, - 919, - 920, - 921, - 922, - 923, - 924, - 925, - 926, - 927, - 928, - 929, - 930, - 931, - 932, - 933, - 934, - 935, - 936, - 937, - 938, - 939, - 940, - 941, - 942, - 943, - 944, - 945, - 946, - 947, - 948, - 949, - 950, - 951, - 952, - 953, - 954, - 955, - 956, - 957, - 958, - 959, - 960, - 961, - 962, - 963, - 964, - 965, - 966, - 967, - 968, - 969, - 970, - 971, - 972, - 973, - 974, - 975, - 976, - 977, - 978, - 979, - 980, - 981, - 982, - 983, - 984, - 985, - 986, - 987, - 988, - 989, - 990, - 991, - 992, - 993, - 994, - 995, - 996, - 997, - 998, - 999, - 1000, - 1001, - 1002, - 1003, - 1004, - 1005, - 1006, - 1007, - 1008, - 1009, - 1010, - 1011, - 1012, - 1013, - 1014, - 1015, - 1016, - 1017, - 1018, - 1019, - 1020, - 1021, - 1022, - 1023, - 1024, - 1025, - 1026, - 1027, - 1028, - 1029, - 1030, - 1031, - 1032, - 1033, - 1034, - 1035, - 1036, - 1037, - 1038, - 1039, - 1040, - 1041, - 1042, - 1043, - 1044, - 1045, - 1046, - 1047, - 1048, - 1049, - 1050, - 1051, - 1052, - 1053, - 1054, - 1055, - 1056, - 1057, - 1058, - 1059, - 1060, - 1061, - 1062, - 1063, - 1064, - 1065, - 1066, - 1067, - 1068, - 1069, - 1070, - 1071, - 1072, - 1073, - 1074, - 1075, - 1076, - 1077, - 1078, - 1079, - 1080, - 1081, - 1082, - 1083, - 1084, - 1085, - 1086, - 1087, - 1088, - 1089, - 1090, - 1091, - 1092, - 1093, - 1094, - 1095, - 1096, - 1097, - 1098, - 1099, - 1100, - 1101, - 1102, - 1103, - 1104, - 1105, - 1106, - 1107, - 1108, - 1109, - 1110, - 1111, - 1112, - 1113, - 1114, - 1115, - 1116, - 1117, - 1118, - 1119, - 1120, - 1121, - 1122, - 1123, - 1124, - 1125, - 1126, - 1127, - 1128, - 1129, - 1130, - 1131, - 1132, - 1133, - 1134, - 1135, - 1136, - 1137, - 1138, - 1139, - 1140, - 1141, - 1142, - 1143, - 1144, - 1145, - 1146, - 1147, - 1148, - 1149, - 1150, - 1151, - 1152, - 1153, - 1154, - 1155, - 1156, - 1157, - 1158, - 1159, - 1160, - 1161, - 1162, - 1163, - 1164, - 1165, - 1166, - 1167, - 1168, - 1169, - 1170, - 1171, - 1172, - 1173, - 1174, - 1175, - 1176, - 1177, - 1178, - 1179, - 1180, - 1181, - 1182, - 1183, - 1184, - 1185, - 1186, - 1187, - 1188, - 1189, - 1190, - 1191, - 1192, - 1193, - 1194, - 1195, - 1196, - 1197, - 1198, - 1199, - 1200, - 1201, - 1202, - 1203, - 1204, - 1205, - 1206, - 1207, - 1208, - 1209, - 1210, - 1211, - 1212, - 1213, - 1214, - 1215, - 1216, - 1217, - 1218, - 1219, - 1220, - 1221, - 1222, - 1223 - ], - "starting_column": 1, - "ending_column": 2 - } - }, - "signature": "splitDAO(uint256,address)" - } - } - }, - "additional_fields": { - "underlying_type": "variables_written", - "variable_name": "paidOut" - } - }, - { - "type": "node", - "name": "totalSupply -= balances[msg.sender]", - "source_mapping": { - "start": 38867, - "length": 35, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 1016 - ], - "starting_column": 9, - "ending_column": 44 - }, - "type_specific_fields": { - "parent": { - "type": "function", - "name": "splitDAO", - "source_mapping": { - "start": 36148, - "length": 2849, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 947, - 948, - 949, - 950, - 951, - 952, - 953, - 954, - 955, - 956, - 957, - 958, - 959, - 960, - 961, - 962, - 963, - 964, - 965, - 966, - 967, - 968, - 969, - 970, - 971, - 972, - 973, - 974, - 975, - 976, - 977, - 978, - 979, - 980, - 981, - 982, - 983, - 984, - 985, - 986, - 987, - 988, - 989, - 990, - 991, - 992, - 993, - 994, - 995, - 996, - 997, - 998, - 999, - 1000, - 1001, - 1002, - 1003, - 1004, - 1005, - 1006, - 1007, - 1008, - 1009, - 1010, - 1011, - 1012, - 1013, - 1014, - 1015, - 1016, - 1017, - 1018, - 1019, - 1020 - ], - "starting_column": 5, - "ending_column": 6 - }, - "type_specific_fields": { - "parent": { - "type": "contract", - "name": "DAO", - "source_mapping": { - "start": 28296, - "length": 17108, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 694, - 695, - 696, - 697, - 698, - 699, - 700, - 701, - 702, - 703, - 704, - 705, - 706, - 707, - 708, - 709, - 710, - 711, - 712, - 713, - 714, - 715, - 716, - 717, - 718, - 719, - 720, - 721, - 722, - 723, - 724, - 725, - 726, - 727, - 728, - 729, - 730, - 731, - 732, - 733, - 734, - 735, - 736, - 737, - 738, - 739, - 740, - 741, - 742, - 743, - 744, - 745, - 746, - 747, - 748, - 749, - 750, - 751, - 752, - 753, - 754, - 755, - 756, - 757, - 758, - 759, - 760, - 761, - 762, - 763, - 764, - 765, - 766, - 767, - 768, - 769, - 770, - 771, - 772, - 773, - 774, - 775, - 776, - 777, - 778, - 779, - 780, - 781, - 782, - 783, - 784, - 785, - 786, - 787, - 788, - 789, - 790, - 791, - 792, - 793, - 794, - 795, - 796, - 797, - 798, - 799, - 800, - 801, - 802, - 803, - 804, - 805, - 806, - 807, - 808, - 809, - 810, - 811, - 812, - 813, - 814, - 815, - 816, - 817, - 818, - 819, - 820, - 821, - 822, - 823, - 824, - 825, - 826, - 827, - 828, - 829, - 830, - 831, - 832, - 833, - 834, - 835, - 836, - 837, - 838, - 839, - 840, - 841, - 842, - 843, - 844, - 845, - 846, - 847, - 848, - 849, - 850, - 851, - 852, - 853, - 854, - 855, - 856, - 857, - 858, - 859, - 860, - 861, - 862, - 863, - 864, - 865, - 866, - 867, - 868, - 869, - 870, - 871, - 872, - 873, - 874, - 875, - 876, - 877, - 878, - 879, - 880, - 881, - 882, - 883, - 884, - 885, - 886, - 887, - 888, - 889, - 890, - 891, - 892, - 893, - 894, - 895, - 896, - 897, - 898, - 899, - 900, - 901, - 902, - 903, - 904, - 905, - 906, - 907, - 908, - 909, - 910, - 911, - 912, - 913, - 914, - 915, - 916, - 917, - 918, - 919, - 920, - 921, - 922, - 923, - 924, - 925, - 926, - 927, - 928, - 929, - 930, - 931, - 932, - 933, - 934, - 935, - 936, - 937, - 938, - 939, - 940, - 941, - 942, - 943, - 944, - 945, - 946, - 947, - 948, - 949, - 950, - 951, - 952, - 953, - 954, - 955, - 956, - 957, - 958, - 959, - 960, - 961, - 962, - 963, - 964, - 965, - 966, - 967, - 968, - 969, - 970, - 971, - 972, - 973, - 974, - 975, - 976, - 977, - 978, - 979, - 980, - 981, - 982, - 983, - 984, - 985, - 986, - 987, - 988, - 989, - 990, - 991, - 992, - 993, - 994, - 995, - 996, - 997, - 998, - 999, - 1000, - 1001, - 1002, - 1003, - 1004, - 1005, - 1006, - 1007, - 1008, - 1009, - 1010, - 1011, - 1012, - 1013, - 1014, - 1015, - 1016, - 1017, - 1018, - 1019, - 1020, - 1021, - 1022, - 1023, - 1024, - 1025, - 1026, - 1027, - 1028, - 1029, - 1030, - 1031, - 1032, - 1033, - 1034, - 1035, - 1036, - 1037, - 1038, - 1039, - 1040, - 1041, - 1042, - 1043, - 1044, - 1045, - 1046, - 1047, - 1048, - 1049, - 1050, - 1051, - 1052, - 1053, - 1054, - 1055, - 1056, - 1057, - 1058, - 1059, - 1060, - 1061, - 1062, - 1063, - 1064, - 1065, - 1066, - 1067, - 1068, - 1069, - 1070, - 1071, - 1072, - 1073, - 1074, - 1075, - 1076, - 1077, - 1078, - 1079, - 1080, - 1081, - 1082, - 1083, - 1084, - 1085, - 1086, - 1087, - 1088, - 1089, - 1090, - 1091, - 1092, - 1093, - 1094, - 1095, - 1096, - 1097, - 1098, - 1099, - 1100, - 1101, - 1102, - 1103, - 1104, - 1105, - 1106, - 1107, - 1108, - 1109, - 1110, - 1111, - 1112, - 1113, - 1114, - 1115, - 1116, - 1117, - 1118, - 1119, - 1120, - 1121, - 1122, - 1123, - 1124, - 1125, - 1126, - 1127, - 1128, - 1129, - 1130, - 1131, - 1132, - 1133, - 1134, - 1135, - 1136, - 1137, - 1138, - 1139, - 1140, - 1141, - 1142, - 1143, - 1144, - 1145, - 1146, - 1147, - 1148, - 1149, - 1150, - 1151, - 1152, - 1153, - 1154, - 1155, - 1156, - 1157, - 1158, - 1159, - 1160, - 1161, - 1162, - 1163, - 1164, - 1165, - 1166, - 1167, - 1168, - 1169, - 1170, - 1171, - 1172, - 1173, - 1174, - 1175, - 1176, - 1177, - 1178, - 1179, - 1180, - 1181, - 1182, - 1183, - 1184, - 1185, - 1186, - 1187, - 1188, - 1189, - 1190, - 1191, - 1192, - 1193, - 1194, - 1195, - 1196, - 1197, - 1198, - 1199, - 1200, - 1201, - 1202, - 1203, - 1204, - 1205, - 1206, - 1207, - 1208, - 1209, - 1210, - 1211, - 1212, - 1213, - 1214, - 1215, - 1216, - 1217, - 1218, - 1219, - 1220, - 1221, - 1222, - 1223 - ], - "starting_column": 1, - "ending_column": 2 - } - }, - "signature": "splitDAO(uint256,address)" - } - } - }, - "additional_fields": { - "underlying_type": "variables_written", - "variable_name": "totalSupply" - } - } - ], - "description": "Reentrancy in DAO.splitDAO(uint256,address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#947-1020):\n\tExternal calls:\n\t- p.splitData[0].newDAO = createNewDAO(_newCurator) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#974)\n\t\t- daoCreator.createDAO(_newCurator,0,0,now + splitExecutionPeriod) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1196)\n\t- withdrawRewardFor(msg.sender) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1015)\n\t\t- (balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply < paidOut[_account] (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1065)\n\t\t- reward = (balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply - paidOut[_account] (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1068-1069)\n\t\t- ! rewardAccount.payOut(_account,reward) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1070)\n\tState variables written after the call(s):\n\t- balances[msg.sender] = 0 (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1017)\n\t- paidOut[msg.sender] = 0 (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1018)\n\t- totalSupply -= balances[msg.sender] (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1016)\n", - "markdown": "Reentrancy in [DAO.splitDAO(uint256,address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L947-L1020):\n\tExternal calls:\n\t- [p.splitData[0].newDAO = createNewDAO(_newCurator)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L974)\n\t\t- [daoCreator.createDAO(_newCurator,0,0,now + splitExecutionPeriod)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1196)\n\t- [withdrawRewardFor(msg.sender)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1015)\n\t\t- [(balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply < paidOut[_account]](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1065)\n\t\t- [reward = (balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply - paidOut[_account]](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1068-L1069)\n\t\t- [! rewardAccount.payOut(_account,reward)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1070)\n\tState variables written after the call(s):\n\t- [balances[msg.sender] = 0](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1017)\n\t- [paidOut[msg.sender] = 0](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1018)\n\t- [totalSupply -= balances[msg.sender]](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1016)\n", - "first_markdown_element": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L947-L1020", - "id": "4ce8b483e6c9e8e2bbc854d3ff7713e20404b0be5e7cc714329c9a56c52e8d31", - "check": "reentrancy-no-eth", - "impact": "Medium", - "confidence": "Medium" - }, - { - "elements": [ - { - "type": "function", - "name": "transferFromWithoutReward", - "source_mapping": { - "start": 41743, - "length": 247, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 1112, - 1113, - 1114, - 1115, - 1116, - 1117, - 1118, - 1119, - 1120, - 1121 - ], - "starting_column": 5, - "ending_column": 6 - }, - "type_specific_fields": { - "parent": { - "type": "contract", - "name": "DAO", - "source_mapping": { - "start": 28296, - "length": 17108, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 694, - 695, - 696, - 697, - 698, - 699, - 700, - 701, - 702, - 703, - 704, - 705, - 706, - 707, - 708, - 709, - 710, - 711, - 712, - 713, - 714, - 715, - 716, - 717, - 718, - 719, - 720, - 721, - 722, - 723, - 724, - 725, - 726, - 727, - 728, - 729, - 730, - 731, - 732, - 733, - 734, - 735, - 736, - 737, - 738, - 739, - 740, - 741, - 742, - 743, - 744, - 745, - 746, - 747, - 748, - 749, - 750, - 751, - 752, - 753, - 754, - 755, - 756, - 757, - 758, - 759, - 760, - 761, - 762, - 763, - 764, - 765, - 766, - 767, - 768, - 769, - 770, - 771, - 772, - 773, - 774, - 775, - 776, - 777, - 778, - 779, - 780, - 781, - 782, - 783, - 784, - 785, - 786, - 787, - 788, - 789, - 790, - 791, - 792, - 793, - 794, - 795, - 796, - 797, - 798, - 799, - 800, - 801, - 802, - 803, - 804, - 805, - 806, - 807, - 808, - 809, - 810, - 811, - 812, - 813, - 814, - 815, - 816, - 817, - 818, - 819, - 820, - 821, - 822, - 823, - 824, - 825, - 826, - 827, - 828, - 829, - 830, - 831, - 832, - 833, - 834, - 835, - 836, - 837, - 838, - 839, - 840, - 841, - 842, - 843, - 844, - 845, - 846, - 847, - 848, - 849, - 850, - 851, - 852, - 853, - 854, - 855, - 856, - 857, - 858, - 859, - 860, - 861, - 862, - 863, - 864, - 865, - 866, - 867, - 868, - 869, - 870, - 871, - 872, - 873, - 874, - 875, - 876, - 877, - 878, - 879, - 880, - 881, - 882, - 883, - 884, - 885, - 886, - 887, - 888, - 889, - 890, - 891, - 892, - 893, - 894, - 895, - 896, - 897, - 898, - 899, - 900, - 901, - 902, - 903, - 904, - 905, - 906, - 907, - 908, - 909, - 910, - 911, - 912, - 913, - 914, - 915, - 916, - 917, - 918, - 919, - 920, - 921, - 922, - 923, - 924, - 925, - 926, - 927, - 928, - 929, - 930, - 931, - 932, - 933, - 934, - 935, - 936, - 937, - 938, - 939, - 940, - 941, - 942, - 943, - 944, - 945, - 946, - 947, - 948, - 949, - 950, - 951, - 952, - 953, - 954, - 955, - 956, - 957, - 958, - 959, - 960, - 961, - 962, - 963, - 964, - 965, - 966, - 967, - 968, - 969, - 970, - 971, - 972, - 973, - 974, - 975, - 976, - 977, - 978, - 979, - 980, - 981, - 982, - 983, - 984, - 985, - 986, - 987, - 988, - 989, - 990, - 991, - 992, - 993, - 994, - 995, - 996, - 997, - 998, - 999, - 1000, - 1001, - 1002, - 1003, - 1004, - 1005, - 1006, - 1007, - 1008, - 1009, - 1010, - 1011, - 1012, - 1013, - 1014, - 1015, - 1016, - 1017, - 1018, - 1019, - 1020, - 1021, - 1022, - 1023, - 1024, - 1025, - 1026, - 1027, - 1028, - 1029, - 1030, - 1031, - 1032, - 1033, - 1034, - 1035, - 1036, - 1037, - 1038, - 1039, - 1040, - 1041, - 1042, - 1043, - 1044, - 1045, - 1046, - 1047, - 1048, - 1049, - 1050, - 1051, - 1052, - 1053, - 1054, - 1055, - 1056, - 1057, - 1058, - 1059, - 1060, - 1061, - 1062, - 1063, - 1064, - 1065, - 1066, - 1067, - 1068, - 1069, - 1070, - 1071, - 1072, - 1073, - 1074, - 1075, - 1076, - 1077, - 1078, - 1079, - 1080, - 1081, - 1082, - 1083, - 1084, - 1085, - 1086, - 1087, - 1088, - 1089, - 1090, - 1091, - 1092, - 1093, - 1094, - 1095, - 1096, - 1097, - 1098, - 1099, - 1100, - 1101, - 1102, - 1103, - 1104, - 1105, - 1106, - 1107, - 1108, - 1109, - 1110, - 1111, - 1112, - 1113, - 1114, - 1115, - 1116, - 1117, - 1118, - 1119, - 1120, - 1121, - 1122, - 1123, - 1124, - 1125, - 1126, - 1127, - 1128, - 1129, - 1130, - 1131, - 1132, - 1133, - 1134, - 1135, - 1136, - 1137, - 1138, - 1139, - 1140, - 1141, - 1142, - 1143, - 1144, - 1145, - 1146, - 1147, - 1148, - 1149, - 1150, - 1151, - 1152, - 1153, - 1154, - 1155, - 1156, - 1157, - 1158, - 1159, - 1160, - 1161, - 1162, - 1163, - 1164, - 1165, - 1166, - 1167, - 1168, - 1169, - 1170, - 1171, - 1172, - 1173, - 1174, - 1175, - 1176, - 1177, - 1178, - 1179, - 1180, - 1181, - 1182, - 1183, - 1184, - 1185, - 1186, - 1187, - 1188, - 1189, - 1190, - 1191, - 1192, - 1193, - 1194, - 1195, - 1196, - 1197, - 1198, - 1199, - 1200, - 1201, - 1202, - 1203, - 1204, - 1205, - 1206, - 1207, - 1208, - 1209, - 1210, - 1211, - 1212, - 1213, - 1214, - 1215, - 1216, - 1217, - 1218, - 1219, - 1220, - 1221, - 1222, - 1223 - ], - "starting_column": 1, - "ending_column": 2 - } - }, - "signature": "transferFromWithoutReward(address,address,uint256)" - } - }, - { - "type": "node", - "name": "! withdrawRewardFor(_from)", - "source_mapping": { - "start": 41890, - "length": 25, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 1118 - ], - "starting_column": 13, - "ending_column": 38 - }, - "type_specific_fields": { - "parent": { - "type": "function", - "name": "transferFromWithoutReward", - "source_mapping": { - "start": 41743, - "length": 247, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 1112, - 1113, - 1114, - 1115, - 1116, - 1117, - 1118, - 1119, - 1120, - 1121 - ], - "starting_column": 5, - "ending_column": 6 - }, - "type_specific_fields": { - "parent": { - "type": "contract", - "name": "DAO", - "source_mapping": { - "start": 28296, - "length": 17108, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 694, - 695, - 696, - 697, - 698, - 699, - 700, - 701, - 702, - 703, - 704, - 705, - 706, - 707, - 708, - 709, - 710, - 711, - 712, - 713, - 714, - 715, - 716, - 717, - 718, - 719, - 720, - 721, - 722, - 723, - 724, - 725, - 726, - 727, - 728, - 729, - 730, - 731, - 732, - 733, - 734, - 735, - 736, - 737, - 738, - 739, - 740, - 741, - 742, - 743, - 744, - 745, - 746, - 747, - 748, - 749, - 750, - 751, - 752, - 753, - 754, - 755, - 756, - 757, - 758, - 759, - 760, - 761, - 762, - 763, - 764, - 765, - 766, - 767, - 768, - 769, - 770, - 771, - 772, - 773, - 774, - 775, - 776, - 777, - 778, - 779, - 780, - 781, - 782, - 783, - 784, - 785, - 786, - 787, - 788, - 789, - 790, - 791, - 792, - 793, - 794, - 795, - 796, - 797, - 798, - 799, - 800, - 801, - 802, - 803, - 804, - 805, - 806, - 807, - 808, - 809, - 810, - 811, - 812, - 813, - 814, - 815, - 816, - 817, - 818, - 819, - 820, - 821, - 822, - 823, - 824, - 825, - 826, - 827, - 828, - 829, - 830, - 831, - 832, - 833, - 834, - 835, - 836, - 837, - 838, - 839, - 840, - 841, - 842, - 843, - 844, - 845, - 846, - 847, - 848, - 849, - 850, - 851, - 852, - 853, - 854, - 855, - 856, - 857, - 858, - 859, - 860, - 861, - 862, - 863, - 864, - 865, - 866, - 867, - 868, - 869, - 870, - 871, - 872, - 873, - 874, - 875, - 876, - 877, - 878, - 879, - 880, - 881, - 882, - 883, - 884, - 885, - 886, - 887, - 888, - 889, - 890, - 891, - 892, - 893, - 894, - 895, - 896, - 897, - 898, - 899, - 900, - 901, - 902, - 903, - 904, - 905, - 906, - 907, - 908, - 909, - 910, - 911, - 912, - 913, - 914, - 915, - 916, - 917, - 918, - 919, - 920, - 921, - 922, - 923, - 924, - 925, - 926, - 927, - 928, - 929, - 930, - 931, - 932, - 933, - 934, - 935, - 936, - 937, - 938, - 939, - 940, - 941, - 942, - 943, - 944, - 945, - 946, - 947, - 948, - 949, - 950, - 951, - 952, - 953, - 954, - 955, - 956, - 957, - 958, - 959, - 960, - 961, - 962, - 963, - 964, - 965, - 966, - 967, - 968, - 969, - 970, - 971, - 972, - 973, - 974, - 975, - 976, - 977, - 978, - 979, - 980, - 981, - 982, - 983, - 984, - 985, - 986, - 987, - 988, - 989, - 990, - 991, - 992, - 993, - 994, - 995, - 996, - 997, - 998, - 999, - 1000, - 1001, - 1002, - 1003, - 1004, - 1005, - 1006, - 1007, - 1008, - 1009, - 1010, - 1011, - 1012, - 1013, - 1014, - 1015, - 1016, - 1017, - 1018, - 1019, - 1020, - 1021, - 1022, - 1023, - 1024, - 1025, - 1026, - 1027, - 1028, - 1029, - 1030, - 1031, - 1032, - 1033, - 1034, - 1035, - 1036, - 1037, - 1038, - 1039, - 1040, - 1041, - 1042, - 1043, - 1044, - 1045, - 1046, - 1047, - 1048, - 1049, - 1050, - 1051, - 1052, - 1053, - 1054, - 1055, - 1056, - 1057, - 1058, - 1059, - 1060, - 1061, - 1062, - 1063, - 1064, - 1065, - 1066, - 1067, - 1068, - 1069, - 1070, - 1071, - 1072, - 1073, - 1074, - 1075, - 1076, - 1077, - 1078, - 1079, - 1080, - 1081, - 1082, - 1083, - 1084, - 1085, - 1086, - 1087, - 1088, - 1089, - 1090, - 1091, - 1092, - 1093, - 1094, - 1095, - 1096, - 1097, - 1098, - 1099, - 1100, - 1101, - 1102, - 1103, - 1104, - 1105, - 1106, - 1107, - 1108, - 1109, - 1110, - 1111, - 1112, - 1113, - 1114, - 1115, - 1116, - 1117, - 1118, - 1119, - 1120, - 1121, - 1122, - 1123, - 1124, - 1125, - 1126, - 1127, - 1128, - 1129, - 1130, - 1131, - 1132, - 1133, - 1134, - 1135, - 1136, - 1137, - 1138, - 1139, - 1140, - 1141, - 1142, - 1143, - 1144, - 1145, - 1146, - 1147, - 1148, - 1149, - 1150, - 1151, - 1152, - 1153, - 1154, - 1155, - 1156, - 1157, - 1158, - 1159, - 1160, - 1161, - 1162, - 1163, - 1164, - 1165, - 1166, - 1167, - 1168, - 1169, - 1170, - 1171, - 1172, - 1173, - 1174, - 1175, - 1176, - 1177, - 1178, - 1179, - 1180, - 1181, - 1182, - 1183, - 1184, - 1185, - 1186, - 1187, - 1188, - 1189, - 1190, - 1191, - 1192, - 1193, - 1194, - 1195, - 1196, - 1197, - 1198, - 1199, - 1200, - 1201, - 1202, - 1203, - 1204, - 1205, - 1206, - 1207, - 1208, - 1209, - 1210, - 1211, - 1212, - 1213, - 1214, - 1215, - 1216, - 1217, - 1218, - 1219, - 1220, - 1221, - 1222, - 1223 - ], - "starting_column": 1, - "ending_column": 2 - } - }, - "signature": "transferFromWithoutReward(address,address,uint256)" - } - } - }, - "additional_fields": { - "underlying_type": "external_calls" - } - }, - { - "type": "node", - "name": "(balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply < paidOut[_account]", - "source_mapping": { - "start": 40461, - "length": 90, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 1065 - ], - "starting_column": 13, - "ending_column": 103 - }, - "type_specific_fields": { - "parent": { - "type": "function", - "name": "withdrawRewardFor", - "source_mapping": { - "start": 40361, - "length": 473, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 1064, - 1065, - 1066, - 1067, - 1068, - 1069, - 1070, - 1071, - 1072, - 1073, - 1074 - ], - "starting_column": 5, - "ending_column": 6 - }, - "type_specific_fields": { - "parent": { - "type": "contract", - "name": "DAO", - "source_mapping": { - "start": 28296, - "length": 17108, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 694, - 695, - 696, - 697, - 698, - 699, - 700, - 701, - 702, - 703, - 704, - 705, - 706, - 707, - 708, - 709, - 710, - 711, - 712, - 713, - 714, - 715, - 716, - 717, - 718, - 719, - 720, - 721, - 722, - 723, - 724, - 725, - 726, - 727, - 728, - 729, - 730, - 731, - 732, - 733, - 734, - 735, - 736, - 737, - 738, - 739, - 740, - 741, - 742, - 743, - 744, - 745, - 746, - 747, - 748, - 749, - 750, - 751, - 752, - 753, - 754, - 755, - 756, - 757, - 758, - 759, - 760, - 761, - 762, - 763, - 764, - 765, - 766, - 767, - 768, - 769, - 770, - 771, - 772, - 773, - 774, - 775, - 776, - 777, - 778, - 779, - 780, - 781, - 782, - 783, - 784, - 785, - 786, - 787, - 788, - 789, - 790, - 791, - 792, - 793, - 794, - 795, - 796, - 797, - 798, - 799, - 800, - 801, - 802, - 803, - 804, - 805, - 806, - 807, - 808, - 809, - 810, - 811, - 812, - 813, - 814, - 815, - 816, - 817, - 818, - 819, - 820, - 821, - 822, - 823, - 824, - 825, - 826, - 827, - 828, - 829, - 830, - 831, - 832, - 833, - 834, - 835, - 836, - 837, - 838, - 839, - 840, - 841, - 842, - 843, - 844, - 845, - 846, - 847, - 848, - 849, - 850, - 851, - 852, - 853, - 854, - 855, - 856, - 857, - 858, - 859, - 860, - 861, - 862, - 863, - 864, - 865, - 866, - 867, - 868, - 869, - 870, - 871, - 872, - 873, - 874, - 875, - 876, - 877, - 878, - 879, - 880, - 881, - 882, - 883, - 884, - 885, - 886, - 887, - 888, - 889, - 890, - 891, - 892, - 893, - 894, - 895, - 896, - 897, - 898, - 899, - 900, - 901, - 902, - 903, - 904, - 905, - 906, - 907, - 908, - 909, - 910, - 911, - 912, - 913, - 914, - 915, - 916, - 917, - 918, - 919, - 920, - 921, - 922, - 923, - 924, - 925, - 926, - 927, - 928, - 929, - 930, - 931, - 932, - 933, - 934, - 935, - 936, - 937, - 938, - 939, - 940, - 941, - 942, - 943, - 944, - 945, - 946, - 947, - 948, - 949, - 950, - 951, - 952, - 953, - 954, - 955, - 956, - 957, - 958, - 959, - 960, - 961, - 962, - 963, - 964, - 965, - 966, - 967, - 968, - 969, - 970, - 971, - 972, - 973, - 974, - 975, - 976, - 977, - 978, - 979, - 980, - 981, - 982, - 983, - 984, - 985, - 986, - 987, - 988, - 989, - 990, - 991, - 992, - 993, - 994, - 995, - 996, - 997, - 998, - 999, - 1000, - 1001, - 1002, - 1003, - 1004, - 1005, - 1006, - 1007, - 1008, - 1009, - 1010, - 1011, - 1012, - 1013, - 1014, - 1015, - 1016, - 1017, - 1018, - 1019, - 1020, - 1021, - 1022, - 1023, - 1024, - 1025, - 1026, - 1027, - 1028, - 1029, - 1030, - 1031, - 1032, - 1033, - 1034, - 1035, - 1036, - 1037, - 1038, - 1039, - 1040, - 1041, - 1042, - 1043, - 1044, - 1045, - 1046, - 1047, - 1048, - 1049, - 1050, - 1051, - 1052, - 1053, - 1054, - 1055, - 1056, - 1057, - 1058, - 1059, - 1060, - 1061, - 1062, - 1063, - 1064, - 1065, - 1066, - 1067, - 1068, - 1069, - 1070, - 1071, - 1072, - 1073, - 1074, - 1075, - 1076, - 1077, - 1078, - 1079, - 1080, - 1081, - 1082, - 1083, - 1084, - 1085, - 1086, - 1087, - 1088, - 1089, - 1090, - 1091, - 1092, - 1093, - 1094, - 1095, - 1096, - 1097, - 1098, - 1099, - 1100, - 1101, - 1102, - 1103, - 1104, - 1105, - 1106, - 1107, - 1108, - 1109, - 1110, - 1111, - 1112, - 1113, - 1114, - 1115, - 1116, - 1117, - 1118, - 1119, - 1120, - 1121, - 1122, - 1123, - 1124, - 1125, - 1126, - 1127, - 1128, - 1129, - 1130, - 1131, - 1132, - 1133, - 1134, - 1135, - 1136, - 1137, - 1138, - 1139, - 1140, - 1141, - 1142, - 1143, - 1144, - 1145, - 1146, - 1147, - 1148, - 1149, - 1150, - 1151, - 1152, - 1153, - 1154, - 1155, - 1156, - 1157, - 1158, - 1159, - 1160, - 1161, - 1162, - 1163, - 1164, - 1165, - 1166, - 1167, - 1168, - 1169, - 1170, - 1171, - 1172, - 1173, - 1174, - 1175, - 1176, - 1177, - 1178, - 1179, - 1180, - 1181, - 1182, - 1183, - 1184, - 1185, - 1186, - 1187, - 1188, - 1189, - 1190, - 1191, - 1192, - 1193, - 1194, - 1195, - 1196, - 1197, - 1198, - 1199, - 1200, - 1201, - 1202, - 1203, - 1204, - 1205, - 1206, - 1207, - 1208, - 1209, - 1210, - 1211, - 1212, - 1213, - 1214, - 1215, - 1216, - 1217, - 1218, - 1219, - 1220, - 1221, - 1222, - 1223 + 90, + 91, + 92, + 93, + 94, + 95, + 96, + 97, + 98, + 99, + 100, + 101, + 102, + 103, + 104, + 105, + 106, + 107, + 108, + 109, + 110, + 111, + 112, + 113, + 114, + 115, + 116, + 117, + 118, + 119, + 120, + 121, + 122, + 123, + 124, + 125, + 126, + 127, + 128, + 129, + 130, + 131, + 132, + 133, + 134, + 135, + 136, + 137, + 138, + 139 ], "starting_column": 1, "ending_column": 2 } }, - "signature": "withdrawRewardFor(address)" + "signature": "transferFrom(address,address,uint256)" } } }, "additional_fields": { - "underlying_type": "external_calls_sending_eth" + "underlying_type": "variables_written", + "variable_name": "balances" } }, { "type": "node", - "name": "reward = (balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply - paidOut[_account]", + "name": "balances[_from] -= _amount", "source_mapping": { - "start": 40581, - "length": 116, + "start": 4431, + "length": 26, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1068, - 1069 + 121 + ], + "starting_column": 13, + "ending_column": 39 + }, + "type_specific_fields": { + "parent": { + "type": "function", + "name": "transferFrom", + "source_mapping": { + "start": 4127, + "length": 509, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 110, + 111, + 112, + 113, + 114, + 115, + 116, + 117, + 118, + 119, + 120, + 121, + 122, + 123, + 124, + 125, + 126, + 127, + 128 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "Token", + "source_mapping": { + "start": 3440, + "length": 1550, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 90, + 91, + 92, + 93, + 94, + 95, + 96, + 97, + 98, + 99, + 100, + 101, + 102, + 103, + 104, + 105, + 106, + 107, + 108, + 109, + 110, + 111, + 112, + 113, + 114, + 115, + 116, + 117, + 118, + 119, + 120, + 121, + 122, + 123, + 124, + 125, + 126, + 127, + 128, + 129, + 130, + 131, + 132, + 133, + 134, + 135, + 136, + 137, + 138, + 139 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "transferFrom(address,address,uint256)" + } + } + }, + "additional_fields": { + "underlying_type": "variables_written", + "variable_name": "balances" + } + }, + { + "type": "node", + "name": "transferFrom(_from,_to,_value)", + "source_mapping": { + "start": 41944, + "length": 39, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 1120 ], "starting_column": 9, - "ending_column": 103 + "ending_column": 48 }, "type_specific_fields": { "parent": { "type": "function", - "name": "withdrawRewardFor", + "name": "transferFromWithoutReward", "source_mapping": { - "start": 40361, - "length": 473, + "start": 41743, + "length": 247, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1064, - 1065, - 1066, - 1067, - 1068, - 1069, - 1070, - 1071, - 1072, - 1073, - 1074 + 1112, + 1113, + 1114, + 1115, + 1116, + 1117, + 1118, + 1119, + 1120, + 1121 ], "starting_column": 5, "ending_column": 6 @@ -8707,53 +4410,56 @@ "ending_column": 2 } }, - "signature": "withdrawRewardFor(address)" + "signature": "transferFromWithoutReward(address,address,uint256)" } } }, "additional_fields": { - "underlying_type": "external_calls_sending_eth" + "underlying_type": "variables_written", + "variable_name": "paidOut" } }, { "type": "node", - "name": "! rewardAccount.payOut(_account,reward)", + "name": "paidOut[_from] -= transferPaidOut", "source_mapping": { - "start": 40711, - "length": 39, + "start": 42279, + "length": 33, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1070 + 1133 ], - "starting_column": 13, - "ending_column": 52 + "starting_column": 9, + "ending_column": 42 }, "type_specific_fields": { "parent": { "type": "function", - "name": "withdrawRewardFor", + "name": "transferPaidOut", "source_mapping": { - "start": 40361, - "length": 473, + "start": 41997, + "length": 384, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1064, - 1065, - 1066, - 1067, - 1068, - 1069, - 1070, - 1071, - 1072, - 1073, - 1074 + 1124, + 1125, + 1126, + 1127, + 1128, + 1129, + 1130, + 1131, + 1132, + 1133, + 1134, + 1135, + 1136 ], "starting_column": 5, "ending_column": 6 @@ -9305,52 +5011,56 @@ "ending_column": 2 } }, - "signature": "withdrawRewardFor(address)" + "signature": "transferPaidOut(address,address,uint256)" } } }, "additional_fields": { - "underlying_type": "external_calls_sending_eth" + "underlying_type": "variables_written", + "variable_name": "paidOut" } }, { "type": "node", - "name": "transferFrom(_from,_to,_value)", + "name": "paidOut[_to] += transferPaidOut", "source_mapping": { - "start": 41944, - "length": 39, + "start": 42322, + "length": 31, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1120 + 1134 ], "starting_column": 9, - "ending_column": 48 + "ending_column": 40 }, "type_specific_fields": { "parent": { "type": "function", - "name": "transferFromWithoutReward", + "name": "transferPaidOut", "source_mapping": { - "start": 41743, - "length": 247, + "start": 41997, + "length": 384, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1112, - 1113, - 1114, - 1115, - 1116, - 1117, - 1118, - 1119, - 1120, - 1121 + 1124, + 1125, + 1126, + 1127, + 1128, + 1129, + 1130, + 1131, + 1132, + 1133, + 1134, + 1135, + 1136 ], "starting_column": 5, "ending_column": 6 @@ -9902,307 +5612,642 @@ "ending_column": 2 } }, - "signature": "transferFromWithoutReward(address,address,uint256)" - } - } - }, - "additional_fields": { - "underlying_type": "variables_written", - "variable_name": "balances" - } - }, - { - "type": "node", - "name": "balances[_to] += _amount", - "source_mapping": { - "start": 4393, - "length": 24, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 120 - ], - "starting_column": 13, - "ending_column": 37 - }, - "type_specific_fields": { - "parent": { - "type": "function", - "name": "transferFrom", - "source_mapping": { - "start": 4127, - "length": 509, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 110, - 111, - 112, - 113, - 114, - 115, - 116, - 117, - 118, - 119, - 120, - 121, - 122, - 123, - 124, - 125, - 126, - 127, - 128 - ], - "starting_column": 5, - "ending_column": 6 - }, - "type_specific_fields": { - "parent": { - "type": "contract", - "name": "Token", - "source_mapping": { - "start": 3440, - "length": 1550, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 90, - 91, - 92, - 93, - 94, - 95, - 96, - 97, - 98, - 99, - 100, - 101, - 102, - 103, - 104, - 105, - 106, - 107, - 108, - 109, - 110, - 111, - 112, - 113, - 114, - 115, - 116, - 117, - 118, - 119, - 120, - 121, - 122, - 123, - 124, - 125, - 126, - 127, - 128, - 129, - 130, - 131, - 132, - 133, - 134, - 135, - 136, - 137, - 138, - 139 - ], - "starting_column": 1, - "ending_column": 2 - } - }, - "signature": "transferFrom(address,address,uint256)" + "signature": "transferPaidOut(address,address,uint256)" } } }, "additional_fields": { "underlying_type": "variables_written", - "variable_name": "balances" + "variable_name": "paidOut" } - }, + } + ], + "description": "Reentrancy in DAO.transferFromWithoutReward(address,address,uint256) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1112-1121):\n\tExternal calls:\n\t- ! withdrawRewardFor(_from) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1118)\n\t\t- (balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply < paidOut[_account] (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1065)\n\t\t- reward = (balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply - paidOut[_account] (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1068-1069)\n\t\t- ! rewardAccount.payOut(_account,reward) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1070)\n\tState variables written after the call(s):\n\t- transferFrom(_from,_to,_value) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1120)\n\t\t- balances[_to] += _amount (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#120)\n\t\t- balances[_from] -= _amount (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#121)\n\tTokenInterface.balances (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#41) can be used in cross function reentrancies:\n\t- Token.transfer(address,uint256) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#99-108)\n\t- TokenCreation.createTokenProxy(address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#299-316)\n\t- DAO.splitDAO(uint256,address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#947-1020)\n\t- DAO.vote(uint256,bool) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#820-850)\n\t- Token.balanceOf(address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#95-97)\n\t- TokenCreation.refund() (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#318-332)\n\t- Token.transferFrom(address,address,uint256) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#110-128)\n\t- transferFrom(_from,_to,_value) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1120)\n\t\t- paidOut[_from] -= transferPaidOut (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1133)\n\t\t- paidOut[_to] += transferPaidOut (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1134)\n\tDAOInterface.paidOut (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#426) can be used in cross function reentrancies:\n\t- DAO.splitDAO(uint256,address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#947-1020)\n\t- DAO.transferPaidOut(address,address,uint256) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1124-1136)\n\t- DAO.withdrawRewardFor(address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1064-1074)\n\t- DAOInterface.paidOut (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#426)\n", + "markdown": "Reentrancy in [DAO.transferFromWithoutReward(address,address,uint256)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1112-L1121):\n\tExternal calls:\n\t- [! withdrawRewardFor(_from)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1118)\n\t\t- [(balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply < paidOut[_account]](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1065)\n\t\t- [reward = (balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply - paidOut[_account]](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1068-L1069)\n\t\t- [! rewardAccount.payOut(_account,reward)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1070)\n\tState variables written after the call(s):\n\t- [transferFrom(_from,_to,_value)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1120)\n\t\t- [balances[_to] += _amount](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L120)\n\t\t- [balances[_from] -= _amount](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L121)\n\t[TokenInterface.balances](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L41) can be used in cross function reentrancies:\n\t- [Token.transfer(address,uint256)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L99-L108)\n\t- [TokenCreation.createTokenProxy(address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L299-L316)\n\t- [DAO.splitDAO(uint256,address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L947-L1020)\n\t- [DAO.vote(uint256,bool)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L820-L850)\n\t- [Token.balanceOf(address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L95-L97)\n\t- [TokenCreation.refund()](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L318-L332)\n\t- [Token.transferFrom(address,address,uint256)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L110-L128)\n\t- [transferFrom(_from,_to,_value)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1120)\n\t\t- [paidOut[_from] -= transferPaidOut](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1133)\n\t\t- [paidOut[_to] += transferPaidOut](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1134)\n\t[DAOInterface.paidOut](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L426) can be used in cross function reentrancies:\n\t- [DAO.splitDAO(uint256,address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L947-L1020)\n\t- [DAO.transferPaidOut(address,address,uint256)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1124-L1136)\n\t- [DAO.withdrawRewardFor(address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1064-L1074)\n\t- [DAOInterface.paidOut](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L426)\n", + "first_markdown_element": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1112-L1121", + "id": "216c6ec9fc52ceccdc93f86ce1142188621b5ccc6937a763a63769017613d894", + "check": "reentrancy-no-eth", + "impact": "Medium", + "confidence": "Medium" + }, + { + "elements": [ { - "type": "node", - "name": "balances[_from] -= _amount", + "type": "function", + "name": "withdrawRewardFor", "source_mapping": { - "start": 4431, - "length": 26, + "start": 40361, + "length": 473, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 121 + 1064, + 1065, + 1066, + 1067, + 1068, + 1069, + 1070, + 1071, + 1072, + 1073, + 1074 ], - "starting_column": 13, - "ending_column": 39 + "starting_column": 5, + "ending_column": 6 }, "type_specific_fields": { "parent": { - "type": "function", - "name": "transferFrom", + "type": "contract", + "name": "DAO", "source_mapping": { - "start": 4127, - "length": 509, + "start": 28296, + "length": 17108, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 110, - 111, - 112, - 113, - 114, - 115, - 116, - 117, - 118, - 119, - 120, - 121, - 122, - 123, - 124, - 125, - 126, - 127, - 128 + 694, + 695, + 696, + 697, + 698, + 699, + 700, + 701, + 702, + 703, + 704, + 705, + 706, + 707, + 708, + 709, + 710, + 711, + 712, + 713, + 714, + 715, + 716, + 717, + 718, + 719, + 720, + 721, + 722, + 723, + 724, + 725, + 726, + 727, + 728, + 729, + 730, + 731, + 732, + 733, + 734, + 735, + 736, + 737, + 738, + 739, + 740, + 741, + 742, + 743, + 744, + 745, + 746, + 747, + 748, + 749, + 750, + 751, + 752, + 753, + 754, + 755, + 756, + 757, + 758, + 759, + 760, + 761, + 762, + 763, + 764, + 765, + 766, + 767, + 768, + 769, + 770, + 771, + 772, + 773, + 774, + 775, + 776, + 777, + 778, + 779, + 780, + 781, + 782, + 783, + 784, + 785, + 786, + 787, + 788, + 789, + 790, + 791, + 792, + 793, + 794, + 795, + 796, + 797, + 798, + 799, + 800, + 801, + 802, + 803, + 804, + 805, + 806, + 807, + 808, + 809, + 810, + 811, + 812, + 813, + 814, + 815, + 816, + 817, + 818, + 819, + 820, + 821, + 822, + 823, + 824, + 825, + 826, + 827, + 828, + 829, + 830, + 831, + 832, + 833, + 834, + 835, + 836, + 837, + 838, + 839, + 840, + 841, + 842, + 843, + 844, + 845, + 846, + 847, + 848, + 849, + 850, + 851, + 852, + 853, + 854, + 855, + 856, + 857, + 858, + 859, + 860, + 861, + 862, + 863, + 864, + 865, + 866, + 867, + 868, + 869, + 870, + 871, + 872, + 873, + 874, + 875, + 876, + 877, + 878, + 879, + 880, + 881, + 882, + 883, + 884, + 885, + 886, + 887, + 888, + 889, + 890, + 891, + 892, + 893, + 894, + 895, + 896, + 897, + 898, + 899, + 900, + 901, + 902, + 903, + 904, + 905, + 906, + 907, + 908, + 909, + 910, + 911, + 912, + 913, + 914, + 915, + 916, + 917, + 918, + 919, + 920, + 921, + 922, + 923, + 924, + 925, + 926, + 927, + 928, + 929, + 930, + 931, + 932, + 933, + 934, + 935, + 936, + 937, + 938, + 939, + 940, + 941, + 942, + 943, + 944, + 945, + 946, + 947, + 948, + 949, + 950, + 951, + 952, + 953, + 954, + 955, + 956, + 957, + 958, + 959, + 960, + 961, + 962, + 963, + 964, + 965, + 966, + 967, + 968, + 969, + 970, + 971, + 972, + 973, + 974, + 975, + 976, + 977, + 978, + 979, + 980, + 981, + 982, + 983, + 984, + 985, + 986, + 987, + 988, + 989, + 990, + 991, + 992, + 993, + 994, + 995, + 996, + 997, + 998, + 999, + 1000, + 1001, + 1002, + 1003, + 1004, + 1005, + 1006, + 1007, + 1008, + 1009, + 1010, + 1011, + 1012, + 1013, + 1014, + 1015, + 1016, + 1017, + 1018, + 1019, + 1020, + 1021, + 1022, + 1023, + 1024, + 1025, + 1026, + 1027, + 1028, + 1029, + 1030, + 1031, + 1032, + 1033, + 1034, + 1035, + 1036, + 1037, + 1038, + 1039, + 1040, + 1041, + 1042, + 1043, + 1044, + 1045, + 1046, + 1047, + 1048, + 1049, + 1050, + 1051, + 1052, + 1053, + 1054, + 1055, + 1056, + 1057, + 1058, + 1059, + 1060, + 1061, + 1062, + 1063, + 1064, + 1065, + 1066, + 1067, + 1068, + 1069, + 1070, + 1071, + 1072, + 1073, + 1074, + 1075, + 1076, + 1077, + 1078, + 1079, + 1080, + 1081, + 1082, + 1083, + 1084, + 1085, + 1086, + 1087, + 1088, + 1089, + 1090, + 1091, + 1092, + 1093, + 1094, + 1095, + 1096, + 1097, + 1098, + 1099, + 1100, + 1101, + 1102, + 1103, + 1104, + 1105, + 1106, + 1107, + 1108, + 1109, + 1110, + 1111, + 1112, + 1113, + 1114, + 1115, + 1116, + 1117, + 1118, + 1119, + 1120, + 1121, + 1122, + 1123, + 1124, + 1125, + 1126, + 1127, + 1128, + 1129, + 1130, + 1131, + 1132, + 1133, + 1134, + 1135, + 1136, + 1137, + 1138, + 1139, + 1140, + 1141, + 1142, + 1143, + 1144, + 1145, + 1146, + 1147, + 1148, + 1149, + 1150, + 1151, + 1152, + 1153, + 1154, + 1155, + 1156, + 1157, + 1158, + 1159, + 1160, + 1161, + 1162, + 1163, + 1164, + 1165, + 1166, + 1167, + 1168, + 1169, + 1170, + 1171, + 1172, + 1173, + 1174, + 1175, + 1176, + 1177, + 1178, + 1179, + 1180, + 1181, + 1182, + 1183, + 1184, + 1185, + 1186, + 1187, + 1188, + 1189, + 1190, + 1191, + 1192, + 1193, + 1194, + 1195, + 1196, + 1197, + 1198, + 1199, + 1200, + 1201, + 1202, + 1203, + 1204, + 1205, + 1206, + 1207, + 1208, + 1209, + 1210, + 1211, + 1212, + 1213, + 1214, + 1215, + 1216, + 1217, + 1218, + 1219, + 1220, + 1221, + 1222, + 1223 ], - "starting_column": 5, - "ending_column": 6 - }, - "type_specific_fields": { - "parent": { - "type": "contract", - "name": "Token", - "source_mapping": { - "start": 3440, - "length": 1550, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 90, - 91, - 92, - 93, - 94, - 95, - 96, - 97, - 98, - 99, - 100, - 101, - 102, - 103, - 104, - 105, - 106, - 107, - 108, - 109, - 110, - 111, - 112, - 113, - 114, - 115, - 116, - 117, - 118, - 119, - 120, - 121, - 122, - 123, - 124, - 125, - 126, - 127, - 128, - 129, - 130, - 131, - 132, - 133, - 134, - 135, - 136, - 137, - 138, - 139 - ], - "starting_column": 1, - "ending_column": 2 - } - }, - "signature": "transferFrom(address,address,uint256)" + "starting_column": 1, + "ending_column": 2 } - } - }, - "additional_fields": { - "underlying_type": "variables_written", - "variable_name": "balances" + }, + "signature": "withdrawRewardFor(address)" } }, { "type": "node", - "name": "transferFrom(_from,_to,_value)", + "name": "reward = (balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply - paidOut[_account]", "source_mapping": { - "start": 41944, - "length": 39, + "start": 40581, + "length": 116, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1120 + 1068, + 1069 ], "starting_column": 9, - "ending_column": 48 + "ending_column": 103 }, "type_specific_fields": { "parent": { "type": "function", - "name": "transferFromWithoutReward", + "name": "withdrawRewardFor", "source_mapping": { - "start": 41743, - "length": 247, + "start": 40361, + "length": 473, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1112, - 1113, - 1114, - 1115, - 1116, - 1117, - 1118, - 1119, - 1120, - 1121 + 1064, + 1065, + 1066, + 1067, + 1068, + 1069, + 1070, + 1071, + 1072, + 1073, + 1074 ], "starting_column": 5, "ending_column": 6 @@ -10754,56 +6799,53 @@ "ending_column": 2 } }, - "signature": "transferFromWithoutReward(address,address,uint256)" + "signature": "withdrawRewardFor(address)" } } }, "additional_fields": { - "underlying_type": "variables_written", - "variable_name": "paidOut" + "underlying_type": "external_calls" } }, { "type": "node", - "name": "paidOut[_from] -= transferPaidOut", + "name": "! rewardAccount.payOut(_account,reward)", "source_mapping": { - "start": 42279, - "length": 33, + "start": 40711, + "length": 39, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1133 + 1070 ], - "starting_column": 9, - "ending_column": 42 + "starting_column": 13, + "ending_column": 52 }, "type_specific_fields": { "parent": { "type": "function", - "name": "transferPaidOut", + "name": "withdrawRewardFor", "source_mapping": { - "start": 41997, - "length": 384, + "start": 40361, + "length": 473, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1124, - 1125, - 1126, - 1127, - 1128, - 1129, - 1130, - 1131, - 1132, - 1133, - 1134, - 1135, - 1136 + 1064, + 1065, + 1066, + 1067, + 1068, + 1069, + 1070, + 1071, + 1072, + 1073, + 1074 ], "starting_column": 5, "ending_column": 6 @@ -11355,56 +7397,53 @@ "ending_column": 2 } }, - "signature": "transferPaidOut(address,address,uint256)" + "signature": "withdrawRewardFor(address)" } } }, "additional_fields": { - "underlying_type": "variables_written", - "variable_name": "paidOut" + "underlying_type": "external_calls" } }, { "type": "node", - "name": "paidOut[_to] += transferPaidOut", + "name": "paidOut[_account] += reward", "source_mapping": { - "start": 42322, - "length": 31, + "start": 40779, + "length": 27, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1134 + 1072 ], "starting_column": 9, - "ending_column": 40 + "ending_column": 36 }, "type_specific_fields": { "parent": { "type": "function", - "name": "transferPaidOut", + "name": "withdrawRewardFor", "source_mapping": { - "start": 41997, - "length": 384, + "start": 40361, + "length": 473, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1124, - 1125, - 1126, - 1127, - 1128, - 1129, - 1130, - 1131, - 1132, - 1133, - 1134, - 1135, - 1136 + 1064, + 1065, + 1066, + 1067, + 1068, + 1069, + 1070, + 1071, + 1072, + 1073, + 1074 ], "starting_column": 5, "ending_column": 6 @@ -11956,7 +7995,7 @@ "ending_column": 2 } }, - "signature": "transferPaidOut(address,address,uint256)" + "signature": "withdrawRewardFor(address)" } } }, @@ -11966,10 +8005,10 @@ } } ], - "description": "Reentrancy in DAO.transferFromWithoutReward(address,address,uint256) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1112-1121):\n\tExternal calls:\n\t- ! withdrawRewardFor(_from) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1118)\n\t\t- (balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply < paidOut[_account] (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1065)\n\t\t- reward = (balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply - paidOut[_account] (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1068-1069)\n\t\t- ! rewardAccount.payOut(_account,reward) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1070)\n\tState variables written after the call(s):\n\t- transferFrom(_from,_to,_value) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1120)\n\t\t- balances[_to] += _amount (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#120)\n\t\t- balances[_from] -= _amount (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#121)\n\t- transferFrom(_from,_to,_value) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1120)\n\t\t- paidOut[_from] -= transferPaidOut (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1133)\n\t\t- paidOut[_to] += transferPaidOut (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1134)\n", - "markdown": "Reentrancy in [DAO.transferFromWithoutReward(address,address,uint256)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1112-L1121):\n\tExternal calls:\n\t- [! withdrawRewardFor(_from)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1118)\n\t\t- [(balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply < paidOut[_account]](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1065)\n\t\t- [reward = (balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply - paidOut[_account]](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1068-L1069)\n\t\t- [! rewardAccount.payOut(_account,reward)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1070)\n\tState variables written after the call(s):\n\t- [transferFrom(_from,_to,_value)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1120)\n\t\t- [balances[_to] += _amount](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L120)\n\t\t- [balances[_from] -= _amount](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L121)\n\t- [transferFrom(_from,_to,_value)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1120)\n\t\t- [paidOut[_from] -= transferPaidOut](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1133)\n\t\t- [paidOut[_to] += transferPaidOut](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1134)\n", - "first_markdown_element": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1112-L1121", - "id": "b888f2335a7b1a29c1f4940886bfbe26a6277d2dca59310ede3dfdb6f02adeb0", + "description": "Reentrancy in DAO.withdrawRewardFor(address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1064-1074):\n\tExternal calls:\n\t- reward = (balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply - paidOut[_account] (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1068-1069)\n\t- ! rewardAccount.payOut(_account,reward) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1070)\n\tState variables written after the call(s):\n\t- paidOut[_account] += reward (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1072)\n\tDAOInterface.paidOut (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#426) can be used in cross function reentrancies:\n\t- DAO.splitDAO(uint256,address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#947-1020)\n\t- DAO.transferPaidOut(address,address,uint256) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1124-1136)\n\t- DAO.withdrawRewardFor(address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1064-1074)\n\t- DAOInterface.paidOut (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#426)\n", + "markdown": "Reentrancy in [DAO.withdrawRewardFor(address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1064-L1074):\n\tExternal calls:\n\t- [reward = (balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply - paidOut[_account]](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1068-L1069)\n\t- [! rewardAccount.payOut(_account,reward)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1070)\n\tState variables written after the call(s):\n\t- [paidOut[_account] += reward](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1072)\n\t[DAOInterface.paidOut](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L426) can be used in cross function reentrancies:\n\t- [DAO.splitDAO(uint256,address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L947-L1020)\n\t- [DAO.transferPaidOut(address,address,uint256)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1124-L1136)\n\t- [DAO.withdrawRewardFor(address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1064-L1074)\n\t- [DAOInterface.paidOut](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L426)\n", + "first_markdown_element": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1064-L1074", + "id": "2660bfd41b50f556e2d92972f4fe983a0d64930fc55431952f842a5ae8066bc8", "check": "reentrancy-no-eth", "impact": "Medium", "confidence": "Medium" @@ -11978,20 +8017,89 @@ "elements": [ { "type": "function", - "name": "transferWithoutReward", + "name": "splitDAO", "source_mapping": { - "start": 41191, - "length": 175, + "start": 36148, + "length": 2849, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1091, - 1092, - 1093, - 1094, - 1095 + 947, + 948, + 949, + 950, + 951, + 952, + 953, + 954, + 955, + 956, + 957, + 958, + 959, + 960, + 961, + 962, + 963, + 964, + 965, + 966, + 967, + 968, + 969, + 970, + 971, + 972, + 973, + 974, + 975, + 976, + 977, + 978, + 979, + 980, + 981, + 982, + 983, + 984, + 985, + 986, + 987, + 988, + 989, + 990, + 991, + 992, + 993, + 994, + 995, + 996, + 997, + 998, + 999, + 1000, + 1001, + 1002, + 1003, + 1004, + 1005, + 1006, + 1007, + 1008, + 1009, + 1010, + 1011, + 1012, + 1013, + 1014, + 1015, + 1016, + 1017, + 1018, + 1019, + 1020 ], "starting_column": 5, "ending_column": 6 @@ -12543,42 +8651,111 @@ "ending_column": 2 } }, - "signature": "transferWithoutReward(address,uint256)" + "signature": "splitDAO(uint256,address)" } }, { "type": "node", - "name": "! getMyReward()", + "name": "p.splitData[0].newDAO = createNewDAO(_newCurator)", "source_mapping": { - "start": 41288, - "length": 14, + "start": 37159, + "length": 49, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1092 + 974 ], "starting_column": 13, - "ending_column": 27 + "ending_column": 62 }, "type_specific_fields": { "parent": { "type": "function", - "name": "transferWithoutReward", + "name": "splitDAO", "source_mapping": { - "start": 41191, - "length": 175, + "start": 36148, + "length": 2849, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1091, - 1092, - 1093, - 1094, - 1095 + 947, + 948, + 949, + 950, + 951, + 952, + 953, + 954, + 955, + 956, + 957, + 958, + 959, + 960, + 961, + 962, + 963, + 964, + 965, + 966, + 967, + 968, + 969, + 970, + 971, + 972, + 973, + 974, + 975, + 976, + 977, + 978, + 979, + 980, + 981, + 982, + 983, + 984, + 985, + 986, + 987, + 988, + 989, + 990, + 991, + 992, + 993, + 994, + 995, + 996, + 997, + 998, + 999, + 1000, + 1001, + 1002, + 1003, + 1004, + 1005, + 1006, + 1007, + 1008, + 1009, + 1010, + 1011, + 1012, + 1013, + 1014, + 1015, + 1016, + 1017, + 1018, + 1019, + 1020 ], "starting_column": 5, "ending_column": 6 @@ -13130,7 +9307,7 @@ "ending_column": 2 } }, - "signature": "transferWithoutReward(address,uint256)" + "signature": "splitDAO(uint256,address)" } } }, @@ -13140,43 +9317,36 @@ }, { "type": "node", - "name": "(balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply < paidOut[_account]", + "name": "daoCreator.createDAO(_newCurator,0,0,now + splitExecutionPeriod)", "source_mapping": { - "start": 40461, - "length": 90, + "start": 44544, + "length": 74, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1065 + 1196 ], - "starting_column": 13, - "ending_column": 103 + "starting_column": 9, + "ending_column": 83 }, "type_specific_fields": { "parent": { "type": "function", - "name": "withdrawRewardFor", + "name": "createNewDAO", "source_mapping": { - "start": 40361, - "length": 473, + "start": 44427, + "length": 198, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1064, - 1065, - 1066, - 1067, - 1068, - 1069, - 1070, - 1071, - 1072, - 1073, - 1074 + 1194, + 1195, + 1196, + 1197 ], "starting_column": 5, "ending_column": 6 @@ -13728,7 +9898,7 @@ "ending_column": 2 } }, - "signature": "withdrawRewardFor(address)" + "signature": "createNewDAO(address)" } } }, @@ -13738,44 +9908,106 @@ }, { "type": "node", - "name": "reward = (balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply - paidOut[_account]", + "name": "withdrawRewardFor(msg.sender)", "source_mapping": { - "start": 40581, - "length": 116, + "start": 38796, + "length": 29, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1068, - 1069 + 1015 ], "starting_column": 9, - "ending_column": 103 + "ending_column": 38 }, "type_specific_fields": { "parent": { "type": "function", - "name": "withdrawRewardFor", + "name": "splitDAO", "source_mapping": { - "start": 40361, - "length": 473, + "start": 36148, + "length": 2849, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 1064, - 1065, - 1066, - 1067, - 1068, - 1069, - 1070, - 1071, - 1072, - 1073, - 1074 + "is_dependency": false, + "lines": [ + 947, + 948, + 949, + 950, + 951, + 952, + 953, + 954, + 955, + 956, + 957, + 958, + 959, + 960, + 961, + 962, + 963, + 964, + 965, + 966, + 967, + 968, + 969, + 970, + 971, + 972, + 973, + 974, + 975, + 976, + 977, + 978, + 979, + 980, + 981, + 982, + 983, + 984, + 985, + 986, + 987, + 988, + 989, + 990, + 991, + 992, + 993, + 994, + 995, + 996, + 997, + 998, + 999, + 1000, + 1001, + 1002, + 1003, + 1004, + 1005, + 1006, + 1007, + 1008, + 1009, + 1010, + 1011, + 1012, + 1013, + 1014, + 1015, + 1016, + 1017, + 1018, + 1019, + 1020 ], "starting_column": 5, "ending_column": 6 @@ -14327,29 +10559,29 @@ "ending_column": 2 } }, - "signature": "withdrawRewardFor(address)" + "signature": "splitDAO(uint256,address)" } } }, "additional_fields": { - "underlying_type": "external_calls_sending_eth" + "underlying_type": "external_calls" } }, { "type": "node", - "name": "! rewardAccount.payOut(_account,reward)", + "name": "(balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply < paidOut[_account]", "source_mapping": { - "start": 40711, - "length": 39, + "start": 40461, + "length": 90, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1070 + 1065 ], "starting_column": 13, - "ending_column": 52 + "ending_column": 103 }, "type_specific_fields": { "parent": { @@ -14935,37 +11167,44 @@ }, { "type": "node", - "name": "transfer(_to,_value)", + "name": "reward = (balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply - paidOut[_account]", "source_mapping": { - "start": 41331, - "length": 28, + "start": 40581, + "length": 116, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1094 + 1068, + 1069 ], "starting_column": 9, - "ending_column": 37 + "ending_column": 103 }, "type_specific_fields": { "parent": { "type": "function", - "name": "transferWithoutReward", + "name": "withdrawRewardFor", "source_mapping": { - "start": 41191, - "length": 175, + "start": 40361, + "length": 473, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1091, - 1092, - 1093, - 1094, - 1095 + 1064, + 1065, + 1066, + 1067, + 1068, + 1069, + 1070, + 1071, + 1072, + 1073, + 1074 ], "starting_column": 5, "ending_column": 6 @@ -15517,171 +11756,53 @@ "ending_column": 2 } }, - "signature": "transferWithoutReward(address,uint256)" - } - } - }, - "additional_fields": { - "underlying_type": "variables_written", - "variable_name": "balances" - } - }, - { - "type": "node", - "name": "balances[msg.sender] -= _amount", - "source_mapping": { - "start": 3920, - "length": 31, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 101 - ], - "starting_column": 13, - "ending_column": 44 - }, - "type_specific_fields": { - "parent": { - "type": "function", - "name": "transfer", - "source_mapping": { - "start": 3765, - "length": 356, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 99, - 100, - 101, - 102, - 103, - 104, - 105, - 106, - 107, - 108 - ], - "starting_column": 5, - "ending_column": 6 - }, - "type_specific_fields": { - "parent": { - "type": "contract", - "name": "Token", - "source_mapping": { - "start": 3440, - "length": 1550, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 90, - 91, - 92, - 93, - 94, - 95, - 96, - 97, - 98, - 99, - 100, - 101, - 102, - 103, - 104, - 105, - 106, - 107, - 108, - 109, - 110, - 111, - 112, - 113, - 114, - 115, - 116, - 117, - 118, - 119, - 120, - 121, - 122, - 123, - 124, - 125, - 126, - 127, - 128, - 129, - 130, - 131, - 132, - 133, - 134, - 135, - 136, - 137, - 138, - 139 - ], - "starting_column": 1, - "ending_column": 2 - } - }, - "signature": "transfer(address,uint256)" + "signature": "withdrawRewardFor(address)" } } }, "additional_fields": { - "underlying_type": "variables_written", - "variable_name": "balances" + "underlying_type": "external_calls_sending_eth" } }, { "type": "node", - "name": "balances[_to] += _amount", + "name": "! rewardAccount.payOut(_account,reward)", "source_mapping": { - "start": 3965, - "length": 24, + "start": 40711, + "length": 39, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 102 + 1070 ], "starting_column": 13, - "ending_column": 37 + "ending_column": 52 }, "type_specific_fields": { "parent": { "type": "function", - "name": "transfer", + "name": "withdrawRewardFor", "source_mapping": { - "start": 3765, - "length": 356, + "start": 40361, + "length": 473, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 99, - 100, - 101, - 102, - 103, - 104, - 105, - 106, - 107, - 108 + 1064, + 1065, + 1066, + 1067, + 1068, + 1069, + 1070, + 1071, + 1072, + 1073, + 1074 ], "starting_column": 5, "ending_column": 6 @@ -15689,112 +11810,660 @@ "type_specific_fields": { "parent": { "type": "contract", - "name": "Token", + "name": "DAO", "source_mapping": { - "start": 3440, - "length": 1550, + "start": 28296, + "length": 17108, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 90, - 91, - 92, - 93, - 94, - 95, - 96, - 97, - 98, - 99, - 100, - 101, - 102, - 103, - 104, - 105, - 106, - 107, - 108, - 109, - 110, - 111, - 112, - 113, - 114, - 115, - 116, - 117, - 118, - 119, - 120, - 121, - 122, - 123, - 124, - 125, - 126, - 127, - 128, - 129, - 130, - 131, - 132, - 133, - 134, - 135, - 136, - 137, - 138, - 139 + 694, + 695, + 696, + 697, + 698, + 699, + 700, + 701, + 702, + 703, + 704, + 705, + 706, + 707, + 708, + 709, + 710, + 711, + 712, + 713, + 714, + 715, + 716, + 717, + 718, + 719, + 720, + 721, + 722, + 723, + 724, + 725, + 726, + 727, + 728, + 729, + 730, + 731, + 732, + 733, + 734, + 735, + 736, + 737, + 738, + 739, + 740, + 741, + 742, + 743, + 744, + 745, + 746, + 747, + 748, + 749, + 750, + 751, + 752, + 753, + 754, + 755, + 756, + 757, + 758, + 759, + 760, + 761, + 762, + 763, + 764, + 765, + 766, + 767, + 768, + 769, + 770, + 771, + 772, + 773, + 774, + 775, + 776, + 777, + 778, + 779, + 780, + 781, + 782, + 783, + 784, + 785, + 786, + 787, + 788, + 789, + 790, + 791, + 792, + 793, + 794, + 795, + 796, + 797, + 798, + 799, + 800, + 801, + 802, + 803, + 804, + 805, + 806, + 807, + 808, + 809, + 810, + 811, + 812, + 813, + 814, + 815, + 816, + 817, + 818, + 819, + 820, + 821, + 822, + 823, + 824, + 825, + 826, + 827, + 828, + 829, + 830, + 831, + 832, + 833, + 834, + 835, + 836, + 837, + 838, + 839, + 840, + 841, + 842, + 843, + 844, + 845, + 846, + 847, + 848, + 849, + 850, + 851, + 852, + 853, + 854, + 855, + 856, + 857, + 858, + 859, + 860, + 861, + 862, + 863, + 864, + 865, + 866, + 867, + 868, + 869, + 870, + 871, + 872, + 873, + 874, + 875, + 876, + 877, + 878, + 879, + 880, + 881, + 882, + 883, + 884, + 885, + 886, + 887, + 888, + 889, + 890, + 891, + 892, + 893, + 894, + 895, + 896, + 897, + 898, + 899, + 900, + 901, + 902, + 903, + 904, + 905, + 906, + 907, + 908, + 909, + 910, + 911, + 912, + 913, + 914, + 915, + 916, + 917, + 918, + 919, + 920, + 921, + 922, + 923, + 924, + 925, + 926, + 927, + 928, + 929, + 930, + 931, + 932, + 933, + 934, + 935, + 936, + 937, + 938, + 939, + 940, + 941, + 942, + 943, + 944, + 945, + 946, + 947, + 948, + 949, + 950, + 951, + 952, + 953, + 954, + 955, + 956, + 957, + 958, + 959, + 960, + 961, + 962, + 963, + 964, + 965, + 966, + 967, + 968, + 969, + 970, + 971, + 972, + 973, + 974, + 975, + 976, + 977, + 978, + 979, + 980, + 981, + 982, + 983, + 984, + 985, + 986, + 987, + 988, + 989, + 990, + 991, + 992, + 993, + 994, + 995, + 996, + 997, + 998, + 999, + 1000, + 1001, + 1002, + 1003, + 1004, + 1005, + 1006, + 1007, + 1008, + 1009, + 1010, + 1011, + 1012, + 1013, + 1014, + 1015, + 1016, + 1017, + 1018, + 1019, + 1020, + 1021, + 1022, + 1023, + 1024, + 1025, + 1026, + 1027, + 1028, + 1029, + 1030, + 1031, + 1032, + 1033, + 1034, + 1035, + 1036, + 1037, + 1038, + 1039, + 1040, + 1041, + 1042, + 1043, + 1044, + 1045, + 1046, + 1047, + 1048, + 1049, + 1050, + 1051, + 1052, + 1053, + 1054, + 1055, + 1056, + 1057, + 1058, + 1059, + 1060, + 1061, + 1062, + 1063, + 1064, + 1065, + 1066, + 1067, + 1068, + 1069, + 1070, + 1071, + 1072, + 1073, + 1074, + 1075, + 1076, + 1077, + 1078, + 1079, + 1080, + 1081, + 1082, + 1083, + 1084, + 1085, + 1086, + 1087, + 1088, + 1089, + 1090, + 1091, + 1092, + 1093, + 1094, + 1095, + 1096, + 1097, + 1098, + 1099, + 1100, + 1101, + 1102, + 1103, + 1104, + 1105, + 1106, + 1107, + 1108, + 1109, + 1110, + 1111, + 1112, + 1113, + 1114, + 1115, + 1116, + 1117, + 1118, + 1119, + 1120, + 1121, + 1122, + 1123, + 1124, + 1125, + 1126, + 1127, + 1128, + 1129, + 1130, + 1131, + 1132, + 1133, + 1134, + 1135, + 1136, + 1137, + 1138, + 1139, + 1140, + 1141, + 1142, + 1143, + 1144, + 1145, + 1146, + 1147, + 1148, + 1149, + 1150, + 1151, + 1152, + 1153, + 1154, + 1155, + 1156, + 1157, + 1158, + 1159, + 1160, + 1161, + 1162, + 1163, + 1164, + 1165, + 1166, + 1167, + 1168, + 1169, + 1170, + 1171, + 1172, + 1173, + 1174, + 1175, + 1176, + 1177, + 1178, + 1179, + 1180, + 1181, + 1182, + 1183, + 1184, + 1185, + 1186, + 1187, + 1188, + 1189, + 1190, + 1191, + 1192, + 1193, + 1194, + 1195, + 1196, + 1197, + 1198, + 1199, + 1200, + 1201, + 1202, + 1203, + 1204, + 1205, + 1206, + 1207, + 1208, + 1209, + 1210, + 1211, + 1212, + 1213, + 1214, + 1215, + 1216, + 1217, + 1218, + 1219, + 1220, + 1221, + 1222, + 1223 ], "starting_column": 1, "ending_column": 2 } }, - "signature": "transfer(address,uint256)" + "signature": "withdrawRewardFor(address)" } } }, "additional_fields": { - "underlying_type": "variables_written", - "variable_name": "balances" + "underlying_type": "external_calls_sending_eth" } }, { "type": "node", - "name": "transfer(_to,_value)", + "name": "balances[msg.sender] = 0", "source_mapping": { - "start": 41331, - "length": 28, + "start": 38912, + "length": 24, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1094 + 1017 ], "starting_column": 9, - "ending_column": 37 + "ending_column": 33 }, "type_specific_fields": { "parent": { "type": "function", - "name": "transferWithoutReward", + "name": "splitDAO", "source_mapping": { - "start": 41191, - "length": 175, + "start": 36148, + "length": 2849, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1091, - 1092, - 1093, - 1094, - 1095 + 947, + 948, + 949, + 950, + 951, + 952, + 953, + 954, + 955, + 956, + 957, + 958, + 959, + 960, + 961, + 962, + 963, + 964, + 965, + 966, + 967, + 968, + 969, + 970, + 971, + 972, + 973, + 974, + 975, + 976, + 977, + 978, + 979, + 980, + 981, + 982, + 983, + 984, + 985, + 986, + 987, + 988, + 989, + 990, + 991, + 992, + 993, + 994, + 995, + 996, + 997, + 998, + 999, + 1000, + 1001, + 1002, + 1003, + 1004, + 1005, + 1006, + 1007, + 1008, + 1009, + 1010, + 1011, + 1012, + 1013, + 1014, + 1015, + 1016, + 1017, + 1018, + 1019, + 1020 ], "starting_column": 5, "ending_column": 6 @@ -16346,56 +13015,117 @@ "ending_column": 2 } }, - "signature": "transferWithoutReward(address,uint256)" + "signature": "splitDAO(uint256,address)" } } }, "additional_fields": { "underlying_type": "variables_written", - "variable_name": "paidOut" + "variable_name": "balances" } }, { "type": "node", - "name": "paidOut[_from] -= transferPaidOut", + "name": "paidOut[msg.sender] = 0", "source_mapping": { - "start": 42279, - "length": 33, + "start": 38946, + "length": 23, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1133 + 1018 ], "starting_column": 9, - "ending_column": 42 + "ending_column": 32 }, "type_specific_fields": { "parent": { "type": "function", - "name": "transferPaidOut", + "name": "splitDAO", "source_mapping": { - "start": 41997, - "length": 384, + "start": 36148, + "length": 2849, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1124, - 1125, - 1126, - 1127, - 1128, - 1129, - 1130, - 1131, - 1132, - 1133, - 1134, - 1135, - 1136 + 947, + 948, + 949, + 950, + 951, + 952, + 953, + 954, + 955, + 956, + 957, + 958, + 959, + 960, + 961, + 962, + 963, + 964, + 965, + 966, + 967, + 968, + 969, + 970, + 971, + 972, + 973, + 974, + 975, + 976, + 977, + 978, + 979, + 980, + 981, + 982, + 983, + 984, + 985, + 986, + 987, + 988, + 989, + 990, + 991, + 992, + 993, + 994, + 995, + 996, + 997, + 998, + 999, + 1000, + 1001, + 1002, + 1003, + 1004, + 1005, + 1006, + 1007, + 1008, + 1009, + 1010, + 1011, + 1012, + 1013, + 1014, + 1015, + 1016, + 1017, + 1018, + 1019, + 1020 ], "starting_column": 5, "ending_column": 6 @@ -16947,7 +13677,7 @@ "ending_column": 2 } }, - "signature": "transferPaidOut(address,address,uint256)" + "signature": "splitDAO(uint256,address)" } } }, @@ -16958,45 +13688,106 @@ }, { "type": "node", - "name": "paidOut[_to] += transferPaidOut", + "name": "totalSupply -= balances[msg.sender]", "source_mapping": { - "start": 42322, - "length": 31, + "start": 38867, + "length": 35, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1134 + 1016 ], "starting_column": 9, - "ending_column": 40 + "ending_column": 44 }, "type_specific_fields": { "parent": { "type": "function", - "name": "transferPaidOut", + "name": "splitDAO", "source_mapping": { - "start": 41997, - "length": 384, + "start": 36148, + "length": 2849, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1124, - 1125, - 1126, - 1127, - 1128, - 1129, - 1130, - 1131, - 1132, - 1133, - 1134, - 1135, - 1136 + 947, + 948, + 949, + 950, + 951, + 952, + 953, + 954, + 955, + 956, + 957, + 958, + 959, + 960, + 961, + 962, + 963, + 964, + 965, + 966, + 967, + 968, + 969, + 970, + 971, + 972, + 973, + 974, + 975, + 976, + 977, + 978, + 979, + 980, + 981, + 982, + 983, + 984, + 985, + 986, + 987, + 988, + 989, + 990, + 991, + 992, + 993, + 994, + 995, + 996, + 997, + 998, + 999, + 1000, + 1001, + 1002, + 1003, + 1004, + 1005, + 1006, + 1007, + 1008, + 1009, + 1010, + 1011, + 1012, + 1013, + 1014, + 1015, + 1016, + 1017, + 1018, + 1019, + 1020 ], "starting_column": 5, "ending_column": 6 @@ -17548,111 +14339,42 @@ "ending_column": 2 } }, - "signature": "transferPaidOut(address,address,uint256)" + "signature": "splitDAO(uint256,address)" } } }, "additional_fields": { "underlying_type": "variables_written", - "variable_name": "paidOut" - } - } - ], - "description": "Reentrancy in DAO.transferWithoutReward(address,uint256) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1091-1095):\n\tExternal calls:\n\t- ! getMyReward() (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1092)\n\t\t- (balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply < paidOut[_account] (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1065)\n\t\t- reward = (balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply - paidOut[_account] (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1068-1069)\n\t\t- ! rewardAccount.payOut(_account,reward) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1070)\n\tState variables written after the call(s):\n\t- transfer(_to,_value) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1094)\n\t\t- balances[msg.sender] -= _amount (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#101)\n\t\t- balances[_to] += _amount (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#102)\n\t- transfer(_to,_value) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1094)\n\t\t- paidOut[_from] -= transferPaidOut (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1133)\n\t\t- paidOut[_to] += transferPaidOut (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1134)\n", - "markdown": "Reentrancy in [DAO.transferWithoutReward(address,uint256)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1091-L1095):\n\tExternal calls:\n\t- [! getMyReward()](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1092)\n\t\t- [(balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply < paidOut[_account]](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1065)\n\t\t- [reward = (balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply - paidOut[_account]](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1068-L1069)\n\t\t- [! rewardAccount.payOut(_account,reward)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1070)\n\tState variables written after the call(s):\n\t- [transfer(_to,_value)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1094)\n\t\t- [balances[msg.sender] -= _amount](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L101)\n\t\t- [balances[_to] += _amount](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L102)\n\t- [transfer(_to,_value)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1094)\n\t\t- [paidOut[_from] -= transferPaidOut](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1133)\n\t\t- [paidOut[_to] += transferPaidOut](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1134)\n", - "first_markdown_element": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1091-L1095", - "id": "bb78c66126a39c10a22c2be95caccd1bc16b010bc959bdeb23bdc1d728654eea", - "check": "reentrancy-no-eth", - "impact": "Medium", - "confidence": "Medium" - }, - { - "elements": [ - { - "type": "function", - "name": "splitDAO", - "source_mapping": { - "start": 36148, - "length": 2849, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 947, - 948, - 949, - 950, - 951, - 952, - 953, - 954, - 955, - 956, - 957, - 958, - 959, - 960, - 961, - 962, - 963, - 964, - 965, - 966, - 967, - 968, - 969, - 970, - 971, - 972, - 973, - 974, - 975, - 976, - 977, - 978, - 979, - 980, - 981, - 982, - 983, - 984, - 985, - 986, - 987, - 988, - 989, - 990, - 991, - 992, - 993, - 994, - 995, - 996, - 997, - 998, - 999, - 1000, - 1001, - 1002, - 1003, - 1004, - 1005, - 1006, - 1007, - 1008, - 1009, - 1010, - 1011, - 1012, - 1013, - 1014, - 1015, - 1016, - 1017, - 1018, - 1019, - 1020 + "variable_name": "totalSupply" + } + } + ], + "description": "Reentrancy in DAO.splitDAO(uint256,address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#947-1020):\n\tExternal calls:\n\t- p.splitData[0].newDAO = createNewDAO(_newCurator) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#974)\n\t\t- daoCreator.createDAO(_newCurator,0,0,now + splitExecutionPeriod) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1196)\n\t- withdrawRewardFor(msg.sender) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1015)\n\t\t- (balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply < paidOut[_account] (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1065)\n\t\t- reward = (balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply - paidOut[_account] (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1068-1069)\n\t\t- ! rewardAccount.payOut(_account,reward) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1070)\n\tState variables written after the call(s):\n\t- balances[msg.sender] = 0 (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1017)\n\tTokenInterface.balances (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#41) can be used in cross function reentrancies:\n\t- Token.transfer(address,uint256) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#99-108)\n\t- TokenCreation.createTokenProxy(address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#299-316)\n\t- DAO.splitDAO(uint256,address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#947-1020)\n\t- DAO.vote(uint256,bool) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#820-850)\n\t- Token.balanceOf(address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#95-97)\n\t- TokenCreation.refund() (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#318-332)\n\t- Token.transferFrom(address,address,uint256) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#110-128)\n\t- paidOut[msg.sender] = 0 (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1018)\n\tDAOInterface.paidOut (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#426) can be used in cross function reentrancies:\n\t- DAO.splitDAO(uint256,address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#947-1020)\n\t- DAO.transferPaidOut(address,address,uint256) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1124-1136)\n\t- DAO.withdrawRewardFor(address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1064-1074)\n\t- DAOInterface.paidOut (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#426)\n\t- totalSupply -= balances[msg.sender] (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1016)\n\tTokenInterface.totalSupply (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#45) can be used in cross function reentrancies:\n\t- TokenCreation.createTokenProxy(address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#299-316)\n\t- DAO.splitDAO(uint256,address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#947-1020)\n\t- DAO.minQuorum(uint256) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1174-1178)\n\t- TokenInterface.totalSupply (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#45)\n\t- DAO.executeProposal(uint256,bytes) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#853-937)\n\t- DAO.withdrawRewardFor(address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1064-1074)\n\t- TokenCreation.refund() (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#318-332)\n", + "markdown": "Reentrancy in [DAO.splitDAO(uint256,address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L947-L1020):\n\tExternal calls:\n\t- [p.splitData[0].newDAO = createNewDAO(_newCurator)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L974)\n\t\t- [daoCreator.createDAO(_newCurator,0,0,now + splitExecutionPeriod)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1196)\n\t- [withdrawRewardFor(msg.sender)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1015)\n\t\t- [(balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply < paidOut[_account]](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1065)\n\t\t- [reward = (balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply - paidOut[_account]](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1068-L1069)\n\t\t- [! rewardAccount.payOut(_account,reward)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1070)\n\tState variables written after the call(s):\n\t- [balances[msg.sender] = 0](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1017)\n\t[TokenInterface.balances](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L41) can be used in cross function reentrancies:\n\t- [Token.transfer(address,uint256)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L99-L108)\n\t- [TokenCreation.createTokenProxy(address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L299-L316)\n\t- [DAO.splitDAO(uint256,address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L947-L1020)\n\t- [DAO.vote(uint256,bool)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L820-L850)\n\t- [Token.balanceOf(address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L95-L97)\n\t- [TokenCreation.refund()](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L318-L332)\n\t- [Token.transferFrom(address,address,uint256)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L110-L128)\n\t- [paidOut[msg.sender] = 0](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1018)\n\t[DAOInterface.paidOut](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L426) can be used in cross function reentrancies:\n\t- [DAO.splitDAO(uint256,address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L947-L1020)\n\t- [DAO.transferPaidOut(address,address,uint256)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1124-L1136)\n\t- [DAO.withdrawRewardFor(address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1064-L1074)\n\t- [DAOInterface.paidOut](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L426)\n\t- [totalSupply -= balances[msg.sender]](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1016)\n\t[TokenInterface.totalSupply](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L45) can be used in cross function reentrancies:\n\t- [TokenCreation.createTokenProxy(address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L299-L316)\n\t- [DAO.splitDAO(uint256,address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L947-L1020)\n\t- [DAO.minQuorum(uint256)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1174-L1178)\n\t- [TokenInterface.totalSupply](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L45)\n\t- [DAO.executeProposal(uint256,bytes)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L853-L937)\n\t- [DAO.withdrawRewardFor(address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1064-L1074)\n\t- [TokenCreation.refund()](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L318-L332)\n", + "first_markdown_element": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L947-L1020", + "id": "42a79513e1c7098fa23ca86561e61190d6d20dd43429f0392174bd44954abf98", + "check": "reentrancy-no-eth", + "impact": "Medium", + "confidence": "Medium" + }, + { + "elements": [ + { + "type": "function", + "name": "transferWithoutReward", + "source_mapping": { + "start": 41191, + "length": 175, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 1091, + 1092, + 1093, + 1094, + 1095 ], "starting_column": 5, "ending_column": 6 @@ -18049,266 +14771,1394 @@ 1071, 1072, 1073, - 1074, - 1075, - 1076, - 1077, - 1078, - 1079, - 1080, - 1081, - 1082, - 1083, - 1084, - 1085, - 1086, - 1087, - 1088, - 1089, - 1090, - 1091, - 1092, - 1093, - 1094, - 1095, - 1096, - 1097, - 1098, - 1099, - 1100, - 1101, - 1102, - 1103, - 1104, - 1105, - 1106, - 1107, - 1108, - 1109, - 1110, - 1111, - 1112, - 1113, - 1114, - 1115, - 1116, - 1117, - 1118, - 1119, - 1120, - 1121, - 1122, - 1123, - 1124, - 1125, - 1126, - 1127, - 1128, - 1129, - 1130, - 1131, - 1132, - 1133, - 1134, - 1135, - 1136, - 1137, - 1138, - 1139, - 1140, - 1141, - 1142, - 1143, - 1144, - 1145, - 1146, - 1147, - 1148, - 1149, - 1150, - 1151, - 1152, - 1153, - 1154, - 1155, - 1156, - 1157, - 1158, - 1159, - 1160, - 1161, - 1162, - 1163, - 1164, - 1165, - 1166, - 1167, - 1168, - 1169, - 1170, - 1171, - 1172, - 1173, - 1174, - 1175, - 1176, - 1177, - 1178, - 1179, - 1180, - 1181, - 1182, - 1183, - 1184, - 1185, - 1186, - 1187, - 1188, - 1189, - 1190, - 1191, - 1192, - 1193, - 1194, - 1195, - 1196, - 1197, - 1198, - 1199, - 1200, - 1201, - 1202, - 1203, - 1204, - 1205, - 1206, - 1207, - 1208, - 1209, - 1210, - 1211, - 1212, - 1213, - 1214, - 1215, - 1216, - 1217, - 1218, - 1219, - 1220, - 1221, - 1222, - 1223 + 1074, + 1075, + 1076, + 1077, + 1078, + 1079, + 1080, + 1081, + 1082, + 1083, + 1084, + 1085, + 1086, + 1087, + 1088, + 1089, + 1090, + 1091, + 1092, + 1093, + 1094, + 1095, + 1096, + 1097, + 1098, + 1099, + 1100, + 1101, + 1102, + 1103, + 1104, + 1105, + 1106, + 1107, + 1108, + 1109, + 1110, + 1111, + 1112, + 1113, + 1114, + 1115, + 1116, + 1117, + 1118, + 1119, + 1120, + 1121, + 1122, + 1123, + 1124, + 1125, + 1126, + 1127, + 1128, + 1129, + 1130, + 1131, + 1132, + 1133, + 1134, + 1135, + 1136, + 1137, + 1138, + 1139, + 1140, + 1141, + 1142, + 1143, + 1144, + 1145, + 1146, + 1147, + 1148, + 1149, + 1150, + 1151, + 1152, + 1153, + 1154, + 1155, + 1156, + 1157, + 1158, + 1159, + 1160, + 1161, + 1162, + 1163, + 1164, + 1165, + 1166, + 1167, + 1168, + 1169, + 1170, + 1171, + 1172, + 1173, + 1174, + 1175, + 1176, + 1177, + 1178, + 1179, + 1180, + 1181, + 1182, + 1183, + 1184, + 1185, + 1186, + 1187, + 1188, + 1189, + 1190, + 1191, + 1192, + 1193, + 1194, + 1195, + 1196, + 1197, + 1198, + 1199, + 1200, + 1201, + 1202, + 1203, + 1204, + 1205, + 1206, + 1207, + 1208, + 1209, + 1210, + 1211, + 1212, + 1213, + 1214, + 1215, + 1216, + 1217, + 1218, + 1219, + 1220, + 1221, + 1222, + 1223 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "transferWithoutReward(address,uint256)" + } + }, + { + "type": "node", + "name": "! getMyReward()", + "source_mapping": { + "start": 41288, + "length": 14, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 1092 + ], + "starting_column": 13, + "ending_column": 27 + }, + "type_specific_fields": { + "parent": { + "type": "function", + "name": "transferWithoutReward", + "source_mapping": { + "start": 41191, + "length": 175, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 1091, + 1092, + 1093, + 1094, + 1095 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "DAO", + "source_mapping": { + "start": 28296, + "length": 17108, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 694, + 695, + 696, + 697, + 698, + 699, + 700, + 701, + 702, + 703, + 704, + 705, + 706, + 707, + 708, + 709, + 710, + 711, + 712, + 713, + 714, + 715, + 716, + 717, + 718, + 719, + 720, + 721, + 722, + 723, + 724, + 725, + 726, + 727, + 728, + 729, + 730, + 731, + 732, + 733, + 734, + 735, + 736, + 737, + 738, + 739, + 740, + 741, + 742, + 743, + 744, + 745, + 746, + 747, + 748, + 749, + 750, + 751, + 752, + 753, + 754, + 755, + 756, + 757, + 758, + 759, + 760, + 761, + 762, + 763, + 764, + 765, + 766, + 767, + 768, + 769, + 770, + 771, + 772, + 773, + 774, + 775, + 776, + 777, + 778, + 779, + 780, + 781, + 782, + 783, + 784, + 785, + 786, + 787, + 788, + 789, + 790, + 791, + 792, + 793, + 794, + 795, + 796, + 797, + 798, + 799, + 800, + 801, + 802, + 803, + 804, + 805, + 806, + 807, + 808, + 809, + 810, + 811, + 812, + 813, + 814, + 815, + 816, + 817, + 818, + 819, + 820, + 821, + 822, + 823, + 824, + 825, + 826, + 827, + 828, + 829, + 830, + 831, + 832, + 833, + 834, + 835, + 836, + 837, + 838, + 839, + 840, + 841, + 842, + 843, + 844, + 845, + 846, + 847, + 848, + 849, + 850, + 851, + 852, + 853, + 854, + 855, + 856, + 857, + 858, + 859, + 860, + 861, + 862, + 863, + 864, + 865, + 866, + 867, + 868, + 869, + 870, + 871, + 872, + 873, + 874, + 875, + 876, + 877, + 878, + 879, + 880, + 881, + 882, + 883, + 884, + 885, + 886, + 887, + 888, + 889, + 890, + 891, + 892, + 893, + 894, + 895, + 896, + 897, + 898, + 899, + 900, + 901, + 902, + 903, + 904, + 905, + 906, + 907, + 908, + 909, + 910, + 911, + 912, + 913, + 914, + 915, + 916, + 917, + 918, + 919, + 920, + 921, + 922, + 923, + 924, + 925, + 926, + 927, + 928, + 929, + 930, + 931, + 932, + 933, + 934, + 935, + 936, + 937, + 938, + 939, + 940, + 941, + 942, + 943, + 944, + 945, + 946, + 947, + 948, + 949, + 950, + 951, + 952, + 953, + 954, + 955, + 956, + 957, + 958, + 959, + 960, + 961, + 962, + 963, + 964, + 965, + 966, + 967, + 968, + 969, + 970, + 971, + 972, + 973, + 974, + 975, + 976, + 977, + 978, + 979, + 980, + 981, + 982, + 983, + 984, + 985, + 986, + 987, + 988, + 989, + 990, + 991, + 992, + 993, + 994, + 995, + 996, + 997, + 998, + 999, + 1000, + 1001, + 1002, + 1003, + 1004, + 1005, + 1006, + 1007, + 1008, + 1009, + 1010, + 1011, + 1012, + 1013, + 1014, + 1015, + 1016, + 1017, + 1018, + 1019, + 1020, + 1021, + 1022, + 1023, + 1024, + 1025, + 1026, + 1027, + 1028, + 1029, + 1030, + 1031, + 1032, + 1033, + 1034, + 1035, + 1036, + 1037, + 1038, + 1039, + 1040, + 1041, + 1042, + 1043, + 1044, + 1045, + 1046, + 1047, + 1048, + 1049, + 1050, + 1051, + 1052, + 1053, + 1054, + 1055, + 1056, + 1057, + 1058, + 1059, + 1060, + 1061, + 1062, + 1063, + 1064, + 1065, + 1066, + 1067, + 1068, + 1069, + 1070, + 1071, + 1072, + 1073, + 1074, + 1075, + 1076, + 1077, + 1078, + 1079, + 1080, + 1081, + 1082, + 1083, + 1084, + 1085, + 1086, + 1087, + 1088, + 1089, + 1090, + 1091, + 1092, + 1093, + 1094, + 1095, + 1096, + 1097, + 1098, + 1099, + 1100, + 1101, + 1102, + 1103, + 1104, + 1105, + 1106, + 1107, + 1108, + 1109, + 1110, + 1111, + 1112, + 1113, + 1114, + 1115, + 1116, + 1117, + 1118, + 1119, + 1120, + 1121, + 1122, + 1123, + 1124, + 1125, + 1126, + 1127, + 1128, + 1129, + 1130, + 1131, + 1132, + 1133, + 1134, + 1135, + 1136, + 1137, + 1138, + 1139, + 1140, + 1141, + 1142, + 1143, + 1144, + 1145, + 1146, + 1147, + 1148, + 1149, + 1150, + 1151, + 1152, + 1153, + 1154, + 1155, + 1156, + 1157, + 1158, + 1159, + 1160, + 1161, + 1162, + 1163, + 1164, + 1165, + 1166, + 1167, + 1168, + 1169, + 1170, + 1171, + 1172, + 1173, + 1174, + 1175, + 1176, + 1177, + 1178, + 1179, + 1180, + 1181, + 1182, + 1183, + 1184, + 1185, + 1186, + 1187, + 1188, + 1189, + 1190, + 1191, + 1192, + 1193, + 1194, + 1195, + 1196, + 1197, + 1198, + 1199, + 1200, + 1201, + 1202, + 1203, + 1204, + 1205, + 1206, + 1207, + 1208, + 1209, + 1210, + 1211, + 1212, + 1213, + 1214, + 1215, + 1216, + 1217, + 1218, + 1219, + 1220, + 1221, + 1222, + 1223 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "transferWithoutReward(address,uint256)" + } + } + }, + "additional_fields": { + "underlying_type": "external_calls" + } + }, + { + "type": "node", + "name": "(balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply < paidOut[_account]", + "source_mapping": { + "start": 40461, + "length": 90, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 1065 + ], + "starting_column": 13, + "ending_column": 103 + }, + "type_specific_fields": { + "parent": { + "type": "function", + "name": "withdrawRewardFor", + "source_mapping": { + "start": 40361, + "length": 473, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 1064, + 1065, + 1066, + 1067, + 1068, + 1069, + 1070, + 1071, + 1072, + 1073, + 1074 ], - "starting_column": 1, - "ending_column": 2 + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "DAO", + "source_mapping": { + "start": 28296, + "length": 17108, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 694, + 695, + 696, + 697, + 698, + 699, + 700, + 701, + 702, + 703, + 704, + 705, + 706, + 707, + 708, + 709, + 710, + 711, + 712, + 713, + 714, + 715, + 716, + 717, + 718, + 719, + 720, + 721, + 722, + 723, + 724, + 725, + 726, + 727, + 728, + 729, + 730, + 731, + 732, + 733, + 734, + 735, + 736, + 737, + 738, + 739, + 740, + 741, + 742, + 743, + 744, + 745, + 746, + 747, + 748, + 749, + 750, + 751, + 752, + 753, + 754, + 755, + 756, + 757, + 758, + 759, + 760, + 761, + 762, + 763, + 764, + 765, + 766, + 767, + 768, + 769, + 770, + 771, + 772, + 773, + 774, + 775, + 776, + 777, + 778, + 779, + 780, + 781, + 782, + 783, + 784, + 785, + 786, + 787, + 788, + 789, + 790, + 791, + 792, + 793, + 794, + 795, + 796, + 797, + 798, + 799, + 800, + 801, + 802, + 803, + 804, + 805, + 806, + 807, + 808, + 809, + 810, + 811, + 812, + 813, + 814, + 815, + 816, + 817, + 818, + 819, + 820, + 821, + 822, + 823, + 824, + 825, + 826, + 827, + 828, + 829, + 830, + 831, + 832, + 833, + 834, + 835, + 836, + 837, + 838, + 839, + 840, + 841, + 842, + 843, + 844, + 845, + 846, + 847, + 848, + 849, + 850, + 851, + 852, + 853, + 854, + 855, + 856, + 857, + 858, + 859, + 860, + 861, + 862, + 863, + 864, + 865, + 866, + 867, + 868, + 869, + 870, + 871, + 872, + 873, + 874, + 875, + 876, + 877, + 878, + 879, + 880, + 881, + 882, + 883, + 884, + 885, + 886, + 887, + 888, + 889, + 890, + 891, + 892, + 893, + 894, + 895, + 896, + 897, + 898, + 899, + 900, + 901, + 902, + 903, + 904, + 905, + 906, + 907, + 908, + 909, + 910, + 911, + 912, + 913, + 914, + 915, + 916, + 917, + 918, + 919, + 920, + 921, + 922, + 923, + 924, + 925, + 926, + 927, + 928, + 929, + 930, + 931, + 932, + 933, + 934, + 935, + 936, + 937, + 938, + 939, + 940, + 941, + 942, + 943, + 944, + 945, + 946, + 947, + 948, + 949, + 950, + 951, + 952, + 953, + 954, + 955, + 956, + 957, + 958, + 959, + 960, + 961, + 962, + 963, + 964, + 965, + 966, + 967, + 968, + 969, + 970, + 971, + 972, + 973, + 974, + 975, + 976, + 977, + 978, + 979, + 980, + 981, + 982, + 983, + 984, + 985, + 986, + 987, + 988, + 989, + 990, + 991, + 992, + 993, + 994, + 995, + 996, + 997, + 998, + 999, + 1000, + 1001, + 1002, + 1003, + 1004, + 1005, + 1006, + 1007, + 1008, + 1009, + 1010, + 1011, + 1012, + 1013, + 1014, + 1015, + 1016, + 1017, + 1018, + 1019, + 1020, + 1021, + 1022, + 1023, + 1024, + 1025, + 1026, + 1027, + 1028, + 1029, + 1030, + 1031, + 1032, + 1033, + 1034, + 1035, + 1036, + 1037, + 1038, + 1039, + 1040, + 1041, + 1042, + 1043, + 1044, + 1045, + 1046, + 1047, + 1048, + 1049, + 1050, + 1051, + 1052, + 1053, + 1054, + 1055, + 1056, + 1057, + 1058, + 1059, + 1060, + 1061, + 1062, + 1063, + 1064, + 1065, + 1066, + 1067, + 1068, + 1069, + 1070, + 1071, + 1072, + 1073, + 1074, + 1075, + 1076, + 1077, + 1078, + 1079, + 1080, + 1081, + 1082, + 1083, + 1084, + 1085, + 1086, + 1087, + 1088, + 1089, + 1090, + 1091, + 1092, + 1093, + 1094, + 1095, + 1096, + 1097, + 1098, + 1099, + 1100, + 1101, + 1102, + 1103, + 1104, + 1105, + 1106, + 1107, + 1108, + 1109, + 1110, + 1111, + 1112, + 1113, + 1114, + 1115, + 1116, + 1117, + 1118, + 1119, + 1120, + 1121, + 1122, + 1123, + 1124, + 1125, + 1126, + 1127, + 1128, + 1129, + 1130, + 1131, + 1132, + 1133, + 1134, + 1135, + 1136, + 1137, + 1138, + 1139, + 1140, + 1141, + 1142, + 1143, + 1144, + 1145, + 1146, + 1147, + 1148, + 1149, + 1150, + 1151, + 1152, + 1153, + 1154, + 1155, + 1156, + 1157, + 1158, + 1159, + 1160, + 1161, + 1162, + 1163, + 1164, + 1165, + 1166, + 1167, + 1168, + 1169, + 1170, + 1171, + 1172, + 1173, + 1174, + 1175, + 1176, + 1177, + 1178, + 1179, + 1180, + 1181, + 1182, + 1183, + 1184, + 1185, + 1186, + 1187, + 1188, + 1189, + 1190, + 1191, + 1192, + 1193, + 1194, + 1195, + 1196, + 1197, + 1198, + 1199, + 1200, + 1201, + 1202, + 1203, + 1204, + 1205, + 1206, + 1207, + 1208, + 1209, + 1210, + 1211, + 1212, + 1213, + 1214, + 1215, + 1216, + 1217, + 1218, + 1219, + 1220, + 1221, + 1222, + 1223 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "withdrawRewardFor(address)" } - }, - "signature": "splitDAO(uint256,address)" + } + }, + "additional_fields": { + "underlying_type": "external_calls_sending_eth" } }, { "type": "node", - "name": "p.splitData[0].newDAO = createNewDAO(_newCurator)", + "name": "reward = (balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply - paidOut[_account]", "source_mapping": { - "start": 37159, - "length": 49, + "start": 40581, + "length": 116, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 974 + 1068, + 1069 ], - "starting_column": 13, - "ending_column": 62 + "starting_column": 9, + "ending_column": 103 }, "type_specific_fields": { "parent": { "type": "function", - "name": "splitDAO", + "name": "withdrawRewardFor", "source_mapping": { - "start": 36148, - "length": 2849, + "start": 40361, + "length": 473, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 947, - 948, - 949, - 950, - 951, - 952, - 953, - 954, - 955, - 956, - 957, - 958, - 959, - 960, - 961, - 962, - 963, - 964, - 965, - 966, - 967, - 968, - 969, - 970, - 971, - 972, - 973, - 974, - 975, - 976, - 977, - 978, - 979, - 980, - 981, - 982, - 983, - 984, - 985, - 986, - 987, - 988, - 989, - 990, - 991, - 992, - 993, - 994, - 995, - 996, - 997, - 998, - 999, - 1000, - 1001, - 1002, - 1003, - 1004, - 1005, - 1006, - 1007, - 1008, - 1009, - 1010, - 1011, - 1012, - 1013, - 1014, - 1015, - 1016, - 1017, - 1018, - 1019, - 1020 + 1064, + 1065, + 1066, + 1067, + 1068, + 1069, + 1070, + 1071, + 1072, + 1073, + 1074 ], "starting_column": 5, "ending_column": 6 @@ -18860,46 +16710,53 @@ "ending_column": 2 } }, - "signature": "splitDAO(uint256,address)" + "signature": "withdrawRewardFor(address)" } } }, "additional_fields": { - "underlying_type": "external_calls" + "underlying_type": "external_calls_sending_eth" } }, { "type": "node", - "name": "daoCreator.createDAO(_newCurator,0,0,now + splitExecutionPeriod)", + "name": "! rewardAccount.payOut(_account,reward)", "source_mapping": { - "start": 44544, - "length": 74, + "start": 40711, + "length": 39, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1196 + 1070 ], - "starting_column": 9, - "ending_column": 83 + "starting_column": 13, + "ending_column": 52 }, "type_specific_fields": { "parent": { "type": "function", - "name": "createNewDAO", + "name": "withdrawRewardFor", "source_mapping": { - "start": 44427, - "length": 198, + "start": 40361, + "length": 473, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1194, - 1195, - 1196, - 1197 + 1064, + 1065, + 1066, + 1067, + 1068, + 1069, + 1070, + 1071, + 1072, + 1073, + 1074 ], "starting_column": 5, "ending_column": 6 @@ -19434,133 +17291,64 @@ 1209, 1210, 1211, - 1212, - 1213, - 1214, - 1215, - 1216, - 1217, - 1218, - 1219, - 1220, - 1221, - 1222, - 1223 - ], - "starting_column": 1, - "ending_column": 2 - } - }, - "signature": "createNewDAO(address)" - } - } - }, - "additional_fields": { - "underlying_type": "external_calls_sending_eth" - } - }, - { - "type": "node", - "name": "p.splitData[0].splitBalance = actualBalance()", - "source_mapping": { - "start": 37456, - "length": 45, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 981 - ], - "starting_column": 13, - "ending_column": 58 - }, - "type_specific_fields": { - "parent": { - "type": "function", - "name": "splitDAO", - "source_mapping": { - "start": 36148, - "length": 2849, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 947, - 948, - 949, - 950, - 951, - 952, - 953, - 954, - 955, - 956, - 957, - 958, - 959, - 960, - 961, - 962, - 963, - 964, - 965, - 966, - 967, - 968, - 969, - 970, - 971, - 972, - 973, - 974, - 975, - 976, - 977, - 978, - 979, - 980, - 981, - 982, - 983, - 984, - 985, - 986, - 987, - 988, - 989, - 990, - 991, - 992, - 993, - 994, - 995, - 996, - 997, - 998, - 999, - 1000, - 1001, - 1002, - 1003, - 1004, - 1005, - 1006, - 1007, - 1008, - 1009, - 1010, - 1011, - 1012, - 1013, - 1014, - 1015, - 1016, - 1017, - 1018, - 1019, - 1020 + 1212, + 1213, + 1214, + 1215, + 1216, + 1217, + 1218, + 1219, + 1220, + 1221, + 1222, + 1223 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "withdrawRewardFor(address)" + } + } + }, + "additional_fields": { + "underlying_type": "external_calls_sending_eth" + } + }, + { + "type": "node", + "name": "transfer(_to,_value)", + "source_mapping": { + "start": 41331, + "length": 28, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 1094 + ], + "starting_column": 9, + "ending_column": 37 + }, + "type_specific_fields": { + "parent": { + "type": "function", + "name": "transferWithoutReward", + "source_mapping": { + "start": 41191, + "length": 175, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 1091, + 1092, + 1093, + 1094, + 1095 ], "starting_column": 5, "ending_column": 6 @@ -20112,117 +17900,284 @@ "ending_column": 2 } }, - "signature": "splitDAO(uint256,address)" + "signature": "transferWithoutReward(address,uint256)" + } + } + }, + "additional_fields": { + "underlying_type": "variables_written", + "variable_name": "balances" + } + }, + { + "type": "node", + "name": "balances[msg.sender] -= _amount", + "source_mapping": { + "start": 3920, + "length": 31, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 101 + ], + "starting_column": 13, + "ending_column": 44 + }, + "type_specific_fields": { + "parent": { + "type": "function", + "name": "transfer", + "source_mapping": { + "start": 3765, + "length": 356, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 99, + 100, + 101, + 102, + 103, + 104, + 105, + 106, + 107, + 108 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "Token", + "source_mapping": { + "start": 3440, + "length": 1550, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 90, + 91, + 92, + 93, + 94, + 95, + 96, + 97, + 98, + 99, + 100, + 101, + 102, + 103, + 104, + 105, + 106, + 107, + 108, + 109, + 110, + 111, + 112, + 113, + 114, + 115, + 116, + 117, + 118, + 119, + 120, + 121, + 122, + 123, + 124, + 125, + 126, + 127, + 128, + 129, + 130, + 131, + 132, + 133, + 134, + 135, + 136, + 137, + 138, + 139 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "transfer(address,uint256)" + } + } + }, + "additional_fields": { + "underlying_type": "variables_written", + "variable_name": "balances" + } + }, + { + "type": "node", + "name": "balances[_to] += _amount", + "source_mapping": { + "start": 3965, + "length": 24, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 102 + ], + "starting_column": 13, + "ending_column": 37 + }, + "type_specific_fields": { + "parent": { + "type": "function", + "name": "transfer", + "source_mapping": { + "start": 3765, + "length": 356, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 99, + 100, + 101, + 102, + 103, + 104, + 105, + 106, + 107, + 108 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "Token", + "source_mapping": { + "start": 3440, + "length": 1550, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 90, + 91, + 92, + 93, + 94, + 95, + 96, + 97, + 98, + 99, + 100, + 101, + 102, + 103, + 104, + 105, + 106, + 107, + 108, + 109, + 110, + 111, + 112, + 113, + 114, + 115, + 116, + 117, + 118, + 119, + 120, + 121, + 122, + 123, + 124, + 125, + 126, + 127, + 128, + 129, + 130, + 131, + 132, + 133, + 134, + 135, + 136, + 137, + 138, + 139 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "transfer(address,uint256)" } } }, "additional_fields": { "underlying_type": "variables_written", - "variable_name": "proposals" + "variable_name": "balances" } }, { "type": "node", - "name": "p.splitData[0].rewardToken = rewardToken[address(this)]", + "name": "transfer(_to,_value)", "source_mapping": { - "start": 37515, - "length": 55, + "start": 41331, + "length": 28, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 982 + 1094 ], - "starting_column": 13, - "ending_column": 68 + "starting_column": 9, + "ending_column": 37 }, "type_specific_fields": { "parent": { "type": "function", - "name": "splitDAO", + "name": "transferWithoutReward", "source_mapping": { - "start": 36148, - "length": 2849, + "start": 41191, + "length": 175, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 947, - 948, - 949, - 950, - 951, - 952, - 953, - 954, - 955, - 956, - 957, - 958, - 959, - 960, - 961, - 962, - 963, - 964, - 965, - 966, - 967, - 968, - 969, - 970, - 971, - 972, - 973, - 974, - 975, - 976, - 977, - 978, - 979, - 980, - 981, - 982, - 983, - 984, - 985, - 986, - 987, - 988, - 989, - 990, - 991, - 992, - 993, - 994, - 995, - 996, - 997, - 998, - 999, - 1000, - 1001, - 1002, - 1003, - 1004, - 1005, - 1006, - 1007, - 1008, - 1009, - 1010, - 1011, - 1012, - 1013, - 1014, - 1015, - 1016, - 1017, - 1018, - 1019, - 1020 + 1091, + 1092, + 1093, + 1094, + 1095 ], "starting_column": 5, "ending_column": 6 @@ -20768,123 +18723,62 @@ 1220, 1221, 1222, - 1223 - ], - "starting_column": 1, - "ending_column": 2 - } - }, - "signature": "splitDAO(uint256,address)" - } - } - }, - "additional_fields": { - "underlying_type": "variables_written", - "variable_name": "proposals" - } - }, - { - "type": "node", - "name": "p.splitData[0].totalSupply = totalSupply", - "source_mapping": { - "start": 37584, - "length": 40, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 983 - ], - "starting_column": 13, - "ending_column": 53 - }, - "type_specific_fields": { - "parent": { - "type": "function", - "name": "splitDAO", - "source_mapping": { - "start": 36148, - "length": 2849, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", - "is_dependency": false, - "lines": [ - 947, - 948, - 949, - 950, - 951, - 952, - 953, - 954, - 955, - 956, - 957, - 958, - 959, - 960, - 961, - 962, - 963, - 964, - 965, - 966, - 967, - 968, - 969, - 970, - 971, - 972, - 973, - 974, - 975, - 976, - 977, - 978, - 979, - 980, - 981, - 982, - 983, - 984, - 985, - 986, - 987, - 988, - 989, - 990, - 991, - 992, - 993, - 994, - 995, - 996, - 997, - 998, - 999, - 1000, - 1001, - 1002, - 1003, - 1004, - 1005, - 1006, - 1007, - 1008, - 1009, - 1010, - 1011, - 1012, - 1013, - 1014, - 1015, - 1016, - 1017, - 1018, - 1019, - 1020 + 1223 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "transferWithoutReward(address,uint256)" + } + } + }, + "additional_fields": { + "underlying_type": "variables_written", + "variable_name": "paidOut" + } + }, + { + "type": "node", + "name": "paidOut[_from] -= transferPaidOut", + "source_mapping": { + "start": 42279, + "length": 33, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 1133 + ], + "starting_column": 9, + "ending_column": 42 + }, + "type_specific_fields": { + "parent": { + "type": "function", + "name": "transferPaidOut", + "source_mapping": { + "start": 41997, + "length": 384, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 1124, + 1125, + 1126, + 1127, + 1128, + 1129, + 1130, + 1131, + 1132, + 1133, + 1134, + 1135, + 1136 ], "starting_column": 5, "ending_column": 6 @@ -21436,117 +19330,56 @@ "ending_column": 2 } }, - "signature": "splitDAO(uint256,address)" + "signature": "transferPaidOut(address,address,uint256)" } } }, "additional_fields": { "underlying_type": "variables_written", - "variable_name": "proposals" + "variable_name": "paidOut" } }, { "type": "node", - "name": "p.proposalPassed = true", + "name": "paidOut[_to] += transferPaidOut", "source_mapping": { - "start": 37638, - "length": 23, + "start": 42322, + "length": 31, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 984 + 1134 ], - "starting_column": 13, - "ending_column": 36 + "starting_column": 9, + "ending_column": 40 }, "type_specific_fields": { "parent": { "type": "function", - "name": "splitDAO", + "name": "transferPaidOut", "source_mapping": { - "start": 36148, - "length": 2849, + "start": 41997, + "length": 384, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 947, - 948, - 949, - 950, - 951, - 952, - 953, - 954, - 955, - 956, - 957, - 958, - 959, - 960, - 961, - 962, - 963, - 964, - 965, - 966, - 967, - 968, - 969, - 970, - 971, - 972, - 973, - 974, - 975, - 976, - 977, - 978, - 979, - 980, - 981, - 982, - 983, - 984, - 985, - 986, - 987, - 988, - 989, - 990, - 991, - 992, - 993, - 994, - 995, - 996, - 997, - 998, - 999, - 1000, - 1001, - 1002, - 1003, - 1004, - 1005, - 1006, - 1007, - 1008, - 1009, - 1010, - 1011, - 1012, - 1013, - 1014, - 1015, - 1016, - 1017, - 1018, - 1019, - 1020 + 1124, + 1125, + 1126, + 1127, + 1128, + 1129, + 1130, + 1131, + 1132, + 1133, + 1134, + 1135, + 1136 ], "starting_column": 5, "ending_column": 6 @@ -22098,20 +19931,20 @@ "ending_column": 2 } }, - "signature": "splitDAO(uint256,address)" + "signature": "transferPaidOut(address,address,uint256)" } } }, "additional_fields": { "underlying_type": "variables_written", - "variable_name": "proposals" + "variable_name": "paidOut" } } ], - "description": "Reentrancy in DAO.splitDAO(uint256,address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#947-1020):\n\tExternal calls:\n\t- p.splitData[0].newDAO = createNewDAO(_newCurator) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#974)\n\t\t- daoCreator.createDAO(_newCurator,0,0,now + splitExecutionPeriod) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1196)\n\tState variables written after the call(s):\n\t- p.splitData[0].splitBalance = actualBalance() (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#981)\n\t- p.splitData[0].rewardToken = rewardToken[address(this)] (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#982)\n\t- p.splitData[0].totalSupply = totalSupply (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#983)\n\t- p.proposalPassed = true (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#984)\n", - "markdown": "Reentrancy in [DAO.splitDAO(uint256,address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L947-L1020):\n\tExternal calls:\n\t- [p.splitData[0].newDAO = createNewDAO(_newCurator)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L974)\n\t\t- [daoCreator.createDAO(_newCurator,0,0,now + splitExecutionPeriod)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1196)\n\tState variables written after the call(s):\n\t- [p.splitData[0].splitBalance = actualBalance()](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L981)\n\t- [p.splitData[0].rewardToken = rewardToken[address(this)]](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L982)\n\t- [p.splitData[0].totalSupply = totalSupply](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L983)\n\t- [p.proposalPassed = true](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L984)\n", - "first_markdown_element": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L947-L1020", - "id": "ca170302627c298d8230a6d9f9cae19a84c58325d2df49a6ef15a0b17208bf00", + "description": "Reentrancy in DAO.transferWithoutReward(address,uint256) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1091-1095):\n\tExternal calls:\n\t- ! getMyReward() (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1092)\n\t\t- (balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply < paidOut[_account] (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1065)\n\t\t- reward = (balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply - paidOut[_account] (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1068-1069)\n\t\t- ! rewardAccount.payOut(_account,reward) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1070)\n\tState variables written after the call(s):\n\t- transfer(_to,_value) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1094)\n\t\t- balances[msg.sender] -= _amount (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#101)\n\t\t- balances[_to] += _amount (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#102)\n\tTokenInterface.balances (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#41) can be used in cross function reentrancies:\n\t- Token.transfer(address,uint256) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#99-108)\n\t- TokenCreation.createTokenProxy(address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#299-316)\n\t- DAO.splitDAO(uint256,address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#947-1020)\n\t- DAO.vote(uint256,bool) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#820-850)\n\t- Token.balanceOf(address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#95-97)\n\t- TokenCreation.refund() (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#318-332)\n\t- Token.transferFrom(address,address,uint256) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#110-128)\n\t- transfer(_to,_value) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1094)\n\t\t- paidOut[_from] -= transferPaidOut (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1133)\n\t\t- paidOut[_to] += transferPaidOut (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1134)\n\tDAOInterface.paidOut (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#426) can be used in cross function reentrancies:\n\t- DAO.splitDAO(uint256,address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#947-1020)\n\t- DAO.transferPaidOut(address,address,uint256) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1124-1136)\n\t- DAO.withdrawRewardFor(address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1064-1074)\n\t- DAOInterface.paidOut (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#426)\n", + "markdown": "Reentrancy in [DAO.transferWithoutReward(address,uint256)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1091-L1095):\n\tExternal calls:\n\t- [! getMyReward()](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1092)\n\t\t- [(balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply < paidOut[_account]](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1065)\n\t\t- [reward = (balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply - paidOut[_account]](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1068-L1069)\n\t\t- [! rewardAccount.payOut(_account,reward)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1070)\n\tState variables written after the call(s):\n\t- [transfer(_to,_value)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1094)\n\t\t- [balances[msg.sender] -= _amount](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L101)\n\t\t- [balances[_to] += _amount](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L102)\n\t[TokenInterface.balances](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L41) can be used in cross function reentrancies:\n\t- [Token.transfer(address,uint256)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L99-L108)\n\t- [TokenCreation.createTokenProxy(address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L299-L316)\n\t- [DAO.splitDAO(uint256,address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L947-L1020)\n\t- [DAO.vote(uint256,bool)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L820-L850)\n\t- [Token.balanceOf(address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L95-L97)\n\t- [TokenCreation.refund()](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L318-L332)\n\t- [Token.transferFrom(address,address,uint256)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L110-L128)\n\t- [transfer(_to,_value)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1094)\n\t\t- [paidOut[_from] -= transferPaidOut](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1133)\n\t\t- [paidOut[_to] += transferPaidOut](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1134)\n\t[DAOInterface.paidOut](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L426) can be used in cross function reentrancies:\n\t- [DAO.splitDAO(uint256,address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L947-L1020)\n\t- [DAO.transferPaidOut(address,address,uint256)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1124-L1136)\n\t- [DAO.withdrawRewardFor(address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1064-L1074)\n\t- [DAOInterface.paidOut](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L426)\n", + "first_markdown_element": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1091-L1095", + "id": "44124a3b90da24c2f4c671b87ae917299ba79bcf99ad0cd2f5f0208463ca47f7", "check": "reentrancy-no-eth", "impact": "Medium", "confidence": "Medium" @@ -25140,10 +22973,10 @@ } } ], - "description": "Reentrancy in DAO.retrieveDAOReward(bool) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1037-1057):\n\tExternal calls:\n\t- reward = (rewardToken[msg.sender] * DAOrewardAccount.accumulatedInput()) / totalRewardToken - DAOpaidOut[msg.sender] (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1044-1046)\n\t- ! DAOrewardAccount.payOut(dao.rewardAccount(),reward) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1048)\n\t- ! DAOrewardAccount.payOut(dao,reward) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1052)\n\tState variables written after the call(s):\n\t- DAOpaidOut[msg.sender] += reward (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1055)\n", - "markdown": "Reentrancy in [DAO.retrieveDAOReward(bool)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1037-L1057):\n\tExternal calls:\n\t- [reward = (rewardToken[msg.sender] * DAOrewardAccount.accumulatedInput()) / totalRewardToken - DAOpaidOut[msg.sender]](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1044-L1046)\n\t- [! DAOrewardAccount.payOut(dao.rewardAccount(),reward)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1048)\n\t- [! DAOrewardAccount.payOut(dao,reward)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1052)\n\tState variables written after the call(s):\n\t- [DAOpaidOut[msg.sender] += reward](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1055)\n", + "description": "Reentrancy in DAO.retrieveDAOReward(bool) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1037-1057):\n\tExternal calls:\n\t- reward = (rewardToken[msg.sender] * DAOrewardAccount.accumulatedInput()) / totalRewardToken - DAOpaidOut[msg.sender] (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1044-1046)\n\t- ! DAOrewardAccount.payOut(dao.rewardAccount(),reward) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1048)\n\t- ! DAOrewardAccount.payOut(dao,reward) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1052)\n\tState variables written after the call(s):\n\t- DAOpaidOut[msg.sender] += reward (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1055)\n\tDAOInterface.DAOpaidOut (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#423) can be used in cross function reentrancies:\n\t- DAO.splitDAO(uint256,address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#947-1020)\n\t- DAO.newContract(address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1022-1034)\n\t- DAOInterface.DAOpaidOut (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#423)\n\t- DAO.retrieveDAOReward(bool) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1037-1057)\n", + "markdown": "Reentrancy in [DAO.retrieveDAOReward(bool)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1037-L1057):\n\tExternal calls:\n\t- [reward = (rewardToken[msg.sender] * DAOrewardAccount.accumulatedInput()) / totalRewardToken - DAOpaidOut[msg.sender]](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1044-L1046)\n\t- [! DAOrewardAccount.payOut(dao.rewardAccount(),reward)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1048)\n\t- [! DAOrewardAccount.payOut(dao,reward)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1052)\n\tState variables written after the call(s):\n\t- [DAOpaidOut[msg.sender] += reward](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1055)\n\t[DAOInterface.DAOpaidOut](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L423) can be used in cross function reentrancies:\n\t- [DAO.splitDAO(uint256,address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L947-L1020)\n\t- [DAO.newContract(address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1022-L1034)\n\t- [DAOInterface.DAOpaidOut](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L423)\n\t- [DAO.retrieveDAOReward(bool)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1037-L1057)\n", "first_markdown_element": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1037-L1057", - "id": "f4fcbe9e693a60538ed19ff7c298fa578309af52604f3265bac4254b82e45d8f", + "id": "6275c27bb80d9d1ab0d9125193b9c8e8c12670aae64a93559b09ec160bcbf5e7", "check": "reentrancy-no-eth", "impact": "Medium", "confidence": "Medium" @@ -25152,26 +22985,89 @@ "elements": [ { "type": "function", - "name": "withdrawRewardFor", + "name": "splitDAO", "source_mapping": { - "start": 40361, - "length": 473, + "start": 36148, + "length": 2849, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1064, - 1065, - 1066, - 1067, - 1068, - 1069, - 1070, - 1071, - 1072, - 1073, - 1074 + 947, + 948, + 949, + 950, + 951, + 952, + 953, + 954, + 955, + 956, + 957, + 958, + 959, + 960, + 961, + 962, + 963, + 964, + 965, + 966, + 967, + 968, + 969, + 970, + 971, + 972, + 973, + 974, + 975, + 976, + 977, + 978, + 979, + 980, + 981, + 982, + 983, + 984, + 985, + 986, + 987, + 988, + 989, + 990, + 991, + 992, + 993, + 994, + 995, + 996, + 997, + 998, + 999, + 1000, + 1001, + 1002, + 1003, + 1004, + 1005, + 1006, + 1007, + 1008, + 1009, + 1010, + 1011, + 1012, + 1013, + 1014, + 1015, + 1016, + 1017, + 1018, + 1019, + 1020 ], "starting_column": 5, "ending_column": 6 @@ -25691,81 +23587,2057 @@ 1194, 1195, 1196, - 1197, - 1198, - 1199, - 1200, - 1201, - 1202, - 1203, - 1204, - 1205, - 1206, - 1207, - 1208, - 1209, - 1210, - 1211, - 1212, - 1213, - 1214, - 1215, - 1216, - 1217, - 1218, - 1219, - 1220, - 1221, - 1222, - 1223 + 1197, + 1198, + 1199, + 1200, + 1201, + 1202, + 1203, + 1204, + 1205, + 1206, + 1207, + 1208, + 1209, + 1210, + 1211, + 1212, + 1213, + 1214, + 1215, + 1216, + 1217, + 1218, + 1219, + 1220, + 1221, + 1222, + 1223 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "splitDAO(uint256,address)" + } + }, + { + "type": "node", + "name": "p.splitData[0].newDAO = createNewDAO(_newCurator)", + "source_mapping": { + "start": 37159, + "length": 49, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 974 + ], + "starting_column": 13, + "ending_column": 62 + }, + "type_specific_fields": { + "parent": { + "type": "function", + "name": "splitDAO", + "source_mapping": { + "start": 36148, + "length": 2849, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 947, + 948, + 949, + 950, + 951, + 952, + 953, + 954, + 955, + 956, + 957, + 958, + 959, + 960, + 961, + 962, + 963, + 964, + 965, + 966, + 967, + 968, + 969, + 970, + 971, + 972, + 973, + 974, + 975, + 976, + 977, + 978, + 979, + 980, + 981, + 982, + 983, + 984, + 985, + 986, + 987, + 988, + 989, + 990, + 991, + 992, + 993, + 994, + 995, + 996, + 997, + 998, + 999, + 1000, + 1001, + 1002, + 1003, + 1004, + 1005, + 1006, + 1007, + 1008, + 1009, + 1010, + 1011, + 1012, + 1013, + 1014, + 1015, + 1016, + 1017, + 1018, + 1019, + 1020 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "DAO", + "source_mapping": { + "start": 28296, + "length": 17108, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 694, + 695, + 696, + 697, + 698, + 699, + 700, + 701, + 702, + 703, + 704, + 705, + 706, + 707, + 708, + 709, + 710, + 711, + 712, + 713, + 714, + 715, + 716, + 717, + 718, + 719, + 720, + 721, + 722, + 723, + 724, + 725, + 726, + 727, + 728, + 729, + 730, + 731, + 732, + 733, + 734, + 735, + 736, + 737, + 738, + 739, + 740, + 741, + 742, + 743, + 744, + 745, + 746, + 747, + 748, + 749, + 750, + 751, + 752, + 753, + 754, + 755, + 756, + 757, + 758, + 759, + 760, + 761, + 762, + 763, + 764, + 765, + 766, + 767, + 768, + 769, + 770, + 771, + 772, + 773, + 774, + 775, + 776, + 777, + 778, + 779, + 780, + 781, + 782, + 783, + 784, + 785, + 786, + 787, + 788, + 789, + 790, + 791, + 792, + 793, + 794, + 795, + 796, + 797, + 798, + 799, + 800, + 801, + 802, + 803, + 804, + 805, + 806, + 807, + 808, + 809, + 810, + 811, + 812, + 813, + 814, + 815, + 816, + 817, + 818, + 819, + 820, + 821, + 822, + 823, + 824, + 825, + 826, + 827, + 828, + 829, + 830, + 831, + 832, + 833, + 834, + 835, + 836, + 837, + 838, + 839, + 840, + 841, + 842, + 843, + 844, + 845, + 846, + 847, + 848, + 849, + 850, + 851, + 852, + 853, + 854, + 855, + 856, + 857, + 858, + 859, + 860, + 861, + 862, + 863, + 864, + 865, + 866, + 867, + 868, + 869, + 870, + 871, + 872, + 873, + 874, + 875, + 876, + 877, + 878, + 879, + 880, + 881, + 882, + 883, + 884, + 885, + 886, + 887, + 888, + 889, + 890, + 891, + 892, + 893, + 894, + 895, + 896, + 897, + 898, + 899, + 900, + 901, + 902, + 903, + 904, + 905, + 906, + 907, + 908, + 909, + 910, + 911, + 912, + 913, + 914, + 915, + 916, + 917, + 918, + 919, + 920, + 921, + 922, + 923, + 924, + 925, + 926, + 927, + 928, + 929, + 930, + 931, + 932, + 933, + 934, + 935, + 936, + 937, + 938, + 939, + 940, + 941, + 942, + 943, + 944, + 945, + 946, + 947, + 948, + 949, + 950, + 951, + 952, + 953, + 954, + 955, + 956, + 957, + 958, + 959, + 960, + 961, + 962, + 963, + 964, + 965, + 966, + 967, + 968, + 969, + 970, + 971, + 972, + 973, + 974, + 975, + 976, + 977, + 978, + 979, + 980, + 981, + 982, + 983, + 984, + 985, + 986, + 987, + 988, + 989, + 990, + 991, + 992, + 993, + 994, + 995, + 996, + 997, + 998, + 999, + 1000, + 1001, + 1002, + 1003, + 1004, + 1005, + 1006, + 1007, + 1008, + 1009, + 1010, + 1011, + 1012, + 1013, + 1014, + 1015, + 1016, + 1017, + 1018, + 1019, + 1020, + 1021, + 1022, + 1023, + 1024, + 1025, + 1026, + 1027, + 1028, + 1029, + 1030, + 1031, + 1032, + 1033, + 1034, + 1035, + 1036, + 1037, + 1038, + 1039, + 1040, + 1041, + 1042, + 1043, + 1044, + 1045, + 1046, + 1047, + 1048, + 1049, + 1050, + 1051, + 1052, + 1053, + 1054, + 1055, + 1056, + 1057, + 1058, + 1059, + 1060, + 1061, + 1062, + 1063, + 1064, + 1065, + 1066, + 1067, + 1068, + 1069, + 1070, + 1071, + 1072, + 1073, + 1074, + 1075, + 1076, + 1077, + 1078, + 1079, + 1080, + 1081, + 1082, + 1083, + 1084, + 1085, + 1086, + 1087, + 1088, + 1089, + 1090, + 1091, + 1092, + 1093, + 1094, + 1095, + 1096, + 1097, + 1098, + 1099, + 1100, + 1101, + 1102, + 1103, + 1104, + 1105, + 1106, + 1107, + 1108, + 1109, + 1110, + 1111, + 1112, + 1113, + 1114, + 1115, + 1116, + 1117, + 1118, + 1119, + 1120, + 1121, + 1122, + 1123, + 1124, + 1125, + 1126, + 1127, + 1128, + 1129, + 1130, + 1131, + 1132, + 1133, + 1134, + 1135, + 1136, + 1137, + 1138, + 1139, + 1140, + 1141, + 1142, + 1143, + 1144, + 1145, + 1146, + 1147, + 1148, + 1149, + 1150, + 1151, + 1152, + 1153, + 1154, + 1155, + 1156, + 1157, + 1158, + 1159, + 1160, + 1161, + 1162, + 1163, + 1164, + 1165, + 1166, + 1167, + 1168, + 1169, + 1170, + 1171, + 1172, + 1173, + 1174, + 1175, + 1176, + 1177, + 1178, + 1179, + 1180, + 1181, + 1182, + 1183, + 1184, + 1185, + 1186, + 1187, + 1188, + 1189, + 1190, + 1191, + 1192, + 1193, + 1194, + 1195, + 1196, + 1197, + 1198, + 1199, + 1200, + 1201, + 1202, + 1203, + 1204, + 1205, + 1206, + 1207, + 1208, + 1209, + 1210, + 1211, + 1212, + 1213, + 1214, + 1215, + 1216, + 1217, + 1218, + 1219, + 1220, + 1221, + 1222, + 1223 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "splitDAO(uint256,address)" + } + } + }, + "additional_fields": { + "underlying_type": "external_calls" + } + }, + { + "type": "node", + "name": "daoCreator.createDAO(_newCurator,0,0,now + splitExecutionPeriod)", + "source_mapping": { + "start": 44544, + "length": 74, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 1196 + ], + "starting_column": 9, + "ending_column": 83 + }, + "type_specific_fields": { + "parent": { + "type": "function", + "name": "createNewDAO", + "source_mapping": { + "start": 44427, + "length": 198, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 1194, + 1195, + 1196, + 1197 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "DAO", + "source_mapping": { + "start": 28296, + "length": 17108, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 694, + 695, + 696, + 697, + 698, + 699, + 700, + 701, + 702, + 703, + 704, + 705, + 706, + 707, + 708, + 709, + 710, + 711, + 712, + 713, + 714, + 715, + 716, + 717, + 718, + 719, + 720, + 721, + 722, + 723, + 724, + 725, + 726, + 727, + 728, + 729, + 730, + 731, + 732, + 733, + 734, + 735, + 736, + 737, + 738, + 739, + 740, + 741, + 742, + 743, + 744, + 745, + 746, + 747, + 748, + 749, + 750, + 751, + 752, + 753, + 754, + 755, + 756, + 757, + 758, + 759, + 760, + 761, + 762, + 763, + 764, + 765, + 766, + 767, + 768, + 769, + 770, + 771, + 772, + 773, + 774, + 775, + 776, + 777, + 778, + 779, + 780, + 781, + 782, + 783, + 784, + 785, + 786, + 787, + 788, + 789, + 790, + 791, + 792, + 793, + 794, + 795, + 796, + 797, + 798, + 799, + 800, + 801, + 802, + 803, + 804, + 805, + 806, + 807, + 808, + 809, + 810, + 811, + 812, + 813, + 814, + 815, + 816, + 817, + 818, + 819, + 820, + 821, + 822, + 823, + 824, + 825, + 826, + 827, + 828, + 829, + 830, + 831, + 832, + 833, + 834, + 835, + 836, + 837, + 838, + 839, + 840, + 841, + 842, + 843, + 844, + 845, + 846, + 847, + 848, + 849, + 850, + 851, + 852, + 853, + 854, + 855, + 856, + 857, + 858, + 859, + 860, + 861, + 862, + 863, + 864, + 865, + 866, + 867, + 868, + 869, + 870, + 871, + 872, + 873, + 874, + 875, + 876, + 877, + 878, + 879, + 880, + 881, + 882, + 883, + 884, + 885, + 886, + 887, + 888, + 889, + 890, + 891, + 892, + 893, + 894, + 895, + 896, + 897, + 898, + 899, + 900, + 901, + 902, + 903, + 904, + 905, + 906, + 907, + 908, + 909, + 910, + 911, + 912, + 913, + 914, + 915, + 916, + 917, + 918, + 919, + 920, + 921, + 922, + 923, + 924, + 925, + 926, + 927, + 928, + 929, + 930, + 931, + 932, + 933, + 934, + 935, + 936, + 937, + 938, + 939, + 940, + 941, + 942, + 943, + 944, + 945, + 946, + 947, + 948, + 949, + 950, + 951, + 952, + 953, + 954, + 955, + 956, + 957, + 958, + 959, + 960, + 961, + 962, + 963, + 964, + 965, + 966, + 967, + 968, + 969, + 970, + 971, + 972, + 973, + 974, + 975, + 976, + 977, + 978, + 979, + 980, + 981, + 982, + 983, + 984, + 985, + 986, + 987, + 988, + 989, + 990, + 991, + 992, + 993, + 994, + 995, + 996, + 997, + 998, + 999, + 1000, + 1001, + 1002, + 1003, + 1004, + 1005, + 1006, + 1007, + 1008, + 1009, + 1010, + 1011, + 1012, + 1013, + 1014, + 1015, + 1016, + 1017, + 1018, + 1019, + 1020, + 1021, + 1022, + 1023, + 1024, + 1025, + 1026, + 1027, + 1028, + 1029, + 1030, + 1031, + 1032, + 1033, + 1034, + 1035, + 1036, + 1037, + 1038, + 1039, + 1040, + 1041, + 1042, + 1043, + 1044, + 1045, + 1046, + 1047, + 1048, + 1049, + 1050, + 1051, + 1052, + 1053, + 1054, + 1055, + 1056, + 1057, + 1058, + 1059, + 1060, + 1061, + 1062, + 1063, + 1064, + 1065, + 1066, + 1067, + 1068, + 1069, + 1070, + 1071, + 1072, + 1073, + 1074, + 1075, + 1076, + 1077, + 1078, + 1079, + 1080, + 1081, + 1082, + 1083, + 1084, + 1085, + 1086, + 1087, + 1088, + 1089, + 1090, + 1091, + 1092, + 1093, + 1094, + 1095, + 1096, + 1097, + 1098, + 1099, + 1100, + 1101, + 1102, + 1103, + 1104, + 1105, + 1106, + 1107, + 1108, + 1109, + 1110, + 1111, + 1112, + 1113, + 1114, + 1115, + 1116, + 1117, + 1118, + 1119, + 1120, + 1121, + 1122, + 1123, + 1124, + 1125, + 1126, + 1127, + 1128, + 1129, + 1130, + 1131, + 1132, + 1133, + 1134, + 1135, + 1136, + 1137, + 1138, + 1139, + 1140, + 1141, + 1142, + 1143, + 1144, + 1145, + 1146, + 1147, + 1148, + 1149, + 1150, + 1151, + 1152, + 1153, + 1154, + 1155, + 1156, + 1157, + 1158, + 1159, + 1160, + 1161, + 1162, + 1163, + 1164, + 1165, + 1166, + 1167, + 1168, + 1169, + 1170, + 1171, + 1172, + 1173, + 1174, + 1175, + 1176, + 1177, + 1178, + 1179, + 1180, + 1181, + 1182, + 1183, + 1184, + 1185, + 1186, + 1187, + 1188, + 1189, + 1190, + 1191, + 1192, + 1193, + 1194, + 1195, + 1196, + 1197, + 1198, + 1199, + 1200, + 1201, + 1202, + 1203, + 1204, + 1205, + 1206, + 1207, + 1208, + 1209, + 1210, + 1211, + 1212, + 1213, + 1214, + 1215, + 1216, + 1217, + 1218, + 1219, + 1220, + 1221, + 1222, + 1223 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "createNewDAO(address)" + } + } + }, + "additional_fields": { + "underlying_type": "external_calls_sending_eth" + } + }, + { + "type": "node", + "name": "p.splitData[0].splitBalance = actualBalance()", + "source_mapping": { + "start": 37456, + "length": 45, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 981 + ], + "starting_column": 13, + "ending_column": 58 + }, + "type_specific_fields": { + "parent": { + "type": "function", + "name": "splitDAO", + "source_mapping": { + "start": 36148, + "length": 2849, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 947, + 948, + 949, + 950, + 951, + 952, + 953, + 954, + 955, + 956, + 957, + 958, + 959, + 960, + 961, + 962, + 963, + 964, + 965, + 966, + 967, + 968, + 969, + 970, + 971, + 972, + 973, + 974, + 975, + 976, + 977, + 978, + 979, + 980, + 981, + 982, + 983, + 984, + 985, + 986, + 987, + 988, + 989, + 990, + 991, + 992, + 993, + 994, + 995, + 996, + 997, + 998, + 999, + 1000, + 1001, + 1002, + 1003, + 1004, + 1005, + 1006, + 1007, + 1008, + 1009, + 1010, + 1011, + 1012, + 1013, + 1014, + 1015, + 1016, + 1017, + 1018, + 1019, + 1020 ], - "starting_column": 1, - "ending_column": 2 + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "DAO", + "source_mapping": { + "start": 28296, + "length": 17108, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", + "is_dependency": false, + "lines": [ + 694, + 695, + 696, + 697, + 698, + 699, + 700, + 701, + 702, + 703, + 704, + 705, + 706, + 707, + 708, + 709, + 710, + 711, + 712, + 713, + 714, + 715, + 716, + 717, + 718, + 719, + 720, + 721, + 722, + 723, + 724, + 725, + 726, + 727, + 728, + 729, + 730, + 731, + 732, + 733, + 734, + 735, + 736, + 737, + 738, + 739, + 740, + 741, + 742, + 743, + 744, + 745, + 746, + 747, + 748, + 749, + 750, + 751, + 752, + 753, + 754, + 755, + 756, + 757, + 758, + 759, + 760, + 761, + 762, + 763, + 764, + 765, + 766, + 767, + 768, + 769, + 770, + 771, + 772, + 773, + 774, + 775, + 776, + 777, + 778, + 779, + 780, + 781, + 782, + 783, + 784, + 785, + 786, + 787, + 788, + 789, + 790, + 791, + 792, + 793, + 794, + 795, + 796, + 797, + 798, + 799, + 800, + 801, + 802, + 803, + 804, + 805, + 806, + 807, + 808, + 809, + 810, + 811, + 812, + 813, + 814, + 815, + 816, + 817, + 818, + 819, + 820, + 821, + 822, + 823, + 824, + 825, + 826, + 827, + 828, + 829, + 830, + 831, + 832, + 833, + 834, + 835, + 836, + 837, + 838, + 839, + 840, + 841, + 842, + 843, + 844, + 845, + 846, + 847, + 848, + 849, + 850, + 851, + 852, + 853, + 854, + 855, + 856, + 857, + 858, + 859, + 860, + 861, + 862, + 863, + 864, + 865, + 866, + 867, + 868, + 869, + 870, + 871, + 872, + 873, + 874, + 875, + 876, + 877, + 878, + 879, + 880, + 881, + 882, + 883, + 884, + 885, + 886, + 887, + 888, + 889, + 890, + 891, + 892, + 893, + 894, + 895, + 896, + 897, + 898, + 899, + 900, + 901, + 902, + 903, + 904, + 905, + 906, + 907, + 908, + 909, + 910, + 911, + 912, + 913, + 914, + 915, + 916, + 917, + 918, + 919, + 920, + 921, + 922, + 923, + 924, + 925, + 926, + 927, + 928, + 929, + 930, + 931, + 932, + 933, + 934, + 935, + 936, + 937, + 938, + 939, + 940, + 941, + 942, + 943, + 944, + 945, + 946, + 947, + 948, + 949, + 950, + 951, + 952, + 953, + 954, + 955, + 956, + 957, + 958, + 959, + 960, + 961, + 962, + 963, + 964, + 965, + 966, + 967, + 968, + 969, + 970, + 971, + 972, + 973, + 974, + 975, + 976, + 977, + 978, + 979, + 980, + 981, + 982, + 983, + 984, + 985, + 986, + 987, + 988, + 989, + 990, + 991, + 992, + 993, + 994, + 995, + 996, + 997, + 998, + 999, + 1000, + 1001, + 1002, + 1003, + 1004, + 1005, + 1006, + 1007, + 1008, + 1009, + 1010, + 1011, + 1012, + 1013, + 1014, + 1015, + 1016, + 1017, + 1018, + 1019, + 1020, + 1021, + 1022, + 1023, + 1024, + 1025, + 1026, + 1027, + 1028, + 1029, + 1030, + 1031, + 1032, + 1033, + 1034, + 1035, + 1036, + 1037, + 1038, + 1039, + 1040, + 1041, + 1042, + 1043, + 1044, + 1045, + 1046, + 1047, + 1048, + 1049, + 1050, + 1051, + 1052, + 1053, + 1054, + 1055, + 1056, + 1057, + 1058, + 1059, + 1060, + 1061, + 1062, + 1063, + 1064, + 1065, + 1066, + 1067, + 1068, + 1069, + 1070, + 1071, + 1072, + 1073, + 1074, + 1075, + 1076, + 1077, + 1078, + 1079, + 1080, + 1081, + 1082, + 1083, + 1084, + 1085, + 1086, + 1087, + 1088, + 1089, + 1090, + 1091, + 1092, + 1093, + 1094, + 1095, + 1096, + 1097, + 1098, + 1099, + 1100, + 1101, + 1102, + 1103, + 1104, + 1105, + 1106, + 1107, + 1108, + 1109, + 1110, + 1111, + 1112, + 1113, + 1114, + 1115, + 1116, + 1117, + 1118, + 1119, + 1120, + 1121, + 1122, + 1123, + 1124, + 1125, + 1126, + 1127, + 1128, + 1129, + 1130, + 1131, + 1132, + 1133, + 1134, + 1135, + 1136, + 1137, + 1138, + 1139, + 1140, + 1141, + 1142, + 1143, + 1144, + 1145, + 1146, + 1147, + 1148, + 1149, + 1150, + 1151, + 1152, + 1153, + 1154, + 1155, + 1156, + 1157, + 1158, + 1159, + 1160, + 1161, + 1162, + 1163, + 1164, + 1165, + 1166, + 1167, + 1168, + 1169, + 1170, + 1171, + 1172, + 1173, + 1174, + 1175, + 1176, + 1177, + 1178, + 1179, + 1180, + 1181, + 1182, + 1183, + 1184, + 1185, + 1186, + 1187, + 1188, + 1189, + 1190, + 1191, + 1192, + 1193, + 1194, + 1195, + 1196, + 1197, + 1198, + 1199, + 1200, + 1201, + 1202, + 1203, + 1204, + 1205, + 1206, + 1207, + 1208, + 1209, + 1210, + 1211, + 1212, + 1213, + 1214, + 1215, + 1216, + 1217, + 1218, + 1219, + 1220, + 1221, + 1222, + 1223 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "splitDAO(uint256,address)" } - }, - "signature": "withdrawRewardFor(address)" + } + }, + "additional_fields": { + "underlying_type": "variables_written", + "variable_name": "proposals" } }, { "type": "node", - "name": "reward = (balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply - paidOut[_account]", + "name": "p.splitData[0].rewardToken = rewardToken[address(this)]", "source_mapping": { - "start": 40581, - "length": 116, + "start": 37515, + "length": 55, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1068, - 1069 + 982 ], - "starting_column": 9, - "ending_column": 103 + "starting_column": 13, + "ending_column": 68 }, "type_specific_fields": { "parent": { "type": "function", - "name": "withdrawRewardFor", + "name": "splitDAO", "source_mapping": { - "start": 40361, - "length": 473, + "start": 36148, + "length": 2849, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1064, - 1065, - 1066, - 1067, - 1068, - 1069, - 1070, - 1071, - 1072, - 1073, - 1074 + 947, + 948, + 949, + 950, + 951, + 952, + 953, + 954, + 955, + 956, + 957, + 958, + 959, + 960, + 961, + 962, + 963, + 964, + 965, + 966, + 967, + 968, + 969, + 970, + 971, + 972, + 973, + 974, + 975, + 976, + 977, + 978, + 979, + 980, + 981, + 982, + 983, + 984, + 985, + 986, + 987, + 988, + 989, + 990, + 991, + 992, + 993, + 994, + 995, + 996, + 997, + 998, + 999, + 1000, + 1001, + 1002, + 1003, + 1004, + 1005, + 1006, + 1007, + 1008, + 1009, + 1010, + 1011, + 1012, + 1013, + 1014, + 1015, + 1016, + 1017, + 1018, + 1019, + 1020 ], "starting_column": 5, "ending_column": 6 @@ -26317,53 +26189,117 @@ "ending_column": 2 } }, - "signature": "withdrawRewardFor(address)" + "signature": "splitDAO(uint256,address)" } } }, "additional_fields": { - "underlying_type": "external_calls" + "underlying_type": "variables_written", + "variable_name": "proposals" } }, { "type": "node", - "name": "! rewardAccount.payOut(_account,reward)", + "name": "p.splitData[0].totalSupply = totalSupply", "source_mapping": { - "start": 40711, - "length": 39, + "start": 37584, + "length": 40, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1070 + 983 ], "starting_column": 13, - "ending_column": 52 + "ending_column": 53 }, "type_specific_fields": { "parent": { "type": "function", - "name": "withdrawRewardFor", + "name": "splitDAO", "source_mapping": { - "start": 40361, - "length": 473, + "start": 36148, + "length": 2849, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1064, - 1065, - 1066, - 1067, - 1068, - 1069, - 1070, - 1071, - 1072, - 1073, - 1074 + 947, + 948, + 949, + 950, + 951, + 952, + 953, + 954, + 955, + 956, + 957, + 958, + 959, + 960, + 961, + 962, + 963, + 964, + 965, + 966, + 967, + 968, + 969, + 970, + 971, + 972, + 973, + 974, + 975, + 976, + 977, + 978, + 979, + 980, + 981, + 982, + 983, + 984, + 985, + 986, + 987, + 988, + 989, + 990, + 991, + 992, + 993, + 994, + 995, + 996, + 997, + 998, + 999, + 1000, + 1001, + 1002, + 1003, + 1004, + 1005, + 1006, + 1007, + 1008, + 1009, + 1010, + 1011, + 1012, + 1013, + 1014, + 1015, + 1016, + 1017, + 1018, + 1019, + 1020 ], "starting_column": 5, "ending_column": 6 @@ -26915,53 +26851,117 @@ "ending_column": 2 } }, - "signature": "withdrawRewardFor(address)" + "signature": "splitDAO(uint256,address)" } } }, "additional_fields": { - "underlying_type": "external_calls" + "underlying_type": "variables_written", + "variable_name": "proposals" } }, { "type": "node", - "name": "paidOut[_account] += reward", + "name": "p.proposalPassed = true", "source_mapping": { - "start": 40779, - "length": 27, + "start": 37638, + "length": 23, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1072 + 984 ], - "starting_column": 9, + "starting_column": 13, "ending_column": 36 }, "type_specific_fields": { "parent": { "type": "function", - "name": "withdrawRewardFor", + "name": "splitDAO", "source_mapping": { - "start": 40361, - "length": 473, + "start": 36148, + "length": 2849, "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol", "is_dependency": false, "lines": [ - 1064, - 1065, - 1066, - 1067, - 1068, - 1069, - 1070, - 1071, - 1072, - 1073, - 1074 + 947, + 948, + 949, + 950, + 951, + 952, + 953, + 954, + 955, + 956, + 957, + 958, + 959, + 960, + 961, + 962, + 963, + 964, + 965, + 966, + 967, + 968, + 969, + 970, + 971, + 972, + 973, + 974, + 975, + 976, + 977, + 978, + 979, + 980, + 981, + 982, + 983, + 984, + 985, + 986, + 987, + 988, + 989, + 990, + 991, + 992, + 993, + 994, + 995, + 996, + 997, + 998, + 999, + 1000, + 1001, + 1002, + 1003, + 1004, + 1005, + 1006, + 1007, + 1008, + 1009, + 1010, + 1011, + 1012, + 1013, + 1014, + 1015, + 1016, + 1017, + 1018, + 1019, + 1020 ], "starting_column": 5, "ending_column": 6 @@ -27513,20 +27513,20 @@ "ending_column": 2 } }, - "signature": "withdrawRewardFor(address)" + "signature": "splitDAO(uint256,address)" } } }, "additional_fields": { "underlying_type": "variables_written", - "variable_name": "paidOut" + "variable_name": "proposals" } } ], - "description": "Reentrancy in DAO.withdrawRewardFor(address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1064-1074):\n\tExternal calls:\n\t- reward = (balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply - paidOut[_account] (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1068-1069)\n\t- ! rewardAccount.payOut(_account,reward) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1070)\n\tState variables written after the call(s):\n\t- paidOut[_account] += reward (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1072)\n", - "markdown": "Reentrancy in [DAO.withdrawRewardFor(address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1064-L1074):\n\tExternal calls:\n\t- [reward = (balanceOf(_account) * rewardAccount.accumulatedInput()) / totalSupply - paidOut[_account]](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1068-L1069)\n\t- [! rewardAccount.payOut(_account,reward)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1070)\n\tState variables written after the call(s):\n\t- [paidOut[_account] += reward](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1072)\n", - "first_markdown_element": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1064-L1074", - "id": "fb092ddf0ad631483e2154ebe8224d43f9bf6212386128fcac54c051b2db88db", + "description": "Reentrancy in DAO.splitDAO(uint256,address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#947-1020):\n\tExternal calls:\n\t- p.splitData[0].newDAO = createNewDAO(_newCurator) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#974)\n\t\t- daoCreator.createDAO(_newCurator,0,0,now + splitExecutionPeriod) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1196)\n\tState variables written after the call(s):\n\t- p.splitData[0].splitBalance = actualBalance() (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#981)\n\tDAOInterface.proposals (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#394) can be used in cross function reentrancies:\n\t- DAO.DAO(address,DAO_Creator,uint256,uint256,uint256,address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#702-726)\n\t- DAO.splitDAO(uint256,address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#947-1020)\n\t- DAO.closeProposal(uint256) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#940-945)\n\t- DAO.executeProposal(uint256,bytes) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#853-937)\n\t- DAO.vote(uint256,bool) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#820-850)\n\t- DAO.checkProposalCode(uint256,address,uint256,bytes) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#809-817)\n\t- DAO.isBlocked(address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1208-1218)\n\t- DAO.newProposal(address,uint256,string,bytes,uint256,bool) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#741-806)\n\t- DAOInterface.proposals (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#394)\n\t- DAO.getNewDAOAddress(uint256) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1204-1206)\n\t- DAO.numberOfProposals() (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1199-1202)\n\t- p.splitData[0].rewardToken = rewardToken[address(this)] (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#982)\n\tDAOInterface.proposals (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#394) can be used in cross function reentrancies:\n\t- DAO.DAO(address,DAO_Creator,uint256,uint256,uint256,address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#702-726)\n\t- DAO.splitDAO(uint256,address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#947-1020)\n\t- DAO.closeProposal(uint256) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#940-945)\n\t- DAO.executeProposal(uint256,bytes) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#853-937)\n\t- DAO.vote(uint256,bool) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#820-850)\n\t- DAO.checkProposalCode(uint256,address,uint256,bytes) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#809-817)\n\t- DAO.isBlocked(address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1208-1218)\n\t- DAO.newProposal(address,uint256,string,bytes,uint256,bool) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#741-806)\n\t- DAOInterface.proposals (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#394)\n\t- DAO.getNewDAOAddress(uint256) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1204-1206)\n\t- DAO.numberOfProposals() (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1199-1202)\n\t- p.splitData[0].totalSupply = totalSupply (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#983)\n\tDAOInterface.proposals (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#394) can be used in cross function reentrancies:\n\t- DAO.DAO(address,DAO_Creator,uint256,uint256,uint256,address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#702-726)\n\t- DAO.splitDAO(uint256,address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#947-1020)\n\t- DAO.closeProposal(uint256) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#940-945)\n\t- DAO.executeProposal(uint256,bytes) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#853-937)\n\t- DAO.vote(uint256,bool) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#820-850)\n\t- DAO.checkProposalCode(uint256,address,uint256,bytes) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#809-817)\n\t- DAO.isBlocked(address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1208-1218)\n\t- DAO.newProposal(address,uint256,string,bytes,uint256,bool) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#741-806)\n\t- DAOInterface.proposals (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#394)\n\t- DAO.getNewDAOAddress(uint256) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1204-1206)\n\t- DAO.numberOfProposals() (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1199-1202)\n\t- p.proposalPassed = true (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#984)\n\tDAOInterface.proposals (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#394) can be used in cross function reentrancies:\n\t- DAO.DAO(address,DAO_Creator,uint256,uint256,uint256,address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#702-726)\n\t- DAO.splitDAO(uint256,address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#947-1020)\n\t- DAO.closeProposal(uint256) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#940-945)\n\t- DAO.executeProposal(uint256,bytes) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#853-937)\n\t- DAO.vote(uint256,bool) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#820-850)\n\t- DAO.checkProposalCode(uint256,address,uint256,bytes) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#809-817)\n\t- DAO.isBlocked(address) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1208-1218)\n\t- DAO.newProposal(address,uint256,string,bytes,uint256,bool) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#741-806)\n\t- DAOInterface.proposals (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#394)\n\t- DAO.getNewDAOAddress(uint256) (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1204-1206)\n\t- DAO.numberOfProposals() (tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#1199-1202)\n", + "markdown": "Reentrancy in [DAO.splitDAO(uint256,address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L947-L1020):\n\tExternal calls:\n\t- [p.splitData[0].newDAO = createNewDAO(_newCurator)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L974)\n\t\t- [daoCreator.createDAO(_newCurator,0,0,now + splitExecutionPeriod)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1196)\n\tState variables written after the call(s):\n\t- [p.splitData[0].splitBalance = actualBalance()](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L981)\n\t[DAOInterface.proposals](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L394) can be used in cross function reentrancies:\n\t- [DAO.DAO(address,DAO_Creator,uint256,uint256,uint256,address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L702-L726)\n\t- [DAO.splitDAO(uint256,address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L947-L1020)\n\t- [DAO.closeProposal(uint256)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L940-L945)\n\t- [DAO.executeProposal(uint256,bytes)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L853-L937)\n\t- [DAO.vote(uint256,bool)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L820-L850)\n\t- [DAO.checkProposalCode(uint256,address,uint256,bytes)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L809-L817)\n\t- [DAO.isBlocked(address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1208-L1218)\n\t- [DAO.newProposal(address,uint256,string,bytes,uint256,bool)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L741-L806)\n\t- [DAOInterface.proposals](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L394)\n\t- [DAO.getNewDAOAddress(uint256)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1204-L1206)\n\t- [DAO.numberOfProposals()](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1199-L1202)\n\t- [p.splitData[0].rewardToken = rewardToken[address(this)]](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L982)\n\t[DAOInterface.proposals](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L394) can be used in cross function reentrancies:\n\t- [DAO.DAO(address,DAO_Creator,uint256,uint256,uint256,address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L702-L726)\n\t- [DAO.splitDAO(uint256,address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L947-L1020)\n\t- [DAO.closeProposal(uint256)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L940-L945)\n\t- [DAO.executeProposal(uint256,bytes)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L853-L937)\n\t- [DAO.vote(uint256,bool)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L820-L850)\n\t- [DAO.checkProposalCode(uint256,address,uint256,bytes)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L809-L817)\n\t- [DAO.isBlocked(address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1208-L1218)\n\t- [DAO.newProposal(address,uint256,string,bytes,uint256,bool)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L741-L806)\n\t- [DAOInterface.proposals](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L394)\n\t- [DAO.getNewDAOAddress(uint256)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1204-L1206)\n\t- [DAO.numberOfProposals()](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1199-L1202)\n\t- [p.splitData[0].totalSupply = totalSupply](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L983)\n\t[DAOInterface.proposals](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L394) can be used in cross function reentrancies:\n\t- [DAO.DAO(address,DAO_Creator,uint256,uint256,uint256,address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L702-L726)\n\t- [DAO.splitDAO(uint256,address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L947-L1020)\n\t- [DAO.closeProposal(uint256)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L940-L945)\n\t- [DAO.executeProposal(uint256,bytes)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L853-L937)\n\t- [DAO.vote(uint256,bool)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L820-L850)\n\t- [DAO.checkProposalCode(uint256,address,uint256,bytes)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L809-L817)\n\t- [DAO.isBlocked(address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1208-L1218)\n\t- [DAO.newProposal(address,uint256,string,bytes,uint256,bool)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L741-L806)\n\t- [DAOInterface.proposals](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L394)\n\t- [DAO.getNewDAOAddress(uint256)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1204-L1206)\n\t- [DAO.numberOfProposals()](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1199-L1202)\n\t- [p.proposalPassed = true](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L984)\n\t[DAOInterface.proposals](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L394) can be used in cross function reentrancies:\n\t- [DAO.DAO(address,DAO_Creator,uint256,uint256,uint256,address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L702-L726)\n\t- [DAO.splitDAO(uint256,address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L947-L1020)\n\t- [DAO.closeProposal(uint256)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L940-L945)\n\t- [DAO.executeProposal(uint256,bytes)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L853-L937)\n\t- [DAO.vote(uint256,bool)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L820-L850)\n\t- [DAO.checkProposalCode(uint256,address,uint256,bytes)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L809-L817)\n\t- [DAO.isBlocked(address)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1208-L1218)\n\t- [DAO.newProposal(address,uint256,string,bytes,uint256,bool)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L741-L806)\n\t- [DAOInterface.proposals](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L394)\n\t- [DAO.getNewDAOAddress(uint256)](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1204-L1206)\n\t- [DAO.numberOfProposals()](tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L1199-L1202)\n", + "first_markdown_element": "tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol#L947-L1020", + "id": "a29fd7cc3b139b8557f0b567f7d6fd65848b7e89128fcdbd7b170fc326f2d034", "check": "reentrancy-no-eth", "impact": "Medium", "confidence": "Medium" diff --git a/tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol.0.4.25.ReentrancyReadBeforeWritten.json b/tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol.0.4.25.ReentrancyReadBeforeWritten.json index db8e6c5a9..cd221e264 100644 --- a/tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol.0.4.25.ReentrancyReadBeforeWritten.json +++ b/tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol.0.4.25.ReentrancyReadBeforeWritten.json @@ -285,10 +285,10 @@ } } ], - "description": "Reentrancy in ReentrancyWrite.bad0() (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#16-22):\n\tExternal calls:\n\t- ! (msg.sender.call()) (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#18)\n\tState variables written after the call(s):\n\t- notCalled = false (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#21)\n", - "markdown": "Reentrancy in [ReentrancyWrite.bad0()](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L16-L22):\n\tExternal calls:\n\t- [! (msg.sender.call())](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L18)\n\tState variables written after the call(s):\n\t- [notCalled = false](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L21)\n", + "description": "Reentrancy in ReentrancyWrite.bad0() (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#16-22):\n\tExternal calls:\n\t- ! (msg.sender.call()) (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#18)\n\tState variables written after the call(s):\n\t- notCalled = false (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#21)\n\tReentrancyWrite.notCalled (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#4) can be used in cross function reentrancies:\n\t- ReentrancyWrite.bad1(address) (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#24-29)\n\t- ReentrancyWrite.good() (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#31-37)\n\t- ReentrancyWrite.bad0() (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#16-22)\n\t- ReentrancyWrite.constructor(address) (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#7-14)\n", + "markdown": "Reentrancy in [ReentrancyWrite.bad0()](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L16-L22):\n\tExternal calls:\n\t- [! (msg.sender.call())](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L18)\n\tState variables written after the call(s):\n\t- [notCalled = false](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L21)\n\t[ReentrancyWrite.notCalled](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L4) can be used in cross function reentrancies:\n\t- [ReentrancyWrite.bad1(address)](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L24-L29)\n\t- [ReentrancyWrite.good()](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L31-L37)\n\t- [ReentrancyWrite.bad0()](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L16-L22)\n\t- [ReentrancyWrite.constructor(address)](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L7-L14)\n", "first_markdown_element": "tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L16-L22", - "id": "296bbfc5c41b40046e8fc0563e89099df3ff17caf0bd3ff8dde0271aacd8d981", + "id": "3bc05460c227cccc946c2f7168a6a1c08270f2bb11cae6b62f0126a11c567e4d", "check": "reentrancy-no-eth", "impact": "Medium", "confidence": "Medium" @@ -878,10 +878,10 @@ } } ], - "description": "Reentrancy in ReentrancyWrite.bad1(address) (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#24-29):\n\tExternal calls:\n\t- success = msg.sender.call() (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#26)\n\t- bad0() (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#28)\n\t\t- ! (msg.sender.call()) (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#18)\n\tState variables written after the call(s):\n\t- bad0() (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#28)\n\t\t- notCalled = false (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#21)\n", - "markdown": "Reentrancy in [ReentrancyWrite.bad1(address)](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L24-L29):\n\tExternal calls:\n\t- [success = msg.sender.call()](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L26)\n\t- [bad0()](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L28)\n\t\t- [! (msg.sender.call())](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L18)\n\tState variables written after the call(s):\n\t- [bad0()](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L28)\n\t\t- [notCalled = false](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L21)\n", + "description": "Reentrancy in ReentrancyWrite.bad1(address) (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#24-29):\n\tExternal calls:\n\t- success = msg.sender.call() (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#26)\n\t- bad0() (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#28)\n\t\t- ! (msg.sender.call()) (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#18)\n\tState variables written after the call(s):\n\t- bad0() (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#28)\n\t\t- notCalled = false (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#21)\n\tReentrancyWrite.notCalled (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#4) can be used in cross function reentrancies:\n\t- ReentrancyWrite.bad1(address) (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#24-29)\n\t- ReentrancyWrite.good() (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#31-37)\n\t- ReentrancyWrite.bad0() (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#16-22)\n\t- ReentrancyWrite.constructor(address) (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#7-14)\n", + "markdown": "Reentrancy in [ReentrancyWrite.bad1(address)](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L24-L29):\n\tExternal calls:\n\t- [success = msg.sender.call()](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L26)\n\t- [bad0()](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L28)\n\t\t- [! (msg.sender.call())](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L18)\n\tState variables written after the call(s):\n\t- [bad0()](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L28)\n\t\t- [notCalled = false](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L21)\n\t[ReentrancyWrite.notCalled](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L4) can be used in cross function reentrancies:\n\t- [ReentrancyWrite.bad1(address)](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L24-L29)\n\t- [ReentrancyWrite.good()](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L31-L37)\n\t- [ReentrancyWrite.bad0()](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L16-L22)\n\t- [ReentrancyWrite.constructor(address)](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L7-L14)\n", "first_markdown_element": "tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L24-L29", - "id": "93b771e9737b42c786392b01e24457616ec7e54b5dd7714c96a1e67b9dd535f3", + "id": "514836811124969afe8a00811a5b65e796b256cc4c2335a2a47b070ceeea6c56", "check": "reentrancy-no-eth", "impact": "Medium", "confidence": "Medium" diff --git a/tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol.0.5.16.ReentrancyReadBeforeWritten.json b/tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol.0.5.16.ReentrancyReadBeforeWritten.json index f95464351..bdca823bc 100644 --- a/tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol.0.5.16.ReentrancyReadBeforeWritten.json +++ b/tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol.0.5.16.ReentrancyReadBeforeWritten.json @@ -599,10 +599,10 @@ } } ], - "description": "Reentrancy in ReentrancyWrite.bad1(address) (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#25-30):\n\tExternal calls:\n\t- (success) = msg.sender.call() (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#27)\n\t- bad0() (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#29)\n\t\t- (success) = msg.sender.call() (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#18)\n\tState variables written after the call(s):\n\t- bad0() (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#29)\n\t\t- notCalled = false (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#22)\n", - "markdown": "Reentrancy in [ReentrancyWrite.bad1(address)](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L25-L30):\n\tExternal calls:\n\t- [(success) = msg.sender.call()](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L27)\n\t- [bad0()](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L29)\n\t\t- [(success) = msg.sender.call()](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L18)\n\tState variables written after the call(s):\n\t- [bad0()](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L29)\n\t\t- [notCalled = false](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L22)\n", + "description": "Reentrancy in ReentrancyWrite.bad1(address) (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#25-30):\n\tExternal calls:\n\t- (success) = msg.sender.call() (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#27)\n\t- bad0() (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#29)\n\t\t- (success) = msg.sender.call() (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#18)\n\tState variables written after the call(s):\n\t- bad0() (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#29)\n\t\t- notCalled = false (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#22)\n\tReentrancyWrite.notCalled (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#4) can be used in cross function reentrancies:\n\t- ReentrancyWrite.bad1(address) (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#25-30)\n\t- ReentrancyWrite.good() (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#32-39)\n\t- ReentrancyWrite.constructor(address) (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#7-14)\n\t- ReentrancyWrite.bad0() (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#16-23)\n", + "markdown": "Reentrancy in [ReentrancyWrite.bad1(address)](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L25-L30):\n\tExternal calls:\n\t- [(success) = msg.sender.call()](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L27)\n\t- [bad0()](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L29)\n\t\t- [(success) = msg.sender.call()](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L18)\n\tState variables written after the call(s):\n\t- [bad0()](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L29)\n\t\t- [notCalled = false](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L22)\n\t[ReentrancyWrite.notCalled](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L4) can be used in cross function reentrancies:\n\t- [ReentrancyWrite.bad1(address)](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L25-L30)\n\t- [ReentrancyWrite.good()](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L32-L39)\n\t- [ReentrancyWrite.constructor(address)](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L7-L14)\n\t- [ReentrancyWrite.bad0()](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L16-L23)\n", "first_markdown_element": "tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L25-L30", - "id": "9fbfafd0d47ce4f4ead524570f382093c186c4e9e5e96ce0067fce3ffb6dc74a", + "id": "0dd623b92acd7258e533f11a80e357a3b37fd0779dfba04f26838b425911f6aa", "check": "reentrancy-no-eth", "impact": "Medium", "confidence": "Medium" @@ -901,10 +901,10 @@ } } ], - "description": "Reentrancy in ReentrancyWrite.bad0() (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#16-23):\n\tExternal calls:\n\t- (success) = msg.sender.call() (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#18)\n\tState variables written after the call(s):\n\t- notCalled = false (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#22)\n", - "markdown": "Reentrancy in [ReentrancyWrite.bad0()](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L16-L23):\n\tExternal calls:\n\t- [(success) = msg.sender.call()](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L18)\n\tState variables written after the call(s):\n\t- [notCalled = false](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L22)\n", + "description": "Reentrancy in ReentrancyWrite.bad0() (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#16-23):\n\tExternal calls:\n\t- (success) = msg.sender.call() (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#18)\n\tState variables written after the call(s):\n\t- notCalled = false (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#22)\n\tReentrancyWrite.notCalled (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#4) can be used in cross function reentrancies:\n\t- ReentrancyWrite.bad1(address) (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#25-30)\n\t- ReentrancyWrite.good() (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#32-39)\n\t- ReentrancyWrite.constructor(address) (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#7-14)\n\t- ReentrancyWrite.bad0() (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#16-23)\n", + "markdown": "Reentrancy in [ReentrancyWrite.bad0()](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L16-L23):\n\tExternal calls:\n\t- [(success) = msg.sender.call()](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L18)\n\tState variables written after the call(s):\n\t- [notCalled = false](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L22)\n\t[ReentrancyWrite.notCalled](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L4) can be used in cross function reentrancies:\n\t- [ReentrancyWrite.bad1(address)](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L25-L30)\n\t- [ReentrancyWrite.good()](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L32-L39)\n\t- [ReentrancyWrite.constructor(address)](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L7-L14)\n\t- [ReentrancyWrite.bad0()](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L16-L23)\n", "first_markdown_element": "tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L16-L23", - "id": "c9ba81d76d46579f9e78ac96b1aae43b71f2d4a96d4c47b2fab9831bf0f15a8f", + "id": "93009818ac1279458d7d6da3c2fe118a577b904efb7631d3778b8e3e268ada11", "check": "reentrancy-no-eth", "impact": "Medium", "confidence": "Medium" diff --git a/tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol.0.6.11.ReentrancyReadBeforeWritten.json b/tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol.0.6.11.ReentrancyReadBeforeWritten.json index e65491e8a..54f9cb2f0 100644 --- a/tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol.0.6.11.ReentrancyReadBeforeWritten.json +++ b/tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol.0.6.11.ReentrancyReadBeforeWritten.json @@ -4,23 +4,21 @@ "elements": [ { "type": "function", - "name": "bad0", + "name": "bad1", "source_mapping": { - "start": 336, - "length": 188, + "start": 530, + "length": 161, "filename_relative": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol", "is_dependency": false, "lines": [ - 16, - 17, - 18, - 19, - 20, - 21, - 22, - 23 + 25, + 26, + 27, + 28, + 29, + 30 ], "starting_column": 5, "ending_column": 6 @@ -81,21 +79,21 @@ "ending_column": 2 } }, - "signature": "bad0()" + "signature": "bad1(address)" } }, { "type": "node", "name": "(success) = msg.sender.call()", "source_mapping": { - "start": 397, + "start": 605, "length": 37, "filename_relative": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol", "is_dependency": false, "lines": [ - 18 + 27 ], "starting_column": 9, "ending_column": 46 @@ -103,23 +101,21 @@ "type_specific_fields": { "parent": { "type": "function", - "name": "bad0", + "name": "bad1", "source_mapping": { - "start": 336, - "length": 188, + "start": 530, + "length": 161, "filename_relative": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol", "is_dependency": false, "lines": [ - 16, - 17, - 18, - 19, - 20, - 21, - 22, - 23 + 25, + 26, + 27, + 28, + 29, + 30 ], "starting_column": 5, "ending_column": 6 @@ -180,7 +176,7 @@ "ending_column": 2 } }, - "signature": "bad0()" + "signature": "bad1(address)" } } }, @@ -190,40 +186,38 @@ }, { "type": "node", - "name": "notCalled = false", + "name": "bad0()", "source_mapping": { - "start": 500, - "length": 17, + "start": 678, + "length": 6, "filename_relative": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol", "is_dependency": false, "lines": [ - 22 + 29 ], "starting_column": 9, - "ending_column": 26 + "ending_column": 15 }, "type_specific_fields": { "parent": { "type": "function", - "name": "bad0", + "name": "bad1", "source_mapping": { - "start": 336, - "length": 188, + "start": 530, + "length": 161, "filename_relative": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol", "is_dependency": false, "lines": [ - 16, - 17, - 18, - 19, - 20, - 21, - 22, - 23 + 25, + 26, + 27, + 28, + 29, + 30 ], "starting_column": 5, "ending_column": 6 @@ -284,118 +278,26 @@ "ending_column": 2 } }, - "signature": "bad0()" + "signature": "bad1(address)" } } }, "additional_fields": { - "underlying_type": "variables_written", - "variable_name": "notCalled" - } - } - ], - "description": "Reentrancy in ReentrancyWrite.bad0() (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#16-23):\n\tExternal calls:\n\t- (success) = msg.sender.call() (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#18)\n\tState variables written after the call(s):\n\t- notCalled = false (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#22)\n", - "markdown": "Reentrancy in [ReentrancyWrite.bad0()](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L16-L23):\n\tExternal calls:\n\t- [(success) = msg.sender.call()](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L18)\n\tState variables written after the call(s):\n\t- [notCalled = false](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L22)\n", - "first_markdown_element": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L16-L23", - "id": "6d19938cb98129ec5abb0fcde1a08ea92c6ab0125e210a1d4c10f27e9a9419cb", - "check": "reentrancy-no-eth", - "impact": "Medium", - "confidence": "Medium" - }, - { - "elements": [ - { - "type": "function", - "name": "bad1", - "source_mapping": { - "start": 530, - "length": 161, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol", - "is_dependency": false, - "lines": [ - 25, - 26, - 27, - 28, - 29, - 30 - ], - "starting_column": 5, - "ending_column": 6 - }, - "type_specific_fields": { - "parent": { - "type": "contract", - "name": "ReentrancyWrite", - "source_mapping": { - "start": 28, - "length": 859, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol", - "is_dependency": false, - "lines": [ - 3, - 4, - 5, - 6, - 7, - 8, - 9, - 10, - 11, - 12, - 13, - 14, - 15, - 16, - 17, - 18, - 19, - 20, - 21, - 22, - 23, - 24, - 25, - 26, - 27, - 28, - 29, - 30, - 31, - 32, - 33, - 34, - 35, - 36, - 37, - 38, - 39, - 40, - 41 - ], - "starting_column": 1, - "ending_column": 2 - } - }, - "signature": "bad1(address)" + "underlying_type": "external_calls" } }, { "type": "node", "name": "(success) = msg.sender.call()", "source_mapping": { - "start": 605, + "start": 397, "length": 37, "filename_relative": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol", "is_dependency": false, "lines": [ - 27 + 18 ], "starting_column": 9, "ending_column": 46 @@ -403,21 +305,23 @@ "type_specific_fields": { "parent": { "type": "function", - "name": "bad1", + "name": "bad0", "source_mapping": { - "start": 530, - "length": 161, + "start": 336, + "length": 188, "filename_relative": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol", "is_dependency": false, "lines": [ - 25, - 26, - 27, - 28, - 29, - 30 + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23 ], "starting_column": 5, "ending_column": 6 @@ -478,12 +382,12 @@ "ending_column": 2 } }, - "signature": "bad1(address)" + "signature": "bad0()" } } }, "additional_fields": { - "underlying_type": "external_calls" + "underlying_type": "external_calls_sending_eth" } }, { @@ -585,24 +489,25 @@ } }, "additional_fields": { - "underlying_type": "external_calls" + "underlying_type": "variables_written", + "variable_name": "notCalled" } }, { "type": "node", - "name": "(success) = msg.sender.call()", + "name": "notCalled = false", "source_mapping": { - "start": 397, - "length": 37, + "start": 500, + "length": 17, "filename_relative": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol", "is_dependency": false, "lines": [ - 18 + 22 ], "starting_column": 9, - "ending_column": 46 + "ending_column": 26 }, "type_specific_fields": { "parent": { @@ -689,43 +594,139 @@ } }, "additional_fields": { - "underlying_type": "external_calls_sending_eth" + "underlying_type": "variables_written", + "variable_name": "notCalled" } - }, + } + ], + "description": "Reentrancy in ReentrancyWrite.bad1(address) (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#25-30):\n\tExternal calls:\n\t- (success) = msg.sender.call() (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#27)\n\t- bad0() (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#29)\n\t\t- (success) = msg.sender.call() (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#18)\n\tState variables written after the call(s):\n\t- bad0() (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#29)\n\t\t- notCalled = false (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#22)\n\tReentrancyWrite.notCalled (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#4) can be used in cross function reentrancies:\n\t- ReentrancyWrite.bad1(address) (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#25-30)\n\t- ReentrancyWrite.bad0() (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#16-23)\n\t- ReentrancyWrite.good() (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#32-39)\n\t- ReentrancyWrite.constructor(address) (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#7-14)\n", + "markdown": "Reentrancy in [ReentrancyWrite.bad1(address)](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L25-L30):\n\tExternal calls:\n\t- [(success) = msg.sender.call()](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L27)\n\t- [bad0()](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L29)\n\t\t- [(success) = msg.sender.call()](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L18)\n\tState variables written after the call(s):\n\t- [bad0()](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L29)\n\t\t- [notCalled = false](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L22)\n\t[ReentrancyWrite.notCalled](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L4) can be used in cross function reentrancies:\n\t- [ReentrancyWrite.bad1(address)](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L25-L30)\n\t- [ReentrancyWrite.bad0()](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L16-L23)\n\t- [ReentrancyWrite.good()](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L32-L39)\n\t- [ReentrancyWrite.constructor(address)](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L7-L14)\n", + "first_markdown_element": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L25-L30", + "id": "232f48650d7bf9469e38dc71c912becdf053b585138ae647ce118e7fd00f172f", + "check": "reentrancy-no-eth", + "impact": "Medium", + "confidence": "Medium" + }, + { + "elements": [ { - "type": "node", - "name": "bad0()", + "type": "function", + "name": "bad0", "source_mapping": { - "start": 678, - "length": 6, + "start": 336, + "length": 188, "filename_relative": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol", "is_dependency": false, "lines": [ - 29 + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23 ], - "starting_column": 9, - "ending_column": 15 + "starting_column": 5, + "ending_column": 6 }, "type_specific_fields": { "parent": { - "type": "function", - "name": "bad1", + "type": "contract", + "name": "ReentrancyWrite", "source_mapping": { - "start": 530, - "length": 161, + "start": 28, + "length": 859, "filename_relative": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol", "is_dependency": false, "lines": [ + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24, 25, 26, 27, 28, 29, - 30 + 30, + 31, + 32, + 33, + 34, + 35, + 36, + 37, + 38, + 39, + 40, + 41 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "bad0()" + } + }, + { + "type": "node", + "name": "(success) = msg.sender.call()", + "source_mapping": { + "start": 397, + "length": 37, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol", + "is_dependency": false, + "lines": [ + 18 + ], + "starting_column": 9, + "ending_column": 46 + }, + "type_specific_fields": { + "parent": { + "type": "function", + "name": "bad0", + "source_mapping": { + "start": 336, + "length": 188, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol", + "is_dependency": false, + "lines": [ + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23 ], "starting_column": 5, "ending_column": 6 @@ -786,13 +787,12 @@ "ending_column": 2 } }, - "signature": "bad1(address)" + "signature": "bad0()" } } }, "additional_fields": { - "underlying_type": "variables_written", - "variable_name": "notCalled" + "underlying_type": "external_calls" } }, { @@ -901,10 +901,10 @@ } } ], - "description": "Reentrancy in ReentrancyWrite.bad1(address) (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#25-30):\n\tExternal calls:\n\t- (success) = msg.sender.call() (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#27)\n\t- bad0() (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#29)\n\t\t- (success) = msg.sender.call() (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#18)\n\tState variables written after the call(s):\n\t- bad0() (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#29)\n\t\t- notCalled = false (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#22)\n", - "markdown": "Reentrancy in [ReentrancyWrite.bad1(address)](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L25-L30):\n\tExternal calls:\n\t- [(success) = msg.sender.call()](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L27)\n\t- [bad0()](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L29)\n\t\t- [(success) = msg.sender.call()](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L18)\n\tState variables written after the call(s):\n\t- [bad0()](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L29)\n\t\t- [notCalled = false](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L22)\n", - "first_markdown_element": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L25-L30", - "id": "dfc70c3670d28f163af1fd624da8ace78193a8309e4c442462e7bc96e88eeae1", + "description": "Reentrancy in ReentrancyWrite.bad0() (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#16-23):\n\tExternal calls:\n\t- (success) = msg.sender.call() (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#18)\n\tState variables written after the call(s):\n\t- notCalled = false (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#22)\n\tReentrancyWrite.notCalled (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#4) can be used in cross function reentrancies:\n\t- ReentrancyWrite.bad1(address) (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#25-30)\n\t- ReentrancyWrite.bad0() (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#16-23)\n\t- ReentrancyWrite.good() (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#32-39)\n\t- ReentrancyWrite.constructor(address) (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#7-14)\n", + "markdown": "Reentrancy in [ReentrancyWrite.bad0()](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L16-L23):\n\tExternal calls:\n\t- [(success) = msg.sender.call()](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L18)\n\tState variables written after the call(s):\n\t- [notCalled = false](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L22)\n\t[ReentrancyWrite.notCalled](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L4) can be used in cross function reentrancies:\n\t- [ReentrancyWrite.bad1(address)](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L25-L30)\n\t- [ReentrancyWrite.bad0()](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L16-L23)\n\t- [ReentrancyWrite.good()](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L32-L39)\n\t- [ReentrancyWrite.constructor(address)](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L7-L14)\n", + "first_markdown_element": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L16-L23", + "id": "5e64a5802add2be9ad59984ffa00767903dd82e9ce98c639b82ba05cd3d66197", "check": "reentrancy-no-eth", "impact": "Medium", "confidence": "Medium" diff --git a/tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol.0.7.6.ReentrancyReadBeforeWritten.json b/tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol.0.7.6.ReentrancyReadBeforeWritten.json index da5b4ef65..8c55f5d56 100644 --- a/tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol.0.7.6.ReentrancyReadBeforeWritten.json +++ b/tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol.0.7.6.ReentrancyReadBeforeWritten.json @@ -4,21 +4,23 @@ "elements": [ { "type": "function", - "name": "bad1", + "name": "bad0", "source_mapping": { - "start": 577, - "length": 161, + "start": 383, + "length": 188, "filename_relative": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol", "is_dependency": false, "lines": [ - 29, - 30, - 31, - 32, - 33, - 34 + 20, + 21, + 22, + 23, + 24, + 25, + 26, + 27 ], "starting_column": 5, "ending_column": 6 @@ -79,21 +81,21 @@ "ending_column": 2 } }, - "signature": "bad1(address)" + "signature": "bad0()" } }, { "type": "node", "name": "(success) = msg.sender.call()", "source_mapping": { - "start": 652, + "start": 444, "length": 37, "filename_relative": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol", "is_dependency": false, "lines": [ - 31 + 22 ], "starting_column": 9, "ending_column": 46 @@ -101,21 +103,23 @@ "type_specific_fields": { "parent": { "type": "function", - "name": "bad1", + "name": "bad0", "source_mapping": { - "start": 577, - "length": 161, + "start": 383, + "length": 188, "filename_relative": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol", "is_dependency": false, "lines": [ - 29, - 30, - 31, - 32, - 33, - 34 + 20, + 21, + 22, + 23, + 24, + 25, + 26, + 27 ], "starting_column": 5, "ending_column": 6 @@ -176,7 +180,7 @@ "ending_column": 2 } }, - "signature": "bad1(address)" + "signature": "bad0()" } } }, @@ -186,38 +190,40 @@ }, { "type": "node", - "name": "bad0()", + "name": "notCalled = false", "source_mapping": { - "start": 725, - "length": 6, + "start": 547, + "length": 17, "filename_relative": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol", "is_dependency": false, "lines": [ - 33 + 26 ], "starting_column": 9, - "ending_column": 15 + "ending_column": 26 }, "type_specific_fields": { "parent": { "type": "function", - "name": "bad1", + "name": "bad0", "source_mapping": { - "start": 577, - "length": 161, + "start": 383, + "length": 188, "filename_relative": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol", "is_dependency": false, "lines": [ - 29, - 30, - 31, - 32, - 33, - 34 + 20, + 21, + 22, + 23, + 24, + 25, + 26, + 27 ], "starting_column": 5, "ending_column": 6 @@ -278,42 +284,72 @@ "ending_column": 2 } }, - "signature": "bad1(address)" + "signature": "bad0()" } } }, "additional_fields": { - "underlying_type": "external_calls" + "underlying_type": "variables_written", + "variable_name": "notCalled" } - }, + } + ], + "description": "Reentrancy in ReentrancyWrite.bad0() (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#20-27):\n\tExternal calls:\n\t- (success) = msg.sender.call() (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#22)\n\tState variables written after the call(s):\n\t- notCalled = false (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#26)\n\tReentrancyWrite.notCalled (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#8) can be used in cross function reentrancies:\n\t- ReentrancyWrite.good() (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#36-43)\n\t- ReentrancyWrite.bad1(address) (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#29-34)\n\t- ReentrancyWrite.constructor(address) (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#11-18)\n\t- ReentrancyWrite.bad0() (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#20-27)\n", + "markdown": "Reentrancy in [ReentrancyWrite.bad0()](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L20-L27):\n\tExternal calls:\n\t- [(success) = msg.sender.call()](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L22)\n\tState variables written after the call(s):\n\t- [notCalled = false](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L26)\n\t[ReentrancyWrite.notCalled](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L8) can be used in cross function reentrancies:\n\t- [ReentrancyWrite.good()](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L36-L43)\n\t- [ReentrancyWrite.bad1(address)](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L29-L34)\n\t- [ReentrancyWrite.constructor(address)](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L11-L18)\n\t- [ReentrancyWrite.bad0()](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L20-L27)\n", + "first_markdown_element": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L20-L27", + "id": "cf39a28788af70504d3a13236987d1865481df931b5eaac9e9e28b1b826d4ce6", + "check": "reentrancy-no-eth", + "impact": "Medium", + "confidence": "Medium" + }, + { + "elements": [ { - "type": "node", - "name": "(success) = msg.sender.call()", + "type": "function", + "name": "bad1", "source_mapping": { - "start": 444, - "length": 37, + "start": 577, + "length": 161, "filename_relative": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol", "is_dependency": false, "lines": [ - 22 + 29, + 30, + 31, + 32, + 33, + 34 ], - "starting_column": 9, - "ending_column": 46 + "starting_column": 5, + "ending_column": 6 }, "type_specific_fields": { "parent": { - "type": "function", - "name": "bad0", + "type": "contract", + "name": "ReentrancyWrite", "source_mapping": { - "start": 383, - "length": 188, + "start": 82, + "length": 852, "filename_relative": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol", "is_dependency": false, "lines": [ + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, 20, 21, 22, @@ -321,7 +357,67 @@ 24, 25, 26, - 27 + 27, + 28, + 29, + 30, + 31, + 32, + 33, + 34, + 35, + 36, + 37, + 38, + 39, + 40, + 41, + 42, + 43, + 44, + 45 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "bad1(address)" + } + }, + { + "type": "node", + "name": "(success) = msg.sender.call()", + "source_mapping": { + "start": 652, + "length": 37, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol", + "is_dependency": false, + "lines": [ + 31 + ], + "starting_column": 9, + "ending_column": 46 + }, + "type_specific_fields": { + "parent": { + "type": "function", + "name": "bad1", + "source_mapping": { + "start": 577, + "length": 161, + "filename_relative": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol", + "is_dependency": false, + "lines": [ + 29, + 30, + 31, + 32, + 33, + 34 ], "starting_column": 5, "ending_column": 6 @@ -382,12 +478,12 @@ "ending_column": 2 } }, - "signature": "bad0()" + "signature": "bad1(address)" } } }, "additional_fields": { - "underlying_type": "external_calls_sending_eth" + "underlying_type": "external_calls" } }, { @@ -489,25 +585,24 @@ } }, "additional_fields": { - "underlying_type": "variables_written", - "variable_name": "notCalled" + "underlying_type": "external_calls" } }, { "type": "node", - "name": "notCalled = false", + "name": "(success) = msg.sender.call()", "source_mapping": { - "start": 547, - "length": 17, + "start": 444, + "length": 37, "filename_relative": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol", "is_dependency": false, "lines": [ - 26 + 22 ], "starting_column": 9, - "ending_column": 26 + "ending_column": 46 }, "type_specific_fields": { "parent": { @@ -594,139 +689,43 @@ } }, "additional_fields": { - "underlying_type": "variables_written", - "variable_name": "notCalled" + "underlying_type": "external_calls_sending_eth" } - } - ], - "description": "Reentrancy in ReentrancyWrite.bad1(address) (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#29-34):\n\tExternal calls:\n\t- (success) = msg.sender.call() (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#31)\n\t- bad0() (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#33)\n\t\t- (success) = msg.sender.call() (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#22)\n\tState variables written after the call(s):\n\t- bad0() (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#33)\n\t\t- notCalled = false (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#26)\n", - "markdown": "Reentrancy in [ReentrancyWrite.bad1(address)](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L29-L34):\n\tExternal calls:\n\t- [(success) = msg.sender.call()](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L31)\n\t- [bad0()](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L33)\n\t\t- [(success) = msg.sender.call()](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L22)\n\tState variables written after the call(s):\n\t- [bad0()](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L33)\n\t\t- [notCalled = false](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L26)\n", - "first_markdown_element": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L29-L34", - "id": "11273f8e5ccbb848ea0de9b7c15e3fb66deb7c061265f88b8aa7646eed935c0e", - "check": "reentrancy-no-eth", - "impact": "Medium", - "confidence": "Medium" - }, - { - "elements": [ + }, { - "type": "function", - "name": "bad0", + "type": "node", + "name": "bad0()", "source_mapping": { - "start": 383, - "length": 188, + "start": 725, + "length": 6, "filename_relative": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol", "is_dependency": false, "lines": [ - 20, - 21, - 22, - 23, - 24, - 25, - 26, - 27 + 33 ], - "starting_column": 5, - "ending_column": 6 + "starting_column": 9, + "ending_column": 15 }, "type_specific_fields": { "parent": { - "type": "contract", - "name": "ReentrancyWrite", + "type": "function", + "name": "bad1", "source_mapping": { - "start": 82, - "length": 852, + "start": 577, + "length": 161, "filename_relative": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol", "is_dependency": false, "lines": [ - 7, - 8, - 9, - 10, - 11, - 12, - 13, - 14, - 15, - 16, - 17, - 18, - 19, - 20, - 21, - 22, - 23, - 24, - 25, - 26, - 27, - 28, 29, 30, 31, 32, 33, - 34, - 35, - 36, - 37, - 38, - 39, - 40, - 41, - 42, - 43, - 44, - 45 - ], - "starting_column": 1, - "ending_column": 2 - } - }, - "signature": "bad0()" - } - }, - { - "type": "node", - "name": "(success) = msg.sender.call()", - "source_mapping": { - "start": 444, - "length": 37, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol", - "is_dependency": false, - "lines": [ - 22 - ], - "starting_column": 9, - "ending_column": 46 - }, - "type_specific_fields": { - "parent": { - "type": "function", - "name": "bad0", - "source_mapping": { - "start": 383, - "length": 188, - "filename_relative": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol", - "filename_absolute": "/GENERIC_PATH", - "filename_short": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol", - "is_dependency": false, - "lines": [ - 20, - 21, - 22, - 23, - 24, - 25, - 26, - 27 + 34 ], "starting_column": 5, "ending_column": 6 @@ -787,12 +786,13 @@ "ending_column": 2 } }, - "signature": "bad0()" + "signature": "bad1(address)" } } }, "additional_fields": { - "underlying_type": "external_calls" + "underlying_type": "variables_written", + "variable_name": "notCalled" } }, { @@ -901,10 +901,10 @@ } } ], - "description": "Reentrancy in ReentrancyWrite.bad0() (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#20-27):\n\tExternal calls:\n\t- (success) = msg.sender.call() (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#22)\n\tState variables written after the call(s):\n\t- notCalled = false (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#26)\n", - "markdown": "Reentrancy in [ReentrancyWrite.bad0()](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L20-L27):\n\tExternal calls:\n\t- [(success) = msg.sender.call()](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L22)\n\tState variables written after the call(s):\n\t- [notCalled = false](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L26)\n", - "first_markdown_element": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L20-L27", - "id": "ef995e89d54c7b577af2ca26540e01da65ac0e2466d6d7a58e4d11e9211b12a4", + "description": "Reentrancy in ReentrancyWrite.bad1(address) (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#29-34):\n\tExternal calls:\n\t- (success) = msg.sender.call() (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#31)\n\t- bad0() (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#33)\n\t\t- (success) = msg.sender.call() (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#22)\n\tState variables written after the call(s):\n\t- bad0() (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#33)\n\t\t- notCalled = false (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#26)\n\tReentrancyWrite.notCalled (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#8) can be used in cross function reentrancies:\n\t- ReentrancyWrite.good() (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#36-43)\n\t- ReentrancyWrite.bad1(address) (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#29-34)\n\t- ReentrancyWrite.constructor(address) (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#11-18)\n\t- ReentrancyWrite.bad0() (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#20-27)\n", + "markdown": "Reentrancy in [ReentrancyWrite.bad1(address)](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L29-L34):\n\tExternal calls:\n\t- [(success) = msg.sender.call()](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L31)\n\t- [bad0()](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L33)\n\t\t- [(success) = msg.sender.call()](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L22)\n\tState variables written after the call(s):\n\t- [bad0()](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L33)\n\t\t- [notCalled = false](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L26)\n\t[ReentrancyWrite.notCalled](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L8) can be used in cross function reentrancies:\n\t- [ReentrancyWrite.good()](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L36-L43)\n\t- [ReentrancyWrite.bad1(address)](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L29-L34)\n\t- [ReentrancyWrite.constructor(address)](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L11-L18)\n\t- [ReentrancyWrite.bad0()](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L20-L27)\n", + "first_markdown_element": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L29-L34", + "id": "dd963c750bf6572ff8ee3e1f804143780370e025262d1f94204f7e82bd26b0e3", "check": "reentrancy-no-eth", "impact": "Medium", "confidence": "Medium"