From b26f8da1248e7f57119e76f5dc89014cd46272e8 Mon Sep 17 00:00:00 2001 From: Simone Date: Mon, 24 Apr 2023 21:23:08 +0200 Subject: [PATCH 01/10] Improve try-catch parsing --- slither/solc_parsing/declarations/function.py | 76 +++++++++++++++++-- 1 file changed, 70 insertions(+), 6 deletions(-) diff --git a/slither/solc_parsing/declarations/function.py b/slither/solc_parsing/declarations/function.py index 7438a7bb0..ab5d289a8 100644 --- a/slither/solc_parsing/declarations/function.py +++ b/slither/solc_parsing/declarations/function.py @@ -660,6 +660,55 @@ class FunctionSolc(CallerContextExpression): link_underlying_nodes(node_condition, node_endDoWhile) return node_endDoWhile + # pylint: disable=no-self-use + def _construct_try_expression(self, externalCall: Dict, parameters_list: Dict) -> Dict: + # if the parameters are more than 1 we make the leftHandSide of the Assignment node + # a TupleExpression otherwise an Identifier + + ret: Dict = {"nodeType": "Assignment", "operator": "=", "src": parameters_list["src"]} + + parameters = parameters_list.get("parameters", None) + + # if the name is "" it means the return variable is not used + if len(parameters) == 1: + if parameters[0]["name"] != "": + ret["typeDescriptions"] = { + "typeString": parameters[0]["typeName"]["typeDescriptions"]["typeString"] + } + leftHandSide = { + "name": parameters[0]["name"], + "nodeType": "Identifier", + "src": parameters[0]["src"], + "typeDescriptions": parameters[0]["typeDescriptions"], + } + else: + # we don't need an Assignment so we return only the external call + return externalCall + else: + ret["typeDescriptions"] = {"typeString": "tuple()"} + leftHandSide = { + "components": [], + "nodeType": "TupleExpression", + "src": parameters_list["src"], + } + + for p in parameters: + if p["name"] == "": + continue + + ident = { + "name": p["name"], + "nodeType": "Identifier", + "src": p["src"], + "typeDescriptions": p["typeDescriptions"], + } + leftHandSide["components"].append(ident) + + ret["leftHandSide"] = leftHandSide + ret["rightHandSide"] = externalCall + + return ret + def _parse_try_catch(self, statement: Dict, node: NodeSolc) -> NodeSolc: externalCall = statement.get("externalCall", None) @@ -669,15 +718,27 @@ class FunctionSolc(CallerContextExpression): node.underlying_node.scope.is_checked, False, node.underlying_node.scope ) new_node = self._new_node(NodeType.TRY, statement["src"], catch_scope) - new_node.add_unparsed_expression(externalCall) + clauses = statement.get("clauses", []) + # the first clause is the try scope + returned_variables = clauses[0].get("parameters", None) + constructed_try_expression = self._construct_try_expression( + externalCall, returned_variables + ) + new_node.add_unparsed_expression(constructed_try_expression) link_underlying_nodes(node, new_node) node = new_node - for clause in statement.get("clauses", []): - self._parse_catch(clause, node) + for index, clause in enumerate(clauses): + # clauses after the first one are related to catch cases + # we set the parameters (e.g. data in this case. catch(string memory data) ...) + # to be initialized so they are not reported by the uninitialized-local-variables detector + if index >= 1: + self._parse_catch(clause, node, True) + else: + self._parse_catch(clause, node, False) return node - def _parse_catch(self, statement: Dict, node: NodeSolc) -> NodeSolc: + def _parse_catch(self, statement: Dict, node: NodeSolc, var_initialized: bool) -> NodeSolc: block = statement.get("block", None) if block is None: @@ -695,7 +756,7 @@ class FunctionSolc(CallerContextExpression): if params: for param in params.get("parameters", []): assert param[self.get_key()] == "VariableDeclaration" - self._add_param(param) + self._add_param(param, var_initialized) return self._parse_statement(block, try_node, try_scope) @@ -1161,7 +1222,7 @@ class FunctionSolc(CallerContextExpression): visited.add(son) self._fix_catch(son, end_node, visited) - def _add_param(self, param: Dict) -> LocalVariableSolc: + def _add_param(self, param: Dict, initialized: bool = False) -> LocalVariableSolc: local_var = LocalVariable() local_var.set_function(self._function) @@ -1171,6 +1232,9 @@ class FunctionSolc(CallerContextExpression): local_var_parser.analyze(self) + if initialized: + local_var.initialized = True + # see https://solidity.readthedocs.io/en/v0.4.24/types.html?highlight=storage%20location#data-location if local_var.location == "default": local_var.set_location("memory") From d7b0d612c64eefc4bce33cdc4b09c6c740837a94 Mon Sep 17 00:00:00 2001 From: Simone Date: Thu, 27 Apr 2023 10:53:20 +0200 Subject: [PATCH 02/10] Improve handling of multiple return variables --- slither/solc_parsing/declarations/function.py | 41 ++++++++++++++----- 1 file changed, 31 insertions(+), 10 deletions(-) diff --git a/slither/solc_parsing/declarations/function.py b/slither/solc_parsing/declarations/function.py index ab5d289a8..7ac67a02d 100644 --- a/slither/solc_parsing/declarations/function.py +++ b/slither/solc_parsing/declarations/function.py @@ -672,6 +672,7 @@ class FunctionSolc(CallerContextExpression): # if the name is "" it means the return variable is not used if len(parameters) == 1: if parameters[0]["name"] != "": + self._add_param(parameters[0]) ret["typeDescriptions"] = { "typeString": parameters[0]["typeName"]["typeDescriptions"]["typeString"] } @@ -692,10 +693,17 @@ class FunctionSolc(CallerContextExpression): "src": parameters_list["src"], } - for p in parameters: + for i, p in enumerate(parameters): if p["name"] == "": continue + new_statement = { + "nodeType": "VariableDefinitionStatement", + "src": p["src"], + "declarations": [p], + } + self._add_param_init_tuple(new_statement, i) + ident = { "name": p["name"], "nodeType": "Identifier", @@ -735,10 +743,11 @@ class FunctionSolc(CallerContextExpression): if index >= 1: self._parse_catch(clause, node, True) else: + # the parameters for the try scope were already added in _construct_try_expression self._parse_catch(clause, node, False) return node - def _parse_catch(self, statement: Dict, node: NodeSolc, var_initialized: bool) -> NodeSolc: + def _parse_catch(self, statement: Dict, node: NodeSolc, add_param: bool) -> NodeSolc: block = statement.get("block", None) if block is None: @@ -748,15 +757,16 @@ class FunctionSolc(CallerContextExpression): try_node = self._new_node(NodeType.CATCH, statement["src"], try_scope) link_underlying_nodes(node, try_node) - if self.is_compact_ast: - params = statement.get("parameters", None) - else: - params = statement[self.get_children("children")] + if add_param: + if self.is_compact_ast: + params = statement.get("parameters", None) + else: + params = statement[self.get_children("children")] - if params: - for param in params.get("parameters", []): - assert param[self.get_key()] == "VariableDeclaration" - self._add_param(param, var_initialized) + if params: + for param in params.get("parameters", []): + assert param[self.get_key()] == "VariableDeclaration" + self._add_param(param, True) return self._parse_statement(block, try_node, try_scope) @@ -1242,6 +1252,17 @@ class FunctionSolc(CallerContextExpression): self._add_local_variable(local_var_parser) return local_var_parser + def _add_param_init_tuple(self, statement: Dict, index: int) -> LocalVariableInitFromTupleSolc: + + local_var = LocalVariableInitFromTuple() + local_var.set_function(self._function) + local_var.set_offset(statement["src"], self._function.compilation_unit) + + local_var_parser = LocalVariableInitFromTupleSolc(local_var, statement, index) + + self._add_local_variable(local_var_parser) + return local_var_parser + def _parse_params(self, params: Dict): assert params[self.get_key()] == "ParameterList" From 50876cf368bca53cada09234ee1096b2991af3d7 Mon Sep 17 00:00:00 2001 From: Simone Date: Thu, 27 Apr 2023 11:13:01 +0200 Subject: [PATCH 03/10] Handle when there aren't return variables --- slither/solc_parsing/declarations/function.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/slither/solc_parsing/declarations/function.py b/slither/solc_parsing/declarations/function.py index 7ac67a02d..57d7784e5 100644 --- a/slither/solc_parsing/declarations/function.py +++ b/slither/solc_parsing/declarations/function.py @@ -665,6 +665,11 @@ class FunctionSolc(CallerContextExpression): # if the parameters are more than 1 we make the leftHandSide of the Assignment node # a TupleExpression otherwise an Identifier + # case when there isn't returns(...) + # e.g. external call that doesn't have any return variable + if not parameters_list: + return externalCall + ret: Dict = {"nodeType": "Assignment", "operator": "=", "src": parameters_list["src"]} parameters = parameters_list.get("parameters", None) From 6eb296cdf71ebd48ccab7e24ca99ba89a3b2c171 Mon Sep 17 00:00:00 2001 From: Simone Date: Thu, 27 Apr 2023 11:23:03 +0200 Subject: [PATCH 04/10] Test catch variables not detected as uninitialized --- ...11_uninitialized_local_variable_sol__0.txt | 2 +- ..._6_uninitialized_local_variable_sol__0.txt | 2 +- .../0.6.11/uninitialized_local_variable.sol | 14 +++++++++++++- ...ninitialized_local_variable.sol-0.6.11.zip | Bin 1824 -> 2712 bytes .../0.7.6/uninitialized_local_variable.sol | 14 +++++++++++++- ...uninitialized_local_variable.sol-0.7.6.zip | Bin 1762 -> 2649 bytes 6 files changed, 28 insertions(+), 4 deletions(-) diff --git a/tests/e2e/detectors/snapshots/detectors__detector_UninitializedLocalVars_0_6_11_uninitialized_local_variable_sol__0.txt b/tests/e2e/detectors/snapshots/detectors__detector_UninitializedLocalVars_0_6_11_uninitialized_local_variable_sol__0.txt index 8e5dc65e8..7e5fa9559 100644 --- a/tests/e2e/detectors/snapshots/detectors__detector_UninitializedLocalVars_0_6_11_uninitialized_local_variable_sol__0.txt +++ b/tests/e2e/detectors/snapshots/detectors__detector_UninitializedLocalVars_0_6_11_uninitialized_local_variable_sol__0.txt @@ -1,2 +1,2 @@ -Uninitialized.func().uint_not_init (tests/e2e/detectors/test_data/uninitialized-local/0.6.11/uninitialized_local_variable.sol#4) is a local variable never initialized +Uninitialized.func().uint_not_init (tests/e2e/detectors/test_data/uninitialized-local/0.6.11/uninitialized_local_variable.sol#8) is a local variable never initialized diff --git a/tests/e2e/detectors/snapshots/detectors__detector_UninitializedLocalVars_0_7_6_uninitialized_local_variable_sol__0.txt b/tests/e2e/detectors/snapshots/detectors__detector_UninitializedLocalVars_0_7_6_uninitialized_local_variable_sol__0.txt index 495859ec1..7bf1564d7 100644 --- a/tests/e2e/detectors/snapshots/detectors__detector_UninitializedLocalVars_0_7_6_uninitialized_local_variable_sol__0.txt +++ b/tests/e2e/detectors/snapshots/detectors__detector_UninitializedLocalVars_0_7_6_uninitialized_local_variable_sol__0.txt @@ -1,2 +1,2 @@ -Uninitialized.func().uint_not_init (tests/e2e/detectors/test_data/uninitialized-local/0.7.6/uninitialized_local_variable.sol#4) is a local variable never initialized +Uninitialized.func().uint_not_init (tests/e2e/detectors/test_data/uninitialized-local/0.7.6/uninitialized_local_variable.sol#8) is a local variable never initialized diff --git a/tests/e2e/detectors/test_data/uninitialized-local/0.6.11/uninitialized_local_variable.sol b/tests/e2e/detectors/test_data/uninitialized-local/0.6.11/uninitialized_local_variable.sol index d28eef957..00a4fbc86 100644 --- a/tests/e2e/detectors/test_data/uninitialized-local/0.6.11/uninitialized_local_variable.sol +++ b/tests/e2e/detectors/test_data/uninitialized-local/0.6.11/uninitialized_local_variable.sol @@ -1,9 +1,21 @@ +interface I { + function a() external; +} + contract Uninitialized{ function func() external returns(uint){ uint uint_not_init; uint uint_init = 1; return uint_not_init + uint_init; - } + } + + function func_try_catch(I i) external returns(uint) { + try i.a() { + return 1; + } catch (bytes memory data) { + data; + } + } } diff --git a/tests/e2e/detectors/test_data/uninitialized-local/0.6.11/uninitialized_local_variable.sol-0.6.11.zip b/tests/e2e/detectors/test_data/uninitialized-local/0.6.11/uninitialized_local_variable.sol-0.6.11.zip index ca7ea0eb308fe7b52d4395dd5171d8bdbf5d44f2..d5b1203065287433605f4fdd799d6e32862f7048 100644 GIT binary patch delta 2557 zcmV@KL7#%4gfV;n^xf(0*uZH003G%kr-ru^+P_6+Z$mK{=)<4#k(GbXB?s{~H=a zs3iZSL1y6a%c)g=c8>~Gzo559b-?F@wye`NK)+y_mW4~=J%l}F&*_)3Aiw|>(5`1O z>!tfUafTu?!!Sn&5*^ygdzy;8H7BLD=W~5~y=n%^pC9f{{R3Z~-k2`0P=BWZarpw# z!zcOOX?_oKPLE`8q-&F=(Jlr8F_nz>CnbC5Gm$7Q_roxMvgz4;#M+XVKe_~?6~*)G z26CcKqL-st$F@hZVKEU8XrU)6Ihxs4zJ|Em2x!1)dSG=3twk5gJai^t9(CeW_8Nt`A$c4AX z!L9X_Ei*B|sO$6_X_rU+nB?ES!a)PZsLAabL*!3?g6Xf4bHyJa?PCv%`vycUDY(-! z(1EBBrk2I@e{v8*{XplTytWpbb+nv)nnL`K@Z17&f>E5R7N2YoDRSeU809V#IR@R_ zic$9uusQfhSOrMN;HFQU%y9@8S^ZHaHu{)hz|;nC&5gnj(QP<)`7X4lnR`ju=`Q4u3K1Wif)?Ka-kMexshf9 zo|cCbj)BxSi}FzHAzbngE*`UQ*x6MFfRh&zUvT1wVpT6}w0J?!pnuv%brbs$4QSx@ z^~sgRB^)CGQS0wj7E<6jL3U9%_&#*$&3}t+=ew3U|Mx&JierJAqw<{7u-apqYiOE( z-zlLtp15QYtvku0Ww6;%&BS!R0g0cX1&(N0+>EW&lgFcjut4xd!L<*l7Qi8fZTD}7 zO4LFUsg=p}vrrLMC`<1sqnZqfKyTH3f_(E}b=Vuk`JAzHWeT6j4A`#x=WsKmf8Lti zE+~@@U?iNQ3|SkM-){^WDb8D$!-`^m+rB2>D%)v~@S=TU@iQ+XT4ML38l;YRYyB}N z)pnN5!ZiU!^+0SdDQCN1J%lG~E@pm7Dj-+2zo874m_9oRJ37@NXB_0~TeQckdaoJH zc%*PI`?>eI2s7IEM*okcu6-1!NPzs=szbpU*%p~M{#_`{1>mHcZ>{N|4YK8bHOQ1r z1*RD(^jtM#+E8cM(giRmH#fmWaA3|fTx=-mvz(p6Hj41(m z`Fi7Z7^f_UwyCVvVrH7Ox@Iw|k%L@9JP36;H@7QAO3o&PSPh9yF{Ri-#hFfUY)dH1 zY{}VdqCLpLl)@)|sWai~nP&TcwrPui#wai}z7PTw;YKt(Eg_k*asE`b&IwI*(N($G zev;cB&FF*F=_F*{g5+Xe2J_;*!0sMGuH=#TZgri!ozdimHsM?<7rHZ`5^Fa2?xnnmj&&?6NQh^fI!`rUiowF`O)^t@ z9yYZrq-T-hXf?Mw)OykA-2M#FH2H8GTY@Dh;EYI#q}{N|(0TW!bu8SFuCUWl<&hZS zmydxk6jM}(^#CP>B1x%#Q@RzR&(W#9i{!N*(|8Bq{^ba1v0hF#^1IZhn%d=V=Jod; z=ysp64{GpWdTGPuNSO!xoKMsvxsE^xm6;pV#-Q!BrmDqoT9epazvXIW9a^rSE6Atly@@SD{>-5@~R6pqnYrya(B1@MoMev(wPxvh3k_Y8&U zq&@x9n#SVrNyCdxof+B2U#Y0&KMNQqjz+oscN+ui{G=dpwtUt8Z*b48By3_d$xkIZIr>QuZDK#F#CvlL{n4{_9kk074aWKdfm%;!{sGY4hBpz&4`t#nn>@OEh6H6 zieA|hM+vh57e_zswlLxG^i!HjJT08L=x-oV*y(#|g^ClBWH}{Zh{^w%gS7NI3?|{` zgpW_Y T2><|EJd?r(SOy>p00000-=q6_ delta 1662 zcmV-^27&pQ6`&3nP)h>@KL7#%4gfoicUFY{rkPd-005R9kr-ru@kbAZrIlV+*LwgE zaqkuAn-IgLgJeuNyVi!VK1b8<9aqj)uDYb#nS zHY^e*F=7K&YS+ln4SaR-_k6!uXh3PD<}wmtR!jY{Se^I|Bm2U3xGWrORE3vRF*_8< zW+_cI)15Y-azqLbQ^~}}V`zf212zFNUH~w$?eUdMU}O+~K>AQ#Gi=KhAMd~0!_A-w z^PEu$m+?QfxXzNswa{b1Y@UqnX_Bt=Q7e(>h4eoJ`Xrwrhn!qgTrSC9OXQoJI_QqwYnNj;KNG&_7Vd9bUAalE*2PZM_U9?z%oR ze;^0}3c@I`;6XrcW!%$;75x|pt>@INc_7dPG_a%I1K>~~^ol5QtQ);qh#gkB7yV?6ToR+IZ+M!=D6+o0N zX8E&WAX%WZ(Qh#dtQ+&Yt?gI^T6dXJSG2oP=iDu)e1^re;le2O!t-IW{u;!=A8OwI z*_F?K_`ZNUbc~)fNv#Ye2L}k5+qH5#kAn7AWkulDm)5sNUvw0v9q#T`n1A~L1$bn3 z`2JpUXXfFxot4t8!G2}3{*r~H15KTWh7Lf+-xiRa!Z`aC z4>gnzBcMaR;ubU~@l41PDlf0T+!Z^FxnaVgsZidW3NYoK=Hs(lazCFs!mXCGdIC$)TeioRzxD2)cpw>^A3diM1VN5V?LBB@u4YfX+ z_xnT~%W1rbzf3M_WmM?PU(h-z)XgLaa0Z88RU|XBJlVB8zenX)vKf?$C_>-4*+Eb(bd5=cLsEU4e#Bj{I=LVemi+p2W_S6$L6s? zVrh}ln+;^;sBnGaeC-SoK#9-%#j!=R4La6>`R~i=?03Z;`pxqpshmXXJfWp>6=^ue zRbRdR&mOys99#1bVrF5f{xi3KDWMBrXf#SMDSCm{5uojfN zGz1~{P92Z?na@5`*ska3OW8mc^-tIWZFf4`)& z)ly37F4-T7Tl`b-xKc1u;%1O2_xI==PB1r{t|}Wg47`cCd1^)|g9S6&XxCwe5wkid z>18V{%dq4@KL7#%4gfV;n^tNLA`g!V004tIkr-ru^+P_6+Z$mKGxArGz!(V?%I5L0i;?9iZ zoZ<6Vqp^?c1HxF84yFn&yC18)L?rZP*($SDz&sgGF#xSnAK|!y)AP9celah_CoI48 zu2kJ;Z!Y=??qm`VF$`T)n+L6YpIn^&hDl!9e#QV=x|3ryq1E-!f&4r}BExlC$saN~EW44QgpAvKRNV`{e9gYA}ch z9wD;OR2gUD6OjqCtvzeZvwKB`qRW|Kfxs+4O&qZ^0?>os*bo8HD6zZoD%z|Bj5`pticHe5FvE~MkO7F{XRgmW>O zsLjxS0%O`uhZYc#7zd^UxI5vwTGn^4Ueu;;1=LMlIsr1L1UlkM-6FjRaAs~-_l5B5 z0hxJ|ppKDZ&HK(kwHfJR8??Z64)1|~b=qEu?VJd+bL$>?|IeNFrwmg0`PveeTp5pG zUkN)*Gv0p9v`IhzdC?7r7MLI18el18Ki8mtR83VLn8&AM&iIhou0uv6>w1NB7dLTY z7E^J^wU!Mq#xd&59EK&kou&LU2Mzi80s#gdd?g-VUi8j?H-+^)ARQc^sRiEfbH9k{ zjAdsYi^>%5L!X1a%Oyds9&W%$Xlm=}$goAt)+?%Gv< z(ruAa8RNbDl*;2Kp@LN1TL{RIIA)|G9PTA*!_WCfE+5juu5Vv=Z|6yR^G(zM($?Ja zPmVZ~@1>`fv^Ly*1(9&y-M9Bi&-yb2piWOr7~?CR>C@POJ=j^7ByO+ufb@%b+V{I{ zV2bWfD4yiIgQRkxN8Q{aQOQerImK&#xTZxLD8VAv>ggB)Fy7Z4H0zw1?r9JSSnc2r zw8DXfD;@&pJiamh;xAro%noq=GJb>lsuV?0;n)T#jRjkE<=AHM*VXJF@4|}lM&3I- zsI3u}u@{vXM{0+mrAfuDh6%9;J%zj?tvWiWjdB{5?(!j%;s~` zstygB{T&E;^(cPs{QOUU%4ZUJrGe5k5b%pZa_WdmZs|UVF*U^H)L99HgtS14g|O=9 zMb(K(3*Hb{8<8mg>V_9fuZ#&(UWt$kMG)g|&nq#)tl!Ofp+ma5b+0QdTsch^c;hyu zC~o~%4LWShm?IG5-iHGm)orDJbFri_{WtYbwEfgAIut~?@=#d>g4Zv!Rk?~dQWuBt>gYGI*vG-P z`V5V;FlrIW<09C%Q1M9bsarzS^B9CP8kPa{DlzG+y& zCV)c}2I60AgQvztr6wIFDt04I*XOR1KYmNgN#>CCa8ur>K4hD3a8m8}bemZUi>_r0 z1pXY}U3~aB3Q7i{@tLA1qX2dp zjE8_+NyBKk1Orw58qvULBu`z=9i6Wr-%>f9rCA+e+`{Gd0tQ3rZ6Hg=dpia$kkUkd*~cZ_ZOVY5Wht%& zgoiqsEkp<0QsJ#ppaKJUpvSW;K9_2gVL# z=D6#@Xx|higwC|=x^-+#8}!vx`HN_H`?m&zJAz292Qjlu{*s=|`YkHV$3eXZBO5G4 zv6U+gF)_m_K%16-t}dT4jLB>zHHio0{ILi3@Z6GQypmQ+QmG?8^{)a@aRD&2aaD8GS4Pt{Lp19 zo*NjzQ!BFM`Q4=<%eIx2e&3tIx{jV9Ebg*YOetA8@T9jNedUIesEA2d?Cb?|uu` z*qw@=hT_}m6h3B#xh@wAdkqwQKe$Mlnz#_Qi5pCR!*LVNN4THV-fiP0ggjb`R=ds& z)G^m{Haa?ksx;sH*FmUA~MI5f?!s~j%|EEUCLhmBwL^@);ef6rqcF=1ozy{&)g%Az2W8Ptx*qLr|zl3#NitptQyS-;zGH zZAD&!x}OcqDZyAbS0MctU>sl8CqVm)8DsClFCaQ`FI5%TI1N=G)^EtWmr&^Dl^Y&A z7tz(xO7c^&){l@X`SJhTNYYzSO928u13v%~0ssyGHCmfiY7Qa~j|l((gE^Cg23Q8+ I2><{907VzOmjD0& delta 1607 zcmV-N2Dtgz6ygmVP)h>@KL7#%4gfoicUE;nYX2Ap002T9001|}t(aS6;oO)2cgKrt@CvFD zq-twonro_@{&p*CwbB5MY;H;&9AR62-ZWz<@VE4AZ4Qa(U0<$njRn~ymyLt`Xc7Yr zPW;C;9N^_wQV658`?crE5J&a2g{MGF(MSyx_#E^>kW!?o1Q6FJyPm z1ZMR&cXfcTHweG@NUjJ2%n)`xOWk|IzI5u{Tw9D~q22nnKNm9|r>K8&egVk>2h;JI zT2npyo2Ro6mNX&c2+u*bcw2HdQ8*Gnc8rTxPW_eD+U=R%<-2-V?P_(GL(*ZiU5b@4 zEKfrm01iBZ1k}ckgyH)E))5Fjf3^i1Xb> zGXd7wA=Mf~r>fchP|&Nie_Oxw*6f}Z!PwG|R=QQLE9AW1YGWd(g*pr}!&))ti{$^2 zNVy{4J)sTsn%``g+bO$mlb2QibhQLJtY4Pokoor5^_zMQg(H8kM|M}m+^hc_!pxT> zs2R62g)o|hlJ72*sYp?jCpZm`eapu-o+YR7X4;BvQZ6p%JkB7@OIccF!2Q(dAu5jt z#(XDCsqAmuvcbt!8)m%UF)W3R*TQ~eGp#%PInmo?Emw^;q z6t1IH@OQHQ(bK!r8iv=hwVOn`xlWE_V+Z4M)UHEaVdhxRMJCQnMwNsx*9 zw1`WgZ6bfGoBoJpVOBe85ymLKcYYlhzW@UjyR1^-xx%myN*BQ}k~ce3^S9!+B+$yq zH>RUV+MM5VxrBk46l0*)$85C|8u*?FkvO-wBM%vD92uxyuj288k1ofGQ9s#)AYzW! z!T5h-y;74pRnmBp5MN}CX9t2L9j+2Av36@{m4{DkT28j|e}U@R=ERYL{F=ShmxM=> z?ERla+q06O0Po|^-jXFfX(1+A3cgq+8%s8h`E$w`uu}L2(8=at?JGhJ96P{geOTI2 z1P16WkR6sq>smlds2Tz8(lY=1Pr7;IBzu2fe}w24sKLD#@QQq{AVt}o{}H=KZt+9 z+?xVqzK?Ny3vtzTOafoqzCXGI+t**{GDVvmO$07sT-@l;Qv=AdEk@oNbFHhkTrepe z`NCLkxeJrafMpvdBW?lvE50B}1-l^%Nm&p`Ep%&DVa|q(*RM_|u##Crc}ZQv6@)9c zFoVs2zDZa{F^U!c-CK~-P)h* Date: Wed, 10 May 2023 16:34:05 +0200 Subject: [PATCH 05/10] Fix multiple try catch with same return var name --- slither/solc_parsing/declarations/function.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/slither/solc_parsing/declarations/function.py b/slither/solc_parsing/declarations/function.py index 57d7784e5..ed1fbcd7f 100644 --- a/slither/solc_parsing/declarations/function.py +++ b/slither/solc_parsing/declarations/function.py @@ -685,6 +685,7 @@ class FunctionSolc(CallerContextExpression): "name": parameters[0]["name"], "nodeType": "Identifier", "src": parameters[0]["src"], + "referencedDeclaration": parameters[0]["id"], "typeDescriptions": parameters[0]["typeDescriptions"], } else: @@ -713,6 +714,7 @@ class FunctionSolc(CallerContextExpression): "name": p["name"], "nodeType": "Identifier", "src": p["src"], + "referencedDeclaration": p["id"], "typeDescriptions": p["typeDescriptions"], } leftHandSide["components"].append(ident) From 3ed6dee1a374d02212d0ff288e57c0e5442dcf0e Mon Sep 17 00:00:00 2001 From: Kevin Clancy Date: Wed, 7 Jun 2023 15:50:07 -0700 Subject: [PATCH 06/10] fix: make _convert_to_structure_to_list return a type instead of an ElementaryType's `type` field (#1935) * make _convert_to_structure_to_list return a type instead of an elementary type's type field * fix pylint warning preventing me from using elif after a return * re-arranged the assert and isinstance check * removed extra colon * reformatted --- slither/slithir/convert.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/slither/slithir/convert.py b/slither/slithir/convert.py index 665a7c8f9..63c3745eb 100644 --- a/slither/slithir/convert.py +++ b/slither/slithir/convert.py @@ -1583,7 +1583,9 @@ def _convert_to_structure_to_list(return_type: Type) -> List[Type]: # } if isinstance(return_type, (MappingType, ArrayType)): return [] - return [return_type.type] + + assert isinstance(return_type, (ElementaryType, UserDefinedType, TypeAlias)) + return [return_type] def convert_type_of_high_and_internal_level_call( From adabce6180522059d25ced40b260c121eded0d4e Mon Sep 17 00:00:00 2001 From: Simone <79767264+smonicas@users.noreply.github.com> Date: Thu, 8 Jun 2023 19:47:53 +0200 Subject: [PATCH 07/10] Detect when ether is sent in Yul (#1909) * Detect when ether is sent in Yul * address pylint warning instead of supressing * fix guard clause * remove branch to appease pylint * check that call can send eth prior to reading args --------- Co-authored-by: alpharush <0xalpharush@protonmail.com> --- slither/detectors/attributes/locked_ether.py | 28 ++++++++++++++++-- ...LockedEther_0_4_25_locked_ether_sol__0.txt | 7 ++++- ...LockedEther_0_5_16_locked_ether_sol__0.txt | 7 ++++- ...LockedEther_0_6_11_locked_ether_sol__0.txt | 2 +- ..._LockedEther_0_7_6_locked_ether_sol__0.txt | 2 +- .../locked-ether/0.4.25/locked_ether.sol | 11 +++++++ .../0.4.25/locked_ether.sol-0.4.25.zip | Bin 3082 -> 3497 bytes .../locked-ether/0.5.16/locked_ether.sol | 11 +++++++ .../0.5.16/locked_ether.sol-0.5.16.zip | Bin 3063 -> 3457 bytes .../locked-ether/0.6.11/locked_ether.sol | 10 +++++++ .../0.6.11/locked_ether.sol-0.6.11.zip | Bin 3078 -> 3560 bytes .../locked-ether/0.7.6/locked_ether.sol | 10 +++++++ .../0.7.6/locked_ether.sol-0.7.6.zip | Bin 2998 -> 3478 bytes 13 files changed, 81 insertions(+), 7 deletions(-) diff --git a/slither/detectors/attributes/locked_ether.py b/slither/detectors/attributes/locked_ether.py index a6f882922..91ec68650 100644 --- a/slither/detectors/attributes/locked_ether.py +++ b/slither/detectors/attributes/locked_ether.py @@ -3,7 +3,7 @@ """ from typing import List -from slither.core.declarations.contract import Contract +from slither.core.declarations import Contract, SolidityFunction from slither.detectors.abstract_detector import ( AbstractDetector, DetectorClassification, @@ -17,7 +17,9 @@ from slither.slithir.operations import ( NewContract, LibraryCall, InternalCall, + SolidityCall, ) +from slither.slithir.variables import Constant from slither.utils.output import Output @@ -68,8 +70,28 @@ Every Ether sent to `Locked` will be lost.""" ): if ir.call_value and ir.call_value != 0: return False - if isinstance(ir, (LowLevelCall)): - if ir.function_name in ["delegatecall", "callcode"]: + if isinstance(ir, (LowLevelCall)) and ir.function_name in [ + "delegatecall", + "callcode", + ]: + return False + if isinstance(ir, SolidityCall): + call_can_send_ether = ir.function in [ + SolidityFunction( + "delegatecall(uint256,uint256,uint256,uint256,uint256,uint256)" + ), + SolidityFunction( + "callcode(uint256,uint256,uint256,uint256,uint256,uint256,uint256)" + ), + SolidityFunction( + "call(uint256,uint256,uint256,uint256,uint256,uint256,uint256)" + ), + ] + nonzero_call_value = call_can_send_ether and ( + not isinstance(ir.arguments[2], Constant) + or ir.arguments[2].value != 0 + ) + if nonzero_call_value: return False # If a new internal call or librarycall # Add it to the list to explore diff --git a/tests/e2e/detectors/snapshots/detectors__detector_LockedEther_0_4_25_locked_ether_sol__0.txt b/tests/e2e/detectors/snapshots/detectors__detector_LockedEther_0_4_25_locked_ether_sol__0.txt index edca6eb2e..680f77d0d 100644 --- a/tests/e2e/detectors/snapshots/detectors__detector_LockedEther_0_4_25_locked_ether_sol__0.txt +++ b/tests/e2e/detectors/snapshots/detectors__detector_LockedEther_0_4_25_locked_ether_sol__0.txt @@ -1,5 +1,10 @@ Contract locking ether found: - Contract OnlyLocked (tests/e2e/detectors/test_data/locked-ether/0.4.25/locked_ether.sol#26) has payable functions: + Contract OnlyLocked (tests/e2e/detectors/test_data/locked-ether/0.4.25/locked_ether.sol#37) has payable functions: + - Locked.receive() (tests/e2e/detectors/test_data/locked-ether/0.4.25/locked_ether.sol#4-6) + But does not have a function to withdraw the ether + +Contract locking ether found: + Contract UnlockedAssembly (tests/e2e/detectors/test_data/locked-ether/0.4.25/locked_ether.sol#27-35) has payable functions: - Locked.receive() (tests/e2e/detectors/test_data/locked-ether/0.4.25/locked_ether.sol#4-6) But does not have a function to withdraw the ether diff --git a/tests/e2e/detectors/snapshots/detectors__detector_LockedEther_0_5_16_locked_ether_sol__0.txt b/tests/e2e/detectors/snapshots/detectors__detector_LockedEther_0_5_16_locked_ether_sol__0.txt index d1ff3314b..961ba8c48 100644 --- a/tests/e2e/detectors/snapshots/detectors__detector_LockedEther_0_5_16_locked_ether_sol__0.txt +++ b/tests/e2e/detectors/snapshots/detectors__detector_LockedEther_0_5_16_locked_ether_sol__0.txt @@ -1,5 +1,10 @@ Contract locking ether found: - Contract OnlyLocked (tests/e2e/detectors/test_data/locked-ether/0.5.16/locked_ether.sol#26) has payable functions: + Contract OnlyLocked (tests/e2e/detectors/test_data/locked-ether/0.5.16/locked_ether.sol#37) has payable functions: + - Locked.receive() (tests/e2e/detectors/test_data/locked-ether/0.5.16/locked_ether.sol#4-6) + But does not have a function to withdraw the ether + +Contract locking ether found: + Contract UnlockedAssembly (tests/e2e/detectors/test_data/locked-ether/0.5.16/locked_ether.sol#27-35) has payable functions: - Locked.receive() (tests/e2e/detectors/test_data/locked-ether/0.5.16/locked_ether.sol#4-6) But does not have a function to withdraw the ether diff --git a/tests/e2e/detectors/snapshots/detectors__detector_LockedEther_0_6_11_locked_ether_sol__0.txt b/tests/e2e/detectors/snapshots/detectors__detector_LockedEther_0_6_11_locked_ether_sol__0.txt index 212015c29..079104879 100644 --- a/tests/e2e/detectors/snapshots/detectors__detector_LockedEther_0_6_11_locked_ether_sol__0.txt +++ b/tests/e2e/detectors/snapshots/detectors__detector_LockedEther_0_6_11_locked_ether_sol__0.txt @@ -1,5 +1,5 @@ Contract locking ether found: - Contract OnlyLocked (tests/e2e/detectors/test_data/locked-ether/0.6.11/locked_ether.sol#26) has payable functions: + Contract OnlyLocked (tests/e2e/detectors/test_data/locked-ether/0.6.11/locked_ether.sol#36) has payable functions: - Locked.receive_eth() (tests/e2e/detectors/test_data/locked-ether/0.6.11/locked_ether.sol#4-6) But does not have a function to withdraw the ether diff --git a/tests/e2e/detectors/snapshots/detectors__detector_LockedEther_0_7_6_locked_ether_sol__0.txt b/tests/e2e/detectors/snapshots/detectors__detector_LockedEther_0_7_6_locked_ether_sol__0.txt index 8b6ddfa59..14835871f 100644 --- a/tests/e2e/detectors/snapshots/detectors__detector_LockedEther_0_7_6_locked_ether_sol__0.txt +++ b/tests/e2e/detectors/snapshots/detectors__detector_LockedEther_0_7_6_locked_ether_sol__0.txt @@ -1,5 +1,5 @@ Contract locking ether found: - Contract OnlyLocked (tests/e2e/detectors/test_data/locked-ether/0.7.6/locked_ether.sol#26) has payable functions: + Contract OnlyLocked (tests/e2e/detectors/test_data/locked-ether/0.7.6/locked_ether.sol#36) has payable functions: - Locked.receive_eth() (tests/e2e/detectors/test_data/locked-ether/0.7.6/locked_ether.sol#4-6) But does not have a function to withdraw the ether diff --git a/tests/e2e/detectors/test_data/locked-ether/0.4.25/locked_ether.sol b/tests/e2e/detectors/test_data/locked-ether/0.4.25/locked_ether.sol index 65942ed2e..f3be911be 100644 --- a/tests/e2e/detectors/test_data/locked-ether/0.4.25/locked_ether.sol +++ b/tests/e2e/detectors/test_data/locked-ether/0.4.25/locked_ether.sol @@ -23,4 +23,15 @@ contract Unlocked is Locked, Send{ } +// Still reported because solidity < 0.6.0 doesn't have assembly in the AST +contract UnlockedAssembly is Locked{ + + function withdraw() public { + assembly { + let success := call(gas(), caller(),100,0,0,0,0) + } + } + +} + contract OnlyLocked is Locked{ } diff --git a/tests/e2e/detectors/test_data/locked-ether/0.4.25/locked_ether.sol-0.4.25.zip b/tests/e2e/detectors/test_data/locked-ether/0.4.25/locked_ether.sol-0.4.25.zip index b6092ecdb88e0c093fca52733727fc3c9715fc5e..e3e6f6c2193b35ead58cb3ceb458bdeac28bca9e 100644 GIT binary patch delta 3388 zcmV-C4a4$^7^xc@P)h>@KL7#%4ggP`tyYP+Q{4Xy007)w001PD%?l@yLMngtLq3k% z8(|US<+$<-R-TXbNE-97FH-K9mq@1&+0=A#oo)!e&BRa?>@UL&m{xMKPC59HR795? zqdB**1A%W~bfM0OpvLIkL(nQ%#=7cBq{7)Ic(BYXKzQsom<)|O@B-d&T9*UplKnoH zFHX)-M zc#8=kHMUR&CkInTl)Er@Ug@rsXFcw613b7NXFS24gCfWr8ntF03`v_J^0u3g=SGrq zNR1K8lL#rd42#Sr6H7j=KE!#_d~uW^6lS*Ba82LZ_q zr)U14RG~f@gEHJtn3-pj6v6aaBV6As%bq9{LVl-0PweM;%ug@^fOIqknH}syNF)3G z6shU?pKXJ_nO*3*qSZ#lyi=z z(zLSk8OcubW2hCTGf;m4cbF10FMS7#t%;tIEN1Q3kr0xp2TW)`1llE)~NWeZ;7|hv{ zO<9#J7Lo%^P;^sMOabYK9G_eHT6%|= z?=VY$<%6YR;>ElBtPCJ11`{Y;9G5TrbWVaw-_oZGZ_hPr)I|0^JO^TN#w>CdsdFHP z(aVL^&N;(SsRpmc@hd_<$FbT|rh`*m z<+jX~z~Ru0qq31+1{@1fW3P{1S|KT<+jWK0j;AYZEC7G(tMa37y{q%&bAzn&lAgUa zTncz@T~K@1``W+6xH#;J_Y@1h9|>$N%bGgP6}>mDD1eEBG#-ZQG9F{`~-~dbD<4)@W;R&f8GlnF&ls4w^sXGD` zZPo%vr!{|0dOf4YEx2^qgr%ubdQ~Fe2)JA@N5A^oMXa#?yF1XK~8A`>YJvKUoX8ZrhKVV15 znatxTI6w5gnV_~Cc{7h9$f{MUz7$^6Zan*dwf2zt4_eKPW6Jn*zr9@EO8OPPYqB%gC)Xj%XF zFYeWz-qh9!uGCXoAXOZKN+|5A)8XrtqOPUN#HfV-9JFDA%v=4aiY?l_Rjg3zt?r&>|Fp|@@-gKvkAZ)D z0M-c_lLx)!S7w4H`Iy>K=+%{`<8vy2zwcf2=n3qr9DV8xeT?lo>d1y}9HOe+1<378 zoT*xlOl|A?@hSByHfCTD?`2WWiYenbDhWj56qU$BHW32%jA)SUAi1N zdrU_0jl}AeoIk>$e+v6y+8#K&JKoOqy!1RK^QjF7nxNJ=PE!@N^BGVw8lAU+WzaPVbd_5tK*pHpN-m|P?YWcdYy~d;ClLe} zhedDJznHv!+QzL8yH((Wnn-^buke2ncsvNr6r*2>b70mGRg7$xIl#kLFn5&!`RV{OS`^04aZ2ug&KD6>n>j zqIRlx)eZ{Z$10&C2~Sf32ROHqX>a=Ypxtw?IviJa1`YX*t1U z=X)>Hcf|{h_Bka{n{%k(rg2g~q}VE9S8FM4knWdk{+Z-?>)Nqqf%0Ea%9<_k&vVh#V#{xPKAQM;Q-2t1w}UVcKt=ufi-iYuM>BFqz*WiL6ylu2>Cy#&3%4cn zeXT#yRZ@<2u`04km>-X(e*B(6PpXDr(0s!kc3qmU#;}pTfW@>G+fLH#?}YL-EuLCwrhY8F*A|Yn zym}R=$|VF_j2Aq7PK4@DVst+GAYPw9Ihw%zov1V19|(WWk!UK3abUs@;rcvzH=O-< z=}lv!poB8ydDrlG${+spr;`@i*Fuku^9OE1=L%$vmT6^S8yY4){7J2#rC+z)h$n(Q zJXP=XBntNWv;ces2P#U8M&FLCuVF zFx-6gq4a;Ep~HR9<+^JxZ|uI#U1ee?<;bTMHE}@85iyn>&3zOnm65C5pfjYrz|UW- zZBG}jsh}30b(WEtmt4$nrj)*VN&vw8nm^H_Te}y&p}5|!5*O0LYDE^o!qBzp60%U;=%4#Pc#-9e zQzl$pavs))?|n~%Prqul38#`>c2-P<$GsBbGT=P{I1AvvVG}sP=Zgh9Ic`Z~#& zY`|+!GA9c+;)*i}m3K(r`J%}?E4|>gH@On1jKt)5((5?UUDdudyxP@5?-nR~W=Zn} zp6wKgrO72@W5%81dw|<)@lR#tQ87$TkDGrZ@?cIYeo{(Q@d98m)$x0 zDQB=b@vE?RVQi$m85K54DBrr>pkb8;+lx@oa7*j*Y8kiC>Tg&xJR{I0Ukw~2>9c3)H^oHtEqiSqrm zvTpDOR9082mGWG%K^k7@Ynw;g5 zuWjhp>L6wd0RgccPRSKzA`ao@K+@ReSj$m4!+&A;l;V^2!nB#t48XF&*)(6h$upuc z%RZ!bLC9Izi@EX!;O+(kE$W$|Ho**#!yQE0zU&k00ICG08gE*R*4C?Q{4Xy S007)wle`N^20;w~00006^P}bf delta 2969 zcmV;K3ug4G8;TekP)h>@KL7#%4gfZdcUGwag~(tF007`l001PDYz-%oLMngpM-PRi zm0nlZdjJq|?-l5q5W}VAK!X$~yhYNz{x3$S;g((ndY>|}t(QfD>0DX%3?)eh2qMDV z%C@wv9=7dQwIh!2zm5U0T8cs0s5KJCc6PbrL z6p`Gd#^laN}4z1j;Ewe&CIpcnVR?t$XFn2lc$z7nS6g5di!6A9MSbP zZpc9JVUJ#%*cxGdXxJo`;PWqvjO1_mne0P}ezM|cw0rK)jLu2>b$fzQ$*Pui_VHKN zfg~2_YRmZ(AbODMz_sRUt?+Wb(Pqi|xjjM;7i(6*G`Xu|W`9u=!eEG-_=$V7h!QNX zs(+D1&ILyzF8F|O%Upl`Of&=_XkB>|#CLI%D^lfc#@otO1McjQme0L^6L7p8!%iuX z6C`rcP^iFydQPlnk)LV17oOi%2-cV3>Q*h-g6L&jvxbH7wBCz99}Hj04I9DBGbLGb zpb>l|xX^CE0#-|!nhq0!QD~Wwi3DvoJi3Y2t|xd~m(0Tar7;B`_{{r2yRfJ zA@?BL**}V)N-uu`bR`=0{#IAG_Shvhpxjrfxxuf;OcLN8G01xK=yXg&H8Ln4mxQ08 zKnuj@zjg?*Ss;p69E3CN3QEjl&0@l{*P9A^v;_z6OF{3AdCJ7B1<*HofAc!vCi;Bk zIV_%QS9ec%%B&O2XD`AbO{E8b7dE2um=oHrPDo=k@cw90Es4j6`Tqe7DK^2^!TJO_`QeWPSD2_=T%%BE6&?Mgvo8l~b;Y=jggxaamejFb;kmb! zjB`K%%t%$@bYVA(3uS@f78@Yf_nTSDJV&coz9c+5hLSv-3q%@H;@huGq^1ck?+JzS zLr$o2ajK$Hd$f7#^y;DfJS-CTw$GJgeUE?DYXF6;O{yZ1BUQ^`QK4U#lx>lZ9l*~S z1fF7ZCWFTIa}QuHE+V-bcWroMk&tR!ZvHU#yF)iVhL$Wvb-ZGQR)IzmWMzs;Mu&(lEJXZjASMd6MVn@TWTB~4GQW&PyG+$7^B~huZLv@l~l(bssmVz=K%Uo9qYcrLf@0WN->_OtRUhjVV`xTdC zAbaakT}5qTcu)Dlz#GhAOuXqgdjfyTeI>OHL0OEM-qW%(;5dR{Elsoz$fr92ufL963zYD!btHRU_KBt6QmAwncr^`P;?|2B|eHkhzqF*O9tL7Xp$0bw~ z<#evm-1;m>dBX>(pqhVXU(+=pmN43?O+?Hmk1$XaoHN*9{Y5L-dn)0CBwpet~T*F;H-Q#705TG4# zn{?du-ZyDVp;pv2CeGEwA<=I*{?RR5hQ+no%2N_@%^7^{zD|F4ipiDZ-y(8hIa2(L zT^?OZAD!5_iHgjlAaZ>6Iu=i<1Leubr@t!B3av~|1Oq-ZC|Aq6`(1BHaPDUUw=(gl zE9KEv{{JgHJOmIsE+~(s`AE|%YiEU<&7fS(FU(fpVQuv9S}#3nO^*F7ow)BZA07vW zkf}q z$C9wvI);br1i|TWYEmHB33{a3kY=Ty`j(*Z5Job|)mZSO8Efw0!3#=ew&FX>x>XCrRl7;7rAQHwM}|%L z_IAYkM2CM7!neg0V?E{)xKz!59pWzL<8RSfC_=oEZ~v+4jIwpgnL-VzZ6`a>c**8w ziMXn~zg>fjNt7x4Qx39i_$ zS!lA^L=9ke|7Oa*)bw|nUVQUjWw`My#%U4dKvazH2eQNVTn@i};0`H(bg9TdQXBs_ zOr~bLni58l%kA#gj;PIy)!AVo((gs;DMq4s!7mep`tn-D^r{S!JZ7J_G>~Ey%f#*J z_%&?S@2KB4?8=9$vk~xf*jeXE0xSRPD0zlZO928u13v%)01f~)jdxb50)@z63jhG% PPLo>=NCu({00000hq1`C diff --git a/tests/e2e/detectors/test_data/locked-ether/0.5.16/locked_ether.sol b/tests/e2e/detectors/test_data/locked-ether/0.5.16/locked_ether.sol index 0269ce855..e5671b7ad 100644 --- a/tests/e2e/detectors/test_data/locked-ether/0.5.16/locked_ether.sol +++ b/tests/e2e/detectors/test_data/locked-ether/0.5.16/locked_ether.sol @@ -23,4 +23,15 @@ contract Unlocked is Locked, Send{ } +// Still reported because solidity < 0.6.0 doesn't have assembly in the AST +contract UnlockedAssembly is Locked{ + + function withdraw() public { + assembly { + let success := call(gas(), caller(),100,0,0,0,0) + } + } + +} + contract OnlyLocked is Locked{ } diff --git a/tests/e2e/detectors/test_data/locked-ether/0.5.16/locked_ether.sol-0.5.16.zip b/tests/e2e/detectors/test_data/locked-ether/0.5.16/locked_ether.sol-0.5.16.zip index 88255d730b0a6e7c46c18a15bb93bb7be61ba5e3..5dfba9e3fe6a261361334b8be8f71fb748a8b30e 100644 GIT binary patch delta 3340 zcmV+n4fFE%7l9iXP)h>@KL7#%4ggP`tyb2T7U=>Q=SZc8!d&auzNu5H;(lNZKHBH49tq(2WooGB21-1X46*&{*bb0t4;);51iNt= zWCp*}Mf!YKGmtS^0t!oXj$|gE-@$i4cvniMqV*ebX(C{MJvR2u^=B8~o1zDtlOcZT zoxEHW#~ba%UjcfQ1NV$o)Op+EIPKu^8eFJSiez*ih*=jahj_?i20n;{rimJOofH z9$TALg4UdF6w_3K$CuBwz#{EI_L!%=8Xxs7o-HZQA1BaE_M;d!JpRcz;lCw|x~He# zmOPEjZo^0}C1Vi#9 zM{bZsnwdvW4>uafPIGTS}N9*O`gXkb<8+ns)|y} zeksC#wDNY{5$W&}+1`?!=%Sfb_e?qjKI;}33It_rH68T8tnI1Hshr}?_6d@rL#BJ@ z0!ol`MJ;*&wzx=G+VugmEdK`D%pD~~BX9323EE-3}$a)pV;0;ny;IuG^a`>x&_2TCj; z9!08^XKMrTmW^b9I)qHM+Slde4HI%UFW}+qUl>itevD$q0}EH!eL%CW;@h> zeX#=&QTMZ{T3Z_ZW~#02 zDA$bhkWJMC2DGgIj%ld{bvox_hco~wS{3c@Xz3wKnfSZEuvUXGSYg5So6Z)TQ}8E< z4f(3Yebw1+=IlU`$q710`jX^^g*mY#<-Z>JC;md|Ytc0vaaJ4wn6H-pG}a-1(mb2( z$-~VZfuaxvFS64odP+GCm=j!+XiAN3S zV!=4rh)=hRuT(6PYIepqc6QpY1kb)^PFU*a)?BEA5o;HtZ$go5<$=V1vkp8YH2s@3 zB(Tto_`VUuy^iJuQ^YqrZXO3^s#Bi)V(sAp^6)L}@rczAKu+IpgVFCFG9Zhp(Hu<# z@gFxf9@`6Re{jVeN;y6afb6R{SDFn9{EJ1<>~n519?>-?lh+yM%P zy4o@%A1_yZ$(!4MprxpP^#Pwn+AGLA;*o;XLYZ_F9`co=Gz9)173p@Xm$~hL!0?Dy zQGt~@T*YMVDyeSKt%iLR3z<`tWTvjylh3@T7s-A%di8{gAvw(?n>uuuB?){)q>XFQ zp5)mm6z0|U2w-oa)^SNIdoO#yqZBhAvn(Jgajd{8@IP<4EZWk4h9i#b!tVqns-j!r z06eD%M1j)oE)W92pD_$22r>qt&|7s^5#?zV@2WS8=F@~aHT#U9H##u- zO||Epv6b6wT;%c0ay$UVjc6~8zLvW9ZYO^!CR+w%^nC_@%I`6se={1}*XY1Kpzy>$^|&uCSbY6&?EsB9<12i$m3Ane+=X~VgTVcOA0S_>_4mDzXtZ#4j0!* zhHb%0iqrFt_8l7kx2=f+N`frv>#k|@P3}1h8X5_Tz>dc>Yn}@Ft{aduU5;$n9e6x` z=cZT+78)Rbt`%-do99L+JQ_F6i&M85SU)gTXHk1m@Eh*n*442(HtRY|KnajIKUuP_ z4OZ-f=@4a0T~vKf$pg_)f9n0%hZT2HK&;}pJN7TGZQHVsd-h}p`lvN{qT{W6a9DAE zCj_RQAj+wmoiTcz-My+m$!lxJcw)HT@Jy3Jwyo)Znmy7`=K_^MUqgV(mLES!fy~-+ zlc0>4FT^H;dZs)0aQ{C;qxtp5R^Weg)>>k?`vZMVdK?VvUuwg1|18A$kvWU2eEOt; z69xe!%D^znoz8K+liqH5D~H5C!;eQCj;=NQ?PK2>aQoanJ*^|K|(; zXkLDQJTL0ECD?WrVykqG{%BBK>E(J-(H@#?1*ew|Q~<>aPYA$ap@8m!sonHi()WEe z1mGZTbJ*R`_Or!iv19sgp2JF-20;j0Wdbpx8s3WFfHzL~uOT>}ecy6StlIY5cO|A( zxMRPENt6;qu|uN_240eiahp$Bv%!4I!U4F9 z|FN!n!hr&XOam6Qpcqe`q4cTrd4b6&(w%56YwJg%i4feUN5#Ut##UXMdX*JG?Huh( zNlX@Gb_~v*@EHGfW{1)E4D%7G>#voS3ix?D&M^(A`)woZH308!ATVcF@P;*|{{3ykbg$?{r&ov_&IOLvw5W zax#-O&?S&QiIp;XW*SfC5LvL1j|!S%z*|U21V5W)u0Z9_5GB{mIRP9}MyQfSaXaa` ziA&xk9TcWnbli)94&cl<*kx3FM8h{#(2(#)a!WS+S?Obp9en6Z>;?Q9HYh58A0rS5 zD%@|xm(s%yTN9ZSq5-|zli?cX>QIK0>3(keh&_(f-?tX>HpD%7hgv~oBScwugr+_J&hbeB2*SXm6od!%pm$($>FjYc^e6tyU^#E)<%Rn#K zdJZxaIvvMzZPfY7cZLu6iwCpLL(i6*={{2O7cKrWXELi>7sh+xm9-LJzToaf0MjSS@AK zBfGAJ=IXS+dzZ7pw$e3ijfG~Mef|Q0TkGEi?Rxz5(V$RE0Rle*KL7#%4ggP`tyb2T W7U28}}C&P)h>@KL7#%4gfZdcUBJOzy?hV000$Ckr-5e@kbAZrIlV+*LwgE zaqkuAn-IgLC!WA0R{ z>lG7lP+0#Xv#9K09jH3@ve%y)ZbDE9el8`JeR1GDfF!eV4?tYuPqxb_#YR+J25<2b z@a=IP_G!M(@V}pbsI?7nB5q8pgz#A6)zrnCt06XPuMrBeALrDO%92GNaYIhG>f%gZn+^{)Uf+>&nS7Y3@ z|K!rY)|*Vk(elfcpBsYUbrUDcz~7l-+W%uKDZf8J-4&0246KanD!2|p$A8l9U(_~$ zbK>^d>6M4+95JsmdDwjBJ#)Ui z|3^KIJ{))90Zvv>!s>3u4s*Gq_TI2H!VA*aGA7Y#dIxeJ$?a^)fBEsytn4ypq{ z3M}Ps@vpgjb|0;tHaP(3G&Y+xglgp7P|ZE;)erA~F2-;(=$7vzlGKkT%K|4@kQ8L+kSNgY3!W%w;$Hl-eTIgxIdMt`;M+tppfK14eag?c)n0q zE!e?-Yc5>c0jc}nBPHv6NgNAyrt`-^fOR=2Z1yUKZ2WlyIf8NWw|)f&=-C?q?aXOw zTJE`8`dxSScuMLilfn8M@2oDRVgh(-o$w_DfwakGeEx}~3N50HqsC=zm8(rns$q6o ztu56ZJwm|KAC_dKa;+f)CLu5GFKdr_ZBKrGsDfzHJiVBBBr62|XHiL{K6tJ??`E#E zBJ0G>Lzn+==>+?ebcp86JGlA9-m3;lY&6Y|D(RTJ=r>VjeE@rD_m*FkEpi=OzENyc z#%TMoQoS(%nPoDGbs+Y+lp6ml>JqIceGa0YQ1K`$(UceW-Yp=n@JHk&+>fLg0I#o;7z9IFI$fAVVTyiUk4o1HB?d z6D2z2JlTKDWPZ@+MDy1)0WqmrVqSGkIzqn0ayyGP3yFh``iU;7r9S<}pun8hnKmUP z{x;4YsMc{J(j^=$)<+h_IR-n*AeS_MqL@1sP`&6$?FN!5(DHMuiM?v;BnGF?aOPif z^0P$>1`qG{6GLAuj0Y_wr?rNiuhbzMml5=-tDKytb!}s0lRRbtNa%}f&s{`{ zKVLHC>8-a2faey)qbKD%F%bG$h(74KsV@{uGR_zLuyEA9f@!W;_ig4Sj za@;pDw4*L@!zv1A0^imOuVIDCi-uy6`$-3Lg z;^2sG24RCi9I=VGlSi+)m!+_=;w?O0FejpItGdklUXpos??RlBn@iYeJy1a!06G^8 zMd-4^g*DthYf~oe3I*URQ*?rrLAO%gGvn`iX>o4drLn!goSDRbW~5CjAjGwNESyoW z#;57t5tr`WBb)OZ-W`J0DBc+o(c}B88HLd&+2isdDa5E>Y@)G9Cwjb-Hee#%*wsDO z#k{HNdX+=I&j3vE0cApP`*?&r##W5vbX5`H{p6v^Y$?!PrIQEcsWmz81>m6|#%ZCx z^LU=&Awa=%=dhB0#vhM6gN7FC41_euFbI5>?K`HAm%}yujF)Gg!_~>*665G- z2ZAP{(j41c6dGT&ckBwKI%Jl0`i6*);$uk}=*_`@&fog^k-z>A3UK{5h;{oVSgfoA z+u=jusGw*5`Y5Gl!}4KKwaZ%UZqqq{H1;e%u#j)*nI?XdNx?D5ebnj6peHe~O_xzF zG;=0u5RV-Oe(b3}{uvoqDD(5|z#`pRdNyX+Z$%V=60Q0O5iaUxHR+^`11!FZx#ur& zI|wR&34r#BD8fu!;C1Qw%C_khT~|h8s_P#lS0(ZS9$>O6*m86<+LEq@Ul`E zC|1LYX+WwAfeejCQ5P%`(e4(7e=|k1Wmxp&dHkyY4Q>};=!|UfzZlpW>PD|?2(RB3 ze&>*46gq)NS3|4Rrh%BnS;=x{Pc-KyGRBMCh+MKKu_2SpDnUOIs|Ptx)Fo`fz|N2;ED zgLIvX(Fg_FJG-p!d^l0bYK?WhbLiWB;@jss@LLrE$?R}tPUrEFO;sPs*H&=lsv4?) zBuT4Ti{tnOE8!sfqIC&p7^xJS#1Uy{sk#zpNtK4)XJI^31%9mr^fqkbUdhZgUiNu- zCq<5yWN>UFPcPii_&u<~Y9k{JZi$B?lrdzh1eXDpnXyI7EENZ6(d@Nds=~aNJ=zDx zH^{X>R<$ua`fgSt9w(9nNkFeC#?6I)0TEz8ITB&kd+0cI2?}vf$de~>n=Ms$x_Gkz zFZB81kxtE?z+>#|>JQ1XX9%emcq~N))Z~Q33t!r24WOh{eP^=qCR7hyN|yT`d5o5% zWJ0YJ|Odr-#1`?HMtcJSV|J@2N pI8aLg0zU&k00ICG05*+xRu1OC22Be902NG=GYv=vj|%_*006NRtBU{t diff --git a/tests/e2e/detectors/test_data/locked-ether/0.6.11/locked_ether.sol b/tests/e2e/detectors/test_data/locked-ether/0.6.11/locked_ether.sol index 7f02028e7..aef9ca6e7 100644 --- a/tests/e2e/detectors/test_data/locked-ether/0.6.11/locked_ether.sol +++ b/tests/e2e/detectors/test_data/locked-ether/0.6.11/locked_ether.sol @@ -23,4 +23,14 @@ contract Unlocked is Locked, Send{ } +contract UnlockedAssembly is Locked{ + + function withdraw() public { + assembly { + let success := call(gas(), caller(),100,0,0,0,0) + } + } + +} + contract OnlyLocked is Locked{ } diff --git a/tests/e2e/detectors/test_data/locked-ether/0.6.11/locked_ether.sol-0.6.11.zip b/tests/e2e/detectors/test_data/locked-ether/0.6.11/locked_ether.sol-0.6.11.zip index 2408eeb82bab590d4fe3a2a8303bf31cc5528608..48b675d9a326ccc17e93d23e6e5688a6b86dc2e4 100644 GIT binary patch delta 3444 zcmV-)4U6)I80Z@qP)h>@KL7#%4ggP`tybm08uLC4004nrkr-5e^+P_6+Z$mKB8mG47sOh$XJrXM0aaIfmh>WQO-|HR zhez1+DBzzN%$*G8s&{5@HM)u;5LnMLjA%bh`-t)JL)hy1F1lE=)Xw35Q!$%NlWrKpHEvR#+tO66 zjszxZ)x7CZ=#d`jEYRP0M*&!XM>{Z_Wd9D19(str)qSbU(su{Q7zAVE!}yM}$g=OT z(os|Om8>{($1y{7eel|2F#sni)$xwL$2afM(x}eM!kDq??uBZk;Uv;guk{*d&_>%9}Tn}>gU0dFHCb5VZJ zuSCAOE!{^bBL!C=<(lNkckkt483j&Q{fenz!B{YVqdT$#0u0i6HvZ@NvNaL_f>CG< z6gr2sBp;o`v@d%mo|zTtXRUFV+(Jw}MS6>a;#pBCmODE#IWh0vH@%$ELdy-l`AKF_ zo)Zng-Us^*xytpvL#h1cIu1Va6ii7Mu>Itcy-tMzR68c=-!nXgqE?u8v4X@5ItzBUaOt9P zI3cG?-;d9$9`u&mi%>^QC!=L!RIY`!%e?Cm=oKPQrn-*42#yg!TWy*Sg#}~@K zk0c7T?g$CoaA>9lnBCRPa%*+M?SCz`i_OrzIgW~me778f(BVo9 z6)yC;Qbd$Fqpv=mYQn&2jgV4*)!j&C*jm}lA;*=NLA|URvYMuxi>975Vmg_nk#e^2 zrzQmfA|m-c-l8aWN$JG6Z$u4RthDBWPU$TBJiZ}_+mQP{%9+#ozBU&B;YKeixbVaV zKdD3y=jPzlr;uG0GU0#>H}mkl##mStXWI4ipv)sldzTc#+FWzgON*?31GaBJg6&AV z@*byTRwBlj@|qhebua}BEr69@<@ZXz*>@cP&{wGqTpM33Gqz!+nEIz6rc)XspI2;W38ubzlcAk*8ZW88c<3T zRzLHZ0YCBlXVKWd4`S1Q=0gotq#5cckzH!|cVokgL{K@KlB$>WXPQK~JN9A0+;OO9 zb$el*_O|%SRB+w=tL9uioxf5)!MQ6RL`Y4yiRGw1LFvB3f?t|k%#183ivjKU#+jag z@0eU9$+>>tH`4qr41cM2qi1Vej2q2!1bboM8jfy|C(HJ$ie|xo*&&dHEpgqZ+JLY< zeH1cNdEIXTL;{Ay9)Sm8gyQlBY?jyc>z92dr;g5R6Ss}b@3@QL+kTlt4}ZHEqLG%Z z1;2*gjQfakG=UCaZZ@x`Qmka~Js66efha~dA61iNk()X&9dbxcn))fOwXH7SXWo|l z0`>Boxt+yn=16{jKl<;#(n2B)Cj|U52Dsjmn;+9IKNp$&yrj+$+Zsz=g|z|UKIMd8 zXJ4cchPZI65WVf=k?Gs<0x$;EFQ8)M8TqvsW%b4 zRaTGb>Cxarb|V`k_!M{O?+imSdE_ib_*e^UElS)J79;|HpDX$bQRFOR(HzE!Iddf< ziR`5JWn4KGiUqGuqF}a0S1FoBQbQtXjwzH1Gv1Vt)HJhSGr0-s2q?^D+JKyM*&X04 zvG(t%Q9jzSZEg>FFe0vuC+zv!FS$^gQS)bM`RpLu@2l#YTaZ_=mH3Kf z-;z*&(Q{RQR;Ra+nrPtUc9#OmX{v2^fC*XO4D6~HO?Q>$X~~W&+ciKs zAw@!es2MwYZ9TR|0DA6h{M3;QMUz>oYW<@-z-ZUivc6Gd>&Bktnk7r#5ZSYwCd9XS ziK!6_dz#b+Z82g(yliUa^`t#!_f#0q!7=mYA(UiDv*v%{8YK|=!7vpsX-}SMK3^M> z%BbP@r(jLHt%m5TJdK!KAV|NKg?i%p0r#SRY&1;4*@jrVqdU;<66jsX#jzhNh3Fw>5fQ{Wv_wf z5QD{l=iV+{p-sHS4EPqdkhrRc!x^x)-Xt_>n@26i>yd42-X(Cd8 zLbZHBT=gK1XA(sC(&2U27iM+NpGBT=jb`n|Sb?wNM#DSa4_MJ^HK`U>Dt4*h)iDS| z_nlHyuWt1THP~~6-jK$G^1FeYg=@{Rqi!4kmA2vs=SZZb-RYWKw6w>kJOXMx8F#uh zv!hZ?MN+Gabiyr>1Y-@Wk$Br3)|z>Le#YwE2TEW^^Z&Q)p2r0}o~>DqO2kD!j*G7b z)Ka_9REpO@RVWJ)4qu)FJ+r=!10cGUT5Ts7r%jSX!>I`Srcq?Ur>{~5n+Ix01&zk} zWaYDes00){H9!$jYi{OYI=wiAm#J}5>P47_D6EVN0(J~5leYqieov)TzDgc{7TVY+ zuW*&~=P0LpeRS6OJl6bE;y$Jwplnl3dQVst4KZ4|I*k;TW!oU&F;eO|YRwk?BwKZY z2NV+^!VQ2~eXhfvHulxirfB89>i5;6=r-Bbj(scup|r)(nvKFX82aimq|obn%Txp7 zkobc7T0n~r&z4M@#s@#`erK_N)Gdv~#aLj3Yd%UkG@qjZq90t`3^n6f$Oqxz^k^*& zjGOG!d_pH9xz{kuD?W<{j+$zoswxg+nD4|EaZe0j0gzSS6XE#RliBc-I7|0=LGeQf z{Pp00E$n8;t28` z*Q^w~2L%+xQNl>XA($diJhlcDxSIKqK!U!f0vMt>QE(GPK6T_^_36 zb=5*+cDhIUfdBnoKT9K-C8v7v|P78J2inB4lp3{0zV zrb7sW`Q-@?G)b9YhGpf5{O?sfeVAMv|9D6~+)iC~4NYN0YD9rZPw2h|$=<9%BRO@KL7#%4gfZdcUI{`%EDX=004JPkr-5e@kbAZrIlV+*LwgE zaqkuAn-IgLlorvIZ8-g7 zQ>ISGACE9LPoi;E3klx7DSG{Tk;gj$ssNJ;ZI1qtqMdioDNH8P;1J3H*==1SIalc? z;2G22Kd?Nz^w>moOIEpIC8;XDWDM9D8bSB)3?q?-DVrdFQzdeRjaulCA;qs*QLbM# z;&zeZ1;KqJ9H@l5@Ou|1a&_p0r8bb#h*$bM$NQkh27}4T$ws_73+S5_obF@!C{lW$ zMwAM6gp9wcWIv>yZLdc?^CLf^5Z8yNO%{sc$@DU@G2|H8c0(+qMXwE6g`LrVm5py` z&cWp zS|m~jsMZz$KMx41W zPww;E2SkFX0YR@+Qr0xG`US>q=P($shUAnlB~MD-$;DutR2HIt1RjIFQx5qWRh;|+ zMjknTC#wz4OZ3{oDi));eWT(@m*n!Pu|lw(nPdIFr`=l+fa5(-(pR&nrHX3KvCJhe z(UeLMMBhVfLE1J;VC`wsdgc5oY)#)X7E`>Cl1{R)8DQOPER-`8xFAyz6%xgJdzS-` zl|fS4Md)d@7cNaSNf5Kjt({pIVZQ|t*e4o);>ni=_UY^@`lxro4rRE}Y>R}N0{m%x zMg%2yD@lNb1l`4>2bvJXpXAi=BNdzsq{-07TJ^Bi-MYD+m8JxWa5e1_9g;XnNVB*` z?yi}Mibf1auV#TP@vtPG3Q#FSc`IJP$D#1FzMPF%%nrKe9H}nAab2rP}P!f@MKA`yH|I| zEV_8HfsQm$bzQXAOx-zyv%xn;-xD{ zgYidB@GWMr_g1>_PmY}OnjqMHA~&~|HGEZ%W`hj~hdsJbKV7VLI6OmYSEt5*0+%DE ziYgD4E=H=#4Wp!pam=<|Bvh zs0;{I@RRJ!S{y=dzdZl(LTx^o!jA~#lofxi@N0|hlcVBnS5?OQ8bo=PVJA|U++O3^ zNO{-4t}I1@EuMXxIpd&6-nNaM7o-|cjHbK>1f>zOGN%V92!A6)STZ?(fX8hCne5w; z$YSJ>PIFaVb$L_ffz0|eaBslT7Lg*eq$#F-RP!Dwi-!EsWEv{dVks2ka@Mx8A=$mSG6Ig0ul1_t!vz4(R3wr9G%?IX|xy$cZ&$5oQe2%`@9sfh zy^hdMsQ{@qwh1f;W)yEitm?6>r(@&qr99*o|5_@r{1|k}Ze^8!VTV0|Lpc+h7+7Fx z>+rO3?@b+%4%6na>ZE?n-!$HvI{F#2Q5^Sb#em?=r`kBMcVc0F^)fBSW|$X9v48^u zL;3TZs&M0tPh~akb(`7@2`|m^Mo|i9c36^8saTRRzE)1rk#nL^Ke}!~-wEGJ27dHh7z@DsOa~S;)GBn;4ls^8K2dSj5{aNOsg-TRE50XSl zwj1||J{To@T-+$hz9u954`-^vZfQ@sbx_qu-dfO`?JXgG_^ot>w~}6EN=gVm{?5jm zjx|Z%d1}}h7`A$IC9nK29{*6ECs#v#p~T>YRg#`1^|gS1dk^LT+#nNd;m9soy?E=@ z^d3%V?Zg(8|3SW4De*c`%-OCC_nE)+bF91``!nvsW9&ekq!92JHl-CCk?*b>4l)SC zyn&rtunP-G^52V)9w;h-MQKhgv7$p(OdTp+kY(4T_SjD4>DEHV;gFKQTEduu3wTZcNfCIvXuj4UHtKqqYYU7d$NW z(gvMLwoV`PUcvc-pZoz1L?R;}qT9(3w|nNzMaCz%{?;SjlCVOyPWykLNgocUjHTBJ zf&ukZ@D4doJX#Zt%JE{_cQ`a>_ivjhKm{8qwP8ws>%?ica(dO9MuGl=!zqIac})l} z{0=$bk`!y{yvZ0vuqj2oMXOHyR7R6=n>C9{Tdkfon5fSR=J>j92k6#eXLBJfZfaxh z2D6)J1BtMEki=tAqJoq&!gl4KL?3IZl0>g*{^5Z?%9Zcv%Nc1t;wC%r6odc^U=!vd zHu=hb*4{B|8|7T^vk-O@fHoWr;)C52h^=aJkdi`YI7?G92xbNK`@;Bl3E}ofe&rqg zc^ucmARYM-+6z0ip55n^%GvxJ*}F4?rY^P|9SAIrnvt@LmT#)Vh>NJFU!-7E31(=FP8JK5pV z4~!J<6aa)ScNl4B&Fp?lbdX>5u`Mb2{_B#!S&?>conV4lBE(MNS~$!gCNgR4+YS_e zQU*S0m!OssO>Nj>EV2|Qq9F=1rDZV0D7C~W`>!{1Aaf8G8SGV6&kena85{+c&m|O>@+%HNt~eS=73FxpA9wBF3=Jnk4j`NTaw4x-*JCTSPMlV!3gn( z=5==Ndm-I#&4=;iUC>vY0!Kd=o2xRfS5%Ll;XZ%T&lTn1UfNAN6g&{HX!>Ge;G%ol zqsSHRJWLhu4`bdYYwR0RggGL43Cek}{)pnIlT);z{DH5_?~foxs2VkP5)%1&*|e$W zh~r3$L)I-6@5Dd<@hI@1P)h*@KL7#%4ggS{tyZNcBM9sa004nnkr-5e^+P_6+Z$mKSC#rALyEI}*&)9V8mLyvJA5B~4frL|-K1ZIa1v5!zONZ3O z($CcG9YiJqI1A2y=?U*N|GgFSlI$d{i1&jMJERwFfqfDdoyO z3UK4^Y?hS?eR{RRfR%lajT&lB?92E&4gv|41b2~eTFRHX*)X*88X%{tk*0;{+6k1Q zU?z3PX9rkIPi`chZGP9Bz?l&B`87+{vz({GOFEI2E7@9<5El*3! z!~ED7f-|NDk7O{TV@A-{5fRKY#uDjXHOn{*QCp~gkJ71A%!n|0=QWw?9d|8CSQq&m)$d$)V~QONyAM}5{Yy;6c$Z5~**@J$ zd5qv|=94j1hTtc?wdA2G)UMl9gcx!DDFl2~#+3D4VgVrcqusi~)vz;_L1A3Q!Ro3a zZaamCKKRi5k|E{;UW!#G*GJ-~Y>ApyhSBJ9I;>-Va#t>Q#jAP9uE?r+pI001u8Y70 zGhXarXW4`}Y~e0EJL>ZUF(>2rDE8WhN`OklPOj>apYNz!}x&&Z9p` z_wPP`{JJ_iz_c%nn27jK1G3y2H3#gfODQ~)>Z`R}?8{}Rhh*fQ9!@b=@%g1<^|q<} zIuE!@C)}g}f8P>oWZGFlaB0P+6gM@KAh#`c7>^lL1rdPs6TeGPf zrczvJKwD`8Ht8y@vo8y(3e|`B&&H$Cq^5j-q==z|PX`zM#aeTdzmlfC9c>%x55i>y z#|Ma0ID(LWd31S1n}{=E?dd$uJ+~KK9RpGwt(_5TznWO`1>1$*+$o;i}TORk>GX-HuSv|G=mJ9IZQU2o_8tH*X7-(@d*> z+HZsa8JazDHYx)N6 z<-Wq0bac2V@4Ps`?uCsyhn~}9gPTP+0R^*_2xv(#A|PyJ9(|($s$RzPbm{kgd)3V( z2mzBsDu8RsgxPP|8PgLUpAWn`D)JwHA*aNq+s4fQ9G=-|)$KpA;KKLK9;6!dP#>P3 z6JEn?PHPB*l|G9Q8ie|IeG}~-x0p+nEIy_W{tcAus^Zu&}-BN@)U}_oAEM43{ygXcD|cY zm+Xz2Ykeas`)siAkUzBOVAeW@XEweoVG`8yl8dLE$+2bJ5;;ByIedjKMKTw;E0w3m z`>fM*Uo+wZ^oJd$_0(z>SL0z9=np_I9TJDNK#t5n^hYk;)Q>rm(Xjx>?8K=gO4khD z33~JLV;96^KIF*;q1q#3yiAUNf=RXq4>t#|aC+bREE~CO6@SBd?u*yY6rP1_;yTFL zB~jG@G>(^Yai#bRx^=YB%=}N+5#}e?L&$sA7J31~OD&$yw!YtEy}@1kv_0AMbhazr z$P~5It*=&C4W|^^cg+!>fdMLeBp!O_m|)T#rbHP}r*spR<+o~Zq4hd{Y|;#wq<5(& z=emtgrFWh(sr;8C1c50LU<;KtQoKC-=C zV_RB0bh{P@iv_9$R_eAjmH$v3f?!3^w>Hj5>LzO~r}PJ?`8AHJouOkV8d*e(I95E$ zFNSWU=#YBg8giKbYJi8^=XnjBX+Ykol0?#kJXD$emTRHrZ9!fDX$x9=eN{ge>UDm2aLao;f_S`z9oJnRon-O zC-b*>{k*cz%p>rUA6pC?fP{?kf7l)O3}?-L0{R|6TS4~`K?0b6nDOMVmmUsMyD!?7afLOC7J!W8pkuPJ8w3yTG--H9`U--3{>|t_gW|LAZ$`Gv9`#$_^ zYEqm49gT?dt}Htv!oPeg9QK)6B>)hlGG<#XrY_VnF#za)x-5$=`WQRP_8HSqHG@JE zSK6^a57esEOC-?;j01Z|$0stn=qP+f#Q<59pP8k*XwaL%8bkoC_{Ac^ z^^GA&=QCY@b!r$Oq?Cte>qWS2*Zc!C$#UN$Y%*PiqNewq_e?S3O|zdwUlsXUJmc#x z6~jekD~KXYoDfM-*l7$t54?%6#Pu~8`Y_8xL}I52r%zGJU})AUQC5d=uDyvHmR2fH z7RM$(*#QK&v^zNZkz{VR|HL7{< zi}%T6L{3Q+h`^@`zP@GBEIpiSWmr_AFXNM}MF<1RPd7)cY9d#Y;f_y&B?Wg;QupSA ziKzU4dL7M%>W#4<%h_;5F|i6N!hwaEt9O{sTeLPafd$!zz9VN$s%Iz*3uZaHFV)8TI_Q|M!H83stUA5au=H?Z(9QbP7pk%~^iDCAF zmA;LDk}TH@|KgN0NYZ<+K5dw|?6mW2RF>YQ;Yy@2c^>9C+NJo)SNi)**9E%q=KP=z zl2s=jvXCY>GjA%HAtEnPK6KElwX5$0`#+DBq4Rhx5 zcLC0U$*LKj+#b&)7*SUX%tVL*t!*uTwL$v1qEnX}lTP+aY1_`KJPOGs0(tZlD1 z>;;}nJjEd1B&=!zKedUiI6l-=p7{?v=Yv_F zb_oDz7$v}j+}8FkQ{~Zfc00H2U9V<6QDHRn1YL&GMdE+0d#8tKq^fJ1$;YT35&7|X zupgNvp*j&n4wDH`!I6*MJbpZX(Z0$BcNWs4q5AW?w;#dtU>fR;xh1SX9`N#9RYLhB zs2Fgiqcx%zR|Sv0o8+Mtza(c!1=vI)2=8b2AXNNu5W1WH%|~GkR|-iKC6BN;HBqwl zL!(pR2aB5azU#Z#E#;)?LsvwBqJS|H|wnv{in_$ADEyMNPKE zCJ~lq?G>sJwUTV)r*N{CUY8eeP+uCEUM$k()Y&M)T|KkBFQQLnsEPx zw2q8WO928u13v%)01g09ovl`-CnE^#3;+OuS^xkf000000001!atl5NE)4(x005Y} BZdCvP delta 2878 zcmV-E3&Hf38@3l1P)h>@KL7#%4gfcecUD(TaRm$u008Dlkr-5e@kbAZrIlV+*LwgE zaqkuAn-IgLTge!$df`E^ z?Ro1j46EM`Z}*duTw66krOU6zS8q;e1dtTox)zjgw1UXsr=oI8HyLI`Vy9nTSv)Cg zDX=l80T7y`ln?PINM2GE_(nrv+XVon9@c(M>t}E|X+U#+2(h*oTbsq8 ze(r>;_2H^rVjObwd9?^p z$w#XXjSg^RjDFr`<5p{m*w`?FKMJMq6e>#TOHT1%2k8-W zd><%|4&2|Lxxsink;s{bM}o%kM4>4K)ulf`keBR!87-ot8hk=j0;AZJ?asR9#z!!k zW07*&f0LGQZNz-i{hSbQelokO2m}5Ct#_xc*mRbia;2ts|iCo(V*?C*d-4 ztXl-6=3M#8k`NpaQv?1w^9XE0zP;^#m&sJ7BLpGwdua3)VTO*xUxARKP1dS+-Y?+O z$8ugs`11>%WLL8OcNXG!NrTV5%QI6#!cbvQsdk}(6ChAkQO9XCyDcV+}I8+zKFCu zpK!B1{~yd1cNE;a4QR3FaDHa94!ZO^P)5OrIPKO5PdgrElvK0ck2y1UX0{@ z8|Xk`S&Da}^GaGqZ*F>cC&M_|9tGxZ?)89SNyEL*bkXK~>Ms#dQpYtBxYGE)&}*sf zn7#E^X$*ywa`H?r=b~`ag#5k?fw3eW)!R$xY=8k2X@m8Nc4Dsp2IX9TDB%adb99wT zxyUx(_uklr77{x6_X?GDnL^SKPHo;d`D%8&3)akO9QuHx(U~<5%Jtk@`x|Xwa@q|K zMs%`M{Nmlidk2oE|8MRxl=`MgwA!{XIZaMvNKo|DVQH5bZg}#Q23t(C!$rIS>V?DN z!)PXJnWlE?RoW4ZK-JKH@nr;bR8V4_9bH&okbSPsZ_$aUl7|#Hh%E*H2)P!xAMwKQ+{8L z6Pr{>i^_dVUO0Cj$`^k4Y)KU}J(C%1XjfVye_K`H;`C8V)x-HCR77+2`K4f|CwcUj z$5IrDuQ7sPS5>Fq(x3Z2~Kq_nw`Px$xF_Y z1IJ4VxvB>=qd{M+A2ft2aJG%r= zA}#cIlJ%Z{3mZ+nS&5Ps^vWMm^)^9LF)oeCwvTZ@IT9IxvvYnv2qYAb6y)C$0gDv% zKl9=a+gW-z9HesN`&)$>&O8;aoA)0Xpu*4E!@O@!>D~Xr7TG0_8w2wGe4M>K&VqU8?LuX*^hT_Qk#tGyXKFAqfP9RovdOb8$pM^(mV zAu}sodzD9+OkM?Kdb?$|=>?(!UjZu`rEt!bHj0nlA&=2Y*VKCL%Dv53P67DU^ttXP z`In9vp!Y1}yqmf3PKf*m660hScN1~AwEqZE;f_NGGIAa)^_XW2q9m-ldkr?^5EbYu z%OB@|gYZcKVBcr$gyGh@s@1F=bFVLSG(Th|ESMk&9#SV^d>O+H!^9;g?Xgp3r!F7P z+XY`A6xVIsWLwIVLhp?L4TyXXrffHqH30e(Z)a|%fq#R3(i_OJzjx~gf0l@a)@A^c zME!93;qRhnvhR)?Ydy%`RJF@a>cLb|jvCZ|y7U-L=y|5Mk*er9GxCv6EMp>35)H3) zB!67?t6v)~r!J(oTp$9kGf0_6M>n>4b8&W4f4;7--~N?+8r|a;F$2FT1JN;cjXr1*SL542&DU zGm%_Di$MW8y0sF-``N`pW)xI=$1**e3u1I7)Jr$M*5jY_?uh1coqLnwy2#Sw&IRts z@-*=|R<9JAR13NterFSm2r8aKBnq@c)*;x=Uv0ADM$-WNgJ^S5O928u13v%~0ssyG cH;s2zS50vR3=04N=17xB4M+w~3jhEB0AYk@LjV8( From d0f12dc710ca488f0ccfbdf3989c884b587176db Mon Sep 17 00:00:00 2001 From: Simone <79767264+smonicas@users.noreply.github.com> Date: Thu, 8 Jun 2023 23:05:57 +0200 Subject: [PATCH 08/10] Fix bytes pop ir (#1926) --- slither/slithir/convert.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/slither/slithir/convert.py b/slither/slithir/convert.py index 63c3745eb..d40715c4f 100644 --- a/slither/slithir/convert.py +++ b/slither/slithir/convert.py @@ -1363,11 +1363,12 @@ def convert_to_pop(ir: HighLevelCall, node: "Node") -> List[Operation]: # TODO the following is equivalent to length.points_to = arr # Should it be removed? ir_length.lvalue.points_to = arr - # Note bytes is an ElementaryType not ArrayType so in that case we use ir.destination.type + # Note bytes is an ElementaryType not ArrayType and bytes1 should be returned + # since bytes is bytes1[] without padding between the elements # while in other cases such as uint256[] (ArrayType) we use ir.destination.type.type # in this way we will have the type always set to the corresponding ElementaryType element_to_delete.set_type( - ir.destination.type + ElementaryType("bytes1") if isinstance(ir.destination.type, ElementaryType) else ir.destination.type.type ) From c8d20acca6f5039096907757832777f7d2b34bd7 Mon Sep 17 00:00:00 2001 From: alpharush <0xalpharush@protonmail.com> Date: Thu, 8 Jun 2023 21:03:45 -0500 Subject: [PATCH 09/10] do not recommend changing mutability for abstract contracts (#1952) --- slither/detectors/variables/unchanged_state_variables.py | 2 ++ slither/detectors/variables/unused_state_variables.py | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/slither/detectors/variables/unchanged_state_variables.py b/slither/detectors/variables/unchanged_state_variables.py index f12cc5784..0e73ab57b 100644 --- a/slither/detectors/variables/unchanged_state_variables.py +++ b/slither/detectors/variables/unchanged_state_variables.py @@ -87,6 +87,8 @@ class UnchangedStateVariables: def detect(self) -> None: """Detect state variables that could be constant or immutable""" for c in self.compilation_unit.contracts_derived: + if c.is_signature_only(): + continue variables = [] functions = [] diff --git a/slither/detectors/variables/unused_state_variables.py b/slither/detectors/variables/unused_state_variables.py index afb4e3ac5..830ca34ca 100644 --- a/slither/detectors/variables/unused_state_variables.py +++ b/slither/detectors/variables/unused_state_variables.py @@ -20,8 +20,6 @@ from slither.visitors.expression.export_values import ExportValues def detect_unused(contract: Contract) -> Optional[List[StateVariable]]: - if contract.is_signature_only(): - return None # Get all the variables read in all the functions and modifiers all_functions = [ @@ -73,6 +71,8 @@ class UnusedStateVars(AbstractDetector): """Detect unused state variables""" results = [] for c in self.compilation_unit.contracts_derived: + if c.is_signature_only(): + continue unusedVars = detect_unused(c) if unusedVars: for var in unusedVars: From fc9377d28cc3818213f4f5fa39a763c595b10a85 Mon Sep 17 00:00:00 2001 From: alpharush <0xalpharush@protonmail.com> Date: Thu, 8 Jun 2023 21:04:23 -0500 Subject: [PATCH 10/10] fail if artifact does not existing (#1947) --- tests/e2e/solc_parsing/test_ast_parsing.py | 9 +++------ .../expected/yul-top-level-0.8.0.sol-0.8.0-compact.json | 5 +++++ 2 files changed, 8 insertions(+), 6 deletions(-) create mode 100644 tests/e2e/solc_parsing/test_data/expected/yul-top-level-0.8.0.sol-0.8.0-compact.json diff --git a/tests/e2e/solc_parsing/test_ast_parsing.py b/tests/e2e/solc_parsing/test_ast_parsing.py index a561343de..a1d294c1b 100644 --- a/tests/e2e/solc_parsing/test_ast_parsing.py +++ b/tests/e2e/solc_parsing/test_ast_parsing.py @@ -495,12 +495,9 @@ class TestASTParsing: actual = generate_output(sl) - try: - with open(expected, "r", encoding="utf8") as f: - expected = json.load(f) - except OSError: - pytest.xfail("the file for this test was not generated") - raise + assert os.path.isfile(expected), f"Expected file {expected} does not exist" + with open(expected, "r", encoding="utf8") as f: + expected = json.load(f) diff = DeepDiff(expected, actual, ignore_order=True, verbose_level=2, view="tree") if diff: diff --git a/tests/e2e/solc_parsing/test_data/expected/yul-top-level-0.8.0.sol-0.8.0-compact.json b/tests/e2e/solc_parsing/test_data/expected/yul-top-level-0.8.0.sol-0.8.0-compact.json new file mode 100644 index 000000000..f9655dff5 --- /dev/null +++ b/tests/e2e/solc_parsing/test_data/expected/yul-top-level-0.8.0.sol-0.8.0-compact.json @@ -0,0 +1,5 @@ +{ + "Test": { + "test()": "digraph{\n0[label=\"Node Type: ENTRY_POINT 0\n\"];\n0->1;\n1[label=\"Node Type: EXPRESSION 1\n\"];\n}\n" + } +} \ No newline at end of file