TheDude
/
slither
mirror of https://github.com/crytic/slither
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'dev'

Browse Source
pull/1483/head
Josselin Feist 2 years ago
parent 1ca59ab0b6 133c1a16f1
commit e292c67082
30 changed files with 7673 additions and 6374 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 2
      setup.py
  2. 35
      slither/core/declarations/contract.py
  3. 48
      slither/core/declarations/function.py
  4. 2
      slither/detectors/erc/erc20/arbitrary_send_erc20_no_permit.py
  5. 2
      slither/detectors/erc/erc20/arbitrary_send_erc20_permit.py
  6. 61
      slither/detectors/reentrancy/reentrancy.py
  7. 31
      slither/detectors/reentrancy/reentrancy_eth.py
  8. 2
      slither/detectors/reentrancy/reentrancy_events.py
  9. 32
      slither/detectors/reentrancy/reentrancy_read_before_write.py
  10. 2
      slither/printers/summary/function_ids.py
  11. 8
      slither/utils/function.py
  12. 1782
      tests/detectors/reentrancy-eth/0.4.25/DAO.sol.0.4.25.ReentrancyEth.json
  13. 190
      tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol.0.4.25.ReentrancyEth.json
  14. 6
      tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol.0.4.25.ReentrancyEth.json
  15. 222
      tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol.0.5.16.ReentrancyEth.json
  16. 6
      tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol.0.5.16.ReentrancyEth.json
  17. 222
      tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol.0.6.11.ReentrancyEth.json
  18. 6
      tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol.0.6.11.ReentrancyEth.json
  19. 12
      tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol.0.7.6.ReentrancyEth.json
  20. 6
      tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol.0.7.6.ReentrancyEth.json
  21. 151
      tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol
  22. 981
      tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol.0.8.10.ReentrancyEth.json
  23. 9454
      tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol.0.4.25.ReentrancyReadBeforeWritten.json
  24. 354
      tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol.0.4.25.ReentrancyReadBeforeWritten.json
  25. 12
      tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol.0.5.16.ReentrancyReadBeforeWritten.json
  26. 12
      tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol.0.6.11.ReentrancyReadBeforeWritten.json
  27. 352
      tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol.0.7.6.ReentrancyReadBeforeWritten.json
  28. 1
      tests/test_detectors.py
  29. 17
      tests/test_function.py
  30. 36
      tests/test_function_reentrant.sol

2
setup.py
Unescape View File

@ -13,7 +13,7 @@ setup(
python_requires=">=3.8", python_requires=">=3.8",
install_requires=[ install_requires=[
"prettytable>=0.7.2", "prettytable>=0.7.2",
"pysha3>=1.0.2", "pycryptodome>=3.4.6",
"crytic-compile>=0.2.4", "crytic-compile>=0.2.4",
# "crytic-compile@git+https://github.com/crytic/crytic-compile.git@master#egg=crytic-compile", # "crytic-compile@git+https://github.com/crytic/crytic-compile.git@master#egg=crytic-compile",
], ],

35
slither/core/declarations/contract.py
Unescape View File

@ -2,8 +2,9 @@
Contract module Contract module
""" """
import logging import logging
from collections import defaultdict
from pathlib import Path from pathlib import Path
from typing import Optional, List, Dict, Callable, Tuple, TYPE_CHECKING, Union from typing import Optional, List, Dict, Callable, Tuple, TYPE_CHECKING, Union, Set
from crytic_compile.platform import Type as PlatformType from crytic_compile.platform import Type as PlatformType
@ -100,6 +101,11 @@ class Contract(SourceMapping): # pylint: disable=too-many-public-methods
self.compilation_unit: "SlitherCompilationUnit" = compilation_unit self.compilation_unit: "SlitherCompilationUnit" = compilation_unit
self.file_scope: "FileScope" = scope self.file_scope: "FileScope" = scope
# memoize
self._state_variables_used_in_reentrant_targets: Optional[
Dict["StateVariable", Set[Union["StateVariable", "Function"]]]
] = None
################################################################################### ###################################################################################
################################################################################### ###################################################################################
# region General's properties # region General's properties
@ -356,6 +362,33 @@ class Contract(SourceMapping): # pylint: disable=too-many-public-methods
slithir_variables = [item for sublist in slithir_variabless for item in sublist] slithir_variables = [item for sublist in slithir_variabless for item in sublist]
return list(set(slithir_variables)) return list(set(slithir_variables))
@property
def state_variables_used_in_reentrant_targets(
self,
) -> Dict["StateVariable", Set[Union["StateVariable", "Function"]]]:
"""
Returns the state variables used in reentrant targets. Heuristics:
- Variable used (read/write) in entry points that are reentrant
- State variables that are public
"""
from slither.core.variables.state_variable import StateVariable
if self._state_variables_used_in_reentrant_targets is None:
reentrant_functions = [f for f in self.functions_entry_points if f.is_reentrant]
variables_used: Dict[
StateVariable, Set[Union[StateVariable, "Function"]]
] = defaultdict(set)
for function in reentrant_functions:
for ir in function.all_slithir_operations():
state_variables = [v for v in ir.used if isinstance(v, StateVariable)]
for state_variable in state_variables:
variables_used[state_variable].add(ir.node.function)
for variable in [v for v in self.state_variables if v.visibility == "public"]:
variables_used[variable].add(variable)
self._state_variables_used_in_reentrant_targets = variables_used
return self._state_variables_used_in_reentrant_targets
# endregion # endregion
################################################################################### ###################################################################################
################################################################################### ###################################################################################

48
slither/core/declarations/function.py
Unescape View File

@ -189,7 +189,8 @@ class Function(SourceMapping, metaclass=ABCMeta): # pylint: disable=too-many-pu
# set(ReacheableNode) # set(ReacheableNode)
self._reachable_from_nodes: Set[ReacheableNode] = set() self._reachable_from_nodes: Set[ReacheableNode] = set()
self._reachable_from_functions: Set[ReacheableNode] = set() self._reachable_from_functions: Set[Function] = set()
self._all_reachable_from_functions: Optional[Set[Function]] = None
# Constructor, fallback, State variable constructor # Constructor, fallback, State variable constructor
self._function_type: Optional[FunctionType] = None self._function_type: Optional[FunctionType] = None
@ -214,7 +215,7 @@ class Function(SourceMapping, metaclass=ABCMeta): # pylint: disable=too-many-pu
self.compilation_unit: "SlitherCompilationUnit" = compilation_unit self.compilation_unit: "SlitherCompilationUnit" = compilation_unit
# Assume we are analyzing Solidty by default # Assume we are analyzing Solidity by default
self.function_language: FunctionLanguage = FunctionLanguage.Solidity self.function_language: FunctionLanguage = FunctionLanguage.Solidity
self._id: Optional[str] = None self._id: Optional[str] = None
@ -1029,9 +1030,30 @@ class Function(SourceMapping, metaclass=ABCMeta): # pylint: disable=too-many-pu
return self._reachable_from_nodes return self._reachable_from_nodes
@property @property
def reachable_from_functions(self) -> Set[ReacheableNode]: def reachable_from_functions(self) -> Set["Function"]:
return self._reachable_from_functions return self._reachable_from_functions
@property
def all_reachable_from_functions(self) -> Set["Function"]:
"""
Give the recursive version of reachable_from_functions (all the functions that lead to call self in the CFG)
"""
if self._all_reachable_from_functions is None:
functions: Set["Function"] = set()
new_functions = self.reachable_from_functions
# iterate until we have are finding new functions
while new_functions and not new_functions.issubset(functions):
functions = functions.union(new_functions)
# Use a temporary set, because we iterate over new_functions
new_functionss: Set["Function"] = set()
for f in new_functions:
new_functionss = new_functionss.union(f.reachable_from_functions)
new_functions = new_functionss - functions
self._all_reachable_from_functions = functions
return self._all_reachable_from_functions
def add_reachable_from_node(self, n: "Node", ir: "Operation"): def add_reachable_from_node(self, n: "Node", ir: "Operation"):
self._reachable_from_nodes.add(ReacheableNode(n, ir)) self._reachable_from_nodes.add(ReacheableNode(n, ir))
self._reachable_from_functions.add(n.function) self._reachable_from_functions.add(n.function)
@ -1460,6 +1482,26 @@ class Function(SourceMapping, metaclass=ABCMeta): # pylint: disable=too-many-pu
) )
return self._is_protected return self._is_protected
@property
def is_reentrant(self) -> bool:
"""
Determine if the function can be re-entered
"""
# TODO: compare with hash of known nonReentrant modifier instead of the name
if "nonReentrant" in [m.name for m in self.modifiers]:
return False
if self.visibility in ["public", "external"]:
return True
# If it's an internal function, check if all its entry points have the nonReentrant modifier
all_entry_points = [
f for f in self.all_reachable_from_functions if f.visibility in ["public", "external"]
]
if not all_entry_points:
return True
return not all(("nonReentrant" in [m.name for m in f.modifiers] for f in all_entry_points))
# endregion # endregion
################################################################################### ###################################################################################
################################################################################### ###################################################################################

2
slither/detectors/erc/erc20/arbitrary_send_erc20_no_permit.py
Unescape View File

@ -14,7 +14,7 @@ class ArbitrarySendErc20NoPermit(AbstractDetector):
IMPACT = DetectorClassification.HIGH IMPACT = DetectorClassification.HIGH
CONFIDENCE = DetectorClassification.HIGH CONFIDENCE = DetectorClassification.HIGH
WIKI = "https://github.com/trailofbits/slither/wiki/Detector-Documentation#arbitrary-send-erc20" WIKI = "https://github.com/crytic/slither/wiki/Detector-Documentation#arbitrary-from-in-transferfrom"
WIKI_TITLE = "Arbitrary `from` in transferFrom" WIKI_TITLE = "Arbitrary `from` in transferFrom"
WIKI_DESCRIPTION = "Detect when `msg.sender` is not used as `from` in transferFrom." WIKI_DESCRIPTION = "Detect when `msg.sender` is not used as `from` in transferFrom."

2
slither/detectors/erc/erc20/arbitrary_send_erc20_permit.py
Unescape View File

@ -14,7 +14,7 @@ class ArbitrarySendErc20Permit(AbstractDetector):
IMPACT = DetectorClassification.HIGH IMPACT = DetectorClassification.HIGH
CONFIDENCE = DetectorClassification.MEDIUM CONFIDENCE = DetectorClassification.MEDIUM
WIKI = "https://github.com/trailofbits/slither/wiki/Detector-Documentation#arbitrary-send-erc20-permit" WIKI = "https://github.com/crytic/slither/wiki/Detector-Documentation#arbitrary-from-in-transferfrom-used-with-permit"
WIKI_TITLE = "Arbitrary `from` in transferFrom used with permit" WIKI_TITLE = "Arbitrary `from` in transferFrom used with permit"
WIKI_DESCRIPTION = ( WIKI_DESCRIPTION = (

61
slither/detectors/reentrancy/reentrancy.py
Unescape View File

@ -5,31 +5,32 @@
Iterate over all the nodes of the graph until reaching a fixpoint Iterate over all the nodes of the graph until reaching a fixpoint
""" """
from collections import defaultdict from collections import defaultdict
from typing import Set, Dict, Union from typing import Set, Dict, List, Tuple, Optional
from slither.core.cfg.node import NodeType, Node from slither.core.cfg.node import NodeType, Node
from slither.core.declarations import Function from slither.core.declarations import Function, Contract
from slither.core.expressions import UnaryOperation, UnaryOperationType from slither.core.expressions import UnaryOperation, UnaryOperationType
from slither.core.variables.variable import Variable from slither.core.variables.variable import Variable
from slither.detectors.abstract_detector import AbstractDetector from slither.detectors.abstract_detector import AbstractDetector
from slither.slithir.operations import Call, EventCall from slither.slithir.operations import Call, EventCall, Operation
from slither.utils.output import Output
def union_dict(d1, d2): def union_dict(d1: Dict, d2: Dict) -> Dict:
d3 = {k: d1.get(k, set()) | d2.get(k, set()) for k in set(list(d1.keys()) + list(d2.keys()))} d3 = {k: d1.get(k, set()) | d2.get(k, set()) for k in set(list(d1.keys()) + list(d2.keys()))}
return defaultdict(set, d3) return defaultdict(set, d3)
def dict_are_equal(d1, d2): def dict_are_equal(d1: Dict, d2: Dict) -> bool:
if set(list(d1.keys())) != set(list(d2.keys())): if set(list(d1.keys())) != set(list(d2.keys())):
return False return False
return all(set(d1[k]) == set(d2[k]) for k in d1.keys()) return all(set(d1[k]) == set(d2[k]) for k in d1.keys())
def is_subset( def is_subset(
new_info: Dict[Union[Variable, Node], Set[Node]], new_info: Dict,
old_info: Dict[Union[Variable, Node], Set[Node]], old_info: Dict,
): ) -> bool:
for k in new_info.keys(): for k in new_info.keys():
if k not in old_info: if k not in old_info:
return False return False
@ -38,7 +39,7 @@ def is_subset(
return True return True
def to_hashable(d: Dict[Node, Set[Node]]): def to_hashable(d: Dict[Node, Set[Node]]) -> Tuple:
list_tuple = list( list_tuple = list(
tuple((k, tuple(sorted(values, key=lambda x: x.node_id)))) for k, values in d.items() tuple((k, tuple(sorted(values, key=lambda x: x.node_id)))) for k, values in d.items()
) )
@ -46,7 +47,7 @@ def to_hashable(d: Dict[Node, Set[Node]]):
class AbstractState: class AbstractState:
def __init__(self): def __init__(self) -> None:
# send_eth returns the list of calls sending value # send_eth returns the list of calls sending value
# calls returns the list of calls that can callback # calls returns the list of calls that can callback
# read returns the variable read # read returns the variable read
@ -106,7 +107,9 @@ class AbstractState:
""" """
return self._events return self._events
def merge_fathers(self, node, skip_father, detector): def merge_fathers(
self, node: Node, skip_father: Optional[Node], detector: "Reentrancy"
) -> None:
for father in node.fathers: for father in node.fathers:
if detector.KEY in father.context: if detector.KEY in father.context:
self._send_eth = union_dict( self._send_eth = union_dict(
@ -131,7 +134,7 @@ class AbstractState:
father.context[detector.KEY].reads_prior_calls, father.context[detector.KEY].reads_prior_calls,
) )
def analyze_node(self, node, detector): def analyze_node(self, node: Node, detector: "Reentrancy") -> bool:
state_vars_read: Dict[Variable, Set[Node]] = defaultdict( state_vars_read: Dict[Variable, Set[Node]] = defaultdict(
set, {v: {node} for v in node.state_variables_read} set, {v: {node} for v in node.state_variables_read}
) )
@ -175,13 +178,13 @@ class AbstractState:
return contains_call return contains_call
def add(self, fathers): def add(self, fathers: "AbstractState") -> None:
self._send_eth = union_dict(self._send_eth, fathers.send_eth) self._send_eth = union_dict(self._send_eth, fathers.send_eth)
self._calls = union_dict(self._calls, fathers.calls) self._calls = union_dict(self._calls, fathers.calls)
self._reads = union_dict(self._reads, fathers.reads) self._reads = union_dict(self._reads, fathers.reads)
self._reads_prior_calls = union_dict(self._reads_prior_calls, fathers.reads_prior_calls) self._reads_prior_calls = union_dict(self._reads_prior_calls, fathers.reads_prior_calls)
def does_not_bring_new_info(self, new_info): def does_not_bring_new_info(self, new_info: "AbstractState") -> bool:
if is_subset(new_info.calls, self.calls): if is_subset(new_info.calls, self.calls):
if is_subset(new_info.send_eth, self.send_eth): if is_subset(new_info.send_eth, self.send_eth):
if is_subset(new_info.reads, self.reads): if is_subset(new_info.reads, self.reads):
@ -190,7 +193,7 @@ class AbstractState:
return False return False
def _filter_if(node): def _filter_if(node: Node) -> bool:
""" """
Check if the node is a condtional node where Check if the node is a condtional node where
there is an external call checked there is an external call checked
@ -201,10 +204,8 @@ def _filter_if(node):
This will work only on naive implementation This will work only on naive implementation
""" """
return ( expression = node.expression
isinstance(node.expression, UnaryOperation) return isinstance(expression, UnaryOperation) and expression.type == UnaryOperationType.BANG
and node.expression.type == UnaryOperationType.BANG
)
class Reentrancy(AbstractDetector): class Reentrancy(AbstractDetector):
@ -214,7 +215,7 @@ class Reentrancy(AbstractDetector):
# allowing inherited classes to define different behaviors # allowing inherited classes to define different behaviors
# For example reentrancy_no_gas consider Send and Transfer as reentrant functions # For example reentrancy_no_gas consider Send and Transfer as reentrant functions
@staticmethod @staticmethod
def can_callback(ir): def can_callback(ir: Operation) -> bool:
""" """
Detect if the node contains a call that can Detect if the node contains a call that can
be used to re-entrance be used to re-entrance
@ -228,13 +229,13 @@ class Reentrancy(AbstractDetector):
return isinstance(ir, Call) and ir.can_reenter() return isinstance(ir, Call) and ir.can_reenter()
@staticmethod @staticmethod
def can_send_eth(ir): def can_send_eth(ir: Operation) -> bool:
""" """
Detect if the node can send eth Detect if the node can send eth
""" """
return isinstance(ir, Call) and ir.can_send_eth() return isinstance(ir, Call) and ir.can_send_eth()
def _explore(self, node, visited, skip_father=None): def _explore(self, node: Optional[Node], skip_father: Optional[Node] = None) -> None:
""" """
Explore the CFG and look for re-entrancy Explore the CFG and look for re-entrancy
Heuristic: There is a re-entrancy if a state variable is written Heuristic: There is a re-entrancy if a state variable is written
@ -245,11 +246,9 @@ class Reentrancy(AbstractDetector):
if node.context is not empty, and variables are written, a re-entrancy is possible if node.context is not empty, and variables are written, a re-entrancy is possible
""" """
if node in visited: if node is None:
return return
visited = visited + [node]
fathers_context = AbstractState() fathers_context = AbstractState()
fathers_context.merge_fathers(node, skip_father, self) fathers_context.merge_fathers(node, skip_father, self)
@ -271,26 +270,26 @@ class Reentrancy(AbstractDetector):
if contains_call and node.type in [NodeType.IF, NodeType.IFLOOP]: if contains_call and node.type in [NodeType.IF, NodeType.IFLOOP]:
if _filter_if(node): if _filter_if(node):
son = sons[0] son = sons[0]
self._explore(son, visited, node) self._explore(son, skip_father=node)
sons = sons[1:] sons = sons[1:]
else: else:
son = sons[1] son = sons[1]
self._explore(son, visited, node) self._explore(son, skip_father=node)
sons = [sons[0]] sons = [sons[0]]
for son in sons: for son in sons:
self._explore(son, visited) self._explore(son)
def detect_reentrancy(self, contract): def detect_reentrancy(self, contract: Contract) -> None:
for function in contract.functions_and_modifiers_declared: for function in contract.functions_and_modifiers_declared:
if not function.is_constructor: if not function.is_constructor:
if function.is_implemented: if function.is_implemented:
if self.KEY in function.context: if self.KEY in function.context:
continue continue
self._explore(function.entry_point, []) self._explore(function.entry_point)
function.context[self.KEY] = True function.context[self.KEY] = True
def _detect(self): def _detect(self) -> List[Output]:
"""""" """"""
# if a node was already visited by another path # if a node was already visited by another path
# we will only explore it if the traversal brings # we will only explore it if the traversal brings

31
slither/detectors/reentrancy/reentrancy_eth.py
Unescape View File

@ -5,13 +5,14 @@
Iterate over all the nodes of the graph until reaching a fixpoint Iterate over all the nodes of the graph until reaching a fixpoint
""" """
from collections import namedtuple, defaultdict from collections import namedtuple, defaultdict
from typing import List from typing import List, Dict, Set
from slither.detectors.abstract_detector import DetectorClassification from slither.detectors.abstract_detector import DetectorClassification
from .reentrancy import Reentrancy, to_hashable from .reentrancy import Reentrancy, to_hashable
from ...utils.output import Output
FindingKey = namedtuple("FindingKey", ["function", "calls", "send_eth"]) FindingKey = namedtuple("FindingKey", ["function", "calls", "send_eth"])
FindingValue = namedtuple("FindingValue", ["variable", "node", "nodes"]) FindingValue = namedtuple("FindingValue", ["variable", "node", "nodes", "cross_functions"])
class ReentrancyEth(Reentrancy): class ReentrancyEth(Reentrancy):
@ -52,9 +53,10 @@ Bob uses the re-entrancy bug to call `withdrawBalance` two times, and withdraw m
STANDARD_JSON = False STANDARD_JSON = False
def find_reentrancies(self): def find_reentrancies(self) -> Dict[FindingKey, Set[FindingValue]]:
result = defaultdict(set) result: Dict[FindingKey, Set[FindingValue]] = defaultdict(set)
for contract in self.contracts: # pylint: disable=too-many-nested-blocks for contract in self.contracts: # pylint: disable=too-many-nested-blocks
variables_used_in_reentrancy = contract.state_variables_used_in_reentrant_targets
for f in contract.functions_and_modifiers_declared: for f in contract.functions_and_modifiers_declared:
for node in f.nodes: for node in f.nodes:
# dead code # dead code
@ -72,9 +74,15 @@ Bob uses the re-entrancy bug to call `withdrawBalance` two times, and withdraw m
v, v,
node, node,
tuple(sorted(nodes, key=lambda x: x.node_id)), tuple(sorted(nodes, key=lambda x: x.node_id)),
tuple(
sorted(
variables_used_in_reentrancy[v], key=lambda x: str(x)
)
),
) )
for (v, nodes) in node.context[self.KEY].written.items() for (v, nodes) in node.context[self.KEY].written.items()
if v in node.context[self.KEY].reads_prior_calls[c] if v in node.context[self.KEY].reads_prior_calls[c]
and (f.is_reentrant or v in variables_used_in_reentrancy)
} }
if read_then_written: if read_then_written:
@ -88,7 +96,7 @@ Bob uses the re-entrancy bug to call `withdrawBalance` two times, and withdraw m
result[finding_key] |= set(read_then_written) result[finding_key] |= set(read_then_written)
return result return result
def _detect(self): # pylint: disable=too-many-branches def _detect(self) -> List[Output]: # pylint: disable=too-many-branches,too-many-locals
"""""" """"""
super()._detect() super()._detect()
@ -98,10 +106,11 @@ Bob uses the re-entrancy bug to call `withdrawBalance` two times, and withdraw m
result_sorted = sorted(list(reentrancies.items()), key=lambda x: x[0].function.name) result_sorted = sorted(list(reentrancies.items()), key=lambda x: x[0].function.name)
varsWritten: List[FindingValue] varsWritten: List[FindingValue]
for (func, calls, send_eth), varsWritten in result_sorted: varsWrittenSet: Set[FindingValue]
for (func, calls, send_eth), varsWrittenSet in result_sorted:
calls = sorted(list(set(calls)), key=lambda x: x[0].node_id) calls = sorted(list(set(calls)), key=lambda x: x[0].node_id)
send_eth = sorted(list(set(send_eth)), key=lambda x: x[0].node_id) send_eth = sorted(list(set(send_eth)), key=lambda x: x[0].node_id)
varsWritten = sorted(varsWritten, key=lambda x: (x.variable.name, x.node.node_id)) varsWritten = sorted(varsWrittenSet, key=lambda x: (x.variable.name, x.node.node_id))
info = ["Reentrancy in ", func, ":\n"] info = ["Reentrancy in ", func, ":\n"]
info += ["\tExternal calls:\n"] info += ["\tExternal calls:\n"]
@ -123,6 +132,14 @@ Bob uses the re-entrancy bug to call `withdrawBalance` two times, and withdraw m
for other_node in finding_value.nodes: for other_node in finding_value.nodes:
if other_node != finding_value.node: if other_node != finding_value.node:
info += ["\t\t- ", other_node, "\n"] info += ["\t\t- ", other_node, "\n"]
if finding_value.cross_functions:
info += [
"\t",
finding_value.variable,
" can be used in cross function reentrancies:\n",
]
for cross in finding_value.cross_functions:
info += ["\t- ", cross, "\n"]
# Create our JSON result # Create our JSON result
res = self.generate_result(info) res = self.generate_result(info)

2
slither/detectors/reentrancy/reentrancy_events.py
Unescape View File

@ -52,6 +52,8 @@ If `d.()` re-enters, the `Counter` events will be shown in an incorrect order, w
result = defaultdict(set) result = defaultdict(set)
for contract in self.contracts: for contract in self.contracts:
for f in contract.functions_and_modifiers_declared: for f in contract.functions_and_modifiers_declared:
if not f.is_reentrant:
continue
for node in f.nodes: for node in f.nodes:
# dead code # dead code
if self.KEY not in node.context: if self.KEY not in node.context:

32
slither/detectors/reentrancy/reentrancy_read_before_write.py
Unescape View File

@ -5,12 +5,14 @@
Iterate over all the nodes of the graph until reaching a fixpoint Iterate over all the nodes of the graph until reaching a fixpoint
""" """
from collections import namedtuple, defaultdict from collections import namedtuple, defaultdict
from typing import Dict, Set, List
from slither.detectors.abstract_detector import DetectorClassification from slither.detectors.abstract_detector import DetectorClassification
from .reentrancy import Reentrancy, to_hashable from .reentrancy import Reentrancy, to_hashable
from ...utils.output import Output
FindingKey = namedtuple("FindingKey", ["function", "calls"]) FindingKey = namedtuple("FindingKey", ["function", "calls"])
FindingValue = namedtuple("FindingValue", ["variable", "node", "nodes"]) FindingValue = namedtuple("FindingValue", ["variable", "node", "nodes", "cross_functions"])
class ReentrancyReadBeforeWritten(Reentrancy): class ReentrancyReadBeforeWritten(Reentrancy):
@ -49,9 +51,11 @@ Do not report reentrancies that involve Ether (see `reentrancy-eth`)."""
STANDARD_JSON = False STANDARD_JSON = False
def find_reentrancies(self): # pylint: disable=too-many-locals
result = defaultdict(set) def find_reentrancies(self) -> Dict[FindingKey, Set[FindingValue]]:
result: Dict[FindingKey, Set[FindingValue]] = defaultdict(set)
for contract in self.contracts: # pylint: disable=too-many-nested-blocks for contract in self.contracts: # pylint: disable=too-many-nested-blocks
variables_used_in_reentrancy = contract.state_variables_used_in_reentrant_targets
for f in contract.functions_and_modifiers_declared: for f in contract.functions_and_modifiers_declared:
for node in f.nodes: for node in f.nodes:
# dead code # dead code
@ -67,9 +71,15 @@ Do not report reentrancies that involve Ether (see `reentrancy-eth`)."""
v, v,
node, node,
tuple(sorted(nodes, key=lambda x: x.node_id)), tuple(sorted(nodes, key=lambda x: x.node_id)),
tuple(
sorted(
variables_used_in_reentrancy[v], key=lambda x: str(x)
)
),
) )
for (v, nodes) in node.context[self.KEY].written.items() for (v, nodes) in node.context[self.KEY].written.items()
if v in node.context[self.KEY].reads_prior_calls[c] if v in node.context[self.KEY].reads_prior_calls[c]
and (f.is_reentrant or v in variables_used_in_reentrancy)
} }
# We found a potential re-entrancy bug # We found a potential re-entrancy bug
@ -82,7 +92,7 @@ Do not report reentrancies that involve Ether (see `reentrancy-eth`)."""
result[finding_key] |= read_then_written result[finding_key] |= read_then_written
return result return result
def _detect(self): # pylint: disable=too-many-branches def _detect(self) -> List[Output]: # pylint: disable=too-many-branches
"""""" """"""
super()._detect() super()._detect()
@ -91,9 +101,11 @@ Do not report reentrancies that involve Ether (see `reentrancy-eth`)."""
results = [] results = []
result_sorted = sorted(list(reentrancies.items()), key=lambda x: x[0].function.name) result_sorted = sorted(list(reentrancies.items()), key=lambda x: x[0].function.name)
for (func, calls), varsWritten in result_sorted: varsWritten: List[FindingValue]
varsWrittenSet: Set[FindingValue]
for (func, calls), varsWrittenSet in result_sorted:
calls = sorted(list(set(calls)), key=lambda x: x[0].node_id) calls = sorted(list(set(calls)), key=lambda x: x[0].node_id)
varsWritten = sorted(varsWritten, key=lambda x: (x.variable.name, x.node.node_id)) varsWritten = sorted(varsWrittenSet, key=lambda x: (x.variable.name, x.node.node_id))
info = ["Reentrancy in ", func, ":\n"] info = ["Reentrancy in ", func, ":\n"]
@ -109,6 +121,14 @@ Do not report reentrancies that involve Ether (see `reentrancy-eth`)."""
for other_node in finding_value.nodes: for other_node in finding_value.nodes:
if other_node != finding_value.node: if other_node != finding_value.node:
info += ["\t\t- ", other_node, "\n"] info += ["\t\t- ", other_node, "\n"]
if finding_value.cross_functions:
info += [
"\t",
finding_value.variable,
" can be used in cross function reentrancies:\n",
]
for cross in finding_value.cross_functions:
info += ["\t- ", cross, "\n"]
# Create our JSON result # Create our JSON result
res = self.generate_result(info) res = self.generate_result(info)

2
slither/printers/summary/function_ids.py
Unescape View File

@ -9,7 +9,7 @@ from slither.utils.myprettytable import MyPrettyTable
class FunctionIds(AbstractPrinter): class FunctionIds(AbstractPrinter):
ARGUMENT = "function-id" ARGUMENT = "function-id"
HELP = "Print the keccack256 signature of the functions" HELP = "Print the keccak256 signature of the functions"
WIKI = "https://github.com/trailofbits/slither/wiki/Printer-documentation#function-id" WIKI = "https://github.com/trailofbits/slither/wiki/Printer-documentation#function-id"

8
slither/utils/function.py
Unescape View File

@ -1,4 +1,4 @@
import sha3 from Crypto.Hash import keccak
def get_function_id(sig: str) -> int: def get_function_id(sig: str) -> int:
@ -9,6 +9,6 @@ def get_function_id(sig: str) -> int:
Return: Return:
(int) (int)
""" """
s = sha3.keccak_256() digest = keccak.new(digest_bits=256)
s.update(sig.encode("utf-8")) digest.update(sig.encode("utf-8"))
return int("0x" + s.hexdigest()[:8], 16) return int("0x" + digest.hexdigest()[:8], 16)

1782
tests/detectors/reentrancy-eth/0.4.25/DAO.sol.0.4.25.ReentrancyEth.json
View File

File diff suppressed because one or more lines are too long

190
tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol.0.4.25.ReentrancyEth.json
Unescape View File

@ -4,23 +4,22 @@
"elements": [ "elements": [
{ {
"type": "function", "type": "function",
"name": "withdrawBalance", "name": "withdrawBalance_nested",
"source_mapping": { "source_mapping": {
"start": 656, "start": 2465,
"length": 314, "length": 246,
"filename_relative": "tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol", "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol",
"filename_absolute": "/GENERIC_PATH", "filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol", "filename_short": "tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol",
"is_dependency": false, "is_dependency": false,
"lines": [ "lines": [
24, 74,
25, 75,
26, 76,
27, 77,
28, 78,
29, 79,
30, 80
31
], ],
"starting_column": 5, "starting_column": 5,
"ending_column": 6 "ending_column": 6
@ -122,45 +121,44 @@
"ending_column": 2 "ending_column": 2
} }
}, },
"signature": "withdrawBalance()" "signature": "withdrawBalance_nested()"
} }
}, },
{ {
"type": "node", "type": "node",
"name": "! (msg.sender.call.value(userBalance[msg.sender])())", "name": "msg.sender.call.value(amount / 2)()",
"source_mapping": { "source_mapping": {
"start": 839, "start": 2620,
"length": 53, "length": 33,
"filename_relative": "tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol", "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol",
"filename_absolute": "/GENERIC_PATH", "filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol", "filename_short": "tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol",
"is_dependency": false, "is_dependency": false,
"lines": [ "lines": [
27 77
], ],
"starting_column": 13, "starting_column": 13,
"ending_column": 66 "ending_column": 46
}, },
"type_specific_fields": { "type_specific_fields": {
"parent": { "parent": {
"type": "function", "type": "function",
"name": "withdrawBalance", "name": "withdrawBalance_nested",
"source_mapping": { "source_mapping": {
"start": 656, "start": 2465,
"length": 314, "length": 246,
"filename_relative": "tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol", "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol",
"filename_absolute": "/GENERIC_PATH", "filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol", "filename_short": "tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol",
"is_dependency": false, "is_dependency": false,
"lines": [ "lines": [
24, 74,
25, 75,
26, 76,
27, 77,
28, 78,
29, 79,
30, 80
31
], ],
"starting_column": 5, "starting_column": 5,
"ending_column": 6 "ending_column": 6
@ -262,7 +260,7 @@
"ending_column": 2 "ending_column": 2
} }
}, },
"signature": "withdrawBalance()" "signature": "withdrawBalance_nested()"
} }
} }
}, },
@ -274,38 +272,37 @@
"type": "node", "type": "node",
"name": "userBalance[msg.sender] = 0", "name": "userBalance[msg.sender] = 0",
"source_mapping": { "source_mapping": {
"start": 936, "start": 2667,
"length": 27, "length": 27,
"filename_relative": "tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol", "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol",
"filename_absolute": "/GENERIC_PATH", "filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol", "filename_short": "tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol",
"is_dependency": false, "is_dependency": false,
"lines": [ "lines": [
30 78
], ],
"starting_column": 9, "starting_column": 13,
"ending_column": 36 "ending_column": 40
}, },
"type_specific_fields": { "type_specific_fields": {
"parent": { "parent": {
"type": "function", "type": "function",
"name": "withdrawBalance", "name": "withdrawBalance_nested",
"source_mapping": { "source_mapping": {
"start": 656, "start": 2465,
"length": 314, "length": 246,
"filename_relative": "tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol", "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol",
"filename_absolute": "/GENERIC_PATH", "filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol", "filename_short": "tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol",
"is_dependency": false, "is_dependency": false,
"lines": [ "lines": [
24, 74,
25, 75,
26, 76,
27, 77,
28, 78,
29, 79,
30, 80
31
], ],
"starting_column": 5, "starting_column": 5,
"ending_column": 6 "ending_column": 6
@ -407,7 +404,7 @@
"ending_column": 2 "ending_column": 2
} }
}, },
"signature": "withdrawBalance()" "signature": "withdrawBalance_nested()"
} }
} }
}, },
@ -417,10 +414,10 @@
} }
} }
], ],
"description": "Reentrancy in Reentrancy.withdrawBalance() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#24-31):\n\tExternal calls:\n\t- ! (msg.sender.call.value(userBalance[msg.sender])()) (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#27)\n\tState variables written after the call(s):\n\t- userBalance[msg.sender] = 0 (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#30)\n", "description": "Reentrancy in Reentrancy.withdrawBalance_nested() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#74-80):\n\tExternal calls:\n\t- msg.sender.call.value(amount / 2)() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#77)\n\tState variables written after the call(s):\n\t- userBalance[msg.sender] = 0 (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#78)\n\tReentrancy.userBalance (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#4) can be used in cross function reentrancies:\n\t- Reentrancy.addToBalance() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#10-12)\n\t- Reentrancy.constructor() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#15-22)\n\t- Reentrancy.getBalance(address) (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#6-8)\n\t- Reentrancy.withdrawBalance() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#24-31)\n\t- Reentrancy.withdrawBalance_fixed() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#33-41)\n\t- Reentrancy.withdrawBalance_fixed_2() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#43-50)\n\t- Reentrancy.withdrawBalance_fixed_3() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#52-60)\n\t- Reentrancy.withdrawBalance_fixed_4() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#61-72)\n\t- Reentrancy.withdrawBalance_nested() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#74-80)\n",
"markdown": "Reentrancy in [Reentrancy.withdrawBalance()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L24-L31):\n\tExternal calls:\n\t- [! (msg.sender.call.value(userBalance[msg.sender])())](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L27)\n\tState variables written after the call(s):\n\t- [userBalance[msg.sender] = 0](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L30)\n", "markdown": "Reentrancy in [Reentrancy.withdrawBalance_nested()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L74-L80):\n\tExternal calls:\n\t- [msg.sender.call.value(amount / 2)()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L77)\n\tState variables written after the call(s):\n\t- [userBalance[msg.sender] = 0](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L78)\n\t[Reentrancy.userBalance](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L4) can be used in cross function reentrancies:\n\t- [Reentrancy.addToBalance()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L10-L12)\n\t- [Reentrancy.constructor()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L15-L22)\n\t- [Reentrancy.getBalance(address)](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L6-L8)\n\t- [Reentrancy.withdrawBalance()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L24-L31)\n\t- [Reentrancy.withdrawBalance_fixed()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L33-L41)\n\t- [Reentrancy.withdrawBalance_fixed_2()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L43-L50)\n\t- [Reentrancy.withdrawBalance_fixed_3()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L52-L60)\n\t- [Reentrancy.withdrawBalance_fixed_4()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L61-L72)\n\t- [Reentrancy.withdrawBalance_nested()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L74-L80)\n",
"first_markdown_element": "tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L24-L31", "first_markdown_element": "tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L74-L80",
"id": "759a5ea5deb597f6ca748c9b27656dee01b1e4b634365a68b918bf10518662e8", "id": "5853108dfdb4138662a85fbd17c35511950298872f89c124f1869942c6c4e880",
"check": "reentrancy-eth", "check": "reentrancy-eth",
"impact": "High", "impact": "High",
"confidence": "Medium" "confidence": "Medium"
@ -429,22 +426,23 @@
"elements": [ "elements": [
{ {
"type": "function", "type": "function",
"name": "withdrawBalance_nested", "name": "withdrawBalance",
"source_mapping": { "source_mapping": {
"start": 2465, "start": 656,
"length": 246, "length": 314,
"filename_relative": "tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol", "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol",
"filename_absolute": "/GENERIC_PATH", "filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol", "filename_short": "tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol",
"is_dependency": false, "is_dependency": false,
"lines": [ "lines": [
74, 24,
75, 25,
76, 26,
77, 27,
78, 28,
79, 29,
80 30,
31
], ],
"starting_column": 5, "starting_column": 5,
"ending_column": 6 "ending_column": 6
@ -546,44 +544,45 @@
"ending_column": 2 "ending_column": 2
} }
}, },
"signature": "withdrawBalance_nested()" "signature": "withdrawBalance()"
} }
}, },
{ {
"type": "node", "type": "node",
"name": "msg.sender.call.value(amount / 2)()", "name": "! (msg.sender.call.value(userBalance[msg.sender])())",
"source_mapping": { "source_mapping": {
"start": 2620, "start": 839,
"length": 33, "length": 53,
"filename_relative": "tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol", "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol",
"filename_absolute": "/GENERIC_PATH", "filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol", "filename_short": "tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol",
"is_dependency": false, "is_dependency": false,
"lines": [ "lines": [
77 27
], ],
"starting_column": 13, "starting_column": 13,
"ending_column": 46 "ending_column": 66
}, },
"type_specific_fields": { "type_specific_fields": {
"parent": { "parent": {
"type": "function", "type": "function",
"name": "withdrawBalance_nested", "name": "withdrawBalance",
"source_mapping": { "source_mapping": {
"start": 2465, "start": 656,
"length": 246, "length": 314,
"filename_relative": "tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol", "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol",
"filename_absolute": "/GENERIC_PATH", "filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol", "filename_short": "tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol",
"is_dependency": false, "is_dependency": false,
"lines": [ "lines": [
74, 24,
75, 25,
76, 26,
77, 27,
78, 28,
79, 29,
80 30,
31
], ],
"starting_column": 5, "starting_column": 5,
"ending_column": 6 "ending_column": 6
@ -685,7 +684,7 @@
"ending_column": 2 "ending_column": 2
} }
}, },
"signature": "withdrawBalance_nested()" "signature": "withdrawBalance()"
} }
} }
}, },
@ -697,37 +696,38 @@
"type": "node", "type": "node",
"name": "userBalance[msg.sender] = 0", "name": "userBalance[msg.sender] = 0",
"source_mapping": { "source_mapping": {
"start": 2667, "start": 936,
"length": 27, "length": 27,
"filename_relative": "tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol", "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol",
"filename_absolute": "/GENERIC_PATH", "filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol", "filename_short": "tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol",
"is_dependency": false, "is_dependency": false,
"lines": [ "lines": [
78 30
], ],
"starting_column": 13, "starting_column": 9,
"ending_column": 40 "ending_column": 36
}, },
"type_specific_fields": { "type_specific_fields": {
"parent": { "parent": {
"type": "function", "type": "function",
"name": "withdrawBalance_nested", "name": "withdrawBalance",
"source_mapping": { "source_mapping": {
"start": 2465, "start": 656,
"length": 246, "length": 314,
"filename_relative": "tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol", "filename_relative": "tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol",
"filename_absolute": "/GENERIC_PATH", "filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol", "filename_short": "tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol",
"is_dependency": false, "is_dependency": false,
"lines": [ "lines": [
74, 24,
75, 25,
76, 26,
77, 27,
78, 28,
79, 29,
80 30,
31
], ],
"starting_column": 5, "starting_column": 5,
"ending_column": 6 "ending_column": 6
@ -829,7 +829,7 @@
"ending_column": 2 "ending_column": 2
} }
}, },
"signature": "withdrawBalance_nested()" "signature": "withdrawBalance()"
} }
} }
}, },
@ -839,10 +839,10 @@
} }
} }
], ],
"description": "Reentrancy in Reentrancy.withdrawBalance_nested() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#74-80):\n\tExternal calls:\n\t- msg.sender.call.value(amount / 2)() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#77)\n\tState variables written after the call(s):\n\t- userBalance[msg.sender] = 0 (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#78)\n", "description": "Reentrancy in Reentrancy.withdrawBalance() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#24-31):\n\tExternal calls:\n\t- ! (msg.sender.call.value(userBalance[msg.sender])()) (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#27)\n\tState variables written after the call(s):\n\t- userBalance[msg.sender] = 0 (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#30)\n\tReentrancy.userBalance (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#4) can be used in cross function reentrancies:\n\t- Reentrancy.addToBalance() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#10-12)\n\t- Reentrancy.constructor() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#15-22)\n\t- Reentrancy.getBalance(address) (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#6-8)\n\t- Reentrancy.withdrawBalance() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#24-31)\n\t- Reentrancy.withdrawBalance_fixed() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#33-41)\n\t- Reentrancy.withdrawBalance_fixed_2() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#43-50)\n\t- Reentrancy.withdrawBalance_fixed_3() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#52-60)\n\t- Reentrancy.withdrawBalance_fixed_4() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#61-72)\n\t- Reentrancy.withdrawBalance_nested() (tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#74-80)\n",
"markdown": "Reentrancy in [Reentrancy.withdrawBalance_nested()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L74-L80):\n\tExternal calls:\n\t- [msg.sender.call.value(amount / 2)()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L77)\n\tState variables written after the call(s):\n\t- [userBalance[msg.sender] = 0](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L78)\n", "markdown": "Reentrancy in [Reentrancy.withdrawBalance()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L24-L31):\n\tExternal calls:\n\t- [! (msg.sender.call.value(userBalance[msg.sender])())](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L27)\n\tState variables written after the call(s):\n\t- [userBalance[msg.sender] = 0](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L30)\n\t[Reentrancy.userBalance](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L4) can be used in cross function reentrancies:\n\t- [Reentrancy.addToBalance()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L10-L12)\n\t- [Reentrancy.constructor()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L15-L22)\n\t- [Reentrancy.getBalance(address)](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L6-L8)\n\t- [Reentrancy.withdrawBalance()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L24-L31)\n\t- [Reentrancy.withdrawBalance_fixed()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L33-L41)\n\t- [Reentrancy.withdrawBalance_fixed_2()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L43-L50)\n\t- [Reentrancy.withdrawBalance_fixed_3()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L52-L60)\n\t- [Reentrancy.withdrawBalance_fixed_4()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L61-L72)\n\t- [Reentrancy.withdrawBalance_nested()](tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L74-L80)\n",
"first_markdown_element": "tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L74-L80", "first_markdown_element": "tests/detectors/reentrancy-eth/0.4.25/reentrancy.sol#L24-L31",
"id": "cc27a0e36ba51b1a24ae1df9b9f2ec9e67afedd649839a3302b6f9e08987c7d8", "id": "8746b87cbc0fcd59a17ae20018967719c6ebc9fca41c6a128e5ac18dd4ee27cc",
"check": "reentrancy-eth", "check": "reentrancy-eth",
"impact": "High", "impact": "High",
"confidence": "Medium" "confidence": "Medium"

6
tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol.0.4.25.ReentrancyEth.json
Unescape View File

@ -428,10 +428,10 @@
} }
} }
], ],
"description": "Reentrancy in Reentrancy.withdraw(address) (tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#22-29):\n\tExternal calls:\n\t- require(bool)(Token(token).transfer(msg.sender,token_deposed[token][msg.sender])) (tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#24)\n\tExternal calls sending eth:\n\t- msg.sender.transfer(eth_deposed[token][msg.sender]) (tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#23)\n\tState variables written after the call(s):\n\t- eth_deposed[token][msg.sender] = 0 (tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#26)\n\t- token_deposed[token][msg.sender] = 0 (tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#27)\n", "description": "Reentrancy in Reentrancy.withdraw(address) (tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#22-29):\n\tExternal calls:\n\t- require(bool)(Token(token).transfer(msg.sender,token_deposed[token][msg.sender])) (tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#24)\n\tExternal calls sending eth:\n\t- msg.sender.transfer(eth_deposed[token][msg.sender]) (tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#23)\n\tState variables written after the call(s):\n\t- eth_deposed[token][msg.sender] = 0 (tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#26)\n\tReentrancy.eth_deposed (tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#10) can be used in cross function reentrancies:\n\t- Reentrancy.deposit_eth(address) (tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#13-15)\n\t- Reentrancy.withdraw(address) (tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#22-29)\n\t- token_deposed[token][msg.sender] = 0 (tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#27)\n\tReentrancy.token_deposed (tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#11) can be used in cross function reentrancies:\n\t- Reentrancy.deposit_token(address,uint256) (tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#17-20)\n\t- Reentrancy.withdraw(address) (tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#22-29)\n",
"markdown": "Reentrancy in [Reentrancy.withdraw(address)](tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#L22-L29):\n\tExternal calls:\n\t- [require(bool)(Token(token).transfer(msg.sender,token_deposed[token][msg.sender]))](tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#L24)\n\tExternal calls sending eth:\n\t- [msg.sender.transfer(eth_deposed[token][msg.sender])](tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#L23)\n\tState variables written after the call(s):\n\t- [eth_deposed[token][msg.sender] = 0](tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#L26)\n\t- [token_deposed[token][msg.sender] = 0](tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#L27)\n", "markdown": "Reentrancy in [Reentrancy.withdraw(address)](tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#L22-L29):\n\tExternal calls:\n\t- [require(bool)(Token(token).transfer(msg.sender,token_deposed[token][msg.sender]))](tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#L24)\n\tExternal calls sending eth:\n\t- [msg.sender.transfer(eth_deposed[token][msg.sender])](tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#L23)\n\tState variables written after the call(s):\n\t- [eth_deposed[token][msg.sender] = 0](tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#L26)\n\t[Reentrancy.eth_deposed](tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#L10) can be used in cross function reentrancies:\n\t- [Reentrancy.deposit_eth(address)](tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#L13-L15)\n\t- [Reentrancy.withdraw(address)](tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#L22-L29)\n\t- [token_deposed[token][msg.sender] = 0](tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#L27)\n\t[Reentrancy.token_deposed](tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#L11) can be used in cross function reentrancies:\n\t- [Reentrancy.deposit_token(address,uint256)](tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#L17-L20)\n\t- [Reentrancy.withdraw(address)](tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#L22-L29)\n",
"first_markdown_element": "tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#L22-L29", "first_markdown_element": "tests/detectors/reentrancy-eth/0.4.25/reentrancy_indirect.sol#L22-L29",
"id": "8a2174b6a3476b6e52f3cdac7e85b44337e3b7d7df2b2504c5a75b8e2a00ea7f", "id": "7ff6a788e1559497246f084096fd10a9fd3a7d30de1b89ac896b7600ba32710d",
"check": "reentrancy-eth", "check": "reentrancy-eth",
"impact": "High", "impact": "High",
"confidence": "Medium" "confidence": "Medium"

222
tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol.0.5.16.ReentrancyEth.json
Unescape View File

@ -4,25 +4,24 @@
"elements": [ "elements": [
{ {
"type": "function", "type": "function",
"name": "withdrawBalance_fixed_3", "name": "withdrawBalance",
"source_mapping": { "source_mapping": {
"start": 1839, "start": 703,
"length": 393, "length": 357,
"filename_relative": "tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol", "filename_relative": "tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol",
"filename_absolute": "/GENERIC_PATH", "filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol", "filename_short": "tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol",
"is_dependency": false, "is_dependency": false,
"lines": [ "lines": [
55, 25,
56, 26,
57, 27,
58, 28,
59, 29,
60, 30,
61, 31,
62, 32,
63, 33
64
], ],
"starting_column": 5, "starting_column": 5,
"ending_column": 6 "ending_column": 6
@ -107,47 +106,46 @@
"ending_column": 2 "ending_column": 2
} }
}, },
"signature": "withdrawBalance_fixed_3()" "signature": "withdrawBalance()"
} }
}, },
{ {
"type": "node", "type": "node",
"name": "(ret,mem) = msg.sender.call.value(amount)()", "name": "(ret,mem) = msg.sender.call.value(userBalance[msg.sender])()",
"source_mapping": { "source_mapping": {
"start": 2084, "start": 882,
"length": 64, "length": 81,
"filename_relative": "tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol", "filename_relative": "tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol",
"filename_absolute": "/GENERIC_PATH", "filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol", "filename_short": "tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol",
"is_dependency": false, "is_dependency": false,
"lines": [ "lines": [
60 28
], ],
"starting_column": 9, "starting_column": 9,
"ending_column": 73 "ending_column": 90
}, },
"type_specific_fields": { "type_specific_fields": {
"parent": { "parent": {
"type": "function", "type": "function",
"name": "withdrawBalance_fixed_3", "name": "withdrawBalance",
"source_mapping": { "source_mapping": {
"start": 1839, "start": 703,
"length": 393, "length": 357,
"filename_relative": "tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol", "filename_relative": "tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol",
"filename_absolute": "/GENERIC_PATH", "filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol", "filename_short": "tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol",
"is_dependency": false, "is_dependency": false,
"lines": [ "lines": [
55, 25,
56, 26,
57, 27,
58, 28,
59, 29,
60, 30,
61, 31,
62, 32,
63, 33
64
], ],
"starting_column": 5, "starting_column": 5,
"ending_column": 6 "ending_column": 6
@ -232,7 +230,7 @@
"ending_column": 2 "ending_column": 2
} }
}, },
"signature": "withdrawBalance_fixed_3()" "signature": "withdrawBalance()"
} }
} }
}, },
@ -242,42 +240,41 @@
}, },
{ {
"type": "node", "type": "node",
"name": "userBalance[msg.sender] = amount", "name": "userBalance[msg.sender] = 0",
"source_mapping": { "source_mapping": {
"start": 2183, "start": 1026,
"length": 32, "length": 27,
"filename_relative": "tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol", "filename_relative": "tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol",
"filename_absolute": "/GENERIC_PATH", "filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol", "filename_short": "tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol",
"is_dependency": false, "is_dependency": false,
"lines": [ "lines": [
62 32
], ],
"starting_column": 13, "starting_column": 9,
"ending_column": 45 "ending_column": 36
}, },
"type_specific_fields": { "type_specific_fields": {
"parent": { "parent": {
"type": "function", "type": "function",
"name": "withdrawBalance_fixed_3", "name": "withdrawBalance",
"source_mapping": { "source_mapping": {
"start": 1839, "start": 703,
"length": 393, "length": 357,
"filename_relative": "tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol", "filename_relative": "tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol",
"filename_absolute": "/GENERIC_PATH", "filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol", "filename_short": "tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol",
"is_dependency": false, "is_dependency": false,
"lines": [ "lines": [
55, 25,
56, 26,
57, 27,
58, 28,
59, 29,
60, 30,
61, 31,
62, 32,
63, 33
64
], ],
"starting_column": 5, "starting_column": 5,
"ending_column": 6 "ending_column": 6
@ -362,7 +359,7 @@
"ending_column": 2 "ending_column": 2
} }
}, },
"signature": "withdrawBalance_fixed_3()" "signature": "withdrawBalance()"
} }
} }
}, },
@ -372,10 +369,10 @@
} }
} }
], ],
"description": "Reentrancy in Reentrancy.withdrawBalance_fixed_3() (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#55-64):\n\tExternal calls:\n\t- (ret,mem) = msg.sender.call.value(amount)() (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#60)\n\tState variables written after the call(s):\n\t- userBalance[msg.sender] = amount (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#62)\n", "description": "Reentrancy in Reentrancy.withdrawBalance() (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#25-33):\n\tExternal calls:\n\t- (ret,mem) = msg.sender.call.value(userBalance[msg.sender])() (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#28)\n\tState variables written after the call(s):\n\t- userBalance[msg.sender] = 0 (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#32)\n\tReentrancy.userBalance (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#4) can be used in cross function reentrancies:\n\t- Reentrancy.addToBalance() (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#10-12)\n\t- Reentrancy.constructor() (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#15-23)\n\t- Reentrancy.getBalance(address) (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#6-8)\n\t- Reentrancy.withdrawBalance() (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#25-33)\n\t- Reentrancy.withdrawBalance_fixed() (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#35-44)\n\t- Reentrancy.withdrawBalance_fixed_2() (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#46-53)\n\t- Reentrancy.withdrawBalance_fixed_3() (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#55-64)\n",
"markdown": "Reentrancy in [Reentrancy.withdrawBalance_fixed_3()](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L55-L64):\n\tExternal calls:\n\t- [(ret,mem) = msg.sender.call.value(amount)()](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L60)\n\tState variables written after the call(s):\n\t- [userBalance[msg.sender] = amount](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L62)\n", "markdown": "Reentrancy in [Reentrancy.withdrawBalance()](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L25-L33):\n\tExternal calls:\n\t- [(ret,mem) = msg.sender.call.value(userBalance[msg.sender])()](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L28)\n\tState variables written after the call(s):\n\t- [userBalance[msg.sender] = 0](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L32)\n\t[Reentrancy.userBalance](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L4) can be used in cross function reentrancies:\n\t- [Reentrancy.addToBalance()](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L10-L12)\n\t- [Reentrancy.constructor()](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L15-L23)\n\t- [Reentrancy.getBalance(address)](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L6-L8)\n\t- [Reentrancy.withdrawBalance()](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L25-L33)\n\t- [Reentrancy.withdrawBalance_fixed()](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L35-L44)\n\t- [Reentrancy.withdrawBalance_fixed_2()](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L46-L53)\n\t- [Reentrancy.withdrawBalance_fixed_3()](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L55-L64)\n",
"first_markdown_element": "tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L55-L64", "first_markdown_element": "tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L25-L33",
"id": "b1d5762a3d9738215079d50da4bf0ecdc8eddd575b7f8686bdbfa3d101adf809", "id": "1fec5eddc1a1f7c95bbaa72099c7f36d9c8768271ba1bb51b2ece7f2dab1a175",
"check": "reentrancy-eth", "check": "reentrancy-eth",
"impact": "High", "impact": "High",
"confidence": "Medium" "confidence": "Medium"
@ -384,24 +381,25 @@
"elements": [ "elements": [
{ {
"type": "function", "type": "function",
"name": "withdrawBalance", "name": "withdrawBalance_fixed_3",
"source_mapping": { "source_mapping": {
"start": 703, "start": 1839,
"length": 357, "length": 393,
"filename_relative": "tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol", "filename_relative": "tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol",
"filename_absolute": "/GENERIC_PATH", "filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol", "filename_short": "tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol",
"is_dependency": false, "is_dependency": false,
"lines": [ "lines": [
25, 55,
26, 56,
27, 57,
28, 58,
29, 59,
30, 60,
31, 61,
32, 62,
33 63,
64
], ],
"starting_column": 5, "starting_column": 5,
"ending_column": 6 "ending_column": 6
@ -486,46 +484,47 @@
"ending_column": 2 "ending_column": 2
} }
}, },
"signature": "withdrawBalance()" "signature": "withdrawBalance_fixed_3()"
} }
}, },
{ {
"type": "node", "type": "node",
"name": "(ret,mem) = msg.sender.call.value(userBalance[msg.sender])()", "name": "(ret,mem) = msg.sender.call.value(amount)()",
"source_mapping": { "source_mapping": {
"start": 882, "start": 2084,
"length": 81, "length": 64,
"filename_relative": "tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol", "filename_relative": "tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol",
"filename_absolute": "/GENERIC_PATH", "filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol", "filename_short": "tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol",
"is_dependency": false, "is_dependency": false,
"lines": [ "lines": [
28 60
], ],
"starting_column": 9, "starting_column": 9,
"ending_column": 90 "ending_column": 73
}, },
"type_specific_fields": { "type_specific_fields": {
"parent": { "parent": {
"type": "function", "type": "function",
"name": "withdrawBalance", "name": "withdrawBalance_fixed_3",
"source_mapping": { "source_mapping": {
"start": 703, "start": 1839,
"length": 357, "length": 393,
"filename_relative": "tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol", "filename_relative": "tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol",
"filename_absolute": "/GENERIC_PATH", "filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol", "filename_short": "tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol",
"is_dependency": false, "is_dependency": false,
"lines": [ "lines": [
25, 55,
26, 56,
27, 57,
28, 58,
29, 59,
30, 60,
31, 61,
32, 62,
33 63,
64
], ],
"starting_column": 5, "starting_column": 5,
"ending_column": 6 "ending_column": 6
@ -610,7 +609,7 @@
"ending_column": 2 "ending_column": 2
} }
}, },
"signature": "withdrawBalance()" "signature": "withdrawBalance_fixed_3()"
} }
} }
}, },
@ -620,41 +619,42 @@
}, },
{ {
"type": "node", "type": "node",
"name": "userBalance[msg.sender] = 0", "name": "userBalance[msg.sender] = amount",
"source_mapping": { "source_mapping": {
"start": 1026, "start": 2183,
"length": 27, "length": 32,
"filename_relative": "tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol", "filename_relative": "tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol",
"filename_absolute": "/GENERIC_PATH", "filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol", "filename_short": "tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol",
"is_dependency": false, "is_dependency": false,
"lines": [ "lines": [
32 62
], ],
"starting_column": 9, "starting_column": 13,
"ending_column": 36 "ending_column": 45
}, },
"type_specific_fields": { "type_specific_fields": {
"parent": { "parent": {
"type": "function", "type": "function",
"name": "withdrawBalance", "name": "withdrawBalance_fixed_3",
"source_mapping": { "source_mapping": {
"start": 703, "start": 1839,
"length": 357, "length": 393,
"filename_relative": "tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol", "filename_relative": "tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol",
"filename_absolute": "/GENERIC_PATH", "filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol", "filename_short": "tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol",
"is_dependency": false, "is_dependency": false,
"lines": [ "lines": [
25, 55,
26, 56,
27, 57,
28, 58,
29, 59,
30, 60,
31, 61,
32, 62,
33 63,
64
], ],
"starting_column": 5, "starting_column": 5,
"ending_column": 6 "ending_column": 6
@ -739,7 +739,7 @@
"ending_column": 2 "ending_column": 2
} }
}, },
"signature": "withdrawBalance()" "signature": "withdrawBalance_fixed_3()"
} }
} }
}, },
@ -749,10 +749,10 @@
} }
} }
], ],
"description": "Reentrancy in Reentrancy.withdrawBalance() (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#25-33):\n\tExternal calls:\n\t- (ret,mem) = msg.sender.call.value(userBalance[msg.sender])() (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#28)\n\tState variables written after the call(s):\n\t- userBalance[msg.sender] = 0 (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#32)\n", "description": "Reentrancy in Reentrancy.withdrawBalance_fixed_3() (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#55-64):\n\tExternal calls:\n\t- (ret,mem) = msg.sender.call.value(amount)() (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#60)\n\tState variables written after the call(s):\n\t- userBalance[msg.sender] = amount (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#62)\n\tReentrancy.userBalance (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#4) can be used in cross function reentrancies:\n\t- Reentrancy.addToBalance() (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#10-12)\n\t- Reentrancy.constructor() (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#15-23)\n\t- Reentrancy.getBalance(address) (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#6-8)\n\t- Reentrancy.withdrawBalance() (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#25-33)\n\t- Reentrancy.withdrawBalance_fixed() (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#35-44)\n\t- Reentrancy.withdrawBalance_fixed_2() (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#46-53)\n\t- Reentrancy.withdrawBalance_fixed_3() (tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#55-64)\n",
"markdown": "Reentrancy in [Reentrancy.withdrawBalance()](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L25-L33):\n\tExternal calls:\n\t- [(ret,mem) = msg.sender.call.value(userBalance[msg.sender])()](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L28)\n\tState variables written after the call(s):\n\t- [userBalance[msg.sender] = 0](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L32)\n", "markdown": "Reentrancy in [Reentrancy.withdrawBalance_fixed_3()](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L55-L64):\n\tExternal calls:\n\t- [(ret,mem) = msg.sender.call.value(amount)()](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L60)\n\tState variables written after the call(s):\n\t- [userBalance[msg.sender] = amount](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L62)\n\t[Reentrancy.userBalance](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L4) can be used in cross function reentrancies:\n\t- [Reentrancy.addToBalance()](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L10-L12)\n\t- [Reentrancy.constructor()](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L15-L23)\n\t- [Reentrancy.getBalance(address)](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L6-L8)\n\t- [Reentrancy.withdrawBalance()](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L25-L33)\n\t- [Reentrancy.withdrawBalance_fixed()](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L35-L44)\n\t- [Reentrancy.withdrawBalance_fixed_2()](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L46-L53)\n\t- [Reentrancy.withdrawBalance_fixed_3()](tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L55-L64)\n",
"first_markdown_element": "tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L25-L33", "first_markdown_element": "tests/detectors/reentrancy-eth/0.5.16/reentrancy.sol#L55-L64",
"id": "e2dcb62d8ffcc2636bab0fee518b4a79c760f2974c39950214749fc78bebc9de", "id": "c1a4b6379bd0137d705b0e1994021e4478445b98ba4d23c547338f09e2213ef0",
"check": "reentrancy-eth", "check": "reentrancy-eth",
"impact": "High", "impact": "High",
"confidence": "Medium" "confidence": "Medium"

6
tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol.0.5.16.ReentrancyEth.json
Unescape View File

@ -428,10 +428,10 @@
} }
} }
], ],
"description": "Reentrancy in Reentrancy.withdraw(address) (tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#22-29):\n\tExternal calls:\n\t- require(bool)(Token(token).transfer(msg.sender,token_deposed[token][msg.sender])) (tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#24)\n\tExternal calls sending eth:\n\t- msg.sender.transfer(eth_deposed[token][msg.sender]) (tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#23)\n\tState variables written after the call(s):\n\t- eth_deposed[token][msg.sender] = 0 (tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#26)\n\t- token_deposed[token][msg.sender] = 0 (tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#27)\n", "description": "Reentrancy in Reentrancy.withdraw(address) (tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#22-29):\n\tExternal calls:\n\t- require(bool)(Token(token).transfer(msg.sender,token_deposed[token][msg.sender])) (tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#24)\n\tExternal calls sending eth:\n\t- msg.sender.transfer(eth_deposed[token][msg.sender]) (tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#23)\n\tState variables written after the call(s):\n\t- eth_deposed[token][msg.sender] = 0 (tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#26)\n\tReentrancy.eth_deposed (tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#10) can be used in cross function reentrancies:\n\t- Reentrancy.deposit_eth(address) (tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#13-15)\n\t- Reentrancy.withdraw(address) (tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#22-29)\n\t- token_deposed[token][msg.sender] = 0 (tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#27)\n\tReentrancy.token_deposed (tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#11) can be used in cross function reentrancies:\n\t- Reentrancy.deposit_token(address,uint256) (tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#17-20)\n\t- Reentrancy.withdraw(address) (tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#22-29)\n",
"markdown": "Reentrancy in [Reentrancy.withdraw(address)](tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#L22-L29):\n\tExternal calls:\n\t- [require(bool)(Token(token).transfer(msg.sender,token_deposed[token][msg.sender]))](tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#L24)\n\tExternal calls sending eth:\n\t- [msg.sender.transfer(eth_deposed[token][msg.sender])](tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#L23)\n\tState variables written after the call(s):\n\t- [eth_deposed[token][msg.sender] = 0](tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#L26)\n\t- [token_deposed[token][msg.sender] = 0](tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#L27)\n", "markdown": "Reentrancy in [Reentrancy.withdraw(address)](tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#L22-L29):\n\tExternal calls:\n\t- [require(bool)(Token(token).transfer(msg.sender,token_deposed[token][msg.sender]))](tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#L24)\n\tExternal calls sending eth:\n\t- [msg.sender.transfer(eth_deposed[token][msg.sender])](tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#L23)\n\tState variables written after the call(s):\n\t- [eth_deposed[token][msg.sender] = 0](tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#L26)\n\t[Reentrancy.eth_deposed](tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#L10) can be used in cross function reentrancies:\n\t- [Reentrancy.deposit_eth(address)](tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#L13-L15)\n\t- [Reentrancy.withdraw(address)](tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#L22-L29)\n\t- [token_deposed[token][msg.sender] = 0](tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#L27)\n\t[Reentrancy.token_deposed](tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#L11) can be used in cross function reentrancies:\n\t- [Reentrancy.deposit_token(address,uint256)](tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#L17-L20)\n\t- [Reentrancy.withdraw(address)](tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#L22-L29)\n",
"first_markdown_element": "tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#L22-L29", "first_markdown_element": "tests/detectors/reentrancy-eth/0.5.16/reentrancy_indirect.sol#L22-L29",
"id": "b409436e604deed3ecb1b621a908db6ddbd69754315b41a9806919d8348391d9", "id": "52cd1e82b29830aa25a1ea1bbc1b35c0e3097eab1f2922b4ecc98eae8f1ed225",
"check": "reentrancy-eth", "check": "reentrancy-eth",
"impact": "High", "impact": "High",
"confidence": "Medium" "confidence": "Medium"

222
tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol.0.6.11.ReentrancyEth.json
Unescape View File

@ -4,24 +4,25 @@
"elements": [ "elements": [
{ {
"type": "function", "type": "function",
"name": "withdrawBalance", "name": "withdrawBalance_fixed_3",
"source_mapping": { "source_mapping": {
"start": 707, "start": 1843,
"length": 357, "length": 393,
"filename_relative": "tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol", "filename_relative": "tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol",
"filename_absolute": "/GENERIC_PATH", "filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol", "filename_short": "tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol",
"is_dependency": false, "is_dependency": false,
"lines": [ "lines": [
25, 55,
26, 56,
27, 57,
28, 58,
29, 59,
30, 60,
31, 61,
32, 62,
33 63,
64
], ],
"starting_column": 5, "starting_column": 5,
"ending_column": 6 "ending_column": 6
@ -106,46 +107,47 @@
"ending_column": 2 "ending_column": 2
} }
}, },
"signature": "withdrawBalance()" "signature": "withdrawBalance_fixed_3()"
} }
}, },
{ {
"type": "node", "type": "node",
"name": "(ret,mem) = msg.sender.call.value(userBalance[msg.sender])()", "name": "(ret,mem) = msg.sender.call.value(amount)()",
"source_mapping": { "source_mapping": {
"start": 886, "start": 2088,
"length": 81, "length": 64,
"filename_relative": "tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol", "filename_relative": "tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol",
"filename_absolute": "/GENERIC_PATH", "filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol", "filename_short": "tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol",
"is_dependency": false, "is_dependency": false,
"lines": [ "lines": [
28 60
], ],
"starting_column": 9, "starting_column": 9,
"ending_column": 90 "ending_column": 73
}, },
"type_specific_fields": { "type_specific_fields": {
"parent": { "parent": {
"type": "function", "type": "function",
"name": "withdrawBalance", "name": "withdrawBalance_fixed_3",
"source_mapping": { "source_mapping": {
"start": 707, "start": 1843,
"length": 357, "length": 393,
"filename_relative": "tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol", "filename_relative": "tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol",
"filename_absolute": "/GENERIC_PATH", "filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol", "filename_short": "tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol",
"is_dependency": false, "is_dependency": false,
"lines": [ "lines": [
25, 55,
26, 56,
27, 57,
28, 58,
29, 59,
30, 60,
31, 61,
32, 62,
33 63,
64
], ],
"starting_column": 5, "starting_column": 5,
"ending_column": 6 "ending_column": 6
@ -230,7 +232,7 @@
"ending_column": 2 "ending_column": 2
} }
}, },
"signature": "withdrawBalance()" "signature": "withdrawBalance_fixed_3()"
} }
} }
}, },
@ -240,41 +242,42 @@
}, },
{ {
"type": "node", "type": "node",
"name": "userBalance[msg.sender] = 0", "name": "userBalance[msg.sender] = amount",
"source_mapping": { "source_mapping": {
"start": 1030, "start": 2187,
"length": 27, "length": 32,
"filename_relative": "tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol", "filename_relative": "tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol",
"filename_absolute": "/GENERIC_PATH", "filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol", "filename_short": "tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol",
"is_dependency": false, "is_dependency": false,
"lines": [ "lines": [
32 62
], ],
"starting_column": 9, "starting_column": 13,
"ending_column": 36 "ending_column": 45
}, },
"type_specific_fields": { "type_specific_fields": {
"parent": { "parent": {
"type": "function", "type": "function",
"name": "withdrawBalance", "name": "withdrawBalance_fixed_3",
"source_mapping": { "source_mapping": {
"start": 707, "start": 1843,
"length": 357, "length": 393,
"filename_relative": "tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol", "filename_relative": "tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol",
"filename_absolute": "/GENERIC_PATH", "filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol", "filename_short": "tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol",
"is_dependency": false, "is_dependency": false,
"lines": [ "lines": [
25, 55,
26, 56,
27, 57,
28, 58,
29, 59,
30, 60,
31, 61,
32, 62,
33 63,
64
], ],
"starting_column": 5, "starting_column": 5,
"ending_column": 6 "ending_column": 6
@ -359,7 +362,7 @@
"ending_column": 2 "ending_column": 2
} }
}, },
"signature": "withdrawBalance()" "signature": "withdrawBalance_fixed_3()"
} }
} }
}, },
@ -369,10 +372,10 @@
} }
} }
], ],
"description": "Reentrancy in Reentrancy.withdrawBalance() (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#25-33):\n\tExternal calls:\n\t- (ret,mem) = msg.sender.call.value(userBalance[msg.sender])() (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#28)\n\tState variables written after the call(s):\n\t- userBalance[msg.sender] = 0 (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#32)\n", "description": "Reentrancy in Reentrancy.withdrawBalance_fixed_3() (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#55-64):\n\tExternal calls:\n\t- (ret,mem) = msg.sender.call.value(amount)() (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#60)\n\tState variables written after the call(s):\n\t- userBalance[msg.sender] = amount (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#62)\n\tReentrancy.userBalance (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#4) can be used in cross function reentrancies:\n\t- Reentrancy.addToBalance() (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#10-12)\n\t- Reentrancy.constructor() (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#15-23)\n\t- Reentrancy.getBalance(address) (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#6-8)\n\t- Reentrancy.withdrawBalance() (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#25-33)\n\t- Reentrancy.withdrawBalance_fixed() (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#35-44)\n\t- Reentrancy.withdrawBalance_fixed_2() (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#46-53)\n\t- Reentrancy.withdrawBalance_fixed_3() (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#55-64)\n",
"markdown": "Reentrancy in [Reentrancy.withdrawBalance()](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L25-L33):\n\tExternal calls:\n\t- [(ret,mem) = msg.sender.call.value(userBalance[msg.sender])()](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L28)\n\tState variables written after the call(s):\n\t- [userBalance[msg.sender] = 0](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L32)\n", "markdown": "Reentrancy in [Reentrancy.withdrawBalance_fixed_3()](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L55-L64):\n\tExternal calls:\n\t- [(ret,mem) = msg.sender.call.value(amount)()](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L60)\n\tState variables written after the call(s):\n\t- [userBalance[msg.sender] = amount](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L62)\n\t[Reentrancy.userBalance](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L4) can be used in cross function reentrancies:\n\t- [Reentrancy.addToBalance()](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L10-L12)\n\t- [Reentrancy.constructor()](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L15-L23)\n\t- [Reentrancy.getBalance(address)](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L6-L8)\n\t- [Reentrancy.withdrawBalance()](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L25-L33)\n\t- [Reentrancy.withdrawBalance_fixed()](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L35-L44)\n\t- [Reentrancy.withdrawBalance_fixed_2()](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L46-L53)\n\t- [Reentrancy.withdrawBalance_fixed_3()](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L55-L64)\n",
"first_markdown_element": "tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L25-L33", "first_markdown_element": "tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L55-L64",
"id": "2ae23f335df95d0f5c56d214774a6afc507773d057c4ca44f2eb4eff0e2ebe98", "id": "bc199b4c8749cb08649e2084ac891e0cb098640e2752bf319ffa79d99ee10cdb",
"check": "reentrancy-eth", "check": "reentrancy-eth",
"impact": "High", "impact": "High",
"confidence": "Medium" "confidence": "Medium"
@ -381,25 +384,24 @@
"elements": [ "elements": [
{ {
"type": "function", "type": "function",
"name": "withdrawBalance_fixed_3", "name": "withdrawBalance",
"source_mapping": { "source_mapping": {
"start": 1843, "start": 707,
"length": 393, "length": 357,
"filename_relative": "tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol", "filename_relative": "tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol",
"filename_absolute": "/GENERIC_PATH", "filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol", "filename_short": "tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol",
"is_dependency": false, "is_dependency": false,
"lines": [ "lines": [
55, 25,
56, 26,
57, 27,
58, 28,
59, 29,
60, 30,
61, 31,
62, 32,
63, 33
64
], ],
"starting_column": 5, "starting_column": 5,
"ending_column": 6 "ending_column": 6
@ -484,47 +486,46 @@
"ending_column": 2 "ending_column": 2
} }
}, },
"signature": "withdrawBalance_fixed_3()" "signature": "withdrawBalance()"
} }
}, },
{ {
"type": "node", "type": "node",
"name": "(ret,mem) = msg.sender.call.value(amount)()", "name": "(ret,mem) = msg.sender.call.value(userBalance[msg.sender])()",
"source_mapping": { "source_mapping": {
"start": 2088, "start": 886,
"length": 64, "length": 81,
"filename_relative": "tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol", "filename_relative": "tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol",
"filename_absolute": "/GENERIC_PATH", "filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol", "filename_short": "tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol",
"is_dependency": false, "is_dependency": false,
"lines": [ "lines": [
60 28
], ],
"starting_column": 9, "starting_column": 9,
"ending_column": 73 "ending_column": 90
}, },
"type_specific_fields": { "type_specific_fields": {
"parent": { "parent": {
"type": "function", "type": "function",
"name": "withdrawBalance_fixed_3", "name": "withdrawBalance",
"source_mapping": { "source_mapping": {
"start": 1843, "start": 707,
"length": 393, "length": 357,
"filename_relative": "tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol", "filename_relative": "tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol",
"filename_absolute": "/GENERIC_PATH", "filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol", "filename_short": "tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol",
"is_dependency": false, "is_dependency": false,
"lines": [ "lines": [
55, 25,
56, 26,
57, 27,
58, 28,
59, 29,
60, 30,
61, 31,
62, 32,
63, 33
64
], ],
"starting_column": 5, "starting_column": 5,
"ending_column": 6 "ending_column": 6
@ -609,7 +610,7 @@
"ending_column": 2 "ending_column": 2
} }
}, },
"signature": "withdrawBalance_fixed_3()" "signature": "withdrawBalance()"
} }
} }
}, },
@ -619,42 +620,41 @@
}, },
{ {
"type": "node", "type": "node",
"name": "userBalance[msg.sender] = amount", "name": "userBalance[msg.sender] = 0",
"source_mapping": { "source_mapping": {
"start": 2187, "start": 1030,
"length": 32, "length": 27,
"filename_relative": "tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol", "filename_relative": "tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol",
"filename_absolute": "/GENERIC_PATH", "filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol", "filename_short": "tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol",
"is_dependency": false, "is_dependency": false,
"lines": [ "lines": [
62 32
], ],
"starting_column": 13, "starting_column": 9,
"ending_column": 45 "ending_column": 36
}, },
"type_specific_fields": { "type_specific_fields": {
"parent": { "parent": {
"type": "function", "type": "function",
"name": "withdrawBalance_fixed_3", "name": "withdrawBalance",
"source_mapping": { "source_mapping": {
"start": 1843, "start": 707,
"length": 393, "length": 357,
"filename_relative": "tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol", "filename_relative": "tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol",
"filename_absolute": "/GENERIC_PATH", "filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol", "filename_short": "tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol",
"is_dependency": false, "is_dependency": false,
"lines": [ "lines": [
55, 25,
56, 26,
57, 27,
58, 28,
59, 29,
60, 30,
61, 31,
62, 32,
63, 33
64
], ],
"starting_column": 5, "starting_column": 5,
"ending_column": 6 "ending_column": 6
@ -739,7 +739,7 @@
"ending_column": 2 "ending_column": 2
} }
}, },
"signature": "withdrawBalance_fixed_3()" "signature": "withdrawBalance()"
} }
} }
}, },
@ -749,10 +749,10 @@
} }
} }
], ],
"description": "Reentrancy in Reentrancy.withdrawBalance_fixed_3() (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#55-64):\n\tExternal calls:\n\t- (ret,mem) = msg.sender.call.value(amount)() (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#60)\n\tState variables written after the call(s):\n\t- userBalance[msg.sender] = amount (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#62)\n", "description": "Reentrancy in Reentrancy.withdrawBalance() (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#25-33):\n\tExternal calls:\n\t- (ret,mem) = msg.sender.call.value(userBalance[msg.sender])() (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#28)\n\tState variables written after the call(s):\n\t- userBalance[msg.sender] = 0 (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#32)\n\tReentrancy.userBalance (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#4) can be used in cross function reentrancies:\n\t- Reentrancy.addToBalance() (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#10-12)\n\t- Reentrancy.constructor() (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#15-23)\n\t- Reentrancy.getBalance(address) (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#6-8)\n\t- Reentrancy.withdrawBalance() (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#25-33)\n\t- Reentrancy.withdrawBalance_fixed() (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#35-44)\n\t- Reentrancy.withdrawBalance_fixed_2() (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#46-53)\n\t- Reentrancy.withdrawBalance_fixed_3() (tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#55-64)\n",
"markdown": "Reentrancy in [Reentrancy.withdrawBalance_fixed_3()](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L55-L64):\n\tExternal calls:\n\t- [(ret,mem) = msg.sender.call.value(amount)()](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L60)\n\tState variables written after the call(s):\n\t- [userBalance[msg.sender] = amount](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L62)\n", "markdown": "Reentrancy in [Reentrancy.withdrawBalance()](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L25-L33):\n\tExternal calls:\n\t- [(ret,mem) = msg.sender.call.value(userBalance[msg.sender])()](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L28)\n\tState variables written after the call(s):\n\t- [userBalance[msg.sender] = 0](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L32)\n\t[Reentrancy.userBalance](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L4) can be used in cross function reentrancies:\n\t- [Reentrancy.addToBalance()](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L10-L12)\n\t- [Reentrancy.constructor()](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L15-L23)\n\t- [Reentrancy.getBalance(address)](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L6-L8)\n\t- [Reentrancy.withdrawBalance()](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L25-L33)\n\t- [Reentrancy.withdrawBalance_fixed()](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L35-L44)\n\t- [Reentrancy.withdrawBalance_fixed_2()](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L46-L53)\n\t- [Reentrancy.withdrawBalance_fixed_3()](tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L55-L64)\n",
"first_markdown_element": "tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L55-L64", "first_markdown_element": "tests/detectors/reentrancy-eth/0.6.11/reentrancy.sol#L25-L33",
"id": "c4d2dd489fd8bc396119bdd7e5a73c3782cf5fa27171112104e34b2f3ccf37c4", "id": "c8c4106c11c4f1fc4a76fc18e91bb3132d5b8d95d94c707453f64be98f1efa8d",
"check": "reentrancy-eth", "check": "reentrancy-eth",
"impact": "High", "impact": "High",
"confidence": "Medium" "confidence": "Medium"

6
tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol.0.6.11.ReentrancyEth.json
Unescape View File

@ -428,10 +428,10 @@
} }
} }
], ],
"description": "Reentrancy in Reentrancy.withdraw(address) (tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#22-29):\n\tExternal calls:\n\t- require(bool)(Token(token).transfer(msg.sender,token_deposed[token][msg.sender])) (tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#24)\n\tExternal calls sending eth:\n\t- msg.sender.transfer(eth_deposed[token][msg.sender]) (tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#23)\n\tState variables written after the call(s):\n\t- eth_deposed[token][msg.sender] = 0 (tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#26)\n\t- token_deposed[token][msg.sender] = 0 (tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#27)\n", "description": "Reentrancy in Reentrancy.withdraw(address) (tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#22-29):\n\tExternal calls:\n\t- require(bool)(Token(token).transfer(msg.sender,token_deposed[token][msg.sender])) (tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#24)\n\tExternal calls sending eth:\n\t- msg.sender.transfer(eth_deposed[token][msg.sender]) (tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#23)\n\tState variables written after the call(s):\n\t- eth_deposed[token][msg.sender] = 0 (tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#26)\n\tReentrancy.eth_deposed (tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#10) can be used in cross function reentrancies:\n\t- Reentrancy.deposit_eth(address) (tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#13-15)\n\t- Reentrancy.withdraw(address) (tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#22-29)\n\t- token_deposed[token][msg.sender] = 0 (tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#27)\n\tReentrancy.token_deposed (tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#11) can be used in cross function reentrancies:\n\t- Reentrancy.deposit_token(address,uint256) (tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#17-20)\n\t- Reentrancy.withdraw(address) (tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#22-29)\n",
"markdown": "Reentrancy in [Reentrancy.withdraw(address)](tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#L22-L29):\n\tExternal calls:\n\t- [require(bool)(Token(token).transfer(msg.sender,token_deposed[token][msg.sender]))](tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#L24)\n\tExternal calls sending eth:\n\t- [msg.sender.transfer(eth_deposed[token][msg.sender])](tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#L23)\n\tState variables written after the call(s):\n\t- [eth_deposed[token][msg.sender] = 0](tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#L26)\n\t- [token_deposed[token][msg.sender] = 0](tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#L27)\n", "markdown": "Reentrancy in [Reentrancy.withdraw(address)](tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#L22-L29):\n\tExternal calls:\n\t- [require(bool)(Token(token).transfer(msg.sender,token_deposed[token][msg.sender]))](tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#L24)\n\tExternal calls sending eth:\n\t- [msg.sender.transfer(eth_deposed[token][msg.sender])](tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#L23)\n\tState variables written after the call(s):\n\t- [eth_deposed[token][msg.sender] = 0](tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#L26)\n\t[Reentrancy.eth_deposed](tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#L10) can be used in cross function reentrancies:\n\t- [Reentrancy.deposit_eth(address)](tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#L13-L15)\n\t- [Reentrancy.withdraw(address)](tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#L22-L29)\n\t- [token_deposed[token][msg.sender] = 0](tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#L27)\n\t[Reentrancy.token_deposed](tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#L11) can be used in cross function reentrancies:\n\t- [Reentrancy.deposit_token(address,uint256)](tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#L17-L20)\n\t- [Reentrancy.withdraw(address)](tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#L22-L29)\n",
"first_markdown_element": "tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#L22-L29", "first_markdown_element": "tests/detectors/reentrancy-eth/0.6.11/reentrancy_indirect.sol#L22-L29",
"id": "592ad3a6f86cbf4b9e9e1c21c6345d8616f0e6e8a85c7e9ab283b5b0a1271c71", "id": "f892080cd6edb9d73d435cd8c4cea16e1b65098abf2a0df5debcd493787f6654",
"check": "reentrancy-eth", "check": "reentrancy-eth",
"impact": "High", "impact": "High",
"confidence": "Medium" "confidence": "Medium"

12
tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol.0.7.6.ReentrancyEth.json
Unescape View File

@ -372,10 +372,10 @@
} }
} }
], ],
"description": "Reentrancy in Reentrancy.withdrawBalance_fixed_3() (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#55-64):\n\tExternal calls:\n\t- (ret,mem) = msg.sender.call{value: amount}() (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#60)\n\tState variables written after the call(s):\n\t- userBalance[msg.sender] = amount (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#62)\n", "description": "Reentrancy in Reentrancy.withdrawBalance_fixed_3() (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#55-64):\n\tExternal calls:\n\t- (ret,mem) = msg.sender.call{value: amount}() (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#60)\n\tState variables written after the call(s):\n\t- userBalance[msg.sender] = amount (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#62)\n\tReentrancy.userBalance (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#4) can be used in cross function reentrancies:\n\t- Reentrancy.addToBalance() (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#10-12)\n\t- Reentrancy.constructor() (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#15-23)\n\t- Reentrancy.getBalance(address) (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#6-8)\n\t- Reentrancy.withdrawBalance() (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#25-33)\n\t- Reentrancy.withdrawBalance_fixed() (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#35-44)\n\t- Reentrancy.withdrawBalance_fixed_2() (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#46-53)\n\t- Reentrancy.withdrawBalance_fixed_3() (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#55-64)\n",
"markdown": "Reentrancy in [Reentrancy.withdrawBalance_fixed_3()](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L55-L64):\n\tExternal calls:\n\t- [(ret,mem) = msg.sender.call{value: amount}()](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L60)\n\tState variables written after the call(s):\n\t- [userBalance[msg.sender] = amount](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L62)\n", "markdown": "Reentrancy in [Reentrancy.withdrawBalance_fixed_3()](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L55-L64):\n\tExternal calls:\n\t- [(ret,mem) = msg.sender.call{value: amount}()](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L60)\n\tState variables written after the call(s):\n\t- [userBalance[msg.sender] = amount](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L62)\n\t[Reentrancy.userBalance](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L4) can be used in cross function reentrancies:\n\t- [Reentrancy.addToBalance()](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L10-L12)\n\t- [Reentrancy.constructor()](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L15-L23)\n\t- [Reentrancy.getBalance(address)](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L6-L8)\n\t- [Reentrancy.withdrawBalance()](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L25-L33)\n\t- [Reentrancy.withdrawBalance_fixed()](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L35-L44)\n\t- [Reentrancy.withdrawBalance_fixed_2()](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L46-L53)\n\t- [Reentrancy.withdrawBalance_fixed_3()](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L55-L64)\n",
"first_markdown_element": "tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L55-L64", "first_markdown_element": "tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L55-L64",
"id": "d68cc7cd493eca1fda517423f6f6ad0a5671d0bbea1d80ec0cb403ca66d5d4b8", "id": "75d254de1c95646a633659a0bb8c1cd874b1a83f8bdba6fda28e9092be76beeb",
"check": "reentrancy-eth", "check": "reentrancy-eth",
"impact": "High", "impact": "High",
"confidence": "Medium" "confidence": "Medium"
@ -749,10 +749,10 @@
} }
} }
], ],
"description": "Reentrancy in Reentrancy.withdrawBalance() (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#25-33):\n\tExternal calls:\n\t- (ret,mem) = msg.sender.call{value: userBalance[msg.sender]}() (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#28)\n\tState variables written after the call(s):\n\t- userBalance[msg.sender] = 0 (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#32)\n", "description": "Reentrancy in Reentrancy.withdrawBalance() (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#25-33):\n\tExternal calls:\n\t- (ret,mem) = msg.sender.call{value: userBalance[msg.sender]}() (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#28)\n\tState variables written after the call(s):\n\t- userBalance[msg.sender] = 0 (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#32)\n\tReentrancy.userBalance (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#4) can be used in cross function reentrancies:\n\t- Reentrancy.addToBalance() (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#10-12)\n\t- Reentrancy.constructor() (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#15-23)\n\t- Reentrancy.getBalance(address) (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#6-8)\n\t- Reentrancy.withdrawBalance() (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#25-33)\n\t- Reentrancy.withdrawBalance_fixed() (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#35-44)\n\t- Reentrancy.withdrawBalance_fixed_2() (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#46-53)\n\t- Reentrancy.withdrawBalance_fixed_3() (tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#55-64)\n",
"markdown": "Reentrancy in [Reentrancy.withdrawBalance()](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L25-L33):\n\tExternal calls:\n\t- [(ret,mem) = msg.sender.call{value: userBalance[msg.sender]}()](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L28)\n\tState variables written after the call(s):\n\t- [userBalance[msg.sender] = 0](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L32)\n", "markdown": "Reentrancy in [Reentrancy.withdrawBalance()](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L25-L33):\n\tExternal calls:\n\t- [(ret,mem) = msg.sender.call{value: userBalance[msg.sender]}()](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L28)\n\tState variables written after the call(s):\n\t- [userBalance[msg.sender] = 0](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L32)\n\t[Reentrancy.userBalance](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L4) can be used in cross function reentrancies:\n\t- [Reentrancy.addToBalance()](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L10-L12)\n\t- [Reentrancy.constructor()](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L15-L23)\n\t- [Reentrancy.getBalance(address)](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L6-L8)\n\t- [Reentrancy.withdrawBalance()](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L25-L33)\n\t- [Reentrancy.withdrawBalance_fixed()](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L35-L44)\n\t- [Reentrancy.withdrawBalance_fixed_2()](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L46-L53)\n\t- [Reentrancy.withdrawBalance_fixed_3()](tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L55-L64)\n",
"first_markdown_element": "tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L25-L33", "first_markdown_element": "tests/detectors/reentrancy-eth/0.7.6/reentrancy.sol#L25-L33",
"id": "df77aefe86b51d596b1dba22bde98d85390038724420e61fb18579fd90af852c", "id": "a20a04b25c124d64a595c2dec1a37f745f1594c4f0461622c558d66911ea5235",
"check": "reentrancy-eth", "check": "reentrancy-eth",
"impact": "High", "impact": "High",
"confidence": "Medium" "confidence": "Medium"

6
tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol.0.7.6.ReentrancyEth.json
Unescape View File

@ -428,10 +428,10 @@
} }
} }
], ],
"description": "Reentrancy in Reentrancy.withdraw(address) (tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#22-29):\n\tExternal calls:\n\t- require(bool)(Token(token).transfer(msg.sender,token_deposed[token][msg.sender])) (tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#24)\n\tExternal calls sending eth:\n\t- msg.sender.transfer(eth_deposed[token][msg.sender]) (tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#23)\n\tState variables written after the call(s):\n\t- eth_deposed[token][msg.sender] = 0 (tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#26)\n\t- token_deposed[token][msg.sender] = 0 (tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#27)\n", "description": "Reentrancy in Reentrancy.withdraw(address) (tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#22-29):\n\tExternal calls:\n\t- require(bool)(Token(token).transfer(msg.sender,token_deposed[token][msg.sender])) (tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#24)\n\tExternal calls sending eth:\n\t- msg.sender.transfer(eth_deposed[token][msg.sender]) (tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#23)\n\tState variables written after the call(s):\n\t- eth_deposed[token][msg.sender] = 0 (tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#26)\n\tReentrancy.eth_deposed (tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#10) can be used in cross function reentrancies:\n\t- Reentrancy.deposit_eth(address) (tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#13-15)\n\t- Reentrancy.withdraw(address) (tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#22-29)\n\t- token_deposed[token][msg.sender] = 0 (tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#27)\n\tReentrancy.token_deposed (tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#11) can be used in cross function reentrancies:\n\t- Reentrancy.deposit_token(address,uint256) (tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#17-20)\n\t- Reentrancy.withdraw(address) (tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#22-29)\n",
"markdown": "Reentrancy in [Reentrancy.withdraw(address)](tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#L22-L29):\n\tExternal calls:\n\t- [require(bool)(Token(token).transfer(msg.sender,token_deposed[token][msg.sender]))](tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#L24)\n\tExternal calls sending eth:\n\t- [msg.sender.transfer(eth_deposed[token][msg.sender])](tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#L23)\n\tState variables written after the call(s):\n\t- [eth_deposed[token][msg.sender] = 0](tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#L26)\n\t- [token_deposed[token][msg.sender] = 0](tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#L27)\n", "markdown": "Reentrancy in [Reentrancy.withdraw(address)](tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#L22-L29):\n\tExternal calls:\n\t- [require(bool)(Token(token).transfer(msg.sender,token_deposed[token][msg.sender]))](tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#L24)\n\tExternal calls sending eth:\n\t- [msg.sender.transfer(eth_deposed[token][msg.sender])](tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#L23)\n\tState variables written after the call(s):\n\t- [eth_deposed[token][msg.sender] = 0](tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#L26)\n\t[Reentrancy.eth_deposed](tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#L10) can be used in cross function reentrancies:\n\t- [Reentrancy.deposit_eth(address)](tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#L13-L15)\n\t- [Reentrancy.withdraw(address)](tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#L22-L29)\n\t- [token_deposed[token][msg.sender] = 0](tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#L27)\n\t[Reentrancy.token_deposed](tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#L11) can be used in cross function reentrancies:\n\t- [Reentrancy.deposit_token(address,uint256)](tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#L17-L20)\n\t- [Reentrancy.withdraw(address)](tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#L22-L29)\n",
"first_markdown_element": "tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#L22-L29", "first_markdown_element": "tests/detectors/reentrancy-eth/0.7.6/reentrancy_indirect.sol#L22-L29",
"id": "24fc47678720105e363d9594b5bcec35f854903103c3c4a4ca82d9b4fb5348c3", "id": "8aacbf836cda179a2f29017ba3fb238dbb3e88837efd207cd07622e5c746f56a",
"check": "reentrancy-eth", "check": "reentrancy-eth",
"impact": "High", "impact": "High",
"confidence": "Medium" "confidence": "Medium"

151
tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol
Unescape View File

@ -0,0 +1,151 @@
interface Receiver{
function send_funds() payable external;
}
contract TestWithBug{
mapping(address => uint) balances;
modifier nonReentrant(){
_;
}
function withdraw(uint amount) nonReentrant public{
require(amount <= balances[msg.sender]);
Receiver(msg.sender).send_funds{value: amount}();
balances[msg.sender] -= amount;
}
function withdraw_all() public{
uint amount = balances[msg.sender];
balances[msg.sender] = 0;
Receiver(msg.sender).send_funds{value: amount}();
}
}
contract TestWithoutBug{
mapping(address => uint) balances;
modifier nonReentrant(){
_;
}
function withdraw(uint amount) nonReentrant public{
require(amount <= balances[msg.sender]);
Receiver(msg.sender).send_funds{value: amount}();
balances[msg.sender] -= amount;
}
function withdraw_all() nonReentrant public{
uint amount = balances[msg.sender];
balances[msg.sender] = 0;
Receiver(msg.sender).send_funds{value: amount}();
}
}
contract TestWithBugInternal{
mapping(address => uint) balances;
modifier nonReentrant(){
_;
}
function withdraw(uint amount) nonReentrant public{
withdraw_internal(amount);
}
function withdraw_internal(uint amount) internal{
require(amount <= balances[msg.sender]);
Receiver(msg.sender).send_funds{value: amount}();
balances[msg.sender] -= amount;
}
function withdraw_all() public{
withdraw_all_internal();
}
function withdraw_all_internal() internal {
uint amount = balances[msg.sender];
balances[msg.sender] = 0;
Receiver(msg.sender).send_funds{value: amount}();
}
}
contract TestWithoutBugInternal{
mapping(address => uint) balances;
modifier nonReentrant(){
_;
}
function withdraw(uint amount) nonReentrant public{
withdraw_internal(amount);
}
function withdraw_internal(uint amount) internal{
require(amount <= balances[msg.sender]);
Receiver(msg.sender).send_funds{value: amount}();
balances[msg.sender] -= amount;
}
function withdraw_all() nonReentrant public{
withdraw_all_internal();
}
function withdraw_all_internal() internal {
uint amount = balances[msg.sender];
balances[msg.sender] = 0;
Receiver(msg.sender).send_funds{value: amount}();
}
}
contract TestBugWithPublicVariable{
mapping(address => uint) public balances;
modifier nonReentrant(){
_;
}
function withdraw(uint amount) nonReentrant public{
withdraw_internal(amount);
}
function withdraw_internal(uint amount) internal{
require(amount <= balances[msg.sender]);
Receiver(msg.sender).send_funds{value: amount}();
balances[msg.sender] -= amount;
}
}
contract TestWithBugNonReentrantRead{
mapping(address => uint) balances;
modifier nonReentrant(){
_;
}
function withdraw(uint amount) nonReentrant public{
require(amount <= balances[msg.sender]);
Receiver(msg.sender).send_funds{value: amount}();
balances[msg.sender] -= amount;
}
// Simulate a reentrancy that allows to read variable in a potential incorrect state during a reentrancy
// This is more likely to impact protocol like reentrancy
function read() public returns(uint){
uint amount = balances[msg.sender];
return amount;
}
}

981
tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol.0.8.10.ReentrancyEth.json
Unescape View File

@ -0,0 +1,981 @@
[
[
{
"elements": [
{
"type": "function",
"name": "withdraw",
"source_mapping": {
"start": 3089,
"length": 207,
"filename_relative": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol",
"filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol",
"is_dependency": false,
"lines": [
138,
139,
140,
141,
142
],
"starting_column": 5,
"ending_column": 6
},
"type_specific_fields": {
"parent": {
"type": "contract",
"name": "TestWithBugNonReentrantRead",
"source_mapping": {
"start": 2959,
"length": 629,
"filename_relative": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol",
"filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol",
"is_dependency": false,
"lines": [
130,
131,
132,
133,
134,
135,
136,
137,
138,
139,
140,
141,
142,
143,
144,
145,
146,
147,
148,
149,
150,
151
],
"starting_column": 1,
"ending_column": 2
}
},
"signature": "withdraw(uint256)"
}
},
{
"type": "node",
"name": "Receiver(msg.sender).send_funds{value: amount}()",
"source_mapping": {
"start": 3200,
"length": 48,
"filename_relative": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol",
"filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol",
"is_dependency": false,
"lines": [
140
],
"starting_column": 10,
"ending_column": 58
},
"type_specific_fields": {
"parent": {
"type": "function",
"name": "withdraw",
"source_mapping": {
"start": 3089,
"length": 207,
"filename_relative": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol",
"filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol",
"is_dependency": false,
"lines": [
138,
139,
140,
141,
142
],
"starting_column": 5,
"ending_column": 6
},
"type_specific_fields": {
"parent": {
"type": "contract",
"name": "TestWithBugNonReentrantRead",
"source_mapping": {
"start": 2959,
"length": 629,
"filename_relative": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol",
"filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol",
"is_dependency": false,
"lines": [
130,
131,
132,
133,
134,
135,
136,
137,
138,
139,
140,
141,
142,
143,
144,
145,
146,
147,
148,
149,
150,
151
],
"starting_column": 1,
"ending_column": 2
}
},
"signature": "withdraw(uint256)"
}
}
},
"additional_fields": {
"underlying_type": "external_calls"
}
},
{
"type": "node",
"name": "balances[msg.sender] -= amount",
"source_mapping": {
"start": 3259,
"length": 30,
"filename_relative": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol",
"filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol",
"is_dependency": false,
"lines": [
141
],
"starting_column": 10,
"ending_column": 40
},
"type_specific_fields": {
"parent": {
"type": "function",
"name": "withdraw",
"source_mapping": {
"start": 3089,
"length": 207,
"filename_relative": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol",
"filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol",
"is_dependency": false,
"lines": [
138,
139,
140,
141,
142
],
"starting_column": 5,
"ending_column": 6
},
"type_specific_fields": {
"parent": {
"type": "contract",
"name": "TestWithBugNonReentrantRead",
"source_mapping": {
"start": 2959,
"length": 629,
"filename_relative": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol",
"filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol",
"is_dependency": false,
"lines": [
130,
131,
132,
133,
134,
135,
136,
137,
138,
139,
140,
141,
142,
143,
144,
145,
146,
147,
148,
149,
150,
151
],
"starting_column": 1,
"ending_column": 2
}
},
"signature": "withdraw(uint256)"
}
}
},
"additional_fields": {
"underlying_type": "variables_written",
"variable_name": "balances"
}
}
],
"description": "Reentrancy in TestWithBugNonReentrantRead.withdraw(uint256) (tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#138-142):\n\tExternal calls:\n\t- Receiver(msg.sender).send_funds{value: amount}() (tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#140)\n\tState variables written after the call(s):\n\t- balances[msg.sender] -= amount (tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#141)\n\tTestWithBugNonReentrantRead.balances (tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#132) can be used in cross function reentrancies:\n\t- TestWithBugNonReentrantRead.read() (tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#146-149)\n",
"markdown": "Reentrancy in [TestWithBugNonReentrantRead.withdraw(uint256)](tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#L138-L142):\n\tExternal calls:\n\t- [Receiver(msg.sender).send_funds{value: amount}()](tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#L140)\n\tState variables written after the call(s):\n\t- [balances[msg.sender] -= amount](tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#L141)\n\t[TestWithBugNonReentrantRead.balances](tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#L132) can be used in cross function reentrancies:\n\t- [TestWithBugNonReentrantRead.read()](tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#L146-L149)\n",
"first_markdown_element": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#L138-L142",
"id": "0b2149d8ea8554c24092bad5ce3061d661d4f0447d5d96716893538474bca40f",
"check": "reentrancy-eth",
"impact": "High",
"confidence": "Medium"
},
{
"elements": [
{
"type": "function",
"name": "withdraw_internal",
"source_mapping": {
"start": 1320,
"length": 205,
"filename_relative": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol",
"filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol",
"is_dependency": false,
"lines": [
62,
63,
64,
65,
66
],
"starting_column": 5,
"ending_column": 6
},
"type_specific_fields": {
"parent": {
"type": "contract",
"name": "TestWithBugInternal",
"source_mapping": {
"start": 1100,
"length": 698,
"filename_relative": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol",
"filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol",
"is_dependency": false,
"lines": [
50,
51,
52,
53,
54,
55,
56,
57,
58,
59,
60,
61,
62,
63,
64,
65,
66,
67,
68,
69,
70,
71,
72,
73,
74,
75,
76,
77,
78
],
"starting_column": 1,
"ending_column": 2
}
},
"signature": "withdraw_internal(uint256)"
}
},
{
"type": "node",
"name": "Receiver(msg.sender).send_funds{value: amount}()",
"source_mapping": {
"start": 1429,
"length": 48,
"filename_relative": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol",
"filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol",
"is_dependency": false,
"lines": [
64
],
"starting_column": 10,
"ending_column": 58
},
"type_specific_fields": {
"parent": {
"type": "function",
"name": "withdraw_internal",
"source_mapping": {
"start": 1320,
"length": 205,
"filename_relative": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol",
"filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol",
"is_dependency": false,
"lines": [
62,
63,
64,
65,
66
],
"starting_column": 5,
"ending_column": 6
},
"type_specific_fields": {
"parent": {
"type": "contract",
"name": "TestWithBugInternal",
"source_mapping": {
"start": 1100,
"length": 698,
"filename_relative": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol",
"filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol",
"is_dependency": false,
"lines": [
50,
51,
52,
53,
54,
55,
56,
57,
58,
59,
60,
61,
62,
63,
64,
65,
66,
67,
68,
69,
70,
71,
72,
73,
74,
75,
76,
77,
78
],
"starting_column": 1,
"ending_column": 2
}
},
"signature": "withdraw_internal(uint256)"
}
}
},
"additional_fields": {
"underlying_type": "external_calls"
}
},
{
"type": "node",
"name": "balances[msg.sender] -= amount",
"source_mapping": {
"start": 1488,
"length": 30,
"filename_relative": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol",
"filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol",
"is_dependency": false,
"lines": [
65
],
"starting_column": 10,
"ending_column": 40
},
"type_specific_fields": {
"parent": {
"type": "function",
"name": "withdraw_internal",
"source_mapping": {
"start": 1320,
"length": 205,
"filename_relative": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol",
"filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol",
"is_dependency": false,
"lines": [
62,
63,
64,
65,
66
],
"starting_column": 5,
"ending_column": 6
},
"type_specific_fields": {
"parent": {
"type": "contract",
"name": "TestWithBugInternal",
"source_mapping": {
"start": 1100,
"length": 698,
"filename_relative": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol",
"filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol",
"is_dependency": false,
"lines": [
50,
51,
52,
53,
54,
55,
56,
57,
58,
59,
60,
61,
62,
63,
64,
65,
66,
67,
68,
69,
70,
71,
72,
73,
74,
75,
76,
77,
78
],
"starting_column": 1,
"ending_column": 2
}
},
"signature": "withdraw_internal(uint256)"
}
}
},
"additional_fields": {
"underlying_type": "variables_written",
"variable_name": "balances"
}
}
],
"description": "Reentrancy in TestWithBugInternal.withdraw_internal(uint256) (tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#62-66):\n\tExternal calls:\n\t- Receiver(msg.sender).send_funds{value: amount}() (tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#64)\n\tState variables written after the call(s):\n\t- balances[msg.sender] -= amount (tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#65)\n\tTestWithBugInternal.balances (tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#52) can be used in cross function reentrancies:\n\t- TestWithBugInternal.withdraw_all_internal() (tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#72-76)\n",
"markdown": "Reentrancy in [TestWithBugInternal.withdraw_internal(uint256)](tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#L62-L66):\n\tExternal calls:\n\t- [Receiver(msg.sender).send_funds{value: amount}()](tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#L64)\n\tState variables written after the call(s):\n\t- [balances[msg.sender] -= amount](tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#L65)\n\t[TestWithBugInternal.balances](tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#L52) can be used in cross function reentrancies:\n\t- [TestWithBugInternal.withdraw_all_internal()](tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#L72-L76)\n",
"first_markdown_element": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#L62-L66",
"id": "7d618f027540d61d9af79a3a9475677476d1c4d7ad1be68ff8026f6c0d4cdc82",
"check": "reentrancy-eth",
"impact": "High",
"confidence": "Medium"
},
{
"elements": [
{
"type": "function",
"name": "withdraw_internal",
"source_mapping": {
"start": 2749,
"length": 205,
"filename_relative": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol",
"filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol",
"is_dependency": false,
"lines": [
122,
123,
124,
125,
126
],
"starting_column": 5,
"ending_column": 6
},
"type_specific_fields": {
"parent": {
"type": "contract",
"name": "TestBugWithPublicVariable",
"source_mapping": {
"start": 2516,
"length": 441,
"filename_relative": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol",
"filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol",
"is_dependency": false,
"lines": [
110,
111,
112,
113,
114,
115,
116,
117,
118,
119,
120,
121,
122,
123,
124,
125,
126,
127,
128
],
"starting_column": 1,
"ending_column": 2
}
},
"signature": "withdraw_internal(uint256)"
}
},
{
"type": "node",
"name": "Receiver(msg.sender).send_funds{value: amount}()",
"source_mapping": {
"start": 2858,
"length": 48,
"filename_relative": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol",
"filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol",
"is_dependency": false,
"lines": [
124
],
"starting_column": 10,
"ending_column": 58
},
"type_specific_fields": {
"parent": {
"type": "function",
"name": "withdraw_internal",
"source_mapping": {
"start": 2749,
"length": 205,
"filename_relative": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol",
"filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol",
"is_dependency": false,
"lines": [
122,
123,
124,
125,
126
],
"starting_column": 5,
"ending_column": 6
},
"type_specific_fields": {
"parent": {
"type": "contract",
"name": "TestBugWithPublicVariable",
"source_mapping": {
"start": 2516,
"length": 441,
"filename_relative": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol",
"filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol",
"is_dependency": false,
"lines": [
110,
111,
112,
113,
114,
115,
116,
117,
118,
119,
120,
121,
122,
123,
124,
125,
126,
127,
128
],
"starting_column": 1,
"ending_column": 2
}
},
"signature": "withdraw_internal(uint256)"
}
}
},
"additional_fields": {
"underlying_type": "external_calls"
}
},
{
"type": "node",
"name": "balances[msg.sender] -= amount",
"source_mapping": {
"start": 2917,
"length": 30,
"filename_relative": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol",
"filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol",
"is_dependency": false,
"lines": [
125
],
"starting_column": 10,
"ending_column": 40
},
"type_specific_fields": {
"parent": {
"type": "function",
"name": "withdraw_internal",
"source_mapping": {
"start": 2749,
"length": 205,
"filename_relative": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol",
"filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol",
"is_dependency": false,
"lines": [
122,
123,
124,
125,
126
],
"starting_column": 5,
"ending_column": 6
},
"type_specific_fields": {
"parent": {
"type": "contract",
"name": "TestBugWithPublicVariable",
"source_mapping": {
"start": 2516,
"length": 441,
"filename_relative": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol",
"filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol",
"is_dependency": false,
"lines": [
110,
111,
112,
113,
114,
115,
116,
117,
118,
119,
120,
121,
122,
123,
124,
125,
126,
127,
128
],
"starting_column": 1,
"ending_column": 2
}
},
"signature": "withdraw_internal(uint256)"
}
}
},
"additional_fields": {
"underlying_type": "variables_written",
"variable_name": "balances"
}
}
],
"description": "Reentrancy in TestBugWithPublicVariable.withdraw_internal(uint256) (tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#122-126):\n\tExternal calls:\n\t- Receiver(msg.sender).send_funds{value: amount}() (tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#124)\n\tState variables written after the call(s):\n\t- balances[msg.sender] -= amount (tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#125)\n\tTestBugWithPublicVariable.balances (tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#112) can be used in cross function reentrancies:\n\t- TestBugWithPublicVariable.balances (tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#112)\n",
"markdown": "Reentrancy in [TestBugWithPublicVariable.withdraw_internal(uint256)](tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#L122-L126):\n\tExternal calls:\n\t- [Receiver(msg.sender).send_funds{value: amount}()](tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#L124)\n\tState variables written after the call(s):\n\t- [balances[msg.sender] -= amount](tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#L125)\n\t[TestBugWithPublicVariable.balances](tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#L112) can be used in cross function reentrancies:\n\t- [TestBugWithPublicVariable.balances](tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#L112)\n",
"first_markdown_element": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#L122-L126",
"id": "a3e52c882aa9fb88119aa3507f4158436bfe3f1abee0828665afa41213587097",
"check": "reentrancy-eth",
"impact": "High",
"confidence": "Medium"
},
{
"elements": [
{
"type": "function",
"name": "withdraw",
"source_mapping": {
"start": 181,
"length": 207,
"filename_relative": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol",
"filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol",
"is_dependency": false,
"lines": [
13,
14,
15,
16,
17
],
"starting_column": 5,
"ending_column": 6
},
"type_specific_fields": {
"parent": {
"type": "contract",
"name": "TestWithBug",
"source_mapping": {
"start": 67,
"length": 506,
"filename_relative": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol",
"filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol",
"is_dependency": false,
"lines": [
5,
6,
7,
8,
9,
10,
11,
12,
13,
14,
15,
16,
17,
18,
19,
20,
21,
22,
23,
24,
25
],
"starting_column": 1,
"ending_column": 2
}
},
"signature": "withdraw(uint256)"
}
},
{
"type": "node",
"name": "Receiver(msg.sender).send_funds{value: amount}()",
"source_mapping": {
"start": 292,
"length": 48,
"filename_relative": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol",
"filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol",
"is_dependency": false,
"lines": [
15
],
"starting_column": 10,
"ending_column": 58
},
"type_specific_fields": {
"parent": {
"type": "function",
"name": "withdraw",
"source_mapping": {
"start": 181,
"length": 207,
"filename_relative": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol",
"filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol",
"is_dependency": false,
"lines": [
13,
14,
15,
16,
17
],
"starting_column": 5,
"ending_column": 6
},
"type_specific_fields": {
"parent": {
"type": "contract",
"name": "TestWithBug",
"source_mapping": {
"start": 67,
"length": 506,
"filename_relative": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol",
"filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol",
"is_dependency": false,
"lines": [
5,
6,
7,
8,
9,
10,
11,
12,
13,
14,
15,
16,
17,
18,
19,
20,
21,
22,
23,
24,
25
],
"starting_column": 1,
"ending_column": 2
}
},
"signature": "withdraw(uint256)"
}
}
},
"additional_fields": {
"underlying_type": "external_calls"
}
},
{
"type": "node",
"name": "balances[msg.sender] -= amount",
"source_mapping": {
"start": 351,
"length": 30,
"filename_relative": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol",
"filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol",
"is_dependency": false,
"lines": [
16
],
"starting_column": 10,
"ending_column": 40
},
"type_specific_fields": {
"parent": {
"type": "function",
"name": "withdraw",
"source_mapping": {
"start": 181,
"length": 207,
"filename_relative": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol",
"filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol",
"is_dependency": false,
"lines": [
13,
14,
15,
16,
17
],
"starting_column": 5,
"ending_column": 6
},
"type_specific_fields": {
"parent": {
"type": "contract",
"name": "TestWithBug",
"source_mapping": {
"start": 67,
"length": 506,
"filename_relative": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol",
"filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol",
"is_dependency": false,
"lines": [
5,
6,
7,
8,
9,
10,
11,
12,
13,
14,
15,
16,
17,
18,
19,
20,
21,
22,
23,
24,
25
],
"starting_column": 1,
"ending_column": 2
}
},
"signature": "withdraw(uint256)"
}
}
},
"additional_fields": {
"underlying_type": "variables_written",
"variable_name": "balances"
}
}
],
"description": "Reentrancy in TestWithBug.withdraw(uint256) (tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#13-17):\n\tExternal calls:\n\t- Receiver(msg.sender).send_funds{value: amount}() (tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#15)\n\tState variables written after the call(s):\n\t- balances[msg.sender] -= amount (tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#16)\n\tTestWithBug.balances (tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#7) can be used in cross function reentrancies:\n\t- TestWithBug.withdraw_all() (tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#19-23)\n",
"markdown": "Reentrancy in [TestWithBug.withdraw(uint256)](tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#L13-L17):\n\tExternal calls:\n\t- [Receiver(msg.sender).send_funds{value: amount}()](tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#L15)\n\tState variables written after the call(s):\n\t- [balances[msg.sender] -= amount](tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#L16)\n\t[TestWithBug.balances](tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#L7) can be used in cross function reentrancies:\n\t- [TestWithBug.withdraw_all()](tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#L19-L23)\n",
"first_markdown_element": "tests/detectors/reentrancy-eth/0.8.10/reentrancy_with_non_reentrant.sol#L13-L17",
"id": "bcfa65e776908d618f202fa48f03dde3fbf8397b752d2e8cc3c8e46019e9e174",
"check": "reentrancy-eth",
"impact": "High",
"confidence": "Medium"
}
]
]

9454
tests/detectors/reentrancy-no-eth/0.4.25/DAO.sol.0.4.25.ReentrancyReadBeforeWritten.json
View File

File diff suppressed because one or more lines are too long

354
tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol.0.4.25.ReentrancyReadBeforeWritten.json
Unescape View File

@ -4,22 +4,21 @@
"elements": [ "elements": [
{ {
"type": "function", "type": "function",
"name": "bad0", "name": "bad1",
"source_mapping": { "source_mapping": {
"start": 326, "start": 485,
"length": 153, "length": 158,
"filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol", "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol",
"filename_absolute": "/GENERIC_PATH", "filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol",
"is_dependency": false, "is_dependency": false,
"lines": [ "lines": [
16, 24,
17, 25,
18, 26,
19, 27,
20, 28,
21, 29
22
], ],
"starting_column": 5, "starting_column": 5,
"ending_column": 6 "ending_column": 6
@ -78,44 +77,43 @@
"ending_column": 2 "ending_column": 2
} }
}, },
"signature": "bad0()" "signature": "bad1(address)"
} }
}, },
{ {
"type": "node", "type": "node",
"name": "! (msg.sender.call())", "name": "success = msg.sender.call()",
"source_mapping": { "source_mapping": {
"start": 391, "start": 560,
"length": 20, "length": 34,
"filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol", "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol",
"filename_absolute": "/GENERIC_PATH", "filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol",
"is_dependency": false, "is_dependency": false,
"lines": [ "lines": [
18 26
], ],
"starting_column": 13, "starting_column": 9,
"ending_column": 33 "ending_column": 43
}, },
"type_specific_fields": { "type_specific_fields": {
"parent": { "parent": {
"type": "function", "type": "function",
"name": "bad0", "name": "bad1",
"source_mapping": { "source_mapping": {
"start": 326, "start": 485,
"length": 153, "length": 158,
"filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol", "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol",
"filename_absolute": "/GENERIC_PATH", "filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol",
"is_dependency": false, "is_dependency": false,
"lines": [ "lines": [
16, 24,
17, 25,
18, 26,
19, 27,
20, 28,
21, 29
22
], ],
"starting_column": 5, "starting_column": 5,
"ending_column": 6 "ending_column": 6
@ -174,7 +172,7 @@
"ending_column": 2 "ending_column": 2
} }
}, },
"signature": "bad0()" "signature": "bad1(address)"
} }
} }
}, },
@ -184,39 +182,38 @@
}, },
{ {
"type": "node", "type": "node",
"name": "notCalled = false", "name": "bad0()",
"source_mapping": { "source_mapping": {
"start": 455, "start": 630,
"length": 17, "length": 6,
"filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol", "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol",
"filename_absolute": "/GENERIC_PATH", "filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol",
"is_dependency": false, "is_dependency": false,
"lines": [ "lines": [
21 28
], ],
"starting_column": 9, "starting_column": 9,
"ending_column": 26 "ending_column": 15
}, },
"type_specific_fields": { "type_specific_fields": {
"parent": { "parent": {
"type": "function", "type": "function",
"name": "bad0", "name": "bad1",
"source_mapping": { "source_mapping": {
"start": 326, "start": 485,
"length": 153, "length": 158,
"filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol", "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol",
"filename_absolute": "/GENERIC_PATH", "filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol",
"is_dependency": false, "is_dependency": false,
"lines": [ "lines": [
16, 24,
17, 25,
18, 26,
19, 27,
20, 28,
21, 29
22
], ],
"starting_column": 5, "starting_column": 5,
"ending_column": 6 "ending_column": 6
@ -275,138 +272,49 @@
"ending_column": 2 "ending_column": 2
} }
}, },
"signature": "bad0()" "signature": "bad1(address)"
} }
} }
}, },
"additional_fields": { "additional_fields": {
"underlying_type": "variables_written", "underlying_type": "external_calls"
"variable_name": "notCalled"
} }
} },
],
"description": "Reentrancy in ReentrancyWrite.bad0() (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#16-22):\n\tExternal calls:\n\t- ! (msg.sender.call()) (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#18)\n\tState variables written after the call(s):\n\t- notCalled = false (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#21)\n",
"markdown": "Reentrancy in [ReentrancyWrite.bad0()](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L16-L22):\n\tExternal calls:\n\t- [! (msg.sender.call())](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L18)\n\tState variables written after the call(s):\n\t- [notCalled = false](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L21)\n",
"first_markdown_element": "tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L16-L22",
"id": "296bbfc5c41b40046e8fc0563e89099df3ff17caf0bd3ff8dde0271aacd8d981",
"check": "reentrancy-no-eth",
"impact": "Medium",
"confidence": "Medium"
},
{
"elements": [
{ {
"type": "function", "type": "node",
"name": "bad1", "name": "! (msg.sender.call())",
"source_mapping": { "source_mapping": {
"start": 485, "start": 391,
"length": 158, "length": 20,
"filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol", "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol",
"filename_absolute": "/GENERIC_PATH", "filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol",
"is_dependency": false, "is_dependency": false,
"lines": [ "lines": [
24, 18
25,
26,
27,
28,
29
], ],
"starting_column": 5, "starting_column": 13,
"ending_column": 6 "ending_column": 33
}, },
"type_specific_fields": { "type_specific_fields": {
"parent": { "parent": {
"type": "contract", "type": "function",
"name": "ReentrancyWrite", "name": "bad0",
"source_mapping": { "source_mapping": {
"start": 28, "start": 326,
"length": 776, "length": 153,
"filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol", "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol",
"filename_absolute": "/GENERIC_PATH", "filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol",
"is_dependency": false, "is_dependency": false,
"lines": [ "lines": [
3,
4,
5,
6,
7,
8,
9,
10,
11,
12,
13,
14,
15,
16, 16,
17, 17,
18, 18,
19, 19,
20, 20,
21, 21,
22, 22
23,
24,
25,
26,
27,
28,
29,
30,
31,
32,
33,
34,
35,
36,
37,
38,
39
],
"starting_column": 1,
"ending_column": 2
}
},
"signature": "bad1(address)"
}
},
{
"type": "node",
"name": "success = msg.sender.call()",
"source_mapping": {
"start": 560,
"length": 34,
"filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol",
"filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol",
"is_dependency": false,
"lines": [
26
],
"starting_column": 9,
"ending_column": 43
},
"type_specific_fields": {
"parent": {
"type": "function",
"name": "bad1",
"source_mapping": {
"start": 485,
"length": 158,
"filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol",
"filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol",
"is_dependency": false,
"lines": [
24,
25,
26,
27,
28,
29
], ],
"starting_column": 5, "starting_column": 5,
"ending_column": 6 "ending_column": 6
@ -465,12 +373,12 @@
"ending_column": 2 "ending_column": 2
} }
}, },
"signature": "bad1(address)" "signature": "bad0()"
} }
} }
}, },
"additional_fields": { "additional_fields": {
"underlying_type": "external_calls" "underlying_type": "external_calls_sending_eth"
} }
}, },
{ {
@ -570,24 +478,25 @@
} }
}, },
"additional_fields": { "additional_fields": {
"underlying_type": "external_calls" "underlying_type": "variables_written",
"variable_name": "notCalled"
} }
}, },
{ {
"type": "node", "type": "node",
"name": "! (msg.sender.call())", "name": "notCalled = false",
"source_mapping": { "source_mapping": {
"start": 391, "start": 455,
"length": 20, "length": 17,
"filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol", "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol",
"filename_absolute": "/GENERIC_PATH", "filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol",
"is_dependency": false, "is_dependency": false,
"lines": [ "lines": [
18 21
], ],
"starting_column": 13, "starting_column": 9,
"ending_column": 33 "ending_column": 26
}, },
"type_specific_fields": { "type_specific_fields": {
"parent": { "parent": {
@ -671,43 +580,135 @@
} }
}, },
"additional_fields": { "additional_fields": {
"underlying_type": "external_calls_sending_eth" "underlying_type": "variables_written",
"variable_name": "notCalled"
} }
}, }
],
"description": "Reentrancy in ReentrancyWrite.bad1(address) (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#24-29):\n\tExternal calls:\n\t- success = msg.sender.call() (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#26)\n\t- bad0() (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#28)\n\t\t- ! (msg.sender.call()) (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#18)\n\tState variables written after the call(s):\n\t- bad0() (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#28)\n\t\t- notCalled = false (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#21)\n\tReentrancyWrite.notCalled (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#4) can be used in cross function reentrancies:\n\t- ReentrancyWrite.bad0() (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#16-22)\n\t- ReentrancyWrite.bad1(address) (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#24-29)\n\t- ReentrancyWrite.constructor(address) (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#7-14)\n\t- ReentrancyWrite.good() (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#31-37)\n",
"markdown": "Reentrancy in [ReentrancyWrite.bad1(address)](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L24-L29):\n\tExternal calls:\n\t- [success = msg.sender.call()](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L26)\n\t- [bad0()](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L28)\n\t\t- [! (msg.sender.call())](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L18)\n\tState variables written after the call(s):\n\t- [bad0()](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L28)\n\t\t- [notCalled = false](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L21)\n\t[ReentrancyWrite.notCalled](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L4) can be used in cross function reentrancies:\n\t- [ReentrancyWrite.bad0()](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L16-L22)\n\t- [ReentrancyWrite.bad1(address)](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L24-L29)\n\t- [ReentrancyWrite.constructor(address)](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L7-L14)\n\t- [ReentrancyWrite.good()](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L31-L37)\n",
"first_markdown_element": "tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L24-L29",
"id": "3abbc9e8f73096dd53d7a40513439b00f2bcfb9c594446c25eb8f0845a83f634",
"check": "reentrancy-no-eth",
"impact": "Medium",
"confidence": "Medium"
},
{
"elements": [
{ {
"type": "node", "type": "function",
"name": "bad0()", "name": "bad0",
"source_mapping": { "source_mapping": {
"start": 630, "start": 326,
"length": 6, "length": 153,
"filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol", "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol",
"filename_absolute": "/GENERIC_PATH", "filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol",
"is_dependency": false, "is_dependency": false,
"lines": [ "lines": [
28 16,
17,
18,
19,
20,
21,
22
], ],
"starting_column": 9, "starting_column": 5,
"ending_column": 15 "ending_column": 6
}, },
"type_specific_fields": { "type_specific_fields": {
"parent": { "parent": {
"type": "function", "type": "contract",
"name": "bad1", "name": "ReentrancyWrite",
"source_mapping": { "source_mapping": {
"start": 485, "start": 28,
"length": 158, "length": 776,
"filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol", "filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol",
"filename_absolute": "/GENERIC_PATH", "filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol", "filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol",
"is_dependency": false, "is_dependency": false,
"lines": [ "lines": [
3,
4,
5,
6,
7,
8,
9,
10,
11,
12,
13,
14,
15,
16,
17,
18,
19,
20,
21,
22,
23,
24, 24,
25, 25,
26, 26,
27, 27,
28, 28,
29 29,
30,
31,
32,
33,
34,
35,
36,
37,
38,
39
],
"starting_column": 1,
"ending_column": 2
}
},
"signature": "bad0()"
}
},
{
"type": "node",
"name": "! (msg.sender.call())",
"source_mapping": {
"start": 391,
"length": 20,
"filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol",
"filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol",
"is_dependency": false,
"lines": [
18
],
"starting_column": 13,
"ending_column": 33
},
"type_specific_fields": {
"parent": {
"type": "function",
"name": "bad0",
"source_mapping": {
"start": 326,
"length": 153,
"filename_relative": "tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol",
"filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol",
"is_dependency": false,
"lines": [
16,
17,
18,
19,
20,
21,
22
], ],
"starting_column": 5, "starting_column": 5,
"ending_column": 6 "ending_column": 6
@ -766,13 +767,12 @@
"ending_column": 2 "ending_column": 2
} }
}, },
"signature": "bad1(address)" "signature": "bad0()"
} }
} }
}, },
"additional_fields": { "additional_fields": {
"underlying_type": "variables_written", "underlying_type": "external_calls"
"variable_name": "notCalled"
} }
}, },
{ {
@ -878,10 +878,10 @@
} }
} }
], ],
"description": "Reentrancy in ReentrancyWrite.bad1(address) (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#24-29):\n\tExternal calls:\n\t- success = msg.sender.call() (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#26)\n\t- bad0() (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#28)\n\t\t- ! (msg.sender.call()) (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#18)\n\tState variables written after the call(s):\n\t- bad0() (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#28)\n\t\t- notCalled = false (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#21)\n", "description": "Reentrancy in ReentrancyWrite.bad0() (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#16-22):\n\tExternal calls:\n\t- ! (msg.sender.call()) (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#18)\n\tState variables written after the call(s):\n\t- notCalled = false (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#21)\n\tReentrancyWrite.notCalled (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#4) can be used in cross function reentrancies:\n\t- ReentrancyWrite.bad0() (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#16-22)\n\t- ReentrancyWrite.bad1(address) (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#24-29)\n\t- ReentrancyWrite.constructor(address) (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#7-14)\n\t- ReentrancyWrite.good() (tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#31-37)\n",
"markdown": "Reentrancy in [ReentrancyWrite.bad1(address)](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L24-L29):\n\tExternal calls:\n\t- [success = msg.sender.call()](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L26)\n\t- [bad0()](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L28)\n\t\t- [! (msg.sender.call())](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L18)\n\tState variables written after the call(s):\n\t- [bad0()](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L28)\n\t\t- [notCalled = false](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L21)\n", "markdown": "Reentrancy in [ReentrancyWrite.bad0()](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L16-L22):\n\tExternal calls:\n\t- [! (msg.sender.call())](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L18)\n\tState variables written after the call(s):\n\t- [notCalled = false](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L21)\n\t[ReentrancyWrite.notCalled](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L4) can be used in cross function reentrancies:\n\t- [ReentrancyWrite.bad0()](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L16-L22)\n\t- [ReentrancyWrite.bad1(address)](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L24-L29)\n\t- [ReentrancyWrite.constructor(address)](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L7-L14)\n\t- [ReentrancyWrite.good()](tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L31-L37)\n",
"first_markdown_element": "tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L24-L29", "first_markdown_element": "tests/detectors/reentrancy-no-eth/0.4.25/reentrancy-write.sol#L16-L22",
"id": "93b771e9737b42c786392b01e24457616ec7e54b5dd7714c96a1e67b9dd535f3", "id": "849ca5d32a80a76091f9049ebde3e9267a1c1bc22fd11197246e748b56a31f3b",
"check": "reentrancy-no-eth", "check": "reentrancy-no-eth",
"impact": "Medium", "impact": "Medium",
"confidence": "Medium" "confidence": "Medium"

12
tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol.0.5.16.ReentrancyReadBeforeWritten.json
Unescape View File

@ -599,10 +599,10 @@
} }
} }
], ],
"description": "Reentrancy in ReentrancyWrite.bad1(address) (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#25-30):\n\tExternal calls:\n\t- (success) = msg.sender.call() (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#27)\n\t- bad0() (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#29)\n\t\t- (success) = msg.sender.call() (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#18)\n\tState variables written after the call(s):\n\t- bad0() (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#29)\n\t\t- notCalled = false (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#22)\n", "description": "Reentrancy in ReentrancyWrite.bad1(address) (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#25-30):\n\tExternal calls:\n\t- (success) = msg.sender.call() (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#27)\n\t- bad0() (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#29)\n\t\t- (success) = msg.sender.call() (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#18)\n\tState variables written after the call(s):\n\t- bad0() (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#29)\n\t\t- notCalled = false (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#22)\n\tReentrancyWrite.notCalled (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#4) can be used in cross function reentrancies:\n\t- ReentrancyWrite.bad0() (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#16-23)\n\t- ReentrancyWrite.bad1(address) (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#25-30)\n\t- ReentrancyWrite.constructor(address) (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#7-14)\n\t- ReentrancyWrite.good() (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#32-39)\n",
"markdown": "Reentrancy in [ReentrancyWrite.bad1(address)](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L25-L30):\n\tExternal calls:\n\t- [(success) = msg.sender.call()](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L27)\n\t- [bad0()](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L29)\n\t\t- [(success) = msg.sender.call()](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L18)\n\tState variables written after the call(s):\n\t- [bad0()](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L29)\n\t\t- [notCalled = false](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L22)\n", "markdown": "Reentrancy in [ReentrancyWrite.bad1(address)](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L25-L30):\n\tExternal calls:\n\t- [(success) = msg.sender.call()](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L27)\n\t- [bad0()](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L29)\n\t\t- [(success) = msg.sender.call()](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L18)\n\tState variables written after the call(s):\n\t- [bad0()](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L29)\n\t\t- [notCalled = false](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L22)\n\t[ReentrancyWrite.notCalled](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L4) can be used in cross function reentrancies:\n\t- [ReentrancyWrite.bad0()](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L16-L23)\n\t- [ReentrancyWrite.bad1(address)](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L25-L30)\n\t- [ReentrancyWrite.constructor(address)](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L7-L14)\n\t- [ReentrancyWrite.good()](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L32-L39)\n",
"first_markdown_element": "tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L25-L30", "first_markdown_element": "tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L25-L30",
"id": "9fbfafd0d47ce4f4ead524570f382093c186c4e9e5e96ce0067fce3ffb6dc74a", "id": "80cbbc2ca9b1ec618f677d49ad8c55c3e7b458a8f8f2d5083e5388dabf526d6f",
"check": "reentrancy-no-eth", "check": "reentrancy-no-eth",
"impact": "Medium", "impact": "Medium",
"confidence": "Medium" "confidence": "Medium"
@ -901,10 +901,10 @@
} }
} }
], ],
"description": "Reentrancy in ReentrancyWrite.bad0() (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#16-23):\n\tExternal calls:\n\t- (success) = msg.sender.call() (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#18)\n\tState variables written after the call(s):\n\t- notCalled = false (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#22)\n", "description": "Reentrancy in ReentrancyWrite.bad0() (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#16-23):\n\tExternal calls:\n\t- (success) = msg.sender.call() (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#18)\n\tState variables written after the call(s):\n\t- notCalled = false (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#22)\n\tReentrancyWrite.notCalled (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#4) can be used in cross function reentrancies:\n\t- ReentrancyWrite.bad0() (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#16-23)\n\t- ReentrancyWrite.bad1(address) (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#25-30)\n\t- ReentrancyWrite.constructor(address) (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#7-14)\n\t- ReentrancyWrite.good() (tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#32-39)\n",
"markdown": "Reentrancy in [ReentrancyWrite.bad0()](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L16-L23):\n\tExternal calls:\n\t- [(success) = msg.sender.call()](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L18)\n\tState variables written after the call(s):\n\t- [notCalled = false](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L22)\n", "markdown": "Reentrancy in [ReentrancyWrite.bad0()](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L16-L23):\n\tExternal calls:\n\t- [(success) = msg.sender.call()](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L18)\n\tState variables written after the call(s):\n\t- [notCalled = false](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L22)\n\t[ReentrancyWrite.notCalled](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L4) can be used in cross function reentrancies:\n\t- [ReentrancyWrite.bad0()](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L16-L23)\n\t- [ReentrancyWrite.bad1(address)](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L25-L30)\n\t- [ReentrancyWrite.constructor(address)](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L7-L14)\n\t- [ReentrancyWrite.good()](tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L32-L39)\n",
"first_markdown_element": "tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L16-L23", "first_markdown_element": "tests/detectors/reentrancy-no-eth/0.5.16/reentrancy-write.sol#L16-L23",
"id": "c9ba81d76d46579f9e78ac96b1aae43b71f2d4a96d4c47b2fab9831bf0f15a8f", "id": "aec3401a9ebdcd0961e5a0f704379be83fc18e5c8ea5e98641b0ea1783184a3d",
"check": "reentrancy-no-eth", "check": "reentrancy-no-eth",
"impact": "Medium", "impact": "Medium",
"confidence": "Medium" "confidence": "Medium"

12
tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol.0.6.11.ReentrancyReadBeforeWritten.json
Unescape View File

@ -294,10 +294,10 @@
} }
} }
], ],
"description": "Reentrancy in ReentrancyWrite.bad0() (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#16-23):\n\tExternal calls:\n\t- (success) = msg.sender.call() (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#18)\n\tState variables written after the call(s):\n\t- notCalled = false (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#22)\n", "description": "Reentrancy in ReentrancyWrite.bad0() (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#16-23):\n\tExternal calls:\n\t- (success) = msg.sender.call() (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#18)\n\tState variables written after the call(s):\n\t- notCalled = false (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#22)\n\tReentrancyWrite.notCalled (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#4) can be used in cross function reentrancies:\n\t- ReentrancyWrite.bad0() (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#16-23)\n\t- ReentrancyWrite.bad1(address) (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#25-30)\n\t- ReentrancyWrite.constructor(address) (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#7-14)\n\t- ReentrancyWrite.good() (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#32-39)\n",
"markdown": "Reentrancy in [ReentrancyWrite.bad0()](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L16-L23):\n\tExternal calls:\n\t- [(success) = msg.sender.call()](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L18)\n\tState variables written after the call(s):\n\t- [notCalled = false](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L22)\n", "markdown": "Reentrancy in [ReentrancyWrite.bad0()](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L16-L23):\n\tExternal calls:\n\t- [(success) = msg.sender.call()](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L18)\n\tState variables written after the call(s):\n\t- [notCalled = false](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L22)\n\t[ReentrancyWrite.notCalled](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L4) can be used in cross function reentrancies:\n\t- [ReentrancyWrite.bad0()](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L16-L23)\n\t- [ReentrancyWrite.bad1(address)](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L25-L30)\n\t- [ReentrancyWrite.constructor(address)](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L7-L14)\n\t- [ReentrancyWrite.good()](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L32-L39)\n",
"first_markdown_element": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L16-L23", "first_markdown_element": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L16-L23",
"id": "6d19938cb98129ec5abb0fcde1a08ea92c6ab0125e210a1d4c10f27e9a9419cb", "id": "92d6df62568c8094a9c5cd5c7e4c7162054281244d3d3a1d4efe7df14d18a35a",
"check": "reentrancy-no-eth", "check": "reentrancy-no-eth",
"impact": "Medium", "impact": "Medium",
"confidence": "Medium" "confidence": "Medium"
@ -901,10 +901,10 @@
} }
} }
], ],
"description": "Reentrancy in ReentrancyWrite.bad1(address) (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#25-30):\n\tExternal calls:\n\t- (success) = msg.sender.call() (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#27)\n\t- bad0() (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#29)\n\t\t- (success) = msg.sender.call() (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#18)\n\tState variables written after the call(s):\n\t- bad0() (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#29)\n\t\t- notCalled = false (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#22)\n", "description": "Reentrancy in ReentrancyWrite.bad1(address) (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#25-30):\n\tExternal calls:\n\t- (success) = msg.sender.call() (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#27)\n\t- bad0() (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#29)\n\t\t- (success) = msg.sender.call() (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#18)\n\tState variables written after the call(s):\n\t- bad0() (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#29)\n\t\t- notCalled = false (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#22)\n\tReentrancyWrite.notCalled (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#4) can be used in cross function reentrancies:\n\t- ReentrancyWrite.bad0() (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#16-23)\n\t- ReentrancyWrite.bad1(address) (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#25-30)\n\t- ReentrancyWrite.constructor(address) (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#7-14)\n\t- ReentrancyWrite.good() (tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#32-39)\n",
"markdown": "Reentrancy in [ReentrancyWrite.bad1(address)](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L25-L30):\n\tExternal calls:\n\t- [(success) = msg.sender.call()](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L27)\n\t- [bad0()](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L29)\n\t\t- [(success) = msg.sender.call()](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L18)\n\tState variables written after the call(s):\n\t- [bad0()](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L29)\n\t\t- [notCalled = false](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L22)\n", "markdown": "Reentrancy in [ReentrancyWrite.bad1(address)](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L25-L30):\n\tExternal calls:\n\t- [(success) = msg.sender.call()](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L27)\n\t- [bad0()](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L29)\n\t\t- [(success) = msg.sender.call()](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L18)\n\tState variables written after the call(s):\n\t- [bad0()](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L29)\n\t\t- [notCalled = false](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L22)\n\t[ReentrancyWrite.notCalled](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L4) can be used in cross function reentrancies:\n\t- [ReentrancyWrite.bad0()](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L16-L23)\n\t- [ReentrancyWrite.bad1(address)](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L25-L30)\n\t- [ReentrancyWrite.constructor(address)](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L7-L14)\n\t- [ReentrancyWrite.good()](tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L32-L39)\n",
"first_markdown_element": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L25-L30", "first_markdown_element": "tests/detectors/reentrancy-no-eth/0.6.11/reentrancy-write.sol#L25-L30",
"id": "dfc70c3670d28f163af1fd624da8ace78193a8309e4c442462e7bc96e88eeae1", "id": "b0372b9d2879e62eb13c185a89ae1e80653ef3339cb5521630a9717e1592100e",
"check": "reentrancy-no-eth", "check": "reentrancy-no-eth",
"impact": "Medium", "impact": "Medium",
"confidence": "Medium" "confidence": "Medium"

352
tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol.0.7.6.ReentrancyReadBeforeWritten.json
Unescape View File

@ -4,21 +4,23 @@
"elements": [ "elements": [
{ {
"type": "function", "type": "function",
"name": "bad1", "name": "bad0",
"source_mapping": { "source_mapping": {
"start": 577, "start": 383,
"length": 161, "length": 188,
"filename_relative": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol", "filename_relative": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol",
"filename_absolute": "/GENERIC_PATH", "filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol", "filename_short": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol",
"is_dependency": false, "is_dependency": false,
"lines": [ "lines": [
29, 20,
30, 21,
31, 22,
32, 23,
33, 24,
34 25,
26,
27
], ],
"starting_column": 5, "starting_column": 5,
"ending_column": 6 "ending_column": 6
@ -79,21 +81,21 @@
"ending_column": 2 "ending_column": 2
} }
}, },
"signature": "bad1(address)" "signature": "bad0()"
} }
}, },
{ {
"type": "node", "type": "node",
"name": "(success) = msg.sender.call()", "name": "(success) = msg.sender.call()",
"source_mapping": { "source_mapping": {
"start": 652, "start": 444,
"length": 37, "length": 37,
"filename_relative": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol", "filename_relative": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol",
"filename_absolute": "/GENERIC_PATH", "filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol", "filename_short": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol",
"is_dependency": false, "is_dependency": false,
"lines": [ "lines": [
31 22
], ],
"starting_column": 9, "starting_column": 9,
"ending_column": 46 "ending_column": 46
@ -101,21 +103,23 @@
"type_specific_fields": { "type_specific_fields": {
"parent": { "parent": {
"type": "function", "type": "function",
"name": "bad1", "name": "bad0",
"source_mapping": { "source_mapping": {
"start": 577, "start": 383,
"length": 161, "length": 188,
"filename_relative": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol", "filename_relative": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol",
"filename_absolute": "/GENERIC_PATH", "filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol", "filename_short": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol",
"is_dependency": false, "is_dependency": false,
"lines": [ "lines": [
29, 20,
30, 21,
31, 22,
32, 23,
33, 24,
34 25,
26,
27
], ],
"starting_column": 5, "starting_column": 5,
"ending_column": 6 "ending_column": 6
@ -176,7 +180,7 @@
"ending_column": 2 "ending_column": 2
} }
}, },
"signature": "bad1(address)" "signature": "bad0()"
} }
} }
}, },
@ -186,38 +190,40 @@
}, },
{ {
"type": "node", "type": "node",
"name": "bad0()", "name": "notCalled = false",
"source_mapping": { "source_mapping": {
"start": 725, "start": 547,
"length": 6, "length": 17,
"filename_relative": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol", "filename_relative": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol",
"filename_absolute": "/GENERIC_PATH", "filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol", "filename_short": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol",
"is_dependency": false, "is_dependency": false,
"lines": [ "lines": [
33 26
], ],
"starting_column": 9, "starting_column": 9,
"ending_column": 15 "ending_column": 26
}, },
"type_specific_fields": { "type_specific_fields": {
"parent": { "parent": {
"type": "function", "type": "function",
"name": "bad1", "name": "bad0",
"source_mapping": { "source_mapping": {
"start": 577, "start": 383,
"length": 161, "length": 188,
"filename_relative": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol", "filename_relative": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol",
"filename_absolute": "/GENERIC_PATH", "filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol", "filename_short": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol",
"is_dependency": false, "is_dependency": false,
"lines": [ "lines": [
29, 20,
30, 21,
31, 22,
32, 23,
33, 24,
34 25,
26,
27
], ],
"starting_column": 5, "starting_column": 5,
"ending_column": 6 "ending_column": 6
@ -278,42 +284,72 @@
"ending_column": 2 "ending_column": 2
} }
}, },
"signature": "bad1(address)" "signature": "bad0()"
} }
} }
}, },
"additional_fields": { "additional_fields": {
"underlying_type": "external_calls" "underlying_type": "variables_written",
"variable_name": "notCalled"
} }
}, }
],
"description": "Reentrancy in ReentrancyWrite.bad0() (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#20-27):\n\tExternal calls:\n\t- (success) = msg.sender.call() (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#22)\n\tState variables written after the call(s):\n\t- notCalled = false (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#26)\n\tReentrancyWrite.notCalled (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#8) can be used in cross function reentrancies:\n\t- ReentrancyWrite.bad0() (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#20-27)\n\t- ReentrancyWrite.bad1(address) (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#29-34)\n\t- ReentrancyWrite.constructor(address) (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#11-18)\n\t- ReentrancyWrite.good() (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#36-43)\n",
"markdown": "Reentrancy in [ReentrancyWrite.bad0()](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L20-L27):\n\tExternal calls:\n\t- [(success) = msg.sender.call()](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L22)\n\tState variables written after the call(s):\n\t- [notCalled = false](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L26)\n\t[ReentrancyWrite.notCalled](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L8) can be used in cross function reentrancies:\n\t- [ReentrancyWrite.bad0()](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L20-L27)\n\t- [ReentrancyWrite.bad1(address)](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L29-L34)\n\t- [ReentrancyWrite.constructor(address)](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L11-L18)\n\t- [ReentrancyWrite.good()](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L36-L43)\n",
"first_markdown_element": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L20-L27",
"id": "24a6dbb0286f86f1dac424bdc447262dcbfda1a1c637c4c0f21885b82eb9af24",
"check": "reentrancy-no-eth",
"impact": "Medium",
"confidence": "Medium"
},
{
"elements": [
{ {
"type": "node", "type": "function",
"name": "(success) = msg.sender.call()", "name": "bad1",
"source_mapping": { "source_mapping": {
"start": 444, "start": 577,
"length": 37, "length": 161,
"filename_relative": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol", "filename_relative": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol",
"filename_absolute": "/GENERIC_PATH", "filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol", "filename_short": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol",
"is_dependency": false, "is_dependency": false,
"lines": [ "lines": [
22 29,
30,
31,
32,
33,
34
], ],
"starting_column": 9, "starting_column": 5,
"ending_column": 46 "ending_column": 6
}, },
"type_specific_fields": { "type_specific_fields": {
"parent": { "parent": {
"type": "function", "type": "contract",
"name": "bad0", "name": "ReentrancyWrite",
"source_mapping": { "source_mapping": {
"start": 383, "start": 82,
"length": 188, "length": 852,
"filename_relative": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol", "filename_relative": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol",
"filename_absolute": "/GENERIC_PATH", "filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol", "filename_short": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol",
"is_dependency": false, "is_dependency": false,
"lines": [ "lines": [
7,
8,
9,
10,
11,
12,
13,
14,
15,
16,
17,
18,
19,
20, 20,
21, 21,
22, 22,
@ -321,7 +357,67 @@
24, 24,
25, 25,
26, 26,
27 27,
28,
29,
30,
31,
32,
33,
34,
35,
36,
37,
38,
39,
40,
41,
42,
43,
44,
45
],
"starting_column": 1,
"ending_column": 2
}
},
"signature": "bad1(address)"
}
},
{
"type": "node",
"name": "(success) = msg.sender.call()",
"source_mapping": {
"start": 652,
"length": 37,
"filename_relative": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol",
"filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol",
"is_dependency": false,
"lines": [
31
],
"starting_column": 9,
"ending_column": 46
},
"type_specific_fields": {
"parent": {
"type": "function",
"name": "bad1",
"source_mapping": {
"start": 577,
"length": 161,
"filename_relative": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol",
"filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol",
"is_dependency": false,
"lines": [
29,
30,
31,
32,
33,
34
], ],
"starting_column": 5, "starting_column": 5,
"ending_column": 6 "ending_column": 6
@ -382,12 +478,12 @@
"ending_column": 2 "ending_column": 2
} }
}, },
"signature": "bad0()" "signature": "bad1(address)"
} }
} }
}, },
"additional_fields": { "additional_fields": {
"underlying_type": "external_calls_sending_eth" "underlying_type": "external_calls"
} }
}, },
{ {
@ -489,25 +585,24 @@
} }
}, },
"additional_fields": { "additional_fields": {
"underlying_type": "variables_written", "underlying_type": "external_calls"
"variable_name": "notCalled"
} }
}, },
{ {
"type": "node", "type": "node",
"name": "notCalled = false", "name": "(success) = msg.sender.call()",
"source_mapping": { "source_mapping": {
"start": 547, "start": 444,
"length": 17, "length": 37,
"filename_relative": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol", "filename_relative": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol",
"filename_absolute": "/GENERIC_PATH", "filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol", "filename_short": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol",
"is_dependency": false, "is_dependency": false,
"lines": [ "lines": [
26 22
], ],
"starting_column": 9, "starting_column": 9,
"ending_column": 26 "ending_column": 46
}, },
"type_specific_fields": { "type_specific_fields": {
"parent": { "parent": {
@ -594,139 +689,43 @@
} }
}, },
"additional_fields": { "additional_fields": {
"underlying_type": "variables_written", "underlying_type": "external_calls_sending_eth"
"variable_name": "notCalled"
} }
} },
],
"description": "Reentrancy in ReentrancyWrite.bad1(address) (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#29-34):\n\tExternal calls:\n\t- (success) = msg.sender.call() (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#31)\n\t- bad0() (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#33)\n\t\t- (success) = msg.sender.call() (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#22)\n\tState variables written after the call(s):\n\t- bad0() (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#33)\n\t\t- notCalled = false (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#26)\n",
"markdown": "Reentrancy in [ReentrancyWrite.bad1(address)](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L29-L34):\n\tExternal calls:\n\t- [(success) = msg.sender.call()](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L31)\n\t- [bad0()](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L33)\n\t\t- [(success) = msg.sender.call()](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L22)\n\tState variables written after the call(s):\n\t- [bad0()](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L33)\n\t\t- [notCalled = false](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L26)\n",
"first_markdown_element": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L29-L34",
"id": "11273f8e5ccbb848ea0de9b7c15e3fb66deb7c061265f88b8aa7646eed935c0e",
"check": "reentrancy-no-eth",
"impact": "Medium",
"confidence": "Medium"
},
{
"elements": [
{ {
"type": "function", "type": "node",
"name": "bad0", "name": "bad0()",
"source_mapping": { "source_mapping": {
"start": 383, "start": 725,
"length": 188, "length": 6,
"filename_relative": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol", "filename_relative": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol",
"filename_absolute": "/GENERIC_PATH", "filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol", "filename_short": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol",
"is_dependency": false, "is_dependency": false,
"lines": [ "lines": [
20, 33
21,
22,
23,
24,
25,
26,
27
], ],
"starting_column": 5, "starting_column": 9,
"ending_column": 6 "ending_column": 15
}, },
"type_specific_fields": { "type_specific_fields": {
"parent": { "parent": {
"type": "contract", "type": "function",
"name": "ReentrancyWrite", "name": "bad1",
"source_mapping": { "source_mapping": {
"start": 82, "start": 577,
"length": 852, "length": 161,
"filename_relative": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol", "filename_relative": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol",
"filename_absolute": "/GENERIC_PATH", "filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol", "filename_short": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol",
"is_dependency": false, "is_dependency": false,
"lines": [ "lines": [
7,
8,
9,
10,
11,
12,
13,
14,
15,
16,
17,
18,
19,
20,
21,
22,
23,
24,
25,
26,
27,
28,
29, 29,
30, 30,
31, 31,
32, 32,
33, 33,
34, 34
35,
36,
37,
38,
39,
40,
41,
42,
43,
44,
45
],
"starting_column": 1,
"ending_column": 2
}
},
"signature": "bad0()"
}
},
{
"type": "node",
"name": "(success) = msg.sender.call()",
"source_mapping": {
"start": 444,
"length": 37,
"filename_relative": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol",
"filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol",
"is_dependency": false,
"lines": [
22
],
"starting_column": 9,
"ending_column": 46
},
"type_specific_fields": {
"parent": {
"type": "function",
"name": "bad0",
"source_mapping": {
"start": 383,
"length": 188,
"filename_relative": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol",
"filename_absolute": "/GENERIC_PATH",
"filename_short": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol",
"is_dependency": false,
"lines": [
20,
21,
22,
23,
24,
25,
26,
27
], ],
"starting_column": 5, "starting_column": 5,
"ending_column": 6 "ending_column": 6
@ -787,12 +786,13 @@
"ending_column": 2 "ending_column": 2
} }
}, },
"signature": "bad0()" "signature": "bad1(address)"
} }
} }
}, },
"additional_fields": { "additional_fields": {
"underlying_type": "external_calls" "underlying_type": "variables_written",
"variable_name": "notCalled"
} }
}, },
{ {
@ -901,10 +901,10 @@
} }
} }
], ],
"description": "Reentrancy in ReentrancyWrite.bad0() (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#20-27):\n\tExternal calls:\n\t- (success) = msg.sender.call() (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#22)\n\tState variables written after the call(s):\n\t- notCalled = false (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#26)\n", "description": "Reentrancy in ReentrancyWrite.bad1(address) (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#29-34):\n\tExternal calls:\n\t- (success) = msg.sender.call() (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#31)\n\t- bad0() (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#33)\n\t\t- (success) = msg.sender.call() (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#22)\n\tState variables written after the call(s):\n\t- bad0() (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#33)\n\t\t- notCalled = false (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#26)\n\tReentrancyWrite.notCalled (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#8) can be used in cross function reentrancies:\n\t- ReentrancyWrite.bad0() (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#20-27)\n\t- ReentrancyWrite.bad1(address) (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#29-34)\n\t- ReentrancyWrite.constructor(address) (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#11-18)\n\t- ReentrancyWrite.good() (tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#36-43)\n",
"markdown": "Reentrancy in [ReentrancyWrite.bad0()](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L20-L27):\n\tExternal calls:\n\t- [(success) = msg.sender.call()](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L22)\n\tState variables written after the call(s):\n\t- [notCalled = false](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L26)\n", "markdown": "Reentrancy in [ReentrancyWrite.bad1(address)](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L29-L34):\n\tExternal calls:\n\t- [(success) = msg.sender.call()](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L31)\n\t- [bad0()](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L33)\n\t\t- [(success) = msg.sender.call()](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L22)\n\tState variables written after the call(s):\n\t- [bad0()](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L33)\n\t\t- [notCalled = false](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L26)\n\t[ReentrancyWrite.notCalled](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L8) can be used in cross function reentrancies:\n\t- [ReentrancyWrite.bad0()](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L20-L27)\n\t- [ReentrancyWrite.bad1(address)](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L29-L34)\n\t- [ReentrancyWrite.constructor(address)](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L11-L18)\n\t- [ReentrancyWrite.good()](tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L36-L43)\n",
"first_markdown_element": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L20-L27", "first_markdown_element": "tests/detectors/reentrancy-no-eth/0.7.6/reentrancy-write.sol#L29-L34",
"id": "ef995e89d54c7b577af2ca26540e01da65ac0e2466d6d7a58e4d11e9211b12a4", "id": "e8259d1bbe21b2c12ea23f8ed1c67b9a8f63a1828d3b91db1f7b78ddd43ef7d6",
"check": "reentrancy-no-eth", "check": "reentrancy-no-eth",
"impact": "Medium", "impact": "Medium",
"confidence": "Medium" "confidence": "Medium"

1
tests/test_detectors.py
Unescape View File

@ -362,6 +362,7 @@ ALL_TEST_OBJECTS = [
"DAO.sol", "DAO.sol",
"0.4.25", "0.4.25",
), ),
Test(all_detectors.ReentrancyEth, "reentrancy_with_non_reentrant.sol", "0.8.10"),
Test( Test(
all_detectors.UninitializedStorageVars, all_detectors.UninitializedStorageVars,
"uninitialized_storage_pointer.sol", "uninitialized_storage_pointer.sol",

17
tests/test_function.py
Unescape View File

@ -244,6 +244,7 @@ def test_functions():
def test_function_can_send_eth(): def test_function_can_send_eth():
solc_select.switch_global_version("0.6.12", always_install=True)
slither = Slither("tests/test_function.sol") slither = Slither("tests/test_function.sol")
compilation_unit = slither.compilation_units[0] compilation_unit = slither.compilation_units[0]
functions = compilation_unit.get_contract_from_name("TestFunctionCanSendEth")[ functions = compilation_unit.get_contract_from_name("TestFunctionCanSendEth")[
@ -266,6 +267,22 @@ def test_function_can_send_eth():
assert functions["highlevel_call_via_external()"].can_send_eth() is False assert functions["highlevel_call_via_external()"].can_send_eth() is False
def test_reentrant():
solc_select.switch_global_version("0.8.10", always_install=True)
slither = Slither("tests/test_function_reentrant.sol")
compilation_unit = slither.compilation_units[0]
functions = compilation_unit.get_contract_from_name("TestReentrant")[
0
].available_functions_as_dict()
assert functions["is_reentrant()"].is_reentrant
assert not functions["is_non_reentrant()"].is_reentrant
assert not functions["internal_and_not_reentrant()"].is_reentrant
assert not functions["internal_and_not_reentrant2()"].is_reentrant
assert functions["internal_and_could_be_reentrant()"].is_reentrant
assert functions["internal_and_reentrant()"].is_reentrant
def test_public_variable() -> None: def test_public_variable() -> None:
solc_select.switch_global_version("0.6.12", always_install=True) solc_select.switch_global_version("0.6.12", always_install=True)
slither = Slither("tests/test_function.sol") slither = Slither("tests/test_function.sol")

36
tests/test_function_reentrant.sol
Unescape View File

@ -0,0 +1,36 @@
contract TestReentrant{
modifier nonReentrant(){
_;
}
function is_reentrant() public{
internal_and_could_be_reentrant();
internal_and_reentrant();
}
function is_non_reentrant() nonReentrant() public{
internal_and_could_be_reentrant();
internal_and_not_reentrant2();
}
function internal_and_not_reentrant() nonReentrant() internal{
}
function internal_and_not_reentrant2() internal{
}
// Called by a protected and unprotected function
function internal_and_could_be_reentrant() internal{
}
// Called by a protected and unprotected function
function internal_and_reentrant() internal{
}
}
Write Preview
Loading…
Cancel
Save