From 5d88be8328522efe84d3c0c13803d9366de2b44c Mon Sep 17 00:00:00 2001 From: Eric Rafaloff Date: Wed, 12 Jun 2019 11:26:04 -0400 Subject: [PATCH 1/5] Detect Aragon OS --- slither/utils/standard_libraries.py | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/slither/utils/standard_libraries.py b/slither/utils/standard_libraries.py index c73a29b93..8ae3e5978 100644 --- a/slither/utils/standard_libraries.py +++ b/slither/utils/standard_libraries.py @@ -13,6 +13,7 @@ libraries = { 'Dapphub-DSToken': lambda x: is_dapphub_ds_token(x), 'Dapphub-DSProxy': lambda x: is_dapphub_ds_proxy(x), 'Dapphub-DSGroup': lambda x: is_dapphub_ds_group(x), + 'AragonOS-App': lambda x: is_aragonos_app(x) } def is_standard_library(contract): @@ -41,6 +42,12 @@ def is_zos(contract): return 'zos-lib' in Path(contract.source_mapping['filename_absolute']).parts +def is_aragonos(contract): + if not contract.is_from_dependency(): + return False + return '@aragon/os' in Path(contract.source_mapping['filename_absolute']).parts + + # endregion ################################################################################### ################################################################################### @@ -191,3 +198,13 @@ def is_ds_group(contract): def is_dapphub_ds_group(contract): return _is_dappdhub_ds(contract, 'DSGroup') + +# endregion +################################################################################### +################################################################################### +# region Aragon +################################################################################### +################################################################################### + +def is_aragonos_app(contract): + return contract.name == "AragonApp" and is_aragonos(contract) From 99ad5b1bf3eb53fadac8bd74802d12e7eceed0a0 Mon Sep 17 00:00:00 2001 From: Josselin Date: Thu, 13 Jun 2019 10:56:10 +0200 Subject: [PATCH 2/5] Add CONTRIBUTING.md --- CONTRIBUTING.md | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 CONTRIBUTING.md diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 000000000..c5b078541 --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,24 @@ +# Contributing to Manticore +First, thanks for your interest in contributing to Slither! We welcome and appreciate all contributions, including bug reports, feature suggestions, tutorials/blog posts, and code improvements. + +If you're unsure where to start, we recommend our [`good first issue`](https://github.com/crytic/slither/issues?q=is%3Aissue+is%3Aopen+label%3A%22good+first+issue%22) and [`help wanted`](https://github.com/crytic/slither/issues?q=is%3Aissue+is%3Aopen+label%3A%22help+wanted%22) issue labels. + +# Bug reports and feature suggestions +Bug reports and feature suggestions can be submitted to our issue tracker. For bug reports, attaching the contract that caused the bug will help us in debugging and resolving the issue quickly. If you find a security vulnerability, do not open an issue; email opensource@trailofbits.com instead. + +# Questions +Questions can be submitted to the issue tracker, but you may get a faster response if you ask in our [chat room](https://empireslacking.herokuapp.com/) (in the #ethereum channel). + +# Code +Slither uses the pull request contribution model. Please make an account on Github, fork this repo, and submit code contributions via pull request. For more documentation, look [here](https://guides.github.com/activities/forking/). + +Some pull request guidelines: + +- Work from the [`dev`](https://github.com/crytic/slither/tree/dev) branch. We performed extensive tests prior to merging anything to `master`, working from `dev` will allow us to merge your work faster. +- Minimize irrelevant changes (formatting, whitespace, etc) to code that would otherwise not be touched by this patch. Save formatting or style corrections for a separate pull request that does not make any semantic changes. +- When possible, large changes should be split up into smaller focused pull requests. +- Fill out the pull request description with a summary of what your patch does, key changes that have been made, and any further points of discussion, if applicable. +- Title your pull request with a brief description of what it's changing. "Fixes #123" is a good comment to add to the description, but makes for an unclear title on its own. + +# Development Environment +Instructions for installing a development version of Slither can be found in our [wiki](https://github.com/crytic/slither/wiki/Developer-installation). From b275bcc824b1b932310cf03b6bfb1a1fef0ebae1 Mon Sep 17 00:00:00 2001 From: Josselin Date: Thu, 13 Jun 2019 11:27:37 +0200 Subject: [PATCH 3/5] Add demo utility --- utils/demo/README.md | 6 ++++++ utils/demo/__init__.py | 0 utils/demo/__main__.py | 38 ++++++++++++++++++++++++++++++++++++++ 3 files changed, 44 insertions(+) create mode 100644 utils/demo/README.md create mode 100644 utils/demo/__init__.py create mode 100644 utils/demo/__main__.py diff --git a/utils/demo/README.md b/utils/demo/README.md new file mode 100644 index 000000000..00bdec0b4 --- /dev/null +++ b/utils/demo/README.md @@ -0,0 +1,6 @@ +## Demo + +This directory contains an example of Slither utility. + +See the [utility documentation](https://github.com/crytic/slither/wiki/Adding-a-new-utility) + diff --git a/utils/demo/__init__.py b/utils/demo/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/utils/demo/__main__.py b/utils/demo/__main__.py new file mode 100644 index 000000000..4bee3b449 --- /dev/null +++ b/utils/demo/__main__.py @@ -0,0 +1,38 @@ +import os +import argparse +import logging +from slither import Slither +from crytic_compile import cryticparser + +logging.basicConfig() +logging.getLogger("Slither").setLevel(logging.INFO) + +logger = logging.getLogger("Slither-demo") + +def parse_args(): + """ + Parse the underlying arguments for the program. + :return: Returns the arguments for the program. + """ + parser = argparse.ArgumentParser(description='Demo', + usage='slither-demo filename') + + parser.add_argument('filename', + help='The filename of the contract or truffle directory to analyze.') + + # Add default arguments from crytic-compile + cryticparser.init(parser) + + return parser.parse_args() + + +def main(): + args = parse_args() + + # Perform slither analysis on the given filename + slither = Slither(args.filename, **vars(args)) + + logger.info('Analysis done!') + +if __name__ == '__main__': + main() From df17fb877996da93a62872d6b78402aeeca9a556 Mon Sep 17 00:00:00 2001 From: Eric Rafaloff Date: Thu, 20 Jun 2019 10:50:03 -0400 Subject: [PATCH 4/5] Detect more AragonOS contracts --- slither/utils/standard_libraries.py | 78 ++++++++++++++++++++++++++++- 1 file changed, 76 insertions(+), 2 deletions(-) diff --git a/slither/utils/standard_libraries.py b/slither/utils/standard_libraries.py index 8ae3e5978..d1c0bdbec 100644 --- a/slither/utils/standard_libraries.py +++ b/slither/utils/standard_libraries.py @@ -13,7 +13,24 @@ libraries = { 'Dapphub-DSToken': lambda x: is_dapphub_ds_token(x), 'Dapphub-DSProxy': lambda x: is_dapphub_ds_proxy(x), 'Dapphub-DSGroup': lambda x: is_dapphub_ds_group(x), - 'AragonOS-App': lambda x: is_aragonos_app(x) + 'AragonOS-SafeMath': lambda x: is_aragonos_safemath(x), + 'AragonOS-ERC20': lambda x: is_aragonos_erc20(x), + 'AragonOS-AppProxyBase': lambda x: is_aragonos_app_proxy_base(x), + 'AragonOS-AppProxyPinned': lambda x: is_aragonos_app_proxy_pinned(x), + 'AragonOS-AppProxyUpgradeable': lambda x: is_aragonos_app_proxy_upgradeable(x), + 'AragonOS-AppStorage': lambda x: is_aragonos_app_storage(x), + 'AragonOS-AragonApp': lambda x: is_aragonos_aragon_app(x), + 'AragonOS-UnsafeAragonApp': lambda x: is_aragonos_unsafe_aragon_app(x), + 'AragonOS-Autopetrified': lambda x: is_aragonos_autopetrified(x), + 'AragonOS-DelegateProxy': lambda x: is_aragonos_delegate_proxy(x), + 'AragonOS-DepositableDelegateProxy': lambda x: is_aragonos_depositable_delegate_proxy(x), + 'AragonOS-DepositableStorage': lambda x: is_aragonos_delegate_proxy(x), + 'AragonOS-Initializable': lambda x: is_aragonos_initializable(x), + 'AragonOS-IsContract': lambda x: is_aragonos_is_contract(x), + 'AragonOS-Petrifiable': lambda x: is_aragonos_petrifiable(x), + 'AragonOS-ReentrancyGuard': lambda x: is_aragonos_reentrancy_guard(x), + 'AragonOS-TimeHelpers': lambda x: is_aragonos_time_helpers(x), + 'AragonOS-VaultRecoverable': lambda x: is_aragonos_vault_recoverable(x) } def is_standard_library(contract): @@ -63,6 +80,11 @@ def is_safemath(contract): def is_openzepellin_safemath(contract): return is_safemath(contract) and is_openzepellin(contract) + +def is_aragonos_safemath(contract): + return is_safemath(contract) and is_aragonos(contract) + + # endregion ################################################################################### ################################################################################### @@ -111,6 +133,10 @@ def is_openzepellin_erc20(contract): return is_erc20(contract) and is_openzepellin(contract) +def is_aragonos_erc20(contract): + return is_erc20(contract) and is_openzepellin(contract) + + # endregion ################################################################################### ################################################################################### @@ -206,5 +232,53 @@ def is_dapphub_ds_group(contract): ################################################################################### ################################################################################### -def is_aragonos_app(contract): +def is_aragonos_app_proxy_base(contract): + return contract.name == "AppProxyBase" and is_aragonos(contract) + +def is_aragonos_app_proxy_pinned(contract): + return contract.name == "AppProxyPinned" and is_aragonos(contract) + +def is_aragonos_app_proxy_upgradeable(contract): + return contract.name == "AppProxyUpgradeable" and is_aragonos(contract) + +def is_aragonos_app_storage(contract): + return contract.name == "AppStorage" and is_aragonos(contract) + +def is_aragonos_aragon_app(contract): return contract.name == "AragonApp" and is_aragonos(contract) + +def is_aragonos_unsafe_aragon_app(contract): + return contract.name == "UnsafeAragonApp" and is_aragonos(contract) + +def is_aragonos_autopetrified(contract): + return contract.name == "Autopetrified" and is_aragonos(contract) + +def is_aragonos_delegate_proxy(contract): + return contract.name == "DelegateProxy" and is_aragonos(contract) + +def is_aragonos_depositable_delegate_proxy(contract): + return contract.name == "DepositableDelegateProxy" and is_aragonos(contract) + +def is_aragonos_depositable_storage(contract): + return contract.name == "DepositableStorage" and is_aragonos(contract) + +def is_aragonos_ether_token_contract(contract): + return contract.name == "EtherTokenConstant" and is_aragonos(contract) + +def is_aragonos_initializable(contract): + return contract.name == "Initializable" and is_aragonos(contract) + +def is_aragonos_is_contract(contract): + return contract.name == "IsContract" and is_aragonos(contract) + +def is_aragonos_petrifiable(contract): + return contract.name == "Petrifiable" and is_aragonos(contract) + +def is_aragonos_reentrancy_guard(contract): + return contract.name == "ReentrancyGuard" and is_aragonos(contract) + +def is_aragonos_time_helpers(contract): + return contract.name == "TimeHelpers" and is_aragonos(contract) + +def is_aragonos_vault_recoverable(contract): + return contract.name == "VaultRecoverable" and is_aragonos(contract) From 76eb43930a000cffecb598df10f749550ab74dc0 Mon Sep 17 00:00:00 2001 From: Eric Rafaloff Date: Thu, 20 Jun 2019 10:50:46 -0400 Subject: [PATCH 5/5] Fix typo in check --- slither/utils/standard_libraries.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/slither/utils/standard_libraries.py b/slither/utils/standard_libraries.py index d1c0bdbec..e138e6c35 100644 --- a/slither/utils/standard_libraries.py +++ b/slither/utils/standard_libraries.py @@ -134,7 +134,7 @@ def is_openzepellin_erc20(contract): def is_aragonos_erc20(contract): - return is_erc20(contract) and is_openzepellin(contract) + return is_erc20(contract) and is_aragonos(contract) # endregion