From 22c55f5f8bfc491b879dc378a2906df727e45b5b Mon Sep 17 00:00:00 2001 From: plotchy Date: Tue, 8 Nov 2022 12:19:05 -0500 Subject: [PATCH 01/42] support abi.encodeCall --- slither/core/declarations/solidity_variables.py | 1 + slither/slithir/convert.py | 1 + 2 files changed, 2 insertions(+) diff --git a/slither/core/declarations/solidity_variables.py b/slither/core/declarations/solidity_variables.py index 1696f464f..3a5db010c 100644 --- a/slither/core/declarations/solidity_variables.py +++ b/slither/core/declarations/solidity_variables.py @@ -70,6 +70,7 @@ SOLIDITY_FUNCTIONS: Dict[str, List[str]] = { "abi.encodePacked()": ["bytes"], "abi.encodeWithSelector()": ["bytes"], "abi.encodeWithSignature()": ["bytes"], + "abi.encodeCall()": ["bytes"], "bytes.concat()": ["bytes"], "string.concat()": ["string"], # abi.decode returns an a list arbitrary types diff --git a/slither/slithir/convert.py b/slither/slithir/convert.py index a35c50220..4043b878b 100644 --- a/slither/slithir/convert.py +++ b/slither/slithir/convert.py @@ -1139,6 +1139,7 @@ def can_be_solidity_func(ir) -> bool: "encodePacked", "encodeWithSelector", "encodeWithSignature", + "encodeCall", "decode", ] From d4adca66dacf1363a32b8da3f10c76f19be70e06 Mon Sep 17 00:00:00 2001 From: Ardis Lu Date: Mon, 14 Nov 2022 22:13:02 -0800 Subject: [PATCH 02/42] Remove unnecessary uppercase check --- .../naming_convention/naming_convention.py | 29 +++++++++---------- 1 file changed, 14 insertions(+), 15 deletions(-) diff --git a/slither/detectors/naming_convention/naming_convention.py b/slither/detectors/naming_convention/naming_convention.py index 706f4ae6c..177eaaf25 100644 --- a/slither/detectors/naming_convention/naming_convention.py +++ b/slither/detectors/naming_convention/naming_convention.py @@ -119,22 +119,21 @@ Solidity defines a [naming convention](https://solidity.readthedocs.io/en/v0.4.2 for var in contract.state_variables_declared: if self.should_avoid_name(var.name): - if not self.is_upper_case_with_underscores(var.name): - info = [ - "Variable ", - var, - " used l, O, I, which should not be used\n", - ] + info = [ + "Variable ", + var, + " used l, O, I, which should not be used\n", + ] - res = self.generate_result(info) - res.add( - var, - { - "target": "variable", - "convention": "l_O_I_should_not_be_used", - }, - ) - results.append(res) + res = self.generate_result(info) + res.add( + var, + { + "target": "variable", + "convention": "l_O_I_should_not_be_used", + }, + ) + results.append(res) if var.is_constant is True: # For ERC20 compatibility From 4254ea9d7d2cc4174fa1e00bbc9d6a558fbc9471 Mon Sep 17 00:00:00 2001 From: Ardis Lu Date: Mon, 14 Nov 2022 22:15:29 -0800 Subject: [PATCH 03/42] Clarify info message --- slither/detectors/naming_convention/naming_convention.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/slither/detectors/naming_convention/naming_convention.py b/slither/detectors/naming_convention/naming_convention.py index 177eaaf25..5e81f003c 100644 --- a/slither/detectors/naming_convention/naming_convention.py +++ b/slither/detectors/naming_convention/naming_convention.py @@ -122,7 +122,7 @@ Solidity defines a [naming convention](https://solidity.readthedocs.io/en/v0.4.2 info = [ "Variable ", var, - " used l, O, I, which should not be used\n", + " is single letter l, O, or I, which should not be used\n", ] res = self.generate_result(info) From 82ab9888e6acf53cf09e07d61b4b53cd6c93632a Mon Sep 17 00:00:00 2001 From: Ardis Lu Date: Mon, 14 Nov 2022 22:42:43 -0800 Subject: [PATCH 04/42] Add tests for single letter variable name O or I --- .../0.4.25/naming_convention.sol | 2 + ...onvention.sol.0.4.25.NamingConvention.json | 300 +++++++++++++++++- .../0.5.16/naming_convention.sol | 2 + ...onvention.sol.0.5.16.NamingConvention.json | 300 +++++++++++++++++- .../0.6.11/naming_convention.sol | 2 + ...onvention.sol.0.6.11.NamingConvention.json | 300 +++++++++++++++++- .../0.7.6/naming_convention.sol | 2 + ...convention.sol.0.7.6.NamingConvention.json | 300 +++++++++++++++++- 8 files changed, 1156 insertions(+), 52 deletions(-) diff --git a/tests/detectors/naming-convention/0.4.25/naming_convention.sol b/tests/detectors/naming-convention/0.4.25/naming_convention.sol index 6c4b2f936..7181ca911 100644 --- a/tests/detectors/naming-convention/0.4.25/naming_convention.sol +++ b/tests/detectors/naming-convention/0.4.25/naming_convention.sol @@ -65,6 +65,8 @@ contract T { uint constant M = 1; uint l = 1; + uint O = 1; + uint I = 1; } contract ParameterNameEmptyString { diff --git a/tests/detectors/naming-convention/0.4.25/naming_convention.sol.0.4.25.NamingConvention.json b/tests/detectors/naming-convention/0.4.25/naming_convention.sol.0.4.25.NamingConvention.json index 1ad64a988..003ec85c3 100644 --- a/tests/detectors/naming-convention/0.4.25/naming_convention.sol.0.4.25.NamingConvention.json +++ b/tests/detectors/naming-convention/0.4.25/naming_convention.sol.0.4.25.NamingConvention.json @@ -98,6 +98,207 @@ "impact": "Informational", "confidence": "High" }, + { + "elements": [ + { + "type": "variable", + "name": "I", + "source_mapping": { + "start": 932, + "length": 10, + "filename_relative": "tests/detectors/naming-convention/0.4.25/naming_convention.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/naming-convention/0.4.25/naming_convention.sol", + "is_dependency": false, + "lines": [ + 69 + ], + "starting_column": 5, + "ending_column": 15 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "T", + "source_mapping": { + "start": 692, + "length": 253, + "filename_relative": "tests/detectors/naming-convention/0.4.25/naming_convention.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/naming-convention/0.4.25/naming_convention.sol", + "is_dependency": false, + "lines": [ + 54, + 55, + 56, + 57, + 58, + 59, + 60, + 61, + 62, + 63, + 64, + 65, + 66, + 67, + 68, + 69, + 70 + ], + "starting_column": 1, + "ending_column": 2 + } + } + }, + "additional_fields": { + "target": "variable", + "convention": "mixedCase" + } + } + ], + "description": "Variable T.I (tests/detectors/naming-convention/0.4.25/naming_convention.sol#69) is not in mixedCase\n", + "markdown": "Variable [T.I](tests/detectors/naming-convention/0.4.25/naming_convention.sol#L69) is not in mixedCase\n", + "first_markdown_element": "tests/detectors/naming-convention/0.4.25/naming_convention.sol#L69", + "id": "12df12bbda2059673d356e5c32ec4e8a037a3821c9fa42b831a9144437cb79f9", + "check": "naming-convention", + "impact": "Informational", + "confidence": "High" + }, + { + "elements": [ + { + "type": "variable", + "name": "I", + "source_mapping": { + "start": 932, + "length": 10, + "filename_relative": "tests/detectors/naming-convention/0.4.25/naming_convention.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/naming-convention/0.4.25/naming_convention.sol", + "is_dependency": false, + "lines": [ + 69 + ], + "starting_column": 5, + "ending_column": 15 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "T", + "source_mapping": { + "start": 692, + "length": 253, + "filename_relative": "tests/detectors/naming-convention/0.4.25/naming_convention.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/naming-convention/0.4.25/naming_convention.sol", + "is_dependency": false, + "lines": [ + 54, + 55, + 56, + 57, + 58, + 59, + 60, + 61, + 62, + 63, + 64, + 65, + 66, + 67, + 68, + 69, + 70 + ], + "starting_column": 1, + "ending_column": 2 + } + } + }, + "additional_fields": { + "target": "variable", + "convention": "l_O_I_should_not_be_used" + } + } + ], + "description": "Variable T.I (tests/detectors/naming-convention/0.4.25/naming_convention.sol#69) is single letter l, O, or I, which should not be used\n", + "markdown": "Variable [T.I](tests/detectors/naming-convention/0.4.25/naming_convention.sol#L69) is single letter l, O, or I, which should not be used\n", + "first_markdown_element": "tests/detectors/naming-convention/0.4.25/naming_convention.sol#L69", + "id": "2ac65aa5bb560436d64f16e164aaab90dbbf38d683bfdfdfb42eeb225fc51759", + "check": "naming-convention", + "impact": "Informational", + "confidence": "High" + }, + { + "elements": [ + { + "type": "variable", + "name": "O", + "source_mapping": { + "start": 916, + "length": 10, + "filename_relative": "tests/detectors/naming-convention/0.4.25/naming_convention.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/naming-convention/0.4.25/naming_convention.sol", + "is_dependency": false, + "lines": [ + 68 + ], + "starting_column": 5, + "ending_column": 15 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "T", + "source_mapping": { + "start": 692, + "length": 253, + "filename_relative": "tests/detectors/naming-convention/0.4.25/naming_convention.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/naming-convention/0.4.25/naming_convention.sol", + "is_dependency": false, + "lines": [ + 54, + 55, + 56, + 57, + 58, + 59, + 60, + 61, + 62, + 63, + 64, + 65, + 66, + 67, + 68, + 69, + 70 + ], + "starting_column": 1, + "ending_column": 2 + } + } + }, + "additional_fields": { + "target": "variable", + "convention": "mixedCase" + } + } + ], + "description": "Variable T.O (tests/detectors/naming-convention/0.4.25/naming_convention.sol#68) is not in mixedCase\n", + "markdown": "Variable [T.O](tests/detectors/naming-convention/0.4.25/naming_convention.sol#L68) is not in mixedCase\n", + "first_markdown_element": "tests/detectors/naming-convention/0.4.25/naming_convention.sol#L68", + "id": "2de986dda91f7c7e3a51470aa43abfa2c6fd363b742d1bbd38d5287ae179b83a", + "check": "naming-convention", + "impact": "Informational", + "confidence": "High" + }, { "elements": [ { @@ -505,7 +706,7 @@ "name": "T", "source_mapping": { "start": 692, - "length": 221, + "length": 253, "filename_relative": "tests/detectors/naming-convention/0.4.25/naming_convention.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/naming-convention/0.4.25/naming_convention.sol", @@ -525,7 +726,9 @@ 65, 66, 67, - 68 + 68, + 69, + 70 ], "starting_column": 1, "ending_column": 2 @@ -573,7 +776,7 @@ "name": "T", "source_mapping": { "start": 692, - "length": 221, + "length": 253, "filename_relative": "tests/detectors/naming-convention/0.4.25/naming_convention.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/naming-convention/0.4.25/naming_convention.sol", @@ -593,7 +796,9 @@ 65, 66, 67, - 68 + 68, + 69, + 70 ], "starting_column": 1, "ending_column": 2 @@ -715,16 +920,16 @@ "elements": [ { "type": "variable", - "name": "l", + "name": "O", "source_mapping": { - "start": 900, + "start": 916, "length": 10, "filename_relative": "tests/detectors/naming-convention/0.4.25/naming_convention.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/naming-convention/0.4.25/naming_convention.sol", "is_dependency": false, "lines": [ - 67 + 68 ], "starting_column": 5, "ending_column": 15 @@ -735,7 +940,7 @@ "name": "T", "source_mapping": { "start": 692, - "length": 221, + "length": 253, "filename_relative": "tests/detectors/naming-convention/0.4.25/naming_convention.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/naming-convention/0.4.25/naming_convention.sol", @@ -755,7 +960,9 @@ 65, 66, 67, - 68 + 68, + 69, + 70 ], "starting_column": 1, "ending_column": 2 @@ -768,10 +975,10 @@ } } ], - "description": "Variable T.l (tests/detectors/naming-convention/0.4.25/naming_convention.sol#67) used l, O, I, which should not be used\n", - "markdown": "Variable [T.l](tests/detectors/naming-convention/0.4.25/naming_convention.sol#L67) used l, O, I, which should not be used\n", - "first_markdown_element": "tests/detectors/naming-convention/0.4.25/naming_convention.sol#L67", - "id": "b595f9e6d03b8b501b7c4a9bf8ff0ad9bf11448a25f53d63ab5031c95f8ae89c", + "description": "Variable T.O (tests/detectors/naming-convention/0.4.25/naming_convention.sol#68) is single letter l, O, or I, which should not be used\n", + "markdown": "Variable [T.O](tests/detectors/naming-convention/0.4.25/naming_convention.sol#L68) is single letter l, O, or I, which should not be used\n", + "first_markdown_element": "tests/detectors/naming-convention/0.4.25/naming_convention.sol#L68", + "id": "b341001642225c62eae76fef9879c80003b3134b3bc627d9b1912ebcd190304b", "check": "naming-convention", "impact": "Informational", "confidence": "High" @@ -975,6 +1182,73 @@ "impact": "Informational", "confidence": "High" }, + { + "elements": [ + { + "type": "variable", + "name": "l", + "source_mapping": { + "start": 900, + "length": 10, + "filename_relative": "tests/detectors/naming-convention/0.4.25/naming_convention.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/naming-convention/0.4.25/naming_convention.sol", + "is_dependency": false, + "lines": [ + 67 + ], + "starting_column": 5, + "ending_column": 15 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "T", + "source_mapping": { + "start": 692, + "length": 253, + "filename_relative": "tests/detectors/naming-convention/0.4.25/naming_convention.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/naming-convention/0.4.25/naming_convention.sol", + "is_dependency": false, + "lines": [ + 54, + 55, + 56, + 57, + 58, + 59, + 60, + 61, + 62, + 63, + 64, + 65, + 66, + 67, + 68, + 69, + 70 + ], + "starting_column": 1, + "ending_column": 2 + } + } + }, + "additional_fields": { + "target": "variable", + "convention": "l_O_I_should_not_be_used" + } + } + ], + "description": "Variable T.l (tests/detectors/naming-convention/0.4.25/naming_convention.sol#67) is single letter l, O, or I, which should not be used\n", + "markdown": "Variable [T.l](tests/detectors/naming-convention/0.4.25/naming_convention.sol#L67) is single letter l, O, or I, which should not be used\n", + "first_markdown_element": "tests/detectors/naming-convention/0.4.25/naming_convention.sol#L67", + "id": "cb8668afe6ed1284c935ac95f8f9cb1407f96226fe741e7310d104d5f10a0fc6", + "check": "naming-convention", + "impact": "Informational", + "confidence": "High" + }, { "elements": [ { diff --git a/tests/detectors/naming-convention/0.5.16/naming_convention.sol b/tests/detectors/naming-convention/0.5.16/naming_convention.sol index 6c4b2f936..7181ca911 100644 --- a/tests/detectors/naming-convention/0.5.16/naming_convention.sol +++ b/tests/detectors/naming-convention/0.5.16/naming_convention.sol @@ -65,6 +65,8 @@ contract T { uint constant M = 1; uint l = 1; + uint O = 1; + uint I = 1; } contract ParameterNameEmptyString { diff --git a/tests/detectors/naming-convention/0.5.16/naming_convention.sol.0.5.16.NamingConvention.json b/tests/detectors/naming-convention/0.5.16/naming_convention.sol.0.5.16.NamingConvention.json index bfc04a84f..4ab232e6c 100644 --- a/tests/detectors/naming-convention/0.5.16/naming_convention.sol.0.5.16.NamingConvention.json +++ b/tests/detectors/naming-convention/0.5.16/naming_convention.sol.0.5.16.NamingConvention.json @@ -98,6 +98,207 @@ "impact": "Informational", "confidence": "High" }, + { + "elements": [ + { + "type": "variable", + "name": "I", + "source_mapping": { + "start": 932, + "length": 10, + "filename_relative": "tests/detectors/naming-convention/0.5.16/naming_convention.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/naming-convention/0.5.16/naming_convention.sol", + "is_dependency": false, + "lines": [ + 69 + ], + "starting_column": 5, + "ending_column": 15 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "T", + "source_mapping": { + "start": 692, + "length": 253, + "filename_relative": "tests/detectors/naming-convention/0.5.16/naming_convention.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/naming-convention/0.5.16/naming_convention.sol", + "is_dependency": false, + "lines": [ + 54, + 55, + 56, + 57, + 58, + 59, + 60, + 61, + 62, + 63, + 64, + 65, + 66, + 67, + 68, + 69, + 70 + ], + "starting_column": 1, + "ending_column": 2 + } + } + }, + "additional_fields": { + "target": "variable", + "convention": "mixedCase" + } + } + ], + "description": "Variable T.I (tests/detectors/naming-convention/0.5.16/naming_convention.sol#69) is not in mixedCase\n", + "markdown": "Variable [T.I](tests/detectors/naming-convention/0.5.16/naming_convention.sol#L69) is not in mixedCase\n", + "first_markdown_element": "tests/detectors/naming-convention/0.5.16/naming_convention.sol#L69", + "id": "12df12bbda2059673d356e5c32ec4e8a037a3821c9fa42b831a9144437cb79f9", + "check": "naming-convention", + "impact": "Informational", + "confidence": "High" + }, + { + "elements": [ + { + "type": "variable", + "name": "I", + "source_mapping": { + "start": 932, + "length": 10, + "filename_relative": "tests/detectors/naming-convention/0.5.16/naming_convention.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/naming-convention/0.5.16/naming_convention.sol", + "is_dependency": false, + "lines": [ + 69 + ], + "starting_column": 5, + "ending_column": 15 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "T", + "source_mapping": { + "start": 692, + "length": 253, + "filename_relative": "tests/detectors/naming-convention/0.5.16/naming_convention.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/naming-convention/0.5.16/naming_convention.sol", + "is_dependency": false, + "lines": [ + 54, + 55, + 56, + 57, + 58, + 59, + 60, + 61, + 62, + 63, + 64, + 65, + 66, + 67, + 68, + 69, + 70 + ], + "starting_column": 1, + "ending_column": 2 + } + } + }, + "additional_fields": { + "target": "variable", + "convention": "l_O_I_should_not_be_used" + } + } + ], + "description": "Variable T.I (tests/detectors/naming-convention/0.5.16/naming_convention.sol#69) is single letter l, O, or I, which should not be used\n", + "markdown": "Variable [T.I](tests/detectors/naming-convention/0.5.16/naming_convention.sol#L69) is single letter l, O, or I, which should not be used\n", + "first_markdown_element": "tests/detectors/naming-convention/0.5.16/naming_convention.sol#L69", + "id": "2ac65aa5bb560436d64f16e164aaab90dbbf38d683bfdfdfb42eeb225fc51759", + "check": "naming-convention", + "impact": "Informational", + "confidence": "High" + }, + { + "elements": [ + { + "type": "variable", + "name": "O", + "source_mapping": { + "start": 916, + "length": 10, + "filename_relative": "tests/detectors/naming-convention/0.5.16/naming_convention.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/naming-convention/0.5.16/naming_convention.sol", + "is_dependency": false, + "lines": [ + 68 + ], + "starting_column": 5, + "ending_column": 15 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "T", + "source_mapping": { + "start": 692, + "length": 253, + "filename_relative": "tests/detectors/naming-convention/0.5.16/naming_convention.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/naming-convention/0.5.16/naming_convention.sol", + "is_dependency": false, + "lines": [ + 54, + 55, + 56, + 57, + 58, + 59, + 60, + 61, + 62, + 63, + 64, + 65, + 66, + 67, + 68, + 69, + 70 + ], + "starting_column": 1, + "ending_column": 2 + } + } + }, + "additional_fields": { + "target": "variable", + "convention": "mixedCase" + } + } + ], + "description": "Variable T.O (tests/detectors/naming-convention/0.5.16/naming_convention.sol#68) is not in mixedCase\n", + "markdown": "Variable [T.O](tests/detectors/naming-convention/0.5.16/naming_convention.sol#L68) is not in mixedCase\n", + "first_markdown_element": "tests/detectors/naming-convention/0.5.16/naming_convention.sol#L68", + "id": "2de986dda91f7c7e3a51470aa43abfa2c6fd363b742d1bbd38d5287ae179b83a", + "check": "naming-convention", + "impact": "Informational", + "confidence": "High" + }, { "elements": [ { @@ -505,7 +706,7 @@ "name": "T", "source_mapping": { "start": 692, - "length": 221, + "length": 253, "filename_relative": "tests/detectors/naming-convention/0.5.16/naming_convention.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/naming-convention/0.5.16/naming_convention.sol", @@ -525,7 +726,9 @@ 65, 66, 67, - 68 + 68, + 69, + 70 ], "starting_column": 1, "ending_column": 2 @@ -573,7 +776,7 @@ "name": "T", "source_mapping": { "start": 692, - "length": 221, + "length": 253, "filename_relative": "tests/detectors/naming-convention/0.5.16/naming_convention.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/naming-convention/0.5.16/naming_convention.sol", @@ -593,7 +796,9 @@ 65, 66, 67, - 68 + 68, + 69, + 70 ], "starting_column": 1, "ending_column": 2 @@ -715,16 +920,16 @@ "elements": [ { "type": "variable", - "name": "l", + "name": "O", "source_mapping": { - "start": 900, + "start": 916, "length": 10, "filename_relative": "tests/detectors/naming-convention/0.5.16/naming_convention.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/naming-convention/0.5.16/naming_convention.sol", "is_dependency": false, "lines": [ - 67 + 68 ], "starting_column": 5, "ending_column": 15 @@ -735,7 +940,7 @@ "name": "T", "source_mapping": { "start": 692, - "length": 221, + "length": 253, "filename_relative": "tests/detectors/naming-convention/0.5.16/naming_convention.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/naming-convention/0.5.16/naming_convention.sol", @@ -755,7 +960,9 @@ 65, 66, 67, - 68 + 68, + 69, + 70 ], "starting_column": 1, "ending_column": 2 @@ -768,10 +975,10 @@ } } ], - "description": "Variable T.l (tests/detectors/naming-convention/0.5.16/naming_convention.sol#67) used l, O, I, which should not be used\n", - "markdown": "Variable [T.l](tests/detectors/naming-convention/0.5.16/naming_convention.sol#L67) used l, O, I, which should not be used\n", - "first_markdown_element": "tests/detectors/naming-convention/0.5.16/naming_convention.sol#L67", - "id": "b595f9e6d03b8b501b7c4a9bf8ff0ad9bf11448a25f53d63ab5031c95f8ae89c", + "description": "Variable T.O (tests/detectors/naming-convention/0.5.16/naming_convention.sol#68) is single letter l, O, or I, which should not be used\n", + "markdown": "Variable [T.O](tests/detectors/naming-convention/0.5.16/naming_convention.sol#L68) is single letter l, O, or I, which should not be used\n", + "first_markdown_element": "tests/detectors/naming-convention/0.5.16/naming_convention.sol#L68", + "id": "b341001642225c62eae76fef9879c80003b3134b3bc627d9b1912ebcd190304b", "check": "naming-convention", "impact": "Informational", "confidence": "High" @@ -975,6 +1182,73 @@ "impact": "Informational", "confidence": "High" }, + { + "elements": [ + { + "type": "variable", + "name": "l", + "source_mapping": { + "start": 900, + "length": 10, + "filename_relative": "tests/detectors/naming-convention/0.5.16/naming_convention.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/naming-convention/0.5.16/naming_convention.sol", + "is_dependency": false, + "lines": [ + 67 + ], + "starting_column": 5, + "ending_column": 15 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "T", + "source_mapping": { + "start": 692, + "length": 253, + "filename_relative": "tests/detectors/naming-convention/0.5.16/naming_convention.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/naming-convention/0.5.16/naming_convention.sol", + "is_dependency": false, + "lines": [ + 54, + 55, + 56, + 57, + 58, + 59, + 60, + 61, + 62, + 63, + 64, + 65, + 66, + 67, + 68, + 69, + 70 + ], + "starting_column": 1, + "ending_column": 2 + } + } + }, + "additional_fields": { + "target": "variable", + "convention": "l_O_I_should_not_be_used" + } + } + ], + "description": "Variable T.l (tests/detectors/naming-convention/0.5.16/naming_convention.sol#67) is single letter l, O, or I, which should not be used\n", + "markdown": "Variable [T.l](tests/detectors/naming-convention/0.5.16/naming_convention.sol#L67) is single letter l, O, or I, which should not be used\n", + "first_markdown_element": "tests/detectors/naming-convention/0.5.16/naming_convention.sol#L67", + "id": "cb8668afe6ed1284c935ac95f8f9cb1407f96226fe741e7310d104d5f10a0fc6", + "check": "naming-convention", + "impact": "Informational", + "confidence": "High" + }, { "elements": [ { diff --git a/tests/detectors/naming-convention/0.6.11/naming_convention.sol b/tests/detectors/naming-convention/0.6.11/naming_convention.sol index 6c4b2f936..7181ca911 100644 --- a/tests/detectors/naming-convention/0.6.11/naming_convention.sol +++ b/tests/detectors/naming-convention/0.6.11/naming_convention.sol @@ -65,6 +65,8 @@ contract T { uint constant M = 1; uint l = 1; + uint O = 1; + uint I = 1; } contract ParameterNameEmptyString { diff --git a/tests/detectors/naming-convention/0.6.11/naming_convention.sol.0.6.11.NamingConvention.json b/tests/detectors/naming-convention/0.6.11/naming_convention.sol.0.6.11.NamingConvention.json index c0d2e7718..185536067 100644 --- a/tests/detectors/naming-convention/0.6.11/naming_convention.sol.0.6.11.NamingConvention.json +++ b/tests/detectors/naming-convention/0.6.11/naming_convention.sol.0.6.11.NamingConvention.json @@ -98,6 +98,207 @@ "impact": "Informational", "confidence": "High" }, + { + "elements": [ + { + "type": "variable", + "name": "I", + "source_mapping": { + "start": 932, + "length": 10, + "filename_relative": "tests/detectors/naming-convention/0.6.11/naming_convention.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/naming-convention/0.6.11/naming_convention.sol", + "is_dependency": false, + "lines": [ + 69 + ], + "starting_column": 5, + "ending_column": 15 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "T", + "source_mapping": { + "start": 692, + "length": 253, + "filename_relative": "tests/detectors/naming-convention/0.6.11/naming_convention.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/naming-convention/0.6.11/naming_convention.sol", + "is_dependency": false, + "lines": [ + 54, + 55, + 56, + 57, + 58, + 59, + 60, + 61, + 62, + 63, + 64, + 65, + 66, + 67, + 68, + 69, + 70 + ], + "starting_column": 1, + "ending_column": 2 + } + } + }, + "additional_fields": { + "target": "variable", + "convention": "mixedCase" + } + } + ], + "description": "Variable T.I (tests/detectors/naming-convention/0.6.11/naming_convention.sol#69) is not in mixedCase\n", + "markdown": "Variable [T.I](tests/detectors/naming-convention/0.6.11/naming_convention.sol#L69) is not in mixedCase\n", + "first_markdown_element": "tests/detectors/naming-convention/0.6.11/naming_convention.sol#L69", + "id": "12df12bbda2059673d356e5c32ec4e8a037a3821c9fa42b831a9144437cb79f9", + "check": "naming-convention", + "impact": "Informational", + "confidence": "High" + }, + { + "elements": [ + { + "type": "variable", + "name": "I", + "source_mapping": { + "start": 932, + "length": 10, + "filename_relative": "tests/detectors/naming-convention/0.6.11/naming_convention.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/naming-convention/0.6.11/naming_convention.sol", + "is_dependency": false, + "lines": [ + 69 + ], + "starting_column": 5, + "ending_column": 15 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "T", + "source_mapping": { + "start": 692, + "length": 253, + "filename_relative": "tests/detectors/naming-convention/0.6.11/naming_convention.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/naming-convention/0.6.11/naming_convention.sol", + "is_dependency": false, + "lines": [ + 54, + 55, + 56, + 57, + 58, + 59, + 60, + 61, + 62, + 63, + 64, + 65, + 66, + 67, + 68, + 69, + 70 + ], + "starting_column": 1, + "ending_column": 2 + } + } + }, + "additional_fields": { + "target": "variable", + "convention": "l_O_I_should_not_be_used" + } + } + ], + "description": "Variable T.I (tests/detectors/naming-convention/0.6.11/naming_convention.sol#69) is single letter l, O, or I, which should not be used\n", + "markdown": "Variable [T.I](tests/detectors/naming-convention/0.6.11/naming_convention.sol#L69) is single letter l, O, or I, which should not be used\n", + "first_markdown_element": "tests/detectors/naming-convention/0.6.11/naming_convention.sol#L69", + "id": "2ac65aa5bb560436d64f16e164aaab90dbbf38d683bfdfdfb42eeb225fc51759", + "check": "naming-convention", + "impact": "Informational", + "confidence": "High" + }, + { + "elements": [ + { + "type": "variable", + "name": "O", + "source_mapping": { + "start": 916, + "length": 10, + "filename_relative": "tests/detectors/naming-convention/0.6.11/naming_convention.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/naming-convention/0.6.11/naming_convention.sol", + "is_dependency": false, + "lines": [ + 68 + ], + "starting_column": 5, + "ending_column": 15 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "T", + "source_mapping": { + "start": 692, + "length": 253, + "filename_relative": "tests/detectors/naming-convention/0.6.11/naming_convention.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/naming-convention/0.6.11/naming_convention.sol", + "is_dependency": false, + "lines": [ + 54, + 55, + 56, + 57, + 58, + 59, + 60, + 61, + 62, + 63, + 64, + 65, + 66, + 67, + 68, + 69, + 70 + ], + "starting_column": 1, + "ending_column": 2 + } + } + }, + "additional_fields": { + "target": "variable", + "convention": "mixedCase" + } + } + ], + "description": "Variable T.O (tests/detectors/naming-convention/0.6.11/naming_convention.sol#68) is not in mixedCase\n", + "markdown": "Variable [T.O](tests/detectors/naming-convention/0.6.11/naming_convention.sol#L68) is not in mixedCase\n", + "first_markdown_element": "tests/detectors/naming-convention/0.6.11/naming_convention.sol#L68", + "id": "2de986dda91f7c7e3a51470aa43abfa2c6fd363b742d1bbd38d5287ae179b83a", + "check": "naming-convention", + "impact": "Informational", + "confidence": "High" + }, { "elements": [ { @@ -505,7 +706,7 @@ "name": "T", "source_mapping": { "start": 692, - "length": 221, + "length": 253, "filename_relative": "tests/detectors/naming-convention/0.6.11/naming_convention.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/naming-convention/0.6.11/naming_convention.sol", @@ -525,7 +726,9 @@ 65, 66, 67, - 68 + 68, + 69, + 70 ], "starting_column": 1, "ending_column": 2 @@ -573,7 +776,7 @@ "name": "T", "source_mapping": { "start": 692, - "length": 221, + "length": 253, "filename_relative": "tests/detectors/naming-convention/0.6.11/naming_convention.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/naming-convention/0.6.11/naming_convention.sol", @@ -593,7 +796,9 @@ 65, 66, 67, - 68 + 68, + 69, + 70 ], "starting_column": 1, "ending_column": 2 @@ -715,16 +920,16 @@ "elements": [ { "type": "variable", - "name": "l", + "name": "O", "source_mapping": { - "start": 900, + "start": 916, "length": 10, "filename_relative": "tests/detectors/naming-convention/0.6.11/naming_convention.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/naming-convention/0.6.11/naming_convention.sol", "is_dependency": false, "lines": [ - 67 + 68 ], "starting_column": 5, "ending_column": 15 @@ -735,7 +940,7 @@ "name": "T", "source_mapping": { "start": 692, - "length": 221, + "length": 253, "filename_relative": "tests/detectors/naming-convention/0.6.11/naming_convention.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/naming-convention/0.6.11/naming_convention.sol", @@ -755,7 +960,9 @@ 65, 66, 67, - 68 + 68, + 69, + 70 ], "starting_column": 1, "ending_column": 2 @@ -768,10 +975,10 @@ } } ], - "description": "Variable T.l (tests/detectors/naming-convention/0.6.11/naming_convention.sol#67) used l, O, I, which should not be used\n", - "markdown": "Variable [T.l](tests/detectors/naming-convention/0.6.11/naming_convention.sol#L67) used l, O, I, which should not be used\n", - "first_markdown_element": "tests/detectors/naming-convention/0.6.11/naming_convention.sol#L67", - "id": "b595f9e6d03b8b501b7c4a9bf8ff0ad9bf11448a25f53d63ab5031c95f8ae89c", + "description": "Variable T.O (tests/detectors/naming-convention/0.6.11/naming_convention.sol#68) is single letter l, O, or I, which should not be used\n", + "markdown": "Variable [T.O](tests/detectors/naming-convention/0.6.11/naming_convention.sol#L68) is single letter l, O, or I, which should not be used\n", + "first_markdown_element": "tests/detectors/naming-convention/0.6.11/naming_convention.sol#L68", + "id": "b341001642225c62eae76fef9879c80003b3134b3bc627d9b1912ebcd190304b", "check": "naming-convention", "impact": "Informational", "confidence": "High" @@ -975,6 +1182,73 @@ "impact": "Informational", "confidence": "High" }, + { + "elements": [ + { + "type": "variable", + "name": "l", + "source_mapping": { + "start": 900, + "length": 10, + "filename_relative": "tests/detectors/naming-convention/0.6.11/naming_convention.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/naming-convention/0.6.11/naming_convention.sol", + "is_dependency": false, + "lines": [ + 67 + ], + "starting_column": 5, + "ending_column": 15 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "T", + "source_mapping": { + "start": 692, + "length": 253, + "filename_relative": "tests/detectors/naming-convention/0.6.11/naming_convention.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/naming-convention/0.6.11/naming_convention.sol", + "is_dependency": false, + "lines": [ + 54, + 55, + 56, + 57, + 58, + 59, + 60, + 61, + 62, + 63, + 64, + 65, + 66, + 67, + 68, + 69, + 70 + ], + "starting_column": 1, + "ending_column": 2 + } + } + }, + "additional_fields": { + "target": "variable", + "convention": "l_O_I_should_not_be_used" + } + } + ], + "description": "Variable T.l (tests/detectors/naming-convention/0.6.11/naming_convention.sol#67) is single letter l, O, or I, which should not be used\n", + "markdown": "Variable [T.l](tests/detectors/naming-convention/0.6.11/naming_convention.sol#L67) is single letter l, O, or I, which should not be used\n", + "first_markdown_element": "tests/detectors/naming-convention/0.6.11/naming_convention.sol#L67", + "id": "cb8668afe6ed1284c935ac95f8f9cb1407f96226fe741e7310d104d5f10a0fc6", + "check": "naming-convention", + "impact": "Informational", + "confidence": "High" + }, { "elements": [ { diff --git a/tests/detectors/naming-convention/0.7.6/naming_convention.sol b/tests/detectors/naming-convention/0.7.6/naming_convention.sol index 6c4b2f936..7181ca911 100644 --- a/tests/detectors/naming-convention/0.7.6/naming_convention.sol +++ b/tests/detectors/naming-convention/0.7.6/naming_convention.sol @@ -65,6 +65,8 @@ contract T { uint constant M = 1; uint l = 1; + uint O = 1; + uint I = 1; } contract ParameterNameEmptyString { diff --git a/tests/detectors/naming-convention/0.7.6/naming_convention.sol.0.7.6.NamingConvention.json b/tests/detectors/naming-convention/0.7.6/naming_convention.sol.0.7.6.NamingConvention.json index a66d2c314..2422728da 100644 --- a/tests/detectors/naming-convention/0.7.6/naming_convention.sol.0.7.6.NamingConvention.json +++ b/tests/detectors/naming-convention/0.7.6/naming_convention.sol.0.7.6.NamingConvention.json @@ -98,6 +98,207 @@ "impact": "Informational", "confidence": "High" }, + { + "elements": [ + { + "type": "variable", + "name": "I", + "source_mapping": { + "start": 932, + "length": 10, + "filename_relative": "tests/detectors/naming-convention/0.7.6/naming_convention.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/naming-convention/0.7.6/naming_convention.sol", + "is_dependency": false, + "lines": [ + 69 + ], + "starting_column": 5, + "ending_column": 15 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "T", + "source_mapping": { + "start": 692, + "length": 253, + "filename_relative": "tests/detectors/naming-convention/0.7.6/naming_convention.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/naming-convention/0.7.6/naming_convention.sol", + "is_dependency": false, + "lines": [ + 54, + 55, + 56, + 57, + 58, + 59, + 60, + 61, + 62, + 63, + 64, + 65, + 66, + 67, + 68, + 69, + 70 + ], + "starting_column": 1, + "ending_column": 2 + } + } + }, + "additional_fields": { + "target": "variable", + "convention": "mixedCase" + } + } + ], + "description": "Variable T.I (tests/detectors/naming-convention/0.7.6/naming_convention.sol#69) is not in mixedCase\n", + "markdown": "Variable [T.I](tests/detectors/naming-convention/0.7.6/naming_convention.sol#L69) is not in mixedCase\n", + "first_markdown_element": "tests/detectors/naming-convention/0.7.6/naming_convention.sol#L69", + "id": "12df12bbda2059673d356e5c32ec4e8a037a3821c9fa42b831a9144437cb79f9", + "check": "naming-convention", + "impact": "Informational", + "confidence": "High" + }, + { + "elements": [ + { + "type": "variable", + "name": "I", + "source_mapping": { + "start": 932, + "length": 10, + "filename_relative": "tests/detectors/naming-convention/0.7.6/naming_convention.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/naming-convention/0.7.6/naming_convention.sol", + "is_dependency": false, + "lines": [ + 69 + ], + "starting_column": 5, + "ending_column": 15 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "T", + "source_mapping": { + "start": 692, + "length": 253, + "filename_relative": "tests/detectors/naming-convention/0.7.6/naming_convention.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/naming-convention/0.7.6/naming_convention.sol", + "is_dependency": false, + "lines": [ + 54, + 55, + 56, + 57, + 58, + 59, + 60, + 61, + 62, + 63, + 64, + 65, + 66, + 67, + 68, + 69, + 70 + ], + "starting_column": 1, + "ending_column": 2 + } + } + }, + "additional_fields": { + "target": "variable", + "convention": "l_O_I_should_not_be_used" + } + } + ], + "description": "Variable T.I (tests/detectors/naming-convention/0.7.6/naming_convention.sol#69) is single letter l, O, or I, which should not be used\n", + "markdown": "Variable [T.I](tests/detectors/naming-convention/0.7.6/naming_convention.sol#L69) is single letter l, O, or I, which should not be used\n", + "first_markdown_element": "tests/detectors/naming-convention/0.7.6/naming_convention.sol#L69", + "id": "2ac65aa5bb560436d64f16e164aaab90dbbf38d683bfdfdfb42eeb225fc51759", + "check": "naming-convention", + "impact": "Informational", + "confidence": "High" + }, + { + "elements": [ + { + "type": "variable", + "name": "O", + "source_mapping": { + "start": 916, + "length": 10, + "filename_relative": "tests/detectors/naming-convention/0.7.6/naming_convention.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/naming-convention/0.7.6/naming_convention.sol", + "is_dependency": false, + "lines": [ + 68 + ], + "starting_column": 5, + "ending_column": 15 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "T", + "source_mapping": { + "start": 692, + "length": 253, + "filename_relative": "tests/detectors/naming-convention/0.7.6/naming_convention.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/naming-convention/0.7.6/naming_convention.sol", + "is_dependency": false, + "lines": [ + 54, + 55, + 56, + 57, + 58, + 59, + 60, + 61, + 62, + 63, + 64, + 65, + 66, + 67, + 68, + 69, + 70 + ], + "starting_column": 1, + "ending_column": 2 + } + } + }, + "additional_fields": { + "target": "variable", + "convention": "mixedCase" + } + } + ], + "description": "Variable T.O (tests/detectors/naming-convention/0.7.6/naming_convention.sol#68) is not in mixedCase\n", + "markdown": "Variable [T.O](tests/detectors/naming-convention/0.7.6/naming_convention.sol#L68) is not in mixedCase\n", + "first_markdown_element": "tests/detectors/naming-convention/0.7.6/naming_convention.sol#L68", + "id": "2de986dda91f7c7e3a51470aa43abfa2c6fd363b742d1bbd38d5287ae179b83a", + "check": "naming-convention", + "impact": "Informational", + "confidence": "High" + }, { "elements": [ { @@ -505,7 +706,7 @@ "name": "T", "source_mapping": { "start": 692, - "length": 221, + "length": 253, "filename_relative": "tests/detectors/naming-convention/0.7.6/naming_convention.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/naming-convention/0.7.6/naming_convention.sol", @@ -525,7 +726,9 @@ 65, 66, 67, - 68 + 68, + 69, + 70 ], "starting_column": 1, "ending_column": 2 @@ -573,7 +776,7 @@ "name": "T", "source_mapping": { "start": 692, - "length": 221, + "length": 253, "filename_relative": "tests/detectors/naming-convention/0.7.6/naming_convention.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/naming-convention/0.7.6/naming_convention.sol", @@ -593,7 +796,9 @@ 65, 66, 67, - 68 + 68, + 69, + 70 ], "starting_column": 1, "ending_column": 2 @@ -715,16 +920,16 @@ "elements": [ { "type": "variable", - "name": "l", + "name": "O", "source_mapping": { - "start": 900, + "start": 916, "length": 10, "filename_relative": "tests/detectors/naming-convention/0.7.6/naming_convention.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/naming-convention/0.7.6/naming_convention.sol", "is_dependency": false, "lines": [ - 67 + 68 ], "starting_column": 5, "ending_column": 15 @@ -735,7 +940,7 @@ "name": "T", "source_mapping": { "start": 692, - "length": 221, + "length": 253, "filename_relative": "tests/detectors/naming-convention/0.7.6/naming_convention.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/naming-convention/0.7.6/naming_convention.sol", @@ -755,7 +960,9 @@ 65, 66, 67, - 68 + 68, + 69, + 70 ], "starting_column": 1, "ending_column": 2 @@ -768,10 +975,10 @@ } } ], - "description": "Variable T.l (tests/detectors/naming-convention/0.7.6/naming_convention.sol#67) used l, O, I, which should not be used\n", - "markdown": "Variable [T.l](tests/detectors/naming-convention/0.7.6/naming_convention.sol#L67) used l, O, I, which should not be used\n", - "first_markdown_element": "tests/detectors/naming-convention/0.7.6/naming_convention.sol#L67", - "id": "b595f9e6d03b8b501b7c4a9bf8ff0ad9bf11448a25f53d63ab5031c95f8ae89c", + "description": "Variable T.O (tests/detectors/naming-convention/0.7.6/naming_convention.sol#68) is single letter l, O, or I, which should not be used\n", + "markdown": "Variable [T.O](tests/detectors/naming-convention/0.7.6/naming_convention.sol#L68) is single letter l, O, or I, which should not be used\n", + "first_markdown_element": "tests/detectors/naming-convention/0.7.6/naming_convention.sol#L68", + "id": "b341001642225c62eae76fef9879c80003b3134b3bc627d9b1912ebcd190304b", "check": "naming-convention", "impact": "Informational", "confidence": "High" @@ -975,6 +1182,73 @@ "impact": "Informational", "confidence": "High" }, + { + "elements": [ + { + "type": "variable", + "name": "l", + "source_mapping": { + "start": 900, + "length": 10, + "filename_relative": "tests/detectors/naming-convention/0.7.6/naming_convention.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/naming-convention/0.7.6/naming_convention.sol", + "is_dependency": false, + "lines": [ + 67 + ], + "starting_column": 5, + "ending_column": 15 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "T", + "source_mapping": { + "start": 692, + "length": 253, + "filename_relative": "tests/detectors/naming-convention/0.7.6/naming_convention.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/naming-convention/0.7.6/naming_convention.sol", + "is_dependency": false, + "lines": [ + 54, + 55, + 56, + 57, + 58, + 59, + 60, + 61, + 62, + 63, + 64, + 65, + 66, + 67, + 68, + 69, + 70 + ], + "starting_column": 1, + "ending_column": 2 + } + } + }, + "additional_fields": { + "target": "variable", + "convention": "l_O_I_should_not_be_used" + } + } + ], + "description": "Variable T.l (tests/detectors/naming-convention/0.7.6/naming_convention.sol#67) is single letter l, O, or I, which should not be used\n", + "markdown": "Variable [T.l](tests/detectors/naming-convention/0.7.6/naming_convention.sol#L67) is single letter l, O, or I, which should not be used\n", + "first_markdown_element": "tests/detectors/naming-convention/0.7.6/naming_convention.sol#L67", + "id": "cb8668afe6ed1284c935ac95f8f9cb1407f96226fe741e7310d104d5f10a0fc6", + "check": "naming-convention", + "impact": "Informational", + "confidence": "High" + }, { "elements": [ { From fd2fb3352ce0ff173c11ad004d8c39c6c9daf999 Mon Sep 17 00:00:00 2001 From: alpharush <0xalpharush@protonmail.com> Date: Mon, 28 Nov 2022 08:49:03 -0600 Subject: [PATCH 05/42] add var-read-using-this detector --- slither/detectors/all_detectors.py | 1 + .../variables/var_read_using_this.py | 54 ++ .../0.4.25/var_read_using_this.sol | 33 + ...sing_this.sol.0.4.25.VarReadUsingThis.json | 3 + .../0.5.16/var_read_using_this.sol | 33 + ...sing_this.sol.0.5.16.VarReadUsingThis.json | 708 ++++++++++++++++++ .../0.6.11/var_read_using_this.sol | 33 + ...sing_this.sol.0.6.11.VarReadUsingThis.json | 708 ++++++++++++++++++ .../0.7.6/var_read_using_this.sol | 33 + ...using_this.sol.0.7.6.VarReadUsingThis.json | 708 ++++++++++++++++++ .../0.8.15/var_read_using_this.sol | 33 + ...sing_this.sol.0.8.15.VarReadUsingThis.json | 708 ++++++++++++++++++ tests/test_detectors.py | 21 + 13 files changed, 3076 insertions(+) create mode 100644 slither/detectors/variables/var_read_using_this.py create mode 100644 tests/detectors/var-read-using-this/0.4.25/var_read_using_this.sol create mode 100644 tests/detectors/var-read-using-this/0.4.25/var_read_using_this.sol.0.4.25.VarReadUsingThis.json create mode 100644 tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol create mode 100644 tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol.0.5.16.VarReadUsingThis.json create mode 100644 tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol create mode 100644 tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol.0.6.11.VarReadUsingThis.json create mode 100644 tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol create mode 100644 tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol.0.7.6.VarReadUsingThis.json create mode 100644 tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol create mode 100644 tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol.0.8.15.VarReadUsingThis.json diff --git a/slither/detectors/all_detectors.py b/slither/detectors/all_detectors.py index 2c8d24428..1169917a6 100644 --- a/slither/detectors/all_detectors.py +++ b/slither/detectors/all_detectors.py @@ -3,6 +3,7 @@ from .examples.backdoor import Backdoor from .variables.uninitialized_state_variables import UninitializedStateVarsDetection from .variables.uninitialized_storage_variables import UninitializedStorageVars from .variables.uninitialized_local_variables import UninitializedLocalVars +from .variables.var_read_using_this import VarReadUsingThis from .attributes.constant_pragma import ConstantPragma from .attributes.incorrect_solc import IncorrectSolc from .attributes.locked_ether import LockedEther diff --git a/slither/detectors/variables/var_read_using_this.py b/slither/detectors/variables/var_read_using_this.py new file mode 100644 index 000000000..8f62f9111 --- /dev/null +++ b/slither/detectors/variables/var_read_using_this.py @@ -0,0 +1,54 @@ +from typing import List +from slither.core.declarations import Function, SolidityVariable +from slither.detectors.abstract_detector import AbstractDetector, DetectorClassification +from slither.slithir.operations.high_level_call import HighLevelCall + + +class VarReadUsingThis(AbstractDetector): + ARGUMENT = "var-read-using-this" + HELP = "Contract reads its own variable using `this`" + IMPACT = DetectorClassification.OPTIMIZATION + CONFIDENCE = DetectorClassification.MEDIUM + + WIKI = "https://github.com/trailofbits/slither-private/wiki/Vulnerabilities-Description#var-read-using-this" + + WIKI_TITLE = "Variable read using this" + WIKI_DESCRIPTION = "Contract reads its own variable using `this`, adding overhead of an unnecessary STATICCALL." + WIKI_EXPLOIT_SCENARIO = """ +```solidity +contract C { + mapping(uint => address) public myMap; + function test(uint x) external returns(address) { + return this.myMap(x); + } +} +``` +""" + + WIKI_RECOMMENDATION = "Read the variable directly from storage instead of calling the contract." + + def _detect(self): + results = [] + for c in self.contracts: + for func in c.functions: + for node in self._detect_var_read_using_this(func): + info = [ + "The function ", + func, + " reads ", + node, + " with `this` which adds an extra STATICALL.\n", + ] + json = self.generate_result(info) + results.append(json) + + return results + + def _detect_var_read_using_this(self, func: Function) -> List: + results = [] + for node in func.nodes: + for ir in node.irs: + if isinstance(ir, HighLevelCall): + if ir.destination == SolidityVariable("this") and ir.is_static_call(): + results.append(node) + return results diff --git a/tests/detectors/var-read-using-this/0.4.25/var_read_using_this.sol b/tests/detectors/var-read-using-this/0.4.25/var_read_using_this.sol new file mode 100644 index 000000000..dc0d152be --- /dev/null +++ b/tests/detectors/var-read-using-this/0.4.25/var_read_using_this.sol @@ -0,0 +1,33 @@ + +contract VarReadUsingThis { + address public erc20; + mapping(uint => address) public myMap; + function bad1(uint x) external returns(address) { + return this.myMap(x); + } + function bad2() external returns(address) { + return this.erc20(); + } + function bad3() external returns(address) { + if (this.erc20() == address(0)) revert(); + } + function bad4() internal returns(address) { + for (uint x; x < 10; x++) { + address local = this.erc20(); + } + } + function good1(uint x) external returns(address) { + return myMap[x]; + } + function good2() external returns(address) { + return erc20; + } + function good3() external returns(address) { + if (erc20 == address(0)) revert(); + } + function good4() internal returns(address) { + for (uint x; x < 10; x++) { + address local = erc20; + } + } +} diff --git a/tests/detectors/var-read-using-this/0.4.25/var_read_using_this.sol.0.4.25.VarReadUsingThis.json b/tests/detectors/var-read-using-this/0.4.25/var_read_using_this.sol.0.4.25.VarReadUsingThis.json new file mode 100644 index 000000000..5825bcacc --- /dev/null +++ b/tests/detectors/var-read-using-this/0.4.25/var_read_using_this.sol.0.4.25.VarReadUsingThis.json @@ -0,0 +1,3 @@ +[ + [] +] \ No newline at end of file diff --git a/tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol b/tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol new file mode 100644 index 000000000..dc0d152be --- /dev/null +++ b/tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol @@ -0,0 +1,33 @@ + +contract VarReadUsingThis { + address public erc20; + mapping(uint => address) public myMap; + function bad1(uint x) external returns(address) { + return this.myMap(x); + } + function bad2() external returns(address) { + return this.erc20(); + } + function bad3() external returns(address) { + if (this.erc20() == address(0)) revert(); + } + function bad4() internal returns(address) { + for (uint x; x < 10; x++) { + address local = this.erc20(); + } + } + function good1(uint x) external returns(address) { + return myMap[x]; + } + function good2() external returns(address) { + return erc20; + } + function good3() external returns(address) { + if (erc20 == address(0)) revert(); + } + function good4() internal returns(address) { + for (uint x; x < 10; x++) { + address local = erc20; + } + } +} diff --git a/tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol.0.5.16.VarReadUsingThis.json b/tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol.0.5.16.VarReadUsingThis.json new file mode 100644 index 000000000..556194437 --- /dev/null +++ b/tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol.0.5.16.VarReadUsingThis.json @@ -0,0 +1,708 @@ +[ + [ + { + "elements": [ + { + "type": "function", + "name": "bad2", + "source_mapping": { + "start": 192, + "length": 78, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", + "is_dependency": false, + "lines": [ + 8, + 9, + 10 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "VarReadUsingThis", + "source_mapping": { + "start": 1, + "length": 916, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", + "is_dependency": false, + "lines": [ + 2, + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24, + 25, + 26, + 27, + 28, + 29, + 30, + 31, + 32, + 33 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "bad2()" + } + }, + { + "type": "node", + "name": "this.erc20()", + "source_mapping": { + "start": 244, + "length": 19, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", + "is_dependency": false, + "lines": [ + 9 + ], + "starting_column": 9, + "ending_column": 28 + }, + "type_specific_fields": { + "parent": { + "type": "function", + "name": "bad2", + "source_mapping": { + "start": 192, + "length": 78, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", + "is_dependency": false, + "lines": [ + 8, + 9, + 10 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "VarReadUsingThis", + "source_mapping": { + "start": 1, + "length": 916, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", + "is_dependency": false, + "lines": [ + 2, + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24, + 25, + 26, + 27, + 28, + 29, + 30, + 31, + 32, + 33 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "bad2()" + } + } + } + } + ], + "description": "The function VarReadUsingThis.bad2() (tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol#8-10) reads this.erc20() (tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol#9) with `this` which adds an extra STATICALL.\n", + "markdown": "The function [VarReadUsingThis.bad2()](tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol#L8-L10) reads [this.erc20()](tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol#L9) with `this` which adds an extra STATICALL.\n", + "first_markdown_element": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol#L8-L10", + "id": "0178009997f4d2c4d9a3a9e966bc7c3277ba1ce8c8c412b04fbe2cab3eab1b64", + "check": "var-read-using-this", + "impact": "Optimization", + "confidence": "Medium" + }, + { + "elements": [ + { + "type": "function", + "name": "bad1", + "source_mapping": { + "start": 102, + "length": 85, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", + "is_dependency": false, + "lines": [ + 5, + 6, + 7 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "VarReadUsingThis", + "source_mapping": { + "start": 1, + "length": 916, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", + "is_dependency": false, + "lines": [ + 2, + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24, + 25, + 26, + 27, + 28, + 29, + 30, + 31, + 32, + 33 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "bad1(uint256)" + } + }, + { + "type": "node", + "name": "this.myMap(x)", + "source_mapping": { + "start": 160, + "length": 20, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", + "is_dependency": false, + "lines": [ + 6 + ], + "starting_column": 9, + "ending_column": 29 + }, + "type_specific_fields": { + "parent": { + "type": "function", + "name": "bad1", + "source_mapping": { + "start": 102, + "length": 85, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", + "is_dependency": false, + "lines": [ + 5, + 6, + 7 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "VarReadUsingThis", + "source_mapping": { + "start": 1, + "length": 916, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", + "is_dependency": false, + "lines": [ + 2, + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24, + 25, + 26, + 27, + 28, + 29, + 30, + 31, + 32, + 33 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "bad1(uint256)" + } + } + } + } + ], + "description": "The function VarReadUsingThis.bad1(uint256) (tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol#5-7) reads this.myMap(x) (tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol#6) with `this` which adds an extra STATICALL.\n", + "markdown": "The function [VarReadUsingThis.bad1(uint256)](tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol#L5-L7) reads [this.myMap(x)](tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol#L6) with `this` which adds an extra STATICALL.\n", + "first_markdown_element": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol#L5-L7", + "id": "1aeda0f171a714323d2cc886a4569374dcecf4a31bfd07dd341985cb91c1cda4", + "check": "var-read-using-this", + "impact": "Optimization", + "confidence": "Medium" + }, + { + "elements": [ + { + "type": "function", + "name": "bad4", + "source_mapping": { + "start": 379, + "length": 138, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", + "is_dependency": false, + "lines": [ + 14, + 15, + 16, + 17, + 18 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "VarReadUsingThis", + "source_mapping": { + "start": 1, + "length": 916, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", + "is_dependency": false, + "lines": [ + 2, + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24, + 25, + 26, + 27, + 28, + 29, + 30, + 31, + 32, + 33 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "bad4()" + } + }, + { + "type": "node", + "name": "local = this.erc20()", + "source_mapping": { + "start": 471, + "length": 28, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", + "is_dependency": false, + "lines": [ + 16 + ], + "starting_column": 13, + "ending_column": 41 + }, + "type_specific_fields": { + "parent": { + "type": "function", + "name": "bad4", + "source_mapping": { + "start": 379, + "length": 138, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", + "is_dependency": false, + "lines": [ + 14, + 15, + 16, + 17, + 18 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "VarReadUsingThis", + "source_mapping": { + "start": 1, + "length": 916, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", + "is_dependency": false, + "lines": [ + 2, + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24, + 25, + 26, + 27, + 28, + 29, + 30, + 31, + 32, + 33 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "bad4()" + } + } + } + } + ], + "description": "The function VarReadUsingThis.bad4() (tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol#14-18) reads local = this.erc20() (tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol#16) with `this` which adds an extra STATICALL.\n", + "markdown": "The function [VarReadUsingThis.bad4()](tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol#L14-L18) reads [local = this.erc20()](tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol#L16) with `this` which adds an extra STATICALL.\n", + "first_markdown_element": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol#L14-L18", + "id": "512bc7a6d6d4fc95951dd03634d193a2e29b0162882a8b4be6e27ff899e21b2d", + "check": "var-read-using-this", + "impact": "Optimization", + "confidence": "Medium" + }, + { + "elements": [ + { + "type": "function", + "name": "bad3", + "source_mapping": { + "start": 275, + "length": 99, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", + "is_dependency": false, + "lines": [ + 11, + 12, + 13 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "VarReadUsingThis", + "source_mapping": { + "start": 1, + "length": 916, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", + "is_dependency": false, + "lines": [ + 2, + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24, + 25, + 26, + 27, + 28, + 29, + 30, + 31, + 32, + 33 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "bad3()" + } + }, + { + "type": "node", + "name": "this.erc20() == address(0)", + "source_mapping": { + "start": 331, + "length": 26, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", + "is_dependency": false, + "lines": [ + 12 + ], + "starting_column": 13, + "ending_column": 39 + }, + "type_specific_fields": { + "parent": { + "type": "function", + "name": "bad3", + "source_mapping": { + "start": 275, + "length": 99, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", + "is_dependency": false, + "lines": [ + 11, + 12, + 13 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "VarReadUsingThis", + "source_mapping": { + "start": 1, + "length": 916, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", + "is_dependency": false, + "lines": [ + 2, + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24, + 25, + 26, + 27, + 28, + 29, + 30, + 31, + 32, + 33 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "bad3()" + } + } + } + } + ], + "description": "The function VarReadUsingThis.bad3() (tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol#11-13) reads this.erc20() == address(0) (tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol#12) with `this` which adds an extra STATICALL.\n", + "markdown": "The function [VarReadUsingThis.bad3()](tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol#L11-L13) reads [this.erc20() == address(0)](tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol#L12) with `this` which adds an extra STATICALL.\n", + "first_markdown_element": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol#L11-L13", + "id": "e230fb1483c53ad953389bae20f599c95bbb5feb0040a4b9c33da5ec96682eff", + "check": "var-read-using-this", + "impact": "Optimization", + "confidence": "Medium" + } + ] +] \ No newline at end of file diff --git a/tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol b/tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol new file mode 100644 index 000000000..dc0d152be --- /dev/null +++ b/tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol @@ -0,0 +1,33 @@ + +contract VarReadUsingThis { + address public erc20; + mapping(uint => address) public myMap; + function bad1(uint x) external returns(address) { + return this.myMap(x); + } + function bad2() external returns(address) { + return this.erc20(); + } + function bad3() external returns(address) { + if (this.erc20() == address(0)) revert(); + } + function bad4() internal returns(address) { + for (uint x; x < 10; x++) { + address local = this.erc20(); + } + } + function good1(uint x) external returns(address) { + return myMap[x]; + } + function good2() external returns(address) { + return erc20; + } + function good3() external returns(address) { + if (erc20 == address(0)) revert(); + } + function good4() internal returns(address) { + for (uint x; x < 10; x++) { + address local = erc20; + } + } +} diff --git a/tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol.0.6.11.VarReadUsingThis.json b/tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol.0.6.11.VarReadUsingThis.json new file mode 100644 index 000000000..8a153fbf8 --- /dev/null +++ b/tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol.0.6.11.VarReadUsingThis.json @@ -0,0 +1,708 @@ +[ + [ + { + "elements": [ + { + "type": "function", + "name": "bad3", + "source_mapping": { + "start": 275, + "length": 99, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", + "is_dependency": false, + "lines": [ + 11, + 12, + 13 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "VarReadUsingThis", + "source_mapping": { + "start": 1, + "length": 916, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", + "is_dependency": false, + "lines": [ + 2, + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24, + 25, + 26, + 27, + 28, + 29, + 30, + 31, + 32, + 33 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "bad3()" + } + }, + { + "type": "node", + "name": "this.erc20() == address(0)", + "source_mapping": { + "start": 331, + "length": 26, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", + "is_dependency": false, + "lines": [ + 12 + ], + "starting_column": 13, + "ending_column": 39 + }, + "type_specific_fields": { + "parent": { + "type": "function", + "name": "bad3", + "source_mapping": { + "start": 275, + "length": 99, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", + "is_dependency": false, + "lines": [ + 11, + 12, + 13 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "VarReadUsingThis", + "source_mapping": { + "start": 1, + "length": 916, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", + "is_dependency": false, + "lines": [ + 2, + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24, + 25, + 26, + 27, + 28, + 29, + 30, + 31, + 32, + 33 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "bad3()" + } + } + } + } + ], + "description": "The function VarReadUsingThis.bad3() (tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol#11-13) reads this.erc20() == address(0) (tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol#12) with `this` which adds an extra STATICALL.\n", + "markdown": "The function [VarReadUsingThis.bad3()](tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol#L11-L13) reads [this.erc20() == address(0)](tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol#L12) with `this` which adds an extra STATICALL.\n", + "first_markdown_element": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol#L11-L13", + "id": "0207d6c951b693638b81afe89cdee392fd61a671e0a92e1f8c8b4e5824b1d25b", + "check": "var-read-using-this", + "impact": "Optimization", + "confidence": "Medium" + }, + { + "elements": [ + { + "type": "function", + "name": "bad2", + "source_mapping": { + "start": 192, + "length": 78, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", + "is_dependency": false, + "lines": [ + 8, + 9, + 10 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "VarReadUsingThis", + "source_mapping": { + "start": 1, + "length": 916, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", + "is_dependency": false, + "lines": [ + 2, + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24, + 25, + 26, + 27, + 28, + 29, + 30, + 31, + 32, + 33 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "bad2()" + } + }, + { + "type": "node", + "name": "this.erc20()", + "source_mapping": { + "start": 244, + "length": 19, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", + "is_dependency": false, + "lines": [ + 9 + ], + "starting_column": 9, + "ending_column": 28 + }, + "type_specific_fields": { + "parent": { + "type": "function", + "name": "bad2", + "source_mapping": { + "start": 192, + "length": 78, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", + "is_dependency": false, + "lines": [ + 8, + 9, + 10 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "VarReadUsingThis", + "source_mapping": { + "start": 1, + "length": 916, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", + "is_dependency": false, + "lines": [ + 2, + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24, + 25, + 26, + 27, + 28, + 29, + 30, + 31, + 32, + 33 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "bad2()" + } + } + } + } + ], + "description": "The function VarReadUsingThis.bad2() (tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol#8-10) reads this.erc20() (tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol#9) with `this` which adds an extra STATICALL.\n", + "markdown": "The function [VarReadUsingThis.bad2()](tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol#L8-L10) reads [this.erc20()](tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol#L9) with `this` which adds an extra STATICALL.\n", + "first_markdown_element": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol#L8-L10", + "id": "58da220580586bad1af775ff0da07248cea80f98a30f3173c494ce5517d4b041", + "check": "var-read-using-this", + "impact": "Optimization", + "confidence": "Medium" + }, + { + "elements": [ + { + "type": "function", + "name": "bad4", + "source_mapping": { + "start": 379, + "length": 138, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", + "is_dependency": false, + "lines": [ + 14, + 15, + 16, + 17, + 18 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "VarReadUsingThis", + "source_mapping": { + "start": 1, + "length": 916, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", + "is_dependency": false, + "lines": [ + 2, + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24, + 25, + 26, + 27, + 28, + 29, + 30, + 31, + 32, + 33 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "bad4()" + } + }, + { + "type": "node", + "name": "local = this.erc20()", + "source_mapping": { + "start": 471, + "length": 28, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", + "is_dependency": false, + "lines": [ + 16 + ], + "starting_column": 13, + "ending_column": 41 + }, + "type_specific_fields": { + "parent": { + "type": "function", + "name": "bad4", + "source_mapping": { + "start": 379, + "length": 138, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", + "is_dependency": false, + "lines": [ + 14, + 15, + 16, + 17, + 18 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "VarReadUsingThis", + "source_mapping": { + "start": 1, + "length": 916, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", + "is_dependency": false, + "lines": [ + 2, + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24, + 25, + 26, + 27, + 28, + 29, + 30, + 31, + 32, + 33 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "bad4()" + } + } + } + } + ], + "description": "The function VarReadUsingThis.bad4() (tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol#14-18) reads local = this.erc20() (tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol#16) with `this` which adds an extra STATICALL.\n", + "markdown": "The function [VarReadUsingThis.bad4()](tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol#L14-L18) reads [local = this.erc20()](tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol#L16) with `this` which adds an extra STATICALL.\n", + "first_markdown_element": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol#L14-L18", + "id": "6d5eeb058ec44a05d486b3ee7c2911a7f5306b3d0b619a52ae08efe195c8614c", + "check": "var-read-using-this", + "impact": "Optimization", + "confidence": "Medium" + }, + { + "elements": [ + { + "type": "function", + "name": "bad1", + "source_mapping": { + "start": 102, + "length": 85, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", + "is_dependency": false, + "lines": [ + 5, + 6, + 7 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "VarReadUsingThis", + "source_mapping": { + "start": 1, + "length": 916, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", + "is_dependency": false, + "lines": [ + 2, + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24, + 25, + 26, + 27, + 28, + 29, + 30, + 31, + 32, + 33 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "bad1(uint256)" + } + }, + { + "type": "node", + "name": "this.myMap(x)", + "source_mapping": { + "start": 160, + "length": 20, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", + "is_dependency": false, + "lines": [ + 6 + ], + "starting_column": 9, + "ending_column": 29 + }, + "type_specific_fields": { + "parent": { + "type": "function", + "name": "bad1", + "source_mapping": { + "start": 102, + "length": 85, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", + "is_dependency": false, + "lines": [ + 5, + 6, + 7 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "VarReadUsingThis", + "source_mapping": { + "start": 1, + "length": 916, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", + "is_dependency": false, + "lines": [ + 2, + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24, + 25, + 26, + 27, + 28, + 29, + 30, + 31, + 32, + 33 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "bad1(uint256)" + } + } + } + } + ], + "description": "The function VarReadUsingThis.bad1(uint256) (tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol#5-7) reads this.myMap(x) (tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol#6) with `this` which adds an extra STATICALL.\n", + "markdown": "The function [VarReadUsingThis.bad1(uint256)](tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol#L5-L7) reads [this.myMap(x)](tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol#L6) with `this` which adds an extra STATICALL.\n", + "first_markdown_element": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol#L5-L7", + "id": "b8b557dc26e17f526df0fd98af8c5d06013dd18b163e05a281ea1519e15ca24e", + "check": "var-read-using-this", + "impact": "Optimization", + "confidence": "Medium" + } + ] +] \ No newline at end of file diff --git a/tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol b/tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol new file mode 100644 index 000000000..dc0d152be --- /dev/null +++ b/tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol @@ -0,0 +1,33 @@ + +contract VarReadUsingThis { + address public erc20; + mapping(uint => address) public myMap; + function bad1(uint x) external returns(address) { + return this.myMap(x); + } + function bad2() external returns(address) { + return this.erc20(); + } + function bad3() external returns(address) { + if (this.erc20() == address(0)) revert(); + } + function bad4() internal returns(address) { + for (uint x; x < 10; x++) { + address local = this.erc20(); + } + } + function good1(uint x) external returns(address) { + return myMap[x]; + } + function good2() external returns(address) { + return erc20; + } + function good3() external returns(address) { + if (erc20 == address(0)) revert(); + } + function good4() internal returns(address) { + for (uint x; x < 10; x++) { + address local = erc20; + } + } +} diff --git a/tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol.0.7.6.VarReadUsingThis.json b/tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol.0.7.6.VarReadUsingThis.json new file mode 100644 index 000000000..42b3864bb --- /dev/null +++ b/tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol.0.7.6.VarReadUsingThis.json @@ -0,0 +1,708 @@ +[ + [ + { + "elements": [ + { + "type": "function", + "name": "bad3", + "source_mapping": { + "start": 275, + "length": 99, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", + "is_dependency": false, + "lines": [ + 11, + 12, + 13 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "VarReadUsingThis", + "source_mapping": { + "start": 1, + "length": 916, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", + "is_dependency": false, + "lines": [ + 2, + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24, + 25, + 26, + 27, + 28, + 29, + 30, + 31, + 32, + 33 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "bad3()" + } + }, + { + "type": "node", + "name": "this.erc20() == address(0)", + "source_mapping": { + "start": 331, + "length": 26, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", + "is_dependency": false, + "lines": [ + 12 + ], + "starting_column": 13, + "ending_column": 39 + }, + "type_specific_fields": { + "parent": { + "type": "function", + "name": "bad3", + "source_mapping": { + "start": 275, + "length": 99, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", + "is_dependency": false, + "lines": [ + 11, + 12, + 13 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "VarReadUsingThis", + "source_mapping": { + "start": 1, + "length": 916, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", + "is_dependency": false, + "lines": [ + 2, + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24, + 25, + 26, + 27, + 28, + 29, + 30, + 31, + 32, + 33 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "bad3()" + } + } + } + } + ], + "description": "The function VarReadUsingThis.bad3() (tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol#11-13) reads this.erc20() == address(0) (tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol#12) with `this` which adds an extra STATICALL.\n", + "markdown": "The function [VarReadUsingThis.bad3()](tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol#L11-L13) reads [this.erc20() == address(0)](tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol#L12) with `this` which adds an extra STATICALL.\n", + "first_markdown_element": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol#L11-L13", + "id": "44eec3d0ad87871981571b3d571f13579272bdabcfebe6bd25ac2880d2bf3c33", + "check": "var-read-using-this", + "impact": "Optimization", + "confidence": "Medium" + }, + { + "elements": [ + { + "type": "function", + "name": "bad4", + "source_mapping": { + "start": 379, + "length": 138, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", + "is_dependency": false, + "lines": [ + 14, + 15, + 16, + 17, + 18 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "VarReadUsingThis", + "source_mapping": { + "start": 1, + "length": 916, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", + "is_dependency": false, + "lines": [ + 2, + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24, + 25, + 26, + 27, + 28, + 29, + 30, + 31, + 32, + 33 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "bad4()" + } + }, + { + "type": "node", + "name": "local = this.erc20()", + "source_mapping": { + "start": 471, + "length": 28, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", + "is_dependency": false, + "lines": [ + 16 + ], + "starting_column": 13, + "ending_column": 41 + }, + "type_specific_fields": { + "parent": { + "type": "function", + "name": "bad4", + "source_mapping": { + "start": 379, + "length": 138, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", + "is_dependency": false, + "lines": [ + 14, + 15, + 16, + 17, + 18 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "VarReadUsingThis", + "source_mapping": { + "start": 1, + "length": 916, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", + "is_dependency": false, + "lines": [ + 2, + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24, + 25, + 26, + 27, + 28, + 29, + 30, + 31, + 32, + 33 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "bad4()" + } + } + } + } + ], + "description": "The function VarReadUsingThis.bad4() (tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol#14-18) reads local = this.erc20() (tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol#16) with `this` which adds an extra STATICALL.\n", + "markdown": "The function [VarReadUsingThis.bad4()](tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol#L14-L18) reads [local = this.erc20()](tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol#L16) with `this` which adds an extra STATICALL.\n", + "first_markdown_element": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol#L14-L18", + "id": "519caa8ce5e7990c223fd65d827817bb93fe3020efcf9133f204f7a80f6a4e7f", + "check": "var-read-using-this", + "impact": "Optimization", + "confidence": "Medium" + }, + { + "elements": [ + { + "type": "function", + "name": "bad1", + "source_mapping": { + "start": 102, + "length": 85, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", + "is_dependency": false, + "lines": [ + 5, + 6, + 7 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "VarReadUsingThis", + "source_mapping": { + "start": 1, + "length": 916, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", + "is_dependency": false, + "lines": [ + 2, + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24, + 25, + 26, + 27, + 28, + 29, + 30, + 31, + 32, + 33 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "bad1(uint256)" + } + }, + { + "type": "node", + "name": "this.myMap(x)", + "source_mapping": { + "start": 160, + "length": 20, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", + "is_dependency": false, + "lines": [ + 6 + ], + "starting_column": 9, + "ending_column": 29 + }, + "type_specific_fields": { + "parent": { + "type": "function", + "name": "bad1", + "source_mapping": { + "start": 102, + "length": 85, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", + "is_dependency": false, + "lines": [ + 5, + 6, + 7 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "VarReadUsingThis", + "source_mapping": { + "start": 1, + "length": 916, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", + "is_dependency": false, + "lines": [ + 2, + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24, + 25, + 26, + 27, + 28, + 29, + 30, + 31, + 32, + 33 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "bad1(uint256)" + } + } + } + } + ], + "description": "The function VarReadUsingThis.bad1(uint256) (tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol#5-7) reads this.myMap(x) (tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol#6) with `this` which adds an extra STATICALL.\n", + "markdown": "The function [VarReadUsingThis.bad1(uint256)](tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol#L5-L7) reads [this.myMap(x)](tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol#L6) with `this` which adds an extra STATICALL.\n", + "first_markdown_element": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol#L5-L7", + "id": "7f28036af3c8cd6bc29a5a25378629d8f703b655a55f3a5cf36e8b96a11c792a", + "check": "var-read-using-this", + "impact": "Optimization", + "confidence": "Medium" + }, + { + "elements": [ + { + "type": "function", + "name": "bad2", + "source_mapping": { + "start": 192, + "length": 78, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", + "is_dependency": false, + "lines": [ + 8, + 9, + 10 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "VarReadUsingThis", + "source_mapping": { + "start": 1, + "length": 916, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", + "is_dependency": false, + "lines": [ + 2, + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24, + 25, + 26, + 27, + 28, + 29, + 30, + 31, + 32, + 33 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "bad2()" + } + }, + { + "type": "node", + "name": "this.erc20()", + "source_mapping": { + "start": 244, + "length": 19, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", + "is_dependency": false, + "lines": [ + 9 + ], + "starting_column": 9, + "ending_column": 28 + }, + "type_specific_fields": { + "parent": { + "type": "function", + "name": "bad2", + "source_mapping": { + "start": 192, + "length": 78, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", + "is_dependency": false, + "lines": [ + 8, + 9, + 10 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "VarReadUsingThis", + "source_mapping": { + "start": 1, + "length": 916, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", + "is_dependency": false, + "lines": [ + 2, + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24, + 25, + 26, + 27, + 28, + 29, + 30, + 31, + 32, + 33 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "bad2()" + } + } + } + } + ], + "description": "The function VarReadUsingThis.bad2() (tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol#8-10) reads this.erc20() (tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol#9) with `this` which adds an extra STATICALL.\n", + "markdown": "The function [VarReadUsingThis.bad2()](tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol#L8-L10) reads [this.erc20()](tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol#L9) with `this` which adds an extra STATICALL.\n", + "first_markdown_element": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol#L8-L10", + "id": "a19dc63eefbe43a4a7642c957b7b96fad0c42563e18d0b03fb1592c1ad5bad04", + "check": "var-read-using-this", + "impact": "Optimization", + "confidence": "Medium" + } + ] +] \ No newline at end of file diff --git a/tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol b/tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol new file mode 100644 index 000000000..dc0d152be --- /dev/null +++ b/tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol @@ -0,0 +1,33 @@ + +contract VarReadUsingThis { + address public erc20; + mapping(uint => address) public myMap; + function bad1(uint x) external returns(address) { + return this.myMap(x); + } + function bad2() external returns(address) { + return this.erc20(); + } + function bad3() external returns(address) { + if (this.erc20() == address(0)) revert(); + } + function bad4() internal returns(address) { + for (uint x; x < 10; x++) { + address local = this.erc20(); + } + } + function good1(uint x) external returns(address) { + return myMap[x]; + } + function good2() external returns(address) { + return erc20; + } + function good3() external returns(address) { + if (erc20 == address(0)) revert(); + } + function good4() internal returns(address) { + for (uint x; x < 10; x++) { + address local = erc20; + } + } +} diff --git a/tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol.0.8.15.VarReadUsingThis.json b/tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol.0.8.15.VarReadUsingThis.json new file mode 100644 index 000000000..f29ea3ff3 --- /dev/null +++ b/tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol.0.8.15.VarReadUsingThis.json @@ -0,0 +1,708 @@ +[ + [ + { + "elements": [ + { + "type": "function", + "name": "bad4", + "source_mapping": { + "start": 379, + "length": 138, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", + "is_dependency": false, + "lines": [ + 14, + 15, + 16, + 17, + 18 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "VarReadUsingThis", + "source_mapping": { + "start": 1, + "length": 916, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", + "is_dependency": false, + "lines": [ + 2, + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24, + 25, + 26, + 27, + 28, + 29, + 30, + 31, + 32, + 33 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "bad4()" + } + }, + { + "type": "node", + "name": "local = this.erc20()", + "source_mapping": { + "start": 471, + "length": 28, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", + "is_dependency": false, + "lines": [ + 16 + ], + "starting_column": 13, + "ending_column": 41 + }, + "type_specific_fields": { + "parent": { + "type": "function", + "name": "bad4", + "source_mapping": { + "start": 379, + "length": 138, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", + "is_dependency": false, + "lines": [ + 14, + 15, + 16, + 17, + 18 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "VarReadUsingThis", + "source_mapping": { + "start": 1, + "length": 916, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", + "is_dependency": false, + "lines": [ + 2, + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24, + 25, + 26, + 27, + 28, + 29, + 30, + 31, + 32, + 33 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "bad4()" + } + } + } + } + ], + "description": "The function VarReadUsingThis.bad4() (tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol#14-18) reads local = this.erc20() (tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol#16) with `this` which adds an extra STATICALL.\n", + "markdown": "The function [VarReadUsingThis.bad4()](tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol#L14-L18) reads [local = this.erc20()](tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol#L16) with `this` which adds an extra STATICALL.\n", + "first_markdown_element": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol#L14-L18", + "id": "1224862cf823193c24ce4a02579e7b9cf0eaded7167e8c9f9ed2861d9a9910cc", + "check": "var-read-using-this", + "impact": "Optimization", + "confidence": "Medium" + }, + { + "elements": [ + { + "type": "function", + "name": "bad3", + "source_mapping": { + "start": 275, + "length": 99, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", + "is_dependency": false, + "lines": [ + 11, + 12, + 13 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "VarReadUsingThis", + "source_mapping": { + "start": 1, + "length": 916, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", + "is_dependency": false, + "lines": [ + 2, + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24, + 25, + 26, + 27, + 28, + 29, + 30, + 31, + 32, + 33 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "bad3()" + } + }, + { + "type": "node", + "name": "this.erc20() == address(0)", + "source_mapping": { + "start": 331, + "length": 26, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", + "is_dependency": false, + "lines": [ + 12 + ], + "starting_column": 13, + "ending_column": 39 + }, + "type_specific_fields": { + "parent": { + "type": "function", + "name": "bad3", + "source_mapping": { + "start": 275, + "length": 99, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", + "is_dependency": false, + "lines": [ + 11, + 12, + 13 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "VarReadUsingThis", + "source_mapping": { + "start": 1, + "length": 916, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", + "is_dependency": false, + "lines": [ + 2, + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24, + 25, + 26, + 27, + 28, + 29, + 30, + 31, + 32, + 33 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "bad3()" + } + } + } + } + ], + "description": "The function VarReadUsingThis.bad3() (tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol#11-13) reads this.erc20() == address(0) (tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol#12) with `this` which adds an extra STATICALL.\n", + "markdown": "The function [VarReadUsingThis.bad3()](tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol#L11-L13) reads [this.erc20() == address(0)](tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol#L12) with `this` which adds an extra STATICALL.\n", + "first_markdown_element": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol#L11-L13", + "id": "29d9293adc1046d877a098beb2f9b7757658226e50c6d28228df65dfeeba7fd8", + "check": "var-read-using-this", + "impact": "Optimization", + "confidence": "Medium" + }, + { + "elements": [ + { + "type": "function", + "name": "bad2", + "source_mapping": { + "start": 192, + "length": 78, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", + "is_dependency": false, + "lines": [ + 8, + 9, + 10 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "VarReadUsingThis", + "source_mapping": { + "start": 1, + "length": 916, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", + "is_dependency": false, + "lines": [ + 2, + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24, + 25, + 26, + 27, + 28, + 29, + 30, + 31, + 32, + 33 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "bad2()" + } + }, + { + "type": "node", + "name": "this.erc20()", + "source_mapping": { + "start": 244, + "length": 19, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", + "is_dependency": false, + "lines": [ + 9 + ], + "starting_column": 9, + "ending_column": 28 + }, + "type_specific_fields": { + "parent": { + "type": "function", + "name": "bad2", + "source_mapping": { + "start": 192, + "length": 78, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", + "is_dependency": false, + "lines": [ + 8, + 9, + 10 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "VarReadUsingThis", + "source_mapping": { + "start": 1, + "length": 916, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", + "is_dependency": false, + "lines": [ + 2, + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24, + 25, + 26, + 27, + 28, + 29, + 30, + 31, + 32, + 33 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "bad2()" + } + } + } + } + ], + "description": "The function VarReadUsingThis.bad2() (tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol#8-10) reads this.erc20() (tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol#9) with `this` which adds an extra STATICALL.\n", + "markdown": "The function [VarReadUsingThis.bad2()](tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol#L8-L10) reads [this.erc20()](tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol#L9) with `this` which adds an extra STATICALL.\n", + "first_markdown_element": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol#L8-L10", + "id": "38e0c82eed10e2c79f5d232284f6e0d0b12966f71eaee7a5139a82e927d38005", + "check": "var-read-using-this", + "impact": "Optimization", + "confidence": "Medium" + }, + { + "elements": [ + { + "type": "function", + "name": "bad1", + "source_mapping": { + "start": 102, + "length": 85, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", + "is_dependency": false, + "lines": [ + 5, + 6, + 7 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "VarReadUsingThis", + "source_mapping": { + "start": 1, + "length": 916, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", + "is_dependency": false, + "lines": [ + 2, + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24, + 25, + 26, + 27, + 28, + 29, + 30, + 31, + 32, + 33 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "bad1(uint256)" + } + }, + { + "type": "node", + "name": "this.myMap(x)", + "source_mapping": { + "start": 160, + "length": 20, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", + "is_dependency": false, + "lines": [ + 6 + ], + "starting_column": 9, + "ending_column": 29 + }, + "type_specific_fields": { + "parent": { + "type": "function", + "name": "bad1", + "source_mapping": { + "start": 102, + "length": 85, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", + "is_dependency": false, + "lines": [ + 5, + 6, + 7 + ], + "starting_column": 5, + "ending_column": 6 + }, + "type_specific_fields": { + "parent": { + "type": "contract", + "name": "VarReadUsingThis", + "source_mapping": { + "start": 1, + "length": 916, + "filename_used": "/GENERIC_PATH", + "filename_relative": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", + "filename_absolute": "/GENERIC_PATH", + "filename_short": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", + "is_dependency": false, + "lines": [ + 2, + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24, + 25, + 26, + 27, + 28, + 29, + 30, + 31, + 32, + 33 + ], + "starting_column": 1, + "ending_column": 2 + } + }, + "signature": "bad1(uint256)" + } + } + } + } + ], + "description": "The function VarReadUsingThis.bad1(uint256) (tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol#5-7) reads this.myMap(x) (tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol#6) with `this` which adds an extra STATICALL.\n", + "markdown": "The function [VarReadUsingThis.bad1(uint256)](tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol#L5-L7) reads [this.myMap(x)](tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol#L6) with `this` which adds an extra STATICALL.\n", + "first_markdown_element": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol#L5-L7", + "id": "aa84305fa524be189a9e050c79cea81a7bc258614c7563e22738e17a3559615a", + "check": "var-read-using-this", + "impact": "Optimization", + "confidence": "Medium" + } + ] +] \ No newline at end of file diff --git a/tests/test_detectors.py b/tests/test_detectors.py index 7a27e2d4b..46f763ea7 100644 --- a/tests/test_detectors.py +++ b/tests/test_detectors.py @@ -1553,6 +1553,27 @@ ALL_TEST_OBJECTS = [ "permit_domain_state_var_collision.sol", "0.8.0", ), + Test( + all_detectors.VarReadUsingThis, + "var_read_using_this.sol", + "0.4.25", + ), + Test( + all_detectors.VarReadUsingThis, + "var_read_using_this.sol", + "0.5.16", + ), + Test(all_detectors.VarReadUsingThis, "var_read_using_this.sol", "0.6.11"), + Test( + all_detectors.VarReadUsingThis, + "var_read_using_this.sol", + "0.7.6", + ), + Test( + all_detectors.VarReadUsingThis, + "var_read_using_this.sol", + "0.8.15", + ), ] From 72459a90d4ae8b2be7f4164adee7dfe36f959744 Mon Sep 17 00:00:00 2001 From: alpharush <0xalpharush@protonmail.com> Date: Mon, 28 Nov 2022 13:42:02 -0600 Subject: [PATCH 06/42] regenerate artifacts --- ...sing_this.sol.0.5.16.VarReadUsingThis.json | 20 ------------------- ...sing_this.sol.0.6.11.VarReadUsingThis.json | 20 ------------------- ...using_this.sol.0.7.6.VarReadUsingThis.json | 20 ------------------- ...sing_this.sol.0.8.15.VarReadUsingThis.json | 20 ------------------- 4 files changed, 80 deletions(-) diff --git a/tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol.0.5.16.VarReadUsingThis.json b/tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol.0.5.16.VarReadUsingThis.json index 556194437..5034c795c 100644 --- a/tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol.0.5.16.VarReadUsingThis.json +++ b/tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol.0.5.16.VarReadUsingThis.json @@ -8,7 +8,6 @@ "source_mapping": { "start": 192, "length": 78, - "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", @@ -28,7 +27,6 @@ "source_mapping": { "start": 1, "length": 916, - "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", @@ -80,7 +78,6 @@ "source_mapping": { "start": 244, "length": 19, - "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", @@ -98,7 +95,6 @@ "source_mapping": { "start": 192, "length": 78, - "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", @@ -118,7 +114,6 @@ "source_mapping": { "start": 1, "length": 916, - "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", @@ -183,7 +178,6 @@ "source_mapping": { "start": 102, "length": 85, - "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", @@ -203,7 +197,6 @@ "source_mapping": { "start": 1, "length": 916, - "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", @@ -255,7 +248,6 @@ "source_mapping": { "start": 160, "length": 20, - "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", @@ -273,7 +265,6 @@ "source_mapping": { "start": 102, "length": 85, - "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", @@ -293,7 +284,6 @@ "source_mapping": { "start": 1, "length": 916, - "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", @@ -358,7 +348,6 @@ "source_mapping": { "start": 379, "length": 138, - "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", @@ -380,7 +369,6 @@ "source_mapping": { "start": 1, "length": 916, - "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", @@ -432,7 +420,6 @@ "source_mapping": { "start": 471, "length": 28, - "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", @@ -450,7 +437,6 @@ "source_mapping": { "start": 379, "length": 138, - "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", @@ -472,7 +458,6 @@ "source_mapping": { "start": 1, "length": 916, - "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", @@ -537,7 +522,6 @@ "source_mapping": { "start": 275, "length": 99, - "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", @@ -557,7 +541,6 @@ "source_mapping": { "start": 1, "length": 916, - "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", @@ -609,7 +592,6 @@ "source_mapping": { "start": 331, "length": 26, - "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", @@ -627,7 +609,6 @@ "source_mapping": { "start": 275, "length": 99, - "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", @@ -647,7 +628,6 @@ "source_mapping": { "start": 1, "length": 916, - "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", diff --git a/tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol.0.6.11.VarReadUsingThis.json b/tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol.0.6.11.VarReadUsingThis.json index 8a153fbf8..f865074ca 100644 --- a/tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol.0.6.11.VarReadUsingThis.json +++ b/tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol.0.6.11.VarReadUsingThis.json @@ -8,7 +8,6 @@ "source_mapping": { "start": 275, "length": 99, - "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", @@ -28,7 +27,6 @@ "source_mapping": { "start": 1, "length": 916, - "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", @@ -80,7 +78,6 @@ "source_mapping": { "start": 331, "length": 26, - "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", @@ -98,7 +95,6 @@ "source_mapping": { "start": 275, "length": 99, - "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", @@ -118,7 +114,6 @@ "source_mapping": { "start": 1, "length": 916, - "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", @@ -183,7 +178,6 @@ "source_mapping": { "start": 192, "length": 78, - "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", @@ -203,7 +197,6 @@ "source_mapping": { "start": 1, "length": 916, - "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", @@ -255,7 +248,6 @@ "source_mapping": { "start": 244, "length": 19, - "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", @@ -273,7 +265,6 @@ "source_mapping": { "start": 192, "length": 78, - "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", @@ -293,7 +284,6 @@ "source_mapping": { "start": 1, "length": 916, - "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", @@ -358,7 +348,6 @@ "source_mapping": { "start": 379, "length": 138, - "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", @@ -380,7 +369,6 @@ "source_mapping": { "start": 1, "length": 916, - "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", @@ -432,7 +420,6 @@ "source_mapping": { "start": 471, "length": 28, - "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", @@ -450,7 +437,6 @@ "source_mapping": { "start": 379, "length": 138, - "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", @@ -472,7 +458,6 @@ "source_mapping": { "start": 1, "length": 916, - "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", @@ -537,7 +522,6 @@ "source_mapping": { "start": 102, "length": 85, - "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", @@ -557,7 +541,6 @@ "source_mapping": { "start": 1, "length": 916, - "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", @@ -609,7 +592,6 @@ "source_mapping": { "start": 160, "length": 20, - "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", @@ -627,7 +609,6 @@ "source_mapping": { "start": 102, "length": 85, - "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", @@ -647,7 +628,6 @@ "source_mapping": { "start": 1, "length": 916, - "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", diff --git a/tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol.0.7.6.VarReadUsingThis.json b/tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol.0.7.6.VarReadUsingThis.json index 42b3864bb..b43d123cd 100644 --- a/tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol.0.7.6.VarReadUsingThis.json +++ b/tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol.0.7.6.VarReadUsingThis.json @@ -8,7 +8,6 @@ "source_mapping": { "start": 275, "length": 99, - "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", @@ -28,7 +27,6 @@ "source_mapping": { "start": 1, "length": 916, - "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", @@ -80,7 +78,6 @@ "source_mapping": { "start": 331, "length": 26, - "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", @@ -98,7 +95,6 @@ "source_mapping": { "start": 275, "length": 99, - "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", @@ -118,7 +114,6 @@ "source_mapping": { "start": 1, "length": 916, - "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", @@ -183,7 +178,6 @@ "source_mapping": { "start": 379, "length": 138, - "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", @@ -205,7 +199,6 @@ "source_mapping": { "start": 1, "length": 916, - "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", @@ -257,7 +250,6 @@ "source_mapping": { "start": 471, "length": 28, - "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", @@ -275,7 +267,6 @@ "source_mapping": { "start": 379, "length": 138, - "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", @@ -297,7 +288,6 @@ "source_mapping": { "start": 1, "length": 916, - "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", @@ -362,7 +352,6 @@ "source_mapping": { "start": 102, "length": 85, - "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", @@ -382,7 +371,6 @@ "source_mapping": { "start": 1, "length": 916, - "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", @@ -434,7 +422,6 @@ "source_mapping": { "start": 160, "length": 20, - "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", @@ -452,7 +439,6 @@ "source_mapping": { "start": 102, "length": 85, - "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", @@ -472,7 +458,6 @@ "source_mapping": { "start": 1, "length": 916, - "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", @@ -537,7 +522,6 @@ "source_mapping": { "start": 192, "length": 78, - "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", @@ -557,7 +541,6 @@ "source_mapping": { "start": 1, "length": 916, - "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", @@ -609,7 +592,6 @@ "source_mapping": { "start": 244, "length": 19, - "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", @@ -627,7 +609,6 @@ "source_mapping": { "start": 192, "length": 78, - "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", @@ -647,7 +628,6 @@ "source_mapping": { "start": 1, "length": 916, - "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", diff --git a/tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol.0.8.15.VarReadUsingThis.json b/tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol.0.8.15.VarReadUsingThis.json index f29ea3ff3..23295ecb2 100644 --- a/tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol.0.8.15.VarReadUsingThis.json +++ b/tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol.0.8.15.VarReadUsingThis.json @@ -8,7 +8,6 @@ "source_mapping": { "start": 379, "length": 138, - "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", @@ -30,7 +29,6 @@ "source_mapping": { "start": 1, "length": 916, - "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", @@ -82,7 +80,6 @@ "source_mapping": { "start": 471, "length": 28, - "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", @@ -100,7 +97,6 @@ "source_mapping": { "start": 379, "length": 138, - "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", @@ -122,7 +118,6 @@ "source_mapping": { "start": 1, "length": 916, - "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", @@ -187,7 +182,6 @@ "source_mapping": { "start": 275, "length": 99, - "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", @@ -207,7 +201,6 @@ "source_mapping": { "start": 1, "length": 916, - "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", @@ -259,7 +252,6 @@ "source_mapping": { "start": 331, "length": 26, - "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", @@ -277,7 +269,6 @@ "source_mapping": { "start": 275, "length": 99, - "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", @@ -297,7 +288,6 @@ "source_mapping": { "start": 1, "length": 916, - "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", @@ -362,7 +352,6 @@ "source_mapping": { "start": 192, "length": 78, - "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", @@ -382,7 +371,6 @@ "source_mapping": { "start": 1, "length": 916, - "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", @@ -434,7 +422,6 @@ "source_mapping": { "start": 244, "length": 19, - "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", @@ -452,7 +439,6 @@ "source_mapping": { "start": 192, "length": 78, - "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", @@ -472,7 +458,6 @@ "source_mapping": { "start": 1, "length": 916, - "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", @@ -537,7 +522,6 @@ "source_mapping": { "start": 102, "length": 85, - "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", @@ -557,7 +541,6 @@ "source_mapping": { "start": 1, "length": 916, - "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", @@ -609,7 +592,6 @@ "source_mapping": { "start": 160, "length": 20, - "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", @@ -627,7 +609,6 @@ "source_mapping": { "start": 102, "length": 85, - "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", @@ -647,7 +628,6 @@ "source_mapping": { "start": 1, "length": 916, - "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", From 83f74f10c9b67f86ef51f9b20f3acae61b53c982 Mon Sep 17 00:00:00 2001 From: alpharush <0xalpharush@protonmail.com> Date: Mon, 28 Nov 2022 13:50:22 -0600 Subject: [PATCH 07/42] appease pylint --- slither/detectors/variables/var_read_using_this.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/slither/detectors/variables/var_read_using_this.py b/slither/detectors/variables/var_read_using_this.py index 8f62f9111..96b413236 100644 --- a/slither/detectors/variables/var_read_using_this.py +++ b/slither/detectors/variables/var_read_using_this.py @@ -1,4 +1,5 @@ from typing import List +from slither.core.cfg.node import Node from slither.core.declarations import Function, SolidityVariable from slither.detectors.abstract_detector import AbstractDetector, DetectorClassification from slither.slithir.operations.high_level_call import HighLevelCall @@ -44,8 +45,9 @@ contract C { return results - def _detect_var_read_using_this(self, func: Function) -> List: - results = [] + @staticmethod + def _detect_var_read_using_this(func: Function) -> List[Node]: + results: List[Node] = [] for node in func.nodes: for ir in node.irs: if isinstance(ir, HighLevelCall): From 1ee3593988fed1109e2ab174f259a97aa50c9c26 Mon Sep 17 00:00:00 2001 From: alpharush <0xalpharush@protonmail.com> Date: Fri, 2 Dec 2022 13:50:46 -0600 Subject: [PATCH 08/42] remove unused PUSH operation from IR --- slither/slithir/convert.py | 4 ---- slither/slithir/operations/__init__.py | 1 - slither/slithir/operations/push.py | 27 -------------------------- slither/slithir/utils/ssa.py | 5 ----- slither/tools/similarity/encode.py | 3 --- 5 files changed, 40 deletions(-) delete mode 100644 slither/slithir/operations/push.py diff --git a/slither/slithir/convert.py b/slither/slithir/convert.py index a35c50220..7b35f8a0b 100644 --- a/slither/slithir/convert.py +++ b/slither/slithir/convert.py @@ -60,7 +60,6 @@ from slither.slithir.operations import ( NewElementaryType, NewStructure, OperationWithLValue, - Push, Return, Send, SolidityCall, @@ -745,9 +744,6 @@ def propagate_types(ir, node: "Node"): # pylint: disable=too-many-locals ir.lvalue.set_type(ir.type) elif isinstance(ir, NewStructure): ir.lvalue.set_type(UserDefinedType(ir.structure)) - elif isinstance(ir, Push): - # No change required - pass elif isinstance(ir, Send): ir.lvalue.set_type(ElementaryType("bool")) elif isinstance(ir, SolidityCall): diff --git a/slither/slithir/operations/__init__.py b/slither/slithir/operations/__init__.py index 79948c0ed..b7ac45d16 100644 --- a/slither/slithir/operations/__init__.py +++ b/slither/slithir/operations/__init__.py @@ -18,7 +18,6 @@ from .new_elementary_type import NewElementaryType from .new_contract import NewContract from .new_structure import NewStructure from .operation import Operation -from .push import Push from .return_operation import Return from .send import Send from .solidity_call import SolidityCall diff --git a/slither/slithir/operations/push.py b/slither/slithir/operations/push.py deleted file mode 100644 index 2388b7a52..000000000 --- a/slither/slithir/operations/push.py +++ /dev/null @@ -1,27 +0,0 @@ -from slither.core.declarations import Function -from slither.slithir.operations.lvalue import OperationWithLValue -from slither.slithir.utils.utils import is_valid_lvalue, is_valid_rvalue - - -class Push(OperationWithLValue): - def __init__(self, array, value): - super().__init__() - assert is_valid_rvalue(value) or isinstance(value, Function) - assert is_valid_lvalue(array) - self._value = value - self._lvalue = array - - @property - def read(self): - return [self._value] - - @property - def array(self): - return self._lvalue - - @property - def value(self): - return self._value - - def __str__(self): - return f"PUSH {self.value} in {self.lvalue}" diff --git a/slither/slithir/utils/ssa.py b/slither/slithir/utils/ssa.py index 827be8e18..a99c22c63 100644 --- a/slither/slithir/utils/ssa.py +++ b/slither/slithir/utils/ssa.py @@ -36,7 +36,6 @@ from slither.slithir.operations import ( OperationWithLValue, Phi, PhiCallback, - Push, Return, Send, SolidityCall, @@ -778,10 +777,6 @@ def copy_ir(ir, *instances): return new_ir if isinstance(ir, Nop): return Nop() - if isinstance(ir, Push): - array = get_variable(ir, lambda x: x.array, *instances) - lvalue = get_variable(ir, lambda x: x.lvalue, *instances) - return Push(array, lvalue) if isinstance(ir, Return): values = get_rec_values(ir, lambda x: x.values, *instances) return Return(values) diff --git a/slither/tools/similarity/encode.py b/slither/tools/similarity/encode.py index 9889644fb..d08086282 100644 --- a/slither/tools/similarity/encode.py +++ b/slither/tools/similarity/encode.py @@ -31,7 +31,6 @@ from slither.slithir.operations import ( NewContract, NewElementaryType, SolidityCall, - Push, Delete, EventCall, LibraryCall, @@ -163,8 +162,6 @@ def encode_ir(ir): # pylint: disable=too-many-branches return f"new_array({ntype(ir.array_type)})" if isinstance(ir, NewElementaryType): return f"new_elementary({ntype(ir.type)})" - if isinstance(ir, Push): - return f"push({encode_ir(ir.value)},{encode_ir(ir.lvalue)})" if isinstance(ir, Delete): return f"delete({encode_ir(ir.lvalue)},{encode_ir(ir.variable)})" if isinstance(ir, SolidityCall): From cfb53e8200e6d598ab4e7b8447697f3ef29a1fa5 Mon Sep 17 00:00:00 2001 From: alpharush <0xalpharush@protonmail.com> Date: Sat, 3 Dec 2022 12:06:37 -0600 Subject: [PATCH 09/42] support ternary in call value --- slither/utils/expression_manipulations.py | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/slither/utils/expression_manipulations.py b/slither/utils/expression_manipulations.py index 1a300c39b..3e12ae8c1 100644 --- a/slither/utils/expression_manipulations.py +++ b/slither/utils/expression_manipulations.py @@ -28,15 +28,18 @@ def f_expressions( e._expressions.append(x) -def f_call(e, x): +def f_call(e: CallExpression, x): e._arguments.append(x) +def f_call_value(e: CallExpression, x): + e._value = x + def f_expression(e, x): e._expression = x -def f_called(e, x): +def f_called(e: CallExpression, x): e._called = x @@ -123,6 +126,15 @@ class SplitTernaryExpression: if self.apply_copy(next_expr, true_expression, false_expression, f_called): self.copy_expression(next_expr, true_expression.called, false_expression.called) + next_expr = expression.call_value + # case of (..).func{value: .. ? .. : ..}() + if self.apply_copy(next_expr, true_expression, false_expression, f_call_value): + self.copy_expression( + next_expr, + true_expression.call_value, + false_expression.call_value, + ) + true_expression._arguments = [] false_expression._arguments = [] From eb49e396fd0d60c10e4db1771b443319e1faf55b Mon Sep 17 00:00:00 2001 From: alpharush <0xalpharush@protonmail.com> Date: Sat, 10 Dec 2022 15:41:39 -0600 Subject: [PATCH 10/42] support ternaries in both call options, refactor index access --- slither/solc_parsing/declarations/function.py | 4 +- slither/utils/expression_manipulations.py | 116 ++++++++++-------- tests/slithir/ternary_expressions.sol | 11 ++ 3 files changed, 75 insertions(+), 56 deletions(-) diff --git a/slither/solc_parsing/declarations/function.py b/slither/solc_parsing/declarations/function.py index 130375211..269ca580f 100644 --- a/slither/solc_parsing/declarations/function.py +++ b/slither/solc_parsing/declarations/function.py @@ -308,7 +308,7 @@ class FunctionSolc(CallerContextExpression): for node_parser in self._node_to_yulobject.values(): node_parser.analyze_expressions() - self._filter_ternary() + self._rewrite_ternary_as_if_else() self._remove_alone_endif() @@ -1336,7 +1336,7 @@ class FunctionSolc(CallerContextExpression): ################################################################################### ################################################################################### - def _filter_ternary(self) -> bool: + def _rewrite_ternary_as_if_else(self) -> bool: ternary_found = True updated = False while ternary_found: diff --git a/slither/utils/expression_manipulations.py b/slither/utils/expression_manipulations.py index 3e12ae8c1..777c0c2a1 100644 --- a/slither/utils/expression_manipulations.py +++ b/slither/utils/expression_manipulations.py @@ -3,7 +3,7 @@ as they should be immutable """ import copy -from typing import Union, Callable +from typing import Union, Callable, Tuple, Optional from slither.core.expressions import UnaryOperation from slither.core.expressions.assignment_operation import AssignmentOperation from slither.core.expressions.binary_operation import BinaryOperation @@ -35,6 +35,11 @@ def f_call(e: CallExpression, x): def f_call_value(e: CallExpression, x): e._value = x + +def f_call_gas(e: CallExpression, x): + e._gas = x + + def f_expression(e, x): e._expression = x @@ -56,7 +61,7 @@ class SplitTernaryExpression: self.condition = None self.copy_expression(expression, self.true_expression, self.false_expression) - def apply_copy( + def conditional_not_ahead( self, next_expr: Expression, true_expression: Union[AssignmentOperation, MemberAccess], @@ -94,7 +99,9 @@ class SplitTernaryExpression: # (.. ? .. : ..).add if isinstance(expression, MemberAccess): next_expr = expression.expression - if self.apply_copy(next_expr, true_expression, false_expression, f_expression): + if self.conditional_not_ahead( + next_expr, true_expression, false_expression, f_expression + ): self.copy_expression( next_expr, true_expression.expression, false_expression.expression ) @@ -102,44 +109,75 @@ class SplitTernaryExpression: elif isinstance(expression, (AssignmentOperation, BinaryOperation, TupleExpression)): true_expression._expressions = [] false_expression._expressions = [] - for next_expr in expression.expressions: - if isinstance(next_expr, IndexAccess): - # create an index access for each branch - if isinstance(next_expr.expression_right, ConditionalExpression): - next_expr = _handle_ternary_access( - next_expr, true_expression, false_expression + # TODO: can we get rid of `NoneType` expressions in `TupleExpression`? + if next_expr: + if isinstance(next_expr, IndexAccess): + # create an index access for each branch + # x[if cond ? 1 : 2] -> if cond { x[1] } else { x[2] } + for expr in next_expr.expressions: + if self.conditional_not_ahead( + expr, true_expression, false_expression, f_expressions + ): + self.copy_expression( + expr, + true_expression.expressions[-1], + false_expression.expressions[-1], + ) + + if self.conditional_not_ahead( + next_expr, true_expression, false_expression, f_expressions + ): + # always on last arguments added + self.copy_expression( + next_expr, + true_expression.expressions[-1], + false_expression.expressions[-1], ) - if self.apply_copy(next_expr, true_expression, false_expression, f_expressions): - # always on last arguments added - self.copy_expression( - next_expr, - true_expression.expressions[-1], - false_expression.expressions[-1], - ) elif isinstance(expression, CallExpression): next_expr = expression.called # case of lib # (.. ? .. : ..).add - if self.apply_copy(next_expr, true_expression, false_expression, f_called): + if self.conditional_not_ahead(next_expr, true_expression, false_expression, f_called): self.copy_expression(next_expr, true_expression.called, false_expression.called) - next_expr = expression.call_value - # case of (..).func{value: .. ? .. : ..}() - if self.apply_copy(next_expr, true_expression, false_expression, f_call_value): + # In order to handle ternaries in both call options, gas and value, we return early if the + # conditional is not ahead to rewrite both ternaries (see `_rewrite_ternary_as_if_else`). + if expression.call_gas: + # case of (..).func{gas: .. ? .. : ..}() + next_expr = expression.call_gas + if self.conditional_not_ahead( + next_expr, true_expression, false_expression, f_call_gas + ): + self.copy_expression( + next_expr, + true_expression.call_gas, + false_expression.call_gas, + ) + else: + return + + if expression.call_value: + # case of (..).func{value: .. ? .. : ..}() + next_expr = expression.call_value + if self.conditional_not_ahead( + next_expr, true_expression, false_expression, f_call_value + ): self.copy_expression( next_expr, true_expression.call_value, false_expression.call_value, ) + else: + return true_expression._arguments = [] false_expression._arguments = [] for next_expr in expression.arguments: - if self.apply_copy(next_expr, true_expression, false_expression, f_call): + if self.conditional_not_ahead(next_expr, true_expression, false_expression, f_call): # always on last arguments added self.copy_expression( next_expr, @@ -149,7 +187,9 @@ class SplitTernaryExpression: elif isinstance(expression, (TypeConversion, UnaryOperation)): next_expr = expression.expression - if self.apply_copy(next_expr, true_expression, false_expression, f_expression): + if self.conditional_not_ahead( + next_expr, true_expression, false_expression, f_expression + ): self.copy_expression( expression.expression, true_expression.expression, @@ -160,35 +200,3 @@ class SplitTernaryExpression: raise SlitherException( f"Ternary operation not handled {expression}({type(expression)})" ) - - -def _handle_ternary_access( - next_expr: IndexAccess, - true_expression: AssignmentOperation, - false_expression: AssignmentOperation, -): - """ - Conditional ternary accesses are split into two accesses, one true and one false - E.g. x[if cond ? 1 : 2] -> if cond { x[1] } else { x[2] } - """ - true_index_access = IndexAccess( - next_expr.expression_left, - next_expr.expression_right.then_expression, - next_expr.type, - ) - false_index_access = IndexAccess( - next_expr.expression_left, - next_expr.expression_right.else_expression, - next_expr.type, - ) - - f_expressions( - true_expression, - true_index_access, - ) - f_expressions( - false_expression, - false_index_access, - ) - - return next_expr.expression_right diff --git a/tests/slithir/ternary_expressions.sol b/tests/slithir/ternary_expressions.sol index c2e50b719..7fcc675c1 100644 --- a/tests/slithir/ternary_expressions.sol +++ b/tests/slithir/ternary_expressions.sol @@ -1,3 +1,6 @@ +interface NameReg { + function addressOf() external payable; +} contract C { // TODO // 1) support variable declarations @@ -21,4 +24,12 @@ contract C { function d(bool cond, bytes calldata x) external { bytes1 a = x[cond ? 1 : 2]; } + + function e(address one, address two) public { + return NameReg(one).addressOf{value: msg.sender == two ? 1 : 2, gas: true ? 2 : gasleft()}(); + } + // TODO: nested ternary + // function f(address one, address two) public { + // return NameReg(one).addressOf{value: msg.sender == two ? 1 : 2, gas: true ? (1 == 1 ? 1 : 2) : gasleft()}(); + // } } From a6ce9961aa4239088ca05779d9bedd483335ce0b Mon Sep 17 00:00:00 2001 From: alpharush <0xalpharush@protonmail.com> Date: Mon, 12 Dec 2022 08:48:40 -0600 Subject: [PATCH 11/42] change confidence to high --- slither/detectors/variables/var_read_using_this.py | 2 +- .../var_read_using_this.sol.0.5.16.VarReadUsingThis.json | 8 ++++---- .../var_read_using_this.sol.0.6.11.VarReadUsingThis.json | 8 ++++---- .../var_read_using_this.sol.0.7.6.VarReadUsingThis.json | 8 ++++---- .../var_read_using_this.sol.0.8.15.VarReadUsingThis.json | 8 ++++---- 5 files changed, 17 insertions(+), 17 deletions(-) diff --git a/slither/detectors/variables/var_read_using_this.py b/slither/detectors/variables/var_read_using_this.py index 96b413236..7ba9b87b6 100644 --- a/slither/detectors/variables/var_read_using_this.py +++ b/slither/detectors/variables/var_read_using_this.py @@ -9,7 +9,7 @@ class VarReadUsingThis(AbstractDetector): ARGUMENT = "var-read-using-this" HELP = "Contract reads its own variable using `this`" IMPACT = DetectorClassification.OPTIMIZATION - CONFIDENCE = DetectorClassification.MEDIUM + CONFIDENCE = DetectorClassification.HIGH WIKI = "https://github.com/trailofbits/slither-private/wiki/Vulnerabilities-Description#var-read-using-this" diff --git a/tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol.0.5.16.VarReadUsingThis.json b/tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol.0.5.16.VarReadUsingThis.json index 5034c795c..bdd201bd2 100644 --- a/tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol.0.5.16.VarReadUsingThis.json +++ b/tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol.0.5.16.VarReadUsingThis.json @@ -168,7 +168,7 @@ "id": "0178009997f4d2c4d9a3a9e966bc7c3277ba1ce8c8c412b04fbe2cab3eab1b64", "check": "var-read-using-this", "impact": "Optimization", - "confidence": "Medium" + "confidence": "High" }, { "elements": [ @@ -338,7 +338,7 @@ "id": "1aeda0f171a714323d2cc886a4569374dcecf4a31bfd07dd341985cb91c1cda4", "check": "var-read-using-this", "impact": "Optimization", - "confidence": "Medium" + "confidence": "High" }, { "elements": [ @@ -512,7 +512,7 @@ "id": "512bc7a6d6d4fc95951dd03634d193a2e29b0162882a8b4be6e27ff899e21b2d", "check": "var-read-using-this", "impact": "Optimization", - "confidence": "Medium" + "confidence": "High" }, { "elements": [ @@ -682,7 +682,7 @@ "id": "e230fb1483c53ad953389bae20f599c95bbb5feb0040a4b9c33da5ec96682eff", "check": "var-read-using-this", "impact": "Optimization", - "confidence": "Medium" + "confidence": "High" } ] ] \ No newline at end of file diff --git a/tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol.0.6.11.VarReadUsingThis.json b/tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol.0.6.11.VarReadUsingThis.json index f865074ca..df316c390 100644 --- a/tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol.0.6.11.VarReadUsingThis.json +++ b/tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol.0.6.11.VarReadUsingThis.json @@ -168,7 +168,7 @@ "id": "0207d6c951b693638b81afe89cdee392fd61a671e0a92e1f8c8b4e5824b1d25b", "check": "var-read-using-this", "impact": "Optimization", - "confidence": "Medium" + "confidence": "High" }, { "elements": [ @@ -338,7 +338,7 @@ "id": "58da220580586bad1af775ff0da07248cea80f98a30f3173c494ce5517d4b041", "check": "var-read-using-this", "impact": "Optimization", - "confidence": "Medium" + "confidence": "High" }, { "elements": [ @@ -512,7 +512,7 @@ "id": "6d5eeb058ec44a05d486b3ee7c2911a7f5306b3d0b619a52ae08efe195c8614c", "check": "var-read-using-this", "impact": "Optimization", - "confidence": "Medium" + "confidence": "High" }, { "elements": [ @@ -682,7 +682,7 @@ "id": "b8b557dc26e17f526df0fd98af8c5d06013dd18b163e05a281ea1519e15ca24e", "check": "var-read-using-this", "impact": "Optimization", - "confidence": "Medium" + "confidence": "High" } ] ] \ No newline at end of file diff --git a/tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol.0.7.6.VarReadUsingThis.json b/tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol.0.7.6.VarReadUsingThis.json index b43d123cd..770276729 100644 --- a/tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol.0.7.6.VarReadUsingThis.json +++ b/tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol.0.7.6.VarReadUsingThis.json @@ -168,7 +168,7 @@ "id": "44eec3d0ad87871981571b3d571f13579272bdabcfebe6bd25ac2880d2bf3c33", "check": "var-read-using-this", "impact": "Optimization", - "confidence": "Medium" + "confidence": "High" }, { "elements": [ @@ -342,7 +342,7 @@ "id": "519caa8ce5e7990c223fd65d827817bb93fe3020efcf9133f204f7a80f6a4e7f", "check": "var-read-using-this", "impact": "Optimization", - "confidence": "Medium" + "confidence": "High" }, { "elements": [ @@ -512,7 +512,7 @@ "id": "7f28036af3c8cd6bc29a5a25378629d8f703b655a55f3a5cf36e8b96a11c792a", "check": "var-read-using-this", "impact": "Optimization", - "confidence": "Medium" + "confidence": "High" }, { "elements": [ @@ -682,7 +682,7 @@ "id": "a19dc63eefbe43a4a7642c957b7b96fad0c42563e18d0b03fb1592c1ad5bad04", "check": "var-read-using-this", "impact": "Optimization", - "confidence": "Medium" + "confidence": "High" } ] ] \ No newline at end of file diff --git a/tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol.0.8.15.VarReadUsingThis.json b/tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol.0.8.15.VarReadUsingThis.json index 23295ecb2..4914c3f3b 100644 --- a/tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol.0.8.15.VarReadUsingThis.json +++ b/tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol.0.8.15.VarReadUsingThis.json @@ -172,7 +172,7 @@ "id": "1224862cf823193c24ce4a02579e7b9cf0eaded7167e8c9f9ed2861d9a9910cc", "check": "var-read-using-this", "impact": "Optimization", - "confidence": "Medium" + "confidence": "High" }, { "elements": [ @@ -342,7 +342,7 @@ "id": "29d9293adc1046d877a098beb2f9b7757658226e50c6d28228df65dfeeba7fd8", "check": "var-read-using-this", "impact": "Optimization", - "confidence": "Medium" + "confidence": "High" }, { "elements": [ @@ -512,7 +512,7 @@ "id": "38e0c82eed10e2c79f5d232284f6e0d0b12966f71eaee7a5139a82e927d38005", "check": "var-read-using-this", "impact": "Optimization", - "confidence": "Medium" + "confidence": "High" }, { "elements": [ @@ -682,7 +682,7 @@ "id": "aa84305fa524be189a9e050c79cea81a7bc258614c7563e22738e17a3559615a", "check": "var-read-using-this", "impact": "Optimization", - "confidence": "Medium" + "confidence": "High" } ] ] \ No newline at end of file From a1a0abe17dbc0bc805f5b038fe673376f0d5f14d Mon Sep 17 00:00:00 2001 From: alpharush <0xalpharush@protonmail.com> Date: Mon, 12 Dec 2022 12:45:31 -0600 Subject: [PATCH 12/42] support parenthetical ternary expr and update tests --- slither/utils/expression_manipulations.py | 7 +++++++ tests/slithir/ternary_expressions.sol | 21 ++++++++++++++------- tests/slithir/test_ternary_expressions.py | 6 +++--- 3 files changed, 24 insertions(+), 10 deletions(-) diff --git a/slither/utils/expression_manipulations.py b/slither/utils/expression_manipulations.py index 777c0c2a1..9ae01fde7 100644 --- a/slither/utils/expression_manipulations.py +++ b/slither/utils/expression_manipulations.py @@ -68,6 +68,13 @@ class SplitTernaryExpression: false_expression: Union[AssignmentOperation, MemberAccess], f: Callable, ) -> bool: + # parentetical expression (.. ? .. : ..) + if ( + isinstance(next_expr, TupleExpression) + and len(next_expr.expressions) == 1 + and isinstance(next_expr.expressions[0], ConditionalExpression) + ): + next_expr = next_expr.expressions[0] if isinstance(next_expr, ConditionalExpression): f(true_expression, copy.copy(next_expr.then_expression)) diff --git a/tests/slithir/ternary_expressions.sol b/tests/slithir/ternary_expressions.sol index 7fcc675c1..c6a6d4643 100644 --- a/tests/slithir/ternary_expressions.sol +++ b/tests/slithir/ternary_expressions.sol @@ -1,5 +1,6 @@ -interface NameReg { - function addressOf() external payable; +interface Test { + function test() external payable returns (uint); + function testTuple() external payable returns (uint, uint); } contract C { // TODO @@ -26,10 +27,16 @@ contract C { } function e(address one, address two) public { - return NameReg(one).addressOf{value: msg.sender == two ? 1 : 2, gas: true ? 2 : gasleft()}(); + uint x = Test(one).test{value: msg.sender == two ? 1 : 2, gas: true ? 2 : gasleft()}(); + } + + // Parenthteical expression + function f(address one, address two) public { + uint x = Test(one).test{value: msg.sender == two ? 1 : 2, gas: true ? (1 == 1 ? 1 : 2) : gasleft()}(); + } + + // Unused tuple variable + function g(address one) public { + (, uint x) = Test(one).testTuple(); } - // TODO: nested ternary - // function f(address one, address two) public { - // return NameReg(one).addressOf{value: msg.sender == two ? 1 : 2, gas: true ? (1 == 1 ? 1 : 2) : gasleft()}(); - // } } diff --git a/tests/slithir/test_ternary_expressions.py b/tests/slithir/test_ternary_expressions.py index db5658787..17cac6b2f 100644 --- a/tests/slithir/test_ternary_expressions.py +++ b/tests/slithir/test_ternary_expressions.py @@ -9,10 +9,10 @@ def test_ternary_conversions() -> None: slither = Slither("./tests/slithir/ternary_expressions.sol") for contract in slither.contracts: for function in contract.functions: + vars_declared = 0 + vars_assigned = 0 for node in function.nodes: if node.type in [NodeType.IF, NodeType.IFLOOP]: - vars_declared = 0 - vars_assigned = 0 # Iterate over true and false son for inner_node in node.sons: @@ -31,7 +31,7 @@ def test_ternary_conversions() -> None: if isinstance(ir, Assignment): vars_assigned += 1 - assert vars_declared == vars_assigned + assert vars_declared == vars_assigned if __name__ == "__main__": From a1343a8df596746999e766f8f7c51ed6a8ed93b4 Mon Sep 17 00:00:00 2001 From: alpharush <0xalpharush@protonmail.com> Date: Mon, 12 Dec 2022 12:47:27 -0600 Subject: [PATCH 13/42] update function name --- slither/solc_parsing/declarations/modifier.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/slither/solc_parsing/declarations/modifier.py b/slither/solc_parsing/declarations/modifier.py index a3f07da7f..e55487612 100644 --- a/slither/solc_parsing/declarations/modifier.py +++ b/slither/solc_parsing/declarations/modifier.py @@ -87,7 +87,7 @@ class ModifierSolc(FunctionSolc): for node in self._node_to_nodesolc.values(): node.analyze_expressions(self) - self._filter_ternary() + self._rewrite_ternary_as_if_else() self._remove_alone_endif() # self._analyze_read_write() From ca252f147293e648d748593c891f1742a9b07db5 Mon Sep 17 00:00:00 2001 From: alpharush <0xalpharush@protonmail.com> Date: Mon, 12 Dec 2022 13:10:25 -0600 Subject: [PATCH 14/42] spelling and linting --- slither/utils/expression_manipulations.py | 6 +++--- tests/slithir/ternary_expressions.sol | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/slither/utils/expression_manipulations.py b/slither/utils/expression_manipulations.py index 9ae01fde7..591fab0ef 100644 --- a/slither/utils/expression_manipulations.py +++ b/slither/utils/expression_manipulations.py @@ -3,7 +3,7 @@ as they should be immutable """ import copy -from typing import Union, Callable, Tuple, Optional +from typing import Union, Callable from slither.core.expressions import UnaryOperation from slither.core.expressions.assignment_operation import AssignmentOperation from slither.core.expressions.binary_operation import BinaryOperation @@ -68,7 +68,7 @@ class SplitTernaryExpression: false_expression: Union[AssignmentOperation, MemberAccess], f: Callable, ) -> bool: - # parentetical expression (.. ? .. : ..) + # look ahead for parenthetical expression (.. ? .. : ..) if ( isinstance(next_expr, TupleExpression) and len(next_expr.expressions) == 1 @@ -112,7 +112,7 @@ class SplitTernaryExpression: self.copy_expression( next_expr, true_expression.expression, false_expression.expression ) - + # pylint: disable=too-many-nested-blocks elif isinstance(expression, (AssignmentOperation, BinaryOperation, TupleExpression)): true_expression._expressions = [] false_expression._expressions = [] diff --git a/tests/slithir/ternary_expressions.sol b/tests/slithir/ternary_expressions.sol index c6a6d4643..89fdc59d1 100644 --- a/tests/slithir/ternary_expressions.sol +++ b/tests/slithir/ternary_expressions.sol @@ -30,7 +30,7 @@ contract C { uint x = Test(one).test{value: msg.sender == two ? 1 : 2, gas: true ? 2 : gasleft()}(); } - // Parenthteical expression + // Parenthetical expression function f(address one, address two) public { uint x = Test(one).test{value: msg.sender == two ? 1 : 2, gas: true ? (1 == 1 ? 1 : 2) : gasleft()}(); } From 3c7802f2e9c04a35f8b268b0741ad0500b4dcadf Mon Sep 17 00:00:00 2001 From: alpharush <0xalpharush@protonmail.com> Date: Wed, 14 Dec 2022 12:17:17 -0600 Subject: [PATCH 15/42] filter out external visibility and update wiki --- .../variables/var_read_using_this.py | 16 +- .../0.5.16/var_read_using_this.sol | 6 + ...sing_this.sol.0.5.16.VarReadUsingThis.json | 276 ++++++++++------- .../0.6.11/var_read_using_this.sol | 6 + ...sing_this.sol.0.6.11.VarReadUsingThis.json | 236 +++++++++------ .../0.7.6/var_read_using_this.sol | 6 + ...using_this.sol.0.7.6.VarReadUsingThis.json | 196 +++++++----- .../0.8.15/var_read_using_this.sol | 6 + ...sing_this.sol.0.8.15.VarReadUsingThis.json | 280 ++++++++++-------- 9 files changed, 624 insertions(+), 404 deletions(-) diff --git a/slither/detectors/variables/var_read_using_this.py b/slither/detectors/variables/var_read_using_this.py index 7ba9b87b6..3d9f204c2 100644 --- a/slither/detectors/variables/var_read_using_this.py +++ b/slither/detectors/variables/var_read_using_this.py @@ -11,10 +11,10 @@ class VarReadUsingThis(AbstractDetector): IMPACT = DetectorClassification.OPTIMIZATION CONFIDENCE = DetectorClassification.HIGH - WIKI = "https://github.com/trailofbits/slither-private/wiki/Vulnerabilities-Description#var-read-using-this" + WIKI = "https://github.com/crytic/slither/wiki/Vulnerabilities-Description#public-variable-read-in-external-context" - WIKI_TITLE = "Variable read using this" - WIKI_DESCRIPTION = "Contract reads its own variable using `this`, adding overhead of an unnecessary STATICCALL." + WIKI_TITLE = "Public variable read in external context" + WIKI_DESCRIPTION = "The contract reads its own variable using `this`, adding overhead of an unnecessary STATICCALL." WIKI_EXPLOIT_SCENARIO = """ ```solidity contract C { @@ -38,7 +38,7 @@ contract C { func, " reads ", node, - " with `this` which adds an extra STATICALL.\n", + " with `this` which adds an extra STATICCALL.\n", ] json = self.generate_result(info) results.append(json) @@ -51,6 +51,10 @@ contract C { for node in func.nodes: for ir in node.irs: if isinstance(ir, HighLevelCall): - if ir.destination == SolidityVariable("this") and ir.is_static_call(): + if ( + ir.destination == SolidityVariable("this") + and ir.is_static_call() + and ir.function.visibility == "public" + ): results.append(node) - return results + return sorted(results, key=lambda x: x.node_id) diff --git a/tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol b/tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol index dc0d152be..2382bf91a 100644 --- a/tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol +++ b/tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol @@ -29,5 +29,11 @@ contract VarReadUsingThis { for (uint x; x < 10; x++) { address local = erc20; } + } + function mapExternal(uint x) external returns(address) { + return myMap[x]; + } + function good5(uint x) external returns(address) { + this.mapExternal(x); } } diff --git a/tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol.0.5.16.VarReadUsingThis.json b/tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol.0.5.16.VarReadUsingThis.json index bdd201bd2..4b9a59314 100644 --- a/tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol.0.5.16.VarReadUsingThis.json +++ b/tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol.0.5.16.VarReadUsingThis.json @@ -4,18 +4,18 @@ "elements": [ { "type": "function", - "name": "bad2", + "name": "bad3", "source_mapping": { - "start": 192, - "length": 78, + "start": 275, + "length": 99, "filename_relative": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", "is_dependency": false, "lines": [ - 8, - 9, - 10 + 11, + 12, + 13 ], "starting_column": 5, "ending_column": 6 @@ -26,7 +26,7 @@ "name": "VarReadUsingThis", "source_mapping": { "start": 1, - "length": 916, + "length": 1102, "filename_relative": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", @@ -63,46 +63,52 @@ 30, 31, 32, - 33 + 33, + 34, + 35, + 36, + 37, + 38, + 39 ], "starting_column": 1, "ending_column": 2 } }, - "signature": "bad2()" + "signature": "bad3()" } }, { "type": "node", - "name": "this.erc20()", + "name": "this.erc20() == address(0)", "source_mapping": { - "start": 244, - "length": 19, + "start": 331, + "length": 26, "filename_relative": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", "is_dependency": false, "lines": [ - 9 + 12 ], - "starting_column": 9, - "ending_column": 28 + "starting_column": 13, + "ending_column": 39 }, "type_specific_fields": { "parent": { "type": "function", - "name": "bad2", + "name": "bad3", "source_mapping": { - "start": 192, - "length": 78, + "start": 275, + "length": 99, "filename_relative": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", "is_dependency": false, "lines": [ - 8, - 9, - 10 + 11, + 12, + 13 ], "starting_column": 5, "ending_column": 6 @@ -113,7 +119,7 @@ "name": "VarReadUsingThis", "source_mapping": { "start": 1, - "length": 916, + "length": 1102, "filename_relative": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", @@ -150,22 +156,28 @@ 30, 31, 32, - 33 + 33, + 34, + 35, + 36, + 37, + 38, + 39 ], "starting_column": 1, "ending_column": 2 } }, - "signature": "bad2()" + "signature": "bad3()" } } } } ], - "description": "The function VarReadUsingThis.bad2() (tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol#8-10) reads this.erc20() (tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol#9) with `this` which adds an extra STATICALL.\n", - "markdown": "The function [VarReadUsingThis.bad2()](tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol#L8-L10) reads [this.erc20()](tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol#L9) with `this` which adds an extra STATICALL.\n", - "first_markdown_element": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol#L8-L10", - "id": "0178009997f4d2c4d9a3a9e966bc7c3277ba1ce8c8c412b04fbe2cab3eab1b64", + "description": "The function VarReadUsingThis.bad3() (tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol#11-13) reads this.erc20() == address(0) (tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol#12) with `this` which adds an extra STATICCALL.\n", + "markdown": "The function [VarReadUsingThis.bad3()](tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol#L11-L13) reads [this.erc20() == address(0)](tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol#L12) with `this` which adds an extra STATICCALL.\n", + "first_markdown_element": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol#L11-L13", + "id": "5556888563fa21301c242d57fbd8e08a35fc5d67171a88b9a2737c14be9c6f7f", "check": "var-read-using-this", "impact": "Optimization", "confidence": "High" @@ -174,18 +186,18 @@ "elements": [ { "type": "function", - "name": "bad1", + "name": "bad2", "source_mapping": { - "start": 102, - "length": 85, + "start": 192, + "length": 78, "filename_relative": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", "is_dependency": false, "lines": [ - 5, - 6, - 7 + 8, + 9, + 10 ], "starting_column": 5, "ending_column": 6 @@ -196,7 +208,7 @@ "name": "VarReadUsingThis", "source_mapping": { "start": 1, - "length": 916, + "length": 1102, "filename_relative": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", @@ -233,46 +245,52 @@ 30, 31, 32, - 33 + 33, + 34, + 35, + 36, + 37, + 38, + 39 ], "starting_column": 1, "ending_column": 2 } }, - "signature": "bad1(uint256)" + "signature": "bad2()" } }, { "type": "node", - "name": "this.myMap(x)", + "name": "this.erc20()", "source_mapping": { - "start": 160, - "length": 20, + "start": 244, + "length": 19, "filename_relative": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", "is_dependency": false, "lines": [ - 6 + 9 ], "starting_column": 9, - "ending_column": 29 + "ending_column": 28 }, "type_specific_fields": { "parent": { "type": "function", - "name": "bad1", + "name": "bad2", "source_mapping": { - "start": 102, - "length": 85, + "start": 192, + "length": 78, "filename_relative": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", "is_dependency": false, "lines": [ - 5, - 6, - 7 + 8, + 9, + 10 ], "starting_column": 5, "ending_column": 6 @@ -283,7 +301,7 @@ "name": "VarReadUsingThis", "source_mapping": { "start": 1, - "length": 916, + "length": 1102, "filename_relative": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", @@ -320,22 +338,28 @@ 30, 31, 32, - 33 + 33, + 34, + 35, + 36, + 37, + 38, + 39 ], "starting_column": 1, "ending_column": 2 } }, - "signature": "bad1(uint256)" + "signature": "bad2()" } } } } ], - "description": "The function VarReadUsingThis.bad1(uint256) (tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol#5-7) reads this.myMap(x) (tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol#6) with `this` which adds an extra STATICALL.\n", - "markdown": "The function [VarReadUsingThis.bad1(uint256)](tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol#L5-L7) reads [this.myMap(x)](tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol#L6) with `this` which adds an extra STATICALL.\n", - "first_markdown_element": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol#L5-L7", - "id": "1aeda0f171a714323d2cc886a4569374dcecf4a31bfd07dd341985cb91c1cda4", + "description": "The function VarReadUsingThis.bad2() (tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol#8-10) reads this.erc20() (tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol#9) with `this` which adds an extra STATICCALL.\n", + "markdown": "The function [VarReadUsingThis.bad2()](tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol#L8-L10) reads [this.erc20()](tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol#L9) with `this` which adds an extra STATICCALL.\n", + "first_markdown_element": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol#L8-L10", + "id": "a55229af8750117389299ed9f759d5036882a2396a52087bb2a42c5ed8abaec1", "check": "var-read-using-this", "impact": "Optimization", "confidence": "High" @@ -344,20 +368,18 @@ "elements": [ { "type": "function", - "name": "bad4", + "name": "bad1", "source_mapping": { - "start": 379, - "length": 138, + "start": 102, + "length": 85, "filename_relative": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", "is_dependency": false, "lines": [ - 14, - 15, - 16, - 17, - 18 + 5, + 6, + 7 ], "starting_column": 5, "ending_column": 6 @@ -368,7 +390,7 @@ "name": "VarReadUsingThis", "source_mapping": { "start": 1, - "length": 916, + "length": 1102, "filename_relative": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", @@ -405,48 +427,52 @@ 30, 31, 32, - 33 + 33, + 34, + 35, + 36, + 37, + 38, + 39 ], "starting_column": 1, "ending_column": 2 } }, - "signature": "bad4()" + "signature": "bad1(uint256)" } }, { "type": "node", - "name": "local = this.erc20()", + "name": "this.myMap(x)", "source_mapping": { - "start": 471, - "length": 28, + "start": 160, + "length": 20, "filename_relative": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", "is_dependency": false, "lines": [ - 16 + 6 ], - "starting_column": 13, - "ending_column": 41 + "starting_column": 9, + "ending_column": 29 }, "type_specific_fields": { "parent": { "type": "function", - "name": "bad4", + "name": "bad1", "source_mapping": { - "start": 379, - "length": 138, + "start": 102, + "length": 85, "filename_relative": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", "is_dependency": false, "lines": [ - 14, - 15, - 16, - 17, - 18 + 5, + 6, + 7 ], "starting_column": 5, "ending_column": 6 @@ -457,7 +483,7 @@ "name": "VarReadUsingThis", "source_mapping": { "start": 1, - "length": 916, + "length": 1102, "filename_relative": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", @@ -494,22 +520,28 @@ 30, 31, 32, - 33 + 33, + 34, + 35, + 36, + 37, + 38, + 39 ], "starting_column": 1, "ending_column": 2 } }, - "signature": "bad4()" + "signature": "bad1(uint256)" } } } } ], - "description": "The function VarReadUsingThis.bad4() (tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol#14-18) reads local = this.erc20() (tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol#16) with `this` which adds an extra STATICALL.\n", - "markdown": "The function [VarReadUsingThis.bad4()](tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol#L14-L18) reads [local = this.erc20()](tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol#L16) with `this` which adds an extra STATICALL.\n", - "first_markdown_element": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol#L14-L18", - "id": "512bc7a6d6d4fc95951dd03634d193a2e29b0162882a8b4be6e27ff899e21b2d", + "description": "The function VarReadUsingThis.bad1(uint256) (tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol#5-7) reads this.myMap(x) (tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol#6) with `this` which adds an extra STATICCALL.\n", + "markdown": "The function [VarReadUsingThis.bad1(uint256)](tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol#L5-L7) reads [this.myMap(x)](tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol#L6) with `this` which adds an extra STATICCALL.\n", + "first_markdown_element": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol#L5-L7", + "id": "e810f17bcfdf391a48e66ef70c4aafcc205c882b28d0588b26f1d45742580df6", "check": "var-read-using-this", "impact": "Optimization", "confidence": "High" @@ -518,18 +550,20 @@ "elements": [ { "type": "function", - "name": "bad3", + "name": "bad4", "source_mapping": { - "start": 275, - "length": 99, + "start": 379, + "length": 138, "filename_relative": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", "is_dependency": false, "lines": [ - 11, - 12, - 13 + 14, + 15, + 16, + 17, + 18 ], "starting_column": 5, "ending_column": 6 @@ -540,7 +574,7 @@ "name": "VarReadUsingThis", "source_mapping": { "start": 1, - "length": 916, + "length": 1102, "filename_relative": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", @@ -577,46 +611,54 @@ 30, 31, 32, - 33 + 33, + 34, + 35, + 36, + 37, + 38, + 39 ], "starting_column": 1, "ending_column": 2 } }, - "signature": "bad3()" + "signature": "bad4()" } }, { "type": "node", - "name": "this.erc20() == address(0)", + "name": "local = this.erc20()", "source_mapping": { - "start": 331, - "length": 26, + "start": 471, + "length": 28, "filename_relative": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", "is_dependency": false, "lines": [ - 12 + 16 ], "starting_column": 13, - "ending_column": 39 + "ending_column": 41 }, "type_specific_fields": { "parent": { "type": "function", - "name": "bad3", + "name": "bad4", "source_mapping": { - "start": 275, - "length": 99, + "start": 379, + "length": 138, "filename_relative": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", "is_dependency": false, "lines": [ - 11, - 12, - 13 + 14, + 15, + 16, + 17, + 18 ], "starting_column": 5, "ending_column": 6 @@ -627,7 +669,7 @@ "name": "VarReadUsingThis", "source_mapping": { "start": 1, - "length": 916, + "length": 1102, "filename_relative": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", @@ -664,22 +706,28 @@ 30, 31, 32, - 33 + 33, + 34, + 35, + 36, + 37, + 38, + 39 ], "starting_column": 1, "ending_column": 2 } }, - "signature": "bad3()" + "signature": "bad4()" } } } } ], - "description": "The function VarReadUsingThis.bad3() (tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol#11-13) reads this.erc20() == address(0) (tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol#12) with `this` which adds an extra STATICALL.\n", - "markdown": "The function [VarReadUsingThis.bad3()](tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol#L11-L13) reads [this.erc20() == address(0)](tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol#L12) with `this` which adds an extra STATICALL.\n", - "first_markdown_element": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol#L11-L13", - "id": "e230fb1483c53ad953389bae20f599c95bbb5feb0040a4b9c33da5ec96682eff", + "description": "The function VarReadUsingThis.bad4() (tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol#14-18) reads local = this.erc20() (tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol#16) with `this` which adds an extra STATICCALL.\n", + "markdown": "The function [VarReadUsingThis.bad4()](tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol#L14-L18) reads [local = this.erc20()](tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol#L16) with `this` which adds an extra STATICCALL.\n", + "first_markdown_element": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol#L14-L18", + "id": "fe997df3fdea17b13139a239ecdcdb64a2f6482aa9dacc62f845ef30591c8e4c", "check": "var-read-using-this", "impact": "Optimization", "confidence": "High" diff --git a/tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol b/tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol index dc0d152be..e252aa848 100644 --- a/tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol +++ b/tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol @@ -30,4 +30,10 @@ contract VarReadUsingThis { address local = erc20; } } + function mapExternal(uint x) external returns(address) { + return myMap[x]; + } + function good5(uint x) external returns(address) { + this.mapExternal(x); + } } diff --git a/tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol.0.6.11.VarReadUsingThis.json b/tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol.0.6.11.VarReadUsingThis.json index df316c390..796180231 100644 --- a/tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol.0.6.11.VarReadUsingThis.json +++ b/tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol.0.6.11.VarReadUsingThis.json @@ -26,7 +26,7 @@ "name": "VarReadUsingThis", "source_mapping": { "start": 1, - "length": 916, + "length": 1098, "filename_relative": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", @@ -63,7 +63,13 @@ 30, 31, 32, - 33 + 33, + 34, + 35, + 36, + 37, + 38, + 39 ], "starting_column": 1, "ending_column": 2 @@ -113,7 +119,7 @@ "name": "VarReadUsingThis", "source_mapping": { "start": 1, - "length": 916, + "length": 1098, "filename_relative": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", @@ -150,7 +156,13 @@ 30, 31, 32, - 33 + 33, + 34, + 35, + 36, + 37, + 38, + 39 ], "starting_column": 1, "ending_column": 2 @@ -162,10 +174,10 @@ } } ], - "description": "The function VarReadUsingThis.bad3() (tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol#11-13) reads this.erc20() == address(0) (tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol#12) with `this` which adds an extra STATICALL.\n", - "markdown": "The function [VarReadUsingThis.bad3()](tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol#L11-L13) reads [this.erc20() == address(0)](tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol#L12) with `this` which adds an extra STATICALL.\n", + "description": "The function VarReadUsingThis.bad3() (tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol#11-13) reads this.erc20() == address(0) (tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol#12) with `this` which adds an extra STATICCALL.\n", + "markdown": "The function [VarReadUsingThis.bad3()](tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol#L11-L13) reads [this.erc20() == address(0)](tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol#L12) with `this` which adds an extra STATICCALL.\n", "first_markdown_element": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol#L11-L13", - "id": "0207d6c951b693638b81afe89cdee392fd61a671e0a92e1f8c8b4e5824b1d25b", + "id": "314f90a4989ea75cc274e1f5f46036968c2ecdaaf8fa84913e7db4ef1ffe5bb8", "check": "var-read-using-this", "impact": "Optimization", "confidence": "High" @@ -174,18 +186,20 @@ "elements": [ { "type": "function", - "name": "bad2", + "name": "bad4", "source_mapping": { - "start": 192, - "length": 78, + "start": 379, + "length": 138, "filename_relative": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", "is_dependency": false, "lines": [ - 8, - 9, - 10 + 14, + 15, + 16, + 17, + 18 ], "starting_column": 5, "ending_column": 6 @@ -196,7 +210,7 @@ "name": "VarReadUsingThis", "source_mapping": { "start": 1, - "length": 916, + "length": 1098, "filename_relative": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", @@ -233,46 +247,54 @@ 30, 31, 32, - 33 + 33, + 34, + 35, + 36, + 37, + 38, + 39 ], "starting_column": 1, "ending_column": 2 } }, - "signature": "bad2()" + "signature": "bad4()" } }, { "type": "node", - "name": "this.erc20()", + "name": "local = this.erc20()", "source_mapping": { - "start": 244, - "length": 19, + "start": 471, + "length": 28, "filename_relative": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", "is_dependency": false, "lines": [ - 9 + 16 ], - "starting_column": 9, - "ending_column": 28 + "starting_column": 13, + "ending_column": 41 }, "type_specific_fields": { "parent": { "type": "function", - "name": "bad2", + "name": "bad4", "source_mapping": { - "start": 192, - "length": 78, + "start": 379, + "length": 138, "filename_relative": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", "is_dependency": false, "lines": [ - 8, - 9, - 10 + 14, + 15, + 16, + 17, + 18 ], "starting_column": 5, "ending_column": 6 @@ -283,7 +305,7 @@ "name": "VarReadUsingThis", "source_mapping": { "start": 1, - "length": 916, + "length": 1098, "filename_relative": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", @@ -320,22 +342,28 @@ 30, 31, 32, - 33 + 33, + 34, + 35, + 36, + 37, + 38, + 39 ], "starting_column": 1, "ending_column": 2 } }, - "signature": "bad2()" + "signature": "bad4()" } } } } ], - "description": "The function VarReadUsingThis.bad2() (tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol#8-10) reads this.erc20() (tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol#9) with `this` which adds an extra STATICALL.\n", - "markdown": "The function [VarReadUsingThis.bad2()](tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol#L8-L10) reads [this.erc20()](tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol#L9) with `this` which adds an extra STATICALL.\n", - "first_markdown_element": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol#L8-L10", - "id": "58da220580586bad1af775ff0da07248cea80f98a30f3173c494ce5517d4b041", + "description": "The function VarReadUsingThis.bad4() (tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol#14-18) reads local = this.erc20() (tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol#16) with `this` which adds an extra STATICCALL.\n", + "markdown": "The function [VarReadUsingThis.bad4()](tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol#L14-L18) reads [local = this.erc20()](tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol#L16) with `this` which adds an extra STATICCALL.\n", + "first_markdown_element": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol#L14-L18", + "id": "5fd3f1f78f3532107d7e111d84310f3a0fa374fa407e43951d70fd00a752f76f", "check": "var-read-using-this", "impact": "Optimization", "confidence": "High" @@ -344,20 +372,18 @@ "elements": [ { "type": "function", - "name": "bad4", + "name": "bad1", "source_mapping": { - "start": 379, - "length": 138, + "start": 102, + "length": 85, "filename_relative": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", "is_dependency": false, "lines": [ - 14, - 15, - 16, - 17, - 18 + 5, + 6, + 7 ], "starting_column": 5, "ending_column": 6 @@ -368,7 +394,7 @@ "name": "VarReadUsingThis", "source_mapping": { "start": 1, - "length": 916, + "length": 1098, "filename_relative": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", @@ -405,48 +431,52 @@ 30, 31, 32, - 33 + 33, + 34, + 35, + 36, + 37, + 38, + 39 ], "starting_column": 1, "ending_column": 2 } }, - "signature": "bad4()" + "signature": "bad1(uint256)" } }, { "type": "node", - "name": "local = this.erc20()", + "name": "this.myMap(x)", "source_mapping": { - "start": 471, - "length": 28, + "start": 160, + "length": 20, "filename_relative": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", "is_dependency": false, "lines": [ - 16 + 6 ], - "starting_column": 13, - "ending_column": 41 + "starting_column": 9, + "ending_column": 29 }, "type_specific_fields": { "parent": { "type": "function", - "name": "bad4", + "name": "bad1", "source_mapping": { - "start": 379, - "length": 138, + "start": 102, + "length": 85, "filename_relative": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", "is_dependency": false, "lines": [ - 14, - 15, - 16, - 17, - 18 + 5, + 6, + 7 ], "starting_column": 5, "ending_column": 6 @@ -457,7 +487,7 @@ "name": "VarReadUsingThis", "source_mapping": { "start": 1, - "length": 916, + "length": 1098, "filename_relative": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", @@ -494,22 +524,28 @@ 30, 31, 32, - 33 + 33, + 34, + 35, + 36, + 37, + 38, + 39 ], "starting_column": 1, "ending_column": 2 } }, - "signature": "bad4()" + "signature": "bad1(uint256)" } } } } ], - "description": "The function VarReadUsingThis.bad4() (tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol#14-18) reads local = this.erc20() (tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol#16) with `this` which adds an extra STATICALL.\n", - "markdown": "The function [VarReadUsingThis.bad4()](tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol#L14-L18) reads [local = this.erc20()](tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol#L16) with `this` which adds an extra STATICALL.\n", - "first_markdown_element": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol#L14-L18", - "id": "6d5eeb058ec44a05d486b3ee7c2911a7f5306b3d0b619a52ae08efe195c8614c", + "description": "The function VarReadUsingThis.bad1(uint256) (tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol#5-7) reads this.myMap(x) (tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol#6) with `this` which adds an extra STATICCALL.\n", + "markdown": "The function [VarReadUsingThis.bad1(uint256)](tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol#L5-L7) reads [this.myMap(x)](tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol#L6) with `this` which adds an extra STATICCALL.\n", + "first_markdown_element": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol#L5-L7", + "id": "a30c3d8ddb468d865fa69afe5b7b83164fc1a332933d4661765cc3781896c7cf", "check": "var-read-using-this", "impact": "Optimization", "confidence": "High" @@ -518,18 +554,18 @@ "elements": [ { "type": "function", - "name": "bad1", + "name": "bad2", "source_mapping": { - "start": 102, - "length": 85, + "start": 192, + "length": 78, "filename_relative": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", "is_dependency": false, "lines": [ - 5, - 6, - 7 + 8, + 9, + 10 ], "starting_column": 5, "ending_column": 6 @@ -540,7 +576,7 @@ "name": "VarReadUsingThis", "source_mapping": { "start": 1, - "length": 916, + "length": 1098, "filename_relative": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", @@ -577,46 +613,52 @@ 30, 31, 32, - 33 + 33, + 34, + 35, + 36, + 37, + 38, + 39 ], "starting_column": 1, "ending_column": 2 } }, - "signature": "bad1(uint256)" + "signature": "bad2()" } }, { "type": "node", - "name": "this.myMap(x)", + "name": "this.erc20()", "source_mapping": { - "start": 160, - "length": 20, + "start": 244, + "length": 19, "filename_relative": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", "is_dependency": false, "lines": [ - 6 + 9 ], "starting_column": 9, - "ending_column": 29 + "ending_column": 28 }, "type_specific_fields": { "parent": { "type": "function", - "name": "bad1", + "name": "bad2", "source_mapping": { - "start": 102, - "length": 85, + "start": 192, + "length": 78, "filename_relative": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", "is_dependency": false, "lines": [ - 5, - 6, - 7 + 8, + 9, + 10 ], "starting_column": 5, "ending_column": 6 @@ -627,7 +669,7 @@ "name": "VarReadUsingThis", "source_mapping": { "start": 1, - "length": 916, + "length": 1098, "filename_relative": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", @@ -664,22 +706,28 @@ 30, 31, 32, - 33 + 33, + 34, + 35, + 36, + 37, + 38, + 39 ], "starting_column": 1, "ending_column": 2 } }, - "signature": "bad1(uint256)" + "signature": "bad2()" } } } } ], - "description": "The function VarReadUsingThis.bad1(uint256) (tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol#5-7) reads this.myMap(x) (tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol#6) with `this` which adds an extra STATICALL.\n", - "markdown": "The function [VarReadUsingThis.bad1(uint256)](tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol#L5-L7) reads [this.myMap(x)](tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol#L6) with `this` which adds an extra STATICALL.\n", - "first_markdown_element": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol#L5-L7", - "id": "b8b557dc26e17f526df0fd98af8c5d06013dd18b163e05a281ea1519e15ca24e", + "description": "The function VarReadUsingThis.bad2() (tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol#8-10) reads this.erc20() (tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol#9) with `this` which adds an extra STATICCALL.\n", + "markdown": "The function [VarReadUsingThis.bad2()](tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol#L8-L10) reads [this.erc20()](tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol#L9) with `this` which adds an extra STATICCALL.\n", + "first_markdown_element": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol#L8-L10", + "id": "ccc77ba655d341c0461ca4f4040afe19c379b2333e52648b12f793aaf7f0ead8", "check": "var-read-using-this", "impact": "Optimization", "confidence": "High" diff --git a/tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol b/tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol index dc0d152be..e252aa848 100644 --- a/tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol +++ b/tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol @@ -30,4 +30,10 @@ contract VarReadUsingThis { address local = erc20; } } + function mapExternal(uint x) external returns(address) { + return myMap[x]; + } + function good5(uint x) external returns(address) { + this.mapExternal(x); + } } diff --git a/tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol.0.7.6.VarReadUsingThis.json b/tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol.0.7.6.VarReadUsingThis.json index 770276729..512ca9fb7 100644 --- a/tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol.0.7.6.VarReadUsingThis.json +++ b/tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol.0.7.6.VarReadUsingThis.json @@ -26,7 +26,7 @@ "name": "VarReadUsingThis", "source_mapping": { "start": 1, - "length": 916, + "length": 1098, "filename_relative": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", @@ -63,7 +63,13 @@ 30, 31, 32, - 33 + 33, + 34, + 35, + 36, + 37, + 38, + 39 ], "starting_column": 1, "ending_column": 2 @@ -113,7 +119,7 @@ "name": "VarReadUsingThis", "source_mapping": { "start": 1, - "length": 916, + "length": 1098, "filename_relative": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", @@ -150,7 +156,13 @@ 30, 31, 32, - 33 + 33, + 34, + 35, + 36, + 37, + 38, + 39 ], "starting_column": 1, "ending_column": 2 @@ -162,10 +174,10 @@ } } ], - "description": "The function VarReadUsingThis.bad3() (tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol#11-13) reads this.erc20() == address(0) (tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol#12) with `this` which adds an extra STATICALL.\n", - "markdown": "The function [VarReadUsingThis.bad3()](tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol#L11-L13) reads [this.erc20() == address(0)](tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol#L12) with `this` which adds an extra STATICALL.\n", + "description": "The function VarReadUsingThis.bad3() (tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol#11-13) reads this.erc20() == address(0) (tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol#12) with `this` which adds an extra STATICCALL.\n", + "markdown": "The function [VarReadUsingThis.bad3()](tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol#L11-L13) reads [this.erc20() == address(0)](tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol#L12) with `this` which adds an extra STATICCALL.\n", "first_markdown_element": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol#L11-L13", - "id": "44eec3d0ad87871981571b3d571f13579272bdabcfebe6bd25ac2880d2bf3c33", + "id": "1a8ed403cb8c6104a99c9dabdfb64e55282eaedf2c2d8b20fd3b366c49443639", "check": "var-read-using-this", "impact": "Optimization", "confidence": "High" @@ -174,20 +186,18 @@ "elements": [ { "type": "function", - "name": "bad4", + "name": "bad2", "source_mapping": { - "start": 379, - "length": 138, + "start": 192, + "length": 78, "filename_relative": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", "is_dependency": false, "lines": [ - 14, - 15, - 16, - 17, - 18 + 8, + 9, + 10 ], "starting_column": 5, "ending_column": 6 @@ -198,7 +208,7 @@ "name": "VarReadUsingThis", "source_mapping": { "start": 1, - "length": 916, + "length": 1098, "filename_relative": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", @@ -235,48 +245,52 @@ 30, 31, 32, - 33 + 33, + 34, + 35, + 36, + 37, + 38, + 39 ], "starting_column": 1, "ending_column": 2 } }, - "signature": "bad4()" + "signature": "bad2()" } }, { "type": "node", - "name": "local = this.erc20()", + "name": "this.erc20()", "source_mapping": { - "start": 471, - "length": 28, + "start": 244, + "length": 19, "filename_relative": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", "is_dependency": false, "lines": [ - 16 + 9 ], - "starting_column": 13, - "ending_column": 41 + "starting_column": 9, + "ending_column": 28 }, "type_specific_fields": { "parent": { "type": "function", - "name": "bad4", + "name": "bad2", "source_mapping": { - "start": 379, - "length": 138, + "start": 192, + "length": 78, "filename_relative": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", "is_dependency": false, "lines": [ - 14, - 15, - 16, - 17, - 18 + 8, + 9, + 10 ], "starting_column": 5, "ending_column": 6 @@ -287,7 +301,7 @@ "name": "VarReadUsingThis", "source_mapping": { "start": 1, - "length": 916, + "length": 1098, "filename_relative": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", @@ -324,22 +338,28 @@ 30, 31, 32, - 33 + 33, + 34, + 35, + 36, + 37, + 38, + 39 ], "starting_column": 1, "ending_column": 2 } }, - "signature": "bad4()" + "signature": "bad2()" } } } } ], - "description": "The function VarReadUsingThis.bad4() (tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol#14-18) reads local = this.erc20() (tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol#16) with `this` which adds an extra STATICALL.\n", - "markdown": "The function [VarReadUsingThis.bad4()](tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol#L14-L18) reads [local = this.erc20()](tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol#L16) with `this` which adds an extra STATICALL.\n", - "first_markdown_element": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol#L14-L18", - "id": "519caa8ce5e7990c223fd65d827817bb93fe3020efcf9133f204f7a80f6a4e7f", + "description": "The function VarReadUsingThis.bad2() (tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol#8-10) reads this.erc20() (tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol#9) with `this` which adds an extra STATICCALL.\n", + "markdown": "The function [VarReadUsingThis.bad2()](tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol#L8-L10) reads [this.erc20()](tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol#L9) with `this` which adds an extra STATICCALL.\n", + "first_markdown_element": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol#L8-L10", + "id": "5bddf45a7f968094e163217be36e0cf17b7455740755eec53a1e7b0a44fe63ac", "check": "var-read-using-this", "impact": "Optimization", "confidence": "High" @@ -370,7 +390,7 @@ "name": "VarReadUsingThis", "source_mapping": { "start": 1, - "length": 916, + "length": 1098, "filename_relative": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", @@ -407,7 +427,13 @@ 30, 31, 32, - 33 + 33, + 34, + 35, + 36, + 37, + 38, + 39 ], "starting_column": 1, "ending_column": 2 @@ -457,7 +483,7 @@ "name": "VarReadUsingThis", "source_mapping": { "start": 1, - "length": 916, + "length": 1098, "filename_relative": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", @@ -494,7 +520,13 @@ 30, 31, 32, - 33 + 33, + 34, + 35, + 36, + 37, + 38, + 39 ], "starting_column": 1, "ending_column": 2 @@ -506,10 +538,10 @@ } } ], - "description": "The function VarReadUsingThis.bad1(uint256) (tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol#5-7) reads this.myMap(x) (tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol#6) with `this` which adds an extra STATICALL.\n", - "markdown": "The function [VarReadUsingThis.bad1(uint256)](tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol#L5-L7) reads [this.myMap(x)](tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol#L6) with `this` which adds an extra STATICALL.\n", + "description": "The function VarReadUsingThis.bad1(uint256) (tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol#5-7) reads this.myMap(x) (tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol#6) with `this` which adds an extra STATICCALL.\n", + "markdown": "The function [VarReadUsingThis.bad1(uint256)](tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol#L5-L7) reads [this.myMap(x)](tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol#L6) with `this` which adds an extra STATICCALL.\n", "first_markdown_element": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol#L5-L7", - "id": "7f28036af3c8cd6bc29a5a25378629d8f703b655a55f3a5cf36e8b96a11c792a", + "id": "924c227bf74e70dda261578563193b90b60b70a1ad043716e1d98cbc49b87ceb", "check": "var-read-using-this", "impact": "Optimization", "confidence": "High" @@ -518,18 +550,20 @@ "elements": [ { "type": "function", - "name": "bad2", + "name": "bad4", "source_mapping": { - "start": 192, - "length": 78, + "start": 379, + "length": 138, "filename_relative": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", "is_dependency": false, "lines": [ - 8, - 9, - 10 + 14, + 15, + 16, + 17, + 18 ], "starting_column": 5, "ending_column": 6 @@ -540,7 +574,7 @@ "name": "VarReadUsingThis", "source_mapping": { "start": 1, - "length": 916, + "length": 1098, "filename_relative": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", @@ -577,46 +611,54 @@ 30, 31, 32, - 33 + 33, + 34, + 35, + 36, + 37, + 38, + 39 ], "starting_column": 1, "ending_column": 2 } }, - "signature": "bad2()" + "signature": "bad4()" } }, { "type": "node", - "name": "this.erc20()", + "name": "local = this.erc20()", "source_mapping": { - "start": 244, - "length": 19, + "start": 471, + "length": 28, "filename_relative": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", "is_dependency": false, "lines": [ - 9 + 16 ], - "starting_column": 9, - "ending_column": 28 + "starting_column": 13, + "ending_column": 41 }, "type_specific_fields": { "parent": { "type": "function", - "name": "bad2", + "name": "bad4", "source_mapping": { - "start": 192, - "length": 78, + "start": 379, + "length": 138, "filename_relative": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", "is_dependency": false, "lines": [ - 8, - 9, - 10 + 14, + 15, + 16, + 17, + 18 ], "starting_column": 5, "ending_column": 6 @@ -627,7 +669,7 @@ "name": "VarReadUsingThis", "source_mapping": { "start": 1, - "length": 916, + "length": 1098, "filename_relative": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", @@ -664,22 +706,28 @@ 30, 31, 32, - 33 + 33, + 34, + 35, + 36, + 37, + 38, + 39 ], "starting_column": 1, "ending_column": 2 } }, - "signature": "bad2()" + "signature": "bad4()" } } } } ], - "description": "The function VarReadUsingThis.bad2() (tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol#8-10) reads this.erc20() (tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol#9) with `this` which adds an extra STATICALL.\n", - "markdown": "The function [VarReadUsingThis.bad2()](tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol#L8-L10) reads [this.erc20()](tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol#L9) with `this` which adds an extra STATICALL.\n", - "first_markdown_element": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol#L8-L10", - "id": "a19dc63eefbe43a4a7642c957b7b96fad0c42563e18d0b03fb1592c1ad5bad04", + "description": "The function VarReadUsingThis.bad4() (tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol#14-18) reads local = this.erc20() (tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol#16) with `this` which adds an extra STATICCALL.\n", + "markdown": "The function [VarReadUsingThis.bad4()](tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol#L14-L18) reads [local = this.erc20()](tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol#L16) with `this` which adds an extra STATICCALL.\n", + "first_markdown_element": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol#L14-L18", + "id": "e9b34de7b565a0e63e55b9c74eaf9a265c7f4c8ef866d7b7db17b815393f0477", "check": "var-read-using-this", "impact": "Optimization", "confidence": "High" diff --git a/tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol b/tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol index dc0d152be..e252aa848 100644 --- a/tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol +++ b/tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol @@ -30,4 +30,10 @@ contract VarReadUsingThis { address local = erc20; } } + function mapExternal(uint x) external returns(address) { + return myMap[x]; + } + function good5(uint x) external returns(address) { + this.mapExternal(x); + } } diff --git a/tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol.0.8.15.VarReadUsingThis.json b/tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol.0.8.15.VarReadUsingThis.json index 4914c3f3b..8872bf2fa 100644 --- a/tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol.0.8.15.VarReadUsingThis.json +++ b/tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol.0.8.15.VarReadUsingThis.json @@ -4,20 +4,18 @@ "elements": [ { "type": "function", - "name": "bad4", + "name": "bad2", "source_mapping": { - "start": 379, - "length": 138, + "start": 192, + "length": 78, "filename_relative": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", "is_dependency": false, "lines": [ - 14, - 15, - 16, - 17, - 18 + 8, + 9, + 10 ], "starting_column": 5, "ending_column": 6 @@ -28,7 +26,7 @@ "name": "VarReadUsingThis", "source_mapping": { "start": 1, - "length": 916, + "length": 1098, "filename_relative": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", @@ -65,48 +63,52 @@ 30, 31, 32, - 33 + 33, + 34, + 35, + 36, + 37, + 38, + 39 ], "starting_column": 1, "ending_column": 2 } }, - "signature": "bad4()" + "signature": "bad2()" } }, { "type": "node", - "name": "local = this.erc20()", + "name": "this.erc20()", "source_mapping": { - "start": 471, - "length": 28, + "start": 244, + "length": 19, "filename_relative": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", "is_dependency": false, "lines": [ - 16 + 9 ], - "starting_column": 13, - "ending_column": 41 + "starting_column": 9, + "ending_column": 28 }, "type_specific_fields": { "parent": { "type": "function", - "name": "bad4", + "name": "bad2", "source_mapping": { - "start": 379, - "length": 138, + "start": 192, + "length": 78, "filename_relative": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", "is_dependency": false, "lines": [ - 14, - 15, - 16, - 17, - 18 + 8, + 9, + 10 ], "starting_column": 5, "ending_column": 6 @@ -117,7 +119,7 @@ "name": "VarReadUsingThis", "source_mapping": { "start": 1, - "length": 916, + "length": 1098, "filename_relative": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", @@ -154,22 +156,28 @@ 30, 31, 32, - 33 + 33, + 34, + 35, + 36, + 37, + 38, + 39 ], "starting_column": 1, "ending_column": 2 } }, - "signature": "bad4()" + "signature": "bad2()" } } } } ], - "description": "The function VarReadUsingThis.bad4() (tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol#14-18) reads local = this.erc20() (tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol#16) with `this` which adds an extra STATICALL.\n", - "markdown": "The function [VarReadUsingThis.bad4()](tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol#L14-L18) reads [local = this.erc20()](tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol#L16) with `this` which adds an extra STATICALL.\n", - "first_markdown_element": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol#L14-L18", - "id": "1224862cf823193c24ce4a02579e7b9cf0eaded7167e8c9f9ed2861d9a9910cc", + "description": "The function VarReadUsingThis.bad2() (tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol#8-10) reads this.erc20() (tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol#9) with `this` which adds an extra STATICCALL.\n", + "markdown": "The function [VarReadUsingThis.bad2()](tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol#L8-L10) reads [this.erc20()](tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol#L9) with `this` which adds an extra STATICCALL.\n", + "first_markdown_element": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol#L8-L10", + "id": "4e297ea309b8865f782db6a53fdaf5aaf37f768158deb69d2ec6106a8e7b8afd", "check": "var-read-using-this", "impact": "Optimization", "confidence": "High" @@ -178,18 +186,18 @@ "elements": [ { "type": "function", - "name": "bad3", + "name": "bad1", "source_mapping": { - "start": 275, - "length": 99, + "start": 102, + "length": 85, "filename_relative": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", "is_dependency": false, "lines": [ - 11, - 12, - 13 + 5, + 6, + 7 ], "starting_column": 5, "ending_column": 6 @@ -200,7 +208,7 @@ "name": "VarReadUsingThis", "source_mapping": { "start": 1, - "length": 916, + "length": 1098, "filename_relative": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", @@ -237,46 +245,52 @@ 30, 31, 32, - 33 + 33, + 34, + 35, + 36, + 37, + 38, + 39 ], "starting_column": 1, "ending_column": 2 } }, - "signature": "bad3()" + "signature": "bad1(uint256)" } }, { "type": "node", - "name": "this.erc20() == address(0)", + "name": "this.myMap(x)", "source_mapping": { - "start": 331, - "length": 26, + "start": 160, + "length": 20, "filename_relative": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", "is_dependency": false, "lines": [ - 12 + 6 ], - "starting_column": 13, - "ending_column": 39 + "starting_column": 9, + "ending_column": 29 }, "type_specific_fields": { "parent": { "type": "function", - "name": "bad3", + "name": "bad1", "source_mapping": { - "start": 275, - "length": 99, + "start": 102, + "length": 85, "filename_relative": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", "is_dependency": false, "lines": [ - 11, - 12, - 13 + 5, + 6, + 7 ], "starting_column": 5, "ending_column": 6 @@ -287,7 +301,7 @@ "name": "VarReadUsingThis", "source_mapping": { "start": 1, - "length": 916, + "length": 1098, "filename_relative": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", @@ -324,22 +338,28 @@ 30, 31, 32, - 33 + 33, + 34, + 35, + 36, + 37, + 38, + 39 ], "starting_column": 1, "ending_column": 2 } }, - "signature": "bad3()" + "signature": "bad1(uint256)" } } } } ], - "description": "The function VarReadUsingThis.bad3() (tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol#11-13) reads this.erc20() == address(0) (tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol#12) with `this` which adds an extra STATICALL.\n", - "markdown": "The function [VarReadUsingThis.bad3()](tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol#L11-L13) reads [this.erc20() == address(0)](tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol#L12) with `this` which adds an extra STATICALL.\n", - "first_markdown_element": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol#L11-L13", - "id": "29d9293adc1046d877a098beb2f9b7757658226e50c6d28228df65dfeeba7fd8", + "description": "The function VarReadUsingThis.bad1(uint256) (tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol#5-7) reads this.myMap(x) (tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol#6) with `this` which adds an extra STATICCALL.\n", + "markdown": "The function [VarReadUsingThis.bad1(uint256)](tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol#L5-L7) reads [this.myMap(x)](tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol#L6) with `this` which adds an extra STATICCALL.\n", + "first_markdown_element": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol#L5-L7", + "id": "ce4d740b2da0b9b71f2dd3dd1c0903124f7be34009ede12a43dc33c6f28b9d28", "check": "var-read-using-this", "impact": "Optimization", "confidence": "High" @@ -348,18 +368,18 @@ "elements": [ { "type": "function", - "name": "bad2", + "name": "bad3", "source_mapping": { - "start": 192, - "length": 78, + "start": 275, + "length": 99, "filename_relative": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", "is_dependency": false, "lines": [ - 8, - 9, - 10 + 11, + 12, + 13 ], "starting_column": 5, "ending_column": 6 @@ -370,7 +390,7 @@ "name": "VarReadUsingThis", "source_mapping": { "start": 1, - "length": 916, + "length": 1098, "filename_relative": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", @@ -407,46 +427,52 @@ 30, 31, 32, - 33 + 33, + 34, + 35, + 36, + 37, + 38, + 39 ], "starting_column": 1, "ending_column": 2 } }, - "signature": "bad2()" + "signature": "bad3()" } }, { "type": "node", - "name": "this.erc20()", + "name": "this.erc20() == address(0)", "source_mapping": { - "start": 244, - "length": 19, + "start": 331, + "length": 26, "filename_relative": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", "is_dependency": false, "lines": [ - 9 + 12 ], - "starting_column": 9, - "ending_column": 28 + "starting_column": 13, + "ending_column": 39 }, "type_specific_fields": { "parent": { "type": "function", - "name": "bad2", + "name": "bad3", "source_mapping": { - "start": 192, - "length": 78, + "start": 275, + "length": 99, "filename_relative": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", "is_dependency": false, "lines": [ - 8, - 9, - 10 + 11, + 12, + 13 ], "starting_column": 5, "ending_column": 6 @@ -457,7 +483,7 @@ "name": "VarReadUsingThis", "source_mapping": { "start": 1, - "length": 916, + "length": 1098, "filename_relative": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", @@ -494,22 +520,28 @@ 30, 31, 32, - 33 + 33, + 34, + 35, + 36, + 37, + 38, + 39 ], "starting_column": 1, "ending_column": 2 } }, - "signature": "bad2()" + "signature": "bad3()" } } } } ], - "description": "The function VarReadUsingThis.bad2() (tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol#8-10) reads this.erc20() (tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol#9) with `this` which adds an extra STATICALL.\n", - "markdown": "The function [VarReadUsingThis.bad2()](tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol#L8-L10) reads [this.erc20()](tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol#L9) with `this` which adds an extra STATICALL.\n", - "first_markdown_element": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol#L8-L10", - "id": "38e0c82eed10e2c79f5d232284f6e0d0b12966f71eaee7a5139a82e927d38005", + "description": "The function VarReadUsingThis.bad3() (tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol#11-13) reads this.erc20() == address(0) (tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol#12) with `this` which adds an extra STATICCALL.\n", + "markdown": "The function [VarReadUsingThis.bad3()](tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol#L11-L13) reads [this.erc20() == address(0)](tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol#L12) with `this` which adds an extra STATICCALL.\n", + "first_markdown_element": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol#L11-L13", + "id": "d4602ee9be1e60f8ae80e6d0a867b532cb2ddef0ba44b25af8808a0ac5a6b828", "check": "var-read-using-this", "impact": "Optimization", "confidence": "High" @@ -518,18 +550,20 @@ "elements": [ { "type": "function", - "name": "bad1", + "name": "bad4", "source_mapping": { - "start": 102, - "length": 85, + "start": 379, + "length": 138, "filename_relative": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", "is_dependency": false, "lines": [ - 5, - 6, - 7 + 14, + 15, + 16, + 17, + 18 ], "starting_column": 5, "ending_column": 6 @@ -540,7 +574,7 @@ "name": "VarReadUsingThis", "source_mapping": { "start": 1, - "length": 916, + "length": 1098, "filename_relative": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", @@ -577,46 +611,54 @@ 30, 31, 32, - 33 + 33, + 34, + 35, + 36, + 37, + 38, + 39 ], "starting_column": 1, "ending_column": 2 } }, - "signature": "bad1(uint256)" + "signature": "bad4()" } }, { "type": "node", - "name": "this.myMap(x)", + "name": "local = this.erc20()", "source_mapping": { - "start": 160, - "length": 20, + "start": 471, + "length": 28, "filename_relative": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", "is_dependency": false, "lines": [ - 6 + 16 ], - "starting_column": 9, - "ending_column": 29 + "starting_column": 13, + "ending_column": 41 }, "type_specific_fields": { "parent": { "type": "function", - "name": "bad1", + "name": "bad4", "source_mapping": { - "start": 102, - "length": 85, + "start": 379, + "length": 138, "filename_relative": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", "is_dependency": false, "lines": [ - 5, - 6, - 7 + 14, + 15, + 16, + 17, + 18 ], "starting_column": 5, "ending_column": 6 @@ -627,7 +669,7 @@ "name": "VarReadUsingThis", "source_mapping": { "start": 1, - "length": 916, + "length": 1098, "filename_relative": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", @@ -664,22 +706,28 @@ 30, 31, 32, - 33 + 33, + 34, + 35, + 36, + 37, + 38, + 39 ], "starting_column": 1, "ending_column": 2 } }, - "signature": "bad1(uint256)" + "signature": "bad4()" } } } } ], - "description": "The function VarReadUsingThis.bad1(uint256) (tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol#5-7) reads this.myMap(x) (tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol#6) with `this` which adds an extra STATICALL.\n", - "markdown": "The function [VarReadUsingThis.bad1(uint256)](tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol#L5-L7) reads [this.myMap(x)](tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol#L6) with `this` which adds an extra STATICALL.\n", - "first_markdown_element": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol#L5-L7", - "id": "aa84305fa524be189a9e050c79cea81a7bc258614c7563e22738e17a3559615a", + "description": "The function VarReadUsingThis.bad4() (tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol#14-18) reads local = this.erc20() (tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol#16) with `this` which adds an extra STATICCALL.\n", + "markdown": "The function [VarReadUsingThis.bad4()](tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol#L14-L18) reads [local = this.erc20()](tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol#L16) with `this` which adds an extra STATICCALL.\n", + "first_markdown_element": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol#L14-L18", + "id": "fec10ba084a6322d0fbb895e6c7ca6bca380b48a54d2ecae92a017b8b41242bf", "check": "var-read-using-this", "impact": "Optimization", "confidence": "High" From bd673dd6f350947bc0c34fed90ac01058a2d8d55 Mon Sep 17 00:00:00 2001 From: alpharush <0xalpharush@protonmail.com> Date: Wed, 14 Dec 2022 12:21:11 -0600 Subject: [PATCH 16/42] make test function view --- .../0.5.16/var_read_using_this.sol | 2 +- ...d_using_this.sol.0.5.16.VarReadUsingThis.json | 16 ++++++++-------- .../0.6.11/var_read_using_this.sol | 2 +- ...d_using_this.sol.0.6.11.VarReadUsingThis.json | 16 ++++++++-------- .../0.7.6/var_read_using_this.sol | 2 +- ...ad_using_this.sol.0.7.6.VarReadUsingThis.json | 16 ++++++++-------- .../0.8.15/var_read_using_this.sol | 2 +- ...d_using_this.sol.0.8.15.VarReadUsingThis.json | 16 ++++++++-------- 8 files changed, 36 insertions(+), 36 deletions(-) diff --git a/tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol b/tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol index 2382bf91a..99cad0739 100644 --- a/tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol +++ b/tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol @@ -30,7 +30,7 @@ contract VarReadUsingThis { address local = erc20; } } - function mapExternal(uint x) external returns(address) { + function mapExternal(uint x) external view returns(address) { return myMap[x]; } function good5(uint x) external returns(address) { diff --git a/tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol.0.5.16.VarReadUsingThis.json b/tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol.0.5.16.VarReadUsingThis.json index 4b9a59314..15a0e08b5 100644 --- a/tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol.0.5.16.VarReadUsingThis.json +++ b/tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol.0.5.16.VarReadUsingThis.json @@ -26,7 +26,7 @@ "name": "VarReadUsingThis", "source_mapping": { "start": 1, - "length": 1102, + "length": 1107, "filename_relative": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", @@ -119,7 +119,7 @@ "name": "VarReadUsingThis", "source_mapping": { "start": 1, - "length": 1102, + "length": 1107, "filename_relative": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", @@ -208,7 +208,7 @@ "name": "VarReadUsingThis", "source_mapping": { "start": 1, - "length": 1102, + "length": 1107, "filename_relative": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", @@ -301,7 +301,7 @@ "name": "VarReadUsingThis", "source_mapping": { "start": 1, - "length": 1102, + "length": 1107, "filename_relative": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", @@ -390,7 +390,7 @@ "name": "VarReadUsingThis", "source_mapping": { "start": 1, - "length": 1102, + "length": 1107, "filename_relative": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", @@ -483,7 +483,7 @@ "name": "VarReadUsingThis", "source_mapping": { "start": 1, - "length": 1102, + "length": 1107, "filename_relative": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", @@ -574,7 +574,7 @@ "name": "VarReadUsingThis", "source_mapping": { "start": 1, - "length": 1102, + "length": 1107, "filename_relative": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", @@ -669,7 +669,7 @@ "name": "VarReadUsingThis", "source_mapping": { "start": 1, - "length": 1102, + "length": 1107, "filename_relative": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.5.16/var_read_using_this.sol", diff --git a/tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol b/tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol index e252aa848..6818007f6 100644 --- a/tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol +++ b/tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol @@ -30,7 +30,7 @@ contract VarReadUsingThis { address local = erc20; } } - function mapExternal(uint x) external returns(address) { + function mapExternal(uint x) external view returns(address) { return myMap[x]; } function good5(uint x) external returns(address) { diff --git a/tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol.0.6.11.VarReadUsingThis.json b/tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol.0.6.11.VarReadUsingThis.json index 796180231..61143523e 100644 --- a/tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol.0.6.11.VarReadUsingThis.json +++ b/tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol.0.6.11.VarReadUsingThis.json @@ -26,7 +26,7 @@ "name": "VarReadUsingThis", "source_mapping": { "start": 1, - "length": 1098, + "length": 1103, "filename_relative": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", @@ -119,7 +119,7 @@ "name": "VarReadUsingThis", "source_mapping": { "start": 1, - "length": 1098, + "length": 1103, "filename_relative": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", @@ -210,7 +210,7 @@ "name": "VarReadUsingThis", "source_mapping": { "start": 1, - "length": 1098, + "length": 1103, "filename_relative": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", @@ -305,7 +305,7 @@ "name": "VarReadUsingThis", "source_mapping": { "start": 1, - "length": 1098, + "length": 1103, "filename_relative": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", @@ -394,7 +394,7 @@ "name": "VarReadUsingThis", "source_mapping": { "start": 1, - "length": 1098, + "length": 1103, "filename_relative": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", @@ -487,7 +487,7 @@ "name": "VarReadUsingThis", "source_mapping": { "start": 1, - "length": 1098, + "length": 1103, "filename_relative": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", @@ -576,7 +576,7 @@ "name": "VarReadUsingThis", "source_mapping": { "start": 1, - "length": 1098, + "length": 1103, "filename_relative": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", @@ -669,7 +669,7 @@ "name": "VarReadUsingThis", "source_mapping": { "start": 1, - "length": 1098, + "length": 1103, "filename_relative": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.6.11/var_read_using_this.sol", diff --git a/tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol b/tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol index e252aa848..6818007f6 100644 --- a/tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol +++ b/tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol @@ -30,7 +30,7 @@ contract VarReadUsingThis { address local = erc20; } } - function mapExternal(uint x) external returns(address) { + function mapExternal(uint x) external view returns(address) { return myMap[x]; } function good5(uint x) external returns(address) { diff --git a/tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol.0.7.6.VarReadUsingThis.json b/tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol.0.7.6.VarReadUsingThis.json index 512ca9fb7..555d6b7d5 100644 --- a/tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol.0.7.6.VarReadUsingThis.json +++ b/tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol.0.7.6.VarReadUsingThis.json @@ -26,7 +26,7 @@ "name": "VarReadUsingThis", "source_mapping": { "start": 1, - "length": 1098, + "length": 1103, "filename_relative": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", @@ -119,7 +119,7 @@ "name": "VarReadUsingThis", "source_mapping": { "start": 1, - "length": 1098, + "length": 1103, "filename_relative": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", @@ -208,7 +208,7 @@ "name": "VarReadUsingThis", "source_mapping": { "start": 1, - "length": 1098, + "length": 1103, "filename_relative": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", @@ -301,7 +301,7 @@ "name": "VarReadUsingThis", "source_mapping": { "start": 1, - "length": 1098, + "length": 1103, "filename_relative": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", @@ -390,7 +390,7 @@ "name": "VarReadUsingThis", "source_mapping": { "start": 1, - "length": 1098, + "length": 1103, "filename_relative": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", @@ -483,7 +483,7 @@ "name": "VarReadUsingThis", "source_mapping": { "start": 1, - "length": 1098, + "length": 1103, "filename_relative": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", @@ -574,7 +574,7 @@ "name": "VarReadUsingThis", "source_mapping": { "start": 1, - "length": 1098, + "length": 1103, "filename_relative": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", @@ -669,7 +669,7 @@ "name": "VarReadUsingThis", "source_mapping": { "start": 1, - "length": 1098, + "length": 1103, "filename_relative": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.7.6/var_read_using_this.sol", diff --git a/tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol b/tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol index e252aa848..6818007f6 100644 --- a/tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol +++ b/tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol @@ -30,7 +30,7 @@ contract VarReadUsingThis { address local = erc20; } } - function mapExternal(uint x) external returns(address) { + function mapExternal(uint x) external view returns(address) { return myMap[x]; } function good5(uint x) external returns(address) { diff --git a/tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol.0.8.15.VarReadUsingThis.json b/tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol.0.8.15.VarReadUsingThis.json index 8872bf2fa..143d43a6f 100644 --- a/tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol.0.8.15.VarReadUsingThis.json +++ b/tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol.0.8.15.VarReadUsingThis.json @@ -26,7 +26,7 @@ "name": "VarReadUsingThis", "source_mapping": { "start": 1, - "length": 1098, + "length": 1103, "filename_relative": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", @@ -119,7 +119,7 @@ "name": "VarReadUsingThis", "source_mapping": { "start": 1, - "length": 1098, + "length": 1103, "filename_relative": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", @@ -208,7 +208,7 @@ "name": "VarReadUsingThis", "source_mapping": { "start": 1, - "length": 1098, + "length": 1103, "filename_relative": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", @@ -301,7 +301,7 @@ "name": "VarReadUsingThis", "source_mapping": { "start": 1, - "length": 1098, + "length": 1103, "filename_relative": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", @@ -390,7 +390,7 @@ "name": "VarReadUsingThis", "source_mapping": { "start": 1, - "length": 1098, + "length": 1103, "filename_relative": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", @@ -483,7 +483,7 @@ "name": "VarReadUsingThis", "source_mapping": { "start": 1, - "length": 1098, + "length": 1103, "filename_relative": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", @@ -574,7 +574,7 @@ "name": "VarReadUsingThis", "source_mapping": { "start": 1, - "length": 1098, + "length": 1103, "filename_relative": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", @@ -669,7 +669,7 @@ "name": "VarReadUsingThis", "source_mapping": { "start": 1, - "length": 1098, + "length": 1103, "filename_relative": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/var-read-using-this/0.8.15/var_read_using_this.sol", From 786148bdfc3f0c3a90a8c0d120e6c5a6b0470957 Mon Sep 17 00:00:00 2001 From: William E Bodell III Date: Thu, 15 Dec 2022 15:39:26 -0600 Subject: [PATCH 17/42] Fix `ExtraVariablesProxy` and by inheritance, also fix `ExtraVariablesNewContract`. This check was reporting too many variables, because it was starting at `idx = len(order2) - len(order1)`. So, if the new contract (or proxy) had 12 variables, and the original contract had 10, it was reporting every variable starting at `idx = 2`, whereas it should have only been reporting those starting at `idx = len(order1)`. --- slither/tools/upgradeability/checks/variables_order.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/slither/tools/upgradeability/checks/variables_order.py b/slither/tools/upgradeability/checks/variables_order.py index 8e30d3c3f..8404f1d25 100644 --- a/slither/tools/upgradeability/checks/variables_order.py +++ b/slither/tools/upgradeability/checks/variables_order.py @@ -236,7 +236,7 @@ Avoid variables in the proxy. If a variable is in the proxy, ensure it has the s if len(order2) <= len(order1): return [] - idx = len(order2) - len(order1) + idx = len(order1) while idx < len(order2): variable2 = order2[idx] From 8efde316b038f15055f202ad7413e77e5555bb2c Mon Sep 17 00:00:00 2001 From: bart1e Date: Fri, 16 Dec 2022 18:53:41 +0100 Subject: [PATCH 18/42] Printer outputs sorted --- slither/printers/functions/authorization.py | 4 ++-- slither/printers/summary/data_depenency.py | 6 +++--- slither/printers/summary/function.py | 18 +++++++++--------- slither/printers/summary/modifier_calls.py | 2 +- slither/printers/summary/require_calls.py | 2 +- 5 files changed, 16 insertions(+), 16 deletions(-) diff --git a/slither/printers/functions/authorization.py b/slither/printers/functions/authorization.py index 488c03e94..ab61d354e 100644 --- a/slither/printers/functions/authorization.py +++ b/slither/printers/functions/authorization.py @@ -54,8 +54,8 @@ class PrinterWrittenVariablesAndAuthorization(AbstractPrinter): table.add_row( [ function.name, - str(state_variables_written), - str(msg_sender_condition), + str(sorted(state_variables_written)), + str(sorted(msg_sender_condition)), ] ) all_tables.append((contract.name, table)) diff --git a/slither/printers/summary/data_depenency.py b/slither/printers/summary/data_depenency.py index 88f78f731..41659a299 100644 --- a/slither/printers/summary/data_depenency.py +++ b/slither/printers/summary/data_depenency.py @@ -42,7 +42,7 @@ class DataDependency(AbstractPrinter): txt += f"\nContract {c.name}\n" table = MyPrettyTable(["Variable", "Dependencies"]) for v in c.state_variables: - table.add_row([v.name, _get(v, c)]) + table.add_row([v.name, sorted(_get(v, c))]) txt += str(table) @@ -51,9 +51,9 @@ class DataDependency(AbstractPrinter): txt += f"\nFunction {f.full_name}\n" table = MyPrettyTable(["Variable", "Dependencies"]) for v in f.variables: - table.add_row([v.name, _get(v, f)]) + table.add_row([v.name, sorted(_get(v, f))]) for v in c.state_variables: - table.add_row([v.canonical_name, _get(v, f)]) + table.add_row([v.canonical_name, sorted(_get(v, f))]) txt += str(table) self.info(txt) diff --git a/slither/printers/summary/function.py b/slither/printers/summary/function.py index 0c5627eb2..b9353ce25 100644 --- a/slither/printers/summary/function.py +++ b/slither/printers/summary/function.py @@ -60,15 +60,15 @@ class FunctionSummary(AbstractPrinter): internal_calls, external_calls, ) in func_summaries: - read = self._convert(read) - write = self._convert(write) - internal_calls = self._convert(internal_calls) - external_calls = self._convert(external_calls) + read = self._convert(sorted(read)) + write = self._convert(sorted(write)) + internal_calls = self._convert(sorted(internal_calls)) + external_calls = self._convert(sorted(external_calls)) table.add_row( [ f_name, visi, - modifiers, + sorted(modifiers), read, write, internal_calls, @@ -96,10 +96,10 @@ class FunctionSummary(AbstractPrinter): internal_calls, external_calls, ) in modif_summaries: - read = self._convert(read) - write = self._convert(write) - internal_calls = self._convert(internal_calls) - external_calls = self._convert(external_calls) + read = self._convert(sorted(read)) + write = self._convert(sorted(write)) + internal_calls = self._convert(sorted(internal_calls)) + external_calls = self._convert(sorted(external_calls)) table.add_row([f_name, visi, read, write, internal_calls, external_calls]) txt += "\n\n" + str(table) txt += "\n" diff --git a/slither/printers/summary/modifier_calls.py b/slither/printers/summary/modifier_calls.py index 530caabc9..cd6c4062e 100644 --- a/slither/printers/summary/modifier_calls.py +++ b/slither/printers/summary/modifier_calls.py @@ -35,7 +35,7 @@ class Modifiers(AbstractPrinter): for (_, call) in function.all_library_calls(): if isinstance(call, Function): modifiers += call.modifiers - table.add_row([function.name, [m.name for m in set(modifiers)]]) + table.add_row([function.name, sorted([m.name for m in set(modifiers)])]) txt += "\n" + str(table) self.info(txt) all_txt += txt diff --git a/slither/printers/summary/require_calls.py b/slither/printers/summary/require_calls.py index 77d95ba5f..7823de160 100644 --- a/slither/printers/summary/require_calls.py +++ b/slither/printers/summary/require_calls.py @@ -48,7 +48,7 @@ class RequireOrAssert(AbstractPrinter): table.add_row( [ function.name, - self._convert([str(m.expression) for m in set(require)]), + self._convert(sorted([str(m.expression) for m in set(require)])), ] ) txt += "\n" + str(table) From 2cbbb706ac80bc2e0ed27e2d728749013670072b Mon Sep 17 00:00:00 2001 From: webthethird Date: Tue, 20 Dec 2022 09:33:15 -0600 Subject: [PATCH 19/42] Handle custom upgradeability comments for contract definition --- slither/solc_parsing/declarations/contract.py | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/slither/solc_parsing/declarations/contract.py b/slither/solc_parsing/declarations/contract.py index b7f938d1d..ed39bd1b6 100644 --- a/slither/solc_parsing/declarations/contract.py +++ b/slither/solc_parsing/declarations/contract.py @@ -699,6 +699,16 @@ class ContractSolc(CallerContextExpression): self._usingForNotParsed = [] self._customErrorParsed = [] + def _handle_comment(self, attributes: Dict): + if "documentation" in attributes and "text" in attributes["documentation"]: + candidates = attributes["documentation"]["text"].replace("\n", ",").split(",") + + for candidate in candidates: + if "@custom:security isProxy" in candidate: + self._contract._is_upgradeable_proxy = True + if "@custom:security isUpgradeable" in candidate: + self._contract._is_upgradeable = True + # endregion ################################################################################### ################################################################################### From 61c67d88011587a1b2cadf32323146e295288627 Mon Sep 17 00:00:00 2001 From: webthethird Date: Tue, 20 Dec 2022 09:49:34 -0600 Subject: [PATCH 20/42] Add `upgradeable_version` property to Contract class --- slither/core/declarations/contract.py | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/slither/core/declarations/contract.py b/slither/core/declarations/contract.py index eb2ac9a2e..dc77eb866 100644 --- a/slither/core/declarations/contract.py +++ b/slither/core/declarations/contract.py @@ -88,6 +88,7 @@ class Contract(SourceMapping): # pylint: disable=too-many-public-methods self._is_upgradeable: Optional[bool] = None self._is_upgradeable_proxy: Optional[bool] = None + self._upgradeable_version: Optional[str] = None self.is_top_level = False # heavily used, so no @property @@ -1246,6 +1247,14 @@ class Contract(SourceMapping): # pylint: disable=too-many-public-methods return self._is_upgradeable_proxy return self._is_upgradeable_proxy + @property + def upgradeable_version(self) -> Optional[str]: + return self._upgradeable_version + + @upgradeable_version.setter + def upgradeable_version(self, version_name: str): + self._upgradeable_version = version_name + # endregion ################################################################################### ################################################################################### From f1e653fb186cb9c6a65dc8d054bd0d9f1c8d7cfd Mon Sep 17 00:00:00 2001 From: webthethird Date: Tue, 20 Dec 2022 10:12:47 -0600 Subject: [PATCH 21/42] Call `handle_comment` in init method --- slither/solc_parsing/declarations/contract.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/slither/solc_parsing/declarations/contract.py b/slither/solc_parsing/declarations/contract.py index ed39bd1b6..5a51a142e 100644 --- a/slither/solc_parsing/declarations/contract.py +++ b/slither/solc_parsing/declarations/contract.py @@ -65,8 +65,10 @@ class ContractSolc(CallerContextExpression): # Export info if self.is_compact_ast: self._contract.name = self._data["name"] + self._handle_comment(self._data) else: self._contract.name = self._data["attributes"][self.get_key()] + self._handle_comment(self._data["attributes"]) self._contract.id = self._data["id"] From 5b14dae8b6694ebee28a5b7fce69a543a1ea0803 Mon Sep 17 00:00:00 2001 From: webthethird Date: Tue, 20 Dec 2022 10:15:29 -0600 Subject: [PATCH 22/42] Parse version name from custom comment --- slither/solc_parsing/declarations/contract.py | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/slither/solc_parsing/declarations/contract.py b/slither/solc_parsing/declarations/contract.py index 5a51a142e..05bd9551d 100644 --- a/slither/solc_parsing/declarations/contract.py +++ b/slither/solc_parsing/declarations/contract.py @@ -1,4 +1,5 @@ import logging +import re from typing import List, Dict, Callable, TYPE_CHECKING, Union, Set from slither.core.declarations import Modifier, Event, EnumContract, StructureContract, Function @@ -711,6 +712,12 @@ class ContractSolc(CallerContextExpression): if "@custom:security isUpgradeable" in candidate: self._contract._is_upgradeable = True + version_name = re.search( + r'@custom:version name="([\w, .]*)"', candidate + ) + if version_name: + self._contract.upgradeable_version = version_name.group(1) + # endregion ################################################################################### ################################################################################### From afced5cc929abf4563f6df1b252320e7b4c42cbd Mon Sep 17 00:00:00 2001 From: webthethird Date: Tue, 20 Dec 2022 14:35:03 -0600 Subject: [PATCH 23/42] Fix test errors caused by `attributes["documentation"] = None"` --- slither/solc_parsing/declarations/contract.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/slither/solc_parsing/declarations/contract.py b/slither/solc_parsing/declarations/contract.py index 05bd9551d..124e5b9c2 100644 --- a/slither/solc_parsing/declarations/contract.py +++ b/slither/solc_parsing/declarations/contract.py @@ -703,7 +703,11 @@ class ContractSolc(CallerContextExpression): self._customErrorParsed = [] def _handle_comment(self, attributes: Dict): - if "documentation" in attributes and "text" in attributes["documentation"]: + if ( + "documentation" in attributes + and attributes["documentation"] is not None + and "text" in attributes["documentation"] + ): candidates = attributes["documentation"]["text"].replace("\n", ",").split(",") for candidate in candidates: From 5458a614cf91f6cd337046342efdba335bde3662 Mon Sep 17 00:00:00 2001 From: webthethird Date: Tue, 20 Dec 2022 14:47:43 -0600 Subject: [PATCH 24/42] Fix formatting --- slither/solc_parsing/declarations/contract.py | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/slither/solc_parsing/declarations/contract.py b/slither/solc_parsing/declarations/contract.py index 124e5b9c2..4e8a91560 100644 --- a/slither/solc_parsing/declarations/contract.py +++ b/slither/solc_parsing/declarations/contract.py @@ -704,9 +704,9 @@ class ContractSolc(CallerContextExpression): def _handle_comment(self, attributes: Dict): if ( - "documentation" in attributes - and attributes["documentation"] is not None - and "text" in attributes["documentation"] + "documentation" in attributes + and attributes["documentation"] is not None + and "text" in attributes["documentation"] ): candidates = attributes["documentation"]["text"].replace("\n", ",").split(",") @@ -716,9 +716,7 @@ class ContractSolc(CallerContextExpression): if "@custom:security isUpgradeable" in candidate: self._contract._is_upgradeable = True - version_name = re.search( - r'@custom:version name="([\w, .]*)"', candidate - ) + version_name = re.search(r'@custom:version name="([\w, .]*)"', candidate) if version_name: self._contract.upgradeable_version = version_name.group(1) From c44cf18831ceb789b5131b6722b90b80667a6640 Mon Sep 17 00:00:00 2001 From: webthethird Date: Tue, 20 Dec 2022 15:31:55 -0600 Subject: [PATCH 25/42] Add setters for properties --- slither/core/declarations/contract.py | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/slither/core/declarations/contract.py b/slither/core/declarations/contract.py index dc77eb866..a90e2591e 100644 --- a/slither/core/declarations/contract.py +++ b/slither/core/declarations/contract.py @@ -1222,6 +1222,10 @@ class Contract(SourceMapping): # pylint: disable=too-many-public-methods break return self._is_upgradeable + @is_upgradeable.setter + def is_upgradeable(self, upgradeable: bool): + self._is_upgradeable = upgradeable + @property def is_upgradeable_proxy(self) -> bool: from slither.core.cfg.node import NodeType @@ -1247,6 +1251,10 @@ class Contract(SourceMapping): # pylint: disable=too-many-public-methods return self._is_upgradeable_proxy return self._is_upgradeable_proxy + @is_upgradeable_proxy.setter + def is_upgradeable_proxy(self, upgradeable_proxy: bool): + self._is_upgradeable_proxy = upgradeable_proxy + @property def upgradeable_version(self) -> Optional[str]: return self._upgradeable_version From 762806c52f2a825ca3dfcfcdd8f3a9c23c922765 Mon Sep 17 00:00:00 2001 From: webthethird Date: Tue, 20 Dec 2022 15:32:29 -0600 Subject: [PATCH 26/42] Fix access to protected member --- slither/solc_parsing/declarations/contract.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/slither/solc_parsing/declarations/contract.py b/slither/solc_parsing/declarations/contract.py index 4e8a91560..1766e7617 100644 --- a/slither/solc_parsing/declarations/contract.py +++ b/slither/solc_parsing/declarations/contract.py @@ -712,9 +712,9 @@ class ContractSolc(CallerContextExpression): for candidate in candidates: if "@custom:security isProxy" in candidate: - self._contract._is_upgradeable_proxy = True + self._contract.is_upgradeable_proxy = True if "@custom:security isUpgradeable" in candidate: - self._contract._is_upgradeable = True + self._contract.is_upgradeable = True version_name = re.search(r'@custom:version name="([\w, .]*)"', candidate) if version_name: From c75278f2f554f3597f2461bd2f0eadd7943ff746 Mon Sep 17 00:00:00 2001 From: Josselin Feist Date: Wed, 21 Dec 2022 14:42:37 +0100 Subject: [PATCH 27/42] Improvements + tests --- slither/solc_parsing/declarations/contract.py | 6 ++-- tests/custom_comments/upgrade.sol | 16 ++++++++++ tests/test_features.py | 29 +++++++++++++++---- 3 files changed, 43 insertions(+), 8 deletions(-) create mode 100644 tests/custom_comments/upgrade.sol diff --git a/slither/solc_parsing/declarations/contract.py b/slither/solc_parsing/declarations/contract.py index 1766e7617..ead5b20a2 100644 --- a/slither/solc_parsing/declarations/contract.py +++ b/slither/solc_parsing/declarations/contract.py @@ -702,7 +702,7 @@ class ContractSolc(CallerContextExpression): self._usingForNotParsed = [] self._customErrorParsed = [] - def _handle_comment(self, attributes: Dict): + def _handle_comment(self, attributes: Dict) -> None: if ( "documentation" in attributes and attributes["documentation"] is not None @@ -711,12 +711,12 @@ class ContractSolc(CallerContextExpression): candidates = attributes["documentation"]["text"].replace("\n", ",").split(",") for candidate in candidates: - if "@custom:security isProxy" in candidate: + if "@custom:security isDelegatecallProxy" in candidate: self._contract.is_upgradeable_proxy = True if "@custom:security isUpgradeable" in candidate: self._contract.is_upgradeable = True - version_name = re.search(r'@custom:version name="([\w, .]*)"', candidate) + version_name = re.search(r'@custom:version name=([\w-]+)', candidate) if version_name: self._contract.upgradeable_version = version_name.group(1) diff --git a/tests/custom_comments/upgrade.sol b/tests/custom_comments/upgrade.sol new file mode 100644 index 000000000..96192df0b --- /dev/null +++ b/tests/custom_comments/upgrade.sol @@ -0,0 +1,16 @@ +/// @custom:security isDelegatecallProxy +contract Proxy{ + +} + +/// @custom:security isUpgradeable +/// @custom:version name=version-0 +contract V0{ + +} + +/// @custom:security isUpgradeable +/// @custom:version name=version_1 +contract V1{ + +} \ No newline at end of file diff --git a/tests/test_features.py b/tests/test_features.py index c06ee96ce..4b4564b50 100644 --- a/tests/test_features.py +++ b/tests/test_features.py @@ -9,7 +9,7 @@ from slither.detectors import all_detectors from slither.detectors.abstract_detector import AbstractDetector -def _run_all_detectors(slither: Slither): +def _run_all_detectors(slither: Slither) -> None: detectors = [getattr(all_detectors, name) for name in dir(all_detectors)] detectors = [d for d in detectors if inspect.isclass(d) and issubclass(d, AbstractDetector)] @@ -19,7 +19,7 @@ def _run_all_detectors(slither: Slither): slither.run_detectors() -def test_node(): +def test_node() -> None: # hardhat must have been installed in tests/test_node_modules # For the CI its done through the github action config @@ -27,7 +27,7 @@ def test_node(): _run_all_detectors(slither) -def test_collision(): +def test_collision() -> None: standard_json = SolcStandardJson() standard_json.add_source_file("./tests/collisions/a.sol") @@ -39,14 +39,33 @@ def test_collision(): _run_all_detectors(slither) -def test_cycle(): +def test_cycle() -> None: slither = Slither("./tests/test_cyclic_import/a.sol") _run_all_detectors(slither) -def test_funcion_id_rec_structure(): +def test_funcion_id_rec_structure() -> None: solc_select.switch_global_version("0.8.0", always_install=True) slither = Slither("./tests/function_ids/rec_struct-0.8.sol") for compilation_unit in slither.compilation_units: for function in compilation_unit.functions: assert function.solidity_signature + + +def test_upgradeable_comments() -> None: + solc_select.switch_global_version("0.8.10", always_install=True) + slither = Slither("./tests/custom_comments/upgrade.sol") + compilation_unit = slither.compilation_units[0] + proxy = compilation_unit.get_contract_from_name("Proxy")[0] + + assert proxy.is_upgradeable_proxy + + v0 = compilation_unit.get_contract_from_name("V0")[0] + + assert v0.is_upgradeable + print(v0.upgradeable_version) + assert v0.upgradeable_version == "version-0" + + v1 = compilation_unit.get_contract_from_name("V1")[0] + assert v0.is_upgradeable + assert v1.upgradeable_version == "version_1" From e353256f5257c0663f0999c7900d3a22466696f3 Mon Sep 17 00:00:00 2001 From: Josselin Feist Date: Wed, 21 Dec 2022 14:47:33 +0100 Subject: [PATCH 28/42] Black --- slither/solc_parsing/declarations/contract.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/slither/solc_parsing/declarations/contract.py b/slither/solc_parsing/declarations/contract.py index ead5b20a2..c509258e9 100644 --- a/slither/solc_parsing/declarations/contract.py +++ b/slither/solc_parsing/declarations/contract.py @@ -716,7 +716,7 @@ class ContractSolc(CallerContextExpression): if "@custom:security isUpgradeable" in candidate: self._contract.is_upgradeable = True - version_name = re.search(r'@custom:version name=([\w-]+)', candidate) + version_name = re.search(r"@custom:version name=([\w-]+)", candidate) if version_name: self._contract.upgradeable_version = version_name.group(1) From f12e367f29acf9a32a6a5d6139b8f5b515a18e8a Mon Sep 17 00:00:00 2001 From: Josselin Feist Date: Thu, 22 Dec 2022 17:26:00 +0100 Subject: [PATCH 29/42] Update to the latest crytic-compile source unit API --- setup.py | 4 +- slither/core/scope/scope.py | 116 ++++++++++++++++++++++++- slither/printers/summary/evm.py | 18 +--- slither/slithir/convert.py | 10 ++- tests/source_unit/foundry.toml | 6 ++ tests/source_unit/lib/forge-std | 1 + tests/source_unit/script/Counter.s.sol | 12 +++ tests/source_unit/src/Counter.sol | 14 +++ tests/source_unit/src/Counter2.sol | 5 ++ tests/source_unit/test/Counter.t.sol | 24 +++++ tests/test_source_unit.py | 26 ++++++ 11 files changed, 215 insertions(+), 21 deletions(-) create mode 100644 tests/source_unit/foundry.toml create mode 160000 tests/source_unit/lib/forge-std create mode 100644 tests/source_unit/script/Counter.s.sol create mode 100644 tests/source_unit/src/Counter.sol create mode 100644 tests/source_unit/src/Counter2.sol create mode 100644 tests/source_unit/test/Counter.t.sol create mode 100644 tests/test_source_unit.py diff --git a/setup.py b/setup.py index 03fe64c42..86db4fa9a 100644 --- a/setup.py +++ b/setup.py @@ -14,8 +14,8 @@ setup( install_requires=[ "prettytable>=0.7.2", "pycryptodome>=3.4.6", - "crytic-compile>=0.2.4", - # "crytic-compile@git+https://github.com/crytic/crytic-compile.git@master#egg=crytic-compile", + # "crytic-compile>=0.2.4", + "crytic-compile@git+https://github.com/crytic/crytic-compile.git@dev#egg=crytic-compile", ], extras_require={ "dev": [ diff --git a/slither/core/scope/scope.py b/slither/core/scope/scope.py index c6d18556e..2d1c11491 100644 --- a/slither/core/scope/scope.py +++ b/slither/core/scope/scope.py @@ -1,4 +1,7 @@ -from typing import List, Any, Dict, Optional, Union, Set +from typing import List, Any, Dict, Optional, Union, Set, TypeVar, Callable + +from crytic_compile import CompilationUnit +from crytic_compile.source_unit import SourceUnit from crytic_compile.utils.naming import Filename from slither.core.declarations import Contract, Import, Pragma @@ -98,6 +101,117 @@ class FileScope: return self.contracts.get(name.name, None) return self.contracts.get(name, None) + AbstractReturnType = TypeVar("AbstractReturnType") + + def _generic_source_unit_getter( + self, + crytic_compile_compilation_unit: CompilationUnit, + name: str, + getter: Callable[[SourceUnit], Dict[str, AbstractReturnType]], + ) -> Optional[AbstractReturnType]: + + assert self.filename in crytic_compile_compilation_unit.source_units + + source_unit = crytic_compile_compilation_unit.source_unit(self.filename) + + if name in getter(source_unit): + return getter(source_unit)[name] + + for scope in self.accessible_scopes: + source_unit = crytic_compile_compilation_unit.source_unit(scope.filename) + if name in getter(source_unit): + return getter(source_unit)[name] + + return None + + def bytecode_init( + self, crytic_compile_compilation_unit: CompilationUnit, contract_name: str + ) -> Optional[str]: + """ + Return the init bytecode + + Args: + crytic_compile_compilation_unit: + contract_name: + + Returns: + + """ + getter: Callable[[SourceUnit], Dict[str, str]] = lambda x: x.bytecodes_init + return self._generic_source_unit_getter( + crytic_compile_compilation_unit, contract_name, getter + ) + + def bytecode_runtime( + self, crytic_compile_compilation_unit: CompilationUnit, contract_name: str + ) -> Optional[str]: + """ + Return the runtime bytecode + + Args: + crytic_compile_compilation_unit: + contract_name: + + Returns: + + """ + getter: Callable[[SourceUnit], Dict[str, str]] = lambda x: x.bytecodes_runtime + return self._generic_source_unit_getter( + crytic_compile_compilation_unit, contract_name, getter + ) + + def srcmap_init( + self, crytic_compile_compilation_unit: CompilationUnit, contract_name: str + ) -> Optional[List[str]]: + """ + Return the init scrmap + + Args: + crytic_compile_compilation_unit: + contract_name: + + Returns: + + """ + getter: Callable[[SourceUnit], Dict[str, List[str]]] = lambda x: x.srcmaps_init + return self._generic_source_unit_getter( + crytic_compile_compilation_unit, contract_name, getter + ) + + def srcmap_runtime( + self, crytic_compile_compilation_unit: CompilationUnit, contract_name: str + ) -> Optional[List[str]]: + """ + Return the runtime srcmap + + Args: + crytic_compile_compilation_unit: + contract_name: + + Returns: + + """ + getter: Callable[[SourceUnit], Dict[str, List[str]]] = lambda x: x.srcmaps_runtime + return self._generic_source_unit_getter( + crytic_compile_compilation_unit, contract_name, getter + ) + + def abi(self, crytic_compile_compilation_unit: CompilationUnit, contract_name: str) -> Any: + """ + Return the abi + + Args: + crytic_compile_compilation_unit: + contract_name: + + Returns: + + """ + getter: Callable[[SourceUnit], Dict[str, List[str]]] = lambda x: x.abis + return self._generic_source_unit_getter( + crytic_compile_compilation_unit, contract_name, getter + ) + # region Built in definitions ################################################################################### ################################################################################### diff --git a/slither/printers/summary/evm.py b/slither/printers/summary/evm.py index 8476deaca..660d91204 100644 --- a/slither/printers/summary/evm.py +++ b/slither/printers/summary/evm.py @@ -21,14 +21,8 @@ def _extract_evm_info(slither): CFG = load_evm_cfg_builder() for contract in slither.contracts_derived: - contract_bytecode_runtime = ( - contract.compilation_unit.crytic_compile_compilation_unit.bytecode_runtime( - contract.name - ) - ) - contract_srcmap_runtime = ( - contract.compilation_unit.crytic_compile_compilation_unit.srcmap_runtime(contract.name) - ) + contract_bytecode_runtime = contract.scope.bytecode_runtime(contract.name) + contract_srcmap_runtime = contract.scope.srcmap_runtime(contract.name) cfg = CFG(contract_bytecode_runtime) evm_info["cfg", contract.name] = cfg evm_info["mapping", contract.name] = generate_source_to_evm_ins_mapping( @@ -38,12 +32,8 @@ def _extract_evm_info(slither): contract.source_mapping.filename.absolute, ) - contract_bytecode_init = ( - contract.compilation_unit.crytic_compile_compilation_unit.bytecode_init(contract.name) - ) - contract_srcmap_init = ( - contract.compilation_unit.crytic_compile_compilation_unit.srcmap_init(contract.name) - ) + contract_bytecode_init = contract.scope.bytecode_init(contract.name) + contract_srcmap_init = contract.scope.srcmap_init(contract.name) cfg_init = CFG(contract_bytecode_init) evm_info["cfg_init", contract.name] = cfg_init diff --git a/slither/slithir/convert.py b/slither/slithir/convert.py index c5817f4cd..bb679ac6b 100644 --- a/slither/slithir/convert.py +++ b/slither/slithir/convert.py @@ -450,19 +450,21 @@ def propagate_type_and_convert_call(result, node): return result -def _convert_type_contract(ir, compilation_unit: "SlitherCompilationUnit"): +def _convert_type_contract(ir: Member) -> Assignment: assert isinstance(ir.variable_left.type, TypeInformation) contract = ir.variable_left.type.type + scope = ir.node.scope + if ir.variable_right == "creationCode": - bytecode = compilation_unit.crytic_compile_compilation_unit.bytecode_init(contract.name) + bytecode = scope.bytecode_init(contract.name) assignment = Assignment(ir.lvalue, Constant(str(bytecode)), ElementaryType("bytes")) assignment.set_expression(ir.expression) assignment.set_node(ir.node) assignment.lvalue.set_type(ElementaryType("bytes")) return assignment if ir.variable_right == "runtimeCode": - bytecode = compilation_unit.crytic_compile_compilation_unit.bytecode_runtime(contract.name) + bytecode = scope.bytecode_runtime(contract.name) assignment = Assignment(ir.lvalue, Constant(str(bytecode)), ElementaryType("bytes")) assignment.set_expression(ir.expression) assignment.set_node(ir.node) @@ -673,7 +675,7 @@ def propagate_types(ir, node: "Node"): # pylint: disable=too-many-locals if isinstance(ir.variable_left, TemporaryVariable) and isinstance( ir.variable_left.type, TypeInformation ): - return _convert_type_contract(ir, node.function.compilation_unit) + return _convert_type_contract(ir) left = ir.variable_left t = None ir_func = ir.function diff --git a/tests/source_unit/foundry.toml b/tests/source_unit/foundry.toml new file mode 100644 index 000000000..e6810b2b5 --- /dev/null +++ b/tests/source_unit/foundry.toml @@ -0,0 +1,6 @@ +[profile.default] +src = 'src' +out = 'out' +libs = ['lib'] + +# See more config options https://github.com/foundry-rs/foundry/tree/master/config \ No newline at end of file diff --git a/tests/source_unit/lib/forge-std b/tests/source_unit/lib/forge-std new file mode 160000 index 000000000..eb980e1d4 --- /dev/null +++ b/tests/source_unit/lib/forge-std @@ -0,0 +1 @@ +Subproject commit eb980e1d4f0e8173ec27da77297ae411840c8ccb diff --git a/tests/source_unit/script/Counter.s.sol b/tests/source_unit/script/Counter.s.sol new file mode 100644 index 000000000..0e546aba3 --- /dev/null +++ b/tests/source_unit/script/Counter.s.sol @@ -0,0 +1,12 @@ +// SPDX-License-Identifier: UNLICENSED +pragma solidity ^0.8.13; + +import "forge-std/Script.sol"; + +contract CounterScript is Script { + function setUp() public {} + + function run() public { + vm.broadcast(); + } +} diff --git a/tests/source_unit/src/Counter.sol b/tests/source_unit/src/Counter.sol new file mode 100644 index 000000000..aded7997b --- /dev/null +++ b/tests/source_unit/src/Counter.sol @@ -0,0 +1,14 @@ +// SPDX-License-Identifier: UNLICENSED +pragma solidity ^0.8.13; + +contract Counter { + uint256 public number; + + function setNumber(uint256 newNumber) public { + number = newNumber; + } + + function increment() public { + number++; + } +} diff --git a/tests/source_unit/src/Counter2.sol b/tests/source_unit/src/Counter2.sol new file mode 100644 index 000000000..fa830a446 --- /dev/null +++ b/tests/source_unit/src/Counter2.sol @@ -0,0 +1,5 @@ +// SPDX-License-Identifier: UNLICENSED +pragma solidity ^0.8.13; + +contract Counter { +} diff --git a/tests/source_unit/test/Counter.t.sol b/tests/source_unit/test/Counter.t.sol new file mode 100644 index 000000000..30235e8a8 --- /dev/null +++ b/tests/source_unit/test/Counter.t.sol @@ -0,0 +1,24 @@ +// SPDX-License-Identifier: UNLICENSED +pragma solidity ^0.8.13; + +import "forge-std/Test.sol"; +import "../src/Counter.sol"; + +contract CounterTest is Test { + Counter public counter; + + function setUp() public { + counter = new Counter(); + counter.setNumber(0); + } + + function testIncrement() public { + counter.increment(); + assertEq(counter.number(), 1); + } + + function testSetNumber(uint256 x) public { + counter.setNumber(x); + assertEq(counter.number(), x); + } +} diff --git a/tests/test_source_unit.py b/tests/test_source_unit.py new file mode 100644 index 000000000..a76109201 --- /dev/null +++ b/tests/test_source_unit.py @@ -0,0 +1,26 @@ +import inspect + +from crytic_compile import CryticCompile +from crytic_compile.platform.solc_standard_json import SolcStandardJson +from solc_select import solc_select + +from slither import Slither +from slither.detectors import all_detectors +from slither.detectors.abstract_detector import AbstractDetector + + +def test_contract_info(): + slither = Slither("./tests/source_unit") + + assert len(slither.compilation_units) == 1 + compilation_unit = slither.compilation_units[0] + + for source_unit in compilation_unit.crytic_compile_compilation_unit.source_units.values(): + source_unit.remove_metadata() + + counter_sol = compilation_unit.crytic_compile.filename_lookup("tests/source_unit/src/Counter.sol") + assert compilation_unit.scopes[counter_sol].bytecode_init(compilation_unit.crytic_compile_compilation_unit, "Counter") == "608060405234801561001057600080fd5b5060f78061001f6000396000f3fe6080604052348015600f57600080fd5b5060043610603c5760003560e01c80633fb5c1cb1460415780638381f58a146053578063d09de08a14606d575b600080fd5b6051604c3660046083565b600055565b005b605b60005481565b60405190815260200160405180910390f35b6051600080549080607c83609b565b9190505550565b600060208284031215609457600080fd5b5035919050565b60006001820160ba57634e487b7160e01b600052601160045260246000fd5b506001019056fe" + + counter2_sol = compilation_unit.crytic_compile.filename_lookup("tests/source_unit/src/Counter2.sol") + assert compilation_unit.scopes[counter2_sol].bytecode_init(compilation_unit.crytic_compile_compilation_unit, "Counter") == "6080604052348015600f57600080fd5b50603f80601d6000396000f3fe6080604052600080fdfe" + From 9c339a69299bbcb4becadf8fb84f27f3c275e1f8 Mon Sep 17 00:00:00 2001 From: webthethird Date: Fri, 23 Dec 2022 13:28:40 -0600 Subject: [PATCH 30/42] Implement `--detect` and `--exclude` for slither-check-upgradeability --- slither/tools/upgradeability/__main__.py | 61 ++++++++++++++++++++---- 1 file changed, 52 insertions(+), 9 deletions(-) diff --git a/slither/tools/upgradeability/__main__.py b/slither/tools/upgradeability/__main__.py index 414a4c175..bafe3fa9e 100644 --- a/slither/tools/upgradeability/__main__.py +++ b/slither/tools/upgradeability/__main__.py @@ -27,7 +27,9 @@ logger: logging.Logger = logging.getLogger("Slither") logger.setLevel(logging.INFO) -def parse_args() -> argparse.Namespace: +def parse_args( + check_classes: List[Type[AbstractCheck]] +) -> argparse.Namespace: parser = argparse.ArgumentParser( description="Slither Upgradeability Checks. For usage information see https://github.com/crytic/slither/wiki/Upgradeability-Checks.", usage="slither-check-upgradeability contract.sol ContractName", @@ -51,6 +53,23 @@ def parse_args() -> argparse.Namespace: default=False, ) + parser.add_argument( + "--detect", + help="Comma-separated list of detectors, defaults to all, " + f"available detectors: {', '.join(d.ARGUMENT for d in check_classes)}", + action="store", + dest="detectors_to_run", + default="all", + ) + + parser.add_argument( + "--exclude", + help="Comma-separated list of detectors that should be excluded", + action="store", + dest="detectors_to_exclude", + default=None, + ) + parser.add_argument( "--list-detectors", help="List available detectors", @@ -104,6 +123,30 @@ def _get_checks() -> List[Type[AbstractCheck]]: return detectors +def choose_checks( + args: argparse.Namespace, all_check_classes: List[Type[AbstractCheck]] +) -> List[Type[AbstractCheck]]: + detectors_to_run = [] + detectors = {d.ARGUMENT: d for d in all_check_classes} + + if args.detectors_to_run == "all": + detectors_to_run = all_check_classes + if args.detectors_to_exclude: + detectors_excluded = args.detectors_to_exclude.split(",") + for detector in detectors: + if detector in detectors_excluded: + detectors_to_run.remove(detectors[detector]) + else: + for detector in args.detectors_to_run.split(","): + if detector in detectors: + detectors_to_run.append(detectors[detector]) + else: + raise Exception(f"Error: {detector} is not a detector") + detectors_to_run = sorted(detectors_to_run, key=lambda x: x.IMPACT) + return detectors_to_run + return detectors_to_run + + class ListDetectors(argparse.Action): # pylint: disable=too-few-public-methods def __call__( self, parser: Any, *args: Any, **kwargs: Any @@ -200,11 +243,11 @@ def main() -> None: "detectors": [], } - args = parse_args() - + detectors = _get_checks() + args = parse_args(detectors) + detectors_to_run = choose_checks(args, detectors) v1_filename = vars(args)["contract.sol"] number_detectors_run = 0 - detectors = _get_checks() try: variable1 = Slither(v1_filename, **vars(args)) @@ -219,7 +262,7 @@ def main() -> None: return v1_contract = v1_contracts[0] - detectors_results, number_detectors = _checks_on_contract(detectors, v1_contract) + detectors_results, number_detectors = _checks_on_contract(detectors_to_run, v1_contract) json_results["detectors"] += detectors_results number_detectors_run += number_detectors @@ -242,7 +285,7 @@ def main() -> None: json_results["proxy-present"] = True detectors_results, number_detectors = _checks_on_contract_and_proxy( - detectors, v1_contract, proxy_contract + detectors_to_run, v1_contract, proxy_contract ) json_results["detectors"] += detectors_results number_detectors_run += number_detectors @@ -267,19 +310,19 @@ def main() -> None: if proxy_contract: detectors_results, _ = _checks_on_contract_and_proxy( - detectors, v2_contract, proxy_contract + detectors_to_run, v2_contract, proxy_contract ) json_results["detectors"] += detectors_results detectors_results, number_detectors = _checks_on_contract_update( - detectors, v1_contract, v2_contract + detectors_to_run, v1_contract, v2_contract ) json_results["detectors"] += detectors_results number_detectors_run += number_detectors # If there is a V2, we run the contract-only check on the V2 - detectors_results, number_detectors = _checks_on_contract(detectors, v2_contract) + detectors_results, number_detectors = _checks_on_contract(detectors_to_run, v2_contract) json_results["detectors"] += detectors_results number_detectors_run += number_detectors From 194b1bd90563092dbf97d254dda4ad253cda91fe Mon Sep 17 00:00:00 2001 From: webthethird Date: Fri, 23 Dec 2022 13:41:37 -0600 Subject: [PATCH 31/42] Implement `--exclude-` for slither-check-upgradeability --- slither/tools/upgradeability/__main__.py | 63 +++++++++++++++++++++--- 1 file changed, 56 insertions(+), 7 deletions(-) diff --git a/slither/tools/upgradeability/__main__.py b/slither/tools/upgradeability/__main__.py index bafe3fa9e..f71ed1e5b 100644 --- a/slither/tools/upgradeability/__main__.py +++ b/slither/tools/upgradeability/__main__.py @@ -35,6 +35,8 @@ def parse_args( usage="slither-check-upgradeability contract.sol ContractName", ) + group_checks = parser.add_argument_group("Checks") + parser.add_argument("contract.sol", help="Codebase to analyze") parser.add_argument("ContractName", help="Contract name (logic contract)") @@ -53,7 +55,7 @@ def parse_args( default=False, ) - parser.add_argument( + group_checks.add_argument( "--detect", help="Comma-separated list of detectors, defaults to all, " f"available detectors: {', '.join(d.ARGUMENT for d in check_classes)}", @@ -62,7 +64,15 @@ def parse_args( default="all", ) - parser.add_argument( + group_checks.add_argument( + "--list-detectors", + help="List available detectors", + action=ListDetectors, + nargs=0, + default=False, + ) + + group_checks.add_argument( "--exclude", help="Comma-separated list of detectors that should be excluded", action="store", @@ -70,11 +80,31 @@ def parse_args( default=None, ) - parser.add_argument( - "--list-detectors", - help="List available detectors", - action=ListDetectors, - nargs=0, + group_checks.add_argument( + "--exclude-informational", + help="Exclude informational impact analyses", + action="store_true", + default=False, + ) + + group_checks.add_argument( + "--exclude-low", + help="Exclude low impact analyses", + action="store_true", + default=False, + ) + + group_checks.add_argument( + "--exclude-medium", + help="Exclude medium impact analyses", + action="store_true", + default=False, + ) + + group_checks.add_argument( + "--exclude-high", + help="Exclude high impact analyses", + action="store_true", default=False, ) @@ -144,6 +174,25 @@ def choose_checks( raise Exception(f"Error: {detector} is not a detector") detectors_to_run = sorted(detectors_to_run, key=lambda x: x.IMPACT) return detectors_to_run + + if args.exclude_informational: + detectors_to_run = [ + d for d in detectors_to_run if d.IMPACT != DetectorClassification.INFORMATIONAL + ] + if args.exclude_low: + detectors_to_run = [ + d for d in detectors_to_run if d.IMPACT != DetectorClassification.LOW + ] + if args.exclude_medium: + detectors_to_run = [ + d for d in detectors_to_run if d.IMPACT != DetectorClassification.MEDIUM + ] + if args.exclude_high: + detectors_to_run = [ + d for d in detectors_to_run if d.IMPACT != DetectorClassification.HIGH + ] + + detectors_to_run = sorted(detectors_to_run, key=lambda x: x.IMPACT) return detectors_to_run From c66f2dca4069b5e83b5e8e6f6820cf35db96f56e Mon Sep 17 00:00:00 2001 From: webthethird Date: Fri, 23 Dec 2022 13:51:04 -0600 Subject: [PATCH 32/42] Import `CheckClassification` and fix references --- slither/tools/upgradeability/__main__.py | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/slither/tools/upgradeability/__main__.py b/slither/tools/upgradeability/__main__.py index f71ed1e5b..7a5beacf5 100644 --- a/slither/tools/upgradeability/__main__.py +++ b/slither/tools/upgradeability/__main__.py @@ -14,7 +14,10 @@ from slither.exceptions import SlitherException from slither.utils.colors import red from slither.utils.output import output_to_json from slither.tools.upgradeability.checks import all_checks -from slither.tools.upgradeability.checks.abstract_checks import AbstractCheck +from slither.tools.upgradeability.checks.abstract_checks import ( + AbstractCheck, + CheckClassification, +) from slither.tools.upgradeability.utils.command_line import ( output_detectors_json, output_wiki, @@ -177,19 +180,19 @@ def choose_checks( if args.exclude_informational: detectors_to_run = [ - d for d in detectors_to_run if d.IMPACT != DetectorClassification.INFORMATIONAL + d for d in detectors_to_run if d.IMPACT != CheckClassification.INFORMATIONAL ] if args.exclude_low: detectors_to_run = [ - d for d in detectors_to_run if d.IMPACT != DetectorClassification.LOW + d for d in detectors_to_run if d.IMPACT != CheckClassification.LOW ] if args.exclude_medium: detectors_to_run = [ - d for d in detectors_to_run if d.IMPACT != DetectorClassification.MEDIUM + d for d in detectors_to_run if d.IMPACT != CheckClassification.MEDIUM ] if args.exclude_high: detectors_to_run = [ - d for d in detectors_to_run if d.IMPACT != DetectorClassification.HIGH + d for d in detectors_to_run if d.IMPACT != CheckClassification.HIGH ] detectors_to_run = sorted(detectors_to_run, key=lambda x: x.IMPACT) From 1965d262b1f9255a9bb17e4546d74b0af19d572b Mon Sep 17 00:00:00 2001 From: webthethird Date: Fri, 23 Dec 2022 13:52:22 -0600 Subject: [PATCH 33/42] Black --- slither/tools/upgradeability/__main__.py | 16 ++++------------ 1 file changed, 4 insertions(+), 12 deletions(-) diff --git a/slither/tools/upgradeability/__main__.py b/slither/tools/upgradeability/__main__.py index 7a5beacf5..ceb9ce421 100644 --- a/slither/tools/upgradeability/__main__.py +++ b/slither/tools/upgradeability/__main__.py @@ -30,9 +30,7 @@ logger: logging.Logger = logging.getLogger("Slither") logger.setLevel(logging.INFO) -def parse_args( - check_classes: List[Type[AbstractCheck]] -) -> argparse.Namespace: +def parse_args(check_classes: List[Type[AbstractCheck]]) -> argparse.Namespace: parser = argparse.ArgumentParser( description="Slither Upgradeability Checks. For usage information see https://github.com/crytic/slither/wiki/Upgradeability-Checks.", usage="slither-check-upgradeability contract.sol ContractName", @@ -183,17 +181,11 @@ def choose_checks( d for d in detectors_to_run if d.IMPACT != CheckClassification.INFORMATIONAL ] if args.exclude_low: - detectors_to_run = [ - d for d in detectors_to_run if d.IMPACT != CheckClassification.LOW - ] + detectors_to_run = [d for d in detectors_to_run if d.IMPACT != CheckClassification.LOW] if args.exclude_medium: - detectors_to_run = [ - d for d in detectors_to_run if d.IMPACT != CheckClassification.MEDIUM - ] + detectors_to_run = [d for d in detectors_to_run if d.IMPACT != CheckClassification.MEDIUM] if args.exclude_high: - detectors_to_run = [ - d for d in detectors_to_run if d.IMPACT != CheckClassification.HIGH - ] + detectors_to_run = [d for d in detectors_to_run if d.IMPACT != CheckClassification.HIGH] detectors_to_run = sorted(detectors_to_run, key=lambda x: x.IMPACT) return detectors_to_run From cd8c6388e7e2e1865a590caae9707f39ec9b0eae Mon Sep 17 00:00:00 2001 From: webthethird Date: Fri, 23 Dec 2022 13:58:55 -0600 Subject: [PATCH 34/42] Don't sort checks by impact which caused CI test to fail --- slither/tools/upgradeability/__main__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/slither/tools/upgradeability/__main__.py b/slither/tools/upgradeability/__main__.py index ceb9ce421..56b838b9c 100644 --- a/slither/tools/upgradeability/__main__.py +++ b/slither/tools/upgradeability/__main__.py @@ -187,7 +187,7 @@ def choose_checks( if args.exclude_high: detectors_to_run = [d for d in detectors_to_run if d.IMPACT != CheckClassification.HIGH] - detectors_to_run = sorted(detectors_to_run, key=lambda x: x.IMPACT) + # detectors_to_run = sorted(detectors_to_run, key=lambda x: x.IMPACT) return detectors_to_run From d9ea635a836d6e70367d73d9b67875efa9a42904 Mon Sep 17 00:00:00 2001 From: Josselin Feist Date: Tue, 3 Jan 2023 13:35:11 +0100 Subject: [PATCH 35/42] Additional updates --- slither/detectors/attributes/constant_pragma.py | 2 +- slither/slithir/convert.py | 10 +++++++--- tests/test_source_unit.py | 10 +--------- 3 files changed, 9 insertions(+), 13 deletions(-) diff --git a/slither/detectors/attributes/constant_pragma.py b/slither/detectors/attributes/constant_pragma.py index fe68051c2..0c77b69ca 100644 --- a/slither/detectors/attributes/constant_pragma.py +++ b/slither/detectors/attributes/constant_pragma.py @@ -32,7 +32,7 @@ class ConstantPragma(AbstractDetector): info = ["Different versions of Solidity are used:\n"] info += [f"\t- Version used: {[str(v) for v in versions]}\n"] - for p in pragma: + for p in sorted(pragma, key=lambda x: x.version): info += ["\t- ", p, "\n"] res = self.generate_result(info) diff --git a/slither/slithir/convert.py b/slither/slithir/convert.py index bb679ac6b..0b43184bd 100644 --- a/slither/slithir/convert.py +++ b/slither/slithir/convert.py @@ -454,17 +454,21 @@ def _convert_type_contract(ir: Member) -> Assignment: assert isinstance(ir.variable_left.type, TypeInformation) contract = ir.variable_left.type.type - scope = ir.node.scope + scope = ir.node.file_scope if ir.variable_right == "creationCode": - bytecode = scope.bytecode_init(contract.name) + bytecode = scope.bytecode_init( + ir.node.compilation_unit.crytic_compile_compilation_unit, contract.name + ) assignment = Assignment(ir.lvalue, Constant(str(bytecode)), ElementaryType("bytes")) assignment.set_expression(ir.expression) assignment.set_node(ir.node) assignment.lvalue.set_type(ElementaryType("bytes")) return assignment if ir.variable_right == "runtimeCode": - bytecode = scope.bytecode_runtime(contract.name) + bytecode = scope.bytecode_runtime( + ir.node.compilation_unit.crytic_compile_compilation_unit, contract.name + ) assignment = Assignment(ir.lvalue, Constant(str(bytecode)), ElementaryType("bytes")) assignment.set_expression(ir.expression) assignment.set_node(ir.node) diff --git a/tests/test_source_unit.py b/tests/test_source_unit.py index a76109201..a94cd3557 100644 --- a/tests/test_source_unit.py +++ b/tests/test_source_unit.py @@ -1,15 +1,7 @@ -import inspect - -from crytic_compile import CryticCompile -from crytic_compile.platform.solc_standard_json import SolcStandardJson -from solc_select import solc_select - from slither import Slither -from slither.detectors import all_detectors -from slither.detectors.abstract_detector import AbstractDetector -def test_contract_info(): +def test_contract_info() -> None: slither = Slither("./tests/source_unit") assert len(slither.compilation_units) == 1 From 518137aba546227793cdf873bf58340c64032179 Mon Sep 17 00:00:00 2001 From: Feist Josselin Date: Tue, 3 Jan 2023 14:29:37 +0100 Subject: [PATCH 36/42] Use latest setuptools in CI Tentative to fix https://github.com/crytic/slither/issues/1538 --- .github/workflows/pip-audit.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pip-audit.yml b/.github/workflows/pip-audit.yml index d0fcb419c..636093071 100644 --- a/.github/workflows/pip-audit.yml +++ b/.github/workflows/pip-audit.yml @@ -26,7 +26,7 @@ jobs: python -m venv /tmp/pip-audit-env source /tmp/pip-audit-env/bin/activate - python -m pip install --upgrade pip + python -m pip install --upgrade pip setuptools wheel python -m pip install . - name: Run pip-audit From 217970fb914842f4585ea8481190e8787b301a41 Mon Sep 17 00:00:00 2001 From: Josselin Feist Date: Tue, 3 Jan 2023 14:32:15 +0100 Subject: [PATCH 37/42] Black --- tests/test_source_unit.py | 23 ++++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) diff --git a/tests/test_source_unit.py b/tests/test_source_unit.py index a94cd3557..7b653599e 100644 --- a/tests/test_source_unit.py +++ b/tests/test_source_unit.py @@ -10,9 +10,22 @@ def test_contract_info() -> None: for source_unit in compilation_unit.crytic_compile_compilation_unit.source_units.values(): source_unit.remove_metadata() - counter_sol = compilation_unit.crytic_compile.filename_lookup("tests/source_unit/src/Counter.sol") - assert compilation_unit.scopes[counter_sol].bytecode_init(compilation_unit.crytic_compile_compilation_unit, "Counter") == "608060405234801561001057600080fd5b5060f78061001f6000396000f3fe6080604052348015600f57600080fd5b5060043610603c5760003560e01c80633fb5c1cb1460415780638381f58a146053578063d09de08a14606d575b600080fd5b6051604c3660046083565b600055565b005b605b60005481565b60405190815260200160405180910390f35b6051600080549080607c83609b565b9190505550565b600060208284031215609457600080fd5b5035919050565b60006001820160ba57634e487b7160e01b600052601160045260246000fd5b506001019056fe" - - counter2_sol = compilation_unit.crytic_compile.filename_lookup("tests/source_unit/src/Counter2.sol") - assert compilation_unit.scopes[counter2_sol].bytecode_init(compilation_unit.crytic_compile_compilation_unit, "Counter") == "6080604052348015600f57600080fd5b50603f80601d6000396000f3fe6080604052600080fdfe" + counter_sol = compilation_unit.crytic_compile.filename_lookup( + "tests/source_unit/src/Counter.sol" + ) + assert ( + compilation_unit.scopes[counter_sol].bytecode_init( + compilation_unit.crytic_compile_compilation_unit, "Counter" + ) + == "608060405234801561001057600080fd5b5060f78061001f6000396000f3fe6080604052348015600f57600080fd5b5060043610603c5760003560e01c80633fb5c1cb1460415780638381f58a146053578063d09de08a14606d575b600080fd5b6051604c3660046083565b600055565b005b605b60005481565b60405190815260200160405180910390f35b6051600080549080607c83609b565b9190505550565b600060208284031215609457600080fd5b5035919050565b60006001820160ba57634e487b7160e01b600052601160045260246000fd5b506001019056fe" + ) + counter2_sol = compilation_unit.crytic_compile.filename_lookup( + "tests/source_unit/src/Counter2.sol" + ) + assert ( + compilation_unit.scopes[counter2_sol].bytecode_init( + compilation_unit.crytic_compile_compilation_unit, "Counter" + ) + == "6080604052348015600f57600080fd5b50603f80601d6000396000f3fe6080604052600080fdfe" + ) From 45e90dc4c10120ac0f52b1490e62167870277c97 Mon Sep 17 00:00:00 2001 From: Simone Date: Tue, 3 Jan 2023 15:13:14 +0100 Subject: [PATCH 38/42] Fix top level struct parsing --- slither/solc_parsing/slither_compilation_unit_solc.py | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/slither/solc_parsing/slither_compilation_unit_solc.py b/slither/solc_parsing/slither_compilation_unit_solc.py index d12bda1b4..6dce9b005 100644 --- a/slither/solc_parsing/slither_compilation_unit_solc.py +++ b/slither/solc_parsing/slither_compilation_unit_solc.py @@ -24,6 +24,7 @@ from slither.solc_parsing.declarations.function import FunctionSolc from slither.solc_parsing.declarations.structure_top_level import StructureTopLevelSolc from slither.solc_parsing.exceptions import VariableNotFound from slither.solc_parsing.variables.top_level_variable import TopLevelVariableSolc +from slither.solc_parsing.declarations.caller_context import CallerContextExpression logging.basicConfig() logger = logging.getLogger("SlitherSolcParsing") @@ -57,7 +58,7 @@ def _handle_import_aliases( scope.renaming[local_name] = original_name -class SlitherCompilationUnitSolc: +class SlitherCompilationUnitSolc(CallerContextExpression): # pylint: disable=no-self-use,too-many-instance-attributes def __init__(self, compilation_unit: SlitherCompilationUnit): super().__init__() @@ -95,6 +96,10 @@ class SlitherCompilationUnitSolc: def underlying_contract_to_parser(self) -> Dict[Contract, ContractSolc]: return self._underlying_contract_to_parser + @property + def slither_parser(self) -> "SlitherCompilationUnitSolc": + return self + ################################################################################### ################################################################################### # region AST From 680c914ded73e5b221f9df903da8050ed4756ce7 Mon Sep 17 00:00:00 2001 From: Simone Date: Tue, 3 Jan 2023 15:29:20 +0100 Subject: [PATCH 39/42] Add test --- ...p-level-struct-0.8.0.sol-0.8.0-compact.zip | Bin 0 -> 2027 bytes ...-level-struct-0.8.0.sol-0.8.0-compact.json | 3 +++ tests/ast-parsing/top-level-struct-0.8.0.sol | 18 ++++++++++++++++++ tests/test_ast_parsing.py | 1 + 4 files changed, 22 insertions(+) create mode 100644 tests/ast-parsing/compile/top-level-struct-0.8.0.sol-0.8.0-compact.zip create mode 100644 tests/ast-parsing/expected/top-level-struct-0.8.0.sol-0.8.0-compact.json create mode 100644 tests/ast-parsing/top-level-struct-0.8.0.sol diff --git a/tests/ast-parsing/compile/top-level-struct-0.8.0.sol-0.8.0-compact.zip b/tests/ast-parsing/compile/top-level-struct-0.8.0.sol-0.8.0-compact.zip new file mode 100644 index 0000000000000000000000000000000000000000..7cb2fb659609b654a99a51480f172e7555306ef0 GIT binary patch literal 2027 zcmb8wX&}>$0|)TmOq&+TP087uZRT+;(#n)GH1bq)#GH%Sm>IciEFO|0w~0i}BM~i+ z5|X2sBg7OUDrb(c9RHsG`~Qpo_xs}e>ihcRU;`G!00O{4AR~ z005{#WJG{B%{u@QLJbZjP!T938i_)N1O>Qz)5$@>RCkYHf}cOl8%YcaBJCI42e<-2 zEC84?nZA14dX#(pJ@qCc1#KjMc#{Gn1$X$A;&8|dY29_~sZ`z(53#8)oRtI4MYq>2 z53g41;1+YTEz1v$yr)tMNkWb9u$51%tmmZPmi(CbvDy*U;=X`4g>g*HFQ!P>F$C}} z4wvS9({^#fNLRHNdF?mr(!ztp2Su!Sz3vlPj-3-%Z^9%z0X7U{vU)iQ^1BD6Kt;yaqh?RTYzFae;%GnYvxX8eOb6W0#j^oXNfb?OX7+8d|ed1N-B z-0BW|icHqLExr(z{k5EzB`|%Yz+CL+OX#y%gT3)rT=Brq+;6%fJqm-FgYhHFL-Fw0 zM_@U$|A*uUWA)8#ABNkLpktOys1l=IZvIol2{#0aWSbPFt?_pgyXKU?QGU zw|ciCJNKd6^eVG0Hu(xY?e{A9Z$j&Ck-BbP&q3y#AZ zEHuA#oeJA4Dr(iWwOq@m9q%W-wIwvB59Z4WuSy&R*LQ09*yD~R!gxD%^9#LHRA~3v zptY+*q(4EC+7Se|zs}z=tzSf^JzQ({yuE)S^@)KOpA}s=G5O%AYTEe|Nnh6-&m z#c1Y9eDix&4K2#U9`@bQ(*ZX0;9IaoJFHxIZK{Cv`}Q>*TZ}2~amOmm6fuBZsN(MG z+zQ|0@?m3nfl69}_BglaYNy*xvL?2FIbkKT-tbSoEL)B-Fd%B|kL{l_R$BfQ`{{cr zUuIg|r}to3bqIX)*WJ1YVSzd!DvMcvKZtm-yf-{p-jYR%+JpoiAmWdWnDe&bX9z}7 zT#V}VC>}@`5+k*|+F$Jyu1*^t>YDLGy@WC$yZ8M>jIOMu0K02sC-0XGA)xk9J^F+I zcsR18=RD1EtN99=(=CI`(2Ne>8~u6Gjh^|~Mr^UmA50sU=`0O>A^t3Z4>;HI@{ z1*A)IuB0oIXPsGY(=cRr^l6wdEV*@1CtDbSkqX_=jNvD1!EseMyrpa!MBA8wt^OW;F45L#Q|HJ zT{5%NC|#p$_twRpPuY`$c))Coclw-KSsBeQj76kaKB0Z<>;3m3FJnQL?iTFj@7#3szYSzmtA#%^x1R1!rC`7jzNRW<$;#+sL*Q z9*%iT&j?gK7qQlE$bY`nW-gBh*b_ZdJ)VKAVAn4By{qw;>CCReKa=fw=o*#0kI^Ci zN#!F9Llw3e!JW@1xVN3tOI!zU<3~l~L<2nqEtDwgUa#!QGqJi;=})b93`F9fO~NI;X5&ELI4UToDpZjmk0;Ol^%KN}}U}5i`2|qb6Px;g2tLD%bRZ zdKZdwyd74DshduessvR9PV5dvs(j9feS8Tna>EJ%@0!2JZGVA)0JEabjL|&&-j7Ev pYYsLb0Sx$m)B9WB|0Wjn@BDudJJ{@l{QCm^uFLNY|4ljo{09_{xwZfR literal 0 HcmV?d00001 diff --git a/tests/ast-parsing/expected/top-level-struct-0.8.0.sol-0.8.0-compact.json b/tests/ast-parsing/expected/top-level-struct-0.8.0.sol-0.8.0-compact.json new file mode 100644 index 000000000..65dfd3b51 --- /dev/null +++ b/tests/ast-parsing/expected/top-level-struct-0.8.0.sol-0.8.0-compact.json @@ -0,0 +1,3 @@ +{ + "BaseContract": {} +} \ No newline at end of file diff --git a/tests/ast-parsing/top-level-struct-0.8.0.sol b/tests/ast-parsing/top-level-struct-0.8.0.sol new file mode 100644 index 000000000..8a335680c --- /dev/null +++ b/tests/ast-parsing/top-level-struct-0.8.0.sol @@ -0,0 +1,18 @@ +struct my_struct { + uint[][] a; // works fine + uint[][3] b; // works fine + uint[3][] c; // fails + uint[3][3] d; // fails + uint[2**20] e; // works fine +} +contract BaseContract{ + struct my_struct_2 { + uint[][] f; // works fine + uint[][3] g; // works fine + uint[3][] h; // works fine + uint[3][3] i; // works fine + uint[2**20] j; // works fine + } + + uint[3][] k; // works fine +} diff --git a/tests/test_ast_parsing.py b/tests/test_ast_parsing.py index e96a129b8..47f230534 100644 --- a/tests/test_ast_parsing.py +++ b/tests/test_ast_parsing.py @@ -425,6 +425,7 @@ ALL_TESTS = [ Test("free_functions/library_constant_function_collision.sol", ["0.8.12"]), Test("ternary-with-max.sol", ["0.8.15"]), Test("library_event-0.8.16.sol", ["0.8.16"]), + Test("top-level-struct-0.8.0.sol", ["0.8.0"]), ] # create the output folder if needed try: From baf4143345059339719a12960283eed6e6490f6c Mon Sep 17 00:00:00 2001 From: alpharush <0xalpharush@protonmail.com> Date: Tue, 3 Jan 2023 12:03:29 -0600 Subject: [PATCH 40/42] move nested logic into functions --- slither/utils/expression_manipulations.py | 178 +++++++++++----------- 1 file changed, 92 insertions(+), 86 deletions(-) diff --git a/slither/utils/expression_manipulations.py b/slither/utils/expression_manipulations.py index 591fab0ef..974c6f68b 100644 --- a/slither/utils/expression_manipulations.py +++ b/slither/utils/expression_manipulations.py @@ -23,7 +23,8 @@ from slither.all_exceptions import SlitherException # pylint: disable=protected-access def f_expressions( - e: AssignmentOperation, x: Union[Identifier, Literal, MemberAccess, IndexAccess] + e: Union[AssignmentOperation, BinaryOperation, TupleExpression], + x: Union[Identifier, Literal, MemberAccess, IndexAccess], ) -> None: e._expressions.append(x) @@ -40,7 +41,7 @@ def f_call_gas(e: CallExpression, x): e._gas = x -def f_expression(e, x): +def f_expression(e: Union[TypeConversion, UnaryOperation, MemberAccess], x): e._expression = x @@ -86,7 +87,6 @@ class SplitTernaryExpression: f(false_expression, copy.copy(next_expr)) return True - # pylint: disable=too-many-branches def copy_expression( self, expression: Expression, true_expression: Expression, false_expression: Expression ) -> None: @@ -102,108 +102,114 @@ class SplitTernaryExpression: ): return - # case of lib - # (.. ? .. : ..).add - if isinstance(expression, MemberAccess): - next_expr = expression.expression - if self.conditional_not_ahead( - next_expr, true_expression, false_expression, f_expression - ): - self.copy_expression( - next_expr, true_expression.expression, false_expression.expression - ) - # pylint: disable=too-many-nested-blocks elif isinstance(expression, (AssignmentOperation, BinaryOperation, TupleExpression)): true_expression._expressions = [] false_expression._expressions = [] - for next_expr in expression.expressions: - # TODO: can we get rid of `NoneType` expressions in `TupleExpression`? - if next_expr: - if isinstance(next_expr, IndexAccess): - # create an index access for each branch - # x[if cond ? 1 : 2] -> if cond { x[1] } else { x[2] } - for expr in next_expr.expressions: - if self.conditional_not_ahead( - expr, true_expression, false_expression, f_expressions - ): - self.copy_expression( - expr, - true_expression.expressions[-1], - false_expression.expressions[-1], - ) - - if self.conditional_not_ahead( - next_expr, true_expression, false_expression, f_expressions - ): - # always on last arguments added - self.copy_expression( - next_expr, - true_expression.expressions[-1], - false_expression.expressions[-1], - ) + self.convert_expressions(expression, true_expression, false_expression) elif isinstance(expression, CallExpression): next_expr = expression.called + self.convert_call_expression(expression, next_expr, true_expression, false_expression) + + elif isinstance(expression, (TypeConversion, UnaryOperation, MemberAccess)): + next_expr = expression.expression + if self.conditional_not_ahead( + next_expr, true_expression, false_expression, f_expression + ): + self.copy_expression( + expression.expression, + true_expression.expression, + false_expression.expression, + ) - # case of lib - # (.. ? .. : ..).add - if self.conditional_not_ahead(next_expr, true_expression, false_expression, f_called): - self.copy_expression(next_expr, true_expression.called, false_expression.called) + else: + raise SlitherException( + f"Ternary operation not handled {expression}({type(expression)})" + ) - # In order to handle ternaries in both call options, gas and value, we return early if the - # conditional is not ahead to rewrite both ternaries (see `_rewrite_ternary_as_if_else`). - if expression.call_gas: - # case of (..).func{gas: .. ? .. : ..}() - next_expr = expression.call_gas - if self.conditional_not_ahead( - next_expr, true_expression, false_expression, f_call_gas - ): - self.copy_expression( - next_expr, - true_expression.call_gas, - false_expression.call_gas, - ) - else: - return + def convert_expressions( + self, + expression: Union[AssignmentOperation, BinaryOperation, TupleExpression], + true_expression: Expression, + false_expression: Expression, + ) -> None: + for next_expr in expression.expressions: + # TODO: can we get rid of `NoneType` expressions in `TupleExpression`? + if next_expr: + if isinstance(next_expr, IndexAccess): + self.convert_index_access(next_expr, true_expression, false_expression) - if expression.call_value: - # case of (..).func{value: .. ? .. : ..}() - next_expr = expression.call_value if self.conditional_not_ahead( - next_expr, true_expression, false_expression, f_call_value + next_expr, true_expression, false_expression, f_expressions ): + # always on last arguments added self.copy_expression( next_expr, - true_expression.call_value, - false_expression.call_value, + true_expression.expressions[-1], + false_expression.expressions[-1], ) - else: - return - true_expression._arguments = [] - false_expression._arguments = [] + def convert_index_access( + self, next_expr: IndexAccess, true_expression: Expression, false_expression: Expression + ) -> None: + # create an index access for each branch + # x[if cond ? 1 : 2] -> if cond { x[1] } else { x[2] } + for expr in next_expr.expressions: + if self.conditional_not_ahead(expr, true_expression, false_expression, f_expressions): + self.copy_expression( + expr, + true_expression.expressions[-1], + false_expression.expressions[-1], + ) - for next_expr in expression.arguments: - if self.conditional_not_ahead(next_expr, true_expression, false_expression, f_call): - # always on last arguments added - self.copy_expression( - next_expr, - true_expression.arguments[-1], - false_expression.arguments[-1], - ) + def convert_call_expression( + self, + expression: CallExpression, + next_expr: Expression, + true_expression: Expression, + false_expression: Expression, + ) -> None: + # case of lib + # (.. ? .. : ..).add + if self.conditional_not_ahead(next_expr, true_expression, false_expression, f_called): + self.copy_expression(next_expr, true_expression.called, false_expression.called) + + # In order to handle ternaries in both call options, gas and value, we return early if the + # conditional is not ahead to rewrite both ternaries (see `_rewrite_ternary_as_if_else`). + if expression.call_gas: + # case of (..).func{gas: .. ? .. : ..}() + next_expr = expression.call_gas + if self.conditional_not_ahead(next_expr, true_expression, false_expression, f_call_gas): + self.copy_expression( + next_expr, + true_expression.call_gas, + false_expression.call_gas, + ) + else: + return - elif isinstance(expression, (TypeConversion, UnaryOperation)): - next_expr = expression.expression + if expression.call_value: + # case of (..).func{value: .. ? .. : ..}() + next_expr = expression.call_value if self.conditional_not_ahead( - next_expr, true_expression, false_expression, f_expression + next_expr, true_expression, false_expression, f_call_value ): self.copy_expression( - expression.expression, - true_expression.expression, - false_expression.expression, + next_expr, + true_expression.call_value, + false_expression.call_value, ) + else: + return - else: - raise SlitherException( - f"Ternary operation not handled {expression}({type(expression)})" - ) + true_expression._arguments = [] + false_expression._arguments = [] + + for expr in expression.arguments: + if self.conditional_not_ahead(expr, true_expression, false_expression, f_call): + # always on last arguments added + self.copy_expression( + expr, + true_expression.arguments[-1], + false_expression.arguments[-1], + ) From b68f4c17a7aedfe0382828b85e2ecd95dca4fb38 Mon Sep 17 00:00:00 2001 From: alpharush <0xalpharush@protonmail.com> Date: Tue, 3 Jan 2023 12:31:47 -0600 Subject: [PATCH 41/42] pylint --- slither/utils/expression_manipulations.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/slither/utils/expression_manipulations.py b/slither/utils/expression_manipulations.py index 974c6f68b..bc2a1556e 100644 --- a/slither/utils/expression_manipulations.py +++ b/slither/utils/expression_manipulations.py @@ -102,7 +102,7 @@ class SplitTernaryExpression: ): return - elif isinstance(expression, (AssignmentOperation, BinaryOperation, TupleExpression)): + if isinstance(expression, (AssignmentOperation, BinaryOperation, TupleExpression)): true_expression._expressions = [] false_expression._expressions = [] self.convert_expressions(expression, true_expression, false_expression) From 254f02b374d906df619edebe099af8f61eaef6e0 Mon Sep 17 00:00:00 2001 From: Feist Josselin Date: Thu, 5 Jan 2023 11:02:43 +0100 Subject: [PATCH 42/42] Update expression_manipulations.py --- slither/utils/expression_manipulations.py | 1 + 1 file changed, 1 insertion(+) diff --git a/slither/utils/expression_manipulations.py b/slither/utils/expression_manipulations.py index bc2a1556e..a63db9829 100644 --- a/slither/utils/expression_manipulations.py +++ b/slither/utils/expression_manipulations.py @@ -135,6 +135,7 @@ class SplitTernaryExpression: ) -> None: for next_expr in expression.expressions: # TODO: can we get rid of `NoneType` expressions in `TupleExpression`? + # montyly: this might happen with unnamed tuple (ex: (,,,) = f()), but it needs to be checked if next_expr: if isinstance(next_expr, IndexAccess): self.convert_index_access(next_expr, true_expression, false_expression)