[ [ { "elements": [ { "type": "function", "name": "bad1", "source_mapping": { "start": 780, "length": 97, "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/arbitrary-send-erc20/0.4.25/arbitrary_send_erc20.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/arbitrary-send-erc20/0.4.25/arbitrary_send_erc20.sol", "is_dependency": false, "lines": [ 35, 36, 37 ], "starting_column": 5, "ending_column": 6 }, "type_specific_fields": { "parent": { "type": "contract", "name": "C", "source_mapping": { "start": 394, "length": 1717, "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/arbitrary-send-erc20/0.4.25/arbitrary_send_erc20.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/arbitrary-send-erc20/0.4.25/arbitrary_send_erc20.sol", "is_dependency": false, "lines": [ 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77 ], "starting_column": 1, "ending_column": 2 } }, "signature": "bad1(address,uint256)" } }, { "type": "node", "name": "erc20.transferFrom(notsend,to,am)", "source_mapping": { "start": 835, "length": 35, "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/arbitrary-send-erc20/0.4.25/arbitrary_send_erc20.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/arbitrary-send-erc20/0.4.25/arbitrary_send_erc20.sol", "is_dependency": false, "lines": [ 36 ], "starting_column": 9, "ending_column": 44 }, "type_specific_fields": { "parent": { "type": "function", "name": "bad1", "source_mapping": { "start": 780, "length": 97, "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/arbitrary-send-erc20/0.4.25/arbitrary_send_erc20.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/arbitrary-send-erc20/0.4.25/arbitrary_send_erc20.sol", "is_dependency": false, "lines": [ 35, 36, 37 ], "starting_column": 5, "ending_column": 6 }, "type_specific_fields": { "parent": { "type": "contract", "name": "C", "source_mapping": { "start": 394, "length": 1717, "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/arbitrary-send-erc20/0.4.25/arbitrary_send_erc20.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/arbitrary-send-erc20/0.4.25/arbitrary_send_erc20.sol", "is_dependency": false, "lines": [ 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77 ], "starting_column": 1, "ending_column": 2 } }, "signature": "bad1(address,uint256)" } } } } ], "description": "C.bad1(address,uint256) (tests/detectors/arbitrary-send-erc20/0.4.25/arbitrary_send_erc20.sol#35-37) uses arbitrary from in transferFrom: erc20.transferFrom(notsend,to,am) (tests/detectors/arbitrary-send-erc20/0.4.25/arbitrary_send_erc20.sol#36)\n", "markdown": "[C.bad1(address,uint256)](tests/detectors/arbitrary-send-erc20/0.4.25/arbitrary_send_erc20.sol#L35-L37) uses arbitrary from in transferFrom: [erc20.transferFrom(notsend,to,am)](tests/detectors/arbitrary-send-erc20/0.4.25/arbitrary_send_erc20.sol#L36)\n", "first_markdown_element": "tests/detectors/arbitrary-send-erc20/0.4.25/arbitrary_send_erc20.sol#L35-L37", "id": "430afa4e7855d25b1262162894fa21d58eea2571578d45de5399baf3eb438038", "check": "arbitrary-send-erc20", "impact": "High", "confidence": "High" }, { "elements": [ { "type": "function", "name": "bad4", "source_mapping": { "start": 1702, "length": 133, "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/arbitrary-send-erc20/0.4.25/arbitrary_send_erc20.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/arbitrary-send-erc20/0.4.25/arbitrary_send_erc20.sol", "is_dependency": false, "lines": [ 65, 66, 67 ], "starting_column": 5, "ending_column": 6 }, "type_specific_fields": { "parent": { "type": "contract", "name": "C", "source_mapping": { "start": 394, "length": 1717, "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/arbitrary-send-erc20/0.4.25/arbitrary_send_erc20.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/arbitrary-send-erc20/0.4.25/arbitrary_send_erc20.sol", "is_dependency": false, "lines": [ 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77 ], "starting_column": 1, "ending_column": 2 } }, "signature": "bad4(address,address,uint256)" } }, { "type": "node", "name": "SafeERC20.safeTransferFrom(erc20,from,to,amount)", "source_mapping": { "start": 1777, "length": 51, "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/arbitrary-send-erc20/0.4.25/arbitrary_send_erc20.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/arbitrary-send-erc20/0.4.25/arbitrary_send_erc20.sol", "is_dependency": false, "lines": [ 66 ], "starting_column": 9, "ending_column": 60 }, "type_specific_fields": { "parent": { "type": "function", "name": "bad4", "source_mapping": { "start": 1702, "length": 133, "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/arbitrary-send-erc20/0.4.25/arbitrary_send_erc20.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/arbitrary-send-erc20/0.4.25/arbitrary_send_erc20.sol", "is_dependency": false, "lines": [ 65, 66, 67 ], "starting_column": 5, "ending_column": 6 }, "type_specific_fields": { "parent": { "type": "contract", "name": "C", "source_mapping": { "start": 394, "length": 1717, "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/arbitrary-send-erc20/0.4.25/arbitrary_send_erc20.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/arbitrary-send-erc20/0.4.25/arbitrary_send_erc20.sol", "is_dependency": false, "lines": [ 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77 ], "starting_column": 1, "ending_column": 2 } }, "signature": "bad4(address,address,uint256)" } } } } ], "description": "C.bad4(address,address,uint256) (tests/detectors/arbitrary-send-erc20/0.4.25/arbitrary_send_erc20.sol#65-67) uses arbitrary from in transferFrom: SafeERC20.safeTransferFrom(erc20,from,to,amount) (tests/detectors/arbitrary-send-erc20/0.4.25/arbitrary_send_erc20.sol#66)\n", "markdown": "[C.bad4(address,address,uint256)](tests/detectors/arbitrary-send-erc20/0.4.25/arbitrary_send_erc20.sol#L65-L67) uses arbitrary from in transferFrom: [SafeERC20.safeTransferFrom(erc20,from,to,amount)](tests/detectors/arbitrary-send-erc20/0.4.25/arbitrary_send_erc20.sol#L66)\n", "first_markdown_element": "tests/detectors/arbitrary-send-erc20/0.4.25/arbitrary_send_erc20.sol#L65-L67", "id": "b2557d6385585034271b9873559de9cde4972e3207c43f260663f3d0e2a4d4a0", "check": "arbitrary-send-erc20", "impact": "High", "confidence": "High" }, { "elements": [ { "type": "function", "name": "bad3", "source_mapping": { "start": 1434, "length": 122, "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/arbitrary-send-erc20/0.4.25/arbitrary_send_erc20.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/arbitrary-send-erc20/0.4.25/arbitrary_send_erc20.sol", "is_dependency": false, "lines": [ 57, 58, 59 ], "starting_column": 5, "ending_column": 6 }, "type_specific_fields": { "parent": { "type": "contract", "name": "C", "source_mapping": { "start": 394, "length": 1717, "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/arbitrary-send-erc20/0.4.25/arbitrary_send_erc20.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/arbitrary-send-erc20/0.4.25/arbitrary_send_erc20.sol", "is_dependency": false, "lines": [ 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77 ], "starting_column": 1, "ending_column": 2 } }, "signature": "bad3(address,address,uint256)" } }, { "type": "node", "name": "erc20.safeTransferFrom(from,to,amount)", "source_mapping": { "start": 1509, "length": 40, "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/arbitrary-send-erc20/0.4.25/arbitrary_send_erc20.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/arbitrary-send-erc20/0.4.25/arbitrary_send_erc20.sol", "is_dependency": false, "lines": [ 58 ], "starting_column": 9, "ending_column": 49 }, "type_specific_fields": { "parent": { "type": "function", "name": "bad3", "source_mapping": { "start": 1434, "length": 122, "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/arbitrary-send-erc20/0.4.25/arbitrary_send_erc20.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/arbitrary-send-erc20/0.4.25/arbitrary_send_erc20.sol", "is_dependency": false, "lines": [ 57, 58, 59 ], "starting_column": 5, "ending_column": 6 }, "type_specific_fields": { "parent": { "type": "contract", "name": "C", "source_mapping": { "start": 394, "length": 1717, "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/arbitrary-send-erc20/0.4.25/arbitrary_send_erc20.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/arbitrary-send-erc20/0.4.25/arbitrary_send_erc20.sol", "is_dependency": false, "lines": [ 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77 ], "starting_column": 1, "ending_column": 2 } }, "signature": "bad3(address,address,uint256)" } } } } ], "description": "C.bad3(address,address,uint256) (tests/detectors/arbitrary-send-erc20/0.4.25/arbitrary_send_erc20.sol#57-59) uses arbitrary from in transferFrom: erc20.safeTransferFrom(from,to,amount) (tests/detectors/arbitrary-send-erc20/0.4.25/arbitrary_send_erc20.sol#58)\n", "markdown": "[C.bad3(address,address,uint256)](tests/detectors/arbitrary-send-erc20/0.4.25/arbitrary_send_erc20.sol#L57-L59) uses arbitrary from in transferFrom: [erc20.safeTransferFrom(from,to,amount)](tests/detectors/arbitrary-send-erc20/0.4.25/arbitrary_send_erc20.sol#L58)\n", "first_markdown_element": "tests/detectors/arbitrary-send-erc20/0.4.25/arbitrary_send_erc20.sol#L57-L59", "id": "e7271d3fa958d20a025419c070ea1010431487e98e30fa2db65db9bf54a13665", "check": "arbitrary-send-erc20", "impact": "High", "confidence": "High" } ] ]