[ [ { "elements": [ { "type": "function", "name": "bad1", "source_mapping": { "start": 789, "length": 97, "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol", "is_dependency": false, "lines": [ 35, 36, 37 ], "starting_column": 5, "ending_column": 6 }, "type_specific_fields": { "parent": { "type": "contract", "name": "C", "source_mapping": { "start": 403, "length": 1721, "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol", "is_dependency": false, "lines": [ 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77 ], "starting_column": 1, "ending_column": 2 } }, "signature": "bad1(address,uint256)" } }, { "type": "node", "name": "erc20.transferFrom(notsend,to,am)", "source_mapping": { "start": 844, "length": 35, "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol", "is_dependency": false, "lines": [ 36 ], "starting_column": 9, "ending_column": 44 }, "type_specific_fields": { "parent": { "type": "function", "name": "bad1", "source_mapping": { "start": 789, "length": 97, "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol", "is_dependency": false, "lines": [ 35, 36, 37 ], "starting_column": 5, "ending_column": 6 }, "type_specific_fields": { "parent": { "type": "contract", "name": "C", "source_mapping": { "start": 403, "length": 1721, "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol", "is_dependency": false, "lines": [ 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77 ], "starting_column": 1, "ending_column": 2 } }, "signature": "bad1(address,uint256)" } } } } ], "description": "C.bad1(address,uint256) (tests/detectors/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol#35-37) uses arbitrary from in transferFrom: erc20.transferFrom(notsend,to,am) (tests/detectors/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol#36)\n", "markdown": "[C.bad1(address,uint256)](tests/detectors/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol#L35-L37) uses arbitrary from in transferFrom: [erc20.transferFrom(notsend,to,am)](tests/detectors/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol#L36)\n", "first_markdown_element": "tests/detectors/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol#L35-L37", "id": "040cf50981f6e1dea1f7a19f0115811be1347e0637f0ca85d789ae612a509322", "check": "arbitrary-send-erc20", "impact": "High", "confidence": "High" }, { "elements": [ { "type": "function", "name": "bad4", "source_mapping": { "start": 1711, "length": 133, "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol", "is_dependency": false, "lines": [ 65, 66, 67 ], "starting_column": 5, "ending_column": 6 }, "type_specific_fields": { "parent": { "type": "contract", "name": "C", "source_mapping": { "start": 403, "length": 1721, "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol", "is_dependency": false, "lines": [ 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77 ], "starting_column": 1, "ending_column": 2 } }, "signature": "bad4(address,address,uint256)" } }, { "type": "node", "name": "SafeERC20.safeTransferFrom(erc20,from,to,amount)", "source_mapping": { "start": 1786, "length": 51, "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol", "is_dependency": false, "lines": [ 66 ], "starting_column": 9, "ending_column": 60 }, "type_specific_fields": { "parent": { "type": "function", "name": "bad4", "source_mapping": { "start": 1711, "length": 133, "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol", "is_dependency": false, "lines": [ 65, 66, 67 ], "starting_column": 5, "ending_column": 6 }, "type_specific_fields": { "parent": { "type": "contract", "name": "C", "source_mapping": { "start": 403, "length": 1721, "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol", "is_dependency": false, "lines": [ 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77 ], "starting_column": 1, "ending_column": 2 } }, "signature": "bad4(address,address,uint256)" } } } } ], "description": "C.bad4(address,address,uint256) (tests/detectors/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol#65-67) uses arbitrary from in transferFrom: SafeERC20.safeTransferFrom(erc20,from,to,amount) (tests/detectors/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol#66)\n", "markdown": "[C.bad4(address,address,uint256)](tests/detectors/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol#L65-L67) uses arbitrary from in transferFrom: [SafeERC20.safeTransferFrom(erc20,from,to,amount)](tests/detectors/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol#L66)\n", "first_markdown_element": "tests/detectors/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol#L65-L67", "id": "61438092d2da6c23ecfa13e5e55c489e538249e47bddd9335b533d28a242aea1", "check": "arbitrary-send-erc20", "impact": "High", "confidence": "High" }, { "elements": [ { "type": "function", "name": "bad3", "source_mapping": { "start": 1443, "length": 122, "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol", "is_dependency": false, "lines": [ 57, 58, 59 ], "starting_column": 5, "ending_column": 6 }, "type_specific_fields": { "parent": { "type": "contract", "name": "C", "source_mapping": { "start": 403, "length": 1721, "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol", "is_dependency": false, "lines": [ 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77 ], "starting_column": 1, "ending_column": 2 } }, "signature": "bad3(address,address,uint256)" } }, { "type": "node", "name": "erc20.safeTransferFrom(from,to,amount)", "source_mapping": { "start": 1518, "length": 40, "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol", "is_dependency": false, "lines": [ 58 ], "starting_column": 9, "ending_column": 49 }, "type_specific_fields": { "parent": { "type": "function", "name": "bad3", "source_mapping": { "start": 1443, "length": 122, "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol", "is_dependency": false, "lines": [ 57, 58, 59 ], "starting_column": 5, "ending_column": 6 }, "type_specific_fields": { "parent": { "type": "contract", "name": "C", "source_mapping": { "start": 403, "length": 1721, "filename_used": "/GENERIC_PATH", "filename_relative": "tests/detectors/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol", "is_dependency": false, "lines": [ 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77 ], "starting_column": 1, "ending_column": 2 } }, "signature": "bad3(address,address,uint256)" } } } } ], "description": "C.bad3(address,address,uint256) (tests/detectors/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol#57-59) uses arbitrary from in transferFrom: erc20.safeTransferFrom(from,to,amount) (tests/detectors/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol#58)\n", "markdown": "[C.bad3(address,address,uint256)](tests/detectors/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol#L57-L59) uses arbitrary from in transferFrom: [erc20.safeTransferFrom(from,to,amount)](tests/detectors/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol#L58)\n", "first_markdown_element": "tests/detectors/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol#L57-L59", "id": "8551e9d33fdd4f73f1eb7776480b2e8cd2cf9c897b52285c3a287caab6822ce3", "check": "arbitrary-send-erc20", "impact": "High", "confidence": "High" } ] ]