[ [ { "elements": [ { "type": "function", "name": "bad3", "source_mapping": { "start": 1435, "length": 122, "filename_relative": "tests/detectors/arbitrary-send-erc20/0.8.0/arbitrary_send_erc20.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/arbitrary-send-erc20/0.8.0/arbitrary_send_erc20.sol", "is_dependency": false, "lines": [ 57, 58, 59 ], "starting_column": 5, "ending_column": 6 }, "type_specific_fields": { "parent": { "type": "contract", "name": "C", "source_mapping": { "start": 402, "length": 1710, "filename_relative": "tests/detectors/arbitrary-send-erc20/0.8.0/arbitrary_send_erc20.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/arbitrary-send-erc20/0.8.0/arbitrary_send_erc20.sol", "is_dependency": false, "lines": [ 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77 ], "starting_column": 1, "ending_column": 2 } }, "signature": "bad3(address,address,uint256)" } }, { "type": "node", "name": "erc20.safeTransferFrom(from,to,amount)", "source_mapping": { "start": 1510, "length": 40, "filename_relative": "tests/detectors/arbitrary-send-erc20/0.8.0/arbitrary_send_erc20.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/arbitrary-send-erc20/0.8.0/arbitrary_send_erc20.sol", "is_dependency": false, "lines": [ 58 ], "starting_column": 9, "ending_column": 49 }, "type_specific_fields": { "parent": { "type": "function", "name": "bad3", "source_mapping": { "start": 1435, "length": 122, "filename_relative": "tests/detectors/arbitrary-send-erc20/0.8.0/arbitrary_send_erc20.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/arbitrary-send-erc20/0.8.0/arbitrary_send_erc20.sol", "is_dependency": false, "lines": [ 57, 58, 59 ], "starting_column": 5, "ending_column": 6 }, "type_specific_fields": { "parent": { "type": "contract", "name": "C", "source_mapping": { "start": 402, "length": 1710, "filename_relative": "tests/detectors/arbitrary-send-erc20/0.8.0/arbitrary_send_erc20.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/arbitrary-send-erc20/0.8.0/arbitrary_send_erc20.sol", "is_dependency": false, "lines": [ 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77 ], "starting_column": 1, "ending_column": 2 } }, "signature": "bad3(address,address,uint256)" } } } } ], "description": "C.bad3(address,address,uint256) (tests/detectors/arbitrary-send-erc20/0.8.0/arbitrary_send_erc20.sol#57-59) uses arbitrary from in transferFrom: erc20.safeTransferFrom(from,to,amount) (tests/detectors/arbitrary-send-erc20/0.8.0/arbitrary_send_erc20.sol#58)\n", "markdown": "[C.bad3(address,address,uint256)](tests/detectors/arbitrary-send-erc20/0.8.0/arbitrary_send_erc20.sol#L57-L59) uses arbitrary from in transferFrom: [erc20.safeTransferFrom(from,to,amount)](tests/detectors/arbitrary-send-erc20/0.8.0/arbitrary_send_erc20.sol#L58)\n", "first_markdown_element": "tests/detectors/arbitrary-send-erc20/0.8.0/arbitrary_send_erc20.sol#L57-L59", "id": "196b46419f55696599f4a533ea4915c3b1c39be679d8e2ab15a60b7a0238d52c", "check": "arbitrary-send-erc20", "impact": "High", "confidence": "High" }, { "elements": [ { "type": "function", "name": "bad4", "source_mapping": { "start": 1703, "length": 133, "filename_relative": "tests/detectors/arbitrary-send-erc20/0.8.0/arbitrary_send_erc20.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/arbitrary-send-erc20/0.8.0/arbitrary_send_erc20.sol", "is_dependency": false, "lines": [ 65, 66, 67 ], "starting_column": 5, "ending_column": 6 }, "type_specific_fields": { "parent": { "type": "contract", "name": "C", "source_mapping": { "start": 402, "length": 1710, "filename_relative": "tests/detectors/arbitrary-send-erc20/0.8.0/arbitrary_send_erc20.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/arbitrary-send-erc20/0.8.0/arbitrary_send_erc20.sol", "is_dependency": false, "lines": [ 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77 ], "starting_column": 1, "ending_column": 2 } }, "signature": "bad4(address,address,uint256)" } }, { "type": "node", "name": "SafeERC20.safeTransferFrom(erc20,from,to,amount)", "source_mapping": { "start": 1778, "length": 51, "filename_relative": "tests/detectors/arbitrary-send-erc20/0.8.0/arbitrary_send_erc20.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/arbitrary-send-erc20/0.8.0/arbitrary_send_erc20.sol", "is_dependency": false, "lines": [ 66 ], "starting_column": 9, "ending_column": 60 }, "type_specific_fields": { "parent": { "type": "function", "name": "bad4", "source_mapping": { "start": 1703, "length": 133, "filename_relative": "tests/detectors/arbitrary-send-erc20/0.8.0/arbitrary_send_erc20.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/arbitrary-send-erc20/0.8.0/arbitrary_send_erc20.sol", "is_dependency": false, "lines": [ 65, 66, 67 ], "starting_column": 5, "ending_column": 6 }, "type_specific_fields": { "parent": { "type": "contract", "name": "C", "source_mapping": { "start": 402, "length": 1710, "filename_relative": "tests/detectors/arbitrary-send-erc20/0.8.0/arbitrary_send_erc20.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/arbitrary-send-erc20/0.8.0/arbitrary_send_erc20.sol", "is_dependency": false, "lines": [ 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77 ], "starting_column": 1, "ending_column": 2 } }, "signature": "bad4(address,address,uint256)" } } } } ], "description": "C.bad4(address,address,uint256) (tests/detectors/arbitrary-send-erc20/0.8.0/arbitrary_send_erc20.sol#65-67) uses arbitrary from in transferFrom: SafeERC20.safeTransferFrom(erc20,from,to,amount) (tests/detectors/arbitrary-send-erc20/0.8.0/arbitrary_send_erc20.sol#66)\n", "markdown": "[C.bad4(address,address,uint256)](tests/detectors/arbitrary-send-erc20/0.8.0/arbitrary_send_erc20.sol#L65-L67) uses arbitrary from in transferFrom: [SafeERC20.safeTransferFrom(erc20,from,to,amount)](tests/detectors/arbitrary-send-erc20/0.8.0/arbitrary_send_erc20.sol#L66)\n", "first_markdown_element": "tests/detectors/arbitrary-send-erc20/0.8.0/arbitrary_send_erc20.sol#L65-L67", "id": "6ba2ac6eeef603310a4b4f7931ab44fadb3a242517096e17c5f1e39f0f4b83cf", "check": "arbitrary-send-erc20", "impact": "High", "confidence": "High" }, { "elements": [ { "type": "function", "name": "bad1", "source_mapping": { "start": 781, "length": 97, "filename_relative": "tests/detectors/arbitrary-send-erc20/0.8.0/arbitrary_send_erc20.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/arbitrary-send-erc20/0.8.0/arbitrary_send_erc20.sol", "is_dependency": false, "lines": [ 35, 36, 37 ], "starting_column": 5, "ending_column": 6 }, "type_specific_fields": { "parent": { "type": "contract", "name": "C", "source_mapping": { "start": 402, "length": 1710, "filename_relative": "tests/detectors/arbitrary-send-erc20/0.8.0/arbitrary_send_erc20.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/arbitrary-send-erc20/0.8.0/arbitrary_send_erc20.sol", "is_dependency": false, "lines": [ 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77 ], "starting_column": 1, "ending_column": 2 } }, "signature": "bad1(address,uint256)" } }, { "type": "node", "name": "erc20.transferFrom(notsend,to,am)", "source_mapping": { "start": 836, "length": 35, "filename_relative": "tests/detectors/arbitrary-send-erc20/0.8.0/arbitrary_send_erc20.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/arbitrary-send-erc20/0.8.0/arbitrary_send_erc20.sol", "is_dependency": false, "lines": [ 36 ], "starting_column": 9, "ending_column": 44 }, "type_specific_fields": { "parent": { "type": "function", "name": "bad1", "source_mapping": { "start": 781, "length": 97, "filename_relative": "tests/detectors/arbitrary-send-erc20/0.8.0/arbitrary_send_erc20.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/arbitrary-send-erc20/0.8.0/arbitrary_send_erc20.sol", "is_dependency": false, "lines": [ 35, 36, 37 ], "starting_column": 5, "ending_column": 6 }, "type_specific_fields": { "parent": { "type": "contract", "name": "C", "source_mapping": { "start": 402, "length": 1710, "filename_relative": "tests/detectors/arbitrary-send-erc20/0.8.0/arbitrary_send_erc20.sol", "filename_absolute": "/GENERIC_PATH", "filename_short": "tests/detectors/arbitrary-send-erc20/0.8.0/arbitrary_send_erc20.sol", "is_dependency": false, "lines": [ 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77 ], "starting_column": 1, "ending_column": 2 } }, "signature": "bad1(address,uint256)" } } } } ], "description": "C.bad1(address,uint256) (tests/detectors/arbitrary-send-erc20/0.8.0/arbitrary_send_erc20.sol#35-37) uses arbitrary from in transferFrom: erc20.transferFrom(notsend,to,am) (tests/detectors/arbitrary-send-erc20/0.8.0/arbitrary_send_erc20.sol#36)\n", "markdown": "[C.bad1(address,uint256)](tests/detectors/arbitrary-send-erc20/0.8.0/arbitrary_send_erc20.sol#L35-L37) uses arbitrary from in transferFrom: [erc20.transferFrom(notsend,to,am)](tests/detectors/arbitrary-send-erc20/0.8.0/arbitrary_send_erc20.sol#L36)\n", "first_markdown_element": "tests/detectors/arbitrary-send-erc20/0.8.0/arbitrary_send_erc20.sol#L35-L37", "id": "8972d014c645b3a3783400fb2a6a38b20ea38973481025b6f99b3c15c9e63868", "check": "arbitrary-send-erc20", "impact": "High", "confidence": "High" } ] ]