{ "success": true, "error": null, "results": [ { "check": "controlled-delegatecall", "impact": "High", "confidence": "Medium", "description": "C.bad_delegate_call (tests/controlled_delegatecall.sol#8-11) uses delegatecall to a input-controlled function id\n\t- addr_bad.delegatecall(data) (tests/controlled_delegatecall.sol#10)\n", "elements": [ { "type": "node", "name": "addr_bad.delegatecall(data)", "source_mapping": { "start": 201, "length": 27, "filename_used": "/home/travis/build/crytic/slither/tests/controlled_delegatecall.sol", "filename_relative": "tests/controlled_delegatecall.sol", "filename_absolute": "/home/travis/build/crytic/slither/tests/controlled_delegatecall.sol", "filename_short": "tests/controlled_delegatecall.sol", "lines": [ 10 ], "starting_column": 9, "ending_column": 36 }, "function": { "type": "function", "name": "bad_delegate_call", "source_mapping": { "start": 101, "length": 134, "filename_used": "/home/travis/build/crytic/slither/tests/controlled_delegatecall.sol", "filename_relative": "tests/controlled_delegatecall.sol", "filename_absolute": "/home/travis/build/crytic/slither/tests/controlled_delegatecall.sol", "filename_short": "tests/controlled_delegatecall.sol", "lines": [ 8, 9, 10, 11 ], "starting_column": 5, "ending_column": 6 }, "contract": { "type": "contract", "name": "C", "source_mapping": { "start": 0, "length": 585, "filename_used": "/home/travis/build/crytic/slither/tests/controlled_delegatecall.sol", "filename_relative": "tests/controlled_delegatecall.sol", "filename_absolute": "/home/travis/build/crytic/slither/tests/controlled_delegatecall.sol", "filename_short": "tests/controlled_delegatecall.sol", "lines": [ 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25 ], "starting_column": 1, "ending_column": 2 } } } }, { "type": "function", "name": "bad_delegate_call", "source_mapping": { "start": 101, "length": 134, "filename_used": "/home/travis/build/crytic/slither/tests/controlled_delegatecall.sol", "filename_relative": "tests/controlled_delegatecall.sol", "filename_absolute": "/home/travis/build/crytic/slither/tests/controlled_delegatecall.sol", "filename_short": "tests/controlled_delegatecall.sol", "lines": [ 8, 9, 10, 11 ], "starting_column": 5, "ending_column": 6 }, "contract": { "type": "contract", "name": "C", "source_mapping": { "start": 0, "length": 585, "filename_used": "/home/travis/build/crytic/slither/tests/controlled_delegatecall.sol", "filename_relative": "tests/controlled_delegatecall.sol", "filename_absolute": "/home/travis/build/crytic/slither/tests/controlled_delegatecall.sol", "filename_short": "tests/controlled_delegatecall.sol", "lines": [ 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25 ], "starting_column": 1, "ending_column": 2 } } } ] }, { "check": "controlled-delegatecall", "impact": "High", "confidence": "Medium", "description": "C.bad_delegate_call2 (tests/controlled_delegatecall.sol#18-20) uses delegatecall to a input-controlled function id\n\t- addr_bad.delegatecall(abi.encode(func_id,data)) (tests/controlled_delegatecall.sol#19)\n", "elements": [ { "type": "node", "name": "addr_bad.delegatecall(abi.encode(func_id,data))", "source_mapping": { "start": 400, "length": 48, "filename_used": "/home/travis/build/crytic/slither/tests/controlled_delegatecall.sol", "filename_relative": "tests/controlled_delegatecall.sol", "filename_absolute": "/home/travis/build/crytic/slither/tests/controlled_delegatecall.sol", "filename_short": "tests/controlled_delegatecall.sol", "lines": [ 19 ], "starting_column": 9, "ending_column": 57 }, "function": { "type": "function", "name": "bad_delegate_call2", "source_mapping": { "start": 337, "length": 118, "filename_used": "/home/travis/build/crytic/slither/tests/controlled_delegatecall.sol", "filename_relative": "tests/controlled_delegatecall.sol", "filename_absolute": "/home/travis/build/crytic/slither/tests/controlled_delegatecall.sol", "filename_short": "tests/controlled_delegatecall.sol", "lines": [ 18, 19, 20 ], "starting_column": 5, "ending_column": 6 }, "contract": { "type": "contract", "name": "C", "source_mapping": { "start": 0, "length": 585, "filename_used": "/home/travis/build/crytic/slither/tests/controlled_delegatecall.sol", "filename_relative": "tests/controlled_delegatecall.sol", "filename_absolute": "/home/travis/build/crytic/slither/tests/controlled_delegatecall.sol", "filename_short": "tests/controlled_delegatecall.sol", "lines": [ 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25 ], "starting_column": 1, "ending_column": 2 } } } }, { "type": "function", "name": "bad_delegate_call2", "source_mapping": { "start": 337, "length": 118, "filename_used": "/home/travis/build/crytic/slither/tests/controlled_delegatecall.sol", "filename_relative": "tests/controlled_delegatecall.sol", "filename_absolute": "/home/travis/build/crytic/slither/tests/controlled_delegatecall.sol", "filename_short": "tests/controlled_delegatecall.sol", "lines": [ 18, 19, 20 ], "starting_column": 5, "ending_column": 6 }, "contract": { "type": "contract", "name": "C", "source_mapping": { "start": 0, "length": 585, "filename_used": "/home/travis/build/crytic/slither/tests/controlled_delegatecall.sol", "filename_relative": "tests/controlled_delegatecall.sol", "filename_absolute": "/home/travis/build/crytic/slither/tests/controlled_delegatecall.sol", "filename_short": "tests/controlled_delegatecall.sol", "lines": [ 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25 ], "starting_column": 1, "ending_column": 2 } } } ] } ] }