mirror of https://github.com/crytic/slither
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
688 lines
33 KiB
688 lines
33 KiB
[
|
|
[
|
|
{
|
|
"elements": [
|
|
{
|
|
"type": "function",
|
|
"name": "bad1",
|
|
"source_mapping": {
|
|
"start": 789,
|
|
"length": 97,
|
|
"filename_relative": "tests/detectors/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol",
|
|
"filename_absolute": "/GENERIC_PATH",
|
|
"filename_short": "tests/detectors/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol",
|
|
"is_dependency": false,
|
|
"lines": [
|
|
35,
|
|
36,
|
|
37
|
|
],
|
|
"starting_column": 5,
|
|
"ending_column": 6
|
|
},
|
|
"type_specific_fields": {
|
|
"parent": {
|
|
"type": "contract",
|
|
"name": "C",
|
|
"source_mapping": {
|
|
"start": 403,
|
|
"length": 1721,
|
|
"filename_relative": "tests/detectors/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol",
|
|
"filename_absolute": "/GENERIC_PATH",
|
|
"filename_short": "tests/detectors/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol",
|
|
"is_dependency": false,
|
|
"lines": [
|
|
17,
|
|
18,
|
|
19,
|
|
20,
|
|
21,
|
|
22,
|
|
23,
|
|
24,
|
|
25,
|
|
26,
|
|
27,
|
|
28,
|
|
29,
|
|
30,
|
|
31,
|
|
32,
|
|
33,
|
|
34,
|
|
35,
|
|
36,
|
|
37,
|
|
38,
|
|
39,
|
|
40,
|
|
41,
|
|
42,
|
|
43,
|
|
44,
|
|
45,
|
|
46,
|
|
47,
|
|
48,
|
|
49,
|
|
50,
|
|
51,
|
|
52,
|
|
53,
|
|
54,
|
|
55,
|
|
56,
|
|
57,
|
|
58,
|
|
59,
|
|
60,
|
|
61,
|
|
62,
|
|
63,
|
|
64,
|
|
65,
|
|
66,
|
|
67,
|
|
68,
|
|
69,
|
|
70,
|
|
71,
|
|
72,
|
|
73,
|
|
74,
|
|
75,
|
|
76,
|
|
77
|
|
],
|
|
"starting_column": 1,
|
|
"ending_column": 2
|
|
}
|
|
},
|
|
"signature": "bad1(address,uint256)"
|
|
}
|
|
},
|
|
{
|
|
"type": "node",
|
|
"name": "erc20.transferFrom(notsend,to,am)",
|
|
"source_mapping": {
|
|
"start": 844,
|
|
"length": 35,
|
|
"filename_relative": "tests/detectors/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol",
|
|
"filename_absolute": "/GENERIC_PATH",
|
|
"filename_short": "tests/detectors/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol",
|
|
"is_dependency": false,
|
|
"lines": [
|
|
36
|
|
],
|
|
"starting_column": 9,
|
|
"ending_column": 44
|
|
},
|
|
"type_specific_fields": {
|
|
"parent": {
|
|
"type": "function",
|
|
"name": "bad1",
|
|
"source_mapping": {
|
|
"start": 789,
|
|
"length": 97,
|
|
"filename_relative": "tests/detectors/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol",
|
|
"filename_absolute": "/GENERIC_PATH",
|
|
"filename_short": "tests/detectors/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol",
|
|
"is_dependency": false,
|
|
"lines": [
|
|
35,
|
|
36,
|
|
37
|
|
],
|
|
"starting_column": 5,
|
|
"ending_column": 6
|
|
},
|
|
"type_specific_fields": {
|
|
"parent": {
|
|
"type": "contract",
|
|
"name": "C",
|
|
"source_mapping": {
|
|
"start": 403,
|
|
"length": 1721,
|
|
"filename_relative": "tests/detectors/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol",
|
|
"filename_absolute": "/GENERIC_PATH",
|
|
"filename_short": "tests/detectors/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol",
|
|
"is_dependency": false,
|
|
"lines": [
|
|
17,
|
|
18,
|
|
19,
|
|
20,
|
|
21,
|
|
22,
|
|
23,
|
|
24,
|
|
25,
|
|
26,
|
|
27,
|
|
28,
|
|
29,
|
|
30,
|
|
31,
|
|
32,
|
|
33,
|
|
34,
|
|
35,
|
|
36,
|
|
37,
|
|
38,
|
|
39,
|
|
40,
|
|
41,
|
|
42,
|
|
43,
|
|
44,
|
|
45,
|
|
46,
|
|
47,
|
|
48,
|
|
49,
|
|
50,
|
|
51,
|
|
52,
|
|
53,
|
|
54,
|
|
55,
|
|
56,
|
|
57,
|
|
58,
|
|
59,
|
|
60,
|
|
61,
|
|
62,
|
|
63,
|
|
64,
|
|
65,
|
|
66,
|
|
67,
|
|
68,
|
|
69,
|
|
70,
|
|
71,
|
|
72,
|
|
73,
|
|
74,
|
|
75,
|
|
76,
|
|
77
|
|
],
|
|
"starting_column": 1,
|
|
"ending_column": 2
|
|
}
|
|
},
|
|
"signature": "bad1(address,uint256)"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
],
|
|
"description": "C.bad1(address,uint256) (tests/detectors/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol#35-37) uses arbitrary from in transferFrom: erc20.transferFrom(notsend,to,am) (tests/detectors/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol#36)\n",
|
|
"markdown": "[C.bad1(address,uint256)](tests/detectors/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol#L35-L37) uses arbitrary from in transferFrom: [erc20.transferFrom(notsend,to,am)](tests/detectors/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol#L36)\n",
|
|
"first_markdown_element": "tests/detectors/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol#L35-L37",
|
|
"id": "040cf50981f6e1dea1f7a19f0115811be1347e0637f0ca85d789ae612a509322",
|
|
"check": "arbitrary-send-erc20",
|
|
"impact": "High",
|
|
"confidence": "High"
|
|
},
|
|
{
|
|
"elements": [
|
|
{
|
|
"type": "function",
|
|
"name": "bad4",
|
|
"source_mapping": {
|
|
"start": 1711,
|
|
"length": 133,
|
|
"filename_relative": "tests/detectors/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol",
|
|
"filename_absolute": "/GENERIC_PATH",
|
|
"filename_short": "tests/detectors/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol",
|
|
"is_dependency": false,
|
|
"lines": [
|
|
65,
|
|
66,
|
|
67
|
|
],
|
|
"starting_column": 5,
|
|
"ending_column": 6
|
|
},
|
|
"type_specific_fields": {
|
|
"parent": {
|
|
"type": "contract",
|
|
"name": "C",
|
|
"source_mapping": {
|
|
"start": 403,
|
|
"length": 1721,
|
|
"filename_relative": "tests/detectors/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol",
|
|
"filename_absolute": "/GENERIC_PATH",
|
|
"filename_short": "tests/detectors/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol",
|
|
"is_dependency": false,
|
|
"lines": [
|
|
17,
|
|
18,
|
|
19,
|
|
20,
|
|
21,
|
|
22,
|
|
23,
|
|
24,
|
|
25,
|
|
26,
|
|
27,
|
|
28,
|
|
29,
|
|
30,
|
|
31,
|
|
32,
|
|
33,
|
|
34,
|
|
35,
|
|
36,
|
|
37,
|
|
38,
|
|
39,
|
|
40,
|
|
41,
|
|
42,
|
|
43,
|
|
44,
|
|
45,
|
|
46,
|
|
47,
|
|
48,
|
|
49,
|
|
50,
|
|
51,
|
|
52,
|
|
53,
|
|
54,
|
|
55,
|
|
56,
|
|
57,
|
|
58,
|
|
59,
|
|
60,
|
|
61,
|
|
62,
|
|
63,
|
|
64,
|
|
65,
|
|
66,
|
|
67,
|
|
68,
|
|
69,
|
|
70,
|
|
71,
|
|
72,
|
|
73,
|
|
74,
|
|
75,
|
|
76,
|
|
77
|
|
],
|
|
"starting_column": 1,
|
|
"ending_column": 2
|
|
}
|
|
},
|
|
"signature": "bad4(address,address,uint256)"
|
|
}
|
|
},
|
|
{
|
|
"type": "node",
|
|
"name": "SafeERC20.safeTransferFrom(erc20,from,to,amount)",
|
|
"source_mapping": {
|
|
"start": 1786,
|
|
"length": 51,
|
|
"filename_relative": "tests/detectors/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol",
|
|
"filename_absolute": "/GENERIC_PATH",
|
|
"filename_short": "tests/detectors/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol",
|
|
"is_dependency": false,
|
|
"lines": [
|
|
66
|
|
],
|
|
"starting_column": 9,
|
|
"ending_column": 60
|
|
},
|
|
"type_specific_fields": {
|
|
"parent": {
|
|
"type": "function",
|
|
"name": "bad4",
|
|
"source_mapping": {
|
|
"start": 1711,
|
|
"length": 133,
|
|
"filename_relative": "tests/detectors/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol",
|
|
"filename_absolute": "/GENERIC_PATH",
|
|
"filename_short": "tests/detectors/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol",
|
|
"is_dependency": false,
|
|
"lines": [
|
|
65,
|
|
66,
|
|
67
|
|
],
|
|
"starting_column": 5,
|
|
"ending_column": 6
|
|
},
|
|
"type_specific_fields": {
|
|
"parent": {
|
|
"type": "contract",
|
|
"name": "C",
|
|
"source_mapping": {
|
|
"start": 403,
|
|
"length": 1721,
|
|
"filename_relative": "tests/detectors/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol",
|
|
"filename_absolute": "/GENERIC_PATH",
|
|
"filename_short": "tests/detectors/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol",
|
|
"is_dependency": false,
|
|
"lines": [
|
|
17,
|
|
18,
|
|
19,
|
|
20,
|
|
21,
|
|
22,
|
|
23,
|
|
24,
|
|
25,
|
|
26,
|
|
27,
|
|
28,
|
|
29,
|
|
30,
|
|
31,
|
|
32,
|
|
33,
|
|
34,
|
|
35,
|
|
36,
|
|
37,
|
|
38,
|
|
39,
|
|
40,
|
|
41,
|
|
42,
|
|
43,
|
|
44,
|
|
45,
|
|
46,
|
|
47,
|
|
48,
|
|
49,
|
|
50,
|
|
51,
|
|
52,
|
|
53,
|
|
54,
|
|
55,
|
|
56,
|
|
57,
|
|
58,
|
|
59,
|
|
60,
|
|
61,
|
|
62,
|
|
63,
|
|
64,
|
|
65,
|
|
66,
|
|
67,
|
|
68,
|
|
69,
|
|
70,
|
|
71,
|
|
72,
|
|
73,
|
|
74,
|
|
75,
|
|
76,
|
|
77
|
|
],
|
|
"starting_column": 1,
|
|
"ending_column": 2
|
|
}
|
|
},
|
|
"signature": "bad4(address,address,uint256)"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
],
|
|
"description": "C.bad4(address,address,uint256) (tests/detectors/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol#65-67) uses arbitrary from in transferFrom: SafeERC20.safeTransferFrom(erc20,from,to,amount) (tests/detectors/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol#66)\n",
|
|
"markdown": "[C.bad4(address,address,uint256)](tests/detectors/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol#L65-L67) uses arbitrary from in transferFrom: [SafeERC20.safeTransferFrom(erc20,from,to,amount)](tests/detectors/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol#L66)\n",
|
|
"first_markdown_element": "tests/detectors/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol#L65-L67",
|
|
"id": "61438092d2da6c23ecfa13e5e55c489e538249e47bddd9335b533d28a242aea1",
|
|
"check": "arbitrary-send-erc20",
|
|
"impact": "High",
|
|
"confidence": "High"
|
|
},
|
|
{
|
|
"elements": [
|
|
{
|
|
"type": "function",
|
|
"name": "bad3",
|
|
"source_mapping": {
|
|
"start": 1443,
|
|
"length": 122,
|
|
"filename_relative": "tests/detectors/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol",
|
|
"filename_absolute": "/GENERIC_PATH",
|
|
"filename_short": "tests/detectors/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol",
|
|
"is_dependency": false,
|
|
"lines": [
|
|
57,
|
|
58,
|
|
59
|
|
],
|
|
"starting_column": 5,
|
|
"ending_column": 6
|
|
},
|
|
"type_specific_fields": {
|
|
"parent": {
|
|
"type": "contract",
|
|
"name": "C",
|
|
"source_mapping": {
|
|
"start": 403,
|
|
"length": 1721,
|
|
"filename_relative": "tests/detectors/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol",
|
|
"filename_absolute": "/GENERIC_PATH",
|
|
"filename_short": "tests/detectors/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol",
|
|
"is_dependency": false,
|
|
"lines": [
|
|
17,
|
|
18,
|
|
19,
|
|
20,
|
|
21,
|
|
22,
|
|
23,
|
|
24,
|
|
25,
|
|
26,
|
|
27,
|
|
28,
|
|
29,
|
|
30,
|
|
31,
|
|
32,
|
|
33,
|
|
34,
|
|
35,
|
|
36,
|
|
37,
|
|
38,
|
|
39,
|
|
40,
|
|
41,
|
|
42,
|
|
43,
|
|
44,
|
|
45,
|
|
46,
|
|
47,
|
|
48,
|
|
49,
|
|
50,
|
|
51,
|
|
52,
|
|
53,
|
|
54,
|
|
55,
|
|
56,
|
|
57,
|
|
58,
|
|
59,
|
|
60,
|
|
61,
|
|
62,
|
|
63,
|
|
64,
|
|
65,
|
|
66,
|
|
67,
|
|
68,
|
|
69,
|
|
70,
|
|
71,
|
|
72,
|
|
73,
|
|
74,
|
|
75,
|
|
76,
|
|
77
|
|
],
|
|
"starting_column": 1,
|
|
"ending_column": 2
|
|
}
|
|
},
|
|
"signature": "bad3(address,address,uint256)"
|
|
}
|
|
},
|
|
{
|
|
"type": "node",
|
|
"name": "erc20.safeTransferFrom(from,to,amount)",
|
|
"source_mapping": {
|
|
"start": 1518,
|
|
"length": 40,
|
|
"filename_relative": "tests/detectors/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol",
|
|
"filename_absolute": "/GENERIC_PATH",
|
|
"filename_short": "tests/detectors/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol",
|
|
"is_dependency": false,
|
|
"lines": [
|
|
58
|
|
],
|
|
"starting_column": 9,
|
|
"ending_column": 49
|
|
},
|
|
"type_specific_fields": {
|
|
"parent": {
|
|
"type": "function",
|
|
"name": "bad3",
|
|
"source_mapping": {
|
|
"start": 1443,
|
|
"length": 122,
|
|
"filename_relative": "tests/detectors/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol",
|
|
"filename_absolute": "/GENERIC_PATH",
|
|
"filename_short": "tests/detectors/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol",
|
|
"is_dependency": false,
|
|
"lines": [
|
|
57,
|
|
58,
|
|
59
|
|
],
|
|
"starting_column": 5,
|
|
"ending_column": 6
|
|
},
|
|
"type_specific_fields": {
|
|
"parent": {
|
|
"type": "contract",
|
|
"name": "C",
|
|
"source_mapping": {
|
|
"start": 403,
|
|
"length": 1721,
|
|
"filename_relative": "tests/detectors/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol",
|
|
"filename_absolute": "/GENERIC_PATH",
|
|
"filename_short": "tests/detectors/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol",
|
|
"is_dependency": false,
|
|
"lines": [
|
|
17,
|
|
18,
|
|
19,
|
|
20,
|
|
21,
|
|
22,
|
|
23,
|
|
24,
|
|
25,
|
|
26,
|
|
27,
|
|
28,
|
|
29,
|
|
30,
|
|
31,
|
|
32,
|
|
33,
|
|
34,
|
|
35,
|
|
36,
|
|
37,
|
|
38,
|
|
39,
|
|
40,
|
|
41,
|
|
42,
|
|
43,
|
|
44,
|
|
45,
|
|
46,
|
|
47,
|
|
48,
|
|
49,
|
|
50,
|
|
51,
|
|
52,
|
|
53,
|
|
54,
|
|
55,
|
|
56,
|
|
57,
|
|
58,
|
|
59,
|
|
60,
|
|
61,
|
|
62,
|
|
63,
|
|
64,
|
|
65,
|
|
66,
|
|
67,
|
|
68,
|
|
69,
|
|
70,
|
|
71,
|
|
72,
|
|
73,
|
|
74,
|
|
75,
|
|
76,
|
|
77
|
|
],
|
|
"starting_column": 1,
|
|
"ending_column": 2
|
|
}
|
|
},
|
|
"signature": "bad3(address,address,uint256)"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
],
|
|
"description": "C.bad3(address,address,uint256) (tests/detectors/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol#57-59) uses arbitrary from in transferFrom: erc20.safeTransferFrom(from,to,amount) (tests/detectors/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol#58)\n",
|
|
"markdown": "[C.bad3(address,address,uint256)](tests/detectors/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol#L57-L59) uses arbitrary from in transferFrom: [erc20.safeTransferFrom(from,to,amount)](tests/detectors/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol#L58)\n",
|
|
"first_markdown_element": "tests/detectors/arbitrary-send-erc20/0.6.11/arbitrary_send_erc20.sol#L57-L59",
|
|
"id": "8551e9d33fdd4f73f1eb7776480b2e8cd2cf9c897b52285c3a287caab6822ce3",
|
|
"check": "arbitrary-send-erc20",
|
|
"impact": "High",
|
|
"confidence": "High"
|
|
}
|
|
]
|
|
] |