diff --git a/slither/analyses/data_dependency/data_dependency.py b/slither/analyses/data_dependency/data_dependency.py index 901b9488a..86f2d885f 100644 --- a/slither/analyses/data_dependency/data_dependency.py +++ b/slither/analyses/data_dependency/data_dependency.py @@ -302,9 +302,8 @@ def get_must_depends_on(variable: SUPPORTED_TYPES) -> SUPPORTED_TYPES | None: """ must_dependencies = compute_must_dependencies(variable) if len(must_dependencies) > 1 or len(must_dependencies) == 0: - return None - return list(must_dependencies)[0] - + return [] + return [list(must_dependencies)[0]] def compute_must_dependencies(v:SUPPORTED_TYPES) -> Set[Variable]: if isinstance(v, (SolidityVariableComposed, Constant)) or ( diff --git a/tests/unit/core/test_data/must_depend_on.sol b/tests/unit/core/test_data/must_depend_on.sol new file mode 100644 index 000000000..3bc79f2e1 --- /dev/null +++ b/tests/unit/core/test_data/must_depend_on.sol @@ -0,0 +1,29 @@ +pragma solidity ^0.8.19; + +interface IERC20 { + function transferFrom(address from, address to, uint amount) external returns (bool); +} + +/** + * @title MissingReturnBug + * @author IllIllI + */ + +// test case of the missing return bug described here: +// https://medium.com/coinmonks/missing-return-value-bug-at-least-130-tokens-affected-d67bf08521ca +contract Unsafe { + IERC20 erc20; + function good2(address to, uint256 am) public { + address from_msgsender = msg.sender; + int_transferFrom(from_msgsender, to, am); // from is constant + } + + // This is not detected + function bad2(address from, address to, uint256 am) public { + int_transferFrom(from, to, amount); // from is not a constant + } + + function int_transferFrom(address from, address to, uint256 amount) internal { + erc20.transferFrom(from, to, amount); // not a constant = not a constant U constant + } +} \ No newline at end of file diff --git a/tests/unit/core/test_must_depend_on.py b/tests/unit/core/test_must_depend_on.py new file mode 100644 index 000000000..ddc69b701 --- /dev/null +++ b/tests/unit/core/test_must_depend_on.py @@ -0,0 +1,14 @@ +from pathlib import Path +from slither import Slither +from slither.analyses.data_dependency.data_dependency import ( + get_must_depends_on +) + +TEST_DATA_DIR = Path(__file__).resolve().parent / "test_data" + +def test_must_depend_on_returns(solc_binary_path): + solc_path = solc_binary_path("0.8.19") + file = Path(TEST_DATA_DIR, "must_depend_on.sol").as_posix() + slither_obj = Slither(file, solc=solc_path) + result = get_must_depends_on(slither_obj.contracts[1].functions[2].parameters[0]) + assert isinstance(result, list) and len(result) <= 1 \ No newline at end of file