Merge pull request #1774 from crytic/dev

Sync dev <> master
crytic · Mar 17, 2023 · 776dcab · 776dcab
2 parents 5869d74 + efeea53
commit 776dcab
Show file tree

Hide file tree

Showing 21 changed files with 300 additions and 42 deletions.
diff --git a/README.md b/README.md
@@ -151,26 +151,27 @@ Num | Detector | What it Detects | Impact | Confidence
 61 | `assembly` | [Assembly usage](https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage) | Informational | High
 62 | `assert-state-change` | [Assert state change](https://github.com/crytic/slither/wiki/Detector-Documentation#assert-state-change) | Informational | High
 63 | `boolean-equal` | [Comparison to boolean constant](https://github.com/crytic/slither/wiki/Detector-Documentation#boolean-equality) | Informational | High
-64 | `deprecated-standards` | [Deprecated Solidity Standards](https://github.com/crytic/slither/wiki/Detector-Documentation#deprecated-standards) | Informational | High
-65 | `erc20-indexed` | [Un-indexed ERC20 event parameters](https://github.com/crytic/slither/wiki/Detector-Documentation#unindexed-erc20-event-parameters) | Informational | High
-66 | `function-init-state` | [Function initializing state variables](https://github.com/crytic/slither/wiki/Detector-Documentation#function-initializing-state) | Informational | High
-67 | `low-level-calls` | [Low level calls](https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls) | Informational | High
-68 | `missing-inheritance` | [Missing inheritance](https://github.com/crytic/slither/wiki/Detector-Documentation#missing-inheritance) | Informational | High
-69 | `naming-convention` | [Conformity to Solidity naming conventions](https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions) | Informational | High
-70 | `pragma` | [If different pragma directives are used](https://github.com/crytic/slither/wiki/Detector-Documentation#different-pragma-directives-are-used) | Informational | High
-71 | `redundant-statements` | [Redundant statements](https://github.com/crytic/slither/wiki/Detector-Documentation#redundant-statements) | Informational | High
-72 | `solc-version` | [Incorrect Solidity version](https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-versions-of-solidity) | Informational | High
-73 | `unimplemented-functions` | [Unimplemented functions](https://github.com/crytic/slither/wiki/Detector-Documentation#unimplemented-functions) | Informational | High
-74 | `unused-state` | [Unused state variables](https://github.com/crytic/slither/wiki/Detector-Documentation#unused-state-variable) | Informational | High
-75 | `costly-loop` | [Costly operations in a loop](https://github.com/crytic/slither/wiki/Detector-Documentation#costly-operations-inside-a-loop) | Informational | Medium
-76 | `dead-code` | [Functions that are not used](https://github.com/crytic/slither/wiki/Detector-Documentation#dead-code) | Informational | Medium
-77 | `reentrancy-unlimited-gas` | [Reentrancy vulnerabilities through send and transfer](https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-4) | Informational | Medium
-78 | `similar-names` | [Variable names are too similar](https://github.com/crytic/slither/wiki/Detector-Documentation#variable-names-too-similar) | Informational | Medium
-79 | `too-many-digits` | [Conformance to numeric notation best practices](https://github.com/crytic/slither/wiki/Detector-Documentation#too-many-digits) | Informational | Medium
-80 | `constable-states` | [State variables that could be declared constant](https://github.com/crytic/slither/wiki/Detector-Documentation#state-variables-that-could-be-declared-constant) | Optimization | High
-81 | `external-function` | [Public function that could be declared external](https://github.com/crytic/slither/wiki/Detector-Documentation#public-function-that-could-be-declared-external) | Optimization | High
-82 | `immutable-states` | [State variables that could be declared immutable](https://github.com/crytic/slither/wiki/Detector-Documentation#state-variables-that-could-be-declared-immutable) | Optimization | High
-83 | `var-read-using-this` | [Contract reads its own variable using `this`](https://github.com/crytic/slither/wiki/Vulnerabilities-Description#public-variable-read-in-external-context) | Optimization | High
+64 | `cyclomatic-complexity` | [Detects functions with high (> 11) cyclomatic complexity](https://github.com/crytic/slither/wiki/Detector-Documentation#cyclomatic-complexity) | Informational | High
+65 | `deprecated-standards` | [Deprecated Solidity Standards](https://github.com/crytic/slither/wiki/Detector-Documentation#deprecated-standards) | Informational | High
+66 | `erc20-indexed` | [Un-indexed ERC20 event parameters](https://github.com/crytic/slither/wiki/Detector-Documentation#unindexed-erc20-event-parameters) | Informational | High
+67 | `function-init-state` | [Function initializing state variables](https://github.com/crytic/slither/wiki/Detector-Documentation#function-initializing-state) | Informational | High
+68 | `low-level-calls` | [Low level calls](https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls) | Informational | High
+69 | `missing-inheritance` | [Missing inheritance](https://github.com/crytic/slither/wiki/Detector-Documentation#missing-inheritance) | Informational | High
+70 | `naming-convention` | [Conformity to Solidity naming conventions](https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions) | Informational | High
+71 | `pragma` | [If different pragma directives are used](https://github.com/crytic/slither/wiki/Detector-Documentation#different-pragma-directives-are-used) | Informational | High
+72 | `redundant-statements` | [Redundant statements](https://github.com/crytic/slither/wiki/Detector-Documentation#redundant-statements) | Informational | High
+73 | `solc-version` | [Incorrect Solidity version](https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-versions-of-solidity) | Informational | High
+74 | `unimplemented-functions` | [Unimplemented functions](https://github.com/crytic/slither/wiki/Detector-Documentation#unimplemented-functions) | Informational | High
+75 | `unused-state` | [Unused state variables](https://github.com/crytic/slither/wiki/Detector-Documentation#unused-state-variable) | Informational | High
+76 | `costly-loop` | [Costly operations in a loop](https://github.com/crytic/slither/wiki/Detector-Documentation#costly-operations-inside-a-loop) | Informational | Medium
+77 | `dead-code` | [Functions that are not used](https://github.com/crytic/slither/wiki/Detector-Documentation#dead-code) | Informational | Medium
+78 | `reentrancy-unlimited-gas` | [Reentrancy vulnerabilities through send and transfer](https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-4) | Informational | Medium
+79 | `similar-names` | [Variable names are too similar](https://github.com/crytic/slither/wiki/Detector-Documentation#variable-names-too-similar) | Informational | Medium
+80 | `too-many-digits` | [Conformance to numeric notation best practices](https://github.com/crytic/slither/wiki/Detector-Documentation#too-many-digits) | Informational | Medium
+81 | `constable-states` | [State variables that could be declared constant](https://github.com/crytic/slither/wiki/Detector-Documentation#state-variables-that-could-be-declared-constant) | Optimization | High
+82 | `external-function` | [Public function that could be declared external](https://github.com/crytic/slither/wiki/Detector-Documentation#public-function-that-could-be-declared-external) | Optimization | High
+83 | `immutable-states` | [State variables that could be declared immutable](https://github.com/crytic/slither/wiki/Detector-Documentation#state-variables-that-could-be-declared-immutable) | Optimization | High
+84 | `var-read-using-this` | [Contract reads its own variable using `this`](https://github.com/crytic/slither/wiki/Vulnerabilities-Description#public-variable-read-in-external-context) | Optimization | High
 
 For more information, see
 - The [Detector Documentation](https://github.com/crytic/slither/wiki/Detector-Documentation) for details on each detector

diff --git a/setup.py b/setup.py
@@ -17,6 +17,7 @@
         "pycryptodome>=3.4.6",
         # "crytic-compile>=0.3.0",
         "crytic-compile@git+https://github.com/crytic/crytic-compile.git@master#egg=crytic-compile",
+        "web3>=6.0.0",
     ],
     extras_require={
         "dev": [
@@ -29,7 +30,6 @@
             "numpy",
             "openai",
             "pdoc",
-            "web3>=6.0.0",
         ],
     },
     license="AGPL-3.0",

diff --git a/slither/core/declarations/contract.py b/slither/core/declarations/contract.py
@@ -85,6 +85,7 @@ def __init__(self, compilation_unit: "SlitherCompilationUnit", scope: "FileScope
         self._kind: Optional[str] = None
         self._is_interface: bool = False
         self._is_library: bool = False
+        self._is_fully_implemented: bool = False
 
         self._signatures: Optional[List[str]] = None
         self._signatures_declared: Optional[List[str]] = None
@@ -192,6 +193,14 @@ def comments(self) -> Optional[str]:
     def comments(self, comments: str):
         self._comments = comments
 
+    @property
+    def is_fully_implemented(self) -> bool:
+        return self._is_fully_implemented
+
+    @is_fully_implemented.setter
+    def is_fully_implemented(self, is_fully_implemented: bool):
+        self._is_fully_implemented = is_fully_implemented
+
     # endregion
     ###################################################################################
     ###################################################################################

diff --git a/slither/detectors/attributes/incorrect_solc.py b/slither/detectors/attributes/incorrect_solc.py
@@ -43,10 +43,7 @@ class IncorrectSolc(AbstractDetector):
     # region wiki_recommendation
     WIKI_RECOMMENDATION = """
 Deploy with any of the following Solidity versions:
-- 0.5.16 - 0.5.17
-- 0.6.11 - 0.6.12
-- 0.7.5 - 0.7.6
-- 0.8.16
+- 0.8.18
 
 The recommendations take into account:
 - Risks related to recent releases
@@ -62,13 +59,14 @@ class IncorrectSolc(AbstractDetector):
     OLD_VERSION_TXT = "allows old versions"
     LESS_THAN_TXT = "uses lesser than"
 
-    TOO_RECENT_VERSION_TXT = "necessitates a version too recent to be trusted. Consider deploying with 0.6.12/0.7.6/0.8.16"
     BUGGY_VERSION_TXT = (
         "is known to contain severe issues (https://solidity.readthedocs.io/en/latest/bugs.html)"
     )
 
     # Indicates the allowed versions. Must be formatted in increasing order.
-    ALLOWED_VERSIONS = ["0.5.16", "0.5.17", "0.6.11", "0.6.12", "0.7.5", "0.7.6", "0.8.16"]
+    ALLOWED_VERSIONS = ["0.8.18"]
+
+    TOO_RECENT_VERSION_TXT = f"necessitates a version too recent to be trusted. Consider deploying with {'/'.join(ALLOWED_VERSIONS)}."
 
     # Indicates the versions that should not be used.
     BUGGY_VERSIONS = [

diff --git a/slither/detectors/reentrancy/reentrancy_eth.py b/slither/detectors/reentrancy/reentrancy_eth.py
@@ -38,7 +38,7 @@ class ReentrancyEth(Reentrancy):
 ```solidity
     function withdrawBalance(){
         // send userBalance[msg.sender] Ether to msg.sender
-        // if mgs.sender is a contract, it will call its fallback function
+        // if msg.sender is a contract, it will call its fallback function
         if( ! (msg.sender.call.value(userBalance[msg.sender])() ) ){
             throw;
         }

diff --git a/slither/solc_parsing/declarations/contract.py b/slither/solc_parsing/declarations/contract.py
@@ -164,6 +164,7 @@ def _parse_contract_info(self) -> None:
             elif attributes["contractKind"] == "library":
                 self._contract.is_library = True
             self._contract.contract_kind = attributes["contractKind"]
+            self._contract.is_fully_implemented = attributes["fullyImplemented"]
 
         self._linearized_base_contracts = attributes["linearizedBaseContracts"]
         # self._contract.fullyImplemented = attributes["fullyImplemented"]

diff --git a/slither/visitors/slithir/expression_to_slithir.py b/slither/visitors/slithir/expression_to_slithir.py
@@ -220,6 +220,12 @@ def _post_assignement_operation(self, expression: AssignmentOperation) -> None:
                 operation.set_expression(expression)
                 self._result.append(operation)
                 set_val(expression, left)
+            elif isinstance(left.type, ArrayType):
+                # Special case for init of array, when the right has only one element
+                operation = InitArray([right], left)
+                operation.set_expression(expression)
+                self._result.append(operation)
+                set_val(expression, left)
             else:
                 operation = convert_assignment(
                     left, right, expression.type, expression.expression_return_type

diff --git a/tests/detectors/solc-version/0.5.16/dynamic_1.sol.0.5.16.IncorrectSolc.json b/tests/detectors/solc-version/0.5.16/dynamic_1.sol.0.5.16.IncorrectSolc.json
@@ -1,5 +1,15 @@
 [
     [
+        {
+            "elements": [],
+            "description": "solc-0.5.16 is not recommended for deployment\n",
+            "markdown": "solc-0.5.16 is not recommended for deployment\n",
+            "first_markdown_element": "",
+            "id": "94ddf430efb860e471a768a108c851848fa998e8a2c489c6fb23ed71d3ef4b09",
+            "check": "solc-version",
+            "impact": "Informational",
+            "confidence": "High"
+        },
         {
             "elements": [
                 {

diff --git a/tests/detectors/solc-version/0.5.16/dynamic_2.sol.0.5.16.IncorrectSolc.json b/tests/detectors/solc-version/0.5.16/dynamic_2.sol.0.5.16.IncorrectSolc.json
@@ -38,6 +38,16 @@
             "check": "solc-version",
             "impact": "Informational",
             "confidence": "High"
+        },
+        {
+            "elements": [],
+            "description": "solc-0.5.16 is not recommended for deployment\n",
+            "markdown": "solc-0.5.16 is not recommended for deployment\n",
+            "first_markdown_element": "",
+            "id": "94ddf430efb860e471a768a108c851848fa998e8a2c489c6fb23ed71d3ef4b09",
+            "check": "solc-version",
+            "impact": "Informational",
+            "confidence": "High"
         }
     ]
 ]
diff --git a/tests/detectors/solc-version/0.5.16/static.sol.0.5.16.IncorrectSolc.json b/tests/detectors/solc-version/0.5.16/static.sol.0.5.16.IncorrectSolc.json
@@ -1,3 +1,49 @@
 [
-    []
+    [
+        {
+            "elements": [
+                {
+                    "type": "pragma",
+                    "name": "0.5.16",
+                    "source_mapping": {
+                        "start": 0,
+                        "length": 23,
+                        "filename_relative": "tests/detectors/solc-version/0.5.16/static.sol",
+                        "filename_absolute": "/GENERIC_PATH",
+                        "filename_short": "tests/detectors/solc-version/0.5.16/static.sol",
+                        "is_dependency": false,
+                        "lines": [
+                            1
+                        ],
+                        "starting_column": 1,
+                        "ending_column": 24
+                    },
+                    "type_specific_fields": {
+                        "directive": [
+                            "solidity",
+                            "0.5",
+                            ".16"
+                        ]
+                    }
+                }
+            ],
+            "description": "Pragma version0.5.16 (tests/detectors/solc-version/0.5.16/static.sol#1) allows old versions\n",
+            "markdown": "Pragma version[0.5.16](tests/detectors/solc-version/0.5.16/static.sol#L1) allows old versions\n",
+            "first_markdown_element": "tests/detectors/solc-version/0.5.16/static.sol#L1",
+            "id": "2407d991de90e57d2f6b6bdbc61bb939845a5c0bb2d82910ed4c49abff2ab6e3",
+            "check": "solc-version",
+            "impact": "Informational",
+            "confidence": "High"
+        },
+        {
+            "elements": [],
+            "description": "solc-0.5.16 is not recommended for deployment\n",
+            "markdown": "solc-0.5.16 is not recommended for deployment\n",
+            "first_markdown_element": "",
+            "id": "94ddf430efb860e471a768a108c851848fa998e8a2c489c6fb23ed71d3ef4b09",
+            "check": "solc-version",
+            "impact": "Informational",
+            "confidence": "High"
+        }
+    ]
 ]
diff --git a/tests/detectors/solc-version/0.6.11/dynamic_1.sol.0.6.11.IncorrectSolc.json b/tests/detectors/solc-version/0.6.11/dynamic_1.sol.0.6.11.IncorrectSolc.json
@@ -35,6 +35,16 @@
             "check": "solc-version",
             "impact": "Informational",
             "confidence": "High"
+        },
+        {
+            "elements": [],
+            "description": "solc-0.6.11 is not recommended for deployment\n",
+            "markdown": "solc-0.6.11 is not recommended for deployment\n",
+            "first_markdown_element": "",
+            "id": "bafd522d637977886f038e619ad47c1987efedc6c4c24515e6e27b23585535bd",
+            "check": "solc-version",
+            "impact": "Informational",
+            "confidence": "High"
         }
     ]
 ]
diff --git a/tests/detectors/solc-version/0.6.11/dynamic_2.sol.0.6.11.IncorrectSolc.json b/tests/detectors/solc-version/0.6.11/dynamic_2.sol.0.6.11.IncorrectSolc.json
@@ -38,6 +38,16 @@
             "check": "solc-version",
             "impact": "Informational",
             "confidence": "High"
+        },
+        {
+            "elements": [],
+            "description": "solc-0.6.11 is not recommended for deployment\n",
+            "markdown": "solc-0.6.11 is not recommended for deployment\n",
+            "first_markdown_element": "",
+            "id": "bafd522d637977886f038e619ad47c1987efedc6c4c24515e6e27b23585535bd",
+            "check": "solc-version",
+            "impact": "Informational",
+            "confidence": "High"
         }
     ]
 ]
diff --git a/tests/detectors/solc-version/0.6.11/static.sol.0.6.11.IncorrectSolc.json b/tests/detectors/solc-version/0.6.11/static.sol.0.6.11.IncorrectSolc.json
@@ -1,3 +1,49 @@
 [
-    []
+    [
+        {
+            "elements": [
+                {
+                    "type": "pragma",
+                    "name": "0.6.11",
+                    "source_mapping": {
+                        "start": 0,
+                        "length": 23,
+                        "filename_relative": "tests/detectors/solc-version/0.6.11/static.sol",
+                        "filename_absolute": "/GENERIC_PATH",
+                        "filename_short": "tests/detectors/solc-version/0.6.11/static.sol",
+                        "is_dependency": false,
+                        "lines": [
+                            1
+                        ],
+                        "starting_column": 1,
+                        "ending_column": 24
+                    },
+                    "type_specific_fields": {
+                        "directive": [
+                            "solidity",
+                            "0.6",
+                            ".11"
+                        ]
+                    }
+                }
+            ],
+            "description": "Pragma version0.6.11 (tests/detectors/solc-version/0.6.11/static.sol#1) allows old versions\n",
+            "markdown": "Pragma version[0.6.11](tests/detectors/solc-version/0.6.11/static.sol#L1) allows old versions\n",
+            "first_markdown_element": "tests/detectors/solc-version/0.6.11/static.sol#L1",
+            "id": "ad7b24eed22ac098a57ae02ade0ccffb4cb094e851effe93cad1d0a65b489816",
+            "check": "solc-version",
+            "impact": "Informational",
+            "confidence": "High"
+        },
+        {
+            "elements": [],
+            "description": "solc-0.6.11 is not recommended for deployment\n",
+            "markdown": "solc-0.6.11 is not recommended for deployment\n",
+            "first_markdown_element": "",
+            "id": "bafd522d637977886f038e619ad47c1987efedc6c4c24515e6e27b23585535bd",
+            "check": "solc-version",
+            "impact": "Informational",
+            "confidence": "High"
+        }
+    ]
 ]
diff --git a/tests/detectors/solc-version/0.7.6/dynamic_1.sol.0.7.6.IncorrectSolc.json b/tests/detectors/solc-version/0.7.6/dynamic_1.sol.0.7.6.IncorrectSolc.json
@@ -1,5 +1,15 @@
 [
     [
+        {
+            "elements": [],
+            "description": "solc-0.7.6 is not recommended for deployment\n",
+            "markdown": "solc-0.7.6 is not recommended for deployment\n",
+            "first_markdown_element": "",
+            "id": "ddb8ee36d9dd69b14eab702506268f8f9ef3283777d042e197277e29407b386e",
+            "check": "solc-version",
+            "impact": "Informational",
+            "confidence": "High"
+        },
         {
             "elements": [
                 {

diff --git a/tests/detectors/solc-version/0.7.6/dynamic_2.sol.0.7.6.IncorrectSolc.json b/tests/detectors/solc-version/0.7.6/dynamic_2.sol.0.7.6.IncorrectSolc.json
@@ -38,6 +38,16 @@
             "check": "solc-version",
             "impact": "Informational",
             "confidence": "High"
+        },
+        {
+            "elements": [],
+            "description": "solc-0.7.6 is not recommended for deployment\n",
+            "markdown": "solc-0.7.6 is not recommended for deployment\n",
+            "first_markdown_element": "",
+            "id": "ddb8ee36d9dd69b14eab702506268f8f9ef3283777d042e197277e29407b386e",
+            "check": "solc-version",
+            "impact": "Informational",
+            "confidence": "High"
         }
     ]
 ]