Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: Type of tuple result of ABI-decode contains instances of Structure #1922

Closed
kevinclancy opened this issue May 16, 2023 · 2 comments
Closed

[Bug]: Type of tuple result of ABI-decode contains instances of Structure #1922

kevinclancy opened this issue May 16, 2023 · 2 comments
Labels
bug Something isn't working

Comments

@kevinclancy
Copy link
Contributor

kevinclancy commented May 16, 2023
edited
Loading

Describe the issue:

When the abi.decode function decodes a struct along with one or more other values, the type of the tuple on the left-hand side contains an instance of Structure, but I expect the tuple variables's type field to contain only instances of Types.

Instead of containing a Structure instance, the list should contain a UserDefinedType instance whose type field is a Structure instance.

Code example to reproduce the issue:

pragma solidity =0.8.19;

contract StructTest {
    struct Detail {
        int x;
        int y;
    }

    function test(bytes calldata orderData) external {
        (int z, Detail memory testDetail) = abi.decode(orderData, (int, Detail));
        testDetail.x = 1;
    }

}

Version:

0.9.3

Relevant log output:

INFO:Printers:Contract StructTest
        Function StructTest.test(bytes) (*)
                Expression: (z,testDetail) = abi.decode(orderData,(int256,Detail))
                IRs:
                        TUPLE_0(int256,Detail) = SOLIDITY_CALL abi.decode()(orderData(int256,Detail))
                        z(int256)= UNPACK TUPLE_0 index: 0 
                        testDetail(StructTest.Detail)= UNPACK TUPLE_0 index: 1 
                Expression: testDetail.x = 1
                IRs:
                        REF_1(int256) -> testDetail.x
                        REF_1 (->testDetail) := 1(int256)
@kevinclancy kevinclancy added the bug-candidate Bugs reports that are not yet confirmed label May 16, 2023
@0xalpharush
Copy link
Contributor

Probably related to this conversion

slither/slither/slithir/convert.py

Lines 1215 to 1227 in 0632751

# abi.decode where the type to decode is a singleton
# abi.decode(a, (uint))
elif call == SolidityFunction("abi.decode()") and len(new_ir.arguments) == 2:
# If the variable is a referenceVariable, we are lost
# See https://github.com/crytic/slither/issues/566 for potential solutions
if not isinstance(new_ir.arguments[1], ReferenceVariable):
decode_type = new_ir.arguments[1]
if isinstance(decode_type, (Structure, Enum, Contract)):
decode_type = UserDefinedType(decode_type)
new_ir.lvalue.set_type(decode_type)
else:
new_ir.lvalue.set_type(call.return_type)
return new_ir

@kevinclancy
Copy link
Contributor Author

Yes, it looks like singletons are handled correctly and lists of types should be handled using the same logic.

@0xalpharush 0xalpharush changed the title [Bug-Candidate]: Type of tuple result of ABI-decode contains instances of Structure [Bug]: Type of tuple result of ABI-decode contains instances of Structure May 19, 2023
@0xalpharush 0xalpharush added bug Something isn't working and removed bug-candidate Bugs reports that are not yet confirmed labels May 19, 2023
@smonicas smonicas mentioned this issue Jul 17, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kevinclancy @0xalpharush