-
Notifications
You must be signed in to change notification settings - Fork 988
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add immutable-states detector #1455
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We are missing the candidates that are written in the constructor directly, ex:
contract A{
uint a;
constructor(uint b) {
a = b;
}
}
Maybe we should split this detector in two? As adding the logic for the constructor will increase the complexity, it would make sense to differentiate variables can that be determined at compile time (constant), and variables that can be determined at deployment (immutable) into two distinct detectors.
We can reuse the functions (_constant_initial_expression
/ _is_valid_type
/ ..) and mostly change the filtering logic
variables = [] | ||
functions = [] | ||
for c in self.compilation_unit.contracts: | ||
if is_openzeppelin(c): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why removing openzepellin?
Maybe we should iterate over compilation_unit.contracts_derived
here, so that we only consider the most derived contracts, and we avoid FP on potential constant variable that are written in a derived contract
close https://github.com/trailofbits/slither-private/issues/333