-
Notifications
You must be signed in to change notification settings - Fork 982
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Perform cross-contract taint analysis from diff of two upgrade versions #1816
Merged
montyly
merged 31 commits into
crytic:dev
from
webthethird:dev-upgradeability-util-cross-contract-taint
Jun 22, 2023
Merged
Changes from all commits
Commits
Show all changes
31 commits
Select commit
Hold shift + click to select a range
072cb0b
Find tainted functions/variables from external calls
webthethird 4b6dd02
Find contracts tainted by inheriting a tainted contract
webthethird 0deff18
Add docstring to `tainted_inheriting_contracts`
webthethird 5967958
Black
webthethird 675dbea
Get tainted variables in `tainted_inheriting_contracts`
webthethird d88bba4
Fix too many values to unpack in test_upgradeability_util.py
webthethird cba0dc9
Add python types
webthethird 386c3e1
Pylint and black
webthethird 20f5825
Pylint and black
webthethird c786658
Merge remote-tracking branch 'crytic/slither/dev' into dev-upgradeabi…
webthethird f585d2b
Add TODO
webthethird 2b330a1
Tweak how tainted variables are handled
webthethird da045d6
Make TaintedExternalContract a regular class
webthethird d1b34b6
Avoid string comparison
webthethird 85c22f4
Avoid re-defining `contracts` in `tainted_inheriting_contracts`
webthethird 38acd93
Add inline comments
webthethird 98a5cf0
Use canonical_name in comparisons
webthethird 1e73979
Fix expected tainted funcs, since we changed what's considered tainted
webthethird 178960f
Simplify by removing `TaintedFunction` and `TaintedVariable` classes
webthethird 3bcefac
Black
webthethird ae7f0b2
Only check internal calls to Functions
webthethird ca82da0
Update compare docstring
webthethird 853051e
Reduce tainted variables to only written
webthethird 823337e
Update test
webthethird 6ccc8cf
Black
webthethird ef2eadc
Update test_upgrades_compare to test cross-contract taint
webthethird 2cdc544
Make cross-contract taint optional in `compare`
webthethird 1064185
Update test
webthethird af7279a
Update docstring
webthethird 6a10e0a
Merge branch 'dev' into dev-upgradeability-util-cross-contract-taint
webthethird 4ff33c0
Merge branch 'dev' into dev-upgradeability-util-cross-contract-taint
webthethird File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we add a test that highlight why this was wrong? It will help in the long term
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It only became wrong when the
index_type
property was removed from theIndex
class. Slither was just crashing when I tried to access the property, since it didn't exist anymore. Is that still something we can test?