From 4529d61e99139022c38f9c1ca7f028014651a3ff Mon Sep 17 00:00:00 2001 From: Y4nhu1 Date: Sat, 4 Nov 2023 19:29:34 +0800 Subject: [PATCH 1/8] fixed `ModuleNotFoundError` --- slitherin/cli.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/slitherin/cli.py b/slitherin/cli.py index 7f0879b..6412ee9 100644 --- a/slitherin/cli.py +++ b/slitherin/cli.py @@ -6,14 +6,14 @@ import shutil import pty from pathlib import Path -import slither_pess +import slitherin from pkg_resources import iter_entry_points SLITHERIN_VERSION = "0.4.1" def slitherin_detectors_list_as_arguments() -> str: - return ",".join([detector.ARGUMENT for detector in slither_pess.plugin_detectors]) + return ",".join([detector.ARGUMENT for detector in slitherin.plugin_detectors]) logging.basicConfig() @@ -51,7 +51,7 @@ def run( def handle_list() -> None: - detectors = slither_pess.plugin_detectors + detectors = slitherin.plugin_detectors for detector in detectors: print(detector.ARGUMENT) From ff2e3ed0eccc30a656e680b99d4a3c832b8b0d1b Mon Sep 17 00:00:00 2001 From: YanhuiJessica <137126578@qq.com> Date: Mon, 6 Nov 2023 21:11:53 +0800 Subject: [PATCH 2/8] fixed `IndexError` happens when `len(varListTx) > len(varListMsg)` --- slitherin/detectors/falsy_only_eoa_modifier.py | 5 +++-- tests/falsy_only_eoa_modifier_test.sol | 12 +++++++++--- 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/slitherin/detectors/falsy_only_eoa_modifier.py b/slitherin/detectors/falsy_only_eoa_modifier.py index f8349c9..9121a90 100644 --- a/slitherin/detectors/falsy_only_eoa_modifier.py +++ b/slitherin/detectors/falsy_only_eoa_modifier.py @@ -33,8 +33,9 @@ def hasWrongEq(self, fun, params=None): if is_tx: varListTx.append(var) for i in range(len(varListTx)): - if(str(n).__contains__(f'{varListMsg[i]} == {varListTx[i]}') or str(n).__contains__(f'{varListTx[i]} == {varListMsg[i]}')): - return "True" + for j in range(len(varListMsg)): + if(str(n).__contains__(f'{varListMsg[j]} == {varListTx[i]}') or str(n).__contains__(f'{varListTx[i]} == {varListMsg[j]}')): + return "True" return "False" def _detect(self): diff --git a/tests/falsy_only_eoa_modifier_test.sol b/tests/falsy_only_eoa_modifier_test.sol index b8a1556..072d9d9 100644 --- a/tests/falsy_only_eoa_modifier_test.sol +++ b/tests/falsy_only_eoa_modifier_test.sol @@ -2,19 +2,25 @@ pragma solidity ^0.8.0; contract falsy_only_eoa_modifier_test { uint256 toSet; - bool isProtected = true; + address owner = msg.sender; modifier onlyOwner() { - require(isProtected); + require(owner == msg.sender); _; } - function set_vulnurable(uint256 setter) public onlyOwner { + function set_vulnerable(uint256 setter) public onlyOwner { if(msg.sender == tx.origin){ toSet = setter; } } + function set_tx_origin(uint256 setter) public onlyOwner { + if(owner == tx.origin){ + toSet = setter; + } + } + function set_ok(uint256 setter) public onlyOwner { toSet = setter; } From 49473174819812f73f3098320ef416f5b257f2a7 Mon Sep 17 00:00:00 2001 From: Yhtyyar Sahatov Date: Wed, 8 Nov 2023 19:24:31 +0300 Subject: [PATCH 3/8] renamed import --- slitherin/cli.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/slitherin/cli.py b/slitherin/cli.py index 7f0879b..6412ee9 100644 --- a/slitherin/cli.py +++ b/slitherin/cli.py @@ -6,14 +6,14 @@ import shutil import pty from pathlib import Path -import slither_pess +import slitherin from pkg_resources import iter_entry_points SLITHERIN_VERSION = "0.4.1" def slitherin_detectors_list_as_arguments() -> str: - return ",".join([detector.ARGUMENT for detector in slither_pess.plugin_detectors]) + return ",".join([detector.ARGUMENT for detector in slitherin.plugin_detectors]) logging.basicConfig() @@ -51,7 +51,7 @@ def run( def handle_list() -> None: - detectors = slither_pess.plugin_detectors + detectors = slitherin.plugin_detectors for detector in detectors: print(detector.ARGUMENT) From 6b66c1a690d94ddfe0a03ddd268b79c5c4ea787c Mon Sep 17 00:00:00 2001 From: Yhtyyar Sahatov Date: Wed, 8 Nov 2023 19:30:42 +0300 Subject: [PATCH 4/8] bumped version --- slitherin/cli.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/slitherin/cli.py b/slitherin/cli.py index 6412ee9..ee44a30 100644 --- a/slitherin/cli.py +++ b/slitherin/cli.py @@ -9,7 +9,7 @@ import slitherin from pkg_resources import iter_entry_points -SLITHERIN_VERSION = "0.4.1" +SLITHERIN_VERSION = "0.4.2" def slitherin_detectors_list_as_arguments() -> str: From a566d340fc3976da4df3230abeddcb567a2747f9 Mon Sep 17 00:00:00 2001 From: Nikita Kirillov <75425665+ndkirillov@users.noreply.github.com> Date: Fri, 10 Nov 2023 12:31:18 +0500 Subject: [PATCH 5/8] Fixed link to detectors --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index aa67958..b9bea09 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ [![Our Website](https://img.shields.io/badge/By-pessimistic.io-green?style=flat-square&logo=appveyor?logo=data:https://pessimistic.io/favicon.ico)](https://pessimistic.io/) [![Mail](https://img.shields.io/badge/Mail-gm%40pessimistic.io-orange?style=flat-square&logo=appveyor?logo=data:https://pessimistic.io/favicon.ico)](mailto:gm@pessimistic.io) -**Welcome!** We are the [pessimistic.io](https://pessimistic.io/) team, and in recent months we have been actively developing our [own **Slither detectors**](https://github.com/pessimistic-io/slitherin/tree/master/slither_pess/detectors) to help with code review and audit process. This repository contains everything you may require to work with them! +**Welcome!** We are the [pessimistic.io](https://pessimistic.io/) team, and in recent months we have been actively developing our [own **Slither detectors**](https://github.com/pessimistic-io/slitherin/tree/develop/slitherin/detectors) to help with code review and audit process. This repository contains everything you may require to work with them! We increased the sensitivity of our detectors since they are *quite straightforward* and not written in the "original style." As a result, they produce FPs ([False Positives](https://en.wikipedia.org/wiki/False_positives_and_false_negatives)) more frequently than original ones. So that, our detectors are a kind of automation of the checks implemented in the checklist, their main purpose is to look for issues and assist the code auditor. From bce3027c9de63454729832e61f421001dc1aaef5 Mon Sep 17 00:00:00 2001 From: Nikita Kirillov Date: Thu, 7 Dec 2023 12:15:59 +0500 Subject: [PATCH 6/8] replaced var declaration, added NoneType check --- slitherin/detectors/arbitrary_call/arbitrary_call.py | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/slitherin/detectors/arbitrary_call/arbitrary_call.py b/slitherin/detectors/arbitrary_call/arbitrary_call.py index d605aee..163f0e8 100644 --- a/slitherin/detectors/arbitrary_call/arbitrary_call.py +++ b/slitherin/detectors/arbitrary_call/arbitrary_call.py @@ -142,6 +142,7 @@ def analyze_function( def analyze_contract(self, contract: Contract): stores_approve = False + detectorParams: DetectorParams = None all_tainted_calls: List[ Tuple[FunctionContract, Node, LowLevelCall, bool, bool] ] = [] @@ -188,7 +189,6 @@ def analyze_contract(self, contract: Contract): if not (fn_taints_args or fn_taints_destination): continue - detectorParams: DetectorParams = None if fn_taints_args and fn_taints_destination: if stores_approve: text = "The call could be fully manipulated (arbitrary call). This contract also STORES APPROVES!!!" @@ -217,12 +217,12 @@ def analyze_contract(self, contract: Contract): res = self.generate_result(info) res.add(node) + if detectorParams: + res.data["check"] = self.ARGUMENT + detectorParams.argument_suffix + res.data["impact"] = classification_txt[detectorParams.impact] + res.data["confidence"] = classification_txt[detectorParams.confidence] - res.data["check"] = self.ARGUMENT + detectorParams.argument_suffix - res.data["impact"] = classification_txt[detectorParams.impact] - res.data["confidence"] = classification_txt[detectorParams.confidence] - - results.append(res) + results.append(res) return results def _detect(self): From 06d1d48df953df12987838df216b974ff2449f1a Mon Sep 17 00:00:00 2001 From: Nikita Kirillov Date: Thu, 7 Dec 2023 13:05:26 +0500 Subject: [PATCH 7/8] removed previous fixes, added a tab --- slitherin/detectors/arbitrary_call/arbitrary_call.py | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/slitherin/detectors/arbitrary_call/arbitrary_call.py b/slitherin/detectors/arbitrary_call/arbitrary_call.py index 163f0e8..d213c43 100644 --- a/slitherin/detectors/arbitrary_call/arbitrary_call.py +++ b/slitherin/detectors/arbitrary_call/arbitrary_call.py @@ -142,7 +142,6 @@ def analyze_function( def analyze_contract(self, contract: Contract): stores_approve = False - detectorParams: DetectorParams = None all_tainted_calls: List[ Tuple[FunctionContract, Node, LowLevelCall, bool, bool] ] = [] @@ -189,6 +188,7 @@ def analyze_contract(self, contract: Contract): if not (fn_taints_args or fn_taints_destination): continue + detectorParams: DetectorParams = None if fn_taints_args and fn_taints_destination: if stores_approve: text = "The call could be fully manipulated (arbitrary call). This contract also STORES APPROVES!!!" @@ -215,9 +215,8 @@ def analyze_contract(self, contract: Contract): text = f"The {part} could be manipulated" info += [f"\t{text} through ", f, "\n"] - res = self.generate_result(info) - res.add(node) - if detectorParams: + res = self.generate_result(info) + res.add(node) res.data["check"] = self.ARGUMENT + detectorParams.argument_suffix res.data["impact"] = classification_txt[detectorParams.impact] res.data["confidence"] = classification_txt[detectorParams.confidence] From a4379a4edb543d78705d2998246bb2f1e143adc2 Mon Sep 17 00:00:00 2001 From: Nikita Kirillov Date: Thu, 7 Dec 2023 15:11:20 +0500 Subject: [PATCH 8/8] updated version in cli.py --- slitherin/cli.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/slitherin/cli.py b/slitherin/cli.py index ee44a30..bc7fd6b 100644 --- a/slitherin/cli.py +++ b/slitherin/cli.py @@ -9,7 +9,7 @@ import slitherin from pkg_resources import iter_entry_points -SLITHERIN_VERSION = "0.4.2" +SLITHERIN_VERSION = "0.5.0" def slitherin_detectors_list_as_arguments() -> str: