From ab9cc4c4dbdd3be4a2e0935a76c160b31fb9deba Mon Sep 17 00:00:00 2001
From: alpharush <0xalpharush@protonmail.com>
Date: Fri, 13 Jan 2023 11:29:53 -0600
Subject: [PATCH] Ignore reentrancy in`executeBatch` and update Slither config
 (#3955)

Co-authored-by: Francisco <fg@frang.io>
(cherry picked from commit a5af0adce4276cc0931083d612e31c7319a78a1d)
---
 .github/workflows/checks.yml                | 2 +-
 contracts/governance/TimelockController.sol | 3 +++
 slither.config.json                         | 3 ++-
 3 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml
index 780935493e0..4e92c1043d0 100644
--- a/.github/workflows/checks.yml
+++ b/.github/workflows/checks.yml
@@ -76,7 +76,7 @@ jobs:
       - uses: actions/checkout@v3
       - name: Set up environment
         uses: ./.github/actions/setup
-      - uses: crytic/slither-action@v0.1.1
+      - uses: crytic/slither-action@v0.2.0
 
   codespell:
     if: github.repository != 'OpenZeppelin/openzeppelin-contracts-upgradeable'
diff --git a/contracts/governance/TimelockController.sol b/contracts/governance/TimelockController.sol
index ad385af6d36..139a38aba4c 100644
--- a/contracts/governance/TimelockController.sol
+++ b/contracts/governance/TimelockController.sol
@@ -316,6 +316,9 @@ contract TimelockController is AccessControl, IERC721Receiver, IERC1155Receiver
      *
      * - the caller must have the 'executor' role.
      */
+    // This function can reenter, but it doesn't pose a risk because _afterCall checks that the proposal is pending,
+    // thus any modifications to the operation during reentrancy should be caught.
+    // slither-disable-next-line reentrancy-eth
     function executeBatch(
         address[] calldata targets,
         uint256[] calldata values,
diff --git a/slither.config.json b/slither.config.json
index e52e3f5d5bd..2b618794aa8 100644
--- a/slither.config.json
+++ b/slither.config.json
@@ -1,4 +1,5 @@
 {
     "detectors_to_run": "reentrancy-eth,reentrancy-no-eth,reentrancy-unlimited-gas",
-    "filter_paths": "contracts/mocks"
+    "filter_paths": "contracts/mocks",
+    "compile_force_framework": "hardhat"
 }
\ No newline at end of file