-
Notifications
You must be signed in to change notification settings - Fork 962
/
state.py
87 lines (66 loc) · 2.31 KB
/
state.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
"""
Module detecting shadowing of state variables
"""
from slither.detectors.abstract_detector import AbstractDetector, DetectorClassification
class StateShadowing(AbstractDetector):
"""
Shadowing of state variable
"""
ARGUMENT = 'shadowing-state'
HELP = 'State variables shadowing'
IMPACT = DetectorClassification.HIGH
CONFIDENCE = DetectorClassification.HIGH
WIKI = 'https://github.com/crytic/slither/wiki/Detector-Documentation#state-variable-shadowing'
WIKI_TITLE = 'State variable shadowing'
WIKI_DESCRIPTION = 'Detection of state variables shadowed.'
WIKI_EXPLOIT_SCENARIO = '''
```solidity
contract BaseContract{
address owner;
modifier isOwner(){
require(owner == msg.sender);
_;
}
}
contract DerivedContract is BaseContract{
address owner;
constructor(){
owner = msg.sender;
}
function withdraw() isOwner() external{
msg.sender.transfer(this.balance);
}
}
```
`owner` of `BaseContract` is never assigned and the modifier `isOwner` does not work.'''
WIKI_RECOMMENDATION = 'Remove the state variable shadowing.'
def detect_shadowing(self, contract):
ret = []
variables_fathers = []
for father in contract.inheritance:
if any(f.is_implemented for f in father.functions + father.modifiers):
variables_fathers += father.state_variables_declared
for var in contract.state_variables_declared:
shadow = [v for v in variables_fathers if v.name == var.name]
if shadow:
ret.append([var] + shadow)
return ret
def _detect(self):
""" Detect shadowing
Recursively visit the calls
Returns:
list: {'vuln', 'filename,'contract','func', 'shadow'}
"""
results = []
for c in self.contracts:
shadowing = self.detect_shadowing(c)
if shadowing:
for all_variables in shadowing:
shadow = all_variables[0]
variables = all_variables[1:]
info = [shadow, ' shadows:\n']
for var in variables:
info += ["\t- ", var, "\n"]
res = self.generate_result(info)
results.append(res)
return results