-
Notifications
You must be signed in to change notification settings - Fork 926
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[False-Positive]: unchecked-lowlevel
if returndata is not used
#2008
Comments
In my opinion this is not related to the changes introduced in OpenZeppelin code, it was a side effect of #1861 in Slither v0.9.5. The PR says:
However, for |
I agree we should not require returndata since it may not be used for good reason |
unchecked-lowlevel
with events and custom errorsunchecked-lowlevel
if returndata is not used
I updated the title and the description to refer better to the issue (returndata not used). Also, as referenced in ubiquity/ubiquity-dollar#714, the false positive triggers by ignoring returndata as well (see here and here) |
Released https://github.com/crytic/slither/releases/tag/0.9.6 to address this! |
Thanks @0xalpharush, I can confirm this is no longer an issue so I'm closing |
Describe the false alarm that Slither raise and how you know it's inaccurate:
Recently some changes were made to OpenZeppelins ERC2771 Forwarder in OpenZeppelin/openzeppelin-contracts#4346. These changes started to trigger to warnings as follows:
However, these are the two functions that matched:
Both cases are behaving as intended, because:
sendValue
function is indeed checking thesuccess
value. The only reason why I think it may be broken is because of the custom error usage._execute
function is logging thesuccess
value inExecutedForwardRequest
and the documentation for this detector recommends ensuring logging the resultEDIT: The issue seems to be related to not using the
returndata
instead of custom errorsFrequency
Very Frequently
Code example to reproduce the issue:
Version:
0.9.4 and 0.9.5
Relevant log output:
The text was updated successfully, but these errors were encountered: