-
Notifications
You must be signed in to change notification settings - Fork 59
/
strange_setter_test.sol
109 lines (88 loc) · 2.45 KB
/
strange_setter_test.sol
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
pragma solidity ^0.8.0;
interface ExternalContract {
function set(bool arg) external;
}
// What it should detect:
// If smth is set in the function, and the function contains parameters,
// and this parameters were not uset to set.
contract StrangeSetter {
uint256 toSet;
bool isProtected = true;
mapping(bytes32 => address) s_builders;
modifier onlyOwner() {
require(isProtected);
_;
}
constructor(uint256 _setter) {
toSet = _setter;
}
function set_vulnurable(uint256 setter) public onlyOwner {
uint256 a = 10;
a = setter;
}
function set_vulnurable_shadowing(uint256 setter) public onlyOwner {
uint256 setter = 2; //TODO: THIS IS NOT DETECTED!!!
toSet = setter;
}
function set_vulnerable_mapping(uint256 _toSet) external onlyOwner {
uint256 vars = _toSet;
toSet = vars;
}
function setBuilder(bytes32 nameHash, address builder) public onlyOwner {
s_builders[nameHash] = builder;
}
function setWithInt(bytes32 nameHash, address builder) public onlyOwner {
uint256 x = 0;
vulnurable_internal(x);
}
function setSwapEnabledExternal_ok(
ExternalContract target,
bool swapEnabled
) external onlyOwner {
target.set(swapEnabled);
}
function setUseOnlyOneArg_vulnerable(
uint256 arg1,
bool isProtectedArg
) external onlyOwner {
isProtected = isProtectedArg;
}
function set_ok(uint256 setter) public onlyOwner {
toSet = setter;
}
function set_ok2(uint val) public onlyOwner {
vulnurable_internal(val);
}
function set_ok_with_temp_war(uint256 setter) public onlyOwner {
uint k = setter * 100;
toSet = k;
}
function vulnurable_internal(uint256 setter) internal {
toSet = setter;
}
}
contract StrangeConstructor {
uint256 toSet;
constructor(uint256 _setter) {
uint256 local_set;
local_set = _setter + 10;
}
}
contract OkConstructor {
bool init;
//if constructor has no parameters or is empty - do not detect
constructor() {
disableInitializers();
}
function disableInitializers() internal {
init = true;
}
}
contract TestInheritance is StrangeSetter {
constructor(uint256 _toSet) StrangeSetter(_toSet) {}
}
contract TestNewContract {
constructor(uint256 _toSet) {
new TestInheritance(_toSet);
}
}