Skip to content

Commit

Permalink
Merge pull request #179 from pessimistic-io/develop
Browse files Browse the repository at this point in the history
v0.7.2
  • Loading branch information
ndkirillov authored Jun 21, 2024
2 parents 2b63ee9 + 7fda59b commit c32440e
Show file tree
Hide file tree
Showing 8 changed files with 67 additions and 47 deletions.
83 changes: 47 additions & 36 deletions README.md

Large diffs are not rendered by default.

Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

## Configuration

- Check: `pess-curve-vyper-reentrancy`
- Check: `pess-vyper-version-reentrancy`
- Severity: `High`
- Confidence: `High`

Expand Down
6 changes: 3 additions & 3 deletions slitherin/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -41,8 +41,8 @@
from slitherin.detectors.balancer.balancer_readonly_reentrancy import (
BalancerReadonlyReentrancy,
)
from slitherin.detectors.vyper.reentrancy_curve_vyper_version import (
CurveVyperReentrancy,
from slitherin.detectors.vyper.reentrancy_vyper_version import (
VyperVersionReentrancy,
)
from slitherin.detectors.price_manipulation import PriceManipulationDetector
from .consts import OBSOLETE_FLAG
Expand Down Expand Up @@ -80,7 +80,7 @@
PotentialArithmOverflow,
CurveReadonlyReentrancy,
BalancerReadonlyReentrancy,
CurveVyperReentrancy,
VyperVersionReentrancy,
PriceManipulationDetector,
]

Expand Down
2 changes: 1 addition & 1 deletion slitherin/consts.py
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
ARBITRUM_KEY = "SLITHERIN_ARBITRUM"
OBSOLETE_FLAG = "SLITHERIN_OBSOLETE"
SLITHERIN_VERSION = "0.7.1"
SLITHERIN_VERSION = "0.7.2"
7 changes: 6 additions & 1 deletion slitherin/detectors/dubious_typecast.py
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,12 @@ class DubiousTypecast(AbstractDetector):
)
WIKI_RECOMMENDATION = "Use clear constants"

WHITELIST = ["SafeCast", "SignedMath"] # OZ
WHITELIST = [
"SafeCast",
"SignedMath",
"SafeCastUpgradeable",
"SignedMathUpgradeable",
] # OZ

def analyze_irs(self, irs: List[Operation]) -> List[Tuple[str, str]]:
results = []
Expand Down
2 changes: 1 addition & 1 deletion slitherin/detectors/magic_number.py
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ class MagicNumber(AbstractDetector):

EXCEPTION = {"0", "1", "2", "1000", "1e18"}
used_count = defaultdict(lambda: {"count": 0, "nodes": []})
WHITELIST = ["SafeCast", "Math"]
WHITELIST = ["SafeCast", "Math", "MathUpgradeable", "SafeCastUpgradeable"]

def _check_if_pow_10(self, str: str) -> bool:
reg = re.fullmatch(r"^10*$|^10*e\d+$", str) # 1(0..) or 1(0..)eX
Expand Down
8 changes: 6 additions & 2 deletions slitherin/detectors/unprotected_initialize.py
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,11 @@ def _is_initialize(self, fun: Function) -> bool:
def _has_modifiers(self, fun: Function) -> bool:
"""Checks if function has modifier protection"""
for modifier in fun.modifiers:
if str(modifier) == "onlyOwner" or str(modifier) == "initializer":
if str(modifier).startswith("only") or str(modifier) in [
"initializer",
"onlyInitializing",
"reinitializer",
]:
return True
return False

Expand All @@ -43,7 +47,7 @@ def _has_require(self, fun: Function) -> bool:
if str(variable.type) == "address":
return True
return False

def _has_if_with_reverts(self, fun: Function) -> bool:
for node in fun.nodes:
if node.contains_if():
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,8 @@
from slither.slithir.operations.event_call import EventCall

VULNERABLE_VERSIONS = ['0.2.15', '0.2.16', '0.3.0']
class CurveVyperReentrancy(AbstractDetector):
ARGUMENT = 'pess-curve-vyper-reentrancy' # slither will launch the detector with slither.py --detect mydetector
class VyperVersionReentrancy(AbstractDetector):
ARGUMENT = 'pess-vyper-version-reentrancy' # slither will launch the detector with slither.py --detect mydetector
HELP = f'Vyper compiler versions {", ".join(VULNERABLE_VERSIONS)} are vulnerable to malfunctioning re-entrancy guards. Upgrade your compiler version.'
IMPACT = DetectorClassification.HIGH
CONFIDENCE = DetectorClassification.HIGH
Expand Down

0 comments on commit c32440e

Please sign in to comment.