Re-entrancy detector + Control Flow Graph (#752)

Co-authored-by: Alex Roan <[email protected]>

Author: TilakMaddy

.github/workflows/cargo.yml

@@ -60,7 +60,7 @@ jobs:
       - name: Run tests
         run: |
           cargo build
-          cargo test -- --nocapture
+          cargo test -- --test-threads 1
 
   lints:
     name: Lints

.gitignore

@@ -2,5 +2,7 @@
 .DS_Store
 .venv
 debug/
+dot/
+!dot/.gitkeep
 # Generated by `oranda generate ci`
-public/
+public/

Cargo.lock

@@ -44,6 +44,7 @@ tokio = "1.40.0"
 toml = "0.8.13"
 tower-lsp = "0.20.0"
 dunce = "=1.0.4"
+petgraph = "0"
 
 [profile.release]
 codegen-units = 1

Cargo.toml

@@ -29,6 +29,7 @@ derive_more = { workspace = true }
 dunce = { workspace = true }
 
 [dev-dependencies]
+petgraph = { workspace = true }
 cyfrin-foundry-compilers = { workspace = true, features = ["svm-solc"] }
 serial_test = { workspace = true }
 once_cell = { workspace = true }

aderyn_core/Cargo.toml

@@ -0,0 +1,109 @@
+//! This module helps us detect whether a given AST Node has any external calls inside of it
+
+use super::ExtractMemberAccesses;
+use crate::{ast::*, context::workspace_context::ASTNode};
+
+fn is_external_call(ast_node: ASTNode) -> bool {
+    // This is so we can skip the FunctionCallOptions layer which solidity compiler inserts
+    // when there are options passed to function calls
+    for member_access in ExtractMemberAccesses::from(&ast_node).extracted {
+        // address(..).call("...") pattern
+        let is_call = member_access.member_name == "call";
+        if is_call {
+            return true;
+        }
+
+        // payable(address(..)).transfer(100)
+        // payable(address(..)).send(100)
+        // address.sendValue(..) (from openzeppelin)
+        if member_access.member_name == "transfer"
+            || member_access.member_name == "send"
+            || member_access.member_name == "sendValue"
+        {
+            if let Some(type_description) = member_access.expression.type_descriptions() {
+                if type_description
+                    .type_string
+                    .as_ref()
+                    .is_some_and(|type_string| type_string.starts_with("address"))
+                {
+                    return true;
+                }
+            }
+        }
+
+        // Any external call
+        if member_access
+            .type_descriptions
+            .type_identifier
+            .is_some_and(|type_identifier| type_identifier.contains("function_external"))
+        {
+            return true;
+        }
+    }
+
+    false
+}
+
+impl FunctionCall {
+    pub fn is_external_call(&self) -> bool {
+        is_external_call(self.into())
+    }
+}
+impl FunctionCallOptions {
+    pub fn is_external_call(&self) -> bool {
+        is_external_call(self.into())
+    }
+}
+
+#[cfg(test)]
+mod external_calls_detector {
+    use serial_test::serial;
+
+    use crate::{
+        context::browser::ExtractFunctionCalls, detect::test_utils::load_solidity_source_unit,
+    };
+
+    use super::FunctionDefinition;
+
+    impl FunctionDefinition {
+        pub fn makes_external_calls(&self) -> bool {
+            let func_calls = ExtractFunctionCalls::from(self).extracted;
+            func_calls.iter().any(|f| f.is_external_call())
+        }
+    }
+
+    #[test]
+    #[serial]
+    fn test_direct_call_on_address() {
+        let context =
+            load_solidity_source_unit("../tests/contract-playground/src/ExternalCalls.sol");
+
+        let childex = context.find_contract_by_name("ChildEx");
+
+        let ext1 = childex.find_function_by_name("ext1");
+        let ext2 = childex.find_function_by_name("ext2");
+        let ext3 = childex.find_function_by_name("ext3");
+        let ext4 = childex.find_function_by_name("ext4");
+        let ext5 = childex.find_function_by_name("ext5");
+        let ext6 = childex.find_function_by_name("ext6");
+        let ext7 = childex.find_function_by_name("ext7");
+        let ext8 = childex.find_function_by_name("ext8");
+        let ext9 = childex.find_function_by_name("ext9");
+
+        assert!(ext1.makes_external_calls());
+        assert!(ext2.makes_external_calls());
+        assert!(ext3.makes_external_calls());
+        assert!(ext4.makes_external_calls());
+        assert!(ext5.makes_external_calls());
+        assert!(ext6.makes_external_calls());
+        assert!(ext7.makes_external_calls());
+        assert!(ext8.makes_external_calls());
+        assert!(ext9.makes_external_calls());
+
+        let notext1 = childex.find_function_by_name("notExt1");
+        let notext2 = childex.find_function_by_name("notExt2");
+
+        assert!(!notext1.makes_external_calls());
+        assert!(!notext2.makes_external_calls());
+    }
+}

aderyn_core/src/context/browser/external_calls.rs

@@ -1,5 +1,6 @@
 mod ancestral_line;
 mod closest_ancestor;
+mod external_calls;
 mod extractor;
 mod immediate_children;
 mod location;