diff --git a/slitherin/detectors/price_manipulation.py b/slitherin/detectors/price_manipulation.py index 59ebd87..b321bfd 100644 --- a/slitherin/detectors/price_manipulation.py +++ b/slitherin/detectors/price_manipulation.py @@ -1,11 +1,10 @@ from typing import List from slither.utils.output import Output from slither.detectors.abstract_detector import AbstractDetector, DetectorClassification -from slither.core.declarations import Function -from slither.slithir.operations.event_call import EventCall from slither.slithir.operations.high_level_call import HighLevelCall from slither.slithir.operations.internal_call import InternalCall -from slither.slithir.operations.binary import Binary, BinaryType +from slither.slithir.operations.solidity_call import SolidityCall +from slither.slithir.operations.binary import Binary from slither.analyses.data_dependency.data_dependency import is_dependent @@ -30,6 +29,9 @@ def _detect(self) -> List[Output]: for func in contract.functions: for n in func.nodes: for x in n.irs: + if isinstance(x, SolidityCall): + if x.function.name == "balance(address)" or x.function.name == "self.balance" or x.function.name == "this.balance()": + all_balance_vars.append((n, x._lvalue)) if isinstance(x, HighLevelCall): if str(x.function_name).lower() == "balanceof": all_balance_vars.append((n, x._lvalue)) diff --git a/tests/price_manipulation_test.sol b/tests/price_manipulation_test.sol index 4963514..85cc621 100644 --- a/tests/price_manipulation_test.sol +++ b/tests/price_manipulation_test.sol @@ -33,6 +33,10 @@ contract Test1 { price = getBalance() + mySupply() + 1; } + function test_vuln_7() external returns(uint256 price) { + price = address(token).balance / mySupply(); + } + function getBalance() public returns(uint256 bal) { bal = token.balanceOf(msg.sender); }