-
Notifications
You must be signed in to change notification settings - Fork 62
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #88 from pessimistic-io/develop
Slitherin 0.4.0
- Loading branch information
Showing
23 changed files
with
289 additions
and
33 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
# Ecrecover | ||
|
||
## Configuration | ||
|
||
- Check: `pess-ecrecover` | ||
- Severity: `High` | ||
- Confidence: `Medium` | ||
|
||
## Description | ||
|
||
`ecrecover` functions returns `0` on error. It is important to check the result for `0`. | ||
|
||
### Potential Improvement | ||
|
||
As for now, the detector might not work on asm level. | ||
|
||
## Vulnerable Scenario | ||
|
||
[test scenarios](../tests/ecrecover.sol) | ||
|
||
## Recommendation | ||
|
||
Check the result of `ecrecover` or use OZ ECDSA library. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
# Public vs External | ||
|
||
## Configuration | ||
|
||
- Check: `pess-public-vs-external` | ||
- Severity: `Low` | ||
- Confidence: `Medium` | ||
|
||
## Description | ||
|
||
Detects functions that have `public` modifiers and could be turned into `external` (not used in the contract) | ||
|
||
### Potential Improvement | ||
|
||
There could be FP's because of inheritance | ||
|
||
## Vulnerable Scenario | ||
|
||
[test scenarios](../tests/public_vs_external_test.sol) | ||
|
||
## Recommendation | ||
|
||
Mark `public` functions as `external` where it is possible to enhance control-flow readability. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,87 @@ | ||
import re | ||
from typing import List, Tuple | ||
|
||
from slither.detectors.abstract_detector import AbstractDetector, DetectorClassification | ||
from slither.slithir.operations import ( | ||
SolidityCall, | ||
Condition, | ||
) | ||
from slither.core.declarations import ( | ||
FunctionContract, | ||
) | ||
from slither.core.cfg.node import Node | ||
from slither.slithir.operations import LowLevelCall | ||
from slither.analyses.data_dependency.data_dependency import is_dependent | ||
|
||
|
||
class Ecrecover(AbstractDetector): | ||
""" | ||
Detects not checked results of ecrecover | ||
""" | ||
|
||
ARGUMENT = "pess-ecrecover" # slither will launch the detector with slither.py --detect mydetector | ||
HELP = "signer = ecrecover(hash, v, r, s)" | ||
IMPACT = DetectorClassification.HIGH | ||
CONFIDENCE = DetectorClassification.MEDIUM | ||
|
||
WIKI = "https://github.com/pessimistic-io/slitherin/blob/master/docs/ecrecover.md" | ||
WIKI_TITLE = "Ecrecover" | ||
WIKI_DESCRIPTION = "Check docs" | ||
WIKI_EXPLOIT_SCENARIO = "Attacker can validate signatures from 0x0 address" | ||
WIKI_RECOMMENDATION = "Check the result of ecrecover" | ||
|
||
def analyze_function( | ||
self, function: FunctionContract | ||
) -> List[Tuple[FunctionContract, Node, LowLevelCall, bool, bool]]: | ||
unchecked_results = set() | ||
var_to_node = {} | ||
for node in function.nodes: | ||
for ir in node.irs: | ||
try: | ||
node_contains_0 = re.search( | ||
r"address\((0|0x0*)\)", str(node) | ||
) # check if the node contains address(0|0x0..) | ||
if isinstance(ir, SolidityCall): | ||
if ( | ||
ir.function.name | ||
== "ecrecover(bytes32,uint8,bytes32,bytes32)" | ||
): | ||
unchecked_results.add(ir.lvalue) | ||
var_to_node[ir.lvalue] = node | ||
elif ( | ||
ir.function.name == "require(bool,string)" | ||
or ir.function.name == "assert(bool)" | ||
): | ||
if not node_contains_0: # does not contain 0 check | ||
continue | ||
checking_var = ir.arguments[0] | ||
for ur in unchecked_results: | ||
if is_dependent(checking_var, ur, node): | ||
unchecked_results.remove(ur) | ||
break | ||
elif isinstance(ir, Condition): | ||
# this is copypaste, for now, couldn't figure out how to make this better without overcomplicating | ||
if not node_contains_0: # does not contain 0 check | ||
continue | ||
for ur in unchecked_results: | ||
if is_dependent(ir.value, ur, node): | ||
unchecked_results.remove(ur) | ||
break | ||
|
||
except Exception as e: | ||
print("failed", e) | ||
|
||
return [var_to_node[ur] for ur in unchecked_results] | ||
|
||
def _detect(self): | ||
results = [] | ||
for contract in self.compilation_unit.contracts_derived: | ||
for f in contract.functions: | ||
res = self.analyze_function(f) | ||
if res: | ||
for r in res: | ||
info = ["Unchecked result of ecrecover for 0:\n\t", r, "\n"] | ||
tres = self.generate_result(info) | ||
tres.add(r) | ||
results.append(tres) | ||
return results |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,52 @@ | ||
from typing import List | ||
from slither.utils.output import Output | ||
from slither.detectors.abstract_detector import AbstractDetector, DetectorClassification | ||
from slither.core.declarations import Contract | ||
|
||
|
||
class PublicVsExternal(AbstractDetector): | ||
""" | ||
Detects functions that have "public" modifiers and not used in the contract | ||
""" | ||
|
||
ARGUMENT = "pess-public-vs-external" # slither will launch the detector with slither.py --detect mydetector | ||
HELP = "mark public functions as external where possible, to enhance contract's control-flow readability" | ||
IMPACT = DetectorClassification.LOW | ||
CONFIDENCE = DetectorClassification.MEDIUM | ||
|
||
WIKI = "https://github.com/pessimistic-io/slitherin/blob/master/docs/public_vs_external.md" | ||
WIKI_TITLE = "Public vs External" | ||
WIKI_DESCRIPTION = "Check docs" | ||
WIKI_EXPLOIT_SCENARIO = "No exploits, just readability enhancement" | ||
WIKI_RECOMMENDATION = "Mark public functions as external where it is possible" | ||
|
||
def _analyze_contract(self, contract: Contract) -> list: | ||
res = [] | ||
used_functions = set() | ||
for f in contract.functions_and_modifiers_declared: | ||
for node in f.nodes: | ||
for call in node.internal_calls: | ||
used_functions.add(call.name) | ||
|
||
for f in contract.functions_and_modifiers_declared: | ||
if f.visibility == "public" and f.name not in used_functions: | ||
res.append(f) | ||
return res | ||
|
||
def _detect(self) -> List[Output]: | ||
"""Main function""" | ||
results = [] | ||
for contract in self.compilation_unit.contracts_derived: | ||
res = self._analyze_contract(contract) | ||
if res: | ||
info = [ | ||
"The following public functions could be turned into external in ", | ||
contract, | ||
" contract:\n", | ||
] | ||
for r in res: | ||
info += ["\t", r, "\n"] | ||
contract_result = self.generate_result(info) | ||
results.append(contract_result) | ||
|
||
return results |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.