pessimistic-io · ndkirillov · Jun 21, 2024 · Jun 14, 2024 · Jun 14, 2024 · Jun 14, 2024
diff --git a/README.md b/README.md
diff --git a/docs/curve_vyper_reentrancy.md → docs/vyper_version_reentrancy.md b/docs/curve_vyper_reentrancy.md → docs/vyper_version_reentrancy.md
@@ -2,7 +2,7 @@
 
 ## Configuration
 
-- Check: `pess-curve-vyper-reentrancy`
+- Check: `pess-vyper-version-reentrancy`
 - Severity: `High`
 - Confidence: `High`
 

diff --git a/slitherin/__init__.py b/slitherin/__init__.py
@@ -41,8 +41,8 @@
 from slitherin.detectors.balancer.balancer_readonly_reentrancy import (
  BalancerReadonlyReentrancy,
 )
-from slitherin.detectors.vyper.reentrancy_curve_vyper_version import (
- CurveVyperReentrancy,
+from slitherin.detectors.vyper.reentrancy_vyper_version import (
+ VyperVersionReentrancy,
 )
 from slitherin.detectors.price_manipulation import PriceManipulationDetector
 from .consts import OBSOLETE_FLAG
@@ -80,7 +80,7 @@
  PotentialArithmOverflow,
  CurveReadonlyReentrancy,
  BalancerReadonlyReentrancy,
- CurveVyperReentrancy,
+ VyperVersionReentrancy,
  PriceManipulationDetector,
 ]
 

diff --git a/slitherin/consts.py b/slitherin/consts.py
@@ -1,3 +1,3 @@
 ARBITRUM_KEY = "SLITHERIN_ARBITRUM"
 OBSOLETE_FLAG = "SLITHERIN_OBSOLETE"
-SLITHERIN_VERSION = "0.7.1"
+SLITHERIN_VERSION = "0.7.2"
diff --git a/slitherin/detectors/dubious_typecast.py b/slitherin/detectors/dubious_typecast.py
@@ -71,7 +71,12 @@ class DubiousTypecast(AbstractDetector):
  )
  WIKI_RECOMMENDATION = "Use clear constants"
 
- WHITELIST = ["SafeCast", "SignedMath"] # OZ
+ WHITELIST = [
+ "SafeCast",
+ "SignedMath",
+ "SafeCastUpgradeable",
+ "SignedMathUpgradeable",
+ ] # OZ
 
  def analyze_irs(self, irs: List[Operation]) -> List[Tuple[str, str]]:
  results = []

diff --git a/slitherin/detectors/magic_number.py b/slitherin/detectors/magic_number.py
@@ -26,7 +26,7 @@ class MagicNumber(AbstractDetector):
 
  EXCEPTION = {"0", "1", "2", "1000", "1e18"}
  used_count = defaultdict(lambda: {"count": 0, "nodes": []})
- WHITELIST = ["SafeCast", "Math"]
+ WHITELIST = ["SafeCast", "Math", "MathUpgradeable", "SafeCastUpgradeable"]
 
  def _check_if_pow_10(self, str: str) -> bool:
  reg = re.fullmatch(r"^10*$|^10*e\d+$", str) # 1(0..) or 1(0..)eX

diff --git a/slitherin/detectors/unprotected_initialize.py b/slitherin/detectors/unprotected_initialize.py
@@ -30,7 +30,11 @@ def _is_initialize(self, fun: Function) -> bool:
  def _has_modifiers(self, fun: Function) -> bool:
  """Checks if function has modifier protection"""
  for modifier in fun.modifiers:
- if str(modifier) == "onlyOwner" or str(modifier) == "initializer":
+ if str(modifier).startswith("only") or str(modifier) in [
+ "initializer",
+ "onlyInitializing",
+ "reinitializer",
+ ]:
  return True
  return False
 
@@ -43,7 +47,7 @@ def _has_require(self, fun: Function) -> bool:
  if str(variable.type) == "address":
  return True
  return False
- 
+
  def _has_if_with_reverts(self, fun: Function) -> bool:
  for node in fun.nodes:
  if node.contains_if():

diff --git a/...s/vyper/reentrancy_curve_vyper_version.py → ...tectors/vyper/reentrancy_vyper_version.py b/...s/vyper/reentrancy_curve_vyper_version.py → ...tectors/vyper/reentrancy_vyper_version.py
@@ -5,8 +5,8 @@
 from slither.slithir.operations.event_call import EventCall
 
 VULNERABLE_VERSIONS = ['0.2.15', '0.2.16', '0.3.0']
-class CurveVyperReentrancy(AbstractDetector):
- ARGUMENT = 'pess-curve-vyper-reentrancy' # slither will launch the detector with slither.py --detect mydetector
+class VyperVersionReentrancy(AbstractDetector):
+ ARGUMENT = 'pess-vyper-version-reentrancy' # slither will launch the detector with slither.py --detect mydetector
  HELP = f'Vyper compiler versions {", ".join(VULNERABLE_VERSIONS)} are vulnerable to malfunctioning re-entrancy guards. Upgrade your compiler version.'
  IMPACT = DetectorClassification.HIGH
  CONFIDENCE = DetectorClassification.HIGH