Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Bug-Candidate]: slither-read-storage: storage array slots miscalculated in slot layout for shadowed vars #1322

Closed
plotchy opened this issue Aug 2, 2022 · 1 comment · Fixed by #1444
Assignees
Labels
bug Something isn't working

Comments

@plotchy
Copy link
Contributor

plotchy commented Aug 2, 2022

Describe the issue:

Weird edge case, though this happens with uint256[50] __gap quite often.

If there are instances of shadowed vars, slither-read-storage fails to differentiate them in the storage layout.
Only the first instance of the var is printed, and it uses the last instance's slot for the length holder.

Code example to reproduce the issue:

pragma solidity ^0.8.4;

contract BaseContract{
    uint256 one;
    uint256[50] private __gap;
    uint256 two;
}

contract DerivedContract is BaseContract{
    uint256 three;
    uint256[50] private __gap;
    uint256 four;
}

Version:

0.8.3

Relevant log output:

INFO:Slither-read-storage:
Contract 'DerivedContract'
BaseContract.one with type uint256 is located at slot: 0

INFO:Slither-read-storage:
Name: one
Type: uint256
Slot: 0

INFO:Slither-read-storage:
Contract 'DerivedContract'
DerivedContract.__gap with type uint256[50] is located at slot: 53 <-- ** Should be 1 **

INFO:Slither-read-storage:
Name: __gap
Type: uint256[50]
Slot: 53

INFO:Slither-read-storage:
Contract 'DerivedContract'
DerivedContract.__gap with type uint256[50] is located at slot: 53

INFO:Slither-read-storage:
Key: 0
Name: __gap
Type: uint256
Slot: 53

--- snip ---

INFO:Slither-read-storage:
Contract 'DerivedContract'
DerivedContract.__gap with type uint256[50] is located at slot: 53

INFO:Slither-read-storage:
Key: 19
Name: __gap
Type: uint256
Slot: 72

INFO:Slither-read-storage:
Contract 'DerivedContract'
BaseContract.two with type uint256 is located at slot: 51

INFO:Slither-read-storage:
Name: two
Type: uint256
Slot: 51

INFO:Slither-read-storage:
Contract 'DerivedContract'
DerivedContract.three with type uint256 is located at slot: 52

INFO:Slither-read-storage:
Name: three
Type: uint256
Slot: 52

** DerivedContract.__gap should be here with slot 53 ** 

INFO:Slither-read-storage:
Contract 'DerivedContract'
DerivedContract.four with type uint256 is located at slot: 103

INFO:Slither-read-storage:
Name: four
Type: uint256
Slot: 103
@plotchy plotchy added the bug-candidate Bugs reports that are not yet confirmed label Aug 2, 2022
@plotchy plotchy changed the title [Bug-Candidate]: slither-read-storage: storage array slots miscalculated for in slot layout for shadowed vars [Bug-Candidate]: slither-read-storage: storage array slots miscalculated in slot layout for shadowed vars Aug 2, 2022
@0xalpharush
Copy link
Contributor

Good find. We should be using contract.state_variables_ordered here:

for var in contract.variables

Need to document the difference here:
def variables(self) -> List["StateVariable"]:
"""
list(StateVariable): List of the state variables. Alias to self.state_variables
"""
return list(self.state_variables)
@property
def variables_as_dict(self) -> Dict[str, "StateVariable"]:
return self._variables
@property
def state_variables(self) -> List["StateVariable"]:
"""
list(StateVariable): List of the state variables.
"""
return list(self._variables.values())
@property
def state_variables_ordered(self) -> List["StateVariable"]:
"""
list(StateVariable): List of the state variables by order of declaration.

@0xalpharush 0xalpharush added bug Something isn't working and removed bug-candidate Bugs reports that are not yet confirmed labels Aug 3, 2022
@0xalpharush 0xalpharush self-assigned this Aug 12, 2022
@montyly montyly closed this as completed in 4479b61 Nov 3, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants