Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Incorrect detector results to investigate #2214

Open
montyly opened this issue Nov 3, 2023 · 6 comments
Open

Incorrect detector results to investigate #2214

montyly opened this issue Nov 3, 2023 · 6 comments

Comments

@montyly
Copy link
Member

montyly commented Nov 3, 2023

From @pcaversaccio

1

2

@0xalpharush
Copy link
Contributor

For 2, there isn't a state variable written after the call that's read before the call or in other functions

@pcaversaccio
Copy link
Contributor

For 2, there isn't a state variable written after the call that's read before the call or in other functions

But I can reenter the function or any other function (cross-function reentrancy). So Slither doesn't care about this general reentrancy?

@0xalpharush
Copy link
Contributor

What is the exploit? Here, it seems benign to call the functions reentrantly as it'd have the same affect as calling it twice, right? I'm not sure one would do except add nonreetrant modifiers on any function that makes an external call.

@pcaversaccio
Copy link
Contributor

What is the exploit? Here, it seems benign to call the functions reentrantly as it'd have the same affect as calling it twice, right? I'm not sure one would do except add nonreetrant modifiers on any function that makes an external call.

There is no exploit for this case, I was just wondering whether this could lead to false negatives. Does Slither detect cross-function reentrancies?

@0xalpharush
Copy link
Contributor

I think it depends on the case. The update in #1351 considered read/writes in reentrant functions, but we need better insight into this as highlighted in #1840. It'd be great to know of frequent, high impact cases we are missing

@pcaversaccio
Copy link
Contributor

Right, what about 1) above? Why is this not discovered?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

3 participants