-
Notifications
You must be signed in to change notification settings - Fork 982
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
implement detector for erc20 tokens that have function collision with… #1334
Conversation
… DOMAIN_SEPARATOR
This pull request introduces 1 alert when merging f7e22a7 into 5a6b630 - view on LGTM.com new alerts:
|
amazing thank you so much @0xalpharush! |
slither/detectors/functions/permit_domain_signature_collision.py
Outdated
Show resolved
Hide resolved
This pull request introduces 1 alert when merging 406f31b into 78397b9 - view on LGTM.com new alerts:
|
406f31b
to
0d04e17
Compare
This pull request introduces 1 alert when merging 0d04e17 into 78397b9 - view on LGTM.com new alerts:
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In addition, we could:
- Look for collision with public state variables (in case someone creates a state variable name
fopwCDKKK
) - And maybe check the return type of
DOMAIN_SEPARATOR()
(bytes32
)
slither/detectors/functions/permit_domain_signature_collision.py
Outdated
Show resolved
Hide resolved
This pull request introduces 1 alert when merging 0e264b3 into 719e4e9 - view on LGTM.com new alerts:
|
@@ -21,6 +23,46 @@ def is_declared_by(self, contract: "Contract") -> bool: | |||
""" | |||
return self.contract == contract | |||
|
|||
################################################################################### |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why overwrite the functions from variables
? (
slither/slither/core/variables/variable.py
Lines 142 to 178 in d8e526e
################################################################################### | |
################################################################################### | |
# region Signature | |
################################################################################### | |
################################################################################### | |
@property | |
def signature(self) -> Tuple[str, List[str], List[str]]: | |
""" | |
Return the signature of the state variable as a function signature | |
:return: (str, list(str), list(str)), as (name, list parameters type, list return values type) | |
""" | |
# pylint: disable=import-outside-toplevel | |
from slither.utils.type import ( | |
export_nested_types_from_variable, | |
export_return_type_from_variable, | |
) | |
return ( | |
self.name, | |
[str(x) for x in export_nested_types_from_variable(self)], | |
[str(x) for x in export_return_type_from_variable(self)], | |
) | |
@property | |
def signature_str(self) -> str: | |
""" | |
Return the signature of the state variable as a function signature | |
:return: str: func_name(type1,type2) returns(type3) | |
""" | |
name, parameters, returnVars = self.signature | |
return name + "(" + ",".join(parameters) + ") returns(" + ",".join(returnVars) + ")" | |
@property | |
def solidity_signature(self) -> str: | |
name, parameters, _ = self.signature | |
return f'{name}({",".join(parameters)})' |
I am also not sure about returning str(self.type)
in signature
, and None
for non-public variable
This pull request introduces 1 alert when merging 07964f9 into 7009c33 - view on LGTM.com new alerts:
|
This pull request introduces 1 alert when merging 4301171 into 7009c33 - view on LGTM.com new alerts:
|
… DOMAIN_SEPARATOR
Heuristic: warn if external or public function/ state variable name collides with hash of "DOMAIN_SEPARATOR()" or the return type is not
bytes32
cc @transmissions11