Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

implement detector for erc20 tokens that have function collision with… #1334

Merged
merged 7 commits into from
Oct 4, 2022

Conversation

0xalpharush
Copy link
Contributor

@0xalpharush 0xalpharush commented Aug 9, 2022

… DOMAIN_SEPARATOR

  • Also implements solidity sig and return type for public/external state variables

Heuristic: warn if external or public function/ state variable name collides with hash of "DOMAIN_SEPARATOR()" or the return type is not bytes32
cc @transmissions11

@lgtm-com
Copy link

lgtm-com bot commented Aug 9, 2022

This pull request introduces 1 alert when merging f7e22a7 into 5a6b630 - view on LGTM.com

new alerts:

  • 1 for Unused import

@transmissions11
Copy link

amazing thank you so much @0xalpharush!

tests/test_detectors_mocked_contract.py Outdated Show resolved Hide resolved
.github/workflows/features.yml Outdated Show resolved Hide resolved
@lgtm-com
Copy link

lgtm-com bot commented Aug 22, 2022

This pull request introduces 1 alert when merging 406f31b into 78397b9 - view on LGTM.com

new alerts:

  • 1 for Unused import

@0xalpharush 0xalpharush force-pushed the dev-domain-separator-sig-collision branch from 406f31b to 0d04e17 Compare August 22, 2022 20:20
@lgtm-com
Copy link

lgtm-com bot commented Aug 22, 2022

This pull request introduces 1 alert when merging 0d04e17 into 78397b9 - view on LGTM.com

new alerts:

  • 1 for Unused import

Copy link
Member

@montyly montyly left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In addition, we could:

  • Look for collision with public state variables (in case someone creates a state variable name fopwCDKKK)
  • And maybe check the return type of DOMAIN_SEPARATOR() (bytes32)

@0xalpharush 0xalpharush requested a review from montyly September 3, 2022 01:41
@lgtm-com
Copy link

lgtm-com bot commented Sep 3, 2022

This pull request introduces 1 alert when merging 0e264b3 into 719e4e9 - view on LGTM.com

new alerts:

  • 1 for Unused import

@@ -21,6 +23,46 @@ def is_declared_by(self, contract: "Contract") -> bool:
"""
return self.contract == contract

###################################################################################
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why overwrite the functions from variables? (

###################################################################################
###################################################################################
# region Signature
###################################################################################
###################################################################################
@property
def signature(self) -> Tuple[str, List[str], List[str]]:
"""
Return the signature of the state variable as a function signature
:return: (str, list(str), list(str)), as (name, list parameters type, list return values type)
"""
# pylint: disable=import-outside-toplevel
from slither.utils.type import (
export_nested_types_from_variable,
export_return_type_from_variable,
)
return (
self.name,
[str(x) for x in export_nested_types_from_variable(self)],
[str(x) for x in export_return_type_from_variable(self)],
)
@property
def signature_str(self) -> str:
"""
Return the signature of the state variable as a function signature
:return: str: func_name(type1,type2) returns(type3)
"""
name, parameters, returnVars = self.signature
return name + "(" + ",".join(parameters) + ") returns(" + ",".join(returnVars) + ")"
@property
def solidity_signature(self) -> str:
name, parameters, _ = self.signature
return f'{name}({",".join(parameters)})'
)

I am also not sure about returning str(self.type) in signature, and None for non-public variable

@lgtm-com
Copy link

lgtm-com bot commented Oct 4, 2022

This pull request introduces 1 alert when merging 07964f9 into 7009c33 - view on LGTM.com

new alerts:

  • 1 for Unused import

@lgtm-com
Copy link

lgtm-com bot commented Oct 4, 2022

This pull request introduces 1 alert when merging 4301171 into 7009c33 - view on LGTM.com

new alerts:

  • 1 for Unused import

@montyly montyly merged commit a78b62d into dev Oct 4, 2022
@montyly montyly deleted the dev-domain-separator-sig-collision branch October 4, 2022 11:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants