Improve reentrancy detectors #1351
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Fix loop detection (fix #1019) - Add python types
Fix type in function.reacheable_from_functions
- reentrancy-eth/reentrancy-no-eth: do not warn if the function is non reentrant, and there is no other reentrant function that writes to the affected variable - reentrancy-event: do not warm if the function is non reentrant
|
TODO: replace This will help reviewing cross protocol reentrancies |
…ad, and public state variables
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
nonReentrantmodifierreentrancy-eth/reentrancy-no-eth: do not warn if the function is non reentrant, and there is no other reentrant function that writes to the affected variablereentrancy-event: do not warm in the function is non reentrant.function.all_reachable_from_functionslist of all the functions in the call graph that leads tofunctionfunction.is_reentrant: check if the function is reentrant. Here we check if thenonReentrantmodifier is directly applied, or for internal functions if one of the entry points (i.e. one of the public/external function that can reach the targeted function) is lackingnonReentrantI might also improve the
reentrancy-eventfiltering to detect cross-functions reentrancy on event - through this is usually only informational and have a limited impact.Additionally right now
nonReentrantis only checked based on the modifier name. We could compare the source code hash of the known version to increase the confidence.This require additional internal testing before being merged.