Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Relax is_protected heuristic #855

Merged
merged 1 commit into from
Jun 4, 2021
Merged

Relax is_protected heuristic #855

merged 1 commit into from
Jun 4, 2021

Conversation

montyly
Copy link
Member

@montyly montyly commented May 19, 2021

This PR makes onlyOwner to be considered as a safe modifier.

While I think we should avoid hardcoding behaviors based on function/modifier name, I have tried a couple of different heuristics to improve is_protected, based on #401 ideas, but in the end none is as effective as just using the modifier name.

If onlyOwner is incorrectly implemented, this PR will make Slither incorrectly assume that the function is protected.

Overall I think this is a tradeoff that we can follow: we have a couple of detectors that can catch incorrect onlyOwner, and if someone tries to add a backdoor, he will have other ways to fool Slither anyway.

The benefits of using this approach (removing multiple FPs) outweigh the downsides I think.

Fix #401

@montyly montyly merged commit 000c8c0 into dev Jun 4, 2021
@montyly montyly deleted the dev-isprotected branch June 4, 2021 13:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant