Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix[lang]: fix uses analysis for nonreentrant functions #3927

Merged
merged 12 commits into from
Apr 12, 2024
Merged

fix[lang]: fix uses analysis for nonreentrant functions #3927

merged 12 commits into from
Apr 12, 2024

Conversation

charles-cooper
Copy link
Member

@charles-cooper charles-cooper commented Apr 9, 2024
edited
Loading

fixes #3922

What I did

How I did it

How to verify it

Commit message

`uses` analysis ignores nonreentrant functions, even though those that
(implicitly) use state.

this commit adds checks both for internally (called) and external
(exported) modules

misc/refactor:
- factor out `uses_state()` util
- rename `validate_functions` to more accurate `analyze_functions`
- improve locality of exceptions thrown in check_module_uses

Description for the changelog

Cute Animal Picture

Put a link to a cute animal picture inside the parenthesis-->

@charles-cooper
fix[lang]: fix uses analysis for nonreentrant functions
471a864 
`uses` analysis ignores nonreentrant functions, even those (implicitly)
use state.

this commit adds checks both for internally (called) and external
(exported) modules
@charles-cooper
refactor: factor out uses_state util
9db4bfb 
also, rename `validate_functions` to more accurate `analyze_functions`
github-advanced-security[bot]
github-advanced-security bot found potential problems Apr 9, 2024
View reviewed changes
vyper/semantics/analysis/utils.py Dismissed Show dismissed Hide dismissed
@codecov-commenter
Copy link

codecov-commenter commented Apr 9, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 90.81%. Comparing base (75fb059) to head (d899831).
Report is 1 commits behind head on master.

❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #3927      +/-   ##
==========================================
- Coverage   90.84%   90.81%   -0.04%     
==========================================
  Files          95       95              
  Lines       14413    14416       +3     
  Branches     3192     3192              
==========================================
- Hits        13094    13092       -2     
- Misses        913      917       +4     
- Partials      406      407       +1

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@charles-cooper charles-cooper marked this pull request as ready for review April 9, 2024 12:57
pcaversaccio
pcaversaccio reviewed Apr 11, 2024
View reviewed changes
Copy link
Collaborator

@pcaversaccio pcaversaccio left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Right now the error message is very generic:

vyper.exceptions.ImmutableViolation: Cannot access `lib` state!

In most cases, this will work but it might be confusing if a nonreentrant decorator is used because it might not be obvious. I would recommend either issuing a separate error message if a nonreentrant decorator is used or amend the currently existing generic error message.

Furthermore, the compiler currently doesn't raise if block and transaction properties (e.g. block.number or msg.gas) or self / self.balance is used:

# lib.vy
@internal
def _foo() -> address:
    return self

# main.vy
import lib

@external
def foo() -> address:
    return lib._foo()

Q: Should we treat these properties as well as state accesses in an extended sense, since e.g. self is an immutable variable in the strict sense as it resolves at construction time and not at compile-time.

cyberthirst
cyberthirst approved these changes Apr 11, 2024
View reviewed changes
Copy link
Collaborator

@cyberthirst cyberthirst left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@cyberthirst
Copy link
Collaborator

Right now the error message is very generic:

vyper.exceptions.ImmutableViolation: Cannot access `lib` state!

In most cases, this will work but it might be confusing if a nonreentrant decorator is used because it might not be obvious.

agreed

Furthermore, the compiler currently doesn't raise if block and transaction properties (e.g. block.number or msg.gas) or self / self.balance is used:

what we're interested in is marking the access to modules, not to state per see

the lock is somewhat an exception as it implicitly accessible by all modules

@cyberthirst
Copy link
Collaborator

Should we treat these properties as well as state accesses in an extended sense, since e.g. self is an immutable variable in the strict sense as it resolves at construction time and not at compile-time

I'd say we already do that, eg the following contracts won't compile:

# ex1
@external
@pure
def foo() -> address:
    return self
    
 # ex2
 @external
@pure
def foo() -> uint256:
    return block.number

@charles-cooper
Copy link
Member Author

Q: Should we treat these properties as well as state accesses in an extended sense, since e.g. self is an immutable variable in the strict sense as it resolves at construction time and not at compile-time.

no, these have more to do with environment access (you can think of them like "intrinsics" or "syscalls") and are not directly related to the language's module system

@charles-cooper
Copy link
Member Author

charles-cooper commented Apr 12, 2024
edited
Loading

Right now the error message is very generic:

vyper.exceptions.ImmutableViolation: Cannot access `lib` state!

In most cases, this will work but it might be confusing if a nonreentrant decorator is used because it might not be obvious. I would recommend either issuing a separate error message if a nonreentrant decorator is used or amend the currently existing generic error message.

opted for the latter: eaa5988

@charles-cooper charles-cooper enabled auto-merge (squash) April 12, 2024 15:33
@charles-cooper charles-cooper merged commit cb94068 into vyperlang:master Apr 12, 2024
148 checks passed
@charles-cooper charles-cooper deleted the fix/using-nonreentrant branch April 12, 2024 16:22
electriclilies pushed a commit to electriclilies/vyper that referenced this pull request Apr 27, 2024
@charles-cooper @electriclilies
fix[lang]: fix uses analysis for nonreentrant functions (vyperlang#…
bb1e03b 
…3927)

`uses` analysis ignores nonreentrant functions, even though those that
(implicitly) use state.

this commit adds checks both for internally (called) and external
(exported) modules

misc/refactor:
- factor out `uses_state()` util
- rename `validate_functions` to more accurate `analyze_functions`
- improve locality of exceptions thrown in check_module_uses
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cyberthirst cyberthirst cyberthirst approved these changes

@pcaversaccio pcaversaccio pcaversaccio approved these changes

@fubuloubu fubuloubu Awaiting requested review from fubuloubu

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

attribute error due to missing reentrancy_key_position
4 participants
@charles-cooper @codecov-commenter @cyberthirst @pcaversaccio