From b0c2ed7820e3eeeefd16043d4a200b4ed3b9c684 Mon Sep 17 00:00:00 2001 From: Tilak Madichetti Date: Fri, 2 Aug 2024 14:37:28 +0530 Subject: [PATCH] Detector: Tautology or contradiction (#623) Co-authored-by: Alex Roan --- Cargo.lock | 452 +++++++------ aderyn_core/Cargo.toml | 8 +- aderyn_core/src/detect/detector.rs | 5 + aderyn_core/src/detect/high/mod.rs | 2 + .../detect/high/tautology_or_contradiction.rs | 611 ++++++++++++++++++ .../adhoc-sol-files-highs-only-report.json | 1 + reports/report.json | 60 +- reports/report.md | 91 ++- reports/report.sarif | 86 +++ .../src/TautologyOrContradiction.sol | 18 + 10 files changed, 1099 insertions(+), 235 deletions(-) create mode 100644 aderyn_core/src/detect/high/tautology_or_contradiction.rs create mode 100644 tests/contract-playground/src/TautologyOrContradiction.sol diff --git a/Cargo.lock b/Cargo.lock index d7ac1aa65..a8d018b2a 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -33,7 +33,7 @@ dependencies = [ "semver 1.0.23", "serde", "serde_json", - "strum 0.26.2", + "strum 0.26.3", ] [[package]] @@ -46,6 +46,8 @@ dependencies = [ "eyre", "ignore", "lazy-regex", + "num-bigint", + "num-traits", "once_cell", "phf", "prettytable", @@ -56,7 +58,7 @@ dependencies = [ "serde_json", "serde_repr", "serial_test", - "strum 0.26.2", + "strum 0.26.3", "toml", ] @@ -98,7 +100,7 @@ dependencies = [ "cfg-if", "once_cell", "version_check", - "zerocopy", + "zerocopy 0.7.35", ] [[package]] @@ -118,20 +120,20 @@ checksum = "5c6cb57a04249c6480766f7f7cef5467412af1490f8d1e243141daddada3264f" [[package]] name = "alloy-chains" -version = "0.1.22" +version = "0.1.24" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "04e9a1892803b02f53e25bea3e414ddd0501f12d97456c9d5ade4edf88f9516f" +checksum = "47ff94ce0f141c2671c23d02c7b88990dd432856639595c5d010663d017c2c58" dependencies = [ "num_enum", "serde", - "strum 0.26.2", + "strum 0.26.3", ] [[package]] name = "alloy-json-abi" -version = "0.7.6" +version = "0.7.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "aaeaccd50238126e3a0ff9387c7c568837726ad4f4e399b528ca88104d6c25ef" +checksum = "bc05b04ac331a9f07e3a4036ef7926e49a8bf84a99a1ccfc7e2ab55a5fcbb372" dependencies = [ "alloy-primitives", "alloy-sol-type-parser", @@ -141,9 +143,9 @@ dependencies = [ [[package]] name = "alloy-primitives" -version = "0.7.6" +version = "0.7.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f783611babedbbe90db3478c120fb5f5daacceffc210b39adc0af4fe0da70bad" +checksum = "ccb3ead547f4532bc8af961649942f0b9c16ee9226e26caa3f38420651cc0bf4" dependencies = [ "alloy-rlp", "bytes", @@ -164,9 +166,9 @@ dependencies = [ [[package]] name = "alloy-rlp" -version = "0.3.5" +version = "0.3.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b155716bab55763c95ba212806cf43d05bcc70e5f35b02bad20cf5ec7fe11fed" +checksum = "a43b18702501396fa9bcdeecd533bc85fac75150d308fc0f6800a01e6234a003" dependencies = [ "arrayvec", "bytes", @@ -174,11 +176,12 @@ dependencies = [ [[package]] name = "alloy-sol-type-parser" -version = "0.7.6" +version = "0.7.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "baa2fbd22d353d8685bd9fee11ba2d8b5c3b1d11e56adb3265fcf1f32bfdf404" +checksum = "cbcba3ca07cf7975f15d871b721fb18031eec8bce51103907f6dcce00b255d98" dependencies = [ - "winnow 0.6.13", + "serde", + "winnow 0.6.18", ] [[package]] @@ -189,9 +192,9 @@ checksum = "4b46cbb362ab8752921c97e041f5e366ee6297bd428a31275b9fcf1e380f7299" [[package]] name = "anstream" -version = "0.6.14" +version = "0.6.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "418c75fa768af9c03be99d17643f93f79bbba589895012a80e3452a19ddda15b" +checksum = "64e15c1ab1f89faffbf04a634d5e1962e9074f2741eef6d97f3c4e322426d526" dependencies = [ "anstyle", "anstyle-parse", @@ -204,33 +207,33 @@ dependencies = [ [[package]] name = "anstyle" -version = "1.0.7" +version = "1.0.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "038dfcf04a5feb68e9c60b21c9625a54c2c0616e79b72b0fd87075a056ae1d1b" +checksum = "1bec1de6f59aedf83baf9ff929c98f2ad654b97c9510f4e70cf6f661d49fd5b1" [[package]] name = "anstyle-parse" -version = "0.2.4" +version = "0.2.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c03a11a9034d92058ceb6ee011ce58af4a9bf61491aa7e1e59ecd24bd40d22d4" +checksum = "eb47de1e80c2b463c735db5b217a0ddc39d612e7ac9e2e96a5aed1f57616c1cb" dependencies = [ "utf8parse", ] [[package]] name = "anstyle-query" -version = "1.1.0" +version = "1.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ad186efb764318d35165f1758e7dcef3b10628e26d41a44bc5550652e6804391" +checksum = "6d36fc52c7f6c869915e99412912f22093507da8d9e942ceaf66fe4b7c14422a" dependencies = [ "windows-sys 0.52.0", ] [[package]] name = "anstyle-wincon" -version = "3.0.3" +version = "3.0.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "61a38449feb7068f52bb06c12759005cf459ee52bb4adc1d5a7c4322d716fb19" +checksum = "5bf74e1b6e971609db8ca7a9ce79fd5768ab6ae46441c572e46cf596f59e57f8" dependencies = [ "anstyle", "windows-sys 0.52.0", @@ -407,7 +410,7 @@ checksum = "3c87f3f15e7794432337fc718554eaa4dc8f04c9677a950ffe366f20a162ae42" dependencies = [ "proc-macro2", "quote", - "syn 2.0.67", + "syn 2.0.72", ] [[package]] @@ -472,9 +475,9 @@ checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a" [[package]] name = "bitflags" -version = "2.5.0" +version = "2.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cf4b9d6a944f767f8e5e0db018570623c85f3d925ac718db4e06d0187adb21c1" +checksum = "b048fb63fd8b5923fc5aa7b340d8e156aec7ec02f0c78fa8a6ddc2613f6f71de" [[package]] name = "bitvec" @@ -499,9 +502,9 @@ dependencies = [ [[package]] name = "bstr" -version = "1.9.1" +version = "1.10.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "05efc5cfd9110c8416e471df0e96702d58690178e206e61b7173706673c93706" +checksum = "40723b8fb387abc38f4f4a37c09073622e41dd12327033091ef8950659e6dc0c" dependencies = [ "memchr", "serde", @@ -527,9 +530,9 @@ checksum = "c3ac9f8b63eca6fd385229b3675f6cc0dc5c8a5c8a54a59d4f52ffd670d87b0c" [[package]] name = "bytemuck" -version = "1.16.1" +version = "1.16.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b236fc92302c97ed75b38da1f4917b5cdda4984745740f153a5d3059e48d725e" +checksum = "102087e286b4677862ea56cf8fc58bb2cdfa8725c40ffb80fe3a008eb7f2fc83" [[package]] name = "byteorder" @@ -539,9 +542,9 @@ checksum = "1fd0f2584146f6f2ef48085050886acf353beff7305ebd1ae69500e27c67f64b" [[package]] name = "bytes" -version = "1.6.0" +version = "1.7.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "514de17de45fdb8dc022b1a7975556c53c86f9f0aa5f534b98977b171857c2c9" +checksum = "8318a53db07bb3f8dca91a600466bdb3f2eaadeedfdbcf02e1accbad9271ba50" dependencies = [ "serde", ] @@ -554,9 +557,9 @@ checksum = "37b2a672a2cb129a2e41c10b1224bb368f9f37a2b16b612598138befd7b37eb5" [[package]] name = "cc" -version = "1.0.100" +version = "1.1.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c891175c3fb232128f48de6590095e59198bbeb8620c310be349bfc3afd12c7b" +checksum = "26a5c3fd7bfa1ce3897a3a3501d362b2d87b7f2583ebcb4a949ec25911025cbc" [[package]] name = "cfg-if" @@ -593,9 +596,9 @@ dependencies = [ [[package]] name = "clap" -version = "4.5.7" +version = "4.5.13" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5db83dced34638ad474f39f250d7fea9598bdd239eaced1bdf45d597da0f433f" +checksum = "0fbb260a053428790f3de475e304ff84cdbc4face759ea7a3e64c1edd938a7fc" dependencies = [ "clap_builder", "clap_derive", @@ -603,9 +606,9 @@ dependencies = [ [[package]] name = "clap_builder" -version = "4.5.7" +version = "4.5.13" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f7e204572485eb3fbf28f871612191521df159bc3e15a9f5064c66dba3a8c05f" +checksum = "64b17d7ea74e9f833c7dbf2cbe4fb12ff26783eda4782a8975b72f895c9b4d99" dependencies = [ "anstream", "anstyle", @@ -615,27 +618,27 @@ dependencies = [ [[package]] name = "clap_derive" -version = "4.5.5" +version = "4.5.13" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c780290ccf4fb26629baa7a1081e68ced113f1d3ec302fa5948f1c381ebf06c6" +checksum = "501d359d5f3dcaf6ecdeee48833ae73ec6e42723a1e52419c79abf9507eec0a0" dependencies = [ "heck 0.5.0", "proc-macro2", "quote", - "syn 2.0.67", + "syn 2.0.72", ] [[package]] name = "clap_lex" -version = "0.7.1" +version = "0.7.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4b82cf0babdbd58558212896d1a4272303a57bdb245c2bf1147185fb45640e70" +checksum = "1462739cb27611015575c0c11df5df7601141071f07518d56fcc1be504cbec97" [[package]] name = "colorchoice" -version = "1.0.1" +version = "1.0.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0b6a852b24ab71dffc585bcb46eaf7959d175cb865a7152e35b348d1b2960422" +checksum = "d3fd119d74b830634cea2a0f58bbd0d54540518a14397557951e79340abc28c0" [[package]] name = "const-hex" @@ -878,7 +881,7 @@ dependencies = [ "solang-parser", "thiserror", "toml", - "toml_edit 0.22.14", + "toml_edit 0.22.20", "tracing", "walkdir", ] @@ -947,7 +950,7 @@ checksum = "67e77553c4162a157adbf834ebae5b415acbecbeafc7a74b0e886657506a7611" dependencies = [ "proc-macro2", "quote", - "syn 2.0.67", + "syn 2.0.72", ] [[package]] @@ -991,7 +994,7 @@ dependencies = [ "proc-macro2", "quote", "rustc_version 0.4.0", - "syn 2.0.67", + "syn 2.0.72", ] [[package]] @@ -1065,7 +1068,7 @@ checksum = "97369cbbc041bc366949bc74d34658d6cda5621039731c6310521892a3a20ae0" dependencies = [ "proc-macro2", "quote", - "syn 2.0.67", + "syn 2.0.72", ] [[package]] @@ -1096,9 +1099,9 @@ dependencies = [ [[package]] name = "either" -version = "1.12.0" +version = "1.13.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3dca9240753cf90908d7e4aac30f630662b02aebaa1b58a3cadabdb23385b58b" +checksum = "60b1af1c220855b6ceac025d3f6ecdd2b7c4894bfe9cd9bda4fbb4bc7c0d4cf0" [[package]] name = "elliptic-curve" @@ -1136,13 +1139,13 @@ checksum = "34aa73646ffb006b8f5147f3dc182bd4bcb190227ce861fc4a4844bf8e3cb2c0" [[package]] name = "enumn" -version = "0.1.13" +version = "0.1.14" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6fd000fd6988e73bbe993ea3db9b1aa64906ab88766d654973924340c8cddb42" +checksum = "2f9ed6b3789237c8a0c1c505af1c7eb2c560df6186f01b098c3a1064ea532f38" dependencies = [ "proc-macro2", "quote", - "syn 2.0.67", + "syn 2.0.72", ] [[package]] @@ -1323,7 +1326,7 @@ dependencies = [ "svm-rs-builds", "thiserror", "tracing", - "winnow 0.6.13", + "winnow 0.6.18", "yansi", ] @@ -1637,9 +1640,9 @@ dependencies = [ [[package]] name = "http-body" -version = "1.0.0" +version = "1.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1cac85db508abc24a2e48553ba12a996e87244a0395ce011e62b37158745d643" +checksum = "1efedce1fb8e6913f23e0c92de8e62cd5b772a67e7b3946df930a62566c93184" dependencies = [ "bytes", "http", @@ -1666,9 +1669,9 @@ checksum = "0fcc0b4a115bf80b728eb8ea024ad5bd707b615bfed49e0665b6e0f86fd082d9" [[package]] name = "hyper" -version = "1.3.1" +version = "1.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fe575dd17d0862a9a33781c8c4696a55c320909004a67a00fb286ba8b1bc496d" +checksum = "50dfd22e0e76d0f662d429a5f80fcaf3855009297eab6a0a9f8543834744ba05" dependencies = [ "bytes", "futures-channel", @@ -1704,9 +1707,9 @@ dependencies = [ [[package]] name = "hyper-util" -version = "0.1.5" +version = "0.1.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7b875924a60b96e5d7b9ae7b066540b1dd1cbd90d1828f54c92e02a283351c56" +checksum = "3ab92f4f49ee4fb4f997c784b7a2e0fa70050211e0b6a287f898c3c9785ca956" dependencies = [ "bytes", "futures-channel", @@ -1782,9 +1785,9 @@ checksum = "ce23b50ad8242c51a442f3ff322d56b02f08852c77e4c0b4d3fd684abc89c683" [[package]] name = "indexmap" -version = "2.2.6" +version = "2.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "168fb715dda47215e360912c096649d23d58bf392ac62f73919e831745e40f26" +checksum = "de3fc2e30ba82dd1b3911c8de1ffc143c74a914a14e99514d7637e3099df5ea0" dependencies = [ "equivalent", "hashbrown", @@ -1841,9 +1844,9 @@ dependencies = [ [[package]] name = "is_terminal_polyfill" -version = "1.70.0" +version = "1.70.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f8478577c03552c21db0e2724ffb8986a5ce7af88107e6be5d2ee6e158c12800" +checksum = "7943c866cc5cd64cbc25b2e01621d07fa8eb2a1a23160ee81ce38704e97b8ecf" [[package]] name = "itertools" @@ -1989,7 +1992,7 @@ dependencies = [ "proc-macro2", "quote", "regex", - "syn 2.0.67", + "syn 2.0.72", ] [[package]] @@ -2016,7 +2019,7 @@ version = "0.1.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c0ff37bd590ca25063e35af745c343cb7a0271906fb7b37e4813e8f79f00268d" dependencies = [ - "bitflags 2.5.0", + "bitflags 2.6.0", "libc", ] @@ -2044,9 +2047,9 @@ checksum = "9374ef4228402d4b7e403e5838cb880d9ee663314b0a900d5a6aabf0c213552e" [[package]] name = "log" -version = "0.4.21" +version = "0.4.22" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "90ed8c1e510134f979dbc4f070f87d4313098b704861a105fe34231c70a3901c" +checksum = "a7a70ba024b9dc04c27ea2f0c0548feb474ec5c54bba33a7f72f873a39d07b24" [[package]] name = "md-5" @@ -2109,6 +2112,18 @@ dependencies = [ "windows-sys 0.48.0", ] +[[package]] +name = "mio" +version = "1.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4569e456d394deccd22ce1c1913e6ea0e54519f577285001215d33557431afe4" +dependencies = [ + "hermit-abi", + "libc", + "wasi", + "windows-sys 0.52.0", +] + [[package]] name = "new_debug_unreachable" version = "1.0.6" @@ -2121,7 +2136,7 @@ version = "6.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6205bd8bb1e454ad2e27422015fb5e4f2bcc7e08fa8f27058670d208324a4d2d" dependencies = [ - "bitflags 2.5.0", + "bitflags 2.6.0", "crossbeam-channel", "filetime", "fsevent-sys", @@ -2129,7 +2144,7 @@ dependencies = [ "kqueue", "libc", "log", - "mio", + "mio 0.8.11", "walkdir", "windows-sys 0.48.0", ] @@ -2150,9 +2165,9 @@ dependencies = [ [[package]] name = "num-bigint" -version = "0.4.5" +version = "0.4.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c165a9ab64cf766f73521c0dd2cfdff64f488b8f0b3e621face3462d3db536d7" +checksum = "a5e44f723f1133c9deac646763579fdb3ac745e418f2a7af9cd0c431da1f20b9" dependencies = [ "num-integer", "num-traits", @@ -2177,34 +2192,24 @@ dependencies = [ "libm", ] -[[package]] -name = "num_cpus" -version = "1.16.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4161fcb6d602d4d2081af7c3a45852d875a03dd337a6bfdd6e06407b61342a43" -dependencies = [ - "hermit-abi", - "libc", -] - [[package]] name = "num_enum" -version = "0.7.2" +version = "0.7.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "02339744ee7253741199f897151b38e72257d13802d4ee837285cc2990a90845" +checksum = "4e613fc340b2220f734a8595782c551f1250e969d87d3be1ae0579e8d4065179" dependencies = [ "num_enum_derive", ] [[package]] name = "num_enum_derive" -version = "0.7.2" +version = "0.7.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "681030a937600a36906c185595136d26abfebb4aa9c65701cefcaf8578bb982b" +checksum = "af1844ef2428cc3e1cb900be36181049ef3d3193c63e43026cfe202983b27a56" dependencies = [ "proc-macro2", "quote", - "syn 2.0.67", + "syn 2.0.72", ] [[package]] @@ -2215,9 +2220,9 @@ checksum = "830b246a0e5f20af87141b25c173cd1b609bd7779a4617d6ec582abaf90870f3" [[package]] name = "object" -version = "0.36.0" +version = "0.36.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "576dfe1fc8f9df304abb159d767a29d0476f7750fbf8aa7ad07816004a207434" +checksum = "3f203fa8daa7bb185f760ae12bd8e097f63d17041dcdcaf675ac54cdf863170e" dependencies = [ "memchr", ] @@ -2230,9 +2235,9 @@ checksum = "3fdb12b2476b595f9358c5161aa467c2438859caa136dec86c26fdd2efe17b92" [[package]] name = "oorandom" -version = "11.1.3" +version = "11.1.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0ab1bc2a289d34bd04a330323ac98a1b4bc82c9d9fcb1e66b63caa84da26b575" +checksum = "b410bbe7e14ab526a0e86877eb47c6996a2bd7746f027ba551028c925390e4e9" [[package]] name = "openssl-probe" @@ -2290,9 +2295,9 @@ checksum = "1e401f977ab385c9e4e3ab30627d6f26d00e2c73eef317493c4ec6d468726cf8" dependencies = [ "cfg-if", "libc", - "redox_syscall 0.5.2", + "redox_syscall 0.5.3", "smallvec", - "windows-targets 0.52.5", + "windows-targets 0.52.6", ] [[package]] @@ -2327,7 +2332,7 @@ dependencies = [ "proc-macro2", "proc-macro2-diagnostics", "quote", - "syn 2.0.67", + "syn 2.0.72", ] [[package]] @@ -2338,9 +2343,9 @@ checksum = "e3148f5046208a5d56bcfc03053e3ca6334e51da8dfb19b6cdc8b306fae3283e" [[package]] name = "pest" -version = "2.7.10" +version = "2.7.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "560131c633294438da9f7c4b08189194b20946c8274c6b9e38881a7874dc8ee8" +checksum = "cd53dff83f26735fdc1ca837098ccf133605d794cdae66acfc2bfac3ec809d95" dependencies = [ "memchr", "thiserror", @@ -2387,7 +2392,7 @@ dependencies = [ "phf_shared 0.11.2", "proc-macro2", "quote", - "syn 2.0.67", + "syn 2.0.72", ] [[package]] @@ -2425,7 +2430,7 @@ checksum = "2f38a4412a78282e09a2cf38d195ea5420d15ba0602cb375210efbc877243965" dependencies = [ "proc-macro2", "quote", - "syn 2.0.67", + "syn 2.0.72", ] [[package]] @@ -2480,9 +2485,12 @@ dependencies = [ [[package]] name = "ppv-lite86" -version = "0.2.17" +version = "0.2.18" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5b40af805b3121feab8a3c29f04d8ad262fa8e0561883e7653e024ae4479e6de" +checksum = "dee4364d9f3b902ef14fab8a1ddffb783a1cb6b4bba3bfc1fa3922732c7de97f" +dependencies = [ + "zerocopy 0.6.6", +] [[package]] name = "precomputed-hash" @@ -2497,7 +2505,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5f12335488a2f3b0a83b14edad48dca9879ce89b2edd10e80237e4e852dd645e" dependencies = [ "proc-macro2", - "syn 2.0.67", + "syn 2.0.72", ] [[package]] @@ -2551,7 +2559,7 @@ checksum = "af066a9c399a26e020ada66a034357a868728e72cd426f3adcd35f80d88d88c8" dependencies = [ "proc-macro2", "quote", - "syn 2.0.67", + "syn 2.0.72", "version_check", "yansi", ] @@ -2564,7 +2572,7 @@ checksum = "b4c2511913b88df1637da85cc8d96ec8e43a3f8bb8ccb71ee1ac240d6f3df58d" dependencies = [ "bit-set", "bit-vec", - "bitflags 2.5.0", + "bitflags 2.6.0", "lazy_static", "num-traits", "rand", @@ -2678,14 +2686,13 @@ dependencies = [ [[package]] name = "quinn-udp" -version = "0.5.2" +version = "0.5.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9096629c45860fc7fb143e125eb826b5e721e10be3263160c7d60ca832cf8c46" +checksum = "8bffec3605b73c6f1754535084a85229fa8a30f86014e6c81aeec4abb68b0285" dependencies = [ "libc", "once_cell", "socket2", - "tracing", "windows-sys 0.52.0", ] @@ -2774,11 +2781,11 @@ dependencies = [ [[package]] name = "redox_syscall" -version = "0.5.2" +version = "0.5.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c82cf8cff14456045f55ec4241383baeff27af886adb72ffb2162f99911de0fd" +checksum = "2a908a6e00f1fdd0dfd9c0eb08ce85126f6d8bbda50017e74bc4a4b7d4a926a4" dependencies = [ - "bitflags 2.5.0", + "bitflags 2.6.0", ] [[package]] @@ -2873,7 +2880,7 @@ checksum = "902184a7a781550858d4b96707098da357429f1e4545806fd5b589f455555cf2" dependencies = [ "alloy-primitives", "auto_impl", - "bitflags 2.5.0", + "bitflags 2.6.0", "bitvec", "cfg-if", "dyn-clone", @@ -2989,7 +2996,7 @@ version = "0.38.34" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "70dc5ec042f7a43c4a73241207cecc9873a06d45debb38b329f8541d85c2730f" dependencies = [ - "bitflags 2.5.0", + "bitflags 2.6.0", "errno", "libc", "linux-raw-sys", @@ -2998,9 +3005,9 @@ dependencies = [ [[package]] name = "rustls" -version = "0.23.10" +version = "0.23.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "05cff451f60db80f490f3c182b77c35260baace73209e9cdbbe526bfe3a4d402" +checksum = "c58f8c84392efc0a126acce10fa59ff7b3d2ac06ab451a33f2741989b806b044" dependencies = [ "once_cell", "ring", @@ -3012,9 +3019,9 @@ dependencies = [ [[package]] name = "rustls-native-certs" -version = "0.7.0" +version = "0.7.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8f1fb85efa936c42c6d5fc28d2629bb51e4b2f4b8a5211e297d599cc5a093792" +checksum = "a88d6d420651b496bdd98684116959239430022a115c1240e6c3993be0b15fba" dependencies = [ "openssl-probe", "rustls-pemfile", @@ -3041,9 +3048,9 @@ checksum = "976295e77ce332211c0d24d92c0e83e50f5c5f046d11082cea19f3df13a3562d" [[package]] name = "rustls-webpki" -version = "0.102.4" +version = "0.102.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ff448f7e92e913c4b7d4c6d8e4540a1724b319b4152b8aef6d4cf8339712b33e" +checksum = "8e6b52d4fda176fd835fdc55a835d4a89b8499cad995885a21149d5ad62f852e" dependencies = [ "ring", "rustls-pki-types", @@ -3085,9 +3092,9 @@ dependencies = [ [[package]] name = "scc" -version = "2.1.1" +version = "2.1.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "76ad2bbb0ae5100a07b7a6f2ed7ab5fd0045551a4c507989b7a620046ea3efdc" +checksum = "05ccfb12511cdb770157ace92d7dda771e498445b78f9886e8cdbc5140a4eced" dependencies = [ "sdd", ] @@ -3136,9 +3143,9 @@ checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49" [[package]] name = "sdd" -version = "0.2.0" +version = "2.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b84345e4c9bd703274a082fb80caaa99b7612be48dfaa1dd9266577ec412309d" +checksum = "177258b64c0faaa9ffd3c65cd3262c2bc7e2588dbbd9c1641d0346145c1bbda8" [[package]] name = "sec1" @@ -3156,11 +3163,11 @@ dependencies = [ [[package]] name = "security-framework" -version = "2.11.0" +version = "2.11.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c627723fd09706bacdb5cf41499e95098555af3c3c29d014dc3c458ef6be11c0" +checksum = "897b2245f0b511c87893af39b033e5ca9cce68824c4d7e7630b5a1d339658d02" dependencies = [ - "bitflags 2.5.0", + "bitflags 2.6.0", "core-foundation", "core-foundation-sys", "libc", @@ -3169,9 +3176,9 @@ dependencies = [ [[package]] name = "security-framework-sys" -version = "2.11.0" +version = "2.11.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "317936bbbd05227752583946b9e66d7ce3b489f84e11a94a510b4437fef407d7" +checksum = "75da29fe9b9b08fe9d6b22b5b4bcbc75d8db3aa31e639aa56bb62e9d46bfceaf" dependencies = [ "core-foundation-sys", "libc", @@ -3206,9 +3213,9 @@ dependencies = [ [[package]] name = "serde" -version = "1.0.203" +version = "1.0.204" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7253ab4de971e72fb7be983802300c30b5a7f0c2e56fab8abfc6a214307c0094" +checksum = "bc76f558e0cbb2a839d37354c575f1dc3fdc6546b5be373ba43d95f231bf7c12" dependencies = [ "serde_derive", ] @@ -3229,29 +3236,30 @@ dependencies = [ "serde_json", "strum 0.25.0", "strum_macros 0.24.3", - "syn 2.0.67", + "syn 2.0.72", "thiserror", ] [[package]] name = "serde_derive" -version = "1.0.203" +version = "1.0.204" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "500cbc0ebeb6f46627f50f3f5811ccf6bf00643be300b4c3eabc0ef55dc5b5ba" +checksum = "e0cd7e117be63d3c3678776753929474f3b04a43a080c744d6b0ae2a8c28e222" dependencies = [ "proc-macro2", "quote", - "syn 2.0.67", + "syn 2.0.72", ] [[package]] name = "serde_json" -version = "1.0.117" +version = "1.0.122" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "455182ea6142b14f93f4bc5320a2b31c1f266b66a4a5c858b013302a5d8cbfc3" +checksum = "784b6203951c57ff748476b126ccb5e8e2959a5c19e5c617ab1956be3dbc68da" dependencies = [ "indexmap", "itoa", + "memchr", "ryu", "serde", ] @@ -3274,14 +3282,14 @@ checksum = "6c64451ba24fc7a6a2d60fc75dd9c83c90903b19028d4eff35e88fc1e86564e9" dependencies = [ "proc-macro2", "quote", - "syn 2.0.67", + "syn 2.0.72", ] [[package]] name = "serde_spanned" -version = "0.6.6" +version = "0.6.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "79e674e01f999af37c49f70a6ede167a8a60b2503e56c5599532a65baa5969a0" +checksum = "eb5b1b31579f3811bf615c144393417496f152e12ac8b7663bf664f4a815306d" dependencies = [ "serde", ] @@ -3320,7 +3328,7 @@ checksum = "82fe9db325bcef1fbcde82e078a5cc4efdf787e96b3b9cf45b50b529f2083d67" dependencies = [ "proc-macro2", "quote", - "syn 2.0.67", + "syn 2.0.72", ] [[package]] @@ -3460,9 +3468,9 @@ checksum = "290d54ea6f91c969195bdbcd7442c8c2a2ba87da8bf60a7ee86a235d4bc1e125" [[package]] name = "strum" -version = "0.26.2" +version = "0.26.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5d8cec3501a5194c432b2b7976db6b7d10ec95c253208b45f83f7136aa985e29" +checksum = "8fec0f0aef304996cf250b31b5a10dee7980c85da9d759361292b8bca5a18f06" dependencies = [ "strum_macros 0.26.4", ] @@ -3490,14 +3498,14 @@ dependencies = [ "proc-macro2", "quote", "rustversion", - "syn 2.0.67", + "syn 2.0.72", ] [[package]] name = "subtle" -version = "2.6.0" +version = "2.6.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0d0208408ba0c3df17ed26eb06992cb1a1268d41b2c0e12e65203fbe3972cee5" +checksum = "13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292" [[package]] name = "svm-rs" @@ -3545,9 +3553,9 @@ dependencies = [ [[package]] name = "syn" -version = "2.0.67" +version = "2.0.72" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ff8655ed1d86f3af4ee3fd3263786bc14245ad17c4c7e85ba7187fb3ae028c90" +checksum = "dc4b9b9bf2add8093d3f2c0204471e951b2285580335de42f9d2534f3ae7a8af" dependencies = [ "proc-macro2", "quote", @@ -3568,9 +3576,9 @@ checksum = "55937e1799185b12863d447f42597ed69d9928686b8d88a1df17376a097d8369" [[package]] name = "target-lexicon" -version = "0.12.14" +version = "0.12.16" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e1fc403891a21bcfb7c37834ba66a547a8f402146eba7265b5a6d88059c9ff2f" +checksum = "61c41af27dd6d1e27b1b16b489db798443478cef1f06a660c96db617ba5de3b1" [[package]] name = "tempfile" @@ -3597,22 +3605,22 @@ dependencies = [ [[package]] name = "thiserror" -version = "1.0.61" +version = "1.0.63" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c546c80d6be4bc6a00c0f01730c08df82eaa7a7a61f11d656526506112cc1709" +checksum = "c0342370b38b6a11b6cc11d6a805569958d54cfa061a29969c3b5ce2ea405724" dependencies = [ "thiserror-impl", ] [[package]] name = "thiserror-impl" -version = "1.0.61" +version = "1.0.63" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "46c3384250002a6d5af4d114f2845d37b57521033f30d5c3f46c4d70e1197533" +checksum = "a4558b58466b9ad7ca0f102865eccc95938dca1a74a856f2b57b6629050da261" dependencies = [ "proc-macro2", "quote", - "syn 2.0.67", + "syn 2.0.72", ] [[package]] @@ -3636,9 +3644,9 @@ dependencies = [ [[package]] name = "tinyvec" -version = "1.6.0" +version = "1.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "87cc5ceb3875bb20c2890005a4e226a4651264a5c75edb2421b52861a0a0cb50" +checksum = "445e881f4f6d382d5f27c034e25eb92edd7c784ceab92a0937db7f2e9471b938" dependencies = [ "tinyvec_macros", ] @@ -3651,18 +3659,17 @@ checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20" [[package]] name = "tokio" -version = "1.38.0" +version = "1.39.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ba4f4a02a7a80d6f274636f0aa95c7e383b912d41fe721a31f29e29698585a4a" +checksum = "daa4fb1bc778bd6f04cbfc4bb2d06a7396a8f299dc33ea1900cedaa316f467b1" dependencies = [ "backtrace", "bytes", "libc", - "mio", - "num_cpus", + "mio 1.0.1", "pin-project-lite", "socket2", - "windows-sys 0.48.0", + "windows-sys 0.52.0", ] [[package]] @@ -3678,22 +3685,22 @@ dependencies = [ [[package]] name = "toml" -version = "0.8.14" +version = "0.8.19" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6f49eb2ab21d2f26bd6db7bf383edc527a7ebaee412d17af4d40fdccd442f335" +checksum = "a1ed1f98e3fdc28d6d910e6737ae6ab1a93bf1985935a1193e68f93eeb68d24e" dependencies = [ "indexmap", "serde", "serde_spanned", "toml_datetime", - "toml_edit 0.22.14", + "toml_edit 0.22.20", ] [[package]] name = "toml_datetime" -version = "0.6.6" +version = "0.6.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4badfd56924ae69bcc9039335b2e017639ce3f9b001c393c1b2d1ef846ce2cbf" +checksum = "0dd7358ecb8fc2f8d014bf86f6f638ce72ba252a2c3a2572f2a795f1d23efb41" dependencies = [ "serde", ] @@ -3711,15 +3718,15 @@ dependencies = [ [[package]] name = "toml_edit" -version = "0.22.14" +version = "0.22.20" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f21c7aaf97f1bd9ca9d4f9e73b0a6c74bd5afef56f2bc931943a6e1c37e04e38" +checksum = "583c44c02ad26b0c3f3066fe629275e50627026c51ac2e595cca4c230ce1ce1d" dependencies = [ "indexmap", "serde", "serde_spanned", "toml_datetime", - "winnow 0.6.13", + "winnow 0.6.18", ] [[package]] @@ -3768,7 +3775,7 @@ checksum = "34704c8d6ebcbc939824180af020566b01a7c01f80641264eba0999f6c2b6be7" dependencies = [ "proc-macro2", "quote", - "syn 2.0.67", + "syn 2.0.72", ] [[package]] @@ -3905,9 +3912,9 @@ checksum = "830b7e5d4d90034032940e4ace0d9a9a057e7a45cd94e6c007832e39edb82f6d" [[package]] name = "version_check" -version = "0.9.4" +version = "0.9.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f" +checksum = "0b928f33d975fc6ad9f86c8f283853ad26bdd5b10b7f1542aa2fa15e2289105a" [[package]] name = "wait-timeout" @@ -3964,7 +3971,7 @@ dependencies = [ "once_cell", "proc-macro2", "quote", - "syn 2.0.67", + "syn 2.0.72", "wasm-bindgen-shared", ] @@ -3998,7 +4005,7 @@ checksum = "e94f17b526d0a461a191c78ea52bbce64071ed5c04c9ffe424dcb38f74171bb7" dependencies = [ "proc-macro2", "quote", - "syn 2.0.67", + "syn 2.0.72", "wasm-bindgen-backend", "wasm-bindgen-shared", ] @@ -4074,7 +4081,7 @@ version = "0.52.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "282be5f36a8ce781fad8c8ae18fa3f9beff57ec1b52cb3de0789201425d9a33d" dependencies = [ - "windows-targets 0.52.5", + "windows-targets 0.52.6", ] [[package]] @@ -4094,18 +4101,18 @@ dependencies = [ [[package]] name = "windows-targets" -version = "0.52.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6f0713a46559409d202e70e28227288446bf7841d3211583a4b53e3f6d96e7eb" +checksum = "9b724f72796e036ab90c1021d4780d4d3d648aca59e491e6b98e725b84e99973" dependencies = [ - "windows_aarch64_gnullvm 0.52.5", - "windows_aarch64_msvc 0.52.5", - "windows_i686_gnu 0.52.5", + "windows_aarch64_gnullvm 0.52.6", + "windows_aarch64_msvc 0.52.6", + "windows_i686_gnu 0.52.6", "windows_i686_gnullvm", - "windows_i686_msvc 0.52.5", - "windows_x86_64_gnu 0.52.5", - "windows_x86_64_gnullvm 0.52.5", - "windows_x86_64_msvc 0.52.5", + "windows_i686_msvc 0.52.6", + "windows_x86_64_gnu 0.52.6", + "windows_x86_64_gnullvm 0.52.6", + "windows_x86_64_msvc 0.52.6", ] [[package]] @@ -4116,9 +4123,9 @@ checksum = "2b38e32f0abccf9987a4e3079dfb67dcd799fb61361e53e2882c3cbaf0d905d8" [[package]] name = "windows_aarch64_gnullvm" -version = "0.52.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7088eed71e8b8dda258ecc8bac5fb1153c5cffaf2578fc8ff5d61e23578d3263" +checksum = "32a4622180e7a0ec044bb555404c800bc9fd9ec262ec147edd5989ccd0c02cd3" [[package]] name = "windows_aarch64_msvc" @@ -4128,9 +4135,9 @@ checksum = "dc35310971f3b2dbbf3f0690a219f40e2d9afcf64f9ab7cc1be722937c26b4bc" [[package]] name = "windows_aarch64_msvc" -version = "0.52.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9985fd1504e250c615ca5f281c3f7a6da76213ebd5ccc9561496568a2752afb6" +checksum = "09ec2a7bb152e2252b53fa7803150007879548bc709c039df7627cabbd05d469" [[package]] name = "windows_i686_gnu" @@ -4140,15 +4147,15 @@ checksum = "a75915e7def60c94dcef72200b9a8e58e5091744960da64ec734a6c6e9b3743e" [[package]] name = "windows_i686_gnu" -version = "0.52.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "88ba073cf16d5372720ec942a8ccbf61626074c6d4dd2e745299726ce8b89670" +checksum = "8e9b5ad5ab802e97eb8e295ac6720e509ee4c243f69d781394014ebfe8bbfa0b" [[package]] name = "windows_i686_gnullvm" -version = "0.52.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "87f4261229030a858f36b459e748ae97545d6f1ec60e5e0d6a3d32e0dc232ee9" +checksum = "0eee52d38c090b3caa76c563b86c3a4bd71ef1a819287c19d586d7334ae8ed66" [[package]] name = "windows_i686_msvc" @@ -4158,9 +4165,9 @@ checksum = "8f55c233f70c4b27f66c523580f78f1004e8b5a8b659e05a4eb49d4166cca406" [[package]] name = "windows_i686_msvc" -version = "0.52.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "db3c2bf3d13d5b658be73463284eaf12830ac9a26a90c717b7f771dfe97487bf" +checksum = "240948bc05c5e7c6dabba28bf89d89ffce3e303022809e73deaefe4f6ec56c66" [[package]] name = "windows_x86_64_gnu" @@ -4170,9 +4177,9 @@ checksum = "53d40abd2583d23e4718fddf1ebec84dbff8381c07cae67ff7768bbf19c6718e" [[package]] name = "windows_x86_64_gnu" -version = "0.52.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4e4246f76bdeff09eb48875a0fd3e2af6aada79d409d33011886d3e1581517d9" +checksum = "147a5c80aabfbf0c7d901cb5895d1de30ef2907eb21fbbab29ca94c5b08b1a78" [[package]] name = "windows_x86_64_gnullvm" @@ -4182,9 +4189,9 @@ checksum = "0b7b52767868a23d5bab768e390dc5f5c55825b6d30b86c844ff2dc7414044cc" [[package]] name = "windows_x86_64_gnullvm" -version = "0.52.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "852298e482cd67c356ddd9570386e2862b5673c85bd5f88df9ab6802b334c596" +checksum = "24d5b23dc417412679681396f2b49f3de8c1473deb516bd34410872eff51ed0d" [[package]] name = "windows_x86_64_msvc" @@ -4194,9 +4201,9 @@ checksum = "ed94fce61571a4006852b7389a063ab983c02eb1bb37b47f8272ce92d06d9538" [[package]] name = "windows_x86_64_msvc" -version = "0.52.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bec47e5bfd1bff0eeaf6d8b485cc1074891a197ab4225d504cb7a1ab88b02bf0" +checksum = "589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec" [[package]] name = "winnow" @@ -4209,9 +4216,9 @@ dependencies = [ [[package]] name = "winnow" -version = "0.6.13" +version = "0.6.18" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "59b5e5f6c299a3c7890b876a2a587f3115162487e704907d9b6cd29473052ba1" +checksum = "68a9bda4691f099d435ad181000724da8e5899daa10713c2d432552b9ccd3a6f" dependencies = [ "memchr", ] @@ -4243,22 +4250,43 @@ checksum = "cfe53a6657fd280eaa890a3bc59152892ffa3e30101319d168b781ed6529b049" [[package]] name = "zerocopy" -version = "0.7.34" +version = "0.6.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ae87e3fcd617500e5d106f0380cf7b77f3c6092aae37191433159dda23cfb087" +checksum = "854e949ac82d619ee9a14c66a1b674ac730422372ccb759ce0c39cabcf2bf8e6" dependencies = [ - "zerocopy-derive", + "byteorder", + "zerocopy-derive 0.6.6", +] + +[[package]] +name = "zerocopy" +version = "0.7.35" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1b9b4fd18abc82b8136838da5d50bae7bdea537c574d8dc1a34ed098d6c166f0" +dependencies = [ + "zerocopy-derive 0.7.35", +] + +[[package]] +name = "zerocopy-derive" +version = "0.6.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "125139de3f6b9d625c39e2efdd73d41bdac468ccd556556440e322be0e1bbd91" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.72", ] [[package]] name = "zerocopy-derive" -version = "0.7.34" +version = "0.7.35" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "15e934569e47891f7d9411f1a451d947a60e000ab3bd24fbb970f000387d1b3b" +checksum = "fa4f8080344d4671fb4e831a13ad1e68092748387dfc4f55e356242fae12ce3e" dependencies = [ "proc-macro2", "quote", - "syn 2.0.67", + "syn 2.0.72", ] [[package]] @@ -4278,14 +4306,14 @@ checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69" dependencies = [ "proc-macro2", "quote", - "syn 2.0.67", + "syn 2.0.72", ] [[package]] name = "zip" -version = "2.1.3" +version = "2.1.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "775a2b471036342aa69bc5a602bc889cb0a06cda00477d0c69566757d5553d39" +checksum = "40dd8c92efc296286ce1fbd16657c5dbefff44f1b4ca01cc5f517d8b7b3d3e2e" dependencies = [ "arbitrary", "crc32fast", diff --git a/aderyn_core/Cargo.toml b/aderyn_core/Cargo.toml index 008e4c1d5..59f8b6274 100644 --- a/aderyn_core/Cargo.toml +++ b/aderyn_core/Cargo.toml @@ -12,7 +12,7 @@ license = "MIT" crossbeam-channel = "0.5.9" eyre = "0.6.12" ignore = "0.4.21" -phf = {version = "0.11.2", features = ["macros"]} +phf = { version = "0.11.2", features = ["macros"] } prettytable = "0.10.0" rayon = "1.8.0" semver = "1.0.20" @@ -22,7 +22,11 @@ serde-sarif = "0.4.2" serde_repr = "0.1.12" strum = { version = "0.26", features = ["derive"] } toml = "0.8.2" -cyfrin-foundry-compilers = { version = "0.3.20-aderyn", features = ["svm-solc"] } +cyfrin-foundry-compilers = { version = "0.3.20-aderyn", features = [ + "svm-solc", +] } +num-bigint = "0.4" +num-traits = "0.2" lazy-regex = "3.2.0" derive_more = "0.99.18" diff --git a/aderyn_core/src/detect/detector.rs b/aderyn_core/src/detect/detector.rs index a8c366c9d..d45c5d23e 100644 --- a/aderyn_core/src/detect/detector.rs +++ b/aderyn_core/src/detect/detector.rs @@ -66,6 +66,7 @@ pub fn get_all_issue_detectors() -> Vec> { Box::::default(), Box::::default(), Box::::default(), + Box::::default(), Box::::default(), Box::::default(), Box::::default(), @@ -135,6 +136,7 @@ pub(crate) enum IssueDetectorNamePool { RTLO, UncheckedReturn, DangerousUnaryOperator, + TautologyOrContradiction, DangerousStrictEquailtyOnContractBalance, SignedStorageArray, RedundantStatements, @@ -278,6 +280,9 @@ pub fn request_issue_detector_by_name(detector_name: &str) -> Option { Some(Box::::default()) } + IssueDetectorNamePool::TautologyOrContradiction => { + Some(Box::::default()) + } IssueDetectorNamePool::DangerousStrictEquailtyOnContractBalance => { Some(Box::::default()) } diff --git a/aderyn_core/src/detect/high/mod.rs b/aderyn_core/src/detect/high/mod.rs index abd5620de..66c8902cc 100644 --- a/aderyn_core/src/detect/high/mod.rs +++ b/aderyn_core/src/detect/high/mod.rs @@ -23,6 +23,7 @@ pub(crate) mod state_variable_shadowing; pub(crate) mod storage_array_edit_with_memory; pub(crate) mod storage_signed_integer_array; pub(crate) mod tautological_compare; +pub(crate) mod tautology_or_contradiction; pub(crate) mod unchecked_return; pub(crate) mod unchecked_send; pub(crate) mod uninitialized_state_variable; @@ -56,6 +57,7 @@ pub use state_variable_shadowing::StateVariableShadowingDetector; pub use storage_array_edit_with_memory::StorageArrayEditWithMemoryDetector; pub use storage_signed_integer_array::StorageSignedIntegerArrayDetector; pub use tautological_compare::TautologicalCompareDetector; +pub use tautology_or_contradiction::TautologyOrContraditionDetector; pub use unchecked_return::UncheckedReturnDetector; pub use unchecked_send::UncheckedSendDetector; pub use uninitialized_state_variable::UninitializedStateVariableDetector; diff --git a/aderyn_core/src/detect/high/tautology_or_contradiction.rs b/aderyn_core/src/detect/high/tautology_or_contradiction.rs new file mode 100644 index 000000000..953c14c34 --- /dev/null +++ b/aderyn_core/src/detect/high/tautology_or_contradiction.rs @@ -0,0 +1,611 @@ +use std::collections::BTreeMap; +use std::error::Error; + +use crate::ast::{BinaryOperation, NodeID, TypeDescriptions}; + +use crate::capture; +use crate::detect::detector::IssueDetectorNamePool; +use crate::detect::helpers::get_literal_value_or_constant_variable_value; +use crate::{ + context::workspace_context::WorkspaceContext, + detect::detector::{IssueDetector, IssueSeverity}, +}; +use eyre::Result; +use solidity_integer_helper::{ + does_operation_make_sense_with_lhs_value, does_operation_make_sense_with_rhs_value, +}; + +#[derive(Default)] +pub struct TautologyOrContraditionDetector { + // Keys are: [0] source file name, [1] line number, [2] character location of node. + // Do not add items manually, use `capture!` to add nodes to this BTreeMap. + found_instances: BTreeMap<(String, usize, String), NodeID>, +} + +impl IssueDetector for TautologyOrContraditionDetector { + fn detect(&mut self, context: &WorkspaceContext) -> Result> { + for binary_operation in context.binary_operations() { + if let Some(is_tautlogy_or_contradiction) = + binary_operation.is_tautology_or_contradiction(context) + { + if is_tautlogy_or_contradiction { + capture!(self, context, binary_operation); + } + } + } + + Ok(!self.found_instances.is_empty()) + } + + fn severity(&self) -> IssueSeverity { + IssueSeverity::High + } + + fn title(&self) -> String { + String::from("Tautology or Contradiction in comparison.") + } + + fn description(&self) -> String { + String::from("The condition has been determined to be either always true or always false due to the integer range in which we're operating.") + } + + fn instances(&self) -> BTreeMap<(String, usize, String), NodeID> { + self.found_instances.clone() + } + + fn name(&self) -> String { + IssueDetectorNamePool::TautologyOrContradiction.to_string() + } +} + +#[cfg(test)] +mod tautology_or_contradiction_tests { + use serial_test::serial; + + use crate::detect::{ + detector::IssueDetector, high::tautology_or_contradiction::TautologyOrContraditionDetector, + }; + + #[test] + #[serial] + fn test_tautology_or_contradiction_detector() { + let context = crate::detect::test_utils::load_solidity_source_unit( + "../tests/contract-playground/src/TautologyOrContradiction.sol", + ); + + let mut detector = TautologyOrContraditionDetector::default(); + let found = detector.detect(&context).unwrap(); + // assert that the detector found an issue + assert!(found); + // assert that the detector found the correct number of instances + assert_eq!(detector.instances().len(), 2); + // assert the severity is high + assert_eq!( + detector.severity(), + crate::detect::detector::IssueSeverity::High + ); + // assert the title is correct + assert_eq!( + detector.title(), + String::from("Tautology or Contradiction in comparison.") + ); + // assert the description is correct + assert_eq!( + detector.description(), + String::from("The condition has been determined to be either always true or always false due to the integer range in which we're operating.") + ); + } +} + +pub trait OperationIsTautologyOrContradiction { + fn is_tautology_or_contradiction(&self, context: &WorkspaceContext) -> Option; +} + +impl OperationIsTautologyOrContradiction for BinaryOperation { + fn is_tautology_or_contradiction(&self, context: &WorkspaceContext) -> Option { + if let ( + Some(TypeDescriptions { + type_string: Some(lhs_type_string), + .. + }), + Some(TypeDescriptions { + type_string: Some(rhs_type_string), + .. + }), + operator, + ) = ( + self.left_expression.as_ref().type_descriptions(), + self.right_expression.as_ref().type_descriptions(), + self.operator.clone(), + ) { + let supported_operators = [">", ">=", "<", "<="]; + if supported_operators.into_iter().all(|op| op != operator) { + return None; + } + + if let Some(lhs_value) = get_literal_value_or_constant_variable_value( + self.left_expression.get_node_id()?, + context, + ) { + if let Some(makes_sense) = + does_operation_make_sense_with_lhs_value(&lhs_value, &operator, rhs_type_string) + { + if !makes_sense { + return Some(true); + } + } + } + + if let Some(rhs_value) = get_literal_value_or_constant_variable_value( + self.right_expression.get_node_id()?, + context, + ) { + if let Some(makes_sense) = + does_operation_make_sense_with_rhs_value(lhs_type_string, &operator, &rhs_value) + { + if !makes_sense { + return Some(true); + } + } + } + } + + None + } +} + +pub mod solidity_integer_helper { + use num_bigint::BigInt; + use num_traits::One; + use std::{error::Error, ops::Neg}; + + /// This data type is big enough to handle the extreme values of uint256 and int256 + /// (Tests below) + #[derive(PartialEq, Debug, Clone)] + pub struct SolidityNumberRange { + min_val: BigInt, + max_val: BigInt, + } + + impl SolidityNumberRange { + fn fully_contains(&self, other_solidity_number_range: &SolidityNumberRange) -> bool { + (self.min_val <= other_solidity_number_range.min_val) + && (self.max_val >= other_solidity_number_range.max_val) + } + + fn fully_excludes(&self, other_solidity_number_range: &SolidityNumberRange) -> bool { + (other_solidity_number_range.max_val < self.min_val) + || (other_solidity_number_range.min_val > self.max_val) + } + } + + /// Does this make sense? (boolean answer) + /// ```no_code + /// if(?uintX, operator, value) + /// ``` + /// + /// Example (ways to call this function) + /// + /// Say x is uint8: + /// Then, when we come across a binary operation like follows: + /// x >= 300 + /// we can determine if it makes sense by calling this function + /// does_operation_make_sense_with_rhs_value("uint8", ">=", "300") + /// + /// This function checks for the range of integer values of uint8 and returns true if it is neither a tautology + /// nor a contradiction. + /// + /// Here, I define tautology as the condition where the range Ex: (>=300) FULLY COVERS thr Range of Uint8 + /// Contradiction: When the range Ex:(>=300) fully excludes the Range of Uint8 + /// + /// Notice how in the above example, the value is on the right hand side. + /// Hence this function is called "does_...rhs_value". + /// + /// + pub fn does_operation_make_sense_with_rhs_value( + type_string: &str, + operator: &str, + value: &str, + ) -> Option { + let allowed_range = get_range_for_type_string(type_string).ok()?; + let allowed_min_val = allowed_range.min_val.clone(); + let allowed_max_val = allowed_range.max_val.clone(); + + let value_as_big_int = BigInt::parse_bytes(value.as_bytes(), 10)?; + + // First and foremost if the value is out of range it's 100% either a tautology or a contradiction. + // Hence, return false. + if value_as_big_int < allowed_min_val || value_as_big_int > allowed_max_val { + return Some(false); + } + // At this point, we know that the value we are comparing to, is in the allowed range. + // Now, we can get the represented range, and see if it fully contains the allowed range + // (tatutology) or fully excludes the allowed range (contradiction) + let represented_range = { + match operator { + ">=" => Some(SolidityNumberRange { + min_val: value_as_big_int.clone(), + max_val: allowed_max_val.clone(), + }), + ">" => Some(SolidityNumberRange { + min_val: value_as_big_int.clone() + BigInt::one(), + max_val: allowed_max_val.clone(), + }), + "<=" => Some(SolidityNumberRange { + min_val: allowed_min_val.clone(), + max_val: value_as_big_int.clone(), + }), + "<" => Some(SolidityNumberRange { + min_val: allowed_min_val.clone(), + max_val: value_as_big_int.clone() - BigInt::one(), + }), + &_ => None, + } + }; + + if let Some(represented_range) = represented_range { + return Some( + !(represented_range.fully_contains(&allowed_range) + || represented_range.fully_excludes(&allowed_range)), + ); + } + + None + } + + /// Does this make sense? (boolean answer) + /// ```no_code + /// if(value, operator, uint8?) + /// ``` + /// + /// Take advantage of the above method by reusing code + /// + /// Example (ways to call this function) + /// + /// Say x is uint8: + /// Then, when we come across a binary operation like follows: + /// 300 >= x + /// we can determine if it makes sense by calling this function + /// does_operation_make_sense_with_lhs_value("300", ">=", "uint8") + /// + /// Notice, here the value 300 is on the left hand side. + /// + pub fn does_operation_make_sense_with_lhs_value( + value: &str, + operator: &str, + type_string: &str, + ) -> Option { + let inverse_operator = { + match operator { + ">=" => Some("<="), + "<=" => Some(">="), + ">" => Some("<"), + "<" => Some(">"), + _ => None, + } + }?; + does_operation_make_sense_with_rhs_value(type_string, inverse_operator, value) + } + + /// Accept the type string to calculate the range. + pub fn get_range_for_type_string( + type_string: &str, + ) -> Result> { + if type_string.starts_with("uint") { + if let Some((_, num_of_bits)) = &type_string.split_once("uint") { + let num_of_bits = num_of_bits.parse::()?; + return Ok(SolidityNumberRange { + min_val: find_uint_min(num_of_bits), + max_val: find_uint_max(num_of_bits), + }); + } + } else if type_string.starts_with("int") { + if let Some((_, num_of_bits)) = &type_string.split_once("int") { + let num_of_bits = num_of_bits.parse::()?; + return Ok(SolidityNumberRange { + min_val: find_int_min(num_of_bits), + max_val: find_int_max(num_of_bits), + }); + } + } + Err("Invalid type string provided!".into()) + } + + // Helpers to calculate min and max for uint types like uint8, uint16, uint24, and so on . . . + + fn find_uint_max(num_of_bits: u32) -> BigInt { + BigInt::parse_bytes(b"2", 10).unwrap().pow(num_of_bits) - BigInt::one() + } + + fn find_uint_min(_: u32) -> BigInt { + BigInt::ZERO + } + + // Helpers to calculate min and max for int types like int8, int16, int24, and so on . . . + + fn find_int_max(num_of_bits: u32) -> BigInt { + BigInt::parse_bytes(b"2", 10).unwrap().pow(num_of_bits - 1) - BigInt::one() + } + + fn find_int_min(num_of_bits: u32) -> BigInt { + BigInt::parse_bytes(b"2", 10) + .unwrap() + .pow(num_of_bits - 1) + .neg() + } + + #[cfg(test)] + mod test_num_bigint_primitives { + + use std::ops::Neg; + + use num_bigint::BigInt; + use num_traits::{FromPrimitive, One}; + + use crate::detect::high::tautology_or_contradiction::solidity_integer_helper::{ + does_operation_make_sense_with_rhs_value, find_int_max, find_int_min, find_uint_max, + }; + + use super::{ + does_operation_make_sense_with_lhs_value, get_range_for_type_string, + SolidityNumberRange, + }; + + /* + Tests to ensure that num_bigint crate holds the capacity to work with numbers + in the range that Solidity language operates in. + */ + + #[test] + fn test_2_raised_to_3() { + let two_raised_to_three = BigInt::parse_bytes(b"2", 10).unwrap().pow(3); + assert_eq!(two_raised_to_three, BigInt::from_u8(8).unwrap()); + } + + #[test] + fn can_find_max_of_uint256() { + // This test shows that we can calculate the biggest possible number in Solidity for uint + // which is 2^256 - 1. + // hence we conclude that because we can represent 2^256 - 1, we can easily cover all + // the smaller variants of uint that is uint8, uint16, .... all the ay upto uint256 because they + // are lesser than 2^256 - 1 + let uint256_max = BigInt::parse_bytes(b"2", 10).unwrap().pow(256) - BigInt::one(); + assert_eq!( + uint256_max, + BigInt::parse_bytes( + b"115792089237316195423570985008687907853269984665640564039457584007913129639935", + 10 + ) + .unwrap() + ); + } + + #[test] + fn can_find_min_of_int256() { + let int_256_min = BigInt::parse_bytes(b"2", 10).unwrap().pow(255).neg(); + assert_eq!( + int_256_min, + BigInt::parse_bytes( + b"-57896044618658097711785492504343953926634992332820282019728792003956564819968", + 10 + ) + .unwrap() + ); + } + + #[test] + fn can_find_max_of_int256() { + let int_256_max = BigInt::parse_bytes(b"2", 10).unwrap().pow(255) - BigInt::one(); + assert_eq!( + int_256_max, + BigInt::parse_bytes( + b"57896044618658097711785492504343953926634992332820282019728792003956564819967", + 10 + ) + .unwrap() + ); + } + + /* + Tests that our helper methods work which will ensure that min and max value can be calculated + for every bit range from 0 to 256 . + */ + + #[test] + fn helper_method_can_find_max_of_uint256() { + let uint256_max = find_uint_max(256); + assert_eq!( + uint256_max, + BigInt::parse_bytes( + b"115792089237316195423570985008687907853269984665640564039457584007913129639935", + 10 + ) + .unwrap() + ); + } + + #[test] + fn helper_method_can_find_min_of_int256() { + let int_256_min = find_int_min(256); + assert_eq!( + int_256_min, + BigInt::parse_bytes( + b"-57896044618658097711785492504343953926634992332820282019728792003956564819968", + 10 + ) + .unwrap() + ); + } + + #[test] + fn helper_method_can_find_max_of_int256() { + let int_256_max = find_int_max(256); + assert_eq!( + int_256_max, + BigInt::parse_bytes( + b"57896044618658097711785492504343953926634992332820282019728792003956564819967", + 10 + ) + .unwrap() + ); + } + + #[test] + fn helper_method_can_find_range_for_int176() { + let actual_range = get_range_for_type_string("int176").unwrap(); + let expected_range = SolidityNumberRange { + min_val: BigInt::parse_bytes( + b"-47890485652059026823698344598447161988085597568237568", + 10, + ) + .unwrap(), + max_val: BigInt::parse_bytes( + b"47890485652059026823698344598447161988085597568237567", + 10, + ) + .unwrap(), + }; + assert_eq!(actual_range, expected_range); + } + + #[test] + fn helper_method_can_find_range_for_int248() { + let actual_range = get_range_for_type_string("int248").unwrap(); + let expected_range = SolidityNumberRange { + min_val: BigInt::parse_bytes( + b"-226156424291633194186662080095093570025917938800079226639565593765455331328", + 10, + ) + .unwrap(), + max_val: BigInt::parse_bytes( + b"226156424291633194186662080095093570025917938800079226639565593765455331327", + 10, + ) + .unwrap(), + }; + assert_eq!(actual_range, expected_range); + } + + #[test] + fn helper_method_can_find_range_for_int24() { + let actual_range = get_range_for_type_string("int24").unwrap(); + let expected_range = SolidityNumberRange { + min_val: BigInt::parse_bytes(b"-8388608", 10).unwrap(), + max_val: BigInt::parse_bytes(b"8388607", 10).unwrap(), + }; + assert_eq!(actual_range, expected_range); + } + + #[test] + fn helper_method_can_find_range_for_uint144() { + let actual_range = get_range_for_type_string("uint144").unwrap(); + let expected_range = SolidityNumberRange { + min_val: BigInt::ZERO, + max_val: BigInt::parse_bytes(b"22300745198530623141535718272648361505980415", 10) + .unwrap(), + }; + assert_eq!(actual_range, expected_range); + } + + #[test] + fn helper_method_can_find_range_for_uint232() { + let actual_range = get_range_for_type_string("uint232").unwrap(); + let expected_range = SolidityNumberRange { + min_val: BigInt::ZERO, + max_val: BigInt::parse_bytes( + b"6901746346790563787434755862277025452451108972170386555162524223799295", + 10, + ) + .unwrap(), + }; + assert_eq!(actual_range, expected_range); + } + + #[test] + fn helper_method_can_find_range_for_uint256() { + let actual_range = get_range_for_type_string("uint256").unwrap(); + let expected_range = SolidityNumberRange { + min_val: BigInt::ZERO, + max_val: BigInt::parse_bytes( + b"115792089237316195423570985008687907853269984665640564039457584007913129639935", + 10, + ) + .unwrap(), + }; + assert_eq!(actual_range, expected_range); + } + + #[test] + fn helper_method_can_find_range_for_uint8() { + let actual_range = get_range_for_type_string("uint8").unwrap(); + let expected_range = SolidityNumberRange { + min_val: BigInt::ZERO, + max_val: BigInt::parse_bytes(b"255", 10).unwrap(), + }; + assert_eq!(actual_range, expected_range); + } + + #[test] + fn does_operation_make_sense_lhs_uint8_part1() { + let does_not_make_sense = + !does_operation_make_sense_with_lhs_value("256", ">=", "uint8").unwrap(); + assert!(does_not_make_sense); + } + + #[test] + fn does_operation_make_sense_rhs_uint8_part1() { + let does_make_sense = + does_operation_make_sense_with_rhs_value("uint8", "<", "255").unwrap(); + assert!(does_make_sense); + } + + #[test] + fn does_operation_make_sense_lhs_uint8_part2() { + let does_not_make_sense = + !does_operation_make_sense_with_lhs_value("255", ">=", "uint8").unwrap(); + assert!(does_not_make_sense); + } + + #[test] + fn does_operation_make_sense_lhs_uint8_part3() { + let does_make_sense = + does_operation_make_sense_with_lhs_value("245", ">=", "uint8").unwrap(); + assert!(does_make_sense); + } + + #[test] + fn does_operation_make_sense_rhs_uint8_part2() { + let does_make_sense = + does_operation_make_sense_with_rhs_value("uint8", "<", "89").unwrap(); + assert!(does_make_sense); + } + + #[test] + fn does_operation_make_sense_rhs_uint256_part3() { + let does_make_sense = + does_operation_make_sense_with_rhs_value("uint256", ">", "0").unwrap(); + assert!(does_make_sense); + } + + #[test] + fn does_operation_make_sense_rhs_uint256_part4() { + let does_not_make_sense = + !does_operation_make_sense_with_rhs_value("uint256", ">=", "0").unwrap(); + assert!(does_not_make_sense); + } + + #[test] + fn does_operation_make_sense_rhs_uint72_part5() { + let does_not_make_sense = + !does_operation_make_sense_with_rhs_value("uint72", "<", "0").unwrap(); + assert!(does_not_make_sense); + } + + #[test] + fn does_operation_make_sense_rhs_uint8_part6() { + let does_not_make_sense = + !does_operation_make_sense_with_rhs_value("uint8", ">", "258").unwrap(); + assert!(does_not_make_sense); + } + } +} diff --git a/reports/adhoc-sol-files-highs-only-report.json b/reports/adhoc-sol-files-highs-only-report.json index 801747b5a..32906d660 100644 --- a/reports/adhoc-sol-files-highs-only-report.json +++ b/reports/adhoc-sol-files-highs-only-report.json @@ -189,6 +189,7 @@ "rtlo", "unchecked-return", "dangerous-unary-operator", + "tautology-or-contradiction", "dangerous-strict-equailty-on-contract-balance", "signed-storage-array", "weak-randomness", diff --git a/reports/report.json b/reports/report.json index 3380ece53..08bf01e31 100644 --- a/reports/report.json +++ b/reports/report.json @@ -1,7 +1,7 @@ { "files_summary": { - "total_source_units": 73, - "total_sloc": 1996 + "total_source_units": 74, + "total_sloc": 2007 }, "files_details": { "files_details": [ @@ -177,6 +177,10 @@ "file_path": "src/TautologicalCompare.sol", "n_sloc": 17 }, + { + "file_path": "src/TautologyOrContradiction.sol", + "n_sloc": 11 + }, { "file_path": "src/TestERC20.sol", "n_sloc": 62 @@ -300,7 +304,7 @@ ] }, "issue_count": { - "high": 32, + "high": 33, "low": 25 }, "high_issues": { @@ -1321,6 +1325,18 @@ "src": "282:18", "src_char": "282:18" }, + { + "contract_path": "src/TautologyOrContradiction.sol", + "line_no": 6, + "src": "133:6", + "src_char": "133:6" + }, + { + "contract_path": "src/TautologyOrContradiction.sol", + "line_no": 7, + "src": "145:9", + "src_char": "145:9" + }, { "contract_path": "src/UninitializedStateVariable.sol", "line_no": 7, @@ -1658,6 +1674,25 @@ } ] }, + { + "title": "Tautology or Contradiction in comparison.", + "description": "The condition has been determined to be either always true or always false due to the integer range in which we're operating.", + "detector_name": "tautology-or-contradiction", + "instances": [ + { + "contract_path": "src/TautologyOrContradiction.sol", + "line_no": 13, + "src": "296:7", + "src_char": "296:7" + }, + { + "contract_path": "src/TautologyOrContradiction.sol", + "line_no": 16, + "src": "369:11", + "src_char": "369:11" + } + ] + }, { "title": "Dangerous strict equality checks on contract balances.", "description": "A contract's balance can be forcibly manipulated by another selfdestructing contract. Therefore, it's recommended to use >, <, >= or <= instead of strict equality.", @@ -2061,6 +2096,12 @@ "src": "32:23", "src_char": "32:23" }, + { + "contract_path": "src/TautologyOrContradiction.sol", + "line_no": 2, + "src": "32:23", + "src_char": "32:23" + }, { "contract_path": "src/UncheckedSend.sol", "line_no": 2, @@ -3091,6 +3132,12 @@ "src": "1795:5", "src_char": "1795:5" }, + { + "contract_path": "src/TautologyOrContradiction.sol", + "line_no": 9, + "src": "161:229", + "src_char": "161:229" + }, { "contract_path": "src/UncheckedSend.sol", "line_no": 27, @@ -3455,6 +3502,12 @@ "src": "186:1", "src_char": "186:1" }, + { + "contract_path": "src/TautologyOrContradiction.sol", + "line_no": 6, + "src": "133:6", + "src_char": "133:6" + }, { "contract_path": "src/eth2/DepositContract.sol", "line_no": 59, @@ -3719,6 +3772,7 @@ "rtlo", "unchecked-return", "dangerous-unary-operator", + "tautology-or-contradiction", "dangerous-strict-equailty-on-contract-balance", "signed-storage-array", "redundant-statements", diff --git a/reports/report.md b/reports/report.md index d6af919d3..c1cfba5ec 100644 --- a/reports/report.md +++ b/reports/report.md @@ -35,11 +35,12 @@ This report was generated by [Aderyn](https://github.com/Cyfrin/aderyn), a stati - [H-25: RTLO character detected in file. \u{202e}](#h-25-rtlo-character-detected-in-file-u202e) - [H-26: Return value of the function call is not checked.](#h-26-return-value-of-the-function-call-is-not-checked) - [H-27: Dangerous unary operator found in assignment.](#h-27-dangerous-unary-operator-found-in-assignment) - - [H-28: Dangerous strict equality checks on contract balances.](#h-28-dangerous-strict-equality-checks-on-contract-balances) - - [H-29: Compiler Bug: Signed array in storage detected for compiler version `<0.5.10`](#h-29-compiler-bug-signed-array-in-storage-detected-for-compiler-version-0510) - - [H-30: Weak Randomness](#h-30-weak-randomness) - - [H-31: Usage of variable before declaration.](#h-31-usage-of-variable-before-declaration) - - [H-32: Deletion from a nested mappping.](#h-32-deletion-from-a-nested-mappping) + - [H-28: Tautology or Contradiction in comparison.](#h-28-tautology-or-contradiction-in-comparison) + - [H-29: Dangerous strict equality checks on contract balances.](#h-29-dangerous-strict-equality-checks-on-contract-balances) + - [H-30: Compiler Bug: Signed array in storage detected for compiler version `<0.5.10`](#h-30-compiler-bug-signed-array-in-storage-detected-for-compiler-version-0510) + - [H-31: Weak Randomness](#h-31-weak-randomness) + - [H-32: Usage of variable before declaration.](#h-32-usage-of-variable-before-declaration) + - [H-33: Deletion from a nested mappping.](#h-33-deletion-from-a-nested-mappping) - [Low Issues](#low-issues) - [L-1: Centralization Risk for trusted owners](#l-1-centralization-risk-for-trusted-owners) - [L-2: Solmate's SafeTransferLib does not check for token contract's existence](#l-2-solmates-safetransferlib-does-not-check-for-token-contracts-existence) @@ -74,8 +75,8 @@ This report was generated by [Aderyn](https://github.com/Cyfrin/aderyn), a stati | Key | Value | | --- | --- | -| .sol Files | 73 | -| Total nSLOC | 1996 | +| .sol Files | 74 | +| Total nSLOC | 2007 | ## Files Details @@ -125,6 +126,7 @@ This report was generated by [Aderyn](https://github.com/Cyfrin/aderyn), a stati | src/StorageParameters.sol | 16 | | src/T11sTranferer.sol | 8 | | src/TautologicalCompare.sol | 17 | +| src/TautologyOrContradiction.sol | 11 | | src/TestERC20.sol | 62 | | src/UncheckedReturn.sol | 33 | | src/UncheckedSend.sol | 18 | @@ -155,14 +157,14 @@ This report was generated by [Aderyn](https://github.com/Cyfrin/aderyn), a stati | src/reused_contract_name/ContractB.sol | 7 | | src/uniswap/UniswapV2Swapper.sol | 50 | | src/uniswap/UniswapV3Swapper.sol | 150 | -| **Total** | **1996** | +| **Total** | **2007** | ## Issue Summary | Category | No. of Issues | | --- | --- | -| High | 32 | +| High | 33 | | Low | 25 | @@ -1185,7 +1187,7 @@ If the length of a dynamic array (storage variable) directly assigned to, it may Solidity does initialize variables by default when you declare them, however it's good practice to explicitly declare an initial value. For example, if you transfer money to an address we must make sure that the address has been initialized. -
14 Found Instances +
16 Found Instances - Found in src/AssemblyExample.sol [Line: 5](../tests/contract-playground/src/AssemblyExample.sol#L5) @@ -1248,6 +1250,18 @@ Solidity does initialize variables by default when you declare them, however it' uint256 public staticPublicNumber; ``` +- Found in src/TautologyOrContradiction.sol [Line: 6](../tests/contract-playground/src/TautologyOrContradiction.sol#L6) + + ```solidity + uint x; + ``` + +- Found in src/TautologyOrContradiction.sol [Line: 7](../tests/contract-playground/src/TautologyOrContradiction.sol#L7) + + ```solidity + uint256 y; + ``` + - Found in src/UninitializedStateVariable.sol [Line: 7](../tests/contract-playground/src/UninitializedStateVariable.sol#L7) ```solidity @@ -1631,7 +1645,30 @@ Potentially mistakened `=+` for `+=` or `=-` for `-=`. Please include a space in -## H-28: Dangerous strict equality checks on contract balances. +## H-28: Tautology or Contradiction in comparison. + +The condition has been determined to be either always true or always false due to the integer range in which we're operating. + +
2 Found Instances + + +- Found in src/TautologyOrContradiction.sol [Line: 13](../tests/contract-playground/src/TautologyOrContradiction.sol#L13) + + ```solidity + if (a > 258) {} + ``` + +- Found in src/TautologyOrContradiction.sol [Line: 16](../tests/contract-playground/src/TautologyOrContradiction.sol#L16) + + ```solidity + if (map[67] < 0) {} + ``` + +
+ + + +## H-29: Dangerous strict equality checks on contract balances. A contract's balance can be forcibly manipulated by another selfdestructing contract. Therefore, it's recommended to use >, <, >= or <= instead of strict equality. @@ -1660,7 +1697,7 @@ A contract's balance can be forcibly manipulated by another selfdestructing cont -## H-29: Compiler Bug: Signed array in storage detected for compiler version `<0.5.10` +## H-30: Compiler Bug: Signed array in storage detected for compiler version `<0.5.10` If you want to leverage signed arrays in storage by assigning a literal array with at least one negative number, then you mus use solidity version 0.5.10 or above. This is because of a bug in older compilers. @@ -1677,7 +1714,7 @@ If you want to leverage signed arrays in storage by assigning a literal array wi -## H-30: Weak Randomness +## H-31: Weak Randomness The use of keccak256 hash functions on predictable values like block.timestamp, block.number, or similar data, including modulo operations on these values, should be avoided for generating randomness, as they are easily predictable and manipulable. The `PREVRANDAO` opcode also should not be used as a source of randomness. Instead, utilize Chainlink VRF for cryptographically secure and provably random values to ensure protocol integrity. @@ -1742,7 +1779,7 @@ The use of keccak256 hash functions on predictable values like block.timestamp, -## H-31: Usage of variable before declaration. +## H-32: Usage of variable before declaration. This is a bad practice that may lead to unintended consequences. Please declare the variable before using it. @@ -1759,7 +1796,7 @@ This is a bad practice that may lead to unintended consequences. Please declare -## H-32: Deletion from a nested mappping. +## H-33: Deletion from a nested mappping. A deletion in a structure containing a mapping will not delete the mapping. The remaining data may be used to compromise the contract. @@ -2008,7 +2045,7 @@ ERC20 functions may not behave as expected. For example: return values are not a Consider using a specific version of Solidity in your contracts instead of a wide version. For example, instead of `pragma solidity ^0.8.0;`, use `pragma solidity 0.8.0;` -
19 Found Instances +
20 Found Instances - Found in src/CompilerBugStorageSignedIntegerArray.sol [Line: 2](../tests/contract-playground/src/CompilerBugStorageSignedIntegerArray.sol#L2) @@ -2077,6 +2114,12 @@ Consider using a specific version of Solidity in your contracts instead of a wid pragma solidity ^0.4.0; ``` +- Found in src/TautologyOrContradiction.sol [Line: 2](../tests/contract-playground/src/TautologyOrContradiction.sol#L2) + + ```solidity + pragma solidity ^0.5.0; + ``` + - Found in src/UncheckedSend.sol [Line: 2](../tests/contract-playground/src/UncheckedSend.sol#L2) ```solidity @@ -3036,7 +3079,7 @@ Solc compiler version 0.8.20 switches the default target EVM version to Shanghai Consider removing empty blocks. -
26 Found Instances +
27 Found Instances - Found in src/AdminContract.sol [Line: 14](../tests/contract-playground/src/AdminContract.sol#L14) @@ -3135,6 +3178,12 @@ Consider removing empty blocks. function func1(address x) external mod1(x) { ``` +- Found in src/TautologyOrContradiction.sol [Line: 9](../tests/contract-playground/src/TautologyOrContradiction.sol#L9) + + ```solidity + function makeUselessComparisons() external view { + ``` + - Found in src/UncheckedSend.sol [Line: 27](../tests/contract-playground/src/UncheckedSend.sol#L27) ```solidity @@ -3452,7 +3501,7 @@ Contract contains comments with TODOS Consider keeping the naming convention consistent in a given contract. Explicit size declarations are preferred (uint256, int256) over implicit ones (uint, int) to avoid confusion. -
20 Found Instances +
21 Found Instances - Found in src/Casting.sol [Line: 31](../tests/contract-playground/src/Casting.sol#L31) @@ -3515,6 +3564,12 @@ Consider keeping the naming convention consistent in a given contract. Explicit function check(uint a) external pure returns(bool){ ``` +- Found in src/TautologyOrContradiction.sol [Line: 6](../tests/contract-playground/src/TautologyOrContradiction.sol#L6) + + ```solidity + uint x; + ``` + - Found in src/eth2/DepositContract.sol [Line: 59](../tests/contract-playground/src/eth2/DepositContract.sol#L59) ```solidity diff --git a/reports/report.sarif b/reports/report.sarif index c60ae1436..864647451 100644 --- a/reports/report.sarif +++ b/reports/report.sarif @@ -1803,6 +1803,28 @@ } } }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/TautologyOrContradiction.sol" + }, + "region": { + "byteLength": 6, + "byteOffset": 133 + } + } + }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/TautologyOrContradiction.sol" + }, + "region": { + "byteLength": 9, + "byteOffset": 145 + } + } + }, { "physicalLocation": { "artifactLocation": { @@ -2381,6 +2403,37 @@ }, "ruleId": "dangerous-unary-operator" }, + { + "level": "warning", + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/TautologyOrContradiction.sol" + }, + "region": { + "byteLength": 7, + "byteOffset": 296 + } + } + }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/TautologyOrContradiction.sol" + }, + "region": { + "byteLength": 11, + "byteOffset": 369 + } + } + } + ], + "message": { + "text": "The condition has been determined to be either always true or always false due to the integer range in which we're operating." + }, + "ruleId": "tautology-or-contradiction" + }, { "level": "warning", "locations": [ @@ -3068,6 +3121,17 @@ } } }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/TautologyOrContradiction.sol" + }, + "region": { + "byteLength": 23, + "byteOffset": 32 + } + } + }, { "physicalLocation": { "artifactLocation": { @@ -4918,6 +4982,17 @@ } } }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/TautologyOrContradiction.sol" + }, + "region": { + "byteLength": 229, + "byteOffset": 161 + } + } + }, { "physicalLocation": { "artifactLocation": { @@ -5570,6 +5645,17 @@ } } }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/TautologyOrContradiction.sol" + }, + "region": { + "byteLength": 6, + "byteOffset": 133 + } + } + }, { "physicalLocation": { "artifactLocation": { diff --git a/tests/contract-playground/src/TautologyOrContradiction.sol b/tests/contract-playground/src/TautologyOrContradiction.sol new file mode 100644 index 000000000..0f5082e65 --- /dev/null +++ b/tests/contract-playground/src/TautologyOrContradiction.sol @@ -0,0 +1,18 @@ +// SPDX-License-Identifier: MIT +pragma solidity ^0.5.0; + +contract TautologyOrContradiction { + mapping(uint256 => uint72) map; + uint x; + uint256 y; + + function makeUselessComparisons() external view { + uint8 a = 103; + + // BAD because max value of a is 2^8 - 1 + if (a > 258) {} + + // BAD because min value of uint72 is 0 + if (map[67] < 0) {} + } +}