From d8904962e1d9ffbcd38513ad169402d448edd13b Mon Sep 17 00:00:00 2001 From: TilakMaddy Date: Mon, 29 Jul 2024 16:02:24 +0530 Subject: [PATCH] removing interface safety (it makes no sense looking back) --- aderyn_core/src/detect/high/contract_locks_ether.rs | 11 +---------- reports/report.json | 6 ++++++ reports/report.md | 8 +++++++- reports/report.sarif | 11 +++++++++++ 4 files changed, 25 insertions(+), 11 deletions(-) diff --git a/aderyn_core/src/detect/high/contract_locks_ether.rs b/aderyn_core/src/detect/high/contract_locks_ether.rs index 1cc4e9034..00c7618dc 100644 --- a/aderyn_core/src/detect/high/contract_locks_ether.rs +++ b/aderyn_core/src/detect/high/contract_locks_ether.rs @@ -64,7 +64,7 @@ impl IssueDetector for ContractLocksEtherDetector { /// Handles tasks related to contract level analysis for eth mod contract_eth_helper { use crate::{ - ast::{ASTNode, ContractDefinition, ContractKind, StateMutability, Visibility}, + ast::{ASTNode, ContractDefinition, StateMutability, Visibility}, context::{ browser::ExtractFunctionDefinitions, investigator::*, workspace_context::WorkspaceContext, @@ -98,15 +98,6 @@ mod contract_eth_helper { let contracts = self.linearized_base_contracts.as_ref()?; for contract_id in contracts { if let ASTNode::ContractDefinition(contract) = context.nodes.get(contract_id)? { - if contract.kind == ContractKind::Interface { - // In this case, to be safe, we assume that when the interface is implemented, it - // will allow for withdrawals. So we give it a pass. This is to prevent false positives - - // However this is debatable...Maybe in auditor mode you don't want to assume this. - // Either case, I am making this comment so we're aware of this. - return Some(true); - } - let funcs = contract .function_definitions() .into_iter() diff --git a/reports/report.json b/reports/report.json index 03b1af36f..44bc4f1da 100644 --- a/reports/report.json +++ b/reports/report.json @@ -1722,6 +1722,12 @@ "line_no": 44, "src": "630:11", "src_char": "630:11" + }, + { + "contract_path": "src/eth2/DepositContract.sol", + "line_no": 58, + "src": "4547:15", + "src_char": "3059:15" } ] } diff --git a/reports/report.md b/reports/report.md index c0ed03ddf..e188b1995 100644 --- a/reports/report.md +++ b/reports/report.md @@ -1690,7 +1690,7 @@ A deletion in a structure containing a mapping will not delete the mapping. The It appears that the contract includes a payable function to accept Ether but lacks a corresponding function to withdraw it, which leads to the Ether being locked in the contract. To resolve this issue, please implement a public or external function that allows for the withdrawal of Ether from the contract. -
4 Found Instances +
5 Found Instances - Found in src/ContractLocksEther.sol [Line: 5](../tests/contract-playground/src/ContractLocksEther.sol#L5) @@ -1717,6 +1717,12 @@ It appears that the contract includes a payable function to accept Ether but lac contract EmptyBlocks { ``` +- Found in src/eth2/DepositContract.sol [Line: 58](../tests/contract-playground/src/eth2/DepositContract.sol#L58) + + ```solidity + contract DepositContract is IDepositContract, ERC165 { + ``` +
diff --git a/reports/report.sarif b/reports/report.sarif index 48522e736..69e3d5c4e 100644 --- a/reports/report.sarif +++ b/reports/report.sarif @@ -2522,6 +2522,17 @@ "byteOffset": 630 } } + }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/eth2/DepositContract.sol" + }, + "region": { + "byteLength": 15, + "byteOffset": 4547 + } + } } ], "message": {