From c709dfa04c2469d3f649bdedbfcab294ca063b3a Mon Sep 17 00:00:00 2001 From: TilakMaddy Date: Fri, 2 Aug 2024 11:25:25 +0530 Subject: [PATCH 01/10] detector done --- aderyn_core/src/detect/detector.rs | 5 + .../src/detect/low/constant_funcs_assembly.rs | 121 ++++++++++++++++++ aderyn_core/src/detect/low/mod.rs | 2 + .../src/ConstantFuncsAssembly.sol | 39 ++++++ 4 files changed, 167 insertions(+) create mode 100644 aderyn_core/src/detect/low/constant_funcs_assembly.rs create mode 100644 tests/contract-playground/src/ConstantFuncsAssembly.sol diff --git a/aderyn_core/src/detect/detector.rs b/aderyn_core/src/detect/detector.rs index a8c366c9d..1f15759a9 100644 --- a/aderyn_core/src/detect/detector.rs +++ b/aderyn_core/src/detect/detector.rs @@ -73,6 +73,7 @@ pub fn get_all_issue_detectors() -> Vec> { Box::::default(), Box::::default(), Box::::default(), + Box::::default(), ] } @@ -142,6 +143,7 @@ pub(crate) enum IssueDetectorNamePool { WeakRandomness, PreDeclaredLocalVariableUsage, DeleteNestedMapping, + ConstantFunctionsAssembly, // NOTE: `Undecided` will be the default name (for new bots). // If it's accepted, a new variant will be added to this enum before normalizing it in aderyn Undecided, @@ -297,6 +299,9 @@ pub fn request_issue_detector_by_name(detector_name: &str) -> Option { Some(Box::::default()) } + IssueDetectorNamePool::ConstantFunctionsAssembly => { + Some(Box::::default()) + } IssueDetectorNamePool::Undecided => None, } } diff --git a/aderyn_core/src/detect/low/constant_funcs_assembly.rs b/aderyn_core/src/detect/low/constant_funcs_assembly.rs new file mode 100644 index 000000000..cc03acf9b --- /dev/null +++ b/aderyn_core/src/detect/low/constant_funcs_assembly.rs @@ -0,0 +1,121 @@ +use std::collections::BTreeMap; +use std::error::Error; + +use crate::ast::{NodeID, StateMutability}; + +use crate::capture; +use crate::context::browser::ExtractInlineAssemblys; +use crate::context::investigator::{ + StandardInvestigationStyle, StandardInvestigator, StandardInvestigatorVisitor, +}; +use crate::detect::detector::IssueDetectorNamePool; +use crate::detect::helpers; +use crate::{ + context::workspace_context::WorkspaceContext, + detect::detector::{IssueDetector, IssueSeverity}, +}; +use eyre::Result; + +#[derive(Default)] +pub struct ConstantFunctionContainsAssemblyDetector { + // Keys are: [0] source file name, [1] line number, [2] character location of node. + // Do not add items manually, use `capture!` to add nodes to this BTreeMap. + found_instances: BTreeMap<(String, usize, String), NodeID>, +} + +impl IssueDetector for ConstantFunctionContainsAssemblyDetector { + fn detect(&mut self, context: &WorkspaceContext) -> Result> { + for function in helpers::get_implemented_external_and_public_functions(context) { + if function.state_mutability() == &StateMutability::View + || function.state_mutability() == &StateMutability::Pure + { + let mut tracker = AssemblyTracker::default(); + let investigator = StandardInvestigator::new( + context, + &[&(function.into())], + StandardInvestigationStyle::Downstream, + )?; + investigator.investigate(context, &mut tracker)?; + + if tracker.has_assembly { + capture!(self, context, function); + } + } + } + + Ok(!self.found_instances.is_empty()) + } + + fn severity(&self) -> IssueSeverity { + IssueSeverity::Low + } + + fn title(&self) -> String { + String::from("Functions declared `pure` / `view` but contains assembly") + } + + fn description(&self) -> String { + String::from("If the assembly code contains bugs or unintended side effects, it can lead to incorrect results \ + or vulnerabilities, which are hard to debug and resolve, especially when the function is meant to be simple \ + and predictable.") + } + + fn instances(&self) -> BTreeMap<(String, usize, String), NodeID> { + self.found_instances.clone() + } + + fn name(&self) -> String { + format!("{}", IssueDetectorNamePool::ConstantFunctionsAssembly) + } +} + +#[derive(Default)] +struct AssemblyTracker { + has_assembly: bool, +} + +impl StandardInvestigatorVisitor for AssemblyTracker { + fn visit_any(&mut self, node: &crate::ast::ASTNode) -> eyre::Result<()> { + // If we are already satisifed, do not bother checking + if self.has_assembly { + return Ok(()); + } + + // Check if this node has assembly code + let assemblies = ExtractInlineAssemblys::from(node).extracted; + if !assemblies.is_empty() { + self.has_assembly = true; + } + Ok(()) + } +} + +#[cfg(test)] +mod constant_functions_assembly_detector { + use serial_test::serial; + + use crate::detect::{ + detector::IssueDetector, + low::constant_funcs_assembly::ConstantFunctionContainsAssemblyDetector, + }; + + #[test] + #[serial] + fn test_constant_functions_assembly() { + let context = crate::detect::test_utils::load_solidity_source_unit_with_callgraphs( + "../tests/contract-playground/src/ConstantFuncsAssembly.sol", + ); + + let mut detector = ConstantFunctionContainsAssemblyDetector::default(); + let found = detector.detect(&context).unwrap(); + // assert that the detector found an issue + assert!(found); + // assert that the detector found the correct number of instances + assert_eq!(detector.instances().len(), 3); + // assert the severity is low + assert_eq!( + detector.severity(), + crate::detect::detector::IssueSeverity::Low + ); + } +} diff --git a/aderyn_core/src/detect/low/mod.rs b/aderyn_core/src/detect/low/mod.rs index aeef32d20..4f3006167 100644 --- a/aderyn_core/src/detect/low/mod.rs +++ b/aderyn_core/src/detect/low/mod.rs @@ -1,4 +1,5 @@ pub(crate) mod centralization_risk; +pub(crate) mod constant_funcs_assembly; pub(crate) mod constants_instead_of_literals; pub(crate) mod contracts_with_todos; pub(crate) mod deprecated_oz_functions; @@ -25,6 +26,7 @@ pub(crate) mod useless_public_function; pub(crate) mod zero_address_check; pub use centralization_risk::CentralizationRiskDetector; +pub use constant_funcs_assembly::ConstantFunctionContainsAssemblyDetector; pub use constants_instead_of_literals::ConstantsInsteadOfLiteralsDetector; pub use contracts_with_todos::ContractsWithTodosDetector; pub use deprecated_oz_functions::DeprecatedOZFunctionsDetector; diff --git a/tests/contract-playground/src/ConstantFuncsAssembly.sol b/tests/contract-playground/src/ConstantFuncsAssembly.sol new file mode 100644 index 000000000..f18a50b39 --- /dev/null +++ b/tests/contract-playground/src/ConstantFuncsAssembly.sol @@ -0,0 +1,39 @@ +// SPDX-License-Identifier: MIT +pragma solidity ^0.4.0; + +contract AssemblyExample { + // State variable + uint256 public value; + + // BAD (view function contains assembly) + function setValue(uint256 _value) external view { + assembly { + // Load the location of the 'value' storage slot + sstore(0, _value) + } + } + + // BAD (pure function contains assembly) + function getConstantValue() external pure returns (uint256) { + uint256 result; + assembly { + // Inline assembly to set the result to a constant value + result := 42 + } + return result; + } + + function useAssembly() internal pure returns (uint256) { + uint256 result; + assembly { + // Inline assembly to set the result to a constant value + result := 42 + } + return result; + } + + // BAD (pure function contains assembly) + function getConstantValue2() external pure returns (uint256) { + return useAssembly(); + } +} From 9778f7c903ac9c4d50470e6dd6407d83d7c0b945 Mon Sep 17 00:00:00 2001 From: TilakMaddy Date: Fri, 2 Aug 2024 11:28:26 +0530 Subject: [PATCH 02/10] cli/reportgen --- reports/report.json | 74 ++++++++++++++++++++++-- reports/report.md | 81 +++++++++++++++++++++++--- reports/report.sarif | 108 +++++++++++++++++++++++++++++++++++ reports/templegold-report.md | 32 ++++++++++- 4 files changed, 283 insertions(+), 12 deletions(-) diff --git a/reports/report.json b/reports/report.json index 3380ece53..60150dce6 100644 --- a/reports/report.json +++ b/reports/report.json @@ -1,7 +1,7 @@ { "files_summary": { - "total_source_units": 73, - "total_sloc": 1996 + "total_source_units": 74, + "total_sloc": 2022 }, "files_details": { "files_details": [ @@ -33,6 +33,10 @@ "file_path": "src/CompilerBugStorageSignedIntegerArray.sol", "n_sloc": 13 }, + { + "file_path": "src/ConstantFuncsAssembly.sol", + "n_sloc": 26 + }, { "file_path": "src/ConstantsLiterals.sol", "n_sloc": 28 @@ -301,7 +305,7 @@ }, "issue_count": { "high": 32, - "low": 25 + "low": 26 }, "high_issues": { "issues": [ @@ -1267,6 +1271,12 @@ "src": "97:1", "src_char": "97:1" }, + { + "contract_path": "src/ConstantFuncsAssembly.sol", + "line_no": 6, + "src": "110:20", + "src_char": "110:20" + }, { "contract_path": "src/DelegateCallWithoutAddressCheck.sol", "line_no": 9, @@ -2001,6 +2011,12 @@ "src": "32:23", "src_char": "32:23" }, + { + "contract_path": "src/ConstantFuncsAssembly.sol", + "line_no": 2, + "src": "32:23", + "src_char": "32:23" + }, { "contract_path": "src/ContractWithTodo.sol", "line_no": 2, @@ -3321,6 +3337,12 @@ "src": "1206:18", "src_char": "1206:18" }, + { + "contract_path": "src/ConstantFuncsAssembly.sol", + "line_no": 26, + "src": "651:232", + "src_char": "651:232" + }, { "contract_path": "src/InternalFunctions.sol", "line_no": 28, @@ -3665,6 +3687,49 @@ "src_char": "1175:14" } ] + }, + { + "title": "Functions declared `pure` / `view` but contains assembly", + "description": "If the assembly code contains bugs or unintended side effects, it can lead to incorrect results or vulnerabilities, which are hard to debug and resolve, especially when the function is meant to be simple and predictable.", + "detector_name": "constant-functions-assembly", + "instances": [ + { + "contract_path": "src/AssemblyExample.sol", + "line_no": 6, + "src": "113:1", + "src_char": "113:1" + }, + { + "contract_path": "src/ConstantFuncsAssembly.sol", + "line_no": 9, + "src": "182:175", + "src_char": "182:175" + }, + { + "contract_path": "src/ConstantFuncsAssembly.sol", + "line_no": 17, + "src": "408:237", + "src_char": "408:237" + }, + { + "contract_path": "src/ConstantFuncsAssembly.sol", + "line_no": 36, + "src": "934:98", + "src_char": "934:98" + }, + { + "contract_path": "src/TestERC20.sol", + "line_no": 17, + "src": "498:10", + "src_char": "498:10" + }, + { + "contract_path": "src/YulReturn.sol", + "line_no": 6, + "src": "92:12", + "src_char": "92:12" + } + ] } ] }, @@ -3725,6 +3790,7 @@ "public-variable-read-in-external-context", "weak-randomness", "pre-declared-local-variable-usage", - "delete-nested-mapping" + "delete-nested-mapping", + "constant-functions-assembly" ] } \ No newline at end of file diff --git a/reports/report.md b/reports/report.md index d6af919d3..eaae56f42 100644 --- a/reports/report.md +++ b/reports/report.md @@ -66,6 +66,7 @@ This report was generated by [Aderyn](https://github.com/Cyfrin/aderyn), a stati - [L-23: Incorrect Order of Division and Multiplication](#l-23-incorrect-order-of-division-and-multiplication) - [L-24: Redundant statements have no effect.](#l-24-redundant-statements-have-no-effect) - [L-25: Public variables of a contract read in an external context (using `this`).](#l-25-public-variables-of-a-contract-read-in-an-external-context-using-this) + - [L-26: Functions declared `pure` / `view` but contains assembly](#l-26-functions-declared-pure--view-but-contains-assembly) # Summary @@ -74,8 +75,8 @@ This report was generated by [Aderyn](https://github.com/Cyfrin/aderyn), a stati | Key | Value | | --- | --- | -| .sol Files | 73 | -| Total nSLOC | 1996 | +| .sol Files | 74 | +| Total nSLOC | 2022 | ## Files Details @@ -89,6 +90,7 @@ This report was generated by [Aderyn](https://github.com/Cyfrin/aderyn), a stati | src/CallGraphTests.sol | 49 | | src/Casting.sol | 126 | | src/CompilerBugStorageSignedIntegerArray.sol | 13 | +| src/ConstantFuncsAssembly.sol | 26 | | src/ConstantsLiterals.sol | 28 | | src/ContractWithTodo.sol | 7 | | src/Counter.sol | 20 | @@ -155,7 +157,7 @@ This report was generated by [Aderyn](https://github.com/Cyfrin/aderyn), a stati | src/reused_contract_name/ContractB.sol | 7 | | src/uniswap/UniswapV2Swapper.sol | 50 | | src/uniswap/UniswapV3Swapper.sol | 150 | -| **Total** | **1996** | +| **Total** | **2022** | ## Issue Summary @@ -163,7 +165,7 @@ This report was generated by [Aderyn](https://github.com/Cyfrin/aderyn), a stati | Category | No. of Issues | | --- | --- | | High | 32 | -| Low | 25 | +| Low | 26 | # High Issues @@ -1185,7 +1187,7 @@ If the length of a dynamic array (storage variable) directly assigned to, it may Solidity does initialize variables by default when you declare them, however it's good practice to explicitly declare an initial value. For example, if you transfer money to an address we must make sure that the address has been initialized. -
14 Found Instances +
15 Found Instances - Found in src/AssemblyExample.sol [Line: 5](../tests/contract-playground/src/AssemblyExample.sol#L5) @@ -1194,6 +1196,12 @@ Solidity does initialize variables by default when you declare them, however it' uint b; ``` +- Found in src/ConstantFuncsAssembly.sol [Line: 6](../tests/contract-playground/src/ConstantFuncsAssembly.sol#L6) + + ```solidity + uint256 public value; + ``` + - Found in src/DelegateCallWithoutAddressCheck.sol [Line: 9](../tests/contract-playground/src/DelegateCallWithoutAddressCheck.sol#L9) ```solidity @@ -2008,7 +2016,7 @@ ERC20 functions may not behave as expected. For example: return values are not a Consider using a specific version of Solidity in your contracts instead of a wide version. For example, instead of `pragma solidity ^0.8.0;`, use `pragma solidity 0.8.0;` -
19 Found Instances +
20 Found Instances - Found in src/CompilerBugStorageSignedIntegerArray.sol [Line: 2](../tests/contract-playground/src/CompilerBugStorageSignedIntegerArray.sol#L2) @@ -2017,6 +2025,12 @@ Consider using a specific version of Solidity in your contracts instead of a wid pragma solidity ^0.4.0; ``` +- Found in src/ConstantFuncsAssembly.sol [Line: 2](../tests/contract-playground/src/ConstantFuncsAssembly.sol#L2) + + ```solidity + pragma solidity ^0.4.0; + ``` + - Found in src/ContractWithTodo.sol [Line: 2](../tests/contract-playground/src/ContractWithTodo.sol#L2) ```solidity @@ -3346,7 +3360,7 @@ Use `e` notation, for example: `1e18`, instead of its full numeric value. Instead of separating the logic into a separate function, consider inlining the logic into the calling function. This can reduce the number of function calls and improve readability. -
12 Found Instances +
13 Found Instances - Found in src/CallGraphTests.sol [Line: 6](../tests/contract-playground/src/CallGraphTests.sol#L6) @@ -3373,6 +3387,12 @@ Instead of separating the logic into a separate function, consider inlining the function visitSeventhFloor3() internal { ``` +- Found in src/ConstantFuncsAssembly.sol [Line: 26](../tests/contract-playground/src/ConstantFuncsAssembly.sol#L26) + + ```solidity + function useAssembly() internal pure returns (uint256) { + ``` + - Found in src/InternalFunctions.sol [Line: 28](../tests/contract-playground/src/InternalFunctions.sol#L28) ```solidity @@ -3748,3 +3768,50 @@ The contract reads it's own variable using `this` which adds an unnecessary STAT +## L-26: Functions declared `pure` / `view` but contains assembly + +If the assembly code contains bugs or unintended side effects, it can lead to incorrect results or vulnerabilities, which are hard to debug and resolve, especially when the function is meant to be simple and predictable. + +
6 Found Instances + + +- Found in src/AssemblyExample.sol [Line: 6](../tests/contract-playground/src/AssemblyExample.sol#L6) + + ```solidity + function f(uint x) public view returns (uint r) { + ``` + +- Found in src/ConstantFuncsAssembly.sol [Line: 9](../tests/contract-playground/src/ConstantFuncsAssembly.sol#L9) + + ```solidity + function setValue(uint256 _value) external view { + ``` + +- Found in src/ConstantFuncsAssembly.sol [Line: 17](../tests/contract-playground/src/ConstantFuncsAssembly.sol#L17) + + ```solidity + function getConstantValue() external pure returns (uint256) { + ``` + +- Found in src/ConstantFuncsAssembly.sol [Line: 36](../tests/contract-playground/src/ConstantFuncsAssembly.sol#L36) + + ```solidity + function getConstantValue2() external pure returns (uint256) { + ``` + +- Found in src/TestERC20.sol [Line: 17](../tests/contract-playground/src/TestERC20.sol#L17) + + ```solidity + function getChainId() external view returns(uint256) { + ``` + +- Found in src/YulReturn.sol [Line: 6](../tests/contract-playground/src/YulReturn.sol#L6) + + ```solidity + function hasYulReturn() external pure returns(uint256) { + ``` + +
+ + + diff --git a/reports/report.sarif b/reports/report.sarif index c60ae1436..0bcb112e7 100644 --- a/reports/report.sarif +++ b/reports/report.sarif @@ -1704,6 +1704,17 @@ } } }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/ConstantFuncsAssembly.sol" + }, + "region": { + "byteLength": 20, + "byteOffset": 110 + } + } + }, { "physicalLocation": { "artifactLocation": { @@ -2958,6 +2969,17 @@ } } }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/ConstantFuncsAssembly.sol" + }, + "region": { + "byteLength": 23, + "byteOffset": 32 + } + } + }, { "physicalLocation": { "artifactLocation": { @@ -5332,6 +5354,17 @@ } } }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/ConstantFuncsAssembly.sol" + }, + "region": { + "byteLength": 232, + "byteOffset": 651 + } + } + }, { "physicalLocation": { "artifactLocation": { @@ -5939,6 +5972,81 @@ "text": "The contract reads it's own variable using `this` which adds an unnecessary STATICCALL. Remove `this` and access the variable like storage." }, "ruleId": "public-variable-read-in-external-context" + }, + { + "level": "note", + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/AssemblyExample.sol" + }, + "region": { + "byteLength": 1, + "byteOffset": 113 + } + } + }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/ConstantFuncsAssembly.sol" + }, + "region": { + "byteLength": 175, + "byteOffset": 182 + } + } + }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/ConstantFuncsAssembly.sol" + }, + "region": { + "byteLength": 237, + "byteOffset": 408 + } + } + }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/ConstantFuncsAssembly.sol" + }, + "region": { + "byteLength": 98, + "byteOffset": 934 + } + } + }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/TestERC20.sol" + }, + "region": { + "byteLength": 10, + "byteOffset": 498 + } + } + }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/YulReturn.sol" + }, + "region": { + "byteLength": 12, + "byteOffset": 92 + } + } + } + ], + "message": { + "text": "If the assembly code contains bugs or unintended side effects, it can lead to incorrect results or vulnerabilities, which are hard to debug and resolve, especially when the function is meant to be simple and predictable." + }, + "ruleId": "constant-functions-assembly" } ], "tool": { diff --git a/reports/templegold-report.md b/reports/templegold-report.md index e6f22785c..d9349ed67 100644 --- a/reports/templegold-report.md +++ b/reports/templegold-report.md @@ -36,6 +36,7 @@ This report was generated by [Aderyn](https://github.com/Cyfrin/aderyn), a stati - [L-17: Loop contains `require`/`revert` statements](#l-17-loop-contains-requirerevert-statements) - [L-18: Incorrect Order of Division and Multiplication](#l-18-incorrect-order-of-division-and-multiplication) - [L-19: Redundant statements have no effect.](#l-19-redundant-statements-have-no-effect) + - [L-20: Functions declared `pure` / `view` but contains assembly](#l-20-functions-declared-pure--view-but-contains-assembly) # Summary @@ -189,7 +190,7 @@ This report was generated by [Aderyn](https://github.com/Cyfrin/aderyn), a stati | Category | No. of Issues | | --- | --- | | High | 8 | -| Low | 19 | +| Low | 20 | # High Issues @@ -8587,3 +8588,32 @@ Remove the redundant statements because no code will be generated and it just co +## L-20: Functions declared `pure` / `view` but contains assembly + +If the assembly code contains bugs or unintended side effects, it can lead to incorrect results or vulnerabilities, which are hard to debug and resolve, especially when the function is meant to be simple and predictable. + +
3 Found Instances + + +- Found in contracts/v2/safeGuards/ThresholdSafeGuard.sol [Line: 182](../tests/2024-07-templegold/protocol/contracts/v2/safeGuards/ThresholdSafeGuard.sol#L182) + + ```solidity + function checkTransaction( + ``` + +- Found in contracts/v2/strategies/DsrBaseStrategy.sol [Line: 129](../tests/2024-07-templegold/protocol/contracts/v2/strategies/DsrBaseStrategy.sol#L129) + + ```solidity + function latestDsrBalance() public view returns (uint256) { + ``` + +- Found in contracts/v2/strategies/DsrBaseStrategy.sol [Line: 159](../tests/2024-07-templegold/protocol/contracts/v2/strategies/DsrBaseStrategy.sol#L159) + + ```solidity + function latestAssetBalances() public override(AbstractStrategy, ITempleBaseStrategy) view returns ( + ``` + +
+ + + From 1245f7692db837f09222b5b8c7affe8fea516d7b Mon Sep 17 00:00:00 2001 From: TilakMaddy Date: Fri, 2 Aug 2024 11:37:47 +0530 Subject: [PATCH 03/10] detector fix --- .../src/detect/low/constant_funcs_assembly.rs | 18 ++++++++++++++---- cli/reportgen.sh | 6 +++--- reports/templegold-report.md | 14 +------------- 3 files changed, 18 insertions(+), 20 deletions(-) diff --git a/aderyn_core/src/detect/low/constant_funcs_assembly.rs b/aderyn_core/src/detect/low/constant_funcs_assembly.rs index cc03acf9b..276996bd4 100644 --- a/aderyn_core/src/detect/low/constant_funcs_assembly.rs +++ b/aderyn_core/src/detect/low/constant_funcs_assembly.rs @@ -1,10 +1,10 @@ use std::collections::BTreeMap; use std::error::Error; -use crate::ast::{NodeID, StateMutability}; +use crate::ast::{ASTNode, NodeID, StateMutability}; use crate::capture; -use crate::context::browser::ExtractInlineAssemblys; +use crate::context::browser::{ExtractInlineAssemblys, Peek}; use crate::context::investigator::{ StandardInvestigationStyle, StandardInvestigator, StandardInvestigatorVisitor, }; @@ -29,7 +29,9 @@ impl IssueDetector for ConstantFunctionContainsAssemblyDetector { if function.state_mutability() == &StateMutability::View || function.state_mutability() == &StateMutability::Pure { - let mut tracker = AssemblyTracker::default(); + let mut tracker = AssemblyTracker { + has_assembly: false, + }; let investigator = StandardInvestigator::new( context, &[&(function.into())], @@ -69,7 +71,6 @@ impl IssueDetector for ConstantFunctionContainsAssemblyDetector { } } -#[derive(Default)] struct AssemblyTracker { has_assembly: bool, } @@ -81,6 +82,15 @@ impl StandardInvestigatorVisitor for AssemblyTracker { return Ok(()); } + if let ASTNode::FunctionDefinition(function) = node { + // Ignore checking functions that start with `_` + // Example - templegold contains math functions like `_rpow()`, etc that are used by view functions + // That should be okay .. I guess? (idk ... it's open for dicussion) + if function.name.starts_with("_") { + return Ok(()); + } + } + // Check if this node has assembly code let assemblies = ExtractInlineAssemblys::from(node).extracted; if !assemblies.is_empty() { diff --git a/cli/reportgen.sh b/cli/reportgen.sh index 28e7deca1..90afc66f2 100755 --- a/cli/reportgen.sh +++ b/cli/reportgen.sh @@ -2,10 +2,10 @@ #### MARKDOWN REPORTS ###### -# Basic report.md +# Basic report.md cargo run -- -i src/ -x lib/ ./tests/contract-playground -o ./reports/report.md --skip-update-check & -# Adhoc sol files report.md +# Adhoc sol files report.md cargo run -- ./tests/adhoc-sol-files -o ./reports/adhoc-sol-files-report.md --skip-update-check & # Aderyn.toml with nested root @@ -41,4 +41,4 @@ cargo run -- ./tests/adhoc-sol-files -o ./reports/adhoc-sol-files-highs-only-re # Basic report.sarif cargo run -- ./tests/contract-playground -o ./reports/report.sarif --skip-update-check & -wait \ No newline at end of file +wait diff --git a/reports/templegold-report.md b/reports/templegold-report.md index d9349ed67..724f78fa1 100644 --- a/reports/templegold-report.md +++ b/reports/templegold-report.md @@ -8592,7 +8592,7 @@ Remove the redundant statements because no code will be generated and it just co If the assembly code contains bugs or unintended side effects, it can lead to incorrect results or vulnerabilities, which are hard to debug and resolve, especially when the function is meant to be simple and predictable. -
3 Found Instances +
1 Found Instances - Found in contracts/v2/safeGuards/ThresholdSafeGuard.sol [Line: 182](../tests/2024-07-templegold/protocol/contracts/v2/safeGuards/ThresholdSafeGuard.sol#L182) @@ -8601,18 +8601,6 @@ If the assembly code contains bugs or unintended side effects, it can lead to in function checkTransaction( ``` -- Found in contracts/v2/strategies/DsrBaseStrategy.sol [Line: 129](../tests/2024-07-templegold/protocol/contracts/v2/strategies/DsrBaseStrategy.sol#L129) - - ```solidity - function latestDsrBalance() public view returns (uint256) { - ``` - -- Found in contracts/v2/strategies/DsrBaseStrategy.sol [Line: 159](../tests/2024-07-templegold/protocol/contracts/v2/strategies/DsrBaseStrategy.sol#L159) - - ```solidity - function latestAssetBalances() public override(AbstractStrategy, ITempleBaseStrategy) view returns ( - ``` -
From 70ed39febd62ea132716942ebede1f9d2068b10f Mon Sep 17 00:00:00 2001 From: TilakMaddy Date: Fri, 2 Aug 2024 11:38:21 +0530 Subject: [PATCH 04/10] detector fix --- aderyn_core/src/detect/low/constant_funcs_assembly.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aderyn_core/src/detect/low/constant_funcs_assembly.rs b/aderyn_core/src/detect/low/constant_funcs_assembly.rs index 276996bd4..c98d71c2a 100644 --- a/aderyn_core/src/detect/low/constant_funcs_assembly.rs +++ b/aderyn_core/src/detect/low/constant_funcs_assembly.rs @@ -4,7 +4,7 @@ use std::error::Error; use crate::ast::{ASTNode, NodeID, StateMutability}; use crate::capture; -use crate::context::browser::{ExtractInlineAssemblys, Peek}; +use crate::context::browser::ExtractInlineAssemblys; use crate::context::investigator::{ StandardInvestigationStyle, StandardInvestigator, StandardInvestigatorVisitor, }; From a6c28668c8882111515e41babc2f0c0cba24d3b1 Mon Sep 17 00:00:00 2001 From: TilakMaddy Date: Fri, 2 Aug 2024 21:35:07 +0530 Subject: [PATCH 05/10] fix --- aderyn_core/src/detect/low/constant_funcs_assembly.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aderyn_core/src/detect/low/constant_funcs_assembly.rs b/aderyn_core/src/detect/low/constant_funcs_assembly.rs index c98d71c2a..527034bea 100644 --- a/aderyn_core/src/detect/low/constant_funcs_assembly.rs +++ b/aderyn_core/src/detect/low/constant_funcs_assembly.rs @@ -112,7 +112,7 @@ mod constant_functions_assembly_detector { #[test] #[serial] fn test_constant_functions_assembly() { - let context = crate::detect::test_utils::load_solidity_source_unit_with_callgraphs( + let context = crate::detect::test_utils::load_solidity_source_unit( "../tests/contract-playground/src/ConstantFuncsAssembly.sol", ); From 63892d21d1b9cec277407ac1adc73638c32fe1f7 Mon Sep 17 00:00:00 2001 From: TilakMaddy Date: Fri, 2 Aug 2024 21:35:51 +0530 Subject: [PATCH 06/10] cli/reportgen --- reports/report.json | 29 ++++++++--------------- reports/report.md | 45 ++++++++---------------------------- reports/report.sarif | 13 ++++++++--- reports/templegold-report.md | 7 +----- 4 files changed, 29 insertions(+), 65 deletions(-) diff --git a/reports/report.json b/reports/report.json index cc3762c09..48952a3a6 100644 --- a/reports/report.json +++ b/reports/report.json @@ -1,12 +1,7 @@ { "files_summary": { -<<<<<<< HEAD - "total_source_units": 74, - "total_sloc": 2022 -======= - "total_source_units": 77, - "total_sloc": 2225 ->>>>>>> dev + "total_source_units": 78, + "total_sloc": 2251 }, "files_details": { "files_details": [ @@ -325,13 +320,8 @@ ] }, "issue_count": { -<<<<<<< HEAD - "high": 32, - "low": 26 -======= "high": 36, - "low": 25 ->>>>>>> dev + "low": 26 }, "high_issues": { "issues": [ @@ -2222,11 +2212,13 @@ "src_char": "32:23" }, { -<<<<<<< HEAD "contract_path": "src/ConstantFuncsAssembly.sol", -======= + "line_no": 2, + "src": "32:23", + "src_char": "32:23" + }, + { "contract_path": "src/ContractLocksEther.sol", ->>>>>>> dev "line_no": 2, "src": "32:23", "src_char": "32:23" @@ -4174,12 +4166,9 @@ "weak-randomness", "pre-declared-local-variable-usage", "delete-nested-mapping", -<<<<<<< HEAD - "constant-functions-assembly" -======= + "constant-functions-assembly", "tx-origin-used-for-auth", "msg-value-in-loop", "contract-locks-ether" ->>>>>>> dev ] } \ No newline at end of file diff --git a/reports/report.md b/reports/report.md index 71fd6652a..1b4f63c27 100644 --- a/reports/report.md +++ b/reports/report.md @@ -79,13 +79,8 @@ This report was generated by [Aderyn](https://github.com/Cyfrin/aderyn), a stati | Key | Value | | --- | --- | -<<<<<<< HEAD -| .sol Files | 74 | -| Total nSLOC | 2022 | -======= -| .sol Files | 77 | -| Total nSLOC | 2225 | ->>>>>>> dev +| .sol Files | 78 | +| Total nSLOC | 2251 | ## Files Details @@ -170,24 +165,15 @@ This report was generated by [Aderyn](https://github.com/Cyfrin/aderyn), a stati | src/reused_contract_name/ContractB.sol | 7 | | src/uniswap/UniswapV2Swapper.sol | 50 | | src/uniswap/UniswapV3Swapper.sol | 150 | -<<<<<<< HEAD -| **Total** | **2022** | -======= -| **Total** | **2225** | ->>>>>>> dev +| **Total** | **2251** | ## Issue Summary | Category | No. of Issues | | --- | --- | -<<<<<<< HEAD -| High | 32 | -| Low | 26 | -======= | High | 36 | -| Low | 25 | ->>>>>>> dev +| Low | 26 | # High Issues @@ -1209,11 +1195,7 @@ If the length of a dynamic array (storage variable) directly assigned to, it may Solidity does initialize variables by default when you declare them, however it's good practice to explicitly declare an initial value. For example, if you transfer money to an address we must make sure that the address has been initialized. -<<<<<<< HEAD -
15 Found Instances -======= -
16 Found Instances ->>>>>>> dev +
17 Found Instances - Found in src/AssemblyExample.sol [Line: 5](../tests/contract-playground/src/AssemblyExample.sol#L5) @@ -2242,11 +2224,7 @@ ERC20 functions may not behave as expected. For example: return values are not a Consider using a specific version of Solidity in your contracts instead of a wide version. For example, instead of `pragma solidity ^0.8.0;`, use `pragma solidity 0.8.0;` -<<<<<<< HEAD -
20 Found Instances -======= -
23 Found Instances ->>>>>>> dev +
24 Found Instances - Found in src/CompilerBugStorageSignedIntegerArray.sol [Line: 2](../tests/contract-playground/src/CompilerBugStorageSignedIntegerArray.sol#L2) @@ -2255,17 +2233,16 @@ Consider using a specific version of Solidity in your contracts instead of a wid pragma solidity ^0.4.0; ``` -<<<<<<< HEAD - Found in src/ConstantFuncsAssembly.sol [Line: 2](../tests/contract-playground/src/ConstantFuncsAssembly.sol#L2) ```solidity pragma solidity ^0.4.0; -======= + ``` + - Found in src/ContractLocksEther.sol [Line: 2](../tests/contract-playground/src/ContractLocksEther.sol#L2) ```solidity pragma solidity ^0.8.0; ->>>>>>> dev ``` - Found in src/ContractWithTodo.sol [Line: 2](../tests/contract-playground/src/ContractWithTodo.sol#L2) @@ -3741,11 +3718,7 @@ Use `e` notation, for example: `1e18`, instead of its full numeric value. Instead of separating the logic into a separate function, consider inlining the logic into the calling function. This can reduce the number of function calls and improve readability. -<<<<<<< HEAD -
13 Found Instances -======= -
15 Found Instances ->>>>>>> dev +
16 Found Instances - Found in src/CallGraphTests.sol [Line: 6](../tests/contract-playground/src/CallGraphTests.sol#L6) diff --git a/reports/report.sarif b/reports/report.sarif index 0a91986dc..187e5cd16 100644 --- a/reports/report.sarif +++ b/reports/report.sarif @@ -3294,11 +3294,18 @@ { "physicalLocation": { "artifactLocation": { -<<<<<<< HEAD "uri": "src/ConstantFuncsAssembly.sol" -======= + }, + "region": { + "byteLength": 23, + "byteOffset": 32 + } + } + }, + { + "physicalLocation": { + "artifactLocation": { "uri": "src/ContractLocksEther.sol" ->>>>>>> dev }, "region": { "byteLength": 23, diff --git a/reports/templegold-report.md b/reports/templegold-report.md index 733971457..e02b058c1 100644 --- a/reports/templegold-report.md +++ b/reports/templegold-report.md @@ -191,13 +191,8 @@ This report was generated by [Aderyn](https://github.com/Cyfrin/aderyn), a stati | Category | No. of Issues | | --- | --- | -<<<<<<< HEAD -| High | 8 | -| Low | 20 | -======= | High | 10 | -| Low | 19 | ->>>>>>> dev +| Low | 20 | # High Issues From d9bb36db75bcd1d258c72c98922dd01e6b5138ea Mon Sep 17 00:00:00 2001 From: TilakMaddy Date: Fri, 2 Aug 2024 21:44:07 +0530 Subject: [PATCH 07/10] set solc req <0.5.0 --- .../src/detect/low/constant_funcs_assembly.rs | 69 ++++++++++++++----- 1 file changed, 52 insertions(+), 17 deletions(-) diff --git a/aderyn_core/src/detect/low/constant_funcs_assembly.rs b/aderyn_core/src/detect/low/constant_funcs_assembly.rs index 527034bea..59b1f4c18 100644 --- a/aderyn_core/src/detect/low/constant_funcs_assembly.rs +++ b/aderyn_core/src/detect/low/constant_funcs_assembly.rs @@ -1,20 +1,24 @@ use std::collections::BTreeMap; use std::error::Error; +use std::str::FromStr; -use crate::ast::{ASTNode, NodeID, StateMutability}; +use crate::ast::{ASTNode, NodeID, NodeType, StateMutability}; use crate::capture; -use crate::context::browser::ExtractInlineAssemblys; +use crate::context::browser::{ + ExtractInlineAssemblys, ExtractPragmaDirectives, GetClosestAncestorOfTypeX, +}; use crate::context::investigator::{ StandardInvestigationStyle, StandardInvestigator, StandardInvestigatorVisitor, }; use crate::detect::detector::IssueDetectorNamePool; -use crate::detect::helpers; +use crate::detect::helpers::{self, pragma_directive_to_semver}; use crate::{ context::workspace_context::WorkspaceContext, detect::detector::{IssueDetector, IssueSeverity}, }; use eyre::Result; +use semver::{Version, VersionReq}; #[derive(Default)] pub struct ConstantFunctionContainsAssemblyDetector { @@ -26,21 +30,39 @@ pub struct ConstantFunctionContainsAssemblyDetector { impl IssueDetector for ConstantFunctionContainsAssemblyDetector { fn detect(&mut self, context: &WorkspaceContext) -> Result> { for function in helpers::get_implemented_external_and_public_functions(context) { - if function.state_mutability() == &StateMutability::View - || function.state_mutability() == &StateMutability::Pure + // First, check the eligibility for this function by checking + if let Some(ASTNode::SourceUnit(source_unit)) = + function.closest_ancestor_of_type(context, NodeType::SourceUnit) { - let mut tracker = AssemblyTracker { - has_assembly: false, - }; - let investigator = StandardInvestigator::new( - context, - &[&(function.into())], - StandardInvestigationStyle::Downstream, - )?; - investigator.investigate(context, &mut tracker)?; - - if tracker.has_assembly { - capture!(self, context, function); + // Store the extracted directives in a variable to extend its lifetime + let extracted_directives = ExtractPragmaDirectives::from(source_unit).extracted; + let pragma_directive = extracted_directives.first(); + + if let Some(pragma_directive) = pragma_directive { + let version_req = pragma_directive_to_semver(pragma_directive); + if let Ok(version_req) = version_req { + if version_req_allows_below_0_5_0(&version_req) { + // Only run the logic if pragma is allowed to run on solc <0.5.0 + + if function.state_mutability() == &StateMutability::View + || function.state_mutability() == &StateMutability::Pure + { + let mut tracker = AssemblyTracker { + has_assembly: false, + }; + let investigator = StandardInvestigator::new( + context, + &[&(function.into())], + StandardInvestigationStyle::Downstream, + )?; + investigator.investigate(context, &mut tracker)?; + + if tracker.has_assembly { + capture!(self, context, function); + } + } + } + } } } } @@ -71,6 +93,19 @@ impl IssueDetector for ConstantFunctionContainsAssemblyDetector { } } +fn version_req_allows_below_0_5_0(version_req: &VersionReq) -> bool { + // If it matches any 0.4.0 to 0.4.26, return true + for i in 0..=26 { + let version: semver::Version = Version::from_str(&format!("0.4.{}", i)).unwrap(); + if version_req.matches(&version) { + return true; + } + } + + // Else, return false + false +} + struct AssemblyTracker { has_assembly: bool, } From 8ab3f78771047660c9f424cd2fc39e10d6cc5966 Mon Sep 17 00:00:00 2001 From: TilakMaddy Date: Fri, 2 Aug 2024 21:44:37 +0530 Subject: [PATCH 08/10] cli/reportgen --- reports/report.json | 18 ------------------ reports/report.md | 20 +------------------- reports/report.sarif | 33 --------------------------------- reports/templegold-report.md | 32 ++++---------------------------- 4 files changed, 5 insertions(+), 98 deletions(-) diff --git a/reports/report.json b/reports/report.json index 48952a3a6..ca144e501 100644 --- a/reports/report.json +++ b/reports/report.json @@ -4067,12 +4067,6 @@ "description": "If the assembly code contains bugs or unintended side effects, it can lead to incorrect results or vulnerabilities, which are hard to debug and resolve, especially when the function is meant to be simple and predictable.", "detector_name": "constant-functions-assembly", "instances": [ - { - "contract_path": "src/AssemblyExample.sol", - "line_no": 6, - "src": "113:1", - "src_char": "113:1" - }, { "contract_path": "src/ConstantFuncsAssembly.sol", "line_no": 9, @@ -4090,18 +4084,6 @@ "line_no": 36, "src": "934:98", "src_char": "934:98" - }, - { - "contract_path": "src/TestERC20.sol", - "line_no": 17, - "src": "498:10", - "src_char": "498:10" - }, - { - "contract_path": "src/YulReturn.sol", - "line_no": 6, - "src": "92:12", - "src_char": "92:12" } ] } diff --git a/reports/report.md b/reports/report.md index 1b4f63c27..92aab2951 100644 --- a/reports/report.md +++ b/reports/report.md @@ -4154,14 +4154,8 @@ The contract reads it's own variable using `this` which adds an unnecessary STAT If the assembly code contains bugs or unintended side effects, it can lead to incorrect results or vulnerabilities, which are hard to debug and resolve, especially when the function is meant to be simple and predictable. -
6 Found Instances - - -- Found in src/AssemblyExample.sol [Line: 6](../tests/contract-playground/src/AssemblyExample.sol#L6) +
3 Found Instances - ```solidity - function f(uint x) public view returns (uint r) { - ``` - Found in src/ConstantFuncsAssembly.sol [Line: 9](../tests/contract-playground/src/ConstantFuncsAssembly.sol#L9) @@ -4181,18 +4175,6 @@ If the assembly code contains bugs or unintended side effects, it can lead to in function getConstantValue2() external pure returns (uint256) { ``` -- Found in src/TestERC20.sol [Line: 17](../tests/contract-playground/src/TestERC20.sol#L17) - - ```solidity - function getChainId() external view returns(uint256) { - ``` - -- Found in src/YulReturn.sol [Line: 6](../tests/contract-playground/src/YulReturn.sol#L6) - - ```solidity - function hasYulReturn() external pure returns(uint256) { - ``` -
diff --git a/reports/report.sarif b/reports/report.sarif index 187e5cd16..5e700c745 100644 --- a/reports/report.sarif +++ b/reports/report.sarif @@ -6617,17 +6617,6 @@ { "level": "note", "locations": [ - { - "physicalLocation": { - "artifactLocation": { - "uri": "src/AssemblyExample.sol" - }, - "region": { - "byteLength": 1, - "byteOffset": 113 - } - } - }, { "physicalLocation": { "artifactLocation": { @@ -6660,28 +6649,6 @@ "byteOffset": 934 } } - }, - { - "physicalLocation": { - "artifactLocation": { - "uri": "src/TestERC20.sol" - }, - "region": { - "byteLength": 10, - "byteOffset": 498 - } - } - }, - { - "physicalLocation": { - "artifactLocation": { - "uri": "src/YulReturn.sol" - }, - "region": { - "byteLength": 12, - "byteOffset": 92 - } - } } ], "message": { diff --git a/reports/templegold-report.md b/reports/templegold-report.md index e02b058c1..c42ed71e7 100644 --- a/reports/templegold-report.md +++ b/reports/templegold-report.md @@ -38,7 +38,6 @@ This report was generated by [Aderyn](https://github.com/Cyfrin/aderyn), a stati - [L-17: Loop contains `require`/`revert` statements](#l-17-loop-contains-requirerevert-statements) - [L-18: Incorrect Order of Division and Multiplication](#l-18-incorrect-order-of-division-and-multiplication) - [L-19: Redundant statements have no effect.](#l-19-redundant-statements-have-no-effect) - - [L-20: Functions declared `pure` / `view` but contains assembly](#l-20-functions-declared-pure--view-but-contains-assembly) # Summary @@ -192,7 +191,7 @@ This report was generated by [Aderyn](https://github.com/Cyfrin/aderyn), a stati | Category | No. of Issues | | --- | --- | | High | 10 | -| Low | 20 | +| Low | 19 | # High Issues @@ -6773,7 +6772,7 @@ Index event fields make the field more quickly accessible to off-chain tools tha Use descriptive reason strings or custom errors for revert paths. -
55 Found Instances +
54 Found Instances - Found in contracts/core/OpsManager.sol [Line: 50](../tests/2024-07-templegold/protocol/contracts/core/OpsManager.sol#L50) @@ -6788,12 +6787,6 @@ Use descriptive reason strings or custom errors for revert paths. require (x >= -0x8000000000000000 && x <= 0x7FFFFFFFFFFFFFFF); ``` -- Found in contracts/util/ABDKMath64x64.sol [Line: 63](../tests/2024-07-templegold/protocol/contracts/util/ABDKMath64x64.sol#L63) - - ```solidity - require (x <= 0x7FFFFFFFFFFFFFFF); - ``` - - Found in contracts/util/ABDKMath64x64.sol [Line: 77](../tests/2024-07-templegold/protocol/contracts/util/ABDKMath64x64.sol#L77) ```solidity @@ -7010,10 +7003,10 @@ Use descriptive reason strings or custom errors for revert paths. require (result <= 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF); ``` -- Found in contracts/util/ABDKMathQuad.sol [Line: 76](../tests/2024-07-templegold/protocol/contracts/util/ABDKMathQuad.sol#L76) +- Found in contracts/util/ABDKMathQuad.sol [Line: 72](../tests/2024-07-templegold/protocol/contracts/util/ABDKMathQuad.sol#L72) ```solidity - require (exponent <= 16638); // Overflow + function toInt (bytes16 x) internal pure returns (int256) { ``` - Found in contracts/util/ABDKMathQuad.sol [Line: 86](../tests/2024-07-templegold/protocol/contracts/util/ABDKMathQuad.sol#L86) @@ -8654,20 +8647,3 @@ Remove the redundant statements because no code will be generated and it just co -## L-20: Functions declared `pure` / `view` but contains assembly - -If the assembly code contains bugs or unintended side effects, it can lead to incorrect results or vulnerabilities, which are hard to debug and resolve, especially when the function is meant to be simple and predictable. - -
1 Found Instances - - -- Found in contracts/v2/safeGuards/ThresholdSafeGuard.sol [Line: 182](../tests/2024-07-templegold/protocol/contracts/v2/safeGuards/ThresholdSafeGuard.sol#L182) - - ```solidity - function checkTransaction( - ``` - -
- - - From f5585074191f3d43826f6c0ddf19f8c8c6a016cd Mon Sep 17 00:00:00 2001 From: TilakMaddy Date: Fri, 2 Aug 2024 22:01:23 +0530 Subject: [PATCH 09/10] good --- aderyn_core/src/detect/low/require_with_string.rs | 2 +- reports/templegold-report.md | 12 +++++++++--- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/aderyn_core/src/detect/low/require_with_string.rs b/aderyn_core/src/detect/low/require_with_string.rs index a5b231fdf..62ae936ef 100644 --- a/aderyn_core/src/detect/low/require_with_string.rs +++ b/aderyn_core/src/detect/low/require_with_string.rs @@ -1,7 +1,7 @@ use std::{collections::BTreeMap, error::Error}; use crate::{ - ast::NodeID, + ast::{ASTNode, NodeID}, capture, context::workspace_context::WorkspaceContext, detect::detector::{IssueDetector, IssueDetectorNamePool, IssueSeverity}, diff --git a/reports/templegold-report.md b/reports/templegold-report.md index c42ed71e7..278751712 100644 --- a/reports/templegold-report.md +++ b/reports/templegold-report.md @@ -6772,7 +6772,7 @@ Index event fields make the field more quickly accessible to off-chain tools tha Use descriptive reason strings or custom errors for revert paths. -
54 Found Instances +
55 Found Instances - Found in contracts/core/OpsManager.sol [Line: 50](../tests/2024-07-templegold/protocol/contracts/core/OpsManager.sol#L50) @@ -6787,6 +6787,12 @@ Use descriptive reason strings or custom errors for revert paths. require (x >= -0x8000000000000000 && x <= 0x7FFFFFFFFFFFFFFF); ``` +- Found in contracts/util/ABDKMath64x64.sol [Line: 63](../tests/2024-07-templegold/protocol/contracts/util/ABDKMath64x64.sol#L63) + + ```solidity + require (x <= 0x7FFFFFFFFFFFFFFF); + ``` + - Found in contracts/util/ABDKMath64x64.sol [Line: 77](../tests/2024-07-templegold/protocol/contracts/util/ABDKMath64x64.sol#L77) ```solidity @@ -7003,10 +7009,10 @@ Use descriptive reason strings or custom errors for revert paths. require (result <= 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF); ``` -- Found in contracts/util/ABDKMathQuad.sol [Line: 72](../tests/2024-07-templegold/protocol/contracts/util/ABDKMathQuad.sol#L72) +- Found in contracts/util/ABDKMathQuad.sol [Line: 76](../tests/2024-07-templegold/protocol/contracts/util/ABDKMathQuad.sol#L76) ```solidity - function toInt (bytes16 x) internal pure returns (int256) { + require (exponent <= 16638); // Overflow ``` - Found in contracts/util/ABDKMathQuad.sol [Line: 86](../tests/2024-07-templegold/protocol/contracts/util/ABDKMathQuad.sol#L86) From a3acce33c562f84c205acc031d8866028a38c4e4 Mon Sep 17 00:00:00 2001 From: TilakMaddy Date: Fri, 2 Aug 2024 22:02:06 +0530 Subject: [PATCH 10/10] fix --- aderyn_core/src/detect/low/require_with_string.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aderyn_core/src/detect/low/require_with_string.rs b/aderyn_core/src/detect/low/require_with_string.rs index 62ae936ef..a5b231fdf 100644 --- a/aderyn_core/src/detect/low/require_with_string.rs +++ b/aderyn_core/src/detect/low/require_with_string.rs @@ -1,7 +1,7 @@ use std::{collections::BTreeMap, error::Error}; use crate::{ - ast::{ASTNode, NodeID}, + ast::NodeID, capture, context::workspace_context::WorkspaceContext, detect::detector::{IssueDetector, IssueDetectorNamePool, IssueSeverity},