merge dev

Cyfrin · Aug 2, 2024 · b8c960c · b8c960c
2 parents 364227b + 82d4877
commit b8c960c
Show file tree

Hide file tree

Showing 11 changed files with 1,124 additions and 247 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/aderyn_core/Cargo.toml b/aderyn_core/Cargo.toml
@@ -12,7 +12,7 @@ license = "MIT"
 crossbeam-channel = "0.5.9"
 eyre = "0.6.12"
 ignore = "0.4.21"
-phf = {version = "0.11.2", features = ["macros"]}
+phf = { version = "0.11.2", features = ["macros"] }
 prettytable = "0.10.0"
 rayon = "1.8.0"
 semver = "1.0.20"
@@ -22,7 +22,11 @@ serde-sarif = "0.4.2"
 serde_repr = "0.1.12"
 strum = { version = "0.26", features = ["derive"] }
 toml = "0.8.2"
-cyfrin-foundry-compilers = { version = "0.3.20-aderyn", features = ["svm-solc"]  }
+cyfrin-foundry-compilers = { version = "0.3.20-aderyn", features = [
+    "svm-solc",
+] }
+num-bigint = "0.4"
+num-traits = "0.2"
 lazy-regex = "3.2.0"
 derive_more = "0.99.18"
 

diff --git a/aderyn_core/src/detect/detector.rs b/aderyn_core/src/detect/detector.rs
@@ -66,6 +66,7 @@ pub fn get_all_issue_detectors() -> Vec<Box<dyn IssueDetector>> {
         Box::<RTLODetector>::default(),
         Box::<UncheckedReturnDetector>::default(),
         Box::<DangerousUnaryOperatorDetector>::default(),
+        Box::<TautologyOrContraditionDetector>::default(),
         Box::<DangerousStrictEqualityOnBalanceDetector>::default(),
         Box::<StorageSignedIntegerArrayDetector>::default(),
         Box::<RedundantStatementsDetector>::default(),
@@ -136,6 +137,7 @@ pub(crate) enum IssueDetectorNamePool {
     RTLO,
     UncheckedReturn,
     DangerousUnaryOperator,
+    TautologyOrContradiction,
     DangerousStrictEquailtyOnContractBalance,
     SignedStorageArray,
     RedundantStatements,
@@ -280,6 +282,9 @@ pub fn request_issue_detector_by_name(detector_name: &str) -> Option<Box<dyn Iss
         IssueDetectorNamePool::DangerousUnaryOperator => {
             Some(Box::<DangerousUnaryOperatorDetector>::default())
         }
+        IssueDetectorNamePool::TautologyOrContradiction => {
+            Some(Box::<TautologyOrContraditionDetector>::default())
+        }
         IssueDetectorNamePool::DangerousStrictEquailtyOnContractBalance => {
             Some(Box::<DangerousStrictEqualityOnBalanceDetector>::default())
         }

diff --git a/aderyn_core/src/detect/high/mod.rs b/aderyn_core/src/detect/high/mod.rs
@@ -24,6 +24,7 @@ pub(crate) mod state_variable_shadowing;
 pub(crate) mod storage_array_edit_with_memory;
 pub(crate) mod storage_signed_integer_array;
 pub(crate) mod tautological_compare;
+pub(crate) mod tautology_or_contradiction;
 pub(crate) mod unchecked_return;
 pub(crate) mod unchecked_send;
 pub(crate) mod uninitialized_state_variable;
@@ -58,6 +59,7 @@ pub use state_variable_shadowing::StateVariableShadowingDetector;
 pub use storage_array_edit_with_memory::StorageArrayEditWithMemoryDetector;
 pub use storage_signed_integer_array::StorageSignedIntegerArrayDetector;
 pub use tautological_compare::TautologicalCompareDetector;
+pub use tautology_or_contradiction::TautologyOrContraditionDetector;
 pub use unchecked_return::UncheckedReturnDetector;
 pub use unchecked_send::UncheckedSendDetector;
 pub use uninitialized_state_variable::UninitializedStateVariableDetector;

diff --git a/aderyn_core/src/detect/high/state_variable_shadowing.rs b/aderyn_core/src/detect/high/state_variable_shadowing.rs
@@ -179,11 +179,16 @@ impl IssueDetector for StateVariableShadowingDetector {
     }
 
     fn title(&self) -> String {
-        String::from("High Issue Title")
+        String::from("Shadowed State Variables in Inheritance Hierarchy")
     }
 
     fn description(&self) -> String {
-        String::from("Description of the high issue.")
+        String::from(
+            "This vulnerability arises when a derived contract unintentionally shadows a state variable from \
+            a parent contract by declaring a variable with the same name. This can be misleading. \
+            To prevent this, ensure variable names \
+            are unique across the inheritance hierarchy or use proper visibility and scope controls."
+        )
     }
 
     fn instances(&self) -> BTreeMap<(String, usize, String), NodeID> {
@@ -220,11 +225,19 @@ mod state_variable_shadowing_detector_tests {
             crate::detect::detector::IssueSeverity::High
         );
         // assert the title is correct
-        assert_eq!(detector.title(), String::from("High Issue Title"));
+        assert_eq!(
+            detector.title(),
+            String::from("Shadowed State Variables in Inheritance Hierarchy")
+        );
         // assert the description is correct
         assert_eq!(
             detector.description(),
-            String::from("Description of the high issue.")
+            String::from(
+                "This vulnerability arises when a derived contract unintentionally shadows a state variable from \
+                a parent contract by declaring a variable with the same name. This can be misleading. \
+                To prevent this, ensure variable names \
+                are unique across the inheritance hierarchy or use proper visibility and scope controls."
+            )
         );
     }
 }