Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
established scope in tower contracts
- Loading branch information
1 parent
3068013
commit d244b4b
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,3 +1,4 @@ | ||
| pub mod attack_surface; | ||
| pub mod auditor; | ||
| pub mod public_functions_no_sender; | ||
| pub mod send_ether_no_checks; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,57 @@ | ||
| use prettytable::{row, Row}; | ||
|
|
||
| use super::auditor::AuditorDetector; | ||
| use crate::context::workspace_context::WorkspaceContext; | ||
| use std::error::Error; | ||
|
|
||
| struct SendEtherNoChecksInstance { | ||
| ether_sending_call: String, | ||
| } | ||
|
|
||
| #[derive(Default)] | ||
| pub struct SendEtherWithoutMsgSenderChecksDetector { | ||
| found_instances: Vec<SendEtherNoChecksInstance>, | ||
| } | ||
|
|
||
| impl AuditorDetector for SendEtherWithoutMsgSenderChecksDetector { | ||
| fn detect(&mut self, context: &WorkspaceContext) -> Result<bool, Box<dyn Error>> { | ||
|
Check warning on line 17 in aderyn_core/src/audit/send_ether_no_checks.rs
|
||
| Ok(!self.found_instances.is_empty()) | ||
| } | ||
|
|
||
| fn title(&self) -> String { | ||
| String::from("Sending native Eth is not protected") | ||
| } | ||
|
|
||
| fn table_titles(&self) -> Row { | ||
| row!["Code"] | ||
| } | ||
|
|
||
| fn table_rows(&self) -> Vec<Row> { | ||
| self.found_instances | ||
| .iter() | ||
| .map(|instance| row![instance.ether_sending_call]) | ||
| .collect() | ||
| } | ||
|
|
||
| fn skeletal_clone(&self) -> Box<dyn AuditorDetector> { | ||
| Box::<SendEtherWithoutMsgSenderChecksDetector>::default() | ||
| } | ||
| } | ||
|
|
||
| #[cfg(test)] | ||
| mod send_ether_no_checks_detector { | ||
| use crate::audit::{ | ||
| auditor::AuditorDetector, send_ether_no_checks::SendEtherWithoutMsgSenderChecksDetector, | ||
| }; | ||
|
|
||
| #[test] | ||
| fn test_attack_surface_detector() { | ||
| let context = crate::detect::test_utils::load_solidity_source_unit( | ||
| "../tests/contract-playground/src/auditor_mode/ExternalCalls.sol", | ||
| ); | ||
|
|
||
| let mut detector = SendEtherWithoutMsgSenderChecksDetector::default(); | ||
| let found = detector.detect(&context).unwrap(); | ||
| assert!(found); | ||
| } | ||
| } | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,81 @@ | ||
| // SPDX-License-Identifier: MIT | ||
| pragma solidity 0.8.19; | ||
|
|
||
| // Goal of this contract is to test if we can establish a link between | ||
| // the public function `enterTenthFloor` and the fact that `require(msg.sender == 0x011)` | ||
| // could potentially be called as a result | ||
| contract Tower1 { | ||
|
|
||
| function visitEighthFloor() internal { | ||
| require(msg.sender == address(0x11)); | ||
| } | ||
|
|
||
| modifier passThroughNinthFloor() { | ||
| visitEighthFloor(); | ||
| _; | ||
| } | ||
|
|
||
| // Start Here | ||
| function enterTenthFloor() public passThroughNinthFloor() { | ||
|
|
||
| } | ||
|
|
||
| } | ||
|
|
||
| // Goal of this contract is to test if we can establish a link between | ||
| // the public function `enterTenthFloor` and the fact that `x.call{value: 10}("calldata");` | ||
| // could potentially be called as a result. | ||
| // Here, the call to send native eth is not safe | ||
| contract Tower2 { | ||
|
|
||
| function visitEighthFloor(address x) internal { | ||
| (bool success,) = x.call{value: 10}("calldata"); | ||
| if (!success) { | ||
| revert(); | ||
| } | ||
| } | ||
|
|
||
| modifier passThroughNinthFloor(address x) { | ||
| visitEighthFloor(x); | ||
| _; | ||
| } | ||
|
|
||
| // Start Here | ||
| function enterTenthFloor(address x) public passThroughNinthFloor(x) { | ||
|
|
||
| } | ||
|
|
||
| } | ||
|
|
||
|
|
||
|
|
||
| // Goal of this contract is to test if we can establish a link between | ||
| // the public function `enterTenthFloor` <-> `x.call{value: 10}("calldata");` | ||
| // and public function `enterTenthFloor` <-> `require(msg.sender == 0x11);` | ||
| // As a result the call to send native eth is safe | ||
| contract Tower3 { | ||
|
|
||
| function visitEighthFloor(address x) internal { | ||
| (bool success,) = x.call{value: 10}("calldata"); | ||
| if (!success) { | ||
| revert(); | ||
| } | ||
| } | ||
|
|
||
| modifier passThroughNinthFloor(address x) { | ||
| visitEighthFloor(x); | ||
| _; | ||
| } | ||
|
|
||
| // Start Here | ||
| function enterTenthFloor(address x) public passThroughNinthFloor(x) { | ||
| visitSeventhFloor(); | ||
| } | ||
|
|
||
| function visitSeventhFloor() internal { | ||
| require(msg.sender == address(0x11)); | ||
| } | ||
|
|
||
| } | ||
|
|
||
|
|