diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 000000000..b234ebeb3 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,5 @@ +[attr]generated linguist-generated=true diff=generated + +Cargo.lock generated +reports/*.* generated + diff --git a/.github/workflows/cargo.yml b/.github/workflows/cargo.yml index 276e68eb4..f5efaca3f 100644 --- a/.github/workflows/cargo.yml +++ b/.github/workflows/cargo.yml @@ -64,11 +64,6 @@ jobs: run: | git submodule update --init --recursive - - uses: Swatinem/rust-cache@v2 - - name: Run cargo test - run: | - cargo test _by_loading_contract_directly - - uses: Swatinem/rust-cache@v2 - name: Run cargo test run: | diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 2c5b0a50f..e282b58d0 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -80,7 +80,7 @@ jobs: echo "COMPRESSED_BINARY=compressed/${{ env.BIN_RELEASE_VERSIONED }}.tar.gz" >> $GITHUB_ENV - name: Upload Artifact - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@v4 with: name: ${{ env.BIN_RELEASE_VERSIONED }}.tar.gz path: ${{ env.COMPRESSED_BINARY }} @@ -93,7 +93,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Download All Artifacts - uses: actions/download-artifact@v2 + uses: actions/download-artifact@v4 with: path: artifacts/ diff --git a/Cargo.lock b/Cargo.lock index 74825ad6d..9c881c5f0 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -23,7 +23,7 @@ dependencies = [ [[package]] name = "aderyn" -version = "0.2.0" +version = "0.3.0" dependencies = [ "aderyn_driver", "clap", @@ -37,13 +37,14 @@ dependencies = [ "serde_json", "simple-logging", "strum 0.26.3", + "termcolor", "tokio", "tower-lsp", ] [[package]] name = "aderyn_core" -version = "0.2.0" +version = "0.3.0" dependencies = [ "crossbeam-channel", "cyfrin-foundry-compilers", @@ -69,7 +70,7 @@ dependencies = [ [[package]] name = "aderyn_driver" -version = "0.2.0" +version = "0.3.0" dependencies = [ "aderyn_core", "criterion", @@ -87,7 +88,7 @@ dependencies = [ [[package]] name = "aderyn_py" -version = "0.2.0" +version = "0.3.0" dependencies = [ "aderyn_driver", "field_access", @@ -2234,6 +2235,7 @@ version = "0.3.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "49f5dab59c348b9b50cf7f261960a20e389feb2713636399cd9082cd4b536154" dependencies = [ + "crossbeam-channel", "file-id", "log", "notify", @@ -3722,6 +3724,15 @@ dependencies = [ "winapi", ] +[[package]] +name = "termcolor" +version = "1.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "06794f8f6c5c898b3275aebefa6b8a1cb24cd2c6c79397ab15774837a0bc5755" +dependencies = [ + "winapi-util", +] + [[package]] name = "thiserror" version = "1.0.63" diff --git a/Makefile b/Makefile index 46c014d15..04c839f5e 100644 --- a/Makefile +++ b/Makefile @@ -6,9 +6,12 @@ # - cargo-clippy ################## -# Run if setting up for first time +.PHONY: help +help: + @cat $(MAKEFILE_LIST) | grep -E '^[a-zA-Z_-]+:.*?## .*$$' | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}' + .PHONY: setup -setup: +setup: ## Run if setting up for first time git submodule update --init --recursive cd tests/ccip-contracts/contracts/;\ pnpm install @@ -19,14 +22,34 @@ setup: cd tests/2024-07-templegold/;\ yarn -# Check for tests to pass + +.PHONY: pr +pr: ## Run before sending PRs + cargo +nightly fmt --all + cargo test --quiet + cargo clippy --quiet --workspace --all-targets --all-features + cli/reportgen.sh + + +.PHONY: build +build: ## Build the compiler + cargo build --release + + .PHONY: test -test: +test: ## Run the compiler unit tests cargo test + cargo clippy --quiet --workspace --all-targets --all-features + +.PHONY: fmt +fmt: ## Run the rust formatter + cargo +nightly fmt --all + +.PHONY: test-watch +test-watch: ## Run compiler tests when files change + watchexec -e rs,toml "cargo test --quiet" + + +# Debug print vars with `make print-VAR_NAME` +print-%: ; @echo $*=$($*) -# Run before sending PRs -.PHONY: reportgen -reportgen: - cargo fmt - cargo clippy -- -D warnings - cli/reportgen.sh \ No newline at end of file diff --git a/aderyn/Cargo.toml b/aderyn/Cargo.toml index c9869b40c..e5449a300 100644 --- a/aderyn/Cargo.toml +++ b/aderyn/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "aderyn" -version = "0.2.0" +version = "0.3.0" edition = "2021" authors = ["Cyfrin "] description = "Rust based Solidity AST analyzer" @@ -10,15 +10,16 @@ default-run = "aderyn" # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html [dependencies] -aderyn_driver = { path = "../aderyn_driver", version = "0.2.0" } +aderyn_driver = { path = "../aderyn_driver", version = "0.3.0" } clap = { version = "4.4.6", features = ["derive"] } reqwest = { version = "0.12.2", default-features = false, features = ["blocking", "json", "rustls-tls"] } semver = "1.0.22" serde = { version = "1.0.160", features = ["derive"] } serde_json = { version = "1.0.96", features = ["preserve_order"] } strum = { version = "0.26", features = ["derive"] } -notify-debouncer-full = { version = "0.3.1", default-features = false } +notify-debouncer-full = "0.3.1" cyfrin-foundry-compilers = { version = "0.3.20-aderyn", features = ["svm-solc"] } +termcolor = "1.4.1" tokio = { version = "1.40.0", features = ["full"] } tower-lsp = "0.20.0" log = "0.4.22" diff --git a/aderyn/src/lib.rs b/aderyn/src/lib.rs index 748326fe0..b34af156f 100644 --- a/aderyn/src/lib.rs +++ b/aderyn/src/lib.rs @@ -1,8 +1,24 @@ use aderyn_driver::detector::{get_all_detectors_names, get_issue_detector_by_name, IssueSeverity}; use semver::Version; use serde_json::Value; +use std::{fs::File, io::Write, path::PathBuf, str::FromStr}; use strum::IntoEnumIterator; +pub fn create_aderyn_toml_file_at(directory: String) { + let aderyn_toml_path = PathBuf::from_str(&directory).unwrap().join("aderyn.toml"); + let mut file = File::create_new(aderyn_toml_path.clone()).expect("File already exists!"); + file.write_all(include_bytes!("../templates/aderyn.toml")) + .expect("To write contents into aderyn.toml"); + println!("Created aderyn.toml at {}", aderyn_toml_path.display()); +} + +mod panic; + +pub fn initialize_niceties() { + // Crash with a nice message on panic + panic::add_handler() +} + pub mod lsp; pub fn print_detail_view(detector_name: &str) { @@ -72,21 +88,23 @@ fn right_pad(s: &str, by: usize) -> String { pub static APP_USER_AGENT: &str = concat!(env!("CARGO_PKG_NAME"), "/", env!("CARGO_PKG_VERSION")); -pub fn aderyn_is_currently_running_newest_version() -> Result { +pub fn aderyn_is_currently_running_newest_version() -> Option { let client = reqwest::blocking::Client::builder() .user_agent(APP_USER_AGENT) - .build()?; + .build() + .expect("client is unable to initialize"); let latest_version_checker = client .get("https://api.github.com/repos/Cyfrin/aderyn/releases/latest") - .send()?; + .send() + .ok()?; - let data = latest_version_checker.json::()?; - let newest = - Version::parse(data["tag_name"].as_str().unwrap().replace('v', "").as_str()).unwrap(); - let current = Version::parse(env!("CARGO_PKG_VERSION")).unwrap(); + let data = latest_version_checker.json::().ok()?; + let version_string = data["tag_name"].as_str()?; + let newest = Version::parse(version_string.replace('v', "").as_str()).ok()?; + let current = Version::parse(env!("CARGO_PKG_VERSION")).expect("Pkg version not available"); - Ok(current >= newest) + Some(current >= newest) } #[cfg(test)] @@ -95,6 +113,6 @@ mod latest_version_checker_tests { #[test] fn can_get_latest_version_from_crate_registry() { - assert!(aderyn_is_currently_running_newest_version().is_ok()) + assert!(aderyn_is_currently_running_newest_version().is_some()) } } diff --git a/aderyn/src/main.rs b/aderyn/src/main.rs index cd964d4ea..8c1a55df3 100644 --- a/aderyn/src/main.rs +++ b/aderyn/src/main.rs @@ -1,6 +1,6 @@ use aderyn::{ - aderyn_is_currently_running_newest_version, lsp::spin_up_language_server, - print_all_detectors_view, print_detail_view, + aderyn_is_currently_running_newest_version, create_aderyn_toml_file_at, initialize_niceties, + lsp::spin_up_language_server, print_all_detectors_view, print_detail_view, }; use aderyn_driver::driver::{self, Args}; @@ -17,6 +17,10 @@ pub struct CommandLineArgs { #[arg(default_value = ".")] root: String, + /// Initialize aderyn.toml in [ROOT] which hosts all the configuration to override defaults + #[arg(long)] + init: bool, + /// Path to the source contracts. If not provided, the ROOT directory will be used. /// /// For example, in a foundry repo: @@ -85,6 +89,7 @@ enum RegistryCommand { } fn main() { + initialize_niceties(); let cmd_args = CommandLineArgs::parse(); if let Some(reg) = cmd_args.registry { @@ -100,6 +105,16 @@ fn main() { return; } + if cmd_args.root == "init" { + create_aderyn_toml_file_at(".".to_string()); + return; + } + + if cmd_args.init { + create_aderyn_toml_file_at(cmd_args.root); + return; + } + let mut args: Args = Args { root: cmd_args.root, output: cmd_args.output, @@ -126,7 +141,7 @@ fn main() { // Check for updates if !cmd_args.skip_update_check { - if let Ok(yes) = aderyn_is_currently_running_newest_version() { + if let Some(yes) = aderyn_is_currently_running_newest_version() { if !yes { println!(); println!("NEW VERSION OF ADERYN AVAILABLE! Please run `cyfrinup` to upgrade."); diff --git a/aderyn/src/panic.rs b/aderyn/src/panic.rs new file mode 100644 index 000000000..147f5c223 --- /dev/null +++ b/aderyn/src/panic.rs @@ -0,0 +1,79 @@ +#![allow(clippy::unwrap_used)] +use std::{io::Write, panic::PanicInfo}; +use termcolor::{Color, ColorSpec, WriteColor}; + +use std::io::IsTerminal; + +use termcolor::{BufferWriter, ColorChoice}; + +pub fn stderr_buffer_writer() -> BufferWriter { + // Prefer to add colors to the output only if it is forced via an environment variable or + // because it's a terminal + + let color_choice = { + if std::env::var("FORCE_COLOR").is_ok_and(|e| !e.is_empty()) { + ColorChoice::Always + } else if std::io::stderr().is_terminal() { + ColorChoice::Auto + } else { + ColorChoice::Never + } + }; + + BufferWriter::stderr(color_choice) +} + +pub fn add_handler() { + std::panic::set_hook(Box::new(move |info: &PanicInfo<'_>| { + print_compiler_bug_message(info) + })); +} + +fn print_compiler_bug_message(info: &PanicInfo<'_>) { + let message = match ( + info.payload().downcast_ref::<&str>(), + info.payload().downcast_ref::(), + ) { + (Some(s), _) => (*s).to_string(), + (_, Some(s)) => s.to_string(), + (None, None) => "unknown error".into(), + }; + + let location = match info.location() { + None => "".into(), + Some(location) => format!("{}:{}\n\t", location.file(), location.line()), + }; + + let buffer_writer = stderr_buffer_writer(); + let mut buffer = buffer_writer.buffer(); + buffer + .set_color(ColorSpec::new().set_bold(true).set_fg(Some(Color::Red))) + .unwrap(); + write!(buffer, "error").unwrap(); + buffer.set_color(ColorSpec::new().set_bold(true)).unwrap(); + write!(buffer, ": Fatal compiler bug!\n\n").unwrap(); + buffer.set_color(&ColorSpec::new()).unwrap(); + writeln!( + buffer, + "This is a fatal bug in the Aderyn, sorry! + +Please report this crash to https://github.com/cyfrin/aderyn/issues/new and include this error message with your report. + +Panic: {location}{message} +Aderyn version: {version} +Operating system: {os} + +If you can also share your code and say what file you were editing or any +steps to reproduce the crash that would be a great help. + +You may also want to try again with the `ADERYN_LOG=trace` environment +variable set. +", + location = location, + message = message, + version = env!("CARGO_PKG_VERSION"), + os = std::env::consts::OS, + ) + .unwrap(); + buffer_writer.print(&buffer).unwrap(); +} diff --git a/aderyn/templates/aderyn.toml b/aderyn/templates/aderyn.toml new file mode 100644 index 000000000..b127482cc --- /dev/null +++ b/aderyn/templates/aderyn.toml @@ -0,0 +1,34 @@ +# Aderyn Configuration File +# This is a sample configuration for Aderyn + +# The root directory of smart contracts +# root = "." + +# By default, aderyn will try to extract the following values based on the framework that is being used. +# However, if you want to be explicit consider mentioning them. + +# The source directory containing the Solidity contracts. +# This is often "contracts/" or "src/" +# src = "src/" + +# Contract files to include in the analysis. +# This is a list of strings representing the file paths of the contracts to include. +# It can be a partial match like "/interfaces/", which will include all files with "/interfaces/" in the file path. +# Or it can be a full match like "Counter.sol", which will include only the file with the exact file. +# If not specified, all contract files in the source directory will be included. +# Example: +# include = ["Counter.sol"] +# include = [] + +# Contract files to exclude from the analysis. +# This is a list of strings representing the file paths of the contracts to exclude. +# It can be a partial match like "/interfaces/", which will exclude all files with "/interfaces/" in the file path. +# Or it can be a full match like "Counter.sol", which will exclude only the file with the exact file. +# If not specified, no contract files will be excluded. +# Example: +# exclude = ["/interfaces/"] +# exclude = [] + +## Remappings used for compiling the contracts. +# Example: +# remappings = ["@oz/contracts=lib/openzeppelin-contracts/contracts"] diff --git a/aderyn_core/Cargo.toml b/aderyn_core/Cargo.toml index cbe1b9764..07dd80e34 100644 --- a/aderyn_core/Cargo.toml +++ b/aderyn_core/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "aderyn_core" -version = "0.2.0" +version = "0.3.0" edition = "2021" authors = ["Cyfrin "] description = "Rust based Solidity AST analyzer backend" diff --git a/aderyn_core/src/context/graph/callgraph_tests.rs b/aderyn_core/src/context/graph/callgraph_tests.rs index 49be47ea3..0e7b68796 100644 --- a/aderyn_core/src/context/graph/callgraph_tests.rs +++ b/aderyn_core/src/context/graph/callgraph_tests.rs @@ -1,7 +1,7 @@ #![allow(clippy::collapsible_match)] #[cfg(test)] -mod callgraph_tests { +mod callgraph_test_functions { use crate::{ ast::{FunctionDefinition, ModifierDefinition}, context::{ diff --git a/aderyn_core/src/detect/detector.rs b/aderyn_core/src/detect/detector.rs index b2529a364..5dd7e54b4 100644 --- a/aderyn_core/src/detect/detector.rs +++ b/aderyn_core/src/detect/detector.rs @@ -101,6 +101,7 @@ pub fn get_all_issue_detectors() -> Vec> { Box::::default(), Box::::default(), Box::::default(), + Box::::default(), ] } @@ -112,6 +113,7 @@ pub fn get_all_detectors_names() -> Vec { #[derive(Debug, PartialEq, EnumString, Display)] #[strum(serialize_all = "kebab-case")] pub(crate) enum IssueDetectorNamePool { + MultiplePlaceholders, StateVariableChangesWithoutEvents, MissingInheritance, UnusedImport, @@ -207,6 +209,9 @@ pub fn request_issue_detector_by_name(detector_name: &str) -> Option { + Some(Box::::default()) + } IssueDetectorNamePool::StateVariableChangesWithoutEvents => { Some(Box::::default()) } diff --git a/aderyn_core/src/detect/helpers.rs b/aderyn_core/src/detect/helpers.rs index 8daa10b56..de8a09498 100644 --- a/aderyn_core/src/detect/helpers.rs +++ b/aderyn_core/src/detect/helpers.rs @@ -129,12 +129,16 @@ pub fn has_calls_that_sends_native_eth(ast_node: &ASTNode) -> bool { // payable(address(..)).transfer(100) // payable(address(..)).send(100) + // address.sendValue(..) (from openzeppelin) let function_calls = ExtractFunctionCalls::from(ast_node).extracted; for function_call in function_calls { if let Expression::MemberAccess(member_access) = function_call.expression.as_ref() { - if member_access.member_name == "transfer" || member_access.member_name == "send" { + if member_access.member_name == "transfer" + || member_access.member_name == "send" + || member_access.member_name == "sendValue" + { if let Some(type_description) = member_access.expression.type_descriptions() { if type_description .type_string diff --git a/aderyn_core/src/detect/high/unsafe_casting.rs b/aderyn_core/src/detect/high/unsafe_casting.rs index 5f68007fb..6c7194d42 100644 --- a/aderyn_core/src/detect/high/unsafe_casting.rs +++ b/aderyn_core/src/detect/high/unsafe_casting.rs @@ -284,7 +284,7 @@ mod unsafe_casting_detector_tests { // assert that the detector found an issue assert!(found); // assert that the detector found the correct number of instances - assert_eq!(detector.instances().len(), 93); + assert_eq!(detector.instances().len(), 94); // assert the severity is high assert_eq!( detector.severity(), diff --git a/aderyn_core/src/detect/low/contracts_with_todos.rs b/aderyn_core/src/detect/low/contracts_with_todos.rs index 54d7f2fb7..bc9cfda31 100644 --- a/aderyn_core/src/detect/low/contracts_with_todos.rs +++ b/aderyn_core/src/detect/low/contracts_with_todos.rs @@ -73,7 +73,7 @@ impl IssueDetector for ContractsWithTodosDetector { } #[cfg(test)] -mod contracts_with_todos { +mod contracts_with_todos_tests { use serial_test::serial; use crate::detect::detector::IssueDetector; diff --git a/aderyn_core/src/detect/low/costly_operations_inside_loops.rs b/aderyn_core/src/detect/low/costly_operations_inside_loops.rs index a50be2800..1b45fa813 100644 --- a/aderyn_core/src/detect/low/costly_operations_inside_loops.rs +++ b/aderyn_core/src/detect/low/costly_operations_inside_loops.rs @@ -100,7 +100,7 @@ impl<'a> CallGraphVisitor for StateVariableChangeTracker<'a> { } #[cfg(test)] -mod costly_operations_inside_loops { +mod costly_operations_inside_loops_tests { use serial_test::serial; use crate::detect::{ diff --git a/aderyn_core/src/detect/low/inconsistent_type_names.rs b/aderyn_core/src/detect/low/inconsistent_type_names.rs index fe2f96363..5289c4d02 100644 --- a/aderyn_core/src/detect/low/inconsistent_type_names.rs +++ b/aderyn_core/src/detect/low/inconsistent_type_names.rs @@ -156,7 +156,7 @@ impl IssueDetector for InconsistentTypeNamesDetector { } #[cfg(test)] -mod inconsistent_type_names { +mod inconsistent_type_names_tests { use serial_test::serial; use crate::detect::detector::IssueDetector; diff --git a/aderyn_core/src/detect/low/mod.rs b/aderyn_core/src/detect/low/mod.rs index e19da44a1..b19c3fc64 100644 --- a/aderyn_core/src/detect/low/mod.rs +++ b/aderyn_core/src/detect/low/mod.rs @@ -18,6 +18,7 @@ pub(crate) mod large_literal_value; pub(crate) mod literals_instead_of_constants; pub(crate) mod local_variable_shadowing; pub(crate) mod missing_inheritance; +pub(crate) mod multiple_placeholders; pub(crate) mod non_reentrant_before_others; pub(crate) mod public_variable_read_in_external_context; pub(crate) mod push_0_opcode; @@ -62,6 +63,7 @@ pub use large_literal_value::LargeLiteralValueDetector; pub use literals_instead_of_constants::LiteralsInsteadOfConstantsDetector; pub use local_variable_shadowing::LocalVariableShadowingDetector; pub use missing_inheritance::MissingInheritanceDetector; +pub use multiple_placeholders::MultiplePlaceholdersDetector; pub use non_reentrant_before_others::NonReentrantBeforeOthersDetector; pub use public_variable_read_in_external_context::PublicVariableReadInExternalContextDetector; pub use push_0_opcode::PushZeroOpcodeDetector; diff --git a/aderyn_core/src/detect/low/multiple_placeholders.rs b/aderyn_core/src/detect/low/multiple_placeholders.rs new file mode 100644 index 000000000..9820885b6 --- /dev/null +++ b/aderyn_core/src/detect/low/multiple_placeholders.rs @@ -0,0 +1,92 @@ +use std::collections::BTreeMap; +use std::error::Error; + +use crate::ast::NodeID; + +use crate::capture; +use crate::context::browser::ExtractPlaceholderStatements; +use crate::detect::detector::IssueDetectorNamePool; +use crate::{ + context::workspace_context::WorkspaceContext, + detect::detector::{IssueDetector, IssueSeverity}, +}; +use eyre::Result; + +// HOW TO USE THIS TEMPLATE: +// 1. Copy this file and rename it to the snake_case version of the issue you are detecting. +// 2. Rename the TemplateDetector struct and impl to your new issue name. +// 3. Add this file and detector struct to the mod.rs file in the same directory. +// 4. Implement the detect function to find instances of the issue. + +#[derive(Default)] +pub struct MultiplePlaceholdersDetector { + // Keys are: [0] source file name, [1] line number, [2] character location of node. + // Do not add items manually, use `capture!` to add nodes to this BTreeMap. + found_instances: BTreeMap<(String, usize, String), NodeID>, + hints: BTreeMap<(String, usize, String), String>, +} + +impl IssueDetector for MultiplePlaceholdersDetector { + fn detect(&mut self, context: &WorkspaceContext) -> Result> { + for modifier in context.modifier_definitions() { + let placeholders = ExtractPlaceholderStatements::from(modifier).extracted; + if placeholders.len() > 1 { + capture!(self, context, modifier); + } + } + Ok(!self.found_instances.is_empty()) + } + + fn severity(&self) -> IssueSeverity { + IssueSeverity::Low + } + + fn title(&self) -> String { + String::from("Modifier has multiple placeholders.") + } + + fn description(&self) -> String { + String::from("Design the modifier to only contain 1 placeholder statement. If it's not possible, split the logic into multiple modifiers.") + } + + fn instances(&self) -> BTreeMap<(String, usize, String), NodeID> { + self.found_instances.clone() + } + + fn hints(&self) -> BTreeMap<(String, usize, String), String> { + self.hints.clone() + } + + fn name(&self) -> String { + IssueDetectorNamePool::MultiplePlaceholders.to_string() + } +} + +#[cfg(test)] +mod multiple_placeholder_tests { + use serial_test::serial; + + use crate::detect::{ + detector::IssueDetector, low::multiple_placeholders::MultiplePlaceholdersDetector, + }; + + #[test] + #[serial] + fn multiple_placeholders_test() { + let context = crate::detect::test_utils::load_solidity_source_unit( + "../tests/contract-playground/src/MultiplePlaceholders.sol", + ); + + let mut detector = MultiplePlaceholdersDetector::default(); + let found = detector.detect(&context).unwrap(); + // assert that the detector found an issue + assert!(found); + // assert that the detector found the correct number of instances + assert_eq!(detector.instances().len(), 1); + // assert the severity is low + assert_eq!( + detector.severity(), + crate::detect::detector::IssueSeverity::Low + ); + } +} diff --git a/aderyn_core/src/detect/low/uninitialized_local_variables.rs b/aderyn_core/src/detect/low/uninitialized_local_variables.rs index 9b775da35..16c3f580f 100644 --- a/aderyn_core/src/detect/low/uninitialized_local_variables.rs +++ b/aderyn_core/src/detect/low/uninitialized_local_variables.rs @@ -122,11 +122,7 @@ mod uninitialized_local_variables_detector_tests { println!( "Line numbers of uninitialized local variables: {:?}", - detector - .instances() - .into_iter() - .map(|(i, _)| i.1) - .collect::>() + detector.instances().into_keys().collect::>() ); // assert that the detector found an issue diff --git a/aderyn_core/src/detect/low/unspecific_solidity_pragma.rs b/aderyn_core/src/detect/low/unspecific_solidity_pragma.rs index 72dbb42a7..632c90085 100644 --- a/aderyn_core/src/detect/low/unspecific_solidity_pragma.rs +++ b/aderyn_core/src/detect/low/unspecific_solidity_pragma.rs @@ -1,9 +1,12 @@ use std::{collections::BTreeMap, error::Error}; use crate::{ - ast::NodeID, + ast::{ContractKind, NodeID, NodeType}, capture, - context::workspace_context::WorkspaceContext, + context::{ + browser::{ExtractContractDefinitions, GetClosestAncestorOfTypeX}, + workspace_context::WorkspaceContext, + }, detect::detector::{IssueDetector, IssueDetectorNamePool, IssueSeverity}, }; use eyre::Result; @@ -18,8 +21,20 @@ pub struct UnspecificSolidityPragmaDetector { impl IssueDetector for UnspecificSolidityPragmaDetector { fn detect(&mut self, context: &WorkspaceContext) -> Result> { for pragma_directive in context.pragma_directives() { + let Some(source_unit) = + pragma_directive.closest_ancestor_of_type(context, NodeType::SourceUnit) + else { + continue; + }; + let contracts_in_source_unit = ExtractContractDefinitions::from(source_unit).extracted; + if contracts_in_source_unit + .iter() + .any(|c| c.kind == ContractKind::Library) + { + continue; + } for literal in &pragma_directive.literals { - if literal.contains('^') || literal.contains('>') { + if literal.contains('^') || literal.contains('>') || literal.contains('<') { capture!(self, context, pragma_directive); break; } @@ -88,4 +103,17 @@ mod unspecific_solidity_pragma_tests { ) ); } + + #[test] + #[serial] + fn test_unspecific_solidity_pragma_detector_by_loading_contract_directly_on_library() { + let context = crate::detect::test_utils::load_solidity_source_unit( + "../tests/contract-playground/src/OnlyLibrary.sol", + ); + + let mut detector = UnspecificSolidityPragmaDetector::default(); + let found = detector.detect(&context).unwrap(); + // assert that the detector found an abi encode packed + assert!(!found); + } } diff --git a/aderyn_core/src/detect/test_utils/load_source_unit.rs b/aderyn_core/src/detect/test_utils/load_source_unit.rs index 62daf78da..1b89695fa 100644 --- a/aderyn_core/src/detect/test_utils/load_source_unit.rs +++ b/aderyn_core/src/detect/test_utils/load_source_unit.rs @@ -190,6 +190,7 @@ pub fn load_multiple_solidity_source_units_into_single_context( let my_file_args = file_args.clone(); let my_file_args: Vec<&str> = my_file_args.iter().map(|x| x.as_str()).collect(); + #[allow(clippy::assigning_clones)] while idx < lines.len() { let line = lines[idx]; diff --git a/aderyn_core/src/visitor/workspace_visitor.rs b/aderyn_core/src/visitor/workspace_visitor.rs index 533273405..ec48735c7 100644 --- a/aderyn_core/src/visitor/workspace_visitor.rs +++ b/aderyn_core/src/visitor/workspace_visitor.rs @@ -151,6 +151,7 @@ impl ASTConstVisitor for WorkspaceContext { visit_structured_documentation | StructuredDocumentation => structured_documentations_context |, visit_tuple_expression | TupleExpression => tuple_expressions_context |, visit_unary_operation | UnaryOperation => unary_operations_context |, + visit_unchecked_block | UncheckedBlock => unchecked_blocks_context |, visit_user_defined_value_type_definition | UserDefinedValueTypeDefinition => user_defined_value_type_definitions_context |, visit_using_for_directive | UsingForDirective => using_for_directives_context |, visit_variable_declaration | VariableDeclaration => variable_declarations_context |, diff --git a/aderyn_driver/Cargo.toml b/aderyn_driver/Cargo.toml index ba6a32586..a7e808d2c 100644 --- a/aderyn_driver/Cargo.toml +++ b/aderyn_driver/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "aderyn_driver" -version = "0.2.0" +version = "0.3.0" edition = "2021" authors = ["Cyfrin "] description = "Rust based Solidity AST analyzer driver" @@ -9,7 +9,7 @@ license = "MIT" # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html [dependencies] -aderyn_core = { path = "../aderyn_core", version = "0.2.0" } +aderyn_core = { path = "../aderyn_core", version = "0.3.0" } rayon = "1.8.0" cyfrin-foundry-compilers = { version = "0.3.20-aderyn", features = ["svm-solc"] } serde_json = { version = "1.0.96", features = ["preserve_order"] } diff --git a/aderyn_driver/src/config_helpers.rs b/aderyn_driver/src/config_helpers.rs index 639eed7ce..63f2da21e 100644 --- a/aderyn_driver/src/config_helpers.rs +++ b/aderyn_driver/src/config_helpers.rs @@ -230,7 +230,7 @@ fn interpret_foundry_config( mod tests { use std::path::PathBuf; - use cyfrin_foundry_config::{Config, RelativeRemapping}; + use cyfrin_foundry_config::RelativeRemapping; #[test] fn test_interpret_aderyn_config_correctly_appends_and_replaces() { @@ -288,12 +288,13 @@ mod tests { #[test] fn test_interpret_foundry_config_correctly_appends_and_replaces() { - let mut config = Config::default(); - config.src = PathBuf::from("CONFIG_SRC"); - config.script = PathBuf::from("CONFIG_SCRIPT".to_string()); - config.test = PathBuf::from("CONFIG_TEST".to_string()); - config.libs = vec![PathBuf::from("CONFIG_LIBS".to_string())]; - + let mut config = cyfrin_foundry_config::Config { + src: PathBuf::from("CONFIG_SRC"), + script: PathBuf::from("CONFIG_SCRIPT".to_string()), + test: PathBuf::from("CONFIG_TEST".to_string()), + libs: vec![PathBuf::from("CONFIG_LIBS".to_string())], + ..Default::default() + }; let rel_remap = RelativeRemapping { context: Some("REL_REMAPPING_CONTEXT".to_string()), name: "REL_REMAPPING_NAME".to_string(), diff --git a/aderyn_py/Cargo.toml b/aderyn_py/Cargo.toml index 6df3e569e..89671d0ab 100644 --- a/aderyn_py/Cargo.toml +++ b/aderyn_py/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "aderyn_py" -version = "0.2.0" +version = "0.3.0" edition = "2021" authors = ["Cyfrin "] description = "Rust based Solidity AST analyzer python bindings" @@ -14,7 +14,7 @@ name = "aderynpy" crate-type = ["cdylib"] [dependencies] -aderyn_driver = { path = "../aderyn_driver", version = "0.2.0" } +aderyn_driver = { path = "../aderyn_driver", version = "0.3.0" } field_access = "0.1.8" [dependencies.pyo3] diff --git a/cyfrinup/cyfrinup b/cyfrinup/cyfrinup index 5202e6404..58736785a 100755 --- a/cyfrinup/cyfrinup +++ b/cyfrinup/cyfrinup @@ -27,4 +27,28 @@ ensure() { if ! "$@"; then err "command failed: $*"; fi } +# --- Adding a banner --- +banner() { + printf " + +⠀⠀⠀⡠⠔⠂⠁⠀⠀⠀⠀⠀⠈⠐⡂⠀⠀ █████╗ ██████╗ ███████╗ ██████╗ ██╗ ██╗ ███╗ ██╗ +⠀⡠⠀⠀⠀⠀⠀⡀⠀⠀⠀⠀⠀⠀⢈⣀⡀ ██╔══██╗ ██╔══██╗ ██╔════╝ ██╔══██╗ ╚██╗ ██╔╝ ████╗ ██║ +⠰⠀⠀⠀⢠⢆⣤⣆⠀⠀⠤⠤⠄⢀⡀⠑⠀ ███████║ ██║ ██║ █████╗ ██████╔╝ ╚████╔╝ ██╔██╗ ██║ +⡌⠊⠒⠠⡁⠈⠛⠋⡠⠊⠀⠠⠀⠀⠀⠀⠉ ██╔══██║ ██║ ██║ ██╔══╝ ██╔══██╗ ╚██╔╝ ██║╚██╗██║ +⡅⠀⢀⣰⣧⠁⠀⠉⠀⠀⢀⠂⠀⠀⠀⠀⣠ ██║ ██║ ██████╔╝ ███████╗ ██║ ██║ ██║ ██║ ╚████║ +⠇⣬⣿⣿⣿⠀⠀⠀⠀⠠⠂⠀⠀⠀⢄⣴⣿ ╚═╝ ╚═╝ ╚═════╝ ╚══════╝ ╚═╝ ╚═╝ ╚═╝ ╚═╝ ╚═══╝ +⠈⠻⣗⡀⢡⢁⠀⢀⠔⠁⠀⠀⠀⢠⣿⣿⣿ +⠀⠀⠀⠁⠈⡀⠒⠃⠀⠀⠀⠀⠀⠸⣿⣿⡿ A powerful Solidity static analyzer that takes a +⠀⠀⠀⠀⠀⠁⠀⠀⡀⠀⠀⠀⠀⡄⢸⠚⠃ bird's eye view over your smart contracts. +⠀⠀⠀⠀⠀⠇⠀⢠⠁⠀⡀⠀⢠⠀⡚⠀⠀ +⠀⠀⠀⠀⠘⠀⠂⠀⡀⠔⡅⡠⠂⠉ Official Docs - https://docs.cyfrin.io/ + + ᴘᴏᴡᴇʀᴇᴅ ʙʏ ᴄʏꜰʀɪɴ + + " +} + +# Calling banner function +banner + main "$@" || exit 1 \ No newline at end of file diff --git a/cyfrinup/install b/cyfrinup/install index 635dc4d55..b257974e2 100755 --- a/cyfrinup/install +++ b/cyfrinup/install @@ -6,6 +6,30 @@ set -e # https://github.com/foundry-rs/foundry/tree/master/foundryup # ----------------------------------------------------------- +# --- Adding a banner --- +banner() { + printf " + +⠀⠀⠀⡠⠔⠂⠁⠀⠀⠀⠀⠀⠈⠐⡂⠀⠀ █████╗ ██████╗ ███████╗ ██████╗ ██╗ ██╗ ███╗ ██╗ +⠀⡠⠀⠀⠀⠀⠀⡀⠀⠀⠀⠀⠀⠀⢈⣀⡀ ██╔══██╗ ██╔══██╗ ██╔════╝ ██╔══██╗ ╚██╗ ██╔╝ ████╗ ██║ +⠰⠀⠀⠀⢠⢆⣤⣆⠀⠀⠤⠤⠄⢀⡀⠑⠀ ███████║ ██║ ██║ █████╗ ██████╔╝ ╚████╔╝ ██╔██╗ ██║ +⡌⠊⠒⠠⡁⠈⠛⠋⡠⠊⠀⠠⠀⠀⠀⠀⠉ ██╔══██║ ██║ ██║ ██╔══╝ ██╔══██╗ ╚██╔╝ ██║╚██╗██║ +⡅⠀⢀⣰⣧⠁⠀⠉⠀⠀⢀⠂⠀⠀⠀⠀⣠ ██║ ██║ ██████╔╝ ███████╗ ██║ ██║ ██║ ██║ ╚████║ +⠇⣬⣿⣿⣿⠀⠀⠀⠀⠠⠂⠀⠀⠀⢄⣴⣿ ╚═╝ ╚═╝ ╚═════╝ ╚══════╝ ╚═╝ ╚═╝ ╚═╝ ╚═╝ ╚═══╝ +⠈⠻⣗⡀⢡⢁⠀⢀⠔⠁⠀⠀⠀⢠⣿⣿⣿ +⠀⠀⠀⠁⠈⡀⠒⠃⠀⠀⠀⠀⠀⠸⣿⣿⡿ A powerful Solidity static analyzer that takes a +⠀⠀⠀⠀⠀⠁⠀⠀⡀⠀⠀⠀⠀⡄⢸⠚⠃ bird's eye view over your smart contracts. +⠀⠀⠀⠀⠀⠇⠀⢠⠁⠀⡀⠀⢠⠀⡚⠀⠀ +⠀⠀⠀⠀⠘⠀⠂⠀⡀⠔⡅⡠⠂⠉ Official Docs - https://docs.cyfrin.io/ + + ᴘᴏᴡᴇʀᴇᴅ ʙʏ ᴄʏꜰʀɪɴ + + " +} + +# Calling banner function +banner + echo Installing cyfrinup... CYFRIN_DIR="$HOME/.cyfrin" diff --git a/reports/ccip-functions-report.md b/reports/ccip-functions-report.md index ebb9b7ca3..c6a976fd2 100644 --- a/reports/ccip-functions-report.md +++ b/reports/ccip-functions-report.md @@ -772,7 +772,7 @@ The `ecrecover` function is susceptible to signature malleability. This means th Consider using a specific version of Solidity in your contracts instead of a wide version. For example, instead of `pragma solidity ^0.8.0;`, use `pragma solidity 0.8.0;` -
52 Found Instances +
46 Found Instances - Found in src/v0.8/functions/dev/v1_X/FunctionsBilling.sol [Line: 2](../tests/ccip-contracts/contracts/src/v0.8/functions/dev/v1_X/FunctionsBilling.sol#L2) @@ -865,24 +865,6 @@ Consider using a specific version of Solidity in your contracts instead of a wid pragma solidity ^0.8.19; ``` -- Found in src/v0.8/functions/dev/v1_X/libraries/ChainSpecificUtil.sol [Line: 2](../tests/ccip-contracts/contracts/src/v0.8/functions/dev/v1_X/libraries/ChainSpecificUtil.sol#L2) - - ```solidity - pragma solidity ^0.8.19; - ``` - -- Found in src/v0.8/functions/dev/v1_X/libraries/FunctionsRequest.sol [Line: 2](../tests/ccip-contracts/contracts/src/v0.8/functions/dev/v1_X/libraries/FunctionsRequest.sol#L2) - - ```solidity - pragma solidity ^0.8.19; - ``` - -- Found in src/v0.8/functions/dev/v1_X/libraries/FunctionsResponse.sol [Line: 2](../tests/ccip-contracts/contracts/src/v0.8/functions/dev/v1_X/libraries/FunctionsResponse.sol#L2) - - ```solidity - pragma solidity ^0.8.19; - ``` - - Found in src/v0.8/functions/dev/v1_X/ocr/OCR2Abstract.sol [Line: 2](../tests/ccip-contracts/contracts/src/v0.8/functions/dev/v1_X/ocr/OCR2Abstract.sol#L2) ```solidity @@ -985,18 +967,6 @@ Consider using a specific version of Solidity in your contracts instead of a wid pragma solidity ^0.8.19; ``` -- Found in src/v0.8/functions/v1_0_0/libraries/FunctionsRequest.sol [Line: 2](../tests/ccip-contracts/contracts/src/v0.8/functions/v1_0_0/libraries/FunctionsRequest.sol#L2) - - ```solidity - pragma solidity ^0.8.19; - ``` - -- Found in src/v0.8/functions/v1_0_0/libraries/FunctionsResponse.sol [Line: 2](../tests/ccip-contracts/contracts/src/v0.8/functions/v1_0_0/libraries/FunctionsResponse.sol#L2) - - ```solidity - pragma solidity ^0.8.19; - ``` - - Found in src/v0.8/functions/v1_0_0/ocr/OCR2Abstract.sol [Line: 2](../tests/ccip-contracts/contracts/src/v0.8/functions/v1_0_0/ocr/OCR2Abstract.sol#L2) ```solidity @@ -1021,12 +991,6 @@ Consider using a specific version of Solidity in your contracts instead of a wid pragma solidity ^0.8.19; ``` -- Found in src/v0.8/functions/v1_1_0/libraries/ChainSpecificUtil.sol [Line: 2](../tests/ccip-contracts/contracts/src/v0.8/functions/v1_1_0/libraries/ChainSpecificUtil.sol#L2) - - ```solidity - pragma solidity ^0.8.19; - ``` - - Found in src/v0.8/functions/v1_1_0/ocr/OCR2Abstract.sol [Line: 2](../tests/ccip-contracts/contracts/src/v0.8/functions/v1_1_0/ocr/OCR2Abstract.sol#L2) ```solidity diff --git a/reports/prb-math-report.md b/reports/prb-math-report.md index bd793bcd1..1dd24ad1c 100644 --- a/reports/prb-math-report.md +++ b/reports/prb-math-report.md @@ -145,7 +145,7 @@ The caret operator is usually mistakenly thought of as an exponentiation operato Consider using a specific version of Solidity in your contracts instead of a wide version. For example, instead of `pragma solidity ^0.8.0;`, use `pragma solidity 0.8.0;` -
30 Found Instances +
27 Found Instances - Found in src/Common.sol [Line: 2](../tests/prb-math/src/Common.sol#L2) @@ -178,24 +178,6 @@ Consider using a specific version of Solidity in your contracts instead of a wid pragma solidity >=0.8.19; ``` -- Found in src/casting/Uint128.sol [Line: 2](../tests/prb-math/src/casting/Uint128.sol#L2) - - ```solidity - pragma solidity >=0.8.19; - ``` - -- Found in src/casting/Uint256.sol [Line: 2](../tests/prb-math/src/casting/Uint256.sol#L2) - - ```solidity - pragma solidity >=0.8.19; - ``` - -- Found in src/casting/Uint40.sol [Line: 2](../tests/prb-math/src/casting/Uint40.sol#L2) - - ```solidity - pragma solidity >=0.8.19; - ``` - - Found in src/sd1x18/Casting.sol [Line: 2](../tests/prb-math/src/sd1x18/Casting.sol#L2) ```solidity diff --git a/reports/report.json b/reports/report.json index 4aa09286a..933e4d0a1 100644 --- a/reports/report.json +++ b/reports/report.json @@ -1,7 +1,7 @@ { "files_summary": { - "total_source_units": 109, - "total_sloc": 3870 + "total_source_units": 111, + "total_sloc": 3927 }, "files_details": { "files_details": [ @@ -47,7 +47,7 @@ }, { "file_path": "src/Casting.sol", - "n_sloc": 126 + "n_sloc": 146 }, { "file_path": "src/CompilerBugStorageSignedIntegerArray.sol", @@ -67,7 +67,7 @@ }, { "file_path": "src/ContractLocksEther.sol", - "n_sloc": 121 + "n_sloc": 142 }, { "file_path": "src/ContractWithTodo.sol", @@ -201,10 +201,18 @@ "file_path": "src/MultipleConstructorSchemes.sol", "n_sloc": 10 }, + { + "file_path": "src/MultiplePlaceholders.sol", + "n_sloc": 14 + }, { "file_path": "src/OnceModifierExample.sol", "n_sloc": 8 }, + { + "file_path": "src/OnlyLibrary.sol", + "n_sloc": 2 + }, { "file_path": "src/OutOfOrderRetryable.sol", "n_sloc": 165 @@ -445,7 +453,7 @@ }, "issue_count": { "high": 42, - "low": 43 + "low": 44 }, "high_issues": { "issues": [ @@ -657,563 +665,569 @@ "description": "Downcasting int/uints in Solidity can be unsafe due to the potential for data loss and unintended behavior.When downcasting a larger integer type to a smaller one (e.g., uint256 to uint128), the value may exceed the range of the target type,leading to truncation and loss of significant digits. Use OpenZeppelin's SafeCast library to safely downcast integers.", "detector_name": "unsafe-casting-detector", "instances": [ - { - "contract_path": "src/Casting.sol", - "line_no": 35, - "src": "1065:10", - "src_char": "1065:10" - }, - { - "contract_path": "src/Casting.sol", - "line_no": 36, - "src": "1097:10", - "src_char": "1097:10" - }, - { - "contract_path": "src/Casting.sol", - "line_no": 37, - "src": "1129:10", - "src_char": "1129:10" - }, - { - "contract_path": "src/Casting.sol", - "line_no": 38, - "src": "1161:10", - "src_char": "1161:10" - }, - { - "contract_path": "src/Casting.sol", - "line_no": 39, - "src": "1193:10", - "src_char": "1193:10" - }, - { - "contract_path": "src/Casting.sol", - "line_no": 40, - "src": "1225:10", - "src_char": "1225:10" - }, - { - "contract_path": "src/Casting.sol", - "line_no": 41, - "src": "1257:10", - "src_char": "1257:10" - }, { "contract_path": "src/Casting.sol", "line_no": 42, - "src": "1289:10", - "src_char": "1289:10" + "src": "1127:10", + "src_char": "1127:10" }, { "contract_path": "src/Casting.sol", "line_no": 43, - "src": "1321:10", - "src_char": "1321:10" + "src": "1159:10", + "src_char": "1159:10" }, { "contract_path": "src/Casting.sol", "line_no": 44, - "src": "1353:10", - "src_char": "1353:10" + "src": "1191:10", + "src_char": "1191:10" }, { "contract_path": "src/Casting.sol", "line_no": 45, - "src": "1385:10", - "src_char": "1385:10" + "src": "1223:10", + "src_char": "1223:10" }, { "contract_path": "src/Casting.sol", "line_no": 46, - "src": "1417:10", - "src_char": "1417:10" + "src": "1255:10", + "src_char": "1255:10" }, { "contract_path": "src/Casting.sol", "line_no": 47, - "src": "1449:10", - "src_char": "1449:10" + "src": "1287:10", + "src_char": "1287:10" }, { "contract_path": "src/Casting.sol", "line_no": 48, - "src": "1481:10", - "src_char": "1481:10" + "src": "1319:10", + "src_char": "1319:10" }, { "contract_path": "src/Casting.sol", "line_no": 49, - "src": "1513:10", - "src_char": "1513:10" + "src": "1351:10", + "src_char": "1351:10" }, { "contract_path": "src/Casting.sol", "line_no": 50, - "src": "1545:10", - "src_char": "1545:10" + "src": "1383:10", + "src_char": "1383:10" }, { "contract_path": "src/Casting.sol", "line_no": 51, - "src": "1577:10", - "src_char": "1577:10" + "src": "1415:10", + "src_char": "1415:10" }, { "contract_path": "src/Casting.sol", "line_no": 52, - "src": "1609:10", - "src_char": "1609:10" + "src": "1447:10", + "src_char": "1447:10" }, { "contract_path": "src/Casting.sol", "line_no": 53, - "src": "1641:10", - "src_char": "1641:10" + "src": "1479:10", + "src_char": "1479:10" }, { "contract_path": "src/Casting.sol", "line_no": 54, - "src": "1672:9", - "src_char": "1672:9" + "src": "1511:10", + "src_char": "1511:10" }, { "contract_path": "src/Casting.sol", "line_no": 55, - "src": "1702:9", - "src_char": "1702:9" + "src": "1543:10", + "src_char": "1543:10" }, { "contract_path": "src/Casting.sol", "line_no": 56, - "src": "1732:9", - "src_char": "1732:9" + "src": "1575:10", + "src_char": "1575:10" }, { "contract_path": "src/Casting.sol", "line_no": 57, - "src": "1762:9", - "src_char": "1762:9" + "src": "1607:10", + "src_char": "1607:10" }, { "contract_path": "src/Casting.sol", "line_no": 58, - "src": "1792:9", - "src_char": "1792:9" + "src": "1639:10", + "src_char": "1639:10" }, { "contract_path": "src/Casting.sol", "line_no": 59, - "src": "1822:9", - "src_char": "1822:9" + "src": "1671:10", + "src_char": "1671:10" }, { "contract_path": "src/Casting.sol", "line_no": 60, - "src": "1853:9", - "src_char": "1853:9" + "src": "1703:10", + "src_char": "1703:10" }, { "contract_path": "src/Casting.sol", "line_no": 61, - "src": "1884:10", - "src_char": "1884:10" + "src": "1734:9", + "src_char": "1734:9" }, { "contract_path": "src/Casting.sol", "line_no": 62, - "src": "1916:10", - "src_char": "1916:10" + "src": "1764:9", + "src_char": "1764:9" }, { "contract_path": "src/Casting.sol", "line_no": 63, - "src": "1948:10", - "src_char": "1948:10" + "src": "1794:9", + "src_char": "1794:9" }, { "contract_path": "src/Casting.sol", "line_no": 64, - "src": "1980:10", - "src_char": "1980:10" + "src": "1824:9", + "src_char": "1824:9" }, { "contract_path": "src/Casting.sol", "line_no": 65, - "src": "2013:9", - "src_char": "2013:9" + "src": "1854:9", + "src_char": "1854:9" }, { "contract_path": "src/Casting.sol", - "line_no": 73, - "src": "2242:9", - "src_char": "2242:9" + "line_no": 66, + "src": "1884:9", + "src_char": "1884:9" }, { "contract_path": "src/Casting.sol", - "line_no": 74, - "src": "2272:9", - "src_char": "2272:9" + "line_no": 67, + "src": "1915:9", + "src_char": "1915:9" }, { "contract_path": "src/Casting.sol", - "line_no": 75, - "src": "2302:9", - "src_char": "2302:9" + "line_no": 68, + "src": "1946:10", + "src_char": "1946:10" }, { "contract_path": "src/Casting.sol", - "line_no": 76, - "src": "2332:9", - "src_char": "2332:9" + "line_no": 69, + "src": "1978:10", + "src_char": "1978:10" }, { "contract_path": "src/Casting.sol", - "line_no": 77, - "src": "2362:9", - "src_char": "2362:9" + "line_no": 70, + "src": "2010:10", + "src_char": "2010:10" }, { "contract_path": "src/Casting.sol", - "line_no": 78, - "src": "2392:9", - "src_char": "2392:9" + "line_no": 71, + "src": "2042:10", + "src_char": "2042:10" }, { "contract_path": "src/Casting.sol", - "line_no": 79, - "src": "2422:9", - "src_char": "2422:9" + "line_no": 72, + "src": "2075:9", + "src_char": "2075:9" }, { "contract_path": "src/Casting.sol", "line_no": 80, - "src": "2452:9", - "src_char": "2452:9" + "src": "2304:9", + "src_char": "2304:9" }, { "contract_path": "src/Casting.sol", "line_no": 81, - "src": "2482:9", - "src_char": "2482:9" + "src": "2334:9", + "src_char": "2334:9" }, { "contract_path": "src/Casting.sol", "line_no": 82, - "src": "2512:9", - "src_char": "2512:9" + "src": "2364:9", + "src_char": "2364:9" }, { "contract_path": "src/Casting.sol", "line_no": 83, - "src": "2542:9", - "src_char": "2542:9" + "src": "2394:9", + "src_char": "2394:9" }, { "contract_path": "src/Casting.sol", "line_no": 84, - "src": "2572:9", - "src_char": "2572:9" + "src": "2424:9", + "src_char": "2424:9" }, { "contract_path": "src/Casting.sol", "line_no": 85, - "src": "2602:9", - "src_char": "2602:9" + "src": "2454:9", + "src_char": "2454:9" }, { "contract_path": "src/Casting.sol", "line_no": 86, - "src": "2632:9", - "src_char": "2632:9" + "src": "2484:9", + "src_char": "2484:9" }, { "contract_path": "src/Casting.sol", "line_no": 87, - "src": "2662:9", - "src_char": "2662:9" + "src": "2514:9", + "src_char": "2514:9" }, { "contract_path": "src/Casting.sol", "line_no": 88, - "src": "2692:9", - "src_char": "2692:9" + "src": "2544:9", + "src_char": "2544:9" }, { "contract_path": "src/Casting.sol", "line_no": 89, - "src": "2722:9", - "src_char": "2722:9" + "src": "2574:9", + "src_char": "2574:9" }, { "contract_path": "src/Casting.sol", "line_no": 90, - "src": "2752:9", - "src_char": "2752:9" + "src": "2604:9", + "src_char": "2604:9" }, { "contract_path": "src/Casting.sol", "line_no": 91, - "src": "2782:9", - "src_char": "2782:9" + "src": "2634:9", + "src_char": "2634:9" }, { "contract_path": "src/Casting.sol", "line_no": 92, - "src": "2811:8", - "src_char": "2811:8" + "src": "2664:9", + "src_char": "2664:9" }, { "contract_path": "src/Casting.sol", "line_no": 93, - "src": "2839:8", - "src_char": "2839:8" + "src": "2694:9", + "src_char": "2694:9" }, { "contract_path": "src/Casting.sol", "line_no": 94, - "src": "2867:8", - "src_char": "2867:8" + "src": "2724:9", + "src_char": "2724:9" }, { "contract_path": "src/Casting.sol", "line_no": 95, - "src": "2895:8", - "src_char": "2895:8" + "src": "2754:9", + "src_char": "2754:9" }, { "contract_path": "src/Casting.sol", "line_no": 96, - "src": "2923:8", - "src_char": "2923:8" + "src": "2784:9", + "src_char": "2784:9" }, { "contract_path": "src/Casting.sol", "line_no": 97, - "src": "2951:8", - "src_char": "2951:8" + "src": "2814:9", + "src_char": "2814:9" }, { "contract_path": "src/Casting.sol", "line_no": 98, - "src": "2980:8", - "src_char": "2980:8" + "src": "2844:9", + "src_char": "2844:9" }, { "contract_path": "src/Casting.sol", "line_no": 99, - "src": "3009:9", - "src_char": "3009:9" + "src": "2873:8", + "src_char": "2873:8" }, { "contract_path": "src/Casting.sol", "line_no": 100, - "src": "3039:9", - "src_char": "3039:9" + "src": "2901:8", + "src_char": "2901:8" }, { "contract_path": "src/Casting.sol", "line_no": 101, - "src": "3069:9", - "src_char": "3069:9" + "src": "2929:8", + "src_char": "2929:8" }, { "contract_path": "src/Casting.sol", "line_no": 102, - "src": "3099:9", - "src_char": "3099:9" + "src": "2957:8", + "src_char": "2957:8" }, { "contract_path": "src/Casting.sol", "line_no": 103, - "src": "3130:8", - "src_char": "3130:8" + "src": "2985:8", + "src_char": "2985:8" }, { "contract_path": "src/Casting.sol", - "line_no": 111, - "src": "3426:10", - "src_char": "3426:10" + "line_no": 104, + "src": "3013:8", + "src_char": "3013:8" }, { "contract_path": "src/Casting.sol", - "line_no": 112, - "src": "3458:10", - "src_char": "3458:10" + "line_no": 105, + "src": "3042:8", + "src_char": "3042:8" }, { "contract_path": "src/Casting.sol", - "line_no": 113, - "src": "3490:10", - "src_char": "3490:10" + "line_no": 106, + "src": "3071:9", + "src_char": "3071:9" }, { "contract_path": "src/Casting.sol", - "line_no": 114, - "src": "3522:10", - "src_char": "3522:10" + "line_no": 107, + "src": "3101:9", + "src_char": "3101:9" }, { "contract_path": "src/Casting.sol", - "line_no": 115, - "src": "3554:10", - "src_char": "3554:10" + "line_no": 108, + "src": "3131:9", + "src_char": "3131:9" }, { "contract_path": "src/Casting.sol", - "line_no": 116, - "src": "3586:10", - "src_char": "3586:10" + "line_no": 109, + "src": "3161:9", + "src_char": "3161:9" }, { "contract_path": "src/Casting.sol", - "line_no": 117, - "src": "3618:10", - "src_char": "3618:10" + "line_no": 110, + "src": "3192:8", + "src_char": "3192:8" }, { "contract_path": "src/Casting.sol", "line_no": 118, - "src": "3650:10", - "src_char": "3650:10" + "src": "3488:10", + "src_char": "3488:10" }, { "contract_path": "src/Casting.sol", "line_no": 119, - "src": "3682:10", - "src_char": "3682:10" + "src": "3520:10", + "src_char": "3520:10" }, { "contract_path": "src/Casting.sol", "line_no": 120, - "src": "3714:10", - "src_char": "3714:10" + "src": "3552:10", + "src_char": "3552:10" }, { "contract_path": "src/Casting.sol", "line_no": 121, - "src": "3746:10", - "src_char": "3746:10" + "src": "3584:10", + "src_char": "3584:10" }, { "contract_path": "src/Casting.sol", "line_no": 122, - "src": "3778:10", - "src_char": "3778:10" + "src": "3616:10", + "src_char": "3616:10" }, { "contract_path": "src/Casting.sol", "line_no": 123, - "src": "3810:10", - "src_char": "3810:10" + "src": "3648:10", + "src_char": "3648:10" }, { "contract_path": "src/Casting.sol", "line_no": 124, - "src": "3842:10", - "src_char": "3842:10" + "src": "3680:10", + "src_char": "3680:10" }, { "contract_path": "src/Casting.sol", "line_no": 125, - "src": "3874:10", - "src_char": "3874:10" + "src": "3712:10", + "src_char": "3712:10" }, { "contract_path": "src/Casting.sol", "line_no": 126, - "src": "3906:10", - "src_char": "3906:10" + "src": "3744:10", + "src_char": "3744:10" }, { "contract_path": "src/Casting.sol", "line_no": 127, - "src": "3938:10", - "src_char": "3938:10" + "src": "3776:10", + "src_char": "3776:10" }, { "contract_path": "src/Casting.sol", "line_no": 128, - "src": "3970:10", - "src_char": "3970:10" + "src": "3808:10", + "src_char": "3808:10" }, { "contract_path": "src/Casting.sol", "line_no": 129, - "src": "4002:10", - "src_char": "4002:10" + "src": "3840:10", + "src_char": "3840:10" }, { "contract_path": "src/Casting.sol", "line_no": 130, - "src": "4034:10", - "src_char": "4034:10" + "src": "3872:10", + "src_char": "3872:10" }, { "contract_path": "src/Casting.sol", "line_no": 131, - "src": "4066:10", - "src_char": "4066:10" + "src": "3904:10", + "src_char": "3904:10" }, { "contract_path": "src/Casting.sol", "line_no": 132, - "src": "4098:10", - "src_char": "4098:10" + "src": "3936:10", + "src_char": "3936:10" }, { "contract_path": "src/Casting.sol", "line_no": 133, - "src": "4129:9", - "src_char": "4129:9" + "src": "3968:10", + "src_char": "3968:10" }, { "contract_path": "src/Casting.sol", "line_no": 134, - "src": "4159:9", - "src_char": "4159:9" + "src": "4000:10", + "src_char": "4000:10" }, { "contract_path": "src/Casting.sol", "line_no": 135, - "src": "4189:9", - "src_char": "4189:9" + "src": "4032:10", + "src_char": "4032:10" }, { "contract_path": "src/Casting.sol", "line_no": 136, - "src": "4220:9", - "src_char": "4220:9" + "src": "4064:10", + "src_char": "4064:10" }, { "contract_path": "src/Casting.sol", "line_no": 137, - "src": "4251:10", - "src_char": "4251:10" + "src": "4096:10", + "src_char": "4096:10" }, { "contract_path": "src/Casting.sol", "line_no": 138, - "src": "4283:10", - "src_char": "4283:10" + "src": "4128:10", + "src_char": "4128:10" }, { "contract_path": "src/Casting.sol", "line_no": 139, - "src": "4315:10", - "src_char": "4315:10" + "src": "4160:10", + "src_char": "4160:10" }, { "contract_path": "src/Casting.sol", "line_no": 140, - "src": "4347:10", - "src_char": "4347:10" + "src": "4191:9", + "src_char": "4191:9" }, { "contract_path": "src/Casting.sol", "line_no": 141, - "src": "4381:10", - "src_char": "4381:10" + "src": "4221:9", + "src_char": "4221:9" + }, + { + "contract_path": "src/Casting.sol", + "line_no": 142, + "src": "4251:9", + "src_char": "4251:9" + }, + { + "contract_path": "src/Casting.sol", + "line_no": 143, + "src": "4282:9", + "src_char": "4282:9" + }, + { + "contract_path": "src/Casting.sol", + "line_no": 144, + "src": "4313:10", + "src_char": "4313:10" + }, + { + "contract_path": "src/Casting.sol", + "line_no": 145, + "src": "4345:10", + "src_char": "4345:10" + }, + { + "contract_path": "src/Casting.sol", + "line_no": 146, + "src": "4377:10", + "src_char": "4377:10" + }, + { + "contract_path": "src/Casting.sol", + "line_no": 147, + "src": "4409:10", + "src_char": "4409:10" + }, + { + "contract_path": "src/Casting.sol", + "line_no": 148, + "src": "4443:10", + "src_char": "4443:10" + }, + { + "contract_path": "src/Casting.sol", + "line_no": 155, + "src": "4642:14", + "src_char": "4642:14" } ] }, @@ -2979,12 +2993,6 @@ "src": "32:23", "src_char": "32:23" }, - { - "contract_path": "src/StateVariablesManipulation.sol", - "line_no": 2, - "src": "32:23", - "src_char": "32:23" - }, { "contract_path": "src/TautologyOrContradiction.sol", "line_no": 2, @@ -3590,27 +3598,27 @@ }, { "contract_path": "src/Casting.sol", - "line_no": 16, - "src": "483:18", - "src_char": "483:18" + "line_no": 20, + "src": "511:18", + "src_char": "511:18" }, { "contract_path": "src/Casting.sol", - "line_no": 22, - "src": "646:18", - "src_char": "646:18" + "line_no": 26, + "src": "674:18", + "src_char": "674:18" }, { "contract_path": "src/Casting.sol", - "line_no": 31, - "src": "921:18", - "src_char": "921:18" + "line_no": 38, + "src": "983:18", + "src_char": "983:18" }, { "contract_path": "src/Casting.sol", - "line_no": 69, - "src": "2103:18", - "src_char": "2103:18" + "line_no": 76, + "src": "2165:18", + "src_char": "2165:18" }, { "contract_path": "src/CompilerBugStorageSignedIntegerArray.sol", @@ -4421,6 +4429,12 @@ "src": "32:23", "src_char": "32:23" }, + { + "contract_path": "src/OnlyLibrary.sol", + "line_no": 2, + "src": "32:23", + "src_char": "32:23" + }, { "contract_path": "src/OutOfOrderRetryable.sol", "line_no": 2, @@ -5185,15 +5199,15 @@ "instances": [ { "contract_path": "src/Casting.sol", - "line_no": 31, - "src": "904:14", - "src_char": "904:14" + "line_no": 38, + "src": "966:14", + "src_char": "966:14" }, { "contract_path": "src/Casting.sol", - "line_no": 69, - "src": "2086:13", - "src_char": "2086:13" + "line_no": 76, + "src": "2148:13", + "src_char": "2148:13" }, { "contract_path": "src/InconsistentUints.sol", @@ -6555,21 +6569,21 @@ }, { "contract_path": "src/Casting.sol", - "line_no": 30, - "src": "860:17", - "src_char": "860:17" + "line_no": 37, + "src": "922:17", + "src_char": "922:17" }, { "contract_path": "src/Casting.sol", - "line_no": 68, - "src": "2044:16", - "src_char": "2044:16" + "line_no": 75, + "src": "2106:16", + "src_char": "2106:16" }, { "contract_path": "src/Casting.sol", - "line_no": 106, - "src": "3160:20", - "src_char": "3160:20" + "line_no": 113, + "src": "3222:20", + "src_char": "3222:20" }, { "contract_path": "src/ConstFuncChangeState.sol", @@ -7112,6 +7126,19 @@ "src_char": "422:9" } ] + }, + { + "title": "Modifier has multiple placeholders.", + "description": "Design the modifier to only contain 1 placeholder statement. If it's not possible, split the logic into multiple modifiers.", + "detector_name": "multiple-placeholders", + "instances": [ + { + "contract_path": "src/MultiplePlaceholders.sol", + "line_no": 11, + "src": "186:10", + "src_char": "186:10" + } + ] } ] }, @@ -7200,6 +7227,7 @@ "unchecked-low-level-call", "function-pointer-in-constructor", "state-variable-could-be-declared-constant", - "state-variable-changes-without-events" + "state-variable-changes-without-events", + "multiple-placeholders" ] } \ No newline at end of file diff --git a/reports/report.md b/reports/report.md index 8629160f4..8b1e3f1af 100644 --- a/reports/report.md +++ b/reports/report.md @@ -94,6 +94,7 @@ This report was generated by [Aderyn](https://github.com/Cyfrin/aderyn), a stati - [L-41: Function pointers used in constructors.](#l-41-function-pointers-used-in-constructors) - [L-42: State variable could be declared constant](#l-42-state-variable-could-be-declared-constant) - [L-43: State variable changes but no event is emitted.](#l-43-state-variable-changes-but-no-event-is-emitted) + - [L-44: Modifier has multiple placeholders.](#l-44-modifier-has-multiple-placeholders) # Summary @@ -102,8 +103,8 @@ This report was generated by [Aderyn](https://github.com/Cyfrin/aderyn), a stati | Key | Value | | --- | --- | -| .sol Files | 109 | -| Total nSLOC | 3870 | +| .sol Files | 111 | +| Total nSLOC | 3927 | ## Files Details @@ -120,12 +121,12 @@ This report was generated by [Aderyn](https://github.com/Cyfrin/aderyn), a stati | src/BuiltinSymbolShadow.sol | 14 | | src/CacheArrayLength.sol | 38 | | src/CallGraphTests.sol | 49 | -| src/Casting.sol | 126 | +| src/Casting.sol | 146 | | src/CompilerBugStorageSignedIntegerArray.sol | 13 | | src/ConstFuncChangeState.sol | 15 | | src/ConstantFuncsAssembly.sol | 26 | | src/ConstantsLiterals.sol | 28 | -| src/ContractLocksEther.sol | 121 | +| src/ContractLocksEther.sol | 142 | | src/ContractWithTodo.sol | 7 | | src/CostlyOperationsInsideLoops.sol | 17 | | src/Counter.sol | 20 | @@ -159,7 +160,9 @@ This report was generated by [Aderyn](https://github.com/Cyfrin/aderyn), a stati | src/MisusedBoolean.sol | 67 | | src/MsgValueInLoop.sol | 55 | | src/MultipleConstructorSchemes.sol | 10 | +| src/MultiplePlaceholders.sol | 14 | | src/OnceModifierExample.sol | 8 | +| src/OnlyLibrary.sol | 2 | | src/OutOfOrderRetryable.sol | 165 | | src/PreDeclaredVarUsage.sol | 9 | | src/PublicVariableReadInExternalContext.sol | 32 | @@ -219,7 +222,7 @@ This report was generated by [Aderyn](https://github.com/Cyfrin/aderyn), a stati | src/reused_contract_name/ContractB.sol | 7 | | src/uniswap/UniswapV2Swapper.sol | 50 | | src/uniswap/UniswapV3Swapper.sol | 150 | -| **Total** | **3870** | +| **Total** | **3927** | ## Issue Summary @@ -227,7 +230,7 @@ This report was generated by [Aderyn](https://github.com/Cyfrin/aderyn), a stati | Category | No. of Issues | | --- | --- | | High | 42 | -| Low | 43 | +| Low | 44 | # High Issues @@ -460,567 +463,573 @@ Consider protecting the initializer functions with modifiers. Downcasting int/uints in Solidity can be unsafe due to the potential for data loss and unintended behavior.When downcasting a larger integer type to a smaller one (e.g., uint256 to uint128), the value may exceed the range of the target type,leading to truncation and loss of significant digits. Use OpenZeppelin's SafeCast library to safely downcast integers. -
93 Found Instances +
94 Found Instances -- Found in src/Casting.sol [Line: 35](../tests/contract-playground/src/Casting.sol#L35) +- Found in src/Casting.sol [Line: 42](../tests/contract-playground/src/Casting.sol#L42) ```solidity uint248 b = uint248(a); ``` -- Found in src/Casting.sol [Line: 36](../tests/contract-playground/src/Casting.sol#L36) +- Found in src/Casting.sol [Line: 43](../tests/contract-playground/src/Casting.sol#L43) ```solidity uint240 c = uint240(b); ``` -- Found in src/Casting.sol [Line: 37](../tests/contract-playground/src/Casting.sol#L37) +- Found in src/Casting.sol [Line: 44](../tests/contract-playground/src/Casting.sol#L44) ```solidity uint232 d = uint232(c); ``` -- Found in src/Casting.sol [Line: 38](../tests/contract-playground/src/Casting.sol#L38) +- Found in src/Casting.sol [Line: 45](../tests/contract-playground/src/Casting.sol#L45) ```solidity uint224 e = uint224(d); ``` -- Found in src/Casting.sol [Line: 39](../tests/contract-playground/src/Casting.sol#L39) +- Found in src/Casting.sol [Line: 46](../tests/contract-playground/src/Casting.sol#L46) ```solidity uint216 f = uint216(e); ``` -- Found in src/Casting.sol [Line: 40](../tests/contract-playground/src/Casting.sol#L40) +- Found in src/Casting.sol [Line: 47](../tests/contract-playground/src/Casting.sol#L47) ```solidity uint208 g = uint208(f); ``` -- Found in src/Casting.sol [Line: 41](../tests/contract-playground/src/Casting.sol#L41) +- Found in src/Casting.sol [Line: 48](../tests/contract-playground/src/Casting.sol#L48) ```solidity uint200 h = uint200(g); ``` -- Found in src/Casting.sol [Line: 42](../tests/contract-playground/src/Casting.sol#L42) +- Found in src/Casting.sol [Line: 49](../tests/contract-playground/src/Casting.sol#L49) ```solidity uint192 i = uint192(h); ``` -- Found in src/Casting.sol [Line: 43](../tests/contract-playground/src/Casting.sol#L43) +- Found in src/Casting.sol [Line: 50](../tests/contract-playground/src/Casting.sol#L50) ```solidity uint184 j = uint184(i); ``` -- Found in src/Casting.sol [Line: 44](../tests/contract-playground/src/Casting.sol#L44) +- Found in src/Casting.sol [Line: 51](../tests/contract-playground/src/Casting.sol#L51) ```solidity uint176 k = uint176(j); ``` -- Found in src/Casting.sol [Line: 45](../tests/contract-playground/src/Casting.sol#L45) +- Found in src/Casting.sol [Line: 52](../tests/contract-playground/src/Casting.sol#L52) ```solidity uint168 l = uint168(k); ``` -- Found in src/Casting.sol [Line: 46](../tests/contract-playground/src/Casting.sol#L46) +- Found in src/Casting.sol [Line: 53](../tests/contract-playground/src/Casting.sol#L53) ```solidity uint160 m = uint160(l); ``` -- Found in src/Casting.sol [Line: 47](../tests/contract-playground/src/Casting.sol#L47) +- Found in src/Casting.sol [Line: 54](../tests/contract-playground/src/Casting.sol#L54) ```solidity uint152 n = uint152(m); ``` -- Found in src/Casting.sol [Line: 48](../tests/contract-playground/src/Casting.sol#L48) +- Found in src/Casting.sol [Line: 55](../tests/contract-playground/src/Casting.sol#L55) ```solidity uint144 o = uint144(n); ``` -- Found in src/Casting.sol [Line: 49](../tests/contract-playground/src/Casting.sol#L49) +- Found in src/Casting.sol [Line: 56](../tests/contract-playground/src/Casting.sol#L56) ```solidity uint136 p = uint136(o); ``` -- Found in src/Casting.sol [Line: 50](../tests/contract-playground/src/Casting.sol#L50) +- Found in src/Casting.sol [Line: 57](../tests/contract-playground/src/Casting.sol#L57) ```solidity uint128 q = uint128(p); ``` -- Found in src/Casting.sol [Line: 51](../tests/contract-playground/src/Casting.sol#L51) +- Found in src/Casting.sol [Line: 58](../tests/contract-playground/src/Casting.sol#L58) ```solidity uint120 r = uint120(q); ``` -- Found in src/Casting.sol [Line: 52](../tests/contract-playground/src/Casting.sol#L52) +- Found in src/Casting.sol [Line: 59](../tests/contract-playground/src/Casting.sol#L59) ```solidity uint112 s = uint112(r); ``` -- Found in src/Casting.sol [Line: 53](../tests/contract-playground/src/Casting.sol#L53) +- Found in src/Casting.sol [Line: 60](../tests/contract-playground/src/Casting.sol#L60) ```solidity uint104 t = uint104(s); ``` -- Found in src/Casting.sol [Line: 54](../tests/contract-playground/src/Casting.sol#L54) +- Found in src/Casting.sol [Line: 61](../tests/contract-playground/src/Casting.sol#L61) ```solidity uint96 u = uint96(t); ``` -- Found in src/Casting.sol [Line: 55](../tests/contract-playground/src/Casting.sol#L55) +- Found in src/Casting.sol [Line: 62](../tests/contract-playground/src/Casting.sol#L62) ```solidity uint88 v = uint88(u); ``` -- Found in src/Casting.sol [Line: 56](../tests/contract-playground/src/Casting.sol#L56) +- Found in src/Casting.sol [Line: 63](../tests/contract-playground/src/Casting.sol#L63) ```solidity uint80 w = uint80(v); ``` -- Found in src/Casting.sol [Line: 57](../tests/contract-playground/src/Casting.sol#L57) +- Found in src/Casting.sol [Line: 64](../tests/contract-playground/src/Casting.sol#L64) ```solidity uint72 x = uint72(w); ``` -- Found in src/Casting.sol [Line: 58](../tests/contract-playground/src/Casting.sol#L58) +- Found in src/Casting.sol [Line: 65](../tests/contract-playground/src/Casting.sol#L65) ```solidity uint64 y = uint64(x); ``` -- Found in src/Casting.sol [Line: 59](../tests/contract-playground/src/Casting.sol#L59) +- Found in src/Casting.sol [Line: 66](../tests/contract-playground/src/Casting.sol#L66) ```solidity uint56 z = uint56(y); ``` -- Found in src/Casting.sol [Line: 60](../tests/contract-playground/src/Casting.sol#L60) +- Found in src/Casting.sol [Line: 67](../tests/contract-playground/src/Casting.sol#L67) ```solidity uint48 aa = uint48(z); ``` -- Found in src/Casting.sol [Line: 61](../tests/contract-playground/src/Casting.sol#L61) +- Found in src/Casting.sol [Line: 68](../tests/contract-playground/src/Casting.sol#L68) ```solidity uint40 ab = uint40(aa); ``` -- Found in src/Casting.sol [Line: 62](../tests/contract-playground/src/Casting.sol#L62) +- Found in src/Casting.sol [Line: 69](../tests/contract-playground/src/Casting.sol#L69) ```solidity uint32 ac = uint32(ab); ``` -- Found in src/Casting.sol [Line: 63](../tests/contract-playground/src/Casting.sol#L63) +- Found in src/Casting.sol [Line: 70](../tests/contract-playground/src/Casting.sol#L70) ```solidity uint24 ad = uint24(ac); ``` -- Found in src/Casting.sol [Line: 64](../tests/contract-playground/src/Casting.sol#L64) +- Found in src/Casting.sol [Line: 71](../tests/contract-playground/src/Casting.sol#L71) ```solidity uint16 ae = uint16(ad); ``` -- Found in src/Casting.sol [Line: 65](../tests/contract-playground/src/Casting.sol#L65) +- Found in src/Casting.sol [Line: 72](../tests/contract-playground/src/Casting.sol#L72) ```solidity uint8Value = uint8(ae); ``` -- Found in src/Casting.sol [Line: 73](../tests/contract-playground/src/Casting.sol#L73) +- Found in src/Casting.sol [Line: 80](../tests/contract-playground/src/Casting.sol#L80) ```solidity int248 b = int248(a); ``` -- Found in src/Casting.sol [Line: 74](../tests/contract-playground/src/Casting.sol#L74) +- Found in src/Casting.sol [Line: 81](../tests/contract-playground/src/Casting.sol#L81) ```solidity int240 c = int240(b); ``` -- Found in src/Casting.sol [Line: 75](../tests/contract-playground/src/Casting.sol#L75) +- Found in src/Casting.sol [Line: 82](../tests/contract-playground/src/Casting.sol#L82) ```solidity int232 d = int232(c); ``` -- Found in src/Casting.sol [Line: 76](../tests/contract-playground/src/Casting.sol#L76) +- Found in src/Casting.sol [Line: 83](../tests/contract-playground/src/Casting.sol#L83) ```solidity int224 e = int224(d); ``` -- Found in src/Casting.sol [Line: 77](../tests/contract-playground/src/Casting.sol#L77) +- Found in src/Casting.sol [Line: 84](../tests/contract-playground/src/Casting.sol#L84) ```solidity int216 f = int216(e); ``` -- Found in src/Casting.sol [Line: 78](../tests/contract-playground/src/Casting.sol#L78) +- Found in src/Casting.sol [Line: 85](../tests/contract-playground/src/Casting.sol#L85) ```solidity int208 g = int208(f); ``` -- Found in src/Casting.sol [Line: 79](../tests/contract-playground/src/Casting.sol#L79) +- Found in src/Casting.sol [Line: 86](../tests/contract-playground/src/Casting.sol#L86) ```solidity int200 h = int200(g); ``` -- Found in src/Casting.sol [Line: 80](../tests/contract-playground/src/Casting.sol#L80) +- Found in src/Casting.sol [Line: 87](../tests/contract-playground/src/Casting.sol#L87) ```solidity int192 i = int192(h); ``` -- Found in src/Casting.sol [Line: 81](../tests/contract-playground/src/Casting.sol#L81) +- Found in src/Casting.sol [Line: 88](../tests/contract-playground/src/Casting.sol#L88) ```solidity int184 j = int184(i); ``` -- Found in src/Casting.sol [Line: 82](../tests/contract-playground/src/Casting.sol#L82) +- Found in src/Casting.sol [Line: 89](../tests/contract-playground/src/Casting.sol#L89) ```solidity int176 k = int176(j); ``` -- Found in src/Casting.sol [Line: 83](../tests/contract-playground/src/Casting.sol#L83) +- Found in src/Casting.sol [Line: 90](../tests/contract-playground/src/Casting.sol#L90) ```solidity int168 l = int168(k); ``` -- Found in src/Casting.sol [Line: 84](../tests/contract-playground/src/Casting.sol#L84) +- Found in src/Casting.sol [Line: 91](../tests/contract-playground/src/Casting.sol#L91) ```solidity int160 m = int160(l); ``` -- Found in src/Casting.sol [Line: 85](../tests/contract-playground/src/Casting.sol#L85) +- Found in src/Casting.sol [Line: 92](../tests/contract-playground/src/Casting.sol#L92) ```solidity int152 n = int152(m); ``` -- Found in src/Casting.sol [Line: 86](../tests/contract-playground/src/Casting.sol#L86) +- Found in src/Casting.sol [Line: 93](../tests/contract-playground/src/Casting.sol#L93) ```solidity int144 o = int144(n); ``` -- Found in src/Casting.sol [Line: 87](../tests/contract-playground/src/Casting.sol#L87) +- Found in src/Casting.sol [Line: 94](../tests/contract-playground/src/Casting.sol#L94) ```solidity int136 p = int136(o); ``` -- Found in src/Casting.sol [Line: 88](../tests/contract-playground/src/Casting.sol#L88) +- Found in src/Casting.sol [Line: 95](../tests/contract-playground/src/Casting.sol#L95) ```solidity int128 q = int128(p); ``` -- Found in src/Casting.sol [Line: 89](../tests/contract-playground/src/Casting.sol#L89) +- Found in src/Casting.sol [Line: 96](../tests/contract-playground/src/Casting.sol#L96) ```solidity int120 r = int120(q); ``` -- Found in src/Casting.sol [Line: 90](../tests/contract-playground/src/Casting.sol#L90) +- Found in src/Casting.sol [Line: 97](../tests/contract-playground/src/Casting.sol#L97) ```solidity int112 s = int112(r); ``` -- Found in src/Casting.sol [Line: 91](../tests/contract-playground/src/Casting.sol#L91) +- Found in src/Casting.sol [Line: 98](../tests/contract-playground/src/Casting.sol#L98) ```solidity int104 t = int104(s); ``` -- Found in src/Casting.sol [Line: 92](../tests/contract-playground/src/Casting.sol#L92) +- Found in src/Casting.sol [Line: 99](../tests/contract-playground/src/Casting.sol#L99) ```solidity int96 u = int96(t); ``` -- Found in src/Casting.sol [Line: 93](../tests/contract-playground/src/Casting.sol#L93) +- Found in src/Casting.sol [Line: 100](../tests/contract-playground/src/Casting.sol#L100) ```solidity int88 v = int88(u); ``` -- Found in src/Casting.sol [Line: 94](../tests/contract-playground/src/Casting.sol#L94) +- Found in src/Casting.sol [Line: 101](../tests/contract-playground/src/Casting.sol#L101) ```solidity int80 w = int80(v); ``` -- Found in src/Casting.sol [Line: 95](../tests/contract-playground/src/Casting.sol#L95) +- Found in src/Casting.sol [Line: 102](../tests/contract-playground/src/Casting.sol#L102) ```solidity int72 x = int72(w); ``` -- Found in src/Casting.sol [Line: 96](../tests/contract-playground/src/Casting.sol#L96) +- Found in src/Casting.sol [Line: 103](../tests/contract-playground/src/Casting.sol#L103) ```solidity int64 y = int64(x); ``` -- Found in src/Casting.sol [Line: 97](../tests/contract-playground/src/Casting.sol#L97) +- Found in src/Casting.sol [Line: 104](../tests/contract-playground/src/Casting.sol#L104) ```solidity int56 z = int56(y); ``` -- Found in src/Casting.sol [Line: 98](../tests/contract-playground/src/Casting.sol#L98) +- Found in src/Casting.sol [Line: 105](../tests/contract-playground/src/Casting.sol#L105) ```solidity int48 aa = int48(z); ``` -- Found in src/Casting.sol [Line: 99](../tests/contract-playground/src/Casting.sol#L99) +- Found in src/Casting.sol [Line: 106](../tests/contract-playground/src/Casting.sol#L106) ```solidity int40 ab = int40(aa); ``` -- Found in src/Casting.sol [Line: 100](../tests/contract-playground/src/Casting.sol#L100) +- Found in src/Casting.sol [Line: 107](../tests/contract-playground/src/Casting.sol#L107) ```solidity int32 ac = int32(ab); ``` -- Found in src/Casting.sol [Line: 101](../tests/contract-playground/src/Casting.sol#L101) +- Found in src/Casting.sol [Line: 108](../tests/contract-playground/src/Casting.sol#L108) ```solidity int24 ad = int24(ac); ``` -- Found in src/Casting.sol [Line: 102](../tests/contract-playground/src/Casting.sol#L102) +- Found in src/Casting.sol [Line: 109](../tests/contract-playground/src/Casting.sol#L109) ```solidity int16 ae = int16(ad); ``` -- Found in src/Casting.sol [Line: 103](../tests/contract-playground/src/Casting.sol#L103) +- Found in src/Casting.sol [Line: 110](../tests/contract-playground/src/Casting.sol#L110) ```solidity int8Value = int8(ae); ``` -- Found in src/Casting.sol [Line: 111](../tests/contract-playground/src/Casting.sol#L111) +- Found in src/Casting.sol [Line: 118](../tests/contract-playground/src/Casting.sol#L118) ```solidity bytes31 b = bytes31(a); ``` -- Found in src/Casting.sol [Line: 112](../tests/contract-playground/src/Casting.sol#L112) +- Found in src/Casting.sol [Line: 119](../tests/contract-playground/src/Casting.sol#L119) ```solidity bytes30 c = bytes30(b); ``` -- Found in src/Casting.sol [Line: 113](../tests/contract-playground/src/Casting.sol#L113) +- Found in src/Casting.sol [Line: 120](../tests/contract-playground/src/Casting.sol#L120) ```solidity bytes29 d = bytes29(c); ``` -- Found in src/Casting.sol [Line: 114](../tests/contract-playground/src/Casting.sol#L114) +- Found in src/Casting.sol [Line: 121](../tests/contract-playground/src/Casting.sol#L121) ```solidity bytes28 e = bytes28(d); ``` -- Found in src/Casting.sol [Line: 115](../tests/contract-playground/src/Casting.sol#L115) +- Found in src/Casting.sol [Line: 122](../tests/contract-playground/src/Casting.sol#L122) ```solidity bytes27 f = bytes27(e); ``` -- Found in src/Casting.sol [Line: 116](../tests/contract-playground/src/Casting.sol#L116) +- Found in src/Casting.sol [Line: 123](../tests/contract-playground/src/Casting.sol#L123) ```solidity bytes26 g = bytes26(f); ``` -- Found in src/Casting.sol [Line: 117](../tests/contract-playground/src/Casting.sol#L117) +- Found in src/Casting.sol [Line: 124](../tests/contract-playground/src/Casting.sol#L124) ```solidity bytes25 h = bytes25(g); ``` -- Found in src/Casting.sol [Line: 118](../tests/contract-playground/src/Casting.sol#L118) +- Found in src/Casting.sol [Line: 125](../tests/contract-playground/src/Casting.sol#L125) ```solidity bytes24 i = bytes24(h); ``` -- Found in src/Casting.sol [Line: 119](../tests/contract-playground/src/Casting.sol#L119) +- Found in src/Casting.sol [Line: 126](../tests/contract-playground/src/Casting.sol#L126) ```solidity bytes23 j = bytes23(i); ``` -- Found in src/Casting.sol [Line: 120](../tests/contract-playground/src/Casting.sol#L120) +- Found in src/Casting.sol [Line: 127](../tests/contract-playground/src/Casting.sol#L127) ```solidity bytes22 k = bytes22(j); ``` -- Found in src/Casting.sol [Line: 121](../tests/contract-playground/src/Casting.sol#L121) +- Found in src/Casting.sol [Line: 128](../tests/contract-playground/src/Casting.sol#L128) ```solidity bytes21 l = bytes21(k); ``` -- Found in src/Casting.sol [Line: 122](../tests/contract-playground/src/Casting.sol#L122) +- Found in src/Casting.sol [Line: 129](../tests/contract-playground/src/Casting.sol#L129) ```solidity bytes20 m = bytes20(l); ``` -- Found in src/Casting.sol [Line: 123](../tests/contract-playground/src/Casting.sol#L123) +- Found in src/Casting.sol [Line: 130](../tests/contract-playground/src/Casting.sol#L130) ```solidity bytes19 n = bytes19(m); ``` -- Found in src/Casting.sol [Line: 124](../tests/contract-playground/src/Casting.sol#L124) +- Found in src/Casting.sol [Line: 131](../tests/contract-playground/src/Casting.sol#L131) ```solidity bytes18 o = bytes18(n); ``` -- Found in src/Casting.sol [Line: 125](../tests/contract-playground/src/Casting.sol#L125) +- Found in src/Casting.sol [Line: 132](../tests/contract-playground/src/Casting.sol#L132) ```solidity bytes17 p = bytes17(o); ``` -- Found in src/Casting.sol [Line: 126](../tests/contract-playground/src/Casting.sol#L126) +- Found in src/Casting.sol [Line: 133](../tests/contract-playground/src/Casting.sol#L133) ```solidity bytes16 q = bytes16(p); ``` -- Found in src/Casting.sol [Line: 127](../tests/contract-playground/src/Casting.sol#L127) +- Found in src/Casting.sol [Line: 134](../tests/contract-playground/src/Casting.sol#L134) ```solidity bytes15 r = bytes15(q); ``` -- Found in src/Casting.sol [Line: 128](../tests/contract-playground/src/Casting.sol#L128) +- Found in src/Casting.sol [Line: 135](../tests/contract-playground/src/Casting.sol#L135) ```solidity bytes14 s = bytes14(r); ``` -- Found in src/Casting.sol [Line: 129](../tests/contract-playground/src/Casting.sol#L129) +- Found in src/Casting.sol [Line: 136](../tests/contract-playground/src/Casting.sol#L136) ```solidity bytes13 t = bytes13(s); ``` -- Found in src/Casting.sol [Line: 130](../tests/contract-playground/src/Casting.sol#L130) +- Found in src/Casting.sol [Line: 137](../tests/contract-playground/src/Casting.sol#L137) ```solidity bytes12 u = bytes12(t); ``` -- Found in src/Casting.sol [Line: 131](../tests/contract-playground/src/Casting.sol#L131) +- Found in src/Casting.sol [Line: 138](../tests/contract-playground/src/Casting.sol#L138) ```solidity bytes11 v = bytes11(u); ``` -- Found in src/Casting.sol [Line: 132](../tests/contract-playground/src/Casting.sol#L132) +- Found in src/Casting.sol [Line: 139](../tests/contract-playground/src/Casting.sol#L139) ```solidity bytes10 w = bytes10(v); ``` -- Found in src/Casting.sol [Line: 133](../tests/contract-playground/src/Casting.sol#L133) +- Found in src/Casting.sol [Line: 140](../tests/contract-playground/src/Casting.sol#L140) ```solidity bytes9 x = bytes9(w); ``` -- Found in src/Casting.sol [Line: 134](../tests/contract-playground/src/Casting.sol#L134) +- Found in src/Casting.sol [Line: 141](../tests/contract-playground/src/Casting.sol#L141) ```solidity bytes8 y = bytes8(x); ``` -- Found in src/Casting.sol [Line: 135](../tests/contract-playground/src/Casting.sol#L135) +- Found in src/Casting.sol [Line: 142](../tests/contract-playground/src/Casting.sol#L142) ```solidity bytes7 z = bytes7(y); ``` -- Found in src/Casting.sol [Line: 136](../tests/contract-playground/src/Casting.sol#L136) +- Found in src/Casting.sol [Line: 143](../tests/contract-playground/src/Casting.sol#L143) ```solidity bytes6 aa = bytes6(z); ``` -- Found in src/Casting.sol [Line: 137](../tests/contract-playground/src/Casting.sol#L137) +- Found in src/Casting.sol [Line: 144](../tests/contract-playground/src/Casting.sol#L144) ```solidity bytes5 ab = bytes5(aa); ``` -- Found in src/Casting.sol [Line: 138](../tests/contract-playground/src/Casting.sol#L138) +- Found in src/Casting.sol [Line: 145](../tests/contract-playground/src/Casting.sol#L145) ```solidity bytes4 ac = bytes4(ab); ``` -- Found in src/Casting.sol [Line: 139](../tests/contract-playground/src/Casting.sol#L139) +- Found in src/Casting.sol [Line: 146](../tests/contract-playground/src/Casting.sol#L146) ```solidity bytes3 ad = bytes3(ac); ``` -- Found in src/Casting.sol [Line: 140](../tests/contract-playground/src/Casting.sol#L140) +- Found in src/Casting.sol [Line: 147](../tests/contract-playground/src/Casting.sol#L147) ```solidity bytes2 ae = bytes2(ad); ``` -- Found in src/Casting.sol [Line: 141](../tests/contract-playground/src/Casting.sol#L141) +- Found in src/Casting.sol [Line: 148](../tests/contract-playground/src/Casting.sol#L148) ```solidity bytes1Value = bytes1(ae); ``` +- Found in src/Casting.sol [Line: 155](../tests/contract-playground/src/Casting.sol#L155) + + ```solidity + return int128(result); + ``` +
@@ -2822,7 +2831,7 @@ ERC20 functions may not behave as expected. For example: return values are not a Consider using a specific version of Solidity in your contracts instead of a wide version. For example, instead of `pragma solidity ^0.8.0;`, use `pragma solidity 0.8.0;` -
36 Found Instances +
35 Found Instances - Found in src/BuiltinSymbolShadow.sol [Line: 2](../tests/contract-playground/src/BuiltinSymbolShadow.sol#L2) @@ -2957,12 +2966,6 @@ Consider using a specific version of Solidity in your contracts instead of a wid pragma solidity ^0.4.0; ``` -- Found in src/StateVariablesManipulation.sol [Line: 2](../tests/contract-playground/src/StateVariablesManipulation.sol#L2) - - ```solidity - pragma solidity ^0.8.0; - ``` - - Found in src/TautologyOrContradiction.sol [Line: 2](../tests/contract-playground/src/TautologyOrContradiction.sol#L2) ```solidity @@ -3578,25 +3581,25 @@ If the same constant literal value is used multiple times, create a constant sta array.push(100); ``` -- Found in src/Casting.sol [Line: 16](../tests/contract-playground/src/Casting.sol#L16) +- Found in src/Casting.sol [Line: 20](../tests/contract-playground/src/Casting.sol#L20) ```solidity uint256 a = 0x1234567890abcdef; ``` -- Found in src/Casting.sol [Line: 22](../tests/contract-playground/src/Casting.sol#L22) +- Found in src/Casting.sol [Line: 26](../tests/contract-playground/src/Casting.sol#L26) ```solidity int256 c = -0x1234567890abcdef; ``` -- Found in src/Casting.sol [Line: 31](../tests/contract-playground/src/Casting.sol#L31) +- Found in src/Casting.sol [Line: 38](../tests/contract-playground/src/Casting.sol#L38) ```solidity uint unspecificUint = 0x1234567890abcdef; ``` -- Found in src/Casting.sol [Line: 69](../tests/contract-playground/src/Casting.sol#L69) +- Found in src/Casting.sol [Line: 76](../tests/contract-playground/src/Casting.sol#L76) ```solidity int unspecificInt = -0x1234567890abcdef; @@ -4302,7 +4305,7 @@ Using `ERC721::_mint()` can mint ERC721 tokens to addresses which don't support Solc compiler version 0.8.20 switches the default target EVM version to Shanghai, which means that the generated bytecode will include PUSH0 opcodes. Be sure to select the appropriate EVM version in case you intend to deploy on a chain other than mainnet like L2 chains that may not support PUSH0, otherwise deployment of your contracts will fail. -
42 Found Instances +
43 Found Instances - Found in src/AdminContract.sol [Line: 2](../tests/contract-playground/src/AdminContract.sol#L2) @@ -4407,6 +4410,12 @@ Solc compiler version 0.8.20 switches the default target EVM version to Shanghai pragma solidity ^0.8.0; ``` +- Found in src/OnlyLibrary.sol [Line: 2](../tests/contract-playground/src/OnlyLibrary.sol#L2) + + ```solidity + pragma solidity ^0.8.0; + ``` + - Found in src/OutOfOrderRetryable.sol [Line: 2](../tests/contract-playground/src/OutOfOrderRetryable.sol#L2) ```solidity @@ -5193,13 +5202,13 @@ Consider keeping the naming convention consistent in a given contract. Explicit
29 Found Instances -- Found in src/Casting.sol [Line: 31](../tests/contract-playground/src/Casting.sol#L31) +- Found in src/Casting.sol [Line: 38](../tests/contract-playground/src/Casting.sol#L38) ```solidity uint unspecificUint = 0x1234567890abcdef; ``` -- Found in src/Casting.sol [Line: 69](../tests/contract-playground/src/Casting.sol#L69) +- Found in src/Casting.sol [Line: 76](../tests/contract-playground/src/Casting.sol#L76) ```solidity int unspecificInt = -0x1234567890abcdef; @@ -6656,19 +6665,19 @@ State variable changes in this function but no event is emitted. function c4() external { ``` -- Found in src/Casting.sol [Line: 30](../tests/contract-playground/src/Casting.sol#L30) +- Found in src/Casting.sol [Line: 37](../tests/contract-playground/src/Casting.sol#L37) ```solidity function unsafeUintCasting() external { ``` -- Found in src/Casting.sol [Line: 68](../tests/contract-playground/src/Casting.sol#L68) +- Found in src/Casting.sol [Line: 75](../tests/contract-playground/src/Casting.sol#L75) ```solidity function unsafeIntCasting() external { ``` -- Found in src/Casting.sol [Line: 106](../tests/contract-playground/src/Casting.sol#L106) +- Found in src/Casting.sol [Line: 113](../tests/contract-playground/src/Casting.sol#L113) ```solidity function unsafeBytes32Casting() external { @@ -7218,3 +7227,20 @@ State variable changes in this function but no event is emitted. +## L-44: Modifier has multiple placeholders. + +Design the modifier to only contain 1 placeholder statement. If it's not possible, split the logic into multiple modifiers. + +
1 Found Instances + + +- Found in src/MultiplePlaceholders.sol [Line: 11](../tests/contract-playground/src/MultiplePlaceholders.sol#L11) + + ```solidity + modifier checkOwner() { + ``` + +
+ + + diff --git a/reports/report.sarif b/reports/report.sarif index 3025030c3..85b8ebaa4 100644 --- a/reports/report.sarif +++ b/reports/report.sarif @@ -367,7 +367,7 @@ }, "region": { "byteLength": 10, - "byteOffset": 1065 + "byteOffset": 1127 } } }, @@ -378,7 +378,7 @@ }, "region": { "byteLength": 10, - "byteOffset": 1097 + "byteOffset": 1159 } } }, @@ -389,7 +389,7 @@ }, "region": { "byteLength": 10, - "byteOffset": 1129 + "byteOffset": 1191 } } }, @@ -400,7 +400,7 @@ }, "region": { "byteLength": 10, - "byteOffset": 1161 + "byteOffset": 1223 } } }, @@ -411,7 +411,7 @@ }, "region": { "byteLength": 10, - "byteOffset": 1193 + "byteOffset": 1255 } } }, @@ -422,7 +422,7 @@ }, "region": { "byteLength": 10, - "byteOffset": 1225 + "byteOffset": 1287 } } }, @@ -433,7 +433,7 @@ }, "region": { "byteLength": 10, - "byteOffset": 1257 + "byteOffset": 1319 } } }, @@ -444,7 +444,7 @@ }, "region": { "byteLength": 10, - "byteOffset": 1289 + "byteOffset": 1351 } } }, @@ -455,7 +455,7 @@ }, "region": { "byteLength": 10, - "byteOffset": 1321 + "byteOffset": 1383 } } }, @@ -466,7 +466,7 @@ }, "region": { "byteLength": 10, - "byteOffset": 1353 + "byteOffset": 1415 } } }, @@ -477,7 +477,7 @@ }, "region": { "byteLength": 10, - "byteOffset": 1385 + "byteOffset": 1447 } } }, @@ -488,7 +488,7 @@ }, "region": { "byteLength": 10, - "byteOffset": 1417 + "byteOffset": 1479 } } }, @@ -499,7 +499,7 @@ }, "region": { "byteLength": 10, - "byteOffset": 1449 + "byteOffset": 1511 } } }, @@ -510,7 +510,7 @@ }, "region": { "byteLength": 10, - "byteOffset": 1481 + "byteOffset": 1543 } } }, @@ -521,7 +521,7 @@ }, "region": { "byteLength": 10, - "byteOffset": 1513 + "byteOffset": 1575 } } }, @@ -532,7 +532,7 @@ }, "region": { "byteLength": 10, - "byteOffset": 1545 + "byteOffset": 1607 } } }, @@ -543,7 +543,7 @@ }, "region": { "byteLength": 10, - "byteOffset": 1577 + "byteOffset": 1639 } } }, @@ -554,7 +554,7 @@ }, "region": { "byteLength": 10, - "byteOffset": 1609 + "byteOffset": 1671 } } }, @@ -565,7 +565,7 @@ }, "region": { "byteLength": 10, - "byteOffset": 1641 + "byteOffset": 1703 } } }, @@ -576,7 +576,7 @@ }, "region": { "byteLength": 9, - "byteOffset": 1672 + "byteOffset": 1734 } } }, @@ -587,7 +587,7 @@ }, "region": { "byteLength": 9, - "byteOffset": 1702 + "byteOffset": 1764 } } }, @@ -598,7 +598,7 @@ }, "region": { "byteLength": 9, - "byteOffset": 1732 + "byteOffset": 1794 } } }, @@ -609,7 +609,7 @@ }, "region": { "byteLength": 9, - "byteOffset": 1762 + "byteOffset": 1824 } } }, @@ -620,7 +620,7 @@ }, "region": { "byteLength": 9, - "byteOffset": 1792 + "byteOffset": 1854 } } }, @@ -631,7 +631,7 @@ }, "region": { "byteLength": 9, - "byteOffset": 1822 + "byteOffset": 1884 } } }, @@ -642,7 +642,7 @@ }, "region": { "byteLength": 9, - "byteOffset": 1853 + "byteOffset": 1915 } } }, @@ -653,7 +653,7 @@ }, "region": { "byteLength": 10, - "byteOffset": 1884 + "byteOffset": 1946 } } }, @@ -664,7 +664,7 @@ }, "region": { "byteLength": 10, - "byteOffset": 1916 + "byteOffset": 1978 } } }, @@ -675,7 +675,7 @@ }, "region": { "byteLength": 10, - "byteOffset": 1948 + "byteOffset": 2010 } } }, @@ -686,7 +686,7 @@ }, "region": { "byteLength": 10, - "byteOffset": 1980 + "byteOffset": 2042 } } }, @@ -697,7 +697,7 @@ }, "region": { "byteLength": 9, - "byteOffset": 2013 + "byteOffset": 2075 } } }, @@ -708,7 +708,7 @@ }, "region": { "byteLength": 9, - "byteOffset": 2242 + "byteOffset": 2304 } } }, @@ -719,7 +719,7 @@ }, "region": { "byteLength": 9, - "byteOffset": 2272 + "byteOffset": 2334 } } }, @@ -730,7 +730,7 @@ }, "region": { "byteLength": 9, - "byteOffset": 2302 + "byteOffset": 2364 } } }, @@ -741,7 +741,7 @@ }, "region": { "byteLength": 9, - "byteOffset": 2332 + "byteOffset": 2394 } } }, @@ -752,7 +752,7 @@ }, "region": { "byteLength": 9, - "byteOffset": 2362 + "byteOffset": 2424 } } }, @@ -763,7 +763,7 @@ }, "region": { "byteLength": 9, - "byteOffset": 2392 + "byteOffset": 2454 } } }, @@ -774,7 +774,7 @@ }, "region": { "byteLength": 9, - "byteOffset": 2422 + "byteOffset": 2484 } } }, @@ -785,7 +785,7 @@ }, "region": { "byteLength": 9, - "byteOffset": 2452 + "byteOffset": 2514 } } }, @@ -796,7 +796,7 @@ }, "region": { "byteLength": 9, - "byteOffset": 2482 + "byteOffset": 2544 } } }, @@ -807,7 +807,7 @@ }, "region": { "byteLength": 9, - "byteOffset": 2512 + "byteOffset": 2574 } } }, @@ -818,7 +818,7 @@ }, "region": { "byteLength": 9, - "byteOffset": 2542 + "byteOffset": 2604 } } }, @@ -829,7 +829,7 @@ }, "region": { "byteLength": 9, - "byteOffset": 2572 + "byteOffset": 2634 } } }, @@ -840,7 +840,7 @@ }, "region": { "byteLength": 9, - "byteOffset": 2602 + "byteOffset": 2664 } } }, @@ -851,7 +851,7 @@ }, "region": { "byteLength": 9, - "byteOffset": 2632 + "byteOffset": 2694 } } }, @@ -862,7 +862,7 @@ }, "region": { "byteLength": 9, - "byteOffset": 2662 + "byteOffset": 2724 } } }, @@ -873,7 +873,7 @@ }, "region": { "byteLength": 9, - "byteOffset": 2692 + "byteOffset": 2754 } } }, @@ -884,7 +884,7 @@ }, "region": { "byteLength": 9, - "byteOffset": 2722 + "byteOffset": 2784 } } }, @@ -895,7 +895,7 @@ }, "region": { "byteLength": 9, - "byteOffset": 2752 + "byteOffset": 2814 } } }, @@ -906,7 +906,7 @@ }, "region": { "byteLength": 9, - "byteOffset": 2782 + "byteOffset": 2844 } } }, @@ -917,7 +917,7 @@ }, "region": { "byteLength": 8, - "byteOffset": 2811 + "byteOffset": 2873 } } }, @@ -928,7 +928,7 @@ }, "region": { "byteLength": 8, - "byteOffset": 2839 + "byteOffset": 2901 } } }, @@ -939,7 +939,7 @@ }, "region": { "byteLength": 8, - "byteOffset": 2867 + "byteOffset": 2929 } } }, @@ -950,7 +950,7 @@ }, "region": { "byteLength": 8, - "byteOffset": 2895 + "byteOffset": 2957 } } }, @@ -961,7 +961,7 @@ }, "region": { "byteLength": 8, - "byteOffset": 2923 + "byteOffset": 2985 } } }, @@ -972,7 +972,7 @@ }, "region": { "byteLength": 8, - "byteOffset": 2951 + "byteOffset": 3013 } } }, @@ -983,7 +983,7 @@ }, "region": { "byteLength": 8, - "byteOffset": 2980 + "byteOffset": 3042 } } }, @@ -994,7 +994,7 @@ }, "region": { "byteLength": 9, - "byteOffset": 3009 + "byteOffset": 3071 } } }, @@ -1005,7 +1005,7 @@ }, "region": { "byteLength": 9, - "byteOffset": 3039 + "byteOffset": 3101 } } }, @@ -1016,7 +1016,7 @@ }, "region": { "byteLength": 9, - "byteOffset": 3069 + "byteOffset": 3131 } } }, @@ -1027,7 +1027,7 @@ }, "region": { "byteLength": 9, - "byteOffset": 3099 + "byteOffset": 3161 } } }, @@ -1038,7 +1038,7 @@ }, "region": { "byteLength": 8, - "byteOffset": 3130 + "byteOffset": 3192 } } }, @@ -1049,7 +1049,7 @@ }, "region": { "byteLength": 10, - "byteOffset": 3426 + "byteOffset": 3488 } } }, @@ -1060,7 +1060,7 @@ }, "region": { "byteLength": 10, - "byteOffset": 3458 + "byteOffset": 3520 } } }, @@ -1071,7 +1071,7 @@ }, "region": { "byteLength": 10, - "byteOffset": 3490 + "byteOffset": 3552 } } }, @@ -1082,7 +1082,7 @@ }, "region": { "byteLength": 10, - "byteOffset": 3522 + "byteOffset": 3584 } } }, @@ -1093,7 +1093,7 @@ }, "region": { "byteLength": 10, - "byteOffset": 3554 + "byteOffset": 3616 } } }, @@ -1104,7 +1104,7 @@ }, "region": { "byteLength": 10, - "byteOffset": 3586 + "byteOffset": 3648 } } }, @@ -1115,7 +1115,7 @@ }, "region": { "byteLength": 10, - "byteOffset": 3618 + "byteOffset": 3680 } } }, @@ -1126,7 +1126,7 @@ }, "region": { "byteLength": 10, - "byteOffset": 3650 + "byteOffset": 3712 } } }, @@ -1137,7 +1137,7 @@ }, "region": { "byteLength": 10, - "byteOffset": 3682 + "byteOffset": 3744 } } }, @@ -1148,7 +1148,7 @@ }, "region": { "byteLength": 10, - "byteOffset": 3714 + "byteOffset": 3776 } } }, @@ -1159,7 +1159,7 @@ }, "region": { "byteLength": 10, - "byteOffset": 3746 + "byteOffset": 3808 } } }, @@ -1170,7 +1170,7 @@ }, "region": { "byteLength": 10, - "byteOffset": 3778 + "byteOffset": 3840 } } }, @@ -1181,7 +1181,7 @@ }, "region": { "byteLength": 10, - "byteOffset": 3810 + "byteOffset": 3872 } } }, @@ -1192,7 +1192,7 @@ }, "region": { "byteLength": 10, - "byteOffset": 3842 + "byteOffset": 3904 } } }, @@ -1203,7 +1203,7 @@ }, "region": { "byteLength": 10, - "byteOffset": 3874 + "byteOffset": 3936 } } }, @@ -1214,7 +1214,7 @@ }, "region": { "byteLength": 10, - "byteOffset": 3906 + "byteOffset": 3968 } } }, @@ -1225,7 +1225,7 @@ }, "region": { "byteLength": 10, - "byteOffset": 3938 + "byteOffset": 4000 } } }, @@ -1236,7 +1236,7 @@ }, "region": { "byteLength": 10, - "byteOffset": 3970 + "byteOffset": 4032 } } }, @@ -1247,7 +1247,7 @@ }, "region": { "byteLength": 10, - "byteOffset": 4002 + "byteOffset": 4064 } } }, @@ -1258,7 +1258,7 @@ }, "region": { "byteLength": 10, - "byteOffset": 4034 + "byteOffset": 4096 } } }, @@ -1269,7 +1269,7 @@ }, "region": { "byteLength": 10, - "byteOffset": 4066 + "byteOffset": 4128 } } }, @@ -1280,7 +1280,7 @@ }, "region": { "byteLength": 10, - "byteOffset": 4098 + "byteOffset": 4160 } } }, @@ -1291,7 +1291,7 @@ }, "region": { "byteLength": 9, - "byteOffset": 4129 + "byteOffset": 4191 } } }, @@ -1302,7 +1302,7 @@ }, "region": { "byteLength": 9, - "byteOffset": 4159 + "byteOffset": 4221 } } }, @@ -1313,7 +1313,7 @@ }, "region": { "byteLength": 9, - "byteOffset": 4189 + "byteOffset": 4251 } } }, @@ -1324,7 +1324,7 @@ }, "region": { "byteLength": 9, - "byteOffset": 4220 + "byteOffset": 4282 } } }, @@ -1335,7 +1335,7 @@ }, "region": { "byteLength": 10, - "byteOffset": 4251 + "byteOffset": 4313 } } }, @@ -1346,7 +1346,7 @@ }, "region": { "byteLength": 10, - "byteOffset": 4283 + "byteOffset": 4345 } } }, @@ -1357,7 +1357,7 @@ }, "region": { "byteLength": 10, - "byteOffset": 4315 + "byteOffset": 4377 } } }, @@ -1368,7 +1368,7 @@ }, "region": { "byteLength": 10, - "byteOffset": 4347 + "byteOffset": 4409 } } }, @@ -1379,7 +1379,18 @@ }, "region": { "byteLength": 10, - "byteOffset": 4381 + "byteOffset": 4443 + } + } + }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/Casting.sol" + }, + "region": { + "byteLength": 14, + "byteOffset": 4642 } } } @@ -4451,17 +4462,6 @@ } } }, - { - "physicalLocation": { - "artifactLocation": { - "uri": "src/StateVariablesManipulation.sol" - }, - "region": { - "byteLength": 23, - "byteOffset": 32 - } - } - }, { "physicalLocation": { "artifactLocation": { @@ -5563,7 +5563,7 @@ }, "region": { "byteLength": 18, - "byteOffset": 483 + "byteOffset": 511 } } }, @@ -5574,7 +5574,7 @@ }, "region": { "byteLength": 18, - "byteOffset": 646 + "byteOffset": 674 } } }, @@ -5585,7 +5585,7 @@ }, "region": { "byteLength": 18, - "byteOffset": 921 + "byteOffset": 983 } } }, @@ -5596,7 +5596,7 @@ }, "region": { "byteLength": 18, - "byteOffset": 2103 + "byteOffset": 2165 } } }, @@ -7064,6 +7064,17 @@ } } }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/OnlyLibrary.sol" + }, + "region": { + "byteLength": 23, + "byteOffset": 32 + } + } + }, { "physicalLocation": { "artifactLocation": { @@ -8445,7 +8456,7 @@ }, "region": { "byteLength": 14, - "byteOffset": 904 + "byteOffset": 966 } } }, @@ -8456,7 +8467,7 @@ }, "region": { "byteLength": 13, - "byteOffset": 2086 + "byteOffset": 2148 } } }, @@ -10872,7 +10883,7 @@ }, "region": { "byteLength": 17, - "byteOffset": 860 + "byteOffset": 922 } } }, @@ -10883,7 +10894,7 @@ }, "region": { "byteLength": 16, - "byteOffset": 2044 + "byteOffset": 2106 } } }, @@ -10894,7 +10905,7 @@ }, "region": { "byteLength": 20, - "byteOffset": 3160 + "byteOffset": 3222 } } }, @@ -11893,6 +11904,26 @@ "text": "State variable changes in this function but no event is emitted." }, "ruleId": "state-variable-changes-without-events" + }, + { + "level": "note", + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/MultiplePlaceholders.sol" + }, + "region": { + "byteLength": 10, + "byteOffset": 186 + } + } + } + ], + "message": { + "text": "Design the modifier to only contain 1 placeholder statement. If it's not possible, split the logic into multiple modifiers." + }, + "ruleId": "multiple-placeholders" } ], "tool": { @@ -11901,8 +11932,8 @@ "informationUri": "https://github.com/Cyfrin/aderyn", "name": "Aderyn", "organization": "Cyfrin", - "semanticVersion": "0.2.0", - "version": "0.2.0" + "semanticVersion": "0.3.0", + "version": "0.3.0" } } } diff --git a/reports/sablier-aderyn-toml-nested-root.md b/reports/sablier-aderyn-toml-nested-root.md index e5be85177..4b3a0bcfe 100644 --- a/reports/sablier-aderyn-toml-nested-root.md +++ b/reports/sablier-aderyn-toml-nested-root.md @@ -69,7 +69,7 @@ This report was generated by [Aderyn](https://github.com/Cyfrin/aderyn), a stati Consider using a specific version of Solidity in your contracts instead of a wide version. For example, instead of `pragma solidity ^0.8.0;`, use `pragma solidity 0.8.0;` -
20 Found Instances +
15 Found Instances - Found in src/SablierV2LockupDynamic.sol [Line: 2](../tests/2024-05-Sablier/v2-core/src/SablierV2LockupDynamic.sol#L2) @@ -162,36 +162,6 @@ Consider using a specific version of Solidity in your contracts instead of a wid pragma solidity >=0.8.22; ``` -- Found in src/libraries/Errors.sol [Line: 2](../tests/2024-05-Sablier/v2-core/src/libraries/Errors.sol#L2) - - ```solidity - pragma solidity >=0.8.22; - ``` - -- Found in src/libraries/Helpers.sol [Line: 2](../tests/2024-05-Sablier/v2-core/src/libraries/Helpers.sol#L2) - - ```solidity - pragma solidity >=0.8.22; - ``` - -- Found in src/libraries/NFTSVG.sol [Line: 3](../tests/2024-05-Sablier/v2-core/src/libraries/NFTSVG.sol#L3) - - ```solidity - pragma solidity >=0.8.22; - ``` - -- Found in src/libraries/SVGElements.sol [Line: 3](../tests/2024-05-Sablier/v2-core/src/libraries/SVGElements.sol#L3) - - ```solidity - pragma solidity >=0.8.22; - ``` - -- Found in src/types/DataTypes.sol [Line: 2](../tests/2024-05-Sablier/v2-core/src/types/DataTypes.sol#L2) - - ```solidity - pragma solidity >=0.8.22; - ``` -
diff --git a/reports/templegold-report.md b/reports/templegold-report.md index f941d967a..bbcb0dbb3 100644 --- a/reports/templegold-report.md +++ b/reports/templegold-report.md @@ -282,50 +282,8 @@ Consider protecting the initializer functions with modifiers. Downcasting int/uints in Solidity can be unsafe due to the potential for data loss and unintended behavior.When downcasting a larger integer type to a smaller one (e.g., uint256 to uint128), the value may exceed the range of the target type,leading to truncation and loss of significant digits. Use OpenZeppelin's SafeCast library to safely downcast integers. -
15 Found Instances - - -- Found in contracts/util/ABDKMath64x64.sol [Line: 93](../tests/2024-07-templegold/protocol/contracts/util/ABDKMath64x64.sol#L93) - - ```solidity - return int128 (result); - ``` - -- Found in contracts/util/ABDKMath64x64.sol [Line: 121](../tests/2024-07-templegold/protocol/contracts/util/ABDKMath64x64.sol#L121) - - ```solidity - return int128 (result); - ``` - -- Found in contracts/util/ABDKMath64x64.sol [Line: 136](../tests/2024-07-templegold/protocol/contracts/util/ABDKMath64x64.sol#L136) - - ```solidity - return int128 (result); - ``` - -- Found in contracts/util/ABDKMath64x64.sol [Line: 151](../tests/2024-07-templegold/protocol/contracts/util/ABDKMath64x64.sol#L151) - - ```solidity - return int128 (result); - ``` - -- Found in contracts/util/ABDKMath64x64.sol [Line: 232](../tests/2024-07-templegold/protocol/contracts/util/ABDKMath64x64.sol#L232) - - ```solidity - return int128 (result); - ``` - -- Found in contracts/util/ABDKMath64x64.sol [Line: 323](../tests/2024-07-templegold/protocol/contracts/util/ABDKMath64x64.sol#L323) - - ```solidity - return int128 (result); - ``` - -- Found in contracts/util/ABDKMath64x64.sol [Line: 437](../tests/2024-07-templegold/protocol/contracts/util/ABDKMath64x64.sol#L437) +
2 Found Instances - ```solidity - return int128 (result); - ``` - Found in contracts/util/ABDKMath64x64.sol [Line: 483](../tests/2024-07-templegold/protocol/contracts/util/ABDKMath64x64.sol#L483) @@ -333,42 +291,6 @@ Downcasting int/uints in Solidity can be unsafe due to the potential for data lo return int128 (result); ``` -- Found in contracts/util/ABDKMath64x64.sol [Line: 716](../tests/2024-07-templegold/protocol/contracts/util/ABDKMath64x64.sol#L716) - - ```solidity - return uint128 (result); - ``` - -- Found in contracts/util/ABDKMathQuad.sol [Line: 60](../tests/2024-07-templegold/protocol/contracts/util/ABDKMathQuad.sol#L60) - - ```solidity - return bytes16 (uint128 (result)); - ``` - -- Found in contracts/util/ABDKMathQuad.sol [Line: 113](../tests/2024-07-templegold/protocol/contracts/util/ABDKMathQuad.sol#L113) - - ```solidity - return bytes16 (uint128 (result)); - ``` - -- Found in contracts/util/ABDKMathQuad.sol [Line: 167](../tests/2024-07-templegold/protocol/contracts/util/ABDKMathQuad.sol#L167) - - ```solidity - return bytes16 (uint128 (result)); - ``` - -- Found in contracts/util/ABDKMathQuad.sol [Line: 223](../tests/2024-07-templegold/protocol/contracts/util/ABDKMathQuad.sol#L223) - - ```solidity - return bytes16 (uint128 (result)); - ``` - -- Found in contracts/util/ABDKMathQuad.sol [Line: 355](../tests/2024-07-templegold/protocol/contracts/util/ABDKMathQuad.sol#L355) - - ```solidity - return bytes16 (uint128 (result)); - ``` - - Found in contracts/v2/interestRate/LinearWithKinkInterestRateModel.sol [Line: 140](../tests/2024-07-templegold/protocol/contracts/v2/interestRate/LinearWithKinkInterestRateModel.sol#L140) ```solidity @@ -1246,7 +1168,7 @@ ERC20 functions may not behave as expected. For example: return values are not a Consider using a specific version of Solidity in your contracts instead of a wide version. For example, instead of `pragma solidity ^0.8.0;`, use `pragma solidity 0.8.0;` -
80 Found Instances +
71 Found Instances - Found in contracts/admin/TempleTeamPayments.sol [Line: 2](../tests/2024-07-templegold/protocol/contracts/admin/TempleTeamPayments.sol#L2) @@ -1291,24 +1213,6 @@ Consider using a specific version of Solidity in your contracts instead of a wid pragma solidity ^0.8.20; ``` -- Found in contracts/common/CommonEventsAndErrors.sol [Line: 1](../tests/2024-07-templegold/protocol/contracts/common/CommonEventsAndErrors.sol#L1) - - ```solidity - pragma solidity ^0.8.20; - ``` - -- Found in contracts/common/SafeCast.sol [Line: 1](../tests/2024-07-templegold/protocol/contracts/common/SafeCast.sol#L1) - - ```solidity - pragma solidity ^0.8.20; - ``` - -- Found in contracts/common/TempleMath.sol [Line: 1](../tests/2024-07-templegold/protocol/contracts/common/TempleMath.sol#L1) - - ```solidity - pragma solidity ^0.8.20; - ``` - - Found in contracts/core/Exposure.sol [Line: 1](../tests/2024-07-templegold/protocol/contracts/core/Exposure.sol#L1) ```solidity @@ -1333,12 +1237,6 @@ Consider using a specific version of Solidity in your contracts instead of a wid pragma solidity ^0.8.4; ``` -- Found in contracts/core/OpsManagerLib.sol [Line: 1](../tests/2024-07-templegold/protocol/contracts/core/OpsManagerLib.sol#L1) - - ```solidity - pragma solidity ^0.8.4; - ``` - - Found in contracts/core/OtcOffer.sol [Line: 1](../tests/2024-07-templegold/protocol/contracts/core/OtcOffer.sol#L1) ```solidity @@ -1567,12 +1465,6 @@ Consider using a specific version of Solidity in your contracts instead of a wid pragma solidity ^0.8.20; ``` -- Found in contracts/templegold/EpochLib.sol [Line: 1](../tests/2024-07-templegold/protocol/contracts/templegold/EpochLib.sol#L1) - - ```solidity - pragma solidity ^0.8.20; - ``` - - Found in contracts/templegold/SpiceAuction.sol [Line: 1](../tests/2024-07-templegold/protocol/contracts/templegold/SpiceAuction.sol#L1) ```solidity @@ -1609,18 +1501,6 @@ Consider using a specific version of Solidity in your contracts instead of a wid pragma solidity ^0.8.20; ``` -- Found in contracts/util/ABDKMath64x64.sol [Line: 6](../tests/2024-07-templegold/protocol/contracts/util/ABDKMath64x64.sol#L6) - - ```solidity - pragma solidity ^0.8.4; - ``` - -- Found in contracts/util/ABDKMathQuad.sol [Line: 6](../tests/2024-07-templegold/protocol/contracts/util/ABDKMathQuad.sol#L6) - - ```solidity - pragma solidity ^0.8.0; - ``` - - Found in contracts/v2/TempleDebtToken.sol [Line: 1](../tests/2024-07-templegold/protocol/contracts/v2/TempleDebtToken.sol#L1) ```solidity @@ -1663,24 +1543,12 @@ Consider using a specific version of Solidity in your contracts instead of a wid pragma solidity ^0.8.20; ``` -- Found in contracts/v2/interestRate/CompoundedInterest.sol [Line: 1](../tests/2024-07-templegold/protocol/contracts/v2/interestRate/CompoundedInterest.sol#L1) - - ```solidity - pragma solidity ^0.8.20; - ``` - - Found in contracts/v2/interestRate/LinearWithKinkInterestRateModel.sol [Line: 1](../tests/2024-07-templegold/protocol/contracts/v2/interestRate/LinearWithKinkInterestRateModel.sol#L1) ```solidity pragma solidity ^0.8.20; ``` -- Found in contracts/v2/safeGuards/SafeForked.sol [Line: 1](../tests/2024-07-templegold/protocol/contracts/v2/safeGuards/SafeForked.sol#L1) - - ```solidity - pragma solidity ^0.8.20; - ``` - - Found in contracts/v2/safeGuards/ThresholdSafeGuard.sol [Line: 1](../tests/2024-07-templegold/protocol/contracts/v2/safeGuards/ThresholdSafeGuard.sol#L1) ```solidity diff --git a/rustfmt.toml b/rustfmt.toml deleted file mode 100644 index 26332857e..000000000 --- a/rustfmt.toml +++ /dev/null @@ -1,3 +0,0 @@ -ignore = [ - "foundry/" -] \ No newline at end of file diff --git a/tests/contract-playground/src/Casting.sol b/tests/contract-playground/src/Casting.sol index 6f082d69e..9533958cf 100644 --- a/tests/contract-playground/src/Casting.sol +++ b/tests/contract-playground/src/Casting.sol @@ -12,7 +12,11 @@ contract Casting { bytes1 public bytes1Value = 0x12; // All good - function safeCastingExamples() external pure returns (uint128 b, int128 d, uint128 x, int128 y) { + function safeCastingExamples() + external + pure + returns (uint128 b, int128 d, uint128 x, int128 y) + { uint256 a = 0x1234567890abcdef; if (a > type(uint128).max) { revert("Value too large for uint128"); @@ -20,7 +24,10 @@ contract Casting { b = uint128(a); int256 c = -0x1234567890abcdef; - require(c >= type(int128).min && c <= type(int128).max, "Value does not fit in int128"); + require( + c >= type(int128).min && c <= type(int128).max, + "Value does not fit in int128" + ); d = int128(c); x = a.toUint128(); @@ -141,4 +148,20 @@ contract Casting { bytes1Value = bytes1(ae); } -} \ No newline at end of file + function from128x128(int256 x) external pure returns (int128) { + unchecked { + int256 result = x >> 64; // aderyn-ignore + // BAD + return int128(result); + } + } + + function from128x128_checked(int256 x) external pure returns (int128) { + unchecked { + int256 result = x >> 64; // aderyn-ignore + // GOOD + require(result > 1 && result < 100, "BAD range given"); // aderyn-ignore + return int128(result); + } + } +} diff --git a/tests/contract-playground/src/ContractLocksEther.sol b/tests/contract-playground/src/ContractLocksEther.sol index 4e607cbdc..6442a270c 100644 --- a/tests/contract-playground/src/ContractLocksEther.sol +++ b/tests/contract-playground/src/ContractLocksEther.sol @@ -208,3 +208,39 @@ contract CanWithdrawChild is CanWithdrawParent { emit Deposited(msg.sender, msg.value); } } + +import "../lib/openzeppelin-contracts/contracts/utils/Address.sol"; + +// GOOD +contract CanWithdrawOZ { + using Address for address payable; + + // Event to log deposits + event Deposited(address indexed sender, uint256 indexed amount); + + // Event to log transfers + event Transferred(address indexed to, uint256 indexed amount); + + // Public payable function to receive Ether + receive() external payable { + emit Deposited(msg.sender, msg.value); + } + + // Public payable fallback function to handle any data sent with Ether + fallback() external payable { + emit Deposited(msg.sender, msg.value); + } + + // Internal function to send Ether to a given address + function _sendEther(address payable recipient, uint256 amount) internal { + require(address(this).balance >= amount, "Insufficient balance"); + require(recipient != address(0), "Invalid recipient"); + recipient.sendValue(amount); + emit Transferred(recipient, amount); + } + + // This function allows for the withdrawal of eth. Hence this contract is a GOOD contract. + function takeEthBack(uint256 amount) external { + _sendEther(payable(msg.sender), amount); + } +} diff --git a/tests/contract-playground/src/MultiplePlaceholders.sol b/tests/contract-playground/src/MultiplePlaceholders.sol new file mode 100644 index 000000000..02366d9d1 --- /dev/null +++ b/tests/contract-playground/src/MultiplePlaceholders.sol @@ -0,0 +1,22 @@ +// SPDX-License-Identifier: MIT +pragma solidity 0.8.19; + +contract MultiplePlaceholders { + address internal owner; + + constructor() { + owner = msg.sender; + } + + modifier checkOwner() { + require(msg.sender == owner, "You are not the owner!"); + _; + _; + } + + // aderyn-ignore-next-line(empty-block) + function restrictedFunction1() external checkOwner {} + + // aderyn-ignore-next-line(empty-block) + function restrictedFunction2() external checkOwner {} +} diff --git a/tests/contract-playground/src/OnlyLibrary.sol b/tests/contract-playground/src/OnlyLibrary.sol new file mode 100644 index 000000000..5b7257a60 --- /dev/null +++ b/tests/contract-playground/src/OnlyLibrary.sol @@ -0,0 +1,4 @@ +// SPDX-License-Identifier: MIT +pragma solidity ^0.8.0; + +library MathLib {}