Functions that send native eth without having msg.sender checks #597
Conversation
TilakMaddy
force-pushed
the
auditor-mode-experiment/functions-that-send-ether-without-msg-sender-checks
branch
from
d244b4b to
553ca05
Compare
There was a problem hiding this comment.
New auditor detector here :)
There was a problem hiding this comment.
We want this to be a normal detector, so let's move it there instead of auditor mode.
Completely agree with concerns about performance. My thinking is that, once we have more detector tickets completed, we will do a sprint which will be themed on performance, efficiency, etc.
…ther-without-msg-sender-checks
| @@ -1659,6 +1678,24 @@ Instead of marking a function as `public`, consider marking it as `external` if | |||
| function onlyOwnerManualIfRevertCheck() public view { | |||
| ``` | |||
|
|
|||
| - Found in src/auditor_mode/send_ether_no_checks/Tower.sol [Line: 19](../tests/contract-playground/src/auditor_mode/send_ether_no_checks/Tower.sol#L19) | |||
There was a problem hiding this comment.
Can we make these external so that they aren't caught here?
|
|
||
| <details><summary>1 Found Instances</summary> | ||
|
|
||
|
|
There was a problem hiding this comment.
Only one instance found? Should we expect more?
There was a problem hiding this comment.
No, just one I think.
| @@ -0,0 +1,208 @@ | |||
| //! This module helps with strategies on performing different types of investigations. | |||
There was a problem hiding this comment.
Do you think we should move this to a different folder? Maybe browser or context or its own new one?
There was a problem hiding this comment.
browser would suitable.
|
This detector will be part of #605 |
This creates a callgraph. Because we are unsure of performance, etc. ... I have added this to
--auditor-modecargo run tests/contract-playground --auditor-modeLet's play with this for a while before converting it to a detector
UPDATE:
Now it's converted to deetctor