Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: info from solc-version detector displays misleading message #2478

Closed
penandlim opened this issue Jun 6, 2024 · 4 comments
Closed

[Bug]: info from solc-version detector displays misleading message #2478

penandlim opened this issue Jun 6, 2024 · 4 comments
Labels
bug Something isn't working good first issue Good for newcomers

Comments

@penandlim
Copy link

penandlim commented Jun 6, 2024
edited
Loading

Describe the issue:

With slither 0.10.3 on a new foundry repo w/ pragma solidity 0.8.23, running slither reports below info message.

INFO:Detectors:
Version constraint 0.8.23 contains known severe issues (https://solidity.readthedocs.io/en/latest/bugs.html)
.
It is used by:
        - 0.8.23 (src/Counter.sol#2)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-versions-of-solidity

But afaik there are no known issues for solidity 0.8.23 yet.
https://solidity.readthedocs.io/en/latest/bugs.html

slither/slither/utils/buggy_versions.py

Lines 1585 to 1587 in 798c1f6

"0.8.23": [],
"0.8.24": [],
"0.8.25": [],

Is this the intended info message from solc-version detector for ^0.8.23?

Code example to reproduce the issue:

// SPDX-License-Identifier: UNLICENSED
pragma solidity 0.8.23;

contract Counter {
    uint256 public number;

    function setNumber(uint256 newNumber) public {
        number = newNumber;
    }

    function increment() public {
        number++;
    }
}

Version:

0.10.3

Relevant log output:

❯ slither . 
'forge clean' running (wd: /home/me/project)
'forge config --json' running
'forge build --build-info --skip */test/** */script/** --force' running (wd: /home/me/project)
INFO:Detectors:
Version constraint 0.8.23 contains known severe issues (https://solidity.readthedocs.io/en/latest/bugs.html)
.
It is used by:
        - 0.8.23 (src/Counter.sol#2)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-versions-of-solidity
INFO:Slither:. analyzed (1 contracts with 94 detectors), 1 result(s) found
@penandlim penandlim added the bug-candidate Bugs reports that are not yet confirmed label Jun 6, 2024
@penandlim penandlim changed the title [Bug-Candidate]: info from incorrect-versions-of-solidity detector displays misleading message [Bug-Candidate]: info from solc-version detector displays misleading message Jun 6, 2024
@0xalpharush
Copy link
Contributor

I think this is missing a length check on bugs_by_version and should be something like if version_number in bugs_by_version and len(bugs_by_version):

slither/slither/detectors/attributes/incorrect_solc.py

Line 74 in 798c1f6

if version_number in bugs_by_version:

@0xalpharush 0xalpharush added bug Something isn't working good first issue Good for newcomers and removed bug-candidate Bugs reports that are not yet confirmed labels Jun 22, 2024
@0xalpharush 0xalpharush changed the title [Bug-Candidate]: info from solc-version detector displays misleading message [Bug]: info from solc-version detector displays misleading message Jun 22, 2024
@MukulKolpe
Copy link
Contributor

Hey @0xalpharush, can I work on this issue?

@0xalpharush
Copy link
Contributor

Yes you're welcome to work on this

@MukulKolpe MukulKolpe mentioned this issue Jun 27, 2024
Merged
@Tony-S201
Copy link

Tony-S201 commented Jul 5, 2024
edited
Loading

Hi, I have the same problem on 0.8.24.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working good first issue Good for newcomers
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@penandlim @Tony-S201 @MukulKolpe @0xalpharush