Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[False Negative]: reentrancy-no-eth for interprocedural case #2544

Open
0xalpharush opened this issue Aug 29, 2024 · 1 comment
Open

[False Negative]: reentrancy-no-eth for interprocedural case #2544

0xalpharush opened this issue Aug 29, 2024 · 1 comment

Comments

@0xalpharush
Copy link
Contributor

What bug did Slither miss and which detector did you anticipate would catch it?

The following should be detected by reentrancy-no-eth but it is incorrectly considered benign. It is more important to highlight that there is a read-call-write than a write after a call

Frequency

Very Frequently

Code example to reproduce the issue:

contract T1 {
 uint x;
 function re() external {
   require(x != 9);
   re2(); 
 }
  function re2() internal {
   address(1).call("");
   x = 9;
 }

}

Version:

0.10.4

Relevant log output:

INFO:Detectors:
T1.re2() (t.sol#7-10) ignores return value by address(1).call() (t.sol#8)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unchecked-low-level-calls
INFO:Detectors:
Reentrancy in T1.re2() (t.sol#7-10):
	External calls:
	- address(1).call() (t.sol#8)
	State variables written after the call(s):
	- x = 9 (t.sol#9)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-2
INFO:Detectors:
Low level call in T1.re2() (t.sol#7-10):
	- address(1).call() (t.sol#8)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls
@0xalpharush 0xalpharush changed the title [False Negative]: [False Negative]: reentrancy-no-eth for interprocedural case Aug 29, 2024
@0xalpharush
Copy link
Contributor Author

Related
#1566

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant