Merge pull request #2708 from crytic/dev

Sync Master <> Dev

Author: smonicas

setup.py

@@ -8,7 +8,7 @@
     description="Slither is a Solidity and Vyper static analysis framework written in Python 3.",
     url="https://github.com/crytic/slither",
     author="Trail of Bits",
-    version="0.11.1",
+    version="0.11.2",
     packages=find_packages(),
     python_requires=">=3.8",
     install_requires=[

slither/core/cfg/node.py

@@ -1011,7 +1011,13 @@ def _update_write_using_ssa(self, ir: Operation) -> None:
             candidates = [var]
 
             # If we write to a storage pointer, add everything it points to as target
-            if isinstance(var, LocalIRVariable) and var.is_storage:
+            # if it's a variable declaration we do not want to consider the right variable written in that case
+            # string storage ss = s; // s is a storage variable but should not be considered written at that point
+            if (
+                isinstance(var, LocalIRVariable)
+                and var.is_storage
+                and ir.node.type is not NodeType.VARIABLE
+            ):
                 candidates += var.refers_to
 
             for var in candidates:

tests/e2e/detectors/snapshots/detectors__detector_ReentrancyEth_0_4_25_DAO_sol__0.txt

@@ -1,3 +1,16 @@
+Reentrancy in TokenCreation.refund() (tests/e2e/detectors/test_data/reentrancy-eth/0.4.25/DAO.sol#318-332):
+	External calls:
+	- extraBalance.balance >= extraBalance.accumulatedInput() (tests/e2e/detectors/test_data/reentrancy-eth/0.4.25/DAO.sol#321)
+	- extraBalance.payOut(address(this),extraBalance.accumulatedInput()) (tests/e2e/detectors/test_data/reentrancy-eth/0.4.25/DAO.sol#322)
+	- msg.sender.call.value(weiGiven[msg.sender])() (tests/e2e/detectors/test_data/reentrancy-eth/0.4.25/DAO.sol#325)
+	External calls sending eth:
+	- msg.sender.call.value(weiGiven[msg.sender])() (tests/e2e/detectors/test_data/reentrancy-eth/0.4.25/DAO.sol#325)
+	State variables written after the call(s):
+	- weiGiven[msg.sender] = 0 (tests/e2e/detectors/test_data/reentrancy-eth/0.4.25/DAO.sol#329)
+	TokenCreationInterface.weiGiven (tests/e2e/detectors/test_data/reentrancy-eth/0.4.25/DAO.sol#251) can be used in cross function reentrancies:
+	- TokenCreation.createTokenProxy(address) (tests/e2e/detectors/test_data/reentrancy-eth/0.4.25/DAO.sol#299-316)
+	- TokenCreation.refund() (tests/e2e/detectors/test_data/reentrancy-eth/0.4.25/DAO.sol#318-332)
+
 Reentrancy in DAO.executeProposal(uint256,bytes) (tests/e2e/detectors/test_data/reentrancy-eth/0.4.25/DAO.sol#853-937):
 	External calls:
 	- ! isRecipientAllowed(p.recipient) (tests/e2e/detectors/test_data/reentrancy-eth/0.4.25/DAO.sol#881)
@@ -21,7 +34,6 @@ Reentrancy in DAO.executeProposal(uint256,bytes) (tests/e2e/detectors/test_data/
 	- DAO.splitDAO(uint256,address) (tests/e2e/detectors/test_data/reentrancy-eth/0.4.25/DAO.sol#947-1020)
 	- DAO.vote(uint256,bool) (tests/e2e/detectors/test_data/reentrancy-eth/0.4.25/DAO.sol#820-850)
 	- closeProposal(_proposalID) (tests/e2e/detectors/test_data/reentrancy-eth/0.4.25/DAO.sol#933)
-		- p = proposals[_proposalID] (tests/e2e/detectors/test_data/reentrancy-eth/0.4.25/DAO.sol#941)
 		- p.open = false (tests/e2e/detectors/test_data/reentrancy-eth/0.4.25/DAO.sol#944)
 	DAOInterface.proposals (tests/e2e/detectors/test_data/reentrancy-eth/0.4.25/DAO.sol#394) can be used in cross function reentrancies:
 	- DAO.DAO(address,DAO_Creator,uint256,uint256,uint256,address) (tests/e2e/detectors/test_data/reentrancy-eth/0.4.25/DAO.sol#702-726)
@@ -58,16 +70,3 @@ Reentrancy in DAO.executeProposal(uint256,bytes) (tests/e2e/detectors/test_data/
 	- DAO.retrieveDAOReward(bool) (tests/e2e/detectors/test_data/reentrancy-eth/0.4.25/DAO.sol#1037-1057)
 	- DAOInterface.totalRewardToken (tests/e2e/detectors/test_data/reentrancy-eth/0.4.25/DAO.sol#412)
 
-Reentrancy in TokenCreation.refund() (tests/e2e/detectors/test_data/reentrancy-eth/0.4.25/DAO.sol#318-332):
-	External calls:
-	- extraBalance.balance >= extraBalance.accumulatedInput() (tests/e2e/detectors/test_data/reentrancy-eth/0.4.25/DAO.sol#321)
-	- extraBalance.payOut(address(this),extraBalance.accumulatedInput()) (tests/e2e/detectors/test_data/reentrancy-eth/0.4.25/DAO.sol#322)
-	- msg.sender.call.value(weiGiven[msg.sender])() (tests/e2e/detectors/test_data/reentrancy-eth/0.4.25/DAO.sol#325)
-	External calls sending eth:
-	- msg.sender.call.value(weiGiven[msg.sender])() (tests/e2e/detectors/test_data/reentrancy-eth/0.4.25/DAO.sol#325)
-	State variables written after the call(s):
-	- weiGiven[msg.sender] = 0 (tests/e2e/detectors/test_data/reentrancy-eth/0.4.25/DAO.sol#329)
-	TokenCreationInterface.weiGiven (tests/e2e/detectors/test_data/reentrancy-eth/0.4.25/DAO.sol#251) can be used in cross function reentrancies:
-	- TokenCreation.createTokenProxy(address) (tests/e2e/detectors/test_data/reentrancy-eth/0.4.25/DAO.sol#299-316)
-	- TokenCreation.refund() (tests/e2e/detectors/test_data/reentrancy-eth/0.4.25/DAO.sol#318-332)
-

tests/e2e/detectors/snapshots/detectors__detector_UninitializedStateVarsDetection_0_4_25_uninitialized_sol__0.txt

@@ -1,3 +1,6 @@
+Test3.s (tests/e2e/detectors/test_data/uninitialized-state/0.4.25/uninitialized.sol#61) is never initialized. It is used in:
+	- Test3.a() (tests/e2e/detectors/test_data/uninitialized-state/0.4.25/uninitialized.sol#63-65)
+
 Test2.st (tests/e2e/detectors/test_data/uninitialized-state/0.4.25/uninitialized.sol#45) is never initialized. It is used in:
 	- Test2.use() (tests/e2e/detectors/test_data/uninitialized-state/0.4.25/uninitialized.sol#53-56)
 

tests/e2e/detectors/snapshots/detectors__detector_UninitializedStateVarsDetection_0_5_16_uninitialized_sol__0.txt

@@ -1,3 +1,6 @@
+Test3.s (tests/e2e/detectors/test_data/uninitialized-state/0.5.16/uninitialized.sol#61) is never initialized. It is used in:
+	- Test3.a() (tests/e2e/detectors/test_data/uninitialized-state/0.5.16/uninitialized.sol#63-65)
+
 Test2.st (tests/e2e/detectors/test_data/uninitialized-state/0.5.16/uninitialized.sol#45) is never initialized. It is used in:
 	- Test2.use() (tests/e2e/detectors/test_data/uninitialized-state/0.5.16/uninitialized.sol#53-56)
 

tests/e2e/detectors/snapshots/detectors__detector_UninitializedStateVarsDetection_0_6_11_uninitialized_sol__0.txt

@@ -1,3 +1,6 @@
+Test3.s (tests/e2e/detectors/test_data/uninitialized-state/0.6.11/uninitialized.sol#61) is never initialized. It is used in:
+	- Test3.a() (tests/e2e/detectors/test_data/uninitialized-state/0.6.11/uninitialized.sol#63-65)
+
 Test2.st (tests/e2e/detectors/test_data/uninitialized-state/0.6.11/uninitialized.sol#45) is never initialized. It is used in:
 	- Test2.use() (tests/e2e/detectors/test_data/uninitialized-state/0.6.11/uninitialized.sol#53-56)
 

tests/e2e/detectors/snapshots/detectors__detector_UninitializedStateVarsDetection_0_7_6_uninitialized_sol__0.txt

@@ -1,3 +1,6 @@
+Test3.s (tests/e2e/detectors/test_data/uninitialized-state/0.7.6/uninitialized.sol#61) is never initialized. It is used in:
+	- Test3.a() (tests/e2e/detectors/test_data/uninitialized-state/0.7.6/uninitialized.sol#63-65)
+
 Test2.st (tests/e2e/detectors/test_data/uninitialized-state/0.7.6/uninitialized.sol#45) is never initialized. It is used in:
 	- Test2.use() (tests/e2e/detectors/test_data/uninitialized-state/0.7.6/uninitialized.sol#53-56)
 

tests/e2e/detectors/test_data/uninitialized-state/0.4.25/uninitialized.sol

@@ -56,3 +56,11 @@ contract Test2 {
     }
 
 }
+
+contract Test3 {
+    string s;
+
+    function a() public {
+        string storage ss = s;
+    }
+}

tests/e2e/detectors/test_data/uninitialized-state/0.4.25/uninitialized.sol-0.4.25.zip

@@ -56,3 +56,11 @@ contract Test2 {
     }
 
 }
+
+contract Test3 {
+    string s;
+
+    function a() public {
+        string storage ss = s;
+    }
+}

tests/e2e/detectors/test_data/uninitialized-state/0.5.16/uninitialized.sol

@@ -56,3 +56,11 @@ contract Test2 {
     }
 
 }
+
+contract Test3 {
+    string s;
+
+    function a() public {
+        string storage ss = s;
+    }
+}

tests/e2e/detectors/test_data/uninitialized-state/0.5.16/uninitialized.sol-0.5.16.zip

@@ -56,3 +56,11 @@ contract Test2 {
     }
 
 }
+
+contract Test3 {
+    string s;
+
+    function a() public {
+        string storage ss = s;
+    }
+}